diff options
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_algs.c | 25 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_asn1.c | 634 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_cert.c | 649 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_ciph.c | 1393 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_err.c | 1064 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_err2.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_lib.c | 3159 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_rsa.c | 882 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_sess.c | 1094 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_stat.c | 893 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_task.c | 287 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_txt.c | 211 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_algs.c | 25 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_asn1.c | 634 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 649 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_ciph.c | 1393 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_err.c | 1064 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_err2.c | 7 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 3159 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_rsa.c | 882 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 1094 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_stat.c | 893 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_txt.c | 211 |
23 files changed, 10335 insertions, 9974 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c index 9c34d19725..76644bda91 100644 --- a/src/lib/libssl/src/ssl/ssl_algs.c +++ b/src/lib/libssl/src/ssl/ssl_algs.c | |||
| @@ -61,8 +61,9 @@ | |||
| 61 | #include <openssl/lhash.h> | 61 | #include <openssl/lhash.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | 63 | ||
| 64 | int SSL_library_init(void) | 64 | int |
| 65 | { | 65 | SSL_library_init(void) |
| 66 | { | ||
| 66 | 67 | ||
| 67 | #ifndef OPENSSL_NO_DES | 68 | #ifndef OPENSSL_NO_DES |
| 68 | EVP_add_cipher(EVP_des_cbc()); | 69 | EVP_add_cipher(EVP_des_cbc()); |
| @@ -104,16 +105,16 @@ int SSL_library_init(void) | |||
| 104 | #ifndef OPENSSL_NO_SEED | 105 | #ifndef OPENSSL_NO_SEED |
| 105 | EVP_add_cipher(EVP_seed_cbc()); | 106 | EVP_add_cipher(EVP_seed_cbc()); |
| 106 | #endif | 107 | #endif |
| 107 | 108 | ||
| 108 | #ifndef OPENSSL_NO_MD5 | 109 | #ifndef OPENSSL_NO_MD5 |
| 109 | EVP_add_digest(EVP_md5()); | 110 | EVP_add_digest(EVP_md5()); |
| 110 | EVP_add_digest_alias(SN_md5,"ssl2-md5"); | 111 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); |
| 111 | EVP_add_digest_alias(SN_md5,"ssl3-md5"); | 112 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); |
| 112 | #endif | 113 | #endif |
| 113 | #ifndef OPENSSL_NO_SHA | 114 | #ifndef OPENSSL_NO_SHA |
| 114 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | 115 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ |
| 115 | EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); | 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); |
| 116 | EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
| 117 | #endif | 118 | #endif |
| 118 | #ifndef OPENSSL_NO_SHA256 | 119 | #ifndef OPENSSL_NO_SHA256 |
| 119 | EVP_add_digest(EVP_sha224()); | 120 | EVP_add_digest(EVP_sha224()); |
| @@ -125,9 +126,9 @@ int SSL_library_init(void) | |||
| 125 | #endif | 126 | #endif |
| 126 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | 127 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) |
| 127 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | 128 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ |
| 128 | EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | 129 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); |
| 129 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | 130 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); |
| 130 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | 131 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); |
| 131 | #endif | 132 | #endif |
| 132 | #ifndef OPENSSL_NO_ECDSA | 133 | #ifndef OPENSSL_NO_ECDSA |
| 133 | EVP_add_digest(EVP_ecdsa()); | 134 | EVP_add_digest(EVP_ecdsa()); |
| @@ -145,6 +146,6 @@ int SSL_library_init(void) | |||
| 145 | #endif | 146 | #endif |
| 146 | /* initialize cipher/digest methods table */ | 147 | /* initialize cipher/digest methods table */ |
| 147 | ssl_load_ciphers(); | 148 | ssl_load_ciphers(); |
| 148 | return(1); | 149 | return (1); |
| 149 | } | 150 | } |
| 150 | 151 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index 38540be1e5..51668db785 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c | |||
| @@ -89,8 +89,7 @@ | |||
| 89 | #include <openssl/objects.h> | 89 | #include <openssl/objects.h> |
| 90 | #include <openssl/x509.h> | 90 | #include <openssl/x509.h> |
| 91 | 91 | ||
| 92 | typedef struct ssl_session_asn1_st | 92 | typedef struct ssl_session_asn1_st { |
| 93 | { | ||
| 94 | ASN1_INTEGER version; | 93 | ASN1_INTEGER version; |
| 95 | ASN1_INTEGER ssl_version; | 94 | ASN1_INTEGER ssl_version; |
| 96 | ASN1_OCTET_STRING cipher; | 95 | ASN1_OCTET_STRING cipher; |
| @@ -100,7 +99,7 @@ typedef struct ssl_session_asn1_st | |||
| 100 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 101 | ASN1_OCTET_STRING key_arg; | 100 | ASN1_OCTET_STRING key_arg; |
| 102 | #ifndef OPENSSL_NO_KRB5 | 101 | #ifndef OPENSSL_NO_KRB5 |
| 103 | ASN1_OCTET_STRING krb5_princ; | 102 | ASN1_OCTET_STRING krb5_princ; |
| 104 | #endif /* OPENSSL_NO_KRB5 */ | 103 | #endif /* OPENSSL_NO_KRB5 */ |
| 105 | ASN1_INTEGER time; | 104 | ASN1_INTEGER time; |
| 106 | ASN1_INTEGER timeout; | 105 | ASN1_INTEGER timeout; |
| @@ -117,169 +116,156 @@ typedef struct ssl_session_asn1_st | |||
| 117 | #ifndef OPENSSL_NO_SRP | 116 | #ifndef OPENSSL_NO_SRP |
| 118 | ASN1_OCTET_STRING srp_username; | 117 | ASN1_OCTET_STRING srp_username; |
| 119 | #endif /* OPENSSL_NO_SRP */ | 118 | #endif /* OPENSSL_NO_SRP */ |
| 120 | } SSL_SESSION_ASN1; | 119 | } SSL_SESSION_ASN1; |
| 121 | 120 | ||
| 122 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | 121 | int |
| 123 | { | 122 | i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| 123 | { | ||
| 124 | #define LSIZE2 (sizeof(long)*2) | 124 | #define LSIZE2 (sizeof(long)*2) |
| 125 | int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0; | 125 | int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; |
| 126 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 126 | unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; |
| 127 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; | 127 | unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; |
| 128 | #ifndef OPENSSL_NO_TLSEXT | 128 | #ifndef OPENSSL_NO_TLSEXT |
| 129 | int v6=0,v9=0,v10=0; | 129 | int v6 = 0, v9 = 0, v10 = 0; |
| 130 | unsigned char ibuf6[LSIZE2]; | 130 | unsigned char ibuf6[LSIZE2]; |
| 131 | #endif | 131 | #endif |
| 132 | #ifndef OPENSSL_NO_COMP | 132 | #ifndef OPENSSL_NO_COMP |
| 133 | unsigned char cbuf; | 133 | unsigned char cbuf; |
| 134 | int v11=0; | 134 | int v11 = 0; |
| 135 | #endif | 135 | #endif |
| 136 | #ifndef OPENSSL_NO_SRP | 136 | #ifndef OPENSSL_NO_SRP |
| 137 | int v12=0; | 137 | int v12 = 0; |
| 138 | #endif | 138 | #endif |
| 139 | long l; | 139 | long l; |
| 140 | SSL_SESSION_ASN1 a; | 140 | SSL_SESSION_ASN1 a; |
| 141 | M_ASN1_I2D_vars(in); | 141 | M_ASN1_I2D_vars(in); |
| 142 | 142 | ||
| 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) |
| 144 | return(0); | 144 | return (0); |
| 145 | 145 | ||
| 146 | /* Note that I cheat in the following 2 assignments. I know | 146 | /* Note that I cheat in the following 2 assignments. I know |
| 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set | 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set |
| 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. | 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. |
| 149 | * This is a bit evil but makes things simple, no dynamic allocation | 149 | * This is a bit evil but makes things simple, no dynamic allocation |
| 150 | * to clean up :-) */ | 150 | * to clean up :-) */ |
| 151 | a.version.length=LSIZE2; | 151 | a.version.length = LSIZE2; |
| 152 | a.version.type=V_ASN1_INTEGER; | 152 | a.version.type = V_ASN1_INTEGER; |
| 153 | a.version.data=ibuf1; | 153 | a.version.data = ibuf1; |
| 154 | ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); | 154 | ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION); |
| 155 | 155 | ||
| 156 | a.ssl_version.length=LSIZE2; | 156 | a.ssl_version.length = LSIZE2; |
| 157 | a.ssl_version.type=V_ASN1_INTEGER; | 157 | a.ssl_version.type = V_ASN1_INTEGER; |
| 158 | a.ssl_version.data=ibuf2; | 158 | a.ssl_version.data = ibuf2; |
| 159 | ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); | 159 | ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version); |
| 160 | 160 | ||
| 161 | a.cipher.type=V_ASN1_OCTET_STRING; | 161 | a.cipher.type = V_ASN1_OCTET_STRING; |
| 162 | a.cipher.data=buf; | 162 | a.cipher.data = buf; |
| 163 | 163 | ||
| 164 | if (in->cipher == NULL) | 164 | if (in->cipher == NULL) |
| 165 | l=in->cipher_id; | 165 | l = in->cipher_id; |
| 166 | else | 166 | else |
| 167 | l=in->cipher->id; | 167 | l = in->cipher->id; |
| 168 | if (in->ssl_version == SSL2_VERSION) | 168 | if (in->ssl_version == SSL2_VERSION) { |
| 169 | { | 169 | a.cipher.length = 3; |
| 170 | a.cipher.length=3; | 170 | buf[0] = ((unsigned char)(l >> 16L))&0xff; |
| 171 | buf[0]=((unsigned char)(l>>16L))&0xff; | 171 | buf[1] = ((unsigned char)(l >> 8L))&0xff; |
| 172 | buf[1]=((unsigned char)(l>> 8L))&0xff; | 172 | buf[2] = ((unsigned char)(l ))&0xff; |
| 173 | buf[2]=((unsigned char)(l ))&0xff; | 173 | } else { |
| 174 | } | 174 | a.cipher.length = 2; |
| 175 | else | 175 | buf[0] = ((unsigned char)(l >> 8L))&0xff; |
| 176 | { | 176 | buf[1] = ((unsigned char)(l ))&0xff; |
| 177 | a.cipher.length=2; | 177 | } |
| 178 | buf[0]=((unsigned char)(l>>8L))&0xff; | ||
| 179 | buf[1]=((unsigned char)(l ))&0xff; | ||
| 180 | } | ||
| 181 | 178 | ||
| 182 | #ifndef OPENSSL_NO_COMP | 179 | #ifndef OPENSSL_NO_COMP |
| 183 | if (in->compress_meth) | 180 | if (in->compress_meth) { |
| 184 | { | ||
| 185 | cbuf = (unsigned char)in->compress_meth; | 181 | cbuf = (unsigned char)in->compress_meth; |
| 186 | a.comp_id.length = 1; | 182 | a.comp_id.length = 1; |
| 187 | a.comp_id.type = V_ASN1_OCTET_STRING; | 183 | a.comp_id.type = V_ASN1_OCTET_STRING; |
| 188 | a.comp_id.data = &cbuf; | 184 | a.comp_id.data = &cbuf; |
| 189 | } | 185 | } |
| 190 | #endif | 186 | #endif |
| 191 | 187 | ||
| 192 | a.master_key.length=in->master_key_length; | 188 | a.master_key.length = in->master_key_length; |
| 193 | a.master_key.type=V_ASN1_OCTET_STRING; | 189 | a.master_key.type = V_ASN1_OCTET_STRING; |
| 194 | a.master_key.data=in->master_key; | 190 | a.master_key.data = in->master_key; |
| 195 | 191 | ||
| 196 | a.session_id.length=in->session_id_length; | 192 | a.session_id.length = in->session_id_length; |
| 197 | a.session_id.type=V_ASN1_OCTET_STRING; | 193 | a.session_id.type = V_ASN1_OCTET_STRING; |
| 198 | a.session_id.data=in->session_id; | 194 | a.session_id.data = in->session_id; |
| 199 | 195 | ||
| 200 | a.session_id_context.length=in->sid_ctx_length; | 196 | a.session_id_context.length = in->sid_ctx_length; |
| 201 | a.session_id_context.type=V_ASN1_OCTET_STRING; | 197 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 202 | a.session_id_context.data=in->sid_ctx; | 198 | a.session_id_context.data = in->sid_ctx; |
| 203 | 199 | ||
| 204 | a.key_arg.length=in->key_arg_length; | 200 | a.key_arg.length = in->key_arg_length; |
| 205 | a.key_arg.type=V_ASN1_OCTET_STRING; | 201 | a.key_arg.type = V_ASN1_OCTET_STRING; |
| 206 | a.key_arg.data=in->key_arg; | 202 | a.key_arg.data = in->key_arg; |
| 207 | 203 | ||
| 208 | #ifndef OPENSSL_NO_KRB5 | 204 | #ifndef OPENSSL_NO_KRB5 |
| 209 | if (in->krb5_client_princ_len) | 205 | if (in->krb5_client_princ_len) { |
| 210 | { | 206 | a.krb5_princ.length = in->krb5_client_princ_len; |
| 211 | a.krb5_princ.length=in->krb5_client_princ_len; | 207 | a.krb5_princ.type = V_ASN1_OCTET_STRING; |
| 212 | a.krb5_princ.type=V_ASN1_OCTET_STRING; | 208 | a.krb5_princ.data = in->krb5_client_princ; |
| 213 | a.krb5_princ.data=in->krb5_client_princ; | 209 | } |
| 214 | } | ||
| 215 | #endif /* OPENSSL_NO_KRB5 */ | 210 | #endif /* OPENSSL_NO_KRB5 */ |
| 216 | 211 | ||
| 217 | if (in->time != 0L) | 212 | if (in->time != 0L) { |
| 218 | { | 213 | a.time.length = LSIZE2; |
| 219 | a.time.length=LSIZE2; | 214 | a.time.type = V_ASN1_INTEGER; |
| 220 | a.time.type=V_ASN1_INTEGER; | 215 | a.time.data = ibuf3; |
| 221 | a.time.data=ibuf3; | 216 | ASN1_INTEGER_set(&(a.time), in->time); |
| 222 | ASN1_INTEGER_set(&(a.time),in->time); | 217 | } |
| 223 | } | ||
| 224 | 218 | ||
| 225 | if (in->timeout != 0L) | 219 | if (in->timeout != 0L) { |
| 226 | { | 220 | a.timeout.length = LSIZE2; |
| 227 | a.timeout.length=LSIZE2; | 221 | a.timeout.type = V_ASN1_INTEGER; |
| 228 | a.timeout.type=V_ASN1_INTEGER; | 222 | a.timeout.data = ibuf4; |
| 229 | a.timeout.data=ibuf4; | 223 | ASN1_INTEGER_set(&(a.timeout), in->timeout); |
| 230 | ASN1_INTEGER_set(&(a.timeout),in->timeout); | 224 | } |
| 231 | } | ||
| 232 | 225 | ||
| 233 | if (in->verify_result != X509_V_OK) | 226 | if (in->verify_result != X509_V_OK) { |
| 234 | { | 227 | a.verify_result.length = LSIZE2; |
| 235 | a.verify_result.length=LSIZE2; | 228 | a.verify_result.type = V_ASN1_INTEGER; |
| 236 | a.verify_result.type=V_ASN1_INTEGER; | 229 | a.verify_result.data = ibuf5; |
| 237 | a.verify_result.data=ibuf5; | 230 | ASN1_INTEGER_set(&a.verify_result, in->verify_result); |
| 238 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | 231 | } |
| 239 | } | ||
| 240 | 232 | ||
| 241 | #ifndef OPENSSL_NO_TLSEXT | 233 | #ifndef OPENSSL_NO_TLSEXT |
| 242 | if (in->tlsext_hostname) | 234 | if (in->tlsext_hostname) { |
| 243 | { | 235 | a.tlsext_hostname.length = strlen(in->tlsext_hostname); |
| 244 | a.tlsext_hostname.length=strlen(in->tlsext_hostname); | 236 | a.tlsext_hostname.type = V_ASN1_OCTET_STRING; |
| 245 | a.tlsext_hostname.type=V_ASN1_OCTET_STRING; | 237 | a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname; |
| 246 | a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; | 238 | } |
| 247 | } | 239 | if (in->tlsext_tick) { |
| 248 | if (in->tlsext_tick) | 240 | a.tlsext_tick.length = in->tlsext_ticklen; |
| 249 | { | 241 | a.tlsext_tick.type = V_ASN1_OCTET_STRING; |
| 250 | a.tlsext_tick.length= in->tlsext_ticklen; | 242 | a.tlsext_tick.data = (unsigned char *)in->tlsext_tick; |
| 251 | a.tlsext_tick.type=V_ASN1_OCTET_STRING; | 243 | } |
| 252 | a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; | 244 | if (in->tlsext_tick_lifetime_hint > 0) { |
| 253 | } | 245 | a.tlsext_tick_lifetime.length = LSIZE2; |
| 254 | if (in->tlsext_tick_lifetime_hint > 0) | 246 | a.tlsext_tick_lifetime.type = V_ASN1_INTEGER; |
| 255 | { | 247 | a.tlsext_tick_lifetime.data = ibuf6; |
| 256 | a.tlsext_tick_lifetime.length=LSIZE2; | 248 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); |
| 257 | a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; | 249 | } |
| 258 | a.tlsext_tick_lifetime.data=ibuf6; | ||
| 259 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | ||
| 260 | } | ||
| 261 | #endif /* OPENSSL_NO_TLSEXT */ | 250 | #endif /* OPENSSL_NO_TLSEXT */ |
| 262 | #ifndef OPENSSL_NO_PSK | 251 | #ifndef OPENSSL_NO_PSK |
| 263 | if (in->psk_identity_hint) | 252 | if (in->psk_identity_hint) { |
| 264 | { | 253 | a.psk_identity_hint.length = strlen(in->psk_identity_hint); |
| 265 | a.psk_identity_hint.length=strlen(in->psk_identity_hint); | 254 | a.psk_identity_hint.type = V_ASN1_OCTET_STRING; |
| 266 | a.psk_identity_hint.type=V_ASN1_OCTET_STRING; | 255 | a.psk_identity_hint.data = (unsigned char *)(in->psk_identity_hint); |
| 267 | a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); | 256 | } |
| 268 | } | 257 | if (in->psk_identity) { |
| 269 | if (in->psk_identity) | 258 | a.psk_identity.length = strlen(in->psk_identity); |
| 270 | { | 259 | a.psk_identity.type = V_ASN1_OCTET_STRING; |
| 271 | a.psk_identity.length=strlen(in->psk_identity); | 260 | a.psk_identity.data = (unsigned char *)(in->psk_identity); |
| 272 | a.psk_identity.type=V_ASN1_OCTET_STRING; | 261 | } |
| 273 | a.psk_identity.data=(unsigned char *)(in->psk_identity); | ||
| 274 | } | ||
| 275 | #endif /* OPENSSL_NO_PSK */ | 262 | #endif /* OPENSSL_NO_PSK */ |
| 276 | #ifndef OPENSSL_NO_SRP | 263 | #ifndef OPENSSL_NO_SRP |
| 277 | if (in->srp_username) | 264 | if (in->srp_username) { |
| 278 | { | 265 | a.srp_username.length = strlen(in->srp_username); |
| 279 | a.srp_username.length=strlen(in->srp_username); | 266 | a.srp_username.type = V_ASN1_OCTET_STRING; |
| 280 | a.srp_username.type=V_ASN1_OCTET_STRING; | 267 | a.srp_username.data = (unsigned char *)(in->srp_username); |
| 281 | a.srp_username.data=(unsigned char *)(in->srp_username); | 268 | } |
| 282 | } | ||
| 283 | #endif /* OPENSSL_NO_SRP */ | 269 | #endif /* OPENSSL_NO_SRP */ |
| 284 | 270 | ||
| 285 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 271 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| @@ -289,41 +275,41 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 289 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | 275 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 290 | #ifndef OPENSSL_NO_KRB5 | 276 | #ifndef OPENSSL_NO_KRB5 |
| 291 | if (in->krb5_client_princ_len) | 277 | if (in->krb5_client_princ_len) |
| 292 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 278 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 293 | #endif /* OPENSSL_NO_KRB5 */ | 279 | #endif /* OPENSSL_NO_KRB5 */ |
| 294 | if (in->key_arg_length > 0) | 280 | if (in->key_arg_length > 0) |
| 295 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | 281 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); |
| 296 | if (in->time != 0L) | 282 | if (in->time != 0L) |
| 297 | M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 283 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 298 | if (in->timeout != 0L) | 284 | if (in->timeout != 0L) |
| 299 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 285 | M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 300 | if (in->peer != NULL) | 286 | if (in->peer != NULL) |
| 301 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); | 287 | M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 302 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); | 288 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4); |
| 303 | if (in->verify_result != X509_V_OK) | 289 | if (in->verify_result != X509_V_OK) |
| 304 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | 290 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); |
| 305 | 291 | ||
| 306 | #ifndef OPENSSL_NO_TLSEXT | 292 | #ifndef OPENSSL_NO_TLSEXT |
| 307 | if (in->tlsext_tick_lifetime_hint > 0) | 293 | if (in->tlsext_tick_lifetime_hint > 0) |
| 308 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 294 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 309 | if (in->tlsext_tick) | 295 | if (in->tlsext_tick) |
| 310 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 296 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 311 | if (in->tlsext_hostname) | 297 | if (in->tlsext_hostname) |
| 312 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 298 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 313 | #ifndef OPENSSL_NO_COMP | 299 | #ifndef OPENSSL_NO_COMP |
| 314 | if (in->compress_meth) | 300 | if (in->compress_meth) |
| 315 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 301 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 316 | #endif | 302 | #endif |
| 317 | #endif /* OPENSSL_NO_TLSEXT */ | 303 | #endif /* OPENSSL_NO_TLSEXT */ |
| 318 | #ifndef OPENSSL_NO_PSK | 304 | #ifndef OPENSSL_NO_PSK |
| 319 | if (in->psk_identity_hint) | 305 | if (in->psk_identity_hint) |
| 320 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 306 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 321 | if (in->psk_identity) | 307 | if (in->psk_identity) |
| 322 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 308 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 323 | #endif /* OPENSSL_NO_PSK */ | 309 | #endif /* OPENSSL_NO_PSK */ |
| 324 | #ifndef OPENSSL_NO_SRP | 310 | #ifndef OPENSSL_NO_SRP |
| 325 | if (in->srp_username) | 311 | if (in->srp_username) |
| 326 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 312 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 327 | #endif /* OPENSSL_NO_SRP */ | 313 | #endif /* OPENSSL_NO_SRP */ |
| 328 | 314 | ||
| 329 | M_ASN1_I2D_seq_total(); | 315 | M_ASN1_I2D_seq_total(); |
| @@ -335,308 +321,296 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 335 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | 321 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 336 | #ifndef OPENSSL_NO_KRB5 | 322 | #ifndef OPENSSL_NO_KRB5 |
| 337 | if (in->krb5_client_princ_len) | 323 | if (in->krb5_client_princ_len) |
| 338 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 324 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 339 | #endif /* OPENSSL_NO_KRB5 */ | 325 | #endif /* OPENSSL_NO_KRB5 */ |
| 340 | if (in->key_arg_length > 0) | 326 | if (in->key_arg_length > 0) |
| 341 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | 327 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); |
| 342 | if (in->time != 0L) | 328 | if (in->time != 0L) |
| 343 | M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 329 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 344 | if (in->timeout != 0L) | 330 | if (in->timeout != 0L) |
| 345 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 331 | M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 346 | if (in->peer != NULL) | 332 | if (in->peer != NULL) |
| 347 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); | 333 | M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 348 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, | 334 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, |
| 349 | v4); | 335 | v4); |
| 350 | if (in->verify_result != X509_V_OK) | 336 | if (in->verify_result != X509_V_OK) |
| 351 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | 337 | M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); |
| 352 | #ifndef OPENSSL_NO_TLSEXT | 338 | #ifndef OPENSSL_NO_TLSEXT |
| 353 | if (in->tlsext_hostname) | 339 | if (in->tlsext_hostname) |
| 354 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 340 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 355 | #endif /* OPENSSL_NO_TLSEXT */ | 341 | #endif /* OPENSSL_NO_TLSEXT */ |
| 356 | #ifndef OPENSSL_NO_PSK | 342 | #ifndef OPENSSL_NO_PSK |
| 357 | if (in->psk_identity_hint) | 343 | if (in->psk_identity_hint) |
| 358 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 344 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 359 | if (in->psk_identity) | 345 | if (in->psk_identity) |
| 360 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 346 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 361 | #endif /* OPENSSL_NO_PSK */ | 347 | #endif /* OPENSSL_NO_PSK */ |
| 362 | #ifndef OPENSSL_NO_TLSEXT | 348 | #ifndef OPENSSL_NO_TLSEXT |
| 363 | if (in->tlsext_tick_lifetime_hint > 0) | 349 | if (in->tlsext_tick_lifetime_hint > 0) |
| 364 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 350 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 365 | if (in->tlsext_tick) | 351 | if (in->tlsext_tick) |
| 366 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 352 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 367 | #endif /* OPENSSL_NO_TLSEXT */ | 353 | #endif /* OPENSSL_NO_TLSEXT */ |
| 368 | #ifndef OPENSSL_NO_COMP | 354 | #ifndef OPENSSL_NO_COMP |
| 369 | if (in->compress_meth) | 355 | if (in->compress_meth) |
| 370 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 356 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 371 | #endif | 357 | #endif |
| 372 | #ifndef OPENSSL_NO_SRP | 358 | #ifndef OPENSSL_NO_SRP |
| 373 | if (in->srp_username) | 359 | if (in->srp_username) |
| 374 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 360 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 375 | #endif /* OPENSSL_NO_SRP */ | 361 | #endif /* OPENSSL_NO_SRP */ |
| 376 | M_ASN1_I2D_finish(); | 362 | M_ASN1_I2D_finish(); |
| 377 | } | 363 | } |
| 378 | 364 | ||
| 379 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | 365 | SSL_SESSION |
| 380 | long length) | 366 | *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
| 381 | { | 367 | long length) |
| 382 | int ssl_version=0,i; | 368 | { |
| 369 | int ssl_version = 0, i; | ||
| 383 | long id; | 370 | long id; |
| 384 | ASN1_INTEGER ai,*aip; | 371 | ASN1_INTEGER ai, *aip; |
| 385 | ASN1_OCTET_STRING os,*osp; | 372 | ASN1_OCTET_STRING os, *osp; |
| 386 | M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); | 373 | M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new); |
| 387 | 374 | ||
| 388 | aip= &ai; | 375 | aip = &ai; |
| 389 | osp= &os; | 376 | osp = &os; |
| 390 | 377 | ||
| 391 | M_ASN1_D2I_Init(); | 378 | M_ASN1_D2I_Init(); |
| 392 | M_ASN1_D2I_start_sequence(); | 379 | M_ASN1_D2I_start_sequence(); |
| 393 | 380 | ||
| 394 | ai.data=NULL; ai.length=0; | 381 | ai.data = NULL; |
| 395 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 382 | ai.length = 0; |
| 396 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 383 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 384 | if (ai.data != NULL) { | ||
| 385 | OPENSSL_free(ai.data); | ||
| 386 | ai.data = NULL; | ||
| 387 | ai.length = 0; | ||
| 388 | } | ||
| 397 | 389 | ||
| 398 | /* we don't care about the version right now :-) */ | 390 | /* we don't care about the version right now :-) */ |
| 399 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 391 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 400 | ssl_version=(int)ASN1_INTEGER_get(aip); | 392 | ssl_version = (int)ASN1_INTEGER_get(aip); |
| 401 | ret->ssl_version=ssl_version; | 393 | ret->ssl_version = ssl_version; |
| 402 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 394 | if (ai.data != NULL) { |
| 403 | 395 | OPENSSL_free(ai.data); | |
| 404 | os.data=NULL; os.length=0; | 396 | ai.data = NULL; |
| 405 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 397 | ai.length = 0; |
| 406 | if (ssl_version == SSL2_VERSION) | 398 | } |
| 407 | { | 399 | |
| 408 | if (os.length != 3) | 400 | os.data = NULL; |
| 409 | { | 401 | os.length = 0; |
| 410 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 402 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 403 | if (ssl_version == SSL2_VERSION) { | ||
| 404 | if (os.length != 3) { | ||
| 405 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 411 | goto err; | 406 | goto err; |
| 412 | } | ||
| 413 | id=0x02000000L| | ||
| 414 | ((unsigned long)os.data[0]<<16L)| | ||
| 415 | ((unsigned long)os.data[1]<< 8L)| | ||
| 416 | (unsigned long)os.data[2]; | ||
| 417 | } | 407 | } |
| 418 | else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 408 | id = 0x02000000L| |
| 419 | { | 409 | ((unsigned long)os.data[0]<<16L)| |
| 420 | if (os.length != 2) | 410 | ((unsigned long)os.data[1]<< 8L)| |
| 421 | { | 411 | (unsigned long)os.data[2]; |
| 422 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 412 | } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { |
| 413 | if (os.length != 2) { | ||
| 414 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 423 | goto err; | 415 | goto err; |
| 424 | } | ||
| 425 | id=0x03000000L| | ||
| 426 | ((unsigned long)os.data[0]<<8L)| | ||
| 427 | (unsigned long)os.data[1]; | ||
| 428 | } | 416 | } |
| 429 | else | 417 | id = 0x03000000L| |
| 430 | { | 418 | ((unsigned long)os.data[0]<<8L)| |
| 431 | c.error=SSL_R_UNKNOWN_SSL_VERSION; | 419 | (unsigned long)os.data[1]; |
| 420 | } else { | ||
| 421 | c.error = SSL_R_UNKNOWN_SSL_VERSION; | ||
| 432 | goto err; | 422 | goto err; |
| 433 | } | 423 | } |
| 434 | 424 | ||
| 435 | ret->cipher=NULL; | 425 | ret->cipher = NULL; |
| 436 | ret->cipher_id=id; | 426 | ret->cipher_id = id; |
| 437 | 427 | ||
| 438 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 428 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 439 | if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 429 | if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 440 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; | 430 | i = SSL3_MAX_SSL_SESSION_ID_LENGTH; |
| 441 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ | 431 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ |
| 442 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 432 | i = SSL2_MAX_SSL_SESSION_ID_LENGTH; |
| 443 | 433 | ||
| 444 | if (os.length > i) | 434 | if (os.length > i) |
| 445 | os.length = i; | 435 | os.length = i; |
| 446 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ | 436 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ |
| 447 | os.length = sizeof(ret->session_id); | 437 | os.length = sizeof(ret->session_id); |
| 448 | 438 | ||
| 449 | ret->session_id_length=os.length; | 439 | ret->session_id_length = os.length; |
| 450 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); | 440 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); |
| 451 | memcpy(ret->session_id,os.data,os.length); | 441 | memcpy(ret->session_id, os.data, os.length); |
| 452 | 442 | ||
| 453 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 443 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 454 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) | 444 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) |
| 455 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | 445 | ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; |
| 456 | else | 446 | else |
| 457 | ret->master_key_length=os.length; | 447 | ret->master_key_length = os.length; |
| 458 | memcpy(ret->master_key,os.data,ret->master_key_length); | 448 | memcpy(ret->master_key, os.data, ret->master_key_length); |
| 459 | 449 | ||
| 460 | os.length=0; | 450 | os.length = 0; |
| 461 | 451 | ||
| 462 | #ifndef OPENSSL_NO_KRB5 | 452 | #ifndef OPENSSL_NO_KRB5 |
| 463 | os.length=0; | 453 | os.length = 0; |
| 464 | M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); | 454 | M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); |
| 465 | if (os.data) | 455 | if (os.data) { |
| 466 | { | 456 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) |
| 467 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) | 457 | ret->krb5_client_princ_len = 0; |
| 468 | ret->krb5_client_princ_len=0; | ||
| 469 | else | 458 | else |
| 470 | ret->krb5_client_princ_len=os.length; | 459 | ret->krb5_client_princ_len = os.length; |
| 471 | memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); | 460 | memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len); |
| 472 | OPENSSL_free(os.data); | 461 | OPENSSL_free(os.data); |
| 473 | os.data = NULL; | 462 | os.data = NULL; |
| 474 | os.length = 0; | 463 | os.length = 0; |
| 475 | } | 464 | } else |
| 476 | else | 465 | ret->krb5_client_princ_len = 0; |
| 477 | ret->krb5_client_princ_len=0; | ||
| 478 | #endif /* OPENSSL_NO_KRB5 */ | 466 | #endif /* OPENSSL_NO_KRB5 */ |
| 479 | 467 | ||
| 480 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | 468 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); |
| 481 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | 469 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) |
| 482 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | 470 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; |
| 483 | else | 471 | else |
| 484 | ret->key_arg_length=os.length; | 472 | ret->key_arg_length = os.length; |
| 485 | memcpy(ret->key_arg,os.data,ret->key_arg_length); | 473 | memcpy(ret->key_arg, os.data, ret->key_arg_length); |
| 486 | if (os.data != NULL) OPENSSL_free(os.data); | 474 | if (os.data != NULL) |
| 487 | 475 | OPENSSL_free(os.data); | |
| 488 | ai.length=0; | ||
| 489 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); | ||
| 490 | if (ai.data != NULL) | ||
| 491 | { | ||
| 492 | ret->time=ASN1_INTEGER_get(aip); | ||
| 493 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 494 | } | ||
| 495 | else | ||
| 496 | ret->time=(unsigned long)time(NULL); | ||
| 497 | |||
| 498 | ai.length=0; | ||
| 499 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); | ||
| 500 | if (ai.data != NULL) | ||
| 501 | { | ||
| 502 | ret->timeout=ASN1_INTEGER_get(aip); | ||
| 503 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 504 | } | ||
| 505 | else | ||
| 506 | ret->timeout=3; | ||
| 507 | 476 | ||
| 508 | if (ret->peer != NULL) | 477 | ai.length = 0; |
| 509 | { | 478 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); |
| 479 | if (ai.data != NULL) { | ||
| 480 | ret->time = ASN1_INTEGER_get(aip); | ||
| 481 | OPENSSL_free(ai.data); | ||
| 482 | ai.data = NULL; | ||
| 483 | ai.length = 0; | ||
| 484 | } else | ||
| 485 | ret->time = (unsigned long)time(NULL); | ||
| 486 | |||
| 487 | ai.length = 0; | ||
| 488 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | ||
| 489 | if (ai.data != NULL) { | ||
| 490 | ret->timeout = ASN1_INTEGER_get(aip); | ||
| 491 | OPENSSL_free(ai.data); | ||
| 492 | ai.data = NULL; | ||
| 493 | ai.length = 0; | ||
| 494 | } else | ||
| 495 | ret->timeout = 3; | ||
| 496 | |||
| 497 | if (ret->peer != NULL) { | ||
| 510 | X509_free(ret->peer); | 498 | X509_free(ret->peer); |
| 511 | ret->peer=NULL; | 499 | ret->peer = NULL; |
| 512 | } | 500 | } |
| 513 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); | 501 | M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3); |
| 514 | 502 | ||
| 515 | os.length=0; | 503 | os.length = 0; |
| 516 | os.data=NULL; | 504 | os.data = NULL; |
| 517 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); | 505 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4); |
| 518 | 506 | ||
| 519 | if(os.data != NULL) | 507 | if (os.data != NULL) { |
| 520 | { | 508 | if (os.length > SSL_MAX_SID_CTX_LENGTH) { |
| 521 | if (os.length > SSL_MAX_SID_CTX_LENGTH) | 509 | c.error = SSL_R_BAD_LENGTH; |
| 522 | { | 510 | goto err; |
| 523 | c.error=SSL_R_BAD_LENGTH; | 511 | } else { |
| 524 | goto err; | 512 | ret->sid_ctx_length = os.length; |
| 525 | } | 513 | memcpy(ret->sid_ctx, os.data, os.length); |
| 526 | else | ||
| 527 | { | ||
| 528 | ret->sid_ctx_length=os.length; | ||
| 529 | memcpy(ret->sid_ctx,os.data,os.length); | ||
| 530 | } | ||
| 531 | OPENSSL_free(os.data); os.data=NULL; os.length=0; | ||
| 532 | } | ||
| 533 | else | ||
| 534 | ret->sid_ctx_length=0; | ||
| 535 | |||
| 536 | ai.length=0; | ||
| 537 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); | ||
| 538 | if (ai.data != NULL) | ||
| 539 | { | ||
| 540 | ret->verify_result=ASN1_INTEGER_get(aip); | ||
| 541 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 542 | } | 514 | } |
| 543 | else | 515 | OPENSSL_free(os.data); |
| 544 | ret->verify_result=X509_V_OK; | 516 | os.data = NULL; |
| 517 | os.length = 0; | ||
| 518 | } else | ||
| 519 | ret->sid_ctx_length = 0; | ||
| 520 | |||
| 521 | ai.length = 0; | ||
| 522 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5); | ||
| 523 | if (ai.data != NULL) { | ||
| 524 | ret->verify_result = ASN1_INTEGER_get(aip); | ||
| 525 | OPENSSL_free(ai.data); | ||
| 526 | ai.data = NULL; | ||
| 527 | ai.length = 0; | ||
| 528 | } else | ||
| 529 | ret->verify_result = X509_V_OK; | ||
| 545 | 530 | ||
| 546 | #ifndef OPENSSL_NO_TLSEXT | 531 | #ifndef OPENSSL_NO_TLSEXT |
| 547 | os.length=0; | 532 | os.length = 0; |
| 548 | os.data=NULL; | 533 | os.data = NULL; |
| 549 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); | 534 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); |
| 550 | if (os.data) | 535 | if (os.data) { |
| 551 | { | ||
| 552 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); | 536 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); |
| 553 | OPENSSL_free(os.data); | 537 | OPENSSL_free(os.data); |
| 554 | os.data = NULL; | 538 | os.data = NULL; |
| 555 | os.length = 0; | 539 | os.length = 0; |
| 556 | } | 540 | } else |
| 557 | else | 541 | ret->tlsext_hostname = NULL; |
| 558 | ret->tlsext_hostname=NULL; | ||
| 559 | #endif /* OPENSSL_NO_TLSEXT */ | 542 | #endif /* OPENSSL_NO_TLSEXT */ |
| 560 | 543 | ||
| 561 | #ifndef OPENSSL_NO_PSK | 544 | #ifndef OPENSSL_NO_PSK |
| 562 | os.length=0; | 545 | os.length = 0; |
| 563 | os.data=NULL; | 546 | os.data = NULL; |
| 564 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); | 547 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 7); |
| 565 | if (os.data) | 548 | if (os.data) { |
| 566 | { | ||
| 567 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); | 549 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); |
| 568 | OPENSSL_free(os.data); | 550 | OPENSSL_free(os.data); |
| 569 | os.data = NULL; | 551 | os.data = NULL; |
| 570 | os.length = 0; | 552 | os.length = 0; |
| 571 | } | 553 | } else |
| 572 | else | 554 | ret->psk_identity_hint = NULL; |
| 573 | ret->psk_identity_hint=NULL; | ||
| 574 | 555 | ||
| 575 | os.length=0; | 556 | os.length = 0; |
| 576 | os.data=NULL; | 557 | os.data = NULL; |
| 577 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8); | 558 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 8); |
| 578 | if (os.data) | 559 | if (os.data) { |
| 579 | { | ||
| 580 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); | 560 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); |
| 581 | OPENSSL_free(os.data); | 561 | OPENSSL_free(os.data); |
| 582 | os.data = NULL; | 562 | os.data = NULL; |
| 583 | os.length = 0; | 563 | os.length = 0; |
| 584 | } | 564 | } else |
| 585 | else | 565 | ret->psk_identity = NULL; |
| 586 | ret->psk_identity=NULL; | ||
| 587 | #endif /* OPENSSL_NO_PSK */ | 566 | #endif /* OPENSSL_NO_PSK */ |
| 588 | 567 | ||
| 589 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 590 | ai.length=0; | 569 | ai.length = 0; |
| 591 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | 570 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); |
| 592 | if (ai.data != NULL) | 571 | if (ai.data != NULL) { |
| 593 | { | 572 | ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip); |
| 594 | ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); | 573 | OPENSSL_free(ai.data); |
| 595 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | 574 | ai.data = NULL; |
| 596 | } | 575 | ai.length = 0; |
| 597 | else if (ret->tlsext_ticklen && ret->session_id_length) | 576 | } else if (ret->tlsext_ticklen && ret->session_id_length) |
| 598 | ret->tlsext_tick_lifetime_hint = -1; | 577 | ret->tlsext_tick_lifetime_hint = -1; |
| 599 | else | 578 | else |
| 600 | ret->tlsext_tick_lifetime_hint=0; | 579 | ret->tlsext_tick_lifetime_hint = 0; |
| 601 | os.length=0; | 580 | os.length = 0; |
| 602 | os.data=NULL; | 581 | os.data = NULL; |
| 603 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); | 582 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10); |
| 604 | if (os.data) | 583 | if (os.data) { |
| 605 | { | ||
| 606 | ret->tlsext_tick = os.data; | 584 | ret->tlsext_tick = os.data; |
| 607 | ret->tlsext_ticklen = os.length; | 585 | ret->tlsext_ticklen = os.length; |
| 608 | os.data = NULL; | 586 | os.data = NULL; |
| 609 | os.length = 0; | 587 | os.length = 0; |
| 610 | } | 588 | } else |
| 611 | else | 589 | ret->tlsext_tick = NULL; |
| 612 | ret->tlsext_tick=NULL; | ||
| 613 | #endif /* OPENSSL_NO_TLSEXT */ | 590 | #endif /* OPENSSL_NO_TLSEXT */ |
| 614 | #ifndef OPENSSL_NO_COMP | 591 | #ifndef OPENSSL_NO_COMP |
| 615 | os.length=0; | 592 | os.length = 0; |
| 616 | os.data=NULL; | 593 | os.data = NULL; |
| 617 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); | 594 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11); |
| 618 | if (os.data) | 595 | if (os.data) { |
| 619 | { | ||
| 620 | ret->compress_meth = os.data[0]; | 596 | ret->compress_meth = os.data[0]; |
| 621 | OPENSSL_free(os.data); | 597 | OPENSSL_free(os.data); |
| 622 | os.data = NULL; | 598 | os.data = NULL; |
| 623 | } | 599 | } |
| 624 | #endif | 600 | #endif |
| 625 | 601 | ||
| 626 | #ifndef OPENSSL_NO_SRP | 602 | #ifndef OPENSSL_NO_SRP |
| 627 | os.length=0; | 603 | os.length = 0; |
| 628 | os.data=NULL; | 604 | os.data = NULL; |
| 629 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12); | 605 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12); |
| 630 | if (os.data) | 606 | if (os.data) { |
| 631 | { | ||
| 632 | ret->srp_username = BUF_strndup((char *)os.data, os.length); | 607 | ret->srp_username = BUF_strndup((char *)os.data, os.length); |
| 633 | OPENSSL_free(os.data); | 608 | OPENSSL_free(os.data); |
| 634 | os.data = NULL; | 609 | os.data = NULL; |
| 635 | os.length = 0; | 610 | os.length = 0; |
| 636 | } | 611 | } else |
| 637 | else | 612 | ret->srp_username = NULL; |
| 638 | ret->srp_username=NULL; | ||
| 639 | #endif /* OPENSSL_NO_SRP */ | 613 | #endif /* OPENSSL_NO_SRP */ |
| 640 | 614 | ||
| 641 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 615 | M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); |
| 642 | } | 616 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c index 1aaddc351f..79eb4ee031 100644 --- a/src/lib/libssl/src/ssl/ssl_cert.c +++ b/src/lib/libssl/src/ssl/ssl_cert.c | |||
| @@ -132,36 +132,36 @@ | |||
| 132 | #include <openssl/bn.h> | 132 | #include <openssl/bn.h> |
| 133 | #include "ssl_locl.h" | 133 | #include "ssl_locl.h" |
| 134 | 134 | ||
| 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) | 135 | int |
| 136 | { | 136 | SSL_get_ex_data_X509_STORE_CTX_idx(void) |
| 137 | static volatile int ssl_x509_store_ctx_idx= -1; | 137 | { |
| 138 | static volatile int ssl_x509_store_ctx_idx = -1; | ||
| 138 | int got_write_lock = 0; | 139 | int got_write_lock = 0; |
| 139 | 140 | ||
| 140 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 141 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 141 | 142 | ||
| 142 | if (ssl_x509_store_ctx_idx < 0) | 143 | if (ssl_x509_store_ctx_idx < 0) { |
| 143 | { | ||
| 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 146 | got_write_lock = 1; | 146 | got_write_lock = 1; |
| 147 | 147 | ||
| 148 | if (ssl_x509_store_ctx_idx < 0) | 148 | if (ssl_x509_store_ctx_idx < 0) { |
| 149 | { | 149 | ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( |
| 150 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | 150 | 0, "SSL for verify callback", NULL, NULL, NULL); |
| 151 | 0,"SSL for verify callback",NULL,NULL,NULL); | ||
| 152 | } | ||
| 153 | } | 151 | } |
| 152 | } | ||
| 154 | 153 | ||
| 155 | if (got_write_lock) | 154 | if (got_write_lock) |
| 156 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 155 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 157 | else | 156 | else |
| 158 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 157 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 159 | 158 | ||
| 160 | return ssl_x509_store_ctx_idx; | 159 | return ssl_x509_store_ctx_idx; |
| 161 | } | 160 | } |
| 162 | 161 | ||
| 163 | static void ssl_cert_set_default_md(CERT *cert) | 162 | static void |
| 164 | { | 163 | ssl_cert_set_default_md(CERT *cert) |
| 164 | { | ||
| 165 | /* Set digest values to defaults */ | 165 | /* Set digest values to defaults */ |
| 166 | #ifndef OPENSSL_NO_DSA | 166 | #ifndef OPENSSL_NO_DSA |
| 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); |
| @@ -173,37 +173,37 @@ static void ssl_cert_set_default_md(CERT *cert) | |||
| 173 | #ifndef OPENSSL_NO_ECDSA | 173 | #ifndef OPENSSL_NO_ECDSA |
| 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 175 | #endif | 175 | #endif |
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | CERT *ssl_cert_new(void) | 178 | CERT |
| 179 | { | 179 | *ssl_cert_new(void) |
| 180 | { | ||
| 180 | CERT *ret; | 181 | CERT *ret; |
| 181 | 182 | ||
| 182 | ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); | 183 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 183 | if (ret == NULL) | 184 | if (ret == NULL) { |
| 184 | { | 185 | SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 185 | SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); | 186 | return (NULL); |
| 186 | return(NULL); | 187 | } |
| 187 | } | 188 | memset(ret, 0, sizeof(CERT)); |
| 188 | memset(ret,0,sizeof(CERT)); | ||
| 189 | 189 | ||
| 190 | ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); | 190 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); |
| 191 | ret->references=1; | 191 | ret->references = 1; |
| 192 | ssl_cert_set_default_md(ret); | 192 | ssl_cert_set_default_md(ret); |
| 193 | return(ret); | 193 | return (ret); |
| 194 | } | 194 | } |
| 195 | 195 | ||
| 196 | CERT *ssl_cert_dup(CERT *cert) | 196 | CERT |
| 197 | { | 197 | *ssl_cert_dup(CERT *cert) |
| 198 | { | ||
| 198 | CERT *ret; | 199 | CERT *ret; |
| 199 | int i; | 200 | int i; |
| 200 | 201 | ||
| 201 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); | 202 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 202 | if (ret == NULL) | 203 | if (ret == NULL) { |
| 203 | { | ||
| 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); | 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); |
| 205 | return(NULL); | 205 | return (NULL); |
| 206 | } | 206 | } |
| 207 | 207 | ||
| 208 | memset(ret, 0, sizeof(CERT)); | 208 | memset(ret, 0, sizeof(CERT)); |
| 209 | 209 | ||
| @@ -218,77 +218,64 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 218 | ret->export_mask_a = cert->export_mask_a; | 218 | ret->export_mask_a = cert->export_mask_a; |
| 219 | 219 | ||
| 220 | #ifndef OPENSSL_NO_RSA | 220 | #ifndef OPENSSL_NO_RSA |
| 221 | if (cert->rsa_tmp != NULL) | 221 | if (cert->rsa_tmp != NULL) { |
| 222 | { | ||
| 223 | RSA_up_ref(cert->rsa_tmp); | 222 | RSA_up_ref(cert->rsa_tmp); |
| 224 | ret->rsa_tmp = cert->rsa_tmp; | 223 | ret->rsa_tmp = cert->rsa_tmp; |
| 225 | } | 224 | } |
| 226 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; | 225 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | #ifndef OPENSSL_NO_DH | 228 | #ifndef OPENSSL_NO_DH |
| 230 | if (cert->dh_tmp != NULL) | 229 | if (cert->dh_tmp != NULL) { |
| 231 | { | ||
| 232 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 230 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); |
| 233 | if (ret->dh_tmp == NULL) | 231 | if (ret->dh_tmp == NULL) { |
| 234 | { | ||
| 235 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); | 232 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); |
| 236 | goto err; | 233 | goto err; |
| 237 | } | 234 | } |
| 238 | if (cert->dh_tmp->priv_key) | 235 | if (cert->dh_tmp->priv_key) { |
| 239 | { | ||
| 240 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | 236 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); |
| 241 | if (!b) | 237 | if (!b) { |
| 242 | { | ||
| 243 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 238 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 244 | goto err; | 239 | goto err; |
| 245 | } | ||
| 246 | ret->dh_tmp->priv_key = b; | ||
| 247 | } | 240 | } |
| 248 | if (cert->dh_tmp->pub_key) | 241 | ret->dh_tmp->priv_key = b; |
| 249 | { | 242 | } |
| 243 | if (cert->dh_tmp->pub_key) { | ||
| 250 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | 244 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); |
| 251 | if (!b) | 245 | if (!b) { |
| 252 | { | ||
| 253 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 246 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 254 | goto err; | 247 | goto err; |
| 255 | } | ||
| 256 | ret->dh_tmp->pub_key = b; | ||
| 257 | } | 248 | } |
| 249 | ret->dh_tmp->pub_key = b; | ||
| 258 | } | 250 | } |
| 251 | } | ||
| 259 | ret->dh_tmp_cb = cert->dh_tmp_cb; | 252 | ret->dh_tmp_cb = cert->dh_tmp_cb; |
| 260 | #endif | 253 | #endif |
| 261 | 254 | ||
| 262 | #ifndef OPENSSL_NO_ECDH | 255 | #ifndef OPENSSL_NO_ECDH |
| 263 | if (cert->ecdh_tmp) | 256 | if (cert->ecdh_tmp) { |
| 264 | { | ||
| 265 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | 257 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); |
| 266 | if (ret->ecdh_tmp == NULL) | 258 | if (ret->ecdh_tmp == NULL) { |
| 267 | { | ||
| 268 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | 259 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); |
| 269 | goto err; | 260 | goto err; |
| 270 | } | ||
| 271 | } | 261 | } |
| 262 | } | ||
| 272 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | 263 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; |
| 273 | #endif | 264 | #endif |
| 274 | 265 | ||
| 275 | for (i = 0; i < SSL_PKEY_NUM; i++) | 266 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 276 | { | 267 | if (cert->pkeys[i].x509 != NULL) { |
| 277 | if (cert->pkeys[i].x509 != NULL) | ||
| 278 | { | ||
| 279 | ret->pkeys[i].x509 = cert->pkeys[i].x509; | 268 | ret->pkeys[i].x509 = cert->pkeys[i].x509; |
| 280 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, | 269 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, |
| 281 | CRYPTO_LOCK_X509); | 270 | CRYPTO_LOCK_X509); |
| 282 | } | 271 | } |
| 283 | 272 | ||
| 284 | if (cert->pkeys[i].privatekey != NULL) | 273 | if (cert->pkeys[i].privatekey != NULL) { |
| 285 | { | ||
| 286 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; | 274 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; |
| 287 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, | 275 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, |
| 288 | CRYPTO_LOCK_EVP_PKEY); | 276 | CRYPTO_LOCK_EVP_PKEY); |
| 289 | 277 | ||
| 290 | switch(i) | 278 | switch (i) { |
| 291 | { | ||
| 292 | /* If there was anything special to do for | 279 | /* If there was anything special to do for |
| 293 | * certain types of keys, we'd do it here. | 280 | * certain types of keys, we'd do it here. |
| 294 | * (Nothing at the moment, I think.) */ | 281 | * (Nothing at the moment, I think.) */ |
| @@ -297,11 +284,11 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 297 | case SSL_PKEY_RSA_SIGN: | 284 | case SSL_PKEY_RSA_SIGN: |
| 298 | /* We have an RSA key. */ | 285 | /* We have an RSA key. */ |
| 299 | break; | 286 | break; |
| 300 | 287 | ||
| 301 | case SSL_PKEY_DSA_SIGN: | 288 | case SSL_PKEY_DSA_SIGN: |
| 302 | /* We have a DSA key. */ | 289 | /* We have a DSA key. */ |
| 303 | break; | 290 | break; |
| 304 | 291 | ||
| 305 | case SSL_PKEY_DH_RSA: | 292 | case SSL_PKEY_DH_RSA: |
| 306 | case SSL_PKEY_DH_DSA: | 293 | case SSL_PKEY_DH_DSA: |
| 307 | /* We have a DH key. */ | 294 | /* We have a DH key. */ |
| @@ -314,21 +301,21 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 314 | default: | 301 | default: |
| 315 | /* Can't happen. */ | 302 | /* Can't happen. */ |
| 316 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | 303 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); |
| 317 | } | ||
| 318 | } | 304 | } |
| 319 | } | 305 | } |
| 320 | 306 | } | |
| 307 | |||
| 321 | /* ret->extra_certs *should* exist, but currently the own certificate | 308 | /* ret->extra_certs *should* exist, but currently the own certificate |
| 322 | * chain is held inside SSL_CTX */ | 309 | * chain is held inside SSL_CTX */ |
| 323 | 310 | ||
| 324 | ret->references=1; | 311 | ret->references = 1; |
| 325 | /* Set digests to defaults. NB: we don't copy existing values as they | 312 | /* Set digests to defaults. NB: we don't copy existing values as they |
| 326 | * will be set during handshake. | 313 | * will be set during handshake. |
| 327 | */ | 314 | */ |
| 328 | ssl_cert_set_default_md(ret); | 315 | ssl_cert_set_default_md(ret); |
| 329 | 316 | ||
| 330 | return(ret); | 317 | return (ret); |
| 331 | 318 | ||
| 332 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) | 319 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) |
| 333 | err: | 320 | err: |
| 334 | #endif | 321 | #endif |
| @@ -345,50 +332,52 @@ err: | |||
| 345 | EC_KEY_free(ret->ecdh_tmp); | 332 | EC_KEY_free(ret->ecdh_tmp); |
| 346 | #endif | 333 | #endif |
| 347 | 334 | ||
| 348 | for (i = 0; i < SSL_PKEY_NUM; i++) | 335 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 349 | { | ||
| 350 | if (ret->pkeys[i].x509 != NULL) | 336 | if (ret->pkeys[i].x509 != NULL) |
| 351 | X509_free(ret->pkeys[i].x509); | 337 | X509_free(ret->pkeys[i].x509); |
| 352 | if (ret->pkeys[i].privatekey != NULL) | 338 | if (ret->pkeys[i].privatekey != NULL) |
| 353 | EVP_PKEY_free(ret->pkeys[i].privatekey); | 339 | EVP_PKEY_free(ret->pkeys[i].privatekey); |
| 354 | } | 340 | } |
| 355 | 341 | ||
| 356 | return NULL; | 342 | return NULL; |
| 357 | } | 343 | } |
| 358 | 344 | ||
| 359 | 345 | ||
| 360 | void ssl_cert_free(CERT *c) | 346 | void |
| 361 | { | 347 | ssl_cert_free(CERT *c) |
| 348 | { | ||
| 362 | int i; | 349 | int i; |
| 363 | 350 | ||
| 364 | if(c == NULL) | 351 | if (c == NULL) |
| 365 | return; | 352 | return; |
| 366 | 353 | ||
| 367 | i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); | 354 | i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); |
| 368 | #ifdef REF_PRINT | 355 | #ifdef REF_PRINT |
| 369 | REF_PRINT("CERT",c); | 356 | REF_PRINT("CERT", c); |
| 370 | #endif | 357 | #endif |
| 371 | if (i > 0) return; | 358 | if (i > 0) |
| 359 | return; | ||
| 372 | #ifdef REF_CHECK | 360 | #ifdef REF_CHECK |
| 373 | if (i < 0) | 361 | if (i < 0) { |
| 374 | { | 362 | fprintf(stderr, "ssl_cert_free, bad reference count\n"); |
| 375 | fprintf(stderr,"ssl_cert_free, bad reference count\n"); | ||
| 376 | abort(); /* ok */ | 363 | abort(); /* ok */ |
| 377 | } | 364 | } |
| 378 | #endif | 365 | #endif |
| 379 | 366 | ||
| 380 | #ifndef OPENSSL_NO_RSA | 367 | #ifndef OPENSSL_NO_RSA |
| 381 | if (c->rsa_tmp) RSA_free(c->rsa_tmp); | 368 | if (c->rsa_tmp) |
| 369 | RSA_free(c->rsa_tmp); | ||
| 382 | #endif | 370 | #endif |
| 383 | #ifndef OPENSSL_NO_DH | 371 | #ifndef OPENSSL_NO_DH |
| 384 | if (c->dh_tmp) DH_free(c->dh_tmp); | 372 | if (c->dh_tmp) |
| 373 | DH_free(c->dh_tmp); | ||
| 385 | #endif | 374 | #endif |
| 386 | #ifndef OPENSSL_NO_ECDH | 375 | #ifndef OPENSSL_NO_ECDH |
| 387 | if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); | 376 | if (c->ecdh_tmp) |
| 377 | EC_KEY_free(c->ecdh_tmp); | ||
| 388 | #endif | 378 | #endif |
| 389 | 379 | ||
| 390 | for (i=0; i<SSL_PKEY_NUM; i++) | 380 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 391 | { | ||
| 392 | if (c->pkeys[i].x509 != NULL) | 381 | if (c->pkeys[i].x509 != NULL) |
| 393 | X509_free(c->pkeys[i].x509); | 382 | X509_free(c->pkeys[i].x509); |
| 394 | if (c->pkeys[i].privatekey != NULL) | 383 | if (c->pkeys[i].privatekey != NULL) |
| @@ -397,12 +386,13 @@ void ssl_cert_free(CERT *c) | |||
| 397 | if (c->pkeys[i].publickey != NULL) | 386 | if (c->pkeys[i].publickey != NULL) |
| 398 | EVP_PKEY_free(c->pkeys[i].publickey); | 387 | EVP_PKEY_free(c->pkeys[i].publickey); |
| 399 | #endif | 388 | #endif |
| 400 | } | ||
| 401 | OPENSSL_free(c); | ||
| 402 | } | 389 | } |
| 390 | OPENSSL_free(c); | ||
| 391 | } | ||
| 403 | 392 | ||
| 404 | int ssl_cert_inst(CERT **o) | 393 | int |
| 405 | { | 394 | ssl_cert_inst(CERT **o) |
| 395 | { | ||
| 406 | /* Create a CERT if there isn't already one | 396 | /* Create a CERT if there isn't already one |
| 407 | * (which cannot really happen, as it is initially created in | 397 | * (which cannot really happen, as it is initially created in |
| 408 | * SSL_CTX_new; but the earlier code usually allows for that one | 398 | * SSL_CTX_new; but the earlier code usually allows for that one |
| @@ -412,44 +402,42 @@ int ssl_cert_inst(CERT **o) | |||
| 412 | * s->cert being NULL, otherwise we could do without the | 402 | * s->cert being NULL, otherwise we could do without the |
| 413 | * initialization in SSL_CTX_new). | 403 | * initialization in SSL_CTX_new). |
| 414 | */ | 404 | */ |
| 415 | 405 | ||
| 416 | if (o == NULL) | 406 | if (o == NULL) { |
| 417 | { | ||
| 418 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); | 407 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); |
| 419 | return(0); | 408 | return (0); |
| 420 | } | 409 | } |
| 421 | if (*o == NULL) | 410 | if (*o == NULL) { |
| 422 | { | 411 | if ((*o = ssl_cert_new()) == NULL) { |
| 423 | if ((*o = ssl_cert_new()) == NULL) | ||
| 424 | { | ||
| 425 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); | 412 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); |
| 426 | return(0); | 413 | return (0); |
| 427 | } | ||
| 428 | } | 414 | } |
| 429 | return(1); | ||
| 430 | } | 415 | } |
| 416 | return (1); | ||
| 417 | } | ||
| 431 | 418 | ||
| 432 | 419 | ||
| 433 | SESS_CERT *ssl_sess_cert_new(void) | 420 | SESS_CERT |
| 434 | { | 421 | *ssl_sess_cert_new(void) |
| 422 | { | ||
| 435 | SESS_CERT *ret; | 423 | SESS_CERT *ret; |
| 436 | 424 | ||
| 437 | ret = OPENSSL_malloc(sizeof *ret); | 425 | ret = OPENSSL_malloc(sizeof *ret); |
| 438 | if (ret == NULL) | 426 | if (ret == NULL) { |
| 439 | { | ||
| 440 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); | 427 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 441 | return NULL; | 428 | return NULL; |
| 442 | } | 429 | } |
| 443 | 430 | ||
| 444 | memset(ret, 0 ,sizeof *ret); | 431 | memset(ret, 0 , sizeof *ret); |
| 445 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | 432 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); |
| 446 | ret->references = 1; | 433 | ret->references = 1; |
| 447 | 434 | ||
| 448 | return ret; | 435 | return ret; |
| 449 | } | 436 | } |
| 450 | 437 | ||
| 451 | void ssl_sess_cert_free(SESS_CERT *sc) | 438 | void |
| 452 | { | 439 | ssl_sess_cert_free(SESS_CERT *sc) |
| 440 | { | ||
| 453 | int i; | 441 | int i; |
| 454 | 442 | ||
| 455 | if (sc == NULL) | 443 | if (sc == NULL) |
| @@ -462,27 +450,25 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 462 | if (i > 0) | 450 | if (i > 0) |
| 463 | return; | 451 | return; |
| 464 | #ifdef REF_CHECK | 452 | #ifdef REF_CHECK |
| 465 | if (i < 0) | 453 | if (i < 0) { |
| 466 | { | 454 | fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); |
| 467 | fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); | ||
| 468 | abort(); /* ok */ | 455 | abort(); /* ok */ |
| 469 | } | 456 | } |
| 470 | #endif | 457 | #endif |
| 471 | 458 | ||
| 472 | /* i == 0 */ | 459 | /* i == 0 */ |
| 473 | if (sc->cert_chain != NULL) | 460 | if (sc->cert_chain != NULL) |
| 474 | sk_X509_pop_free(sc->cert_chain, X509_free); | 461 | sk_X509_pop_free(sc->cert_chain, X509_free); |
| 475 | for (i = 0; i < SSL_PKEY_NUM; i++) | 462 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 476 | { | ||
| 477 | if (sc->peer_pkeys[i].x509 != NULL) | 463 | if (sc->peer_pkeys[i].x509 != NULL) |
| 478 | X509_free(sc->peer_pkeys[i].x509); | 464 | X509_free(sc->peer_pkeys[i].x509); |
| 479 | #if 0 /* We don't have the peer's private key. These lines are just | 465 | #if 0 /* We don't have the peer's private key. These lines are just |
| 480 | * here as a reminder that we're still using a not-quite-appropriate | 466 | * here as a reminder that we're still using a not-quite-appropriate |
| 481 | * data structure. */ | 467 | * data structure. */ |
| 482 | if (sc->peer_pkeys[i].privatekey != NULL) | 468 | if (sc->peer_pkeys[i].privatekey != NULL) |
| 483 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); | 469 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); |
| 484 | #endif | 470 | #endif |
| 485 | } | 471 | } |
| 486 | 472 | ||
| 487 | #ifndef OPENSSL_NO_RSA | 473 | #ifndef OPENSSL_NO_RSA |
| 488 | if (sc->peer_rsa_tmp != NULL) | 474 | if (sc->peer_rsa_tmp != NULL) |
| @@ -498,34 +484,35 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 498 | #endif | 484 | #endif |
| 499 | 485 | ||
| 500 | OPENSSL_free(sc); | 486 | OPENSSL_free(sc); |
| 501 | } | 487 | } |
| 502 | 488 | ||
| 503 | int ssl_set_peer_cert_type(SESS_CERT *sc,int type) | 489 | int |
| 504 | { | 490 | ssl_set_peer_cert_type(SESS_CERT *sc, int type) |
| 491 | { | ||
| 505 | sc->peer_cert_type = type; | 492 | sc->peer_cert_type = type; |
| 506 | return(1); | 493 | return (1); |
| 507 | } | 494 | } |
| 508 | 495 | ||
| 509 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | 496 | int |
| 510 | { | 497 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) |
| 498 | { | ||
| 511 | X509 *x; | 499 | X509 *x; |
| 512 | int i; | 500 | int i; |
| 513 | X509_STORE_CTX ctx; | 501 | X509_STORE_CTX ctx; |
| 514 | 502 | ||
| 515 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | 503 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) |
| 516 | return(0); | 504 | return (0); |
| 517 | 505 | ||
| 518 | x=sk_X509_value(sk,0); | 506 | x = sk_X509_value(sk, 0); |
| 519 | if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) | 507 | if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { |
| 520 | { | 508 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); |
| 521 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | 509 | return (0); |
| 522 | return(0); | 510 | } |
| 523 | } | ||
| 524 | #if 0 | 511 | #if 0 |
| 525 | if (SSL_get_verify_depth(s) >= 0) | 512 | if (SSL_get_verify_depth(s) >= 0) |
| 526 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | 513 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); |
| 527 | #endif | 514 | #endif |
| 528 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | 515 | X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); |
| 529 | 516 | ||
| 530 | /* We need to inherit the verify parameters. These can be determined by | 517 | /* We need to inherit the verify parameters. These can be determined by |
| 531 | * the context: if its a server it will verify SSL client certificates | 518 | * the context: if its a server it will verify SSL client certificates |
| @@ -533,7 +520,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 533 | */ | 520 | */ |
| 534 | 521 | ||
| 535 | X509_STORE_CTX_set_default(&ctx, | 522 | X509_STORE_CTX_set_default(&ctx, |
| 536 | s->server ? "ssl_client" : "ssl_server"); | 523 | s->server ? "ssl_client" : "ssl_server"); |
| 537 | /* Anything non-default in "param" should overwrite anything in the | 524 | /* Anything non-default in "param" should overwrite anything in the |
| 538 | * ctx. | 525 | * ctx. |
| 539 | */ | 526 | */ |
| @@ -544,121 +531,127 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 544 | 531 | ||
| 545 | if (s->ctx->app_verify_callback != NULL) | 532 | if (s->ctx->app_verify_callback != NULL) |
| 546 | #if 1 /* new with OpenSSL 0.9.7 */ | 533 | #if 1 /* new with OpenSSL 0.9.7 */ |
| 547 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | 534 | i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); |
| 535 | |||
| 548 | #else | 536 | #else |
| 549 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ | 537 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ |
| 550 | #endif | 538 | #endif |
| 551 | else | 539 | else { |
| 552 | { | ||
| 553 | #ifndef OPENSSL_NO_X509_VERIFY | 540 | #ifndef OPENSSL_NO_X509_VERIFY |
| 554 | i=X509_verify_cert(&ctx); | 541 | i = X509_verify_cert(&ctx); |
| 555 | #else | 542 | #else |
| 556 | i=0; | 543 | i = 0; |
| 557 | ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; | 544 | ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; |
| 558 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); | 545 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); |
| 559 | #endif | 546 | #endif |
| 560 | } | 547 | } |
| 561 | 548 | ||
| 562 | s->verify_result=ctx.error; | 549 | s->verify_result = ctx.error; |
| 563 | X509_STORE_CTX_cleanup(&ctx); | 550 | X509_STORE_CTX_cleanup(&ctx); |
| 564 | 551 | ||
| 565 | return(i); | 552 | return (i); |
| 566 | } | 553 | } |
| 567 | 554 | ||
| 568 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) | 555 | static void |
| 569 | { | 556 | set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) |
| 557 | { | ||
| 570 | if (*ca_list != NULL) | 558 | if (*ca_list != NULL) |
| 571 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); | 559 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); |
| 572 | 560 | ||
| 573 | *ca_list=name_list; | 561 | *ca_list = name_list; |
| 574 | } | 562 | } |
| 575 | 563 | ||
| 576 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | 564 | STACK_OF(X509_NAME) |
| 577 | { | 565 | *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) |
| 566 | { | ||
| 578 | int i; | 567 | int i; |
| 579 | STACK_OF(X509_NAME) *ret; | 568 | STACK_OF(X509_NAME) *ret; |
| 580 | X509_NAME *name; | 569 | X509_NAME *name; |
| 581 | 570 | ||
| 582 | ret=sk_X509_NAME_new_null(); | 571 | ret = sk_X509_NAME_new_null(); |
| 583 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 572 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 584 | { | 573 | name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); |
| 585 | name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); | 574 | if ((name == NULL) || !sk_X509_NAME_push(ret, name)) { |
| 586 | if ((name == NULL) || !sk_X509_NAME_push(ret,name)) | 575 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 587 | { | 576 | return (NULL); |
| 588 | sk_X509_NAME_pop_free(ret,X509_NAME_free); | ||
| 589 | return(NULL); | ||
| 590 | } | ||
| 591 | } | 577 | } |
| 592 | return(ret); | ||
| 593 | } | 578 | } |
| 594 | 579 | return (ret); | |
| 595 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) | 580 | } |
| 596 | { | 581 | |
| 597 | set_client_CA_list(&(s->client_CA),name_list); | 582 | void |
| 598 | } | 583 | SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) |
| 599 | 584 | { | |
| 600 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) | 585 | set_client_CA_list(&(s->client_CA), name_list); |
| 601 | { | 586 | } |
| 602 | set_client_CA_list(&(ctx->client_CA),name_list); | 587 | |
| 603 | } | 588 | void |
| 604 | 589 | SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) | |
| 605 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) | 590 | { |
| 606 | { | 591 | set_client_CA_list(&(ctx->client_CA), name_list); |
| 607 | return(ctx->client_CA); | 592 | } |
| 608 | } | 593 | |
| 609 | 594 | STACK_OF(X509_NAME) | |
| 610 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) | 595 | *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) |
| 611 | { | 596 | { |
| 597 | return (ctx->client_CA); | ||
| 598 | } | ||
| 599 | |||
| 600 | STACK_OF(X509_NAME) | ||
| 601 | *SSL_get_client_CA_list(const SSL *s) | ||
| 602 | { | ||
| 612 | if (s->type == SSL_ST_CONNECT) | 603 | if (s->type == SSL_ST_CONNECT) |
| 613 | { /* we are in the client */ | 604 | { /* we are in the client */ |
| 614 | if (((s->version>>8) == SSL3_VERSION_MAJOR) && | 605 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && |
| 615 | (s->s3 != NULL)) | 606 | (s->s3 != NULL)) |
| 616 | return(s->s3->tmp.ca_names); | 607 | return (s->s3->tmp.ca_names); |
| 617 | else | 608 | else |
| 618 | return(NULL); | 609 | return (NULL); |
| 619 | } | 610 | } else { |
| 620 | else | ||
| 621 | { | ||
| 622 | if (s->client_CA != NULL) | 611 | if (s->client_CA != NULL) |
| 623 | return(s->client_CA); | 612 | return (s->client_CA); |
| 624 | else | 613 | else |
| 625 | return(s->ctx->client_CA); | 614 | return (s->ctx->client_CA); |
| 626 | } | ||
| 627 | } | 615 | } |
| 616 | } | ||
| 628 | 617 | ||
| 629 | static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) | 618 | static int |
| 630 | { | 619 | add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) |
| 620 | { | ||
| 631 | X509_NAME *name; | 621 | X509_NAME *name; |
| 632 | 622 | ||
| 633 | if (x == NULL) return(0); | 623 | if (x == NULL) |
| 634 | if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) | 624 | return (0); |
| 635 | return(0); | 625 | if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) |
| 636 | 626 | return (0); | |
| 637 | if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) | ||
| 638 | return(0); | ||
| 639 | |||
| 640 | if (!sk_X509_NAME_push(*sk,name)) | ||
| 641 | { | ||
| 642 | X509_NAME_free(name); | ||
| 643 | return(0); | ||
| 644 | } | ||
| 645 | return(1); | ||
| 646 | } | ||
| 647 | 627 | ||
| 648 | int SSL_add_client_CA(SSL *ssl,X509 *x) | 628 | if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) |
| 649 | { | 629 | return (0); |
| 650 | return(add_client_CA(&(ssl->client_CA),x)); | ||
| 651 | } | ||
| 652 | 630 | ||
| 653 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) | 631 | if (!sk_X509_NAME_push(*sk, name)) { |
| 654 | { | 632 | X509_NAME_free(name); |
| 655 | return(add_client_CA(&(ctx->client_CA),x)); | 633 | return (0); |
| 656 | } | ||
| 657 | |||
| 658 | static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 659 | { | ||
| 660 | return(X509_NAME_cmp(*a,*b)); | ||
| 661 | } | 634 | } |
| 635 | return (1); | ||
| 636 | } | ||
| 637 | |||
| 638 | int | ||
| 639 | SSL_add_client_CA(SSL *ssl, X509 *x) | ||
| 640 | { | ||
| 641 | return (add_client_CA(&(ssl->client_CA), x)); | ||
| 642 | } | ||
| 643 | |||
| 644 | int | ||
| 645 | SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) | ||
| 646 | { | ||
| 647 | return (add_client_CA(&(ctx->client_CA), x)); | ||
| 648 | } | ||
| 649 | |||
| 650 | static int | ||
| 651 | xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 652 | { | ||
| 653 | return (X509_NAME_cmp(*a, *b)); | ||
| 654 | } | ||
| 662 | 655 | ||
| 663 | #ifndef OPENSSL_NO_STDIO | 656 | #ifndef OPENSSL_NO_STDIO |
| 664 | /*! | 657 | /*! |
| @@ -669,65 +662,65 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | |||
| 669 | * \param file the file containing one or more certs. | 662 | * \param file the file containing one or more certs. |
| 670 | * \return a ::STACK containing the certs. | 663 | * \return a ::STACK containing the certs. |
| 671 | */ | 664 | */ |
| 672 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) | 665 | STACK_OF(X509_NAME) |
| 673 | { | 666 | *SSL_load_client_CA_file(const char *file) |
| 667 | { | ||
| 674 | BIO *in; | 668 | BIO *in; |
| 675 | X509 *x=NULL; | 669 | X509 *x = NULL; |
| 676 | X509_NAME *xn=NULL; | 670 | X509_NAME *xn = NULL; |
| 677 | STACK_OF(X509_NAME) *ret = NULL,*sk; | 671 | STACK_OF(X509_NAME) *ret = NULL, *sk; |
| 678 | 672 | ||
| 679 | sk=sk_X509_NAME_new(xname_cmp); | 673 | sk = sk_X509_NAME_new(xname_cmp); |
| 680 | 674 | ||
| 681 | in=BIO_new(BIO_s_file_internal()); | 675 | in = BIO_new(BIO_s_file_internal()); |
| 682 | 676 | ||
| 683 | if ((sk == NULL) || (in == NULL)) | 677 | if ((sk == NULL) || (in == NULL)) { |
| 684 | { | 678 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 685 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 686 | goto err; | 679 | goto err; |
| 687 | } | 680 | } |
| 688 | 681 | ||
| 689 | if (!BIO_read_filename(in,file)) | 682 | if (!BIO_read_filename(in, file)) |
| 690 | goto err; | 683 | goto err; |
| 691 | 684 | ||
| 692 | for (;;) | 685 | for (;;) { |
| 693 | { | 686 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 694 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 695 | break; | 687 | break; |
| 696 | if (ret == NULL) | 688 | if (ret == NULL) { |
| 697 | { | ||
| 698 | ret = sk_X509_NAME_new_null(); | 689 | ret = sk_X509_NAME_new_null(); |
| 699 | if (ret == NULL) | 690 | if (ret == NULL) { |
| 700 | { | 691 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 701 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 702 | goto err; | 692 | goto err; |
| 703 | } | ||
| 704 | } | 693 | } |
| 705 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 694 | } |
| 706 | /* check for duplicates */ | 695 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 707 | xn=X509_NAME_dup(xn); | 696 | /* check for duplicates */ |
| 708 | if (xn == NULL) goto err; | 697 | xn = X509_NAME_dup(xn); |
| 709 | if (sk_X509_NAME_find(sk,xn) >= 0) | 698 | if (xn == NULL) |
| 699 | goto err; | ||
| 700 | if (sk_X509_NAME_find(sk, xn) >= 0) | ||
| 710 | X509_NAME_free(xn); | 701 | X509_NAME_free(xn); |
| 711 | else | 702 | else { |
| 712 | { | 703 | sk_X509_NAME_push(sk, xn); |
| 713 | sk_X509_NAME_push(sk,xn); | 704 | sk_X509_NAME_push(ret, xn); |
| 714 | sk_X509_NAME_push(ret,xn); | ||
| 715 | } | ||
| 716 | } | 705 | } |
| 706 | } | ||
| 717 | 707 | ||
| 718 | if (0) | 708 | if (0) { |
| 719 | { | ||
| 720 | err: | 709 | err: |
| 721 | if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); | 710 | if (ret != NULL) |
| 722 | ret=NULL; | 711 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 723 | } | 712 | ret = NULL; |
| 724 | if (sk != NULL) sk_X509_NAME_free(sk); | 713 | } |
| 725 | if (in != NULL) BIO_free(in); | 714 | if (sk != NULL) |
| 726 | if (x != NULL) X509_free(x); | 715 | sk_X509_NAME_free(sk); |
| 716 | if (in != NULL) | ||
| 717 | BIO_free(in); | ||
| 718 | if (x != NULL) | ||
| 719 | X509_free(x); | ||
| 727 | if (ret != NULL) | 720 | if (ret != NULL) |
| 728 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 729 | return(ret); | 722 | return (ret); |
| 730 | } | 723 | } |
| 731 | #endif | 724 | #endif |
| 732 | 725 | ||
| 733 | /*! | 726 | /*! |
| @@ -739,57 +732,56 @@ err: | |||
| 739 | * certs may have been added to \c stack. | 732 | * certs may have been added to \c stack. |
| 740 | */ | 733 | */ |
| 741 | 734 | ||
| 742 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 735 | int |
| 743 | const char *file) | 736 | SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 744 | { | 737 | const char *file) |
| 738 | { | ||
| 745 | BIO *in; | 739 | BIO *in; |
| 746 | X509 *x=NULL; | 740 | X509 *x = NULL; |
| 747 | X509_NAME *xn=NULL; | 741 | X509_NAME *xn = NULL; |
| 748 | int ret=1; | 742 | int ret = 1; |
| 749 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); | 743 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); |
| 750 | 744 | ||
| 751 | oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); | 745 | oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); |
| 752 | 746 | ||
| 753 | in=BIO_new(BIO_s_file_internal()); | 747 | in = BIO_new(BIO_s_file_internal()); |
| 754 | 748 | ||
| 755 | if (in == NULL) | 749 | if (in == NULL) { |
| 756 | { | 750 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); |
| 757 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); | ||
| 758 | goto err; | 751 | goto err; |
| 759 | } | 752 | } |
| 760 | 753 | ||
| 761 | if (!BIO_read_filename(in,file)) | 754 | if (!BIO_read_filename(in, file)) |
| 762 | goto err; | 755 | goto err; |
| 763 | 756 | ||
| 764 | for (;;) | 757 | for (;;) { |
| 765 | { | 758 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 766 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 767 | break; | 759 | break; |
| 768 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 760 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 769 | xn=X509_NAME_dup(xn); | 761 | xn = X509_NAME_dup(xn); |
| 770 | if (xn == NULL) goto err; | 762 | if (xn == NULL) |
| 771 | if (sk_X509_NAME_find(stack,xn) >= 0) | 763 | goto err; |
| 764 | if (sk_X509_NAME_find(stack, xn) >= 0) | ||
| 772 | X509_NAME_free(xn); | 765 | X509_NAME_free(xn); |
| 773 | else | 766 | else |
| 774 | sk_X509_NAME_push(stack,xn); | 767 | sk_X509_NAME_push(stack, xn); |
| 775 | } | 768 | } |
| 776 | 769 | ||
| 777 | ERR_clear_error(); | 770 | ERR_clear_error(); |
| 778 | 771 | ||
| 779 | if (0) | 772 | if (0) { |
| 780 | { | ||
| 781 | err: | 773 | err: |
| 782 | ret=0; | 774 | ret = 0; |
| 783 | } | 775 | } |
| 784 | if(in != NULL) | 776 | if (in != NULL) |
| 785 | BIO_free(in); | 777 | BIO_free(in); |
| 786 | if(x != NULL) | 778 | if (x != NULL) |
| 787 | X509_free(x); | 779 | X509_free(x); |
| 788 | 780 | ||
| 789 | (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); | 781 | (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); |
| 790 | 782 | ||
| 791 | return ret; | 783 | return ret; |
| 792 | } | 784 | } |
| 793 | 785 | ||
| 794 | /*! | 786 | /*! |
| 795 | * Add a directory of certs to a stack. | 787 | * Add a directory of certs to a stack. |
| @@ -802,9 +794,10 @@ err: | |||
| 802 | * certs may have been added to \c stack. | 794 | * certs may have been added to \c stack. |
| 803 | */ | 795 | */ |
| 804 | 796 | ||
| 805 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 797 | int |
| 806 | const char *dir) | 798 | SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 807 | { | 799 | const char *dir) |
| 800 | { | ||
| 808 | OPENSSL_DIR_CTX *d = NULL; | 801 | OPENSSL_DIR_CTX *d = NULL; |
| 809 | const char *filename; | 802 | const char *filename; |
| 810 | int ret = 0; | 803 | int ret = 0; |
| @@ -813,36 +806,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 813 | 806 | ||
| 814 | /* Note that a side effect is that the CAs will be sorted by name */ | 807 | /* Note that a side effect is that the CAs will be sorted by name */ |
| 815 | 808 | ||
| 816 | while((filename = OPENSSL_DIR_read(&d, dir))) | 809 | while ((filename = OPENSSL_DIR_read(&d, dir))) { |
| 817 | { | ||
| 818 | char buf[1024]; | 810 | char buf[1024]; |
| 819 | int r; | 811 | int r; |
| 820 | 812 | ||
| 821 | if(strlen(dir)+strlen(filename)+2 > sizeof buf) | 813 | if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { |
| 822 | { | 814 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); |
| 823 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 824 | goto err; | 815 | goto err; |
| 825 | } | 816 | } |
| 826 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); | 817 | r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); |
| 827 | if (r <= 0 || r >= (int)sizeof(buf)) | 818 | if (r <= 0 || r >= (int)sizeof(buf)) |
| 828 | goto err; | 819 | goto err; |
| 829 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | 820 | if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) |
| 830 | goto err; | 821 | goto err; |
| 831 | } | 822 | } |
| 832 | 823 | ||
| 833 | if (errno) | 824 | if (errno) { |
| 834 | { | ||
| 835 | SYSerr(SYS_F_OPENDIR, errno); | 825 | SYSerr(SYS_F_OPENDIR, errno); |
| 836 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); | 826 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); |
| 837 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | 827 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); |
| 838 | goto err; | 828 | goto err; |
| 839 | } | 829 | } |
| 840 | 830 | ||
| 841 | ret = 1; | 831 | ret = 1; |
| 842 | 832 | ||
| 843 | err: | 833 | err: |
| 844 | if (d) OPENSSL_DIR_end(&d); | 834 | if (d) |
| 835 | OPENSSL_DIR_end(&d); | ||
| 845 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | 836 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); |
| 846 | return ret; | 837 | return ret; |
| 847 | } | 838 | } |
| 848 | 839 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index 0aba8e048c..f37c70cf91 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c | |||
| @@ -167,15 +167,15 @@ | |||
| 167 | #define SSL_ENC_NUM_IDX 14 | 167 | #define SSL_ENC_NUM_IDX 14 |
| 168 | 168 | ||
| 169 | 169 | ||
| 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { |
| 171 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL | 171 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
| 172 | }; | 172 | }; |
| 173 | 173 | ||
| 174 | #define SSL_COMP_NULL_IDX 0 | 174 | #define SSL_COMP_NULL_IDX 0 |
| 175 | #define SSL_COMP_ZLIB_IDX 1 | 175 | #define SSL_COMP_ZLIB_IDX 1 |
| 176 | #define SSL_COMP_NUM_IDX 2 | 176 | #define SSL_COMP_NUM_IDX 2 |
| 177 | 177 | ||
| 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; |
| 179 | 179 | ||
| 180 | #define SSL_MD_MD5_IDX 0 | 180 | #define SSL_MD_MD5_IDX 0 |
| 181 | #define SSL_MD_SHA1_IDX 1 | 181 | #define SSL_MD_SHA1_IDX 1 |
| @@ -187,27 +187,27 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | |||
| 187 | * defined in the | 187 | * defined in the |
| 188 | * ssl_locl.h */ | 188 | * ssl_locl.h */ |
| 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST |
| 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ | 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { |
| 191 | NULL,NULL,NULL,NULL,NULL,NULL | 191 | NULL, NULL, NULL, NULL, NULL, NULL |
| 192 | }; | 192 | }; |
| 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because | 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because |
| 194 | * implementation is engine-provided, we'll fill it only if | 194 | * implementation is engine-provided, we'll fill it only if |
| 195 | * corresponding EVP_PKEY_METHOD is found | 195 | * corresponding EVP_PKEY_METHOD is found |
| 196 | */ | 196 | */ |
| 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ | 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { |
| 198 | EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, | 198 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, |
| 199 | EVP_PKEY_HMAC,EVP_PKEY_HMAC | 199 | EVP_PKEY_HMAC, EVP_PKEY_HMAC |
| 200 | }; | 200 | }; |
| 201 | 201 | ||
| 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ | 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { |
| 203 | 0,0,0,0,0,0 | 203 | 0, 0, 0, 0, 0, 0 |
| 204 | }; | 204 | }; |
| 205 | 205 | ||
| 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { |
| 207 | SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, | 207 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, |
| 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, | 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, |
| 209 | SSL_HANDSHAKE_MAC_SHA384 | 209 | SSL_HANDSHAKE_MAC_SHA384 |
| 210 | }; | 210 | }; |
| 211 | 211 | ||
| 212 | #define CIPHER_ADD 1 | 212 | #define CIPHER_ADD 1 |
| 213 | #define CIPHER_KILL 2 | 213 | #define CIPHER_KILL 2 |
| @@ -215,376 +215,371 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | |||
| 215 | #define CIPHER_ORD 4 | 215 | #define CIPHER_ORD 4 |
| 216 | #define CIPHER_SPECIAL 5 | 216 | #define CIPHER_SPECIAL 5 |
| 217 | 217 | ||
| 218 | typedef struct cipher_order_st | 218 | typedef struct cipher_order_st { |
| 219 | { | ||
| 220 | const SSL_CIPHER *cipher; | 219 | const SSL_CIPHER *cipher; |
| 221 | int active; | 220 | int active; |
| 222 | int dead; | 221 | int dead; |
| 223 | struct cipher_order_st *next,*prev; | 222 | struct cipher_order_st *next, *prev; |
| 224 | } CIPHER_ORDER; | 223 | } CIPHER_ORDER; |
| 225 | 224 | ||
| 226 | static const SSL_CIPHER cipher_aliases[]={ | 225 | static const SSL_CIPHER cipher_aliases[] = { |
| 227 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ | 226 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ |
| 228 | {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, | 227 | {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 229 | /* "COMPLEMENTOFALL" */ | 228 | /* "COMPLEMENTOFALL" */ |
| 230 | {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, | 229 | {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 231 | 230 | ||
| 232 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ | 231 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ |
| 233 | {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, | 232 | {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 234 | 233 | ||
| 235 | /* key exchange aliases | 234 | /* key exchange aliases |
| 236 | * (some of those using only a single bit here combine | 235 | * (some of those using only a single bit here combine |
| 237 | * multiple key exchange algs according to the RFCs, | 236 | * multiple key exchange algs according to the RFCs, |
| 238 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ | 237 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ |
| 239 | {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, | 238 | {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 240 | 239 | ||
| 241 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 240 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 242 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 241 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 243 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 242 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 244 | {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, | 243 | {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 245 | {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, | 244 | {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 246 | 245 | ||
| 247 | {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, | 246 | {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 248 | 247 | ||
| 249 | {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, | 248 | {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 250 | {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, | 249 | {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 251 | {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, | 250 | {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 252 | {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, | 251 | {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 253 | {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, | 252 | {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 254 | 253 | ||
| 255 | {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, | 254 | {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 256 | {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, | 255 | {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 257 | {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, | 256 | {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 258 | 257 | ||
| 259 | /* server authentication aliases */ | 258 | /* server authentication aliases */ |
| 260 | {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, | 259 | {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 261 | {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 260 | {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 262 | {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 261 | {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 263 | {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, | 262 | {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 264 | {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, | 263 | {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 265 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 264 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 266 | {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, | 265 | {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, |
| 267 | {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, | 266 | {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 268 | {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, | 267 | {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 269 | {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, | 268 | {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 270 | {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, | 269 | {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, |
| 271 | {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, | 270 | {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 272 | {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, | 271 | {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 273 | 272 | ||
| 274 | /* aliases combining key exchange and server authentication */ | 273 | /* aliases combining key exchange and server authentication */ |
| 275 | {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 274 | {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 276 | {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 275 | {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 277 | {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 276 | {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 278 | {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, | 277 | {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 279 | {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, | 278 | {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 280 | {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, | 279 | {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 281 | {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, | 280 | {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 282 | {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, | 281 | {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 283 | {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, | 282 | {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 284 | 283 | ||
| 285 | 284 | ||
| 286 | /* symmetric encryption aliases */ | 285 | /* symmetric encryption aliases */ |
| 287 | {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, | 286 | {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, |
| 288 | {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, | 287 | {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, |
| 289 | {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, | 288 | {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, |
| 290 | {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, | 289 | {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, |
| 291 | {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, | 290 | {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, |
| 292 | {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, | 291 | {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, |
| 293 | {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 292 | {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 294 | {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, | 293 | {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, |
| 295 | {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, | 294 | {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 296 | {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, | 295 | {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, |
| 297 | {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, | 296 | {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 298 | {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, | 297 | {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, |
| 299 | {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, | 298 | {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 300 | {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, | 299 | {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 301 | 300 | ||
| 302 | /* MAC aliases */ | 301 | /* MAC aliases */ |
| 303 | {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, | 302 | {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, |
| 304 | {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 303 | {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 305 | {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 304 | {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 306 | {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, | 305 | {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, |
| 307 | {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, | 306 | {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, |
| 308 | {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, | 307 | {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, |
| 309 | {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, | 308 | {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, |
| 310 | 309 | ||
| 311 | /* protocol version aliases */ | 310 | /* protocol version aliases */ |
| 312 | {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, | 311 | {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, |
| 313 | {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, | 312 | {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, |
| 314 | {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, | 313 | {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, |
| 315 | {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, | 314 | {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, |
| 316 | 315 | ||
| 317 | /* export flag */ | 316 | /* export flag */ |
| 318 | {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 317 | {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 319 | {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 318 | {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 320 | 319 | ||
| 321 | /* strength classes */ | 320 | /* strength classes */ |
| 322 | {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, | 321 | {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, |
| 323 | {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, | 322 | {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, |
| 324 | {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, | 323 | {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, |
| 325 | {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, | 324 | {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, |
| 326 | {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, | 325 | {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, |
| 327 | /* FIPS 140-2 approved ciphersuite */ | 326 | /* FIPS 140-2 approved ciphersuite */ |
| 328 | {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, | 327 | {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, |
| 329 | }; | 328 | }; |
| 330 | /* Search for public key algorithm with given name and | 329 | /* Search for public key algorithm with given name and |
| 331 | * return its pkey_id if it is available. Otherwise return 0 | 330 | * return its pkey_id if it is available. Otherwise return 0 |
| 332 | */ | 331 | */ |
| 333 | #ifdef OPENSSL_NO_ENGINE | 332 | #ifdef OPENSSL_NO_ENGINE |
| 334 | 333 | ||
| 335 | static int get_optional_pkey_id(const char *pkey_name) | 334 | static int |
| 336 | { | 335 | get_optional_pkey_id(const char *pkey_name) |
| 336 | { | ||
| 337 | const EVP_PKEY_ASN1_METHOD *ameth; | 337 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 338 | int pkey_id=0; | 338 | int pkey_id = 0; |
| 339 | ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); | 339 | ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); |
| 340 | if (ameth) | 340 | if (ameth) { |
| 341 | { | 341 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 342 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 343 | } | ||
| 344 | return pkey_id; | ||
| 345 | } | 342 | } |
| 343 | return pkey_id; | ||
| 344 | } | ||
| 346 | 345 | ||
| 347 | #else | 346 | #else |
| 348 | 347 | ||
| 349 | static int get_optional_pkey_id(const char *pkey_name) | 348 | static int |
| 350 | { | 349 | get_optional_pkey_id(const char *pkey_name) |
| 350 | { | ||
| 351 | const EVP_PKEY_ASN1_METHOD *ameth; | 351 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 352 | ENGINE *tmpeng = NULL; | 352 | ENGINE *tmpeng = NULL; |
| 353 | int pkey_id=0; | 353 | int pkey_id = 0; |
| 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); | 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); |
| 355 | if (ameth) | 355 | if (ameth) { |
| 356 | { | 356 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 357 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 358 | } | ||
| 359 | if (tmpeng) ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | 357 | } |
| 358 | if (tmpeng) | ||
| 359 | ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | ||
| 362 | 362 | ||
| 363 | #endif | 363 | #endif |
| 364 | 364 | ||
| 365 | void ssl_load_ciphers(void) | 365 | void |
| 366 | { | 366 | ssl_load_ciphers(void) |
| 367 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 367 | { |
| 368 | EVP_get_cipherbyname(SN_des_cbc); | 368 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| 369 | EVP_get_cipherbyname(SN_des_cbc); | ||
| 369 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= | 370 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= |
| 370 | EVP_get_cipherbyname(SN_des_ede3_cbc); | 371 | EVP_get_cipherbyname(SN_des_ede3_cbc); |
| 371 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= | 372 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= |
| 372 | EVP_get_cipherbyname(SN_rc4); | 373 | EVP_get_cipherbyname(SN_rc4); |
| 373 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 374 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 374 | EVP_get_cipherbyname(SN_rc2_cbc); | 375 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 375 | #ifndef OPENSSL_NO_IDEA | 376 | #ifndef OPENSSL_NO_IDEA |
| 376 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 377 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 377 | EVP_get_cipherbyname(SN_idea_cbc); | 378 | EVP_get_cipherbyname(SN_idea_cbc); |
| 378 | #else | 379 | #else |
| 379 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | 380 | ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; |
| 380 | #endif | 381 | #endif |
| 381 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 382 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 382 | EVP_get_cipherbyname(SN_aes_128_cbc); | 383 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 383 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 384 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| 384 | EVP_get_cipherbyname(SN_aes_256_cbc); | 385 | EVP_get_cipherbyname(SN_aes_256_cbc); |
| 385 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= | 386 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= |
| 386 | EVP_get_cipherbyname(SN_camellia_128_cbc); | 387 | EVP_get_cipherbyname(SN_camellia_128_cbc); |
| 387 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | 388 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= |
| 388 | EVP_get_cipherbyname(SN_camellia_256_cbc); | 389 | EVP_get_cipherbyname(SN_camellia_256_cbc); |
| 389 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= | 390 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= |
| 390 | EVP_get_cipherbyname(SN_gost89_cnt); | 391 | EVP_get_cipherbyname(SN_gost89_cnt); |
| 391 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= | 392 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= |
| 392 | EVP_get_cipherbyname(SN_seed_cbc); | 393 | EVP_get_cipherbyname(SN_seed_cbc); |
| 393 | 394 | ||
| 394 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= | 395 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= |
| 395 | EVP_get_cipherbyname(SN_aes_128_gcm); | 396 | EVP_get_cipherbyname(SN_aes_128_gcm); |
| 396 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= | 397 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= |
| 397 | EVP_get_cipherbyname(SN_aes_256_gcm); | 398 | EVP_get_cipherbyname(SN_aes_256_gcm); |
| 398 | 399 | ||
| 399 | ssl_digest_methods[SSL_MD_MD5_IDX]= | 400 | ssl_digest_methods[SSL_MD_MD5_IDX]= |
| 400 | EVP_get_digestbyname(SN_md5); | 401 | EVP_get_digestbyname(SN_md5); |
| 401 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= | 402 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= |
| 402 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); | 403 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); |
| 403 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); | 404 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); |
| 404 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | 405 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
| 405 | EVP_get_digestbyname(SN_sha1); | 406 | EVP_get_digestbyname(SN_sha1); |
| 406 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= | 407 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= |
| 407 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); | 408 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); |
| 408 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); | 409 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); |
| 409 | ssl_digest_methods[SSL_MD_GOST94_IDX]= | 410 | ssl_digest_methods[SSL_MD_GOST94_IDX]= |
| 410 | EVP_get_digestbyname(SN_id_GostR3411_94); | 411 | EVP_get_digestbyname(SN_id_GostR3411_94); |
| 411 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) | 412 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { |
| 412 | { | ||
| 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= | 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= |
| 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); | 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); |
| 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); | 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); |
| 416 | } | 416 | } |
| 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= | 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= |
| 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); |
| 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); | 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); |
| 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { |
| 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; | 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; |
| 422 | } | 422 | } |
| 423 | 423 | ||
| 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= | 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= |
| 425 | EVP_get_digestbyname(SN_sha256); | 425 | EVP_get_digestbyname(SN_sha256); |
| 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= | 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= |
| 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); | 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); |
| 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= | 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= |
| 429 | EVP_get_digestbyname(SN_sha384); | 429 | EVP_get_digestbyname(SN_sha384); |
| 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= |
| 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); |
| 432 | } | 432 | } |
| 433 | #ifndef OPENSSL_NO_COMP | 433 | #ifndef OPENSSL_NO_COMP |
| 434 | 434 | ||
| 435 | static int sk_comp_cmp(const SSL_COMP * const *a, | 435 | static int |
| 436 | const SSL_COMP * const *b) | 436 | sk_comp_cmp(const SSL_COMP * const *a, |
| 437 | { | 437 | const SSL_COMP * const *b) |
| 438 | return((*a)->id-(*b)->id); | 438 | { |
| 439 | } | 439 | return ((*a)->id - (*b)->id); |
| 440 | } | ||
| 440 | 441 | ||
| 441 | static void load_builtin_compressions(void) | 442 | static void |
| 442 | { | 443 | load_builtin_compressions(void) |
| 444 | { | ||
| 443 | int got_write_lock = 0; | 445 | int got_write_lock = 0; |
| 444 | 446 | ||
| 445 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | 447 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); |
| 446 | if (ssl_comp_methods == NULL) | 448 | if (ssl_comp_methods == NULL) { |
| 447 | { | ||
| 448 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 449 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 449 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 450 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 450 | got_write_lock = 1; | 451 | got_write_lock = 1; |
| 451 | 452 | ||
| 452 | if (ssl_comp_methods == NULL) | 453 | if (ssl_comp_methods == NULL) { |
| 453 | { | ||
| 454 | SSL_COMP *comp = NULL; | 454 | SSL_COMP *comp = NULL; |
| 455 | 455 | ||
| 456 | MemCheck_off(); | 456 | MemCheck_off(); |
| 457 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | 457 | ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); |
| 458 | if (ssl_comp_methods != NULL) | 458 | if (ssl_comp_methods != NULL) { |
| 459 | { | 459 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 460 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 460 | if (comp != NULL) { |
| 461 | if (comp != NULL) | 461 | comp->method = COMP_zlib(); |
| 462 | { | ||
| 463 | comp->method=COMP_zlib(); | ||
| 464 | if (comp->method | 462 | if (comp->method |
| 465 | && comp->method->type == NID_undef) | 463 | && comp->method->type == NID_undef) |
| 466 | OPENSSL_free(comp); | 464 | OPENSSL_free(comp); |
| 467 | else | 465 | else { |
| 468 | { | 466 | comp->id = SSL_COMP_ZLIB_IDX; |
| 469 | comp->id=SSL_COMP_ZLIB_IDX; | 467 | comp->name = comp->method->name; |
| 470 | comp->name=comp->method->name; | 468 | sk_SSL_COMP_push(ssl_comp_methods, comp); |
| 471 | sk_SSL_COMP_push(ssl_comp_methods,comp); | ||
| 472 | } | ||
| 473 | } | 469 | } |
| 474 | sk_SSL_COMP_sort(ssl_comp_methods); | ||
| 475 | } | 470 | } |
| 476 | MemCheck_on(); | 471 | sk_SSL_COMP_sort(ssl_comp_methods); |
| 477 | } | 472 | } |
| 473 | MemCheck_on(); | ||
| 478 | } | 474 | } |
| 479 | 475 | } | |
| 476 | |||
| 480 | if (got_write_lock) | 477 | if (got_write_lock) |
| 481 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 478 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 482 | else | 479 | else |
| 483 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 480 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 484 | } | 481 | } |
| 485 | #endif | 482 | #endif |
| 486 | 483 | ||
| 487 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 484 | int |
| 488 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) | 485 | ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 489 | { | 486 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp) |
| 487 | { | ||
| 490 | int i; | 488 | int i; |
| 491 | const SSL_CIPHER *c; | 489 | const SSL_CIPHER *c; |
| 492 | 490 | ||
| 493 | c=s->cipher; | 491 | c = s->cipher; |
| 494 | if (c == NULL) return(0); | 492 | if (c == NULL) |
| 495 | if (comp != NULL) | 493 | return (0); |
| 496 | { | 494 | if (comp != NULL) { |
| 497 | SSL_COMP ctmp; | 495 | SSL_COMP ctmp; |
| 498 | #ifndef OPENSSL_NO_COMP | 496 | #ifndef OPENSSL_NO_COMP |
| 499 | load_builtin_compressions(); | 497 | load_builtin_compressions(); |
| 500 | #endif | 498 | #endif |
| 501 | 499 | ||
| 502 | *comp=NULL; | 500 | *comp = NULL; |
| 503 | ctmp.id=s->compress_meth; | 501 | ctmp.id = s->compress_meth; |
| 504 | if (ssl_comp_methods != NULL) | 502 | if (ssl_comp_methods != NULL) { |
| 505 | { | 503 | i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); |
| 506 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | ||
| 507 | if (i >= 0) | 504 | if (i >= 0) |
| 508 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | 505 | *comp = sk_SSL_COMP_value(ssl_comp_methods, i); |
| 509 | else | 506 | else |
| 510 | *comp=NULL; | 507 | *comp = NULL; |
| 511 | } | ||
| 512 | } | 508 | } |
| 509 | } | ||
| 513 | 510 | ||
| 514 | if ((enc == NULL) || (md == NULL)) return(0); | 511 | if ((enc == NULL) |
| 512 | || (md == NULL)) return (0); | ||
| 515 | 513 | ||
| 516 | switch (c->algorithm_enc) | 514 | switch (c->algorithm_enc) { |
| 517 | { | ||
| 518 | case SSL_DES: | 515 | case SSL_DES: |
| 519 | i=SSL_ENC_DES_IDX; | 516 | i = SSL_ENC_DES_IDX; |
| 520 | break; | 517 | break; |
| 521 | case SSL_3DES: | 518 | case SSL_3DES: |
| 522 | i=SSL_ENC_3DES_IDX; | 519 | i = SSL_ENC_3DES_IDX; |
| 523 | break; | 520 | break; |
| 524 | case SSL_RC4: | 521 | case SSL_RC4: |
| 525 | i=SSL_ENC_RC4_IDX; | 522 | i = SSL_ENC_RC4_IDX; |
| 526 | break; | 523 | break; |
| 527 | case SSL_RC2: | 524 | case SSL_RC2: |
| 528 | i=SSL_ENC_RC2_IDX; | 525 | i = SSL_ENC_RC2_IDX; |
| 529 | break; | 526 | break; |
| 530 | case SSL_IDEA: | 527 | case SSL_IDEA: |
| 531 | i=SSL_ENC_IDEA_IDX; | 528 | i = SSL_ENC_IDEA_IDX; |
| 532 | break; | 529 | break; |
| 533 | case SSL_eNULL: | 530 | case SSL_eNULL: |
| 534 | i=SSL_ENC_NULL_IDX; | 531 | i = SSL_ENC_NULL_IDX; |
| 535 | break; | 532 | break; |
| 536 | case SSL_AES128: | 533 | case SSL_AES128: |
| 537 | i=SSL_ENC_AES128_IDX; | 534 | i = SSL_ENC_AES128_IDX; |
| 538 | break; | 535 | break; |
| 539 | case SSL_AES256: | 536 | case SSL_AES256: |
| 540 | i=SSL_ENC_AES256_IDX; | 537 | i = SSL_ENC_AES256_IDX; |
| 541 | break; | 538 | break; |
| 542 | case SSL_CAMELLIA128: | 539 | case SSL_CAMELLIA128: |
| 543 | i=SSL_ENC_CAMELLIA128_IDX; | 540 | i = SSL_ENC_CAMELLIA128_IDX; |
| 544 | break; | 541 | break; |
| 545 | case SSL_CAMELLIA256: | 542 | case SSL_CAMELLIA256: |
| 546 | i=SSL_ENC_CAMELLIA256_IDX; | 543 | i = SSL_ENC_CAMELLIA256_IDX; |
| 547 | break; | 544 | break; |
| 548 | case SSL_eGOST2814789CNT: | 545 | case SSL_eGOST2814789CNT: |
| 549 | i=SSL_ENC_GOST89_IDX; | 546 | i = SSL_ENC_GOST89_IDX; |
| 550 | break; | 547 | break; |
| 551 | case SSL_SEED: | 548 | case SSL_SEED: |
| 552 | i=SSL_ENC_SEED_IDX; | 549 | i = SSL_ENC_SEED_IDX; |
| 553 | break; | 550 | break; |
| 554 | case SSL_AES128GCM: | 551 | case SSL_AES128GCM: |
| 555 | i=SSL_ENC_AES128GCM_IDX; | 552 | i = SSL_ENC_AES128GCM_IDX; |
| 556 | break; | 553 | break; |
| 557 | case SSL_AES256GCM: | 554 | case SSL_AES256GCM: |
| 558 | i=SSL_ENC_AES256GCM_IDX; | 555 | i = SSL_ENC_AES256GCM_IDX; |
| 559 | break; | 556 | break; |
| 560 | default: | 557 | default: |
| 561 | i= -1; | 558 | i = -1; |
| 562 | break; | 559 | break; |
| 563 | } | 560 | } |
| 564 | 561 | ||
| 565 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) | 562 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) |
| 566 | *enc=NULL; | 563 | *enc = NULL; |
| 567 | else | 564 | else { |
| 568 | { | ||
| 569 | if (i == SSL_ENC_NULL_IDX) | 565 | if (i == SSL_ENC_NULL_IDX) |
| 570 | *enc=EVP_enc_null(); | 566 | *enc = EVP_enc_null(); |
| 571 | else | 567 | else |
| 572 | *enc=ssl_cipher_methods[i]; | 568 | *enc = ssl_cipher_methods[i]; |
| 573 | } | 569 | } |
| 574 | 570 | ||
| 575 | switch (c->algorithm_mac) | 571 | switch (c->algorithm_mac) { |
| 576 | { | ||
| 577 | case SSL_MD5: | 572 | case SSL_MD5: |
| 578 | i=SSL_MD_MD5_IDX; | 573 | i = SSL_MD_MD5_IDX; |
| 579 | break; | 574 | break; |
| 580 | case SSL_SHA1: | 575 | case SSL_SHA1: |
| 581 | i=SSL_MD_SHA1_IDX; | 576 | i = SSL_MD_SHA1_IDX; |
| 582 | break; | 577 | break; |
| 583 | case SSL_SHA256: | 578 | case SSL_SHA256: |
| 584 | i=SSL_MD_SHA256_IDX; | 579 | i = SSL_MD_SHA256_IDX; |
| 585 | break; | 580 | break; |
| 586 | case SSL_SHA384: | 581 | case SSL_SHA384: |
| 587 | i=SSL_MD_SHA384_IDX; | 582 | i = SSL_MD_SHA384_IDX; |
| 588 | break; | 583 | break; |
| 589 | case SSL_GOST94: | 584 | case SSL_GOST94: |
| 590 | i = SSL_MD_GOST94_IDX; | 585 | i = SSL_MD_GOST94_IDX; |
| @@ -593,63 +588,63 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 593 | i = SSL_MD_GOST89MAC_IDX; | 588 | i = SSL_MD_GOST89MAC_IDX; |
| 594 | break; | 589 | break; |
| 595 | default: | 590 | default: |
| 596 | i= -1; | 591 | i = -1; |
| 597 | break; | 592 | break; |
| 598 | } | 593 | } |
| 599 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) | 594 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) { |
| 600 | { | 595 | *md = NULL; |
| 601 | *md=NULL; | 596 | |
| 602 | if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; | 597 | if (mac_pkey_type != NULL) |
| 603 | if (mac_secret_size!=NULL) *mac_secret_size = 0; | 598 | *mac_pkey_type = NID_undef; |
| 599 | if (mac_secret_size != NULL) | ||
| 600 | *mac_secret_size = 0; | ||
| 604 | if (c->algorithm_mac == SSL_AEAD) | 601 | if (c->algorithm_mac == SSL_AEAD) |
| 605 | mac_pkey_type = NULL; | 602 | mac_pkey_type = NULL; |
| 606 | } | 603 | } else { |
| 607 | else | 604 | *md = ssl_digest_methods[i]; |
| 608 | { | 605 | if (mac_pkey_type != NULL) |
| 609 | *md=ssl_digest_methods[i]; | 606 | *mac_pkey_type = ssl_mac_pkey_id[i]; |
| 610 | if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; | 607 | if (mac_secret_size != NULL) |
| 611 | if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; | 608 | *mac_secret_size = ssl_mac_secret_size[i]; |
| 612 | } | 609 | } |
| 613 | 610 | ||
| 614 | if ((*enc != NULL) && | 611 | if ((*enc != NULL) && |
| 615 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && | 612 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && |
| 616 | (!mac_pkey_type||*mac_pkey_type != NID_undef)) | 613 | (!mac_pkey_type || *mac_pkey_type != NID_undef)) { |
| 617 | { | ||
| 618 | const EVP_CIPHER *evp; | 614 | const EVP_CIPHER *evp; |
| 619 | 615 | ||
| 620 | if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || | 616 | if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || |
| 621 | s->ssl_version < TLS1_VERSION) | 617 | s->ssl_version < TLS1_VERSION) |
| 622 | return 1; | 618 | return 1; |
| 623 | 619 | ||
| 624 | #ifdef OPENSSL_FIPS | 620 | #ifdef OPENSSL_FIPS |
| 625 | if (FIPS_mode()) | 621 | if (FIPS_mode()) |
| 626 | return 1; | 622 | return 1; |
| 627 | #endif | 623 | #endif |
| 628 | 624 | ||
| 629 | if (c->algorithm_enc == SSL_RC4 && | 625 | if (c->algorithm_enc == SSL_RC4 && |
| 630 | c->algorithm_mac == SSL_MD5 && | 626 | c->algorithm_mac == SSL_MD5 && |
| 631 | (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) | 627 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) |
| 632 | *enc = evp, *md = NULL; | 628 | *enc = evp, *md = NULL; |
| 633 | else if (c->algorithm_enc == SSL_AES128 && | 629 | else if (c->algorithm_enc == SSL_AES128 && |
| 634 | c->algorithm_mac == SSL_SHA1 && | 630 | c->algorithm_mac == SSL_SHA1 && |
| 635 | (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | 631 | (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) |
| 636 | *enc = evp, *md = NULL; | 632 | *enc = evp, *md = NULL; |
| 637 | else if (c->algorithm_enc == SSL_AES256 && | 633 | else if (c->algorithm_enc == SSL_AES256 && |
| 638 | c->algorithm_mac == SSL_SHA1 && | 634 | c->algorithm_mac == SSL_SHA1 && |
| 639 | (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | 635 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) |
| 640 | *enc = evp, *md = NULL; | 636 | *enc = evp, *md = NULL; |
| 641 | return(1); | 637 | return (1); |
| 642 | } | 638 | } else |
| 643 | else | 639 | return (0); |
| 644 | return(0); | 640 | } |
| 645 | } | ||
| 646 | 641 | ||
| 647 | int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | 642 | int |
| 643 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | ||
| 648 | { | 644 | { |
| 649 | if (idx <0||idx>=SSL_MD_NUM_IDX) | 645 | if (idx < 0 || idx >= SSL_MD_NUM_IDX) { |
| 650 | { | ||
| 651 | return 0; | 646 | return 0; |
| 652 | } | 647 | } |
| 653 | *mask = ssl_handshake_digest_flag[idx]; | 648 | *mask = ssl_handshake_digest_flag[idx]; |
| 654 | if (*mask) | 649 | if (*mask) |
| 655 | *md = ssl_digest_methods[idx]; | 650 | *md = ssl_digest_methods[idx]; |
| @@ -661,40 +656,45 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | |||
| 661 | #define ITEM_SEP(a) \ | 656 | #define ITEM_SEP(a) \ |
| 662 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | 657 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) |
| 663 | 658 | ||
| 664 | static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 659 | static void |
| 665 | CIPHER_ORDER **tail) | 660 | ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 666 | { | 661 | CIPHER_ORDER **tail) |
| 667 | if (curr == *tail) return; | 662 | { |
| 663 | if (curr == *tail) | ||
| 664 | return; | ||
| 668 | if (curr == *head) | 665 | if (curr == *head) |
| 669 | *head=curr->next; | 666 | *head = curr->next; |
| 670 | if (curr->prev != NULL) | 667 | if (curr->prev != NULL) |
| 671 | curr->prev->next=curr->next; | 668 | curr->prev->next = curr->next; |
| 672 | if (curr->next != NULL) | 669 | if (curr->next != NULL) |
| 673 | curr->next->prev=curr->prev; | 670 | curr->next->prev = curr->prev; |
| 674 | (*tail)->next=curr; | 671 | (*tail)->next = curr; |
| 675 | curr->prev= *tail; | 672 | curr->prev= *tail; |
| 676 | curr->next=NULL; | 673 | curr->next = NULL; |
| 677 | *tail=curr; | 674 | *tail = curr; |
| 678 | } | 675 | } |
| 679 | 676 | ||
| 680 | static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 677 | static void |
| 681 | CIPHER_ORDER **tail) | 678 | ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 682 | { | 679 | CIPHER_ORDER **tail) |
| 683 | if (curr == *head) return; | 680 | { |
| 681 | if (curr == *head) | ||
| 682 | return; | ||
| 684 | if (curr == *tail) | 683 | if (curr == *tail) |
| 685 | *tail=curr->prev; | 684 | *tail = curr->prev; |
| 686 | if (curr->next != NULL) | 685 | if (curr->next != NULL) |
| 687 | curr->next->prev=curr->prev; | 686 | curr->next->prev = curr->prev; |
| 688 | if (curr->prev != NULL) | 687 | if (curr->prev != NULL) |
| 689 | curr->prev->next=curr->next; | 688 | curr->prev->next = curr->next; |
| 690 | (*head)->prev=curr; | 689 | (*head)->prev = curr; |
| 691 | curr->next= *head; | 690 | curr->next= *head; |
| 692 | curr->prev=NULL; | 691 | curr->prev = NULL; |
| 693 | *head=curr; | 692 | *head = curr; |
| 694 | } | 693 | } |
| 695 | 694 | ||
| 696 | static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) | 695 | static void |
| 697 | { | 696 | ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) |
| 697 | { | ||
| 698 | *mkey = 0; | 698 | *mkey = 0; |
| 699 | *auth = 0; | 699 | *auth = 0; |
| 700 | *enc = 0; | 700 | *enc = 0; |
| @@ -743,44 +743,45 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un | |||
| 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ | 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ |
| 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { | 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { |
| 745 | *mkey |= SSL_kGOST; | 745 | *mkey |= SSL_kGOST; |
| 746 | } | 746 | } |
| 747 | #ifdef SSL_FORBID_ENULL | 747 | #ifdef SSL_FORBID_ENULL |
| 748 | *enc |= SSL_eNULL; | 748 | *enc |= SSL_eNULL; |
| 749 | #endif | 749 | #endif |
| 750 | |||
| 751 | |||
| 752 | |||
| 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; | ||
| 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; | ||
| 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; | ||
| 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | ||
| 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | ||
| 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; | ||
| 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; | ||
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; | ||
| 773 | 750 | ||
| 774 | } | ||
| 775 | 751 | ||
| 776 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | 752 | |
| 777 | int num_of_ciphers, | 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; |
| 778 | unsigned long disabled_mkey, unsigned long disabled_auth, | 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; |
| 779 | unsigned long disabled_enc, unsigned long disabled_mac, | 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; |
| 780 | unsigned long disabled_ssl, | 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0; |
| 781 | CIPHER_ORDER *co_list, | 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; |
| 782 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; |
| 783 | { | 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; |
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; | ||
| 773 | |||
| 774 | } | ||
| 775 | |||
| 776 | static void | ||
| 777 | ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | ||
| 778 | int num_of_ciphers, | ||
| 779 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
| 780 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
| 781 | unsigned long disabled_ssl, | ||
| 782 | CIPHER_ORDER *co_list, | ||
| 783 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 784 | { | ||
| 784 | int i, co_list_num; | 785 | int i, co_list_num; |
| 785 | const SSL_CIPHER *c; | 786 | const SSL_CIPHER *c; |
| 786 | 787 | ||
| @@ -793,68 +794,64 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 793 | 794 | ||
| 794 | /* Get the initial list of ciphers */ | 795 | /* Get the initial list of ciphers */ |
| 795 | co_list_num = 0; /* actual count of ciphers */ | 796 | co_list_num = 0; /* actual count of ciphers */ |
| 796 | for (i = 0; i < num_of_ciphers; i++) | 797 | for (i = 0; i < num_of_ciphers; i++) { |
| 797 | { | ||
| 798 | c = ssl_method->get_cipher(i); | 798 | c = ssl_method->get_cipher(i); |
| 799 | /* drop those that use any of that is not available */ | 799 | /* drop those that use any of that is not available */ |
| 800 | if ((c != NULL) && c->valid && | 800 | if ((c != NULL) && c->valid && |
| 801 | #ifdef OPENSSL_FIPS | 801 | #ifdef OPENSSL_FIPS |
| 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && | 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && |
| 803 | #endif | 803 | #endif |
| 804 | !(c->algorithm_mkey & disabled_mkey) && | 804 | !(c->algorithm_mkey & disabled_mkey) && |
| 805 | !(c->algorithm_auth & disabled_auth) && | 805 | !(c->algorithm_auth & disabled_auth) && |
| 806 | !(c->algorithm_enc & disabled_enc) && | 806 | !(c->algorithm_enc & disabled_enc) && |
| 807 | !(c->algorithm_mac & disabled_mac) && | 807 | !(c->algorithm_mac & disabled_mac) && |
| 808 | !(c->algorithm_ssl & disabled_ssl)) | 808 | !(c->algorithm_ssl & disabled_ssl)) { |
| 809 | { | ||
| 810 | co_list[co_list_num].cipher = c; | 809 | co_list[co_list_num].cipher = c; |
| 811 | co_list[co_list_num].next = NULL; | 810 | co_list[co_list_num].next = NULL; |
| 812 | co_list[co_list_num].prev = NULL; | 811 | co_list[co_list_num].prev = NULL; |
| 813 | co_list[co_list_num].active = 0; | 812 | co_list[co_list_num].active = 0; |
| 814 | co_list_num++; | 813 | co_list_num++; |
| 815 | #ifdef KSSL_DEBUG | 814 | #ifdef KSSL_DEBUG |
| 816 | printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); | 815 | printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth); |
| 817 | #endif /* KSSL_DEBUG */ | 816 | #endif /* KSSL_DEBUG */ |
| 818 | /* | 817 | /* |
| 819 | if (!sk_push(ca_list,(char *)c)) goto err; | 818 | if (!sk_push(ca_list,(char *)c)) goto err; |
| 820 | */ | 819 | */ |
| 821 | } | ||
| 822 | } | 820 | } |
| 821 | } | ||
| 823 | 822 | ||
| 824 | /* | 823 | /* |
| 825 | * Prepare linked list from list entries | 824 | * Prepare linked list from list entries |
| 826 | */ | 825 | */ |
| 827 | if (co_list_num > 0) | 826 | if (co_list_num > 0) { |
| 828 | { | ||
| 829 | co_list[0].prev = NULL; | 827 | co_list[0].prev = NULL; |
| 830 | 828 | ||
| 831 | if (co_list_num > 1) | 829 | if (co_list_num > 1) { |
| 832 | { | ||
| 833 | co_list[0].next = &co_list[1]; | 830 | co_list[0].next = &co_list[1]; |
| 834 | 831 | ||
| 835 | for (i = 1; i < co_list_num - 1; i++) | 832 | for (i = 1; i < co_list_num - 1; i++) { |
| 836 | { | ||
| 837 | co_list[i].prev = &co_list[i - 1]; | 833 | co_list[i].prev = &co_list[i - 1]; |
| 838 | co_list[i].next = &co_list[i + 1]; | 834 | co_list[i].next = &co_list[i + 1]; |
| 839 | } | 835 | } |
| 840 | 836 | ||
| 841 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; | 837 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; |
| 842 | } | 838 | } |
| 843 | 839 | ||
| 844 | co_list[co_list_num - 1].next = NULL; | 840 | co_list[co_list_num - 1].next = NULL; |
| 845 | 841 | ||
| 846 | *head_p = &co_list[0]; | 842 | *head_p = &co_list[0]; |
| 847 | *tail_p = &co_list[co_list_num - 1]; | 843 | *tail_p = &co_list[co_list_num - 1]; |
| 848 | } | ||
| 849 | } | 844 | } |
| 845 | } | ||
| 850 | 846 | ||
| 851 | static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | 847 | static void |
| 852 | int num_of_group_aliases, | 848 | ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, |
| 853 | unsigned long disabled_mkey, unsigned long disabled_auth, | 849 | int num_of_group_aliases, |
| 854 | unsigned long disabled_enc, unsigned long disabled_mac, | 850 | unsigned long disabled_mkey, unsigned long disabled_auth, |
| 855 | unsigned long disabled_ssl, | 851 | unsigned long disabled_enc, unsigned long disabled_mac, |
| 856 | CIPHER_ORDER *head) | 852 | unsigned long disabled_ssl, |
| 857 | { | 853 | CIPHER_ORDER *head) |
| 854 | { | ||
| 858 | CIPHER_ORDER *ciph_curr; | 855 | CIPHER_ORDER *ciph_curr; |
| 859 | const SSL_CIPHER **ca_curr; | 856 | const SSL_CIPHER **ca_curr; |
| 860 | int i; | 857 | int i; |
| @@ -869,12 +866,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 869 | */ | 866 | */ |
| 870 | ciph_curr = head; | 867 | ciph_curr = head; |
| 871 | ca_curr = ca_list; | 868 | ca_curr = ca_list; |
| 872 | while (ciph_curr != NULL) | 869 | while (ciph_curr != NULL) { |
| 873 | { | ||
| 874 | *ca_curr = ciph_curr->cipher; | 870 | *ca_curr = ciph_curr->cipher; |
| 875 | ca_curr++; | 871 | ca_curr++; |
| 876 | ciph_curr = ciph_curr->next; | 872 | ciph_curr = ciph_curr->next; |
| 877 | } | 873 | } |
| 878 | 874 | ||
| 879 | /* | 875 | /* |
| 880 | * Now we add the available ones from the cipher_aliases[] table. | 876 | * Now we add the available ones from the cipher_aliases[] table. |
| @@ -882,8 +878,7 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 882 | * in any affected category must be supported (set in enabled_mask), | 878 | * in any affected category must be supported (set in enabled_mask), |
| 883 | * or represent a cipher strength value (will be added in any case because algorithms=0). | 879 | * or represent a cipher strength value (will be added in any case because algorithms=0). |
| 884 | */ | 880 | */ |
| 885 | for (i = 0; i < num_of_group_aliases; i++) | 881 | for (i = 0; i < num_of_group_aliases; i++) { |
| 886 | { | ||
| 887 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; | 882 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; |
| 888 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; | 883 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; |
| 889 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; | 884 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; |
| @@ -893,45 +888,46 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 893 | if (algorithm_mkey) | 888 | if (algorithm_mkey) |
| 894 | if ((algorithm_mkey & mask_mkey) == 0) | 889 | if ((algorithm_mkey & mask_mkey) == 0) |
| 895 | continue; | 890 | continue; |
| 896 | 891 | ||
| 897 | if (algorithm_auth) | 892 | if (algorithm_auth) |
| 898 | if ((algorithm_auth & mask_auth) == 0) | 893 | if ((algorithm_auth & mask_auth) == 0) |
| 899 | continue; | 894 | continue; |
| 900 | 895 | ||
| 901 | if (algorithm_enc) | 896 | if (algorithm_enc) |
| 902 | if ((algorithm_enc & mask_enc) == 0) | 897 | if ((algorithm_enc & mask_enc) == 0) |
| 903 | continue; | 898 | continue; |
| 904 | 899 | ||
| 905 | if (algorithm_mac) | 900 | if (algorithm_mac) |
| 906 | if ((algorithm_mac & mask_mac) == 0) | 901 | if ((algorithm_mac & mask_mac) == 0) |
| 907 | continue; | 902 | continue; |
| 908 | 903 | ||
| 909 | if (algorithm_ssl) | 904 | if (algorithm_ssl) |
| 910 | if ((algorithm_ssl & mask_ssl) == 0) | 905 | if ((algorithm_ssl & mask_ssl) == 0) |
| 911 | continue; | 906 | continue; |
| 912 | 907 | ||
| 913 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | 908 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); |
| 914 | ca_curr++; | 909 | ca_curr++; |
| 915 | } | 910 | } |
| 916 | 911 | ||
| 917 | *ca_curr = NULL; /* end of list */ | 912 | *ca_curr = NULL; /* end of list */ |
| 918 | } | 913 | } |
| 919 | 914 | ||
| 920 | static void ssl_cipher_apply_rule(unsigned long cipher_id, | 915 | static void |
| 921 | unsigned long alg_mkey, unsigned long alg_auth, | 916 | ssl_cipher_apply_rule(unsigned long cipher_id, |
| 922 | unsigned long alg_enc, unsigned long alg_mac, | 917 | unsigned long alg_mkey, unsigned long alg_auth, |
| 923 | unsigned long alg_ssl, | 918 | unsigned long alg_enc, unsigned long alg_mac, |
| 924 | unsigned long algo_strength, | 919 | unsigned long alg_ssl, |
| 925 | int rule, int strength_bits, | 920 | unsigned long algo_strength, |
| 926 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 921 | int rule, int strength_bits, |
| 927 | { | 922 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| 923 | { | ||
| 928 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; | 924 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; |
| 929 | const SSL_CIPHER *cp; | 925 | const SSL_CIPHER *cp; |
| 930 | int reverse = 0; | 926 | int reverse = 0; |
| 931 | 927 | ||
| 932 | #ifdef CIPHER_DEBUG | 928 | #ifdef CIPHER_DEBUG |
| 933 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", | 929 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", |
| 934 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); | 930 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); |
| 935 | #endif | 931 | #endif |
| 936 | 932 | ||
| 937 | if (rule == CIPHER_DEL) | 933 | if (rule == CIPHER_DEL) |
| @@ -940,21 +936,18 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 940 | head = *head_p; | 936 | head = *head_p; |
| 941 | tail = *tail_p; | 937 | tail = *tail_p; |
| 942 | 938 | ||
| 943 | if (reverse) | 939 | if (reverse) { |
| 944 | { | ||
| 945 | curr = tail; | 940 | curr = tail; |
| 946 | last = head; | 941 | last = head; |
| 947 | } | 942 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | curr = head; | 943 | curr = head; |
| 951 | last = tail; | 944 | last = tail; |
| 952 | } | 945 | } |
| 953 | 946 | ||
| 954 | curr2 = curr; | 947 | curr2 = curr; |
| 955 | for (;;) | 948 | for (;;) { |
| 956 | { | 949 | if ((curr == NULL) |
| 957 | if ((curr == NULL) || (curr == last)) break; | 950 | || (curr == last)) break; |
| 958 | curr = curr2; | 951 | curr = curr2; |
| 959 | curr2 = reverse ? curr->prev : curr->next; | 952 | curr2 = reverse ? curr->prev : curr->next; |
| 960 | 953 | ||
| @@ -964,13 +957,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 964 | * Selection criteria is either the value of strength_bits | 957 | * Selection criteria is either the value of strength_bits |
| 965 | * or the algorithms used. | 958 | * or the algorithms used. |
| 966 | */ | 959 | */ |
| 967 | if (strength_bits >= 0) | 960 | if (strength_bits >= 0) { |
| 968 | { | ||
| 969 | if (strength_bits != cp->strength_bits) | 961 | if (strength_bits != cp->strength_bits) |
| 970 | continue; | 962 | continue; |
| 971 | } | 963 | } else { |
| 972 | else | ||
| 973 | { | ||
| 974 | #ifdef CIPHER_DEBUG | 964 | #ifdef CIPHER_DEBUG |
| 975 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); | 965 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); |
| 976 | #endif | 966 | #endif |
| @@ -989,45 +979,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 989 | continue; | 979 | continue; |
| 990 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) | 980 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) |
| 991 | continue; | 981 | continue; |
| 992 | } | 982 | } |
| 993 | 983 | ||
| 994 | #ifdef CIPHER_DEBUG | 984 | #ifdef CIPHER_DEBUG |
| 995 | printf("Action = %d\n", rule); | 985 | printf("Action = %d\n", rule); |
| 996 | #endif | 986 | #endif |
| 997 | 987 | ||
| 998 | /* add the cipher if it has not been added yet. */ | 988 | /* add the cipher if it has not been added yet. */ |
| 999 | if (rule == CIPHER_ADD) | 989 | if (rule == CIPHER_ADD) { |
| 1000 | { | ||
| 1001 | /* reverse == 0 */ | 990 | /* reverse == 0 */ |
| 1002 | if (!curr->active) | 991 | if (!curr->active) { |
| 1003 | { | ||
| 1004 | ll_append_tail(&head, curr, &tail); | 992 | ll_append_tail(&head, curr, &tail); |
| 1005 | curr->active = 1; | 993 | curr->active = 1; |
| 1006 | } | ||
| 1007 | } | 994 | } |
| 995 | } | ||
| 1008 | /* Move the added cipher to this location */ | 996 | /* Move the added cipher to this location */ |
| 1009 | else if (rule == CIPHER_ORD) | 997 | else if (rule == CIPHER_ORD) { |
| 1010 | { | ||
| 1011 | /* reverse == 0 */ | 998 | /* reverse == 0 */ |
| 1012 | if (curr->active) | 999 | if (curr->active) { |
| 1013 | { | ||
| 1014 | ll_append_tail(&head, curr, &tail); | 1000 | ll_append_tail(&head, curr, &tail); |
| 1015 | } | ||
| 1016 | } | 1001 | } |
| 1017 | else if (rule == CIPHER_DEL) | 1002 | } else if (rule == CIPHER_DEL) { |
| 1018 | { | ||
| 1019 | /* reverse == 1 */ | 1003 | /* reverse == 1 */ |
| 1020 | if (curr->active) | 1004 | if (curr->active) { |
| 1021 | { | ||
| 1022 | /* most recently deleted ciphersuites get best positions | 1005 | /* most recently deleted ciphersuites get best positions |
| 1023 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop | 1006 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop |
| 1024 | * works in reverse to maintain the order) */ | 1007 | * works in reverse to maintain the order) */ |
| 1025 | ll_append_head(&head, curr, &tail); | 1008 | ll_append_head(&head, curr, &tail); |
| 1026 | curr->active = 0; | 1009 | curr->active = 0; |
| 1027 | } | ||
| 1028 | } | 1010 | } |
| 1029 | else if (rule == CIPHER_KILL) | 1011 | } else if (rule == CIPHER_KILL) { |
| 1030 | { | ||
| 1031 | /* reverse == 0 */ | 1012 | /* reverse == 0 */ |
| 1032 | if (head == curr) | 1013 | if (head == curr) |
| 1033 | head = curr->next; | 1014 | head = curr->next; |
| @@ -1042,16 +1023,17 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 1042 | curr->prev->next = curr->next; | 1023 | curr->prev->next = curr->next; |
| 1043 | curr->next = NULL; | 1024 | curr->next = NULL; |
| 1044 | curr->prev = NULL; | 1025 | curr->prev = NULL; |
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1027 | } | ||
| 1047 | 1028 | ||
| 1048 | *head_p = head; | 1029 | *head_p = head; |
| 1049 | *tail_p = tail; | 1030 | *tail_p = tail; |
| 1050 | } | 1031 | } |
| 1051 | 1032 | ||
| 1052 | static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | 1033 | static int |
| 1053 | CIPHER_ORDER **tail_p) | 1034 | ssl_cipher_strength_sort(CIPHER_ORDER **head_p, |
| 1054 | { | 1035 | CIPHER_ORDER **tail_p) |
| 1036 | { | ||
| 1055 | int max_strength_bits, i, *number_uses; | 1037 | int max_strength_bits, i, *number_uses; |
| 1056 | CIPHER_ORDER *curr; | 1038 | CIPHER_ORDER *curr; |
| 1057 | 1039 | ||
| @@ -1062,32 +1044,29 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1062 | */ | 1044 | */ |
| 1063 | max_strength_bits = 0; | 1045 | max_strength_bits = 0; |
| 1064 | curr = *head_p; | 1046 | curr = *head_p; |
| 1065 | while (curr != NULL) | 1047 | while (curr != NULL) { |
| 1066 | { | ||
| 1067 | if (curr->active && | 1048 | if (curr->active && |
| 1068 | (curr->cipher->strength_bits > max_strength_bits)) | 1049 | (curr->cipher->strength_bits > max_strength_bits)) |
| 1069 | max_strength_bits = curr->cipher->strength_bits; | 1050 | max_strength_bits = curr->cipher->strength_bits; |
| 1070 | curr = curr->next; | 1051 | curr = curr->next; |
| 1071 | } | 1052 | } |
| 1072 | 1053 | ||
| 1073 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); | 1054 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); |
| 1074 | if (!number_uses) | 1055 | if (!number_uses) { |
| 1075 | { | 1056 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); |
| 1076 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); | 1057 | return (0); |
| 1077 | return(0); | 1058 | } |
| 1078 | } | ||
| 1079 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); | 1059 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); |
| 1080 | 1060 | ||
| 1081 | /* | 1061 | /* |
| 1082 | * Now find the strength_bits values actually used | 1062 | * Now find the strength_bits values actually used |
| 1083 | */ | 1063 | */ |
| 1084 | curr = *head_p; | 1064 | curr = *head_p; |
| 1085 | while (curr != NULL) | 1065 | while (curr != NULL) { |
| 1086 | { | ||
| 1087 | if (curr->active) | 1066 | if (curr->active) |
| 1088 | number_uses[curr->cipher->strength_bits]++; | 1067 | number_uses[curr->cipher->strength_bits]++; |
| 1089 | curr = curr->next; | 1068 | curr = curr->next; |
| 1090 | } | 1069 | } |
| 1091 | /* | 1070 | /* |
| 1092 | * Go through the list of used strength_bits values in descending | 1071 | * Go through the list of used strength_bits values in descending |
| 1093 | * order. | 1072 | * order. |
| @@ -1097,13 +1076,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1097 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); | 1076 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); |
| 1098 | 1077 | ||
| 1099 | OPENSSL_free(number_uses); | 1078 | OPENSSL_free(number_uses); |
| 1100 | return(1); | 1079 | return (1); |
| 1101 | } | 1080 | } |
| 1102 | 1081 | ||
| 1103 | static int ssl_cipher_process_rulestr(const char *rule_str, | 1082 | static int |
| 1104 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, | 1083 | ssl_cipher_process_rulestr(const char *rule_str, |
| 1105 | const SSL_CIPHER **ca_list) | 1084 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, |
| 1106 | { | 1085 | const SSL_CIPHER **ca_list) |
| 1086 | { | ||
| 1107 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; | 1087 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; |
| 1108 | const char *l, *buf; | 1088 | const char *l, *buf; |
| 1109 | int j, multi, found, rule, retval, ok, buflen; | 1089 | int j, multi, found, rule, retval, ok, buflen; |
| @@ -1112,28 +1092,32 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1112 | 1092 | ||
| 1113 | retval = 1; | 1093 | retval = 1; |
| 1114 | l = rule_str; | 1094 | l = rule_str; |
| 1115 | for (;;) | 1095 | for (;;) { |
| 1116 | { | ||
| 1117 | ch = *l; | 1096 | ch = *l; |
| 1118 | 1097 | ||
| 1119 | if (ch == '\0') | 1098 | if (ch == '\0') |
| 1120 | break; /* done */ | 1099 | break; |
| 1100 | /* done */ | ||
| 1121 | if (ch == '-') | 1101 | if (ch == '-') |
| 1122 | { rule = CIPHER_DEL; l++; } | 1102 | { rule = CIPHER_DEL; |
| 1123 | else if (ch == '+') | 1103 | l++; |
| 1124 | { rule = CIPHER_ORD; l++; } | 1104 | } else if (ch == '+') |
| 1125 | else if (ch == '!') | 1105 | { rule = CIPHER_ORD; |
| 1126 | { rule = CIPHER_KILL; l++; } | 1106 | l++; |
| 1127 | else if (ch == '@') | 1107 | } else if (ch == '!') |
| 1128 | { rule = CIPHER_SPECIAL; l++; } | 1108 | { rule = CIPHER_KILL; |
| 1129 | else | 1109 | l++; |
| 1130 | { rule = CIPHER_ADD; } | 1110 | } else if (ch == '@') |
| 1111 | { rule = CIPHER_SPECIAL; | ||
| 1112 | l++; | ||
| 1113 | } else | ||
| 1114 | { rule = CIPHER_ADD; | ||
| 1115 | } | ||
| 1131 | 1116 | ||
| 1132 | if (ITEM_SEP(ch)) | 1117 | if (ITEM_SEP(ch)) { |
| 1133 | { | ||
| 1134 | l++; | 1118 | l++; |
| 1135 | continue; | 1119 | continue; |
| 1136 | } | 1120 | } |
| 1137 | 1121 | ||
| 1138 | alg_mkey = 0; | 1122 | alg_mkey = 0; |
| 1139 | alg_auth = 0; | 1123 | alg_auth = 0; |
| @@ -1142,52 +1126,47 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1142 | alg_ssl = 0; | 1126 | alg_ssl = 0; |
| 1143 | algo_strength = 0; | 1127 | algo_strength = 0; |
| 1144 | 1128 | ||
| 1145 | for (;;) | 1129 | for (;;) { |
| 1146 | { | ||
| 1147 | ch = *l; | 1130 | ch = *l; |
| 1148 | buf = l; | 1131 | buf = l; |
| 1149 | buflen = 0; | 1132 | buflen = 0; |
| 1150 | #ifndef CHARSET_EBCDIC | 1133 | #ifndef CHARSET_EBCDIC |
| 1151 | while ( ((ch >= 'A') && (ch <= 'Z')) || | 1134 | while (((ch >= 'A') && (ch <= 'Z')) || |
| 1152 | ((ch >= '0') && (ch <= '9')) || | 1135 | ((ch >= '0') && (ch <= '9')) || |
| 1153 | ((ch >= 'a') && (ch <= 'z')) || | 1136 | ((ch >= 'a') && (ch <= 'z')) || |
| 1154 | (ch == '-') || (ch == '.')) | 1137 | (ch == '-') || (ch == '.')) |
| 1155 | #else | 1138 | #else |
| 1156 | while ( isalnum(ch) || (ch == '-') || (ch == '.')) | 1139 | while (isalnum(ch) || (ch == '-') || (ch == '.')) |
| 1157 | #endif | 1140 | #endif |
| 1158 | { | 1141 | { |
| 1159 | ch = *(++l); | 1142 | ch = *(++l); |
| 1160 | buflen++; | 1143 | buflen++; |
| 1161 | } | 1144 | } |
| 1162 | 1145 | ||
| 1163 | if (buflen == 0) | 1146 | if (buflen == 0) { |
| 1164 | { | ||
| 1165 | /* | 1147 | /* |
| 1166 | * We hit something we cannot deal with, | 1148 | * We hit something we cannot deal with, |
| 1167 | * it is no command or separator nor | 1149 | * it is no command or separator nor |
| 1168 | * alphanumeric, so we call this an error. | 1150 | * alphanumeric, so we call this an error. |
| 1169 | */ | 1151 | */ |
| 1170 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1152 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1171 | SSL_R_INVALID_COMMAND); | 1153 | SSL_R_INVALID_COMMAND); |
| 1172 | retval = found = 0; | 1154 | retval = found = 0; |
| 1173 | l++; | 1155 | l++; |
| 1174 | break; | 1156 | break; |
| 1175 | } | 1157 | } |
| 1176 | 1158 | ||
| 1177 | if (rule == CIPHER_SPECIAL) | 1159 | if (rule == CIPHER_SPECIAL) { |
| 1178 | { | ||
| 1179 | found = 0; /* unused -- avoid compiler warning */ | 1160 | found = 0; /* unused -- avoid compiler warning */ |
| 1180 | break; /* special treatment */ | 1161 | break; /* special treatment */ |
| 1181 | } | 1162 | } |
| 1182 | 1163 | ||
| 1183 | /* check for multi-part specification */ | 1164 | /* check for multi-part specification */ |
| 1184 | if (ch == '+') | 1165 | if (ch == '+') { |
| 1185 | { | 1166 | multi = 1; |
| 1186 | multi=1; | ||
| 1187 | l++; | 1167 | l++; |
| 1188 | } | 1168 | } else |
| 1189 | else | 1169 | multi = 0; |
| 1190 | multi=0; | ||
| 1191 | 1170 | ||
| 1192 | /* | 1171 | /* |
| 1193 | * Now search for the cipher alias in the ca_list. Be careful | 1172 | * Now search for the cipher alias in the ca_list. Be careful |
| @@ -1202,126 +1181,121 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1202 | */ | 1181 | */ |
| 1203 | j = found = 0; | 1182 | j = found = 0; |
| 1204 | cipher_id = 0; | 1183 | cipher_id = 0; |
| 1205 | while (ca_list[j]) | 1184 | while (ca_list[j]) { |
| 1206 | { | ||
| 1207 | if (!strncmp(buf, ca_list[j]->name, buflen) && | 1185 | if (!strncmp(buf, ca_list[j]->name, buflen) && |
| 1208 | (ca_list[j]->name[buflen] == '\0')) | 1186 | (ca_list[j]->name[buflen] == '\0')) { |
| 1209 | { | ||
| 1210 | found = 1; | 1187 | found = 1; |
| 1211 | break; | 1188 | break; |
| 1212 | } | 1189 | } else |
| 1213 | else | ||
| 1214 | j++; | 1190 | j++; |
| 1215 | } | 1191 | } |
| 1216 | 1192 | ||
| 1217 | if (!found) | 1193 | if (!found) |
| 1218 | break; /* ignore this entry */ | 1194 | break; /* ignore this entry */ |
| 1219 | 1195 | ||
| 1220 | if (ca_list[j]->algorithm_mkey) | 1196 | if (ca_list[j]->algorithm_mkey) { |
| 1221 | { | 1197 | if (alg_mkey) { |
| 1222 | if (alg_mkey) | ||
| 1223 | { | ||
| 1224 | alg_mkey &= ca_list[j]->algorithm_mkey; | 1198 | alg_mkey &= ca_list[j]->algorithm_mkey; |
| 1225 | if (!alg_mkey) { found = 0; break; } | 1199 | if (!alg_mkey) { |
| 1200 | found = 0; | ||
| 1201 | break; | ||
| 1226 | } | 1202 | } |
| 1227 | else | 1203 | } else |
| 1228 | alg_mkey = ca_list[j]->algorithm_mkey; | 1204 | alg_mkey = ca_list[j]->algorithm_mkey; |
| 1229 | } | 1205 | } |
| 1230 | 1206 | ||
| 1231 | if (ca_list[j]->algorithm_auth) | 1207 | if (ca_list[j]->algorithm_auth) { |
| 1232 | { | 1208 | if (alg_auth) { |
| 1233 | if (alg_auth) | ||
| 1234 | { | ||
| 1235 | alg_auth &= ca_list[j]->algorithm_auth; | 1209 | alg_auth &= ca_list[j]->algorithm_auth; |
| 1236 | if (!alg_auth) { found = 0; break; } | 1210 | if (!alg_auth) { |
| 1211 | found = 0; | ||
| 1212 | break; | ||
| 1237 | } | 1213 | } |
| 1238 | else | 1214 | } else |
| 1239 | alg_auth = ca_list[j]->algorithm_auth; | 1215 | alg_auth = ca_list[j]->algorithm_auth; |
| 1240 | } | 1216 | } |
| 1241 | 1217 | ||
| 1242 | if (ca_list[j]->algorithm_enc) | 1218 | if (ca_list[j]->algorithm_enc) { |
| 1243 | { | 1219 | if (alg_enc) { |
| 1244 | if (alg_enc) | ||
| 1245 | { | ||
| 1246 | alg_enc &= ca_list[j]->algorithm_enc; | 1220 | alg_enc &= ca_list[j]->algorithm_enc; |
| 1247 | if (!alg_enc) { found = 0; break; } | 1221 | if (!alg_enc) { |
| 1222 | found = 0; | ||
| 1223 | break; | ||
| 1248 | } | 1224 | } |
| 1249 | else | 1225 | } else |
| 1250 | alg_enc = ca_list[j]->algorithm_enc; | 1226 | alg_enc = ca_list[j]->algorithm_enc; |
| 1251 | } | 1227 | } |
| 1252 | 1228 | ||
| 1253 | if (ca_list[j]->algorithm_mac) | 1229 | if (ca_list[j]->algorithm_mac) { |
| 1254 | { | 1230 | if (alg_mac) { |
| 1255 | if (alg_mac) | ||
| 1256 | { | ||
| 1257 | alg_mac &= ca_list[j]->algorithm_mac; | 1231 | alg_mac &= ca_list[j]->algorithm_mac; |
| 1258 | if (!alg_mac) { found = 0; break; } | 1232 | if (!alg_mac) { |
| 1233 | found = 0; | ||
| 1234 | break; | ||
| 1259 | } | 1235 | } |
| 1260 | else | 1236 | } else |
| 1261 | alg_mac = ca_list[j]->algorithm_mac; | 1237 | alg_mac = ca_list[j]->algorithm_mac; |
| 1262 | } | 1238 | } |
| 1263 | 1239 | ||
| 1264 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) | 1240 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { |
| 1265 | { | 1241 | if (algo_strength & SSL_EXP_MASK) { |
| 1266 | if (algo_strength & SSL_EXP_MASK) | ||
| 1267 | { | ||
| 1268 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; | 1242 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; |
| 1269 | if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } | 1243 | if (!(algo_strength & SSL_EXP_MASK)) { |
| 1244 | found = 0; | ||
| 1245 | break; | ||
| 1270 | } | 1246 | } |
| 1271 | else | 1247 | } else |
| 1272 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; | 1248 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; |
| 1273 | } | 1249 | } |
| 1274 | 1250 | ||
| 1275 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) | 1251 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { |
| 1276 | { | 1252 | if (algo_strength & SSL_STRONG_MASK) { |
| 1277 | if (algo_strength & SSL_STRONG_MASK) | ||
| 1278 | { | ||
| 1279 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | 1253 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; |
| 1280 | if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } | 1254 | if (!(algo_strength & SSL_STRONG_MASK)) { |
| 1255 | found = 0; | ||
| 1256 | break; | ||
| 1281 | } | 1257 | } |
| 1282 | else | 1258 | } else |
| 1283 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; | 1259 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; |
| 1284 | } | 1260 | } |
| 1285 | 1261 | ||
| 1286 | if (ca_list[j]->valid) | 1262 | if (ca_list[j]->valid) { |
| 1287 | { | ||
| 1288 | /* explicit ciphersuite found; its protocol version | 1263 | /* explicit ciphersuite found; its protocol version |
| 1289 | * does not become part of the search pattern!*/ | 1264 | * does not become part of the search pattern!*/ |
| 1290 | 1265 | ||
| 1291 | cipher_id = ca_list[j]->id; | 1266 | cipher_id = ca_list[j]->id; |
| 1292 | } | 1267 | } else { |
| 1293 | else | ||
| 1294 | { | ||
| 1295 | /* not an explicit ciphersuite; only in this case, the | 1268 | /* not an explicit ciphersuite; only in this case, the |
| 1296 | * protocol version is considered part of the search pattern */ | 1269 | * protocol version is considered part of the search pattern */ |
| 1297 | 1270 | ||
| 1298 | if (ca_list[j]->algorithm_ssl) | 1271 | if (ca_list[j]->algorithm_ssl) { |
| 1299 | { | 1272 | if (alg_ssl) { |
| 1300 | if (alg_ssl) | ||
| 1301 | { | ||
| 1302 | alg_ssl &= ca_list[j]->algorithm_ssl; | 1273 | alg_ssl &= ca_list[j]->algorithm_ssl; |
| 1303 | if (!alg_ssl) { found = 0; break; } | 1274 | if (!alg_ssl) { |
| 1275 | found = 0; | ||
| 1276 | break; | ||
| 1304 | } | 1277 | } |
| 1305 | else | 1278 | } else |
| 1306 | alg_ssl = ca_list[j]->algorithm_ssl; | 1279 | alg_ssl = ca_list[j]->algorithm_ssl; |
| 1307 | } | ||
| 1308 | } | 1280 | } |
| 1309 | |||
| 1310 | if (!multi) break; | ||
| 1311 | } | 1281 | } |
| 1312 | 1282 | ||
| 1283 | if (!multi) | ||
| 1284 | break; | ||
| 1285 | } | ||
| 1286 | |||
| 1313 | /* | 1287 | /* |
| 1314 | * Ok, we have the rule, now apply it | 1288 | * Ok, we have the rule, now apply it |
| 1315 | */ | 1289 | */ |
| 1316 | if (rule == CIPHER_SPECIAL) | 1290 | if (rule == CIPHER_SPECIAL) |
| 1317 | { /* special command */ | 1291 | { /* special command */ |
| 1318 | ok = 0; | 1292 | ok = 0; |
| 1319 | if ((buflen == 8) && | 1293 | if ((buflen == 8) && |
| 1320 | !strncmp(buf, "STRENGTH", 8)) | 1294 | !strncmp(buf, "STRENGTH", 8)) |
| 1321 | ok = ssl_cipher_strength_sort(head_p, tail_p); | 1295 | ok = ssl_cipher_strength_sort(head_p, tail_p); |
| 1322 | else | 1296 | else |
| 1323 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1297 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1324 | SSL_R_INVALID_COMMAND); | 1298 | SSL_R_INVALID_COMMAND); |
| 1325 | if (ok == 0) | 1299 | if (ok == 0) |
| 1326 | retval = 0; | 1300 | retval = 0; |
| 1327 | /* | 1301 | /* |
| @@ -1331,30 +1305,27 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1331 | * end or ':' is found. | 1305 | * end or ':' is found. |
| 1332 | */ | 1306 | */ |
| 1333 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1307 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1334 | l++; | 1308 | l++; |
| 1335 | } | 1309 | } else if (found) { |
| 1336 | else if (found) | ||
| 1337 | { | ||
| 1338 | ssl_cipher_apply_rule(cipher_id, | 1310 | ssl_cipher_apply_rule(cipher_id, |
| 1339 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, | 1311 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, |
| 1340 | rule, -1, head_p, tail_p); | 1312 | rule, -1, head_p, tail_p); |
| 1341 | } | 1313 | } else { |
| 1342 | else | ||
| 1343 | { | ||
| 1344 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1314 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1345 | l++; | 1315 | l++; |
| 1346 | } | 1316 | } |
| 1347 | if (*l == '\0') break; /* done */ | 1317 | if (*l == '\0') break; /* done */ |
| 1348 | } | 1318 | } |
| 1349 | 1319 | ||
| 1350 | return(retval); | 1320 | return (retval); |
| 1351 | } | 1321 | } |
| 1352 | 1322 | ||
| 1353 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | 1323 | STACK_OF(SSL_CIPHER) |
| 1354 | STACK_OF(SSL_CIPHER) **cipher_list, | 1324 | *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
| 1355 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | 1325 | STACK_OF(SSL_CIPHER) **cipher_list, |
| 1356 | const char *rule_str) | 1326 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, |
| 1357 | { | 1327 | const char *rule_str) |
| 1328 | { | ||
| 1358 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | 1329 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
| 1359 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; | 1330 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; |
| 1360 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | 1331 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
| @@ -1384,15 +1355,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1384 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | 1355 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); |
| 1385 | #endif /* KSSL_DEBUG */ | 1356 | #endif /* KSSL_DEBUG */ |
| 1386 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); | 1357 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); |
| 1387 | if (co_list == NULL) | 1358 | if (co_list == NULL) { |
| 1388 | { | 1359 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1389 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1390 | return(NULL); /* Failure */ | 1360 | return(NULL); /* Failure */ |
| 1391 | } | 1361 | } |
| 1392 | 1362 | ||
| 1393 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | 1363 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
| 1394 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | 1364 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, |
| 1395 | co_list, &head, &tail); | 1365 | co_list, &head, &tail); |
| 1396 | 1366 | ||
| 1397 | 1367 | ||
| 1398 | /* Now arrange all ciphers by preference: */ | 1368 | /* Now arrange all ciphers by preference: */ |
| @@ -1419,19 +1389,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1419 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1389 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1420 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ | 1390 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ |
| 1421 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1391 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1422 | ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1392 | ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1423 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1393 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1424 | 1394 | ||
| 1425 | /* RC4 is sort-of broken -- move the the end */ | 1395 | /* RC4 is sort-of broken -- move the the end */ |
| 1426 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1396 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1427 | 1397 | ||
| 1428 | /* Now sort by symmetric encryption strength. The above ordering remains | 1398 | /* Now sort by symmetric encryption strength. The above ordering remains |
| 1429 | * in force within each class */ | 1399 | * in force within each class */ |
| 1430 | if (!ssl_cipher_strength_sort(&head, &tail)) | 1400 | if (!ssl_cipher_strength_sort(&head, &tail)) { |
| 1431 | { | ||
| 1432 | OPENSSL_free(co_list); | 1401 | OPENSSL_free(co_list); |
| 1433 | return NULL; | 1402 | return NULL; |
| 1434 | } | 1403 | } |
| 1435 | 1404 | ||
| 1436 | /* Now disable everything (maintaining the ordering!) */ | 1405 | /* Now disable everything (maintaining the ordering!) */ |
| 1437 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1406 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| @@ -1448,15 +1417,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1448 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | 1417 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); |
| 1449 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | 1418 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; |
| 1450 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); | 1419 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); |
| 1451 | if (ca_list == NULL) | 1420 | if (ca_list == NULL) { |
| 1452 | { | ||
| 1453 | OPENSSL_free(co_list); | 1421 | OPENSSL_free(co_list); |
| 1454 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 1422 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1455 | return(NULL); /* Failure */ | 1423 | return(NULL); /* Failure */ |
| 1456 | } | 1424 | } |
| 1457 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, | 1425 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
| 1458 | disabled_mkey, disabled_auth, disabled_enc, | 1426 | disabled_mkey, disabled_auth, disabled_enc, |
| 1459 | disabled_mac, disabled_ssl, head); | 1427 | disabled_mac, disabled_ssl, head); |
| 1460 | 1428 | ||
| 1461 | /* | 1429 | /* |
| 1462 | * If the rule_string begins with DEFAULT, apply the default rule | 1430 | * If the rule_string begins with DEFAULT, apply the default rule |
| @@ -1464,14 +1432,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1464 | */ | 1432 | */ |
| 1465 | ok = 1; | 1433 | ok = 1; |
| 1466 | rule_p = rule_str; | 1434 | rule_p = rule_str; |
| 1467 | if (strncmp(rule_str,"DEFAULT",7) == 0) | 1435 | if (strncmp(rule_str, "DEFAULT", 7) == 0) { |
| 1468 | { | ||
| 1469 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | 1436 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, |
| 1470 | &head, &tail, ca_list); | 1437 | &head, &tail, ca_list); |
| 1471 | rule_p += 7; | 1438 | rule_p += 7; |
| 1472 | if (*rule_p == ':') | 1439 | if (*rule_p == ':') |
| 1473 | rule_p++; | 1440 | rule_p++; |
| 1474 | } | 1441 | } |
| 1475 | 1442 | ||
| 1476 | if (ok && (strlen(rule_p) > 0)) | 1443 | if (ok && (strlen(rule_p) > 0)) |
| 1477 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); | 1444 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); |
| @@ -1479,65 +1446,63 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1479 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ | 1446 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ |
| 1480 | 1447 | ||
| 1481 | if (!ok) | 1448 | if (!ok) |
| 1482 | { /* Rule processing failure */ | 1449 | { /* Rule processing failure */ |
| 1483 | OPENSSL_free(co_list); | 1450 | OPENSSL_free(co_list); |
| 1484 | return(NULL); | 1451 | return (NULL); |
| 1485 | } | 1452 | } |
| 1486 | 1453 | ||
| 1487 | /* | 1454 | /* |
| 1488 | * Allocate new "cipherstack" for the result, return with error | 1455 | * Allocate new "cipherstack" for the result, return with error |
| 1489 | * if we cannot get one. | 1456 | * if we cannot get one. |
| 1490 | */ | 1457 | */ |
| 1491 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) | 1458 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { |
| 1492 | { | ||
| 1493 | OPENSSL_free(co_list); | 1459 | OPENSSL_free(co_list); |
| 1494 | return(NULL); | 1460 | return (NULL); |
| 1495 | } | 1461 | } |
| 1496 | 1462 | ||
| 1497 | /* | 1463 | /* |
| 1498 | * The cipher selection for the list is done. The ciphers are added | 1464 | * The cipher selection for the list is done. The ciphers are added |
| 1499 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | 1465 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). |
| 1500 | */ | 1466 | */ |
| 1501 | for (curr = head; curr != NULL; curr = curr->next) | 1467 | for (curr = head; curr != NULL; curr = curr->next) { |
| 1502 | { | ||
| 1503 | #ifdef OPENSSL_FIPS | 1468 | #ifdef OPENSSL_FIPS |
| 1504 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | 1469 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) |
| 1505 | #else | 1470 | #else |
| 1506 | if (curr->active) | 1471 | if (curr->active) |
| 1507 | #endif | 1472 | #endif |
| 1508 | { | 1473 | { |
| 1509 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1474 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 1510 | #ifdef CIPHER_DEBUG | 1475 | #ifdef CIPHER_DEBUG |
| 1511 | printf("<%s>\n",curr->cipher->name); | 1476 | printf("<%s>\n", curr->cipher->name); |
| 1512 | #endif | 1477 | #endif |
| 1513 | } | ||
| 1514 | } | 1478 | } |
| 1479 | } | ||
| 1515 | OPENSSL_free(co_list); /* Not needed any longer */ | 1480 | OPENSSL_free(co_list); /* Not needed any longer */ |
| 1516 | 1481 | ||
| 1517 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | 1482 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); |
| 1518 | if (tmp_cipher_list == NULL) | 1483 | if (tmp_cipher_list == NULL) { |
| 1519 | { | ||
| 1520 | sk_SSL_CIPHER_free(cipherstack); | 1484 | sk_SSL_CIPHER_free(cipherstack); |
| 1521 | return NULL; | 1485 | return NULL; |
| 1522 | } | 1486 | } |
| 1523 | if (*cipher_list != NULL) | 1487 | if (*cipher_list != NULL) |
| 1524 | sk_SSL_CIPHER_free(*cipher_list); | 1488 | sk_SSL_CIPHER_free(*cipher_list); |
| 1525 | *cipher_list = cipherstack; | 1489 | *cipher_list = cipherstack; |
| 1526 | if (*cipher_list_by_id != NULL) | 1490 | if (*cipher_list_by_id != NULL) |
| 1527 | sk_SSL_CIPHER_free(*cipher_list_by_id); | 1491 | sk_SSL_CIPHER_free(*cipher_list_by_id); |
| 1528 | *cipher_list_by_id = tmp_cipher_list; | 1492 | *cipher_list_by_id = tmp_cipher_list; |
| 1529 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 1493 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); |
| 1530 | 1494 | ||
| 1531 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | 1495 | sk_SSL_CIPHER_sort(*cipher_list_by_id); |
| 1532 | return(cipherstack); | 1496 | return (cipherstack); |
| 1533 | } | 1497 | } |
| 1534 | 1498 | ||
| 1535 | char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | 1499 | char |
| 1536 | { | 1500 | *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) |
| 1537 | int is_export,pkl,kl; | 1501 | { |
| 1538 | const char *ver,*exp_str; | 1502 | int is_export, pkl, kl; |
| 1539 | const char *kx,*au,*enc,*mac; | 1503 | const char *ver, *exp_str; |
| 1540 | unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; | 1504 | const char *kx, *au, *enc, *mac; |
| 1505 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; | ||
| 1541 | #ifdef KSSL_DEBUG | 1506 | #ifdef KSSL_DEBUG |
| 1542 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; | 1507 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; |
| 1543 | #else | 1508 | #else |
| @@ -1550,13 +1515,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1550 | alg_mac = cipher->algorithm_mac; | 1515 | alg_mac = cipher->algorithm_mac; |
| 1551 | alg_ssl = cipher->algorithm_ssl; | 1516 | alg_ssl = cipher->algorithm_ssl; |
| 1552 | 1517 | ||
| 1553 | alg2=cipher->algorithm2; | 1518 | alg2 = cipher->algorithm2; |
| 1519 | |||
| 1520 | is_export = SSL_C_IS_EXPORT(cipher); | ||
| 1521 | pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1522 | kl = SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1523 | exp_str = is_export?" export":""; | ||
| 1554 | 1524 | ||
| 1555 | is_export=SSL_C_IS_EXPORT(cipher); | ||
| 1556 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1557 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1558 | exp_str=is_export?" export":""; | ||
| 1559 | |||
| 1560 | if (alg_ssl & SSL_SSLV2) | 1525 | if (alg_ssl & SSL_SSLV2) |
| 1561 | ver="SSLv2"; | 1526 | ver="SSLv2"; |
| 1562 | else if (alg_ssl & SSL_SSLV3) | 1527 | else if (alg_ssl & SSL_SSLV3) |
| @@ -1566,10 +1531,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1566 | else | 1531 | else |
| 1567 | ver="unknown"; | 1532 | ver="unknown"; |
| 1568 | 1533 | ||
| 1569 | switch (alg_mkey) | 1534 | switch (alg_mkey) { |
| 1570 | { | ||
| 1571 | case SSL_kRSA: | 1535 | case SSL_kRSA: |
| 1572 | kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; | 1536 | kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; |
| 1573 | break; | 1537 | break; |
| 1574 | case SSL_kDHr: | 1538 | case SSL_kDHr: |
| 1575 | kx="DH/RSA"; | 1539 | kx="DH/RSA"; |
| @@ -1577,11 +1541,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1577 | case SSL_kDHd: | 1541 | case SSL_kDHd: |
| 1578 | kx="DH/DSS"; | 1542 | kx="DH/DSS"; |
| 1579 | break; | 1543 | break; |
| 1580 | case SSL_kKRB5: | 1544 | case SSL_kKRB5: |
| 1581 | kx="KRB5"; | 1545 | kx="KRB5"; |
| 1582 | break; | 1546 | break; |
| 1583 | case SSL_kEDH: | 1547 | case SSL_kEDH: |
| 1584 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; | 1548 | kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
| 1585 | break; | 1549 | break; |
| 1586 | case SSL_kECDHr: | 1550 | case SSL_kECDHr: |
| 1587 | kx="ECDH/RSA"; | 1551 | kx="ECDH/RSA"; |
| @@ -1600,10 +1564,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1600 | break; | 1564 | break; |
| 1601 | default: | 1565 | default: |
| 1602 | kx="unknown"; | 1566 | kx="unknown"; |
| 1603 | } | 1567 | } |
| 1604 | 1568 | ||
| 1605 | switch (alg_auth) | 1569 | switch (alg_auth) { |
| 1606 | { | ||
| 1607 | case SSL_aRSA: | 1570 | case SSL_aRSA: |
| 1608 | au="RSA"; | 1571 | au="RSA"; |
| 1609 | break; | 1572 | break; |
| @@ -1613,10 +1576,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1613 | case SSL_aDH: | 1576 | case SSL_aDH: |
| 1614 | au="DH"; | 1577 | au="DH"; |
| 1615 | break; | 1578 | break; |
| 1616 | case SSL_aKRB5: | 1579 | case SSL_aKRB5: |
| 1617 | au="KRB5"; | 1580 | au="KRB5"; |
| 1618 | break; | 1581 | break; |
| 1619 | case SSL_aECDH: | 1582 | case SSL_aECDH: |
| 1620 | au="ECDH"; | 1583 | au="ECDH"; |
| 1621 | break; | 1584 | break; |
| 1622 | case SSL_aNULL: | 1585 | case SSL_aNULL: |
| @@ -1631,22 +1594,21 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1631 | default: | 1594 | default: |
| 1632 | au="unknown"; | 1595 | au="unknown"; |
| 1633 | break; | 1596 | break; |
| 1634 | } | 1597 | } |
| 1635 | 1598 | ||
| 1636 | switch (alg_enc) | 1599 | switch (alg_enc) { |
| 1637 | { | ||
| 1638 | case SSL_DES: | 1600 | case SSL_DES: |
| 1639 | enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; | 1601 | enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; |
| 1640 | break; | 1602 | break; |
| 1641 | case SSL_3DES: | 1603 | case SSL_3DES: |
| 1642 | enc="3DES(168)"; | 1604 | enc="3DES(168)"; |
| 1643 | break; | 1605 | break; |
| 1644 | case SSL_RC4: | 1606 | case SSL_RC4: |
| 1645 | enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") | 1607 | enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") |
| 1646 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); | 1608 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); |
| 1647 | break; | 1609 | break; |
| 1648 | case SSL_RC2: | 1610 | case SSL_RC2: |
| 1649 | enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; | 1611 | enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; |
| 1650 | break; | 1612 | break; |
| 1651 | case SSL_IDEA: | 1613 | case SSL_IDEA: |
| 1652 | enc="IDEA(128)"; | 1614 | enc="IDEA(128)"; |
| @@ -1678,10 +1640,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1678 | default: | 1640 | default: |
| 1679 | enc="unknown"; | 1641 | enc="unknown"; |
| 1680 | break; | 1642 | break; |
| 1681 | } | 1643 | } |
| 1682 | 1644 | ||
| 1683 | switch (alg_mac) | 1645 | switch (alg_mac) { |
| 1684 | { | ||
| 1685 | case SSL_MD5: | 1646 | case SSL_MD5: |
| 1686 | mac="MD5"; | 1647 | mac="MD5"; |
| 1687 | break; | 1648 | break; |
| @@ -1700,108 +1661,119 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1700 | default: | 1661 | default: |
| 1701 | mac="unknown"; | 1662 | mac="unknown"; |
| 1702 | break; | 1663 | break; |
| 1703 | } | 1664 | } |
| 1704 | 1665 | ||
| 1705 | if (buf == NULL) | 1666 | if (buf == NULL) { |
| 1706 | { | 1667 | len = 128; |
| 1707 | len=128; | 1668 | buf = OPENSSL_malloc(len); |
| 1708 | buf=OPENSSL_malloc(len); | 1669 | if (buf == NULL) |
| 1709 | if (buf == NULL) return("OPENSSL_malloc Error"); | 1670 | return("OPENSSL_malloc Error"); |
| 1710 | } | 1671 | } else if (len < 128) |
| 1711 | else if (len < 128) | 1672 | return("Buffer too small"); |
| 1712 | return("Buffer too small"); | ||
| 1713 | 1673 | ||
| 1714 | #ifdef KSSL_DEBUG | 1674 | #ifdef KSSL_DEBUG |
| 1715 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); | 1675 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); |
| 1716 | #else | 1676 | #else |
| 1717 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); | 1677 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); |
| 1718 | #endif /* KSSL_DEBUG */ | 1678 | #endif /* KSSL_DEBUG */ |
| 1719 | return(buf); | 1679 | return (buf); |
| 1720 | } | 1680 | } |
| 1721 | 1681 | ||
| 1722 | char *SSL_CIPHER_get_version(const SSL_CIPHER *c) | 1682 | char |
| 1723 | { | 1683 | *SSL_CIPHER_get_version(const SSL_CIPHER *c) |
| 1684 | { | ||
| 1724 | int i; | 1685 | int i; |
| 1725 | 1686 | ||
| 1726 | if (c == NULL) return("(NONE)"); | 1687 | if (c == NULL) |
| 1727 | i=(int)(c->id>>24L); | 1688 | return("(NONE)"); |
| 1689 | i = (int)(c->id >> 24L); | ||
| 1728 | if (i == 3) | 1690 | if (i == 3) |
| 1729 | return("TLSv1/SSLv3"); | 1691 | return("TLSv1/SSLv3"); |
| 1730 | else if (i == 2) | 1692 | else if (i == 2) |
| 1731 | return("SSLv2"); | 1693 | return("SSLv2"); |
| 1732 | else | 1694 | else |
| 1733 | return("unknown"); | 1695 | return("unknown"); |
| 1734 | } | 1696 | } |
| 1735 | 1697 | ||
| 1736 | /* return the actual cipher being used */ | 1698 | /* return the actual cipher being used */ |
| 1737 | const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) | 1699 | const char |
| 1738 | { | 1700 | *SSL_CIPHER_get_name(const SSL_CIPHER *c) |
| 1701 | { | ||
| 1739 | if (c != NULL) | 1702 | if (c != NULL) |
| 1740 | return(c->name); | 1703 | return (c->name); |
| 1741 | return("(NONE)"); | 1704 | return("(NONE)"); |
| 1742 | } | 1705 | } |
| 1743 | 1706 | ||
| 1744 | /* number of bits for symmetric cipher */ | 1707 | /* number of bits for symmetric cipher */ |
| 1745 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) | 1708 | int |
| 1746 | { | 1709 | SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) |
| 1747 | int ret=0; | 1710 | { |
| 1711 | int ret = 0; | ||
| 1748 | 1712 | ||
| 1749 | if (c != NULL) | 1713 | if (c != NULL) { |
| 1750 | { | 1714 | if (alg_bits != NULL) |
| 1751 | if (alg_bits != NULL) *alg_bits = c->alg_bits; | 1715 | *alg_bits = c->alg_bits; |
| 1752 | ret = c->strength_bits; | 1716 | ret = c->strength_bits; |
| 1753 | } | ||
| 1754 | return(ret); | ||
| 1755 | } | 1717 | } |
| 1718 | return (ret); | ||
| 1719 | } | ||
| 1756 | 1720 | ||
| 1757 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) | 1721 | unsigned long |
| 1758 | { | 1722 | SSL_CIPHER_get_id(const SSL_CIPHER *c) |
| 1723 | { | ||
| 1759 | return c->id; | 1724 | return c->id; |
| 1760 | } | 1725 | } |
| 1761 | 1726 | ||
| 1762 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | 1727 | SSL_COMP |
| 1763 | { | 1728 | *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) |
| 1729 | { | ||
| 1764 | SSL_COMP *ctmp; | 1730 | SSL_COMP *ctmp; |
| 1765 | int i,nn; | 1731 | int i, nn; |
| 1766 | 1732 | ||
| 1767 | if ((n == 0) || (sk == NULL)) return(NULL); | 1733 | if ((n == 0) |
| 1768 | nn=sk_SSL_COMP_num(sk); | 1734 | || (sk == NULL)) return (NULL); |
| 1769 | for (i=0; i<nn; i++) | 1735 | nn = sk_SSL_COMP_num(sk); |
| 1770 | { | 1736 | for (i = 0; i < nn; i++) { |
| 1771 | ctmp=sk_SSL_COMP_value(sk,i); | 1737 | ctmp = sk_SSL_COMP_value(sk, i); |
| 1772 | if (ctmp->id == n) | 1738 | if (ctmp->id == n) |
| 1773 | return(ctmp); | 1739 | return (ctmp); |
| 1774 | } | ||
| 1775 | return(NULL); | ||
| 1776 | } | 1740 | } |
| 1741 | return (NULL); | ||
| 1742 | } | ||
| 1777 | 1743 | ||
| 1778 | #ifdef OPENSSL_NO_COMP | 1744 | #ifdef OPENSSL_NO_COMP |
| 1779 | void *SSL_COMP_get_compression_methods(void) | 1745 | void |
| 1780 | { | 1746 | *SSL_COMP_get_compression_methods(void) |
| 1747 | { | ||
| 1781 | return NULL; | 1748 | return NULL; |
| 1782 | } | 1749 | } |
| 1783 | int SSL_COMP_add_compression_method(int id, void *cm) | 1750 | |
| 1784 | { | 1751 | int |
| 1752 | SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1753 | { | ||
| 1785 | return 1; | 1754 | return 1; |
| 1786 | } | 1755 | } |
| 1787 | 1756 | ||
| 1788 | const char *SSL_COMP_get_name(const void *comp) | 1757 | const char |
| 1789 | { | 1758 | *SSL_COMP_get_name(const void *comp) |
| 1759 | { | ||
| 1790 | return NULL; | 1760 | return NULL; |
| 1791 | } | 1761 | } |
| 1792 | #else | 1762 | #else |
| 1793 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | 1763 | STACK_OF(SSL_COMP) |
| 1794 | { | 1764 | *SSL_COMP_get_compression_methods(void) |
| 1765 | { | ||
| 1795 | load_builtin_compressions(); | 1766 | load_builtin_compressions(); |
| 1796 | return(ssl_comp_methods); | 1767 | return (ssl_comp_methods); |
| 1797 | } | 1768 | } |
| 1798 | 1769 | ||
| 1799 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | 1770 | int |
| 1800 | { | 1771 | SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) |
| 1772 | { | ||
| 1801 | SSL_COMP *comp; | 1773 | SSL_COMP *comp; |
| 1802 | 1774 | ||
| 1803 | if (cm == NULL || cm->type == NID_undef) | 1775 | if (cm == NULL || cm->type == NID_undef) |
| 1804 | return 1; | 1776 | return 1; |
| 1805 | 1777 | ||
| 1806 | /* According to draft-ietf-tls-compression-04.txt, the | 1778 | /* According to draft-ietf-tls-compression-04.txt, the |
| 1807 | compression number ranges should be the following: | 1779 | compression number ranges should be the following: |
| @@ -1809,45 +1781,40 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1809 | 0 to 63: methods defined by the IETF | 1781 | 0 to 63: methods defined by the IETF |
| 1810 | 64 to 192: external party methods assigned by IANA | 1782 | 64 to 192: external party methods assigned by IANA |
| 1811 | 193 to 255: reserved for private use */ | 1783 | 193 to 255: reserved for private use */ |
| 1812 | if (id < 193 || id > 255) | 1784 | if (id < 193 || id > 255) { |
| 1813 | { | 1785 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); |
| 1814 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
| 1815 | return 0; | 1786 | return 0; |
| 1816 | } | 1787 | } |
| 1817 | 1788 | ||
| 1818 | MemCheck_off(); | 1789 | MemCheck_off(); |
| 1819 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 1790 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 1820 | comp->id=id; | 1791 | comp->id = id; |
| 1821 | comp->method=cm; | 1792 | comp->method = cm; |
| 1822 | load_builtin_compressions(); | 1793 | load_builtin_compressions(); |
| 1823 | if (ssl_comp_methods | 1794 | if (ssl_comp_methods |
| 1824 | && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) | 1795 | && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { |
| 1825 | { | ||
| 1826 | OPENSSL_free(comp); | 1796 | OPENSSL_free(comp); |
| 1827 | MemCheck_on(); | 1797 | MemCheck_on(); |
| 1828 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | 1798 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); |
| 1829 | return(1); | 1799 | return (1); |
| 1830 | } | 1800 | } else if ((ssl_comp_methods == NULL) |
| 1831 | else if ((ssl_comp_methods == NULL) | 1801 | || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { |
| 1832 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) | ||
| 1833 | { | ||
| 1834 | OPENSSL_free(comp); | 1802 | OPENSSL_free(comp); |
| 1835 | MemCheck_on(); | 1803 | MemCheck_on(); |
| 1836 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | 1804 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); |
| 1837 | return(1); | 1805 | return (1); |
| 1838 | } | 1806 | } else { |
| 1839 | else | ||
| 1840 | { | ||
| 1841 | MemCheck_on(); | 1807 | MemCheck_on(); |
| 1842 | return(0); | 1808 | return (0); |
| 1843 | } | ||
| 1844 | } | 1809 | } |
| 1810 | } | ||
| 1845 | 1811 | ||
| 1846 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | 1812 | const char |
| 1847 | { | 1813 | *SSL_COMP_get_name(const COMP_METHOD *comp) |
| 1814 | { | ||
| 1848 | if (comp) | 1815 | if (comp) |
| 1849 | return comp->name; | 1816 | return comp->name; |
| 1850 | return NULL; | 1817 | return NULL; |
| 1851 | } | 1818 | } |
| 1852 | 1819 | ||
| 1853 | #endif | 1820 | #endif |
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c index 370fb57e3b..67ba3c7699 100644 --- a/src/lib/libssl/src/ssl/ssl_err.c +++ b/src/lib/libssl/src/ssl/ssl_err.c | |||
| @@ -68,543 +68,541 @@ | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) | 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) |
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) | 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) |
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA SSL_str_functs[]= | 71 | static ERR_STRING_DATA SSL_str_functs[]= { |
| 72 | { | 72 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, |
| 73 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, | 73 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, |
| 74 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, | 74 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, |
| 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | 75 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, |
| 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | 76 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, |
| 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | 77 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, |
| 78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | 78 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, |
| 79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | 79 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, |
| 80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | 80 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, |
| 81 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, | 81 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, |
| 82 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | 82 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, |
| 83 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, | 83 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, |
| 84 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | 84 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, |
| 85 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | 85 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, |
| 86 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | 86 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, |
| 87 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | 87 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, |
| 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, |
| 89 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | 89 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, |
| 90 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | 90 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, |
| 91 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, | 91 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, |
| 92 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, | 92 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, |
| 93 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | 93 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, |
| 94 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | 94 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, |
| 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, |
| 96 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | 96 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, |
| 97 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | 97 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, |
| 98 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | 98 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, |
| 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, |
| 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, |
| 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, |
| 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, |
| 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, |
| 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, |
| 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, |
| 106 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | 106 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, |
| 107 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | 107 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, |
| 108 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | 108 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, |
| 109 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | 109 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, |
| 110 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | 110 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, |
| 111 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, | 111 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, |
| 112 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, | 112 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, |
| 113 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, | 113 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, |
| 114 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, | 114 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, |
| 115 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, | 115 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, |
| 116 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, | 116 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, |
| 117 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, | 117 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, |
| 118 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, | 118 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, |
| 119 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, | 119 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, |
| 120 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, | 120 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, |
| 121 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, | 121 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, |
| 122 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, | 122 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, |
| 123 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, | 123 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, |
| 124 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, | 124 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, |
| 125 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, | 125 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, |
| 126 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, | 126 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, |
| 127 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, | 127 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, |
| 128 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, | 128 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, |
| 129 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, | 129 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, |
| 130 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, | 130 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, |
| 131 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, | 131 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, |
| 132 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, | 132 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, |
| 133 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, | 133 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, |
| 134 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, | 134 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, |
| 135 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, | 135 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, |
| 136 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, | 136 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, |
| 137 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, | 137 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, |
| 138 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, | 138 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, |
| 139 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, | 139 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, |
| 140 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, | 140 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, |
| 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, |
| 142 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, | 142 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, |
| 143 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, | 143 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, | 144 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
| 145 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, | 145 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, |
| 146 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, | 146 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, |
| 147 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, | 147 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, |
| 148 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, | 148 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
| 149 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | 149 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
| 150 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | 150 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, |
| 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, |
| 153 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | 153 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, |
| 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, |
| 156 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, | 156 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, |
| 157 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | 157 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, |
| 158 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | 158 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, |
| 159 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | 159 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, |
| 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, |
| 161 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, | 161 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, |
| 162 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | 162 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, |
| 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, |
| 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, |
| 165 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | 165 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, |
| 166 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, | 166 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, |
| 167 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | 167 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, |
| 168 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | 168 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, |
| 169 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | 169 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, |
| 170 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | 170 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, |
| 171 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, | 171 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, |
| 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, | 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, |
| 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, | 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, |
| 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, |
| 175 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, | 175 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, |
| 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, | 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, |
| 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, | 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, |
| 178 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | 178 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, |
| 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, |
| 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, | 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, |
| 181 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, | 181 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, |
| 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, |
| 183 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | 183 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, | 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, |
| 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, |
| 186 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, | 186 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, |
| 187 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | 187 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, |
| 188 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | 188 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, | 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, |
| 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, |
| 191 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, | 191 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, |
| 192 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | 192 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, |
| 193 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | 193 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, |
| 194 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | 194 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, |
| 195 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, | 195 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, |
| 196 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | 196 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, |
| 197 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | 197 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, |
| 198 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | 198 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, |
| 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, |
| 200 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, | 200 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, |
| 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, |
| 202 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | 202 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, |
| 203 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | 203 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, |
| 204 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, | 204 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, |
| 205 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, | 205 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, |
| 206 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, | 206 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, |
| 207 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, | 207 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, |
| 208 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, | 208 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, |
| 209 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, | 209 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, |
| 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, | 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, |
| 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, | 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, |
| 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, | 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, |
| 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, | 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, |
| 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, | 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, |
| 215 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, | 215 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, |
| 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, | 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, |
| 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, | 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, |
| 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, |
| 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, |
| 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, |
| 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, |
| 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, |
| 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, |
| 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, |
| 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, |
| 226 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | 226 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, |
| 227 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | 227 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, |
| 228 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | 228 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, |
| 229 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | 229 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, |
| 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, |
| 231 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, | 231 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, |
| 232 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | 232 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, |
| 233 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | 233 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, |
| 234 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | 234 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, |
| 235 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | 235 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, |
| 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, |
| 238 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, | 238 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, |
| 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, |
| 241 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, | 241 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, |
| 242 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | 242 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, |
| 244 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | 244 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, |
| 245 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | 245 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, |
| 246 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | 246 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, |
| 247 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | 247 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, |
| 248 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, | 248 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, |
| 249 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, | 249 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, |
| 250 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, | 250 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, |
| 251 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, | 251 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, |
| 252 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, | 252 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, |
| 253 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, | 253 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, |
| 254 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, | 254 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, |
| 255 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, | 255 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, |
| 256 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, | 256 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, |
| 257 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, | 257 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, |
| 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, | 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, |
| 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, | 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, |
| 260 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, | 260 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, |
| 261 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, | 261 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, |
| 262 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, | 262 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, |
| 263 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | 263 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, |
| 264 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, | 264 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, |
| 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, |
| 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, |
| 267 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | 267 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, |
| 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, |
| 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, |
| 270 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | 270 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, |
| 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, | 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, |
| 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, | 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, |
| 273 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, | 273 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, |
| 274 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, | 274 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, |
| 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, | 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, |
| 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, | 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, |
| 277 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, | 277 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, |
| 278 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, | 278 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, |
| 279 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, | 279 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, |
| 280 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, | 280 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, |
| 281 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, | 281 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, |
| 282 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, | 282 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, |
| 283 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, | 283 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, |
| 284 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, | 284 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, |
| 285 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, | 285 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, | 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, |
| 287 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, | 287 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, |
| 288 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, | 288 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, |
| 289 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, | 289 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, |
| 290 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, | 290 | {0, NULL} |
| 291 | {0,NULL} | 291 | }; |
| 292 | }; | ||
| 293 | 292 | ||
| 294 | static ERR_STRING_DATA SSL_str_reasons[]= | 293 | static ERR_STRING_DATA SSL_str_reasons[]= { |
| 295 | { | 294 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, |
| 296 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, | 295 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, |
| 297 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, | 296 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, |
| 298 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, | 297 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, |
| 299 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, | 298 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, |
| 300 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, | 299 | {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, |
| 301 | {ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, | 300 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, |
| 302 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, | 301 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, |
| 303 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, | 302 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, |
| 304 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, | 303 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, |
| 305 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, | 304 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, |
| 306 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, | 305 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, |
| 307 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, | 306 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, |
| 308 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, | 307 | {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, |
| 309 | {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, | 308 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, |
| 310 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, | 309 | {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, |
| 311 | {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, | 310 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, |
| 312 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, | 311 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, |
| 313 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, | 312 | {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, |
| 314 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, | 313 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, |
| 315 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, | 314 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, |
| 316 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, | 315 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, |
| 317 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, | 316 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, |
| 318 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, | 317 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, |
| 319 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, | 318 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, |
| 320 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, | 319 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, |
| 321 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, | 320 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, |
| 322 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, | 321 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, |
| 323 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, | 322 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, |
| 324 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, | 323 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, |
| 325 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, | 324 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, |
| 326 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, | 325 | {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, |
| 327 | {ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, | 326 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, |
| 328 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"}, | 327 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, |
| 329 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"}, | 328 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, |
| 330 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"}, | 329 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, |
| 331 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"}, | 330 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, |
| 332 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"}, | 331 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, |
| 333 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"}, | 332 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, |
| 334 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"}, | 333 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, |
| 335 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, | 334 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, |
| 336 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, | 335 | {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, |
| 337 | {ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, | 336 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, |
| 338 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, | 337 | {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, |
| 339 | {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, | 338 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, |
| 340 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, | 339 | {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, |
| 341 | {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, | 340 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, |
| 342 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, | 341 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, |
| 343 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, | 342 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, |
| 344 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, | 343 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, |
| 345 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, | 344 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, |
| 346 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, | 345 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, |
| 347 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, | 346 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, |
| 348 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | 347 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, |
| 349 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | 348 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, |
| 350 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | 349 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, |
| 351 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, | 350 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, |
| 352 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, | 351 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, |
| 353 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, | 352 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, |
| 354 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, | 353 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, |
| 355 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, | 354 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, |
| 356 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, | 355 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, |
| 357 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | 356 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, |
| 358 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | 357 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, |
| 359 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | 358 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, |
| 360 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, | 359 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, |
| 361 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | 360 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, |
| 362 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | 361 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, |
| 363 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, | 362 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, |
| 364 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, | 363 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, |
| 365 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, | 364 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, |
| 366 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, | 365 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, |
| 367 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, | 366 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, |
| 368 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, | 367 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, |
| 369 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, | 368 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, |
| 370 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, | 369 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, |
| 371 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, | 370 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, |
| 372 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, | 371 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, |
| 373 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, | 372 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, |
| 374 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | 373 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, |
| 375 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, | 374 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, |
| 376 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, | 375 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, |
| 377 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, | 376 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, |
| 378 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, | 377 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, |
| 379 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, | 378 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, |
| 380 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, | 379 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, |
| 381 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, | 380 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, |
| 382 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, | 381 | {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, |
| 383 | {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, | 382 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, |
| 384 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, | 383 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, |
| 385 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, | 384 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, |
| 386 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | 385 | {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, |
| 387 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | 386 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, |
| 388 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, | 387 | {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, |
| 389 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | 388 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, |
| 390 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, | 389 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, |
| 391 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | 390 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, |
| 392 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, | 391 | {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, |
| 393 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, | 392 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, |
| 394 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, | 393 | {ERR_REASON(SSL_R_KRB5) , "krb5"}, |
| 395 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, | 394 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, |
| 396 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, | 395 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, |
| 397 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, | 396 | {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, |
| 398 | {ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, | 397 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, |
| 399 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, | 398 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, |
| 400 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, | 399 | {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, |
| 401 | {ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, | 400 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, |
| 402 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, | 401 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, |
| 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, | 402 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, |
| 404 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, | 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, |
| 405 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, | 404 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, |
| 406 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, | 405 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, |
| 407 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, | 406 | {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, |
| 408 | {ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, | 407 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, |
| 409 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, | 408 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, |
| 410 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, | 409 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, |
| 411 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, | 410 | {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, |
| 412 | {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, | 411 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, |
| 413 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, | 412 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, |
| 414 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, | 413 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, |
| 415 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, | 414 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, |
| 416 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, | 415 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, |
| 417 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, | 416 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, |
| 418 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, | 417 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, |
| 419 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, | 418 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, |
| 420 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"}, | 419 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, |
| 421 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, | 420 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, |
| 422 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, | 421 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, |
| 423 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | 422 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, |
| 424 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | 423 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, |
| 425 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | 424 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, |
| 426 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, | 425 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, |
| 427 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, | 426 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, |
| 428 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, | 427 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, |
| 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, | 428 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, |
| 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, | 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, |
| 431 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, | 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, |
| 432 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, | 431 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, |
| 433 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, | 432 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, |
| 434 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, | 433 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, |
| 435 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, | 434 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, |
| 436 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, | 435 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, |
| 437 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, | 436 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, |
| 438 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, | 437 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, |
| 439 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, | 438 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, |
| 440 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, | 439 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, |
| 441 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, | 440 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, |
| 442 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, | 441 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, |
| 443 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, | 442 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, |
| 444 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, | 443 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, |
| 445 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, | 444 | {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, |
| 446 | {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, | 445 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, |
| 447 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, | 446 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, |
| 448 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, | 447 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, |
| 449 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, | 448 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, |
| 450 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"}, | 449 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, |
| 451 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, | 450 | {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, |
| 452 | {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, | 451 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, |
| 453 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, | 452 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, |
| 454 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, | 453 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, |
| 455 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, | 454 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, |
| 456 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, | 455 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"}, |
| 457 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, | 456 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, |
| 458 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, | 457 | {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, |
| 459 | {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, | 458 | {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, |
| 460 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, | 459 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, |
| 461 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, | 460 | {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, |
| 462 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, | 461 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, |
| 463 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, | 462 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, |
| 464 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, | 463 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, |
| 465 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, | 464 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, |
| 466 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, | 465 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, |
| 467 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, | 466 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, |
| 468 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, | 467 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, |
| 469 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, | 468 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, |
| 470 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, | 469 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, |
| 471 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, | 470 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, |
| 472 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, | 471 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, |
| 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, | 472 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, |
| 474 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, | 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, |
| 475 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, | 474 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, |
| 476 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, | 475 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, |
| 477 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, | 476 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, |
| 478 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, | 477 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, |
| 479 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, | 478 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, |
| 480 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, | 479 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, |
| 481 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, | 480 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, |
| 482 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, | 481 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, |
| 483 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, | 482 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, |
| 484 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, | 483 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, |
| 485 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, | 484 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, |
| 486 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, | 485 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, |
| 487 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, | 486 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, |
| 488 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, | 487 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, |
| 489 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, | 488 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, |
| 490 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, | 489 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, |
| 491 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, | 490 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, |
| 492 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, | 491 | {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, |
| 493 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, | 492 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, |
| 494 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"}, | 493 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, |
| 495 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, | 494 | {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, |
| 496 | {ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"}, | 495 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, |
| 497 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"}, | 496 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, |
| 498 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"}, | 497 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, |
| 499 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"}, | 498 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, |
| 500 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, | 499 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, |
| 501 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, | 500 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, |
| 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, | 501 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, |
| 503 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, | 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, |
| 504 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, | 503 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, |
| 505 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, | 504 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, |
| 506 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, | 505 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, |
| 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, | 506 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, |
| 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, | 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, |
| 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, | 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, |
| 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, | 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, |
| 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, | 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, |
| 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, | 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, |
| 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, | 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, |
| 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, | 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, |
| 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, | 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, |
| 516 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, | 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, |
| 517 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, | 516 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, |
| 518 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, | 517 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, |
| 519 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, | 518 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, |
| 520 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, | 519 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, |
| 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, | 520 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, |
| 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, | 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, |
| 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, | 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, |
| 524 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, | 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, |
| 525 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, | 524 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, |
| 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, | 525 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, |
| 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, | 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, |
| 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, | 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, |
| 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, | 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, |
| 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, | 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, |
| 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, | 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, |
| 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, | 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, |
| 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, | 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, |
| 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, | 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, |
| 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, | 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, |
| 536 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, | 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, |
| 537 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, | 536 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, |
| 538 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, | 537 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, |
| 539 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, | 538 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, |
| 540 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, | 539 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, |
| 541 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, | 540 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, |
| 542 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, | 541 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, |
| 543 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, | 542 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbearts"}, |
| 544 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"}, | 543 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, |
| 545 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"}, | 544 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, |
| 546 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"}, | 545 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, |
| 547 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, | 546 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, |
| 548 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, | 547 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, |
| 549 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, | 548 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"}, |
| 550 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, | 549 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, |
| 551 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, | 550 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, |
| 552 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, | 551 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, |
| 553 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, | 552 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, |
| 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, | 553 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, |
| 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, | 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, |
| 556 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, | 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, |
| 557 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, | 556 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, |
| 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, | 557 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, |
| 559 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, | 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, |
| 560 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, | 559 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, |
| 561 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, | 560 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, |
| 562 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, | 561 | {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, |
| 563 | {ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, | 562 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, |
| 564 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, | 563 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, |
| 565 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, | 564 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, |
| 566 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, | 565 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, |
| 567 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, | 566 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, |
| 568 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"}, | 567 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, |
| 569 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, | 568 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, |
| 570 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, | 569 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, |
| 571 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, | 570 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, |
| 572 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, | 571 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, |
| 573 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, | 572 | {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, |
| 574 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, | 573 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, |
| 575 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, | 574 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, |
| 576 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 575 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, |
| 577 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, | 576 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, |
| 578 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, | 577 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, |
| 579 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, | 578 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, |
| 580 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, | 579 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, |
| 581 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, | 580 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, |
| 582 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, | 581 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, |
| 583 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, | 582 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, |
| 584 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, | 583 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, |
| 585 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, | 584 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, |
| 586 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, | 585 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, |
| 587 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, | 586 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, |
| 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, | 587 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, |
| 589 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, | 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, |
| 590 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"}, | 589 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, |
| 591 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, | 590 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, |
| 592 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, | 591 | {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, |
| 593 | {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, | 592 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, |
| 594 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, | 593 | {0, NULL} |
| 595 | {0,NULL} | 594 | }; |
| 596 | }; | ||
| 597 | 595 | ||
| 598 | #endif | 596 | #endif |
| 599 | 597 | ||
| 600 | void ERR_load_SSL_strings(void) | 598 | void |
| 601 | { | 599 | ERR_load_SSL_strings(void) |
| 600 | { | ||
| 602 | #ifndef OPENSSL_NO_ERR | 601 | #ifndef OPENSSL_NO_ERR |
| 603 | 602 | ||
| 604 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) | 603 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { |
| 605 | { | 604 | ERR_load_strings(0, SSL_str_functs); |
| 606 | ERR_load_strings(0,SSL_str_functs); | 605 | ERR_load_strings(0, SSL_str_reasons); |
| 607 | ERR_load_strings(0,SSL_str_reasons); | ||
| 608 | } | ||
| 609 | #endif | ||
| 610 | } | 606 | } |
| 607 | #endif | ||
| 608 | } | ||
diff --git a/src/lib/libssl/src/ssl/ssl_err2.c b/src/lib/libssl/src/ssl/ssl_err2.c index ea95a5f983..cd781d38aa 100644 --- a/src/lib/libssl/src/ssl/ssl_err2.c +++ b/src/lib/libssl/src/ssl/ssl_err2.c | |||
| @@ -60,11 +60,12 @@ | |||
| 60 | #include <openssl/err.h> | 60 | #include <openssl/err.h> |
| 61 | #include <openssl/ssl.h> | 61 | #include <openssl/ssl.h> |
| 62 | 62 | ||
| 63 | void SSL_load_error_strings(void) | 63 | void |
| 64 | { | 64 | SSL_load_error_strings(void) |
| 65 | { | ||
| 65 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | ERR_load_crypto_strings(); | 67 | ERR_load_crypto_strings(); |
| 67 | ERR_load_SSL_strings(); | 68 | ERR_load_SSL_strings(); |
| 68 | #endif | 69 | #endif |
| 69 | } | 70 | } |
| 70 | 71 | ||
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index d9a728493e..98764b82aa 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c | |||
| @@ -160,11 +160,11 @@ | |||
| 160 | #include <openssl/engine.h> | 160 | #include <openssl/engine.h> |
| 161 | #endif | 161 | #endif |
| 162 | 162 | ||
| 163 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 163 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 164 | 164 | ||
| 165 | SSL3_ENC_METHOD ssl3_undef_enc_method={ | 165 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| 166 | /* evil casts, but these functions are only called if there's a library bug */ | 166 | /* evil casts, but these functions are only called if there's a library bug */ |
| 167 | (int (*)(SSL *,int))ssl_undefined_function, | 167 | (int (*)(SSL *, int))ssl_undefined_function, |
| 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, | 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, |
| 169 | ssl_undefined_function, | 169 | ssl_undefined_function, |
| 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, |
| @@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ | |||
| 178 | 0, /* server_finished_label_len */ | 178 | 0, /* server_finished_label_len */ |
| 179 | (int (*)(int))ssl_undefined_function, | 179 | (int (*)(int))ssl_undefined_function, |
| 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, | 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, |
| 181 | size_t, const unsigned char *, size_t, | 181 | size_t, const unsigned char *, size_t, |
| 182 | int use_context)) ssl_undefined_function, | 182 | int use_context)) ssl_undefined_function, |
| 183 | }; | 183 | }; |
| 184 | 184 | ||
| 185 | int SSL_clear(SSL *s) | 185 | int |
| 186 | { | 186 | SSL_clear(SSL *s) |
| 187 | { | ||
| 187 | 188 | ||
| 188 | if (s->method == NULL) | 189 | if (s->method == NULL) { |
| 189 | { | 190 | SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); |
| 190 | SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); | 191 | return (0); |
| 191 | return(0); | 192 | } |
| 192 | } | ||
| 193 | 193 | ||
| 194 | if (ssl_clear_bad_session(s)) | 194 | if (ssl_clear_bad_session(s)) { |
| 195 | { | ||
| 196 | SSL_SESSION_free(s->session); | 195 | SSL_SESSION_free(s->session); |
| 197 | s->session=NULL; | 196 | s->session = NULL; |
| 198 | } | 197 | } |
| 199 | 198 | ||
| 200 | s->error=0; | 199 | s->error = 0; |
| 201 | s->hit=0; | 200 | s->hit = 0; |
| 202 | s->shutdown=0; | 201 | s->shutdown = 0; |
| 203 | 202 | ||
| 204 | #if 0 /* Disabled since version 1.10 of this file (early return not | 203 | #if 0 /* Disabled since version 1.10 of this file (early return not |
| 205 | * needed because SSL_clear is not called when doing renegotiation) */ | 204 | * needed because SSL_clear is not called when doing renegotiation) */ |
| 206 | /* This is set if we are doing dynamic renegotiation so keep | 205 | /* This is set if we are doing dynamic renegotiation so keep |
| 207 | * the old cipher. It is sort of a SSL_clear_lite :-) */ | 206 | * the old cipher. It is sort of a SSL_clear_lite :-) */ |
| 208 | if (s->renegotiate) return(1); | ||
| 209 | #else | ||
| 210 | if (s->renegotiate) | 207 | if (s->renegotiate) |
| 211 | { | 208 | return (1); |
| 212 | SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); | 209 | #else |
| 210 | if (s->renegotiate) { | ||
| 211 | SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); | ||
| 213 | return 0; | 212 | return 0; |
| 214 | } | 213 | } |
| 215 | #endif | 214 | #endif |
| 216 | 215 | ||
| 217 | s->type=0; | 216 | s->type = 0; |
| 218 | 217 | ||
| 219 | s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); | 218 | s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); |
| 220 | 219 | ||
| 221 | s->version=s->method->version; | 220 | s->version = s->method->version; |
| 222 | s->client_version=s->version; | 221 | s->client_version = s->version; |
| 223 | s->rwstate=SSL_NOTHING; | 222 | s->rwstate = SSL_NOTHING; |
| 224 | s->rstate=SSL_ST_READ_HEADER; | 223 | s->rstate = SSL_ST_READ_HEADER; |
| 225 | #if 0 | 224 | #if 0 |
| 226 | s->read_ahead=s->ctx->read_ahead; | 225 | s->read_ahead = s->ctx->read_ahead; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | if (s->init_buf != NULL) | 228 | if (s->init_buf != NULL) { |
| 230 | { | ||
| 231 | BUF_MEM_free(s->init_buf); | 229 | BUF_MEM_free(s->init_buf); |
| 232 | s->init_buf=NULL; | 230 | s->init_buf = NULL; |
| 233 | } | 231 | } |
| 234 | 232 | ||
| 235 | ssl_clear_cipher_ctx(s); | 233 | ssl_clear_cipher_ctx(s); |
| 236 | ssl_clear_hash_ctx(&s->read_hash); | 234 | ssl_clear_hash_ctx(&s->read_hash); |
| 237 | ssl_clear_hash_ctx(&s->write_hash); | 235 | ssl_clear_hash_ctx(&s->write_hash); |
| 238 | 236 | ||
| 239 | s->first_packet=0; | 237 | s->first_packet = 0; |
| 240 | 238 | ||
| 241 | #if 1 | 239 | #if 1 |
| 242 | /* Check to see if we were changed into a different method, if | 240 | /* Check to see if we were changed into a different method, if |
| 243 | * so, revert back if we are not doing session-id reuse. */ | 241 | * so, revert back if we are not doing session-id reuse. */ |
| 244 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) | 242 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { |
| 245 | { | ||
| 246 | s->method->ssl_free(s); | 243 | s->method->ssl_free(s); |
| 247 | s->method=s->ctx->method; | 244 | s->method = s->ctx->method; |
| 248 | if (!s->method->ssl_new(s)) | 245 | if (!s->method->ssl_new(s)) |
| 249 | return(0); | 246 | return (0); |
| 250 | } | 247 | } else |
| 251 | else | ||
| 252 | #endif | 248 | #endif |
| 253 | s->method->ssl_clear(s); | 249 | s->method->ssl_clear(s); |
| 254 | return(1); | 250 | return (1); |
| 255 | } | 251 | } |
| 256 | 252 | ||
| 257 | /** Used to change an SSL_CTXs default SSL method type */ | 253 | /** Used to change an SSL_CTXs default SSL method type */ |
| 258 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) | 254 | int |
| 259 | { | 255 | SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) |
| 256 | { | ||
| 260 | STACK_OF(SSL_CIPHER) *sk; | 257 | STACK_OF(SSL_CIPHER) *sk; |
| 261 | 258 | ||
| 262 | ctx->method=meth; | 259 | ctx->method = meth; |
| 263 | 260 | ||
| 264 | sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), | 261 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), |
| 265 | &(ctx->cipher_list_by_id), | 262 | &(ctx->cipher_list_by_id), |
| 266 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 263 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 267 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) | 264 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { |
| 268 | { | 265 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| 269 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 266 | return (0); |
| 270 | return(0); | ||
| 271 | } | ||
| 272 | return(1); | ||
| 273 | } | 267 | } |
| 268 | return (1); | ||
| 269 | } | ||
| 274 | 270 | ||
| 275 | SSL *SSL_new(SSL_CTX *ctx) | 271 | SSL |
| 276 | { | 272 | *SSL_new(SSL_CTX *ctx) |
| 273 | { | ||
| 277 | SSL *s; | 274 | SSL *s; |
| 278 | 275 | ||
| 279 | if (ctx == NULL) | 276 | if (ctx == NULL) { |
| 280 | { | 277 | SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); |
| 281 | SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); | 278 | return (NULL); |
| 282 | return(NULL); | 279 | } |
| 283 | } | 280 | if (ctx->method == NULL) { |
| 284 | if (ctx->method == NULL) | 281 | SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); |
| 285 | { | 282 | return (NULL); |
| 286 | SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); | 283 | } |
| 287 | return(NULL); | ||
| 288 | } | ||
| 289 | 284 | ||
| 290 | s=(SSL *)OPENSSL_malloc(sizeof(SSL)); | 285 | s = (SSL *)OPENSSL_malloc(sizeof(SSL)); |
| 291 | if (s == NULL) goto err; | 286 | if (s == NULL) |
| 292 | memset(s,0,sizeof(SSL)); | 287 | goto err; |
| 288 | memset(s, 0, sizeof(SSL)); | ||
| 293 | 289 | ||
| 294 | #ifndef OPENSSL_NO_KRB5 | 290 | #ifndef OPENSSL_NO_KRB5 |
| 295 | s->kssl_ctx = kssl_ctx_new(); | 291 | s->kssl_ctx = kssl_ctx_new(); |
| 296 | #endif /* OPENSSL_NO_KRB5 */ | 292 | #endif /* OPENSSL_NO_KRB5 */ |
| 297 | 293 | ||
| 298 | s->options=ctx->options; | 294 | s->options = ctx->options; |
| 299 | s->mode=ctx->mode; | 295 | s->mode = ctx->mode; |
| 300 | s->max_cert_list=ctx->max_cert_list; | 296 | s->max_cert_list = ctx->max_cert_list; |
| 301 | 297 | ||
| 302 | if (ctx->cert != NULL) | 298 | if (ctx->cert != NULL) { |
| 303 | { | ||
| 304 | /* Earlier library versions used to copy the pointer to | 299 | /* Earlier library versions used to copy the pointer to |
| 305 | * the CERT, not its contents; only when setting new | 300 | * the CERT, not its contents; only when setting new |
| 306 | * parameters for the per-SSL copy, ssl_cert_new would be | 301 | * parameters for the per-SSL copy, ssl_cert_new would be |
| @@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 314 | s->cert = ssl_cert_dup(ctx->cert); | 309 | s->cert = ssl_cert_dup(ctx->cert); |
| 315 | if (s->cert == NULL) | 310 | if (s->cert == NULL) |
| 316 | goto err; | 311 | goto err; |
| 317 | } | 312 | } else |
| 318 | else | ||
| 319 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | 313 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ |
| 320 | 314 | ||
| 321 | s->read_ahead=ctx->read_ahead; | 315 | s->read_ahead = ctx->read_ahead; |
| 322 | s->msg_callback=ctx->msg_callback; | 316 | s->msg_callback = ctx->msg_callback; |
| 323 | s->msg_callback_arg=ctx->msg_callback_arg; | 317 | s->msg_callback_arg = ctx->msg_callback_arg; |
| 324 | s->verify_mode=ctx->verify_mode; | 318 | s->verify_mode = ctx->verify_mode; |
| 325 | #if 0 | 319 | #if 0 |
| 326 | s->verify_depth=ctx->verify_depth; | 320 | s->verify_depth = ctx->verify_depth; |
| 327 | #endif | 321 | #endif |
| 328 | s->sid_ctx_length=ctx->sid_ctx_length; | 322 | s->sid_ctx_length = ctx->sid_ctx_length; |
| 329 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | 323 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); |
| 330 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 324 | memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); |
| 331 | s->verify_callback=ctx->default_verify_callback; | 325 | s->verify_callback = ctx->default_verify_callback; |
| 332 | s->generate_session_id=ctx->generate_session_id; | 326 | s->generate_session_id = ctx->generate_session_id; |
| 333 | 327 | ||
| 334 | s->param = X509_VERIFY_PARAM_new(); | 328 | s->param = X509_VERIFY_PARAM_new(); |
| 335 | if (!s->param) | 329 | if (!s->param) |
| @@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 339 | s->purpose = ctx->purpose; | 333 | s->purpose = ctx->purpose; |
| 340 | s->trust = ctx->trust; | 334 | s->trust = ctx->trust; |
| 341 | #endif | 335 | #endif |
| 342 | s->quiet_shutdown=ctx->quiet_shutdown; | 336 | s->quiet_shutdown = ctx->quiet_shutdown; |
| 343 | s->max_send_fragment = ctx->max_send_fragment; | 337 | s->max_send_fragment = ctx->max_send_fragment; |
| 344 | 338 | ||
| 345 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 339 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 346 | s->ctx=ctx; | 340 | s->ctx = ctx; |
| 347 | #ifndef OPENSSL_NO_TLSEXT | 341 | #ifndef OPENSSL_NO_TLSEXT |
| 348 | s->tlsext_debug_cb = 0; | 342 | s->tlsext_debug_cb = 0; |
| 349 | s->tlsext_debug_arg = NULL; | 343 | s->tlsext_debug_arg = NULL; |
| @@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 354 | s->tlsext_ocsp_exts = NULL; | 348 | s->tlsext_ocsp_exts = NULL; |
| 355 | s->tlsext_ocsp_resp = NULL; | 349 | s->tlsext_ocsp_resp = NULL; |
| 356 | s->tlsext_ocsp_resplen = -1; | 350 | s->tlsext_ocsp_resplen = -1; |
| 357 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 351 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 358 | s->initial_ctx=ctx; | 352 | s->initial_ctx = ctx; |
| 359 | # ifndef OPENSSL_NO_NEXTPROTONEG | 353 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 360 | s->next_proto_negotiated = NULL; | 354 | s->next_proto_negotiated = NULL; |
| 361 | # endif | 355 | # endif |
| 362 | #endif | 356 | #endif |
| 363 | 357 | ||
| 364 | s->verify_result=X509_V_OK; | 358 | s->verify_result = X509_V_OK; |
| 365 | 359 | ||
| 366 | s->method=ctx->method; | 360 | s->method = ctx->method; |
| 367 | 361 | ||
| 368 | if (!s->method->ssl_new(s)) | 362 | if (!s->method->ssl_new(s)) |
| 369 | goto err; | 363 | goto err; |
| 370 | 364 | ||
| 371 | s->references=1; | 365 | s->references = 1; |
| 372 | s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; | 366 | s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; |
| 373 | 367 | ||
| 374 | SSL_clear(s); | 368 | SSL_clear(s); |
| 375 | 369 | ||
| 376 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 370 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 377 | 371 | ||
| 378 | #ifndef OPENSSL_NO_PSK | 372 | #ifndef OPENSSL_NO_PSK |
| 379 | s->psk_client_callback=ctx->psk_client_callback; | 373 | s->psk_client_callback = ctx->psk_client_callback; |
| 380 | s->psk_server_callback=ctx->psk_server_callback; | 374 | s->psk_server_callback = ctx->psk_server_callback; |
| 381 | #endif | 375 | #endif |
| 382 | 376 | ||
| 383 | return(s); | 377 | return (s); |
| 384 | err: | 378 | err: |
| 385 | if (s != NULL) | 379 | if (s != NULL) { |
| 386 | { | ||
| 387 | if (s->cert != NULL) | 380 | if (s->cert != NULL) |
| 388 | ssl_cert_free(s->cert); | 381 | ssl_cert_free(s->cert); |
| 389 | if (s->ctx != NULL) | 382 | if (s->ctx != NULL) |
| 390 | SSL_CTX_free(s->ctx); /* decrement reference count */ | 383 | SSL_CTX_free(s->ctx); /* decrement reference count */ |
| 391 | OPENSSL_free(s); | 384 | OPENSSL_free(s); |
| 392 | } | ||
| 393 | SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | ||
| 394 | return(NULL); | ||
| 395 | } | 385 | } |
| 386 | SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); | ||
| 387 | return (NULL); | ||
| 388 | } | ||
| 396 | 389 | ||
| 397 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | 390 | int |
| 398 | unsigned int sid_ctx_len) | 391 | SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, |
| 399 | { | 392 | unsigned int sid_ctx_len) |
| 400 | if(sid_ctx_len > sizeof ctx->sid_ctx) | 393 | { |
| 401 | { | 394 | if (sid_ctx_len > sizeof ctx->sid_ctx) { |
| 402 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 395 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 403 | return 0; | 396 | return 0; |
| 404 | } | 397 | } |
| 405 | ctx->sid_ctx_length=sid_ctx_len; | 398 | ctx->sid_ctx_length = sid_ctx_len; |
| 406 | memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); | 399 | memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); |
| 407 | 400 | ||
| 408 | return 1; | 401 | return 1; |
| 409 | } | 402 | } |
| 410 | 403 | ||
| 411 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | 404 | int |
| 412 | unsigned int sid_ctx_len) | 405 | SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, |
| 413 | { | 406 | unsigned int sid_ctx_len) |
| 414 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 407 | { |
| 415 | { | 408 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 416 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 409 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 417 | return 0; | 410 | return 0; |
| 418 | } | 411 | } |
| 419 | ssl->sid_ctx_length=sid_ctx_len; | 412 | ssl->sid_ctx_length = sid_ctx_len; |
| 420 | memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); | 413 | memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); |
| 421 | 414 | ||
| 422 | return 1; | 415 | return 1; |
| 423 | } | 416 | } |
| 424 | 417 | ||
| 425 | int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) | 418 | int |
| 426 | { | 419 | SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) |
| 420 | { | ||
| 427 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 421 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 428 | ctx->generate_session_id = cb; | 422 | ctx->generate_session_id = cb; |
| 429 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 423 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 430 | return 1; | 424 | return 1; |
| 431 | } | 425 | } |
| 432 | 426 | ||
| 433 | int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) | 427 | int |
| 434 | { | 428 | SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) |
| 429 | { | ||
| 435 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 430 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 436 | ssl->generate_session_id = cb; | 431 | ssl->generate_session_id = cb; |
| 437 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 432 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 438 | return 1; | 433 | return 1; |
| 439 | } | 434 | } |
| 440 | 435 | ||
| 441 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | 436 | int |
| 442 | unsigned int id_len) | 437 | SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, |
| 443 | { | 438 | unsigned int id_len) |
| 439 | { | ||
| 444 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how | 440 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how |
| 445 | * we can "construct" a session to give us the desired check - ie. to | 441 | * we can "construct" a session to give us the desired check - ie. to |
| 446 | * find if there's a session in the hash table that would conflict with | 442 | * find if there's a session in the hash table that would conflict with |
| @@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 448 | * use by this SSL. */ | 444 | * use by this SSL. */ |
| 449 | SSL_SESSION r, *p; | 445 | SSL_SESSION r, *p; |
| 450 | 446 | ||
| 451 | if(id_len > sizeof r.session_id) | 447 | if (id_len > sizeof r.session_id) |
| 452 | return 0; | 448 | return 0; |
| 453 | 449 | ||
| 454 | r.ssl_version = ssl->version; | 450 | r.ssl_version = ssl->version; |
| @@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 458 | * callback is calling us to check the uniqueness of a shorter ID, it | 454 | * callback is calling us to check the uniqueness of a shorter ID, it |
| 459 | * must be compared as a padded-out ID because that is what it will be | 455 | * must be compared as a padded-out ID because that is what it will be |
| 460 | * converted to when the callback has finished choosing it. */ | 456 | * converted to when the callback has finished choosing it. */ |
| 461 | if((r.ssl_version == SSL2_VERSION) && | 457 | if ((r.ssl_version == SSL2_VERSION) && |
| 462 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) | 458 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { |
| 463 | { | ||
| 464 | memset(r.session_id + id_len, 0, | 459 | memset(r.session_id + id_len, 0, |
| 465 | SSL2_SSL_SESSION_ID_LENGTH - id_len); | 460 | SSL2_SSL_SESSION_ID_LENGTH - id_len); |
| 466 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; | 461 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 467 | } | 462 | } |
| 468 | 463 | ||
| 469 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 464 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 470 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); | 465 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); |
| 471 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 466 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 472 | return (p != NULL); | 467 | return (p != NULL); |
| 473 | } | 468 | } |
| 474 | 469 | ||
| 475 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | 470 | int |
| 476 | { | 471 | SSL_CTX_set_purpose(SSL_CTX *s, int purpose) |
| 472 | { | ||
| 477 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 473 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 478 | } | 474 | } |
| 479 | 475 | ||
| 480 | int SSL_set_purpose(SSL *s, int purpose) | 476 | int |
| 481 | { | 477 | SSL_set_purpose(SSL *s, int purpose) |
| 478 | { | ||
| 482 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 479 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 483 | } | 480 | } |
| 484 | 481 | ||
| 485 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | 482 | int |
| 486 | { | 483 | SSL_CTX_set_trust(SSL_CTX *s, int trust) |
| 484 | { | ||
| 487 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 485 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 488 | } | 486 | } |
| 489 | 487 | ||
| 490 | int SSL_set_trust(SSL *s, int trust) | 488 | int |
| 491 | { | 489 | SSL_set_trust(SSL *s, int trust) |
| 490 | { | ||
| 492 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 491 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 493 | } | 492 | } |
| 494 | 493 | ||
| 495 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) | 494 | int |
| 496 | { | 495 | SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) |
| 496 | { | ||
| 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); | 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); |
| 498 | } | 498 | } |
| 499 | 499 | ||
| 500 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) | 500 | int |
| 501 | { | 501 | SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) |
| 502 | { | ||
| 502 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); | 503 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); |
| 503 | } | 504 | } |
| 504 | 505 | ||
| 505 | void SSL_free(SSL *s) | 506 | void |
| 506 | { | 507 | SSL_free(SSL *s) |
| 508 | { | ||
| 507 | int i; | 509 | int i; |
| 508 | 510 | ||
| 509 | if(s == NULL) | 511 | if (s == NULL) |
| 510 | return; | 512 | return; |
| 511 | 513 | ||
| 512 | i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); | 514 | i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); |
| 513 | #ifdef REF_PRINT | 515 | #ifdef REF_PRINT |
| 514 | REF_PRINT("SSL",s); | 516 | REF_PRINT("SSL", s); |
| 515 | #endif | 517 | #endif |
| 516 | if (i > 0) return; | 518 | if (i > 0) |
| 519 | return; | ||
| 517 | #ifdef REF_CHECK | 520 | #ifdef REF_CHECK |
| 518 | if (i < 0) | 521 | if (i < 0) { |
| 519 | { | 522 | fprintf(stderr, "SSL_free, bad reference count\n"); |
| 520 | fprintf(stderr,"SSL_free, bad reference count\n"); | ||
| 521 | abort(); /* ok */ | 523 | abort(); /* ok */ |
| 522 | } | 524 | } |
| 523 | #endif | 525 | #endif |
| 524 | 526 | ||
| 525 | if (s->param) | 527 | if (s->param) |
| @@ -527,53 +529,58 @@ void SSL_free(SSL *s) | |||
| 527 | 529 | ||
| 528 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 530 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 529 | 531 | ||
| 530 | if (s->bbio != NULL) | 532 | if (s->bbio != NULL) { |
| 531 | { | ||
| 532 | /* If the buffering BIO is in place, pop it off */ | 533 | /* If the buffering BIO is in place, pop it off */ |
| 533 | if (s->bbio == s->wbio) | 534 | if (s->bbio == s->wbio) { |
| 534 | { | 535 | s->wbio = BIO_pop(s->wbio); |
| 535 | s->wbio=BIO_pop(s->wbio); | ||
| 536 | } | ||
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio=NULL; | ||
| 539 | } | 536 | } |
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio = NULL; | ||
| 539 | } | ||
| 540 | if (s->rbio != NULL) | 540 | if (s->rbio != NULL) |
| 541 | BIO_free_all(s->rbio); | 541 | BIO_free_all(s->rbio); |
| 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) | 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) |
| 543 | BIO_free_all(s->wbio); | 543 | BIO_free_all(s->wbio); |
| 544 | 544 | ||
| 545 | if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); | 545 | if (s->init_buf != NULL) |
| 546 | BUF_MEM_free(s->init_buf); | ||
| 546 | 547 | ||
| 547 | /* add extra stuff */ | 548 | /* add extra stuff */ |
| 548 | if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); | 549 | if (s->cipher_list != NULL) |
| 549 | if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); | 550 | sk_SSL_CIPHER_free(s->cipher_list); |
| 551 | if (s->cipher_list_by_id != NULL) | ||
| 552 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
| 550 | 553 | ||
| 551 | /* Make the next call work :-) */ | 554 | /* Make the next call work :-) */ |
| 552 | if (s->session != NULL) | 555 | if (s->session != NULL) { |
| 553 | { | ||
| 554 | ssl_clear_bad_session(s); | 556 | ssl_clear_bad_session(s); |
| 555 | SSL_SESSION_free(s->session); | 557 | SSL_SESSION_free(s->session); |
| 556 | } | 558 | } |
| 557 | 559 | ||
| 558 | ssl_clear_cipher_ctx(s); | 560 | ssl_clear_cipher_ctx(s); |
| 559 | ssl_clear_hash_ctx(&s->read_hash); | 561 | ssl_clear_hash_ctx(&s->read_hash); |
| 560 | ssl_clear_hash_ctx(&s->write_hash); | 562 | ssl_clear_hash_ctx(&s->write_hash); |
| 561 | 563 | ||
| 562 | if (s->cert != NULL) ssl_cert_free(s->cert); | 564 | if (s->cert != NULL) |
| 565 | ssl_cert_free(s->cert); | ||
| 563 | /* Free up if allocated */ | 566 | /* Free up if allocated */ |
| 564 | 567 | ||
| 565 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 566 | if (s->tlsext_hostname) | 569 | if (s->tlsext_hostname) |
| 567 | OPENSSL_free(s->tlsext_hostname); | 570 | OPENSSL_free(s->tlsext_hostname); |
| 568 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | 571 | if (s->initial_ctx) |
| 572 | SSL_CTX_free(s->initial_ctx); | ||
| 569 | #ifndef OPENSSL_NO_EC | 573 | #ifndef OPENSSL_NO_EC |
| 570 | if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); | 574 | if (s->tlsext_ecpointformatlist) |
| 571 | if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); | 575 | OPENSSL_free(s->tlsext_ecpointformatlist); |
| 576 | if (s->tlsext_ellipticcurvelist) | ||
| 577 | OPENSSL_free(s->tlsext_ellipticcurvelist); | ||
| 572 | #endif /* OPENSSL_NO_EC */ | 578 | #endif /* OPENSSL_NO_EC */ |
| 573 | if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); | 579 | if (s->tlsext_opaque_prf_input) |
| 580 | OPENSSL_free(s->tlsext_opaque_prf_input); | ||
| 574 | if (s->tlsext_ocsp_exts) | 581 | if (s->tlsext_ocsp_exts) |
| 575 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 582 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, |
| 576 | X509_EXTENSION_free); | 583 | X509_EXTENSION_free); |
| 577 | if (s->tlsext_ocsp_ids) | 584 | if (s->tlsext_ocsp_ids) |
| 578 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | 585 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); |
| 579 | if (s->tlsext_ocsp_resp) | 586 | if (s->tlsext_ocsp_resp) |
| @@ -581,11 +588,13 @@ void SSL_free(SSL *s) | |||
| 581 | #endif | 588 | #endif |
| 582 | 589 | ||
| 583 | if (s->client_CA != NULL) | 590 | if (s->client_CA != NULL) |
| 584 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | 591 | sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); |
| 585 | 592 | ||
| 586 | if (s->method != NULL) s->method->ssl_free(s); | 593 | if (s->method != NULL) |
| 594 | s->method->ssl_free(s); | ||
| 587 | 595 | ||
| 588 | if (s->ctx) SSL_CTX_free(s->ctx); | 596 | if (s->ctx) |
| 597 | SSL_CTX_free(s->ctx); | ||
| 589 | 598 | ||
| 590 | #ifndef OPENSSL_NO_KRB5 | 599 | #ifndef OPENSSL_NO_KRB5 |
| 591 | if (s->kssl_ctx != NULL) | 600 | if (s->kssl_ctx != NULL) |
| @@ -598,223 +607,237 @@ void SSL_free(SSL *s) | |||
| 598 | #endif | 607 | #endif |
| 599 | 608 | ||
| 600 | #ifndef OPENSSL_NO_SRTP | 609 | #ifndef OPENSSL_NO_SRTP |
| 601 | if (s->srtp_profiles) | 610 | if (s->srtp_profiles) |
| 602 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); | 611 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); |
| 603 | #endif | 612 | #endif |
| 604 | 613 | ||
| 605 | OPENSSL_free(s); | 614 | OPENSSL_free(s); |
| 606 | } | 615 | } |
| 607 | 616 | ||
| 608 | void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) | 617 | void |
| 609 | { | 618 | SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) |
| 619 | { | ||
| 610 | /* If the output buffering BIO is still in place, remove it | 620 | /* If the output buffering BIO is still in place, remove it |
| 611 | */ | 621 | */ |
| 612 | if (s->bbio != NULL) | 622 | if (s->bbio != NULL) { |
| 613 | { | 623 | if (s->wbio == s->bbio) { |
| 614 | if (s->wbio == s->bbio) | 624 | s->wbio = s->wbio->next_bio; |
| 615 | { | 625 | s->bbio->next_bio = NULL; |
| 616 | s->wbio=s->wbio->next_bio; | ||
| 617 | s->bbio->next_bio=NULL; | ||
| 618 | } | ||
| 619 | } | 626 | } |
| 627 | } | ||
| 620 | if ((s->rbio != NULL) && (s->rbio != rbio)) | 628 | if ((s->rbio != NULL) && (s->rbio != rbio)) |
| 621 | BIO_free_all(s->rbio); | 629 | BIO_free_all(s->rbio); |
| 622 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) | 630 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) |
| 623 | BIO_free_all(s->wbio); | 631 | BIO_free_all(s->wbio); |
| 624 | s->rbio=rbio; | 632 | s->rbio = rbio; |
| 625 | s->wbio=wbio; | 633 | s->wbio = wbio; |
| 626 | } | 634 | } |
| 627 | 635 | ||
| 628 | BIO *SSL_get_rbio(const SSL *s) | 636 | BIO |
| 629 | { return(s->rbio); } | 637 | *SSL_get_rbio(const SSL *s) |
| 638 | { return (s->rbio); | ||
| 639 | } | ||
| 630 | 640 | ||
| 631 | BIO *SSL_get_wbio(const SSL *s) | 641 | BIO |
| 632 | { return(s->wbio); } | 642 | *SSL_get_wbio(const SSL *s) |
| 643 | { return (s->wbio); | ||
| 644 | } | ||
| 633 | 645 | ||
| 634 | int SSL_get_fd(const SSL *s) | 646 | int |
| 635 | { | 647 | SSL_get_fd(const SSL *s) |
| 636 | return(SSL_get_rfd(s)); | 648 | { |
| 637 | } | 649 | return (SSL_get_rfd(s)); |
| 650 | } | ||
| 638 | 651 | ||
| 639 | int SSL_get_rfd(const SSL *s) | 652 | int |
| 640 | { | 653 | SSL_get_rfd(const SSL *s) |
| 641 | int ret= -1; | 654 | { |
| 642 | BIO *b,*r; | 655 | int ret = -1; |
| 656 | BIO *b, *r; | ||
| 643 | 657 | ||
| 644 | b=SSL_get_rbio(s); | 658 | b = SSL_get_rbio(s); |
| 645 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 659 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 646 | if (r != NULL) | 660 | if (r != NULL) |
| 647 | BIO_get_fd(r,&ret); | 661 | BIO_get_fd(r, &ret); |
| 648 | return(ret); | 662 | return (ret); |
| 649 | } | 663 | } |
| 650 | 664 | ||
| 651 | int SSL_get_wfd(const SSL *s) | 665 | int |
| 652 | { | 666 | SSL_get_wfd(const SSL *s) |
| 653 | int ret= -1; | 667 | { |
| 654 | BIO *b,*r; | 668 | int ret = -1; |
| 669 | BIO *b, *r; | ||
| 655 | 670 | ||
| 656 | b=SSL_get_wbio(s); | 671 | b = SSL_get_wbio(s); |
| 657 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 672 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 658 | if (r != NULL) | 673 | if (r != NULL) |
| 659 | BIO_get_fd(r,&ret); | 674 | BIO_get_fd(r, &ret); |
| 660 | return(ret); | 675 | return (ret); |
| 661 | } | 676 | } |
| 662 | 677 | ||
| 663 | #ifndef OPENSSL_NO_SOCK | 678 | #ifndef OPENSSL_NO_SOCK |
| 664 | int SSL_set_fd(SSL *s,int fd) | 679 | int |
| 665 | { | 680 | SSL_set_fd(SSL *s, int fd) |
| 666 | int ret=0; | 681 | { |
| 667 | BIO *bio=NULL; | 682 | int ret = 0; |
| 683 | BIO *bio = NULL; | ||
| 668 | 684 | ||
| 669 | bio=BIO_new(BIO_s_socket()); | 685 | bio = BIO_new(BIO_s_socket()); |
| 670 | 686 | ||
| 671 | if (bio == NULL) | 687 | if (bio == NULL) { |
| 672 | { | 688 | SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); |
| 673 | SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); | ||
| 674 | goto err; | 689 | goto err; |
| 675 | } | ||
| 676 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 677 | SSL_set_bio(s,bio,bio); | ||
| 678 | ret=1; | ||
| 679 | err: | ||
| 680 | return(ret); | ||
| 681 | } | 690 | } |
| 691 | BIO_set_fd(bio, fd, BIO_NOCLOSE); | ||
| 692 | SSL_set_bio(s, bio, bio); | ||
| 693 | ret = 1; | ||
| 694 | err: | ||
| 695 | return (ret); | ||
| 696 | } | ||
| 682 | 697 | ||
| 683 | int SSL_set_wfd(SSL *s,int fd) | 698 | int |
| 684 | { | 699 | SSL_set_wfd(SSL *s, int fd) |
| 685 | int ret=0; | 700 | { |
| 686 | BIO *bio=NULL; | 701 | int ret = 0; |
| 702 | BIO *bio = NULL; | ||
| 687 | 703 | ||
| 688 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) | 704 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) |
| 689 | || ((int)BIO_get_fd(s->rbio,NULL) != fd)) | 705 | || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { |
| 690 | { | 706 | bio = BIO_new(BIO_s_socket()); |
| 691 | bio=BIO_new(BIO_s_socket()); | ||
| 692 | 707 | ||
| 693 | if (bio == NULL) | 708 | if (bio == NULL) |
| 694 | { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } | 709 | { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); |
| 695 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | 710 | goto err; |
| 696 | SSL_set_bio(s,SSL_get_rbio(s),bio); | ||
| 697 | } | 711 | } |
| 698 | else | 712 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 699 | SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); | 713 | SSL_set_bio(s, SSL_get_rbio(s), bio); |
| 700 | ret=1; | 714 | } else |
| 715 | SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); | ||
| 716 | ret = 1; | ||
| 701 | err: | 717 | err: |
| 702 | return(ret); | 718 | return (ret); |
| 703 | } | 719 | } |
| 704 | 720 | ||
| 705 | int SSL_set_rfd(SSL *s,int fd) | 721 | int |
| 706 | { | 722 | SSL_set_rfd(SSL *s, int fd) |
| 707 | int ret=0; | 723 | { |
| 708 | BIO *bio=NULL; | 724 | int ret = 0; |
| 725 | BIO *bio = NULL; | ||
| 709 | 726 | ||
| 710 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) | 727 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) |
| 711 | || ((int)BIO_get_fd(s->wbio,NULL) != fd)) | 728 | || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { |
| 712 | { | 729 | bio = BIO_new(BIO_s_socket()); |
| 713 | bio=BIO_new(BIO_s_socket()); | ||
| 714 | 730 | ||
| 715 | if (bio == NULL) | 731 | if (bio == NULL) { |
| 716 | { | 732 | SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); |
| 717 | SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); | ||
| 718 | goto err; | 733 | goto err; |
| 719 | } | ||
| 720 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 721 | SSL_set_bio(s,bio,SSL_get_wbio(s)); | ||
| 722 | } | 734 | } |
| 723 | else | 735 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 724 | SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); | 736 | SSL_set_bio(s, bio, SSL_get_wbio(s)); |
| 725 | ret=1; | 737 | } else |
| 738 | SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); | ||
| 739 | ret = 1; | ||
| 726 | err: | 740 | err: |
| 727 | return(ret); | 741 | return (ret); |
| 728 | } | 742 | } |
| 729 | #endif | 743 | #endif |
| 730 | 744 | ||
| 731 | 745 | ||
| 732 | /* return length of latest Finished message we sent, copy to 'buf' */ | 746 | /* return length of latest Finished message we sent, copy to 'buf' */ |
| 733 | size_t SSL_get_finished(const SSL *s, void *buf, size_t count) | 747 | size_t |
| 734 | { | 748 | SSL_get_finished(const SSL *s, void *buf, size_t count) |
| 749 | { | ||
| 735 | size_t ret = 0; | 750 | size_t ret = 0; |
| 736 | 751 | ||
| 737 | if (s->s3 != NULL) | 752 | if (s->s3 != NULL) { |
| 738 | { | ||
| 739 | ret = s->s3->tmp.finish_md_len; | 753 | ret = s->s3->tmp.finish_md_len; |
| 740 | if (count > ret) | 754 | if (count > ret) |
| 741 | count = ret; | 755 | count = ret; |
| 742 | memcpy(buf, s->s3->tmp.finish_md, count); | 756 | memcpy(buf, s->s3->tmp.finish_md, count); |
| 743 | } | ||
| 744 | return ret; | ||
| 745 | } | 757 | } |
| 758 | return ret; | ||
| 759 | } | ||
| 746 | 760 | ||
| 747 | /* return length of latest Finished message we expected, copy to 'buf' */ | 761 | /* return length of latest Finished message we expected, copy to 'buf' */ |
| 748 | size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | 762 | size_t |
| 749 | { | 763 | SSL_get_peer_finished(const SSL *s, void *buf, size_t count) |
| 764 | { | ||
| 750 | size_t ret = 0; | 765 | size_t ret = 0; |
| 751 | 766 | ||
| 752 | if (s->s3 != NULL) | 767 | if (s->s3 != NULL) { |
| 753 | { | ||
| 754 | ret = s->s3->tmp.peer_finish_md_len; | 768 | ret = s->s3->tmp.peer_finish_md_len; |
| 755 | if (count > ret) | 769 | if (count > ret) |
| 756 | count = ret; | 770 | count = ret; |
| 757 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | 771 | memcpy(buf, s->s3->tmp.peer_finish_md, count); |
| 758 | } | ||
| 759 | return ret; | ||
| 760 | } | 772 | } |
| 773 | return ret; | ||
| 774 | } | ||
| 761 | 775 | ||
| 762 | 776 | ||
| 763 | int SSL_get_verify_mode(const SSL *s) | 777 | int |
| 764 | { | 778 | SSL_get_verify_mode(const SSL *s) |
| 765 | return(s->verify_mode); | 779 | { |
| 766 | } | 780 | return (s->verify_mode); |
| 781 | } | ||
| 767 | 782 | ||
| 768 | int SSL_get_verify_depth(const SSL *s) | 783 | int |
| 769 | { | 784 | SSL_get_verify_depth(const SSL *s) |
| 785 | { | ||
| 770 | return X509_VERIFY_PARAM_get_depth(s->param); | 786 | return X509_VERIFY_PARAM_get_depth(s->param); |
| 771 | } | 787 | } |
| 772 | 788 | ||
| 773 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) | 789 | int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) |
| 774 | { | 790 | { |
| 775 | return(s->verify_callback); | 791 | return (s->verify_callback); |
| 776 | } | 792 | } |
| 777 | 793 | ||
| 778 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | 794 | int |
| 779 | { | 795 | SSL_CTX_get_verify_mode(const SSL_CTX *ctx) |
| 780 | return(ctx->verify_mode); | 796 | { |
| 781 | } | 797 | return (ctx->verify_mode); |
| 798 | } | ||
| 782 | 799 | ||
| 783 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | 800 | int |
| 784 | { | 801 | SSL_CTX_get_verify_depth(const SSL_CTX *ctx) |
| 802 | { | ||
| 785 | return X509_VERIFY_PARAM_get_depth(ctx->param); | 803 | return X509_VERIFY_PARAM_get_depth(ctx->param); |
| 786 | } | 804 | } |
| 787 | 805 | ||
| 788 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) | 806 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) |
| 789 | { | 807 | { |
| 790 | return(ctx->default_verify_callback); | 808 | return (ctx->default_verify_callback); |
| 791 | } | 809 | } |
| 792 | 810 | ||
| 793 | void SSL_set_verify(SSL *s,int mode, | 811 | void |
| 794 | int (*callback)(int ok,X509_STORE_CTX *ctx)) | 812 | SSL_set_verify(SSL *s, int mode, |
| 795 | { | 813 | int (*callback)(int ok, X509_STORE_CTX *ctx)) |
| 796 | s->verify_mode=mode; | 814 | { |
| 815 | s->verify_mode = mode; | ||
| 797 | if (callback != NULL) | 816 | if (callback != NULL) |
| 798 | s->verify_callback=callback; | 817 | s->verify_callback = callback; |
| 799 | } | 818 | } |
| 800 | 819 | ||
| 801 | void SSL_set_verify_depth(SSL *s,int depth) | 820 | void |
| 802 | { | 821 | SSL_set_verify_depth(SSL *s, int depth) |
| 822 | { | ||
| 803 | X509_VERIFY_PARAM_set_depth(s->param, depth); | 823 | X509_VERIFY_PARAM_set_depth(s->param, depth); |
| 804 | } | 824 | } |
| 805 | 825 | ||
| 806 | void SSL_set_read_ahead(SSL *s,int yes) | 826 | void |
| 807 | { | 827 | SSL_set_read_ahead(SSL *s, int yes) |
| 808 | s->read_ahead=yes; | 828 | { |
| 809 | } | 829 | s->read_ahead = yes; |
| 830 | } | ||
| 810 | 831 | ||
| 811 | int SSL_get_read_ahead(const SSL *s) | 832 | int |
| 812 | { | 833 | SSL_get_read_ahead(const SSL *s) |
| 813 | return(s->read_ahead); | 834 | { |
| 814 | } | 835 | return (s->read_ahead); |
| 836 | } | ||
| 815 | 837 | ||
| 816 | int SSL_pending(const SSL *s) | 838 | int |
| 817 | { | 839 | SSL_pending(const SSL *s) |
| 840 | { | ||
| 818 | /* SSL_pending cannot work properly if read-ahead is enabled | 841 | /* SSL_pending cannot work properly if read-ahead is enabled |
| 819 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), | 842 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), |
| 820 | * and it is impossible to fix since SSL_pending cannot report | 843 | * and it is impossible to fix since SSL_pending cannot report |
| @@ -822,264 +845,266 @@ int SSL_pending(const SSL *s) | |||
| 822 | * (Note that SSL_pending() is often used as a boolean value, | 845 | * (Note that SSL_pending() is often used as a boolean value, |
| 823 | * so we'd better not return -1.) | 846 | * so we'd better not return -1.) |
| 824 | */ | 847 | */ |
| 825 | return(s->method->ssl_pending(s)); | 848 | return (s->method->ssl_pending(s)); |
| 826 | } | 849 | } |
| 827 | 850 | ||
| 828 | X509 *SSL_get_peer_certificate(const SSL *s) | 851 | X509 |
| 829 | { | 852 | *SSL_get_peer_certificate(const SSL *s) |
| 853 | { | ||
| 830 | X509 *r; | 854 | X509 *r; |
| 831 | 855 | ||
| 832 | if ((s == NULL) || (s->session == NULL)) | 856 | if ((s == NULL) || (s->session == NULL)) |
| 833 | r=NULL; | 857 | r = NULL; |
| 834 | else | 858 | else |
| 835 | r=s->session->peer; | 859 | r = s->session->peer; |
| 836 | 860 | ||
| 837 | if (r == NULL) return(r); | 861 | if (r == NULL) |
| 862 | return (r); | ||
| 838 | 863 | ||
| 839 | CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); | 864 | CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); |
| 840 | 865 | ||
| 841 | return(r); | 866 | return (r); |
| 842 | } | 867 | } |
| 843 | 868 | ||
| 844 | STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) | 869 | STACK_OF(X509) |
| 845 | { | 870 | *SSL_get_peer_cert_chain(const SSL *s) |
| 871 | { | ||
| 846 | STACK_OF(X509) *r; | 872 | STACK_OF(X509) *r; |
| 847 | 873 | ||
| 848 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) | 874 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) |
| 849 | r=NULL; | 875 | r = NULL; |
| 850 | else | 876 | else |
| 851 | r=s->session->sess_cert->cert_chain; | 877 | r = s->session->sess_cert->cert_chain; |
| 852 | 878 | ||
| 853 | /* If we are a client, cert_chain includes the peer's own | 879 | /* If we are a client, cert_chain includes the peer's own |
| 854 | * certificate; if we are a server, it does not. */ | 880 | * certificate; |
| 855 | 881 | if we are a server, it does not. */ | |
| 856 | return(r); | 882 | |
| 857 | } | 883 | return (r); |
| 884 | } | ||
| 858 | 885 | ||
| 859 | /* Now in theory, since the calling process own 't' it should be safe to | 886 | /* Now in theory, since the calling process own 't' it should be safe to |
| 860 | * modify. We need to be able to read f without being hassled */ | 887 | * modify. We need to be able to read f without being hassled */ |
| 861 | void SSL_copy_session_id(SSL *t,const SSL *f) | 888 | void |
| 862 | { | 889 | SSL_copy_session_id(SSL *t, const SSL *f) |
| 890 | { | ||
| 863 | CERT *tmp; | 891 | CERT *tmp; |
| 864 | 892 | ||
| 865 | /* Do we need to to SSL locking? */ | 893 | /* Do we need to to SSL locking? */ |
| 866 | SSL_set_session(t,SSL_get_session(f)); | 894 | SSL_set_session(t, SSL_get_session(f)); |
| 867 | 895 | ||
| 868 | /* what if we are setup as SSLv2 but want to talk SSLv3 or | 896 | /* what if we are setup as SSLv2 but want to talk SSLv3 or |
| 869 | * vice-versa */ | 897 | * vice-versa */ |
| 870 | if (t->method != f->method) | 898 | if (t->method != f->method) { |
| 871 | { | ||
| 872 | t->method->ssl_free(t); /* cleanup current */ | 899 | t->method->ssl_free(t); /* cleanup current */ |
| 873 | t->method=f->method; /* change method */ | 900 | t->method=f->method; /* change method */ |
| 874 | t->method->ssl_new(t); /* setup new */ | 901 | t->method->ssl_new(t); /* setup new */ |
| 875 | } | ||
| 876 | |||
| 877 | tmp=t->cert; | ||
| 878 | if (f->cert != NULL) | ||
| 879 | { | ||
| 880 | CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 881 | t->cert=f->cert; | ||
| 882 | } | ||
| 883 | else | ||
| 884 | t->cert=NULL; | ||
| 885 | if (tmp != NULL) ssl_cert_free(tmp); | ||
| 886 | SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); | ||
| 887 | } | 902 | } |
| 888 | 903 | ||
| 904 | tmp = t->cert; | ||
| 905 | if (f->cert != NULL) { | ||
| 906 | CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); | ||
| 907 | t->cert = f->cert; | ||
| 908 | } else | ||
| 909 | t->cert = NULL; | ||
| 910 | if (tmp != NULL) | ||
| 911 | ssl_cert_free(tmp); | ||
| 912 | SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); | ||
| 913 | } | ||
| 914 | |||
| 889 | /* Fix this so it checks all the valid key/cert options */ | 915 | /* Fix this so it checks all the valid key/cert options */ |
| 890 | int SSL_CTX_check_private_key(const SSL_CTX *ctx) | 916 | int |
| 891 | { | 917 | SSL_CTX_check_private_key(const SSL_CTX *ctx) |
| 892 | if ( (ctx == NULL) || | 918 | { |
| 919 | if ((ctx == NULL) || | ||
| 893 | (ctx->cert == NULL) || | 920 | (ctx->cert == NULL) || |
| 894 | (ctx->cert->key->x509 == NULL)) | 921 | (ctx->cert->key->x509 == NULL)) { |
| 895 | { | 922 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 896 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | 923 | return (0); |
| 897 | return(0); | 924 | } |
| 898 | } | 925 | if (ctx->cert->key->privatekey == NULL) { |
| 899 | if (ctx->cert->key->privatekey == NULL) | 926 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); |
| 900 | { | 927 | return (0); |
| 901 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 902 | return(0); | ||
| 903 | } | ||
| 904 | return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 905 | } | 928 | } |
| 929 | return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 930 | } | ||
| 906 | 931 | ||
| 907 | /* Fix this function so that it takes an optional type parameter */ | 932 | /* Fix this function so that it takes an optional type parameter */ |
| 908 | int SSL_check_private_key(const SSL *ssl) | 933 | int |
| 909 | { | 934 | SSL_check_private_key(const SSL *ssl) |
| 910 | if (ssl == NULL) | 935 | { |
| 911 | { | 936 | if (ssl == NULL) { |
| 912 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); | 937 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); |
| 913 | return(0); | 938 | return (0); |
| 914 | } | 939 | } |
| 915 | if (ssl->cert == NULL) | 940 | if (ssl->cert == NULL) { |
| 916 | { | 941 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 917 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 918 | return 0; | 942 | return 0; |
| 919 | } | ||
| 920 | if (ssl->cert->key->x509 == NULL) | ||
| 921 | { | ||
| 922 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 923 | return(0); | ||
| 924 | } | ||
| 925 | if (ssl->cert->key->privatekey == NULL) | ||
| 926 | { | ||
| 927 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 928 | return(0); | ||
| 929 | } | ||
| 930 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 931 | ssl->cert->key->privatekey)); | ||
| 932 | } | 943 | } |
| 944 | if (ssl->cert->key->x509 == NULL) { | ||
| 945 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 946 | return (0); | ||
| 947 | } | ||
| 948 | if (ssl->cert->key->privatekey == NULL) { | ||
| 949 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 950 | return (0); | ||
| 951 | } | ||
| 952 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 953 | ssl->cert->key->privatekey)); | ||
| 954 | } | ||
| 933 | 955 | ||
| 934 | int SSL_accept(SSL *s) | 956 | int |
| 935 | { | 957 | SSL_accept(SSL *s) |
| 958 | { | ||
| 936 | if (s->handshake_func == 0) | 959 | if (s->handshake_func == 0) |
| 937 | /* Not properly initialized yet */ | 960 | /* Not properly initialized yet */ |
| 938 | SSL_set_accept_state(s); | 961 | SSL_set_accept_state(s); |
| 939 | 962 | ||
| 940 | return(s->method->ssl_accept(s)); | 963 | return (s->method->ssl_accept(s)); |
| 941 | } | 964 | } |
| 942 | 965 | ||
| 943 | int SSL_connect(SSL *s) | 966 | int |
| 944 | { | 967 | SSL_connect(SSL *s) |
| 968 | { | ||
| 945 | if (s->handshake_func == 0) | 969 | if (s->handshake_func == 0) |
| 946 | /* Not properly initialized yet */ | 970 | /* Not properly initialized yet */ |
| 947 | SSL_set_connect_state(s); | 971 | SSL_set_connect_state(s); |
| 948 | 972 | ||
| 949 | return(s->method->ssl_connect(s)); | 973 | return (s->method->ssl_connect(s)); |
| 950 | } | 974 | } |
| 951 | 975 | ||
| 952 | long SSL_get_default_timeout(const SSL *s) | 976 | long |
| 953 | { | 977 | SSL_get_default_timeout(const SSL *s) |
| 954 | return(s->method->get_timeout()); | 978 | { |
| 955 | } | 979 | return (s->method->get_timeout()); |
| 980 | } | ||
| 956 | 981 | ||
| 957 | int SSL_read(SSL *s,void *buf,int num) | 982 | int |
| 958 | { | 983 | SSL_read(SSL *s, void *buf, int num) |
| 959 | if (s->handshake_func == 0) | 984 | { |
| 960 | { | 985 | if (s->handshake_func == 0) { |
| 961 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | 986 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); |
| 962 | return -1; | 987 | return -1; |
| 963 | } | 988 | } |
| 964 | 989 | ||
| 965 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 990 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 966 | { | 991 | s->rwstate = SSL_NOTHING; |
| 967 | s->rwstate=SSL_NOTHING; | 992 | return (0); |
| 968 | return(0); | ||
| 969 | } | ||
| 970 | return(s->method->ssl_read(s,buf,num)); | ||
| 971 | } | 993 | } |
| 994 | return (s->method->ssl_read(s, buf, num)); | ||
| 995 | } | ||
| 972 | 996 | ||
| 973 | int SSL_peek(SSL *s,void *buf,int num) | 997 | int |
| 974 | { | 998 | SSL_peek(SSL *s, void *buf, int num) |
| 975 | if (s->handshake_func == 0) | 999 | { |
| 976 | { | 1000 | if (s->handshake_func == 0) { |
| 977 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); | 1001 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); |
| 978 | return -1; | 1002 | return -1; |
| 979 | } | 1003 | } |
| 980 | 1004 | ||
| 981 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 1005 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 982 | { | 1006 | return (0); |
| 983 | return(0); | ||
| 984 | } | ||
| 985 | return(s->method->ssl_peek(s,buf,num)); | ||
| 986 | } | 1007 | } |
| 1008 | return (s->method->ssl_peek(s, buf, num)); | ||
| 1009 | } | ||
| 987 | 1010 | ||
| 988 | int SSL_write(SSL *s,const void *buf,int num) | 1011 | int |
| 989 | { | 1012 | SSL_write(SSL *s, const void *buf, int num) |
| 990 | if (s->handshake_func == 0) | 1013 | { |
| 991 | { | 1014 | if (s->handshake_func == 0) { |
| 992 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); | 1015 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); |
| 993 | return -1; | 1016 | return -1; |
| 994 | } | 1017 | } |
| 995 | 1018 | ||
| 996 | if (s->shutdown & SSL_SENT_SHUTDOWN) | 1019 | if (s->shutdown & SSL_SENT_SHUTDOWN) { |
| 997 | { | 1020 | s->rwstate = SSL_NOTHING; |
| 998 | s->rwstate=SSL_NOTHING; | 1021 | SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); |
| 999 | SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); | 1022 | return (-1); |
| 1000 | return(-1); | ||
| 1001 | } | ||
| 1002 | return(s->method->ssl_write(s,buf,num)); | ||
| 1003 | } | 1023 | } |
| 1024 | return (s->method->ssl_write(s, buf, num)); | ||
| 1025 | } | ||
| 1004 | 1026 | ||
| 1005 | int SSL_shutdown(SSL *s) | 1027 | int |
| 1006 | { | 1028 | SSL_shutdown(SSL *s) |
| 1029 | { | ||
| 1007 | /* Note that this function behaves differently from what one might | 1030 | /* Note that this function behaves differently from what one might |
| 1008 | * expect. Return values are 0 for no success (yet), | 1031 | * expect. Return values are 0 for no success (yet), |
| 1009 | * 1 for success; but calling it once is usually not enough, | 1032 | * 1 for success; but calling it once is usually not enough, |
| 1010 | * even if blocking I/O is used (see ssl3_shutdown). | 1033 | * even if blocking I/O is used (see ssl3_shutdown). |
| 1011 | */ | 1034 | */ |
| 1012 | 1035 | ||
| 1013 | if (s->handshake_func == 0) | 1036 | if (s->handshake_func == 0) { |
| 1014 | { | ||
| 1015 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); | 1037 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); |
| 1016 | return -1; | 1038 | return -1; |
| 1017 | } | 1039 | } |
| 1018 | 1040 | ||
| 1019 | if ((s != NULL) && !SSL_in_init(s)) | 1041 | if ((s != NULL) && !SSL_in_init(s)) |
| 1020 | return(s->method->ssl_shutdown(s)); | 1042 | return (s->method->ssl_shutdown(s)); |
| 1021 | else | 1043 | else |
| 1022 | return(1); | 1044 | return (1); |
| 1023 | } | 1045 | } |
| 1024 | 1046 | ||
| 1025 | int SSL_renegotiate(SSL *s) | 1047 | int |
| 1026 | { | 1048 | SSL_renegotiate(SSL *s) |
| 1049 | { | ||
| 1027 | if (s->renegotiate == 0) | 1050 | if (s->renegotiate == 0) |
| 1028 | s->renegotiate=1; | 1051 | s->renegotiate = 1; |
| 1029 | 1052 | ||
| 1030 | s->new_session=1; | 1053 | s->new_session = 1; |
| 1031 | 1054 | ||
| 1032 | return(s->method->ssl_renegotiate(s)); | 1055 | return (s->method->ssl_renegotiate(s)); |
| 1033 | } | 1056 | } |
| 1034 | 1057 | ||
| 1035 | int SSL_renegotiate_abbreviated(SSL *s) | 1058 | int |
| 1036 | { | 1059 | SSL_renegotiate_abbreviated(SSL *s) |
| 1060 | { | ||
| 1037 | if (s->renegotiate == 0) | 1061 | if (s->renegotiate == 0) |
| 1038 | s->renegotiate=1; | 1062 | s->renegotiate = 1; |
| 1039 | 1063 | ||
| 1040 | s->new_session=0; | 1064 | s->new_session = 0; |
| 1041 | 1065 | ||
| 1042 | return(s->method->ssl_renegotiate(s)); | 1066 | return (s->method->ssl_renegotiate(s)); |
| 1043 | } | 1067 | } |
| 1044 | 1068 | ||
| 1045 | int SSL_renegotiate_pending(SSL *s) | 1069 | int |
| 1046 | { | 1070 | SSL_renegotiate_pending(SSL *s) |
| 1071 | { | ||
| 1047 | /* becomes true when negotiation is requested; | 1072 | /* becomes true when negotiation is requested; |
| 1048 | * false again once a handshake has finished */ | 1073 | * false again once a handshake has finished */ |
| 1049 | return (s->renegotiate != 0); | 1074 | return (s->renegotiate != 0); |
| 1050 | } | 1075 | } |
| 1051 | 1076 | ||
| 1052 | long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | 1077 | long |
| 1053 | { | 1078 | SSL_ctrl(SSL *s, int cmd, long larg, void *parg) |
| 1079 | { | ||
| 1054 | long l; | 1080 | long l; |
| 1055 | 1081 | ||
| 1056 | switch (cmd) | 1082 | switch (cmd) { |
| 1057 | { | ||
| 1058 | case SSL_CTRL_GET_READ_AHEAD: | 1083 | case SSL_CTRL_GET_READ_AHEAD: |
| 1059 | return(s->read_ahead); | 1084 | return (s->read_ahead); |
| 1060 | case SSL_CTRL_SET_READ_AHEAD: | 1085 | case SSL_CTRL_SET_READ_AHEAD: |
| 1061 | l=s->read_ahead; | 1086 | l = s->read_ahead; |
| 1062 | s->read_ahead=larg; | 1087 | s->read_ahead = larg; |
| 1063 | return(l); | 1088 | return (l); |
| 1064 | 1089 | ||
| 1065 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1090 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1066 | s->msg_callback_arg = parg; | 1091 | s->msg_callback_arg = parg; |
| 1067 | return 1; | 1092 | return 1; |
| 1068 | 1093 | ||
| 1069 | case SSL_CTRL_OPTIONS: | 1094 | case SSL_CTRL_OPTIONS: |
| 1070 | return(s->options|=larg); | 1095 | return (s->options|=larg); |
| 1071 | case SSL_CTRL_CLEAR_OPTIONS: | 1096 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1072 | return(s->options&=~larg); | 1097 | return (s->options&=~larg); |
| 1073 | case SSL_CTRL_MODE: | 1098 | case SSL_CTRL_MODE: |
| 1074 | return(s->mode|=larg); | 1099 | return (s->mode|=larg); |
| 1075 | case SSL_CTRL_CLEAR_MODE: | 1100 | case SSL_CTRL_CLEAR_MODE: |
| 1076 | return(s->mode &=~larg); | 1101 | return (s->mode &=~larg); |
| 1077 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1102 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1078 | return(s->max_cert_list); | 1103 | return (s->max_cert_list); |
| 1079 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1104 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1080 | l=s->max_cert_list; | 1105 | l = s->max_cert_list; |
| 1081 | s->max_cert_list=larg; | 1106 | s->max_cert_list = larg; |
| 1082 | return(l); | 1107 | return (l); |
| 1083 | case SSL_CTRL_SET_MTU: | 1108 | case SSL_CTRL_SET_MTU: |
| 1084 | #ifndef OPENSSL_NO_DTLS1 | 1109 | #ifndef OPENSSL_NO_DTLS1 |
| 1085 | if (larg < (long)dtls1_min_mtu()) | 1110 | if (larg < (long)dtls1_min_mtu()) |
| @@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1087 | #endif | 1112 | #endif |
| 1088 | 1113 | ||
| 1089 | if (SSL_version(s) == DTLS1_VERSION || | 1114 | if (SSL_version(s) == DTLS1_VERSION || |
| 1090 | SSL_version(s) == DTLS1_BAD_VER) | 1115 | SSL_version(s) == DTLS1_BAD_VER) { |
| 1091 | { | ||
| 1092 | s->d1->mtu = larg; | 1116 | s->d1->mtu = larg; |
| 1093 | return larg; | 1117 | return larg; |
| 1094 | } | 1118 | } |
| 1095 | return 0; | 1119 | return 0; |
| 1096 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1120 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1097 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1121 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| @@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1103 | return s->s3->send_connection_binding; | 1127 | return s->s3->send_connection_binding; |
| 1104 | else return 0; | 1128 | else return 0; |
| 1105 | default: | 1129 | default: |
| 1106 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | 1130 | return (s->method->ssl_ctrl(s, cmd, larg, parg)); |
| 1107 | } | ||
| 1108 | } | 1131 | } |
| 1132 | } | ||
| 1109 | 1133 | ||
| 1110 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | 1134 | long |
| 1111 | { | 1135 | SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 1112 | switch(cmd) | 1136 | { |
| 1113 | { | 1137 | switch (cmd) { |
| 1114 | case SSL_CTRL_SET_MSG_CALLBACK: | 1138 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1115 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1139 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1116 | return 1; | 1140 | return 1; |
| 1117 | 1141 | ||
| 1118 | default: | 1142 | default: |
| 1119 | return(s->method->ssl_callback_ctrl(s,cmd,fp)); | 1143 | return (s->method->ssl_callback_ctrl(s, cmd, fp)); |
| 1120 | } | ||
| 1121 | } | 1144 | } |
| 1145 | } | ||
| 1122 | 1146 | ||
| 1123 | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) | 1147 | LHASH_OF(SSL_SESSION) |
| 1124 | { | 1148 | *SSL_CTX_sessions(SSL_CTX *ctx) |
| 1149 | { | ||
| 1125 | return ctx->sessions; | 1150 | return ctx->sessions; |
| 1126 | } | 1151 | } |
| 1127 | 1152 | ||
| 1128 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) | 1153 | long |
| 1129 | { | 1154 | SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
| 1155 | { | ||
| 1130 | long l; | 1156 | long l; |
| 1131 | 1157 | ||
| 1132 | switch (cmd) | 1158 | switch (cmd) { |
| 1133 | { | ||
| 1134 | case SSL_CTRL_GET_READ_AHEAD: | 1159 | case SSL_CTRL_GET_READ_AHEAD: |
| 1135 | return(ctx->read_ahead); | 1160 | return (ctx->read_ahead); |
| 1136 | case SSL_CTRL_SET_READ_AHEAD: | 1161 | case SSL_CTRL_SET_READ_AHEAD: |
| 1137 | l=ctx->read_ahead; | 1162 | l = ctx->read_ahead; |
| 1138 | ctx->read_ahead=larg; | 1163 | ctx->read_ahead = larg; |
| 1139 | return(l); | 1164 | return (l); |
| 1140 | 1165 | ||
| 1141 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1166 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1142 | ctx->msg_callback_arg = parg; | 1167 | ctx->msg_callback_arg = parg; |
| 1143 | return 1; | 1168 | return 1; |
| 1144 | 1169 | ||
| 1145 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1170 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1146 | return(ctx->max_cert_list); | 1171 | return (ctx->max_cert_list); |
| 1147 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1172 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1148 | l=ctx->max_cert_list; | 1173 | l = ctx->max_cert_list; |
| 1149 | ctx->max_cert_list=larg; | 1174 | ctx->max_cert_list = larg; |
| 1150 | return(l); | 1175 | return (l); |
| 1151 | 1176 | ||
| 1152 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | 1177 | case SSL_CTRL_SET_SESS_CACHE_SIZE: |
| 1153 | l=ctx->session_cache_size; | 1178 | l = ctx->session_cache_size; |
| 1154 | ctx->session_cache_size=larg; | 1179 | ctx->session_cache_size = larg; |
| 1155 | return(l); | 1180 | return (l); |
| 1156 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | 1181 | case SSL_CTRL_GET_SESS_CACHE_SIZE: |
| 1157 | return(ctx->session_cache_size); | 1182 | return (ctx->session_cache_size); |
| 1158 | case SSL_CTRL_SET_SESS_CACHE_MODE: | 1183 | case SSL_CTRL_SET_SESS_CACHE_MODE: |
| 1159 | l=ctx->session_cache_mode; | 1184 | l = ctx->session_cache_mode; |
| 1160 | ctx->session_cache_mode=larg; | 1185 | ctx->session_cache_mode = larg; |
| 1161 | return(l); | 1186 | return (l); |
| 1162 | case SSL_CTRL_GET_SESS_CACHE_MODE: | 1187 | case SSL_CTRL_GET_SESS_CACHE_MODE: |
| 1163 | return(ctx->session_cache_mode); | 1188 | return (ctx->session_cache_mode); |
| 1164 | 1189 | ||
| 1165 | case SSL_CTRL_SESS_NUMBER: | 1190 | case SSL_CTRL_SESS_NUMBER: |
| 1166 | return(lh_SSL_SESSION_num_items(ctx->sessions)); | 1191 | return (lh_SSL_SESSION_num_items(ctx->sessions)); |
| 1167 | case SSL_CTRL_SESS_CONNECT: | 1192 | case SSL_CTRL_SESS_CONNECT: |
| 1168 | return(ctx->stats.sess_connect); | 1193 | return (ctx->stats.sess_connect); |
| 1169 | case SSL_CTRL_SESS_CONNECT_GOOD: | 1194 | case SSL_CTRL_SESS_CONNECT_GOOD: |
| 1170 | return(ctx->stats.sess_connect_good); | 1195 | return (ctx->stats.sess_connect_good); |
| 1171 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: | 1196 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: |
| 1172 | return(ctx->stats.sess_connect_renegotiate); | 1197 | return (ctx->stats.sess_connect_renegotiate); |
| 1173 | case SSL_CTRL_SESS_ACCEPT: | 1198 | case SSL_CTRL_SESS_ACCEPT: |
| 1174 | return(ctx->stats.sess_accept); | 1199 | return (ctx->stats.sess_accept); |
| 1175 | case SSL_CTRL_SESS_ACCEPT_GOOD: | 1200 | case SSL_CTRL_SESS_ACCEPT_GOOD: |
| 1176 | return(ctx->stats.sess_accept_good); | 1201 | return (ctx->stats.sess_accept_good); |
| 1177 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: | 1202 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: |
| 1178 | return(ctx->stats.sess_accept_renegotiate); | 1203 | return (ctx->stats.sess_accept_renegotiate); |
| 1179 | case SSL_CTRL_SESS_HIT: | 1204 | case SSL_CTRL_SESS_HIT: |
| 1180 | return(ctx->stats.sess_hit); | 1205 | return (ctx->stats.sess_hit); |
| 1181 | case SSL_CTRL_SESS_CB_HIT: | 1206 | case SSL_CTRL_SESS_CB_HIT: |
| 1182 | return(ctx->stats.sess_cb_hit); | 1207 | return (ctx->stats.sess_cb_hit); |
| 1183 | case SSL_CTRL_SESS_MISSES: | 1208 | case SSL_CTRL_SESS_MISSES: |
| 1184 | return(ctx->stats.sess_miss); | 1209 | return (ctx->stats.sess_miss); |
| 1185 | case SSL_CTRL_SESS_TIMEOUTS: | 1210 | case SSL_CTRL_SESS_TIMEOUTS: |
| 1186 | return(ctx->stats.sess_timeout); | 1211 | return (ctx->stats.sess_timeout); |
| 1187 | case SSL_CTRL_SESS_CACHE_FULL: | 1212 | case SSL_CTRL_SESS_CACHE_FULL: |
| 1188 | return(ctx->stats.sess_cache_full); | 1213 | return (ctx->stats.sess_cache_full); |
| 1189 | case SSL_CTRL_OPTIONS: | 1214 | case SSL_CTRL_OPTIONS: |
| 1190 | return(ctx->options|=larg); | 1215 | return (ctx->options|=larg); |
| 1191 | case SSL_CTRL_CLEAR_OPTIONS: | 1216 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1192 | return(ctx->options&=~larg); | 1217 | return (ctx->options&=~larg); |
| 1193 | case SSL_CTRL_MODE: | 1218 | case SSL_CTRL_MODE: |
| 1194 | return(ctx->mode|=larg); | 1219 | return (ctx->mode|=larg); |
| 1195 | case SSL_CTRL_CLEAR_MODE: | 1220 | case SSL_CTRL_CLEAR_MODE: |
| 1196 | return(ctx->mode&=~larg); | 1221 | return (ctx->mode&=~larg); |
| 1197 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1222 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1198 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1223 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| 1199 | return 0; | 1224 | return 0; |
| 1200 | ctx->max_send_fragment = larg; | 1225 | ctx->max_send_fragment = larg; |
| 1201 | return 1; | 1226 | return 1; |
| 1202 | default: | 1227 | default: |
| 1203 | return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); | 1228 | return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); |
| 1204 | } | ||
| 1205 | } | 1229 | } |
| 1230 | } | ||
| 1206 | 1231 | ||
| 1207 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | 1232 | long |
| 1208 | { | 1233 | SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1209 | switch(cmd) | 1234 | { |
| 1210 | { | 1235 | switch (cmd) { |
| 1211 | case SSL_CTRL_SET_MSG_CALLBACK: | 1236 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1212 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1237 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1213 | return 1; | 1238 | return 1; |
| 1214 | 1239 | ||
| 1215 | default: | 1240 | default: |
| 1216 | return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); | 1241 | return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); |
| 1217 | } | ||
| 1218 | } | 1242 | } |
| 1243 | } | ||
| 1219 | 1244 | ||
| 1220 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | 1245 | int |
| 1221 | { | 1246 | ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) |
| 1247 | { | ||
| 1222 | long l; | 1248 | long l; |
| 1223 | 1249 | ||
| 1224 | l=a->id-b->id; | 1250 | l = a->id - b->id; |
| 1225 | if (l == 0L) | 1251 | if (l == 0L) |
| 1226 | return(0); | 1252 | return (0); |
| 1227 | else | 1253 | else |
| 1228 | return((l > 0)?1:-1); | 1254 | return ((l > 0) ? 1:-1); |
| 1229 | } | 1255 | } |
| 1230 | 1256 | ||
| 1231 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 1257 | int |
| 1232 | const SSL_CIPHER * const *bp) | 1258 | ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 1233 | { | 1259 | const SSL_CIPHER * const *bp) |
| 1260 | { | ||
| 1234 | long l; | 1261 | long l; |
| 1235 | 1262 | ||
| 1236 | l=(*ap)->id-(*bp)->id; | 1263 | l = (*ap)->id - (*bp)->id; |
| 1237 | if (l == 0L) | 1264 | if (l == 0L) |
| 1238 | return(0); | 1265 | return (0); |
| 1239 | else | 1266 | else |
| 1240 | return((l > 0)?1:-1); | 1267 | return ((l > 0) ? 1:-1); |
| 1241 | } | 1268 | } |
| 1242 | 1269 | ||
| 1243 | /** return a STACK of the ciphers available for the SSL and in order of | 1270 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1244 | * preference */ | 1271 | * preference */ |
| 1245 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) | 1272 | STACK_OF(SSL_CIPHER) |
| 1246 | { | 1273 | *SSL_get_ciphers(const SSL *s) |
| 1247 | if (s != NULL) | 1274 | { |
| 1248 | { | 1275 | if (s != NULL) { |
| 1249 | if (s->cipher_list != NULL) | 1276 | if (s->cipher_list != NULL) { |
| 1250 | { | 1277 | return (s->cipher_list); |
| 1251 | return(s->cipher_list); | 1278 | } else if ((s->ctx != NULL) && |
| 1252 | } | 1279 | (s->ctx->cipher_list != NULL)) { |
| 1253 | else if ((s->ctx != NULL) && | 1280 | return (s->ctx->cipher_list); |
| 1254 | (s->ctx->cipher_list != NULL)) | ||
| 1255 | { | ||
| 1256 | return(s->ctx->cipher_list); | ||
| 1257 | } | ||
| 1258 | } | 1281 | } |
| 1259 | return(NULL); | ||
| 1260 | } | 1282 | } |
| 1283 | return (NULL); | ||
| 1284 | } | ||
| 1261 | 1285 | ||
| 1262 | /** return a STACK of the ciphers available for the SSL and in order of | 1286 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1263 | * algorithm id */ | 1287 | * algorithm id */ |
| 1264 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) | 1288 | STACK_OF(SSL_CIPHER) |
| 1265 | { | 1289 | *ssl_get_ciphers_by_id(SSL *s) |
| 1266 | if (s != NULL) | 1290 | { |
| 1267 | { | 1291 | if (s != NULL) { |
| 1268 | if (s->cipher_list_by_id != NULL) | 1292 | if (s->cipher_list_by_id != NULL) { |
| 1269 | { | 1293 | return (s->cipher_list_by_id); |
| 1270 | return(s->cipher_list_by_id); | 1294 | } else if ((s->ctx != NULL) && |
| 1271 | } | 1295 | (s->ctx->cipher_list_by_id != NULL)) { |
| 1272 | else if ((s->ctx != NULL) && | 1296 | return (s->ctx->cipher_list_by_id); |
| 1273 | (s->ctx->cipher_list_by_id != NULL)) | ||
| 1274 | { | ||
| 1275 | return(s->ctx->cipher_list_by_id); | ||
| 1276 | } | ||
| 1277 | } | 1297 | } |
| 1278 | return(NULL); | ||
| 1279 | } | 1298 | } |
| 1299 | return (NULL); | ||
| 1300 | } | ||
| 1280 | 1301 | ||
| 1281 | /** The old interface to get the same thing as SSL_get_ciphers() */ | 1302 | /** The old interface to get the same thing as SSL_get_ciphers() */ |
| 1282 | const char *SSL_get_cipher_list(const SSL *s,int n) | 1303 | const char |
| 1283 | { | 1304 | *SSL_get_cipher_list(const SSL *s, int n) |
| 1305 | { | ||
| 1284 | SSL_CIPHER *c; | 1306 | SSL_CIPHER *c; |
| 1285 | STACK_OF(SSL_CIPHER) *sk; | 1307 | STACK_OF(SSL_CIPHER) *sk; |
| 1286 | 1308 | ||
| 1287 | if (s == NULL) return(NULL); | 1309 | if (s == NULL) |
| 1288 | sk=SSL_get_ciphers(s); | 1310 | return (NULL); |
| 1311 | sk = SSL_get_ciphers(s); | ||
| 1289 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) | 1312 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) |
| 1290 | return(NULL); | 1313 | return (NULL); |
| 1291 | c=sk_SSL_CIPHER_value(sk,n); | 1314 | c = sk_SSL_CIPHER_value(sk, n); |
| 1292 | if (c == NULL) return(NULL); | 1315 | if (c == NULL) |
| 1293 | return(c->name); | 1316 | return (NULL); |
| 1294 | } | 1317 | return (c->name); |
| 1318 | } | ||
| 1295 | 1319 | ||
| 1296 | /** specify the ciphers to be used by default by the SSL_CTX */ | 1320 | /** specify the ciphers to be used by default by the SSL_CTX */ |
| 1297 | int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | 1321 | int |
| 1298 | { | 1322 | SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) |
| 1323 | { | ||
| 1299 | STACK_OF(SSL_CIPHER) *sk; | 1324 | STACK_OF(SSL_CIPHER) *sk; |
| 1300 | 1325 | ||
| 1301 | sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, | 1326 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 1302 | &ctx->cipher_list_by_id,str); | 1327 | &ctx->cipher_list_by_id, str); |
| 1303 | /* ssl_create_cipher_list may return an empty stack if it | 1328 | /* ssl_create_cipher_list may return an empty stack if it |
| 1304 | * was unable to find a cipher matching the given rule string | 1329 | * was unable to find a cipher matching the given rule string |
| 1305 | * (for example if the rule string specifies a cipher which | 1330 | * (for example if the rule string specifies a cipher which |
| @@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | |||
| 1309 | * updated. */ | 1334 | * updated. */ |
| 1310 | if (sk == NULL) | 1335 | if (sk == NULL) |
| 1311 | return 0; | 1336 | return 0; |
| 1312 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1337 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1313 | { | ||
| 1314 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1338 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1315 | return 0; | 1339 | return 0; |
| 1316 | } | ||
| 1317 | return 1; | ||
| 1318 | } | 1340 | } |
| 1341 | return 1; | ||
| 1342 | } | ||
| 1319 | 1343 | ||
| 1320 | /** specify the ciphers to be used by the SSL */ | 1344 | /** specify the ciphers to be used by the SSL */ |
| 1321 | int SSL_set_cipher_list(SSL *s,const char *str) | 1345 | int |
| 1322 | { | 1346 | SSL_set_cipher_list(SSL *s, const char *str) |
| 1347 | { | ||
| 1323 | STACK_OF(SSL_CIPHER) *sk; | 1348 | STACK_OF(SSL_CIPHER) *sk; |
| 1324 | 1349 | ||
| 1325 | sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, | 1350 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, |
| 1326 | &s->cipher_list_by_id,str); | 1351 | &s->cipher_list_by_id, str); |
| 1327 | /* see comment in SSL_CTX_set_cipher_list */ | 1352 | /* see comment in SSL_CTX_set_cipher_list */ |
| 1328 | if (sk == NULL) | 1353 | if (sk == NULL) |
| 1329 | return 0; | 1354 | return 0; |
| 1330 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1355 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1331 | { | ||
| 1332 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1356 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1333 | return 0; | 1357 | return 0; |
| 1334 | } | ||
| 1335 | return 1; | ||
| 1336 | } | 1358 | } |
| 1359 | return 1; | ||
| 1360 | } | ||
| 1337 | 1361 | ||
| 1338 | /* works well for SSLv2, not so good for SSLv3 */ | 1362 | /* works well for SSLv2, not so good for SSLv3 */ |
| 1339 | char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | 1363 | char |
| 1340 | { | 1364 | *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) |
| 1365 | { | ||
| 1341 | char *end; | 1366 | char *end; |
| 1342 | STACK_OF(SSL_CIPHER) *sk; | 1367 | STACK_OF(SSL_CIPHER) *sk; |
| 1343 | SSL_CIPHER *c; | 1368 | SSL_CIPHER *c; |
| @@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | |||
| 1346 | 1371 | ||
| 1347 | if ((s->session == NULL) || (s->session->ciphers == NULL) || | 1372 | if ((s->session == NULL) || (s->session->ciphers == NULL) || |
| 1348 | (len < 2)) | 1373 | (len < 2)) |
| 1349 | return(NULL); | 1374 | return (NULL); |
| 1350 | 1375 | ||
| 1351 | sk=s->session->ciphers; | 1376 | sk = s->session->ciphers; |
| 1352 | buf[0] = '\0'; | 1377 | buf[0] = '\0'; |
| 1353 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1378 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1354 | { | 1379 | c = sk_SSL_CIPHER_value(sk, i); |
| 1355 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1356 | end = buf + curlen; | 1380 | end = buf + curlen; |
| 1357 | if (strlcat(buf, c->name, len) >= len || | 1381 | if (strlcat(buf, c->name, len) >= len || |
| 1358 | (curlen = strlcat(buf, ":", len)) >= len) | 1382 | (curlen = strlcat(buf, ":", len)) >= len) { |
| 1359 | { | ||
| 1360 | /* remove truncated cipher from list */ | 1383 | /* remove truncated cipher from list */ |
| 1361 | *end = '\0'; | 1384 | *end = '\0'; |
| 1362 | break; | 1385 | break; |
| 1363 | } | ||
| 1364 | } | 1386 | } |
| 1387 | } | ||
| 1365 | /* remove trailing colon */ | 1388 | /* remove trailing colon */ |
| 1366 | if ((end = strrchr(buf, ':')) != NULL) | 1389 | if ((end = strrchr(buf, ':')) != NULL) |
| 1367 | *end = '\0'; | 1390 | *end = '\0'; |
| 1368 | return(buf); | 1391 | return (buf); |
| 1369 | } | 1392 | } |
| 1370 | 1393 | ||
| 1371 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | 1394 | int |
| 1372 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) | 1395 | ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, |
| 1373 | { | 1396 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) |
| 1374 | int i,j=0; | 1397 | { |
| 1398 | int i, j = 0; | ||
| 1375 | SSL_CIPHER *c; | 1399 | SSL_CIPHER *c; |
| 1376 | unsigned char *q; | 1400 | unsigned char *q; |
| 1377 | #ifndef OPENSSL_NO_KRB5 | 1401 | #ifndef OPENSSL_NO_KRB5 |
| 1378 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); | 1402 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); |
| 1379 | #endif /* OPENSSL_NO_KRB5 */ | 1403 | #endif /* OPENSSL_NO_KRB5 */ |
| 1380 | 1404 | ||
| 1381 | if (sk == NULL) return(0); | 1405 | if (sk == NULL) |
| 1382 | q=p; | 1406 | return (0); |
| 1407 | q = p; | ||
| 1383 | 1408 | ||
| 1384 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1409 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1385 | { | 1410 | c = sk_SSL_CIPHER_value(sk, i); |
| 1386 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1387 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ | 1411 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ |
| 1388 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | 1412 | if ((c->algorithm_ssl & SSL_TLSV1_2) && |
| 1389 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) | 1413 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) |
| 1390 | continue; | 1414 | continue; |
| 1391 | #ifndef OPENSSL_NO_KRB5 | 1415 | #ifndef OPENSSL_NO_KRB5 |
| 1392 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && | 1416 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && |
| 1393 | nokrb5) | 1417 | nokrb5) |
| 1394 | continue; | 1418 | continue; |
| 1395 | #endif /* OPENSSL_NO_KRB5 */ | 1419 | #endif /* OPENSSL_NO_KRB5 */ |
| 1396 | #ifndef OPENSSL_NO_PSK | 1420 | #ifndef OPENSSL_NO_PSK |
| 1397 | /* with PSK there must be client callback set */ | 1421 | /* with PSK there must be client callback set */ |
| 1398 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && | 1422 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && |
| 1399 | s->psk_client_callback == NULL) | 1423 | s->psk_client_callback == NULL) |
| 1400 | continue; | 1424 | continue; |
| 1401 | #endif /* OPENSSL_NO_PSK */ | 1425 | #endif /* OPENSSL_NO_PSK */ |
| 1402 | j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); | 1426 | j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); |
| 1403 | p+=j; | 1427 | p += j; |
| 1404 | } | 1428 | } |
| 1405 | /* If p == q, no ciphers and caller indicates an error. Otherwise | 1429 | /* If p == q, no ciphers and caller indicates an error. Otherwise |
| 1406 | * add SCSV if not renegotiating. | 1430 | * add SCSV if not renegotiating. |
| 1407 | */ | 1431 | */ |
| 1408 | if (p != q && !s->renegotiate) | 1432 | if (p != q && !s->renegotiate) { |
| 1409 | { | 1433 | static SSL_CIPHER scsv = { |
| 1410 | static SSL_CIPHER scsv = | ||
| 1411 | { | ||
| 1412 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 | 1434 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 |
| 1413 | }; | 1435 | }; |
| 1414 | j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); | 1436 | j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); |
| 1415 | p+=j; | 1437 | p += j; |
| 1416 | #ifdef OPENSSL_RI_DEBUG | 1438 | #ifdef OPENSSL_RI_DEBUG |
| 1417 | fprintf(stderr, "SCSV sent by client\n"); | 1439 | fprintf(stderr, "SCSV sent by client\n"); |
| 1418 | #endif | 1440 | #endif |
| 1419 | } | ||
| 1420 | |||
| 1421 | return(p-q); | ||
| 1422 | } | 1441 | } |
| 1423 | 1442 | ||
| 1424 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | 1443 | return (p - q); |
| 1425 | STACK_OF(SSL_CIPHER) **skp) | 1444 | } |
| 1426 | { | 1445 | |
| 1446 | STACK_OF(SSL_CIPHER) | ||
| 1447 | *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | ||
| 1448 | STACK_OF(SSL_CIPHER) **skp) | ||
| 1449 | { | ||
| 1427 | const SSL_CIPHER *c; | 1450 | const SSL_CIPHER *c; |
| 1428 | STACK_OF(SSL_CIPHER) *sk; | 1451 | STACK_OF(SSL_CIPHER) *sk; |
| 1429 | int i,n; | 1452 | int i, n; |
| 1430 | if (s->s3) | 1453 | if (s->s3) |
| 1431 | s->s3->send_connection_binding = 0; | 1454 | s->s3->send_connection_binding = 0; |
| 1432 | 1455 | ||
| 1433 | n=ssl_put_cipher_by_char(s,NULL,NULL); | 1456 | n = ssl_put_cipher_by_char(s, NULL, NULL); |
| 1434 | if ((num%n) != 0) | 1457 | if ((num % n) != 0) { |
| 1435 | { | 1458 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1436 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1459 | return (NULL); |
| 1437 | return(NULL); | 1460 | } |
| 1438 | } | ||
| 1439 | if ((skp == NULL) || (*skp == NULL)) | 1461 | if ((skp == NULL) || (*skp == NULL)) |
| 1440 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ | 1462 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ |
| 1441 | else | 1463 | else { |
| 1442 | { | ||
| 1443 | sk= *skp; | 1464 | sk= *skp; |
| 1444 | sk_SSL_CIPHER_zero(sk); | 1465 | sk_SSL_CIPHER_zero(sk); |
| 1445 | } | 1466 | } |
| 1446 | 1467 | ||
| 1447 | for (i=0; i<num; i+=n) | 1468 | for (i = 0; i < num; i += n) { |
| 1448 | { | ||
| 1449 | /* Check for SCSV */ | 1469 | /* Check for SCSV */ |
| 1450 | if (s->s3 && (n != 3 || !p[0]) && | 1470 | if (s->s3 && (n != 3 || !p[0]) && |
| 1451 | (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && | 1471 | (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && |
| 1452 | (p[n-1] == (SSL3_CK_SCSV & 0xff))) | 1472 | (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { |
| 1453 | { | ||
| 1454 | /* SCSV fatal if renegotiating */ | 1473 | /* SCSV fatal if renegotiating */ |
| 1455 | if (s->renegotiate) | 1474 | if (s->renegotiate) { |
| 1456 | { | 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); |
| 1457 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); | 1476 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); |
| 1458 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 1477 | |
| 1459 | goto err; | 1478 | goto err; |
| 1460 | } | 1479 | } |
| 1461 | s->s3->send_connection_binding = 1; | 1480 | s->s3->send_connection_binding = 1; |
| 1462 | p += n; | 1481 | p += n; |
| 1463 | #ifdef OPENSSL_RI_DEBUG | 1482 | #ifdef OPENSSL_RI_DEBUG |
| 1464 | fprintf(stderr, "SCSV received by server\n"); | 1483 | fprintf(stderr, "SCSV received by server\n"); |
| 1465 | #endif | 1484 | #endif |
| 1466 | continue; | 1485 | continue; |
| 1467 | } | 1486 | } |
| 1468 | 1487 | ||
| 1469 | c=ssl_get_cipher_by_char(s,p); | 1488 | c = ssl_get_cipher_by_char(s, p); |
| 1470 | p+=n; | 1489 | p += n; |
| 1471 | if (c != NULL) | 1490 | if (c != NULL) { |
| 1472 | { | 1491 | if (!sk_SSL_CIPHER_push(sk, c)) { |
| 1473 | if (!sk_SSL_CIPHER_push(sk,c)) | 1492 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1474 | { | ||
| 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1476 | goto err; | 1493 | goto err; |
| 1477 | } | ||
| 1478 | } | 1494 | } |
| 1479 | } | 1495 | } |
| 1496 | } | ||
| 1480 | 1497 | ||
| 1481 | if (skp != NULL) | 1498 | if (skp != NULL) |
| 1482 | *skp=sk; | 1499 | *skp = sk; |
| 1483 | return(sk); | 1500 | return (sk); |
| 1484 | err: | 1501 | err: |
| 1485 | if ((skp == NULL) || (*skp == NULL)) | 1502 | if ((skp == NULL) || (*skp == NULL)) |
| 1486 | sk_SSL_CIPHER_free(sk); | 1503 | sk_SSL_CIPHER_free(sk); |
| 1487 | return(NULL); | 1504 | return (NULL); |
| 1488 | } | 1505 | } |
| 1489 | 1506 | ||
| 1490 | 1507 | ||
| 1491 | #ifndef OPENSSL_NO_TLSEXT | 1508 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -1493,22 +1510,24 @@ err: | |||
| 1493 | * So far, only host_name types are defined (RFC 3546). | 1510 | * So far, only host_name types are defined (RFC 3546). |
| 1494 | */ | 1511 | */ |
| 1495 | 1512 | ||
| 1496 | const char *SSL_get_servername(const SSL *s, const int type) | 1513 | const char |
| 1497 | { | 1514 | *SSL_get_servername(const SSL *s, const int type) |
| 1515 | { | ||
| 1498 | if (type != TLSEXT_NAMETYPE_host_name) | 1516 | if (type != TLSEXT_NAMETYPE_host_name) |
| 1499 | return NULL; | 1517 | return NULL; |
| 1500 | 1518 | ||
| 1501 | return s->session && !s->tlsext_hostname ? | 1519 | return s->session && !s->tlsext_hostname ? |
| 1502 | s->session->tlsext_hostname : | 1520 | s->session->tlsext_hostname : |
| 1503 | s->tlsext_hostname; | 1521 | s->tlsext_hostname; |
| 1504 | } | 1522 | } |
| 1505 | 1523 | ||
| 1506 | int SSL_get_servername_type(const SSL *s) | 1524 | int |
| 1507 | { | 1525 | SSL_get_servername_type(const SSL *s) |
| 1526 | { | ||
| 1508 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) | 1527 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) |
| 1509 | return TLSEXT_NAMETYPE_host_name; | 1528 | return TLSEXT_NAMETYPE_host_name; |
| 1510 | return -1; | 1529 | return -1; |
| 1511 | } | 1530 | } |
| 1512 | 1531 | ||
| 1513 | # ifndef OPENSSL_NO_NEXTPROTONEG | 1532 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 1514 | /* SSL_select_next_proto implements the standard protocol selection. It is | 1533 | /* SSL_select_next_proto implements the standard protocol selection. It is |
| @@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s) | |||
| 1541 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or | 1560 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or |
| 1542 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. | 1561 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. |
| 1543 | */ | 1562 | */ |
| 1544 | int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) | 1563 | int |
| 1545 | { | 1564 | SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) |
| 1565 | { | ||
| 1546 | unsigned int i, j; | 1566 | unsigned int i, j; |
| 1547 | const unsigned char *result; | 1567 | const unsigned char *result; |
| 1548 | int status = OPENSSL_NPN_UNSUPPORTED; | 1568 | int status = OPENSSL_NPN_UNSUPPORTED; |
| 1549 | 1569 | ||
| 1550 | /* For each protocol in server preference order, see if we support it. */ | 1570 | /* For each protocol in server preference order, see if we support it. */ |
| 1551 | for (i = 0; i < server_len; ) | 1571 | for (i = 0; i < server_len; ) { |
| 1552 | { | 1572 | for (j = 0; j < client_len; ) { |
| 1553 | for (j = 0; j < client_len; ) | ||
| 1554 | { | ||
| 1555 | if (server[i] == client[j] && | 1573 | if (server[i] == client[j] && |
| 1556 | memcmp(&server[i+1], &client[j+1], server[i]) == 0) | 1574 | memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { |
| 1557 | { | ||
| 1558 | /* We found a match */ | 1575 | /* We found a match */ |
| 1559 | result = &server[i]; | 1576 | result = &server[i]; |
| 1560 | status = OPENSSL_NPN_NEGOTIATED; | 1577 | status = OPENSSL_NPN_NEGOTIATED; |
| 1561 | goto found; | 1578 | goto found; |
| 1562 | } | 1579 | } |
| 1563 | j += client[j]; | 1580 | j += client[j]; |
| 1564 | j++; | 1581 | j++; |
| 1565 | } | 1582 | } |
| 1566 | i += server[i]; | 1583 | i += server[i]; |
| 1567 | i++; | 1584 | i++; |
| 1568 | } | 1585 | } |
| 1569 | 1586 | ||
| 1570 | /* There's no overlap between our protocols and the server's list. */ | 1587 | /* There's no overlap between our protocols and the server's list. */ |
| 1571 | result = client; | 1588 | result = client; |
| @@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1575 | *out = (unsigned char *) result + 1; | 1592 | *out = (unsigned char *) result + 1; |
| 1576 | *outlen = result[0]; | 1593 | *outlen = result[0]; |
| 1577 | return status; | 1594 | return status; |
| 1578 | } | 1595 | } |
| 1579 | 1596 | ||
| 1580 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's | 1597 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's |
| 1581 | * requested protocol for this connection and returns 0. If the client didn't | 1598 | * requested protocol for this connection and returns 0. If the client didn't |
| @@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1585 | * from this function need not be a member of the list of supported protocols | 1602 | * from this function need not be a member of the list of supported protocols |
| 1586 | * provided by the callback. | 1603 | * provided by the callback. |
| 1587 | */ | 1604 | */ |
| 1588 | void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) | 1605 | void |
| 1589 | { | 1606 | SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) |
| 1607 | { | ||
| 1590 | *data = s->next_proto_negotiated; | 1608 | *data = s->next_proto_negotiated; |
| 1591 | if (!*data) { | 1609 | if (!*data) { |
| 1592 | *len = 0; | 1610 | *len = 0; |
| @@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un | |||
| 1604 | * | 1622 | * |
| 1605 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no | 1623 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no |
| 1606 | * such extension will be included in the ServerHello. */ | 1624 | * such extension will be included in the ServerHello. */ |
| 1607 | void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) | 1625 | void |
| 1608 | { | 1626 | SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) |
| 1627 | { | ||
| 1609 | ctx->next_protos_advertised_cb = cb; | 1628 | ctx->next_protos_advertised_cb = cb; |
| 1610 | ctx->next_protos_advertised_cb_arg = arg; | 1629 | ctx->next_protos_advertised_cb_arg = arg; |
| 1611 | } | 1630 | } |
| 1612 | 1631 | ||
| 1613 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a | 1632 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a |
| 1614 | * client needs to select a protocol from the server's provided list. |out| | 1633 | * client needs to select a protocol from the server's provided list. |out| |
| @@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co | |||
| 1620 | * The client must select a protocol. It is fatal to the connection if this | 1639 | * The client must select a protocol. It is fatal to the connection if this |
| 1621 | * callback returns a value other than SSL_TLSEXT_ERR_OK. | 1640 | * callback returns a value other than SSL_TLSEXT_ERR_OK. |
| 1622 | */ | 1641 | */ |
| 1623 | void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) | 1642 | void |
| 1624 | { | 1643 | SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) |
| 1644 | { | ||
| 1625 | ctx->next_proto_select_cb = cb; | 1645 | ctx->next_proto_select_cb = cb; |
| 1626 | ctx->next_proto_select_cb_arg = arg; | 1646 | ctx->next_proto_select_cb_arg = arg; |
| 1627 | } | 1647 | } |
| 1628 | # endif | 1648 | # endif |
| 1629 | #endif | 1649 | #endif |
| 1630 | 1650 | ||
| 1631 | int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | 1651 | int |
| 1632 | const char *label, size_t llen, const unsigned char *p, size_t plen, | 1652 | SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, |
| 1633 | int use_context) | 1653 | const char *label, size_t llen, const unsigned char *p, size_t plen, |
| 1634 | { | 1654 | int use_context) |
| 1655 | { | ||
| 1635 | if (s->version < TLS1_VERSION) | 1656 | if (s->version < TLS1_VERSION) |
| 1636 | return -1; | 1657 | return -1; |
| 1637 | 1658 | ||
| 1638 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, | 1659 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, |
| 1639 | llen, p, plen, | 1660 | llen, p, plen, |
| 1640 | use_context); | 1661 | use_context); |
| 1641 | } | 1662 | } |
| 1642 | 1663 | ||
| 1643 | static unsigned long ssl_session_hash(const SSL_SESSION *a) | 1664 | static unsigned long |
| 1644 | { | 1665 | ssl_session_hash(const SSL_SESSION *a) |
| 1666 | { | ||
| 1645 | unsigned long l; | 1667 | unsigned long l; |
| 1646 | 1668 | ||
| 1647 | l=(unsigned long) | 1669 | l = (unsigned long) |
| 1648 | ((unsigned int) a->session_id[0] )| | 1670 | ((unsigned int) a->session_id[0] )| |
| 1649 | ((unsigned int) a->session_id[1]<< 8L)| | 1671 | ((unsigned int) a->session_id[1]<< 8L)| |
| 1650 | ((unsigned long)a->session_id[2]<<16L)| | 1672 | ((unsigned long)a->session_id[2]<<16L)| |
| 1651 | ((unsigned long)a->session_id[3]<<24L); | 1673 | ((unsigned long)a->session_id[3]<<24L); |
| 1652 | return(l); | 1674 | return (l); |
| 1653 | } | 1675 | } |
| 1654 | 1676 | ||
| 1655 | /* NB: If this function (or indeed the hash function which uses a sort of | 1677 | /* NB: If this function (or indeed the hash function which uses a sort of |
| 1656 | * coarser function than this one) is changed, ensure | 1678 | * coarser function than this one) is changed, ensure |
| 1657 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being | 1679 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being |
| 1658 | * able to construct an SSL_SESSION that will collide with any existing session | 1680 | * able to construct an SSL_SESSION that will collide with any existing session |
| 1659 | * with a matching session ID. */ | 1681 | * with a matching session ID. */ |
| 1660 | static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) | 1682 | static int |
| 1661 | { | 1683 | ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) |
| 1684 | { | ||
| 1662 | if (a->ssl_version != b->ssl_version) | 1685 | if (a->ssl_version != b->ssl_version) |
| 1663 | return(1); | 1686 | return (1); |
| 1664 | if (a->session_id_length != b->session_id_length) | 1687 | if (a->session_id_length != b->session_id_length) |
| 1665 | return(1); | 1688 | return (1); |
| 1666 | return(memcmp(a->session_id,b->session_id,a->session_id_length)); | 1689 | return (memcmp(a->session_id, b->session_id, a->session_id_length)); |
| 1667 | } | 1690 | } |
| 1668 | 1691 | ||
| 1669 | /* These wrapper functions should remain rather than redeclaring | 1692 | /* These wrapper functions should remain rather than redeclaring |
| 1670 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each | 1693 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each |
| 1671 | * variable. The reason is that the functions aren't static, they're exposed via | 1694 | * variable. The reason is that the functions aren't static, they're exposed via |
| 1672 | * ssl.h. */ | 1695 | * ssl.h. */ |
| 1673 | static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) | 1696 | static |
| 1674 | static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | 1697 | IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) |
| 1698 | static | ||
| 1699 | IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | ||
| 1675 | 1700 | ||
| 1676 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | 1701 | SSL_CTX |
| 1677 | { | 1702 | *SSL_CTX_new(const SSL_METHOD *meth) |
| 1678 | SSL_CTX *ret=NULL; | 1703 | { |
| 1704 | SSL_CTX *ret = NULL; | ||
| 1679 | 1705 | ||
| 1680 | if (meth == NULL) | 1706 | if (meth == NULL) { |
| 1681 | { | 1707 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); |
| 1682 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); | 1708 | return (NULL); |
| 1683 | return(NULL); | 1709 | } |
| 1684 | } | ||
| 1685 | 1710 | ||
| 1686 | #ifdef OPENSSL_FIPS | 1711 | #ifdef OPENSSL_FIPS |
| 1687 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) | 1712 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) { |
| 1688 | { | ||
| 1689 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | 1713 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); |
| 1690 | return NULL; | 1714 | return NULL; |
| 1691 | } | 1715 | } |
| 1692 | #endif | 1716 | #endif |
| 1693 | 1717 | ||
| 1694 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | 1718 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { |
| 1695 | { | 1719 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); |
| 1696 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | ||
| 1697 | goto err; | 1720 | goto err; |
| 1698 | } | 1721 | } |
| 1699 | ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); | 1722 | ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); |
| 1700 | if (ret == NULL) | 1723 | if (ret == NULL) |
| 1701 | goto err; | 1724 | goto err; |
| 1702 | 1725 | ||
| 1703 | memset(ret,0,sizeof(SSL_CTX)); | 1726 | memset(ret, 0, sizeof(SSL_CTX)); |
| 1704 | 1727 | ||
| 1705 | ret->method=meth; | 1728 | ret->method = meth; |
| 1706 | 1729 | ||
| 1707 | ret->cert_store=NULL; | 1730 | ret->cert_store = NULL; |
| 1708 | ret->session_cache_mode=SSL_SESS_CACHE_SERVER; | 1731 | ret->session_cache_mode = SSL_SESS_CACHE_SERVER; |
| 1709 | ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; | 1732 | ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; |
| 1710 | ret->session_cache_head=NULL; | 1733 | ret->session_cache_head = NULL; |
| 1711 | ret->session_cache_tail=NULL; | 1734 | ret->session_cache_tail = NULL; |
| 1712 | 1735 | ||
| 1713 | /* We take the system default */ | 1736 | /* We take the system default */ |
| 1714 | ret->session_timeout=meth->get_timeout(); | 1737 | ret->session_timeout = meth->get_timeout(); |
| 1715 | 1738 | ||
| 1716 | ret->new_session_cb=0; | 1739 | ret->new_session_cb = 0; |
| 1717 | ret->remove_session_cb=0; | 1740 | ret->remove_session_cb = 0; |
| 1718 | ret->get_session_cb=0; | 1741 | ret->get_session_cb = 0; |
| 1719 | ret->generate_session_id=0; | 1742 | ret->generate_session_id = 0; |
| 1720 | 1743 | ||
| 1721 | memset((char *)&ret->stats,0,sizeof(ret->stats)); | 1744 | memset((char *)&ret->stats, 0, sizeof(ret->stats)); |
| 1722 | 1745 | ||
| 1723 | ret->references=1; | 1746 | ret->references = 1; |
| 1724 | ret->quiet_shutdown=0; | 1747 | ret->quiet_shutdown = 0; |
| 1725 | 1748 | ||
| 1726 | /* ret->cipher=NULL;*/ | 1749 | /* ret->cipher=NULL;*/ |
| 1727 | /* ret->s2->challenge=NULL; | 1750 | /* ret->s2->challenge=NULL; |
| 1728 | ret->master_key=NULL; | 1751 | ret->master_key=NULL; |
| 1729 | ret->key_arg=NULL; | 1752 | ret->key_arg=NULL; |
| 1730 | ret->s2->conn_id=NULL; */ | 1753 | ret->s2->conn_id=NULL; |
| 1754 | */ | ||
| 1731 | 1755 | ||
| 1732 | ret->info_callback=NULL; | 1756 | ret->info_callback = NULL; |
| 1733 | 1757 | ||
| 1734 | ret->app_verify_callback=0; | 1758 | ret->app_verify_callback = 0; |
| 1735 | ret->app_verify_arg=NULL; | 1759 | ret->app_verify_arg = NULL; |
| 1736 | 1760 | ||
| 1737 | ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; | 1761 | ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; |
| 1738 | ret->read_ahead=0; | 1762 | ret->read_ahead = 0; |
| 1739 | ret->msg_callback=0; | 1763 | ret->msg_callback = 0; |
| 1740 | ret->msg_callback_arg=NULL; | 1764 | ret->msg_callback_arg = NULL; |
| 1741 | ret->verify_mode=SSL_VERIFY_NONE; | 1765 | ret->verify_mode = SSL_VERIFY_NONE; |
| 1742 | #if 0 | 1766 | #if 0 |
| 1743 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | 1767 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ |
| 1744 | #endif | 1768 | #endif |
| 1745 | ret->sid_ctx_length=0; | 1769 | ret->sid_ctx_length = 0; |
| 1746 | ret->default_verify_callback=NULL; | 1770 | ret->default_verify_callback = NULL; |
| 1747 | if ((ret->cert=ssl_cert_new()) == NULL) | 1771 | if ((ret->cert = ssl_cert_new()) == NULL) |
| 1748 | goto err; | 1772 | goto err; |
| 1749 | 1773 | ||
| 1750 | ret->default_passwd_callback=0; | 1774 | ret->default_passwd_callback = 0; |
| 1751 | ret->default_passwd_callback_userdata=NULL; | 1775 | ret->default_passwd_callback_userdata = NULL; |
| 1752 | ret->client_cert_cb=0; | 1776 | ret->client_cert_cb = 0; |
| 1753 | ret->app_gen_cookie_cb=0; | 1777 | ret->app_gen_cookie_cb = 0; |
| 1754 | ret->app_verify_cookie_cb=0; | 1778 | ret->app_verify_cookie_cb = 0; |
| 1755 | 1779 | ||
| 1756 | ret->sessions=lh_SSL_SESSION_new(); | 1780 | ret->sessions = lh_SSL_SESSION_new(); |
| 1757 | if (ret->sessions == NULL) goto err; | 1781 | if (ret->sessions == NULL) |
| 1758 | ret->cert_store=X509_STORE_new(); | 1782 | goto err; |
| 1759 | if (ret->cert_store == NULL) goto err; | 1783 | ret->cert_store = X509_STORE_new(); |
| 1784 | if (ret->cert_store == NULL) | ||
| 1785 | goto err; | ||
| 1760 | 1786 | ||
| 1761 | ssl_create_cipher_list(ret->method, | 1787 | ssl_create_cipher_list(ret->method, |
| 1762 | &ret->cipher_list,&ret->cipher_list_by_id, | 1788 | &ret->cipher_list, &ret->cipher_list_by_id, |
| 1763 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 1789 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 1764 | if (ret->cipher_list == NULL | 1790 | if (ret->cipher_list == NULL |
| 1765 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) | 1791 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
| 1766 | { | 1792 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); |
| 1767 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); | ||
| 1768 | goto err2; | 1793 | goto err2; |
| 1769 | } | 1794 | } |
| 1770 | 1795 | ||
| 1771 | ret->param = X509_VERIFY_PARAM_new(); | 1796 | ret->param = X509_VERIFY_PARAM_new(); |
| 1772 | if (!ret->param) | 1797 | if (!ret->param) |
| 1773 | goto err; | 1798 | goto err; |
| 1774 | 1799 | ||
| 1775 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) | 1800 | if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { |
| 1776 | { | 1801 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); |
| 1777 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); | ||
| 1778 | goto err2; | 1802 | goto err2; |
| 1779 | } | 1803 | } |
| 1780 | if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) | 1804 | if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { |
| 1781 | { | 1805 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); |
| 1782 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); | ||
| 1783 | goto err2; | 1806 | goto err2; |
| 1784 | } | 1807 | } |
| 1785 | if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) | 1808 | if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { |
| 1786 | { | 1809 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); |
| 1787 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); | ||
| 1788 | goto err2; | 1810 | goto err2; |
| 1789 | } | 1811 | } |
| 1790 | 1812 | ||
| 1791 | if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) | 1813 | if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) |
| 1792 | goto err; | 1814 | goto err; |
| 1793 | 1815 | ||
| 1794 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); | 1816 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); |
| 1795 | 1817 | ||
| 1796 | ret->extra_certs=NULL; | 1818 | ret->extra_certs = NULL; |
| 1797 | /* No compression for DTLS */ | 1819 | /* No compression for DTLS */ |
| 1798 | if (meth->version != DTLS1_VERSION) | 1820 | if (meth->version != DTLS1_VERSION) |
| 1799 | ret->comp_methods=SSL_COMP_get_compression_methods(); | 1821 | ret->comp_methods = SSL_COMP_get_compression_methods(); |
| 1800 | 1822 | ||
| 1801 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; | 1823 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; |
| 1802 | 1824 | ||
| @@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1806 | /* Setup RFC4507 ticket keys */ | 1828 | /* Setup RFC4507 ticket keys */ |
| 1807 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) | 1829 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) |
| 1808 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) | 1830 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) |
| 1809 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) | 1831 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) |
| 1810 | ret->options |= SSL_OP_NO_TICKET; | 1832 | ret->options |= SSL_OP_NO_TICKET; |
| 1811 | 1833 | ||
| 1812 | ret->tlsext_status_cb = 0; | 1834 | ret->tlsext_status_cb = 0; |
| 1813 | ret->tlsext_status_arg = NULL; | 1835 | ret->tlsext_status_arg = NULL; |
| @@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1818 | # endif | 1840 | # endif |
| 1819 | #endif | 1841 | #endif |
| 1820 | #ifndef OPENSSL_NO_PSK | 1842 | #ifndef OPENSSL_NO_PSK |
| 1821 | ret->psk_identity_hint=NULL; | 1843 | ret->psk_identity_hint = NULL; |
| 1822 | ret->psk_client_callback=NULL; | 1844 | ret->psk_client_callback = NULL; |
| 1823 | ret->psk_server_callback=NULL; | 1845 | ret->psk_server_callback = NULL; |
| 1824 | #endif | 1846 | #endif |
| 1825 | #ifndef OPENSSL_NO_SRP | 1847 | #ifndef OPENSSL_NO_SRP |
| 1826 | SSL_CTX_SRP_CTX_init(ret); | 1848 | SSL_CTX_SRP_CTX_init(ret); |
| @@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1834 | ret->rbuf_freelist->len = 0; | 1856 | ret->rbuf_freelist->len = 0; |
| 1835 | ret->rbuf_freelist->head = NULL; | 1857 | ret->rbuf_freelist->head = NULL; |
| 1836 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); | 1858 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); |
| 1837 | if (!ret->wbuf_freelist) | 1859 | if (!ret->wbuf_freelist) { |
| 1838 | { | ||
| 1839 | OPENSSL_free(ret->rbuf_freelist); | 1860 | OPENSSL_free(ret->rbuf_freelist); |
| 1840 | goto err; | 1861 | goto err; |
| 1841 | } | 1862 | } |
| 1842 | ret->wbuf_freelist->chunklen = 0; | 1863 | ret->wbuf_freelist->chunklen = 0; |
| 1843 | ret->wbuf_freelist->len = 0; | 1864 | ret->wbuf_freelist->len = 0; |
| 1844 | ret->wbuf_freelist->head = NULL; | 1865 | ret->wbuf_freelist->head = NULL; |
| @@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1850 | #define eng_str(x) eng_strx(x) | 1871 | #define eng_str(x) eng_strx(x) |
| 1851 | /* Use specific client engine automatically... ignore errors */ | 1872 | /* Use specific client engine automatically... ignore errors */ |
| 1852 | { | 1873 | { |
| 1853 | ENGINE *eng; | 1874 | ENGINE *eng; |
| 1854 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1855 | if (!eng) | ||
| 1856 | { | ||
| 1857 | ERR_clear_error(); | ||
| 1858 | ENGINE_load_builtin_engines(); | ||
| 1859 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | 1875 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); |
| 1876 | if (!eng) { | ||
| 1877 | ERR_clear_error(); | ||
| 1878 | ENGINE_load_builtin_engines(); | ||
| 1879 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1860 | } | 1880 | } |
| 1861 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) | 1881 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) |
| 1862 | ERR_clear_error(); | 1882 | ERR_clear_error(); |
| 1863 | } | 1883 | } |
| 1864 | #endif | 1884 | #endif |
| 1865 | #endif | 1885 | #endif |
| @@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1868 | */ | 1888 | */ |
| 1869 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; | 1889 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; |
| 1870 | 1890 | ||
| 1871 | return(ret); | 1891 | return (ret); |
| 1872 | err: | 1892 | err: |
| 1873 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); | 1893 | SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); |
| 1874 | err2: | 1894 | err2: |
| 1875 | if (ret != NULL) SSL_CTX_free(ret); | 1895 | if (ret != NULL) |
| 1876 | return(NULL); | 1896 | SSL_CTX_free(ret); |
| 1877 | } | 1897 | return (NULL); |
| 1898 | } | ||
| 1878 | 1899 | ||
| 1879 | #if 0 | 1900 | #if 0 |
| 1880 | static void SSL_COMP_free(SSL_COMP *comp) | 1901 | static void |
| 1881 | { OPENSSL_free(comp); } | 1902 | SSL_COMP_free(SSL_COMP *comp) |
| 1903 | { OPENSSL_free(comp); | ||
| 1904 | } | ||
| 1882 | #endif | 1905 | #endif |
| 1883 | 1906 | ||
| 1884 | #ifndef OPENSSL_NO_BUF_FREELISTS | 1907 | #ifndef OPENSSL_NO_BUF_FREELISTS |
| 1885 | static void | 1908 | static void |
| 1886 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) | 1909 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) |
| 1887 | { | 1910 | { |
| 1888 | SSL3_BUF_FREELIST_ENTRY *ent, *next; | 1911 | SSL3_BUF_FREELIST_ENTRY *ent, *next; |
| 1889 | for (ent = list->head; ent; ent = next) | 1912 | for (ent = list->head; ent; ent = next) { |
| 1890 | { | ||
| 1891 | next = ent->next; | 1913 | next = ent->next; |
| 1892 | OPENSSL_free(ent); | 1914 | OPENSSL_free(ent); |
| 1893 | } | ||
| 1894 | OPENSSL_free(list); | ||
| 1895 | } | 1915 | } |
| 1916 | OPENSSL_free(list); | ||
| 1917 | } | ||
| 1896 | #endif | 1918 | #endif |
| 1897 | 1919 | ||
| 1898 | void SSL_CTX_free(SSL_CTX *a) | 1920 | void |
| 1899 | { | 1921 | SSL_CTX_free(SSL_CTX *a) |
| 1922 | { | ||
| 1900 | int i; | 1923 | int i; |
| 1901 | 1924 | ||
| 1902 | if (a == NULL) return; | 1925 | if (a == NULL) |
| 1926 | return; | ||
| 1903 | 1927 | ||
| 1904 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); | 1928 | i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); |
| 1905 | #ifdef REF_PRINT | 1929 | #ifdef REF_PRINT |
| 1906 | REF_PRINT("SSL_CTX",a); | 1930 | REF_PRINT("SSL_CTX", a); |
| 1907 | #endif | 1931 | #endif |
| 1908 | if (i > 0) return; | 1932 | if (i > 0) |
| 1933 | return; | ||
| 1909 | #ifdef REF_CHECK | 1934 | #ifdef REF_CHECK |
| 1910 | if (i < 0) | 1935 | if (i < 0) { |
| 1911 | { | 1936 | fprintf(stderr, "SSL_CTX_free, bad reference count\n"); |
| 1912 | fprintf(stderr,"SSL_CTX_free, bad reference count\n"); | ||
| 1913 | abort(); /* ok */ | 1937 | abort(); /* ok */ |
| 1914 | } | 1938 | } |
| 1915 | #endif | 1939 | #endif |
| 1916 | 1940 | ||
| 1917 | if (a->param) | 1941 | if (a->param) |
| @@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1927 | * (See ticket [openssl.org #212].) | 1951 | * (See ticket [openssl.org #212].) |
| 1928 | */ | 1952 | */ |
| 1929 | if (a->sessions != NULL) | 1953 | if (a->sessions != NULL) |
| 1930 | SSL_CTX_flush_sessions(a,0); | 1954 | SSL_CTX_flush_sessions(a, 0); |
| 1931 | 1955 | ||
| 1932 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | 1956 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); |
| 1933 | 1957 | ||
| @@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1943 | if (a->cert != NULL) | 1967 | if (a->cert != NULL) |
| 1944 | ssl_cert_free(a->cert); | 1968 | ssl_cert_free(a->cert); |
| 1945 | if (a->client_CA != NULL) | 1969 | if (a->client_CA != NULL) |
| 1946 | sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); | 1970 | sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); |
| 1947 | if (a->extra_certs != NULL) | 1971 | if (a->extra_certs != NULL) |
| 1948 | sk_X509_pop_free(a->extra_certs,X509_free); | 1972 | sk_X509_pop_free(a->extra_certs, X509_free); |
| 1949 | #if 0 /* This should never be done, since it removes a global database */ | 1973 | #if 0 /* This should never be done, since it removes a global database */ |
| 1950 | if (a->comp_methods != NULL) | 1974 | if (a->comp_methods != NULL) |
| 1951 | sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); | 1975 | sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); |
| 1952 | #else | 1976 | #else |
| 1953 | a->comp_methods = NULL; | 1977 | a->comp_methods = NULL; |
| 1954 | #endif | 1978 | #endif |
| 1955 | 1979 | ||
| 1956 | #ifndef OPENSSL_NO_SRTP | 1980 | #ifndef OPENSSL_NO_SRTP |
| 1957 | if (a->srtp_profiles) | 1981 | if (a->srtp_profiles) |
| 1958 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); | 1982 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); |
| 1959 | #endif | 1983 | #endif |
| 1960 | 1984 | ||
| 1961 | #ifndef OPENSSL_NO_PSK | 1985 | #ifndef OPENSSL_NO_PSK |
| @@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1978 | #endif | 2002 | #endif |
| 1979 | 2003 | ||
| 1980 | OPENSSL_free(a); | 2004 | OPENSSL_free(a); |
| 1981 | } | 2005 | } |
| 1982 | 2006 | ||
| 1983 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) | 2007 | void |
| 1984 | { | 2008 | SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) |
| 1985 | ctx->default_passwd_callback=cb; | 2009 | { |
| 1986 | } | 2010 | ctx->default_passwd_callback = cb; |
| 2011 | } | ||
| 1987 | 2012 | ||
| 1988 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) | 2013 | void |
| 1989 | { | 2014 | SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) |
| 1990 | ctx->default_passwd_callback_userdata=u; | 2015 | { |
| 1991 | } | 2016 | ctx->default_passwd_callback_userdata = u; |
| 2017 | } | ||
| 1992 | 2018 | ||
| 1993 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) | 2019 | void |
| 1994 | { | 2020 | SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) |
| 1995 | ctx->app_verify_callback=cb; | 2021 | { |
| 1996 | ctx->app_verify_arg=arg; | 2022 | ctx->app_verify_callback = cb; |
| 1997 | } | 2023 | ctx->app_verify_arg = arg; |
| 2024 | } | ||
| 1998 | 2025 | ||
| 1999 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) | 2026 | void |
| 2000 | { | 2027 | SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) |
| 2001 | ctx->verify_mode=mode; | 2028 | { |
| 2002 | ctx->default_verify_callback=cb; | 2029 | ctx->verify_mode = mode; |
| 2003 | } | 2030 | ctx->default_verify_callback = cb; |
| 2031 | } | ||
| 2004 | 2032 | ||
| 2005 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) | 2033 | void |
| 2006 | { | 2034 | SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) |
| 2035 | { | ||
| 2007 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | 2036 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
| 2008 | } | 2037 | } |
| 2009 | 2038 | ||
| 2010 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | 2039 | void |
| 2011 | { | 2040 | ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) |
| 2041 | { | ||
| 2012 | CERT_PKEY *cpk; | 2042 | CERT_PKEY *cpk; |
| 2013 | int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; | 2043 | int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; |
| 2014 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | 2044 | int rsa_enc_export, dh_rsa_export, dh_dsa_export; |
| 2015 | int rsa_tmp_export,dh_tmp_export,kl; | 2045 | int rsa_tmp_export, dh_tmp_export, kl; |
| 2016 | unsigned long mask_k,mask_a,emask_k,emask_a; | 2046 | unsigned long mask_k, mask_a, emask_k, emask_a; |
| 2017 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; | 2047 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; |
| 2018 | #ifndef OPENSSL_NO_ECDH | 2048 | #ifndef OPENSSL_NO_ECDH |
| 2019 | int have_ecdh_tmp; | 2049 | int have_ecdh_tmp; |
| @@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2022 | EVP_PKEY *ecc_pkey = NULL; | 2052 | EVP_PKEY *ecc_pkey = NULL; |
| 2023 | int signature_nid = 0, pk_nid = 0, md_nid = 0; | 2053 | int signature_nid = 0, pk_nid = 0, md_nid = 0; |
| 2024 | 2054 | ||
| 2025 | if (c == NULL) return; | 2055 | if (c == NULL) |
| 2056 | return; | ||
| 2026 | 2057 | ||
| 2027 | kl=SSL_C_EXPORT_PKEYLENGTH(cipher); | 2058 | kl = SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 2028 | 2059 | ||
| 2029 | #ifndef OPENSSL_NO_RSA | 2060 | #ifndef OPENSSL_NO_RSA |
| 2030 | rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); | 2061 | rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); |
| 2031 | rsa_tmp_export=(c->rsa_tmp_cb != NULL || | 2062 | rsa_tmp_export = (c->rsa_tmp_cb != NULL || |
| 2032 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); | 2063 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); |
| 2033 | #else | 2064 | #else |
| 2034 | rsa_tmp=rsa_tmp_export=0; | 2065 | rsa_tmp = rsa_tmp_export = 0; |
| 2035 | #endif | 2066 | #endif |
| 2036 | #ifndef OPENSSL_NO_DH | 2067 | #ifndef OPENSSL_NO_DH |
| 2037 | dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); | 2068 | dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); |
| 2038 | dh_tmp_export=(c->dh_tmp_cb != NULL || | 2069 | dh_tmp_export = (c->dh_tmp_cb != NULL || |
| 2039 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); | 2070 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); |
| 2040 | #else | 2071 | #else |
| 2041 | dh_tmp=dh_tmp_export=0; | 2072 | dh_tmp = dh_tmp_export = 0; |
| 2042 | #endif | 2073 | #endif |
| 2043 | 2074 | ||
| 2044 | #ifndef OPENSSL_NO_ECDH | 2075 | #ifndef OPENSSL_NO_ECDH |
| 2045 | have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); | 2076 | have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); |
| 2046 | #endif | 2077 | #endif |
| 2047 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | 2078 | cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); |
| 2048 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2079 | rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2049 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2080 | rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2050 | cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); | 2081 | cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); |
| 2051 | rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2082 | rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2052 | cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); | 2083 | cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); |
| 2053 | dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2084 | dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2054 | cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); | 2085 | cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); |
| 2055 | dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2086 | dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2056 | dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2087 | dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2057 | cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); | 2088 | cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); |
| 2058 | /* FIX THIS EAY EAY EAY */ | 2089 | /* FIX THIS EAY EAY EAY */ |
| 2059 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2090 | dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2060 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2091 | dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2061 | cpk= &(c->pkeys[SSL_PKEY_ECC]); | 2092 | cpk = &(c->pkeys[SSL_PKEY_ECC]); |
| 2062 | have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2093 | have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2063 | mask_k=0; | 2094 | mask_k = 0; |
| 2064 | mask_a=0; | 2095 | mask_a = 0; |
| 2065 | emask_k=0; | 2096 | emask_k = 0; |
| 2066 | emask_a=0; | 2097 | emask_a = 0; |
| 2098 | |||
| 2067 | 2099 | ||
| 2068 | |||
| 2069 | 2100 | ||
| 2070 | #ifdef CIPHER_DEBUG | 2101 | #ifdef CIPHER_DEBUG |
| 2071 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", | 2102 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", |
| 2072 | rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, | 2103 | rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, |
| 2073 | rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); | 2104 | rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); |
| 2074 | #endif | 2105 | #endif |
| 2075 | 2106 | ||
| 2076 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); | 2107 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); |
| 2077 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { | 2108 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { |
| 2078 | mask_k |= SSL_kGOST; | 2109 | mask_k |= SSL_kGOST; |
| @@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2091 | 2122 | ||
| 2092 | #if 0 | 2123 | #if 0 |
| 2093 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ | 2124 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ |
| 2094 | if ( (dh_tmp || dh_rsa || dh_dsa) && | 2125 | if ((dh_tmp || dh_rsa || dh_dsa) && |
| 2095 | (rsa_enc || rsa_sign || dsa_sign)) | 2126 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2096 | mask_k|=SSL_kEDH; | 2127 | mask_k|=SSL_kEDH; |
| 2097 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && | 2128 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && |
| 2098 | (rsa_enc || rsa_sign || dsa_sign)) | 2129 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2099 | emask_k|=SSL_kEDH; | 2130 | emask_k|=SSL_kEDH; |
| 2100 | #endif | 2131 | #endif |
| 2101 | 2132 | ||
| 2102 | if (dh_tmp_export) | 2133 | if (dh_tmp_export) |
| @@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2105 | if (dh_tmp) | 2136 | if (dh_tmp) |
| 2106 | mask_k|=SSL_kEDH; | 2137 | mask_k|=SSL_kEDH; |
| 2107 | 2138 | ||
| 2108 | if (dh_rsa) mask_k|=SSL_kDHr; | 2139 | if (dh_rsa) |
| 2109 | if (dh_rsa_export) emask_k|=SSL_kDHr; | 2140 | mask_k|=SSL_kDHr; |
| 2141 | if (dh_rsa_export) | ||
| 2142 | emask_k|=SSL_kDHr; | ||
| 2110 | 2143 | ||
| 2111 | if (dh_dsa) mask_k|=SSL_kDHd; | 2144 | if (dh_dsa) |
| 2112 | if (dh_dsa_export) emask_k|=SSL_kDHd; | 2145 | mask_k|=SSL_kDHd; |
| 2146 | if (dh_dsa_export) | ||
| 2147 | emask_k|=SSL_kDHd; | ||
| 2113 | 2148 | ||
| 2114 | if (rsa_enc || rsa_sign) | 2149 | if (rsa_enc || rsa_sign) { |
| 2115 | { | ||
| 2116 | mask_a|=SSL_aRSA; | 2150 | mask_a|=SSL_aRSA; |
| 2117 | emask_a|=SSL_aRSA; | 2151 | emask_a|=SSL_aRSA; |
| 2118 | } | 2152 | } |
| 2119 | 2153 | ||
| 2120 | if (dsa_sign) | 2154 | if (dsa_sign) { |
| 2121 | { | ||
| 2122 | mask_a|=SSL_aDSS; | 2155 | mask_a|=SSL_aDSS; |
| 2123 | emask_a|=SSL_aDSS; | 2156 | emask_a|=SSL_aDSS; |
| 2124 | } | 2157 | } |
| 2125 | 2158 | ||
| 2126 | mask_a|=SSL_aNULL; | 2159 | mask_a|=SSL_aNULL; |
| 2127 | emask_a|=SSL_aNULL; | 2160 | emask_a|=SSL_aNULL; |
| @@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2136 | /* An ECC certificate may be usable for ECDH and/or | 2169 | /* An ECC certificate may be usable for ECDH and/or |
| 2137 | * ECDSA cipher suites depending on the key usage extension. | 2170 | * ECDSA cipher suites depending on the key usage extension. |
| 2138 | */ | 2171 | */ |
| 2139 | if (have_ecc_cert) | 2172 | if (have_ecc_cert) { |
| 2140 | { | ||
| 2141 | /* This call populates extension flags (ex_flags) */ | 2173 | /* This call populates extension flags (ex_flags) */ |
| 2142 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | 2174 | x = (c->pkeys[SSL_PKEY_ECC]).x509; |
| 2143 | X509_check_purpose(x, -1, 0); | 2175 | X509_check_purpose(x, -1, 0); |
| 2144 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2176 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2145 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | 2177 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; |
| 2146 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2178 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2147 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | 2179 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; |
| 2148 | ecc_pkey = X509_get_pubkey(x); | 2180 | ecc_pkey = X509_get_pubkey(x); |
| 2149 | ecc_pkey_size = (ecc_pkey != NULL) ? | 2181 | ecc_pkey_size = (ecc_pkey != NULL) ? |
| 2150 | EVP_PKEY_bits(ecc_pkey) : 0; | 2182 | EVP_PKEY_bits(ecc_pkey) : 0; |
| 2151 | EVP_PKEY_free(ecc_pkey); | 2183 | EVP_PKEY_free(ecc_pkey); |
| 2152 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2184 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2153 | { | ||
| 2154 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2185 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2155 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2186 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2156 | } | 2187 | } |
| 2157 | #ifndef OPENSSL_NO_ECDH | 2188 | #ifndef OPENSSL_NO_ECDH |
| 2158 | if (ecdh_ok) | 2189 | if (ecdh_ok) { |
| 2159 | { | ||
| 2160 | 2190 | ||
| 2161 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) | 2191 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { |
| 2162 | { | ||
| 2163 | mask_k|=SSL_kECDHr; | 2192 | mask_k|=SSL_kECDHr; |
| 2164 | mask_a|=SSL_aECDH; | 2193 | mask_a|=SSL_aECDH; |
| 2165 | if (ecc_pkey_size <= 163) | 2194 | if (ecc_pkey_size <= 163) { |
| 2166 | { | ||
| 2167 | emask_k|=SSL_kECDHr; | 2195 | emask_k|=SSL_kECDHr; |
| 2168 | emask_a|=SSL_aECDH; | 2196 | emask_a|=SSL_aECDH; |
| 2169 | } | ||
| 2170 | } | 2197 | } |
| 2198 | } | ||
| 2171 | 2199 | ||
| 2172 | if (pk_nid == NID_X9_62_id_ecPublicKey) | 2200 | if (pk_nid == NID_X9_62_id_ecPublicKey) { |
| 2173 | { | ||
| 2174 | mask_k|=SSL_kECDHe; | 2201 | mask_k|=SSL_kECDHe; |
| 2175 | mask_a|=SSL_aECDH; | 2202 | mask_a|=SSL_aECDH; |
| 2176 | if (ecc_pkey_size <= 163) | 2203 | if (ecc_pkey_size <= 163) { |
| 2177 | { | ||
| 2178 | emask_k|=SSL_kECDHe; | 2204 | emask_k|=SSL_kECDHe; |
| 2179 | emask_a|=SSL_aECDH; | 2205 | emask_a|=SSL_aECDH; |
| 2180 | } | ||
| 2181 | } | 2206 | } |
| 2182 | } | 2207 | } |
| 2208 | } | ||
| 2183 | #endif | 2209 | #endif |
| 2184 | #ifndef OPENSSL_NO_ECDSA | 2210 | #ifndef OPENSSL_NO_ECDSA |
| 2185 | if (ecdsa_ok) | 2211 | if (ecdsa_ok) { |
| 2186 | { | ||
| 2187 | mask_a|=SSL_aECDSA; | 2212 | mask_a|=SSL_aECDSA; |
| 2188 | emask_a|=SSL_aECDSA; | 2213 | emask_a|=SSL_aECDSA; |
| 2189 | } | ||
| 2190 | #endif | ||
| 2191 | } | 2214 | } |
| 2215 | #endif | ||
| 2216 | } | ||
| 2192 | 2217 | ||
| 2193 | #ifndef OPENSSL_NO_ECDH | 2218 | #ifndef OPENSSL_NO_ECDH |
| 2194 | if (have_ecdh_tmp) | 2219 | if (have_ecdh_tmp) { |
| 2195 | { | ||
| 2196 | mask_k|=SSL_kEECDH; | 2220 | mask_k|=SSL_kEECDH; |
| 2197 | emask_k|=SSL_kEECDH; | 2221 | emask_k|=SSL_kEECDH; |
| 2198 | } | 2222 | } |
| 2199 | #endif | 2223 | #endif |
| 2200 | 2224 | ||
| 2201 | #ifndef OPENSSL_NO_PSK | 2225 | #ifndef OPENSSL_NO_PSK |
| @@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2205 | emask_a |= SSL_aPSK; | 2229 | emask_a |= SSL_aPSK; |
| 2206 | #endif | 2230 | #endif |
| 2207 | 2231 | ||
| 2208 | c->mask_k=mask_k; | 2232 | c->mask_k = mask_k; |
| 2209 | c->mask_a=mask_a; | 2233 | c->mask_a = mask_a; |
| 2210 | c->export_mask_k=emask_k; | 2234 | c->export_mask_k = emask_k; |
| 2211 | c->export_mask_a=emask_a; | 2235 | c->export_mask_a = emask_a; |
| 2212 | c->valid=1; | 2236 | c->valid = 1; |
| 2213 | } | 2237 | } |
| 2214 | 2238 | ||
| 2215 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | 2239 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ |
| 2216 | #define ku_reject(x, usage) \ | 2240 | #define ku_reject(x, usage) \ |
| @@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2218 | 2242 | ||
| 2219 | #ifndef OPENSSL_NO_EC | 2243 | #ifndef OPENSSL_NO_EC |
| 2220 | 2244 | ||
| 2221 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | 2245 | int |
| 2222 | { | 2246 | ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) |
| 2247 | { | ||
| 2223 | unsigned long alg_k, alg_a; | 2248 | unsigned long alg_k, alg_a; |
| 2224 | EVP_PKEY *pkey = NULL; | 2249 | EVP_PKEY *pkey = NULL; |
| 2225 | int keysize = 0; | 2250 | int keysize = 0; |
| @@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | |||
| 2229 | alg_k = cs->algorithm_mkey; | 2254 | alg_k = cs->algorithm_mkey; |
| 2230 | alg_a = cs->algorithm_auth; | 2255 | alg_a = cs->algorithm_auth; |
| 2231 | 2256 | ||
| 2232 | if (SSL_C_IS_EXPORT(cs)) | 2257 | if (SSL_C_IS_EXPORT(cs)) { |
| 2233 | { | ||
| 2234 | /* ECDH key length in export ciphers must be <= 163 bits */ | 2258 | /* ECDH key length in export ciphers must be <= 163 bits */ |
| 2235 | pkey = X509_get_pubkey(x); | 2259 | pkey = X509_get_pubkey(x); |
| 2236 | if (pkey == NULL) return 0; | 2260 | if (pkey == NULL) |
| 2261 | return 0; | ||
| 2237 | keysize = EVP_PKEY_bits(pkey); | 2262 | keysize = EVP_PKEY_bits(pkey); |
| 2238 | EVP_PKEY_free(pkey); | 2263 | EVP_PKEY_free(pkey); |
| 2239 | if (keysize > 163) return 0; | 2264 | if (keysize > 163) |
| 2240 | } | 2265 | return 0; |
| 2266 | } | ||
| 2241 | 2267 | ||
| 2242 | /* This call populates the ex_flags field correctly */ | 2268 | /* This call populates the ex_flags field correctly */ |
| 2243 | X509_check_purpose(x, -1, 0); | 2269 | X509_check_purpose(x, -1, 0); |
| 2244 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2270 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2245 | { | ||
| 2246 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2271 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2247 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2272 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2248 | } | 2273 | } |
| 2249 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) | 2274 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { |
| 2250 | { | ||
| 2251 | /* key usage, if present, must allow key agreement */ | 2275 | /* key usage, if present, must allow key agreement */ |
| 2252 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) | 2276 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { |
| 2253 | { | ||
| 2254 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); | 2277 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); |
| 2255 | return 0; | 2278 | return 0; |
| 2256 | } | 2279 | } |
| 2257 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) | 2280 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2258 | { | ||
| 2259 | /* signature alg must be ECDSA */ | 2281 | /* signature alg must be ECDSA */ |
| 2260 | if (pk_nid != NID_X9_62_id_ecPublicKey) | 2282 | if (pk_nid != NID_X9_62_id_ecPublicKey) { |
| 2261 | { | ||
| 2262 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); | 2283 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); |
| 2263 | return 0; | 2284 | return 0; |
| 2264 | } | ||
| 2265 | } | 2285 | } |
| 2266 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) | 2286 | } |
| 2267 | { | 2287 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2268 | /* signature alg must be RSA */ | 2288 | /* signature alg must be RSA */ |
| 2269 | 2289 | ||
| 2270 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) | 2290 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { |
| 2271 | { | ||
| 2272 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); | 2291 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); |
| 2273 | return 0; | 2292 | return 0; |
| 2274 | } | ||
| 2275 | } | 2293 | } |
| 2276 | } | 2294 | } |
| 2277 | if (alg_a & SSL_aECDSA) | 2295 | } |
| 2278 | { | 2296 | if (alg_a & SSL_aECDSA) { |
| 2279 | /* key usage, if present, must allow signing */ | 2297 | /* key usage, if present, must allow signing */ |
| 2280 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) | 2298 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { |
| 2281 | { | ||
| 2282 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); | 2299 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); |
| 2283 | return 0; | 2300 | return 0; |
| 2284 | } | ||
| 2285 | } | 2301 | } |
| 2286 | |||
| 2287 | return 1; /* all checks are ok */ | ||
| 2288 | } | 2302 | } |
| 2289 | 2303 | ||
| 2304 | return 1; | ||
| 2305 | /* all checks are ok */ | ||
| 2306 | } | ||
| 2307 | |||
| 2290 | #endif | 2308 | #endif |
| 2291 | 2309 | ||
| 2292 | /* THIS NEEDS CLEANING UP */ | 2310 | /* THIS NEEDS CLEANING UP */ |
| 2293 | CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | 2311 | CERT_PKEY |
| 2294 | { | 2312 | *ssl_get_server_send_pkey(const SSL *s) |
| 2295 | unsigned long alg_k,alg_a; | 2313 | { |
| 2314 | unsigned long alg_k, alg_a; | ||
| 2296 | CERT *c; | 2315 | CERT *c; |
| 2297 | int i; | 2316 | int i; |
| 2298 | 2317 | ||
| 2299 | c=s->cert; | 2318 | c = s->cert; |
| 2300 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); | 2319 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); |
| 2301 | 2320 | ||
| 2302 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2321 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 2303 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2322 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 2304 | 2323 | ||
| 2305 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) | 2324 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { |
| 2306 | { | ||
| 2307 | /* we don't need to look at SSL_kEECDH | 2325 | /* we don't need to look at SSL_kEECDH |
| 2308 | * since no certificate is needed for | 2326 | * since no certificate is needed for |
| 2309 | * anon ECDH and for authenticated | 2327 | * anon ECDH and for authenticated |
| @@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | |||
| 2315 | * checks for SSL_kECDH before RSA | 2333 | * checks for SSL_kECDH before RSA |
| 2316 | * checks ensures the correct cert is chosen. | 2334 | * checks ensures the correct cert is chosen. |
| 2317 | */ | 2335 | */ |
| 2318 | i=SSL_PKEY_ECC; | 2336 | i = SSL_PKEY_ECC; |
| 2319 | } | 2337 | } else if (alg_a & SSL_aECDSA) { |
| 2320 | else if (alg_a & SSL_aECDSA) | 2338 | i = SSL_PKEY_ECC; |
| 2321 | { | 2339 | } else if (alg_k & SSL_kDHr) |
| 2322 | i=SSL_PKEY_ECC; | 2340 | i = SSL_PKEY_DH_RSA; |
| 2323 | } | ||
| 2324 | else if (alg_k & SSL_kDHr) | ||
| 2325 | i=SSL_PKEY_DH_RSA; | ||
| 2326 | else if (alg_k & SSL_kDHd) | 2341 | else if (alg_k & SSL_kDHd) |
| 2327 | i=SSL_PKEY_DH_DSA; | 2342 | i = SSL_PKEY_DH_DSA; |
| 2328 | else if (alg_a & SSL_aDSS) | 2343 | else if (alg_a & SSL_aDSS) |
| 2329 | i=SSL_PKEY_DSA_SIGN; | 2344 | i = SSL_PKEY_DSA_SIGN; |
| 2330 | else if (alg_a & SSL_aRSA) | 2345 | else if (alg_a & SSL_aRSA) { |
| 2331 | { | ||
| 2332 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) | 2346 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) |
| 2333 | i=SSL_PKEY_RSA_SIGN; | 2347 | i = SSL_PKEY_RSA_SIGN; |
| 2334 | else | 2348 | else |
| 2335 | i=SSL_PKEY_RSA_ENC; | 2349 | i = SSL_PKEY_RSA_ENC; |
| 2336 | } | 2350 | } else if (alg_a & SSL_aKRB5) { |
| 2337 | else if (alg_a & SSL_aKRB5) | ||
| 2338 | { | ||
| 2339 | /* VRS something else here? */ | 2351 | /* VRS something else here? */ |
| 2340 | return(NULL); | 2352 | return (NULL); |
| 2341 | } | 2353 | } else if (alg_a & SSL_aGOST94) |
| 2342 | else if (alg_a & SSL_aGOST94) | 2354 | i = SSL_PKEY_GOST94; |
| 2343 | i=SSL_PKEY_GOST94; | ||
| 2344 | else if (alg_a & SSL_aGOST01) | 2355 | else if (alg_a & SSL_aGOST01) |
| 2345 | i=SSL_PKEY_GOST01; | 2356 | i = SSL_PKEY_GOST01; |
| 2346 | else /* if (alg_a & SSL_aNULL) */ | 2357 | else /* if (alg_a & SSL_aNULL) */ |
| 2347 | { | 2358 | { |
| 2348 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); | 2359 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); |
| 2349 | return(NULL); | 2360 | return (NULL); |
| 2350 | } | 2361 | } |
| 2351 | 2362 | ||
| 2352 | return c->pkeys + i; | 2363 | return c->pkeys + i; |
| 2353 | } | 2364 | } |
| 2354 | 2365 | ||
| 2355 | X509 *ssl_get_server_send_cert(const SSL *s) | 2366 | X509 |
| 2356 | { | 2367 | *ssl_get_server_send_cert(const SSL *s) |
| 2368 | { | ||
| 2357 | CERT_PKEY *cpk; | 2369 | CERT_PKEY *cpk; |
| 2358 | cpk = ssl_get_server_send_pkey(s); | 2370 | cpk = ssl_get_server_send_pkey(s); |
| 2359 | if (!cpk) | 2371 | if (!cpk) |
| 2360 | return NULL; | 2372 | return NULL; |
| 2361 | return cpk->x509; | 2373 | return cpk->x509; |
| 2362 | } | 2374 | } |
| 2363 | 2375 | ||
| 2364 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) | 2376 | EVP_PKEY |
| 2365 | { | 2377 | *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) |
| 2378 | { | ||
| 2366 | unsigned long alg_a; | 2379 | unsigned long alg_a; |
| 2367 | CERT *c; | 2380 | CERT *c; |
| 2368 | int idx = -1; | 2381 | int idx = -1; |
| 2369 | 2382 | ||
| 2370 | alg_a = cipher->algorithm_auth; | 2383 | alg_a = cipher->algorithm_auth; |
| 2371 | c=s->cert; | 2384 | c = s->cert; |
| 2372 | 2385 | ||
| 2373 | if ((alg_a & SSL_aDSS) && | 2386 | if ((alg_a & SSL_aDSS) && |
| 2374 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) | 2387 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) |
| 2375 | idx = SSL_PKEY_DSA_SIGN; | 2388 | idx = SSL_PKEY_DSA_SIGN; |
| 2376 | else if (alg_a & SSL_aRSA) | 2389 | else if (alg_a & SSL_aRSA) { |
| 2377 | { | ||
| 2378 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) | 2390 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) |
| 2379 | idx = SSL_PKEY_RSA_SIGN; | 2391 | idx = SSL_PKEY_RSA_SIGN; |
| 2380 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) | 2392 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) |
| 2381 | idx = SSL_PKEY_RSA_ENC; | 2393 | idx = SSL_PKEY_RSA_ENC; |
| 2382 | } | 2394 | } else if ((alg_a & SSL_aECDSA) && |
| 2383 | else if ((alg_a & SSL_aECDSA) && | 2395 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) |
| 2384 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | 2396 | idx = SSL_PKEY_ECC; |
| 2385 | idx = SSL_PKEY_ECC; | 2397 | if (idx == -1) { |
| 2386 | if (idx == -1) | 2398 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); |
| 2387 | { | 2399 | return (NULL); |
| 2388 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); | 2400 | } |
| 2389 | return(NULL); | ||
| 2390 | } | ||
| 2391 | if (pmd) | 2401 | if (pmd) |
| 2392 | *pmd = c->pkeys[idx].digest; | 2402 | *pmd = c->pkeys[idx].digest; |
| 2393 | return c->pkeys[idx].privatekey; | 2403 | return c->pkeys[idx].privatekey; |
| 2394 | } | 2404 | } |
| 2395 | 2405 | ||
| 2396 | void ssl_update_cache(SSL *s,int mode) | 2406 | void |
| 2397 | { | 2407 | ssl_update_cache(SSL *s, int mode) |
| 2408 | { | ||
| 2398 | int i; | 2409 | int i; |
| 2399 | 2410 | ||
| 2400 | /* If the session_id_length is 0, we are not supposed to cache it, | 2411 | /* If the session_id_length is 0, we are not supposed to cache it, |
| 2401 | * and it would be rather hard to do anyway :-) */ | 2412 | * and it would be rather hard to do anyway :-) */ |
| 2402 | if (s->session->session_id_length == 0) return; | 2413 | if (s->session->session_id_length == 0) |
| 2414 | return; | ||
| 2403 | 2415 | ||
| 2404 | i=s->session_ctx->session_cache_mode; | 2416 | i = s->session_ctx->session_cache_mode; |
| 2405 | if ((i & mode) && (!s->hit) | 2417 | if ((i & mode) && (!s->hit) |
| 2406 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | 2418 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 2407 | || SSL_CTX_add_session(s->session_ctx,s->session)) | 2419 | || SSL_CTX_add_session(s->session_ctx, s->session)) |
| 2408 | && (s->session_ctx->new_session_cb != NULL)) | 2420 | && (s->session_ctx->new_session_cb != NULL)) { |
| 2409 | { | 2421 | CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 2410 | CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); | 2422 | if (!s->session_ctx->new_session_cb(s, s->session)) |
| 2411 | if (!s->session_ctx->new_session_cb(s,s->session)) | ||
| 2412 | SSL_SESSION_free(s->session); | 2423 | SSL_SESSION_free(s->session); |
| 2413 | } | 2424 | } |
| 2414 | 2425 | ||
| 2415 | /* auto flush every 255 connections */ | 2426 | /* auto flush every 255 connections */ |
| 2416 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && | 2427 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && |
| 2417 | ((i & mode) == mode)) | 2428 | ((i & mode) == mode)) { |
| 2418 | { | 2429 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2419 | if ( (((mode & SSL_SESS_CACHE_CLIENT) | ||
| 2420 | ?s->session_ctx->stats.sess_connect_good | 2430 | ?s->session_ctx->stats.sess_connect_good |
| 2421 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) | 2431 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2422 | { | ||
| 2423 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2432 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); |
| 2424 | } | ||
| 2425 | } | 2433 | } |
| 2426 | } | 2434 | } |
| 2435 | } | ||
| 2427 | 2436 | ||
| 2428 | const SSL_METHOD *SSL_get_ssl_method(SSL *s) | 2437 | const SSL_METHOD |
| 2429 | { | 2438 | *SSL_get_ssl_method(SSL *s) |
| 2430 | return(s->method); | 2439 | { |
| 2431 | } | 2440 | return (s->method); |
| 2441 | } | ||
| 2432 | 2442 | ||
| 2433 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) | 2443 | int |
| 2434 | { | 2444 | SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) |
| 2435 | int conn= -1; | 2445 | { |
| 2436 | int ret=1; | 2446 | int conn = -1; |
| 2447 | int ret = 1; | ||
| 2437 | 2448 | ||
| 2438 | if (s->method != meth) | 2449 | if (s->method != meth) { |
| 2439 | { | ||
| 2440 | if (s->handshake_func != NULL) | 2450 | if (s->handshake_func != NULL) |
| 2441 | conn=(s->handshake_func == s->method->ssl_connect); | 2451 | conn = (s->handshake_func == s->method->ssl_connect); |
| 2442 | 2452 | ||
| 2443 | if (s->method->version == meth->version) | 2453 | if (s->method->version == meth->version) |
| 2444 | s->method=meth; | 2454 | s->method = meth; |
| 2445 | else | 2455 | else { |
| 2446 | { | ||
| 2447 | s->method->ssl_free(s); | 2456 | s->method->ssl_free(s); |
| 2448 | s->method=meth; | 2457 | s->method = meth; |
| 2449 | ret=s->method->ssl_new(s); | 2458 | ret = s->method->ssl_new(s); |
| 2450 | } | 2459 | } |
| 2451 | 2460 | ||
| 2452 | if (conn == 1) | 2461 | if (conn == 1) |
| 2453 | s->handshake_func=meth->ssl_connect; | 2462 | s->handshake_func = meth->ssl_connect; |
| 2454 | else if (conn == 0) | 2463 | else if (conn == 0) |
| 2455 | s->handshake_func=meth->ssl_accept; | 2464 | s->handshake_func = meth->ssl_accept; |
| 2456 | } | ||
| 2457 | return(ret); | ||
| 2458 | } | 2465 | } |
| 2466 | return (ret); | ||
| 2467 | } | ||
| 2459 | 2468 | ||
| 2460 | int SSL_get_error(const SSL *s,int i) | 2469 | int |
| 2461 | { | 2470 | SSL_get_error(const SSL *s, int i) |
| 2471 | { | ||
| 2462 | int reason; | 2472 | int reason; |
| 2463 | unsigned long l; | 2473 | unsigned long l; |
| 2464 | BIO *bio; | 2474 | BIO *bio; |
| 2465 | 2475 | ||
| 2466 | if (i > 0) return(SSL_ERROR_NONE); | 2476 | if (i > 0) |
| 2477 | return (SSL_ERROR_NONE); | ||
| 2467 | 2478 | ||
| 2468 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake | 2479 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake |
| 2469 | * etc, where we do encode the error */ | 2480 | * etc, where we do encode the error */ |
| 2470 | if ((l=ERR_peek_error()) != 0) | 2481 | if ((l = ERR_peek_error()) != 0) { |
| 2471 | { | ||
| 2472 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) | 2482 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) |
| 2473 | return(SSL_ERROR_SYSCALL); | 2483 | return (SSL_ERROR_SYSCALL); |
| 2474 | else | 2484 | else |
| 2475 | return(SSL_ERROR_SSL); | 2485 | return (SSL_ERROR_SSL); |
| 2476 | } | 2486 | } |
| 2477 | 2487 | ||
| 2478 | if ((i < 0) && SSL_want_read(s)) | 2488 | if ((i < 0) && SSL_want_read(s)) { |
| 2479 | { | 2489 | bio = SSL_get_rbio(s); |
| 2480 | bio=SSL_get_rbio(s); | ||
| 2481 | if (BIO_should_read(bio)) | 2490 | if (BIO_should_read(bio)) |
| 2482 | return(SSL_ERROR_WANT_READ); | 2491 | return (SSL_ERROR_WANT_READ); |
| 2483 | else if (BIO_should_write(bio)) | 2492 | else if (BIO_should_write(bio)) |
| 2484 | /* This one doesn't make too much sense ... We never try | 2493 | /* This one doesn't make too much sense ... We never try |
| 2485 | * to write to the rbio, and an application program where | 2494 | * to write to the rbio, and an application program where |
| @@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i) | |||
| 2490 | * SSL_want_write(s)) and rbio and wbio *are* the same, | 2499 | * SSL_want_write(s)) and rbio and wbio *are* the same, |
| 2491 | * this test works around that bug; so it might be safer | 2500 | * this test works around that bug; so it might be safer |
| 2492 | * to keep it. */ | 2501 | * to keep it. */ |
| 2493 | return(SSL_ERROR_WANT_WRITE); | 2502 | return (SSL_ERROR_WANT_WRITE); |
| 2494 | else if (BIO_should_io_special(bio)) | 2503 | else if (BIO_should_io_special(bio)) { |
| 2495 | { | 2504 | reason = BIO_get_retry_reason(bio); |
| 2496 | reason=BIO_get_retry_reason(bio); | ||
| 2497 | if (reason == BIO_RR_CONNECT) | 2505 | if (reason == BIO_RR_CONNECT) |
| 2498 | return(SSL_ERROR_WANT_CONNECT); | 2506 | return (SSL_ERROR_WANT_CONNECT); |
| 2499 | else if (reason == BIO_RR_ACCEPT) | 2507 | else if (reason == BIO_RR_ACCEPT) |
| 2500 | return(SSL_ERROR_WANT_ACCEPT); | 2508 | return (SSL_ERROR_WANT_ACCEPT); |
| 2501 | else | 2509 | else |
| 2502 | return(SSL_ERROR_SYSCALL); /* unknown */ | 2510 | return(SSL_ERROR_SYSCALL); /* unknown */ |
| 2503 | } | ||
| 2504 | } | 2511 | } |
| 2512 | } | ||
| 2505 | 2513 | ||
| 2506 | if ((i < 0) && SSL_want_write(s)) | 2514 | if ((i < 0) && SSL_want_write(s)) { |
| 2507 | { | 2515 | bio = SSL_get_wbio(s); |
| 2508 | bio=SSL_get_wbio(s); | ||
| 2509 | if (BIO_should_write(bio)) | 2516 | if (BIO_should_write(bio)) |
| 2510 | return(SSL_ERROR_WANT_WRITE); | 2517 | return (SSL_ERROR_WANT_WRITE); |
| 2511 | else if (BIO_should_read(bio)) | 2518 | else if (BIO_should_read(bio)) |
| 2512 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ | 2519 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ |
| 2513 | return(SSL_ERROR_WANT_READ); | 2520 | return (SSL_ERROR_WANT_READ); |
| 2514 | else if (BIO_should_io_special(bio)) | 2521 | else if (BIO_should_io_special(bio)) { |
| 2515 | { | 2522 | reason = BIO_get_retry_reason(bio); |
| 2516 | reason=BIO_get_retry_reason(bio); | ||
| 2517 | if (reason == BIO_RR_CONNECT) | 2523 | if (reason == BIO_RR_CONNECT) |
| 2518 | return(SSL_ERROR_WANT_CONNECT); | 2524 | return (SSL_ERROR_WANT_CONNECT); |
| 2519 | else if (reason == BIO_RR_ACCEPT) | 2525 | else if (reason == BIO_RR_ACCEPT) |
| 2520 | return(SSL_ERROR_WANT_ACCEPT); | 2526 | return (SSL_ERROR_WANT_ACCEPT); |
| 2521 | else | 2527 | else |
| 2522 | return(SSL_ERROR_SYSCALL); | 2528 | return (SSL_ERROR_SYSCALL); |
| 2523 | } | ||
| 2524 | } | ||
| 2525 | if ((i < 0) && SSL_want_x509_lookup(s)) | ||
| 2526 | { | ||
| 2527 | return(SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2528 | } | 2529 | } |
| 2530 | } | ||
| 2531 | if ((i < 0) && SSL_want_x509_lookup(s)) { | ||
| 2532 | return (SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2533 | } | ||
| 2529 | 2534 | ||
| 2530 | if (i == 0) | 2535 | if (i == 0) { |
| 2531 | { | 2536 | if (s->version == SSL2_VERSION) { |
| 2532 | if (s->version == SSL2_VERSION) | ||
| 2533 | { | ||
| 2534 | /* assume it is the socket being closed */ | 2537 | /* assume it is the socket being closed */ |
| 2535 | return(SSL_ERROR_ZERO_RETURN); | 2538 | return (SSL_ERROR_ZERO_RETURN); |
| 2536 | } | 2539 | } else { |
| 2537 | else | ||
| 2538 | { | ||
| 2539 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | 2540 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && |
| 2540 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) | 2541 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) |
| 2541 | return(SSL_ERROR_ZERO_RETURN); | 2542 | return (SSL_ERROR_ZERO_RETURN); |
| 2542 | } | ||
| 2543 | } | 2543 | } |
| 2544 | return(SSL_ERROR_SYSCALL); | ||
| 2545 | } | 2544 | } |
| 2545 | return (SSL_ERROR_SYSCALL); | ||
| 2546 | } | ||
| 2546 | 2547 | ||
| 2547 | int SSL_do_handshake(SSL *s) | 2548 | int |
| 2548 | { | 2549 | SSL_do_handshake(SSL *s) |
| 2549 | int ret=1; | 2550 | { |
| 2551 | int ret = 1; | ||
| 2550 | 2552 | ||
| 2551 | if (s->handshake_func == NULL) | 2553 | if (s->handshake_func == NULL) { |
| 2552 | { | 2554 | SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); |
| 2553 | SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); | 2555 | return (-1); |
| 2554 | return(-1); | 2556 | } |
| 2555 | } | ||
| 2556 | 2557 | ||
| 2557 | s->method->ssl_renegotiate_check(s); | 2558 | s->method->ssl_renegotiate_check(s); |
| 2558 | 2559 | ||
| 2559 | if (SSL_in_init(s) || SSL_in_before(s)) | 2560 | if (SSL_in_init(s) || SSL_in_before(s)) { |
| 2560 | { | 2561 | ret = s->handshake_func(s); |
| 2561 | ret=s->handshake_func(s); | ||
| 2562 | } | ||
| 2563 | return(ret); | ||
| 2564 | } | 2562 | } |
| 2563 | return (ret); | ||
| 2564 | } | ||
| 2565 | 2565 | ||
| 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so | 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so |
| 2567 | * one of these calls will reset it */ | 2567 | * one of these calls will reset it */ |
| 2568 | void SSL_set_accept_state(SSL *s) | 2568 | void |
| 2569 | { | 2569 | SSL_set_accept_state(SSL *s) |
| 2570 | s->server=1; | 2570 | { |
| 2571 | s->shutdown=0; | 2571 | s->server = 1; |
| 2572 | s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; | 2572 | s->shutdown = 0; |
| 2573 | s->handshake_func=s->method->ssl_accept; | 2573 | s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; |
| 2574 | s->handshake_func = s->method->ssl_accept; | ||
| 2574 | /* clear the current cipher */ | 2575 | /* clear the current cipher */ |
| 2575 | ssl_clear_cipher_ctx(s); | 2576 | ssl_clear_cipher_ctx(s); |
| 2576 | ssl_clear_hash_ctx(&s->read_hash); | 2577 | ssl_clear_hash_ctx(&s->read_hash); |
| 2577 | ssl_clear_hash_ctx(&s->write_hash); | 2578 | ssl_clear_hash_ctx(&s->write_hash); |
| 2578 | } | 2579 | } |
| 2579 | 2580 | ||
| 2580 | void SSL_set_connect_state(SSL *s) | 2581 | void |
| 2581 | { | 2582 | SSL_set_connect_state(SSL *s) |
| 2582 | s->server=0; | 2583 | { |
| 2583 | s->shutdown=0; | 2584 | s->server = 0; |
| 2584 | s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; | 2585 | s->shutdown = 0; |
| 2585 | s->handshake_func=s->method->ssl_connect; | 2586 | s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; |
| 2587 | s->handshake_func = s->method->ssl_connect; | ||
| 2586 | /* clear the current cipher */ | 2588 | /* clear the current cipher */ |
| 2587 | ssl_clear_cipher_ctx(s); | 2589 | ssl_clear_cipher_ctx(s); |
| 2588 | ssl_clear_hash_ctx(&s->read_hash); | 2590 | ssl_clear_hash_ctx(&s->read_hash); |
| 2589 | ssl_clear_hash_ctx(&s->write_hash); | 2591 | ssl_clear_hash_ctx(&s->write_hash); |
| 2590 | } | 2592 | } |
| 2591 | 2593 | ||
| 2592 | int ssl_undefined_function(SSL *s) | 2594 | int |
| 2593 | { | 2595 | ssl_undefined_function(SSL *s) |
| 2594 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2596 | { |
| 2595 | return(0); | 2597 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2596 | } | 2598 | return (0); |
| 2599 | } | ||
| 2597 | 2600 | ||
| 2598 | int ssl_undefined_void_function(void) | 2601 | int |
| 2599 | { | 2602 | ssl_undefined_void_function(void) |
| 2600 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2603 | { |
| 2601 | return(0); | 2604 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2602 | } | 2605 | return (0); |
| 2606 | } | ||
| 2603 | 2607 | ||
| 2604 | int ssl_undefined_const_function(const SSL *s) | 2608 | int |
| 2605 | { | 2609 | ssl_undefined_const_function(const SSL *s) |
| 2606 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2610 | { |
| 2607 | return(0); | 2611 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2608 | } | 2612 | return (0); |
| 2613 | } | ||
| 2609 | 2614 | ||
| 2610 | SSL_METHOD *ssl_bad_method(int ver) | 2615 | SSL_METHOD |
| 2611 | { | 2616 | *ssl_bad_method(int ver) |
| 2612 | SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2617 | { |
| 2613 | return(NULL); | 2618 | SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2614 | } | 2619 | return (NULL); |
| 2620 | } | ||
| 2615 | 2621 | ||
| 2616 | const char *SSL_get_version(const SSL *s) | 2622 | const char |
| 2617 | { | 2623 | *SSL_get_version(const SSL *s) |
| 2624 | { | ||
| 2618 | if (s->version == TLS1_2_VERSION) | 2625 | if (s->version == TLS1_2_VERSION) |
| 2619 | return("TLSv1.2"); | 2626 | return("TLSv1.2"); |
| 2620 | else if (s->version == TLS1_1_VERSION) | 2627 | else if (s->version == TLS1_1_VERSION) |
| @@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s) | |||
| 2627 | return("SSLv2"); | 2634 | return("SSLv2"); |
| 2628 | else | 2635 | else |
| 2629 | return("unknown"); | 2636 | return("unknown"); |
| 2630 | } | 2637 | } |
| 2631 | 2638 | ||
| 2632 | SSL *SSL_dup(SSL *s) | 2639 | SSL |
| 2633 | { | 2640 | *SSL_dup(SSL *s) |
| 2641 | { | ||
| 2634 | STACK_OF(X509_NAME) *sk; | 2642 | STACK_OF(X509_NAME) *sk; |
| 2635 | X509_NAME *xn; | 2643 | X509_NAME *xn; |
| 2636 | SSL *ret; | 2644 | SSL *ret; |
| 2637 | int i; | 2645 | int i; |
| 2638 | 2646 | ||
| 2639 | if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) | 2647 | if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) |
| 2640 | return(NULL); | 2648 | return (NULL); |
| 2641 | 2649 | ||
| 2642 | ret->version = s->version; | 2650 | ret->version = s->version; |
| 2643 | ret->type = s->type; | 2651 | ret->type = s->type; |
| 2644 | ret->method = s->method; | 2652 | ret->method = s->method; |
| 2645 | 2653 | ||
| 2646 | if (s->session != NULL) | 2654 | if (s->session != NULL) { |
| 2647 | { | ||
| 2648 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ | 2655 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ |
| 2649 | SSL_copy_session_id(ret,s); | 2656 | SSL_copy_session_id(ret, s); |
| 2650 | } | 2657 | } else { |
| 2651 | else | ||
| 2652 | { | ||
| 2653 | /* No session has been established yet, so we have to expect | 2658 | /* No session has been established yet, so we have to expect |
| 2654 | * that s->cert or ret->cert will be changed later -- | 2659 | * that s->cert or ret->cert will be changed later -- |
| 2655 | * they should not both point to the same object, | 2660 | * they should not both point to the same object, |
| @@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s) | |||
| 2659 | ret->method = s->method; | 2664 | ret->method = s->method; |
| 2660 | ret->method->ssl_new(ret); | 2665 | ret->method->ssl_new(ret); |
| 2661 | 2666 | ||
| 2662 | if (s->cert != NULL) | 2667 | if (s->cert != NULL) { |
| 2663 | { | 2668 | if (ret->cert != NULL) { |
| 2664 | if (ret->cert != NULL) | ||
| 2665 | { | ||
| 2666 | ssl_cert_free(ret->cert); | 2669 | ssl_cert_free(ret->cert); |
| 2667 | } | 2670 | } |
| 2668 | ret->cert = ssl_cert_dup(s->cert); | 2671 | ret->cert = ssl_cert_dup(s->cert); |
| 2669 | if (ret->cert == NULL) | 2672 | if (ret->cert == NULL) |
| 2670 | goto err; | 2673 | goto err; |
| 2671 | } | ||
| 2672 | |||
| 2673 | SSL_set_session_id_context(ret, | ||
| 2674 | s->sid_ctx, s->sid_ctx_length); | ||
| 2675 | } | 2674 | } |
| 2676 | 2675 | ||
| 2677 | ret->options=s->options; | 2676 | SSL_set_session_id_context(ret, |
| 2678 | ret->mode=s->mode; | 2677 | s->sid_ctx, s->sid_ctx_length); |
| 2679 | SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); | 2678 | } |
| 2680 | SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); | 2679 | |
| 2680 | ret->options = s->options; | ||
| 2681 | ret->mode = s->mode; | ||
| 2682 | SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); | ||
| 2683 | SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); | ||
| 2681 | ret->msg_callback = s->msg_callback; | 2684 | ret->msg_callback = s->msg_callback; |
| 2682 | ret->msg_callback_arg = s->msg_callback_arg; | 2685 | ret->msg_callback_arg = s->msg_callback_arg; |
| 2683 | SSL_set_verify(ret,SSL_get_verify_mode(s), | 2686 | SSL_set_verify(ret, SSL_get_verify_mode(s), |
| 2684 | SSL_get_verify_callback(s)); | 2687 | SSL_get_verify_callback(s)); |
| 2685 | SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); | 2688 | SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); |
| 2686 | ret->generate_session_id = s->generate_session_id; | 2689 | ret->generate_session_id = s->generate_session_id; |
| 2687 | 2690 | ||
| 2688 | SSL_set_info_callback(ret,SSL_get_info_callback(s)); | 2691 | SSL_set_info_callback(ret, SSL_get_info_callback(s)); |
| 2689 | 2692 | ||
| 2690 | ret->debug=s->debug; | 2693 | ret->debug = s->debug; |
| 2691 | 2694 | ||
| 2692 | /* copy app data, a little dangerous perhaps */ | 2695 | /* copy app data, a little dangerous perhaps */ |
| 2693 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) | 2696 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) |
| 2694 | goto err; | 2697 | goto err; |
| 2695 | 2698 | ||
| 2696 | /* setup rbio, and wbio */ | 2699 | /* setup rbio, and wbio */ |
| 2697 | if (s->rbio != NULL) | 2700 | if (s->rbio != NULL) { |
| 2698 | { | ||
| 2699 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) | 2701 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) |
| 2700 | goto err; | 2702 | goto err; |
| 2701 | } | 2703 | } |
| 2702 | if (s->wbio != NULL) | 2704 | if (s->wbio != NULL) { |
| 2703 | { | 2705 | if (s->wbio != s->rbio) { |
| 2704 | if (s->wbio != s->rbio) | ||
| 2705 | { | ||
| 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) | 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) |
| 2707 | goto err; | 2707 | goto err; |
| 2708 | } | 2708 | } else |
| 2709 | else | 2709 | ret->wbio = ret->rbio; |
| 2710 | ret->wbio=ret->rbio; | 2710 | } |
| 2711 | } | ||
| 2712 | ret->rwstate = s->rwstate; | 2711 | ret->rwstate = s->rwstate; |
| 2713 | ret->in_handshake = s->in_handshake; | 2712 | ret->in_handshake = s->in_handshake; |
| 2714 | ret->handshake_func = s->handshake_func; | 2713 | ret->handshake_func = s->handshake_func; |
| @@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s) | |||
| 2716 | ret->renegotiate = s->renegotiate; | 2715 | ret->renegotiate = s->renegotiate; |
| 2717 | ret->new_session = s->new_session; | 2716 | ret->new_session = s->new_session; |
| 2718 | ret->quiet_shutdown = s->quiet_shutdown; | 2717 | ret->quiet_shutdown = s->quiet_shutdown; |
| 2719 | ret->shutdown=s->shutdown; | 2718 | ret->shutdown = s->shutdown; |
| 2720 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ | 2719 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ |
| 2721 | ret->rstate=s->rstate; | 2720 | ret->rstate = s->rstate; |
| 2722 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | 2721 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ |
| 2723 | ret->hit=s->hit; | 2722 | ret->hit = s->hit; |
| 2724 | 2723 | ||
| 2725 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | 2724 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2726 | 2725 | ||
| 2727 | /* dup the cipher_list and cipher_list_by_id stacks */ | 2726 | /* dup the cipher_list and cipher_list_by_id stacks */ |
| 2728 | if (s->cipher_list != NULL) | 2727 | if (s->cipher_list != NULL) { |
| 2729 | { | 2728 | if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) |
| 2730 | if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | ||
| 2731 | goto err; | 2729 | goto err; |
| 2732 | } | 2730 | } |
| 2733 | if (s->cipher_list_by_id != NULL) | 2731 | if (s->cipher_list_by_id != NULL) |
| 2734 | if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) | 2732 | if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) |
| 2735 | == NULL) | 2733 | == NULL) |
| 2736 | goto err; | 2734 | goto err; |
| 2737 | 2735 | ||
| 2738 | /* Dup the client_CA list */ | 2736 | /* Dup the client_CA list */ |
| 2739 | if (s->client_CA != NULL) | 2737 | if (s->client_CA != NULL) { |
| 2740 | { | 2738 | if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; |
| 2741 | if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; | 2739 | ret->client_CA = sk; |
| 2742 | ret->client_CA=sk; | 2740 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 2743 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 2741 | xn = sk_X509_NAME_value(sk, i); |
| 2744 | { | 2742 | if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { |
| 2745 | xn=sk_X509_NAME_value(sk,i); | ||
| 2746 | if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) | ||
| 2747 | { | ||
| 2748 | X509_NAME_free(xn); | 2743 | X509_NAME_free(xn); |
| 2749 | goto err; | 2744 | goto err; |
| 2750 | } | ||
| 2751 | } | 2745 | } |
| 2752 | } | 2746 | } |
| 2747 | } | ||
| 2753 | 2748 | ||
| 2754 | if (0) | 2749 | if (0) { |
| 2755 | { | ||
| 2756 | err: | 2750 | err: |
| 2757 | if (ret != NULL) SSL_free(ret); | 2751 | if (ret != NULL) |
| 2758 | ret=NULL; | 2752 | SSL_free(ret); |
| 2759 | } | 2753 | ret = NULL; |
| 2760 | return(ret); | ||
| 2761 | } | 2754 | } |
| 2755 | return (ret); | ||
| 2756 | } | ||
| 2762 | 2757 | ||
| 2763 | void ssl_clear_cipher_ctx(SSL *s) | 2758 | void |
| 2764 | { | 2759 | ssl_clear_cipher_ctx(SSL *s) |
| 2765 | if (s->enc_read_ctx != NULL) | 2760 | { |
| 2766 | { | 2761 | if (s->enc_read_ctx != NULL) { |
| 2767 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); | 2762 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); |
| 2768 | OPENSSL_free(s->enc_read_ctx); | 2763 | OPENSSL_free(s->enc_read_ctx); |
| 2769 | s->enc_read_ctx=NULL; | 2764 | s->enc_read_ctx = NULL; |
| 2770 | } | 2765 | } |
| 2771 | if (s->enc_write_ctx != NULL) | 2766 | if (s->enc_write_ctx != NULL) { |
| 2772 | { | ||
| 2773 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); | 2767 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); |
| 2774 | OPENSSL_free(s->enc_write_ctx); | 2768 | OPENSSL_free(s->enc_write_ctx); |
| 2775 | s->enc_write_ctx=NULL; | 2769 | s->enc_write_ctx = NULL; |
| 2776 | } | 2770 | } |
| 2777 | #ifndef OPENSSL_NO_COMP | 2771 | #ifndef OPENSSL_NO_COMP |
| 2778 | if (s->expand != NULL) | 2772 | if (s->expand != NULL) { |
| 2779 | { | ||
| 2780 | COMP_CTX_free(s->expand); | 2773 | COMP_CTX_free(s->expand); |
| 2781 | s->expand=NULL; | 2774 | s->expand = NULL; |
| 2782 | } | 2775 | } |
| 2783 | if (s->compress != NULL) | 2776 | if (s->compress != NULL) { |
| 2784 | { | ||
| 2785 | COMP_CTX_free(s->compress); | 2777 | COMP_CTX_free(s->compress); |
| 2786 | s->compress=NULL; | 2778 | s->compress = NULL; |
| 2787 | } | ||
| 2788 | #endif | ||
| 2789 | } | 2779 | } |
| 2780 | #endif | ||
| 2781 | } | ||
| 2790 | 2782 | ||
| 2791 | /* Fix this function so that it takes an optional type parameter */ | 2783 | /* Fix this function so that it takes an optional type parameter */ |
| 2792 | X509 *SSL_get_certificate(const SSL *s) | 2784 | X509 |
| 2793 | { | 2785 | *SSL_get_certificate(const SSL *s) |
| 2786 | { | ||
| 2794 | if (s->cert != NULL) | 2787 | if (s->cert != NULL) |
| 2795 | return(s->cert->key->x509); | 2788 | return (s->cert->key->x509); |
| 2796 | else | 2789 | else |
| 2797 | return(NULL); | 2790 | return (NULL); |
| 2798 | } | 2791 | } |
| 2799 | 2792 | ||
| 2800 | /* Fix this function so that it takes an optional type parameter */ | 2793 | /* Fix this function so that it takes an optional type parameter */ |
| 2801 | EVP_PKEY *SSL_get_privatekey(SSL *s) | 2794 | EVP_PKEY |
| 2802 | { | 2795 | *SSL_get_privatekey(SSL *s) |
| 2796 | { | ||
| 2803 | if (s->cert != NULL) | 2797 | if (s->cert != NULL) |
| 2804 | return(s->cert->key->privatekey); | 2798 | return (s->cert->key->privatekey); |
| 2805 | else | 2799 | else |
| 2806 | return(NULL); | 2800 | return (NULL); |
| 2807 | } | 2801 | } |
| 2808 | 2802 | ||
| 2809 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) | 2803 | const SSL_CIPHER |
| 2810 | { | 2804 | *SSL_get_current_cipher(const SSL *s) |
| 2805 | { | ||
| 2811 | if ((s->session != NULL) && (s->session->cipher != NULL)) | 2806 | if ((s->session != NULL) && (s->session->cipher != NULL)) |
| 2812 | return(s->session->cipher); | 2807 | return (s->session->cipher); |
| 2813 | return(NULL); | 2808 | return (NULL); |
| 2814 | } | 2809 | } |
| 2815 | #ifdef OPENSSL_NO_COMP | 2810 | #ifdef OPENSSL_NO_COMP |
| 2816 | const void *SSL_get_current_compression(SSL *s) | 2811 | const void |
| 2817 | { | 2812 | *SSL_get_current_compression(SSL *s) |
| 2813 | { | ||
| 2818 | return NULL; | 2814 | return NULL; |
| 2819 | } | 2815 | } |
| 2820 | const void *SSL_get_current_expansion(SSL *s) | 2816 | |
| 2821 | { | 2817 | const void |
| 2818 | *SSL_get_current_expansion(SSL *s) | ||
| 2819 | { | ||
| 2822 | return NULL; | 2820 | return NULL; |
| 2823 | } | 2821 | } |
| 2824 | #else | 2822 | #else |
| 2825 | 2823 | ||
| 2826 | const COMP_METHOD *SSL_get_current_compression(SSL *s) | 2824 | const COMP_METHOD |
| 2827 | { | 2825 | *SSL_get_current_compression(SSL *s) |
| 2826 | { | ||
| 2828 | if (s->compress != NULL) | 2827 | if (s->compress != NULL) |
| 2829 | return(s->compress->meth); | 2828 | return (s->compress->meth); |
| 2830 | return(NULL); | 2829 | return (NULL); |
| 2831 | } | 2830 | } |
| 2832 | 2831 | ||
| 2833 | const COMP_METHOD *SSL_get_current_expansion(SSL *s) | 2832 | const COMP_METHOD |
| 2834 | { | 2833 | *SSL_get_current_expansion(SSL *s) |
| 2834 | { | ||
| 2835 | if (s->expand != NULL) | 2835 | if (s->expand != NULL) |
| 2836 | return(s->expand->meth); | 2836 | return (s->expand->meth); |
| 2837 | return(NULL); | 2837 | return (NULL); |
| 2838 | } | 2838 | } |
| 2839 | #endif | 2839 | #endif |
| 2840 | 2840 | ||
| 2841 | int ssl_init_wbio_buffer(SSL *s,int push) | 2841 | int |
| 2842 | { | 2842 | ssl_init_wbio_buffer(SSL *s, int push) |
| 2843 | { | ||
| 2843 | BIO *bbio; | 2844 | BIO *bbio; |
| 2844 | 2845 | ||
| 2845 | if (s->bbio == NULL) | 2846 | if (s->bbio == NULL) { |
| 2846 | { | 2847 | bbio = BIO_new(BIO_f_buffer()); |
| 2847 | bbio=BIO_new(BIO_f_buffer()); | 2848 | if (bbio == NULL) |
| 2848 | if (bbio == NULL) return(0); | 2849 | return (0); |
| 2849 | s->bbio=bbio; | 2850 | s->bbio = bbio; |
| 2850 | } | 2851 | } else { |
| 2851 | else | 2852 | bbio = s->bbio; |
| 2852 | { | ||
| 2853 | bbio=s->bbio; | ||
| 2854 | if (s->bbio == s->wbio) | 2853 | if (s->bbio == s->wbio) |
| 2855 | s->wbio=BIO_pop(s->wbio); | 2854 | s->wbio = BIO_pop(s->wbio); |
| 2856 | } | 2855 | } |
| 2857 | (void)BIO_reset(bbio); | 2856 | (void)BIO_reset(bbio); |
| 2858 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ | 2857 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ |
| 2859 | if (!BIO_set_read_buffer_size(bbio,1)) | 2858 | if (!BIO_set_read_buffer_size(bbio, 1)) { |
| 2860 | { | 2859 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); |
| 2861 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); | 2860 | return (0); |
| 2862 | return(0); | 2861 | } |
| 2863 | } | 2862 | if (push) { |
| 2864 | if (push) | ||
| 2865 | { | ||
| 2866 | if (s->wbio != bbio) | 2863 | if (s->wbio != bbio) |
| 2867 | s->wbio=BIO_push(bbio,s->wbio); | 2864 | s->wbio = BIO_push(bbio, s->wbio); |
| 2868 | } | 2865 | } else { |
| 2869 | else | ||
| 2870 | { | ||
| 2871 | if (s->wbio == bbio) | 2866 | if (s->wbio == bbio) |
| 2872 | s->wbio=BIO_pop(bbio); | 2867 | s->wbio = BIO_pop(bbio); |
| 2873 | } | ||
| 2874 | return(1); | ||
| 2875 | } | 2868 | } |
| 2869 | return (1); | ||
| 2870 | } | ||
| 2876 | 2871 | ||
| 2877 | void ssl_free_wbio_buffer(SSL *s) | 2872 | void |
| 2878 | { | 2873 | ssl_free_wbio_buffer(SSL *s) |
| 2879 | if (s->bbio == NULL) return; | 2874 | { |
| 2875 | if (s->bbio == NULL) | ||
| 2876 | return; | ||
| 2880 | 2877 | ||
| 2881 | if (s->bbio == s->wbio) | 2878 | if (s->bbio == s->wbio) { |
| 2882 | { | ||
| 2883 | /* remove buffering */ | 2879 | /* remove buffering */ |
| 2884 | s->wbio=BIO_pop(s->wbio); | 2880 | s->wbio = BIO_pop(s->wbio); |
| 2885 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ | 2881 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ |
| 2886 | assert(s->wbio != NULL); | 2882 | assert(s->wbio != NULL); |
| 2887 | #endif | 2883 | #endif |
| 2888 | } | 2884 | } |
| 2889 | BIO_free(s->bbio); | 2885 | BIO_free(s->bbio); |
| 2890 | s->bbio=NULL; | 2886 | s->bbio = NULL; |
| 2891 | } | 2887 | } |
| 2892 | |||
| 2893 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) | ||
| 2894 | { | ||
| 2895 | ctx->quiet_shutdown=mode; | ||
| 2896 | } | ||
| 2897 | 2888 | ||
| 2898 | int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | 2889 | void |
| 2899 | { | 2890 | SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) |
| 2900 | return(ctx->quiet_shutdown); | 2891 | { |
| 2901 | } | 2892 | ctx->quiet_shutdown = mode; |
| 2893 | } | ||
| 2902 | 2894 | ||
| 2903 | void SSL_set_quiet_shutdown(SSL *s,int mode) | 2895 | int |
| 2904 | { | 2896 | SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) |
| 2905 | s->quiet_shutdown=mode; | 2897 | { |
| 2906 | } | 2898 | return (ctx->quiet_shutdown); |
| 2899 | } | ||
| 2907 | 2900 | ||
| 2908 | int SSL_get_quiet_shutdown(const SSL *s) | 2901 | void |
| 2909 | { | 2902 | SSL_set_quiet_shutdown(SSL *s, int mode) |
| 2910 | return(s->quiet_shutdown); | 2903 | { |
| 2911 | } | 2904 | s->quiet_shutdown = mode; |
| 2905 | } | ||
| 2912 | 2906 | ||
| 2913 | void SSL_set_shutdown(SSL *s,int mode) | 2907 | int |
| 2914 | { | 2908 | SSL_get_quiet_shutdown(const SSL *s) |
| 2915 | s->shutdown=mode; | 2909 | { |
| 2916 | } | 2910 | return (s->quiet_shutdown); |
| 2911 | } | ||
| 2917 | 2912 | ||
| 2918 | int SSL_get_shutdown(const SSL *s) | 2913 | void |
| 2919 | { | 2914 | SSL_set_shutdown(SSL *s, int mode) |
| 2920 | return(s->shutdown); | 2915 | { |
| 2921 | } | 2916 | s->shutdown = mode; |
| 2917 | } | ||
| 2922 | 2918 | ||
| 2923 | int SSL_version(const SSL *s) | 2919 | int |
| 2924 | { | 2920 | SSL_get_shutdown(const SSL *s) |
| 2925 | return(s->version); | 2921 | { |
| 2926 | } | 2922 | return (s->shutdown); |
| 2923 | } | ||
| 2927 | 2924 | ||
| 2928 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) | 2925 | int |
| 2929 | { | 2926 | SSL_version(const SSL *s) |
| 2930 | return(ssl->ctx); | 2927 | { |
| 2931 | } | 2928 | return (s->version); |
| 2929 | } | ||
| 2932 | 2930 | ||
| 2933 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | 2931 | SSL_CTX |
| 2934 | { | 2932 | *SSL_get_SSL_CTX(const SSL *ssl) |
| 2933 | { | ||
| 2934 | return (ssl->ctx); | ||
| 2935 | } | ||
| 2936 | |||
| 2937 | SSL_CTX | ||
| 2938 | *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
| 2939 | { | ||
| 2935 | if (ssl->ctx == ctx) | 2940 | if (ssl->ctx == ctx) |
| 2936 | return ssl->ctx; | 2941 | return ssl->ctx; |
| 2937 | #ifndef OPENSSL_NO_TLSEXT | 2942 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | |||
| 2941 | if (ssl->cert != NULL) | 2946 | if (ssl->cert != NULL) |
| 2942 | ssl_cert_free(ssl->cert); | 2947 | ssl_cert_free(ssl->cert); |
| 2943 | ssl->cert = ssl_cert_dup(ctx->cert); | 2948 | ssl->cert = ssl_cert_dup(ctx->cert); |
| 2944 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 2949 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 2945 | if (ssl->ctx != NULL) | 2950 | if (ssl->ctx != NULL) |
| 2946 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | 2951 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ |
| 2947 | ssl->ctx = ctx; | 2952 | ssl->ctx = ctx; |
| 2948 | return(ssl->ctx); | 2953 | return (ssl->ctx); |
| 2949 | } | 2954 | } |
| 2950 | 2955 | ||
| 2951 | #ifndef OPENSSL_NO_STDIO | 2956 | #ifndef OPENSSL_NO_STDIO |
| 2952 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | 2957 | int |
| 2953 | { | 2958 | SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) |
| 2954 | return(X509_STORE_set_default_paths(ctx->cert_store)); | 2959 | { |
| 2955 | } | 2960 | return (X509_STORE_set_default_paths(ctx->cert_store)); |
| 2961 | } | ||
| 2956 | 2962 | ||
| 2957 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | 2963 | int |
| 2958 | const char *CApath) | 2964 | SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 2959 | { | 2965 | const char *CApath) |
| 2960 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); | 2966 | { |
| 2961 | } | 2967 | return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); |
| 2968 | } | ||
| 2962 | #endif | 2969 | #endif |
| 2963 | 2970 | ||
| 2964 | void SSL_set_info_callback(SSL *ssl, | 2971 | void |
| 2965 | void (*cb)(const SSL *ssl,int type,int val)) | 2972 | SSL_set_info_callback(SSL *ssl, |
| 2966 | { | 2973 | void (*cb)(const SSL *ssl, int type, int val)) |
| 2967 | ssl->info_callback=cb; | 2974 | { |
| 2968 | } | 2975 | ssl->info_callback = cb; |
| 2976 | } | ||
| 2969 | 2977 | ||
| 2970 | /* One compiler (Diab DCC) doesn't like argument names in returned | 2978 | /* One compiler (Diab DCC) doesn't like argument names in returned |
| 2971 | function pointer. */ | 2979 | function pointer. */ |
| 2972 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) | 2980 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) |
| 2973 | { | 2981 | { |
| 2974 | return ssl->info_callback; | 2982 | return ssl->info_callback; |
| 2975 | } | 2983 | } |
| 2976 | 2984 | ||
| 2977 | int SSL_state(const SSL *ssl) | 2985 | int |
| 2978 | { | 2986 | SSL_state(const SSL *ssl) |
| 2979 | return(ssl->state); | 2987 | { |
| 2980 | } | 2988 | return (ssl->state); |
| 2989 | } | ||
| 2981 | 2990 | ||
| 2982 | void SSL_set_state(SSL *ssl, int state) | 2991 | void |
| 2983 | { | 2992 | SSL_set_state(SSL *ssl, int state) |
| 2993 | { | ||
| 2984 | ssl->state = state; | 2994 | ssl->state = state; |
| 2985 | } | 2995 | } |
| 2986 | 2996 | ||
| 2987 | void SSL_set_verify_result(SSL *ssl,long arg) | 2997 | void |
| 2988 | { | 2998 | SSL_set_verify_result(SSL *ssl, long arg) |
| 2989 | ssl->verify_result=arg; | 2999 | { |
| 2990 | } | 3000 | ssl->verify_result = arg; |
| 3001 | } | ||
| 2991 | 3002 | ||
| 2992 | long SSL_get_verify_result(const SSL *ssl) | 3003 | long |
| 2993 | { | 3004 | SSL_get_verify_result(const SSL *ssl) |
| 2994 | return(ssl->verify_result); | 3005 | { |
| 2995 | } | 3006 | return (ssl->verify_result); |
| 3007 | } | ||
| 2996 | 3008 | ||
| 2997 | int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3009 | int |
| 2998 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3010 | SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 2999 | { | 3011 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3012 | { | ||
| 3000 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, | 3013 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, |
| 3001 | new_func, dup_func, free_func); | 3014 | new_func, dup_func, free_func); |
| 3002 | } | 3015 | } |
| 3003 | 3016 | ||
| 3004 | int SSL_set_ex_data(SSL *s,int idx,void *arg) | 3017 | int |
| 3005 | { | 3018 | SSL_set_ex_data(SSL *s, int idx, void *arg) |
| 3006 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3019 | { |
| 3007 | } | 3020 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3021 | } | ||
| 3008 | 3022 | ||
| 3009 | void *SSL_get_ex_data(const SSL *s,int idx) | 3023 | void |
| 3010 | { | 3024 | *SSL_get_ex_data(const SSL *s, int idx) |
| 3011 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3025 | { |
| 3012 | } | 3026 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3027 | } | ||
| 3013 | 3028 | ||
| 3014 | int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3029 | int |
| 3015 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3030 | SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 3016 | { | 3031 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3032 | { | ||
| 3017 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, | 3033 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, |
| 3018 | new_func, dup_func, free_func); | 3034 | new_func, dup_func, free_func); |
| 3019 | } | 3035 | } |
| 3020 | 3036 | ||
| 3021 | int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) | 3037 | int |
| 3022 | { | 3038 | SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) |
| 3023 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3039 | { |
| 3024 | } | 3040 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3041 | } | ||
| 3025 | 3042 | ||
| 3026 | void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) | 3043 | void |
| 3027 | { | 3044 | *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) |
| 3028 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3045 | { |
| 3029 | } | 3046 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3047 | } | ||
| 3030 | 3048 | ||
| 3031 | int ssl_ok(SSL *s) | 3049 | int |
| 3032 | { | 3050 | ssl_ok(SSL *s) |
| 3033 | return(1); | 3051 | { |
| 3034 | } | 3052 | return (1); |
| 3053 | } | ||
| 3035 | 3054 | ||
| 3036 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) | 3055 | X509_STORE |
| 3037 | { | 3056 | *SSL_CTX_get_cert_store(const SSL_CTX *ctx) |
| 3038 | return(ctx->cert_store); | 3057 | { |
| 3039 | } | 3058 | return (ctx->cert_store); |
| 3059 | } | ||
| 3040 | 3060 | ||
| 3041 | void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) | 3061 | void |
| 3042 | { | 3062 | SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) |
| 3063 | { | ||
| 3043 | if (ctx->cert_store != NULL) | 3064 | if (ctx->cert_store != NULL) |
| 3044 | X509_STORE_free(ctx->cert_store); | 3065 | X509_STORE_free(ctx->cert_store); |
| 3045 | ctx->cert_store=store; | 3066 | ctx->cert_store = store; |
| 3046 | } | 3067 | } |
| 3047 | 3068 | ||
| 3048 | int SSL_want(const SSL *s) | 3069 | int |
| 3049 | { | 3070 | SSL_want(const SSL *s) |
| 3050 | return(s->rwstate); | 3071 | { |
| 3051 | } | 3072 | return (s->rwstate); |
| 3073 | } | ||
| 3052 | 3074 | ||
| 3053 | /*! | 3075 | /*! |
| 3054 | * \brief Set the callback for generating temporary RSA keys. | 3076 | * \brief Set the callback for generating temporary RSA keys. |
| @@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s) | |||
| 3057 | */ | 3079 | */ |
| 3058 | 3080 | ||
| 3059 | #ifndef OPENSSL_NO_RSA | 3081 | #ifndef OPENSSL_NO_RSA |
| 3060 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | 3082 | void |
| 3061 | int is_export, | 3083 | SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, |
| 3062 | int keylength)) | 3084 | int is_export, |
| 3063 | { | 3085 | int keylength)) |
| 3064 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3086 | { |
| 3065 | } | 3087 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 3066 | 3088 | } | |
| 3067 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | 3089 | |
| 3068 | int is_export, | 3090 | void |
| 3069 | int keylength)) | 3091 | SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, |
| 3070 | { | 3092 | int is_export, |
| 3071 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3093 | int keylength)) |
| 3072 | } | 3094 | { |
| 3095 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
| 3096 | } | ||
| 3073 | #endif | 3097 | #endif |
| 3074 | 3098 | ||
| 3075 | #ifdef DOXYGEN | 3099 | #ifdef DOXYGEN |
| @@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | |||
| 3083 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback | 3107 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback |
| 3084 | */ | 3108 | */ |
| 3085 | 3109 | ||
| 3086 | RSA *cb(SSL *ssl,int is_export,int keylength) | 3110 | RSA |
| 3087 | {} | 3111 | *cb(SSL *ssl, int is_export, int keylength) |
| 3112 | {} | ||
| 3088 | #endif | 3113 | #endif |
| 3089 | 3114 | ||
| 3090 | /*! | 3115 | /*! |
| @@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength) | |||
| 3094 | */ | 3119 | */ |
| 3095 | 3120 | ||
| 3096 | #ifndef OPENSSL_NO_DH | 3121 | #ifndef OPENSSL_NO_DH |
| 3097 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | 3122 | void |
| 3098 | int keylength)) | 3123 | SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, |
| 3099 | { | 3124 | int keylength)) |
| 3100 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3125 | { |
| 3101 | } | 3126 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3127 | } | ||
| 3102 | 3128 | ||
| 3103 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | 3129 | void |
| 3104 | int keylength)) | 3130 | SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, |
| 3105 | { | 3131 | int keylength)) |
| 3106 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3132 | { |
| 3107 | } | 3133 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3134 | } | ||
| 3108 | #endif | 3135 | #endif |
| 3109 | 3136 | ||
| 3110 | #ifndef OPENSSL_NO_ECDH | 3137 | #ifndef OPENSSL_NO_ECDH |
| 3111 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3138 | void |
| 3112 | int keylength)) | 3139 | SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3113 | { | 3140 | int keylength)) |
| 3114 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3141 | { |
| 3115 | } | 3142 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3143 | } | ||
| 3116 | 3144 | ||
| 3117 | void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3145 | void |
| 3118 | int keylength)) | 3146 | SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3119 | { | 3147 | int keylength)) |
| 3120 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3148 | { |
| 3121 | } | 3149 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3150 | } | ||
| 3122 | #endif | 3151 | #endif |
| 3123 | 3152 | ||
| 3124 | #ifndef OPENSSL_NO_PSK | 3153 | #ifndef OPENSSL_NO_PSK |
| 3125 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) | 3154 | int |
| 3126 | { | 3155 | SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) |
| 3127 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3156 | { |
| 3128 | { | 3157 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3129 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3158 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3130 | return 0; | 3159 | return 0; |
| 3131 | } | 3160 | } |
| 3132 | if (ctx->psk_identity_hint != NULL) | 3161 | if (ctx->psk_identity_hint != NULL) |
| 3133 | OPENSSL_free(ctx->psk_identity_hint); | 3162 | OPENSSL_free(ctx->psk_identity_hint); |
| 3134 | if (identity_hint != NULL) | 3163 | if (identity_hint != NULL) { |
| 3135 | { | ||
| 3136 | ctx->psk_identity_hint = BUF_strdup(identity_hint); | 3164 | ctx->psk_identity_hint = BUF_strdup(identity_hint); |
| 3137 | if (ctx->psk_identity_hint == NULL) | 3165 | if (ctx->psk_identity_hint == NULL) |
| 3138 | return 0; | 3166 | return 0; |
| 3139 | } | 3167 | } else |
| 3140 | else | ||
| 3141 | ctx->psk_identity_hint = NULL; | 3168 | ctx->psk_identity_hint = NULL; |
| 3142 | return 1; | 3169 | return 1; |
| 3143 | } | 3170 | } |
| 3144 | 3171 | ||
| 3145 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) | 3172 | int |
| 3146 | { | 3173 | SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) |
| 3174 | { | ||
| 3147 | if (s == NULL) | 3175 | if (s == NULL) |
| 3148 | return 0; | 3176 | return 0; |
| 3149 | 3177 | ||
| 3150 | if (s->session == NULL) | 3178 | if (s->session == NULL) |
| 3151 | return 1; /* session not created yet, ignored */ | 3179 | return 1; /* session not created yet, ignored */ |
| 3152 | 3180 | ||
| 3153 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3181 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3154 | { | ||
| 3155 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3182 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3156 | return 0; | 3183 | return 0; |
| 3157 | } | 3184 | } |
| 3158 | if (s->session->psk_identity_hint != NULL) | 3185 | if (s->session->psk_identity_hint != NULL) |
| 3159 | OPENSSL_free(s->session->psk_identity_hint); | 3186 | OPENSSL_free(s->session->psk_identity_hint); |
| 3160 | if (identity_hint != NULL) | 3187 | if (identity_hint != NULL) { |
| 3161 | { | ||
| 3162 | s->session->psk_identity_hint = BUF_strdup(identity_hint); | 3188 | s->session->psk_identity_hint = BUF_strdup(identity_hint); |
| 3163 | if (s->session->psk_identity_hint == NULL) | 3189 | if (s->session->psk_identity_hint == NULL) |
| 3164 | return 0; | 3190 | return 0; |
| 3165 | } | 3191 | } else |
| 3166 | else | ||
| 3167 | s->session->psk_identity_hint = NULL; | 3192 | s->session->psk_identity_hint = NULL; |
| 3168 | return 1; | 3193 | return 1; |
| 3169 | } | 3194 | } |
| 3170 | 3195 | ||
| 3171 | const char *SSL_get_psk_identity_hint(const SSL *s) | 3196 | const char |
| 3172 | { | 3197 | *SSL_get_psk_identity_hint(const SSL *s) |
| 3198 | { | ||
| 3173 | if (s == NULL || s->session == NULL) | 3199 | if (s == NULL || s->session == NULL) |
| 3174 | return NULL; | 3200 | return NULL; |
| 3175 | return(s->session->psk_identity_hint); | 3201 | return (s->session->psk_identity_hint); |
| 3176 | } | 3202 | } |
| 3177 | 3203 | ||
| 3178 | const char *SSL_get_psk_identity(const SSL *s) | 3204 | const char |
| 3179 | { | 3205 | *SSL_get_psk_identity(const SSL *s) |
| 3206 | { | ||
| 3180 | if (s == NULL || s->session == NULL) | 3207 | if (s == NULL || s->session == NULL) |
| 3181 | return NULL; | 3208 | return NULL; |
| 3182 | return(s->session->psk_identity); | 3209 | return (s->session->psk_identity); |
| 3183 | } | 3210 | } |
| 3184 | 3211 | ||
| 3185 | void SSL_set_psk_client_callback(SSL *s, | 3212 | void |
| 3213 | SSL_set_psk_client_callback(SSL *s, | ||
| 3186 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3214 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3187 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3215 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3188 | unsigned int max_psk_len)) | 3216 | unsigned int max_psk_len)) |
| 3189 | { | 3217 | { |
| 3190 | s->psk_client_callback = cb; | 3218 | s->psk_client_callback = cb; |
| 3191 | } | 3219 | } |
| 3192 | 3220 | ||
| 3193 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | 3221 | void |
| 3222 | SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | ||
| 3194 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3223 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3195 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3224 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3196 | unsigned int max_psk_len)) | 3225 | unsigned int max_psk_len)) |
| 3197 | { | 3226 | { |
| 3198 | ctx->psk_client_callback = cb; | 3227 | ctx->psk_client_callback = cb; |
| 3199 | } | 3228 | } |
| 3200 | 3229 | ||
| 3201 | void SSL_set_psk_server_callback(SSL *s, | 3230 | void |
| 3231 | SSL_set_psk_server_callback(SSL *s, | ||
| 3202 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3232 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3203 | unsigned char *psk, unsigned int max_psk_len)) | 3233 | unsigned char *psk, unsigned int max_psk_len)) |
| 3204 | { | 3234 | { |
| 3205 | s->psk_server_callback = cb; | 3235 | s->psk_server_callback = cb; |
| 3206 | } | 3236 | } |
| 3207 | 3237 | ||
| 3208 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | 3238 | void |
| 3239 | SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | ||
| 3209 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3240 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3210 | unsigned char *psk, unsigned int max_psk_len)) | 3241 | unsigned char *psk, unsigned int max_psk_len)) |
| 3211 | { | 3242 | { |
| 3212 | ctx->psk_server_callback = cb; | 3243 | ctx->psk_server_callback = cb; |
| 3213 | } | 3244 | } |
| 3214 | #endif | 3245 | #endif |
| 3215 | 3246 | ||
| 3216 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3247 | void |
| 3217 | { | 3248 | SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 3249 | { | ||
| 3218 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3250 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3219 | } | 3251 | } |
| 3220 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3252 | |
| 3221 | { | 3253 | void |
| 3254 | SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 3255 | { | ||
| 3222 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3256 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3223 | } | 3257 | } |
| 3224 | 3258 | ||
| 3225 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer | 3259 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer |
| 3226 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if | 3260 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if |
| @@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con | |||
| 3228 | * Returns newly allocated ctx; | 3262 | * Returns newly allocated ctx; |
| 3229 | */ | 3263 | */ |
| 3230 | 3264 | ||
| 3231 | EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) | 3265 | EVP_MD_CTX |
| 3266 | *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) | ||
| 3232 | { | 3267 | { |
| 3233 | ssl_clear_hash_ctx(hash); | 3268 | ssl_clear_hash_ctx(hash); |
| 3234 | *hash = EVP_MD_CTX_create(); | 3269 | *hash = EVP_MD_CTX_create(); |
| 3235 | if (md) EVP_DigestInit_ex(*hash,md,NULL); | 3270 | if (md) |
| 3271 | EVP_DigestInit_ex(*hash, md, NULL); | ||
| 3236 | return *hash; | 3272 | return *hash; |
| 3237 | } | 3273 | } |
| 3238 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash) | 3274 | |
| 3275 | void | ||
| 3276 | ssl_clear_hash_ctx(EVP_MD_CTX **hash) | ||
| 3239 | { | 3277 | { |
| 3240 | 3278 | ||
| 3241 | if (*hash) EVP_MD_CTX_destroy(*hash); | 3279 | if (*hash) |
| 3242 | *hash=NULL; | 3280 | EVP_MD_CTX_destroy(*hash); |
| 3281 | *hash = NULL; | ||
| 3243 | } | 3282 | } |
| 3244 | 3283 | ||
| 3245 | void SSL_set_debug(SSL *s, int debug) | 3284 | void |
| 3246 | { | 3285 | SSL_set_debug(SSL *s, int debug) |
| 3286 | { | ||
| 3247 | s->debug = debug; | 3287 | s->debug = debug; |
| 3248 | } | 3288 | } |
| 3249 | 3289 | ||
| 3250 | int SSL_cache_hit(SSL *s) | 3290 | int |
| 3251 | { | 3291 | SSL_cache_hit(SSL *s) |
| 3292 | { | ||
| 3252 | return s->hit; | 3293 | return s->hit; |
| 3253 | } | 3294 | } |
| 3254 | 3295 | ||
| 3255 | IMPLEMENT_STACK_OF(SSL_CIPHER) | 3296 | IMPLEMENT_STACK_OF(SSL_CIPHER) |
| 3256 | IMPLEMENT_STACK_OF(SSL_COMP) | 3297 | IMPLEMENT_STACK_OF(SSL_COMP) |
| 3257 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, | 3298 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, |
| 3258 | ssl_cipher_id); | 3299 | ssl_cipher_id); |
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c index 60e7b66859..078df55f06 100644 --- a/src/lib/libssl/src/ssl/ssl_rsa.c +++ b/src/lib/libssl/src/ssl/ssl_rsa.c | |||
| @@ -66,135 +66,126 @@ | |||
| 66 | 66 | ||
| 67 | static int ssl_set_cert(CERT *c, X509 *x509); | 67 | static int ssl_set_cert(CERT *c, X509 *x509); |
| 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); |
| 69 | int SSL_use_certificate(SSL *ssl, X509 *x) | 69 | int |
| 70 | { | 70 | SSL_use_certificate(SSL *ssl, X509 *x) |
| 71 | if (x == NULL) | 71 | { |
| 72 | { | 72 | if (x == NULL) { |
| 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); |
| 74 | return(0); | 74 | return (0); |
| 75 | } | 75 | } |
| 76 | if (!ssl_cert_inst(&ssl->cert)) | 76 | if (!ssl_cert_inst(&ssl->cert)) { |
| 77 | { | 77 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 78 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 78 | return (0); |
| 79 | return(0); | ||
| 80 | } | ||
| 81 | return(ssl_set_cert(ssl->cert,x)); | ||
| 82 | } | 79 | } |
| 80 | return (ssl_set_cert(ssl->cert, x)); | ||
| 81 | } | ||
| 83 | 82 | ||
| 84 | #ifndef OPENSSL_NO_STDIO | 83 | #ifndef OPENSSL_NO_STDIO |
| 85 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type) | 84 | int |
| 86 | { | 85 | SSL_use_certificate_file(SSL *ssl, const char *file, int type) |
| 86 | { | ||
| 87 | int j; | 87 | int j; |
| 88 | BIO *in; | 88 | BIO *in; |
| 89 | int ret=0; | 89 | int ret = 0; |
| 90 | X509 *x=NULL; | 90 | X509 *x = NULL; |
| 91 | 91 | ||
| 92 | in=BIO_new(BIO_s_file_internal()); | 92 | in = BIO_new(BIO_s_file_internal()); |
| 93 | if (in == NULL) | 93 | if (in == NULL) { |
| 94 | { | 94 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 95 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 96 | goto end; | 95 | goto end; |
| 97 | } | 96 | } |
| 98 | 97 | ||
| 99 | if (BIO_read_filename(in,file) <= 0) | 98 | if (BIO_read_filename(in, file) <= 0) { |
| 100 | { | 99 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 101 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 102 | goto end; | 100 | goto end; |
| 103 | } | 101 | } |
| 104 | if (type == SSL_FILETYPE_ASN1) | 102 | if (type == SSL_FILETYPE_ASN1) { |
| 105 | { | 103 | j = ERR_R_ASN1_LIB; |
| 106 | j=ERR_R_ASN1_LIB; | 104 | x = d2i_X509_bio(in, NULL); |
| 107 | x=d2i_X509_bio(in,NULL); | 105 | } else if (type == SSL_FILETYPE_PEM) { |
| 108 | } | 106 | j = ERR_R_PEM_LIB; |
| 109 | else if (type == SSL_FILETYPE_PEM) | 107 | x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 110 | { | 108 | } else { |
| 111 | j=ERR_R_PEM_LIB; | 109 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 112 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 113 | } | ||
| 114 | else | ||
| 115 | { | ||
| 116 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 117 | goto end; | 110 | goto end; |
| 118 | } | 111 | } |
| 119 | 112 | ||
| 120 | if (x == NULL) | 113 | if (x == NULL) { |
| 121 | { | 114 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); |
| 122 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); | ||
| 123 | goto end; | 115 | goto end; |
| 124 | } | 116 | } |
| 125 | 117 | ||
| 126 | ret=SSL_use_certificate(ssl,x); | 118 | ret = SSL_use_certificate(ssl, x); |
| 127 | end: | 119 | end: |
| 128 | if (x != NULL) X509_free(x); | 120 | if (x != NULL) |
| 129 | if (in != NULL) BIO_free(in); | 121 | X509_free(x); |
| 130 | return(ret); | 122 | if (in != NULL) |
| 131 | } | 123 | BIO_free(in); |
| 124 | return (ret); | ||
| 125 | } | ||
| 132 | #endif | 126 | #endif |
| 133 | 127 | ||
| 134 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) | 128 | int |
| 135 | { | 129 | SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) |
| 130 | { | ||
| 136 | X509 *x; | 131 | X509 *x; |
| 137 | int ret; | 132 | int ret; |
| 138 | 133 | ||
| 139 | x=d2i_X509(NULL,&d,(long)len); | 134 | x = d2i_X509(NULL, &d,(long)len); |
| 140 | if (x == NULL) | 135 | if (x == NULL) { |
| 141 | { | 136 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 142 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 137 | return (0); |
| 143 | return(0); | 138 | } |
| 144 | } | ||
| 145 | 139 | ||
| 146 | ret=SSL_use_certificate(ssl,x); | 140 | ret = SSL_use_certificate(ssl, x); |
| 147 | X509_free(x); | 141 | X509_free(x); |
| 148 | return(ret); | 142 | return (ret); |
| 149 | } | 143 | } |
| 150 | 144 | ||
| 151 | #ifndef OPENSSL_NO_RSA | 145 | #ifndef OPENSSL_NO_RSA |
| 152 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | 146 | int |
| 153 | { | 147 | SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) |
| 148 | { | ||
| 154 | EVP_PKEY *pkey; | 149 | EVP_PKEY *pkey; |
| 155 | int ret; | 150 | int ret; |
| 156 | 151 | ||
| 157 | if (rsa == NULL) | 152 | if (rsa == NULL) { |
| 158 | { | 153 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 159 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 154 | return (0); |
| 160 | return(0); | 155 | } |
| 161 | } | 156 | if (!ssl_cert_inst(&ssl->cert)) { |
| 162 | if (!ssl_cert_inst(&ssl->cert)) | 157 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 163 | { | 158 | return (0); |
| 164 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 159 | } |
| 165 | return(0); | 160 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 166 | } | 161 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 167 | if ((pkey=EVP_PKEY_new()) == NULL) | 162 | return (0); |
| 168 | { | 163 | } |
| 169 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 170 | return(0); | ||
| 171 | } | ||
| 172 | 164 | ||
| 173 | RSA_up_ref(rsa); | 165 | RSA_up_ref(rsa); |
| 174 | EVP_PKEY_assign_RSA(pkey,rsa); | 166 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 175 | 167 | ||
| 176 | ret=ssl_set_pkey(ssl->cert,pkey); | 168 | ret = ssl_set_pkey(ssl->cert, pkey); |
| 177 | EVP_PKEY_free(pkey); | 169 | EVP_PKEY_free(pkey); |
| 178 | return(ret); | 170 | return (ret); |
| 179 | } | 171 | } |
| 180 | #endif | 172 | #endif |
| 181 | 173 | ||
| 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | 174 | static int |
| 183 | { | 175 | ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
| 176 | { | ||
| 184 | int i; | 177 | int i; |
| 185 | 178 | ||
| 186 | i=ssl_cert_type(NULL,pkey); | 179 | i = ssl_cert_type(NULL, pkey); |
| 187 | if (i < 0) | 180 | if (i < 0) { |
| 188 | { | 181 | SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 189 | SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | 182 | return (0); |
| 190 | return(0); | 183 | } |
| 191 | } | ||
| 192 | 184 | ||
| 193 | if (c->pkeys[i].x509 != NULL) | 185 | if (c->pkeys[i].x509 != NULL) { |
| 194 | { | ||
| 195 | EVP_PKEY *pktmp; | 186 | EVP_PKEY *pktmp; |
| 196 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | 187 | pktmp = X509_get_pubkey(c->pkeys[i].x509); |
| 197 | EVP_PKEY_copy_parameters(pktmp,pkey); | 188 | EVP_PKEY_copy_parameters(pktmp, pkey); |
| 198 | EVP_PKEY_free(pktmp); | 189 | EVP_PKEY_free(pktmp); |
| 199 | ERR_clear_error(); | 190 | ERR_clear_error(); |
| 200 | 191 | ||
| @@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | |||
| 203 | * for smart cards. */ | 194 | * for smart cards. */ |
| 204 | if ((pkey->type == EVP_PKEY_RSA) && | 195 | if ((pkey->type == EVP_PKEY_RSA) && |
| 205 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) | 196 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) |
| 206 | ; | 197 | ; |
| 207 | else | 198 | else |
| 208 | #endif | 199 | #endif |
| 209 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | 200 | if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { |
| 210 | { | ||
| 211 | X509_free(c->pkeys[i].x509); | 201 | X509_free(c->pkeys[i].x509); |
| 212 | c->pkeys[i].x509 = NULL; | 202 | c->pkeys[i].x509 = NULL; |
| 213 | return 0; | 203 | return 0; |
| 214 | } | ||
| 215 | } | 204 | } |
| 205 | } | ||
| 216 | 206 | ||
| 217 | if (c->pkeys[i].privatekey != NULL) | 207 | if (c->pkeys[i].privatekey != NULL) |
| 218 | EVP_PKEY_free(c->pkeys[i].privatekey); | 208 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 219 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 209 | CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 220 | c->pkeys[i].privatekey=pkey; | 210 | c->pkeys[i].privatekey = pkey; |
| 221 | c->key= &(c->pkeys[i]); | 211 | c->key = &(c->pkeys[i]); |
| 222 | 212 | ||
| 223 | c->valid=0; | 213 | c->valid = 0; |
| 224 | return(1); | 214 | return (1); |
| 225 | } | 215 | } |
| 226 | 216 | ||
| 227 | #ifndef OPENSSL_NO_RSA | 217 | #ifndef OPENSSL_NO_RSA |
| 228 | #ifndef OPENSSL_NO_STDIO | 218 | #ifndef OPENSSL_NO_STDIO |
| 229 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) | 219 | int |
| 230 | { | 220 | SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) |
| 231 | int j,ret=0; | 221 | { |
| 222 | int j, ret = 0; | ||
| 232 | BIO *in; | 223 | BIO *in; |
| 233 | RSA *rsa=NULL; | 224 | RSA *rsa = NULL; |
| 234 | 225 | ||
| 235 | in=BIO_new(BIO_s_file_internal()); | 226 | in = BIO_new(BIO_s_file_internal()); |
| 236 | if (in == NULL) | 227 | if (in == NULL) { |
| 237 | { | 228 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 238 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 239 | goto end; | 229 | goto end; |
| 240 | } | 230 | } |
| 241 | 231 | ||
| 242 | if (BIO_read_filename(in,file) <= 0) | 232 | if (BIO_read_filename(in, file) <= 0) { |
| 243 | { | 233 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 245 | goto end; | 234 | goto end; |
| 246 | } | 235 | } |
| 247 | if (type == SSL_FILETYPE_ASN1) | 236 | if (type == SSL_FILETYPE_ASN1) { |
| 248 | { | 237 | j = ERR_R_ASN1_LIB; |
| 249 | j=ERR_R_ASN1_LIB; | 238 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 250 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 239 | } else if (type == SSL_FILETYPE_PEM) { |
| 251 | } | 240 | j = ERR_R_PEM_LIB; |
| 252 | else if (type == SSL_FILETYPE_PEM) | 241 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 253 | { | 242 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 254 | j=ERR_R_PEM_LIB; | 243 | } else { |
| 255 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 256 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 257 | } | ||
| 258 | else | ||
| 259 | { | ||
| 260 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 261 | goto end; | 245 | goto end; |
| 262 | } | 246 | } |
| 263 | if (rsa == NULL) | 247 | if (rsa == NULL) { |
| 264 | { | 248 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); |
| 265 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); | ||
| 266 | goto end; | 249 | goto end; |
| 267 | } | 250 | } |
| 268 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 251 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 269 | RSA_free(rsa); | 252 | RSA_free(rsa); |
| 270 | end: | 253 | end: |
| 271 | if (in != NULL) BIO_free(in); | 254 | if (in != NULL) |
| 272 | return(ret); | 255 | BIO_free(in); |
| 273 | } | 256 | return (ret); |
| 257 | } | ||
| 274 | #endif | 258 | #endif |
| 275 | 259 | ||
| 276 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) | 260 | int |
| 277 | { | 261 | SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) |
| 262 | { | ||
| 278 | int ret; | 263 | int ret; |
| 279 | const unsigned char *p; | 264 | const unsigned char *p; |
| 280 | RSA *rsa; | 265 | RSA *rsa; |
| 281 | 266 | ||
| 282 | p=d; | 267 | p = d; |
| 283 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 268 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 284 | { | 269 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 285 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 270 | return (0); |
| 286 | return(0); | 271 | } |
| 287 | } | ||
| 288 | 272 | ||
| 289 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 273 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 290 | RSA_free(rsa); | 274 | RSA_free(rsa); |
| 291 | return(ret); | 275 | return (ret); |
| 292 | } | 276 | } |
| 293 | #endif /* !OPENSSL_NO_RSA */ | 277 | #endif /* !OPENSSL_NO_RSA */ |
| 294 | 278 | ||
| 295 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) | 279 | int |
| 296 | { | 280 | SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) |
| 281 | { | ||
| 297 | int ret; | 282 | int ret; |
| 298 | 283 | ||
| 299 | if (pkey == NULL) | 284 | if (pkey == NULL) { |
| 300 | { | 285 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 301 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 286 | return (0); |
| 302 | return(0); | 287 | } |
| 303 | } | 288 | if (!ssl_cert_inst(&ssl->cert)) { |
| 304 | if (!ssl_cert_inst(&ssl->cert)) | 289 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 305 | { | 290 | return (0); |
| 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 307 | return(0); | ||
| 308 | } | ||
| 309 | ret=ssl_set_pkey(ssl->cert,pkey); | ||
| 310 | return(ret); | ||
| 311 | } | 291 | } |
| 292 | ret = ssl_set_pkey(ssl->cert, pkey); | ||
| 293 | return (ret); | ||
| 294 | } | ||
| 312 | 295 | ||
| 313 | #ifndef OPENSSL_NO_STDIO | 296 | #ifndef OPENSSL_NO_STDIO |
| 314 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | 297 | int |
| 315 | { | 298 | SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) |
| 316 | int j,ret=0; | 299 | { |
| 300 | int j, ret = 0; | ||
| 317 | BIO *in; | 301 | BIO *in; |
| 318 | EVP_PKEY *pkey=NULL; | 302 | EVP_PKEY *pkey = NULL; |
| 319 | 303 | ||
| 320 | in=BIO_new(BIO_s_file_internal()); | 304 | in = BIO_new(BIO_s_file_internal()); |
| 321 | if (in == NULL) | 305 | if (in == NULL) { |
| 322 | { | 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 323 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 324 | goto end; | 307 | goto end; |
| 325 | } | 308 | } |
| 326 | 309 | ||
| 327 | if (BIO_read_filename(in,file) <= 0) | 310 | if (BIO_read_filename(in, file) <= 0) { |
| 328 | { | 311 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 329 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 330 | goto end; | 312 | goto end; |
| 331 | } | 313 | } |
| 332 | if (type == SSL_FILETYPE_PEM) | 314 | if (type == SSL_FILETYPE_PEM) { |
| 333 | { | 315 | j = ERR_R_PEM_LIB; |
| 334 | j=ERR_R_PEM_LIB; | 316 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 335 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 317 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 336 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | 318 | } else if (type == SSL_FILETYPE_ASN1) { |
| 337 | } | ||
| 338 | else if (type == SSL_FILETYPE_ASN1) | ||
| 339 | { | ||
| 340 | j = ERR_R_ASN1_LIB; | 319 | j = ERR_R_ASN1_LIB; |
| 341 | pkey = d2i_PrivateKey_bio(in,NULL); | 320 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 342 | } | 321 | } else { |
| 343 | else | 322 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 344 | { | ||
| 345 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 346 | goto end; | 323 | goto end; |
| 347 | } | 324 | } |
| 348 | if (pkey == NULL) | 325 | if (pkey == NULL) { |
| 349 | { | 326 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); |
| 350 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); | ||
| 351 | goto end; | 327 | goto end; |
| 352 | } | 328 | } |
| 353 | ret=SSL_use_PrivateKey(ssl,pkey); | 329 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 354 | EVP_PKEY_free(pkey); | 330 | EVP_PKEY_free(pkey); |
| 355 | end: | 331 | end: |
| 356 | if (in != NULL) BIO_free(in); | 332 | if (in != NULL) |
| 357 | return(ret); | 333 | BIO_free(in); |
| 358 | } | 334 | return (ret); |
| 335 | } | ||
| 359 | #endif | 336 | #endif |
| 360 | 337 | ||
| 361 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) | 338 | int |
| 362 | { | 339 | SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) |
| 340 | { | ||
| 363 | int ret; | 341 | int ret; |
| 364 | const unsigned char *p; | 342 | const unsigned char *p; |
| 365 | EVP_PKEY *pkey; | 343 | EVP_PKEY *pkey; |
| 366 | 344 | ||
| 367 | p=d; | 345 | p = d; |
| 368 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 346 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 369 | { | 347 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 370 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 348 | return (0); |
| 371 | return(0); | 349 | } |
| 372 | } | ||
| 373 | 350 | ||
| 374 | ret=SSL_use_PrivateKey(ssl,pkey); | 351 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 375 | EVP_PKEY_free(pkey); | 352 | EVP_PKEY_free(pkey); |
| 376 | return(ret); | 353 | return (ret); |
| 354 | } | ||
| 355 | |||
| 356 | int | ||
| 357 | SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | ||
| 358 | { | ||
| 359 | if (x == NULL) { | ||
| 360 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); | ||
| 361 | return (0); | ||
| 377 | } | 362 | } |
| 378 | 363 | if (!ssl_cert_inst(&ctx->cert)) { | |
| 379 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | 364 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 380 | { | 365 | return (0); |
| 381 | if (x == NULL) | ||
| 382 | { | ||
| 383 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | ||
| 384 | return(0); | ||
| 385 | } | ||
| 386 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 387 | { | ||
| 388 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 389 | return(0); | ||
| 390 | } | ||
| 391 | return(ssl_set_cert(ctx->cert, x)); | ||
| 392 | } | 366 | } |
| 367 | return (ssl_set_cert(ctx->cert, x)); | ||
| 368 | } | ||
| 393 | 369 | ||
| 394 | static int ssl_set_cert(CERT *c, X509 *x) | 370 | static int |
| 395 | { | 371 | ssl_set_cert(CERT *c, X509 *x) |
| 372 | { | ||
| 396 | EVP_PKEY *pkey; | 373 | EVP_PKEY *pkey; |
| 397 | int i; | 374 | int i; |
| 398 | 375 | ||
| 399 | pkey=X509_get_pubkey(x); | 376 | pkey = X509_get_pubkey(x); |
| 400 | if (pkey == NULL) | 377 | if (pkey == NULL) { |
| 401 | { | 378 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); |
| 402 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); | 379 | return (0); |
| 403 | return(0); | 380 | } |
| 404 | } | ||
| 405 | 381 | ||
| 406 | i=ssl_cert_type(x,pkey); | 382 | i = ssl_cert_type(x, pkey); |
| 407 | if (i < 0) | 383 | if (i < 0) { |
| 408 | { | 384 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 409 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 410 | EVP_PKEY_free(pkey); | 385 | EVP_PKEY_free(pkey); |
| 411 | return(0); | 386 | return (0); |
| 412 | } | 387 | } |
| 413 | 388 | ||
| 414 | if (c->pkeys[i].privatekey != NULL) | 389 | if (c->pkeys[i].privatekey != NULL) { |
| 415 | { | 390 | EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); |
| 416 | EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); | ||
| 417 | ERR_clear_error(); | 391 | ERR_clear_error(); |
| 418 | 392 | ||
| 419 | #ifndef OPENSSL_NO_RSA | 393 | #ifndef OPENSSL_NO_RSA |
| @@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x) | |||
| 421 | * for smart cards. */ | 395 | * for smart cards. */ |
| 422 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | 396 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && |
| 423 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | 397 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & |
| 424 | RSA_METHOD_FLAG_NO_CHECK)) | 398 | RSA_METHOD_FLAG_NO_CHECK)) |
| 425 | ; | 399 | ; |
| 426 | else | 400 | else |
| 427 | #endif /* OPENSSL_NO_RSA */ | 401 | #endif /* OPENSSL_NO_RSA */ |
| 428 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | 402 | if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { |
| 429 | { | ||
| 430 | /* don't fail for a cert/key mismatch, just free | 403 | /* don't fail for a cert/key mismatch, just free |
| 431 | * current private key (when switching to a different | 404 | * current private key (when switching to a different |
| 432 | * cert & key, first this function should be used, | 405 | * cert & key, first this function should be used, |
| 433 | * then ssl_set_pkey */ | 406 | * then ssl_set_pkey */ |
| 434 | EVP_PKEY_free(c->pkeys[i].privatekey); | 407 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 435 | c->pkeys[i].privatekey=NULL; | 408 | c->pkeys[i].privatekey = NULL; |
| 436 | /* clear error queue */ | 409 | /* clear error queue */ |
| 437 | ERR_clear_error(); | 410 | ERR_clear_error(); |
| 438 | } | ||
| 439 | } | 411 | } |
| 412 | } | ||
| 440 | 413 | ||
| 441 | EVP_PKEY_free(pkey); | 414 | EVP_PKEY_free(pkey); |
| 442 | 415 | ||
| 443 | if (c->pkeys[i].x509 != NULL) | 416 | if (c->pkeys[i].x509 != NULL) |
| 444 | X509_free(c->pkeys[i].x509); | 417 | X509_free(c->pkeys[i].x509); |
| 445 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 418 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 446 | c->pkeys[i].x509=x; | 419 | c->pkeys[i].x509 = x; |
| 447 | c->key= &(c->pkeys[i]); | 420 | c->key = &(c->pkeys[i]); |
| 448 | 421 | ||
| 449 | c->valid=0; | 422 | c->valid = 0; |
| 450 | return(1); | 423 | return (1); |
| 451 | } | 424 | } |
| 452 | 425 | ||
| 453 | #ifndef OPENSSL_NO_STDIO | 426 | #ifndef OPENSSL_NO_STDIO |
| 454 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) | 427 | int |
| 455 | { | 428 | SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) |
| 429 | { | ||
| 456 | int j; | 430 | int j; |
| 457 | BIO *in; | 431 | BIO *in; |
| 458 | int ret=0; | 432 | int ret = 0; |
| 459 | X509 *x=NULL; | 433 | X509 *x = NULL; |
| 460 | 434 | ||
| 461 | in=BIO_new(BIO_s_file_internal()); | 435 | in = BIO_new(BIO_s_file_internal()); |
| 462 | if (in == NULL) | 436 | if (in == NULL) { |
| 463 | { | 437 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 464 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 465 | goto end; | 438 | goto end; |
| 466 | } | 439 | } |
| 467 | 440 | ||
| 468 | if (BIO_read_filename(in,file) <= 0) | 441 | if (BIO_read_filename(in, file) <= 0) { |
| 469 | { | 442 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 470 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 471 | goto end; | 443 | goto end; |
| 472 | } | 444 | } |
| 473 | if (type == SSL_FILETYPE_ASN1) | 445 | if (type == SSL_FILETYPE_ASN1) { |
| 474 | { | 446 | j = ERR_R_ASN1_LIB; |
| 475 | j=ERR_R_ASN1_LIB; | 447 | x = d2i_X509_bio(in, NULL); |
| 476 | x=d2i_X509_bio(in,NULL); | 448 | } else if (type == SSL_FILETYPE_PEM) { |
| 477 | } | 449 | j = ERR_R_PEM_LIB; |
| 478 | else if (type == SSL_FILETYPE_PEM) | 450 | x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 479 | { | 451 | } else { |
| 480 | j=ERR_R_PEM_LIB; | 452 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 481 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 482 | } | ||
| 483 | else | ||
| 484 | { | ||
| 485 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 486 | goto end; | 453 | goto end; |
| 487 | } | 454 | } |
| 488 | 455 | ||
| 489 | if (x == NULL) | 456 | if (x == NULL) { |
| 490 | { | 457 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); |
| 491 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); | ||
| 492 | goto end; | 458 | goto end; |
| 493 | } | 459 | } |
| 494 | 460 | ||
| 495 | ret=SSL_CTX_use_certificate(ctx,x); | 461 | ret = SSL_CTX_use_certificate(ctx, x); |
| 496 | end: | 462 | end: |
| 497 | if (x != NULL) X509_free(x); | 463 | if (x != NULL) |
| 498 | if (in != NULL) BIO_free(in); | 464 | X509_free(x); |
| 499 | return(ret); | 465 | if (in != NULL) |
| 500 | } | 466 | BIO_free(in); |
| 467 | return (ret); | ||
| 468 | } | ||
| 501 | #endif | 469 | #endif |
| 502 | 470 | ||
| 503 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) | 471 | int |
| 504 | { | 472 | SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) |
| 473 | { | ||
| 505 | X509 *x; | 474 | X509 *x; |
| 506 | int ret; | 475 | int ret; |
| 507 | 476 | ||
| 508 | x=d2i_X509(NULL,&d,(long)len); | 477 | x = d2i_X509(NULL, &d,(long)len); |
| 509 | if (x == NULL) | 478 | if (x == NULL) { |
| 510 | { | 479 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 511 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 480 | return (0); |
| 512 | return(0); | 481 | } |
| 513 | } | ||
| 514 | 482 | ||
| 515 | ret=SSL_CTX_use_certificate(ctx,x); | 483 | ret = SSL_CTX_use_certificate(ctx, x); |
| 516 | X509_free(x); | 484 | X509_free(x); |
| 517 | return(ret); | 485 | return (ret); |
| 518 | } | 486 | } |
| 519 | 487 | ||
| 520 | #ifndef OPENSSL_NO_RSA | 488 | #ifndef OPENSSL_NO_RSA |
| 521 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) | 489 | int |
| 522 | { | 490 | SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) |
| 491 | { | ||
| 523 | int ret; | 492 | int ret; |
| 524 | EVP_PKEY *pkey; | 493 | EVP_PKEY *pkey; |
| 525 | 494 | ||
| 526 | if (rsa == NULL) | 495 | if (rsa == NULL) { |
| 527 | { | 496 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 528 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 497 | return (0); |
| 529 | return(0); | 498 | } |
| 530 | } | 499 | if (!ssl_cert_inst(&ctx->cert)) { |
| 531 | if (!ssl_cert_inst(&ctx->cert)) | 500 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 532 | { | 501 | return (0); |
| 533 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 502 | } |
| 534 | return(0); | 503 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 535 | } | 504 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 536 | if ((pkey=EVP_PKEY_new()) == NULL) | 505 | return (0); |
| 537 | { | 506 | } |
| 538 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 539 | return(0); | ||
| 540 | } | ||
| 541 | 507 | ||
| 542 | RSA_up_ref(rsa); | 508 | RSA_up_ref(rsa); |
| 543 | EVP_PKEY_assign_RSA(pkey,rsa); | 509 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 544 | 510 | ||
| 545 | ret=ssl_set_pkey(ctx->cert, pkey); | 511 | ret = ssl_set_pkey(ctx->cert, pkey); |
| 546 | EVP_PKEY_free(pkey); | 512 | EVP_PKEY_free(pkey); |
| 547 | return(ret); | 513 | return (ret); |
| 548 | } | 514 | } |
| 549 | 515 | ||
| 550 | #ifndef OPENSSL_NO_STDIO | 516 | #ifndef OPENSSL_NO_STDIO |
| 551 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 517 | int |
| 552 | { | 518 | SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 553 | int j,ret=0; | 519 | { |
| 520 | int j, ret = 0; | ||
| 554 | BIO *in; | 521 | BIO *in; |
| 555 | RSA *rsa=NULL; | 522 | RSA *rsa = NULL; |
| 556 | 523 | ||
| 557 | in=BIO_new(BIO_s_file_internal()); | 524 | in = BIO_new(BIO_s_file_internal()); |
| 558 | if (in == NULL) | 525 | if (in == NULL) { |
| 559 | { | 526 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 560 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 561 | goto end; | 527 | goto end; |
| 562 | } | 528 | } |
| 563 | 529 | ||
| 564 | if (BIO_read_filename(in,file) <= 0) | 530 | if (BIO_read_filename(in, file) <= 0) { |
| 565 | { | 531 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 566 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 567 | goto end; | 532 | goto end; |
| 568 | } | 533 | } |
| 569 | if (type == SSL_FILETYPE_ASN1) | 534 | if (type == SSL_FILETYPE_ASN1) { |
| 570 | { | 535 | j = ERR_R_ASN1_LIB; |
| 571 | j=ERR_R_ASN1_LIB; | 536 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 572 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 537 | } else if (type == SSL_FILETYPE_PEM) { |
| 573 | } | 538 | j = ERR_R_PEM_LIB; |
| 574 | else if (type == SSL_FILETYPE_PEM) | 539 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 575 | { | 540 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 576 | j=ERR_R_PEM_LIB; | 541 | } else { |
| 577 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 542 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 578 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 579 | } | ||
| 580 | else | ||
| 581 | { | ||
| 582 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 583 | goto end; | 543 | goto end; |
| 584 | } | 544 | } |
| 585 | if (rsa == NULL) | 545 | if (rsa == NULL) { |
| 586 | { | 546 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); |
| 587 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); | ||
| 588 | goto end; | 547 | goto end; |
| 589 | } | 548 | } |
| 590 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 549 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 591 | RSA_free(rsa); | 550 | RSA_free(rsa); |
| 592 | end: | 551 | end: |
| 593 | if (in != NULL) BIO_free(in); | 552 | if (in != NULL) |
| 594 | return(ret); | 553 | BIO_free(in); |
| 595 | } | 554 | return (ret); |
| 555 | } | ||
| 596 | #endif | 556 | #endif |
| 597 | 557 | ||
| 598 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) | 558 | int |
| 599 | { | 559 | SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) |
| 560 | { | ||
| 600 | int ret; | 561 | int ret; |
| 601 | const unsigned char *p; | 562 | const unsigned char *p; |
| 602 | RSA *rsa; | 563 | RSA *rsa; |
| 603 | 564 | ||
| 604 | p=d; | 565 | p = d; |
| 605 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 566 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 606 | { | 567 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 607 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 568 | return (0); |
| 608 | return(0); | 569 | } |
| 609 | } | ||
| 610 | 570 | ||
| 611 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 571 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 612 | RSA_free(rsa); | 572 | RSA_free(rsa); |
| 613 | return(ret); | 573 | return (ret); |
| 614 | } | 574 | } |
| 615 | #endif /* !OPENSSL_NO_RSA */ | 575 | #endif /* !OPENSSL_NO_RSA */ |
| 616 | 576 | ||
| 617 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | 577 | int |
| 618 | { | 578 | SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) |
| 619 | if (pkey == NULL) | 579 | { |
| 620 | { | 580 | if (pkey == NULL) { |
| 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 581 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 622 | return(0); | 582 | return (0); |
| 623 | } | ||
| 624 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 625 | { | ||
| 626 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 627 | return(0); | ||
| 628 | } | ||
| 629 | return(ssl_set_pkey(ctx->cert,pkey)); | ||
| 630 | } | 583 | } |
| 584 | if (!ssl_cert_inst(&ctx->cert)) { | ||
| 585 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 586 | return (0); | ||
| 587 | } | ||
| 588 | return (ssl_set_pkey(ctx->cert, pkey)); | ||
| 589 | } | ||
| 631 | 590 | ||
| 632 | #ifndef OPENSSL_NO_STDIO | 591 | #ifndef OPENSSL_NO_STDIO |
| 633 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 592 | int |
| 634 | { | 593 | SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 635 | int j,ret=0; | 594 | { |
| 595 | int j, ret = 0; | ||
| 636 | BIO *in; | 596 | BIO *in; |
| 637 | EVP_PKEY *pkey=NULL; | 597 | EVP_PKEY *pkey = NULL; |
| 638 | 598 | ||
| 639 | in=BIO_new(BIO_s_file_internal()); | 599 | in = BIO_new(BIO_s_file_internal()); |
| 640 | if (in == NULL) | 600 | if (in == NULL) { |
| 641 | { | 601 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 642 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 643 | goto end; | 602 | goto end; |
| 644 | } | 603 | } |
| 645 | 604 | ||
| 646 | if (BIO_read_filename(in,file) <= 0) | 605 | if (BIO_read_filename(in, file) <= 0) { |
| 647 | { | 606 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 648 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 649 | goto end; | 607 | goto end; |
| 650 | } | 608 | } |
| 651 | if (type == SSL_FILETYPE_PEM) | 609 | if (type == SSL_FILETYPE_PEM) { |
| 652 | { | 610 | j = ERR_R_PEM_LIB; |
| 653 | j=ERR_R_PEM_LIB; | 611 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 654 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 612 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 655 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | 613 | } else if (type == SSL_FILETYPE_ASN1) { |
| 656 | } | ||
| 657 | else if (type == SSL_FILETYPE_ASN1) | ||
| 658 | { | ||
| 659 | j = ERR_R_ASN1_LIB; | 614 | j = ERR_R_ASN1_LIB; |
| 660 | pkey = d2i_PrivateKey_bio(in,NULL); | 615 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 661 | } | 616 | } else { |
| 662 | else | 617 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 663 | { | ||
| 664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 665 | goto end; | 618 | goto end; |
| 666 | } | 619 | } |
| 667 | if (pkey == NULL) | 620 | if (pkey == NULL) { |
| 668 | { | 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); |
| 669 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); | ||
| 670 | goto end; | 622 | goto end; |
| 671 | } | 623 | } |
| 672 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 624 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 673 | EVP_PKEY_free(pkey); | 625 | EVP_PKEY_free(pkey); |
| 674 | end: | 626 | end: |
| 675 | if (in != NULL) BIO_free(in); | 627 | if (in != NULL) |
| 676 | return(ret); | 628 | BIO_free(in); |
| 677 | } | 629 | return (ret); |
| 630 | } | ||
| 678 | #endif | 631 | #endif |
| 679 | 632 | ||
| 680 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | 633 | int |
| 681 | long len) | 634 | SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, |
| 682 | { | 635 | long len) |
| 636 | { | ||
| 683 | int ret; | 637 | int ret; |
| 684 | const unsigned char *p; | 638 | const unsigned char *p; |
| 685 | EVP_PKEY *pkey; | 639 | EVP_PKEY *pkey; |
| 686 | 640 | ||
| 687 | p=d; | 641 | p = d; |
| 688 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 642 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 689 | { | 643 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 690 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 644 | return (0); |
| 691 | return(0); | 645 | } |
| 692 | } | ||
| 693 | 646 | ||
| 694 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 647 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 695 | EVP_PKEY_free(pkey); | 648 | EVP_PKEY_free(pkey); |
| 696 | return(ret); | 649 | return (ret); |
| 697 | } | 650 | } |
| 698 | 651 | ||
| 699 | 652 | ||
| 700 | #ifndef OPENSSL_NO_STDIO | 653 | #ifndef OPENSSL_NO_STDIO |
| @@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | |||
| 702 | * possibly followed by a sequence of CA certificates that should be | 655 | * possibly followed by a sequence of CA certificates that should be |
| 703 | * sent to the peer in the Certificate message. | 656 | * sent to the peer in the Certificate message. |
| 704 | */ | 657 | */ |
| 705 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | 658 | int |
| 706 | { | 659 | SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) |
| 660 | { | ||
| 707 | BIO *in; | 661 | BIO *in; |
| 708 | int ret=0; | 662 | int ret = 0; |
| 709 | X509 *x=NULL; | 663 | X509 *x = NULL; |
| 710 | 664 | ||
| 711 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | 665 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ |
| 712 | 666 | ||
| 713 | in = BIO_new(BIO_s_file_internal()); | 667 | in = BIO_new(BIO_s_file_internal()); |
| 714 | if (in == NULL) | 668 | if (in == NULL) { |
| 715 | { | 669 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); |
| 716 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); | ||
| 717 | goto end; | 670 | goto end; |
| 718 | } | 671 | } |
| 719 | 672 | ||
| 720 | if (BIO_read_filename(in,file) <= 0) | 673 | if (BIO_read_filename(in, file) <= 0) { |
| 721 | { | 674 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); |
| 722 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); | ||
| 723 | goto end; | 675 | goto end; |
| 724 | } | 676 | } |
| 725 | 677 | ||
| 726 | x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, | 678 | x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, |
| 727 | ctx->default_passwd_callback_userdata); | 679 | ctx->default_passwd_callback_userdata); |
| 728 | if (x == NULL) | 680 | if (x == NULL) { |
| 729 | { | 681 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); |
| 730 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); | ||
| 731 | goto end; | 682 | goto end; |
| 732 | } | 683 | } |
| 733 | 684 | ||
| 734 | ret = SSL_CTX_use_certificate(ctx, x); | 685 | ret = SSL_CTX_use_certificate(ctx, x); |
| 735 | 686 | ||
| 736 | if (ERR_peek_error() != 0) | 687 | if (ERR_peek_error() != 0) |
| 737 | ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ | 688 | ret = 0; |
| 738 | if (ret) | 689 | /* Key/certificate mismatch doesn't imply ret==0 ... */ |
| 739 | { | 690 | if (ret) { |
| 740 | /* If we could set up our certificate, now proceed to | 691 | /* If we could set up our certificate, now proceed to |
| 741 | * the CA certificates. | 692 | * the CA certificates. |
| 742 | */ | 693 | */ |
| 743 | X509 *ca; | 694 | X509 *ca; |
| 744 | int r; | 695 | int r; |
| 745 | unsigned long err; | 696 | unsigned long err; |
| 746 | 697 | ||
| 747 | if (ctx->extra_certs != NULL) | 698 | if (ctx->extra_certs != NULL) { |
| 748 | { | ||
| 749 | sk_X509_pop_free(ctx->extra_certs, X509_free); | 699 | sk_X509_pop_free(ctx->extra_certs, X509_free); |
| 750 | ctx->extra_certs = NULL; | 700 | ctx->extra_certs = NULL; |
| 751 | } | 701 | } |
| 752 | 702 | ||
| 753 | while ((ca = PEM_read_bio_X509(in, NULL, | 703 | while ((ca = PEM_read_bio_X509(in, NULL, |
| 754 | ctx->default_passwd_callback, | 704 | ctx->default_passwd_callback, |
| 755 | ctx->default_passwd_callback_userdata)) | 705 | ctx->default_passwd_callback_userdata)) |
| 756 | != NULL) | 706 | != NULL) { |
| 757 | { | ||
| 758 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | 707 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); |
| 759 | if (!r) | 708 | if (!r) { |
| 760 | { | ||
| 761 | X509_free(ca); | 709 | X509_free(ca); |
| 762 | ret = 0; | 710 | ret = 0; |
| 763 | goto end; | 711 | goto end; |
| 764 | } | 712 | } |
| 765 | /* Note that we must not free r if it was successfully | 713 | /* Note that we must not free r if it was successfully |
| 766 | * added to the chain (while we must free the main | 714 | * added to the chain (while we must free the main |
| 767 | * certificate, since its reference count is increased | 715 | * certificate, since its reference count is increased |
| 768 | * by SSL_CTX_use_certificate). */ | 716 | * by SSL_CTX_use_certificate). */ |
| 769 | } | 717 | } |
| 770 | /* When the while loop ends, it's usually just EOF. */ | 718 | /* When the while loop ends, it's usually just EOF. */ |
| 771 | err = ERR_peek_last_error(); | 719 | err = ERR_peek_last_error(); |
| 772 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) | 720 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) |
| 773 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 774 | else | 722 | else |
| 775 | ret = 0; /* some real error */ | 723 | ret = 0; /* some real error */ |
| 776 | } | 724 | } |
| 777 | 725 | ||
| 778 | end: | 726 | end: |
| 779 | if (x != NULL) X509_free(x); | 727 | if (x != NULL) |
| 780 | if (in != NULL) BIO_free(in); | 728 | X509_free(x); |
| 781 | return(ret); | 729 | if (in != NULL) |
| 782 | } | 730 | BIO_free(in); |
| 731 | return (ret); | ||
| 732 | } | ||
| 783 | #endif | 733 | #endif |
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index ad40fadd02..b29115862b 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c | |||
| @@ -144,68 +144,74 @@ | |||
| 144 | #include "ssl_locl.h" | 144 | #include "ssl_locl.h" |
| 145 | 145 | ||
| 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); |
| 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); |
| 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); | 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); |
| 149 | 149 | ||
| 150 | SSL_SESSION *SSL_get_session(const SSL *ssl) | 150 | SSL_SESSION |
| 151 | *SSL_get_session(const SSL *ssl) | ||
| 151 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ | 152 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ |
| 152 | { | 153 | { |
| 153 | return(ssl->session); | 154 | return (ssl->session); |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 156 | SSL_SESSION *SSL_get1_session(SSL *ssl) | 157 | SSL_SESSION |
| 158 | *SSL_get1_session(SSL *ssl) | ||
| 157 | /* variant of SSL_get_session: caller really gets something */ | 159 | /* variant of SSL_get_session: caller really gets something */ |
| 158 | { | 160 | { |
| 159 | SSL_SESSION *sess; | 161 | SSL_SESSION *sess; |
| 160 | /* Need to lock this all up rather than just use CRYPTO_add so that | 162 | /* Need to lock this all up rather than just use CRYPTO_add so that |
| 161 | * somebody doesn't free ssl->session between when we check it's | 163 | * somebody doesn't free ssl->session between when we check it's |
| 162 | * non-null and when we up the reference count. */ | 164 | * non-null and when we up the reference count. */ |
| 163 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); | 165 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); |
| 164 | sess = ssl->session; | 166 | sess = ssl->session; |
| 165 | if(sess) | 167 | if (sess) |
| 166 | sess->references++; | 168 | sess->references++; |
| 167 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); | 169 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); |
| 168 | return(sess); | 170 | return (sess); |
| 169 | } | 171 | } |
| 170 | 172 | ||
| 171 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 173 | int |
| 172 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | 174 | SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 173 | { | 175 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 176 | { | ||
| 174 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, | 177 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, |
| 175 | new_func, dup_func, free_func); | 178 | new_func, dup_func, free_func); |
| 176 | } | 179 | } |
| 177 | 180 | ||
| 178 | int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | 181 | int |
| 179 | { | 182 | SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) |
| 180 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 183 | { |
| 181 | } | 184 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 185 | } | ||
| 182 | 186 | ||
| 183 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) | 187 | void |
| 184 | { | 188 | *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) |
| 185 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 189 | { |
| 186 | } | 190 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 191 | } | ||
| 187 | 192 | ||
| 188 | SSL_SESSION *SSL_SESSION_new(void) | 193 | SSL_SESSION |
| 189 | { | 194 | *SSL_SESSION_new(void) |
| 195 | { | ||
| 190 | SSL_SESSION *ss; | 196 | SSL_SESSION *ss; |
| 191 | 197 | ||
| 192 | ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); | 198 | ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); |
| 193 | if (ss == NULL) | 199 | if (ss == NULL) { |
| 194 | { | 200 | SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); |
| 195 | SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); | 201 | return (0); |
| 196 | return(0); | 202 | } |
| 197 | } | 203 | memset(ss, 0, sizeof(SSL_SESSION)); |
| 198 | memset(ss,0,sizeof(SSL_SESSION)); | ||
| 199 | 204 | ||
| 200 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 201 | ss->references=1; | 206 | ss->references = 1; |
| 202 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 203 | ss->time=(unsigned long)time(NULL); | 208 | ss->time = (unsigned long)time(NULL); |
| 204 | ss->prev=NULL; | 209 | ss->prev = NULL; |
| 205 | ss->next=NULL; | 210 | ss->next = NULL; |
| 206 | ss->compress_meth=0; | 211 | ss->compress_meth = 0; |
| 207 | #ifndef OPENSSL_NO_TLSEXT | 212 | #ifndef OPENSSL_NO_TLSEXT |
| 208 | ss->tlsext_hostname = NULL; | 213 | ss->tlsext_hostname = NULL; |
| 214 | |||
| 209 | #ifndef OPENSSL_NO_EC | 215 | #ifndef OPENSSL_NO_EC |
| 210 | ss->tlsext_ecpointformatlist_length = 0; | 216 | ss->tlsext_ecpointformatlist_length = 0; |
| 211 | ss->tlsext_ecpointformatlist = NULL; | 217 | ss->tlsext_ecpointformatlist = NULL; |
| @@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void) | |||
| 215 | #endif | 221 | #endif |
| 216 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 222 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 217 | #ifndef OPENSSL_NO_PSK | 223 | #ifndef OPENSSL_NO_PSK |
| 218 | ss->psk_identity_hint=NULL; | 224 | ss->psk_identity_hint = NULL; |
| 219 | ss->psk_identity=NULL; | 225 | ss->psk_identity = NULL; |
| 220 | #endif | 226 | #endif |
| 221 | #ifndef OPENSSL_NO_SRP | 227 | #ifndef OPENSSL_NO_SRP |
| 222 | ss->srp_username=NULL; | 228 | ss->srp_username = NULL; |
| 223 | #endif | 229 | #endif |
| 224 | return(ss); | 230 | return (ss); |
| 225 | } | 231 | } |
| 226 | 232 | ||
| 227 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | 233 | const unsigned char |
| 228 | { | 234 | *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) |
| 229 | if(len) | 235 | { |
| 236 | if (len) | ||
| 230 | *len = s->session_id_length; | 237 | *len = s->session_id_length; |
| 231 | return s->session_id; | 238 | return s->session_id; |
| 232 | } | 239 | } |
| 233 | 240 | ||
| 234 | unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | 241 | unsigned int |
| 235 | { | 242 | SSL_SESSION_get_compress_id(const SSL_SESSION *s) |
| 243 | { | ||
| 236 | return s->compress_meth; | 244 | return s->compress_meth; |
| 237 | } | 245 | } |
| 238 | 246 | ||
| 239 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 | 247 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 |
| 240 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly | 248 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly |
| @@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | |||
| 246 | * store that many sessions is perhaps a more interesting question ... */ | 254 | * store that many sessions is perhaps a more interesting question ... */ |
| 247 | 255 | ||
| 248 | #define MAX_SESS_ID_ATTEMPTS 10 | 256 | #define MAX_SESS_ID_ATTEMPTS 10 |
| 249 | static int def_generate_session_id(const SSL *ssl, unsigned char *id, | 257 | static int |
| 250 | unsigned int *id_len) | 258 | def_generate_session_id(const SSL *ssl, unsigned char *id, |
| 259 | unsigned int *id_len) | ||
| 251 | { | 260 | { |
| 252 | unsigned int retry = 0; | 261 | unsigned int retry = 0; |
| 253 | do | 262 | do |
| 254 | if (RAND_pseudo_bytes(id, *id_len) <= 0) | 263 | if (RAND_pseudo_bytes(id, *id_len) <= 0) |
| 255 | return 0; | 264 | return 0; |
| 256 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | 265 | while (SSL_has_matching_session_id(ssl, id, *id_len) && |
| 257 | (++retry < MAX_SESS_ID_ATTEMPTS)); | 266 | (++retry < MAX_SESS_ID_ATTEMPTS)); |
| 258 | if(retry < MAX_SESS_ID_ATTEMPTS) | 267 | if (retry < MAX_SESS_ID_ATTEMPTS) |
| 259 | return 1; | 268 | return 1; |
| 260 | /* else - woops a session_id match */ | 269 | /* else - woops a session_id match */ |
| 261 | /* XXX We should also check the external cache -- | 270 | /* XXX We should also check the external cache -- |
| @@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, | |||
| 269 | return 0; | 278 | return 0; |
| 270 | } | 279 | } |
| 271 | 280 | ||
| 272 | int ssl_get_new_session(SSL *s, int session) | 281 | int |
| 273 | { | 282 | ssl_get_new_session(SSL *s, int session) |
| 283 | { | ||
| 274 | /* This gets used by clients and servers. */ | 284 | /* This gets used by clients and servers. */ |
| 275 | 285 | ||
| 276 | unsigned int tmp; | 286 | unsigned int tmp; |
| 277 | SSL_SESSION *ss=NULL; | 287 | SSL_SESSION *ss = NULL; |
| 278 | GEN_SESSION_CB cb = def_generate_session_id; | 288 | GEN_SESSION_CB cb = def_generate_session_id; |
| 279 | 289 | ||
| 280 | if ((ss=SSL_SESSION_new()) == NULL) return(0); | 290 | if ((ss = SSL_SESSION_new()) == NULL) return (0); |
| 281 | 291 | ||
| 282 | /* If the context has a default timeout, use it */ | 292 | /* If the context has a default timeout, use it */ |
| 283 | if (s->session_ctx->session_timeout == 0) | 293 | if (s->session_ctx->session_timeout == 0) |
| 284 | ss->timeout=SSL_get_default_timeout(s); | 294 | ss->timeout = SSL_get_default_timeout(s); |
| 285 | else | 295 | else |
| 286 | ss->timeout=s->session_ctx->session_timeout; | 296 | ss->timeout = s->session_ctx->session_timeout; |
| 287 | 297 | ||
| 288 | if (s->session != NULL) | 298 | if (s->session != NULL) { |
| 289 | { | ||
| 290 | SSL_SESSION_free(s->session); | 299 | SSL_SESSION_free(s->session); |
| 291 | s->session=NULL; | 300 | s->session = NULL; |
| 292 | } | 301 | } |
| 293 | 302 | ||
| 294 | if (session) | 303 | if (session) { |
| 295 | { | 304 | if (s->version == SSL2_VERSION) { |
| 296 | if (s->version == SSL2_VERSION) | 305 | ss->ssl_version = SSL2_VERSION; |
| 297 | { | 306 | ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 298 | ss->ssl_version=SSL2_VERSION; | 307 | } else if (s->version == SSL3_VERSION) { |
| 299 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; | 308 | ss->ssl_version = SSL3_VERSION; |
| 300 | } | 309 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 301 | else if (s->version == SSL3_VERSION) | 310 | } else if (s->version == TLS1_VERSION) { |
| 302 | { | 311 | ss->ssl_version = TLS1_VERSION; |
| 303 | ss->ssl_version=SSL3_VERSION; | 312 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 304 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 313 | } else if (s->version == TLS1_1_VERSION) { |
| 305 | } | 314 | ss->ssl_version = TLS1_1_VERSION; |
| 306 | else if (s->version == TLS1_VERSION) | 315 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 307 | { | 316 | } else if (s->version == TLS1_2_VERSION) { |
| 308 | ss->ssl_version=TLS1_VERSION; | 317 | ss->ssl_version = TLS1_2_VERSION; |
| 309 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 318 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 310 | } | 319 | } else if (s->version == DTLS1_BAD_VER) { |
| 311 | else if (s->version == TLS1_1_VERSION) | 320 | ss->ssl_version = DTLS1_BAD_VER; |
| 312 | { | 321 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 313 | ss->ssl_version=TLS1_1_VERSION; | 322 | } else if (s->version == DTLS1_VERSION) { |
| 314 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 323 | ss->ssl_version = DTLS1_VERSION; |
| 315 | } | 324 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 316 | else if (s->version == TLS1_2_VERSION) | 325 | } else { |
| 317 | { | 326 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); |
| 318 | ss->ssl_version=TLS1_2_VERSION; | ||
| 319 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 320 | } | ||
| 321 | else if (s->version == DTLS1_BAD_VER) | ||
| 322 | { | ||
| 323 | ss->ssl_version=DTLS1_BAD_VER; | ||
| 324 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 325 | } | ||
| 326 | else if (s->version == DTLS1_VERSION) | ||
| 327 | { | ||
| 328 | ss->ssl_version=DTLS1_VERSION; | ||
| 329 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 330 | } | ||
| 331 | else | ||
| 332 | { | ||
| 333 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); | ||
| 334 | SSL_SESSION_free(ss); | 327 | SSL_SESSION_free(ss); |
| 335 | return(0); | 328 | return (0); |
| 336 | } | 329 | } |
| 337 | #ifndef OPENSSL_NO_TLSEXT | 330 | #ifndef OPENSSL_NO_TLSEXT |
| 338 | /* If RFC4507 ticket use empty session ID */ | 331 | /* If RFC4507 ticket use empty session ID */ |
| 339 | if (s->tlsext_ticket_expected) | 332 | if (s->tlsext_ticket_expected) { |
| 340 | { | ||
| 341 | ss->session_id_length = 0; | 333 | ss->session_id_length = 0; |
| 342 | goto sess_id_done; | 334 | goto sess_id_done; |
| 343 | } | 335 | } |
| 344 | #endif | 336 | #endif |
| 345 | /* Choose which callback will set the session ID */ | 337 | /* Choose which callback will set the session ID */ |
| 346 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 338 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 347 | if(s->generate_session_id) | 339 | if (s->generate_session_id) |
| 348 | cb = s->generate_session_id; | 340 | cb = s->generate_session_id; |
| 349 | else if(s->session_ctx->generate_session_id) | 341 | else if (s->session_ctx->generate_session_id) |
| 350 | cb = s->session_ctx->generate_session_id; | 342 | cb = s->session_ctx->generate_session_id; |
| 351 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 343 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 352 | /* Choose a session ID */ | 344 | /* Choose a session ID */ |
| 353 | tmp = ss->session_id_length; | 345 | tmp = ss->session_id_length; |
| 354 | if(!cb(s, ss->session_id, &tmp)) | 346 | if (!cb(s, ss->session_id, &tmp)) { |
| 355 | { | ||
| 356 | /* The callback failed */ | 347 | /* The callback failed */ |
| 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 348 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 358 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); | 349 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); |
| 359 | SSL_SESSION_free(ss); | 350 | SSL_SESSION_free(ss); |
| 360 | return(0); | 351 | return (0); |
| 361 | } | 352 | } |
| 362 | /* Don't allow the callback to set the session length to zero. | 353 | /* Don't allow the callback to set the session length to zero. |
| 363 | * nor set it higher than it was. */ | 354 | * nor set it higher than it was. */ |
| 364 | if(!tmp || (tmp > ss->session_id_length)) | 355 | if (!tmp || (tmp > ss->session_id_length)) { |
| 365 | { | ||
| 366 | /* The callback set an illegal length */ | 356 | /* The callback set an illegal length */ |
| 367 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 368 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); | 358 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); |
| 369 | SSL_SESSION_free(ss); | 359 | SSL_SESSION_free(ss); |
| 370 | return(0); | 360 | return (0); |
| 371 | } | 361 | } |
| 372 | /* If the session length was shrunk and we're SSLv2, pad it */ | 362 | /* If the session length was shrunk and we're SSLv2, pad it */ |
| 373 | if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) | 363 | if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) |
| 374 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); | 364 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); |
| 375 | else | 365 | else |
| 376 | ss->session_id_length = tmp; | 366 | ss->session_id_length = tmp; |
| 377 | /* Finally, check for a conflict */ | 367 | /* Finally, check for a conflict */ |
| 378 | if(SSL_has_matching_session_id(s, ss->session_id, | 368 | if (SSL_has_matching_session_id(s, ss->session_id, |
| 379 | ss->session_id_length)) | 369 | ss->session_id_length)) { |
| 380 | { | ||
| 381 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 370 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 382 | SSL_R_SSL_SESSION_ID_CONFLICT); | 371 | SSL_R_SSL_SESSION_ID_CONFLICT); |
| 383 | SSL_SESSION_free(ss); | 372 | SSL_SESSION_free(ss); |
| 384 | return(0); | 373 | return (0); |
| 385 | } | 374 | } |
| 386 | #ifndef OPENSSL_NO_TLSEXT | 375 | #ifndef OPENSSL_NO_TLSEXT |
| 387 | sess_id_done: | 376 | sess_id_done: |
| 388 | if (s->tlsext_hostname) { | 377 | if (s->tlsext_hostname) { |
| @@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 391 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 380 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 392 | SSL_SESSION_free(ss); | 381 | SSL_SESSION_free(ss); |
| 393 | return 0; | 382 | return 0; |
| 394 | } | ||
| 395 | } | 383 | } |
| 384 | } | ||
| 396 | #ifndef OPENSSL_NO_EC | 385 | #ifndef OPENSSL_NO_EC |
| 397 | if (s->tlsext_ecpointformatlist) | 386 | if (s->tlsext_ecpointformatlist) { |
| 398 | { | 387 | if (ss->tlsext_ecpointformatlist != NULL) |
| 399 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 388 | OPENSSL_free(ss->tlsext_ecpointformatlist); |
| 400 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) | 389 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { |
| 401 | { | ||
| 402 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 390 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 403 | SSL_SESSION_free(ss); | 391 | SSL_SESSION_free(ss); |
| 404 | return 0; | 392 | return 0; |
| 405 | } | 393 | } |
| 406 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; | 394 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; |
| 407 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 395 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
| 408 | } | 396 | } |
| 409 | if (s->tlsext_ellipticcurvelist) | 397 | if (s->tlsext_ellipticcurvelist) { |
| 410 | { | 398 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 411 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 399 | OPENSSL_free(ss->tlsext_ellipticcurvelist); |
| 412 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) | 400 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { |
| 413 | { | ||
| 414 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 401 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 415 | SSL_SESSION_free(ss); | 402 | SSL_SESSION_free(ss); |
| 416 | return 0; | 403 | return 0; |
| 417 | } | 404 | } |
| 418 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; | 405 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; |
| 419 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | 406 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); |
| 420 | } | 407 | } |
| 421 | #endif | 408 | #endif |
| 422 | #endif | 409 | #endif |
| 423 | } | 410 | } else { |
| 424 | else | 411 | ss->session_id_length = 0; |
| 425 | { | 412 | } |
| 426 | ss->session_id_length=0; | ||
| 427 | } | ||
| 428 | 413 | ||
| 429 | if (s->sid_ctx_length > sizeof ss->sid_ctx) | 414 | if (s->sid_ctx_length > sizeof ss->sid_ctx) { |
| 430 | { | ||
| 431 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 415 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 432 | SSL_SESSION_free(ss); | 416 | SSL_SESSION_free(ss); |
| 433 | return 0; | 417 | return 0; |
| 434 | } | 418 | } |
| 435 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 419 | memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); |
| 436 | ss->sid_ctx_length=s->sid_ctx_length; | 420 | ss->sid_ctx_length = s->sid_ctx_length; |
| 437 | s->session=ss; | 421 | s->session = ss; |
| 438 | ss->ssl_version=s->version; | 422 | ss->ssl_version = s->version; |
| 439 | ss->verify_result = X509_V_OK; | 423 | ss->verify_result = X509_V_OK; |
| 440 | 424 | ||
| 441 | return(1); | 425 | return (1); |
| 442 | } | 426 | } |
| 443 | 427 | ||
| 444 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this | 428 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this |
| 445 | * connection. It is only called by servers. | 429 | * connection. It is only called by servers. |
| @@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 460 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 | 444 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 |
| 461 | * if the server should issue a new session ticket (to 0 otherwise). | 445 | * if the server should issue a new session ticket (to 0 otherwise). |
| 462 | */ | 446 | */ |
| 463 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | 447 | int |
| 464 | const unsigned char *limit) | 448 | ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
| 465 | { | 449 | const unsigned char *limit) |
| 450 | { | ||
| 466 | /* This is used only by servers. */ | 451 | /* This is used only by servers. */ |
| 467 | 452 | ||
| 468 | SSL_SESSION *ret=NULL; | 453 | SSL_SESSION *ret = NULL; |
| 469 | int fatal = 0; | 454 | int fatal = 0; |
| 470 | int try_session_cache = 1; | 455 | int try_session_cache = 1; |
| 471 | #ifndef OPENSSL_NO_TLSEXT | 456 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 480 | 465 | ||
| 481 | #ifndef OPENSSL_NO_TLSEXT | 466 | #ifndef OPENSSL_NO_TLSEXT |
| 482 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ | 467 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ |
| 483 | switch (r) | 468 | switch (r) { |
| 484 | { | ||
| 485 | case -1: /* Error during processing */ | 469 | case -1: /* Error during processing */ |
| 486 | fatal = 1; | 470 | fatal = 1; |
| 487 | goto err; | 471 | goto err; |
| @@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 494 | break; | 478 | break; |
| 495 | default: | 479 | default: |
| 496 | abort(); | 480 | abort(); |
| 497 | } | 481 | } |
| 498 | #endif | 482 | #endif |
| 499 | 483 | ||
| 500 | if (try_session_cache && | 484 | if (try_session_cache && |
| 501 | ret == NULL && | 485 | ret == NULL && |
| 502 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 486 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { |
| 503 | { | ||
| 504 | SSL_SESSION data; | 487 | SSL_SESSION data; |
| 505 | data.ssl_version=s->version; | 488 | data.ssl_version = s->version; |
| 506 | data.session_id_length=len; | 489 | data.session_id_length = len; |
| 507 | if (len == 0) | 490 | if (len == 0) |
| 508 | return 0; | 491 | return 0; |
| 509 | memcpy(data.session_id,session_id,len); | 492 | memcpy(data.session_id, session_id, len); |
| 510 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 493 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 511 | ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); | 494 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); |
| 512 | if (ret != NULL) | 495 | if (ret != NULL) { |
| 513 | { | ||
| 514 | /* don't allow other threads to steal it: */ | 496 | /* don't allow other threads to steal it: */ |
| 515 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 497 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 516 | } | 498 | } |
| 517 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 499 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 518 | if (ret == NULL) | 500 | if (ret == NULL) |
| 519 | s->session_ctx->stats.sess_miss++; | 501 | s->session_ctx->stats.sess_miss++; |
| 520 | } | 502 | } |
| 521 | 503 | ||
| 522 | if (try_session_cache && | 504 | if (try_session_cache && |
| 523 | ret == NULL && | 505 | ret == NULL && |
| 524 | s->session_ctx->get_session_cb != NULL) | 506 | s->session_ctx->get_session_cb != NULL) { |
| 525 | { | 507 | int copy = 1; |
| 526 | int copy=1; | 508 | |
| 527 | 509 | if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { | |
| 528 | if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) | ||
| 529 | { | ||
| 530 | s->session_ctx->stats.sess_cb_hit++; | 510 | s->session_ctx->stats.sess_cb_hit++; |
| 531 | 511 | ||
| 532 | /* Increment reference count now if the session callback | 512 | /* Increment reference count now if the session callback |
| @@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 535 | * it must handle the reference count itself [i.e. copy == 0], | 515 | * it must handle the reference count itself [i.e. copy == 0], |
| 536 | * or things won't be thread-safe). */ | 516 | * or things won't be thread-safe). */ |
| 537 | if (copy) | 517 | if (copy) |
| 538 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 518 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 539 | 519 | ||
| 540 | /* Add the externally cached session to the internal | 520 | /* Add the externally cached session to the internal |
| 541 | * cache as well if and only if we are supposed to. */ | 521 | * cache as well if and only if we are supposed to. */ |
| 542 | if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) | 522 | if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) |
| 543 | /* The following should not return 1, otherwise, | 523 | /* The following should not return 1, otherwise, |
| 544 | * things are very strange */ | 524 | * things are very strange */ |
| 545 | SSL_CTX_add_session(s->session_ctx,ret); | 525 | SSL_CTX_add_session(s->session_ctx, ret); |
| 546 | } | ||
| 547 | } | 526 | } |
| 527 | } | ||
| 548 | 528 | ||
| 549 | if (ret == NULL) | 529 | if (ret == NULL) |
| 550 | goto err; | 530 | goto err; |
| @@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 552 | /* Now ret is non-NULL and we own one of its reference counts. */ | 532 | /* Now ret is non-NULL and we own one of its reference counts. */ |
| 553 | 533 | ||
| 554 | if (ret->sid_ctx_length != s->sid_ctx_length | 534 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 555 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) | 535 | || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { |
| 556 | { | ||
| 557 | /* We have the session requested by the client, but we don't | 536 | /* We have the session requested by the client, but we don't |
| 558 | * want to use it in this context. */ | 537 | * want to use it in this context. */ |
| 559 | goto err; /* treat like cache miss */ | 538 | goto err; /* treat like cache miss */ |
| 560 | } | 539 | } |
| 561 | 540 | ||
| 562 | if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) | 541 | if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { |
| 563 | { | ||
| 564 | /* We can't be sure if this session is being used out of | 542 | /* We can't be sure if this session is being used out of |
| 565 | * context, which is especially important for SSL_VERIFY_PEER. | 543 | * context, which is especially important for SSL_VERIFY_PEER. |
| 566 | * The application should have used SSL[_CTX]_set_session_id_context. | 544 | * The application should have used SSL[_CTX]_set_session_id_context. |
| @@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 570 | * applications to effectively disable the session cache by | 548 | * applications to effectively disable the session cache by |
| 571 | * accident without anyone noticing). | 549 | * accident without anyone noticing). |
| 572 | */ | 550 | */ |
| 573 | 551 | ||
| 574 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | 552 | SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); |
| 575 | fatal = 1; | 553 | fatal = 1; |
| 576 | goto err; | 554 | goto err; |
| 577 | } | 555 | } |
| 578 | 556 | ||
| 579 | if (ret->cipher == NULL) | 557 | if (ret->cipher == NULL) { |
| 580 | { | 558 | unsigned char buf[5], *p; |
| 581 | unsigned char buf[5],*p; | ||
| 582 | unsigned long l; | 559 | unsigned long l; |
| 583 | 560 | ||
| 584 | p=buf; | 561 | p = buf; |
| 585 | l=ret->cipher_id; | 562 | l = ret->cipher_id; |
| 586 | l2n(l,p); | 563 | l2n(l, p); |
| 587 | if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) | 564 | if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 588 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); | 565 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); |
| 589 | else | 566 | else |
| 590 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); | 567 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); |
| 591 | if (ret->cipher == NULL) | 568 | if (ret->cipher == NULL) |
| 592 | goto err; | 569 | goto err; |
| 593 | } | 570 | } |
| 594 | 571 | ||
| 595 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 572 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ |
| 596 | { | 573 | { |
| 597 | s->session_ctx->stats.sess_timeout++; | 574 | s->session_ctx->stats.sess_timeout++; |
| 598 | if (try_session_cache) | 575 | if (try_session_cache) { |
| 599 | { | ||
| 600 | /* session was from the cache, so remove it */ | 576 | /* session was from the cache, so remove it */ |
| 601 | SSL_CTX_remove_session(s->session_ctx,ret); | 577 | SSL_CTX_remove_session(s->session_ctx, ret); |
| 602 | } | ||
| 603 | goto err; | ||
| 604 | } | 578 | } |
| 579 | goto err; | ||
| 580 | } | ||
| 605 | 581 | ||
| 606 | s->session_ctx->stats.sess_hit++; | 582 | s->session_ctx->stats.sess_hit++; |
| 607 | 583 | ||
| 608 | if (s->session != NULL) | 584 | if (s->session != NULL) |
| 609 | SSL_SESSION_free(s->session); | 585 | SSL_SESSION_free(s->session); |
| 610 | s->session=ret; | 586 | s->session = ret; |
| 611 | s->verify_result = s->session->verify_result; | 587 | s->verify_result = s->session->verify_result; |
| 612 | return 1; | 588 | return 1; |
| 613 | 589 | ||
| 614 | err: | 590 | err: |
| 615 | if (ret != NULL) | 591 | if (ret != NULL) { |
| 616 | { | ||
| 617 | SSL_SESSION_free(ret); | 592 | SSL_SESSION_free(ret); |
| 618 | #ifndef OPENSSL_NO_TLSEXT | 593 | #ifndef OPENSSL_NO_TLSEXT |
| 619 | if (!try_session_cache) | 594 | if (!try_session_cache) { |
| 620 | { | ||
| 621 | /* The session was from a ticket, so we should | 595 | /* The session was from a ticket, so we should |
| 622 | * issue a ticket for the new session */ | 596 | * issue a ticket for the new session */ |
| 623 | s->tlsext_ticket_expected = 1; | 597 | s->tlsext_ticket_expected = 1; |
| 624 | } | ||
| 625 | #endif | ||
| 626 | } | 598 | } |
| 599 | #endif | ||
| 600 | } | ||
| 627 | if (fatal) | 601 | if (fatal) |
| 628 | return -1; | 602 | return -1; |
| 629 | else | 603 | else |
| 630 | return 0; | 604 | return 0; |
| 631 | } | 605 | } |
| 632 | 606 | ||
| 633 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | 607 | int |
| 634 | { | 608 | SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 635 | int ret=0; | 609 | { |
| 610 | int ret = 0; | ||
| 636 | SSL_SESSION *s; | 611 | SSL_SESSION *s; |
| 637 | 612 | ||
| 638 | /* add just 1 reference count for the SSL_CTX's session cache | 613 | /* add just 1 reference count for the SSL_CTX's session cache |
| 639 | * even though it has two ways of access: each session is in a | 614 | * even though it has two ways of access: each session is in a |
| 640 | * doubly linked list and an lhash */ | 615 | * doubly linked list and an lhash */ |
| 641 | CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); | 616 | CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 642 | /* if session c is in already in cache, we take back the increment later */ | 617 | /* if session c is in already in cache, we take back the increment later */ |
| 643 | 618 | ||
| 644 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 619 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 645 | s=lh_SSL_SESSION_insert(ctx->sessions,c); | 620 | s = lh_SSL_SESSION_insert(ctx->sessions, c); |
| 646 | 621 | ||
| 647 | /* s != NULL iff we already had a session with the given PID. | 622 | /* s != NULL iff we already had a session with the given PID. |
| 648 | * In this case, s == c should hold (then we did not really modify | 623 | * In this case, s == c should hold (then we did not really modify |
| 649 | * ctx->sessions), or we're in trouble. */ | 624 | * ctx->sessions), or we're in trouble. */ |
| 650 | if (s != NULL && s != c) | 625 | if (s != NULL && s != c) { |
| 651 | { | ||
| 652 | /* We *are* in trouble ... */ | 626 | /* We *are* in trouble ... */ |
| 653 | SSL_SESSION_list_remove(ctx,s); | 627 | SSL_SESSION_list_remove(ctx, s); |
| 654 | SSL_SESSION_free(s); | 628 | SSL_SESSION_free(s); |
| 655 | /* ... so pretend the other session did not exist in cache | 629 | /* ... so pretend the other session did not exist in cache |
| 656 | * (we cannot handle two SSL_SESSION structures with identical | 630 | * (we cannot handle two SSL_SESSION structures with identical |
| @@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | |||
| 658 | * two threads concurrently obtain the same session from an external | 632 | * two threads concurrently obtain the same session from an external |
| 659 | * cache) */ | 633 | * cache) */ |
| 660 | s = NULL; | 634 | s = NULL; |
| 661 | } | 635 | } |
| 662 | 636 | ||
| 663 | /* Put at the head of the queue unless it is already in the cache */ | 637 | /* Put at the head of the queue unless it is already in the cache */ |
| 664 | if (s == NULL) | 638 | if (s == NULL) |
| 665 | SSL_SESSION_list_add(ctx,c); | 639 | SSL_SESSION_list_add(ctx, c); |
| 666 | 640 | ||
| 667 | if (s != NULL) | 641 | if (s != NULL) { |
| 668 | { | ||
| 669 | /* existing cache entry -- decrement previously incremented reference | 642 | /* existing cache entry -- decrement previously incremented reference |
| 670 | * count because it already takes into account the cache */ | 643 | * count because it already takes into account the cache */ |
| 671 | 644 | ||
| 672 | SSL_SESSION_free(s); /* s == c */ | 645 | SSL_SESSION_free(s); /* s == c */ |
| 673 | ret=0; | 646 | ret = 0; |
| 674 | } | 647 | } else { |
| 675 | else | ||
| 676 | { | ||
| 677 | /* new cache entry -- remove old ones if cache has become too large */ | 648 | /* new cache entry -- remove old ones if cache has become too large */ |
| 678 | |||
| 679 | ret=1; | ||
| 680 | 649 | ||
| 681 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) | 650 | ret = 1; |
| 682 | { | 651 | |
| 652 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) { | ||
| 683 | while (SSL_CTX_sess_number(ctx) > | 653 | while (SSL_CTX_sess_number(ctx) > |
| 684 | SSL_CTX_sess_get_cache_size(ctx)) | 654 | SSL_CTX_sess_get_cache_size(ctx)) { |
| 685 | { | ||
| 686 | if (!remove_session_lock(ctx, | 655 | if (!remove_session_lock(ctx, |
| 687 | ctx->session_cache_tail, 0)) | 656 | ctx->session_cache_tail, 0)) |
| 688 | break; | 657 | break; |
| 689 | else | 658 | else |
| 690 | ctx->stats.sess_cache_full++; | 659 | ctx->stats.sess_cache_full++; |
| 691 | } | ||
| 692 | } | 660 | } |
| 693 | } | 661 | } |
| 694 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 695 | return(ret); | ||
| 696 | } | 662 | } |
| 663 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 664 | return (ret); | ||
| 665 | } | ||
| 697 | 666 | ||
| 698 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | 667 | int |
| 668 | SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
| 699 | { | 669 | { |
| 700 | return remove_session_lock(ctx, c, 1); | 670 | return remove_session_lock(ctx, c, 1); |
| 701 | } | 671 | } |
| 702 | 672 | ||
| 703 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | 673 | static int |
| 704 | { | 674 | remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) |
| 675 | { | ||
| 705 | SSL_SESSION *r; | 676 | SSL_SESSION *r; |
| 706 | int ret=0; | 677 | int ret = 0; |
| 707 | 678 | ||
| 708 | if ((c != NULL) && (c->session_id_length != 0)) | 679 | if ((c != NULL) && (c->session_id_length != 0)) { |
| 709 | { | 680 | if (lck) |
| 710 | if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 681 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 711 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) | 682 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { |
| 712 | { | 683 | ret = 1; |
| 713 | ret=1; | 684 | r = lh_SSL_SESSION_delete(ctx->sessions, c); |
| 714 | r=lh_SSL_SESSION_delete(ctx->sessions,c); | 685 | SSL_SESSION_list_remove(ctx, c); |
| 715 | SSL_SESSION_list_remove(ctx,c); | 686 | } |
| 716 | } | ||
| 717 | 687 | ||
| 718 | if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 688 | if (lck) |
| 689 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 719 | 690 | ||
| 720 | if (ret) | 691 | if (ret) { |
| 721 | { | 692 | r->not_resumable = 1; |
| 722 | r->not_resumable=1; | ||
| 723 | if (ctx->remove_session_cb != NULL) | 693 | if (ctx->remove_session_cb != NULL) |
| 724 | ctx->remove_session_cb(ctx,r); | 694 | ctx->remove_session_cb(ctx, r); |
| 725 | SSL_SESSION_free(r); | 695 | SSL_SESSION_free(r); |
| 726 | } | ||
| 727 | } | 696 | } |
| 728 | else | 697 | } else |
| 729 | ret=0; | 698 | ret = 0; |
| 730 | return(ret); | 699 | return (ret); |
| 731 | } | 700 | } |
| 732 | 701 | ||
| 733 | void SSL_SESSION_free(SSL_SESSION *ss) | 702 | void |
| 734 | { | 703 | SSL_SESSION_free(SSL_SESSION *ss) |
| 704 | { | ||
| 735 | int i; | 705 | int i; |
| 736 | 706 | ||
| 737 | if(ss == NULL) | 707 | if (ss == NULL) |
| 738 | return; | 708 | return; |
| 739 | 709 | ||
| 740 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); | 710 | i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); |
| 741 | #ifdef REF_PRINT | 711 | #ifdef REF_PRINT |
| 742 | REF_PRINT("SSL_SESSION",ss); | 712 | REF_PRINT("SSL_SESSION", ss); |
| 743 | #endif | 713 | #endif |
| 744 | if (i > 0) return; | 714 | if (i > 0) |
| 715 | return; | ||
| 745 | #ifdef REF_CHECK | 716 | #ifdef REF_CHECK |
| 746 | if (i < 0) | 717 | if (i < 0) { |
| 747 | { | 718 | fprintf(stderr, "SSL_SESSION_free, bad reference count\n"); |
| 748 | fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); | ||
| 749 | abort(); /* ok */ | 719 | abort(); /* ok */ |
| 750 | } | 720 | } |
| 751 | #endif | 721 | #endif |
| 752 | 722 | ||
| 753 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 723 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 754 | 724 | ||
| 755 | OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); | 725 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); |
| 756 | OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | 726 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 757 | OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | 727 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 758 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | 728 | if (ss->sess_cert != NULL) |
| 759 | if (ss->peer != NULL) X509_free(ss->peer); | 729 | ssl_sess_cert_free(ss->sess_cert); |
| 760 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); | 730 | if (ss->peer != NULL) |
| 731 | X509_free(ss->peer); | ||
| 732 | if (ss->ciphers != NULL) | ||
| 733 | sk_SSL_CIPHER_free(ss->ciphers); | ||
| 761 | #ifndef OPENSSL_NO_TLSEXT | 734 | #ifndef OPENSSL_NO_TLSEXT |
| 762 | if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); | 735 | if (ss->tlsext_hostname != NULL) |
| 763 | if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); | 736 | OPENSSL_free(ss->tlsext_hostname); |
| 737 | if (ss->tlsext_tick != NULL) | ||
| 738 | OPENSSL_free(ss->tlsext_tick); | ||
| 764 | #ifndef OPENSSL_NO_EC | 739 | #ifndef OPENSSL_NO_EC |
| 765 | ss->tlsext_ecpointformatlist_length = 0; | 740 | ss->tlsext_ecpointformatlist_length = 0; |
| 766 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 741 | if (ss->tlsext_ecpointformatlist != NULL) |
| 742 | OPENSSL_free(ss->tlsext_ecpointformatlist); | ||
| 767 | ss->tlsext_ellipticcurvelist_length = 0; | 743 | ss->tlsext_ellipticcurvelist_length = 0; |
| 768 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 744 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 745 | OPENSSL_free(ss->tlsext_ellipticcurvelist); | ||
| 769 | #endif /* OPENSSL_NO_EC */ | 746 | #endif /* OPENSSL_NO_EC */ |
| 770 | #endif | 747 | #endif |
| 771 | #ifndef OPENSSL_NO_PSK | 748 | #ifndef OPENSSL_NO_PSK |
| @@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||
| 778 | if (ss->srp_username != NULL) | 755 | if (ss->srp_username != NULL) |
| 779 | OPENSSL_free(ss->srp_username); | 756 | OPENSSL_free(ss->srp_username); |
| 780 | #endif | 757 | #endif |
| 781 | OPENSSL_cleanse(ss,sizeof(*ss)); | 758 | OPENSSL_cleanse(ss, sizeof(*ss)); |
| 782 | OPENSSL_free(ss); | 759 | OPENSSL_free(ss); |
| 783 | } | 760 | } |
| 784 | 761 | ||
| 785 | int SSL_set_session(SSL *s, SSL_SESSION *session) | 762 | int |
| 786 | { | 763 | SSL_set_session(SSL *s, SSL_SESSION *session) |
| 787 | int ret=0; | 764 | { |
| 765 | int ret = 0; | ||
| 788 | const SSL_METHOD *meth; | 766 | const SSL_METHOD *meth; |
| 789 | 767 | ||
| 790 | if (session != NULL) | 768 | if (session != NULL) { |
| 791 | { | 769 | meth = s->ctx->method->get_ssl_method(session->ssl_version); |
| 792 | meth=s->ctx->method->get_ssl_method(session->ssl_version); | ||
| 793 | if (meth == NULL) | 770 | if (meth == NULL) |
| 794 | meth=s->method->get_ssl_method(session->ssl_version); | 771 | meth = s->method->get_ssl_method(session->ssl_version); |
| 795 | if (meth == NULL) | 772 | if (meth == NULL) { |
| 796 | { | 773 | SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); |
| 797 | SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); | 774 | return (0); |
| 798 | return(0); | 775 | } |
| 799 | } | ||
| 800 | 776 | ||
| 801 | if (meth != s->method) | 777 | if (meth != s->method) { |
| 802 | { | 778 | if (!SSL_set_ssl_method(s, meth)) |
| 803 | if (!SSL_set_ssl_method(s,meth)) | 779 | return (0); |
| 804 | return(0); | 780 | } |
| 805 | } | ||
| 806 | 781 | ||
| 807 | #ifndef OPENSSL_NO_KRB5 | 782 | #ifndef OPENSSL_NO_KRB5 |
| 808 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | 783 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && |
| 809 | session->krb5_client_princ_len > 0) | 784 | session->krb5_client_princ_len > 0) { |
| 810 | { | 785 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); |
| 811 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); | 786 | memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, |
| 812 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | 787 | session->krb5_client_princ_len); |
| 813 | session->krb5_client_princ_len); | 788 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; |
| 814 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | 789 | } |
| 815 | } | ||
| 816 | #endif /* OPENSSL_NO_KRB5 */ | 790 | #endif /* OPENSSL_NO_KRB5 */ |
| 817 | 791 | ||
| 818 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | 792 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ |
| 819 | CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); | 793 | CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 820 | if (s->session != NULL) | 794 | if (s->session != NULL) |
| 821 | SSL_SESSION_free(s->session); | 795 | SSL_SESSION_free(s->session); |
| 822 | s->session=session; | 796 | s->session = session; |
| 823 | s->verify_result = s->session->verify_result; | 797 | s->verify_result = s->session->verify_result; |
| 824 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | 798 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ |
| 825 | ret=1; | 799 | ret = 1; |
| 826 | } | 800 | } else { |
| 827 | else | 801 | if (s->session != NULL) { |
| 828 | { | ||
| 829 | if (s->session != NULL) | ||
| 830 | { | ||
| 831 | SSL_SESSION_free(s->session); | 802 | SSL_SESSION_free(s->session); |
| 832 | s->session=NULL; | 803 | s->session = NULL; |
| 833 | } | 804 | } |
| 834 | 805 | ||
| 835 | meth=s->ctx->method; | 806 | meth = s->ctx->method; |
| 836 | if (meth != s->method) | 807 | if (meth != s->method) { |
| 837 | { | 808 | if (!SSL_set_ssl_method(s, meth)) |
| 838 | if (!SSL_set_ssl_method(s,meth)) | 809 | return (0); |
| 839 | return(0); | ||
| 840 | } | ||
| 841 | ret=1; | ||
| 842 | } | 810 | } |
| 843 | return(ret); | 811 | ret = 1; |
| 844 | } | 812 | } |
| 813 | return (ret); | ||
| 814 | } | ||
| 845 | 815 | ||
| 846 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) | 816 | long |
| 847 | { | 817 | SSL_SESSION_set_timeout(SSL_SESSION *s, long t) |
| 848 | if (s == NULL) return(0); | 818 | { |
| 849 | s->timeout=t; | 819 | if (s == NULL) |
| 850 | return(1); | 820 | return (0); |
| 851 | } | 821 | s->timeout = t; |
| 822 | return (1); | ||
| 823 | } | ||
| 852 | 824 | ||
| 853 | long SSL_SESSION_get_timeout(const SSL_SESSION *s) | 825 | long |
| 854 | { | 826 | SSL_SESSION_get_timeout(const SSL_SESSION *s) |
| 855 | if (s == NULL) return(0); | 827 | { |
| 856 | return(s->timeout); | 828 | if (s == NULL) |
| 857 | } | 829 | return (0); |
| 830 | return (s->timeout); | ||
| 831 | } | ||
| 858 | 832 | ||
| 859 | long SSL_SESSION_get_time(const SSL_SESSION *s) | 833 | long |
| 860 | { | 834 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 861 | if (s == NULL) return(0); | 835 | { |
| 862 | return(s->time); | 836 | if (s == NULL) |
| 863 | } | 837 | return (0); |
| 838 | return (s->time); | ||
| 839 | } | ||
| 864 | 840 | ||
| 865 | long SSL_SESSION_set_time(SSL_SESSION *s, long t) | 841 | long |
| 866 | { | 842 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 867 | if (s == NULL) return(0); | 843 | { |
| 868 | s->time=t; | 844 | if (s == NULL) |
| 869 | return(t); | 845 | return (0); |
| 870 | } | 846 | s->time = t; |
| 847 | return (t); | ||
| 848 | } | ||
| 871 | 849 | ||
| 872 | X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) | 850 | X509 |
| 873 | { | 851 | *SSL_SESSION_get0_peer(SSL_SESSION *s) |
| 852 | { | ||
| 874 | return s->peer; | 853 | return s->peer; |
| 875 | } | 854 | } |
| 876 | 855 | ||
| 877 | int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, | 856 | int |
| 878 | unsigned int sid_ctx_len) | 857 | SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, |
| 879 | { | 858 | unsigned int sid_ctx_len) |
| 880 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 859 | { |
| 881 | { | 860 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 882 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 861 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 883 | return 0; | 862 | return 0; |
| 884 | } | 863 | } |
| 885 | s->sid_ctx_length=sid_ctx_len; | 864 | s->sid_ctx_length = sid_ctx_len; |
| 886 | memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); | 865 | memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); |
| 887 | 866 | ||
| 888 | return 1; | 867 | return 1; |
| 889 | } | 868 | } |
| 890 | 869 | ||
| 891 | long SSL_CTX_set_timeout(SSL_CTX *s, long t) | 870 | long |
| 892 | { | 871 | SSL_CTX_set_timeout(SSL_CTX *s, long t) |
| 872 | { | ||
| 893 | long l; | 873 | long l; |
| 894 | if (s == NULL) return(0); | 874 | if (s == NULL) |
| 895 | l=s->session_timeout; | 875 | return (0); |
| 896 | s->session_timeout=t; | 876 | l = s->session_timeout; |
| 897 | return(l); | 877 | s->session_timeout = t; |
| 898 | } | 878 | return (l); |
| 879 | } | ||
| 899 | 880 | ||
| 900 | long SSL_CTX_get_timeout(const SSL_CTX *s) | 881 | long |
| 901 | { | 882 | SSL_CTX_get_timeout(const SSL_CTX *s) |
| 902 | if (s == NULL) return(0); | 883 | { |
| 903 | return(s->session_timeout); | 884 | if (s == NULL) |
| 904 | } | 885 | return (0); |
| 886 | return (s->session_timeout); | ||
| 887 | } | ||
| 905 | 888 | ||
| 906 | #ifndef OPENSSL_NO_TLSEXT | 889 | #ifndef OPENSSL_NO_TLSEXT |
| 907 | int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, | 890 | int |
| 908 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) | 891 | SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, |
| 909 | { | 892 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) |
| 910 | if (s == NULL) return(0); | 893 | { |
| 894 | if (s == NULL) | ||
| 895 | return (0); | ||
| 911 | s->tls_session_secret_cb = tls_session_secret_cb; | 896 | s->tls_session_secret_cb = tls_session_secret_cb; |
| 912 | s->tls_session_secret_cb_arg = arg; | 897 | s->tls_session_secret_cb_arg = arg; |
| 913 | return(1); | 898 | return (1); |
| 914 | } | 899 | } |
| 915 | 900 | ||
| 916 | int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | 901 | int |
| 917 | void *arg) | 902 | SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, |
| 918 | { | 903 | void *arg) |
| 919 | if (s == NULL) return(0); | 904 | { |
| 905 | if (s == NULL) | ||
| 906 | return (0); | ||
| 920 | s->tls_session_ticket_ext_cb = cb; | 907 | s->tls_session_ticket_ext_cb = cb; |
| 921 | s->tls_session_ticket_ext_cb_arg = arg; | 908 | s->tls_session_ticket_ext_cb_arg = arg; |
| 922 | return(1); | 909 | return (1); |
| 923 | } | 910 | } |
| 924 | 911 | ||
| 925 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) | 912 | int |
| 926 | { | 913 | SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) |
| 927 | if (s->version >= TLS1_VERSION) | 914 | { |
| 928 | { | 915 | if (s->version >= TLS1_VERSION) { |
| 929 | if (s->tlsext_session_ticket) | 916 | if (s->tlsext_session_ticket) { |
| 930 | { | ||
| 931 | OPENSSL_free(s->tlsext_session_ticket); | 917 | OPENSSL_free(s->tlsext_session_ticket); |
| 932 | s->tlsext_session_ticket = NULL; | 918 | s->tlsext_session_ticket = NULL; |
| 933 | } | 919 | } |
| 934 | 920 | ||
| 935 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); | 921 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); |
| 936 | if (!s->tlsext_session_ticket) | 922 | if (!s->tlsext_session_ticket) { |
| 937 | { | ||
| 938 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); | 923 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); |
| 939 | return 0; | 924 | return 0; |
| 940 | } | 925 | } |
| 941 | 926 | ||
| 942 | if (ext_data) | 927 | if (ext_data) { |
| 943 | { | ||
| 944 | s->tlsext_session_ticket->length = ext_len; | 928 | s->tlsext_session_ticket->length = ext_len; |
| 945 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; | 929 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; |
| 946 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); | 930 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); |
| 947 | } | 931 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | s->tlsext_session_ticket->length = 0; | 932 | s->tlsext_session_ticket->length = 0; |
| 951 | s->tlsext_session_ticket->data = NULL; | 933 | s->tlsext_session_ticket->data = NULL; |
| 952 | } | 934 | } |
| 953 | 935 | ||
| 954 | return 1; | 936 | return 1; |
| 955 | } | 937 | } |
| 956 | 938 | ||
| 957 | return 0; | 939 | return 0; |
| 958 | } | 940 | } |
| 959 | #endif /* OPENSSL_NO_TLSEXT */ | 941 | #endif /* OPENSSL_NO_TLSEXT */ |
| 960 | 942 | ||
| 961 | typedef struct timeout_param_st | 943 | typedef struct timeout_param_st { |
| 962 | { | ||
| 963 | SSL_CTX *ctx; | 944 | SSL_CTX *ctx; |
| 964 | long time; | 945 | long time; |
| 965 | LHASH_OF(SSL_SESSION) *cache; | 946 | LHASH_OF(SSL_SESSION) *cache; |
| 966 | } TIMEOUT_PARAM; | 947 | } TIMEOUT_PARAM; |
| 967 | 948 | ||
| 968 | static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 949 | static void |
| 969 | { | 950 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 951 | { | ||
| 970 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 952 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ |
| 971 | { | 953 | { |
| 972 | /* The reason we don't call SSL_CTX_remove_session() is to | 954 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 973 | * save on locking overhead */ | 955 | * save on locking overhead */ |
| 974 | (void)lh_SSL_SESSION_delete(p->cache,s); | 956 | (void)lh_SSL_SESSION_delete(p->cache, s); |
| 975 | SSL_SESSION_list_remove(p->ctx,s); | 957 | SSL_SESSION_list_remove(p->ctx, s); |
| 976 | s->not_resumable=1; | 958 | s->not_resumable = 1; |
| 977 | if (p->ctx->remove_session_cb != NULL) | 959 | if (p->ctx->remove_session_cb != NULL) |
| 978 | p->ctx->remove_session_cb(p->ctx,s); | 960 | p->ctx->remove_session_cb(p->ctx, s); |
| 979 | SSL_SESSION_free(s); | 961 | SSL_SESSION_free(s); |
| 980 | } | ||
| 981 | } | 962 | } |
| 963 | } | ||
| 982 | 964 | ||
| 983 | static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 965 | static |
| 966 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | ||
| 984 | 967 | ||
| 985 | void SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 968 | void |
| 986 | { | 969 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 970 | { | ||
| 987 | unsigned long i; | 971 | unsigned long i; |
| 988 | TIMEOUT_PARAM tp; | 972 | TIMEOUT_PARAM tp; |
| 989 | 973 | ||
| 990 | tp.ctx=s; | 974 | tp.ctx = s; |
| 991 | tp.cache=s->sessions; | 975 | tp.cache = s->sessions; |
| 992 | if (tp.cache == NULL) return; | 976 | if (tp.cache == NULL) |
| 993 | tp.time=t; | 977 | return; |
| 978 | tp.time = t; | ||
| 994 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 979 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 995 | i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | 980 | i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; |
| 996 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; | 981 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; |
| 997 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | 982 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), |
| 998 | TIMEOUT_PARAM, &tp); | 983 | TIMEOUT_PARAM, &tp); |
| 999 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; | 984 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; |
| 1000 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 985 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 1001 | } | 986 | } |
| 1002 | 987 | ||
| 1003 | int ssl_clear_bad_session(SSL *s) | 988 | int |
| 1004 | { | 989 | ssl_clear_bad_session(SSL *s) |
| 1005 | if ( (s->session != NULL) && | 990 | { |
| 991 | if ((s->session != NULL) && | ||
| 1006 | !(s->shutdown & SSL_SENT_SHUTDOWN) && | 992 | !(s->shutdown & SSL_SENT_SHUTDOWN) && |
| 1007 | !(SSL_in_init(s) || SSL_in_before(s))) | 993 | !(SSL_in_init(s) || SSL_in_before(s))) { |
| 1008 | { | 994 | SSL_CTX_remove_session(s->ctx, s->session); |
| 1009 | SSL_CTX_remove_session(s->ctx,s->session); | 995 | return (1); |
| 1010 | return(1); | 996 | } else |
| 1011 | } | 997 | return (0); |
| 1012 | else | 998 | } |
| 1013 | return(0); | ||
| 1014 | } | ||
| 1015 | 999 | ||
| 1016 | /* locked by SSL_CTX in the calling function */ | 1000 | /* locked by SSL_CTX in the calling function */ |
| 1017 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) | 1001 | static void |
| 1018 | { | 1002 | SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) |
| 1019 | if ((s->next == NULL) || (s->prev == NULL)) return; | 1003 | { |
| 1004 | if ((s->next == NULL) | ||
| 1005 | || (s->prev == NULL)) return; | ||
| 1020 | 1006 | ||
| 1021 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) | 1007 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) |
| 1022 | { /* last element in list */ | 1008 | { /* last element in list */ |
| 1023 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1009 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1024 | { /* only one element in list */ | 1010 | { /* only one element in list */ |
| 1025 | ctx->session_cache_head=NULL; | 1011 | ctx->session_cache_head = NULL; |
| 1026 | ctx->session_cache_tail=NULL; | 1012 | ctx->session_cache_tail = NULL; |
| 1027 | } | 1013 | } else { |
| 1028 | else | 1014 | ctx->session_cache_tail = s->prev; |
| 1029 | { | 1015 | s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1030 | ctx->session_cache_tail=s->prev; | ||
| 1031 | s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); | ||
| 1032 | } | ||
| 1033 | } | 1016 | } |
| 1034 | else | 1017 | } else { |
| 1035 | { | ||
| 1036 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1018 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1037 | { /* first element in list */ | 1019 | { /* first element in list */ |
| 1038 | ctx->session_cache_head=s->next; | 1020 | ctx->session_cache_head = s->next; |
| 1039 | s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1021 | s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1040 | } | 1022 | } else |
| 1041 | else | 1023 | { /* middle of list */ |
| 1042 | { /* middle of list */ | 1024 | s->next->prev = s->prev; |
| 1043 | s->next->prev=s->prev; | 1025 | s->prev->next = s->next; |
| 1044 | s->prev->next=s->next; | ||
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1047 | s->prev=s->next=NULL; | ||
| 1048 | } | 1027 | } |
| 1028 | s->prev = s->next = NULL; | ||
| 1029 | } | ||
| 1049 | 1030 | ||
| 1050 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | 1031 | static void |
| 1051 | { | 1032 | SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) |
| 1033 | { | ||
| 1052 | if ((s->next != NULL) && (s->prev != NULL)) | 1034 | if ((s->next != NULL) && (s->prev != NULL)) |
| 1053 | SSL_SESSION_list_remove(ctx,s); | 1035 | SSL_SESSION_list_remove(ctx, s); |
| 1054 | 1036 | ||
| 1055 | if (ctx->session_cache_head == NULL) | 1037 | if (ctx->session_cache_head == NULL) { |
| 1056 | { | 1038 | ctx->session_cache_head = s; |
| 1057 | ctx->session_cache_head=s; | 1039 | ctx->session_cache_tail = s; |
| 1058 | ctx->session_cache_tail=s; | 1040 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1059 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1041 | s->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1060 | s->next=(SSL_SESSION *)&(ctx->session_cache_tail); | 1042 | } else { |
| 1061 | } | 1043 | s->next = ctx->session_cache_head; |
| 1062 | else | 1044 | s->next->prev = s; |
| 1063 | { | 1045 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1064 | s->next=ctx->session_cache_head; | 1046 | ctx->session_cache_head = s; |
| 1065 | s->next->prev=s; | ||
| 1066 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | ||
| 1067 | ctx->session_cache_head=s; | ||
| 1068 | } | ||
| 1069 | } | 1047 | } |
| 1048 | } | ||
| 1070 | 1049 | ||
| 1071 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | 1050 | void |
| 1072 | int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) | 1051 | SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, |
| 1073 | { | 1052 | int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { |
| 1074 | ctx->new_session_cb=cb; | 1053 | ctx->new_session_cb = cb; |
| 1075 | } | 1054 | } |
| 1076 | 1055 | ||
| 1077 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | 1056 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) |
| 1078 | { | 1057 | { |
| 1079 | return ctx->new_session_cb; | 1058 | return ctx->new_session_cb; |
| 1080 | } | 1059 | } |
| 1081 | 1060 | ||
| 1082 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | 1061 | void |
| 1083 | void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) | 1062 | SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, |
| 1084 | { | 1063 | void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) |
| 1085 | ctx->remove_session_cb=cb; | 1064 | { |
| 1086 | } | 1065 | ctx->remove_session_cb = cb; |
| 1066 | } | ||
| 1087 | 1067 | ||
| 1088 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) | 1068 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) |
| 1089 | { | 1069 | { |
| 1090 | return ctx->remove_session_cb; | 1070 | return ctx->remove_session_cb; |
| 1091 | } | 1071 | } |
| 1092 | 1072 | ||
| 1093 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | 1073 | void |
| 1094 | SSL_SESSION *(*cb)(struct ssl_st *ssl, | 1074 | SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, |
| 1095 | unsigned char *data,int len,int *copy)) | 1075 | SSL_SESSION *(*cb)(struct ssl_st *ssl, |
| 1096 | { | 1076 | unsigned char *data, int len, int *copy)) |
| 1097 | ctx->get_session_cb=cb; | 1077 | { |
| 1098 | } | 1078 | ctx->get_session_cb = cb; |
| 1079 | } | ||
| 1099 | 1080 | ||
| 1100 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, | 1081 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, |
| 1101 | unsigned char *data,int len,int *copy) | 1082 | unsigned char *data, int len, int *copy) |
| 1102 | { | 1083 | { |
| 1103 | return ctx->get_session_cb; | 1084 | return ctx->get_session_cb; |
| 1104 | } | 1085 | } |
| 1105 | 1086 | ||
| 1106 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, | 1087 | void |
| 1107 | void (*cb)(const SSL *ssl,int type,int val)) | 1088 | SSL_CTX_set_info_callback(SSL_CTX *ctx, |
| 1108 | { | 1089 | void (*cb)(const SSL *ssl, int type, int val)) |
| 1109 | ctx->info_callback=cb; | 1090 | { |
| 1110 | } | 1091 | ctx->info_callback = cb; |
| 1092 | } | ||
| 1111 | 1093 | ||
| 1112 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) | 1094 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) |
| 1113 | { | 1095 | { |
| 1114 | return ctx->info_callback; | 1096 | return ctx->info_callback; |
| 1115 | } | 1097 | } |
| 1116 | 1098 | ||
| 1117 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | 1099 | void |
| 1118 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | 1100 | SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, |
| 1119 | { | 1101 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) |
| 1120 | ctx->client_cert_cb=cb; | 1102 | { |
| 1121 | } | 1103 | ctx->client_cert_cb = cb; |
| 1104 | } | ||
| 1122 | 1105 | ||
| 1123 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) | 1106 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) |
| 1124 | { | 1107 | { |
| 1125 | return ctx->client_cert_cb; | 1108 | return ctx->client_cert_cb; |
| 1126 | } | 1109 | } |
| 1127 | 1110 | ||
| 1128 | #ifndef OPENSSL_NO_ENGINE | 1111 | #ifndef OPENSSL_NO_ENGINE |
| 1129 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | 1112 | int |
| 1130 | { | 1113 | SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) |
| 1131 | if (!ENGINE_init(e)) | 1114 | { |
| 1132 | { | 1115 | if (!ENGINE_init(e)) { |
| 1133 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); | 1116 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); |
| 1134 | return 0; | 1117 | return 0; |
| 1135 | } | 1118 | } |
| 1136 | if(!ENGINE_get_ssl_client_cert_function(e)) | 1119 | if (!ENGINE_get_ssl_client_cert_function(e)) { |
| 1137 | { | ||
| 1138 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); | 1120 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); |
| 1139 | ENGINE_finish(e); | 1121 | ENGINE_finish(e); |
| 1140 | return 0; | 1122 | return 0; |
| 1141 | } | 1123 | } |
| 1142 | ctx->client_cert_engine = e; | 1124 | ctx->client_cert_engine = e; |
| 1143 | return 1; | 1125 | return 1; |
| 1144 | } | 1126 | } |
| 1145 | #endif | 1127 | #endif |
| 1146 | 1128 | ||
| 1147 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | 1129 | void |
| 1148 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | 1130 | SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, |
| 1149 | { | 1131 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) |
| 1150 | ctx->app_gen_cookie_cb=cb; | 1132 | { |
| 1151 | } | 1133 | ctx->app_gen_cookie_cb = cb; |
| 1134 | } | ||
| 1152 | 1135 | ||
| 1153 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | 1136 | void |
| 1154 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | 1137 | SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, |
| 1155 | { | 1138 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) |
| 1156 | ctx->app_verify_cookie_cb=cb; | 1139 | { |
| 1157 | } | 1140 | ctx->app_verify_cookie_cb = cb; |
| 1141 | } | ||
| 1158 | 1142 | ||
| 1159 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) | 1143 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) |
diff --git a/src/lib/libssl/src/ssl/ssl_stat.c b/src/lib/libssl/src/ssl/ssl_stat.c index 144b81e55f..3d9371cdd7 100644 --- a/src/lib/libssl/src/ssl/ssl_stat.c +++ b/src/lib/libssl/src/ssl/ssl_stat.c | |||
| @@ -85,311 +85,533 @@ | |||
| 85 | #include <stdio.h> | 85 | #include <stdio.h> |
| 86 | #include "ssl_locl.h" | 86 | #include "ssl_locl.h" |
| 87 | 87 | ||
| 88 | const char *SSL_state_string_long(const SSL *s) | 88 | const char |
| 89 | { | 89 | *SSL_state_string_long(const SSL *s) |
| 90 | { | ||
| 90 | const char *str; | 91 | const char *str; |
| 91 | 92 | ||
| 92 | switch (s->state) | 93 | switch (s->state) { |
| 93 | { | 94 | case SSL_ST_BEFORE: |
| 94 | case SSL_ST_BEFORE: str="before SSL initialization"; break; | 95 | str="before SSL initialization"; break; |
| 95 | case SSL_ST_ACCEPT: str="before accept initialization"; break; | 96 | case SSL_ST_ACCEPT: |
| 96 | case SSL_ST_CONNECT: str="before connect initialization"; break; | 97 | str="before accept initialization"; break; |
| 97 | case SSL_ST_OK: str="SSL negotiation finished successfully"; break; | 98 | case SSL_ST_CONNECT: |
| 98 | case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; | 99 | str="before connect initialization"; break; |
| 99 | case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; | 100 | case SSL_ST_OK: |
| 100 | case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; | 101 | str="SSL negotiation finished successfully"; break; |
| 101 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; | 102 | case SSL_ST_RENEGOTIATE: |
| 102 | case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; | 103 | str="SSL renegotiate ciphers"; break; |
| 104 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 105 | str="before/connect initialization"; break; | ||
| 106 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 107 | str="ok/connect SSL initialization"; break; | ||
| 108 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 109 | str="before/accept initialization"; break; | ||
| 110 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 111 | str="ok/accept SSL initialization"; break; | ||
| 103 | #ifndef OPENSSL_NO_SSL2 | 112 | #ifndef OPENSSL_NO_SSL2 |
| 104 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; | 113 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 105 | case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; | 114 | str="SSLv2 client start encryption"; break; |
| 106 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; | 115 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 107 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; | 116 | str="SSLv2 server start encryption"; break; |
| 108 | case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; | 117 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 109 | case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; | 118 | str="SSLv2 write client hello A"; break; |
| 110 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; | 119 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 111 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; | 120 | str="SSLv2 write client hello B"; break; |
| 112 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; | 121 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 113 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; | 122 | str="SSLv2 read server hello A"; break; |
| 114 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; | 123 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 115 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; | 124 | str="SSLv2 read server hello B"; break; |
| 116 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; | 125 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 117 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; | 126 | str="SSLv2 write client master key A"; break; |
| 118 | case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; | 127 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 119 | case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; | 128 | str="SSLv2 write client master key B"; break; |
| 120 | case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; | 129 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 121 | case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; | 130 | str="SSLv2 write client finished A"; break; |
| 122 | case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; | 131 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 123 | case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; | 132 | str="SSLv2 write client finished B"; break; |
| 124 | case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; | 133 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 125 | case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; | 134 | str="SSLv2 write client certificate A"; break; |
| 126 | case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; | 135 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 127 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; | 136 | str="SSLv2 write client certificate B"; break; |
| 128 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; | 137 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 129 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; | 138 | str="SSLv2 write client certificate C"; break; |
| 130 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; | 139 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 131 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; | 140 | str="SSLv2 write client certificate D"; break; |
| 132 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; | 141 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 133 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; | 142 | str="SSLv2 read server verify A"; break; |
| 134 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; | 143 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 135 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; | 144 | str="SSLv2 read server verify B"; break; |
| 136 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; | 145 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 137 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; | 146 | str="SSLv2 read server finished A"; break; |
| 138 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; | 147 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 139 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; | 148 | str="SSLv2 read server finished B"; break; |
| 140 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; | 149 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 141 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; | 150 | str="SSLv2 read client hello A"; break; |
| 151 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 152 | str="SSLv2 read client hello B"; break; | ||
| 153 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 154 | str="SSLv2 read client hello C"; break; | ||
| 155 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 156 | str="SSLv2 write server hello A"; break; | ||
| 157 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 158 | str="SSLv2 write server hello B"; break; | ||
| 159 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 160 | str="SSLv2 read client master key A"; break; | ||
| 161 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 162 | str="SSLv2 read client master key B"; break; | ||
| 163 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 164 | str="SSLv2 write server verify A"; break; | ||
| 165 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 166 | str="SSLv2 write server verify B"; break; | ||
| 167 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 168 | str="SSLv2 write server verify C"; break; | ||
| 169 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 170 | str="SSLv2 read client finished A"; break; | ||
| 171 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 172 | str="SSLv2 read client finished B"; break; | ||
| 173 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 174 | str="SSLv2 write server finished A"; break; | ||
| 175 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 176 | str="SSLv2 write server finished B"; break; | ||
| 177 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 178 | str="SSLv2 write request certificate A"; break; | ||
| 179 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 180 | str="SSLv2 write request certificate B"; break; | ||
| 181 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 182 | str="SSLv2 write request certificate C"; break; | ||
| 183 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 184 | str="SSLv2 write request certificate D"; break; | ||
| 185 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 186 | str="SSLv2 X509 read server certificate"; break; | ||
| 187 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 188 | str="SSLv2 X509 read client certificate"; break; | ||
| 142 | #endif | 189 | #endif |
| 143 | 190 | ||
| 144 | #ifndef OPENSSL_NO_SSL3 | 191 | #ifndef OPENSSL_NO_SSL3 |
| 145 | /* SSLv3 additions */ | 192 | /* SSLv3 additions */ |
| 146 | case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; | 193 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 147 | case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; | 194 | str="SSLv3 write client hello A"; break; |
| 148 | case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; | 195 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 149 | case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; | 196 | str="SSLv3 write client hello B"; break; |
| 150 | case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; | 197 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 151 | case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; | 198 | str="SSLv3 read server hello A"; break; |
| 152 | case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; | 199 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 153 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; | 200 | str="SSLv3 read server hello B"; break; |
| 154 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; | 201 | case SSL3_ST_CR_CERT_A: |
| 155 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; | 202 | str="SSLv3 read server certificate A"; break; |
| 156 | case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; | 203 | case SSL3_ST_CR_CERT_B: |
| 157 | case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; | 204 | str="SSLv3 read server certificate B"; break; |
| 158 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | 205 | case SSL3_ST_CR_KEY_EXCH_A: |
| 159 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | 206 | str="SSLv3 read server key exchange A"; break; |
| 160 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | 207 | case SSL3_ST_CR_KEY_EXCH_B: |
| 161 | case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; | 208 | str="SSLv3 read server key exchange B"; break; |
| 162 | case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; | 209 | case SSL3_ST_CR_CERT_REQ_A: |
| 163 | case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; | 210 | str="SSLv3 read server certificate request A"; break; |
| 164 | case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; | 211 | case SSL3_ST_CR_CERT_REQ_B: |
| 165 | case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; | 212 | str="SSLv3 read server certificate request B"; break; |
| 166 | case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; | 213 | case SSL3_ST_CR_SESSION_TICKET_A: |
| 167 | case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; | 214 | str="SSLv3 read server session ticket A";break; |
| 215 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 216 | str="SSLv3 read server session ticket B";break; | ||
| 217 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 218 | str="SSLv3 read server done A"; break; | ||
| 219 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 220 | str="SSLv3 read server done B"; break; | ||
| 221 | case SSL3_ST_CW_CERT_A: | ||
| 222 | str="SSLv3 write client certificate A"; break; | ||
| 223 | case SSL3_ST_CW_CERT_B: | ||
| 224 | str="SSLv3 write client certificate B"; break; | ||
| 225 | case SSL3_ST_CW_CERT_C: | ||
| 226 | str="SSLv3 write client certificate C"; break; | ||
| 227 | case SSL3_ST_CW_CERT_D: | ||
| 228 | str="SSLv3 write client certificate D"; break; | ||
| 229 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 230 | str="SSLv3 write client key exchange A"; break; | ||
| 231 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 232 | str="SSLv3 write client key exchange B"; break; | ||
| 233 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 234 | str="SSLv3 write certificate verify A"; break; | ||
| 235 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 236 | str="SSLv3 write certificate verify B"; break; | ||
| 168 | 237 | ||
| 169 | case SSL3_ST_CW_CHANGE_A: | 238 | case SSL3_ST_CW_CHANGE_A: |
| 170 | case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; | 239 | case SSL3_ST_SW_CHANGE_A: |
| 171 | case SSL3_ST_CW_CHANGE_B: | 240 | str="SSLv3 write change cipher spec A"; break; |
| 172 | case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; | 241 | case SSL3_ST_CW_CHANGE_B: |
| 173 | case SSL3_ST_CW_FINISHED_A: | 242 | case SSL3_ST_SW_CHANGE_B: |
| 174 | case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; | 243 | str="SSLv3 write change cipher spec B"; break; |
| 175 | case SSL3_ST_CW_FINISHED_B: | 244 | case SSL3_ST_CW_FINISHED_A: |
| 176 | case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; | 245 | case SSL3_ST_SW_FINISHED_A: |
| 177 | case SSL3_ST_CR_CHANGE_A: | 246 | str="SSLv3 write finished A"; break; |
| 178 | case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; | 247 | case SSL3_ST_CW_FINISHED_B: |
| 179 | case SSL3_ST_CR_CHANGE_B: | 248 | case SSL3_ST_SW_FINISHED_B: |
| 180 | case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; | 249 | str="SSLv3 write finished B"; break; |
| 181 | case SSL3_ST_CR_FINISHED_A: | 250 | case SSL3_ST_CR_CHANGE_A: |
| 182 | case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; | 251 | case SSL3_ST_SR_CHANGE_A: |
| 183 | case SSL3_ST_CR_FINISHED_B: | 252 | str="SSLv3 read change cipher spec A"; break; |
| 184 | case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; | 253 | case SSL3_ST_CR_CHANGE_B: |
| 254 | case SSL3_ST_SR_CHANGE_B: | ||
| 255 | str="SSLv3 read change cipher spec B"; break; | ||
| 256 | case SSL3_ST_CR_FINISHED_A: | ||
| 257 | case SSL3_ST_SR_FINISHED_A: | ||
| 258 | str="SSLv3 read finished A"; break; | ||
| 259 | case SSL3_ST_CR_FINISHED_B: | ||
| 260 | case SSL3_ST_SR_FINISHED_B: | ||
| 261 | str="SSLv3 read finished B"; break; | ||
| 185 | 262 | ||
| 186 | case SSL3_ST_CW_FLUSH: | 263 | case SSL3_ST_CW_FLUSH: |
| 187 | case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; | 264 | case SSL3_ST_SW_FLUSH: |
| 265 | str="SSLv3 flush data"; break; | ||
| 188 | 266 | ||
| 189 | case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; | 267 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 190 | case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; | 268 | str="SSLv3 read client hello A"; break; |
| 191 | case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; | 269 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 192 | case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; | 270 | str="SSLv3 read client hello B"; break; |
| 193 | case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; | 271 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 194 | case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; | 272 | str="SSLv3 read client hello C"; break; |
| 195 | case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; | 273 | case SSL3_ST_SW_HELLO_REQ_A: |
| 196 | case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; | 274 | str="SSLv3 write hello request A"; break; |
| 197 | case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; | 275 | case SSL3_ST_SW_HELLO_REQ_B: |
| 198 | case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; | 276 | str="SSLv3 write hello request B"; break; |
| 199 | case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; | 277 | case SSL3_ST_SW_HELLO_REQ_C: |
| 200 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; | 278 | str="SSLv3 write hello request C"; break; |
| 201 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; | 279 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 202 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; | 280 | str="SSLv3 write server hello A"; break; |
| 203 | case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; | 281 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 204 | case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; | 282 | str="SSLv3 write server hello B"; break; |
| 205 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; | 283 | case SSL3_ST_SW_CERT_A: |
| 206 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; | 284 | str="SSLv3 write certificate A"; break; |
| 207 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; | 285 | case SSL3_ST_SW_CERT_B: |
| 208 | case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; | 286 | str="SSLv3 write certificate B"; break; |
| 209 | case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; | 287 | case SSL3_ST_SW_KEY_EXCH_A: |
| 210 | case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; | 288 | str="SSLv3 write key exchange A"; break; |
| 211 | case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; | 289 | case SSL3_ST_SW_KEY_EXCH_B: |
| 212 | case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; | 290 | str="SSLv3 write key exchange B"; break; |
| 291 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 292 | str="SSLv3 write certificate request A"; break; | ||
| 293 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 294 | str="SSLv3 write certificate request B"; break; | ||
| 295 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 296 | str="SSLv3 write session ticket A"; break; | ||
| 297 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 298 | str="SSLv3 write session ticket B"; break; | ||
| 299 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 300 | str="SSLv3 write server done A"; break; | ||
| 301 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 302 | str="SSLv3 write server done B"; break; | ||
| 303 | case SSL3_ST_SR_CERT_A: | ||
| 304 | str="SSLv3 read client certificate A"; break; | ||
| 305 | case SSL3_ST_SR_CERT_B: | ||
| 306 | str="SSLv3 read client certificate B"; break; | ||
| 307 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 308 | str="SSLv3 read client key exchange A"; break; | ||
| 309 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 310 | str="SSLv3 read client key exchange B"; break; | ||
| 311 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 312 | str="SSLv3 read certificate verify A"; break; | ||
| 313 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 314 | str="SSLv3 read certificate verify B"; break; | ||
| 213 | #endif | 315 | #endif |
| 214 | 316 | ||
| 215 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 317 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 216 | /* SSLv2/v3 compatibility states */ | 318 | /* SSLv2/v3 compatibility states */ |
| 217 | /* client */ | 319 | /* client */ |
| 218 | case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; | 320 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 219 | case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; | 321 | str="SSLv2/v3 write client hello A"; break; |
| 220 | case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; | 322 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 221 | case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; | 323 | str="SSLv2/v3 write client hello B"; break; |
| 324 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 325 | str="SSLv2/v3 read server hello A"; break; | ||
| 326 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 327 | str="SSLv2/v3 read server hello B"; break; | ||
| 222 | /* server */ | 328 | /* server */ |
| 223 | case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; | 329 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 224 | case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; | 330 | str="SSLv2/v3 read client hello A"; break; |
| 331 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 332 | str="SSLv2/v3 read client hello B"; break; | ||
| 225 | #endif | 333 | #endif |
| 226 | 334 | ||
| 227 | /* DTLS */ | 335 | /* DTLS */ |
| 228 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; | 336 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 229 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; | 337 | str="DTLS1 read hello verify request A"; break; |
| 230 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; | 338 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 231 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; | 339 | str="DTLS1 read hello verify request B"; break; |
| 340 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 341 | str="DTLS1 write hello verify request A"; break; | ||
| 342 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 343 | str="DTLS1 write hello verify request B"; break; | ||
| 232 | 344 | ||
| 233 | default: str="unknown state"; break; | 345 | default: |
| 234 | } | 346 | str="unknown state"; break; |
| 235 | return(str); | ||
| 236 | } | 347 | } |
| 348 | return (str); | ||
| 349 | } | ||
| 237 | 350 | ||
| 238 | const char *SSL_rstate_string_long(const SSL *s) | 351 | const char |
| 239 | { | 352 | *SSL_rstate_string_long(const SSL *s) |
| 353 | { | ||
| 240 | const char *str; | 354 | const char *str; |
| 241 | 355 | ||
| 242 | switch (s->rstate) | 356 | switch (s->rstate) { |
| 243 | { | 357 | case SSL_ST_READ_HEADER: |
| 244 | case SSL_ST_READ_HEADER: str="read header"; break; | 358 | str="read header"; break; |
| 245 | case SSL_ST_READ_BODY: str="read body"; break; | 359 | case SSL_ST_READ_BODY: |
| 246 | case SSL_ST_READ_DONE: str="read done"; break; | 360 | str="read body"; break; |
| 247 | default: str="unknown"; break; | 361 | case SSL_ST_READ_DONE: |
| 248 | } | 362 | str="read done"; break; |
| 249 | return(str); | 363 | default: |
| 364 | str="unknown"; break; | ||
| 250 | } | 365 | } |
| 366 | return (str); | ||
| 367 | } | ||
| 251 | 368 | ||
| 252 | const char *SSL_state_string(const SSL *s) | 369 | const char |
| 253 | { | 370 | *SSL_state_string(const SSL *s) |
| 371 | { | ||
| 254 | const char *str; | 372 | const char *str; |
| 255 | 373 | ||
| 256 | switch (s->state) | 374 | switch (s->state) { |
| 257 | { | 375 | case SSL_ST_BEFORE: |
| 258 | case SSL_ST_BEFORE: str="PINIT "; break; | 376 | str="PINIT "; break; |
| 259 | case SSL_ST_ACCEPT: str="AINIT "; break; | 377 | case SSL_ST_ACCEPT: |
| 260 | case SSL_ST_CONNECT: str="CINIT "; break; | 378 | str="AINIT "; break; |
| 261 | case SSL_ST_OK: str="SSLOK "; break; | 379 | case SSL_ST_CONNECT: |
| 380 | str="CINIT "; break; | ||
| 381 | case SSL_ST_OK: | ||
| 382 | str="SSLOK "; break; | ||
| 262 | #ifndef OPENSSL_NO_SSL2 | 383 | #ifndef OPENSSL_NO_SSL2 |
| 263 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; | 384 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 264 | case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; | 385 | str="2CSENC"; break; |
| 265 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; | 386 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 266 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; | 387 | str="2SSENC"; break; |
| 267 | case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; | 388 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 268 | case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; | 389 | str="2SCH_A"; break; |
| 269 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; | 390 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 270 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; | 391 | str="2SCH_B"; break; |
| 271 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; | 392 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 272 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; | 393 | str="2GSH_A"; break; |
| 273 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; | 394 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 274 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; | 395 | str="2GSH_B"; break; |
| 275 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; | 396 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 276 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; | 397 | str="2SCMKA"; break; |
| 277 | case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; | 398 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 278 | case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; | 399 | str="2SCMKB"; break; |
| 279 | case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; | 400 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 280 | case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; | 401 | str="2SCF_A"; break; |
| 281 | case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; | 402 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 282 | case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; | 403 | str="2SCF_B"; break; |
| 283 | case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; | 404 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 284 | case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; | 405 | str="2SCC_A"; break; |
| 285 | case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; | 406 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 286 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; | 407 | str="2SCC_B"; break; |
| 287 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; | 408 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 288 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; | 409 | str="2SCC_C"; break; |
| 289 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; | 410 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 290 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; | 411 | str="2SCC_D"; break; |
| 291 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; | 412 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 292 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; | 413 | str="2GSV_A"; break; |
| 293 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; | 414 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 294 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; | 415 | str="2GSV_B"; break; |
| 295 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; | 416 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 296 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; | 417 | str="2GSF_A"; break; |
| 297 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; | 418 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 298 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; | 419 | str="2GSF_B"; break; |
| 299 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; | 420 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 300 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; | 421 | str="2GCH_A"; break; |
| 422 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 423 | str="2GCH_B"; break; | ||
| 424 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 425 | str="2GCH_C"; break; | ||
| 426 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 427 | str="2SSH_A"; break; | ||
| 428 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 429 | str="2SSH_B"; break; | ||
| 430 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 431 | str="2GCMKA"; break; | ||
| 432 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 433 | str="2GCMKA"; break; | ||
| 434 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 435 | str="2SSV_A"; break; | ||
| 436 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 437 | str="2SSV_B"; break; | ||
| 438 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 439 | str="2SSV_C"; break; | ||
| 440 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 441 | str="2GCF_A"; break; | ||
| 442 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 443 | str="2GCF_B"; break; | ||
| 444 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 445 | str="2SSF_A"; break; | ||
| 446 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 447 | str="2SSF_B"; break; | ||
| 448 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 449 | str="2SRC_A"; break; | ||
| 450 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 451 | str="2SRC_B"; break; | ||
| 452 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 453 | str="2SRC_C"; break; | ||
| 454 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 455 | str="2SRC_D"; break; | ||
| 456 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 457 | str="2X9GSC"; break; | ||
| 458 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 459 | str="2X9GCC"; break; | ||
| 301 | #endif | 460 | #endif |
| 302 | 461 | ||
| 303 | #ifndef OPENSSL_NO_SSL3 | 462 | #ifndef OPENSSL_NO_SSL3 |
| 304 | /* SSLv3 additions */ | 463 | /* SSLv3 additions */ |
| 305 | case SSL3_ST_SW_FLUSH: | 464 | case SSL3_ST_SW_FLUSH: |
| 306 | case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; | 465 | case SSL3_ST_CW_FLUSH: |
| 307 | case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; | 466 | str="3FLUSH"; break; |
| 308 | case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; | 467 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 309 | case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; | 468 | str="3WCH_A"; break; |
| 310 | case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; | 469 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 311 | case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; | 470 | str="3WCH_B"; break; |
| 312 | case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; | 471 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 313 | case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; | 472 | str="3RSH_A"; break; |
| 314 | case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; | 473 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 315 | case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; | 474 | str="3RSH_B"; break; |
| 316 | case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; | 475 | case SSL3_ST_CR_CERT_A: |
| 317 | case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; | 476 | str="3RSC_A"; break; |
| 318 | case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; | 477 | case SSL3_ST_CR_CERT_B: |
| 319 | case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; | 478 | str="3RSC_B"; break; |
| 320 | case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; | 479 | case SSL3_ST_CR_KEY_EXCH_A: |
| 321 | case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; | 480 | str="3RSKEA"; break; |
| 322 | case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; | 481 | case SSL3_ST_CR_KEY_EXCH_B: |
| 323 | case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; | 482 | str="3RSKEB"; break; |
| 324 | case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; | 483 | case SSL3_ST_CR_CERT_REQ_A: |
| 325 | case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; | 484 | str="3RCR_A"; break; |
| 326 | case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; | 485 | case SSL3_ST_CR_CERT_REQ_B: |
| 486 | str="3RCR_B"; break; | ||
| 487 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 488 | str="3RSD_A"; break; | ||
| 489 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 490 | str="3RSD_B"; break; | ||
| 491 | case SSL3_ST_CW_CERT_A: | ||
| 492 | str="3WCC_A"; break; | ||
| 493 | case SSL3_ST_CW_CERT_B: | ||
| 494 | str="3WCC_B"; break; | ||
| 495 | case SSL3_ST_CW_CERT_C: | ||
| 496 | str="3WCC_C"; break; | ||
| 497 | case SSL3_ST_CW_CERT_D: | ||
| 498 | str="3WCC_D"; break; | ||
| 499 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 500 | str="3WCKEA"; break; | ||
| 501 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 502 | str="3WCKEB"; break; | ||
| 503 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 504 | str="3WCV_A"; break; | ||
| 505 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 506 | str="3WCV_B"; break; | ||
| 327 | 507 | ||
| 328 | case SSL3_ST_SW_CHANGE_A: | 508 | case SSL3_ST_SW_CHANGE_A: |
| 329 | case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; | 509 | case SSL3_ST_CW_CHANGE_A: |
| 330 | case SSL3_ST_SW_CHANGE_B: | 510 | str="3WCCSA"; break; |
| 331 | case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; | 511 | case SSL3_ST_SW_CHANGE_B: |
| 332 | case SSL3_ST_SW_FINISHED_A: | 512 | case SSL3_ST_CW_CHANGE_B: |
| 333 | case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; | 513 | str="3WCCSB"; break; |
| 334 | case SSL3_ST_SW_FINISHED_B: | 514 | case SSL3_ST_SW_FINISHED_A: |
| 335 | case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; | 515 | case SSL3_ST_CW_FINISHED_A: |
| 336 | case SSL3_ST_SR_CHANGE_A: | 516 | str="3WFINA"; break; |
| 337 | case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; | 517 | case SSL3_ST_SW_FINISHED_B: |
| 338 | case SSL3_ST_SR_CHANGE_B: | 518 | case SSL3_ST_CW_FINISHED_B: |
| 339 | case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; | 519 | str="3WFINB"; break; |
| 340 | case SSL3_ST_SR_FINISHED_A: | 520 | case SSL3_ST_SR_CHANGE_A: |
| 341 | case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; | 521 | case SSL3_ST_CR_CHANGE_A: |
| 342 | case SSL3_ST_SR_FINISHED_B: | 522 | str="3RCCSA"; break; |
| 343 | case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; | 523 | case SSL3_ST_SR_CHANGE_B: |
| 524 | case SSL3_ST_CR_CHANGE_B: | ||
| 525 | str="3RCCSB"; break; | ||
| 526 | case SSL3_ST_SR_FINISHED_A: | ||
| 527 | case SSL3_ST_CR_FINISHED_A: | ||
| 528 | str="3RFINA"; break; | ||
| 529 | case SSL3_ST_SR_FINISHED_B: | ||
| 530 | case SSL3_ST_CR_FINISHED_B: | ||
| 531 | str="3RFINB"; break; | ||
| 344 | 532 | ||
| 345 | case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; | 533 | case SSL3_ST_SW_HELLO_REQ_A: |
| 346 | case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; | 534 | str="3WHR_A"; break; |
| 347 | case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; | 535 | case SSL3_ST_SW_HELLO_REQ_B: |
| 348 | case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; | 536 | str="3WHR_B"; break; |
| 349 | case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; | 537 | case SSL3_ST_SW_HELLO_REQ_C: |
| 350 | case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; | 538 | str="3WHR_C"; break; |
| 351 | case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; | 539 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 352 | case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; | 540 | str="3RCH_A"; break; |
| 353 | case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; | 541 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 354 | case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; | 542 | str="3RCH_B"; break; |
| 355 | case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; | 543 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 356 | case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; | 544 | str="3RCH_C"; break; |
| 357 | case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; | 545 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 358 | case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; | 546 | str="3WSH_A"; break; |
| 359 | case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; | 547 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 360 | case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; | 548 | str="3WSH_B"; break; |
| 361 | case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; | 549 | case SSL3_ST_SW_CERT_A: |
| 362 | case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; | 550 | str="3WSC_A"; break; |
| 363 | case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; | 551 | case SSL3_ST_SW_CERT_B: |
| 364 | case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; | 552 | str="3WSC_B"; break; |
| 365 | case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; | 553 | case SSL3_ST_SW_KEY_EXCH_A: |
| 366 | case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; | 554 | str="3WSKEA"; break; |
| 555 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 556 | str="3WSKEB"; break; | ||
| 557 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 558 | str="3WCR_A"; break; | ||
| 559 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 560 | str="3WCR_B"; break; | ||
| 561 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 562 | str="3WSD_A"; break; | ||
| 563 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 564 | str="3WSD_B"; break; | ||
| 565 | case SSL3_ST_SR_CERT_A: | ||
| 566 | str="3RCC_A"; break; | ||
| 567 | case SSL3_ST_SR_CERT_B: | ||
| 568 | str="3RCC_B"; break; | ||
| 569 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 570 | str="3RCKEA"; break; | ||
| 571 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 572 | str="3RCKEB"; break; | ||
| 573 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 574 | str="3RCV_A"; break; | ||
| 575 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 576 | str="3RCV_B"; break; | ||
| 367 | #endif | 577 | #endif |
| 368 | 578 | ||
| 369 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 579 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 370 | /* SSLv2/v3 compatibility states */ | 580 | /* SSLv2/v3 compatibility states */ |
| 371 | /* client */ | 581 | /* client */ |
| 372 | case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; | 582 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 373 | case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; | 583 | str="23WCHA"; break; |
| 374 | case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; | 584 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 375 | case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; | 585 | str="23WCHB"; break; |
| 586 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 587 | str="23RSHA"; break; | ||
| 588 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 589 | str="23RSHA"; break; | ||
| 376 | /* server */ | 590 | /* server */ |
| 377 | case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; | 591 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 378 | case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; | 592 | str="23RCHA"; break; |
| 593 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 594 | str="23RCHB"; break; | ||
| 379 | #endif | 595 | #endif |
| 380 | /* DTLS */ | 596 | /* DTLS */ |
| 381 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; | 597 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 382 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; | 598 | str="DRCHVA"; break; |
| 383 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; | 599 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 384 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; | 600 | str="DRCHVB"; break; |
| 601 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 602 | str="DWCHVA"; break; | ||
| 603 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 604 | str="DWCHVB"; break; | ||
| 385 | 605 | ||
| 386 | default: str="UNKWN "; break; | 606 | default: |
| 387 | } | 607 | str="UNKWN "; break; |
| 388 | return(str); | ||
| 389 | } | 608 | } |
| 609 | return (str); | ||
| 610 | } | ||
| 390 | 611 | ||
| 391 | const char *SSL_alert_type_string_long(int value) | 612 | const char |
| 392 | { | 613 | *SSL_alert_type_string_long(int value) |
| 614 | { | ||
| 393 | value>>=8; | 615 | value>>=8; |
| 394 | if (value == SSL3_AL_WARNING) | 616 | if (value == SSL3_AL_WARNING) |
| 395 | return("warning"); | 617 | return("warning"); |
| @@ -397,10 +619,11 @@ const char *SSL_alert_type_string_long(int value) | |||
| 397 | return("fatal"); | 619 | return("fatal"); |
| 398 | else | 620 | else |
| 399 | return("unknown"); | 621 | return("unknown"); |
| 400 | } | 622 | } |
| 401 | 623 | ||
| 402 | const char *SSL_alert_type_string(int value) | 624 | const char |
| 403 | { | 625 | *SSL_alert_type_string(int value) |
| 626 | { | ||
| 404 | value>>=8; | 627 | value>>=8; |
| 405 | if (value == SSL3_AL_WARNING) | 628 | if (value == SSL3_AL_WARNING) |
| 406 | return("W"); | 629 | return("W"); |
| @@ -408,55 +631,86 @@ const char *SSL_alert_type_string(int value) | |||
| 408 | return("F"); | 631 | return("F"); |
| 409 | else | 632 | else |
| 410 | return("U"); | 633 | return("U"); |
| 411 | } | 634 | } |
| 412 | 635 | ||
| 413 | const char *SSL_alert_desc_string(int value) | 636 | const char |
| 414 | { | 637 | *SSL_alert_desc_string(int value) |
| 638 | { | ||
| 415 | const char *str; | 639 | const char *str; |
| 416 | 640 | ||
| 417 | switch (value & 0xff) | 641 | switch (value & 0xff) { |
| 418 | { | 642 | case SSL3_AD_CLOSE_NOTIFY: |
| 419 | case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; | 643 | str="CN"; break; |
| 420 | case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; | 644 | case SSL3_AD_UNEXPECTED_MESSAGE: |
| 421 | case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; | 645 | str="UM"; break; |
| 422 | case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; | 646 | case SSL3_AD_BAD_RECORD_MAC: |
| 423 | case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; | 647 | str="BM"; break; |
| 424 | case SSL3_AD_NO_CERTIFICATE: str="NC"; break; | 648 | case SSL3_AD_DECOMPRESSION_FAILURE: |
| 425 | case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; | 649 | str="DF"; break; |
| 426 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; | 650 | case SSL3_AD_HANDSHAKE_FAILURE: |
| 427 | case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; | 651 | str="HF"; break; |
| 428 | case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; | 652 | case SSL3_AD_NO_CERTIFICATE: |
| 429 | case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; | 653 | str="NC"; break; |
| 430 | case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; | 654 | case SSL3_AD_BAD_CERTIFICATE: |
| 431 | case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; | 655 | str="BC"; break; |
| 432 | case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; | 656 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: |
| 433 | case TLS1_AD_UNKNOWN_CA: str="CA"; break; | 657 | str="UC"; break; |
| 434 | case TLS1_AD_ACCESS_DENIED: str="AD"; break; | 658 | case SSL3_AD_CERTIFICATE_REVOKED: |
| 435 | case TLS1_AD_DECODE_ERROR: str="DE"; break; | 659 | str="CR"; break; |
| 436 | case TLS1_AD_DECRYPT_ERROR: str="CY"; break; | 660 | case SSL3_AD_CERTIFICATE_EXPIRED: |
| 437 | case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; | 661 | str="CE"; break; |
| 438 | case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; | 662 | case SSL3_AD_CERTIFICATE_UNKNOWN: |
| 439 | case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; | 663 | str="CU"; break; |
| 440 | case TLS1_AD_INTERNAL_ERROR: str="IE"; break; | 664 | case SSL3_AD_ILLEGAL_PARAMETER: |
| 441 | case TLS1_AD_USER_CANCELLED: str="US"; break; | 665 | str="IP"; break; |
| 442 | case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; | 666 | case TLS1_AD_DECRYPTION_FAILED: |
| 443 | case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; | 667 | str="DC"; break; |
| 444 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; | 668 | case TLS1_AD_RECORD_OVERFLOW: |
| 445 | case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; | 669 | str="RO"; break; |
| 446 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; | 670 | case TLS1_AD_UNKNOWN_CA: |
| 447 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; | 671 | str="CA"; break; |
| 448 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; | 672 | case TLS1_AD_ACCESS_DENIED: |
| 449 | default: str="UK"; break; | 673 | str="AD"; break; |
| 450 | } | 674 | case TLS1_AD_DECODE_ERROR: |
| 451 | return(str); | 675 | str="DE"; break; |
| 676 | case TLS1_AD_DECRYPT_ERROR: | ||
| 677 | str="CY"; break; | ||
| 678 | case TLS1_AD_EXPORT_RESTRICTION: | ||
| 679 | str="ER"; break; | ||
| 680 | case TLS1_AD_PROTOCOL_VERSION: | ||
| 681 | str="PV"; break; | ||
| 682 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
| 683 | str="IS"; break; | ||
| 684 | case TLS1_AD_INTERNAL_ERROR: | ||
| 685 | str="IE"; break; | ||
| 686 | case TLS1_AD_USER_CANCELLED: | ||
| 687 | str="US"; break; | ||
| 688 | case TLS1_AD_NO_RENEGOTIATION: | ||
| 689 | str="NR"; break; | ||
| 690 | case TLS1_AD_UNSUPPORTED_EXTENSION: | ||
| 691 | str="UE"; break; | ||
| 692 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: | ||
| 693 | str="CO"; break; | ||
| 694 | case TLS1_AD_UNRECOGNIZED_NAME: | ||
| 695 | str="UN"; break; | ||
| 696 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
| 697 | str="BR"; break; | ||
| 698 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
| 699 | str="BH"; break; | ||
| 700 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | ||
| 701 | str="UP"; break; | ||
| 702 | default: | ||
| 703 | str="UK"; break; | ||
| 452 | } | 704 | } |
| 705 | return (str); | ||
| 706 | } | ||
| 453 | 707 | ||
| 454 | const char *SSL_alert_desc_string_long(int value) | 708 | const char |
| 455 | { | 709 | *SSL_alert_desc_string_long(int value) |
| 710 | { | ||
| 456 | const char *str; | 711 | const char *str; |
| 457 | 712 | ||
| 458 | switch (value & 0xff) | 713 | switch (value & 0xff) { |
| 459 | { | ||
| 460 | case SSL3_AD_CLOSE_NOTIFY: | 714 | case SSL3_AD_CLOSE_NOTIFY: |
| 461 | str="close notify"; | 715 | str="close notify"; |
| 462 | break; | 716 | break; |
| @@ -547,21 +801,26 @@ const char *SSL_alert_desc_string_long(int value) | |||
| 547 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | 801 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: |
| 548 | str="unknown PSK identity"; | 802 | str="unknown PSK identity"; |
| 549 | break; | 803 | break; |
| 550 | default: str="unknown"; break; | 804 | default: |
| 551 | } | 805 | str="unknown"; break; |
| 552 | return(str); | ||
| 553 | } | 806 | } |
| 807 | return (str); | ||
| 808 | } | ||
| 554 | 809 | ||
| 555 | const char *SSL_rstate_string(const SSL *s) | 810 | const char |
| 556 | { | 811 | *SSL_rstate_string(const SSL *s) |
| 812 | { | ||
| 557 | const char *str; | 813 | const char *str; |
| 558 | 814 | ||
| 559 | switch (s->rstate) | 815 | switch (s->rstate) { |
| 560 | { | 816 | case SSL_ST_READ_HEADER: |
| 561 | case SSL_ST_READ_HEADER:str="RH"; break; | 817 | str="RH"; break; |
| 562 | case SSL_ST_READ_BODY: str="RB"; break; | 818 | case SSL_ST_READ_BODY: |
| 563 | case SSL_ST_READ_DONE: str="RD"; break; | 819 | str="RB"; break; |
| 564 | default: str="unknown"; break; | 820 | case SSL_ST_READ_DONE: |
| 565 | } | 821 | str="RD"; break; |
| 566 | return(str); | 822 | default: |
| 823 | str="unknown"; break; | ||
| 567 | } | 824 | } |
| 825 | return (str); | ||
| 826 | } | ||
diff --git a/src/lib/libssl/src/ssl/ssl_task.c b/src/lib/libssl/src/ssl/ssl_task.c index 366204f097..25d20b06a0 100644 --- a/src/lib/libssl/src/ssl/ssl_task.c +++ b/src/lib/libssl/src/ssl/ssl_task.c | |||
| @@ -134,24 +134,28 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER(); | |||
| 134 | #include <openssl/ssl.h> | 134 | #include <openssl/ssl.h> |
| 135 | #include <openssl/err.h> | 135 | #include <openssl/err.h> |
| 136 | 136 | ||
| 137 | int verify_callback(int ok, X509 *xs, X509 *xi, int depth, | 137 | int |
| 138 | int error); | 138 | verify_callback(int ok, X509 *xs, X509 *xi, int depth, |
| 139 | BIO *bio_err=NULL; | 139 | int error); |
| 140 | BIO *bio_stdout=NULL; | 140 | BIO *bio_err = NULL; |
| 141 | BIO *bio_stdout = NULL; | ||
| 141 | BIO_METHOD *BIO_s_rtcp(); | 142 | BIO_METHOD *BIO_s_rtcp(); |
| 142 | 143 | ||
| 143 | static char *cipher=NULL; | 144 | static char *cipher = NULL; |
| 144 | int verbose=1; | 145 | int verbose = 1; |
| 145 | #ifdef FIONBIO | 146 | #ifdef FIONBIO |
| 146 | static int s_nbio=0; | 147 | static int s_nbio = 0; |
| 147 | #endif | 148 | #endif |
| 148 | #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" | 149 | #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE" |
| 149 | /*************************************************************************/ | 150 | /*************************************************************************/ |
| 150 | struct rpc_msg { /* Should have member alignment inhibited */ | 151 | struct rpc_msg { /* Should have member alignment inhibited */ |
| 151 | char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ | 152 | char channel; |
| 152 | char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ | 153 | /* 'A'-app data. 'R'-remote client 'G'-global */ |
| 153 | unsigned short int length; /* Amount of data returned or max to return */ | 154 | char function; |
| 154 | char data[4092]; /* variable data */ | 155 | /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ |
| 156 | unsigned short int length; /* Amount of data returned or max to return */ | ||
| 157 | char data[4092]; | ||
| 158 | /* variable data */ | ||
| 155 | }; | 159 | }; |
| 156 | #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) | 160 | #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) |
| 157 | 161 | ||
| @@ -159,9 +163,9 @@ static $DESCRIPTOR(sysnet, "SYS$NET"); | |||
| 159 | typedef unsigned short io_channel; | 163 | typedef unsigned short io_channel; |
| 160 | 164 | ||
| 161 | struct io_status { | 165 | struct io_status { |
| 162 | unsigned short status; | 166 | unsigned short status; |
| 163 | unsigned short count; | 167 | unsigned short count; |
| 164 | unsigned long stsval; | 168 | unsigned long stsval; |
| 165 | }; | 169 | }; |
| 166 | int doit(io_channel chan, SSL_CTX *s_ctx ); | 170 | int doit(io_channel chan, SSL_CTX *s_ctx ); |
| 167 | /*****************************************************************************/ | 171 | /*****************************************************************************/ |
| @@ -169,63 +173,66 @@ int doit(io_channel chan, SSL_CTX *s_ctx ); | |||
| 169 | */ | 173 | */ |
| 170 | static int get ( io_channel chan, char *buffer, int maxlen, int *length ) | 174 | static int get ( io_channel chan, char *buffer, int maxlen, int *length ) |
| 171 | { | 175 | { |
| 172 | int status; | 176 | int status; |
| 173 | struct io_status iosb; | 177 | struct io_status iosb; |
| 174 | status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0, | 178 | status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0, |
| 175 | buffer, maxlen, 0, 0, 0, 0 ); | 179 | buffer, maxlen, 0, 0, 0, 0 ); |
| 176 | if ( (status&1) == 1 ) status = iosb.status; | 180 | if ((status&1) |
| 177 | if ( (status&1) == 1 ) *length = iosb.count; | 181 | == 1 ) status = iosb.status; |
| 178 | return status; | 182 | if ((status&1) |
| 183 | == 1 ) *length = iosb.count; | ||
| 184 | return status; | ||
| 179 | } | 185 | } |
| 180 | 186 | ||
| 181 | static int put ( io_channel chan, char *buffer, int length ) | 187 | static int put ( io_channel chan, char *buffer, int length ) |
| 182 | { | 188 | { |
| 183 | int status; | 189 | int status; |
| 184 | struct io_status iosb; | 190 | struct io_status iosb; |
| 185 | status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, | 191 | status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, |
| 186 | buffer, length, 0, 0, 0, 0 ); | 192 | buffer, length, 0, 0, 0, 0 ); |
| 187 | if ( (status&1) == 1 ) status = iosb.status; | 193 | if ((status&1) |
| 188 | return status; | 194 | == 1 ) status = iosb.status; |
| 195 | return status; | ||
| 189 | } | 196 | } |
| 190 | /***************************************************************************/ | 197 | /***************************************************************************/ |
| 191 | /* Handle operations on the 'G' channel. | 198 | /* Handle operations on the 'G' channel. |
| 192 | */ | 199 | */ |
| 193 | static int general_request ( io_channel chan, struct rpc_msg *msg, int length ) | 200 | static int general_request ( io_channel chan, struct rpc_msg *msg, int length ) { |
| 194 | { | 201 | return 48; |
| 195 | return 48; | ||
| 196 | } | 202 | } |
| 197 | /***************************************************************************/ | 203 | /***************************************************************************/ |
| 198 | int main ( int argc, char **argv ) | 204 | int main ( int argc, char **argv ) |
| 199 | { | 205 | { |
| 200 | int status, length; | 206 | int status, length; |
| 201 | io_channel chan; | 207 | io_channel chan; |
| 202 | struct rpc_msg msg; | 208 | struct rpc_msg msg; |
| 203 | 209 | ||
| 204 | char *CApath=NULL,*CAfile=NULL; | 210 | char *CApath = NULL, *CAfile = NULL; |
| 205 | int badop=0; | 211 | int badop = 0; |
| 206 | int ret=1; | 212 | int ret = 1; |
| 207 | int client_auth=0; | 213 | int client_auth = 0; |
| 208 | int server_auth=0; | 214 | int server_auth = 0; |
| 209 | SSL_CTX *s_ctx=NULL; | 215 | SSL_CTX *s_ctx = NULL; |
| 210 | /* | 216 | /* |
| 211 | * Confirm logical link with initiating client. | 217 | * Confirm logical link with initiating client. |
| 212 | */ | 218 | */ |
| 213 | LIB$INIT_TIMER(); | 219 | LIB$INIT_TIMER(); |
| 214 | status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 ); | 220 | status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 ); |
| 215 | printf("status of assign to SYS$NET: %d\n", status ); | 221 | printf("status of assign to SYS$NET: %d\n", status ); |
| 216 | /* | 222 | /* |
| 217 | * Initialize standard out and error files. | 223 | * Initialize standard out and error files. |
| 218 | */ | 224 | */ |
| 219 | if (bio_err == NULL) | 225 | if (bio_err == NULL) |
| 220 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | 226 | if ((bio_err = BIO_new(BIO_s_file())) != NULL) |
| 221 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); | 227 | BIO_set_fp(bio_err, stderr, BIO_NOCLOSE); |
| 222 | if (bio_stdout == NULL) | 228 | if (bio_stdout == NULL) |
| 223 | if ((bio_stdout=BIO_new(BIO_s_file())) != NULL) | 229 | if ((bio_stdout = BIO_new(BIO_s_file())) != NULL) |
| 224 | BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE); | 230 | BIO_set_fp(bio_stdout, stdout, BIO_NOCLOSE); |
| 225 | /* | 231 | /* |
| 226 | * get the preferred cipher list and other initialization | 232 | * get the preferred cipher list and other initialization |
| 227 | */ | 233 | */ |
| 228 | if (cipher == NULL) cipher=getenv("SSL_CIPHER"); | 234 | if (cipher == NULL) |
| 235 | cipher = getenv("SSL_CIPHER"); | ||
| 229 | printf("cipher list: %s\n", cipher ? cipher : "{undefined}" ); | 236 | printf("cipher list: %s\n", cipher ? cipher : "{undefined}" ); |
| 230 | 237 | ||
| 231 | SSL_load_error_strings(); | 238 | SSL_load_error_strings(); |
| @@ -234,48 +241,53 @@ int main ( int argc, char **argv ) | |||
| 234 | /* DRM, this was the original, but there is no such thing as SSLv2() | 241 | /* DRM, this was the original, but there is no such thing as SSLv2() |
| 235 | s_ctx=SSL_CTX_new(SSLv2()); | 242 | s_ctx=SSL_CTX_new(SSLv2()); |
| 236 | */ | 243 | */ |
| 237 | s_ctx=SSL_CTX_new(SSLv2_server_method()); | 244 | s_ctx = SSL_CTX_new(SSLv2_server_method()); |
| 238 | 245 | ||
| 239 | if (s_ctx == NULL) goto end; | 246 | if (s_ctx == NULL) |
| 247 | goto end; | ||
| 240 | 248 | ||
| 241 | SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); | 249 | SSL_CTX_use_certificate_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM); |
| 242 | SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM); | 250 | SSL_CTX_use_RSAPrivateKey_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM); |
| 243 | printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT ); | 251 | printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT ); |
| 244 | 252 | ||
| 245 | /* | 253 | /* |
| 246 | * Take commands from client until bad status. | 254 | * Take commands from client until bad status. |
| 247 | */ | 255 | */ |
| 248 | LIB$SHOW_TIMER(); | 256 | LIB$SHOW_TIMER(); |
| 249 | status = doit ( chan, s_ctx ); | 257 | status = doit ( chan, s_ctx ); |
| 250 | LIB$SHOW_TIMER(); | 258 | LIB$SHOW_TIMER(); |
| 251 | /* | 259 | /* |
| 252 | * do final cleanup and exit. | 260 | * do final cleanup and exit. |
| 253 | */ | 261 | */ |
| 254 | end: | 262 | end: |
| 255 | if (s_ctx != NULL) SSL_CTX_free(s_ctx); | 263 | if (s_ctx != NULL) |
| 256 | LIB$SHOW_TIMER(); | 264 | SSL_CTX_free(s_ctx); |
| 257 | return 1; | 265 | LIB$SHOW_TIMER(); |
| 266 | return 1; | ||
| 258 | } | 267 | } |
| 259 | 268 | ||
| 260 | int doit(io_channel chan, SSL_CTX *s_ctx ) | 269 | int |
| 270 | doit(io_channel chan, SSL_CTX *s_ctx ) | ||
| 261 | { | 271 | { |
| 262 | int status, length, link_state; | 272 | int status, length, link_state; |
| 263 | struct rpc_msg msg; | 273 | struct rpc_msg msg; |
| 264 | 274 | ||
| 265 | SSL *s_ssl=NULL; | 275 | SSL *s_ssl = NULL; |
| 266 | BIO *c_to_s=NULL; | 276 | BIO *c_to_s = NULL; |
| 267 | BIO *s_to_c=NULL; | 277 | BIO *s_to_c = NULL; |
| 268 | BIO *c_bio=NULL; | 278 | BIO *c_bio = NULL; |
| 269 | BIO *s_bio=NULL; | 279 | BIO *s_bio = NULL; |
| 270 | int i; | 280 | int i; |
| 271 | int done=0; | 281 | int done = 0; |
| 272 | 282 | ||
| 273 | s_ssl=SSL_new(s_ctx); | 283 | s_ssl = SSL_new(s_ctx); |
| 274 | if (s_ssl == NULL) goto err; | 284 | if (s_ssl == NULL) |
| 285 | goto err; | ||
| 275 | 286 | ||
| 276 | c_to_s=BIO_new(BIO_s_rtcp()); | 287 | c_to_s = BIO_new(BIO_s_rtcp()); |
| 277 | s_to_c=BIO_new(BIO_s_rtcp()); | 288 | s_to_c = BIO_new(BIO_s_rtcp()); |
| 278 | if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; | 289 | if ((s_to_c == NULL) |
| 290 | || (c_to_s == NULL)) goto err; | ||
| 279 | /* original, DRM 24-SEP-1997 | 291 | /* original, DRM 24-SEP-1997 |
| 280 | BIO_set_fd ( c_to_s, "", chan ); | 292 | BIO_set_fd ( c_to_s, "", chan ); |
| 281 | BIO_set_fd ( s_to_c, "", chan ); | 293 | BIO_set_fd ( s_to_c, "", chan ); |
| @@ -283,13 +295,14 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) | |||
| 283 | BIO_set_fd ( c_to_s, 0, chan ); | 295 | BIO_set_fd ( c_to_s, 0, chan ); |
| 284 | BIO_set_fd ( s_to_c, 0, chan ); | 296 | BIO_set_fd ( s_to_c, 0, chan ); |
| 285 | 297 | ||
| 286 | c_bio=BIO_new(BIO_f_ssl()); | 298 | c_bio = BIO_new(BIO_f_ssl()); |
| 287 | s_bio=BIO_new(BIO_f_ssl()); | 299 | s_bio = BIO_new(BIO_f_ssl()); |
| 288 | if ((c_bio == NULL) || (s_bio == NULL)) goto err; | 300 | if ((c_bio == NULL) |
| 301 | || (s_bio == NULL)) goto err; | ||
| 289 | 302 | ||
| 290 | SSL_set_accept_state(s_ssl); | 303 | SSL_set_accept_state(s_ssl); |
| 291 | SSL_set_bio(s_ssl,c_to_s,s_to_c); | 304 | SSL_set_bio(s_ssl, c_to_s, s_to_c); |
| 292 | BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE); | 305 | BIO_set_ssl(s_bio, s_ssl, BIO_CLOSE); |
| 293 | 306 | ||
| 294 | /* We can always do writes */ | 307 | /* We can always do writes */ |
| 295 | printf("Begin doit main loop\n"); | 308 | printf("Begin doit main loop\n"); |
| @@ -300,59 +313,65 @@ int doit(io_channel chan, SSL_CTX *s_ctx ) | |||
| 300 | /* | 313 | /* |
| 301 | * Wait for remote end to request data action on A channel. | 314 | * Wait for remote end to request data action on A channel. |
| 302 | */ | 315 | */ |
| 303 | while ( link_state == 0 ) { | 316 | while (link_state == 0 ) { |
| 304 | status = get ( chan, (char *) &msg, sizeof(msg), &length ); | 317 | status = get ( chan, (char *) &msg, sizeof(msg), &length ); |
| 305 | if ( (status&1) == 0 ) { | 318 | if ((status&1) == 0 ) { |
| 306 | printf("Error in main loop get: %d\n", status ); | 319 | printf("Error in main loop get: %d\n", status ); |
| 307 | link_state = 3; | 320 | link_state = 3; |
| 308 | break; | 321 | break; |
| 309 | } | 322 | } |
| 310 | if ( length < RPC_HDR_SIZE ) { | 323 | if (length < RPC_HDR_SIZE ) { |
| 311 | printf("Error in main loop get size: %d\n", length ); | 324 | printf("Error in main loop get size: %d\n", length ); |
| 312 | break; | 325 | break; |
| 313 | link_state = 3; | 326 | link_state = 3; |
| 314 | } | 327 | } |
| 315 | if ( msg.channel != 'A' ) { | 328 | if (msg.channel != 'A' ) { |
| 316 | printf("Error in main loop, unexpected channel: %c\n", | 329 | printf("Error in main loop, unexpected channel: %c\n", |
| 317 | msg.channel ); | 330 | msg.channel ); |
| 318 | break; | 331 | break; |
| 319 | link_state = 3; | 332 | link_state = 3; |
| 320 | } | 333 | } |
| 321 | if ( msg.function == 'G' ) { | 334 | if (msg.function == 'G' ) { |
| 322 | link_state = 1; | 335 | link_state = 1; |
| 323 | } else if ( msg.function == 'P' ) { | 336 | } else if (msg.function == 'P' ) { |
| 324 | link_state = 2; /* write pending */ | 337 | link_state = 2; /* write pending */ |
| 325 | } else if ( msg.function == 'X' ) { | 338 | } else if (msg.function == 'X' ) { |
| 326 | link_state = 3; | 339 | link_state = 3; |
| 327 | } else { | 340 | } else { |
| 328 | link_state = 3; | 341 | link_state = 3; |
| 329 | } | 342 | } |
| 330 | } | ||
| 331 | if ( link_state == 1 ) { | ||
| 332 | i = BIO_read ( s_bio, msg.data, msg.length ); | ||
| 333 | if ( i < 0 ) link_state = 3; | ||
| 334 | else { | ||
| 335 | msg.channel = 'A'; | ||
| 336 | msg.function = 'C'; /* confirm */ | ||
| 337 | msg.length = i; | ||
| 338 | status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE ); | ||
| 339 | if ( (status&1) == 0 ) break; | ||
| 340 | link_state = 0; | ||
| 341 | } | 343 | } |
| 342 | } else if ( link_state == 2 ) { | 344 | if (link_state == 1 ) { |
| 343 | i = BIO_write ( s_bio, msg.data, msg.length ); | 345 | i = BIO_read ( s_bio, msg.data, msg.length ); |
| 344 | if ( i < 0 ) link_state = 3; | 346 | if (i < 0 ) |
| 345 | else { | 347 | link_state = 3; |
| 346 | msg.channel = 'A'; | 348 | else { |
| 347 | msg.function = 'C'; /* confirm */ | 349 | msg.channel = 'A'; |
| 348 | msg.length = 0; | 350 | msg.function = 'C'; |
| 349 | status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); | 351 | /* confirm */ |
| 350 | if ( (status&1) == 0 ) break; | 352 | msg.length = i; |
| 351 | link_state = 0; | 353 | status = put ( chan, (char *) &msg, i + RPC_HDR_SIZE ); |
| 354 | if ((status&1) | ||
| 355 | == 0 ) break; | ||
| 356 | link_state = 0; | ||
| 357 | } | ||
| 358 | } else if (link_state == 2 ) { | ||
| 359 | i = BIO_write ( s_bio, msg.data, msg.length ); | ||
| 360 | if (i < 0 ) | ||
| 361 | link_state = 3; | ||
| 362 | else { | ||
| 363 | msg.channel = 'A'; | ||
| 364 | msg.function = 'C'; | ||
| 365 | /* confirm */ | ||
| 366 | msg.length = 0; | ||
| 367 | status = put ( chan, (char *) &msg, RPC_HDR_SIZE ); | ||
| 368 | if ((status&1) | ||
| 369 | == 0 ) break; | ||
| 370 | link_state = 0; | ||
| 371 | } | ||
| 352 | } | 372 | } |
| 353 | } | ||
| 354 | } | 373 | } |
| 355 | fprintf(stdout,"DONE\n"); | 374 | fprintf(stdout, "DONE\n"); |
| 356 | err: | 375 | err: |
| 357 | /* We have to set the BIO's to NULL otherwise they will be | 376 | /* We have to set the BIO's to NULL otherwise they will be |
| 358 | * free()ed twice. Once when th s_ssl is SSL_free()ed and | 377 | * free()ed twice. Once when th s_ssl is SSL_free()ed and |
| @@ -361,12 +380,16 @@ err: | |||
| 361 | * BIO structure and SSL_set_bio() and SSL_free() automatically | 380 | * BIO structure and SSL_set_bio() and SSL_free() automatically |
| 362 | * BIO_free non NULL entries. | 381 | * BIO_free non NULL entries. |
| 363 | * You should not normally do this or be required to do this */ | 382 | * You should not normally do this or be required to do this */ |
| 364 | s_ssl->rbio=NULL; | 383 | s_ssl->rbio = NULL; |
| 365 | s_ssl->wbio=NULL; | 384 | s_ssl->wbio = NULL; |
| 366 | 385 | ||
| 367 | if (c_to_s != NULL) BIO_free(c_to_s); | 386 | if (c_to_s != NULL) |
| 368 | if (s_to_c != NULL) BIO_free(s_to_c); | 387 | BIO_free(c_to_s); |
| 369 | if (c_bio != NULL) BIO_free(c_bio); | 388 | if (s_to_c != NULL) |
| 370 | if (s_bio != NULL) BIO_free(s_bio); | 389 | BIO_free(s_to_c); |
| 371 | return(0); | 390 | if (c_bio != NULL) |
| 391 | BIO_free(c_bio); | ||
| 392 | if (s_bio != NULL) | ||
| 393 | BIO_free(s_bio); | ||
| 394 | return (0); | ||
| 372 | } | 395 | } |
diff --git a/src/lib/libssl/src/ssl/ssl_txt.c b/src/lib/libssl/src/ssl/ssl_txt.c index 6479d52c0c..5186e396ec 100644 --- a/src/lib/libssl/src/ssl/ssl_txt.c +++ b/src/lib/libssl/src/ssl/ssl_txt.c | |||
| @@ -87,30 +87,33 @@ | |||
| 87 | #include "ssl_locl.h" | 87 | #include "ssl_locl.h" |
| 88 | 88 | ||
| 89 | #ifndef OPENSSL_NO_FP_API | 89 | #ifndef OPENSSL_NO_FP_API |
| 90 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | 90 | int |
| 91 | { | 91 | SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) |
| 92 | { | ||
| 92 | BIO *b; | 93 | BIO *b; |
| 93 | int ret; | 94 | int ret; |
| 94 | 95 | ||
| 95 | if ((b=BIO_new(BIO_s_file_internal())) == NULL) | 96 | if ((b = BIO_new(BIO_s_file_internal())) == NULL) { |
| 96 | { | 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); |
| 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); | 98 | return (0); |
| 98 | return(0); | ||
| 99 | } | ||
| 100 | BIO_set_fp(b,fp,BIO_NOCLOSE); | ||
| 101 | ret=SSL_SESSION_print(b,x); | ||
| 102 | BIO_free(b); | ||
| 103 | return(ret); | ||
| 104 | } | 99 | } |
| 100 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 101 | ret = SSL_SESSION_print(b, x); | ||
| 102 | BIO_free(b); | ||
| 103 | return (ret); | ||
| 104 | } | ||
| 105 | #endif | 105 | #endif |
| 106 | 106 | ||
| 107 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | 107 | int |
| 108 | { | 108 | SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) |
| 109 | { | ||
| 109 | unsigned int i; | 110 | unsigned int i; |
| 110 | const char *s; | 111 | const char *s; |
| 111 | 112 | ||
| 112 | if (x == NULL) goto err; | 113 | if (x == NULL) |
| 113 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | 114 | goto err; |
| 115 | if (BIO_puts(bp, "SSL-Session:\n") | ||
| 116 | <= 0) goto err; | ||
| 114 | if (x->ssl_version == SSL2_VERSION) | 117 | if (x->ssl_version == SSL2_VERSION) |
| 115 | s="SSLv2"; | 118 | s="SSLv2"; |
| 116 | else if (x->ssl_version == SSL3_VERSION) | 119 | else if (x->ssl_version == SSL3_VERSION) |
| @@ -127,122 +130,122 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 127 | s="DTLSv1-bad"; | 130 | s="DTLSv1-bad"; |
| 128 | else | 131 | else |
| 129 | s="unknown"; | 132 | s="unknown"; |
| 130 | if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; | 133 | if (BIO_printf(bp, " Protocol : %s\n", s) |
| 134 | <= 0) goto err; | ||
| 131 | 135 | ||
| 132 | if (x->cipher == NULL) | 136 | if (x->cipher == NULL) { |
| 133 | { | 137 | if (((x->cipher_id) & 0xff000000) == 0x02000000) { |
| 134 | if (((x->cipher_id) & 0xff000000) == 0x02000000) | 138 | if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) |
| 135 | { | ||
| 136 | if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) | ||
| 137 | goto err; | 139 | goto err; |
| 138 | } | 140 | } else { |
| 139 | else | 141 | if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) |
| 140 | { | ||
| 141 | if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) | ||
| 142 | goto err; | 142 | goto err; |
| 143 | } | ||
| 144 | } | 143 | } |
| 145 | else | 144 | } else { |
| 146 | { | 145 | if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) |
| 147 | if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) | ||
| 148 | goto err; | 146 | goto err; |
| 149 | } | 147 | } |
| 150 | if (BIO_puts(bp," Session-ID: ") <= 0) goto err; | 148 | if (BIO_puts(bp, " Session-ID: ") |
| 151 | for (i=0; i<x->session_id_length; i++) | 149 | <= 0) goto err; |
| 152 | { | 150 | for (i = 0; i < x->session_id_length; i++) { |
| 153 | if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; | 151 | if (BIO_printf(bp, "%02X", x->session_id[i]) |
| 154 | } | 152 | <= 0) goto err; |
| 155 | if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; | 153 | } |
| 156 | for (i=0; i<x->sid_ctx_length; i++) | 154 | if (BIO_puts(bp, "\n Session-ID-ctx: ") |
| 157 | { | 155 | <= 0) goto err; |
| 158 | if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) | 156 | for (i = 0; i < x->sid_ctx_length; i++) { |
| 157 | if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) | ||
| 159 | goto err; | 158 | goto err; |
| 160 | } | 159 | } |
| 161 | if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; | 160 | if (BIO_puts(bp, "\n Master-Key: ") |
| 162 | for (i=0; i<(unsigned int)x->master_key_length; i++) | 161 | <= 0) goto err; |
| 163 | { | 162 | for (i = 0; i < (unsigned int)x->master_key_length; i++) { |
| 164 | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | 163 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 165 | } | 164 | <= 0) goto err; |
| 166 | if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | 165 | } |
| 167 | if (x->key_arg_length == 0) | 166 | if (BIO_puts(bp, "\n Key-Arg : ") |
| 168 | { | 167 | <= 0) goto err; |
| 169 | if (BIO_puts(bp,"None") <= 0) goto err; | 168 | if (x->key_arg_length == 0) { |
| 170 | } | 169 | if (BIO_puts(bp, "None") |
| 171 | else | 170 | <= 0) goto err; |
| 172 | for (i=0; i<x->key_arg_length; i++) | 171 | } else |
| 173 | { | 172 | for (i = 0; i < x->key_arg_length; i++) { |
| 174 | if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | 173 | if (BIO_printf(bp, "%02X", x->key_arg[i]) |
| 175 | } | 174 | <= 0) goto err; |
| 175 | } | ||
| 176 | #ifndef OPENSSL_NO_KRB5 | 176 | #ifndef OPENSSL_NO_KRB5 |
| 177 | if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; | 177 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 178 | if (x->krb5_client_princ_len == 0) | 178 | <= 0) goto err; |
| 179 | { | 179 | if (x->krb5_client_princ_len == 0) { |
| 180 | if (BIO_puts(bp,"None") <= 0) goto err; | 180 | if (BIO_puts(bp, "None") |
| 181 | } | 181 | <= 0) goto err; |
| 182 | else | 182 | } else |
| 183 | for (i=0; i<x->krb5_client_princ_len; i++) | 183 | for (i = 0; i < x->krb5_client_princ_len; i++) { |
| 184 | { | 184 | if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) |
| 185 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | 185 | <= 0) goto err; |
| 186 | } | 186 | } |
| 187 | #endif /* OPENSSL_NO_KRB5 */ | 187 | #endif /* OPENSSL_NO_KRB5 */ |
| 188 | #ifndef OPENSSL_NO_PSK | 188 | #ifndef OPENSSL_NO_PSK |
| 189 | if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | 189 | if (BIO_puts(bp, "\n PSK identity: ") |
| 190 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | 190 | <= 0) goto err; |
| 191 | if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | 191 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") |
| 192 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; | 192 | <= 0) goto err; |
| 193 | if (BIO_puts(bp, "\n PSK identity hint: ") | ||
| 194 | <= 0) goto err; | ||
| 195 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") | ||
| 196 | <= 0) goto err; | ||
| 193 | #endif | 197 | #endif |
| 194 | #ifndef OPENSSL_NO_SRP | 198 | #ifndef OPENSSL_NO_SRP |
| 195 | if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err; | 199 | if (BIO_puts(bp, "\n SRP username: ") |
| 196 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; | 200 | <= 0) goto err; |
| 201 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") | ||
| 202 | <= 0) goto err; | ||
| 197 | #endif | 203 | #endif |
| 198 | #ifndef OPENSSL_NO_TLSEXT | 204 | #ifndef OPENSSL_NO_TLSEXT |
| 199 | if (x->tlsext_tick_lifetime_hint) | 205 | if (x->tlsext_tick_lifetime_hint) { |
| 200 | { | ||
| 201 | if (BIO_printf(bp, | 206 | if (BIO_printf(bp, |
| 202 | "\n TLS session ticket lifetime hint: %ld (seconds)", | 207 | "\n TLS session ticket lifetime hint: %ld (seconds)", |
| 203 | x->tlsext_tick_lifetime_hint) <=0) | 208 | x->tlsext_tick_lifetime_hint) <=0) |
| 204 | goto err; | 209 | goto err; |
| 205 | } | 210 | } |
| 206 | if (x->tlsext_tick) | 211 | if (x->tlsext_tick) { |
| 207 | { | 212 | if (BIO_puts(bp, "\n TLS session ticket:\n") |
| 208 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; | 213 | <= 0) goto err; |
| 209 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | 214 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) |
| 210 | goto err; | 215 | goto err; |
| 211 | } | 216 | } |
| 212 | #endif | 217 | #endif |
| 213 | 218 | ||
| 214 | #ifndef OPENSSL_NO_COMP | 219 | #ifndef OPENSSL_NO_COMP |
| 215 | if (x->compress_meth != 0) | 220 | if (x->compress_meth != 0) { |
| 216 | { | ||
| 217 | SSL_COMP *comp = NULL; | 221 | SSL_COMP *comp = NULL; |
| 218 | 222 | ||
| 219 | ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); | 223 | ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp); |
| 220 | if (comp == NULL) | 224 | if (comp == NULL) { |
| 221 | { | 225 | if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) |
| 222 | if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; | 226 | <= 0) goto err; |
| 227 | } else { | ||
| 228 | if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0) goto err; | ||
| 223 | } | 229 | } |
| 224 | else | 230 | } |
| 225 | { | ||
| 226 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | ||
| 227 | } | ||
| 228 | } | ||
| 229 | #endif | 231 | #endif |
| 230 | if (x->time != 0L) | 232 | if (x->time != 0L) { |
| 231 | { | 233 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) |
| 232 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; | 234 | <= 0) goto err; |
| 233 | } | 235 | } |
| 234 | if (x->timeout != 0L) | 236 | if (x->timeout != 0L) { |
| 235 | { | 237 | if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; |
| 236 | if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; | ||
| 237 | } | 238 | } |
| 238 | if (BIO_puts(bp,"\n") <= 0) goto err; | 239 | if (BIO_puts(bp, "\n") |
| 240 | <= 0) goto err; | ||
| 239 | 241 | ||
| 240 | if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; | 242 | if (BIO_puts(bp, " Verify return code: ") |
| 243 | <= 0) goto err; | ||
| 241 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, | 244 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, |
| 242 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; | 245 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; |
| 243 | 246 | ||
| 244 | return(1); | 247 | return (1); |
| 245 | err: | 248 | err: |
| 246 | return(0); | 249 | return (0); |
| 247 | } | 250 | } |
| 248 | 251 | ||
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 9c34d19725..76644bda91 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c | |||
| @@ -61,8 +61,9 @@ | |||
| 61 | #include <openssl/lhash.h> | 61 | #include <openssl/lhash.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | 63 | ||
| 64 | int SSL_library_init(void) | 64 | int |
| 65 | { | 65 | SSL_library_init(void) |
| 66 | { | ||
| 66 | 67 | ||
| 67 | #ifndef OPENSSL_NO_DES | 68 | #ifndef OPENSSL_NO_DES |
| 68 | EVP_add_cipher(EVP_des_cbc()); | 69 | EVP_add_cipher(EVP_des_cbc()); |
| @@ -104,16 +105,16 @@ int SSL_library_init(void) | |||
| 104 | #ifndef OPENSSL_NO_SEED | 105 | #ifndef OPENSSL_NO_SEED |
| 105 | EVP_add_cipher(EVP_seed_cbc()); | 106 | EVP_add_cipher(EVP_seed_cbc()); |
| 106 | #endif | 107 | #endif |
| 107 | 108 | ||
| 108 | #ifndef OPENSSL_NO_MD5 | 109 | #ifndef OPENSSL_NO_MD5 |
| 109 | EVP_add_digest(EVP_md5()); | 110 | EVP_add_digest(EVP_md5()); |
| 110 | EVP_add_digest_alias(SN_md5,"ssl2-md5"); | 111 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); |
| 111 | EVP_add_digest_alias(SN_md5,"ssl3-md5"); | 112 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); |
| 112 | #endif | 113 | #endif |
| 113 | #ifndef OPENSSL_NO_SHA | 114 | #ifndef OPENSSL_NO_SHA |
| 114 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | 115 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ |
| 115 | EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); | 116 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); |
| 116 | EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | 117 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); |
| 117 | #endif | 118 | #endif |
| 118 | #ifndef OPENSSL_NO_SHA256 | 119 | #ifndef OPENSSL_NO_SHA256 |
| 119 | EVP_add_digest(EVP_sha224()); | 120 | EVP_add_digest(EVP_sha224()); |
| @@ -125,9 +126,9 @@ int SSL_library_init(void) | |||
| 125 | #endif | 126 | #endif |
| 126 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) | 127 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) |
| 127 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | 128 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ |
| 128 | EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | 129 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); |
| 129 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | 130 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); |
| 130 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | 131 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); |
| 131 | #endif | 132 | #endif |
| 132 | #ifndef OPENSSL_NO_ECDSA | 133 | #ifndef OPENSSL_NO_ECDSA |
| 133 | EVP_add_digest(EVP_ecdsa()); | 134 | EVP_add_digest(EVP_ecdsa()); |
| @@ -145,6 +146,6 @@ int SSL_library_init(void) | |||
| 145 | #endif | 146 | #endif |
| 146 | /* initialize cipher/digest methods table */ | 147 | /* initialize cipher/digest methods table */ |
| 147 | ssl_load_ciphers(); | 148 | ssl_load_ciphers(); |
| 148 | return(1); | 149 | return (1); |
| 149 | } | 150 | } |
| 150 | 151 | ||
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 38540be1e5..51668db785 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -89,8 +89,7 @@ | |||
| 89 | #include <openssl/objects.h> | 89 | #include <openssl/objects.h> |
| 90 | #include <openssl/x509.h> | 90 | #include <openssl/x509.h> |
| 91 | 91 | ||
| 92 | typedef struct ssl_session_asn1_st | 92 | typedef struct ssl_session_asn1_st { |
| 93 | { | ||
| 94 | ASN1_INTEGER version; | 93 | ASN1_INTEGER version; |
| 95 | ASN1_INTEGER ssl_version; | 94 | ASN1_INTEGER ssl_version; |
| 96 | ASN1_OCTET_STRING cipher; | 95 | ASN1_OCTET_STRING cipher; |
| @@ -100,7 +99,7 @@ typedef struct ssl_session_asn1_st | |||
| 100 | ASN1_OCTET_STRING session_id_context; | 99 | ASN1_OCTET_STRING session_id_context; |
| 101 | ASN1_OCTET_STRING key_arg; | 100 | ASN1_OCTET_STRING key_arg; |
| 102 | #ifndef OPENSSL_NO_KRB5 | 101 | #ifndef OPENSSL_NO_KRB5 |
| 103 | ASN1_OCTET_STRING krb5_princ; | 102 | ASN1_OCTET_STRING krb5_princ; |
| 104 | #endif /* OPENSSL_NO_KRB5 */ | 103 | #endif /* OPENSSL_NO_KRB5 */ |
| 105 | ASN1_INTEGER time; | 104 | ASN1_INTEGER time; |
| 106 | ASN1_INTEGER timeout; | 105 | ASN1_INTEGER timeout; |
| @@ -117,169 +116,156 @@ typedef struct ssl_session_asn1_st | |||
| 117 | #ifndef OPENSSL_NO_SRP | 116 | #ifndef OPENSSL_NO_SRP |
| 118 | ASN1_OCTET_STRING srp_username; | 117 | ASN1_OCTET_STRING srp_username; |
| 119 | #endif /* OPENSSL_NO_SRP */ | 118 | #endif /* OPENSSL_NO_SRP */ |
| 120 | } SSL_SESSION_ASN1; | 119 | } SSL_SESSION_ASN1; |
| 121 | 120 | ||
| 122 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | 121 | int |
| 123 | { | 122 | i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| 123 | { | ||
| 124 | #define LSIZE2 (sizeof(long)*2) | 124 | #define LSIZE2 (sizeof(long)*2) |
| 125 | int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0; | 125 | int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v7 = 0, v8 = 0; |
| 126 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 126 | unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; |
| 127 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; | 127 | unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; |
| 128 | #ifndef OPENSSL_NO_TLSEXT | 128 | #ifndef OPENSSL_NO_TLSEXT |
| 129 | int v6=0,v9=0,v10=0; | 129 | int v6 = 0, v9 = 0, v10 = 0; |
| 130 | unsigned char ibuf6[LSIZE2]; | 130 | unsigned char ibuf6[LSIZE2]; |
| 131 | #endif | 131 | #endif |
| 132 | #ifndef OPENSSL_NO_COMP | 132 | #ifndef OPENSSL_NO_COMP |
| 133 | unsigned char cbuf; | 133 | unsigned char cbuf; |
| 134 | int v11=0; | 134 | int v11 = 0; |
| 135 | #endif | 135 | #endif |
| 136 | #ifndef OPENSSL_NO_SRP | 136 | #ifndef OPENSSL_NO_SRP |
| 137 | int v12=0; | 137 | int v12 = 0; |
| 138 | #endif | 138 | #endif |
| 139 | long l; | 139 | long l; |
| 140 | SSL_SESSION_ASN1 a; | 140 | SSL_SESSION_ASN1 a; |
| 141 | M_ASN1_I2D_vars(in); | 141 | M_ASN1_I2D_vars(in); |
| 142 | 142 | ||
| 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | 143 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) |
| 144 | return(0); | 144 | return (0); |
| 145 | 145 | ||
| 146 | /* Note that I cheat in the following 2 assignments. I know | 146 | /* Note that I cheat in the following 2 assignments. I know |
| 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set | 147 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set |
| 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. | 148 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. |
| 149 | * This is a bit evil but makes things simple, no dynamic allocation | 149 | * This is a bit evil but makes things simple, no dynamic allocation |
| 150 | * to clean up :-) */ | 150 | * to clean up :-) */ |
| 151 | a.version.length=LSIZE2; | 151 | a.version.length = LSIZE2; |
| 152 | a.version.type=V_ASN1_INTEGER; | 152 | a.version.type = V_ASN1_INTEGER; |
| 153 | a.version.data=ibuf1; | 153 | a.version.data = ibuf1; |
| 154 | ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION); | 154 | ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION); |
| 155 | 155 | ||
| 156 | a.ssl_version.length=LSIZE2; | 156 | a.ssl_version.length = LSIZE2; |
| 157 | a.ssl_version.type=V_ASN1_INTEGER; | 157 | a.ssl_version.type = V_ASN1_INTEGER; |
| 158 | a.ssl_version.data=ibuf2; | 158 | a.ssl_version.data = ibuf2; |
| 159 | ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version); | 159 | ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version); |
| 160 | 160 | ||
| 161 | a.cipher.type=V_ASN1_OCTET_STRING; | 161 | a.cipher.type = V_ASN1_OCTET_STRING; |
| 162 | a.cipher.data=buf; | 162 | a.cipher.data = buf; |
| 163 | 163 | ||
| 164 | if (in->cipher == NULL) | 164 | if (in->cipher == NULL) |
| 165 | l=in->cipher_id; | 165 | l = in->cipher_id; |
| 166 | else | 166 | else |
| 167 | l=in->cipher->id; | 167 | l = in->cipher->id; |
| 168 | if (in->ssl_version == SSL2_VERSION) | 168 | if (in->ssl_version == SSL2_VERSION) { |
| 169 | { | 169 | a.cipher.length = 3; |
| 170 | a.cipher.length=3; | 170 | buf[0] = ((unsigned char)(l >> 16L))&0xff; |
| 171 | buf[0]=((unsigned char)(l>>16L))&0xff; | 171 | buf[1] = ((unsigned char)(l >> 8L))&0xff; |
| 172 | buf[1]=((unsigned char)(l>> 8L))&0xff; | 172 | buf[2] = ((unsigned char)(l ))&0xff; |
| 173 | buf[2]=((unsigned char)(l ))&0xff; | 173 | } else { |
| 174 | } | 174 | a.cipher.length = 2; |
| 175 | else | 175 | buf[0] = ((unsigned char)(l >> 8L))&0xff; |
| 176 | { | 176 | buf[1] = ((unsigned char)(l ))&0xff; |
| 177 | a.cipher.length=2; | 177 | } |
| 178 | buf[0]=((unsigned char)(l>>8L))&0xff; | ||
| 179 | buf[1]=((unsigned char)(l ))&0xff; | ||
| 180 | } | ||
| 181 | 178 | ||
| 182 | #ifndef OPENSSL_NO_COMP | 179 | #ifndef OPENSSL_NO_COMP |
| 183 | if (in->compress_meth) | 180 | if (in->compress_meth) { |
| 184 | { | ||
| 185 | cbuf = (unsigned char)in->compress_meth; | 181 | cbuf = (unsigned char)in->compress_meth; |
| 186 | a.comp_id.length = 1; | 182 | a.comp_id.length = 1; |
| 187 | a.comp_id.type = V_ASN1_OCTET_STRING; | 183 | a.comp_id.type = V_ASN1_OCTET_STRING; |
| 188 | a.comp_id.data = &cbuf; | 184 | a.comp_id.data = &cbuf; |
| 189 | } | 185 | } |
| 190 | #endif | 186 | #endif |
| 191 | 187 | ||
| 192 | a.master_key.length=in->master_key_length; | 188 | a.master_key.length = in->master_key_length; |
| 193 | a.master_key.type=V_ASN1_OCTET_STRING; | 189 | a.master_key.type = V_ASN1_OCTET_STRING; |
| 194 | a.master_key.data=in->master_key; | 190 | a.master_key.data = in->master_key; |
| 195 | 191 | ||
| 196 | a.session_id.length=in->session_id_length; | 192 | a.session_id.length = in->session_id_length; |
| 197 | a.session_id.type=V_ASN1_OCTET_STRING; | 193 | a.session_id.type = V_ASN1_OCTET_STRING; |
| 198 | a.session_id.data=in->session_id; | 194 | a.session_id.data = in->session_id; |
| 199 | 195 | ||
| 200 | a.session_id_context.length=in->sid_ctx_length; | 196 | a.session_id_context.length = in->sid_ctx_length; |
| 201 | a.session_id_context.type=V_ASN1_OCTET_STRING; | 197 | a.session_id_context.type = V_ASN1_OCTET_STRING; |
| 202 | a.session_id_context.data=in->sid_ctx; | 198 | a.session_id_context.data = in->sid_ctx; |
| 203 | 199 | ||
| 204 | a.key_arg.length=in->key_arg_length; | 200 | a.key_arg.length = in->key_arg_length; |
| 205 | a.key_arg.type=V_ASN1_OCTET_STRING; | 201 | a.key_arg.type = V_ASN1_OCTET_STRING; |
| 206 | a.key_arg.data=in->key_arg; | 202 | a.key_arg.data = in->key_arg; |
| 207 | 203 | ||
| 208 | #ifndef OPENSSL_NO_KRB5 | 204 | #ifndef OPENSSL_NO_KRB5 |
| 209 | if (in->krb5_client_princ_len) | 205 | if (in->krb5_client_princ_len) { |
| 210 | { | 206 | a.krb5_princ.length = in->krb5_client_princ_len; |
| 211 | a.krb5_princ.length=in->krb5_client_princ_len; | 207 | a.krb5_princ.type = V_ASN1_OCTET_STRING; |
| 212 | a.krb5_princ.type=V_ASN1_OCTET_STRING; | 208 | a.krb5_princ.data = in->krb5_client_princ; |
| 213 | a.krb5_princ.data=in->krb5_client_princ; | 209 | } |
| 214 | } | ||
| 215 | #endif /* OPENSSL_NO_KRB5 */ | 210 | #endif /* OPENSSL_NO_KRB5 */ |
| 216 | 211 | ||
| 217 | if (in->time != 0L) | 212 | if (in->time != 0L) { |
| 218 | { | 213 | a.time.length = LSIZE2; |
| 219 | a.time.length=LSIZE2; | 214 | a.time.type = V_ASN1_INTEGER; |
| 220 | a.time.type=V_ASN1_INTEGER; | 215 | a.time.data = ibuf3; |
| 221 | a.time.data=ibuf3; | 216 | ASN1_INTEGER_set(&(a.time), in->time); |
| 222 | ASN1_INTEGER_set(&(a.time),in->time); | 217 | } |
| 223 | } | ||
| 224 | 218 | ||
| 225 | if (in->timeout != 0L) | 219 | if (in->timeout != 0L) { |
| 226 | { | 220 | a.timeout.length = LSIZE2; |
| 227 | a.timeout.length=LSIZE2; | 221 | a.timeout.type = V_ASN1_INTEGER; |
| 228 | a.timeout.type=V_ASN1_INTEGER; | 222 | a.timeout.data = ibuf4; |
| 229 | a.timeout.data=ibuf4; | 223 | ASN1_INTEGER_set(&(a.timeout), in->timeout); |
| 230 | ASN1_INTEGER_set(&(a.timeout),in->timeout); | 224 | } |
| 231 | } | ||
| 232 | 225 | ||
| 233 | if (in->verify_result != X509_V_OK) | 226 | if (in->verify_result != X509_V_OK) { |
| 234 | { | 227 | a.verify_result.length = LSIZE2; |
| 235 | a.verify_result.length=LSIZE2; | 228 | a.verify_result.type = V_ASN1_INTEGER; |
| 236 | a.verify_result.type=V_ASN1_INTEGER; | 229 | a.verify_result.data = ibuf5; |
| 237 | a.verify_result.data=ibuf5; | 230 | ASN1_INTEGER_set(&a.verify_result, in->verify_result); |
| 238 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | 231 | } |
| 239 | } | ||
| 240 | 232 | ||
| 241 | #ifndef OPENSSL_NO_TLSEXT | 233 | #ifndef OPENSSL_NO_TLSEXT |
| 242 | if (in->tlsext_hostname) | 234 | if (in->tlsext_hostname) { |
| 243 | { | 235 | a.tlsext_hostname.length = strlen(in->tlsext_hostname); |
| 244 | a.tlsext_hostname.length=strlen(in->tlsext_hostname); | 236 | a.tlsext_hostname.type = V_ASN1_OCTET_STRING; |
| 245 | a.tlsext_hostname.type=V_ASN1_OCTET_STRING; | 237 | a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname; |
| 246 | a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname; | 238 | } |
| 247 | } | 239 | if (in->tlsext_tick) { |
| 248 | if (in->tlsext_tick) | 240 | a.tlsext_tick.length = in->tlsext_ticklen; |
| 249 | { | 241 | a.tlsext_tick.type = V_ASN1_OCTET_STRING; |
| 250 | a.tlsext_tick.length= in->tlsext_ticklen; | 242 | a.tlsext_tick.data = (unsigned char *)in->tlsext_tick; |
| 251 | a.tlsext_tick.type=V_ASN1_OCTET_STRING; | 243 | } |
| 252 | a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; | 244 | if (in->tlsext_tick_lifetime_hint > 0) { |
| 253 | } | 245 | a.tlsext_tick_lifetime.length = LSIZE2; |
| 254 | if (in->tlsext_tick_lifetime_hint > 0) | 246 | a.tlsext_tick_lifetime.type = V_ASN1_INTEGER; |
| 255 | { | 247 | a.tlsext_tick_lifetime.data = ibuf6; |
| 256 | a.tlsext_tick_lifetime.length=LSIZE2; | 248 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime, in->tlsext_tick_lifetime_hint); |
| 257 | a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; | 249 | } |
| 258 | a.tlsext_tick_lifetime.data=ibuf6; | ||
| 259 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); | ||
| 260 | } | ||
| 261 | #endif /* OPENSSL_NO_TLSEXT */ | 250 | #endif /* OPENSSL_NO_TLSEXT */ |
| 262 | #ifndef OPENSSL_NO_PSK | 251 | #ifndef OPENSSL_NO_PSK |
| 263 | if (in->psk_identity_hint) | 252 | if (in->psk_identity_hint) { |
| 264 | { | 253 | a.psk_identity_hint.length = strlen(in->psk_identity_hint); |
| 265 | a.psk_identity_hint.length=strlen(in->psk_identity_hint); | 254 | a.psk_identity_hint.type = V_ASN1_OCTET_STRING; |
| 266 | a.psk_identity_hint.type=V_ASN1_OCTET_STRING; | 255 | a.psk_identity_hint.data = (unsigned char *)(in->psk_identity_hint); |
| 267 | a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint); | 256 | } |
| 268 | } | 257 | if (in->psk_identity) { |
| 269 | if (in->psk_identity) | 258 | a.psk_identity.length = strlen(in->psk_identity); |
| 270 | { | 259 | a.psk_identity.type = V_ASN1_OCTET_STRING; |
| 271 | a.psk_identity.length=strlen(in->psk_identity); | 260 | a.psk_identity.data = (unsigned char *)(in->psk_identity); |
| 272 | a.psk_identity.type=V_ASN1_OCTET_STRING; | 261 | } |
| 273 | a.psk_identity.data=(unsigned char *)(in->psk_identity); | ||
| 274 | } | ||
| 275 | #endif /* OPENSSL_NO_PSK */ | 262 | #endif /* OPENSSL_NO_PSK */ |
| 276 | #ifndef OPENSSL_NO_SRP | 263 | #ifndef OPENSSL_NO_SRP |
| 277 | if (in->srp_username) | 264 | if (in->srp_username) { |
| 278 | { | 265 | a.srp_username.length = strlen(in->srp_username); |
| 279 | a.srp_username.length=strlen(in->srp_username); | 266 | a.srp_username.type = V_ASN1_OCTET_STRING; |
| 280 | a.srp_username.type=V_ASN1_OCTET_STRING; | 267 | a.srp_username.data = (unsigned char *)(in->srp_username); |
| 281 | a.srp_username.data=(unsigned char *)(in->srp_username); | 268 | } |
| 282 | } | ||
| 283 | #endif /* OPENSSL_NO_SRP */ | 269 | #endif /* OPENSSL_NO_SRP */ |
| 284 | 270 | ||
| 285 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 271 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| @@ -289,41 +275,41 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 289 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | 275 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 290 | #ifndef OPENSSL_NO_KRB5 | 276 | #ifndef OPENSSL_NO_KRB5 |
| 291 | if (in->krb5_client_princ_len) | 277 | if (in->krb5_client_princ_len) |
| 292 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 278 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 293 | #endif /* OPENSSL_NO_KRB5 */ | 279 | #endif /* OPENSSL_NO_KRB5 */ |
| 294 | if (in->key_arg_length > 0) | 280 | if (in->key_arg_length > 0) |
| 295 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | 281 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING); |
| 296 | if (in->time != 0L) | 282 | if (in->time != 0L) |
| 297 | M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 283 | M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 298 | if (in->timeout != 0L) | 284 | if (in->timeout != 0L) |
| 299 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 285 | M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 300 | if (in->peer != NULL) | 286 | if (in->peer != NULL) |
| 301 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); | 287 | M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 302 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); | 288 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, v4); |
| 303 | if (in->verify_result != X509_V_OK) | 289 | if (in->verify_result != X509_V_OK) |
| 304 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | 290 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5); |
| 305 | 291 | ||
| 306 | #ifndef OPENSSL_NO_TLSEXT | 292 | #ifndef OPENSSL_NO_TLSEXT |
| 307 | if (in->tlsext_tick_lifetime_hint > 0) | 293 | if (in->tlsext_tick_lifetime_hint > 0) |
| 308 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 294 | M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 309 | if (in->tlsext_tick) | 295 | if (in->tlsext_tick) |
| 310 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 296 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 311 | if (in->tlsext_hostname) | 297 | if (in->tlsext_hostname) |
| 312 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 298 | M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 313 | #ifndef OPENSSL_NO_COMP | 299 | #ifndef OPENSSL_NO_COMP |
| 314 | if (in->compress_meth) | 300 | if (in->compress_meth) |
| 315 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 301 | M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 316 | #endif | 302 | #endif |
| 317 | #endif /* OPENSSL_NO_TLSEXT */ | 303 | #endif /* OPENSSL_NO_TLSEXT */ |
| 318 | #ifndef OPENSSL_NO_PSK | 304 | #ifndef OPENSSL_NO_PSK |
| 319 | if (in->psk_identity_hint) | 305 | if (in->psk_identity_hint) |
| 320 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 306 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 321 | if (in->psk_identity) | 307 | if (in->psk_identity) |
| 322 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 308 | M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 323 | #endif /* OPENSSL_NO_PSK */ | 309 | #endif /* OPENSSL_NO_PSK */ |
| 324 | #ifndef OPENSSL_NO_SRP | 310 | #ifndef OPENSSL_NO_SRP |
| 325 | if (in->srp_username) | 311 | if (in->srp_username) |
| 326 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 312 | M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 327 | #endif /* OPENSSL_NO_SRP */ | 313 | #endif /* OPENSSL_NO_SRP */ |
| 328 | 314 | ||
| 329 | M_ASN1_I2D_seq_total(); | 315 | M_ASN1_I2D_seq_total(); |
| @@ -335,308 +321,296 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | |||
| 335 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | 321 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 336 | #ifndef OPENSSL_NO_KRB5 | 322 | #ifndef OPENSSL_NO_KRB5 |
| 337 | if (in->krb5_client_princ_len) | 323 | if (in->krb5_client_princ_len) |
| 338 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | 324 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); |
| 339 | #endif /* OPENSSL_NO_KRB5 */ | 325 | #endif /* OPENSSL_NO_KRB5 */ |
| 340 | if (in->key_arg_length > 0) | 326 | if (in->key_arg_length > 0) |
| 341 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | 327 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0); |
| 342 | if (in->time != 0L) | 328 | if (in->time != 0L) |
| 343 | M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1); | 329 | M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1); |
| 344 | if (in->timeout != 0L) | 330 | if (in->timeout != 0L) |
| 345 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 331 | M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2); |
| 346 | if (in->peer != NULL) | 332 | if (in->peer != NULL) |
| 347 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); | 333 | M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3); |
| 348 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, | 334 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4, |
| 349 | v4); | 335 | v4); |
| 350 | if (in->verify_result != X509_V_OK) | 336 | if (in->verify_result != X509_V_OK) |
| 351 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | 337 | M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5); |
| 352 | #ifndef OPENSSL_NO_TLSEXT | 338 | #ifndef OPENSSL_NO_TLSEXT |
| 353 | if (in->tlsext_hostname) | 339 | if (in->tlsext_hostname) |
| 354 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); | 340 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6, v6); |
| 355 | #endif /* OPENSSL_NO_TLSEXT */ | 341 | #endif /* OPENSSL_NO_TLSEXT */ |
| 356 | #ifndef OPENSSL_NO_PSK | 342 | #ifndef OPENSSL_NO_PSK |
| 357 | if (in->psk_identity_hint) | 343 | if (in->psk_identity_hint) |
| 358 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7); | 344 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING, 7, v7); |
| 359 | if (in->psk_identity) | 345 | if (in->psk_identity) |
| 360 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8); | 346 | M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING, 8, v8); |
| 361 | #endif /* OPENSSL_NO_PSK */ | 347 | #endif /* OPENSSL_NO_PSK */ |
| 362 | #ifndef OPENSSL_NO_TLSEXT | 348 | #ifndef OPENSSL_NO_TLSEXT |
| 363 | if (in->tlsext_tick_lifetime_hint > 0) | 349 | if (in->tlsext_tick_lifetime_hint > 0) |
| 364 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); | 350 | M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9, v9); |
| 365 | if (in->tlsext_tick) | 351 | if (in->tlsext_tick) |
| 366 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); | 352 | M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10, v10); |
| 367 | #endif /* OPENSSL_NO_TLSEXT */ | 353 | #endif /* OPENSSL_NO_TLSEXT */ |
| 368 | #ifndef OPENSSL_NO_COMP | 354 | #ifndef OPENSSL_NO_COMP |
| 369 | if (in->compress_meth) | 355 | if (in->compress_meth) |
| 370 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11); | 356 | M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11); |
| 371 | #endif | 357 | #endif |
| 372 | #ifndef OPENSSL_NO_SRP | 358 | #ifndef OPENSSL_NO_SRP |
| 373 | if (in->srp_username) | 359 | if (in->srp_username) |
| 374 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12); | 360 | M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); |
| 375 | #endif /* OPENSSL_NO_SRP */ | 361 | #endif /* OPENSSL_NO_SRP */ |
| 376 | M_ASN1_I2D_finish(); | 362 | M_ASN1_I2D_finish(); |
| 377 | } | 363 | } |
| 378 | 364 | ||
| 379 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | 365 | SSL_SESSION |
| 380 | long length) | 366 | *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
| 381 | { | 367 | long length) |
| 382 | int ssl_version=0,i; | 368 | { |
| 369 | int ssl_version = 0, i; | ||
| 383 | long id; | 370 | long id; |
| 384 | ASN1_INTEGER ai,*aip; | 371 | ASN1_INTEGER ai, *aip; |
| 385 | ASN1_OCTET_STRING os,*osp; | 372 | ASN1_OCTET_STRING os, *osp; |
| 386 | M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new); | 373 | M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new); |
| 387 | 374 | ||
| 388 | aip= &ai; | 375 | aip = &ai; |
| 389 | osp= &os; | 376 | osp = &os; |
| 390 | 377 | ||
| 391 | M_ASN1_D2I_Init(); | 378 | M_ASN1_D2I_Init(); |
| 392 | M_ASN1_D2I_start_sequence(); | 379 | M_ASN1_D2I_start_sequence(); |
| 393 | 380 | ||
| 394 | ai.data=NULL; ai.length=0; | 381 | ai.data = NULL; |
| 395 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 382 | ai.length = 0; |
| 396 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 383 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 384 | if (ai.data != NULL) { | ||
| 385 | OPENSSL_free(ai.data); | ||
| 386 | ai.data = NULL; | ||
| 387 | ai.length = 0; | ||
| 388 | } | ||
| 397 | 389 | ||
| 398 | /* we don't care about the version right now :-) */ | 390 | /* we don't care about the version right now :-) */ |
| 399 | M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER); | 391 | M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER); |
| 400 | ssl_version=(int)ASN1_INTEGER_get(aip); | 392 | ssl_version = (int)ASN1_INTEGER_get(aip); |
| 401 | ret->ssl_version=ssl_version; | 393 | ret->ssl_version = ssl_version; |
| 402 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } | 394 | if (ai.data != NULL) { |
| 403 | 395 | OPENSSL_free(ai.data); | |
| 404 | os.data=NULL; os.length=0; | 396 | ai.data = NULL; |
| 405 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 397 | ai.length = 0; |
| 406 | if (ssl_version == SSL2_VERSION) | 398 | } |
| 407 | { | 399 | |
| 408 | if (os.length != 3) | 400 | os.data = NULL; |
| 409 | { | 401 | os.length = 0; |
| 410 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 402 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 403 | if (ssl_version == SSL2_VERSION) { | ||
| 404 | if (os.length != 3) { | ||
| 405 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 411 | goto err; | 406 | goto err; |
| 412 | } | ||
| 413 | id=0x02000000L| | ||
| 414 | ((unsigned long)os.data[0]<<16L)| | ||
| 415 | ((unsigned long)os.data[1]<< 8L)| | ||
| 416 | (unsigned long)os.data[2]; | ||
| 417 | } | 407 | } |
| 418 | else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 408 | id = 0x02000000L| |
| 419 | { | 409 | ((unsigned long)os.data[0]<<16L)| |
| 420 | if (os.length != 2) | 410 | ((unsigned long)os.data[1]<< 8L)| |
| 421 | { | 411 | (unsigned long)os.data[2]; |
| 422 | c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH; | 412 | } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { |
| 413 | if (os.length != 2) { | ||
| 414 | c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; | ||
| 423 | goto err; | 415 | goto err; |
| 424 | } | ||
| 425 | id=0x03000000L| | ||
| 426 | ((unsigned long)os.data[0]<<8L)| | ||
| 427 | (unsigned long)os.data[1]; | ||
| 428 | } | 416 | } |
| 429 | else | 417 | id = 0x03000000L| |
| 430 | { | 418 | ((unsigned long)os.data[0]<<8L)| |
| 431 | c.error=SSL_R_UNKNOWN_SSL_VERSION; | 419 | (unsigned long)os.data[1]; |
| 420 | } else { | ||
| 421 | c.error = SSL_R_UNKNOWN_SSL_VERSION; | ||
| 432 | goto err; | 422 | goto err; |
| 433 | } | 423 | } |
| 434 | 424 | ||
| 435 | ret->cipher=NULL; | 425 | ret->cipher = NULL; |
| 436 | ret->cipher_id=id; | 426 | ret->cipher_id = id; |
| 437 | 427 | ||
| 438 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 428 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 439 | if ((ssl_version>>8) >= SSL3_VERSION_MAJOR) | 429 | if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 440 | i=SSL3_MAX_SSL_SESSION_ID_LENGTH; | 430 | i = SSL3_MAX_SSL_SESSION_ID_LENGTH; |
| 441 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ | 431 | else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ |
| 442 | i=SSL2_MAX_SSL_SESSION_ID_LENGTH; | 432 | i = SSL2_MAX_SSL_SESSION_ID_LENGTH; |
| 443 | 433 | ||
| 444 | if (os.length > i) | 434 | if (os.length > i) |
| 445 | os.length = i; | 435 | os.length = i; |
| 446 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ | 436 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ |
| 447 | os.length = sizeof(ret->session_id); | 437 | os.length = sizeof(ret->session_id); |
| 448 | 438 | ||
| 449 | ret->session_id_length=os.length; | 439 | ret->session_id_length = os.length; |
| 450 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); | 440 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); |
| 451 | memcpy(ret->session_id,os.data,os.length); | 441 | memcpy(ret->session_id, os.data, os.length); |
| 452 | 442 | ||
| 453 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); | 443 | M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); |
| 454 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) | 444 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) |
| 455 | ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | 445 | ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; |
| 456 | else | 446 | else |
| 457 | ret->master_key_length=os.length; | 447 | ret->master_key_length = os.length; |
| 458 | memcpy(ret->master_key,os.data,ret->master_key_length); | 448 | memcpy(ret->master_key, os.data, ret->master_key_length); |
| 459 | 449 | ||
| 460 | os.length=0; | 450 | os.length = 0; |
| 461 | 451 | ||
| 462 | #ifndef OPENSSL_NO_KRB5 | 452 | #ifndef OPENSSL_NO_KRB5 |
| 463 | os.length=0; | 453 | os.length = 0; |
| 464 | M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); | 454 | M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); |
| 465 | if (os.data) | 455 | if (os.data) { |
| 466 | { | 456 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) |
| 467 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) | 457 | ret->krb5_client_princ_len = 0; |
| 468 | ret->krb5_client_princ_len=0; | ||
| 469 | else | 458 | else |
| 470 | ret->krb5_client_princ_len=os.length; | 459 | ret->krb5_client_princ_len = os.length; |
| 471 | memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); | 460 | memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len); |
| 472 | OPENSSL_free(os.data); | 461 | OPENSSL_free(os.data); |
| 473 | os.data = NULL; | 462 | os.data = NULL; |
| 474 | os.length = 0; | 463 | os.length = 0; |
| 475 | } | 464 | } else |
| 476 | else | 465 | ret->krb5_client_princ_len = 0; |
| 477 | ret->krb5_client_princ_len=0; | ||
| 478 | #endif /* OPENSSL_NO_KRB5 */ | 466 | #endif /* OPENSSL_NO_KRB5 */ |
| 479 | 467 | ||
| 480 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | 468 | M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0, V_ASN1_OCTET_STRING); |
| 481 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | 469 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) |
| 482 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | 470 | ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH; |
| 483 | else | 471 | else |
| 484 | ret->key_arg_length=os.length; | 472 | ret->key_arg_length = os.length; |
| 485 | memcpy(ret->key_arg,os.data,ret->key_arg_length); | 473 | memcpy(ret->key_arg, os.data, ret->key_arg_length); |
| 486 | if (os.data != NULL) OPENSSL_free(os.data); | 474 | if (os.data != NULL) |
| 487 | 475 | OPENSSL_free(os.data); | |
| 488 | ai.length=0; | ||
| 489 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); | ||
| 490 | if (ai.data != NULL) | ||
| 491 | { | ||
| 492 | ret->time=ASN1_INTEGER_get(aip); | ||
| 493 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 494 | } | ||
| 495 | else | ||
| 496 | ret->time=(unsigned long)time(NULL); | ||
| 497 | |||
| 498 | ai.length=0; | ||
| 499 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); | ||
| 500 | if (ai.data != NULL) | ||
| 501 | { | ||
| 502 | ret->timeout=ASN1_INTEGER_get(aip); | ||
| 503 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 504 | } | ||
| 505 | else | ||
| 506 | ret->timeout=3; | ||
| 507 | 476 | ||
| 508 | if (ret->peer != NULL) | 477 | ai.length = 0; |
| 509 | { | 478 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1); |
| 479 | if (ai.data != NULL) { | ||
| 480 | ret->time = ASN1_INTEGER_get(aip); | ||
| 481 | OPENSSL_free(ai.data); | ||
| 482 | ai.data = NULL; | ||
| 483 | ai.length = 0; | ||
| 484 | } else | ||
| 485 | ret->time = (unsigned long)time(NULL); | ||
| 486 | |||
| 487 | ai.length = 0; | ||
| 488 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2); | ||
| 489 | if (ai.data != NULL) { | ||
| 490 | ret->timeout = ASN1_INTEGER_get(aip); | ||
| 491 | OPENSSL_free(ai.data); | ||
| 492 | ai.data = NULL; | ||
| 493 | ai.length = 0; | ||
| 494 | } else | ||
| 495 | ret->timeout = 3; | ||
| 496 | |||
| 497 | if (ret->peer != NULL) { | ||
| 510 | X509_free(ret->peer); | 498 | X509_free(ret->peer); |
| 511 | ret->peer=NULL; | 499 | ret->peer = NULL; |
| 512 | } | 500 | } |
| 513 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); | 501 | M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3); |
| 514 | 502 | ||
| 515 | os.length=0; | 503 | os.length = 0; |
| 516 | os.data=NULL; | 504 | os.data = NULL; |
| 517 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); | 505 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4); |
| 518 | 506 | ||
| 519 | if(os.data != NULL) | 507 | if (os.data != NULL) { |
| 520 | { | 508 | if (os.length > SSL_MAX_SID_CTX_LENGTH) { |
| 521 | if (os.length > SSL_MAX_SID_CTX_LENGTH) | 509 | c.error = SSL_R_BAD_LENGTH; |
| 522 | { | 510 | goto err; |
| 523 | c.error=SSL_R_BAD_LENGTH; | 511 | } else { |
| 524 | goto err; | 512 | ret->sid_ctx_length = os.length; |
| 525 | } | 513 | memcpy(ret->sid_ctx, os.data, os.length); |
| 526 | else | ||
| 527 | { | ||
| 528 | ret->sid_ctx_length=os.length; | ||
| 529 | memcpy(ret->sid_ctx,os.data,os.length); | ||
| 530 | } | ||
| 531 | OPENSSL_free(os.data); os.data=NULL; os.length=0; | ||
| 532 | } | ||
| 533 | else | ||
| 534 | ret->sid_ctx_length=0; | ||
| 535 | |||
| 536 | ai.length=0; | ||
| 537 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); | ||
| 538 | if (ai.data != NULL) | ||
| 539 | { | ||
| 540 | ret->verify_result=ASN1_INTEGER_get(aip); | ||
| 541 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 542 | } | 514 | } |
| 543 | else | 515 | OPENSSL_free(os.data); |
| 544 | ret->verify_result=X509_V_OK; | 516 | os.data = NULL; |
| 517 | os.length = 0; | ||
| 518 | } else | ||
| 519 | ret->sid_ctx_length = 0; | ||
| 520 | |||
| 521 | ai.length = 0; | ||
| 522 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5); | ||
| 523 | if (ai.data != NULL) { | ||
| 524 | ret->verify_result = ASN1_INTEGER_get(aip); | ||
| 525 | OPENSSL_free(ai.data); | ||
| 526 | ai.data = NULL; | ||
| 527 | ai.length = 0; | ||
| 528 | } else | ||
| 529 | ret->verify_result = X509_V_OK; | ||
| 545 | 530 | ||
| 546 | #ifndef OPENSSL_NO_TLSEXT | 531 | #ifndef OPENSSL_NO_TLSEXT |
| 547 | os.length=0; | 532 | os.length = 0; |
| 548 | os.data=NULL; | 533 | os.data = NULL; |
| 549 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6); | 534 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6); |
| 550 | if (os.data) | 535 | if (os.data) { |
| 551 | { | ||
| 552 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); | 536 | ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length); |
| 553 | OPENSSL_free(os.data); | 537 | OPENSSL_free(os.data); |
| 554 | os.data = NULL; | 538 | os.data = NULL; |
| 555 | os.length = 0; | 539 | os.length = 0; |
| 556 | } | 540 | } else |
| 557 | else | 541 | ret->tlsext_hostname = NULL; |
| 558 | ret->tlsext_hostname=NULL; | ||
| 559 | #endif /* OPENSSL_NO_TLSEXT */ | 542 | #endif /* OPENSSL_NO_TLSEXT */ |
| 560 | 543 | ||
| 561 | #ifndef OPENSSL_NO_PSK | 544 | #ifndef OPENSSL_NO_PSK |
| 562 | os.length=0; | 545 | os.length = 0; |
| 563 | os.data=NULL; | 546 | os.data = NULL; |
| 564 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7); | 547 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 7); |
| 565 | if (os.data) | 548 | if (os.data) { |
| 566 | { | ||
| 567 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); | 549 | ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length); |
| 568 | OPENSSL_free(os.data); | 550 | OPENSSL_free(os.data); |
| 569 | os.data = NULL; | 551 | os.data = NULL; |
| 570 | os.length = 0; | 552 | os.length = 0; |
| 571 | } | 553 | } else |
| 572 | else | 554 | ret->psk_identity_hint = NULL; |
| 573 | ret->psk_identity_hint=NULL; | ||
| 574 | 555 | ||
| 575 | os.length=0; | 556 | os.length = 0; |
| 576 | os.data=NULL; | 557 | os.data = NULL; |
| 577 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8); | 558 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 8); |
| 578 | if (os.data) | 559 | if (os.data) { |
| 579 | { | ||
| 580 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); | 560 | ret->psk_identity = BUF_strndup((char *)os.data, os.length); |
| 581 | OPENSSL_free(os.data); | 561 | OPENSSL_free(os.data); |
| 582 | os.data = NULL; | 562 | os.data = NULL; |
| 583 | os.length = 0; | 563 | os.length = 0; |
| 584 | } | 564 | } else |
| 585 | else | 565 | ret->psk_identity = NULL; |
| 586 | ret->psk_identity=NULL; | ||
| 587 | #endif /* OPENSSL_NO_PSK */ | 566 | #endif /* OPENSSL_NO_PSK */ |
| 588 | 567 | ||
| 589 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 590 | ai.length=0; | 569 | ai.length = 0; |
| 591 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); | 570 | M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9); |
| 592 | if (ai.data != NULL) | 571 | if (ai.data != NULL) { |
| 593 | { | 572 | ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip); |
| 594 | ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); | 573 | OPENSSL_free(ai.data); |
| 595 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | 574 | ai.data = NULL; |
| 596 | } | 575 | ai.length = 0; |
| 597 | else if (ret->tlsext_ticklen && ret->session_id_length) | 576 | } else if (ret->tlsext_ticklen && ret->session_id_length) |
| 598 | ret->tlsext_tick_lifetime_hint = -1; | 577 | ret->tlsext_tick_lifetime_hint = -1; |
| 599 | else | 578 | else |
| 600 | ret->tlsext_tick_lifetime_hint=0; | 579 | ret->tlsext_tick_lifetime_hint = 0; |
| 601 | os.length=0; | 580 | os.length = 0; |
| 602 | os.data=NULL; | 581 | os.data = NULL; |
| 603 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); | 582 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10); |
| 604 | if (os.data) | 583 | if (os.data) { |
| 605 | { | ||
| 606 | ret->tlsext_tick = os.data; | 584 | ret->tlsext_tick = os.data; |
| 607 | ret->tlsext_ticklen = os.length; | 585 | ret->tlsext_ticklen = os.length; |
| 608 | os.data = NULL; | 586 | os.data = NULL; |
| 609 | os.length = 0; | 587 | os.length = 0; |
| 610 | } | 588 | } else |
| 611 | else | 589 | ret->tlsext_tick = NULL; |
| 612 | ret->tlsext_tick=NULL; | ||
| 613 | #endif /* OPENSSL_NO_TLSEXT */ | 590 | #endif /* OPENSSL_NO_TLSEXT */ |
| 614 | #ifndef OPENSSL_NO_COMP | 591 | #ifndef OPENSSL_NO_COMP |
| 615 | os.length=0; | 592 | os.length = 0; |
| 616 | os.data=NULL; | 593 | os.data = NULL; |
| 617 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11); | 594 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11); |
| 618 | if (os.data) | 595 | if (os.data) { |
| 619 | { | ||
| 620 | ret->compress_meth = os.data[0]; | 596 | ret->compress_meth = os.data[0]; |
| 621 | OPENSSL_free(os.data); | 597 | OPENSSL_free(os.data); |
| 622 | os.data = NULL; | 598 | os.data = NULL; |
| 623 | } | 599 | } |
| 624 | #endif | 600 | #endif |
| 625 | 601 | ||
| 626 | #ifndef OPENSSL_NO_SRP | 602 | #ifndef OPENSSL_NO_SRP |
| 627 | os.length=0; | 603 | os.length = 0; |
| 628 | os.data=NULL; | 604 | os.data = NULL; |
| 629 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12); | 605 | M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 12); |
| 630 | if (os.data) | 606 | if (os.data) { |
| 631 | { | ||
| 632 | ret->srp_username = BUF_strndup((char *)os.data, os.length); | 607 | ret->srp_username = BUF_strndup((char *)os.data, os.length); |
| 633 | OPENSSL_free(os.data); | 608 | OPENSSL_free(os.data); |
| 634 | os.data = NULL; | 609 | os.data = NULL; |
| 635 | os.length = 0; | 610 | os.length = 0; |
| 636 | } | 611 | } else |
| 637 | else | 612 | ret->srp_username = NULL; |
| 638 | ret->srp_username=NULL; | ||
| 639 | #endif /* OPENSSL_NO_SRP */ | 613 | #endif /* OPENSSL_NO_SRP */ |
| 640 | 614 | ||
| 641 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 615 | M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); |
| 642 | } | 616 | } |
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 1aaddc351f..79eb4ee031 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -132,36 +132,36 @@ | |||
| 132 | #include <openssl/bn.h> | 132 | #include <openssl/bn.h> |
| 133 | #include "ssl_locl.h" | 133 | #include "ssl_locl.h" |
| 134 | 134 | ||
| 135 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) | 135 | int |
| 136 | { | 136 | SSL_get_ex_data_X509_STORE_CTX_idx(void) |
| 137 | static volatile int ssl_x509_store_ctx_idx= -1; | 137 | { |
| 138 | static volatile int ssl_x509_store_ctx_idx = -1; | ||
| 138 | int got_write_lock = 0; | 139 | int got_write_lock = 0; |
| 139 | 140 | ||
| 140 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 141 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 141 | 142 | ||
| 142 | if (ssl_x509_store_ctx_idx < 0) | 143 | if (ssl_x509_store_ctx_idx < 0) { |
| 143 | { | ||
| 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 144 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 145 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 146 | got_write_lock = 1; | 146 | got_write_lock = 1; |
| 147 | 147 | ||
| 148 | if (ssl_x509_store_ctx_idx < 0) | 148 | if (ssl_x509_store_ctx_idx < 0) { |
| 149 | { | 149 | ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( |
| 150 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | 150 | 0, "SSL for verify callback", NULL, NULL, NULL); |
| 151 | 0,"SSL for verify callback",NULL,NULL,NULL); | ||
| 152 | } | ||
| 153 | } | 151 | } |
| 152 | } | ||
| 154 | 153 | ||
| 155 | if (got_write_lock) | 154 | if (got_write_lock) |
| 156 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 155 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 157 | else | 156 | else |
| 158 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 157 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 159 | 158 | ||
| 160 | return ssl_x509_store_ctx_idx; | 159 | return ssl_x509_store_ctx_idx; |
| 161 | } | 160 | } |
| 162 | 161 | ||
| 163 | static void ssl_cert_set_default_md(CERT *cert) | 162 | static void |
| 164 | { | 163 | ssl_cert_set_default_md(CERT *cert) |
| 164 | { | ||
| 165 | /* Set digest values to defaults */ | 165 | /* Set digest values to defaults */ |
| 166 | #ifndef OPENSSL_NO_DSA | 166 | #ifndef OPENSSL_NO_DSA |
| 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | 167 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); |
| @@ -173,37 +173,37 @@ static void ssl_cert_set_default_md(CERT *cert) | |||
| 173 | #ifndef OPENSSL_NO_ECDSA | 173 | #ifndef OPENSSL_NO_ECDSA |
| 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | 174 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); |
| 175 | #endif | 175 | #endif |
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | CERT *ssl_cert_new(void) | 178 | CERT |
| 179 | { | 179 | *ssl_cert_new(void) |
| 180 | { | ||
| 180 | CERT *ret; | 181 | CERT *ret; |
| 181 | 182 | ||
| 182 | ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); | 183 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 183 | if (ret == NULL) | 184 | if (ret == NULL) { |
| 184 | { | 185 | SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 185 | SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); | 186 | return (NULL); |
| 186 | return(NULL); | 187 | } |
| 187 | } | 188 | memset(ret, 0, sizeof(CERT)); |
| 188 | memset(ret,0,sizeof(CERT)); | ||
| 189 | 189 | ||
| 190 | ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); | 190 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); |
| 191 | ret->references=1; | 191 | ret->references = 1; |
| 192 | ssl_cert_set_default_md(ret); | 192 | ssl_cert_set_default_md(ret); |
| 193 | return(ret); | 193 | return (ret); |
| 194 | } | 194 | } |
| 195 | 195 | ||
| 196 | CERT *ssl_cert_dup(CERT *cert) | 196 | CERT |
| 197 | { | 197 | *ssl_cert_dup(CERT *cert) |
| 198 | { | ||
| 198 | CERT *ret; | 199 | CERT *ret; |
| 199 | int i; | 200 | int i; |
| 200 | 201 | ||
| 201 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); | 202 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 202 | if (ret == NULL) | 203 | if (ret == NULL) { |
| 203 | { | ||
| 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); | 204 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); |
| 205 | return(NULL); | 205 | return (NULL); |
| 206 | } | 206 | } |
| 207 | 207 | ||
| 208 | memset(ret, 0, sizeof(CERT)); | 208 | memset(ret, 0, sizeof(CERT)); |
| 209 | 209 | ||
| @@ -218,77 +218,64 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 218 | ret->export_mask_a = cert->export_mask_a; | 218 | ret->export_mask_a = cert->export_mask_a; |
| 219 | 219 | ||
| 220 | #ifndef OPENSSL_NO_RSA | 220 | #ifndef OPENSSL_NO_RSA |
| 221 | if (cert->rsa_tmp != NULL) | 221 | if (cert->rsa_tmp != NULL) { |
| 222 | { | ||
| 223 | RSA_up_ref(cert->rsa_tmp); | 222 | RSA_up_ref(cert->rsa_tmp); |
| 224 | ret->rsa_tmp = cert->rsa_tmp; | 223 | ret->rsa_tmp = cert->rsa_tmp; |
| 225 | } | 224 | } |
| 226 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; | 225 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | #ifndef OPENSSL_NO_DH | 228 | #ifndef OPENSSL_NO_DH |
| 230 | if (cert->dh_tmp != NULL) | 229 | if (cert->dh_tmp != NULL) { |
| 231 | { | ||
| 232 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | 230 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); |
| 233 | if (ret->dh_tmp == NULL) | 231 | if (ret->dh_tmp == NULL) { |
| 234 | { | ||
| 235 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); | 232 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); |
| 236 | goto err; | 233 | goto err; |
| 237 | } | 234 | } |
| 238 | if (cert->dh_tmp->priv_key) | 235 | if (cert->dh_tmp->priv_key) { |
| 239 | { | ||
| 240 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | 236 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); |
| 241 | if (!b) | 237 | if (!b) { |
| 242 | { | ||
| 243 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 238 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 244 | goto err; | 239 | goto err; |
| 245 | } | ||
| 246 | ret->dh_tmp->priv_key = b; | ||
| 247 | } | 240 | } |
| 248 | if (cert->dh_tmp->pub_key) | 241 | ret->dh_tmp->priv_key = b; |
| 249 | { | 242 | } |
| 243 | if (cert->dh_tmp->pub_key) { | ||
| 250 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | 244 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); |
| 251 | if (!b) | 245 | if (!b) { |
| 252 | { | ||
| 253 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | 246 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); |
| 254 | goto err; | 247 | goto err; |
| 255 | } | ||
| 256 | ret->dh_tmp->pub_key = b; | ||
| 257 | } | 248 | } |
| 249 | ret->dh_tmp->pub_key = b; | ||
| 258 | } | 250 | } |
| 251 | } | ||
| 259 | ret->dh_tmp_cb = cert->dh_tmp_cb; | 252 | ret->dh_tmp_cb = cert->dh_tmp_cb; |
| 260 | #endif | 253 | #endif |
| 261 | 254 | ||
| 262 | #ifndef OPENSSL_NO_ECDH | 255 | #ifndef OPENSSL_NO_ECDH |
| 263 | if (cert->ecdh_tmp) | 256 | if (cert->ecdh_tmp) { |
| 264 | { | ||
| 265 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | 257 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); |
| 266 | if (ret->ecdh_tmp == NULL) | 258 | if (ret->ecdh_tmp == NULL) { |
| 267 | { | ||
| 268 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | 259 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); |
| 269 | goto err; | 260 | goto err; |
| 270 | } | ||
| 271 | } | 261 | } |
| 262 | } | ||
| 272 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | 263 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; |
| 273 | #endif | 264 | #endif |
| 274 | 265 | ||
| 275 | for (i = 0; i < SSL_PKEY_NUM; i++) | 266 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 276 | { | 267 | if (cert->pkeys[i].x509 != NULL) { |
| 277 | if (cert->pkeys[i].x509 != NULL) | ||
| 278 | { | ||
| 279 | ret->pkeys[i].x509 = cert->pkeys[i].x509; | 268 | ret->pkeys[i].x509 = cert->pkeys[i].x509; |
| 280 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, | 269 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, |
| 281 | CRYPTO_LOCK_X509); | 270 | CRYPTO_LOCK_X509); |
| 282 | } | 271 | } |
| 283 | 272 | ||
| 284 | if (cert->pkeys[i].privatekey != NULL) | 273 | if (cert->pkeys[i].privatekey != NULL) { |
| 285 | { | ||
| 286 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; | 274 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; |
| 287 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, | 275 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, |
| 288 | CRYPTO_LOCK_EVP_PKEY); | 276 | CRYPTO_LOCK_EVP_PKEY); |
| 289 | 277 | ||
| 290 | switch(i) | 278 | switch (i) { |
| 291 | { | ||
| 292 | /* If there was anything special to do for | 279 | /* If there was anything special to do for |
| 293 | * certain types of keys, we'd do it here. | 280 | * certain types of keys, we'd do it here. |
| 294 | * (Nothing at the moment, I think.) */ | 281 | * (Nothing at the moment, I think.) */ |
| @@ -297,11 +284,11 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 297 | case SSL_PKEY_RSA_SIGN: | 284 | case SSL_PKEY_RSA_SIGN: |
| 298 | /* We have an RSA key. */ | 285 | /* We have an RSA key. */ |
| 299 | break; | 286 | break; |
| 300 | 287 | ||
| 301 | case SSL_PKEY_DSA_SIGN: | 288 | case SSL_PKEY_DSA_SIGN: |
| 302 | /* We have a DSA key. */ | 289 | /* We have a DSA key. */ |
| 303 | break; | 290 | break; |
| 304 | 291 | ||
| 305 | case SSL_PKEY_DH_RSA: | 292 | case SSL_PKEY_DH_RSA: |
| 306 | case SSL_PKEY_DH_DSA: | 293 | case SSL_PKEY_DH_DSA: |
| 307 | /* We have a DH key. */ | 294 | /* We have a DH key. */ |
| @@ -314,21 +301,21 @@ CERT *ssl_cert_dup(CERT *cert) | |||
| 314 | default: | 301 | default: |
| 315 | /* Can't happen. */ | 302 | /* Can't happen. */ |
| 316 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | 303 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); |
| 317 | } | ||
| 318 | } | 304 | } |
| 319 | } | 305 | } |
| 320 | 306 | } | |
| 307 | |||
| 321 | /* ret->extra_certs *should* exist, but currently the own certificate | 308 | /* ret->extra_certs *should* exist, but currently the own certificate |
| 322 | * chain is held inside SSL_CTX */ | 309 | * chain is held inside SSL_CTX */ |
| 323 | 310 | ||
| 324 | ret->references=1; | 311 | ret->references = 1; |
| 325 | /* Set digests to defaults. NB: we don't copy existing values as they | 312 | /* Set digests to defaults. NB: we don't copy existing values as they |
| 326 | * will be set during handshake. | 313 | * will be set during handshake. |
| 327 | */ | 314 | */ |
| 328 | ssl_cert_set_default_md(ret); | 315 | ssl_cert_set_default_md(ret); |
| 329 | 316 | ||
| 330 | return(ret); | 317 | return (ret); |
| 331 | 318 | ||
| 332 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) | 319 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) |
| 333 | err: | 320 | err: |
| 334 | #endif | 321 | #endif |
| @@ -345,50 +332,52 @@ err: | |||
| 345 | EC_KEY_free(ret->ecdh_tmp); | 332 | EC_KEY_free(ret->ecdh_tmp); |
| 346 | #endif | 333 | #endif |
| 347 | 334 | ||
| 348 | for (i = 0; i < SSL_PKEY_NUM; i++) | 335 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 349 | { | ||
| 350 | if (ret->pkeys[i].x509 != NULL) | 336 | if (ret->pkeys[i].x509 != NULL) |
| 351 | X509_free(ret->pkeys[i].x509); | 337 | X509_free(ret->pkeys[i].x509); |
| 352 | if (ret->pkeys[i].privatekey != NULL) | 338 | if (ret->pkeys[i].privatekey != NULL) |
| 353 | EVP_PKEY_free(ret->pkeys[i].privatekey); | 339 | EVP_PKEY_free(ret->pkeys[i].privatekey); |
| 354 | } | 340 | } |
| 355 | 341 | ||
| 356 | return NULL; | 342 | return NULL; |
| 357 | } | 343 | } |
| 358 | 344 | ||
| 359 | 345 | ||
| 360 | void ssl_cert_free(CERT *c) | 346 | void |
| 361 | { | 347 | ssl_cert_free(CERT *c) |
| 348 | { | ||
| 362 | int i; | 349 | int i; |
| 363 | 350 | ||
| 364 | if(c == NULL) | 351 | if (c == NULL) |
| 365 | return; | 352 | return; |
| 366 | 353 | ||
| 367 | i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); | 354 | i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); |
| 368 | #ifdef REF_PRINT | 355 | #ifdef REF_PRINT |
| 369 | REF_PRINT("CERT",c); | 356 | REF_PRINT("CERT", c); |
| 370 | #endif | 357 | #endif |
| 371 | if (i > 0) return; | 358 | if (i > 0) |
| 359 | return; | ||
| 372 | #ifdef REF_CHECK | 360 | #ifdef REF_CHECK |
| 373 | if (i < 0) | 361 | if (i < 0) { |
| 374 | { | 362 | fprintf(stderr, "ssl_cert_free, bad reference count\n"); |
| 375 | fprintf(stderr,"ssl_cert_free, bad reference count\n"); | ||
| 376 | abort(); /* ok */ | 363 | abort(); /* ok */ |
| 377 | } | 364 | } |
| 378 | #endif | 365 | #endif |
| 379 | 366 | ||
| 380 | #ifndef OPENSSL_NO_RSA | 367 | #ifndef OPENSSL_NO_RSA |
| 381 | if (c->rsa_tmp) RSA_free(c->rsa_tmp); | 368 | if (c->rsa_tmp) |
| 369 | RSA_free(c->rsa_tmp); | ||
| 382 | #endif | 370 | #endif |
| 383 | #ifndef OPENSSL_NO_DH | 371 | #ifndef OPENSSL_NO_DH |
| 384 | if (c->dh_tmp) DH_free(c->dh_tmp); | 372 | if (c->dh_tmp) |
| 373 | DH_free(c->dh_tmp); | ||
| 385 | #endif | 374 | #endif |
| 386 | #ifndef OPENSSL_NO_ECDH | 375 | #ifndef OPENSSL_NO_ECDH |
| 387 | if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); | 376 | if (c->ecdh_tmp) |
| 377 | EC_KEY_free(c->ecdh_tmp); | ||
| 388 | #endif | 378 | #endif |
| 389 | 379 | ||
| 390 | for (i=0; i<SSL_PKEY_NUM; i++) | 380 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 391 | { | ||
| 392 | if (c->pkeys[i].x509 != NULL) | 381 | if (c->pkeys[i].x509 != NULL) |
| 393 | X509_free(c->pkeys[i].x509); | 382 | X509_free(c->pkeys[i].x509); |
| 394 | if (c->pkeys[i].privatekey != NULL) | 383 | if (c->pkeys[i].privatekey != NULL) |
| @@ -397,12 +386,13 @@ void ssl_cert_free(CERT *c) | |||
| 397 | if (c->pkeys[i].publickey != NULL) | 386 | if (c->pkeys[i].publickey != NULL) |
| 398 | EVP_PKEY_free(c->pkeys[i].publickey); | 387 | EVP_PKEY_free(c->pkeys[i].publickey); |
| 399 | #endif | 388 | #endif |
| 400 | } | ||
| 401 | OPENSSL_free(c); | ||
| 402 | } | 389 | } |
| 390 | OPENSSL_free(c); | ||
| 391 | } | ||
| 403 | 392 | ||
| 404 | int ssl_cert_inst(CERT **o) | 393 | int |
| 405 | { | 394 | ssl_cert_inst(CERT **o) |
| 395 | { | ||
| 406 | /* Create a CERT if there isn't already one | 396 | /* Create a CERT if there isn't already one |
| 407 | * (which cannot really happen, as it is initially created in | 397 | * (which cannot really happen, as it is initially created in |
| 408 | * SSL_CTX_new; but the earlier code usually allows for that one | 398 | * SSL_CTX_new; but the earlier code usually allows for that one |
| @@ -412,44 +402,42 @@ int ssl_cert_inst(CERT **o) | |||
| 412 | * s->cert being NULL, otherwise we could do without the | 402 | * s->cert being NULL, otherwise we could do without the |
| 413 | * initialization in SSL_CTX_new). | 403 | * initialization in SSL_CTX_new). |
| 414 | */ | 404 | */ |
| 415 | 405 | ||
| 416 | if (o == NULL) | 406 | if (o == NULL) { |
| 417 | { | ||
| 418 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); | 407 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); |
| 419 | return(0); | 408 | return (0); |
| 420 | } | 409 | } |
| 421 | if (*o == NULL) | 410 | if (*o == NULL) { |
| 422 | { | 411 | if ((*o = ssl_cert_new()) == NULL) { |
| 423 | if ((*o = ssl_cert_new()) == NULL) | ||
| 424 | { | ||
| 425 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); | 412 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); |
| 426 | return(0); | 413 | return (0); |
| 427 | } | ||
| 428 | } | 414 | } |
| 429 | return(1); | ||
| 430 | } | 415 | } |
| 416 | return (1); | ||
| 417 | } | ||
| 431 | 418 | ||
| 432 | 419 | ||
| 433 | SESS_CERT *ssl_sess_cert_new(void) | 420 | SESS_CERT |
| 434 | { | 421 | *ssl_sess_cert_new(void) |
| 422 | { | ||
| 435 | SESS_CERT *ret; | 423 | SESS_CERT *ret; |
| 436 | 424 | ||
| 437 | ret = OPENSSL_malloc(sizeof *ret); | 425 | ret = OPENSSL_malloc(sizeof *ret); |
| 438 | if (ret == NULL) | 426 | if (ret == NULL) { |
| 439 | { | ||
| 440 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); | 427 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); |
| 441 | return NULL; | 428 | return NULL; |
| 442 | } | 429 | } |
| 443 | 430 | ||
| 444 | memset(ret, 0 ,sizeof *ret); | 431 | memset(ret, 0 , sizeof *ret); |
| 445 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | 432 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); |
| 446 | ret->references = 1; | 433 | ret->references = 1; |
| 447 | 434 | ||
| 448 | return ret; | 435 | return ret; |
| 449 | } | 436 | } |
| 450 | 437 | ||
| 451 | void ssl_sess_cert_free(SESS_CERT *sc) | 438 | void |
| 452 | { | 439 | ssl_sess_cert_free(SESS_CERT *sc) |
| 440 | { | ||
| 453 | int i; | 441 | int i; |
| 454 | 442 | ||
| 455 | if (sc == NULL) | 443 | if (sc == NULL) |
| @@ -462,27 +450,25 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 462 | if (i > 0) | 450 | if (i > 0) |
| 463 | return; | 451 | return; |
| 464 | #ifdef REF_CHECK | 452 | #ifdef REF_CHECK |
| 465 | if (i < 0) | 453 | if (i < 0) { |
| 466 | { | 454 | fprintf(stderr, "ssl_sess_cert_free, bad reference count\n"); |
| 467 | fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); | ||
| 468 | abort(); /* ok */ | 455 | abort(); /* ok */ |
| 469 | } | 456 | } |
| 470 | #endif | 457 | #endif |
| 471 | 458 | ||
| 472 | /* i == 0 */ | 459 | /* i == 0 */ |
| 473 | if (sc->cert_chain != NULL) | 460 | if (sc->cert_chain != NULL) |
| 474 | sk_X509_pop_free(sc->cert_chain, X509_free); | 461 | sk_X509_pop_free(sc->cert_chain, X509_free); |
| 475 | for (i = 0; i < SSL_PKEY_NUM; i++) | 462 | for (i = 0; i < SSL_PKEY_NUM; i++) { |
| 476 | { | ||
| 477 | if (sc->peer_pkeys[i].x509 != NULL) | 463 | if (sc->peer_pkeys[i].x509 != NULL) |
| 478 | X509_free(sc->peer_pkeys[i].x509); | 464 | X509_free(sc->peer_pkeys[i].x509); |
| 479 | #if 0 /* We don't have the peer's private key. These lines are just | 465 | #if 0 /* We don't have the peer's private key. These lines are just |
| 480 | * here as a reminder that we're still using a not-quite-appropriate | 466 | * here as a reminder that we're still using a not-quite-appropriate |
| 481 | * data structure. */ | 467 | * data structure. */ |
| 482 | if (sc->peer_pkeys[i].privatekey != NULL) | 468 | if (sc->peer_pkeys[i].privatekey != NULL) |
| 483 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); | 469 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); |
| 484 | #endif | 470 | #endif |
| 485 | } | 471 | } |
| 486 | 472 | ||
| 487 | #ifndef OPENSSL_NO_RSA | 473 | #ifndef OPENSSL_NO_RSA |
| 488 | if (sc->peer_rsa_tmp != NULL) | 474 | if (sc->peer_rsa_tmp != NULL) |
| @@ -498,34 +484,35 @@ void ssl_sess_cert_free(SESS_CERT *sc) | |||
| 498 | #endif | 484 | #endif |
| 499 | 485 | ||
| 500 | OPENSSL_free(sc); | 486 | OPENSSL_free(sc); |
| 501 | } | 487 | } |
| 502 | 488 | ||
| 503 | int ssl_set_peer_cert_type(SESS_CERT *sc,int type) | 489 | int |
| 504 | { | 490 | ssl_set_peer_cert_type(SESS_CERT *sc, int type) |
| 491 | { | ||
| 505 | sc->peer_cert_type = type; | 492 | sc->peer_cert_type = type; |
| 506 | return(1); | 493 | return (1); |
| 507 | } | 494 | } |
| 508 | 495 | ||
| 509 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | 496 | int |
| 510 | { | 497 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) |
| 498 | { | ||
| 511 | X509 *x; | 499 | X509 *x; |
| 512 | int i; | 500 | int i; |
| 513 | X509_STORE_CTX ctx; | 501 | X509_STORE_CTX ctx; |
| 514 | 502 | ||
| 515 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | 503 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) |
| 516 | return(0); | 504 | return (0); |
| 517 | 505 | ||
| 518 | x=sk_X509_value(sk,0); | 506 | x = sk_X509_value(sk, 0); |
| 519 | if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) | 507 | if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { |
| 520 | { | 508 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); |
| 521 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | 509 | return (0); |
| 522 | return(0); | 510 | } |
| 523 | } | ||
| 524 | #if 0 | 511 | #if 0 |
| 525 | if (SSL_get_verify_depth(s) >= 0) | 512 | if (SSL_get_verify_depth(s) >= 0) |
| 526 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | 513 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); |
| 527 | #endif | 514 | #endif |
| 528 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | 515 | X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); |
| 529 | 516 | ||
| 530 | /* We need to inherit the verify parameters. These can be determined by | 517 | /* We need to inherit the verify parameters. These can be determined by |
| 531 | * the context: if its a server it will verify SSL client certificates | 518 | * the context: if its a server it will verify SSL client certificates |
| @@ -533,7 +520,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 533 | */ | 520 | */ |
| 534 | 521 | ||
| 535 | X509_STORE_CTX_set_default(&ctx, | 522 | X509_STORE_CTX_set_default(&ctx, |
| 536 | s->server ? "ssl_client" : "ssl_server"); | 523 | s->server ? "ssl_client" : "ssl_server"); |
| 537 | /* Anything non-default in "param" should overwrite anything in the | 524 | /* Anything non-default in "param" should overwrite anything in the |
| 538 | * ctx. | 525 | * ctx. |
| 539 | */ | 526 | */ |
| @@ -544,121 +531,127 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | |||
| 544 | 531 | ||
| 545 | if (s->ctx->app_verify_callback != NULL) | 532 | if (s->ctx->app_verify_callback != NULL) |
| 546 | #if 1 /* new with OpenSSL 0.9.7 */ | 533 | #if 1 /* new with OpenSSL 0.9.7 */ |
| 547 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | 534 | i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); |
| 535 | |||
| 548 | #else | 536 | #else |
| 549 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ | 537 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ |
| 550 | #endif | 538 | #endif |
| 551 | else | 539 | else { |
| 552 | { | ||
| 553 | #ifndef OPENSSL_NO_X509_VERIFY | 540 | #ifndef OPENSSL_NO_X509_VERIFY |
| 554 | i=X509_verify_cert(&ctx); | 541 | i = X509_verify_cert(&ctx); |
| 555 | #else | 542 | #else |
| 556 | i=0; | 543 | i = 0; |
| 557 | ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; | 544 | ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; |
| 558 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); | 545 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); |
| 559 | #endif | 546 | #endif |
| 560 | } | 547 | } |
| 561 | 548 | ||
| 562 | s->verify_result=ctx.error; | 549 | s->verify_result = ctx.error; |
| 563 | X509_STORE_CTX_cleanup(&ctx); | 550 | X509_STORE_CTX_cleanup(&ctx); |
| 564 | 551 | ||
| 565 | return(i); | 552 | return (i); |
| 566 | } | 553 | } |
| 567 | 554 | ||
| 568 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list) | 555 | static void |
| 569 | { | 556 | set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) |
| 557 | { | ||
| 570 | if (*ca_list != NULL) | 558 | if (*ca_list != NULL) |
| 571 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); | 559 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); |
| 572 | 560 | ||
| 573 | *ca_list=name_list; | 561 | *ca_list = name_list; |
| 574 | } | 562 | } |
| 575 | 563 | ||
| 576 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | 564 | STACK_OF(X509_NAME) |
| 577 | { | 565 | *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) |
| 566 | { | ||
| 578 | int i; | 567 | int i; |
| 579 | STACK_OF(X509_NAME) *ret; | 568 | STACK_OF(X509_NAME) *ret; |
| 580 | X509_NAME *name; | 569 | X509_NAME *name; |
| 581 | 570 | ||
| 582 | ret=sk_X509_NAME_new_null(); | 571 | ret = sk_X509_NAME_new_null(); |
| 583 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 572 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 584 | { | 573 | name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); |
| 585 | name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); | 574 | if ((name == NULL) || !sk_X509_NAME_push(ret, name)) { |
| 586 | if ((name == NULL) || !sk_X509_NAME_push(ret,name)) | 575 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 587 | { | 576 | return (NULL); |
| 588 | sk_X509_NAME_pop_free(ret,X509_NAME_free); | ||
| 589 | return(NULL); | ||
| 590 | } | ||
| 591 | } | 577 | } |
| 592 | return(ret); | ||
| 593 | } | 578 | } |
| 594 | 579 | return (ret); | |
| 595 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list) | 580 | } |
| 596 | { | 581 | |
| 597 | set_client_CA_list(&(s->client_CA),name_list); | 582 | void |
| 598 | } | 583 | SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) |
| 599 | 584 | { | |
| 600 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list) | 585 | set_client_CA_list(&(s->client_CA), name_list); |
| 601 | { | 586 | } |
| 602 | set_client_CA_list(&(ctx->client_CA),name_list); | 587 | |
| 603 | } | 588 | void |
| 604 | 589 | SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) | |
| 605 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) | 590 | { |
| 606 | { | 591 | set_client_CA_list(&(ctx->client_CA), name_list); |
| 607 | return(ctx->client_CA); | 592 | } |
| 608 | } | 593 | |
| 609 | 594 | STACK_OF(X509_NAME) | |
| 610 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s) | 595 | *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) |
| 611 | { | 596 | { |
| 597 | return (ctx->client_CA); | ||
| 598 | } | ||
| 599 | |||
| 600 | STACK_OF(X509_NAME) | ||
| 601 | *SSL_get_client_CA_list(const SSL *s) | ||
| 602 | { | ||
| 612 | if (s->type == SSL_ST_CONNECT) | 603 | if (s->type == SSL_ST_CONNECT) |
| 613 | { /* we are in the client */ | 604 | { /* we are in the client */ |
| 614 | if (((s->version>>8) == SSL3_VERSION_MAJOR) && | 605 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && |
| 615 | (s->s3 != NULL)) | 606 | (s->s3 != NULL)) |
| 616 | return(s->s3->tmp.ca_names); | 607 | return (s->s3->tmp.ca_names); |
| 617 | else | 608 | else |
| 618 | return(NULL); | 609 | return (NULL); |
| 619 | } | 610 | } else { |
| 620 | else | ||
| 621 | { | ||
| 622 | if (s->client_CA != NULL) | 611 | if (s->client_CA != NULL) |
| 623 | return(s->client_CA); | 612 | return (s->client_CA); |
| 624 | else | 613 | else |
| 625 | return(s->ctx->client_CA); | 614 | return (s->ctx->client_CA); |
| 626 | } | ||
| 627 | } | 615 | } |
| 616 | } | ||
| 628 | 617 | ||
| 629 | static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) | 618 | static int |
| 630 | { | 619 | add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) |
| 620 | { | ||
| 631 | X509_NAME *name; | 621 | X509_NAME *name; |
| 632 | 622 | ||
| 633 | if (x == NULL) return(0); | 623 | if (x == NULL) |
| 634 | if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) | 624 | return (0); |
| 635 | return(0); | 625 | if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) |
| 636 | 626 | return (0); | |
| 637 | if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) | ||
| 638 | return(0); | ||
| 639 | |||
| 640 | if (!sk_X509_NAME_push(*sk,name)) | ||
| 641 | { | ||
| 642 | X509_NAME_free(name); | ||
| 643 | return(0); | ||
| 644 | } | ||
| 645 | return(1); | ||
| 646 | } | ||
| 647 | 627 | ||
| 648 | int SSL_add_client_CA(SSL *ssl,X509 *x) | 628 | if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) |
| 649 | { | 629 | return (0); |
| 650 | return(add_client_CA(&(ssl->client_CA),x)); | ||
| 651 | } | ||
| 652 | 630 | ||
| 653 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) | 631 | if (!sk_X509_NAME_push(*sk, name)) { |
| 654 | { | 632 | X509_NAME_free(name); |
| 655 | return(add_client_CA(&(ctx->client_CA),x)); | 633 | return (0); |
| 656 | } | ||
| 657 | |||
| 658 | static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 659 | { | ||
| 660 | return(X509_NAME_cmp(*a,*b)); | ||
| 661 | } | 634 | } |
| 635 | return (1); | ||
| 636 | } | ||
| 637 | |||
| 638 | int | ||
| 639 | SSL_add_client_CA(SSL *ssl, X509 *x) | ||
| 640 | { | ||
| 641 | return (add_client_CA(&(ssl->client_CA), x)); | ||
| 642 | } | ||
| 643 | |||
| 644 | int | ||
| 645 | SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) | ||
| 646 | { | ||
| 647 | return (add_client_CA(&(ctx->client_CA), x)); | ||
| 648 | } | ||
| 649 | |||
| 650 | static int | ||
| 651 | xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 652 | { | ||
| 653 | return (X509_NAME_cmp(*a, *b)); | ||
| 654 | } | ||
| 662 | 655 | ||
| 663 | #ifndef OPENSSL_NO_STDIO | 656 | #ifndef OPENSSL_NO_STDIO |
| 664 | /*! | 657 | /*! |
| @@ -669,65 +662,65 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | |||
| 669 | * \param file the file containing one or more certs. | 662 | * \param file the file containing one or more certs. |
| 670 | * \return a ::STACK containing the certs. | 663 | * \return a ::STACK containing the certs. |
| 671 | */ | 664 | */ |
| 672 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) | 665 | STACK_OF(X509_NAME) |
| 673 | { | 666 | *SSL_load_client_CA_file(const char *file) |
| 667 | { | ||
| 674 | BIO *in; | 668 | BIO *in; |
| 675 | X509 *x=NULL; | 669 | X509 *x = NULL; |
| 676 | X509_NAME *xn=NULL; | 670 | X509_NAME *xn = NULL; |
| 677 | STACK_OF(X509_NAME) *ret = NULL,*sk; | 671 | STACK_OF(X509_NAME) *ret = NULL, *sk; |
| 678 | 672 | ||
| 679 | sk=sk_X509_NAME_new(xname_cmp); | 673 | sk = sk_X509_NAME_new(xname_cmp); |
| 680 | 674 | ||
| 681 | in=BIO_new(BIO_s_file_internal()); | 675 | in = BIO_new(BIO_s_file_internal()); |
| 682 | 676 | ||
| 683 | if ((sk == NULL) || (in == NULL)) | 677 | if ((sk == NULL) || (in == NULL)) { |
| 684 | { | 678 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 685 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 686 | goto err; | 679 | goto err; |
| 687 | } | 680 | } |
| 688 | 681 | ||
| 689 | if (!BIO_read_filename(in,file)) | 682 | if (!BIO_read_filename(in, file)) |
| 690 | goto err; | 683 | goto err; |
| 691 | 684 | ||
| 692 | for (;;) | 685 | for (;;) { |
| 693 | { | 686 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 694 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 695 | break; | 687 | break; |
| 696 | if (ret == NULL) | 688 | if (ret == NULL) { |
| 697 | { | ||
| 698 | ret = sk_X509_NAME_new_null(); | 689 | ret = sk_X509_NAME_new_null(); |
| 699 | if (ret == NULL) | 690 | if (ret == NULL) { |
| 700 | { | 691 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); |
| 701 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); | ||
| 702 | goto err; | 692 | goto err; |
| 703 | } | ||
| 704 | } | 693 | } |
| 705 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 694 | } |
| 706 | /* check for duplicates */ | 695 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 707 | xn=X509_NAME_dup(xn); | 696 | /* check for duplicates */ |
| 708 | if (xn == NULL) goto err; | 697 | xn = X509_NAME_dup(xn); |
| 709 | if (sk_X509_NAME_find(sk,xn) >= 0) | 698 | if (xn == NULL) |
| 699 | goto err; | ||
| 700 | if (sk_X509_NAME_find(sk, xn) >= 0) | ||
| 710 | X509_NAME_free(xn); | 701 | X509_NAME_free(xn); |
| 711 | else | 702 | else { |
| 712 | { | 703 | sk_X509_NAME_push(sk, xn); |
| 713 | sk_X509_NAME_push(sk,xn); | 704 | sk_X509_NAME_push(ret, xn); |
| 714 | sk_X509_NAME_push(ret,xn); | ||
| 715 | } | ||
| 716 | } | 705 | } |
| 706 | } | ||
| 717 | 707 | ||
| 718 | if (0) | 708 | if (0) { |
| 719 | { | ||
| 720 | err: | 709 | err: |
| 721 | if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); | 710 | if (ret != NULL) |
| 722 | ret=NULL; | 711 | sk_X509_NAME_pop_free(ret, X509_NAME_free); |
| 723 | } | 712 | ret = NULL; |
| 724 | if (sk != NULL) sk_X509_NAME_free(sk); | 713 | } |
| 725 | if (in != NULL) BIO_free(in); | 714 | if (sk != NULL) |
| 726 | if (x != NULL) X509_free(x); | 715 | sk_X509_NAME_free(sk); |
| 716 | if (in != NULL) | ||
| 717 | BIO_free(in); | ||
| 718 | if (x != NULL) | ||
| 719 | X509_free(x); | ||
| 727 | if (ret != NULL) | 720 | if (ret != NULL) |
| 728 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 729 | return(ret); | 722 | return (ret); |
| 730 | } | 723 | } |
| 731 | #endif | 724 | #endif |
| 732 | 725 | ||
| 733 | /*! | 726 | /*! |
| @@ -739,57 +732,56 @@ err: | |||
| 739 | * certs may have been added to \c stack. | 732 | * certs may have been added to \c stack. |
| 740 | */ | 733 | */ |
| 741 | 734 | ||
| 742 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 735 | int |
| 743 | const char *file) | 736 | SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 744 | { | 737 | const char *file) |
| 738 | { | ||
| 745 | BIO *in; | 739 | BIO *in; |
| 746 | X509 *x=NULL; | 740 | X509 *x = NULL; |
| 747 | X509_NAME *xn=NULL; | 741 | X509_NAME *xn = NULL; |
| 748 | int ret=1; | 742 | int ret = 1; |
| 749 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); | 743 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); |
| 750 | 744 | ||
| 751 | oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); | 745 | oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); |
| 752 | 746 | ||
| 753 | in=BIO_new(BIO_s_file_internal()); | 747 | in = BIO_new(BIO_s_file_internal()); |
| 754 | 748 | ||
| 755 | if (in == NULL) | 749 | if (in == NULL) { |
| 756 | { | 750 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); |
| 757 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); | ||
| 758 | goto err; | 751 | goto err; |
| 759 | } | 752 | } |
| 760 | 753 | ||
| 761 | if (!BIO_read_filename(in,file)) | 754 | if (!BIO_read_filename(in, file)) |
| 762 | goto err; | 755 | goto err; |
| 763 | 756 | ||
| 764 | for (;;) | 757 | for (;;) { |
| 765 | { | 758 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) |
| 766 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 767 | break; | 759 | break; |
| 768 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 760 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; |
| 769 | xn=X509_NAME_dup(xn); | 761 | xn = X509_NAME_dup(xn); |
| 770 | if (xn == NULL) goto err; | 762 | if (xn == NULL) |
| 771 | if (sk_X509_NAME_find(stack,xn) >= 0) | 763 | goto err; |
| 764 | if (sk_X509_NAME_find(stack, xn) >= 0) | ||
| 772 | X509_NAME_free(xn); | 765 | X509_NAME_free(xn); |
| 773 | else | 766 | else |
| 774 | sk_X509_NAME_push(stack,xn); | 767 | sk_X509_NAME_push(stack, xn); |
| 775 | } | 768 | } |
| 776 | 769 | ||
| 777 | ERR_clear_error(); | 770 | ERR_clear_error(); |
| 778 | 771 | ||
| 779 | if (0) | 772 | if (0) { |
| 780 | { | ||
| 781 | err: | 773 | err: |
| 782 | ret=0; | 774 | ret = 0; |
| 783 | } | 775 | } |
| 784 | if(in != NULL) | 776 | if (in != NULL) |
| 785 | BIO_free(in); | 777 | BIO_free(in); |
| 786 | if(x != NULL) | 778 | if (x != NULL) |
| 787 | X509_free(x); | 779 | X509_free(x); |
| 788 | 780 | ||
| 789 | (void)sk_X509_NAME_set_cmp_func(stack,oldcmp); | 781 | (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); |
| 790 | 782 | ||
| 791 | return ret; | 783 | return ret; |
| 792 | } | 784 | } |
| 793 | 785 | ||
| 794 | /*! | 786 | /*! |
| 795 | * Add a directory of certs to a stack. | 787 | * Add a directory of certs to a stack. |
| @@ -802,9 +794,10 @@ err: | |||
| 802 | * certs may have been added to \c stack. | 794 | * certs may have been added to \c stack. |
| 803 | */ | 795 | */ |
| 804 | 796 | ||
| 805 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 797 | int |
| 806 | const char *dir) | 798 | SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
| 807 | { | 799 | const char *dir) |
| 800 | { | ||
| 808 | OPENSSL_DIR_CTX *d = NULL; | 801 | OPENSSL_DIR_CTX *d = NULL; |
| 809 | const char *filename; | 802 | const char *filename; |
| 810 | int ret = 0; | 803 | int ret = 0; |
| @@ -813,36 +806,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 813 | 806 | ||
| 814 | /* Note that a side effect is that the CAs will be sorted by name */ | 807 | /* Note that a side effect is that the CAs will be sorted by name */ |
| 815 | 808 | ||
| 816 | while((filename = OPENSSL_DIR_read(&d, dir))) | 809 | while ((filename = OPENSSL_DIR_read(&d, dir))) { |
| 817 | { | ||
| 818 | char buf[1024]; | 810 | char buf[1024]; |
| 819 | int r; | 811 | int r; |
| 820 | 812 | ||
| 821 | if(strlen(dir)+strlen(filename)+2 > sizeof buf) | 813 | if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { |
| 822 | { | 814 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); |
| 823 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 824 | goto err; | 815 | goto err; |
| 825 | } | 816 | } |
| 826 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename); | 817 | r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); |
| 827 | if (r <= 0 || r >= (int)sizeof(buf)) | 818 | if (r <= 0 || r >= (int)sizeof(buf)) |
| 828 | goto err; | 819 | goto err; |
| 829 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | 820 | if (!SSL_add_file_cert_subjects_to_stack(stack, buf)) |
| 830 | goto err; | 821 | goto err; |
| 831 | } | 822 | } |
| 832 | 823 | ||
| 833 | if (errno) | 824 | if (errno) { |
| 834 | { | ||
| 835 | SYSerr(SYS_F_OPENDIR, errno); | 825 | SYSerr(SYS_F_OPENDIR, errno); |
| 836 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); | 826 | ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')"); |
| 837 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | 827 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); |
| 838 | goto err; | 828 | goto err; |
| 839 | } | 829 | } |
| 840 | 830 | ||
| 841 | ret = 1; | 831 | ret = 1; |
| 842 | 832 | ||
| 843 | err: | 833 | err: |
| 844 | if (d) OPENSSL_DIR_end(&d); | 834 | if (d) |
| 835 | OPENSSL_DIR_end(&d); | ||
| 845 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | 836 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); |
| 846 | return ret; | 837 | return ret; |
| 847 | } | 838 | } |
| 848 | 839 | ||
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 0aba8e048c..f37c70cf91 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -167,15 +167,15 @@ | |||
| 167 | #define SSL_ENC_NUM_IDX 14 | 167 | #define SSL_ENC_NUM_IDX 14 |
| 168 | 168 | ||
| 169 | 169 | ||
| 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | 170 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { |
| 171 | NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL | 171 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL |
| 172 | }; | 172 | }; |
| 173 | 173 | ||
| 174 | #define SSL_COMP_NULL_IDX 0 | 174 | #define SSL_COMP_NULL_IDX 0 |
| 175 | #define SSL_COMP_ZLIB_IDX 1 | 175 | #define SSL_COMP_ZLIB_IDX 1 |
| 176 | #define SSL_COMP_NUM_IDX 2 | 176 | #define SSL_COMP_NUM_IDX 2 |
| 177 | 177 | ||
| 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | 178 | static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; |
| 179 | 179 | ||
| 180 | #define SSL_MD_MD5_IDX 0 | 180 | #define SSL_MD_MD5_IDX 0 |
| 181 | #define SSL_MD_SHA1_IDX 1 | 181 | #define SSL_MD_SHA1_IDX 1 |
| @@ -187,27 +187,27 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | |||
| 187 | * defined in the | 187 | * defined in the |
| 188 | * ssl_locl.h */ | 188 | * ssl_locl.h */ |
| 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | 189 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST |
| 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ | 190 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { |
| 191 | NULL,NULL,NULL,NULL,NULL,NULL | 191 | NULL, NULL, NULL, NULL, NULL, NULL |
| 192 | }; | 192 | }; |
| 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because | 193 | /* PKEY_TYPE for GOST89MAC is known in advance, but, because |
| 194 | * implementation is engine-provided, we'll fill it only if | 194 | * implementation is engine-provided, we'll fill it only if |
| 195 | * corresponding EVP_PKEY_METHOD is found | 195 | * corresponding EVP_PKEY_METHOD is found |
| 196 | */ | 196 | */ |
| 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={ | 197 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { |
| 198 | EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef, | 198 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, |
| 199 | EVP_PKEY_HMAC,EVP_PKEY_HMAC | 199 | EVP_PKEY_HMAC, EVP_PKEY_HMAC |
| 200 | }; | 200 | }; |
| 201 | 201 | ||
| 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={ | 202 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { |
| 203 | 0,0,0,0,0,0 | 203 | 0, 0, 0, 0, 0, 0 |
| 204 | }; | 204 | }; |
| 205 | 205 | ||
| 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | 206 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { |
| 207 | SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA, | 207 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, |
| 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, | 208 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, |
| 209 | SSL_HANDSHAKE_MAC_SHA384 | 209 | SSL_HANDSHAKE_MAC_SHA384 |
| 210 | }; | 210 | }; |
| 211 | 211 | ||
| 212 | #define CIPHER_ADD 1 | 212 | #define CIPHER_ADD 1 |
| 213 | #define CIPHER_KILL 2 | 213 | #define CIPHER_KILL 2 |
| @@ -215,376 +215,371 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={ | |||
| 215 | #define CIPHER_ORD 4 | 215 | #define CIPHER_ORD 4 |
| 216 | #define CIPHER_SPECIAL 5 | 216 | #define CIPHER_SPECIAL 5 |
| 217 | 217 | ||
| 218 | typedef struct cipher_order_st | 218 | typedef struct cipher_order_st { |
| 219 | { | ||
| 220 | const SSL_CIPHER *cipher; | 219 | const SSL_CIPHER *cipher; |
| 221 | int active; | 220 | int active; |
| 222 | int dead; | 221 | int dead; |
| 223 | struct cipher_order_st *next,*prev; | 222 | struct cipher_order_st *next, *prev; |
| 224 | } CIPHER_ORDER; | 223 | } CIPHER_ORDER; |
| 225 | 224 | ||
| 226 | static const SSL_CIPHER cipher_aliases[]={ | 225 | static const SSL_CIPHER cipher_aliases[] = { |
| 227 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ | 226 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ |
| 228 | {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0}, | 227 | {0, SSL_TXT_ALL, 0, 0, 0,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 229 | /* "COMPLEMENTOFALL" */ | 228 | /* "COMPLEMENTOFALL" */ |
| 230 | {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, | 229 | {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 231 | 230 | ||
| 232 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ | 231 | /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ |
| 233 | {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, | 232 | {0, SSL_TXT_CMPDEF, 0, SSL_kEDH|SSL_kEECDH, SSL_aNULL,~SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 234 | 233 | ||
| 235 | /* key exchange aliases | 234 | /* key exchange aliases |
| 236 | * (some of those using only a single bit here combine | 235 | * (some of those using only a single bit here combine |
| 237 | * multiple key exchange algs according to the RFCs, | 236 | * multiple key exchange algs according to the RFCs, |
| 238 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ | 237 | * e.g. kEDH combines DHE_DSS and DHE_RSA) */ |
| 239 | {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0}, | 238 | {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 240 | 239 | ||
| 241 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 240 | {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 242 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 241 | {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 243 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 242 | {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 244 | {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0}, | 243 | {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 245 | {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0}, | 244 | {0, SSL_TXT_DH, 0, SSL_kDHr|SSL_kDHd|SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 246 | 245 | ||
| 247 | {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0}, | 246 | {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 248 | 247 | ||
| 249 | {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, | 248 | {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 250 | {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, | 249 | {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 251 | {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, | 250 | {0, SSL_TXT_kECDH, 0, SSL_kECDHr|SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 252 | {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, | 251 | {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 253 | {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, | 252 | {0, SSL_TXT_ECDH, 0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 254 | 253 | ||
| 255 | {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, | 254 | {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 256 | {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, | 255 | {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 257 | {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0}, | 256 | {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 258 | 257 | ||
| 259 | /* server authentication aliases */ | 258 | /* server authentication aliases */ |
| 260 | {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0}, | 259 | {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 261 | {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 260 | {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 262 | {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0}, | 261 | {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, |
| 263 | {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0}, | 262 | {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 264 | {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0}, | 263 | {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 265 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ | 264 | {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */ |
| 266 | {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0}, | 265 | {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0}, |
| 267 | {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0}, | 266 | {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 268 | {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0}, | 267 | {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0}, |
| 269 | {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0}, | 268 | {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 270 | {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0}, | 269 | {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0}, |
| 271 | {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0}, | 270 | {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 272 | {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0}, | 271 | {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94|SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0}, |
| 273 | 272 | ||
| 274 | /* aliases combining key exchange and server authentication */ | 273 | /* aliases combining key exchange and server authentication */ |
| 275 | {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 274 | {0, SSL_TXT_EDH, 0, SSL_kEDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 276 | {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, | 275 | {0, SSL_TXT_EECDH, 0, SSL_kEECDH,~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 277 | {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 276 | {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 278 | {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, | 277 | {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, |
| 279 | {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, | 278 | {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, |
| 280 | {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, | 279 | {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 281 | {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, | 280 | {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, |
| 282 | {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, | 281 | {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0}, |
| 283 | {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, | 282 | {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0}, |
| 284 | 283 | ||
| 285 | 284 | ||
| 286 | /* symmetric encryption aliases */ | 285 | /* symmetric encryption aliases */ |
| 287 | {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0}, | 286 | {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0}, |
| 288 | {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0}, | 287 | {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0}, |
| 289 | {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0}, | 288 | {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0}, |
| 290 | {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0}, | 289 | {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0}, |
| 291 | {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0}, | 290 | {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0}, |
| 292 | {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0}, | 291 | {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0}, |
| 293 | {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, | 292 | {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, |
| 294 | {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0}, | 293 | {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128|SSL_AES128GCM, 0, 0, 0, 0, 0, 0}, |
| 295 | {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0}, | 294 | {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 296 | {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0}, | 295 | {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0}, |
| 297 | {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0}, | 296 | {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM|SSL_AES256GCM, 0, 0, 0, 0, 0, 0}, |
| 298 | {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0}, | 297 | {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0}, |
| 299 | {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0}, | 298 | {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 300 | {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0}, | 299 | {0, SSL_TXT_CAMELLIA , 0, 0, 0, SSL_CAMELLIA128|SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0}, |
| 301 | 300 | ||
| 302 | /* MAC aliases */ | 301 | /* MAC aliases */ |
| 303 | {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0}, | 302 | {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0}, |
| 304 | {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 303 | {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 305 | {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0}, | 304 | {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0}, |
| 306 | {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0}, | 305 | {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0}, |
| 307 | {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0}, | 306 | {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0}, |
| 308 | {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0}, | 307 | {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0}, |
| 309 | {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0}, | 308 | {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0}, |
| 310 | 309 | ||
| 311 | /* protocol version aliases */ | 310 | /* protocol version aliases */ |
| 312 | {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0}, | 311 | {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0}, |
| 313 | {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0}, | 312 | {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0}, |
| 314 | {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0}, | 313 | {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, |
| 315 | {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0}, | 314 | {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, |
| 316 | 315 | ||
| 317 | /* export flag */ | 316 | /* export flag */ |
| 318 | {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 317 | {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 319 | {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0}, | 318 | {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, |
| 320 | 319 | ||
| 321 | /* strength classes */ | 320 | /* strength classes */ |
| 322 | {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0}, | 321 | {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, |
| 323 | {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0}, | 322 | {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, |
| 324 | {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0}, | 323 | {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, |
| 325 | {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0}, | 324 | {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, |
| 326 | {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0}, | 325 | {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, |
| 327 | /* FIPS 140-2 approved ciphersuite */ | 326 | /* FIPS 140-2 approved ciphersuite */ |
| 328 | {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0}, | 327 | {0, SSL_TXT_FIPS, 0, 0, 0,~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, |
| 329 | }; | 328 | }; |
| 330 | /* Search for public key algorithm with given name and | 329 | /* Search for public key algorithm with given name and |
| 331 | * return its pkey_id if it is available. Otherwise return 0 | 330 | * return its pkey_id if it is available. Otherwise return 0 |
| 332 | */ | 331 | */ |
| 333 | #ifdef OPENSSL_NO_ENGINE | 332 | #ifdef OPENSSL_NO_ENGINE |
| 334 | 333 | ||
| 335 | static int get_optional_pkey_id(const char *pkey_name) | 334 | static int |
| 336 | { | 335 | get_optional_pkey_id(const char *pkey_name) |
| 336 | { | ||
| 337 | const EVP_PKEY_ASN1_METHOD *ameth; | 337 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 338 | int pkey_id=0; | 338 | int pkey_id = 0; |
| 339 | ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1); | 339 | ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1); |
| 340 | if (ameth) | 340 | if (ameth) { |
| 341 | { | 341 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 342 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 343 | } | ||
| 344 | return pkey_id; | ||
| 345 | } | 342 | } |
| 343 | return pkey_id; | ||
| 344 | } | ||
| 346 | 345 | ||
| 347 | #else | 346 | #else |
| 348 | 347 | ||
| 349 | static int get_optional_pkey_id(const char *pkey_name) | 348 | static int |
| 350 | { | 349 | get_optional_pkey_id(const char *pkey_name) |
| 350 | { | ||
| 351 | const EVP_PKEY_ASN1_METHOD *ameth; | 351 | const EVP_PKEY_ASN1_METHOD *ameth; |
| 352 | ENGINE *tmpeng = NULL; | 352 | ENGINE *tmpeng = NULL; |
| 353 | int pkey_id=0; | 353 | int pkey_id = 0; |
| 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1); | 354 | ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1); |
| 355 | if (ameth) | 355 | if (ameth) { |
| 356 | { | 356 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); |
| 357 | EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth); | ||
| 358 | } | ||
| 359 | if (tmpeng) ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | 357 | } |
| 358 | if (tmpeng) | ||
| 359 | ENGINE_finish(tmpeng); | ||
| 360 | return pkey_id; | ||
| 361 | } | ||
| 362 | 362 | ||
| 363 | #endif | 363 | #endif |
| 364 | 364 | ||
| 365 | void ssl_load_ciphers(void) | 365 | void |
| 366 | { | 366 | ssl_load_ciphers(void) |
| 367 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 367 | { |
| 368 | EVP_get_cipherbyname(SN_des_cbc); | 368 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| 369 | EVP_get_cipherbyname(SN_des_cbc); | ||
| 369 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= | 370 | ssl_cipher_methods[SSL_ENC_3DES_IDX]= |
| 370 | EVP_get_cipherbyname(SN_des_ede3_cbc); | 371 | EVP_get_cipherbyname(SN_des_ede3_cbc); |
| 371 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= | 372 | ssl_cipher_methods[SSL_ENC_RC4_IDX]= |
| 372 | EVP_get_cipherbyname(SN_rc4); | 373 | EVP_get_cipherbyname(SN_rc4); |
| 373 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= | 374 | ssl_cipher_methods[SSL_ENC_RC2_IDX]= |
| 374 | EVP_get_cipherbyname(SN_rc2_cbc); | 375 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 375 | #ifndef OPENSSL_NO_IDEA | 376 | #ifndef OPENSSL_NO_IDEA |
| 376 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 377 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 377 | EVP_get_cipherbyname(SN_idea_cbc); | 378 | EVP_get_cipherbyname(SN_idea_cbc); |
| 378 | #else | 379 | #else |
| 379 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL; | 380 | ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; |
| 380 | #endif | 381 | #endif |
| 381 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | 382 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= |
| 382 | EVP_get_cipherbyname(SN_aes_128_cbc); | 383 | EVP_get_cipherbyname(SN_aes_128_cbc); |
| 383 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | 384 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= |
| 384 | EVP_get_cipherbyname(SN_aes_256_cbc); | 385 | EVP_get_cipherbyname(SN_aes_256_cbc); |
| 385 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= | 386 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]= |
| 386 | EVP_get_cipherbyname(SN_camellia_128_cbc); | 387 | EVP_get_cipherbyname(SN_camellia_128_cbc); |
| 387 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= | 388 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= |
| 388 | EVP_get_cipherbyname(SN_camellia_256_cbc); | 389 | EVP_get_cipherbyname(SN_camellia_256_cbc); |
| 389 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= | 390 | ssl_cipher_methods[SSL_ENC_GOST89_IDX]= |
| 390 | EVP_get_cipherbyname(SN_gost89_cnt); | 391 | EVP_get_cipherbyname(SN_gost89_cnt); |
| 391 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= | 392 | ssl_cipher_methods[SSL_ENC_SEED_IDX]= |
| 392 | EVP_get_cipherbyname(SN_seed_cbc); | 393 | EVP_get_cipherbyname(SN_seed_cbc); |
| 393 | 394 | ||
| 394 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= | 395 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]= |
| 395 | EVP_get_cipherbyname(SN_aes_128_gcm); | 396 | EVP_get_cipherbyname(SN_aes_128_gcm); |
| 396 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= | 397 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]= |
| 397 | EVP_get_cipherbyname(SN_aes_256_gcm); | 398 | EVP_get_cipherbyname(SN_aes_256_gcm); |
| 398 | 399 | ||
| 399 | ssl_digest_methods[SSL_MD_MD5_IDX]= | 400 | ssl_digest_methods[SSL_MD_MD5_IDX]= |
| 400 | EVP_get_digestbyname(SN_md5); | 401 | EVP_get_digestbyname(SN_md5); |
| 401 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= | 402 | ssl_mac_secret_size[SSL_MD_MD5_IDX]= |
| 402 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); | 403 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); |
| 403 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); | 404 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); |
| 404 | ssl_digest_methods[SSL_MD_SHA1_IDX]= | 405 | ssl_digest_methods[SSL_MD_SHA1_IDX]= |
| 405 | EVP_get_digestbyname(SN_sha1); | 406 | EVP_get_digestbyname(SN_sha1); |
| 406 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= | 407 | ssl_mac_secret_size[SSL_MD_SHA1_IDX]= |
| 407 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); | 408 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); |
| 408 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); | 409 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); |
| 409 | ssl_digest_methods[SSL_MD_GOST94_IDX]= | 410 | ssl_digest_methods[SSL_MD_GOST94_IDX]= |
| 410 | EVP_get_digestbyname(SN_id_GostR3411_94); | 411 | EVP_get_digestbyname(SN_id_GostR3411_94); |
| 411 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) | 412 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { |
| 412 | { | ||
| 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= | 413 | ssl_mac_secret_size[SSL_MD_GOST94_IDX]= |
| 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); | 414 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); |
| 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); | 415 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); |
| 416 | } | 416 | } |
| 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= | 417 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX]= |
| 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | 418 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); |
| 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); | 419 | ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); |
| 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | 420 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { |
| 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32; | 421 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; |
| 422 | } | 422 | } |
| 423 | 423 | ||
| 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= | 424 | ssl_digest_methods[SSL_MD_SHA256_IDX]= |
| 425 | EVP_get_digestbyname(SN_sha256); | 425 | EVP_get_digestbyname(SN_sha256); |
| 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= | 426 | ssl_mac_secret_size[SSL_MD_SHA256_IDX]= |
| 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); | 427 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); |
| 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= | 428 | ssl_digest_methods[SSL_MD_SHA384_IDX]= |
| 429 | EVP_get_digestbyname(SN_sha384); | 429 | EVP_get_digestbyname(SN_sha384); |
| 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= | 430 | ssl_mac_secret_size[SSL_MD_SHA384_IDX]= |
| 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | 431 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); |
| 432 | } | 432 | } |
| 433 | #ifndef OPENSSL_NO_COMP | 433 | #ifndef OPENSSL_NO_COMP |
| 434 | 434 | ||
| 435 | static int sk_comp_cmp(const SSL_COMP * const *a, | 435 | static int |
| 436 | const SSL_COMP * const *b) | 436 | sk_comp_cmp(const SSL_COMP * const *a, |
| 437 | { | 437 | const SSL_COMP * const *b) |
| 438 | return((*a)->id-(*b)->id); | 438 | { |
| 439 | } | 439 | return ((*a)->id - (*b)->id); |
| 440 | } | ||
| 440 | 441 | ||
| 441 | static void load_builtin_compressions(void) | 442 | static void |
| 442 | { | 443 | load_builtin_compressions(void) |
| 444 | { | ||
| 443 | int got_write_lock = 0; | 445 | int got_write_lock = 0; |
| 444 | 446 | ||
| 445 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); | 447 | CRYPTO_r_lock(CRYPTO_LOCK_SSL); |
| 446 | if (ssl_comp_methods == NULL) | 448 | if (ssl_comp_methods == NULL) { |
| 447 | { | ||
| 448 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 449 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 449 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 450 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 450 | got_write_lock = 1; | 451 | got_write_lock = 1; |
| 451 | 452 | ||
| 452 | if (ssl_comp_methods == NULL) | 453 | if (ssl_comp_methods == NULL) { |
| 453 | { | ||
| 454 | SSL_COMP *comp = NULL; | 454 | SSL_COMP *comp = NULL; |
| 455 | 455 | ||
| 456 | MemCheck_off(); | 456 | MemCheck_off(); |
| 457 | ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | 457 | ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); |
| 458 | if (ssl_comp_methods != NULL) | 458 | if (ssl_comp_methods != NULL) { |
| 459 | { | 459 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 460 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 460 | if (comp != NULL) { |
| 461 | if (comp != NULL) | 461 | comp->method = COMP_zlib(); |
| 462 | { | ||
| 463 | comp->method=COMP_zlib(); | ||
| 464 | if (comp->method | 462 | if (comp->method |
| 465 | && comp->method->type == NID_undef) | 463 | && comp->method->type == NID_undef) |
| 466 | OPENSSL_free(comp); | 464 | OPENSSL_free(comp); |
| 467 | else | 465 | else { |
| 468 | { | 466 | comp->id = SSL_COMP_ZLIB_IDX; |
| 469 | comp->id=SSL_COMP_ZLIB_IDX; | 467 | comp->name = comp->method->name; |
| 470 | comp->name=comp->method->name; | 468 | sk_SSL_COMP_push(ssl_comp_methods, comp); |
| 471 | sk_SSL_COMP_push(ssl_comp_methods,comp); | ||
| 472 | } | ||
| 473 | } | 469 | } |
| 474 | sk_SSL_COMP_sort(ssl_comp_methods); | ||
| 475 | } | 470 | } |
| 476 | MemCheck_on(); | 471 | sk_SSL_COMP_sort(ssl_comp_methods); |
| 477 | } | 472 | } |
| 473 | MemCheck_on(); | ||
| 478 | } | 474 | } |
| 479 | 475 | } | |
| 476 | |||
| 480 | if (got_write_lock) | 477 | if (got_write_lock) |
| 481 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 478 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 482 | else | 479 | else |
| 483 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); | 480 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL); |
| 484 | } | 481 | } |
| 485 | #endif | 482 | #endif |
| 486 | 483 | ||
| 487 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | 484 | int |
| 488 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp) | 485 | ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, |
| 489 | { | 486 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size, SSL_COMP **comp) |
| 487 | { | ||
| 490 | int i; | 488 | int i; |
| 491 | const SSL_CIPHER *c; | 489 | const SSL_CIPHER *c; |
| 492 | 490 | ||
| 493 | c=s->cipher; | 491 | c = s->cipher; |
| 494 | if (c == NULL) return(0); | 492 | if (c == NULL) |
| 495 | if (comp != NULL) | 493 | return (0); |
| 496 | { | 494 | if (comp != NULL) { |
| 497 | SSL_COMP ctmp; | 495 | SSL_COMP ctmp; |
| 498 | #ifndef OPENSSL_NO_COMP | 496 | #ifndef OPENSSL_NO_COMP |
| 499 | load_builtin_compressions(); | 497 | load_builtin_compressions(); |
| 500 | #endif | 498 | #endif |
| 501 | 499 | ||
| 502 | *comp=NULL; | 500 | *comp = NULL; |
| 503 | ctmp.id=s->compress_meth; | 501 | ctmp.id = s->compress_meth; |
| 504 | if (ssl_comp_methods != NULL) | 502 | if (ssl_comp_methods != NULL) { |
| 505 | { | 503 | i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); |
| 506 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | ||
| 507 | if (i >= 0) | 504 | if (i >= 0) |
| 508 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | 505 | *comp = sk_SSL_COMP_value(ssl_comp_methods, i); |
| 509 | else | 506 | else |
| 510 | *comp=NULL; | 507 | *comp = NULL; |
| 511 | } | ||
| 512 | } | 508 | } |
| 509 | } | ||
| 513 | 510 | ||
| 514 | if ((enc == NULL) || (md == NULL)) return(0); | 511 | if ((enc == NULL) |
| 512 | || (md == NULL)) return (0); | ||
| 515 | 513 | ||
| 516 | switch (c->algorithm_enc) | 514 | switch (c->algorithm_enc) { |
| 517 | { | ||
| 518 | case SSL_DES: | 515 | case SSL_DES: |
| 519 | i=SSL_ENC_DES_IDX; | 516 | i = SSL_ENC_DES_IDX; |
| 520 | break; | 517 | break; |
| 521 | case SSL_3DES: | 518 | case SSL_3DES: |
| 522 | i=SSL_ENC_3DES_IDX; | 519 | i = SSL_ENC_3DES_IDX; |
| 523 | break; | 520 | break; |
| 524 | case SSL_RC4: | 521 | case SSL_RC4: |
| 525 | i=SSL_ENC_RC4_IDX; | 522 | i = SSL_ENC_RC4_IDX; |
| 526 | break; | 523 | break; |
| 527 | case SSL_RC2: | 524 | case SSL_RC2: |
| 528 | i=SSL_ENC_RC2_IDX; | 525 | i = SSL_ENC_RC2_IDX; |
| 529 | break; | 526 | break; |
| 530 | case SSL_IDEA: | 527 | case SSL_IDEA: |
| 531 | i=SSL_ENC_IDEA_IDX; | 528 | i = SSL_ENC_IDEA_IDX; |
| 532 | break; | 529 | break; |
| 533 | case SSL_eNULL: | 530 | case SSL_eNULL: |
| 534 | i=SSL_ENC_NULL_IDX; | 531 | i = SSL_ENC_NULL_IDX; |
| 535 | break; | 532 | break; |
| 536 | case SSL_AES128: | 533 | case SSL_AES128: |
| 537 | i=SSL_ENC_AES128_IDX; | 534 | i = SSL_ENC_AES128_IDX; |
| 538 | break; | 535 | break; |
| 539 | case SSL_AES256: | 536 | case SSL_AES256: |
| 540 | i=SSL_ENC_AES256_IDX; | 537 | i = SSL_ENC_AES256_IDX; |
| 541 | break; | 538 | break; |
| 542 | case SSL_CAMELLIA128: | 539 | case SSL_CAMELLIA128: |
| 543 | i=SSL_ENC_CAMELLIA128_IDX; | 540 | i = SSL_ENC_CAMELLIA128_IDX; |
| 544 | break; | 541 | break; |
| 545 | case SSL_CAMELLIA256: | 542 | case SSL_CAMELLIA256: |
| 546 | i=SSL_ENC_CAMELLIA256_IDX; | 543 | i = SSL_ENC_CAMELLIA256_IDX; |
| 547 | break; | 544 | break; |
| 548 | case SSL_eGOST2814789CNT: | 545 | case SSL_eGOST2814789CNT: |
| 549 | i=SSL_ENC_GOST89_IDX; | 546 | i = SSL_ENC_GOST89_IDX; |
| 550 | break; | 547 | break; |
| 551 | case SSL_SEED: | 548 | case SSL_SEED: |
| 552 | i=SSL_ENC_SEED_IDX; | 549 | i = SSL_ENC_SEED_IDX; |
| 553 | break; | 550 | break; |
| 554 | case SSL_AES128GCM: | 551 | case SSL_AES128GCM: |
| 555 | i=SSL_ENC_AES128GCM_IDX; | 552 | i = SSL_ENC_AES128GCM_IDX; |
| 556 | break; | 553 | break; |
| 557 | case SSL_AES256GCM: | 554 | case SSL_AES256GCM: |
| 558 | i=SSL_ENC_AES256GCM_IDX; | 555 | i = SSL_ENC_AES256GCM_IDX; |
| 559 | break; | 556 | break; |
| 560 | default: | 557 | default: |
| 561 | i= -1; | 558 | i = -1; |
| 562 | break; | 559 | break; |
| 563 | } | 560 | } |
| 564 | 561 | ||
| 565 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) | 562 | if ((i < 0) || (i > SSL_ENC_NUM_IDX)) |
| 566 | *enc=NULL; | 563 | *enc = NULL; |
| 567 | else | 564 | else { |
| 568 | { | ||
| 569 | if (i == SSL_ENC_NULL_IDX) | 565 | if (i == SSL_ENC_NULL_IDX) |
| 570 | *enc=EVP_enc_null(); | 566 | *enc = EVP_enc_null(); |
| 571 | else | 567 | else |
| 572 | *enc=ssl_cipher_methods[i]; | 568 | *enc = ssl_cipher_methods[i]; |
| 573 | } | 569 | } |
| 574 | 570 | ||
| 575 | switch (c->algorithm_mac) | 571 | switch (c->algorithm_mac) { |
| 576 | { | ||
| 577 | case SSL_MD5: | 572 | case SSL_MD5: |
| 578 | i=SSL_MD_MD5_IDX; | 573 | i = SSL_MD_MD5_IDX; |
| 579 | break; | 574 | break; |
| 580 | case SSL_SHA1: | 575 | case SSL_SHA1: |
| 581 | i=SSL_MD_SHA1_IDX; | 576 | i = SSL_MD_SHA1_IDX; |
| 582 | break; | 577 | break; |
| 583 | case SSL_SHA256: | 578 | case SSL_SHA256: |
| 584 | i=SSL_MD_SHA256_IDX; | 579 | i = SSL_MD_SHA256_IDX; |
| 585 | break; | 580 | break; |
| 586 | case SSL_SHA384: | 581 | case SSL_SHA384: |
| 587 | i=SSL_MD_SHA384_IDX; | 582 | i = SSL_MD_SHA384_IDX; |
| 588 | break; | 583 | break; |
| 589 | case SSL_GOST94: | 584 | case SSL_GOST94: |
| 590 | i = SSL_MD_GOST94_IDX; | 585 | i = SSL_MD_GOST94_IDX; |
| @@ -593,63 +588,63 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | |||
| 593 | i = SSL_MD_GOST89MAC_IDX; | 588 | i = SSL_MD_GOST89MAC_IDX; |
| 594 | break; | 589 | break; |
| 595 | default: | 590 | default: |
| 596 | i= -1; | 591 | i = -1; |
| 597 | break; | 592 | break; |
| 598 | } | 593 | } |
| 599 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) | 594 | if ((i < 0) || (i > SSL_MD_NUM_IDX)) { |
| 600 | { | 595 | *md = NULL; |
| 601 | *md=NULL; | 596 | |
| 602 | if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef; | 597 | if (mac_pkey_type != NULL) |
| 603 | if (mac_secret_size!=NULL) *mac_secret_size = 0; | 598 | *mac_pkey_type = NID_undef; |
| 599 | if (mac_secret_size != NULL) | ||
| 600 | *mac_secret_size = 0; | ||
| 604 | if (c->algorithm_mac == SSL_AEAD) | 601 | if (c->algorithm_mac == SSL_AEAD) |
| 605 | mac_pkey_type = NULL; | 602 | mac_pkey_type = NULL; |
| 606 | } | 603 | } else { |
| 607 | else | 604 | *md = ssl_digest_methods[i]; |
| 608 | { | 605 | if (mac_pkey_type != NULL) |
| 609 | *md=ssl_digest_methods[i]; | 606 | *mac_pkey_type = ssl_mac_pkey_id[i]; |
| 610 | if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i]; | 607 | if (mac_secret_size != NULL) |
| 611 | if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i]; | 608 | *mac_secret_size = ssl_mac_secret_size[i]; |
| 612 | } | 609 | } |
| 613 | 610 | ||
| 614 | if ((*enc != NULL) && | 611 | if ((*enc != NULL) && |
| 615 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && | 612 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && |
| 616 | (!mac_pkey_type||*mac_pkey_type != NID_undef)) | 613 | (!mac_pkey_type || *mac_pkey_type != NID_undef)) { |
| 617 | { | ||
| 618 | const EVP_CIPHER *evp; | 614 | const EVP_CIPHER *evp; |
| 619 | 615 | ||
| 620 | if (s->ssl_version>>8 != TLS1_VERSION_MAJOR || | 616 | if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || |
| 621 | s->ssl_version < TLS1_VERSION) | 617 | s->ssl_version < TLS1_VERSION) |
| 622 | return 1; | 618 | return 1; |
| 623 | 619 | ||
| 624 | #ifdef OPENSSL_FIPS | 620 | #ifdef OPENSSL_FIPS |
| 625 | if (FIPS_mode()) | 621 | if (FIPS_mode()) |
| 626 | return 1; | 622 | return 1; |
| 627 | #endif | 623 | #endif |
| 628 | 624 | ||
| 629 | if (c->algorithm_enc == SSL_RC4 && | 625 | if (c->algorithm_enc == SSL_RC4 && |
| 630 | c->algorithm_mac == SSL_MD5 && | 626 | c->algorithm_mac == SSL_MD5 && |
| 631 | (evp=EVP_get_cipherbyname("RC4-HMAC-MD5"))) | 627 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) |
| 632 | *enc = evp, *md = NULL; | 628 | *enc = evp, *md = NULL; |
| 633 | else if (c->algorithm_enc == SSL_AES128 && | 629 | else if (c->algorithm_enc == SSL_AES128 && |
| 634 | c->algorithm_mac == SSL_SHA1 && | 630 | c->algorithm_mac == SSL_SHA1 && |
| 635 | (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | 631 | (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) |
| 636 | *enc = evp, *md = NULL; | 632 | *enc = evp, *md = NULL; |
| 637 | else if (c->algorithm_enc == SSL_AES256 && | 633 | else if (c->algorithm_enc == SSL_AES256 && |
| 638 | c->algorithm_mac == SSL_SHA1 && | 634 | c->algorithm_mac == SSL_SHA1 && |
| 639 | (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | 635 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) |
| 640 | *enc = evp, *md = NULL; | 636 | *enc = evp, *md = NULL; |
| 641 | return(1); | 637 | return (1); |
| 642 | } | 638 | } else |
| 643 | else | 639 | return (0); |
| 644 | return(0); | 640 | } |
| 645 | } | ||
| 646 | 641 | ||
| 647 | int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | 642 | int |
| 643 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | ||
| 648 | { | 644 | { |
| 649 | if (idx <0||idx>=SSL_MD_NUM_IDX) | 645 | if (idx < 0 || idx >= SSL_MD_NUM_IDX) { |
| 650 | { | ||
| 651 | return 0; | 646 | return 0; |
| 652 | } | 647 | } |
| 653 | *mask = ssl_handshake_digest_flag[idx]; | 648 | *mask = ssl_handshake_digest_flag[idx]; |
| 654 | if (*mask) | 649 | if (*mask) |
| 655 | *md = ssl_digest_methods[idx]; | 650 | *md = ssl_digest_methods[idx]; |
| @@ -661,40 +656,45 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | |||
| 661 | #define ITEM_SEP(a) \ | 656 | #define ITEM_SEP(a) \ |
| 662 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | 657 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) |
| 663 | 658 | ||
| 664 | static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 659 | static void |
| 665 | CIPHER_ORDER **tail) | 660 | ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 666 | { | 661 | CIPHER_ORDER **tail) |
| 667 | if (curr == *tail) return; | 662 | { |
| 663 | if (curr == *tail) | ||
| 664 | return; | ||
| 668 | if (curr == *head) | 665 | if (curr == *head) |
| 669 | *head=curr->next; | 666 | *head = curr->next; |
| 670 | if (curr->prev != NULL) | 667 | if (curr->prev != NULL) |
| 671 | curr->prev->next=curr->next; | 668 | curr->prev->next = curr->next; |
| 672 | if (curr->next != NULL) | 669 | if (curr->next != NULL) |
| 673 | curr->next->prev=curr->prev; | 670 | curr->next->prev = curr->prev; |
| 674 | (*tail)->next=curr; | 671 | (*tail)->next = curr; |
| 675 | curr->prev= *tail; | 672 | curr->prev= *tail; |
| 676 | curr->next=NULL; | 673 | curr->next = NULL; |
| 677 | *tail=curr; | 674 | *tail = curr; |
| 678 | } | 675 | } |
| 679 | 676 | ||
| 680 | static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, | 677 | static void |
| 681 | CIPHER_ORDER **tail) | 678 | ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 682 | { | 679 | CIPHER_ORDER **tail) |
| 683 | if (curr == *head) return; | 680 | { |
| 681 | if (curr == *head) | ||
| 682 | return; | ||
| 684 | if (curr == *tail) | 683 | if (curr == *tail) |
| 685 | *tail=curr->prev; | 684 | *tail = curr->prev; |
| 686 | if (curr->next != NULL) | 685 | if (curr->next != NULL) |
| 687 | curr->next->prev=curr->prev; | 686 | curr->next->prev = curr->prev; |
| 688 | if (curr->prev != NULL) | 687 | if (curr->prev != NULL) |
| 689 | curr->prev->next=curr->next; | 688 | curr->prev->next = curr->next; |
| 690 | (*head)->prev=curr; | 689 | (*head)->prev = curr; |
| 691 | curr->next= *head; | 690 | curr->next= *head; |
| 692 | curr->prev=NULL; | 691 | curr->prev = NULL; |
| 693 | *head=curr; | 692 | *head = curr; |
| 694 | } | 693 | } |
| 695 | 694 | ||
| 696 | static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) | 695 | static void |
| 697 | { | 696 | ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) |
| 697 | { | ||
| 698 | *mkey = 0; | 698 | *mkey = 0; |
| 699 | *auth = 0; | 699 | *auth = 0; |
| 700 | *enc = 0; | 700 | *enc = 0; |
| @@ -743,44 +743,45 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un | |||
| 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ | 743 | /* Disable GOST key exchange if no GOST signature algs are available * */ |
| 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { | 744 | if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) { |
| 745 | *mkey |= SSL_kGOST; | 745 | *mkey |= SSL_kGOST; |
| 746 | } | 746 | } |
| 747 | #ifdef SSL_FORBID_ENULL | 747 | #ifdef SSL_FORBID_ENULL |
| 748 | *enc |= SSL_eNULL; | 748 | *enc |= SSL_eNULL; |
| 749 | #endif | 749 | #endif |
| 750 | |||
| 751 | |||
| 752 | |||
| 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; | ||
| 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; | ||
| 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; | ||
| 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; | ||
| 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; | ||
| 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0; | ||
| 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0; | ||
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0; | ||
| 773 | 750 | ||
| 774 | } | ||
| 775 | 751 | ||
| 776 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | 752 | |
| 777 | int num_of_ciphers, | 753 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; |
| 778 | unsigned long disabled_mkey, unsigned long disabled_auth, | 754 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; |
| 779 | unsigned long disabled_enc, unsigned long disabled_mac, | 755 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; |
| 780 | unsigned long disabled_ssl, | 756 | *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 : 0; |
| 781 | CIPHER_ORDER *co_list, | 757 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; |
| 782 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 758 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; |
| 783 | { | 759 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; |
| 760 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; | ||
| 761 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; | ||
| 762 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; | ||
| 763 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; | ||
| 764 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; | ||
| 765 | *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; | ||
| 766 | |||
| 767 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; | ||
| 768 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; | ||
| 769 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; | ||
| 770 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; | ||
| 771 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; | ||
| 772 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef) ? SSL_GOST89MAC : 0; | ||
| 773 | |||
| 774 | } | ||
| 775 | |||
| 776 | static void | ||
| 777 | ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | ||
| 778 | int num_of_ciphers, | ||
| 779 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
| 780 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
| 781 | unsigned long disabled_ssl, | ||
| 782 | CIPHER_ORDER *co_list, | ||
| 783 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 784 | { | ||
| 784 | int i, co_list_num; | 785 | int i, co_list_num; |
| 785 | const SSL_CIPHER *c; | 786 | const SSL_CIPHER *c; |
| 786 | 787 | ||
| @@ -793,68 +794,64 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | |||
| 793 | 794 | ||
| 794 | /* Get the initial list of ciphers */ | 795 | /* Get the initial list of ciphers */ |
| 795 | co_list_num = 0; /* actual count of ciphers */ | 796 | co_list_num = 0; /* actual count of ciphers */ |
| 796 | for (i = 0; i < num_of_ciphers; i++) | 797 | for (i = 0; i < num_of_ciphers; i++) { |
| 797 | { | ||
| 798 | c = ssl_method->get_cipher(i); | 798 | c = ssl_method->get_cipher(i); |
| 799 | /* drop those that use any of that is not available */ | 799 | /* drop those that use any of that is not available */ |
| 800 | if ((c != NULL) && c->valid && | 800 | if ((c != NULL) && c->valid && |
| 801 | #ifdef OPENSSL_FIPS | 801 | #ifdef OPENSSL_FIPS |
| 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && | 802 | (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) && |
| 803 | #endif | 803 | #endif |
| 804 | !(c->algorithm_mkey & disabled_mkey) && | 804 | !(c->algorithm_mkey & disabled_mkey) && |
| 805 | !(c->algorithm_auth & disabled_auth) && | 805 | !(c->algorithm_auth & disabled_auth) && |
| 806 | !(c->algorithm_enc & disabled_enc) && | 806 | !(c->algorithm_enc & disabled_enc) && |
| 807 | !(c->algorithm_mac & disabled_mac) && | 807 | !(c->algorithm_mac & disabled_mac) && |
| 808 | !(c->algorithm_ssl & disabled_ssl)) | 808 | !(c->algorithm_ssl & disabled_ssl)) { |
| 809 | { | ||
| 810 | co_list[co_list_num].cipher = c; | 809 | co_list[co_list_num].cipher = c; |
| 811 | co_list[co_list_num].next = NULL; | 810 | co_list[co_list_num].next = NULL; |
| 812 | co_list[co_list_num].prev = NULL; | 811 | co_list[co_list_num].prev = NULL; |
| 813 | co_list[co_list_num].active = 0; | 812 | co_list[co_list_num].active = 0; |
| 814 | co_list_num++; | 813 | co_list_num++; |
| 815 | #ifdef KSSL_DEBUG | 814 | #ifdef KSSL_DEBUG |
| 816 | printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth); | 815 | printf("\t%d: %s %lx %lx %lx\n", i, c->name, c->id, c->algorithm_mkey, c->algorithm_auth); |
| 817 | #endif /* KSSL_DEBUG */ | 816 | #endif /* KSSL_DEBUG */ |
| 818 | /* | 817 | /* |
| 819 | if (!sk_push(ca_list,(char *)c)) goto err; | 818 | if (!sk_push(ca_list,(char *)c)) goto err; |
| 820 | */ | 819 | */ |
| 821 | } | ||
| 822 | } | 820 | } |
| 821 | } | ||
| 823 | 822 | ||
| 824 | /* | 823 | /* |
| 825 | * Prepare linked list from list entries | 824 | * Prepare linked list from list entries |
| 826 | */ | 825 | */ |
| 827 | if (co_list_num > 0) | 826 | if (co_list_num > 0) { |
| 828 | { | ||
| 829 | co_list[0].prev = NULL; | 827 | co_list[0].prev = NULL; |
| 830 | 828 | ||
| 831 | if (co_list_num > 1) | 829 | if (co_list_num > 1) { |
| 832 | { | ||
| 833 | co_list[0].next = &co_list[1]; | 830 | co_list[0].next = &co_list[1]; |
| 834 | 831 | ||
| 835 | for (i = 1; i < co_list_num - 1; i++) | 832 | for (i = 1; i < co_list_num - 1; i++) { |
| 836 | { | ||
| 837 | co_list[i].prev = &co_list[i - 1]; | 833 | co_list[i].prev = &co_list[i - 1]; |
| 838 | co_list[i].next = &co_list[i + 1]; | 834 | co_list[i].next = &co_list[i + 1]; |
| 839 | } | 835 | } |
| 840 | 836 | ||
| 841 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; | 837 | co_list[co_list_num - 1].prev = &co_list[co_list_num - 2]; |
| 842 | } | 838 | } |
| 843 | 839 | ||
| 844 | co_list[co_list_num - 1].next = NULL; | 840 | co_list[co_list_num - 1].next = NULL; |
| 845 | 841 | ||
| 846 | *head_p = &co_list[0]; | 842 | *head_p = &co_list[0]; |
| 847 | *tail_p = &co_list[co_list_num - 1]; | 843 | *tail_p = &co_list[co_list_num - 1]; |
| 848 | } | ||
| 849 | } | 844 | } |
| 845 | } | ||
| 850 | 846 | ||
| 851 | static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | 847 | static void |
| 852 | int num_of_group_aliases, | 848 | ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, |
| 853 | unsigned long disabled_mkey, unsigned long disabled_auth, | 849 | int num_of_group_aliases, |
| 854 | unsigned long disabled_enc, unsigned long disabled_mac, | 850 | unsigned long disabled_mkey, unsigned long disabled_auth, |
| 855 | unsigned long disabled_ssl, | 851 | unsigned long disabled_enc, unsigned long disabled_mac, |
| 856 | CIPHER_ORDER *head) | 852 | unsigned long disabled_ssl, |
| 857 | { | 853 | CIPHER_ORDER *head) |
| 854 | { | ||
| 858 | CIPHER_ORDER *ciph_curr; | 855 | CIPHER_ORDER *ciph_curr; |
| 859 | const SSL_CIPHER **ca_curr; | 856 | const SSL_CIPHER **ca_curr; |
| 860 | int i; | 857 | int i; |
| @@ -869,12 +866,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 869 | */ | 866 | */ |
| 870 | ciph_curr = head; | 867 | ciph_curr = head; |
| 871 | ca_curr = ca_list; | 868 | ca_curr = ca_list; |
| 872 | while (ciph_curr != NULL) | 869 | while (ciph_curr != NULL) { |
| 873 | { | ||
| 874 | *ca_curr = ciph_curr->cipher; | 870 | *ca_curr = ciph_curr->cipher; |
| 875 | ca_curr++; | 871 | ca_curr++; |
| 876 | ciph_curr = ciph_curr->next; | 872 | ciph_curr = ciph_curr->next; |
| 877 | } | 873 | } |
| 878 | 874 | ||
| 879 | /* | 875 | /* |
| 880 | * Now we add the available ones from the cipher_aliases[] table. | 876 | * Now we add the available ones from the cipher_aliases[] table. |
| @@ -882,8 +878,7 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 882 | * in any affected category must be supported (set in enabled_mask), | 878 | * in any affected category must be supported (set in enabled_mask), |
| 883 | * or represent a cipher strength value (will be added in any case because algorithms=0). | 879 | * or represent a cipher strength value (will be added in any case because algorithms=0). |
| 884 | */ | 880 | */ |
| 885 | for (i = 0; i < num_of_group_aliases; i++) | 881 | for (i = 0; i < num_of_group_aliases; i++) { |
| 886 | { | ||
| 887 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; | 882 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; |
| 888 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; | 883 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; |
| 889 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; | 884 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; |
| @@ -893,45 +888,46 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, | |||
| 893 | if (algorithm_mkey) | 888 | if (algorithm_mkey) |
| 894 | if ((algorithm_mkey & mask_mkey) == 0) | 889 | if ((algorithm_mkey & mask_mkey) == 0) |
| 895 | continue; | 890 | continue; |
| 896 | 891 | ||
| 897 | if (algorithm_auth) | 892 | if (algorithm_auth) |
| 898 | if ((algorithm_auth & mask_auth) == 0) | 893 | if ((algorithm_auth & mask_auth) == 0) |
| 899 | continue; | 894 | continue; |
| 900 | 895 | ||
| 901 | if (algorithm_enc) | 896 | if (algorithm_enc) |
| 902 | if ((algorithm_enc & mask_enc) == 0) | 897 | if ((algorithm_enc & mask_enc) == 0) |
| 903 | continue; | 898 | continue; |
| 904 | 899 | ||
| 905 | if (algorithm_mac) | 900 | if (algorithm_mac) |
| 906 | if ((algorithm_mac & mask_mac) == 0) | 901 | if ((algorithm_mac & mask_mac) == 0) |
| 907 | continue; | 902 | continue; |
| 908 | 903 | ||
| 909 | if (algorithm_ssl) | 904 | if (algorithm_ssl) |
| 910 | if ((algorithm_ssl & mask_ssl) == 0) | 905 | if ((algorithm_ssl & mask_ssl) == 0) |
| 911 | continue; | 906 | continue; |
| 912 | 907 | ||
| 913 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | 908 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); |
| 914 | ca_curr++; | 909 | ca_curr++; |
| 915 | } | 910 | } |
| 916 | 911 | ||
| 917 | *ca_curr = NULL; /* end of list */ | 912 | *ca_curr = NULL; /* end of list */ |
| 918 | } | 913 | } |
| 919 | 914 | ||
| 920 | static void ssl_cipher_apply_rule(unsigned long cipher_id, | 915 | static void |
| 921 | unsigned long alg_mkey, unsigned long alg_auth, | 916 | ssl_cipher_apply_rule(unsigned long cipher_id, |
| 922 | unsigned long alg_enc, unsigned long alg_mac, | 917 | unsigned long alg_mkey, unsigned long alg_auth, |
| 923 | unsigned long alg_ssl, | 918 | unsigned long alg_enc, unsigned long alg_mac, |
| 924 | unsigned long algo_strength, | 919 | unsigned long alg_ssl, |
| 925 | int rule, int strength_bits, | 920 | unsigned long algo_strength, |
| 926 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | 921 | int rule, int strength_bits, |
| 927 | { | 922 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| 923 | { | ||
| 928 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; | 924 | CIPHER_ORDER *head, *tail, *curr, *curr2, *last; |
| 929 | const SSL_CIPHER *cp; | 925 | const SSL_CIPHER *cp; |
| 930 | int reverse = 0; | 926 | int reverse = 0; |
| 931 | 927 | ||
| 932 | #ifdef CIPHER_DEBUG | 928 | #ifdef CIPHER_DEBUG |
| 933 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", | 929 | printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n", |
| 934 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); | 930 | rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits); |
| 935 | #endif | 931 | #endif |
| 936 | 932 | ||
| 937 | if (rule == CIPHER_DEL) | 933 | if (rule == CIPHER_DEL) |
| @@ -940,21 +936,18 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 940 | head = *head_p; | 936 | head = *head_p; |
| 941 | tail = *tail_p; | 937 | tail = *tail_p; |
| 942 | 938 | ||
| 943 | if (reverse) | 939 | if (reverse) { |
| 944 | { | ||
| 945 | curr = tail; | 940 | curr = tail; |
| 946 | last = head; | 941 | last = head; |
| 947 | } | 942 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | curr = head; | 943 | curr = head; |
| 951 | last = tail; | 944 | last = tail; |
| 952 | } | 945 | } |
| 953 | 946 | ||
| 954 | curr2 = curr; | 947 | curr2 = curr; |
| 955 | for (;;) | 948 | for (;;) { |
| 956 | { | 949 | if ((curr == NULL) |
| 957 | if ((curr == NULL) || (curr == last)) break; | 950 | || (curr == last)) break; |
| 958 | curr = curr2; | 951 | curr = curr2; |
| 959 | curr2 = reverse ? curr->prev : curr->next; | 952 | curr2 = reverse ? curr->prev : curr->next; |
| 960 | 953 | ||
| @@ -964,13 +957,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 964 | * Selection criteria is either the value of strength_bits | 957 | * Selection criteria is either the value of strength_bits |
| 965 | * or the algorithms used. | 958 | * or the algorithms used. |
| 966 | */ | 959 | */ |
| 967 | if (strength_bits >= 0) | 960 | if (strength_bits >= 0) { |
| 968 | { | ||
| 969 | if (strength_bits != cp->strength_bits) | 961 | if (strength_bits != cp->strength_bits) |
| 970 | continue; | 962 | continue; |
| 971 | } | 963 | } else { |
| 972 | else | ||
| 973 | { | ||
| 974 | #ifdef CIPHER_DEBUG | 964 | #ifdef CIPHER_DEBUG |
| 975 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); | 965 | printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); |
| 976 | #endif | 966 | #endif |
| @@ -989,45 +979,36 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 989 | continue; | 979 | continue; |
| 990 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) | 980 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) |
| 991 | continue; | 981 | continue; |
| 992 | } | 982 | } |
| 993 | 983 | ||
| 994 | #ifdef CIPHER_DEBUG | 984 | #ifdef CIPHER_DEBUG |
| 995 | printf("Action = %d\n", rule); | 985 | printf("Action = %d\n", rule); |
| 996 | #endif | 986 | #endif |
| 997 | 987 | ||
| 998 | /* add the cipher if it has not been added yet. */ | 988 | /* add the cipher if it has not been added yet. */ |
| 999 | if (rule == CIPHER_ADD) | 989 | if (rule == CIPHER_ADD) { |
| 1000 | { | ||
| 1001 | /* reverse == 0 */ | 990 | /* reverse == 0 */ |
| 1002 | if (!curr->active) | 991 | if (!curr->active) { |
| 1003 | { | ||
| 1004 | ll_append_tail(&head, curr, &tail); | 992 | ll_append_tail(&head, curr, &tail); |
| 1005 | curr->active = 1; | 993 | curr->active = 1; |
| 1006 | } | ||
| 1007 | } | 994 | } |
| 995 | } | ||
| 1008 | /* Move the added cipher to this location */ | 996 | /* Move the added cipher to this location */ |
| 1009 | else if (rule == CIPHER_ORD) | 997 | else if (rule == CIPHER_ORD) { |
| 1010 | { | ||
| 1011 | /* reverse == 0 */ | 998 | /* reverse == 0 */ |
| 1012 | if (curr->active) | 999 | if (curr->active) { |
| 1013 | { | ||
| 1014 | ll_append_tail(&head, curr, &tail); | 1000 | ll_append_tail(&head, curr, &tail); |
| 1015 | } | ||
| 1016 | } | 1001 | } |
| 1017 | else if (rule == CIPHER_DEL) | 1002 | } else if (rule == CIPHER_DEL) { |
| 1018 | { | ||
| 1019 | /* reverse == 1 */ | 1003 | /* reverse == 1 */ |
| 1020 | if (curr->active) | 1004 | if (curr->active) { |
| 1021 | { | ||
| 1022 | /* most recently deleted ciphersuites get best positions | 1005 | /* most recently deleted ciphersuites get best positions |
| 1023 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop | 1006 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop |
| 1024 | * works in reverse to maintain the order) */ | 1007 | * works in reverse to maintain the order) */ |
| 1025 | ll_append_head(&head, curr, &tail); | 1008 | ll_append_head(&head, curr, &tail); |
| 1026 | curr->active = 0; | 1009 | curr->active = 0; |
| 1027 | } | ||
| 1028 | } | 1010 | } |
| 1029 | else if (rule == CIPHER_KILL) | 1011 | } else if (rule == CIPHER_KILL) { |
| 1030 | { | ||
| 1031 | /* reverse == 0 */ | 1012 | /* reverse == 0 */ |
| 1032 | if (head == curr) | 1013 | if (head == curr) |
| 1033 | head = curr->next; | 1014 | head = curr->next; |
| @@ -1042,16 +1023,17 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, | |||
| 1042 | curr->prev->next = curr->next; | 1023 | curr->prev->next = curr->next; |
| 1043 | curr->next = NULL; | 1024 | curr->next = NULL; |
| 1044 | curr->prev = NULL; | 1025 | curr->prev = NULL; |
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1027 | } | ||
| 1047 | 1028 | ||
| 1048 | *head_p = head; | 1029 | *head_p = head; |
| 1049 | *tail_p = tail; | 1030 | *tail_p = tail; |
| 1050 | } | 1031 | } |
| 1051 | 1032 | ||
| 1052 | static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | 1033 | static int |
| 1053 | CIPHER_ORDER **tail_p) | 1034 | ssl_cipher_strength_sort(CIPHER_ORDER **head_p, |
| 1054 | { | 1035 | CIPHER_ORDER **tail_p) |
| 1036 | { | ||
| 1055 | int max_strength_bits, i, *number_uses; | 1037 | int max_strength_bits, i, *number_uses; |
| 1056 | CIPHER_ORDER *curr; | 1038 | CIPHER_ORDER *curr; |
| 1057 | 1039 | ||
| @@ -1062,32 +1044,29 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1062 | */ | 1044 | */ |
| 1063 | max_strength_bits = 0; | 1045 | max_strength_bits = 0; |
| 1064 | curr = *head_p; | 1046 | curr = *head_p; |
| 1065 | while (curr != NULL) | 1047 | while (curr != NULL) { |
| 1066 | { | ||
| 1067 | if (curr->active && | 1048 | if (curr->active && |
| 1068 | (curr->cipher->strength_bits > max_strength_bits)) | 1049 | (curr->cipher->strength_bits > max_strength_bits)) |
| 1069 | max_strength_bits = curr->cipher->strength_bits; | 1050 | max_strength_bits = curr->cipher->strength_bits; |
| 1070 | curr = curr->next; | 1051 | curr = curr->next; |
| 1071 | } | 1052 | } |
| 1072 | 1053 | ||
| 1073 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); | 1054 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); |
| 1074 | if (!number_uses) | 1055 | if (!number_uses) { |
| 1075 | { | 1056 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); |
| 1076 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); | 1057 | return (0); |
| 1077 | return(0); | 1058 | } |
| 1078 | } | ||
| 1079 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); | 1059 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); |
| 1080 | 1060 | ||
| 1081 | /* | 1061 | /* |
| 1082 | * Now find the strength_bits values actually used | 1062 | * Now find the strength_bits values actually used |
| 1083 | */ | 1063 | */ |
| 1084 | curr = *head_p; | 1064 | curr = *head_p; |
| 1085 | while (curr != NULL) | 1065 | while (curr != NULL) { |
| 1086 | { | ||
| 1087 | if (curr->active) | 1066 | if (curr->active) |
| 1088 | number_uses[curr->cipher->strength_bits]++; | 1067 | number_uses[curr->cipher->strength_bits]++; |
| 1089 | curr = curr->next; | 1068 | curr = curr->next; |
| 1090 | } | 1069 | } |
| 1091 | /* | 1070 | /* |
| 1092 | * Go through the list of used strength_bits values in descending | 1071 | * Go through the list of used strength_bits values in descending |
| 1093 | * order. | 1072 | * order. |
| @@ -1097,13 +1076,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, | |||
| 1097 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); | 1076 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); |
| 1098 | 1077 | ||
| 1099 | OPENSSL_free(number_uses); | 1078 | OPENSSL_free(number_uses); |
| 1100 | return(1); | 1079 | return (1); |
| 1101 | } | 1080 | } |
| 1102 | 1081 | ||
| 1103 | static int ssl_cipher_process_rulestr(const char *rule_str, | 1082 | static int |
| 1104 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, | 1083 | ssl_cipher_process_rulestr(const char *rule_str, |
| 1105 | const SSL_CIPHER **ca_list) | 1084 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p, |
| 1106 | { | 1085 | const SSL_CIPHER **ca_list) |
| 1086 | { | ||
| 1107 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; | 1087 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; |
| 1108 | const char *l, *buf; | 1088 | const char *l, *buf; |
| 1109 | int j, multi, found, rule, retval, ok, buflen; | 1089 | int j, multi, found, rule, retval, ok, buflen; |
| @@ -1112,28 +1092,32 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1112 | 1092 | ||
| 1113 | retval = 1; | 1093 | retval = 1; |
| 1114 | l = rule_str; | 1094 | l = rule_str; |
| 1115 | for (;;) | 1095 | for (;;) { |
| 1116 | { | ||
| 1117 | ch = *l; | 1096 | ch = *l; |
| 1118 | 1097 | ||
| 1119 | if (ch == '\0') | 1098 | if (ch == '\0') |
| 1120 | break; /* done */ | 1099 | break; |
| 1100 | /* done */ | ||
| 1121 | if (ch == '-') | 1101 | if (ch == '-') |
| 1122 | { rule = CIPHER_DEL; l++; } | 1102 | { rule = CIPHER_DEL; |
| 1123 | else if (ch == '+') | 1103 | l++; |
| 1124 | { rule = CIPHER_ORD; l++; } | 1104 | } else if (ch == '+') |
| 1125 | else if (ch == '!') | 1105 | { rule = CIPHER_ORD; |
| 1126 | { rule = CIPHER_KILL; l++; } | 1106 | l++; |
| 1127 | else if (ch == '@') | 1107 | } else if (ch == '!') |
| 1128 | { rule = CIPHER_SPECIAL; l++; } | 1108 | { rule = CIPHER_KILL; |
| 1129 | else | 1109 | l++; |
| 1130 | { rule = CIPHER_ADD; } | 1110 | } else if (ch == '@') |
| 1111 | { rule = CIPHER_SPECIAL; | ||
| 1112 | l++; | ||
| 1113 | } else | ||
| 1114 | { rule = CIPHER_ADD; | ||
| 1115 | } | ||
| 1131 | 1116 | ||
| 1132 | if (ITEM_SEP(ch)) | 1117 | if (ITEM_SEP(ch)) { |
| 1133 | { | ||
| 1134 | l++; | 1118 | l++; |
| 1135 | continue; | 1119 | continue; |
| 1136 | } | 1120 | } |
| 1137 | 1121 | ||
| 1138 | alg_mkey = 0; | 1122 | alg_mkey = 0; |
| 1139 | alg_auth = 0; | 1123 | alg_auth = 0; |
| @@ -1142,52 +1126,47 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1142 | alg_ssl = 0; | 1126 | alg_ssl = 0; |
| 1143 | algo_strength = 0; | 1127 | algo_strength = 0; |
| 1144 | 1128 | ||
| 1145 | for (;;) | 1129 | for (;;) { |
| 1146 | { | ||
| 1147 | ch = *l; | 1130 | ch = *l; |
| 1148 | buf = l; | 1131 | buf = l; |
| 1149 | buflen = 0; | 1132 | buflen = 0; |
| 1150 | #ifndef CHARSET_EBCDIC | 1133 | #ifndef CHARSET_EBCDIC |
| 1151 | while ( ((ch >= 'A') && (ch <= 'Z')) || | 1134 | while (((ch >= 'A') && (ch <= 'Z')) || |
| 1152 | ((ch >= '0') && (ch <= '9')) || | 1135 | ((ch >= '0') && (ch <= '9')) || |
| 1153 | ((ch >= 'a') && (ch <= 'z')) || | 1136 | ((ch >= 'a') && (ch <= 'z')) || |
| 1154 | (ch == '-') || (ch == '.')) | 1137 | (ch == '-') || (ch == '.')) |
| 1155 | #else | 1138 | #else |
| 1156 | while ( isalnum(ch) || (ch == '-') || (ch == '.')) | 1139 | while (isalnum(ch) || (ch == '-') || (ch == '.')) |
| 1157 | #endif | 1140 | #endif |
| 1158 | { | 1141 | { |
| 1159 | ch = *(++l); | 1142 | ch = *(++l); |
| 1160 | buflen++; | 1143 | buflen++; |
| 1161 | } | 1144 | } |
| 1162 | 1145 | ||
| 1163 | if (buflen == 0) | 1146 | if (buflen == 0) { |
| 1164 | { | ||
| 1165 | /* | 1147 | /* |
| 1166 | * We hit something we cannot deal with, | 1148 | * We hit something we cannot deal with, |
| 1167 | * it is no command or separator nor | 1149 | * it is no command or separator nor |
| 1168 | * alphanumeric, so we call this an error. | 1150 | * alphanumeric, so we call this an error. |
| 1169 | */ | 1151 | */ |
| 1170 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1152 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1171 | SSL_R_INVALID_COMMAND); | 1153 | SSL_R_INVALID_COMMAND); |
| 1172 | retval = found = 0; | 1154 | retval = found = 0; |
| 1173 | l++; | 1155 | l++; |
| 1174 | break; | 1156 | break; |
| 1175 | } | 1157 | } |
| 1176 | 1158 | ||
| 1177 | if (rule == CIPHER_SPECIAL) | 1159 | if (rule == CIPHER_SPECIAL) { |
| 1178 | { | ||
| 1179 | found = 0; /* unused -- avoid compiler warning */ | 1160 | found = 0; /* unused -- avoid compiler warning */ |
| 1180 | break; /* special treatment */ | 1161 | break; /* special treatment */ |
| 1181 | } | 1162 | } |
| 1182 | 1163 | ||
| 1183 | /* check for multi-part specification */ | 1164 | /* check for multi-part specification */ |
| 1184 | if (ch == '+') | 1165 | if (ch == '+') { |
| 1185 | { | 1166 | multi = 1; |
| 1186 | multi=1; | ||
| 1187 | l++; | 1167 | l++; |
| 1188 | } | 1168 | } else |
| 1189 | else | 1169 | multi = 0; |
| 1190 | multi=0; | ||
| 1191 | 1170 | ||
| 1192 | /* | 1171 | /* |
| 1193 | * Now search for the cipher alias in the ca_list. Be careful | 1172 | * Now search for the cipher alias in the ca_list. Be careful |
| @@ -1202,126 +1181,121 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1202 | */ | 1181 | */ |
| 1203 | j = found = 0; | 1182 | j = found = 0; |
| 1204 | cipher_id = 0; | 1183 | cipher_id = 0; |
| 1205 | while (ca_list[j]) | 1184 | while (ca_list[j]) { |
| 1206 | { | ||
| 1207 | if (!strncmp(buf, ca_list[j]->name, buflen) && | 1185 | if (!strncmp(buf, ca_list[j]->name, buflen) && |
| 1208 | (ca_list[j]->name[buflen] == '\0')) | 1186 | (ca_list[j]->name[buflen] == '\0')) { |
| 1209 | { | ||
| 1210 | found = 1; | 1187 | found = 1; |
| 1211 | break; | 1188 | break; |
| 1212 | } | 1189 | } else |
| 1213 | else | ||
| 1214 | j++; | 1190 | j++; |
| 1215 | } | 1191 | } |
| 1216 | 1192 | ||
| 1217 | if (!found) | 1193 | if (!found) |
| 1218 | break; /* ignore this entry */ | 1194 | break; /* ignore this entry */ |
| 1219 | 1195 | ||
| 1220 | if (ca_list[j]->algorithm_mkey) | 1196 | if (ca_list[j]->algorithm_mkey) { |
| 1221 | { | 1197 | if (alg_mkey) { |
| 1222 | if (alg_mkey) | ||
| 1223 | { | ||
| 1224 | alg_mkey &= ca_list[j]->algorithm_mkey; | 1198 | alg_mkey &= ca_list[j]->algorithm_mkey; |
| 1225 | if (!alg_mkey) { found = 0; break; } | 1199 | if (!alg_mkey) { |
| 1200 | found = 0; | ||
| 1201 | break; | ||
| 1226 | } | 1202 | } |
| 1227 | else | 1203 | } else |
| 1228 | alg_mkey = ca_list[j]->algorithm_mkey; | 1204 | alg_mkey = ca_list[j]->algorithm_mkey; |
| 1229 | } | 1205 | } |
| 1230 | 1206 | ||
| 1231 | if (ca_list[j]->algorithm_auth) | 1207 | if (ca_list[j]->algorithm_auth) { |
| 1232 | { | 1208 | if (alg_auth) { |
| 1233 | if (alg_auth) | ||
| 1234 | { | ||
| 1235 | alg_auth &= ca_list[j]->algorithm_auth; | 1209 | alg_auth &= ca_list[j]->algorithm_auth; |
| 1236 | if (!alg_auth) { found = 0; break; } | 1210 | if (!alg_auth) { |
| 1211 | found = 0; | ||
| 1212 | break; | ||
| 1237 | } | 1213 | } |
| 1238 | else | 1214 | } else |
| 1239 | alg_auth = ca_list[j]->algorithm_auth; | 1215 | alg_auth = ca_list[j]->algorithm_auth; |
| 1240 | } | 1216 | } |
| 1241 | 1217 | ||
| 1242 | if (ca_list[j]->algorithm_enc) | 1218 | if (ca_list[j]->algorithm_enc) { |
| 1243 | { | 1219 | if (alg_enc) { |
| 1244 | if (alg_enc) | ||
| 1245 | { | ||
| 1246 | alg_enc &= ca_list[j]->algorithm_enc; | 1220 | alg_enc &= ca_list[j]->algorithm_enc; |
| 1247 | if (!alg_enc) { found = 0; break; } | 1221 | if (!alg_enc) { |
| 1222 | found = 0; | ||
| 1223 | break; | ||
| 1248 | } | 1224 | } |
| 1249 | else | 1225 | } else |
| 1250 | alg_enc = ca_list[j]->algorithm_enc; | 1226 | alg_enc = ca_list[j]->algorithm_enc; |
| 1251 | } | 1227 | } |
| 1252 | 1228 | ||
| 1253 | if (ca_list[j]->algorithm_mac) | 1229 | if (ca_list[j]->algorithm_mac) { |
| 1254 | { | 1230 | if (alg_mac) { |
| 1255 | if (alg_mac) | ||
| 1256 | { | ||
| 1257 | alg_mac &= ca_list[j]->algorithm_mac; | 1231 | alg_mac &= ca_list[j]->algorithm_mac; |
| 1258 | if (!alg_mac) { found = 0; break; } | 1232 | if (!alg_mac) { |
| 1233 | found = 0; | ||
| 1234 | break; | ||
| 1259 | } | 1235 | } |
| 1260 | else | 1236 | } else |
| 1261 | alg_mac = ca_list[j]->algorithm_mac; | 1237 | alg_mac = ca_list[j]->algorithm_mac; |
| 1262 | } | 1238 | } |
| 1263 | 1239 | ||
| 1264 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) | 1240 | if (ca_list[j]->algo_strength & SSL_EXP_MASK) { |
| 1265 | { | 1241 | if (algo_strength & SSL_EXP_MASK) { |
| 1266 | if (algo_strength & SSL_EXP_MASK) | ||
| 1267 | { | ||
| 1268 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; | 1242 | algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK; |
| 1269 | if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; } | 1243 | if (!(algo_strength & SSL_EXP_MASK)) { |
| 1244 | found = 0; | ||
| 1245 | break; | ||
| 1270 | } | 1246 | } |
| 1271 | else | 1247 | } else |
| 1272 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; | 1248 | algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; |
| 1273 | } | 1249 | } |
| 1274 | 1250 | ||
| 1275 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) | 1251 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { |
| 1276 | { | 1252 | if (algo_strength & SSL_STRONG_MASK) { |
| 1277 | if (algo_strength & SSL_STRONG_MASK) | ||
| 1278 | { | ||
| 1279 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | 1253 | algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK; |
| 1280 | if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; } | 1254 | if (!(algo_strength & SSL_STRONG_MASK)) { |
| 1255 | found = 0; | ||
| 1256 | break; | ||
| 1281 | } | 1257 | } |
| 1282 | else | 1258 | } else |
| 1283 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; | 1259 | algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK; |
| 1284 | } | 1260 | } |
| 1285 | 1261 | ||
| 1286 | if (ca_list[j]->valid) | 1262 | if (ca_list[j]->valid) { |
| 1287 | { | ||
| 1288 | /* explicit ciphersuite found; its protocol version | 1263 | /* explicit ciphersuite found; its protocol version |
| 1289 | * does not become part of the search pattern!*/ | 1264 | * does not become part of the search pattern!*/ |
| 1290 | 1265 | ||
| 1291 | cipher_id = ca_list[j]->id; | 1266 | cipher_id = ca_list[j]->id; |
| 1292 | } | 1267 | } else { |
| 1293 | else | ||
| 1294 | { | ||
| 1295 | /* not an explicit ciphersuite; only in this case, the | 1268 | /* not an explicit ciphersuite; only in this case, the |
| 1296 | * protocol version is considered part of the search pattern */ | 1269 | * protocol version is considered part of the search pattern */ |
| 1297 | 1270 | ||
| 1298 | if (ca_list[j]->algorithm_ssl) | 1271 | if (ca_list[j]->algorithm_ssl) { |
| 1299 | { | 1272 | if (alg_ssl) { |
| 1300 | if (alg_ssl) | ||
| 1301 | { | ||
| 1302 | alg_ssl &= ca_list[j]->algorithm_ssl; | 1273 | alg_ssl &= ca_list[j]->algorithm_ssl; |
| 1303 | if (!alg_ssl) { found = 0; break; } | 1274 | if (!alg_ssl) { |
| 1275 | found = 0; | ||
| 1276 | break; | ||
| 1304 | } | 1277 | } |
| 1305 | else | 1278 | } else |
| 1306 | alg_ssl = ca_list[j]->algorithm_ssl; | 1279 | alg_ssl = ca_list[j]->algorithm_ssl; |
| 1307 | } | ||
| 1308 | } | 1280 | } |
| 1309 | |||
| 1310 | if (!multi) break; | ||
| 1311 | } | 1281 | } |
| 1312 | 1282 | ||
| 1283 | if (!multi) | ||
| 1284 | break; | ||
| 1285 | } | ||
| 1286 | |||
| 1313 | /* | 1287 | /* |
| 1314 | * Ok, we have the rule, now apply it | 1288 | * Ok, we have the rule, now apply it |
| 1315 | */ | 1289 | */ |
| 1316 | if (rule == CIPHER_SPECIAL) | 1290 | if (rule == CIPHER_SPECIAL) |
| 1317 | { /* special command */ | 1291 | { /* special command */ |
| 1318 | ok = 0; | 1292 | ok = 0; |
| 1319 | if ((buflen == 8) && | 1293 | if ((buflen == 8) && |
| 1320 | !strncmp(buf, "STRENGTH", 8)) | 1294 | !strncmp(buf, "STRENGTH", 8)) |
| 1321 | ok = ssl_cipher_strength_sort(head_p, tail_p); | 1295 | ok = ssl_cipher_strength_sort(head_p, tail_p); |
| 1322 | else | 1296 | else |
| 1323 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | 1297 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, |
| 1324 | SSL_R_INVALID_COMMAND); | 1298 | SSL_R_INVALID_COMMAND); |
| 1325 | if (ok == 0) | 1299 | if (ok == 0) |
| 1326 | retval = 0; | 1300 | retval = 0; |
| 1327 | /* | 1301 | /* |
| @@ -1331,30 +1305,27 @@ static int ssl_cipher_process_rulestr(const char *rule_str, | |||
| 1331 | * end or ':' is found. | 1305 | * end or ':' is found. |
| 1332 | */ | 1306 | */ |
| 1333 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1307 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1334 | l++; | 1308 | l++; |
| 1335 | } | 1309 | } else if (found) { |
| 1336 | else if (found) | ||
| 1337 | { | ||
| 1338 | ssl_cipher_apply_rule(cipher_id, | 1310 | ssl_cipher_apply_rule(cipher_id, |
| 1339 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, | 1311 | alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, |
| 1340 | rule, -1, head_p, tail_p); | 1312 | rule, -1, head_p, tail_p); |
| 1341 | } | 1313 | } else { |
| 1342 | else | ||
| 1343 | { | ||
| 1344 | while ((*l != '\0') && !ITEM_SEP(*l)) | 1314 | while ((*l != '\0') && !ITEM_SEP(*l)) |
| 1345 | l++; | 1315 | l++; |
| 1346 | } | 1316 | } |
| 1347 | if (*l == '\0') break; /* done */ | 1317 | if (*l == '\0') break; /* done */ |
| 1348 | } | 1318 | } |
| 1349 | 1319 | ||
| 1350 | return(retval); | 1320 | return (retval); |
| 1351 | } | 1321 | } |
| 1352 | 1322 | ||
| 1353 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | 1323 | STACK_OF(SSL_CIPHER) |
| 1354 | STACK_OF(SSL_CIPHER) **cipher_list, | 1324 | *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
| 1355 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | 1325 | STACK_OF(SSL_CIPHER) **cipher_list, |
| 1356 | const char *rule_str) | 1326 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, |
| 1357 | { | 1327 | const char *rule_str) |
| 1328 | { | ||
| 1358 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | 1329 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; |
| 1359 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; | 1330 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; |
| 1360 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | 1331 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; |
| @@ -1384,15 +1355,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1384 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | 1355 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); |
| 1385 | #endif /* KSSL_DEBUG */ | 1356 | #endif /* KSSL_DEBUG */ |
| 1386 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); | 1357 | co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); |
| 1387 | if (co_list == NULL) | 1358 | if (co_list == NULL) { |
| 1388 | { | 1359 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1389 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1390 | return(NULL); /* Failure */ | 1360 | return(NULL); /* Failure */ |
| 1391 | } | 1361 | } |
| 1392 | 1362 | ||
| 1393 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | 1363 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, |
| 1394 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | 1364 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, |
| 1395 | co_list, &head, &tail); | 1365 | co_list, &head, &tail); |
| 1396 | 1366 | ||
| 1397 | 1367 | ||
| 1398 | /* Now arrange all ciphers by preference: */ | 1368 | /* Now arrange all ciphers by preference: */ |
| @@ -1419,19 +1389,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1419 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1389 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1420 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ | 1390 | /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */ |
| 1421 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1391 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1422 | ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1392 | ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1423 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1393 | ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1424 | 1394 | ||
| 1425 | /* RC4 is sort-of broken -- move the the end */ | 1395 | /* RC4 is sort-of broken -- move the the end */ |
| 1426 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | 1396 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); |
| 1427 | 1397 | ||
| 1428 | /* Now sort by symmetric encryption strength. The above ordering remains | 1398 | /* Now sort by symmetric encryption strength. The above ordering remains |
| 1429 | * in force within each class */ | 1399 | * in force within each class */ |
| 1430 | if (!ssl_cipher_strength_sort(&head, &tail)) | 1400 | if (!ssl_cipher_strength_sort(&head, &tail)) { |
| 1431 | { | ||
| 1432 | OPENSSL_free(co_list); | 1401 | OPENSSL_free(co_list); |
| 1433 | return NULL; | 1402 | return NULL; |
| 1434 | } | 1403 | } |
| 1435 | 1404 | ||
| 1436 | /* Now disable everything (maintaining the ordering!) */ | 1405 | /* Now disable everything (maintaining the ordering!) */ |
| 1437 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | 1406 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
| @@ -1448,15 +1417,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1448 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | 1417 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); |
| 1449 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | 1418 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; |
| 1450 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); | 1419 | ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); |
| 1451 | if (ca_list == NULL) | 1420 | if (ca_list == NULL) { |
| 1452 | { | ||
| 1453 | OPENSSL_free(co_list); | 1421 | OPENSSL_free(co_list); |
| 1454 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 1422 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1455 | return(NULL); /* Failure */ | 1423 | return(NULL); /* Failure */ |
| 1456 | } | 1424 | } |
| 1457 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, | 1425 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, |
| 1458 | disabled_mkey, disabled_auth, disabled_enc, | 1426 | disabled_mkey, disabled_auth, disabled_enc, |
| 1459 | disabled_mac, disabled_ssl, head); | 1427 | disabled_mac, disabled_ssl, head); |
| 1460 | 1428 | ||
| 1461 | /* | 1429 | /* |
| 1462 | * If the rule_string begins with DEFAULT, apply the default rule | 1430 | * If the rule_string begins with DEFAULT, apply the default rule |
| @@ -1464,14 +1432,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1464 | */ | 1432 | */ |
| 1465 | ok = 1; | 1433 | ok = 1; |
| 1466 | rule_p = rule_str; | 1434 | rule_p = rule_str; |
| 1467 | if (strncmp(rule_str,"DEFAULT",7) == 0) | 1435 | if (strncmp(rule_str, "DEFAULT", 7) == 0) { |
| 1468 | { | ||
| 1469 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | 1436 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, |
| 1470 | &head, &tail, ca_list); | 1437 | &head, &tail, ca_list); |
| 1471 | rule_p += 7; | 1438 | rule_p += 7; |
| 1472 | if (*rule_p == ':') | 1439 | if (*rule_p == ':') |
| 1473 | rule_p++; | 1440 | rule_p++; |
| 1474 | } | 1441 | } |
| 1475 | 1442 | ||
| 1476 | if (ok && (strlen(rule_p) > 0)) | 1443 | if (ok && (strlen(rule_p) > 0)) |
| 1477 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); | 1444 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); |
| @@ -1479,65 +1446,63 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | |||
| 1479 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ | 1446 | OPENSSL_free((void *)ca_list); /* Not needed anymore */ |
| 1480 | 1447 | ||
| 1481 | if (!ok) | 1448 | if (!ok) |
| 1482 | { /* Rule processing failure */ | 1449 | { /* Rule processing failure */ |
| 1483 | OPENSSL_free(co_list); | 1450 | OPENSSL_free(co_list); |
| 1484 | return(NULL); | 1451 | return (NULL); |
| 1485 | } | 1452 | } |
| 1486 | 1453 | ||
| 1487 | /* | 1454 | /* |
| 1488 | * Allocate new "cipherstack" for the result, return with error | 1455 | * Allocate new "cipherstack" for the result, return with error |
| 1489 | * if we cannot get one. | 1456 | * if we cannot get one. |
| 1490 | */ | 1457 | */ |
| 1491 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) | 1458 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { |
| 1492 | { | ||
| 1493 | OPENSSL_free(co_list); | 1459 | OPENSSL_free(co_list); |
| 1494 | return(NULL); | 1460 | return (NULL); |
| 1495 | } | 1461 | } |
| 1496 | 1462 | ||
| 1497 | /* | 1463 | /* |
| 1498 | * The cipher selection for the list is done. The ciphers are added | 1464 | * The cipher selection for the list is done. The ciphers are added |
| 1499 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | 1465 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). |
| 1500 | */ | 1466 | */ |
| 1501 | for (curr = head; curr != NULL; curr = curr->next) | 1467 | for (curr = head; curr != NULL; curr = curr->next) { |
| 1502 | { | ||
| 1503 | #ifdef OPENSSL_FIPS | 1468 | #ifdef OPENSSL_FIPS |
| 1504 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) | 1469 | if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS)) |
| 1505 | #else | 1470 | #else |
| 1506 | if (curr->active) | 1471 | if (curr->active) |
| 1507 | #endif | 1472 | #endif |
| 1508 | { | 1473 | { |
| 1509 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | 1474 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 1510 | #ifdef CIPHER_DEBUG | 1475 | #ifdef CIPHER_DEBUG |
| 1511 | printf("<%s>\n",curr->cipher->name); | 1476 | printf("<%s>\n", curr->cipher->name); |
| 1512 | #endif | 1477 | #endif |
| 1513 | } | ||
| 1514 | } | 1478 | } |
| 1479 | } | ||
| 1515 | OPENSSL_free(co_list); /* Not needed any longer */ | 1480 | OPENSSL_free(co_list); /* Not needed any longer */ |
| 1516 | 1481 | ||
| 1517 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | 1482 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); |
| 1518 | if (tmp_cipher_list == NULL) | 1483 | if (tmp_cipher_list == NULL) { |
| 1519 | { | ||
| 1520 | sk_SSL_CIPHER_free(cipherstack); | 1484 | sk_SSL_CIPHER_free(cipherstack); |
| 1521 | return NULL; | 1485 | return NULL; |
| 1522 | } | 1486 | } |
| 1523 | if (*cipher_list != NULL) | 1487 | if (*cipher_list != NULL) |
| 1524 | sk_SSL_CIPHER_free(*cipher_list); | 1488 | sk_SSL_CIPHER_free(*cipher_list); |
| 1525 | *cipher_list = cipherstack; | 1489 | *cipher_list = cipherstack; |
| 1526 | if (*cipher_list_by_id != NULL) | 1490 | if (*cipher_list_by_id != NULL) |
| 1527 | sk_SSL_CIPHER_free(*cipher_list_by_id); | 1491 | sk_SSL_CIPHER_free(*cipher_list_by_id); |
| 1528 | *cipher_list_by_id = tmp_cipher_list; | 1492 | *cipher_list_by_id = tmp_cipher_list; |
| 1529 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 1493 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); |
| 1530 | 1494 | ||
| 1531 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | 1495 | sk_SSL_CIPHER_sort(*cipher_list_by_id); |
| 1532 | return(cipherstack); | 1496 | return (cipherstack); |
| 1533 | } | 1497 | } |
| 1534 | 1498 | ||
| 1535 | char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | 1499 | char |
| 1536 | { | 1500 | *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) |
| 1537 | int is_export,pkl,kl; | 1501 | { |
| 1538 | const char *ver,*exp_str; | 1502 | int is_export, pkl, kl; |
| 1539 | const char *kx,*au,*enc,*mac; | 1503 | const char *ver, *exp_str; |
| 1540 | unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2; | 1504 | const char *kx, *au, *enc, *mac; |
| 1505 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; | ||
| 1541 | #ifdef KSSL_DEBUG | 1506 | #ifdef KSSL_DEBUG |
| 1542 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; | 1507 | static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; |
| 1543 | #else | 1508 | #else |
| @@ -1550,13 +1515,13 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1550 | alg_mac = cipher->algorithm_mac; | 1515 | alg_mac = cipher->algorithm_mac; |
| 1551 | alg_ssl = cipher->algorithm_ssl; | 1516 | alg_ssl = cipher->algorithm_ssl; |
| 1552 | 1517 | ||
| 1553 | alg2=cipher->algorithm2; | 1518 | alg2 = cipher->algorithm2; |
| 1519 | |||
| 1520 | is_export = SSL_C_IS_EXPORT(cipher); | ||
| 1521 | pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1522 | kl = SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1523 | exp_str = is_export?" export":""; | ||
| 1554 | 1524 | ||
| 1555 | is_export=SSL_C_IS_EXPORT(cipher); | ||
| 1556 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); | ||
| 1557 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 1558 | exp_str=is_export?" export":""; | ||
| 1559 | |||
| 1560 | if (alg_ssl & SSL_SSLV2) | 1525 | if (alg_ssl & SSL_SSLV2) |
| 1561 | ver="SSLv2"; | 1526 | ver="SSLv2"; |
| 1562 | else if (alg_ssl & SSL_SSLV3) | 1527 | else if (alg_ssl & SSL_SSLV3) |
| @@ -1566,10 +1531,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1566 | else | 1531 | else |
| 1567 | ver="unknown"; | 1532 | ver="unknown"; |
| 1568 | 1533 | ||
| 1569 | switch (alg_mkey) | 1534 | switch (alg_mkey) { |
| 1570 | { | ||
| 1571 | case SSL_kRSA: | 1535 | case SSL_kRSA: |
| 1572 | kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; | 1536 | kx = is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; |
| 1573 | break; | 1537 | break; |
| 1574 | case SSL_kDHr: | 1538 | case SSL_kDHr: |
| 1575 | kx="DH/RSA"; | 1539 | kx="DH/RSA"; |
| @@ -1577,11 +1541,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1577 | case SSL_kDHd: | 1541 | case SSL_kDHd: |
| 1578 | kx="DH/DSS"; | 1542 | kx="DH/DSS"; |
| 1579 | break; | 1543 | break; |
| 1580 | case SSL_kKRB5: | 1544 | case SSL_kKRB5: |
| 1581 | kx="KRB5"; | 1545 | kx="KRB5"; |
| 1582 | break; | 1546 | break; |
| 1583 | case SSL_kEDH: | 1547 | case SSL_kEDH: |
| 1584 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; | 1548 | kx = is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
| 1585 | break; | 1549 | break; |
| 1586 | case SSL_kECDHr: | 1550 | case SSL_kECDHr: |
| 1587 | kx="ECDH/RSA"; | 1551 | kx="ECDH/RSA"; |
| @@ -1600,10 +1564,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1600 | break; | 1564 | break; |
| 1601 | default: | 1565 | default: |
| 1602 | kx="unknown"; | 1566 | kx="unknown"; |
| 1603 | } | 1567 | } |
| 1604 | 1568 | ||
| 1605 | switch (alg_auth) | 1569 | switch (alg_auth) { |
| 1606 | { | ||
| 1607 | case SSL_aRSA: | 1570 | case SSL_aRSA: |
| 1608 | au="RSA"; | 1571 | au="RSA"; |
| 1609 | break; | 1572 | break; |
| @@ -1613,10 +1576,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1613 | case SSL_aDH: | 1576 | case SSL_aDH: |
| 1614 | au="DH"; | 1577 | au="DH"; |
| 1615 | break; | 1578 | break; |
| 1616 | case SSL_aKRB5: | 1579 | case SSL_aKRB5: |
| 1617 | au="KRB5"; | 1580 | au="KRB5"; |
| 1618 | break; | 1581 | break; |
| 1619 | case SSL_aECDH: | 1582 | case SSL_aECDH: |
| 1620 | au="ECDH"; | 1583 | au="ECDH"; |
| 1621 | break; | 1584 | break; |
| 1622 | case SSL_aNULL: | 1585 | case SSL_aNULL: |
| @@ -1631,22 +1594,21 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1631 | default: | 1594 | default: |
| 1632 | au="unknown"; | 1595 | au="unknown"; |
| 1633 | break; | 1596 | break; |
| 1634 | } | 1597 | } |
| 1635 | 1598 | ||
| 1636 | switch (alg_enc) | 1599 | switch (alg_enc) { |
| 1637 | { | ||
| 1638 | case SSL_DES: | 1600 | case SSL_DES: |
| 1639 | enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; | 1601 | enc = (is_export && kl == 5)?"DES(40)":"DES(56)"; |
| 1640 | break; | 1602 | break; |
| 1641 | case SSL_3DES: | 1603 | case SSL_3DES: |
| 1642 | enc="3DES(168)"; | 1604 | enc="3DES(168)"; |
| 1643 | break; | 1605 | break; |
| 1644 | case SSL_RC4: | 1606 | case SSL_RC4: |
| 1645 | enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") | 1607 | enc = is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") |
| 1646 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); | 1608 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); |
| 1647 | break; | 1609 | break; |
| 1648 | case SSL_RC2: | 1610 | case SSL_RC2: |
| 1649 | enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; | 1611 | enc = is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; |
| 1650 | break; | 1612 | break; |
| 1651 | case SSL_IDEA: | 1613 | case SSL_IDEA: |
| 1652 | enc="IDEA(128)"; | 1614 | enc="IDEA(128)"; |
| @@ -1678,10 +1640,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1678 | default: | 1640 | default: |
| 1679 | enc="unknown"; | 1641 | enc="unknown"; |
| 1680 | break; | 1642 | break; |
| 1681 | } | 1643 | } |
| 1682 | 1644 | ||
| 1683 | switch (alg_mac) | 1645 | switch (alg_mac) { |
| 1684 | { | ||
| 1685 | case SSL_MD5: | 1646 | case SSL_MD5: |
| 1686 | mac="MD5"; | 1647 | mac="MD5"; |
| 1687 | break; | 1648 | break; |
| @@ -1700,108 +1661,119 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | |||
| 1700 | default: | 1661 | default: |
| 1701 | mac="unknown"; | 1662 | mac="unknown"; |
| 1702 | break; | 1663 | break; |
| 1703 | } | 1664 | } |
| 1704 | 1665 | ||
| 1705 | if (buf == NULL) | 1666 | if (buf == NULL) { |
| 1706 | { | 1667 | len = 128; |
| 1707 | len=128; | 1668 | buf = OPENSSL_malloc(len); |
| 1708 | buf=OPENSSL_malloc(len); | 1669 | if (buf == NULL) |
| 1709 | if (buf == NULL) return("OPENSSL_malloc Error"); | 1670 | return("OPENSSL_malloc Error"); |
| 1710 | } | 1671 | } else if (len < 128) |
| 1711 | else if (len < 128) | 1672 | return("Buffer too small"); |
| 1712 | return("Buffer too small"); | ||
| 1713 | 1673 | ||
| 1714 | #ifdef KSSL_DEBUG | 1674 | #ifdef KSSL_DEBUG |
| 1715 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl); | 1675 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); |
| 1716 | #else | 1676 | #else |
| 1717 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); | 1677 | BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); |
| 1718 | #endif /* KSSL_DEBUG */ | 1678 | #endif /* KSSL_DEBUG */ |
| 1719 | return(buf); | 1679 | return (buf); |
| 1720 | } | 1680 | } |
| 1721 | 1681 | ||
| 1722 | char *SSL_CIPHER_get_version(const SSL_CIPHER *c) | 1682 | char |
| 1723 | { | 1683 | *SSL_CIPHER_get_version(const SSL_CIPHER *c) |
| 1684 | { | ||
| 1724 | int i; | 1685 | int i; |
| 1725 | 1686 | ||
| 1726 | if (c == NULL) return("(NONE)"); | 1687 | if (c == NULL) |
| 1727 | i=(int)(c->id>>24L); | 1688 | return("(NONE)"); |
| 1689 | i = (int)(c->id >> 24L); | ||
| 1728 | if (i == 3) | 1690 | if (i == 3) |
| 1729 | return("TLSv1/SSLv3"); | 1691 | return("TLSv1/SSLv3"); |
| 1730 | else if (i == 2) | 1692 | else if (i == 2) |
| 1731 | return("SSLv2"); | 1693 | return("SSLv2"); |
| 1732 | else | 1694 | else |
| 1733 | return("unknown"); | 1695 | return("unknown"); |
| 1734 | } | 1696 | } |
| 1735 | 1697 | ||
| 1736 | /* return the actual cipher being used */ | 1698 | /* return the actual cipher being used */ |
| 1737 | const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) | 1699 | const char |
| 1738 | { | 1700 | *SSL_CIPHER_get_name(const SSL_CIPHER *c) |
| 1701 | { | ||
| 1739 | if (c != NULL) | 1702 | if (c != NULL) |
| 1740 | return(c->name); | 1703 | return (c->name); |
| 1741 | return("(NONE)"); | 1704 | return("(NONE)"); |
| 1742 | } | 1705 | } |
| 1743 | 1706 | ||
| 1744 | /* number of bits for symmetric cipher */ | 1707 | /* number of bits for symmetric cipher */ |
| 1745 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) | 1708 | int |
| 1746 | { | 1709 | SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) |
| 1747 | int ret=0; | 1710 | { |
| 1711 | int ret = 0; | ||
| 1748 | 1712 | ||
| 1749 | if (c != NULL) | 1713 | if (c != NULL) { |
| 1750 | { | 1714 | if (alg_bits != NULL) |
| 1751 | if (alg_bits != NULL) *alg_bits = c->alg_bits; | 1715 | *alg_bits = c->alg_bits; |
| 1752 | ret = c->strength_bits; | 1716 | ret = c->strength_bits; |
| 1753 | } | ||
| 1754 | return(ret); | ||
| 1755 | } | 1717 | } |
| 1718 | return (ret); | ||
| 1719 | } | ||
| 1756 | 1720 | ||
| 1757 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) | 1721 | unsigned long |
| 1758 | { | 1722 | SSL_CIPHER_get_id(const SSL_CIPHER *c) |
| 1723 | { | ||
| 1759 | return c->id; | 1724 | return c->id; |
| 1760 | } | 1725 | } |
| 1761 | 1726 | ||
| 1762 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) | 1727 | SSL_COMP |
| 1763 | { | 1728 | *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) |
| 1729 | { | ||
| 1764 | SSL_COMP *ctmp; | 1730 | SSL_COMP *ctmp; |
| 1765 | int i,nn; | 1731 | int i, nn; |
| 1766 | 1732 | ||
| 1767 | if ((n == 0) || (sk == NULL)) return(NULL); | 1733 | if ((n == 0) |
| 1768 | nn=sk_SSL_COMP_num(sk); | 1734 | || (sk == NULL)) return (NULL); |
| 1769 | for (i=0; i<nn; i++) | 1735 | nn = sk_SSL_COMP_num(sk); |
| 1770 | { | 1736 | for (i = 0; i < nn; i++) { |
| 1771 | ctmp=sk_SSL_COMP_value(sk,i); | 1737 | ctmp = sk_SSL_COMP_value(sk, i); |
| 1772 | if (ctmp->id == n) | 1738 | if (ctmp->id == n) |
| 1773 | return(ctmp); | 1739 | return (ctmp); |
| 1774 | } | ||
| 1775 | return(NULL); | ||
| 1776 | } | 1740 | } |
| 1741 | return (NULL); | ||
| 1742 | } | ||
| 1777 | 1743 | ||
| 1778 | #ifdef OPENSSL_NO_COMP | 1744 | #ifdef OPENSSL_NO_COMP |
| 1779 | void *SSL_COMP_get_compression_methods(void) | 1745 | void |
| 1780 | { | 1746 | *SSL_COMP_get_compression_methods(void) |
| 1747 | { | ||
| 1781 | return NULL; | 1748 | return NULL; |
| 1782 | } | 1749 | } |
| 1783 | int SSL_COMP_add_compression_method(int id, void *cm) | 1750 | |
| 1784 | { | 1751 | int |
| 1752 | SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1753 | { | ||
| 1785 | return 1; | 1754 | return 1; |
| 1786 | } | 1755 | } |
| 1787 | 1756 | ||
| 1788 | const char *SSL_COMP_get_name(const void *comp) | 1757 | const char |
| 1789 | { | 1758 | *SSL_COMP_get_name(const void *comp) |
| 1759 | { | ||
| 1790 | return NULL; | 1760 | return NULL; |
| 1791 | } | 1761 | } |
| 1792 | #else | 1762 | #else |
| 1793 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | 1763 | STACK_OF(SSL_COMP) |
| 1794 | { | 1764 | *SSL_COMP_get_compression_methods(void) |
| 1765 | { | ||
| 1795 | load_builtin_compressions(); | 1766 | load_builtin_compressions(); |
| 1796 | return(ssl_comp_methods); | 1767 | return (ssl_comp_methods); |
| 1797 | } | 1768 | } |
| 1798 | 1769 | ||
| 1799 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | 1770 | int |
| 1800 | { | 1771 | SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) |
| 1772 | { | ||
| 1801 | SSL_COMP *comp; | 1773 | SSL_COMP *comp; |
| 1802 | 1774 | ||
| 1803 | if (cm == NULL || cm->type == NID_undef) | 1775 | if (cm == NULL || cm->type == NID_undef) |
| 1804 | return 1; | 1776 | return 1; |
| 1805 | 1777 | ||
| 1806 | /* According to draft-ietf-tls-compression-04.txt, the | 1778 | /* According to draft-ietf-tls-compression-04.txt, the |
| 1807 | compression number ranges should be the following: | 1779 | compression number ranges should be the following: |
| @@ -1809,45 +1781,40 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | |||
| 1809 | 0 to 63: methods defined by the IETF | 1781 | 0 to 63: methods defined by the IETF |
| 1810 | 64 to 192: external party methods assigned by IANA | 1782 | 64 to 192: external party methods assigned by IANA |
| 1811 | 193 to 255: reserved for private use */ | 1783 | 193 to 255: reserved for private use */ |
| 1812 | if (id < 193 || id > 255) | 1784 | if (id < 193 || id > 255) { |
| 1813 | { | 1785 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); |
| 1814 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); | ||
| 1815 | return 0; | 1786 | return 0; |
| 1816 | } | 1787 | } |
| 1817 | 1788 | ||
| 1818 | MemCheck_off(); | 1789 | MemCheck_off(); |
| 1819 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | 1790 | comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); |
| 1820 | comp->id=id; | 1791 | comp->id = id; |
| 1821 | comp->method=cm; | 1792 | comp->method = cm; |
| 1822 | load_builtin_compressions(); | 1793 | load_builtin_compressions(); |
| 1823 | if (ssl_comp_methods | 1794 | if (ssl_comp_methods |
| 1824 | && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) | 1795 | && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { |
| 1825 | { | ||
| 1826 | OPENSSL_free(comp); | 1796 | OPENSSL_free(comp); |
| 1827 | MemCheck_on(); | 1797 | MemCheck_on(); |
| 1828 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID); | 1798 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); |
| 1829 | return(1); | 1799 | return (1); |
| 1830 | } | 1800 | } else if ((ssl_comp_methods == NULL) |
| 1831 | else if ((ssl_comp_methods == NULL) | 1801 | || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { |
| 1832 | || !sk_SSL_COMP_push(ssl_comp_methods,comp)) | ||
| 1833 | { | ||
| 1834 | OPENSSL_free(comp); | 1802 | OPENSSL_free(comp); |
| 1835 | MemCheck_on(); | 1803 | MemCheck_on(); |
| 1836 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | 1804 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); |
| 1837 | return(1); | 1805 | return (1); |
| 1838 | } | 1806 | } else { |
| 1839 | else | ||
| 1840 | { | ||
| 1841 | MemCheck_on(); | 1807 | MemCheck_on(); |
| 1842 | return(0); | 1808 | return (0); |
| 1843 | } | ||
| 1844 | } | 1809 | } |
| 1810 | } | ||
| 1845 | 1811 | ||
| 1846 | const char *SSL_COMP_get_name(const COMP_METHOD *comp) | 1812 | const char |
| 1847 | { | 1813 | *SSL_COMP_get_name(const COMP_METHOD *comp) |
| 1814 | { | ||
| 1848 | if (comp) | 1815 | if (comp) |
| 1849 | return comp->name; | 1816 | return comp->name; |
| 1850 | return NULL; | 1817 | return NULL; |
| 1851 | } | 1818 | } |
| 1852 | 1819 | ||
| 1853 | #endif | 1820 | #endif |
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index 370fb57e3b..67ba3c7699 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
| @@ -68,543 +68,541 @@ | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) | 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) |
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) | 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) |
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA SSL_str_functs[]= | 71 | static ERR_STRING_DATA SSL_str_functs[]= { |
| 72 | { | 72 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, |
| 73 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, | 73 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, |
| 74 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, | 74 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, |
| 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | 75 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, |
| 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | 76 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, |
| 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | 77 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, |
| 78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | 78 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, |
| 79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | 79 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, |
| 80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | 80 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, |
| 81 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, | 81 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, |
| 82 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | 82 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, |
| 83 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, | 83 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, |
| 84 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | 84 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, |
| 85 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | 85 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, |
| 86 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | 86 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, |
| 87 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | 87 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, |
| 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, |
| 89 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | 89 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, |
| 90 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | 90 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, |
| 91 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, | 91 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, |
| 92 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, | 92 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, |
| 93 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | 93 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, |
| 94 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | 94 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, |
| 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, |
| 96 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | 96 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, |
| 97 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | 97 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, |
| 98 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | 98 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, |
| 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, |
| 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, |
| 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, |
| 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, |
| 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, |
| 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, |
| 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, |
| 106 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | 106 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, |
| 107 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | 107 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, |
| 108 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | 108 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, |
| 109 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | 109 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, |
| 110 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | 110 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, |
| 111 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, | 111 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, |
| 112 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, | 112 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, |
| 113 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, | 113 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, |
| 114 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, | 114 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, |
| 115 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, | 115 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, |
| 116 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, | 116 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, |
| 117 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, | 117 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, |
| 118 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, | 118 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, |
| 119 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, | 119 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, |
| 120 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, | 120 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, |
| 121 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, | 121 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, |
| 122 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, | 122 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, |
| 123 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, | 123 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, |
| 124 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, | 124 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, |
| 125 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, | 125 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, |
| 126 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, | 126 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, |
| 127 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, | 127 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, |
| 128 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, | 128 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, |
| 129 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, | 129 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, |
| 130 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, | 130 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, |
| 131 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, | 131 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, |
| 132 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, | 132 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, |
| 133 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, | 133 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, |
| 134 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, | 134 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, |
| 135 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, | 135 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, |
| 136 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, | 136 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, |
| 137 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, | 137 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, |
| 138 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, | 138 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, |
| 139 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, | 139 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, |
| 140 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, | 140 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, |
| 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, |
| 142 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, | 142 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, |
| 143 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, | 143 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, |
| 144 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, | 144 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, |
| 145 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, | 145 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, |
| 146 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, | 146 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, |
| 147 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, | 147 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, |
| 148 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, | 148 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, |
| 149 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | 149 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, |
| 150 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | 150 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, |
| 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, |
| 153 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | 153 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, |
| 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, |
| 156 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, | 156 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, |
| 157 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | 157 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, |
| 158 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | 158 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, |
| 159 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | 159 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, |
| 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, |
| 161 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, | 161 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, |
| 162 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | 162 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, |
| 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, |
| 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, |
| 165 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | 165 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, |
| 166 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, | 166 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, |
| 167 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | 167 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, |
| 168 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | 168 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, |
| 169 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | 169 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, |
| 170 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | 170 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, |
| 171 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, | 171 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, |
| 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, | 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, |
| 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, | 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, |
| 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, |
| 175 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, | 175 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, |
| 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, | 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, |
| 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, | 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, |
| 178 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | 178 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, |
| 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, |
| 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, | 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, |
| 181 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, | 181 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, |
| 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, |
| 183 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | 183 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, | 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, |
| 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, |
| 186 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, | 186 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, |
| 187 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | 187 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, |
| 188 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | 188 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, | 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, |
| 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, |
| 191 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, | 191 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, |
| 192 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | 192 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, |
| 193 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | 193 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, |
| 194 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | 194 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, |
| 195 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, | 195 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, |
| 196 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | 196 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, |
| 197 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | 197 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, |
| 198 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | 198 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, |
| 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, |
| 200 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, | 200 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, |
| 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, |
| 202 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | 202 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, |
| 203 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | 203 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, |
| 204 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, | 204 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, |
| 205 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, | 205 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, |
| 206 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, | 206 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, |
| 207 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, | 207 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, |
| 208 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, | 208 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, |
| 209 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, | 209 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, |
| 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, | 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, |
| 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, | 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, |
| 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, | 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, |
| 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, | 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, |
| 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, | 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, |
| 215 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, | 215 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, |
| 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, | 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, |
| 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, | 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, |
| 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, |
| 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, |
| 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, |
| 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, |
| 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, |
| 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, |
| 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, |
| 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, |
| 226 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | 226 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, |
| 227 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | 227 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, |
| 228 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | 228 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, |
| 229 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | 229 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, |
| 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, |
| 231 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, | 231 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, |
| 232 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | 232 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, |
| 233 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | 233 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, |
| 234 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | 234 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, |
| 235 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | 235 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, |
| 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, |
| 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, |
| 238 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, | 238 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, |
| 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, |
| 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, |
| 241 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, | 241 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, |
| 242 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | 242 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, |
| 244 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | 244 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, |
| 245 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | 245 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, |
| 246 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | 246 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, |
| 247 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | 247 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, |
| 248 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, | 248 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, |
| 249 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, | 249 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, |
| 250 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, | 250 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, |
| 251 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, | 251 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, |
| 252 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, | 252 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, |
| 253 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, | 253 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, |
| 254 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, | 254 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, |
| 255 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, | 255 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, |
| 256 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, | 256 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, |
| 257 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, | 257 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, |
| 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, | 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, |
| 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, | 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, |
| 260 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, | 260 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, |
| 261 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, | 261 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, |
| 262 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, | 262 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, |
| 263 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | 263 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, |
| 264 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, | 264 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, |
| 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, |
| 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, |
| 267 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | 267 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, |
| 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, |
| 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, |
| 270 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | 270 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, |
| 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, | 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, |
| 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, | 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, |
| 273 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, | 273 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, |
| 274 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, | 274 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, |
| 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, | 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, |
| 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, | 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, |
| 277 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, | 277 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, |
| 278 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, | 278 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, |
| 279 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, | 279 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, |
| 280 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, | 280 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, |
| 281 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, | 281 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, |
| 282 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, | 282 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, |
| 283 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, | 283 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, |
| 284 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, | 284 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, |
| 285 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, | 285 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, |
| 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, | 286 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, |
| 287 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, | 287 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, |
| 288 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, | 288 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, |
| 289 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, | 289 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, |
| 290 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, | 290 | {0, NULL} |
| 291 | {0,NULL} | 291 | }; |
| 292 | }; | ||
| 293 | 292 | ||
| 294 | static ERR_STRING_DATA SSL_str_reasons[]= | 293 | static ERR_STRING_DATA SSL_str_reasons[]= { |
| 295 | { | 294 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, |
| 296 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"}, | 295 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, |
| 297 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"}, | 296 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, |
| 298 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"}, | 297 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, |
| 299 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"}, | 298 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, |
| 300 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"}, | 299 | {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, |
| 301 | {ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"}, | 300 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, |
| 302 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"}, | 301 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, |
| 303 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"}, | 302 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, |
| 304 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"}, | 303 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, |
| 305 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"}, | 304 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, |
| 306 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"}, | 305 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, |
| 307 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"}, | 306 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, |
| 308 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"}, | 307 | {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, |
| 309 | {ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, | 308 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, |
| 310 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, | 309 | {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, |
| 311 | {ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, | 310 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, |
| 312 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"}, | 311 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, |
| 313 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, | 312 | {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, |
| 314 | {ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, | 313 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, |
| 315 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, | 314 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, |
| 316 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"}, | 315 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, |
| 317 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, | 316 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, |
| 318 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, | 317 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, |
| 319 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, | 318 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, |
| 320 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"}, | 319 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, |
| 321 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, | 320 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, |
| 322 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, | 321 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, |
| 323 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, | 322 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, |
| 324 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"}, | 323 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, |
| 325 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"}, | 324 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, |
| 326 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"}, | 325 | {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, |
| 327 | {ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"}, | 326 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, |
| 328 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"}, | 327 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, |
| 329 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"}, | 328 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, |
| 330 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"}, | 329 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, |
| 331 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"}, | 330 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, |
| 332 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"}, | 331 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, |
| 333 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"}, | 332 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, |
| 334 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"}, | 333 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, |
| 335 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"}, | 334 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, |
| 336 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"}, | 335 | {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, |
| 337 | {ERR_REASON(SSL_R_BAD_STATE) ,"bad state"}, | 336 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, |
| 338 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"}, | 337 | {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, |
| 339 | {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, | 338 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, |
| 340 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, | 339 | {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, |
| 341 | {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, | 340 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, |
| 342 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, | 341 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, |
| 343 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, | 342 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, |
| 344 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, | 343 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, |
| 345 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, | 344 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, |
| 346 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, | 345 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, |
| 347 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, | 346 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, |
| 348 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | 347 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, |
| 349 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | 348 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, |
| 350 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | 349 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, |
| 351 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, | 350 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, |
| 352 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, | 351 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, |
| 353 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"}, | 352 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, |
| 354 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, | 353 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, |
| 355 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, | 354 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, |
| 356 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, | 355 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, |
| 357 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | 356 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, |
| 358 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | 357 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, |
| 359 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | 358 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, |
| 360 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, | 359 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, |
| 361 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | 360 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, |
| 362 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | 361 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, |
| 363 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, | 362 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, |
| 364 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, | 363 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, |
| 365 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, | 364 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, |
| 366 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"}, | 365 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, |
| 367 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, | 366 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, |
| 368 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"}, | 367 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, |
| 369 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, | 368 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, |
| 370 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, | 369 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, |
| 371 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, | 370 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, |
| 372 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, | 371 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, |
| 373 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, | 372 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, |
| 374 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | 373 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, |
| 375 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, | 374 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, |
| 376 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, | 375 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, |
| 377 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, | 376 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, |
| 378 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, | 377 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, |
| 379 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, | 378 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, |
| 380 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, | 379 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, |
| 381 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, | 380 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, |
| 382 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, | 381 | {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, |
| 383 | {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, | 382 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, |
| 384 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, | 383 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, |
| 385 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, | 384 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, |
| 386 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | 385 | {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, |
| 387 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | 386 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, |
| 388 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, | 387 | {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, |
| 389 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | 388 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, |
| 390 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, | 389 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, |
| 391 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | 390 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, |
| 392 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, | 391 | {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, |
| 393 | {ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"}, | 392 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, |
| 394 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"}, | 393 | {ERR_REASON(SSL_R_KRB5) , "krb5"}, |
| 395 | {ERR_REASON(SSL_R_KRB5) ,"krb5"}, | 394 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, |
| 396 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"}, | 395 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, |
| 397 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"}, | 396 | {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, |
| 398 | {ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"}, | 397 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, |
| 399 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"}, | 398 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, |
| 400 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"}, | 399 | {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, |
| 401 | {ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"}, | 400 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, |
| 402 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"}, | 401 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, |
| 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"}, | 402 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, |
| 404 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"}, | 403 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, |
| 405 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"}, | 404 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, |
| 406 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"}, | 405 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, |
| 407 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"}, | 406 | {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, |
| 408 | {ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"}, | 407 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, |
| 409 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"}, | 408 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, |
| 410 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"}, | 409 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, |
| 411 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"}, | 410 | {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, |
| 412 | {ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"}, | 411 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, |
| 413 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"}, | 412 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, |
| 414 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"}, | 413 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, |
| 415 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"}, | 414 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, |
| 416 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"}, | 415 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, |
| 417 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"}, | 416 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, |
| 418 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"}, | 417 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, |
| 419 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"}, | 418 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, |
| 420 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"}, | 419 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, |
| 421 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"}, | 420 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, |
| 422 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"}, | 421 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, |
| 423 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"}, | 422 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, |
| 424 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"}, | 423 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, |
| 425 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"}, | 424 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, |
| 426 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"}, | 425 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, |
| 427 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"}, | 426 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, |
| 428 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"}, | 427 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, |
| 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"}, | 428 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, |
| 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"}, | 429 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, |
| 431 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"}, | 430 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, |
| 432 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"}, | 431 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, |
| 433 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"}, | 432 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, |
| 434 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"}, | 433 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, |
| 435 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, | 434 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, |
| 436 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, | 435 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, |
| 437 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, | 436 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, |
| 438 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, | 437 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, |
| 439 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, | 438 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, |
| 440 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, | 439 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, |
| 441 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, | 440 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, |
| 442 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, | 441 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, |
| 443 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, | 442 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, |
| 444 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, | 443 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, |
| 445 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, | 444 | {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, |
| 446 | {ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, | 445 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, |
| 447 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"}, | 446 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, |
| 448 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"}, | 447 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, |
| 449 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, | 448 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, |
| 450 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"}, | 449 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, |
| 451 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, | 450 | {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, |
| 452 | {ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, | 451 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, |
| 453 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, | 452 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, |
| 454 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, | 453 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, |
| 455 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"}, | 454 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, |
| 456 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, | 455 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"}, |
| 457 | {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"}, | 456 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, |
| 458 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, | 457 | {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, |
| 459 | {ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, | 458 | {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, |
| 460 | {ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, | 459 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, |
| 461 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"}, | 460 | {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, |
| 462 | {ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"}, | 461 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, |
| 463 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"}, | 462 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, |
| 464 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"}, | 463 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, |
| 465 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"}, | 464 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, |
| 466 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"}, | 465 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, |
| 467 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, | 466 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, |
| 468 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, | 467 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, |
| 469 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, | 468 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, |
| 470 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"}, | 469 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, |
| 471 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"}, | 470 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, |
| 472 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"}, | 471 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, |
| 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, | 472 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, |
| 474 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, | 473 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, |
| 475 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, | 474 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, |
| 476 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"}, | 475 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, |
| 477 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"}, | 476 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, |
| 478 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"}, | 477 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, |
| 479 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, | 478 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, |
| 480 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, | 479 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, |
| 481 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, | 480 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, |
| 482 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"}, | 481 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, |
| 483 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"}, | 482 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, |
| 484 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"}, | 483 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, |
| 485 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, | 484 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, |
| 486 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"}, | 485 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, |
| 487 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, | 486 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, |
| 488 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, | 487 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, |
| 489 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, | 488 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, |
| 490 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, | 489 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, |
| 491 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, | 490 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, |
| 492 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, | 491 | {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, |
| 493 | {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, | 492 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, |
| 494 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"}, | 493 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, |
| 495 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, | 494 | {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, |
| 496 | {ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"}, | 495 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, |
| 497 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"}, | 496 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, |
| 498 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"}, | 497 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, |
| 499 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"}, | 498 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, |
| 500 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, | 499 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, |
| 501 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, | 500 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, |
| 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"}, | 501 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, |
| 503 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, | 502 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, |
| 504 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, | 503 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, |
| 505 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, | 504 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, |
| 506 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"}, | 505 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, |
| 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"}, | 506 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, |
| 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"}, | 507 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, |
| 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"}, | 508 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, |
| 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"}, | 509 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, |
| 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"}, | 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, |
| 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"}, | 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, |
| 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"}, | 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, |
| 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"}, | 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, |
| 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"}, | 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, |
| 516 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"}, | 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, |
| 517 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"}, | 516 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, |
| 518 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"}, | 517 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, |
| 519 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"}, | 518 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, |
| 520 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"}, | 519 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, |
| 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"}, | 520 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, |
| 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"}, | 521 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, |
| 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"}, | 522 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, |
| 524 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"}, | 523 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, |
| 525 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"}, | 524 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, |
| 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"}, | 525 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, |
| 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"}, | 526 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, |
| 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, | 527 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, |
| 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, | 528 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, |
| 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, | 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, |
| 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, | 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, |
| 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, | 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, |
| 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, | 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, |
| 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"}, | 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, |
| 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, | 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, |
| 536 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, | 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, |
| 537 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, | 536 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, |
| 538 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"}, | 537 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, |
| 539 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"}, | 538 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, |
| 540 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"}, | 539 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, |
| 541 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"}, | 540 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, |
| 542 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"}, | 541 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, |
| 543 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, | 542 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbearts"}, |
| 544 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"}, | 543 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, |
| 545 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"}, | 544 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, |
| 546 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"}, | 545 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, |
| 547 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, | 546 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, |
| 548 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, | 547 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, |
| 549 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"}, | 548 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"}, |
| 550 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"}, | 549 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, |
| 551 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"}, | 550 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, |
| 552 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"}, | 551 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, |
| 553 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"}, | 552 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, |
| 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"}, | 553 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, |
| 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"}, | 554 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, |
| 556 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"}, | 555 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, |
| 557 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"}, | 556 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, |
| 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"}, | 557 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, |
| 559 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"}, | 558 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, |
| 560 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"}, | 559 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, |
| 561 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"}, | 560 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, |
| 562 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"}, | 561 | {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, |
| 563 | {ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"}, | 562 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, |
| 564 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"}, | 563 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, |
| 565 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"}, | 564 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, |
| 566 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"}, | 565 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, |
| 567 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"}, | 566 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, |
| 568 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"}, | 567 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, |
| 569 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"}, | 568 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, |
| 570 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"}, | 569 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, |
| 571 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"}, | 570 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, |
| 572 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, | 571 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, |
| 573 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, | 572 | {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, |
| 574 | {ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, | 573 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, |
| 575 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"}, | 574 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, |
| 576 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 575 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, |
| 577 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, | 576 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, |
| 578 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"}, | 577 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, |
| 579 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, | 578 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, |
| 580 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, | 579 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, |
| 581 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, | 580 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, |
| 582 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"}, | 581 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, |
| 583 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"}, | 582 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, |
| 584 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"}, | 583 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, |
| 585 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"}, | 584 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, |
| 586 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"}, | 585 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, |
| 587 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"}, | 586 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, |
| 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, | 587 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, |
| 589 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"}, | 588 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, |
| 590 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"}, | 589 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, |
| 591 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"}, | 590 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, |
| 592 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"}, | 591 | {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, |
| 593 | {ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"}, | 592 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, |
| 594 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"}, | 593 | {0, NULL} |
| 595 | {0,NULL} | 594 | }; |
| 596 | }; | ||
| 597 | 595 | ||
| 598 | #endif | 596 | #endif |
| 599 | 597 | ||
| 600 | void ERR_load_SSL_strings(void) | 598 | void |
| 601 | { | 599 | ERR_load_SSL_strings(void) |
| 600 | { | ||
| 602 | #ifndef OPENSSL_NO_ERR | 601 | #ifndef OPENSSL_NO_ERR |
| 603 | 602 | ||
| 604 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) | 603 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { |
| 605 | { | 604 | ERR_load_strings(0, SSL_str_functs); |
| 606 | ERR_load_strings(0,SSL_str_functs); | 605 | ERR_load_strings(0, SSL_str_reasons); |
| 607 | ERR_load_strings(0,SSL_str_reasons); | ||
| 608 | } | ||
| 609 | #endif | ||
| 610 | } | 606 | } |
| 607 | #endif | ||
| 608 | } | ||
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c index ea95a5f983..cd781d38aa 100644 --- a/src/lib/libssl/ssl_err2.c +++ b/src/lib/libssl/ssl_err2.c | |||
| @@ -60,11 +60,12 @@ | |||
| 60 | #include <openssl/err.h> | 60 | #include <openssl/err.h> |
| 61 | #include <openssl/ssl.h> | 61 | #include <openssl/ssl.h> |
| 62 | 62 | ||
| 63 | void SSL_load_error_strings(void) | 63 | void |
| 64 | { | 64 | SSL_load_error_strings(void) |
| 65 | { | ||
| 65 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | ERR_load_crypto_strings(); | 67 | ERR_load_crypto_strings(); |
| 67 | ERR_load_SSL_strings(); | 68 | ERR_load_SSL_strings(); |
| 68 | #endif | 69 | #endif |
| 69 | } | 70 | } |
| 70 | 71 | ||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index d9a728493e..98764b82aa 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -160,11 +160,11 @@ | |||
| 160 | #include <openssl/engine.h> | 160 | #include <openssl/engine.h> |
| 161 | #endif | 161 | #endif |
| 162 | 162 | ||
| 163 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; | 163 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; |
| 164 | 164 | ||
| 165 | SSL3_ENC_METHOD ssl3_undef_enc_method={ | 165 | SSL3_ENC_METHOD ssl3_undef_enc_method = { |
| 166 | /* evil casts, but these functions are only called if there's a library bug */ | 166 | /* evil casts, but these functions are only called if there's a library bug */ |
| 167 | (int (*)(SSL *,int))ssl_undefined_function, | 167 | (int (*)(SSL *, int))ssl_undefined_function, |
| 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, | 168 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, |
| 169 | ssl_undefined_function, | 169 | ssl_undefined_function, |
| 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | 170 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, |
| @@ -178,129 +178,124 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={ | |||
| 178 | 0, /* server_finished_label_len */ | 178 | 0, /* server_finished_label_len */ |
| 179 | (int (*)(int))ssl_undefined_function, | 179 | (int (*)(int))ssl_undefined_function, |
| 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, | 180 | (int (*)(SSL *, unsigned char *, size_t, const char *, |
| 181 | size_t, const unsigned char *, size_t, | 181 | size_t, const unsigned char *, size_t, |
| 182 | int use_context)) ssl_undefined_function, | 182 | int use_context)) ssl_undefined_function, |
| 183 | }; | 183 | }; |
| 184 | 184 | ||
| 185 | int SSL_clear(SSL *s) | 185 | int |
| 186 | { | 186 | SSL_clear(SSL *s) |
| 187 | { | ||
| 187 | 188 | ||
| 188 | if (s->method == NULL) | 189 | if (s->method == NULL) { |
| 189 | { | 190 | SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED); |
| 190 | SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); | 191 | return (0); |
| 191 | return(0); | 192 | } |
| 192 | } | ||
| 193 | 193 | ||
| 194 | if (ssl_clear_bad_session(s)) | 194 | if (ssl_clear_bad_session(s)) { |
| 195 | { | ||
| 196 | SSL_SESSION_free(s->session); | 195 | SSL_SESSION_free(s->session); |
| 197 | s->session=NULL; | 196 | s->session = NULL; |
| 198 | } | 197 | } |
| 199 | 198 | ||
| 200 | s->error=0; | 199 | s->error = 0; |
| 201 | s->hit=0; | 200 | s->hit = 0; |
| 202 | s->shutdown=0; | 201 | s->shutdown = 0; |
| 203 | 202 | ||
| 204 | #if 0 /* Disabled since version 1.10 of this file (early return not | 203 | #if 0 /* Disabled since version 1.10 of this file (early return not |
| 205 | * needed because SSL_clear is not called when doing renegotiation) */ | 204 | * needed because SSL_clear is not called when doing renegotiation) */ |
| 206 | /* This is set if we are doing dynamic renegotiation so keep | 205 | /* This is set if we are doing dynamic renegotiation so keep |
| 207 | * the old cipher. It is sort of a SSL_clear_lite :-) */ | 206 | * the old cipher. It is sort of a SSL_clear_lite :-) */ |
| 208 | if (s->renegotiate) return(1); | ||
| 209 | #else | ||
| 210 | if (s->renegotiate) | 207 | if (s->renegotiate) |
| 211 | { | 208 | return (1); |
| 212 | SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); | 209 | #else |
| 210 | if (s->renegotiate) { | ||
| 211 | SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); | ||
| 213 | return 0; | 212 | return 0; |
| 214 | } | 213 | } |
| 215 | #endif | 214 | #endif |
| 216 | 215 | ||
| 217 | s->type=0; | 216 | s->type = 0; |
| 218 | 217 | ||
| 219 | s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); | 218 | s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); |
| 220 | 219 | ||
| 221 | s->version=s->method->version; | 220 | s->version = s->method->version; |
| 222 | s->client_version=s->version; | 221 | s->client_version = s->version; |
| 223 | s->rwstate=SSL_NOTHING; | 222 | s->rwstate = SSL_NOTHING; |
| 224 | s->rstate=SSL_ST_READ_HEADER; | 223 | s->rstate = SSL_ST_READ_HEADER; |
| 225 | #if 0 | 224 | #if 0 |
| 226 | s->read_ahead=s->ctx->read_ahead; | 225 | s->read_ahead = s->ctx->read_ahead; |
| 227 | #endif | 226 | #endif |
| 228 | 227 | ||
| 229 | if (s->init_buf != NULL) | 228 | if (s->init_buf != NULL) { |
| 230 | { | ||
| 231 | BUF_MEM_free(s->init_buf); | 229 | BUF_MEM_free(s->init_buf); |
| 232 | s->init_buf=NULL; | 230 | s->init_buf = NULL; |
| 233 | } | 231 | } |
| 234 | 232 | ||
| 235 | ssl_clear_cipher_ctx(s); | 233 | ssl_clear_cipher_ctx(s); |
| 236 | ssl_clear_hash_ctx(&s->read_hash); | 234 | ssl_clear_hash_ctx(&s->read_hash); |
| 237 | ssl_clear_hash_ctx(&s->write_hash); | 235 | ssl_clear_hash_ctx(&s->write_hash); |
| 238 | 236 | ||
| 239 | s->first_packet=0; | 237 | s->first_packet = 0; |
| 240 | 238 | ||
| 241 | #if 1 | 239 | #if 1 |
| 242 | /* Check to see if we were changed into a different method, if | 240 | /* Check to see if we were changed into a different method, if |
| 243 | * so, revert back if we are not doing session-id reuse. */ | 241 | * so, revert back if we are not doing session-id reuse. */ |
| 244 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) | 242 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { |
| 245 | { | ||
| 246 | s->method->ssl_free(s); | 243 | s->method->ssl_free(s); |
| 247 | s->method=s->ctx->method; | 244 | s->method = s->ctx->method; |
| 248 | if (!s->method->ssl_new(s)) | 245 | if (!s->method->ssl_new(s)) |
| 249 | return(0); | 246 | return (0); |
| 250 | } | 247 | } else |
| 251 | else | ||
| 252 | #endif | 248 | #endif |
| 253 | s->method->ssl_clear(s); | 249 | s->method->ssl_clear(s); |
| 254 | return(1); | 250 | return (1); |
| 255 | } | 251 | } |
| 256 | 252 | ||
| 257 | /** Used to change an SSL_CTXs default SSL method type */ | 253 | /** Used to change an SSL_CTXs default SSL method type */ |
| 258 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth) | 254 | int |
| 259 | { | 255 | SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) |
| 256 | { | ||
| 260 | STACK_OF(SSL_CIPHER) *sk; | 257 | STACK_OF(SSL_CIPHER) *sk; |
| 261 | 258 | ||
| 262 | ctx->method=meth; | 259 | ctx->method = meth; |
| 263 | 260 | ||
| 264 | sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), | 261 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), |
| 265 | &(ctx->cipher_list_by_id), | 262 | &(ctx->cipher_list_by_id), |
| 266 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 263 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 267 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) | 264 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { |
| 268 | { | 265 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| 269 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 266 | return (0); |
| 270 | return(0); | ||
| 271 | } | ||
| 272 | return(1); | ||
| 273 | } | 267 | } |
| 268 | return (1); | ||
| 269 | } | ||
| 274 | 270 | ||
| 275 | SSL *SSL_new(SSL_CTX *ctx) | 271 | SSL |
| 276 | { | 272 | *SSL_new(SSL_CTX *ctx) |
| 273 | { | ||
| 277 | SSL *s; | 274 | SSL *s; |
| 278 | 275 | ||
| 279 | if (ctx == NULL) | 276 | if (ctx == NULL) { |
| 280 | { | 277 | SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX); |
| 281 | SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX); | 278 | return (NULL); |
| 282 | return(NULL); | 279 | } |
| 283 | } | 280 | if (ctx->method == NULL) { |
| 284 | if (ctx->method == NULL) | 281 | SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); |
| 285 | { | 282 | return (NULL); |
| 286 | SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); | 283 | } |
| 287 | return(NULL); | ||
| 288 | } | ||
| 289 | 284 | ||
| 290 | s=(SSL *)OPENSSL_malloc(sizeof(SSL)); | 285 | s = (SSL *)OPENSSL_malloc(sizeof(SSL)); |
| 291 | if (s == NULL) goto err; | 286 | if (s == NULL) |
| 292 | memset(s,0,sizeof(SSL)); | 287 | goto err; |
| 288 | memset(s, 0, sizeof(SSL)); | ||
| 293 | 289 | ||
| 294 | #ifndef OPENSSL_NO_KRB5 | 290 | #ifndef OPENSSL_NO_KRB5 |
| 295 | s->kssl_ctx = kssl_ctx_new(); | 291 | s->kssl_ctx = kssl_ctx_new(); |
| 296 | #endif /* OPENSSL_NO_KRB5 */ | 292 | #endif /* OPENSSL_NO_KRB5 */ |
| 297 | 293 | ||
| 298 | s->options=ctx->options; | 294 | s->options = ctx->options; |
| 299 | s->mode=ctx->mode; | 295 | s->mode = ctx->mode; |
| 300 | s->max_cert_list=ctx->max_cert_list; | 296 | s->max_cert_list = ctx->max_cert_list; |
| 301 | 297 | ||
| 302 | if (ctx->cert != NULL) | 298 | if (ctx->cert != NULL) { |
| 303 | { | ||
| 304 | /* Earlier library versions used to copy the pointer to | 299 | /* Earlier library versions used to copy the pointer to |
| 305 | * the CERT, not its contents; only when setting new | 300 | * the CERT, not its contents; only when setting new |
| 306 | * parameters for the per-SSL copy, ssl_cert_new would be | 301 | * parameters for the per-SSL copy, ssl_cert_new would be |
| @@ -314,22 +309,21 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 314 | s->cert = ssl_cert_dup(ctx->cert); | 309 | s->cert = ssl_cert_dup(ctx->cert); |
| 315 | if (s->cert == NULL) | 310 | if (s->cert == NULL) |
| 316 | goto err; | 311 | goto err; |
| 317 | } | 312 | } else |
| 318 | else | ||
| 319 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | 313 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ |
| 320 | 314 | ||
| 321 | s->read_ahead=ctx->read_ahead; | 315 | s->read_ahead = ctx->read_ahead; |
| 322 | s->msg_callback=ctx->msg_callback; | 316 | s->msg_callback = ctx->msg_callback; |
| 323 | s->msg_callback_arg=ctx->msg_callback_arg; | 317 | s->msg_callback_arg = ctx->msg_callback_arg; |
| 324 | s->verify_mode=ctx->verify_mode; | 318 | s->verify_mode = ctx->verify_mode; |
| 325 | #if 0 | 319 | #if 0 |
| 326 | s->verify_depth=ctx->verify_depth; | 320 | s->verify_depth = ctx->verify_depth; |
| 327 | #endif | 321 | #endif |
| 328 | s->sid_ctx_length=ctx->sid_ctx_length; | 322 | s->sid_ctx_length = ctx->sid_ctx_length; |
| 329 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | 323 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); |
| 330 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | 324 | memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); |
| 331 | s->verify_callback=ctx->default_verify_callback; | 325 | s->verify_callback = ctx->default_verify_callback; |
| 332 | s->generate_session_id=ctx->generate_session_id; | 326 | s->generate_session_id = ctx->generate_session_id; |
| 333 | 327 | ||
| 334 | s->param = X509_VERIFY_PARAM_new(); | 328 | s->param = X509_VERIFY_PARAM_new(); |
| 335 | if (!s->param) | 329 | if (!s->param) |
| @@ -339,11 +333,11 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 339 | s->purpose = ctx->purpose; | 333 | s->purpose = ctx->purpose; |
| 340 | s->trust = ctx->trust; | 334 | s->trust = ctx->trust; |
| 341 | #endif | 335 | #endif |
| 342 | s->quiet_shutdown=ctx->quiet_shutdown; | 336 | s->quiet_shutdown = ctx->quiet_shutdown; |
| 343 | s->max_send_fragment = ctx->max_send_fragment; | 337 | s->max_send_fragment = ctx->max_send_fragment; |
| 344 | 338 | ||
| 345 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 339 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 346 | s->ctx=ctx; | 340 | s->ctx = ctx; |
| 347 | #ifndef OPENSSL_NO_TLSEXT | 341 | #ifndef OPENSSL_NO_TLSEXT |
| 348 | s->tlsext_debug_cb = 0; | 342 | s->tlsext_debug_cb = 0; |
| 349 | s->tlsext_debug_arg = NULL; | 343 | s->tlsext_debug_arg = NULL; |
| @@ -354,93 +348,95 @@ SSL *SSL_new(SSL_CTX *ctx) | |||
| 354 | s->tlsext_ocsp_exts = NULL; | 348 | s->tlsext_ocsp_exts = NULL; |
| 355 | s->tlsext_ocsp_resp = NULL; | 349 | s->tlsext_ocsp_resp = NULL; |
| 356 | s->tlsext_ocsp_resplen = -1; | 350 | s->tlsext_ocsp_resplen = -1; |
| 357 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 351 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 358 | s->initial_ctx=ctx; | 352 | s->initial_ctx = ctx; |
| 359 | # ifndef OPENSSL_NO_NEXTPROTONEG | 353 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 360 | s->next_proto_negotiated = NULL; | 354 | s->next_proto_negotiated = NULL; |
| 361 | # endif | 355 | # endif |
| 362 | #endif | 356 | #endif |
| 363 | 357 | ||
| 364 | s->verify_result=X509_V_OK; | 358 | s->verify_result = X509_V_OK; |
| 365 | 359 | ||
| 366 | s->method=ctx->method; | 360 | s->method = ctx->method; |
| 367 | 361 | ||
| 368 | if (!s->method->ssl_new(s)) | 362 | if (!s->method->ssl_new(s)) |
| 369 | goto err; | 363 | goto err; |
| 370 | 364 | ||
| 371 | s->references=1; | 365 | s->references = 1; |
| 372 | s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; | 366 | s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; |
| 373 | 367 | ||
| 374 | SSL_clear(s); | 368 | SSL_clear(s); |
| 375 | 369 | ||
| 376 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 370 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 377 | 371 | ||
| 378 | #ifndef OPENSSL_NO_PSK | 372 | #ifndef OPENSSL_NO_PSK |
| 379 | s->psk_client_callback=ctx->psk_client_callback; | 373 | s->psk_client_callback = ctx->psk_client_callback; |
| 380 | s->psk_server_callback=ctx->psk_server_callback; | 374 | s->psk_server_callback = ctx->psk_server_callback; |
| 381 | #endif | 375 | #endif |
| 382 | 376 | ||
| 383 | return(s); | 377 | return (s); |
| 384 | err: | 378 | err: |
| 385 | if (s != NULL) | 379 | if (s != NULL) { |
| 386 | { | ||
| 387 | if (s->cert != NULL) | 380 | if (s->cert != NULL) |
| 388 | ssl_cert_free(s->cert); | 381 | ssl_cert_free(s->cert); |
| 389 | if (s->ctx != NULL) | 382 | if (s->ctx != NULL) |
| 390 | SSL_CTX_free(s->ctx); /* decrement reference count */ | 383 | SSL_CTX_free(s->ctx); /* decrement reference count */ |
| 391 | OPENSSL_free(s); | 384 | OPENSSL_free(s); |
| 392 | } | ||
| 393 | SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | ||
| 394 | return(NULL); | ||
| 395 | } | 385 | } |
| 386 | SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE); | ||
| 387 | return (NULL); | ||
| 388 | } | ||
| 396 | 389 | ||
| 397 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | 390 | int |
| 398 | unsigned int sid_ctx_len) | 391 | SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, |
| 399 | { | 392 | unsigned int sid_ctx_len) |
| 400 | if(sid_ctx_len > sizeof ctx->sid_ctx) | 393 | { |
| 401 | { | 394 | if (sid_ctx_len > sizeof ctx->sid_ctx) { |
| 402 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 395 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 403 | return 0; | 396 | return 0; |
| 404 | } | 397 | } |
| 405 | ctx->sid_ctx_length=sid_ctx_len; | 398 | ctx->sid_ctx_length = sid_ctx_len; |
| 406 | memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); | 399 | memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); |
| 407 | 400 | ||
| 408 | return 1; | 401 | return 1; |
| 409 | } | 402 | } |
| 410 | 403 | ||
| 411 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | 404 | int |
| 412 | unsigned int sid_ctx_len) | 405 | SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, |
| 413 | { | 406 | unsigned int sid_ctx_len) |
| 414 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 407 | { |
| 415 | { | 408 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 416 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 409 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 417 | return 0; | 410 | return 0; |
| 418 | } | 411 | } |
| 419 | ssl->sid_ctx_length=sid_ctx_len; | 412 | ssl->sid_ctx_length = sid_ctx_len; |
| 420 | memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); | 413 | memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); |
| 421 | 414 | ||
| 422 | return 1; | 415 | return 1; |
| 423 | } | 416 | } |
| 424 | 417 | ||
| 425 | int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) | 418 | int |
| 426 | { | 419 | SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) |
| 420 | { | ||
| 427 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 421 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 428 | ctx->generate_session_id = cb; | 422 | ctx->generate_session_id = cb; |
| 429 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 423 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 430 | return 1; | 424 | return 1; |
| 431 | } | 425 | } |
| 432 | 426 | ||
| 433 | int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) | 427 | int |
| 434 | { | 428 | SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) |
| 429 | { | ||
| 435 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | 430 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 436 | ssl->generate_session_id = cb; | 431 | ssl->generate_session_id = cb; |
| 437 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | 432 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); |
| 438 | return 1; | 433 | return 1; |
| 439 | } | 434 | } |
| 440 | 435 | ||
| 441 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | 436 | int |
| 442 | unsigned int id_len) | 437 | SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, |
| 443 | { | 438 | unsigned int id_len) |
| 439 | { | ||
| 444 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how | 440 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how |
| 445 | * we can "construct" a session to give us the desired check - ie. to | 441 | * we can "construct" a session to give us the desired check - ie. to |
| 446 | * find if there's a session in the hash table that would conflict with | 442 | * find if there's a session in the hash table that would conflict with |
| @@ -448,7 +444,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 448 | * use by this SSL. */ | 444 | * use by this SSL. */ |
| 449 | SSL_SESSION r, *p; | 445 | SSL_SESSION r, *p; |
| 450 | 446 | ||
| 451 | if(id_len > sizeof r.session_id) | 447 | if (id_len > sizeof r.session_id) |
| 452 | return 0; | 448 | return 0; |
| 453 | 449 | ||
| 454 | r.ssl_version = ssl->version; | 450 | r.ssl_version = ssl->version; |
| @@ -458,68 +454,74 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |||
| 458 | * callback is calling us to check the uniqueness of a shorter ID, it | 454 | * callback is calling us to check the uniqueness of a shorter ID, it |
| 459 | * must be compared as a padded-out ID because that is what it will be | 455 | * must be compared as a padded-out ID because that is what it will be |
| 460 | * converted to when the callback has finished choosing it. */ | 456 | * converted to when the callback has finished choosing it. */ |
| 461 | if((r.ssl_version == SSL2_VERSION) && | 457 | if ((r.ssl_version == SSL2_VERSION) && |
| 462 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) | 458 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) { |
| 463 | { | ||
| 464 | memset(r.session_id + id_len, 0, | 459 | memset(r.session_id + id_len, 0, |
| 465 | SSL2_SSL_SESSION_ID_LENGTH - id_len); | 460 | SSL2_SSL_SESSION_ID_LENGTH - id_len); |
| 466 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; | 461 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 467 | } | 462 | } |
| 468 | 463 | ||
| 469 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 464 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 470 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); | 465 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); |
| 471 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 466 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 472 | return (p != NULL); | 467 | return (p != NULL); |
| 473 | } | 468 | } |
| 474 | 469 | ||
| 475 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | 470 | int |
| 476 | { | 471 | SSL_CTX_set_purpose(SSL_CTX *s, int purpose) |
| 472 | { | ||
| 477 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 473 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 478 | } | 474 | } |
| 479 | 475 | ||
| 480 | int SSL_set_purpose(SSL *s, int purpose) | 476 | int |
| 481 | { | 477 | SSL_set_purpose(SSL *s, int purpose) |
| 478 | { | ||
| 482 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); | 479 | return X509_VERIFY_PARAM_set_purpose(s->param, purpose); |
| 483 | } | 480 | } |
| 484 | 481 | ||
| 485 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | 482 | int |
| 486 | { | 483 | SSL_CTX_set_trust(SSL_CTX *s, int trust) |
| 484 | { | ||
| 487 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 485 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 488 | } | 486 | } |
| 489 | 487 | ||
| 490 | int SSL_set_trust(SSL *s, int trust) | 488 | int |
| 491 | { | 489 | SSL_set_trust(SSL *s, int trust) |
| 490 | { | ||
| 492 | return X509_VERIFY_PARAM_set_trust(s->param, trust); | 491 | return X509_VERIFY_PARAM_set_trust(s->param, trust); |
| 493 | } | 492 | } |
| 494 | 493 | ||
| 495 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) | 494 | int |
| 496 | { | 495 | SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) |
| 496 | { | ||
| 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); | 497 | return X509_VERIFY_PARAM_set1(ctx->param, vpm); |
| 498 | } | 498 | } |
| 499 | 499 | ||
| 500 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) | 500 | int |
| 501 | { | 501 | SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) |
| 502 | { | ||
| 502 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); | 503 | return X509_VERIFY_PARAM_set1(ssl->param, vpm); |
| 503 | } | 504 | } |
| 504 | 505 | ||
| 505 | void SSL_free(SSL *s) | 506 | void |
| 506 | { | 507 | SSL_free(SSL *s) |
| 508 | { | ||
| 507 | int i; | 509 | int i; |
| 508 | 510 | ||
| 509 | if(s == NULL) | 511 | if (s == NULL) |
| 510 | return; | 512 | return; |
| 511 | 513 | ||
| 512 | i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); | 514 | i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); |
| 513 | #ifdef REF_PRINT | 515 | #ifdef REF_PRINT |
| 514 | REF_PRINT("SSL",s); | 516 | REF_PRINT("SSL", s); |
| 515 | #endif | 517 | #endif |
| 516 | if (i > 0) return; | 518 | if (i > 0) |
| 519 | return; | ||
| 517 | #ifdef REF_CHECK | 520 | #ifdef REF_CHECK |
| 518 | if (i < 0) | 521 | if (i < 0) { |
| 519 | { | 522 | fprintf(stderr, "SSL_free, bad reference count\n"); |
| 520 | fprintf(stderr,"SSL_free, bad reference count\n"); | ||
| 521 | abort(); /* ok */ | 523 | abort(); /* ok */ |
| 522 | } | 524 | } |
| 523 | #endif | 525 | #endif |
| 524 | 526 | ||
| 525 | if (s->param) | 527 | if (s->param) |
| @@ -527,53 +529,58 @@ void SSL_free(SSL *s) | |||
| 527 | 529 | ||
| 528 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 530 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 529 | 531 | ||
| 530 | if (s->bbio != NULL) | 532 | if (s->bbio != NULL) { |
| 531 | { | ||
| 532 | /* If the buffering BIO is in place, pop it off */ | 533 | /* If the buffering BIO is in place, pop it off */ |
| 533 | if (s->bbio == s->wbio) | 534 | if (s->bbio == s->wbio) { |
| 534 | { | 535 | s->wbio = BIO_pop(s->wbio); |
| 535 | s->wbio=BIO_pop(s->wbio); | ||
| 536 | } | ||
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio=NULL; | ||
| 539 | } | 536 | } |
| 537 | BIO_free(s->bbio); | ||
| 538 | s->bbio = NULL; | ||
| 539 | } | ||
| 540 | if (s->rbio != NULL) | 540 | if (s->rbio != NULL) |
| 541 | BIO_free_all(s->rbio); | 541 | BIO_free_all(s->rbio); |
| 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) | 542 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) |
| 543 | BIO_free_all(s->wbio); | 543 | BIO_free_all(s->wbio); |
| 544 | 544 | ||
| 545 | if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); | 545 | if (s->init_buf != NULL) |
| 546 | BUF_MEM_free(s->init_buf); | ||
| 546 | 547 | ||
| 547 | /* add extra stuff */ | 548 | /* add extra stuff */ |
| 548 | if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); | 549 | if (s->cipher_list != NULL) |
| 549 | if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); | 550 | sk_SSL_CIPHER_free(s->cipher_list); |
| 551 | if (s->cipher_list_by_id != NULL) | ||
| 552 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
| 550 | 553 | ||
| 551 | /* Make the next call work :-) */ | 554 | /* Make the next call work :-) */ |
| 552 | if (s->session != NULL) | 555 | if (s->session != NULL) { |
| 553 | { | ||
| 554 | ssl_clear_bad_session(s); | 556 | ssl_clear_bad_session(s); |
| 555 | SSL_SESSION_free(s->session); | 557 | SSL_SESSION_free(s->session); |
| 556 | } | 558 | } |
| 557 | 559 | ||
| 558 | ssl_clear_cipher_ctx(s); | 560 | ssl_clear_cipher_ctx(s); |
| 559 | ssl_clear_hash_ctx(&s->read_hash); | 561 | ssl_clear_hash_ctx(&s->read_hash); |
| 560 | ssl_clear_hash_ctx(&s->write_hash); | 562 | ssl_clear_hash_ctx(&s->write_hash); |
| 561 | 563 | ||
| 562 | if (s->cert != NULL) ssl_cert_free(s->cert); | 564 | if (s->cert != NULL) |
| 565 | ssl_cert_free(s->cert); | ||
| 563 | /* Free up if allocated */ | 566 | /* Free up if allocated */ |
| 564 | 567 | ||
| 565 | #ifndef OPENSSL_NO_TLSEXT | 568 | #ifndef OPENSSL_NO_TLSEXT |
| 566 | if (s->tlsext_hostname) | 569 | if (s->tlsext_hostname) |
| 567 | OPENSSL_free(s->tlsext_hostname); | 570 | OPENSSL_free(s->tlsext_hostname); |
| 568 | if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); | 571 | if (s->initial_ctx) |
| 572 | SSL_CTX_free(s->initial_ctx); | ||
| 569 | #ifndef OPENSSL_NO_EC | 573 | #ifndef OPENSSL_NO_EC |
| 570 | if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist); | 574 | if (s->tlsext_ecpointformatlist) |
| 571 | if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); | 575 | OPENSSL_free(s->tlsext_ecpointformatlist); |
| 576 | if (s->tlsext_ellipticcurvelist) | ||
| 577 | OPENSSL_free(s->tlsext_ellipticcurvelist); | ||
| 572 | #endif /* OPENSSL_NO_EC */ | 578 | #endif /* OPENSSL_NO_EC */ |
| 573 | if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input); | 579 | if (s->tlsext_opaque_prf_input) |
| 580 | OPENSSL_free(s->tlsext_opaque_prf_input); | ||
| 574 | if (s->tlsext_ocsp_exts) | 581 | if (s->tlsext_ocsp_exts) |
| 575 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 582 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, |
| 576 | X509_EXTENSION_free); | 583 | X509_EXTENSION_free); |
| 577 | if (s->tlsext_ocsp_ids) | 584 | if (s->tlsext_ocsp_ids) |
| 578 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | 585 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); |
| 579 | if (s->tlsext_ocsp_resp) | 586 | if (s->tlsext_ocsp_resp) |
| @@ -581,11 +588,13 @@ void SSL_free(SSL *s) | |||
| 581 | #endif | 588 | #endif |
| 582 | 589 | ||
| 583 | if (s->client_CA != NULL) | 590 | if (s->client_CA != NULL) |
| 584 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); | 591 | sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); |
| 585 | 592 | ||
| 586 | if (s->method != NULL) s->method->ssl_free(s); | 593 | if (s->method != NULL) |
| 594 | s->method->ssl_free(s); | ||
| 587 | 595 | ||
| 588 | if (s->ctx) SSL_CTX_free(s->ctx); | 596 | if (s->ctx) |
| 597 | SSL_CTX_free(s->ctx); | ||
| 589 | 598 | ||
| 590 | #ifndef OPENSSL_NO_KRB5 | 599 | #ifndef OPENSSL_NO_KRB5 |
| 591 | if (s->kssl_ctx != NULL) | 600 | if (s->kssl_ctx != NULL) |
| @@ -598,223 +607,237 @@ void SSL_free(SSL *s) | |||
| 598 | #endif | 607 | #endif |
| 599 | 608 | ||
| 600 | #ifndef OPENSSL_NO_SRTP | 609 | #ifndef OPENSSL_NO_SRTP |
| 601 | if (s->srtp_profiles) | 610 | if (s->srtp_profiles) |
| 602 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); | 611 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); |
| 603 | #endif | 612 | #endif |
| 604 | 613 | ||
| 605 | OPENSSL_free(s); | 614 | OPENSSL_free(s); |
| 606 | } | 615 | } |
| 607 | 616 | ||
| 608 | void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) | 617 | void |
| 609 | { | 618 | SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) |
| 619 | { | ||
| 610 | /* If the output buffering BIO is still in place, remove it | 620 | /* If the output buffering BIO is still in place, remove it |
| 611 | */ | 621 | */ |
| 612 | if (s->bbio != NULL) | 622 | if (s->bbio != NULL) { |
| 613 | { | 623 | if (s->wbio == s->bbio) { |
| 614 | if (s->wbio == s->bbio) | 624 | s->wbio = s->wbio->next_bio; |
| 615 | { | 625 | s->bbio->next_bio = NULL; |
| 616 | s->wbio=s->wbio->next_bio; | ||
| 617 | s->bbio->next_bio=NULL; | ||
| 618 | } | ||
| 619 | } | 626 | } |
| 627 | } | ||
| 620 | if ((s->rbio != NULL) && (s->rbio != rbio)) | 628 | if ((s->rbio != NULL) && (s->rbio != rbio)) |
| 621 | BIO_free_all(s->rbio); | 629 | BIO_free_all(s->rbio); |
| 622 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) | 630 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) |
| 623 | BIO_free_all(s->wbio); | 631 | BIO_free_all(s->wbio); |
| 624 | s->rbio=rbio; | 632 | s->rbio = rbio; |
| 625 | s->wbio=wbio; | 633 | s->wbio = wbio; |
| 626 | } | 634 | } |
| 627 | 635 | ||
| 628 | BIO *SSL_get_rbio(const SSL *s) | 636 | BIO |
| 629 | { return(s->rbio); } | 637 | *SSL_get_rbio(const SSL *s) |
| 638 | { return (s->rbio); | ||
| 639 | } | ||
| 630 | 640 | ||
| 631 | BIO *SSL_get_wbio(const SSL *s) | 641 | BIO |
| 632 | { return(s->wbio); } | 642 | *SSL_get_wbio(const SSL *s) |
| 643 | { return (s->wbio); | ||
| 644 | } | ||
| 633 | 645 | ||
| 634 | int SSL_get_fd(const SSL *s) | 646 | int |
| 635 | { | 647 | SSL_get_fd(const SSL *s) |
| 636 | return(SSL_get_rfd(s)); | 648 | { |
| 637 | } | 649 | return (SSL_get_rfd(s)); |
| 650 | } | ||
| 638 | 651 | ||
| 639 | int SSL_get_rfd(const SSL *s) | 652 | int |
| 640 | { | 653 | SSL_get_rfd(const SSL *s) |
| 641 | int ret= -1; | 654 | { |
| 642 | BIO *b,*r; | 655 | int ret = -1; |
| 656 | BIO *b, *r; | ||
| 643 | 657 | ||
| 644 | b=SSL_get_rbio(s); | 658 | b = SSL_get_rbio(s); |
| 645 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 659 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 646 | if (r != NULL) | 660 | if (r != NULL) |
| 647 | BIO_get_fd(r,&ret); | 661 | BIO_get_fd(r, &ret); |
| 648 | return(ret); | 662 | return (ret); |
| 649 | } | 663 | } |
| 650 | 664 | ||
| 651 | int SSL_get_wfd(const SSL *s) | 665 | int |
| 652 | { | 666 | SSL_get_wfd(const SSL *s) |
| 653 | int ret= -1; | 667 | { |
| 654 | BIO *b,*r; | 668 | int ret = -1; |
| 669 | BIO *b, *r; | ||
| 655 | 670 | ||
| 656 | b=SSL_get_wbio(s); | 671 | b = SSL_get_wbio(s); |
| 657 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | 672 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); |
| 658 | if (r != NULL) | 673 | if (r != NULL) |
| 659 | BIO_get_fd(r,&ret); | 674 | BIO_get_fd(r, &ret); |
| 660 | return(ret); | 675 | return (ret); |
| 661 | } | 676 | } |
| 662 | 677 | ||
| 663 | #ifndef OPENSSL_NO_SOCK | 678 | #ifndef OPENSSL_NO_SOCK |
| 664 | int SSL_set_fd(SSL *s,int fd) | 679 | int |
| 665 | { | 680 | SSL_set_fd(SSL *s, int fd) |
| 666 | int ret=0; | 681 | { |
| 667 | BIO *bio=NULL; | 682 | int ret = 0; |
| 683 | BIO *bio = NULL; | ||
| 668 | 684 | ||
| 669 | bio=BIO_new(BIO_s_socket()); | 685 | bio = BIO_new(BIO_s_socket()); |
| 670 | 686 | ||
| 671 | if (bio == NULL) | 687 | if (bio == NULL) { |
| 672 | { | 688 | SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB); |
| 673 | SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB); | ||
| 674 | goto err; | 689 | goto err; |
| 675 | } | ||
| 676 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 677 | SSL_set_bio(s,bio,bio); | ||
| 678 | ret=1; | ||
| 679 | err: | ||
| 680 | return(ret); | ||
| 681 | } | 690 | } |
| 691 | BIO_set_fd(bio, fd, BIO_NOCLOSE); | ||
| 692 | SSL_set_bio(s, bio, bio); | ||
| 693 | ret = 1; | ||
| 694 | err: | ||
| 695 | return (ret); | ||
| 696 | } | ||
| 682 | 697 | ||
| 683 | int SSL_set_wfd(SSL *s,int fd) | 698 | int |
| 684 | { | 699 | SSL_set_wfd(SSL *s, int fd) |
| 685 | int ret=0; | 700 | { |
| 686 | BIO *bio=NULL; | 701 | int ret = 0; |
| 702 | BIO *bio = NULL; | ||
| 687 | 703 | ||
| 688 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) | 704 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) |
| 689 | || ((int)BIO_get_fd(s->rbio,NULL) != fd)) | 705 | || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { |
| 690 | { | 706 | bio = BIO_new(BIO_s_socket()); |
| 691 | bio=BIO_new(BIO_s_socket()); | ||
| 692 | 707 | ||
| 693 | if (bio == NULL) | 708 | if (bio == NULL) |
| 694 | { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; } | 709 | { SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB); |
| 695 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | 710 | goto err; |
| 696 | SSL_set_bio(s,SSL_get_rbio(s),bio); | ||
| 697 | } | 711 | } |
| 698 | else | 712 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 699 | SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s)); | 713 | SSL_set_bio(s, SSL_get_rbio(s), bio); |
| 700 | ret=1; | 714 | } else |
| 715 | SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); | ||
| 716 | ret = 1; | ||
| 701 | err: | 717 | err: |
| 702 | return(ret); | 718 | return (ret); |
| 703 | } | 719 | } |
| 704 | 720 | ||
| 705 | int SSL_set_rfd(SSL *s,int fd) | 721 | int |
| 706 | { | 722 | SSL_set_rfd(SSL *s, int fd) |
| 707 | int ret=0; | 723 | { |
| 708 | BIO *bio=NULL; | 724 | int ret = 0; |
| 725 | BIO *bio = NULL; | ||
| 709 | 726 | ||
| 710 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) | 727 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) |
| 711 | || ((int)BIO_get_fd(s->wbio,NULL) != fd)) | 728 | || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { |
| 712 | { | 729 | bio = BIO_new(BIO_s_socket()); |
| 713 | bio=BIO_new(BIO_s_socket()); | ||
| 714 | 730 | ||
| 715 | if (bio == NULL) | 731 | if (bio == NULL) { |
| 716 | { | 732 | SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB); |
| 717 | SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB); | ||
| 718 | goto err; | 733 | goto err; |
| 719 | } | ||
| 720 | BIO_set_fd(bio,fd,BIO_NOCLOSE); | ||
| 721 | SSL_set_bio(s,bio,SSL_get_wbio(s)); | ||
| 722 | } | 734 | } |
| 723 | else | 735 | BIO_set_fd(bio, fd, BIO_NOCLOSE); |
| 724 | SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s)); | 736 | SSL_set_bio(s, bio, SSL_get_wbio(s)); |
| 725 | ret=1; | 737 | } else |
| 738 | SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); | ||
| 739 | ret = 1; | ||
| 726 | err: | 740 | err: |
| 727 | return(ret); | 741 | return (ret); |
| 728 | } | 742 | } |
| 729 | #endif | 743 | #endif |
| 730 | 744 | ||
| 731 | 745 | ||
| 732 | /* return length of latest Finished message we sent, copy to 'buf' */ | 746 | /* return length of latest Finished message we sent, copy to 'buf' */ |
| 733 | size_t SSL_get_finished(const SSL *s, void *buf, size_t count) | 747 | size_t |
| 734 | { | 748 | SSL_get_finished(const SSL *s, void *buf, size_t count) |
| 749 | { | ||
| 735 | size_t ret = 0; | 750 | size_t ret = 0; |
| 736 | 751 | ||
| 737 | if (s->s3 != NULL) | 752 | if (s->s3 != NULL) { |
| 738 | { | ||
| 739 | ret = s->s3->tmp.finish_md_len; | 753 | ret = s->s3->tmp.finish_md_len; |
| 740 | if (count > ret) | 754 | if (count > ret) |
| 741 | count = ret; | 755 | count = ret; |
| 742 | memcpy(buf, s->s3->tmp.finish_md, count); | 756 | memcpy(buf, s->s3->tmp.finish_md, count); |
| 743 | } | ||
| 744 | return ret; | ||
| 745 | } | 757 | } |
| 758 | return ret; | ||
| 759 | } | ||
| 746 | 760 | ||
| 747 | /* return length of latest Finished message we expected, copy to 'buf' */ | 761 | /* return length of latest Finished message we expected, copy to 'buf' */ |
| 748 | size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | 762 | size_t |
| 749 | { | 763 | SSL_get_peer_finished(const SSL *s, void *buf, size_t count) |
| 764 | { | ||
| 750 | size_t ret = 0; | 765 | size_t ret = 0; |
| 751 | 766 | ||
| 752 | if (s->s3 != NULL) | 767 | if (s->s3 != NULL) { |
| 753 | { | ||
| 754 | ret = s->s3->tmp.peer_finish_md_len; | 768 | ret = s->s3->tmp.peer_finish_md_len; |
| 755 | if (count > ret) | 769 | if (count > ret) |
| 756 | count = ret; | 770 | count = ret; |
| 757 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | 771 | memcpy(buf, s->s3->tmp.peer_finish_md, count); |
| 758 | } | ||
| 759 | return ret; | ||
| 760 | } | 772 | } |
| 773 | return ret; | ||
| 774 | } | ||
| 761 | 775 | ||
| 762 | 776 | ||
| 763 | int SSL_get_verify_mode(const SSL *s) | 777 | int |
| 764 | { | 778 | SSL_get_verify_mode(const SSL *s) |
| 765 | return(s->verify_mode); | 779 | { |
| 766 | } | 780 | return (s->verify_mode); |
| 781 | } | ||
| 767 | 782 | ||
| 768 | int SSL_get_verify_depth(const SSL *s) | 783 | int |
| 769 | { | 784 | SSL_get_verify_depth(const SSL *s) |
| 785 | { | ||
| 770 | return X509_VERIFY_PARAM_get_depth(s->param); | 786 | return X509_VERIFY_PARAM_get_depth(s->param); |
| 771 | } | 787 | } |
| 772 | 788 | ||
| 773 | int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *) | 789 | int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) |
| 774 | { | 790 | { |
| 775 | return(s->verify_callback); | 791 | return (s->verify_callback); |
| 776 | } | 792 | } |
| 777 | 793 | ||
| 778 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | 794 | int |
| 779 | { | 795 | SSL_CTX_get_verify_mode(const SSL_CTX *ctx) |
| 780 | return(ctx->verify_mode); | 796 | { |
| 781 | } | 797 | return (ctx->verify_mode); |
| 798 | } | ||
| 782 | 799 | ||
| 783 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | 800 | int |
| 784 | { | 801 | SSL_CTX_get_verify_depth(const SSL_CTX *ctx) |
| 802 | { | ||
| 785 | return X509_VERIFY_PARAM_get_depth(ctx->param); | 803 | return X509_VERIFY_PARAM_get_depth(ctx->param); |
| 786 | } | 804 | } |
| 787 | 805 | ||
| 788 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *) | 806 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) |
| 789 | { | 807 | { |
| 790 | return(ctx->default_verify_callback); | 808 | return (ctx->default_verify_callback); |
| 791 | } | 809 | } |
| 792 | 810 | ||
| 793 | void SSL_set_verify(SSL *s,int mode, | 811 | void |
| 794 | int (*callback)(int ok,X509_STORE_CTX *ctx)) | 812 | SSL_set_verify(SSL *s, int mode, |
| 795 | { | 813 | int (*callback)(int ok, X509_STORE_CTX *ctx)) |
| 796 | s->verify_mode=mode; | 814 | { |
| 815 | s->verify_mode = mode; | ||
| 797 | if (callback != NULL) | 816 | if (callback != NULL) |
| 798 | s->verify_callback=callback; | 817 | s->verify_callback = callback; |
| 799 | } | 818 | } |
| 800 | 819 | ||
| 801 | void SSL_set_verify_depth(SSL *s,int depth) | 820 | void |
| 802 | { | 821 | SSL_set_verify_depth(SSL *s, int depth) |
| 822 | { | ||
| 803 | X509_VERIFY_PARAM_set_depth(s->param, depth); | 823 | X509_VERIFY_PARAM_set_depth(s->param, depth); |
| 804 | } | 824 | } |
| 805 | 825 | ||
| 806 | void SSL_set_read_ahead(SSL *s,int yes) | 826 | void |
| 807 | { | 827 | SSL_set_read_ahead(SSL *s, int yes) |
| 808 | s->read_ahead=yes; | 828 | { |
| 809 | } | 829 | s->read_ahead = yes; |
| 830 | } | ||
| 810 | 831 | ||
| 811 | int SSL_get_read_ahead(const SSL *s) | 832 | int |
| 812 | { | 833 | SSL_get_read_ahead(const SSL *s) |
| 813 | return(s->read_ahead); | 834 | { |
| 814 | } | 835 | return (s->read_ahead); |
| 836 | } | ||
| 815 | 837 | ||
| 816 | int SSL_pending(const SSL *s) | 838 | int |
| 817 | { | 839 | SSL_pending(const SSL *s) |
| 840 | { | ||
| 818 | /* SSL_pending cannot work properly if read-ahead is enabled | 841 | /* SSL_pending cannot work properly if read-ahead is enabled |
| 819 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), | 842 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), |
| 820 | * and it is impossible to fix since SSL_pending cannot report | 843 | * and it is impossible to fix since SSL_pending cannot report |
| @@ -822,264 +845,266 @@ int SSL_pending(const SSL *s) | |||
| 822 | * (Note that SSL_pending() is often used as a boolean value, | 845 | * (Note that SSL_pending() is often used as a boolean value, |
| 823 | * so we'd better not return -1.) | 846 | * so we'd better not return -1.) |
| 824 | */ | 847 | */ |
| 825 | return(s->method->ssl_pending(s)); | 848 | return (s->method->ssl_pending(s)); |
| 826 | } | 849 | } |
| 827 | 850 | ||
| 828 | X509 *SSL_get_peer_certificate(const SSL *s) | 851 | X509 |
| 829 | { | 852 | *SSL_get_peer_certificate(const SSL *s) |
| 853 | { | ||
| 830 | X509 *r; | 854 | X509 *r; |
| 831 | 855 | ||
| 832 | if ((s == NULL) || (s->session == NULL)) | 856 | if ((s == NULL) || (s->session == NULL)) |
| 833 | r=NULL; | 857 | r = NULL; |
| 834 | else | 858 | else |
| 835 | r=s->session->peer; | 859 | r = s->session->peer; |
| 836 | 860 | ||
| 837 | if (r == NULL) return(r); | 861 | if (r == NULL) |
| 862 | return (r); | ||
| 838 | 863 | ||
| 839 | CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509); | 864 | CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); |
| 840 | 865 | ||
| 841 | return(r); | 866 | return (r); |
| 842 | } | 867 | } |
| 843 | 868 | ||
| 844 | STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) | 869 | STACK_OF(X509) |
| 845 | { | 870 | *SSL_get_peer_cert_chain(const SSL *s) |
| 871 | { | ||
| 846 | STACK_OF(X509) *r; | 872 | STACK_OF(X509) *r; |
| 847 | 873 | ||
| 848 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) | 874 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) |
| 849 | r=NULL; | 875 | r = NULL; |
| 850 | else | 876 | else |
| 851 | r=s->session->sess_cert->cert_chain; | 877 | r = s->session->sess_cert->cert_chain; |
| 852 | 878 | ||
| 853 | /* If we are a client, cert_chain includes the peer's own | 879 | /* If we are a client, cert_chain includes the peer's own |
| 854 | * certificate; if we are a server, it does not. */ | 880 | * certificate; |
| 855 | 881 | if we are a server, it does not. */ | |
| 856 | return(r); | 882 | |
| 857 | } | 883 | return (r); |
| 884 | } | ||
| 858 | 885 | ||
| 859 | /* Now in theory, since the calling process own 't' it should be safe to | 886 | /* Now in theory, since the calling process own 't' it should be safe to |
| 860 | * modify. We need to be able to read f without being hassled */ | 887 | * modify. We need to be able to read f without being hassled */ |
| 861 | void SSL_copy_session_id(SSL *t,const SSL *f) | 888 | void |
| 862 | { | 889 | SSL_copy_session_id(SSL *t, const SSL *f) |
| 890 | { | ||
| 863 | CERT *tmp; | 891 | CERT *tmp; |
| 864 | 892 | ||
| 865 | /* Do we need to to SSL locking? */ | 893 | /* Do we need to to SSL locking? */ |
| 866 | SSL_set_session(t,SSL_get_session(f)); | 894 | SSL_set_session(t, SSL_get_session(f)); |
| 867 | 895 | ||
| 868 | /* what if we are setup as SSLv2 but want to talk SSLv3 or | 896 | /* what if we are setup as SSLv2 but want to talk SSLv3 or |
| 869 | * vice-versa */ | 897 | * vice-versa */ |
| 870 | if (t->method != f->method) | 898 | if (t->method != f->method) { |
| 871 | { | ||
| 872 | t->method->ssl_free(t); /* cleanup current */ | 899 | t->method->ssl_free(t); /* cleanup current */ |
| 873 | t->method=f->method; /* change method */ | 900 | t->method=f->method; /* change method */ |
| 874 | t->method->ssl_new(t); /* setup new */ | 901 | t->method->ssl_new(t); /* setup new */ |
| 875 | } | ||
| 876 | |||
| 877 | tmp=t->cert; | ||
| 878 | if (f->cert != NULL) | ||
| 879 | { | ||
| 880 | CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 881 | t->cert=f->cert; | ||
| 882 | } | ||
| 883 | else | ||
| 884 | t->cert=NULL; | ||
| 885 | if (tmp != NULL) ssl_cert_free(tmp); | ||
| 886 | SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); | ||
| 887 | } | 902 | } |
| 888 | 903 | ||
| 904 | tmp = t->cert; | ||
| 905 | if (f->cert != NULL) { | ||
| 906 | CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); | ||
| 907 | t->cert = f->cert; | ||
| 908 | } else | ||
| 909 | t->cert = NULL; | ||
| 910 | if (tmp != NULL) | ||
| 911 | ssl_cert_free(tmp); | ||
| 912 | SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); | ||
| 913 | } | ||
| 914 | |||
| 889 | /* Fix this so it checks all the valid key/cert options */ | 915 | /* Fix this so it checks all the valid key/cert options */ |
| 890 | int SSL_CTX_check_private_key(const SSL_CTX *ctx) | 916 | int |
| 891 | { | 917 | SSL_CTX_check_private_key(const SSL_CTX *ctx) |
| 892 | if ( (ctx == NULL) || | 918 | { |
| 919 | if ((ctx == NULL) || | ||
| 893 | (ctx->cert == NULL) || | 920 | (ctx->cert == NULL) || |
| 894 | (ctx->cert->key->x509 == NULL)) | 921 | (ctx->cert->key->x509 == NULL)) { |
| 895 | { | 922 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 896 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | 923 | return (0); |
| 897 | return(0); | 924 | } |
| 898 | } | 925 | if (ctx->cert->key->privatekey == NULL) { |
| 899 | if (ctx->cert->key->privatekey == NULL) | 926 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); |
| 900 | { | 927 | return (0); |
| 901 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 902 | return(0); | ||
| 903 | } | ||
| 904 | return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 905 | } | 928 | } |
| 929 | return (X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); | ||
| 930 | } | ||
| 906 | 931 | ||
| 907 | /* Fix this function so that it takes an optional type parameter */ | 932 | /* Fix this function so that it takes an optional type parameter */ |
| 908 | int SSL_check_private_key(const SSL *ssl) | 933 | int |
| 909 | { | 934 | SSL_check_private_key(const SSL *ssl) |
| 910 | if (ssl == NULL) | 935 | { |
| 911 | { | 936 | if (ssl == NULL) { |
| 912 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER); | 937 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER); |
| 913 | return(0); | 938 | return (0); |
| 914 | } | 939 | } |
| 915 | if (ssl->cert == NULL) | 940 | if (ssl->cert == NULL) { |
| 916 | { | 941 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 917 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 918 | return 0; | 942 | return 0; |
| 919 | } | ||
| 920 | if (ssl->cert->key->x509 == NULL) | ||
| 921 | { | ||
| 922 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 923 | return(0); | ||
| 924 | } | ||
| 925 | if (ssl->cert->key->privatekey == NULL) | ||
| 926 | { | ||
| 927 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 928 | return(0); | ||
| 929 | } | ||
| 930 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 931 | ssl->cert->key->privatekey)); | ||
| 932 | } | 943 | } |
| 944 | if (ssl->cert->key->x509 == NULL) { | ||
| 945 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 946 | return (0); | ||
| 947 | } | ||
| 948 | if (ssl->cert->key->privatekey == NULL) { | ||
| 949 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 950 | return (0); | ||
| 951 | } | ||
| 952 | return(X509_check_private_key(ssl->cert->key->x509, | ||
| 953 | ssl->cert->key->privatekey)); | ||
| 954 | } | ||
| 933 | 955 | ||
| 934 | int SSL_accept(SSL *s) | 956 | int |
| 935 | { | 957 | SSL_accept(SSL *s) |
| 958 | { | ||
| 936 | if (s->handshake_func == 0) | 959 | if (s->handshake_func == 0) |
| 937 | /* Not properly initialized yet */ | 960 | /* Not properly initialized yet */ |
| 938 | SSL_set_accept_state(s); | 961 | SSL_set_accept_state(s); |
| 939 | 962 | ||
| 940 | return(s->method->ssl_accept(s)); | 963 | return (s->method->ssl_accept(s)); |
| 941 | } | 964 | } |
| 942 | 965 | ||
| 943 | int SSL_connect(SSL *s) | 966 | int |
| 944 | { | 967 | SSL_connect(SSL *s) |
| 968 | { | ||
| 945 | if (s->handshake_func == 0) | 969 | if (s->handshake_func == 0) |
| 946 | /* Not properly initialized yet */ | 970 | /* Not properly initialized yet */ |
| 947 | SSL_set_connect_state(s); | 971 | SSL_set_connect_state(s); |
| 948 | 972 | ||
| 949 | return(s->method->ssl_connect(s)); | 973 | return (s->method->ssl_connect(s)); |
| 950 | } | 974 | } |
| 951 | 975 | ||
| 952 | long SSL_get_default_timeout(const SSL *s) | 976 | long |
| 953 | { | 977 | SSL_get_default_timeout(const SSL *s) |
| 954 | return(s->method->get_timeout()); | 978 | { |
| 955 | } | 979 | return (s->method->get_timeout()); |
| 980 | } | ||
| 956 | 981 | ||
| 957 | int SSL_read(SSL *s,void *buf,int num) | 982 | int |
| 958 | { | 983 | SSL_read(SSL *s, void *buf, int num) |
| 959 | if (s->handshake_func == 0) | 984 | { |
| 960 | { | 985 | if (s->handshake_func == 0) { |
| 961 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | 986 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); |
| 962 | return -1; | 987 | return -1; |
| 963 | } | 988 | } |
| 964 | 989 | ||
| 965 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 990 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 966 | { | 991 | s->rwstate = SSL_NOTHING; |
| 967 | s->rwstate=SSL_NOTHING; | 992 | return (0); |
| 968 | return(0); | ||
| 969 | } | ||
| 970 | return(s->method->ssl_read(s,buf,num)); | ||
| 971 | } | 993 | } |
| 994 | return (s->method->ssl_read(s, buf, num)); | ||
| 995 | } | ||
| 972 | 996 | ||
| 973 | int SSL_peek(SSL *s,void *buf,int num) | 997 | int |
| 974 | { | 998 | SSL_peek(SSL *s, void *buf, int num) |
| 975 | if (s->handshake_func == 0) | 999 | { |
| 976 | { | 1000 | if (s->handshake_func == 0) { |
| 977 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); | 1001 | SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED); |
| 978 | return -1; | 1002 | return -1; |
| 979 | } | 1003 | } |
| 980 | 1004 | ||
| 981 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 1005 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 982 | { | 1006 | return (0); |
| 983 | return(0); | ||
| 984 | } | ||
| 985 | return(s->method->ssl_peek(s,buf,num)); | ||
| 986 | } | 1007 | } |
| 1008 | return (s->method->ssl_peek(s, buf, num)); | ||
| 1009 | } | ||
| 987 | 1010 | ||
| 988 | int SSL_write(SSL *s,const void *buf,int num) | 1011 | int |
| 989 | { | 1012 | SSL_write(SSL *s, const void *buf, int num) |
| 990 | if (s->handshake_func == 0) | 1013 | { |
| 991 | { | 1014 | if (s->handshake_func == 0) { |
| 992 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); | 1015 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); |
| 993 | return -1; | 1016 | return -1; |
| 994 | } | 1017 | } |
| 995 | 1018 | ||
| 996 | if (s->shutdown & SSL_SENT_SHUTDOWN) | 1019 | if (s->shutdown & SSL_SENT_SHUTDOWN) { |
| 997 | { | 1020 | s->rwstate = SSL_NOTHING; |
| 998 | s->rwstate=SSL_NOTHING; | 1021 | SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); |
| 999 | SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN); | 1022 | return (-1); |
| 1000 | return(-1); | ||
| 1001 | } | ||
| 1002 | return(s->method->ssl_write(s,buf,num)); | ||
| 1003 | } | 1023 | } |
| 1024 | return (s->method->ssl_write(s, buf, num)); | ||
| 1025 | } | ||
| 1004 | 1026 | ||
| 1005 | int SSL_shutdown(SSL *s) | 1027 | int |
| 1006 | { | 1028 | SSL_shutdown(SSL *s) |
| 1029 | { | ||
| 1007 | /* Note that this function behaves differently from what one might | 1030 | /* Note that this function behaves differently from what one might |
| 1008 | * expect. Return values are 0 for no success (yet), | 1031 | * expect. Return values are 0 for no success (yet), |
| 1009 | * 1 for success; but calling it once is usually not enough, | 1032 | * 1 for success; but calling it once is usually not enough, |
| 1010 | * even if blocking I/O is used (see ssl3_shutdown). | 1033 | * even if blocking I/O is used (see ssl3_shutdown). |
| 1011 | */ | 1034 | */ |
| 1012 | 1035 | ||
| 1013 | if (s->handshake_func == 0) | 1036 | if (s->handshake_func == 0) { |
| 1014 | { | ||
| 1015 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); | 1037 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); |
| 1016 | return -1; | 1038 | return -1; |
| 1017 | } | 1039 | } |
| 1018 | 1040 | ||
| 1019 | if ((s != NULL) && !SSL_in_init(s)) | 1041 | if ((s != NULL) && !SSL_in_init(s)) |
| 1020 | return(s->method->ssl_shutdown(s)); | 1042 | return (s->method->ssl_shutdown(s)); |
| 1021 | else | 1043 | else |
| 1022 | return(1); | 1044 | return (1); |
| 1023 | } | 1045 | } |
| 1024 | 1046 | ||
| 1025 | int SSL_renegotiate(SSL *s) | 1047 | int |
| 1026 | { | 1048 | SSL_renegotiate(SSL *s) |
| 1049 | { | ||
| 1027 | if (s->renegotiate == 0) | 1050 | if (s->renegotiate == 0) |
| 1028 | s->renegotiate=1; | 1051 | s->renegotiate = 1; |
| 1029 | 1052 | ||
| 1030 | s->new_session=1; | 1053 | s->new_session = 1; |
| 1031 | 1054 | ||
| 1032 | return(s->method->ssl_renegotiate(s)); | 1055 | return (s->method->ssl_renegotiate(s)); |
| 1033 | } | 1056 | } |
| 1034 | 1057 | ||
| 1035 | int SSL_renegotiate_abbreviated(SSL *s) | 1058 | int |
| 1036 | { | 1059 | SSL_renegotiate_abbreviated(SSL *s) |
| 1060 | { | ||
| 1037 | if (s->renegotiate == 0) | 1061 | if (s->renegotiate == 0) |
| 1038 | s->renegotiate=1; | 1062 | s->renegotiate = 1; |
| 1039 | 1063 | ||
| 1040 | s->new_session=0; | 1064 | s->new_session = 0; |
| 1041 | 1065 | ||
| 1042 | return(s->method->ssl_renegotiate(s)); | 1066 | return (s->method->ssl_renegotiate(s)); |
| 1043 | } | 1067 | } |
| 1044 | 1068 | ||
| 1045 | int SSL_renegotiate_pending(SSL *s) | 1069 | int |
| 1046 | { | 1070 | SSL_renegotiate_pending(SSL *s) |
| 1071 | { | ||
| 1047 | /* becomes true when negotiation is requested; | 1072 | /* becomes true when negotiation is requested; |
| 1048 | * false again once a handshake has finished */ | 1073 | * false again once a handshake has finished */ |
| 1049 | return (s->renegotiate != 0); | 1074 | return (s->renegotiate != 0); |
| 1050 | } | 1075 | } |
| 1051 | 1076 | ||
| 1052 | long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | 1077 | long |
| 1053 | { | 1078 | SSL_ctrl(SSL *s, int cmd, long larg, void *parg) |
| 1079 | { | ||
| 1054 | long l; | 1080 | long l; |
| 1055 | 1081 | ||
| 1056 | switch (cmd) | 1082 | switch (cmd) { |
| 1057 | { | ||
| 1058 | case SSL_CTRL_GET_READ_AHEAD: | 1083 | case SSL_CTRL_GET_READ_AHEAD: |
| 1059 | return(s->read_ahead); | 1084 | return (s->read_ahead); |
| 1060 | case SSL_CTRL_SET_READ_AHEAD: | 1085 | case SSL_CTRL_SET_READ_AHEAD: |
| 1061 | l=s->read_ahead; | 1086 | l = s->read_ahead; |
| 1062 | s->read_ahead=larg; | 1087 | s->read_ahead = larg; |
| 1063 | return(l); | 1088 | return (l); |
| 1064 | 1089 | ||
| 1065 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1090 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1066 | s->msg_callback_arg = parg; | 1091 | s->msg_callback_arg = parg; |
| 1067 | return 1; | 1092 | return 1; |
| 1068 | 1093 | ||
| 1069 | case SSL_CTRL_OPTIONS: | 1094 | case SSL_CTRL_OPTIONS: |
| 1070 | return(s->options|=larg); | 1095 | return (s->options|=larg); |
| 1071 | case SSL_CTRL_CLEAR_OPTIONS: | 1096 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1072 | return(s->options&=~larg); | 1097 | return (s->options&=~larg); |
| 1073 | case SSL_CTRL_MODE: | 1098 | case SSL_CTRL_MODE: |
| 1074 | return(s->mode|=larg); | 1099 | return (s->mode|=larg); |
| 1075 | case SSL_CTRL_CLEAR_MODE: | 1100 | case SSL_CTRL_CLEAR_MODE: |
| 1076 | return(s->mode &=~larg); | 1101 | return (s->mode &=~larg); |
| 1077 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1102 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1078 | return(s->max_cert_list); | 1103 | return (s->max_cert_list); |
| 1079 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1104 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1080 | l=s->max_cert_list; | 1105 | l = s->max_cert_list; |
| 1081 | s->max_cert_list=larg; | 1106 | s->max_cert_list = larg; |
| 1082 | return(l); | 1107 | return (l); |
| 1083 | case SSL_CTRL_SET_MTU: | 1108 | case SSL_CTRL_SET_MTU: |
| 1084 | #ifndef OPENSSL_NO_DTLS1 | 1109 | #ifndef OPENSSL_NO_DTLS1 |
| 1085 | if (larg < (long)dtls1_min_mtu()) | 1110 | if (larg < (long)dtls1_min_mtu()) |
| @@ -1087,11 +1112,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1087 | #endif | 1112 | #endif |
| 1088 | 1113 | ||
| 1089 | if (SSL_version(s) == DTLS1_VERSION || | 1114 | if (SSL_version(s) == DTLS1_VERSION || |
| 1090 | SSL_version(s) == DTLS1_BAD_VER) | 1115 | SSL_version(s) == DTLS1_BAD_VER) { |
| 1091 | { | ||
| 1092 | s->d1->mtu = larg; | 1116 | s->d1->mtu = larg; |
| 1093 | return larg; | 1117 | return larg; |
| 1094 | } | 1118 | } |
| 1095 | return 0; | 1119 | return 0; |
| 1096 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1120 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1097 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1121 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| @@ -1103,203 +1127,204 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | |||
| 1103 | return s->s3->send_connection_binding; | 1127 | return s->s3->send_connection_binding; |
| 1104 | else return 0; | 1128 | else return 0; |
| 1105 | default: | 1129 | default: |
| 1106 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | 1130 | return (s->method->ssl_ctrl(s, cmd, larg, parg)); |
| 1107 | } | ||
| 1108 | } | 1131 | } |
| 1132 | } | ||
| 1109 | 1133 | ||
| 1110 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | 1134 | long |
| 1111 | { | 1135 | SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) |
| 1112 | switch(cmd) | 1136 | { |
| 1113 | { | 1137 | switch (cmd) { |
| 1114 | case SSL_CTRL_SET_MSG_CALLBACK: | 1138 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1115 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1139 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1116 | return 1; | 1140 | return 1; |
| 1117 | 1141 | ||
| 1118 | default: | 1142 | default: |
| 1119 | return(s->method->ssl_callback_ctrl(s,cmd,fp)); | 1143 | return (s->method->ssl_callback_ctrl(s, cmd, fp)); |
| 1120 | } | ||
| 1121 | } | 1144 | } |
| 1145 | } | ||
| 1122 | 1146 | ||
| 1123 | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) | 1147 | LHASH_OF(SSL_SESSION) |
| 1124 | { | 1148 | *SSL_CTX_sessions(SSL_CTX *ctx) |
| 1149 | { | ||
| 1125 | return ctx->sessions; | 1150 | return ctx->sessions; |
| 1126 | } | 1151 | } |
| 1127 | 1152 | ||
| 1128 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) | 1153 | long |
| 1129 | { | 1154 | SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
| 1155 | { | ||
| 1130 | long l; | 1156 | long l; |
| 1131 | 1157 | ||
| 1132 | switch (cmd) | 1158 | switch (cmd) { |
| 1133 | { | ||
| 1134 | case SSL_CTRL_GET_READ_AHEAD: | 1159 | case SSL_CTRL_GET_READ_AHEAD: |
| 1135 | return(ctx->read_ahead); | 1160 | return (ctx->read_ahead); |
| 1136 | case SSL_CTRL_SET_READ_AHEAD: | 1161 | case SSL_CTRL_SET_READ_AHEAD: |
| 1137 | l=ctx->read_ahead; | 1162 | l = ctx->read_ahead; |
| 1138 | ctx->read_ahead=larg; | 1163 | ctx->read_ahead = larg; |
| 1139 | return(l); | 1164 | return (l); |
| 1140 | 1165 | ||
| 1141 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1166 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| 1142 | ctx->msg_callback_arg = parg; | 1167 | ctx->msg_callback_arg = parg; |
| 1143 | return 1; | 1168 | return 1; |
| 1144 | 1169 | ||
| 1145 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1170 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1146 | return(ctx->max_cert_list); | 1171 | return (ctx->max_cert_list); |
| 1147 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1172 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1148 | l=ctx->max_cert_list; | 1173 | l = ctx->max_cert_list; |
| 1149 | ctx->max_cert_list=larg; | 1174 | ctx->max_cert_list = larg; |
| 1150 | return(l); | 1175 | return (l); |
| 1151 | 1176 | ||
| 1152 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | 1177 | case SSL_CTRL_SET_SESS_CACHE_SIZE: |
| 1153 | l=ctx->session_cache_size; | 1178 | l = ctx->session_cache_size; |
| 1154 | ctx->session_cache_size=larg; | 1179 | ctx->session_cache_size = larg; |
| 1155 | return(l); | 1180 | return (l); |
| 1156 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | 1181 | case SSL_CTRL_GET_SESS_CACHE_SIZE: |
| 1157 | return(ctx->session_cache_size); | 1182 | return (ctx->session_cache_size); |
| 1158 | case SSL_CTRL_SET_SESS_CACHE_MODE: | 1183 | case SSL_CTRL_SET_SESS_CACHE_MODE: |
| 1159 | l=ctx->session_cache_mode; | 1184 | l = ctx->session_cache_mode; |
| 1160 | ctx->session_cache_mode=larg; | 1185 | ctx->session_cache_mode = larg; |
| 1161 | return(l); | 1186 | return (l); |
| 1162 | case SSL_CTRL_GET_SESS_CACHE_MODE: | 1187 | case SSL_CTRL_GET_SESS_CACHE_MODE: |
| 1163 | return(ctx->session_cache_mode); | 1188 | return (ctx->session_cache_mode); |
| 1164 | 1189 | ||
| 1165 | case SSL_CTRL_SESS_NUMBER: | 1190 | case SSL_CTRL_SESS_NUMBER: |
| 1166 | return(lh_SSL_SESSION_num_items(ctx->sessions)); | 1191 | return (lh_SSL_SESSION_num_items(ctx->sessions)); |
| 1167 | case SSL_CTRL_SESS_CONNECT: | 1192 | case SSL_CTRL_SESS_CONNECT: |
| 1168 | return(ctx->stats.sess_connect); | 1193 | return (ctx->stats.sess_connect); |
| 1169 | case SSL_CTRL_SESS_CONNECT_GOOD: | 1194 | case SSL_CTRL_SESS_CONNECT_GOOD: |
| 1170 | return(ctx->stats.sess_connect_good); | 1195 | return (ctx->stats.sess_connect_good); |
| 1171 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: | 1196 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: |
| 1172 | return(ctx->stats.sess_connect_renegotiate); | 1197 | return (ctx->stats.sess_connect_renegotiate); |
| 1173 | case SSL_CTRL_SESS_ACCEPT: | 1198 | case SSL_CTRL_SESS_ACCEPT: |
| 1174 | return(ctx->stats.sess_accept); | 1199 | return (ctx->stats.sess_accept); |
| 1175 | case SSL_CTRL_SESS_ACCEPT_GOOD: | 1200 | case SSL_CTRL_SESS_ACCEPT_GOOD: |
| 1176 | return(ctx->stats.sess_accept_good); | 1201 | return (ctx->stats.sess_accept_good); |
| 1177 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: | 1202 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: |
| 1178 | return(ctx->stats.sess_accept_renegotiate); | 1203 | return (ctx->stats.sess_accept_renegotiate); |
| 1179 | case SSL_CTRL_SESS_HIT: | 1204 | case SSL_CTRL_SESS_HIT: |
| 1180 | return(ctx->stats.sess_hit); | 1205 | return (ctx->stats.sess_hit); |
| 1181 | case SSL_CTRL_SESS_CB_HIT: | 1206 | case SSL_CTRL_SESS_CB_HIT: |
| 1182 | return(ctx->stats.sess_cb_hit); | 1207 | return (ctx->stats.sess_cb_hit); |
| 1183 | case SSL_CTRL_SESS_MISSES: | 1208 | case SSL_CTRL_SESS_MISSES: |
| 1184 | return(ctx->stats.sess_miss); | 1209 | return (ctx->stats.sess_miss); |
| 1185 | case SSL_CTRL_SESS_TIMEOUTS: | 1210 | case SSL_CTRL_SESS_TIMEOUTS: |
| 1186 | return(ctx->stats.sess_timeout); | 1211 | return (ctx->stats.sess_timeout); |
| 1187 | case SSL_CTRL_SESS_CACHE_FULL: | 1212 | case SSL_CTRL_SESS_CACHE_FULL: |
| 1188 | return(ctx->stats.sess_cache_full); | 1213 | return (ctx->stats.sess_cache_full); |
| 1189 | case SSL_CTRL_OPTIONS: | 1214 | case SSL_CTRL_OPTIONS: |
| 1190 | return(ctx->options|=larg); | 1215 | return (ctx->options|=larg); |
| 1191 | case SSL_CTRL_CLEAR_OPTIONS: | 1216 | case SSL_CTRL_CLEAR_OPTIONS: |
| 1192 | return(ctx->options&=~larg); | 1217 | return (ctx->options&=~larg); |
| 1193 | case SSL_CTRL_MODE: | 1218 | case SSL_CTRL_MODE: |
| 1194 | return(ctx->mode|=larg); | 1219 | return (ctx->mode|=larg); |
| 1195 | case SSL_CTRL_CLEAR_MODE: | 1220 | case SSL_CTRL_CLEAR_MODE: |
| 1196 | return(ctx->mode&=~larg); | 1221 | return (ctx->mode&=~larg); |
| 1197 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | 1222 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: |
| 1198 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | 1223 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) |
| 1199 | return 0; | 1224 | return 0; |
| 1200 | ctx->max_send_fragment = larg; | 1225 | ctx->max_send_fragment = larg; |
| 1201 | return 1; | 1226 | return 1; |
| 1202 | default: | 1227 | default: |
| 1203 | return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); | 1228 | return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); |
| 1204 | } | ||
| 1205 | } | 1229 | } |
| 1230 | } | ||
| 1206 | 1231 | ||
| 1207 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | 1232 | long |
| 1208 | { | 1233 | SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) |
| 1209 | switch(cmd) | 1234 | { |
| 1210 | { | 1235 | switch (cmd) { |
| 1211 | case SSL_CTRL_SET_MSG_CALLBACK: | 1236 | case SSL_CTRL_SET_MSG_CALLBACK: |
| 1212 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | 1237 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); |
| 1213 | return 1; | 1238 | return 1; |
| 1214 | 1239 | ||
| 1215 | default: | 1240 | default: |
| 1216 | return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); | 1241 | return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); |
| 1217 | } | ||
| 1218 | } | 1242 | } |
| 1243 | } | ||
| 1219 | 1244 | ||
| 1220 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | 1245 | int |
| 1221 | { | 1246 | ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) |
| 1247 | { | ||
| 1222 | long l; | 1248 | long l; |
| 1223 | 1249 | ||
| 1224 | l=a->id-b->id; | 1250 | l = a->id - b->id; |
| 1225 | if (l == 0L) | 1251 | if (l == 0L) |
| 1226 | return(0); | 1252 | return (0); |
| 1227 | else | 1253 | else |
| 1228 | return((l > 0)?1:-1); | 1254 | return ((l > 0) ? 1:-1); |
| 1229 | } | 1255 | } |
| 1230 | 1256 | ||
| 1231 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | 1257 | int |
| 1232 | const SSL_CIPHER * const *bp) | 1258 | ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 1233 | { | 1259 | const SSL_CIPHER * const *bp) |
| 1260 | { | ||
| 1234 | long l; | 1261 | long l; |
| 1235 | 1262 | ||
| 1236 | l=(*ap)->id-(*bp)->id; | 1263 | l = (*ap)->id - (*bp)->id; |
| 1237 | if (l == 0L) | 1264 | if (l == 0L) |
| 1238 | return(0); | 1265 | return (0); |
| 1239 | else | 1266 | else |
| 1240 | return((l > 0)?1:-1); | 1267 | return ((l > 0) ? 1:-1); |
| 1241 | } | 1268 | } |
| 1242 | 1269 | ||
| 1243 | /** return a STACK of the ciphers available for the SSL and in order of | 1270 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1244 | * preference */ | 1271 | * preference */ |
| 1245 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) | 1272 | STACK_OF(SSL_CIPHER) |
| 1246 | { | 1273 | *SSL_get_ciphers(const SSL *s) |
| 1247 | if (s != NULL) | 1274 | { |
| 1248 | { | 1275 | if (s != NULL) { |
| 1249 | if (s->cipher_list != NULL) | 1276 | if (s->cipher_list != NULL) { |
| 1250 | { | 1277 | return (s->cipher_list); |
| 1251 | return(s->cipher_list); | 1278 | } else if ((s->ctx != NULL) && |
| 1252 | } | 1279 | (s->ctx->cipher_list != NULL)) { |
| 1253 | else if ((s->ctx != NULL) && | 1280 | return (s->ctx->cipher_list); |
| 1254 | (s->ctx->cipher_list != NULL)) | ||
| 1255 | { | ||
| 1256 | return(s->ctx->cipher_list); | ||
| 1257 | } | ||
| 1258 | } | 1281 | } |
| 1259 | return(NULL); | ||
| 1260 | } | 1282 | } |
| 1283 | return (NULL); | ||
| 1284 | } | ||
| 1261 | 1285 | ||
| 1262 | /** return a STACK of the ciphers available for the SSL and in order of | 1286 | /** return a STACK of the ciphers available for the SSL and in order of |
| 1263 | * algorithm id */ | 1287 | * algorithm id */ |
| 1264 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) | 1288 | STACK_OF(SSL_CIPHER) |
| 1265 | { | 1289 | *ssl_get_ciphers_by_id(SSL *s) |
| 1266 | if (s != NULL) | 1290 | { |
| 1267 | { | 1291 | if (s != NULL) { |
| 1268 | if (s->cipher_list_by_id != NULL) | 1292 | if (s->cipher_list_by_id != NULL) { |
| 1269 | { | 1293 | return (s->cipher_list_by_id); |
| 1270 | return(s->cipher_list_by_id); | 1294 | } else if ((s->ctx != NULL) && |
| 1271 | } | 1295 | (s->ctx->cipher_list_by_id != NULL)) { |
| 1272 | else if ((s->ctx != NULL) && | 1296 | return (s->ctx->cipher_list_by_id); |
| 1273 | (s->ctx->cipher_list_by_id != NULL)) | ||
| 1274 | { | ||
| 1275 | return(s->ctx->cipher_list_by_id); | ||
| 1276 | } | ||
| 1277 | } | 1297 | } |
| 1278 | return(NULL); | ||
| 1279 | } | 1298 | } |
| 1299 | return (NULL); | ||
| 1300 | } | ||
| 1280 | 1301 | ||
| 1281 | /** The old interface to get the same thing as SSL_get_ciphers() */ | 1302 | /** The old interface to get the same thing as SSL_get_ciphers() */ |
| 1282 | const char *SSL_get_cipher_list(const SSL *s,int n) | 1303 | const char |
| 1283 | { | 1304 | *SSL_get_cipher_list(const SSL *s, int n) |
| 1305 | { | ||
| 1284 | SSL_CIPHER *c; | 1306 | SSL_CIPHER *c; |
| 1285 | STACK_OF(SSL_CIPHER) *sk; | 1307 | STACK_OF(SSL_CIPHER) *sk; |
| 1286 | 1308 | ||
| 1287 | if (s == NULL) return(NULL); | 1309 | if (s == NULL) |
| 1288 | sk=SSL_get_ciphers(s); | 1310 | return (NULL); |
| 1311 | sk = SSL_get_ciphers(s); | ||
| 1289 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) | 1312 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) |
| 1290 | return(NULL); | 1313 | return (NULL); |
| 1291 | c=sk_SSL_CIPHER_value(sk,n); | 1314 | c = sk_SSL_CIPHER_value(sk, n); |
| 1292 | if (c == NULL) return(NULL); | 1315 | if (c == NULL) |
| 1293 | return(c->name); | 1316 | return (NULL); |
| 1294 | } | 1317 | return (c->name); |
| 1318 | } | ||
| 1295 | 1319 | ||
| 1296 | /** specify the ciphers to be used by default by the SSL_CTX */ | 1320 | /** specify the ciphers to be used by default by the SSL_CTX */ |
| 1297 | int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | 1321 | int |
| 1298 | { | 1322 | SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) |
| 1323 | { | ||
| 1299 | STACK_OF(SSL_CIPHER) *sk; | 1324 | STACK_OF(SSL_CIPHER) *sk; |
| 1300 | 1325 | ||
| 1301 | sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, | 1326 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, |
| 1302 | &ctx->cipher_list_by_id,str); | 1327 | &ctx->cipher_list_by_id, str); |
| 1303 | /* ssl_create_cipher_list may return an empty stack if it | 1328 | /* ssl_create_cipher_list may return an empty stack if it |
| 1304 | * was unable to find a cipher matching the given rule string | 1329 | * was unable to find a cipher matching the given rule string |
| 1305 | * (for example if the rule string specifies a cipher which | 1330 | * (for example if the rule string specifies a cipher which |
| @@ -1309,35 +1334,35 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | |||
| 1309 | * updated. */ | 1334 | * updated. */ |
| 1310 | if (sk == NULL) | 1335 | if (sk == NULL) |
| 1311 | return 0; | 1336 | return 0; |
| 1312 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1337 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1313 | { | ||
| 1314 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1338 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1315 | return 0; | 1339 | return 0; |
| 1316 | } | ||
| 1317 | return 1; | ||
| 1318 | } | 1340 | } |
| 1341 | return 1; | ||
| 1342 | } | ||
| 1319 | 1343 | ||
| 1320 | /** specify the ciphers to be used by the SSL */ | 1344 | /** specify the ciphers to be used by the SSL */ |
| 1321 | int SSL_set_cipher_list(SSL *s,const char *str) | 1345 | int |
| 1322 | { | 1346 | SSL_set_cipher_list(SSL *s, const char *str) |
| 1347 | { | ||
| 1323 | STACK_OF(SSL_CIPHER) *sk; | 1348 | STACK_OF(SSL_CIPHER) *sk; |
| 1324 | 1349 | ||
| 1325 | sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, | 1350 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, |
| 1326 | &s->cipher_list_by_id,str); | 1351 | &s->cipher_list_by_id, str); |
| 1327 | /* see comment in SSL_CTX_set_cipher_list */ | 1352 | /* see comment in SSL_CTX_set_cipher_list */ |
| 1328 | if (sk == NULL) | 1353 | if (sk == NULL) |
| 1329 | return 0; | 1354 | return 0; |
| 1330 | else if (sk_SSL_CIPHER_num(sk) == 0) | 1355 | else if (sk_SSL_CIPHER_num(sk) == 0) { |
| 1331 | { | ||
| 1332 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); | 1356 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH); |
| 1333 | return 0; | 1357 | return 0; |
| 1334 | } | ||
| 1335 | return 1; | ||
| 1336 | } | 1358 | } |
| 1359 | return 1; | ||
| 1360 | } | ||
| 1337 | 1361 | ||
| 1338 | /* works well for SSLv2, not so good for SSLv3 */ | 1362 | /* works well for SSLv2, not so good for SSLv3 */ |
| 1339 | char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | 1363 | char |
| 1340 | { | 1364 | *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) |
| 1365 | { | ||
| 1341 | char *end; | 1366 | char *end; |
| 1342 | STACK_OF(SSL_CIPHER) *sk; | 1367 | STACK_OF(SSL_CIPHER) *sk; |
| 1343 | SSL_CIPHER *c; | 1368 | SSL_CIPHER *c; |
| @@ -1346,146 +1371,138 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) | |||
| 1346 | 1371 | ||
| 1347 | if ((s->session == NULL) || (s->session->ciphers == NULL) || | 1372 | if ((s->session == NULL) || (s->session->ciphers == NULL) || |
| 1348 | (len < 2)) | 1373 | (len < 2)) |
| 1349 | return(NULL); | 1374 | return (NULL); |
| 1350 | 1375 | ||
| 1351 | sk=s->session->ciphers; | 1376 | sk = s->session->ciphers; |
| 1352 | buf[0] = '\0'; | 1377 | buf[0] = '\0'; |
| 1353 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1378 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1354 | { | 1379 | c = sk_SSL_CIPHER_value(sk, i); |
| 1355 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1356 | end = buf + curlen; | 1380 | end = buf + curlen; |
| 1357 | if (strlcat(buf, c->name, len) >= len || | 1381 | if (strlcat(buf, c->name, len) >= len || |
| 1358 | (curlen = strlcat(buf, ":", len)) >= len) | 1382 | (curlen = strlcat(buf, ":", len)) >= len) { |
| 1359 | { | ||
| 1360 | /* remove truncated cipher from list */ | 1383 | /* remove truncated cipher from list */ |
| 1361 | *end = '\0'; | 1384 | *end = '\0'; |
| 1362 | break; | 1385 | break; |
| 1363 | } | ||
| 1364 | } | 1386 | } |
| 1387 | } | ||
| 1365 | /* remove trailing colon */ | 1388 | /* remove trailing colon */ |
| 1366 | if ((end = strrchr(buf, ':')) != NULL) | 1389 | if ((end = strrchr(buf, ':')) != NULL) |
| 1367 | *end = '\0'; | 1390 | *end = '\0'; |
| 1368 | return(buf); | 1391 | return (buf); |
| 1369 | } | 1392 | } |
| 1370 | 1393 | ||
| 1371 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, | 1394 | int |
| 1372 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) | 1395 | ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, |
| 1373 | { | 1396 | int (*put_cb)(const SSL_CIPHER *, unsigned char *)) |
| 1374 | int i,j=0; | 1397 | { |
| 1398 | int i, j = 0; | ||
| 1375 | SSL_CIPHER *c; | 1399 | SSL_CIPHER *c; |
| 1376 | unsigned char *q; | 1400 | unsigned char *q; |
| 1377 | #ifndef OPENSSL_NO_KRB5 | 1401 | #ifndef OPENSSL_NO_KRB5 |
| 1378 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); | 1402 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); |
| 1379 | #endif /* OPENSSL_NO_KRB5 */ | 1403 | #endif /* OPENSSL_NO_KRB5 */ |
| 1380 | 1404 | ||
| 1381 | if (sk == NULL) return(0); | 1405 | if (sk == NULL) |
| 1382 | q=p; | 1406 | return (0); |
| 1407 | q = p; | ||
| 1383 | 1408 | ||
| 1384 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) | 1409 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { |
| 1385 | { | 1410 | c = sk_SSL_CIPHER_value(sk, i); |
| 1386 | c=sk_SSL_CIPHER_value(sk,i); | ||
| 1387 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ | 1411 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ |
| 1388 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | 1412 | if ((c->algorithm_ssl & SSL_TLSV1_2) && |
| 1389 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) | 1413 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) |
| 1390 | continue; | 1414 | continue; |
| 1391 | #ifndef OPENSSL_NO_KRB5 | 1415 | #ifndef OPENSSL_NO_KRB5 |
| 1392 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && | 1416 | if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) && |
| 1393 | nokrb5) | 1417 | nokrb5) |
| 1394 | continue; | 1418 | continue; |
| 1395 | #endif /* OPENSSL_NO_KRB5 */ | 1419 | #endif /* OPENSSL_NO_KRB5 */ |
| 1396 | #ifndef OPENSSL_NO_PSK | 1420 | #ifndef OPENSSL_NO_PSK |
| 1397 | /* with PSK there must be client callback set */ | 1421 | /* with PSK there must be client callback set */ |
| 1398 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && | 1422 | if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) && |
| 1399 | s->psk_client_callback == NULL) | 1423 | s->psk_client_callback == NULL) |
| 1400 | continue; | 1424 | continue; |
| 1401 | #endif /* OPENSSL_NO_PSK */ | 1425 | #endif /* OPENSSL_NO_PSK */ |
| 1402 | j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); | 1426 | j = put_cb ? put_cb(c, p) : ssl_put_cipher_by_char(s, c, p); |
| 1403 | p+=j; | 1427 | p += j; |
| 1404 | } | 1428 | } |
| 1405 | /* If p == q, no ciphers and caller indicates an error. Otherwise | 1429 | /* If p == q, no ciphers and caller indicates an error. Otherwise |
| 1406 | * add SCSV if not renegotiating. | 1430 | * add SCSV if not renegotiating. |
| 1407 | */ | 1431 | */ |
| 1408 | if (p != q && !s->renegotiate) | 1432 | if (p != q && !s->renegotiate) { |
| 1409 | { | 1433 | static SSL_CIPHER scsv = { |
| 1410 | static SSL_CIPHER scsv = | ||
| 1411 | { | ||
| 1412 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 | 1434 | 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 |
| 1413 | }; | 1435 | }; |
| 1414 | j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); | 1436 | j = put_cb ? put_cb(&scsv, p) : ssl_put_cipher_by_char(s, &scsv, p); |
| 1415 | p+=j; | 1437 | p += j; |
| 1416 | #ifdef OPENSSL_RI_DEBUG | 1438 | #ifdef OPENSSL_RI_DEBUG |
| 1417 | fprintf(stderr, "SCSV sent by client\n"); | 1439 | fprintf(stderr, "SCSV sent by client\n"); |
| 1418 | #endif | 1440 | #endif |
| 1419 | } | ||
| 1420 | |||
| 1421 | return(p-q); | ||
| 1422 | } | 1441 | } |
| 1423 | 1442 | ||
| 1424 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, | 1443 | return (p - q); |
| 1425 | STACK_OF(SSL_CIPHER) **skp) | 1444 | } |
| 1426 | { | 1445 | |
| 1446 | STACK_OF(SSL_CIPHER) | ||
| 1447 | *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | ||
| 1448 | STACK_OF(SSL_CIPHER) **skp) | ||
| 1449 | { | ||
| 1427 | const SSL_CIPHER *c; | 1450 | const SSL_CIPHER *c; |
| 1428 | STACK_OF(SSL_CIPHER) *sk; | 1451 | STACK_OF(SSL_CIPHER) *sk; |
| 1429 | int i,n; | 1452 | int i, n; |
| 1430 | if (s->s3) | 1453 | if (s->s3) |
| 1431 | s->s3->send_connection_binding = 0; | 1454 | s->s3->send_connection_binding = 0; |
| 1432 | 1455 | ||
| 1433 | n=ssl_put_cipher_by_char(s,NULL,NULL); | 1456 | n = ssl_put_cipher_by_char(s, NULL, NULL); |
| 1434 | if ((num%n) != 0) | 1457 | if ((num % n) != 0) { |
| 1435 | { | 1458 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); |
| 1436 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | 1459 | return (NULL); |
| 1437 | return(NULL); | 1460 | } |
| 1438 | } | ||
| 1439 | if ((skp == NULL) || (*skp == NULL)) | 1461 | if ((skp == NULL) || (*skp == NULL)) |
| 1440 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ | 1462 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ |
| 1441 | else | 1463 | else { |
| 1442 | { | ||
| 1443 | sk= *skp; | 1464 | sk= *skp; |
| 1444 | sk_SSL_CIPHER_zero(sk); | 1465 | sk_SSL_CIPHER_zero(sk); |
| 1445 | } | 1466 | } |
| 1446 | 1467 | ||
| 1447 | for (i=0; i<num; i+=n) | 1468 | for (i = 0; i < num; i += n) { |
| 1448 | { | ||
| 1449 | /* Check for SCSV */ | 1469 | /* Check for SCSV */ |
| 1450 | if (s->s3 && (n != 3 || !p[0]) && | 1470 | if (s->s3 && (n != 3 || !p[0]) && |
| 1451 | (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && | 1471 | (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && |
| 1452 | (p[n-1] == (SSL3_CK_SCSV & 0xff))) | 1472 | (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { |
| 1453 | { | ||
| 1454 | /* SCSV fatal if renegotiating */ | 1473 | /* SCSV fatal if renegotiating */ |
| 1455 | if (s->renegotiate) | 1474 | if (s->renegotiate) { |
| 1456 | { | 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); |
| 1457 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); | 1476 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); |
| 1458 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 1477 | |
| 1459 | goto err; | 1478 | goto err; |
| 1460 | } | 1479 | } |
| 1461 | s->s3->send_connection_binding = 1; | 1480 | s->s3->send_connection_binding = 1; |
| 1462 | p += n; | 1481 | p += n; |
| 1463 | #ifdef OPENSSL_RI_DEBUG | 1482 | #ifdef OPENSSL_RI_DEBUG |
| 1464 | fprintf(stderr, "SCSV received by server\n"); | 1483 | fprintf(stderr, "SCSV received by server\n"); |
| 1465 | #endif | 1484 | #endif |
| 1466 | continue; | 1485 | continue; |
| 1467 | } | 1486 | } |
| 1468 | 1487 | ||
| 1469 | c=ssl_get_cipher_by_char(s,p); | 1488 | c = ssl_get_cipher_by_char(s, p); |
| 1470 | p+=n; | 1489 | p += n; |
| 1471 | if (c != NULL) | 1490 | if (c != NULL) { |
| 1472 | { | 1491 | if (!sk_SSL_CIPHER_push(sk, c)) { |
| 1473 | if (!sk_SSL_CIPHER_push(sk,c)) | 1492 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); |
| 1474 | { | ||
| 1475 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 1476 | goto err; | 1493 | goto err; |
| 1477 | } | ||
| 1478 | } | 1494 | } |
| 1479 | } | 1495 | } |
| 1496 | } | ||
| 1480 | 1497 | ||
| 1481 | if (skp != NULL) | 1498 | if (skp != NULL) |
| 1482 | *skp=sk; | 1499 | *skp = sk; |
| 1483 | return(sk); | 1500 | return (sk); |
| 1484 | err: | 1501 | err: |
| 1485 | if ((skp == NULL) || (*skp == NULL)) | 1502 | if ((skp == NULL) || (*skp == NULL)) |
| 1486 | sk_SSL_CIPHER_free(sk); | 1503 | sk_SSL_CIPHER_free(sk); |
| 1487 | return(NULL); | 1504 | return (NULL); |
| 1488 | } | 1505 | } |
| 1489 | 1506 | ||
| 1490 | 1507 | ||
| 1491 | #ifndef OPENSSL_NO_TLSEXT | 1508 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -1493,22 +1510,24 @@ err: | |||
| 1493 | * So far, only host_name types are defined (RFC 3546). | 1510 | * So far, only host_name types are defined (RFC 3546). |
| 1494 | */ | 1511 | */ |
| 1495 | 1512 | ||
| 1496 | const char *SSL_get_servername(const SSL *s, const int type) | 1513 | const char |
| 1497 | { | 1514 | *SSL_get_servername(const SSL *s, const int type) |
| 1515 | { | ||
| 1498 | if (type != TLSEXT_NAMETYPE_host_name) | 1516 | if (type != TLSEXT_NAMETYPE_host_name) |
| 1499 | return NULL; | 1517 | return NULL; |
| 1500 | 1518 | ||
| 1501 | return s->session && !s->tlsext_hostname ? | 1519 | return s->session && !s->tlsext_hostname ? |
| 1502 | s->session->tlsext_hostname : | 1520 | s->session->tlsext_hostname : |
| 1503 | s->tlsext_hostname; | 1521 | s->tlsext_hostname; |
| 1504 | } | 1522 | } |
| 1505 | 1523 | ||
| 1506 | int SSL_get_servername_type(const SSL *s) | 1524 | int |
| 1507 | { | 1525 | SSL_get_servername_type(const SSL *s) |
| 1526 | { | ||
| 1508 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) | 1527 | if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname)) |
| 1509 | return TLSEXT_NAMETYPE_host_name; | 1528 | return TLSEXT_NAMETYPE_host_name; |
| 1510 | return -1; | 1529 | return -1; |
| 1511 | } | 1530 | } |
| 1512 | 1531 | ||
| 1513 | # ifndef OPENSSL_NO_NEXTPROTONEG | 1532 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 1514 | /* SSL_select_next_proto implements the standard protocol selection. It is | 1533 | /* SSL_select_next_proto implements the standard protocol selection. It is |
| @@ -1541,31 +1560,29 @@ int SSL_get_servername_type(const SSL *s) | |||
| 1541 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or | 1560 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or |
| 1542 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. | 1561 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. |
| 1543 | */ | 1562 | */ |
| 1544 | int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) | 1563 | int |
| 1545 | { | 1564 | SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) |
| 1565 | { | ||
| 1546 | unsigned int i, j; | 1566 | unsigned int i, j; |
| 1547 | const unsigned char *result; | 1567 | const unsigned char *result; |
| 1548 | int status = OPENSSL_NPN_UNSUPPORTED; | 1568 | int status = OPENSSL_NPN_UNSUPPORTED; |
| 1549 | 1569 | ||
| 1550 | /* For each protocol in server preference order, see if we support it. */ | 1570 | /* For each protocol in server preference order, see if we support it. */ |
| 1551 | for (i = 0; i < server_len; ) | 1571 | for (i = 0; i < server_len; ) { |
| 1552 | { | 1572 | for (j = 0; j < client_len; ) { |
| 1553 | for (j = 0; j < client_len; ) | ||
| 1554 | { | ||
| 1555 | if (server[i] == client[j] && | 1573 | if (server[i] == client[j] && |
| 1556 | memcmp(&server[i+1], &client[j+1], server[i]) == 0) | 1574 | memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { |
| 1557 | { | ||
| 1558 | /* We found a match */ | 1575 | /* We found a match */ |
| 1559 | result = &server[i]; | 1576 | result = &server[i]; |
| 1560 | status = OPENSSL_NPN_NEGOTIATED; | 1577 | status = OPENSSL_NPN_NEGOTIATED; |
| 1561 | goto found; | 1578 | goto found; |
| 1562 | } | 1579 | } |
| 1563 | j += client[j]; | 1580 | j += client[j]; |
| 1564 | j++; | 1581 | j++; |
| 1565 | } | 1582 | } |
| 1566 | i += server[i]; | 1583 | i += server[i]; |
| 1567 | i++; | 1584 | i++; |
| 1568 | } | 1585 | } |
| 1569 | 1586 | ||
| 1570 | /* There's no overlap between our protocols and the server's list. */ | 1587 | /* There's no overlap between our protocols and the server's list. */ |
| 1571 | result = client; | 1588 | result = client; |
| @@ -1575,7 +1592,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1575 | *out = (unsigned char *) result + 1; | 1592 | *out = (unsigned char *) result + 1; |
| 1576 | *outlen = result[0]; | 1593 | *outlen = result[0]; |
| 1577 | return status; | 1594 | return status; |
| 1578 | } | 1595 | } |
| 1579 | 1596 | ||
| 1580 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's | 1597 | /* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's |
| 1581 | * requested protocol for this connection and returns 0. If the client didn't | 1598 | * requested protocol for this connection and returns 0. If the client didn't |
| @@ -1585,8 +1602,9 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsi | |||
| 1585 | * from this function need not be a member of the list of supported protocols | 1602 | * from this function need not be a member of the list of supported protocols |
| 1586 | * provided by the callback. | 1603 | * provided by the callback. |
| 1587 | */ | 1604 | */ |
| 1588 | void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) | 1605 | void |
| 1589 | { | 1606 | SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) |
| 1607 | { | ||
| 1590 | *data = s->next_proto_negotiated; | 1608 | *data = s->next_proto_negotiated; |
| 1591 | if (!*data) { | 1609 | if (!*data) { |
| 1592 | *len = 0; | 1610 | *len = 0; |
| @@ -1604,11 +1622,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, un | |||
| 1604 | * | 1622 | * |
| 1605 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no | 1623 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no |
| 1606 | * such extension will be included in the ServerHello. */ | 1624 | * such extension will be included in the ServerHello. */ |
| 1607 | void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) | 1625 | void |
| 1608 | { | 1626 | SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) |
| 1627 | { | ||
| 1609 | ctx->next_protos_advertised_cb = cb; | 1628 | ctx->next_protos_advertised_cb = cb; |
| 1610 | ctx->next_protos_advertised_cb_arg = arg; | 1629 | ctx->next_protos_advertised_cb_arg = arg; |
| 1611 | } | 1630 | } |
| 1612 | 1631 | ||
| 1613 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a | 1632 | /* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a |
| 1614 | * client needs to select a protocol from the server's provided list. |out| | 1633 | * client needs to select a protocol from the server's provided list. |out| |
| @@ -1620,183 +1639,186 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, co | |||
| 1620 | * The client must select a protocol. It is fatal to the connection if this | 1639 | * The client must select a protocol. It is fatal to the connection if this |
| 1621 | * callback returns a value other than SSL_TLSEXT_ERR_OK. | 1640 | * callback returns a value other than SSL_TLSEXT_ERR_OK. |
| 1622 | */ | 1641 | */ |
| 1623 | void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) | 1642 | void |
| 1624 | { | 1643 | SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) |
| 1644 | { | ||
| 1625 | ctx->next_proto_select_cb = cb; | 1645 | ctx->next_proto_select_cb = cb; |
| 1626 | ctx->next_proto_select_cb_arg = arg; | 1646 | ctx->next_proto_select_cb_arg = arg; |
| 1627 | } | 1647 | } |
| 1628 | # endif | 1648 | # endif |
| 1629 | #endif | 1649 | #endif |
| 1630 | 1650 | ||
| 1631 | int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | 1651 | int |
| 1632 | const char *label, size_t llen, const unsigned char *p, size_t plen, | 1652 | SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, |
| 1633 | int use_context) | 1653 | const char *label, size_t llen, const unsigned char *p, size_t plen, |
| 1634 | { | 1654 | int use_context) |
| 1655 | { | ||
| 1635 | if (s->version < TLS1_VERSION) | 1656 | if (s->version < TLS1_VERSION) |
| 1636 | return -1; | 1657 | return -1; |
| 1637 | 1658 | ||
| 1638 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, | 1659 | return s->method->ssl3_enc->export_keying_material(s, out, olen, label, |
| 1639 | llen, p, plen, | 1660 | llen, p, plen, |
| 1640 | use_context); | 1661 | use_context); |
| 1641 | } | 1662 | } |
| 1642 | 1663 | ||
| 1643 | static unsigned long ssl_session_hash(const SSL_SESSION *a) | 1664 | static unsigned long |
| 1644 | { | 1665 | ssl_session_hash(const SSL_SESSION *a) |
| 1666 | { | ||
| 1645 | unsigned long l; | 1667 | unsigned long l; |
| 1646 | 1668 | ||
| 1647 | l=(unsigned long) | 1669 | l = (unsigned long) |
| 1648 | ((unsigned int) a->session_id[0] )| | 1670 | ((unsigned int) a->session_id[0] )| |
| 1649 | ((unsigned int) a->session_id[1]<< 8L)| | 1671 | ((unsigned int) a->session_id[1]<< 8L)| |
| 1650 | ((unsigned long)a->session_id[2]<<16L)| | 1672 | ((unsigned long)a->session_id[2]<<16L)| |
| 1651 | ((unsigned long)a->session_id[3]<<24L); | 1673 | ((unsigned long)a->session_id[3]<<24L); |
| 1652 | return(l); | 1674 | return (l); |
| 1653 | } | 1675 | } |
| 1654 | 1676 | ||
| 1655 | /* NB: If this function (or indeed the hash function which uses a sort of | 1677 | /* NB: If this function (or indeed the hash function which uses a sort of |
| 1656 | * coarser function than this one) is changed, ensure | 1678 | * coarser function than this one) is changed, ensure |
| 1657 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being | 1679 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being |
| 1658 | * able to construct an SSL_SESSION that will collide with any existing session | 1680 | * able to construct an SSL_SESSION that will collide with any existing session |
| 1659 | * with a matching session ID. */ | 1681 | * with a matching session ID. */ |
| 1660 | static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b) | 1682 | static int |
| 1661 | { | 1683 | ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) |
| 1684 | { | ||
| 1662 | if (a->ssl_version != b->ssl_version) | 1685 | if (a->ssl_version != b->ssl_version) |
| 1663 | return(1); | 1686 | return (1); |
| 1664 | if (a->session_id_length != b->session_id_length) | 1687 | if (a->session_id_length != b->session_id_length) |
| 1665 | return(1); | 1688 | return (1); |
| 1666 | return(memcmp(a->session_id,b->session_id,a->session_id_length)); | 1689 | return (memcmp(a->session_id, b->session_id, a->session_id_length)); |
| 1667 | } | 1690 | } |
| 1668 | 1691 | ||
| 1669 | /* These wrapper functions should remain rather than redeclaring | 1692 | /* These wrapper functions should remain rather than redeclaring |
| 1670 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each | 1693 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each |
| 1671 | * variable. The reason is that the functions aren't static, they're exposed via | 1694 | * variable. The reason is that the functions aren't static, they're exposed via |
| 1672 | * ssl.h. */ | 1695 | * ssl.h. */ |
| 1673 | static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) | 1696 | static |
| 1674 | static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | 1697 | IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) |
| 1698 | static | ||
| 1699 | IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | ||
| 1675 | 1700 | ||
| 1676 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | 1701 | SSL_CTX |
| 1677 | { | 1702 | *SSL_CTX_new(const SSL_METHOD *meth) |
| 1678 | SSL_CTX *ret=NULL; | 1703 | { |
| 1704 | SSL_CTX *ret = NULL; | ||
| 1679 | 1705 | ||
| 1680 | if (meth == NULL) | 1706 | if (meth == NULL) { |
| 1681 | { | 1707 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED); |
| 1682 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); | 1708 | return (NULL); |
| 1683 | return(NULL); | 1709 | } |
| 1684 | } | ||
| 1685 | 1710 | ||
| 1686 | #ifdef OPENSSL_FIPS | 1711 | #ifdef OPENSSL_FIPS |
| 1687 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) | 1712 | if (FIPS_mode() && (meth->version < TLS1_VERSION)) { |
| 1688 | { | ||
| 1689 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); | 1713 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); |
| 1690 | return NULL; | 1714 | return NULL; |
| 1691 | } | 1715 | } |
| 1692 | #endif | 1716 | #endif |
| 1693 | 1717 | ||
| 1694 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | 1718 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { |
| 1695 | { | 1719 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); |
| 1696 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | ||
| 1697 | goto err; | 1720 | goto err; |
| 1698 | } | 1721 | } |
| 1699 | ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); | 1722 | ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); |
| 1700 | if (ret == NULL) | 1723 | if (ret == NULL) |
| 1701 | goto err; | 1724 | goto err; |
| 1702 | 1725 | ||
| 1703 | memset(ret,0,sizeof(SSL_CTX)); | 1726 | memset(ret, 0, sizeof(SSL_CTX)); |
| 1704 | 1727 | ||
| 1705 | ret->method=meth; | 1728 | ret->method = meth; |
| 1706 | 1729 | ||
| 1707 | ret->cert_store=NULL; | 1730 | ret->cert_store = NULL; |
| 1708 | ret->session_cache_mode=SSL_SESS_CACHE_SERVER; | 1731 | ret->session_cache_mode = SSL_SESS_CACHE_SERVER; |
| 1709 | ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; | 1732 | ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; |
| 1710 | ret->session_cache_head=NULL; | 1733 | ret->session_cache_head = NULL; |
| 1711 | ret->session_cache_tail=NULL; | 1734 | ret->session_cache_tail = NULL; |
| 1712 | 1735 | ||
| 1713 | /* We take the system default */ | 1736 | /* We take the system default */ |
| 1714 | ret->session_timeout=meth->get_timeout(); | 1737 | ret->session_timeout = meth->get_timeout(); |
| 1715 | 1738 | ||
| 1716 | ret->new_session_cb=0; | 1739 | ret->new_session_cb = 0; |
| 1717 | ret->remove_session_cb=0; | 1740 | ret->remove_session_cb = 0; |
| 1718 | ret->get_session_cb=0; | 1741 | ret->get_session_cb = 0; |
| 1719 | ret->generate_session_id=0; | 1742 | ret->generate_session_id = 0; |
| 1720 | 1743 | ||
| 1721 | memset((char *)&ret->stats,0,sizeof(ret->stats)); | 1744 | memset((char *)&ret->stats, 0, sizeof(ret->stats)); |
| 1722 | 1745 | ||
| 1723 | ret->references=1; | 1746 | ret->references = 1; |
| 1724 | ret->quiet_shutdown=0; | 1747 | ret->quiet_shutdown = 0; |
| 1725 | 1748 | ||
| 1726 | /* ret->cipher=NULL;*/ | 1749 | /* ret->cipher=NULL;*/ |
| 1727 | /* ret->s2->challenge=NULL; | 1750 | /* ret->s2->challenge=NULL; |
| 1728 | ret->master_key=NULL; | 1751 | ret->master_key=NULL; |
| 1729 | ret->key_arg=NULL; | 1752 | ret->key_arg=NULL; |
| 1730 | ret->s2->conn_id=NULL; */ | 1753 | ret->s2->conn_id=NULL; |
| 1754 | */ | ||
| 1731 | 1755 | ||
| 1732 | ret->info_callback=NULL; | 1756 | ret->info_callback = NULL; |
| 1733 | 1757 | ||
| 1734 | ret->app_verify_callback=0; | 1758 | ret->app_verify_callback = 0; |
| 1735 | ret->app_verify_arg=NULL; | 1759 | ret->app_verify_arg = NULL; |
| 1736 | 1760 | ||
| 1737 | ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; | 1761 | ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; |
| 1738 | ret->read_ahead=0; | 1762 | ret->read_ahead = 0; |
| 1739 | ret->msg_callback=0; | 1763 | ret->msg_callback = 0; |
| 1740 | ret->msg_callback_arg=NULL; | 1764 | ret->msg_callback_arg = NULL; |
| 1741 | ret->verify_mode=SSL_VERIFY_NONE; | 1765 | ret->verify_mode = SSL_VERIFY_NONE; |
| 1742 | #if 0 | 1766 | #if 0 |
| 1743 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | 1767 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ |
| 1744 | #endif | 1768 | #endif |
| 1745 | ret->sid_ctx_length=0; | 1769 | ret->sid_ctx_length = 0; |
| 1746 | ret->default_verify_callback=NULL; | 1770 | ret->default_verify_callback = NULL; |
| 1747 | if ((ret->cert=ssl_cert_new()) == NULL) | 1771 | if ((ret->cert = ssl_cert_new()) == NULL) |
| 1748 | goto err; | 1772 | goto err; |
| 1749 | 1773 | ||
| 1750 | ret->default_passwd_callback=0; | 1774 | ret->default_passwd_callback = 0; |
| 1751 | ret->default_passwd_callback_userdata=NULL; | 1775 | ret->default_passwd_callback_userdata = NULL; |
| 1752 | ret->client_cert_cb=0; | 1776 | ret->client_cert_cb = 0; |
| 1753 | ret->app_gen_cookie_cb=0; | 1777 | ret->app_gen_cookie_cb = 0; |
| 1754 | ret->app_verify_cookie_cb=0; | 1778 | ret->app_verify_cookie_cb = 0; |
| 1755 | 1779 | ||
| 1756 | ret->sessions=lh_SSL_SESSION_new(); | 1780 | ret->sessions = lh_SSL_SESSION_new(); |
| 1757 | if (ret->sessions == NULL) goto err; | 1781 | if (ret->sessions == NULL) |
| 1758 | ret->cert_store=X509_STORE_new(); | 1782 | goto err; |
| 1759 | if (ret->cert_store == NULL) goto err; | 1783 | ret->cert_store = X509_STORE_new(); |
| 1784 | if (ret->cert_store == NULL) | ||
| 1785 | goto err; | ||
| 1760 | 1786 | ||
| 1761 | ssl_create_cipher_list(ret->method, | 1787 | ssl_create_cipher_list(ret->method, |
| 1762 | &ret->cipher_list,&ret->cipher_list_by_id, | 1788 | &ret->cipher_list, &ret->cipher_list_by_id, |
| 1763 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); | 1789 | meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); |
| 1764 | if (ret->cipher_list == NULL | 1790 | if (ret->cipher_list == NULL |
| 1765 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) | 1791 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { |
| 1766 | { | 1792 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); |
| 1767 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); | ||
| 1768 | goto err2; | 1793 | goto err2; |
| 1769 | } | 1794 | } |
| 1770 | 1795 | ||
| 1771 | ret->param = X509_VERIFY_PARAM_new(); | 1796 | ret->param = X509_VERIFY_PARAM_new(); |
| 1772 | if (!ret->param) | 1797 | if (!ret->param) |
| 1773 | goto err; | 1798 | goto err; |
| 1774 | 1799 | ||
| 1775 | if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL) | 1800 | if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) { |
| 1776 | { | 1801 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); |
| 1777 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES); | ||
| 1778 | goto err2; | 1802 | goto err2; |
| 1779 | } | 1803 | } |
| 1780 | if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) | 1804 | if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { |
| 1781 | { | 1805 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); |
| 1782 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); | ||
| 1783 | goto err2; | 1806 | goto err2; |
| 1784 | } | 1807 | } |
| 1785 | if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL) | 1808 | if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { |
| 1786 | { | 1809 | SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); |
| 1787 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); | ||
| 1788 | goto err2; | 1810 | goto err2; |
| 1789 | } | 1811 | } |
| 1790 | 1812 | ||
| 1791 | if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) | 1813 | if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) |
| 1792 | goto err; | 1814 | goto err; |
| 1793 | 1815 | ||
| 1794 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); | 1816 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); |
| 1795 | 1817 | ||
| 1796 | ret->extra_certs=NULL; | 1818 | ret->extra_certs = NULL; |
| 1797 | /* No compression for DTLS */ | 1819 | /* No compression for DTLS */ |
| 1798 | if (meth->version != DTLS1_VERSION) | 1820 | if (meth->version != DTLS1_VERSION) |
| 1799 | ret->comp_methods=SSL_COMP_get_compression_methods(); | 1821 | ret->comp_methods = SSL_COMP_get_compression_methods(); |
| 1800 | 1822 | ||
| 1801 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; | 1823 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; |
| 1802 | 1824 | ||
| @@ -1806,8 +1828,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1806 | /* Setup RFC4507 ticket keys */ | 1828 | /* Setup RFC4507 ticket keys */ |
| 1807 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) | 1829 | if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0) |
| 1808 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) | 1830 | || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0) |
| 1809 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) | 1831 | || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0)) |
| 1810 | ret->options |= SSL_OP_NO_TICKET; | 1832 | ret->options |= SSL_OP_NO_TICKET; |
| 1811 | 1833 | ||
| 1812 | ret->tlsext_status_cb = 0; | 1834 | ret->tlsext_status_cb = 0; |
| 1813 | ret->tlsext_status_arg = NULL; | 1835 | ret->tlsext_status_arg = NULL; |
| @@ -1818,9 +1840,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1818 | # endif | 1840 | # endif |
| 1819 | #endif | 1841 | #endif |
| 1820 | #ifndef OPENSSL_NO_PSK | 1842 | #ifndef OPENSSL_NO_PSK |
| 1821 | ret->psk_identity_hint=NULL; | 1843 | ret->psk_identity_hint = NULL; |
| 1822 | ret->psk_client_callback=NULL; | 1844 | ret->psk_client_callback = NULL; |
| 1823 | ret->psk_server_callback=NULL; | 1845 | ret->psk_server_callback = NULL; |
| 1824 | #endif | 1846 | #endif |
| 1825 | #ifndef OPENSSL_NO_SRP | 1847 | #ifndef OPENSSL_NO_SRP |
| 1826 | SSL_CTX_SRP_CTX_init(ret); | 1848 | SSL_CTX_SRP_CTX_init(ret); |
| @@ -1834,11 +1856,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1834 | ret->rbuf_freelist->len = 0; | 1856 | ret->rbuf_freelist->len = 0; |
| 1835 | ret->rbuf_freelist->head = NULL; | 1857 | ret->rbuf_freelist->head = NULL; |
| 1836 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); | 1858 | ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); |
| 1837 | if (!ret->wbuf_freelist) | 1859 | if (!ret->wbuf_freelist) { |
| 1838 | { | ||
| 1839 | OPENSSL_free(ret->rbuf_freelist); | 1860 | OPENSSL_free(ret->rbuf_freelist); |
| 1840 | goto err; | 1861 | goto err; |
| 1841 | } | 1862 | } |
| 1842 | ret->wbuf_freelist->chunklen = 0; | 1863 | ret->wbuf_freelist->chunklen = 0; |
| 1843 | ret->wbuf_freelist->len = 0; | 1864 | ret->wbuf_freelist->len = 0; |
| 1844 | ret->wbuf_freelist->head = NULL; | 1865 | ret->wbuf_freelist->head = NULL; |
| @@ -1850,16 +1871,15 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1850 | #define eng_str(x) eng_strx(x) | 1871 | #define eng_str(x) eng_strx(x) |
| 1851 | /* Use specific client engine automatically... ignore errors */ | 1872 | /* Use specific client engine automatically... ignore errors */ |
| 1852 | { | 1873 | { |
| 1853 | ENGINE *eng; | 1874 | ENGINE *eng; |
| 1854 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1855 | if (!eng) | ||
| 1856 | { | ||
| 1857 | ERR_clear_error(); | ||
| 1858 | ENGINE_load_builtin_engines(); | ||
| 1859 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | 1875 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); |
| 1876 | if (!eng) { | ||
| 1877 | ERR_clear_error(); | ||
| 1878 | ENGINE_load_builtin_engines(); | ||
| 1879 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1860 | } | 1880 | } |
| 1861 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) | 1881 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) |
| 1862 | ERR_clear_error(); | 1882 | ERR_clear_error(); |
| 1863 | } | 1883 | } |
| 1864 | #endif | 1884 | #endif |
| 1865 | #endif | 1885 | #endif |
| @@ -1868,50 +1888,54 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) | |||
| 1868 | */ | 1888 | */ |
| 1869 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; | 1889 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; |
| 1870 | 1890 | ||
| 1871 | return(ret); | 1891 | return (ret); |
| 1872 | err: | 1892 | err: |
| 1873 | SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); | 1893 | SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); |
| 1874 | err2: | 1894 | err2: |
| 1875 | if (ret != NULL) SSL_CTX_free(ret); | 1895 | if (ret != NULL) |
| 1876 | return(NULL); | 1896 | SSL_CTX_free(ret); |
| 1877 | } | 1897 | return (NULL); |
| 1898 | } | ||
| 1878 | 1899 | ||
| 1879 | #if 0 | 1900 | #if 0 |
| 1880 | static void SSL_COMP_free(SSL_COMP *comp) | 1901 | static void |
| 1881 | { OPENSSL_free(comp); } | 1902 | SSL_COMP_free(SSL_COMP *comp) |
| 1903 | { OPENSSL_free(comp); | ||
| 1904 | } | ||
| 1882 | #endif | 1905 | #endif |
| 1883 | 1906 | ||
| 1884 | #ifndef OPENSSL_NO_BUF_FREELISTS | 1907 | #ifndef OPENSSL_NO_BUF_FREELISTS |
| 1885 | static void | 1908 | static void |
| 1886 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) | 1909 | ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) |
| 1887 | { | 1910 | { |
| 1888 | SSL3_BUF_FREELIST_ENTRY *ent, *next; | 1911 | SSL3_BUF_FREELIST_ENTRY *ent, *next; |
| 1889 | for (ent = list->head; ent; ent = next) | 1912 | for (ent = list->head; ent; ent = next) { |
| 1890 | { | ||
| 1891 | next = ent->next; | 1913 | next = ent->next; |
| 1892 | OPENSSL_free(ent); | 1914 | OPENSSL_free(ent); |
| 1893 | } | ||
| 1894 | OPENSSL_free(list); | ||
| 1895 | } | 1915 | } |
| 1916 | OPENSSL_free(list); | ||
| 1917 | } | ||
| 1896 | #endif | 1918 | #endif |
| 1897 | 1919 | ||
| 1898 | void SSL_CTX_free(SSL_CTX *a) | 1920 | void |
| 1899 | { | 1921 | SSL_CTX_free(SSL_CTX *a) |
| 1922 | { | ||
| 1900 | int i; | 1923 | int i; |
| 1901 | 1924 | ||
| 1902 | if (a == NULL) return; | 1925 | if (a == NULL) |
| 1926 | return; | ||
| 1903 | 1927 | ||
| 1904 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX); | 1928 | i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); |
| 1905 | #ifdef REF_PRINT | 1929 | #ifdef REF_PRINT |
| 1906 | REF_PRINT("SSL_CTX",a); | 1930 | REF_PRINT("SSL_CTX", a); |
| 1907 | #endif | 1931 | #endif |
| 1908 | if (i > 0) return; | 1932 | if (i > 0) |
| 1933 | return; | ||
| 1909 | #ifdef REF_CHECK | 1934 | #ifdef REF_CHECK |
| 1910 | if (i < 0) | 1935 | if (i < 0) { |
| 1911 | { | 1936 | fprintf(stderr, "SSL_CTX_free, bad reference count\n"); |
| 1912 | fprintf(stderr,"SSL_CTX_free, bad reference count\n"); | ||
| 1913 | abort(); /* ok */ | 1937 | abort(); /* ok */ |
| 1914 | } | 1938 | } |
| 1915 | #endif | 1939 | #endif |
| 1916 | 1940 | ||
| 1917 | if (a->param) | 1941 | if (a->param) |
| @@ -1927,7 +1951,7 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1927 | * (See ticket [openssl.org #212].) | 1951 | * (See ticket [openssl.org #212].) |
| 1928 | */ | 1952 | */ |
| 1929 | if (a->sessions != NULL) | 1953 | if (a->sessions != NULL) |
| 1930 | SSL_CTX_flush_sessions(a,0); | 1954 | SSL_CTX_flush_sessions(a, 0); |
| 1931 | 1955 | ||
| 1932 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | 1956 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); |
| 1933 | 1957 | ||
| @@ -1943,19 +1967,19 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1943 | if (a->cert != NULL) | 1967 | if (a->cert != NULL) |
| 1944 | ssl_cert_free(a->cert); | 1968 | ssl_cert_free(a->cert); |
| 1945 | if (a->client_CA != NULL) | 1969 | if (a->client_CA != NULL) |
| 1946 | sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); | 1970 | sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); |
| 1947 | if (a->extra_certs != NULL) | 1971 | if (a->extra_certs != NULL) |
| 1948 | sk_X509_pop_free(a->extra_certs,X509_free); | 1972 | sk_X509_pop_free(a->extra_certs, X509_free); |
| 1949 | #if 0 /* This should never be done, since it removes a global database */ | 1973 | #if 0 /* This should never be done, since it removes a global database */ |
| 1950 | if (a->comp_methods != NULL) | 1974 | if (a->comp_methods != NULL) |
| 1951 | sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); | 1975 | sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); |
| 1952 | #else | 1976 | #else |
| 1953 | a->comp_methods = NULL; | 1977 | a->comp_methods = NULL; |
| 1954 | #endif | 1978 | #endif |
| 1955 | 1979 | ||
| 1956 | #ifndef OPENSSL_NO_SRTP | 1980 | #ifndef OPENSSL_NO_SRTP |
| 1957 | if (a->srtp_profiles) | 1981 | if (a->srtp_profiles) |
| 1958 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); | 1982 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); |
| 1959 | #endif | 1983 | #endif |
| 1960 | 1984 | ||
| 1961 | #ifndef OPENSSL_NO_PSK | 1985 | #ifndef OPENSSL_NO_PSK |
| @@ -1978,42 +2002,48 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1978 | #endif | 2002 | #endif |
| 1979 | 2003 | ||
| 1980 | OPENSSL_free(a); | 2004 | OPENSSL_free(a); |
| 1981 | } | 2005 | } |
| 1982 | 2006 | ||
| 1983 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) | 2007 | void |
| 1984 | { | 2008 | SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) |
| 1985 | ctx->default_passwd_callback=cb; | 2009 | { |
| 1986 | } | 2010 | ctx->default_passwd_callback = cb; |
| 2011 | } | ||
| 1987 | 2012 | ||
| 1988 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) | 2013 | void |
| 1989 | { | 2014 | SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) |
| 1990 | ctx->default_passwd_callback_userdata=u; | 2015 | { |
| 1991 | } | 2016 | ctx->default_passwd_callback_userdata = u; |
| 2017 | } | ||
| 1992 | 2018 | ||
| 1993 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) | 2019 | void |
| 1994 | { | 2020 | SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg) |
| 1995 | ctx->app_verify_callback=cb; | 2021 | { |
| 1996 | ctx->app_verify_arg=arg; | 2022 | ctx->app_verify_callback = cb; |
| 1997 | } | 2023 | ctx->app_verify_arg = arg; |
| 2024 | } | ||
| 1998 | 2025 | ||
| 1999 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) | 2026 | void |
| 2000 | { | 2027 | SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) |
| 2001 | ctx->verify_mode=mode; | 2028 | { |
| 2002 | ctx->default_verify_callback=cb; | 2029 | ctx->verify_mode = mode; |
| 2003 | } | 2030 | ctx->default_verify_callback = cb; |
| 2031 | } | ||
| 2004 | 2032 | ||
| 2005 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) | 2033 | void |
| 2006 | { | 2034 | SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) |
| 2035 | { | ||
| 2007 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | 2036 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); |
| 2008 | } | 2037 | } |
| 2009 | 2038 | ||
| 2010 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | 2039 | void |
| 2011 | { | 2040 | ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) |
| 2041 | { | ||
| 2012 | CERT_PKEY *cpk; | 2042 | CERT_PKEY *cpk; |
| 2013 | int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; | 2043 | int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; |
| 2014 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | 2044 | int rsa_enc_export, dh_rsa_export, dh_dsa_export; |
| 2015 | int rsa_tmp_export,dh_tmp_export,kl; | 2045 | int rsa_tmp_export, dh_tmp_export, kl; |
| 2016 | unsigned long mask_k,mask_a,emask_k,emask_a; | 2046 | unsigned long mask_k, mask_a, emask_k, emask_a; |
| 2017 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; | 2047 | int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; |
| 2018 | #ifndef OPENSSL_NO_ECDH | 2048 | #ifndef OPENSSL_NO_ECDH |
| 2019 | int have_ecdh_tmp; | 2049 | int have_ecdh_tmp; |
| @@ -2022,57 +2052,58 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2022 | EVP_PKEY *ecc_pkey = NULL; | 2052 | EVP_PKEY *ecc_pkey = NULL; |
| 2023 | int signature_nid = 0, pk_nid = 0, md_nid = 0; | 2053 | int signature_nid = 0, pk_nid = 0, md_nid = 0; |
| 2024 | 2054 | ||
| 2025 | if (c == NULL) return; | 2055 | if (c == NULL) |
| 2056 | return; | ||
| 2026 | 2057 | ||
| 2027 | kl=SSL_C_EXPORT_PKEYLENGTH(cipher); | 2058 | kl = SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 2028 | 2059 | ||
| 2029 | #ifndef OPENSSL_NO_RSA | 2060 | #ifndef OPENSSL_NO_RSA |
| 2030 | rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); | 2061 | rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); |
| 2031 | rsa_tmp_export=(c->rsa_tmp_cb != NULL || | 2062 | rsa_tmp_export = (c->rsa_tmp_cb != NULL || |
| 2032 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); | 2063 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); |
| 2033 | #else | 2064 | #else |
| 2034 | rsa_tmp=rsa_tmp_export=0; | 2065 | rsa_tmp = rsa_tmp_export = 0; |
| 2035 | #endif | 2066 | #endif |
| 2036 | #ifndef OPENSSL_NO_DH | 2067 | #ifndef OPENSSL_NO_DH |
| 2037 | dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); | 2068 | dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL); |
| 2038 | dh_tmp_export=(c->dh_tmp_cb != NULL || | 2069 | dh_tmp_export = (c->dh_tmp_cb != NULL || |
| 2039 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); | 2070 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); |
| 2040 | #else | 2071 | #else |
| 2041 | dh_tmp=dh_tmp_export=0; | 2072 | dh_tmp = dh_tmp_export = 0; |
| 2042 | #endif | 2073 | #endif |
| 2043 | 2074 | ||
| 2044 | #ifndef OPENSSL_NO_ECDH | 2075 | #ifndef OPENSSL_NO_ECDH |
| 2045 | have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); | 2076 | have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL); |
| 2046 | #endif | 2077 | #endif |
| 2047 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | 2078 | cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); |
| 2048 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2079 | rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2049 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2080 | rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2050 | cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); | 2081 | cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); |
| 2051 | rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2082 | rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2052 | cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); | 2083 | cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); |
| 2053 | dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); | 2084 | dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2054 | cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); | 2085 | cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); |
| 2055 | dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2086 | dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2056 | dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2087 | dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2057 | cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); | 2088 | cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); |
| 2058 | /* FIX THIS EAY EAY EAY */ | 2089 | /* FIX THIS EAY EAY EAY */ |
| 2059 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2090 | dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2060 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); | 2091 | dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 2061 | cpk= &(c->pkeys[SSL_PKEY_ECC]); | 2092 | cpk = &(c->pkeys[SSL_PKEY_ECC]); |
| 2062 | have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); | 2093 | have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 2063 | mask_k=0; | 2094 | mask_k = 0; |
| 2064 | mask_a=0; | 2095 | mask_a = 0; |
| 2065 | emask_k=0; | 2096 | emask_k = 0; |
| 2066 | emask_a=0; | 2097 | emask_a = 0; |
| 2098 | |||
| 2067 | 2099 | ||
| 2068 | |||
| 2069 | 2100 | ||
| 2070 | #ifdef CIPHER_DEBUG | 2101 | #ifdef CIPHER_DEBUG |
| 2071 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", | 2102 | printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", |
| 2072 | rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp, | 2103 | rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, |
| 2073 | rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); | 2104 | rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); |
| 2074 | #endif | 2105 | #endif |
| 2075 | 2106 | ||
| 2076 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); | 2107 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); |
| 2077 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { | 2108 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { |
| 2078 | mask_k |= SSL_kGOST; | 2109 | mask_k |= SSL_kGOST; |
| @@ -2091,12 +2122,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2091 | 2122 | ||
| 2092 | #if 0 | 2123 | #if 0 |
| 2093 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ | 2124 | /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ |
| 2094 | if ( (dh_tmp || dh_rsa || dh_dsa) && | 2125 | if ((dh_tmp || dh_rsa || dh_dsa) && |
| 2095 | (rsa_enc || rsa_sign || dsa_sign)) | 2126 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2096 | mask_k|=SSL_kEDH; | 2127 | mask_k|=SSL_kEDH; |
| 2097 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && | 2128 | if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && |
| 2098 | (rsa_enc || rsa_sign || dsa_sign)) | 2129 | (rsa_enc || rsa_sign || dsa_sign)) |
| 2099 | emask_k|=SSL_kEDH; | 2130 | emask_k|=SSL_kEDH; |
| 2100 | #endif | 2131 | #endif |
| 2101 | 2132 | ||
| 2102 | if (dh_tmp_export) | 2133 | if (dh_tmp_export) |
| @@ -2105,23 +2136,25 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2105 | if (dh_tmp) | 2136 | if (dh_tmp) |
| 2106 | mask_k|=SSL_kEDH; | 2137 | mask_k|=SSL_kEDH; |
| 2107 | 2138 | ||
| 2108 | if (dh_rsa) mask_k|=SSL_kDHr; | 2139 | if (dh_rsa) |
| 2109 | if (dh_rsa_export) emask_k|=SSL_kDHr; | 2140 | mask_k|=SSL_kDHr; |
| 2141 | if (dh_rsa_export) | ||
| 2142 | emask_k|=SSL_kDHr; | ||
| 2110 | 2143 | ||
| 2111 | if (dh_dsa) mask_k|=SSL_kDHd; | 2144 | if (dh_dsa) |
| 2112 | if (dh_dsa_export) emask_k|=SSL_kDHd; | 2145 | mask_k|=SSL_kDHd; |
| 2146 | if (dh_dsa_export) | ||
| 2147 | emask_k|=SSL_kDHd; | ||
| 2113 | 2148 | ||
| 2114 | if (rsa_enc || rsa_sign) | 2149 | if (rsa_enc || rsa_sign) { |
| 2115 | { | ||
| 2116 | mask_a|=SSL_aRSA; | 2150 | mask_a|=SSL_aRSA; |
| 2117 | emask_a|=SSL_aRSA; | 2151 | emask_a|=SSL_aRSA; |
| 2118 | } | 2152 | } |
| 2119 | 2153 | ||
| 2120 | if (dsa_sign) | 2154 | if (dsa_sign) { |
| 2121 | { | ||
| 2122 | mask_a|=SSL_aDSS; | 2155 | mask_a|=SSL_aDSS; |
| 2123 | emask_a|=SSL_aDSS; | 2156 | emask_a|=SSL_aDSS; |
| 2124 | } | 2157 | } |
| 2125 | 2158 | ||
| 2126 | mask_a|=SSL_aNULL; | 2159 | mask_a|=SSL_aNULL; |
| 2127 | emask_a|=SSL_aNULL; | 2160 | emask_a|=SSL_aNULL; |
| @@ -2136,66 +2169,57 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2136 | /* An ECC certificate may be usable for ECDH and/or | 2169 | /* An ECC certificate may be usable for ECDH and/or |
| 2137 | * ECDSA cipher suites depending on the key usage extension. | 2170 | * ECDSA cipher suites depending on the key usage extension. |
| 2138 | */ | 2171 | */ |
| 2139 | if (have_ecc_cert) | 2172 | if (have_ecc_cert) { |
| 2140 | { | ||
| 2141 | /* This call populates extension flags (ex_flags) */ | 2173 | /* This call populates extension flags (ex_flags) */ |
| 2142 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | 2174 | x = (c->pkeys[SSL_PKEY_ECC]).x509; |
| 2143 | X509_check_purpose(x, -1, 0); | 2175 | X509_check_purpose(x, -1, 0); |
| 2144 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2176 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2145 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | 2177 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; |
| 2146 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | 2178 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? |
| 2147 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | 2179 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; |
| 2148 | ecc_pkey = X509_get_pubkey(x); | 2180 | ecc_pkey = X509_get_pubkey(x); |
| 2149 | ecc_pkey_size = (ecc_pkey != NULL) ? | 2181 | ecc_pkey_size = (ecc_pkey != NULL) ? |
| 2150 | EVP_PKEY_bits(ecc_pkey) : 0; | 2182 | EVP_PKEY_bits(ecc_pkey) : 0; |
| 2151 | EVP_PKEY_free(ecc_pkey); | 2183 | EVP_PKEY_free(ecc_pkey); |
| 2152 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2184 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2153 | { | ||
| 2154 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2185 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2155 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2186 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2156 | } | 2187 | } |
| 2157 | #ifndef OPENSSL_NO_ECDH | 2188 | #ifndef OPENSSL_NO_ECDH |
| 2158 | if (ecdh_ok) | 2189 | if (ecdh_ok) { |
| 2159 | { | ||
| 2160 | 2190 | ||
| 2161 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) | 2191 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { |
| 2162 | { | ||
| 2163 | mask_k|=SSL_kECDHr; | 2192 | mask_k|=SSL_kECDHr; |
| 2164 | mask_a|=SSL_aECDH; | 2193 | mask_a|=SSL_aECDH; |
| 2165 | if (ecc_pkey_size <= 163) | 2194 | if (ecc_pkey_size <= 163) { |
| 2166 | { | ||
| 2167 | emask_k|=SSL_kECDHr; | 2195 | emask_k|=SSL_kECDHr; |
| 2168 | emask_a|=SSL_aECDH; | 2196 | emask_a|=SSL_aECDH; |
| 2169 | } | ||
| 2170 | } | 2197 | } |
| 2198 | } | ||
| 2171 | 2199 | ||
| 2172 | if (pk_nid == NID_X9_62_id_ecPublicKey) | 2200 | if (pk_nid == NID_X9_62_id_ecPublicKey) { |
| 2173 | { | ||
| 2174 | mask_k|=SSL_kECDHe; | 2201 | mask_k|=SSL_kECDHe; |
| 2175 | mask_a|=SSL_aECDH; | 2202 | mask_a|=SSL_aECDH; |
| 2176 | if (ecc_pkey_size <= 163) | 2203 | if (ecc_pkey_size <= 163) { |
| 2177 | { | ||
| 2178 | emask_k|=SSL_kECDHe; | 2204 | emask_k|=SSL_kECDHe; |
| 2179 | emask_a|=SSL_aECDH; | 2205 | emask_a|=SSL_aECDH; |
| 2180 | } | ||
| 2181 | } | 2206 | } |
| 2182 | } | 2207 | } |
| 2208 | } | ||
| 2183 | #endif | 2209 | #endif |
| 2184 | #ifndef OPENSSL_NO_ECDSA | 2210 | #ifndef OPENSSL_NO_ECDSA |
| 2185 | if (ecdsa_ok) | 2211 | if (ecdsa_ok) { |
| 2186 | { | ||
| 2187 | mask_a|=SSL_aECDSA; | 2212 | mask_a|=SSL_aECDSA; |
| 2188 | emask_a|=SSL_aECDSA; | 2213 | emask_a|=SSL_aECDSA; |
| 2189 | } | ||
| 2190 | #endif | ||
| 2191 | } | 2214 | } |
| 2215 | #endif | ||
| 2216 | } | ||
| 2192 | 2217 | ||
| 2193 | #ifndef OPENSSL_NO_ECDH | 2218 | #ifndef OPENSSL_NO_ECDH |
| 2194 | if (have_ecdh_tmp) | 2219 | if (have_ecdh_tmp) { |
| 2195 | { | ||
| 2196 | mask_k|=SSL_kEECDH; | 2220 | mask_k|=SSL_kEECDH; |
| 2197 | emask_k|=SSL_kEECDH; | 2221 | emask_k|=SSL_kEECDH; |
| 2198 | } | 2222 | } |
| 2199 | #endif | 2223 | #endif |
| 2200 | 2224 | ||
| 2201 | #ifndef OPENSSL_NO_PSK | 2225 | #ifndef OPENSSL_NO_PSK |
| @@ -2205,12 +2229,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2205 | emask_a |= SSL_aPSK; | 2229 | emask_a |= SSL_aPSK; |
| 2206 | #endif | 2230 | #endif |
| 2207 | 2231 | ||
| 2208 | c->mask_k=mask_k; | 2232 | c->mask_k = mask_k; |
| 2209 | c->mask_a=mask_a; | 2233 | c->mask_a = mask_a; |
| 2210 | c->export_mask_k=emask_k; | 2234 | c->export_mask_k = emask_k; |
| 2211 | c->export_mask_a=emask_a; | 2235 | c->export_mask_a = emask_a; |
| 2212 | c->valid=1; | 2236 | c->valid = 1; |
| 2213 | } | 2237 | } |
| 2214 | 2238 | ||
| 2215 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | 2239 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ |
| 2216 | #define ku_reject(x, usage) \ | 2240 | #define ku_reject(x, usage) \ |
| @@ -2218,8 +2242,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | |||
| 2218 | 2242 | ||
| 2219 | #ifndef OPENSSL_NO_EC | 2243 | #ifndef OPENSSL_NO_EC |
| 2220 | 2244 | ||
| 2221 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | 2245 | int |
| 2222 | { | 2246 | ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) |
| 2247 | { | ||
| 2223 | unsigned long alg_k, alg_a; | 2248 | unsigned long alg_k, alg_a; |
| 2224 | EVP_PKEY *pkey = NULL; | 2249 | EVP_PKEY *pkey = NULL; |
| 2225 | int keysize = 0; | 2250 | int keysize = 0; |
| @@ -2229,81 +2254,74 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | |||
| 2229 | alg_k = cs->algorithm_mkey; | 2254 | alg_k = cs->algorithm_mkey; |
| 2230 | alg_a = cs->algorithm_auth; | 2255 | alg_a = cs->algorithm_auth; |
| 2231 | 2256 | ||
| 2232 | if (SSL_C_IS_EXPORT(cs)) | 2257 | if (SSL_C_IS_EXPORT(cs)) { |
| 2233 | { | ||
| 2234 | /* ECDH key length in export ciphers must be <= 163 bits */ | 2258 | /* ECDH key length in export ciphers must be <= 163 bits */ |
| 2235 | pkey = X509_get_pubkey(x); | 2259 | pkey = X509_get_pubkey(x); |
| 2236 | if (pkey == NULL) return 0; | 2260 | if (pkey == NULL) |
| 2261 | return 0; | ||
| 2237 | keysize = EVP_PKEY_bits(pkey); | 2262 | keysize = EVP_PKEY_bits(pkey); |
| 2238 | EVP_PKEY_free(pkey); | 2263 | EVP_PKEY_free(pkey); |
| 2239 | if (keysize > 163) return 0; | 2264 | if (keysize > 163) |
| 2240 | } | 2265 | return 0; |
| 2266 | } | ||
| 2241 | 2267 | ||
| 2242 | /* This call populates the ex_flags field correctly */ | 2268 | /* This call populates the ex_flags field correctly */ |
| 2243 | X509_check_purpose(x, -1, 0); | 2269 | X509_check_purpose(x, -1, 0); |
| 2244 | if ((x->sig_alg) && (x->sig_alg->algorithm)) | 2270 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { |
| 2245 | { | ||
| 2246 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | 2271 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); |
| 2247 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | 2272 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); |
| 2248 | } | 2273 | } |
| 2249 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) | 2274 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { |
| 2250 | { | ||
| 2251 | /* key usage, if present, must allow key agreement */ | 2275 | /* key usage, if present, must allow key agreement */ |
| 2252 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) | 2276 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { |
| 2253 | { | ||
| 2254 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); | 2277 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); |
| 2255 | return 0; | 2278 | return 0; |
| 2256 | } | 2279 | } |
| 2257 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) | 2280 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2258 | { | ||
| 2259 | /* signature alg must be ECDSA */ | 2281 | /* signature alg must be ECDSA */ |
| 2260 | if (pk_nid != NID_X9_62_id_ecPublicKey) | 2282 | if (pk_nid != NID_X9_62_id_ecPublicKey) { |
| 2261 | { | ||
| 2262 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); | 2283 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); |
| 2263 | return 0; | 2284 | return 0; |
| 2264 | } | ||
| 2265 | } | 2285 | } |
| 2266 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) | 2286 | } |
| 2267 | { | 2287 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) { |
| 2268 | /* signature alg must be RSA */ | 2288 | /* signature alg must be RSA */ |
| 2269 | 2289 | ||
| 2270 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) | 2290 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { |
| 2271 | { | ||
| 2272 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); | 2291 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); |
| 2273 | return 0; | 2292 | return 0; |
| 2274 | } | ||
| 2275 | } | 2293 | } |
| 2276 | } | 2294 | } |
| 2277 | if (alg_a & SSL_aECDSA) | 2295 | } |
| 2278 | { | 2296 | if (alg_a & SSL_aECDSA) { |
| 2279 | /* key usage, if present, must allow signing */ | 2297 | /* key usage, if present, must allow signing */ |
| 2280 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) | 2298 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { |
| 2281 | { | ||
| 2282 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); | 2299 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING); |
| 2283 | return 0; | 2300 | return 0; |
| 2284 | } | ||
| 2285 | } | 2301 | } |
| 2286 | |||
| 2287 | return 1; /* all checks are ok */ | ||
| 2288 | } | 2302 | } |
| 2289 | 2303 | ||
| 2304 | return 1; | ||
| 2305 | /* all checks are ok */ | ||
| 2306 | } | ||
| 2307 | |||
| 2290 | #endif | 2308 | #endif |
| 2291 | 2309 | ||
| 2292 | /* THIS NEEDS CLEANING UP */ | 2310 | /* THIS NEEDS CLEANING UP */ |
| 2293 | CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | 2311 | CERT_PKEY |
| 2294 | { | 2312 | *ssl_get_server_send_pkey(const SSL *s) |
| 2295 | unsigned long alg_k,alg_a; | 2313 | { |
| 2314 | unsigned long alg_k, alg_a; | ||
| 2296 | CERT *c; | 2315 | CERT *c; |
| 2297 | int i; | 2316 | int i; |
| 2298 | 2317 | ||
| 2299 | c=s->cert; | 2318 | c = s->cert; |
| 2300 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); | 2319 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); |
| 2301 | 2320 | ||
| 2302 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | 2321 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; |
| 2303 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | 2322 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; |
| 2304 | 2323 | ||
| 2305 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) | 2324 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { |
| 2306 | { | ||
| 2307 | /* we don't need to look at SSL_kEECDH | 2325 | /* we don't need to look at SSL_kEECDH |
| 2308 | * since no certificate is needed for | 2326 | * since no certificate is needed for |
| 2309 | * anon ECDH and for authenticated | 2327 | * anon ECDH and for authenticated |
| @@ -2315,171 +2333,162 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) | |||
| 2315 | * checks for SSL_kECDH before RSA | 2333 | * checks for SSL_kECDH before RSA |
| 2316 | * checks ensures the correct cert is chosen. | 2334 | * checks ensures the correct cert is chosen. |
| 2317 | */ | 2335 | */ |
| 2318 | i=SSL_PKEY_ECC; | 2336 | i = SSL_PKEY_ECC; |
| 2319 | } | 2337 | } else if (alg_a & SSL_aECDSA) { |
| 2320 | else if (alg_a & SSL_aECDSA) | 2338 | i = SSL_PKEY_ECC; |
| 2321 | { | 2339 | } else if (alg_k & SSL_kDHr) |
| 2322 | i=SSL_PKEY_ECC; | 2340 | i = SSL_PKEY_DH_RSA; |
| 2323 | } | ||
| 2324 | else if (alg_k & SSL_kDHr) | ||
| 2325 | i=SSL_PKEY_DH_RSA; | ||
| 2326 | else if (alg_k & SSL_kDHd) | 2341 | else if (alg_k & SSL_kDHd) |
| 2327 | i=SSL_PKEY_DH_DSA; | 2342 | i = SSL_PKEY_DH_DSA; |
| 2328 | else if (alg_a & SSL_aDSS) | 2343 | else if (alg_a & SSL_aDSS) |
| 2329 | i=SSL_PKEY_DSA_SIGN; | 2344 | i = SSL_PKEY_DSA_SIGN; |
| 2330 | else if (alg_a & SSL_aRSA) | 2345 | else if (alg_a & SSL_aRSA) { |
| 2331 | { | ||
| 2332 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) | 2346 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) |
| 2333 | i=SSL_PKEY_RSA_SIGN; | 2347 | i = SSL_PKEY_RSA_SIGN; |
| 2334 | else | 2348 | else |
| 2335 | i=SSL_PKEY_RSA_ENC; | 2349 | i = SSL_PKEY_RSA_ENC; |
| 2336 | } | 2350 | } else if (alg_a & SSL_aKRB5) { |
| 2337 | else if (alg_a & SSL_aKRB5) | ||
| 2338 | { | ||
| 2339 | /* VRS something else here? */ | 2351 | /* VRS something else here? */ |
| 2340 | return(NULL); | 2352 | return (NULL); |
| 2341 | } | 2353 | } else if (alg_a & SSL_aGOST94) |
| 2342 | else if (alg_a & SSL_aGOST94) | 2354 | i = SSL_PKEY_GOST94; |
| 2343 | i=SSL_PKEY_GOST94; | ||
| 2344 | else if (alg_a & SSL_aGOST01) | 2355 | else if (alg_a & SSL_aGOST01) |
| 2345 | i=SSL_PKEY_GOST01; | 2356 | i = SSL_PKEY_GOST01; |
| 2346 | else /* if (alg_a & SSL_aNULL) */ | 2357 | else /* if (alg_a & SSL_aNULL) */ |
| 2347 | { | 2358 | { |
| 2348 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR); | 2359 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); |
| 2349 | return(NULL); | 2360 | return (NULL); |
| 2350 | } | 2361 | } |
| 2351 | 2362 | ||
| 2352 | return c->pkeys + i; | 2363 | return c->pkeys + i; |
| 2353 | } | 2364 | } |
| 2354 | 2365 | ||
| 2355 | X509 *ssl_get_server_send_cert(const SSL *s) | 2366 | X509 |
| 2356 | { | 2367 | *ssl_get_server_send_cert(const SSL *s) |
| 2368 | { | ||
| 2357 | CERT_PKEY *cpk; | 2369 | CERT_PKEY *cpk; |
| 2358 | cpk = ssl_get_server_send_pkey(s); | 2370 | cpk = ssl_get_server_send_pkey(s); |
| 2359 | if (!cpk) | 2371 | if (!cpk) |
| 2360 | return NULL; | 2372 | return NULL; |
| 2361 | return cpk->x509; | 2373 | return cpk->x509; |
| 2362 | } | 2374 | } |
| 2363 | 2375 | ||
| 2364 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd) | 2376 | EVP_PKEY |
| 2365 | { | 2377 | *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) |
| 2378 | { | ||
| 2366 | unsigned long alg_a; | 2379 | unsigned long alg_a; |
| 2367 | CERT *c; | 2380 | CERT *c; |
| 2368 | int idx = -1; | 2381 | int idx = -1; |
| 2369 | 2382 | ||
| 2370 | alg_a = cipher->algorithm_auth; | 2383 | alg_a = cipher->algorithm_auth; |
| 2371 | c=s->cert; | 2384 | c = s->cert; |
| 2372 | 2385 | ||
| 2373 | if ((alg_a & SSL_aDSS) && | 2386 | if ((alg_a & SSL_aDSS) && |
| 2374 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) | 2387 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) |
| 2375 | idx = SSL_PKEY_DSA_SIGN; | 2388 | idx = SSL_PKEY_DSA_SIGN; |
| 2376 | else if (alg_a & SSL_aRSA) | 2389 | else if (alg_a & SSL_aRSA) { |
| 2377 | { | ||
| 2378 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) | 2390 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) |
| 2379 | idx = SSL_PKEY_RSA_SIGN; | 2391 | idx = SSL_PKEY_RSA_SIGN; |
| 2380 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) | 2392 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) |
| 2381 | idx = SSL_PKEY_RSA_ENC; | 2393 | idx = SSL_PKEY_RSA_ENC; |
| 2382 | } | 2394 | } else if ((alg_a & SSL_aECDSA) && |
| 2383 | else if ((alg_a & SSL_aECDSA) && | 2395 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) |
| 2384 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | 2396 | idx = SSL_PKEY_ECC; |
| 2385 | idx = SSL_PKEY_ECC; | 2397 | if (idx == -1) { |
| 2386 | if (idx == -1) | 2398 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); |
| 2387 | { | 2399 | return (NULL); |
| 2388 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); | 2400 | } |
| 2389 | return(NULL); | ||
| 2390 | } | ||
| 2391 | if (pmd) | 2401 | if (pmd) |
| 2392 | *pmd = c->pkeys[idx].digest; | 2402 | *pmd = c->pkeys[idx].digest; |
| 2393 | return c->pkeys[idx].privatekey; | 2403 | return c->pkeys[idx].privatekey; |
| 2394 | } | 2404 | } |
| 2395 | 2405 | ||
| 2396 | void ssl_update_cache(SSL *s,int mode) | 2406 | void |
| 2397 | { | 2407 | ssl_update_cache(SSL *s, int mode) |
| 2408 | { | ||
| 2398 | int i; | 2409 | int i; |
| 2399 | 2410 | ||
| 2400 | /* If the session_id_length is 0, we are not supposed to cache it, | 2411 | /* If the session_id_length is 0, we are not supposed to cache it, |
| 2401 | * and it would be rather hard to do anyway :-) */ | 2412 | * and it would be rather hard to do anyway :-) */ |
| 2402 | if (s->session->session_id_length == 0) return; | 2413 | if (s->session->session_id_length == 0) |
| 2414 | return; | ||
| 2403 | 2415 | ||
| 2404 | i=s->session_ctx->session_cache_mode; | 2416 | i = s->session_ctx->session_cache_mode; |
| 2405 | if ((i & mode) && (!s->hit) | 2417 | if ((i & mode) && (!s->hit) |
| 2406 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | 2418 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 2407 | || SSL_CTX_add_session(s->session_ctx,s->session)) | 2419 | || SSL_CTX_add_session(s->session_ctx, s->session)) |
| 2408 | && (s->session_ctx->new_session_cb != NULL)) | 2420 | && (s->session_ctx->new_session_cb != NULL)) { |
| 2409 | { | 2421 | CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 2410 | CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); | 2422 | if (!s->session_ctx->new_session_cb(s, s->session)) |
| 2411 | if (!s->session_ctx->new_session_cb(s,s->session)) | ||
| 2412 | SSL_SESSION_free(s->session); | 2423 | SSL_SESSION_free(s->session); |
| 2413 | } | 2424 | } |
| 2414 | 2425 | ||
| 2415 | /* auto flush every 255 connections */ | 2426 | /* auto flush every 255 connections */ |
| 2416 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && | 2427 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && |
| 2417 | ((i & mode) == mode)) | 2428 | ((i & mode) == mode)) { |
| 2418 | { | 2429 | if ((((mode & SSL_SESS_CACHE_CLIENT) |
| 2419 | if ( (((mode & SSL_SESS_CACHE_CLIENT) | ||
| 2420 | ?s->session_ctx->stats.sess_connect_good | 2430 | ?s->session_ctx->stats.sess_connect_good |
| 2421 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) | 2431 | :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { |
| 2422 | { | ||
| 2423 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); | 2432 | SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL)); |
| 2424 | } | ||
| 2425 | } | 2433 | } |
| 2426 | } | 2434 | } |
| 2435 | } | ||
| 2427 | 2436 | ||
| 2428 | const SSL_METHOD *SSL_get_ssl_method(SSL *s) | 2437 | const SSL_METHOD |
| 2429 | { | 2438 | *SSL_get_ssl_method(SSL *s) |
| 2430 | return(s->method); | 2439 | { |
| 2431 | } | 2440 | return (s->method); |
| 2441 | } | ||
| 2432 | 2442 | ||
| 2433 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) | 2443 | int |
| 2434 | { | 2444 | SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) |
| 2435 | int conn= -1; | 2445 | { |
| 2436 | int ret=1; | 2446 | int conn = -1; |
| 2447 | int ret = 1; | ||
| 2437 | 2448 | ||
| 2438 | if (s->method != meth) | 2449 | if (s->method != meth) { |
| 2439 | { | ||
| 2440 | if (s->handshake_func != NULL) | 2450 | if (s->handshake_func != NULL) |
| 2441 | conn=(s->handshake_func == s->method->ssl_connect); | 2451 | conn = (s->handshake_func == s->method->ssl_connect); |
| 2442 | 2452 | ||
| 2443 | if (s->method->version == meth->version) | 2453 | if (s->method->version == meth->version) |
| 2444 | s->method=meth; | 2454 | s->method = meth; |
| 2445 | else | 2455 | else { |
| 2446 | { | ||
| 2447 | s->method->ssl_free(s); | 2456 | s->method->ssl_free(s); |
| 2448 | s->method=meth; | 2457 | s->method = meth; |
| 2449 | ret=s->method->ssl_new(s); | 2458 | ret = s->method->ssl_new(s); |
| 2450 | } | 2459 | } |
| 2451 | 2460 | ||
| 2452 | if (conn == 1) | 2461 | if (conn == 1) |
| 2453 | s->handshake_func=meth->ssl_connect; | 2462 | s->handshake_func = meth->ssl_connect; |
| 2454 | else if (conn == 0) | 2463 | else if (conn == 0) |
| 2455 | s->handshake_func=meth->ssl_accept; | 2464 | s->handshake_func = meth->ssl_accept; |
| 2456 | } | ||
| 2457 | return(ret); | ||
| 2458 | } | 2465 | } |
| 2466 | return (ret); | ||
| 2467 | } | ||
| 2459 | 2468 | ||
| 2460 | int SSL_get_error(const SSL *s,int i) | 2469 | int |
| 2461 | { | 2470 | SSL_get_error(const SSL *s, int i) |
| 2471 | { | ||
| 2462 | int reason; | 2472 | int reason; |
| 2463 | unsigned long l; | 2473 | unsigned long l; |
| 2464 | BIO *bio; | 2474 | BIO *bio; |
| 2465 | 2475 | ||
| 2466 | if (i > 0) return(SSL_ERROR_NONE); | 2476 | if (i > 0) |
| 2477 | return (SSL_ERROR_NONE); | ||
| 2467 | 2478 | ||
| 2468 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake | 2479 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake |
| 2469 | * etc, where we do encode the error */ | 2480 | * etc, where we do encode the error */ |
| 2470 | if ((l=ERR_peek_error()) != 0) | 2481 | if ((l = ERR_peek_error()) != 0) { |
| 2471 | { | ||
| 2472 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) | 2482 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) |
| 2473 | return(SSL_ERROR_SYSCALL); | 2483 | return (SSL_ERROR_SYSCALL); |
| 2474 | else | 2484 | else |
| 2475 | return(SSL_ERROR_SSL); | 2485 | return (SSL_ERROR_SSL); |
| 2476 | } | 2486 | } |
| 2477 | 2487 | ||
| 2478 | if ((i < 0) && SSL_want_read(s)) | 2488 | if ((i < 0) && SSL_want_read(s)) { |
| 2479 | { | 2489 | bio = SSL_get_rbio(s); |
| 2480 | bio=SSL_get_rbio(s); | ||
| 2481 | if (BIO_should_read(bio)) | 2490 | if (BIO_should_read(bio)) |
| 2482 | return(SSL_ERROR_WANT_READ); | 2491 | return (SSL_ERROR_WANT_READ); |
| 2483 | else if (BIO_should_write(bio)) | 2492 | else if (BIO_should_write(bio)) |
| 2484 | /* This one doesn't make too much sense ... We never try | 2493 | /* This one doesn't make too much sense ... We never try |
| 2485 | * to write to the rbio, and an application program where | 2494 | * to write to the rbio, and an application program where |
| @@ -2490,131 +2499,129 @@ int SSL_get_error(const SSL *s,int i) | |||
| 2490 | * SSL_want_write(s)) and rbio and wbio *are* the same, | 2499 | * SSL_want_write(s)) and rbio and wbio *are* the same, |
| 2491 | * this test works around that bug; so it might be safer | 2500 | * this test works around that bug; so it might be safer |
| 2492 | * to keep it. */ | 2501 | * to keep it. */ |
| 2493 | return(SSL_ERROR_WANT_WRITE); | 2502 | return (SSL_ERROR_WANT_WRITE); |
| 2494 | else if (BIO_should_io_special(bio)) | 2503 | else if (BIO_should_io_special(bio)) { |
| 2495 | { | 2504 | reason = BIO_get_retry_reason(bio); |
| 2496 | reason=BIO_get_retry_reason(bio); | ||
| 2497 | if (reason == BIO_RR_CONNECT) | 2505 | if (reason == BIO_RR_CONNECT) |
| 2498 | return(SSL_ERROR_WANT_CONNECT); | 2506 | return (SSL_ERROR_WANT_CONNECT); |
| 2499 | else if (reason == BIO_RR_ACCEPT) | 2507 | else if (reason == BIO_RR_ACCEPT) |
| 2500 | return(SSL_ERROR_WANT_ACCEPT); | 2508 | return (SSL_ERROR_WANT_ACCEPT); |
| 2501 | else | 2509 | else |
| 2502 | return(SSL_ERROR_SYSCALL); /* unknown */ | 2510 | return(SSL_ERROR_SYSCALL); /* unknown */ |
| 2503 | } | ||
| 2504 | } | 2511 | } |
| 2512 | } | ||
| 2505 | 2513 | ||
| 2506 | if ((i < 0) && SSL_want_write(s)) | 2514 | if ((i < 0) && SSL_want_write(s)) { |
| 2507 | { | 2515 | bio = SSL_get_wbio(s); |
| 2508 | bio=SSL_get_wbio(s); | ||
| 2509 | if (BIO_should_write(bio)) | 2516 | if (BIO_should_write(bio)) |
| 2510 | return(SSL_ERROR_WANT_WRITE); | 2517 | return (SSL_ERROR_WANT_WRITE); |
| 2511 | else if (BIO_should_read(bio)) | 2518 | else if (BIO_should_read(bio)) |
| 2512 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ | 2519 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ |
| 2513 | return(SSL_ERROR_WANT_READ); | 2520 | return (SSL_ERROR_WANT_READ); |
| 2514 | else if (BIO_should_io_special(bio)) | 2521 | else if (BIO_should_io_special(bio)) { |
| 2515 | { | 2522 | reason = BIO_get_retry_reason(bio); |
| 2516 | reason=BIO_get_retry_reason(bio); | ||
| 2517 | if (reason == BIO_RR_CONNECT) | 2523 | if (reason == BIO_RR_CONNECT) |
| 2518 | return(SSL_ERROR_WANT_CONNECT); | 2524 | return (SSL_ERROR_WANT_CONNECT); |
| 2519 | else if (reason == BIO_RR_ACCEPT) | 2525 | else if (reason == BIO_RR_ACCEPT) |
| 2520 | return(SSL_ERROR_WANT_ACCEPT); | 2526 | return (SSL_ERROR_WANT_ACCEPT); |
| 2521 | else | 2527 | else |
| 2522 | return(SSL_ERROR_SYSCALL); | 2528 | return (SSL_ERROR_SYSCALL); |
| 2523 | } | ||
| 2524 | } | ||
| 2525 | if ((i < 0) && SSL_want_x509_lookup(s)) | ||
| 2526 | { | ||
| 2527 | return(SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2528 | } | 2529 | } |
| 2530 | } | ||
| 2531 | if ((i < 0) && SSL_want_x509_lookup(s)) { | ||
| 2532 | return (SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2533 | } | ||
| 2529 | 2534 | ||
| 2530 | if (i == 0) | 2535 | if (i == 0) { |
| 2531 | { | 2536 | if (s->version == SSL2_VERSION) { |
| 2532 | if (s->version == SSL2_VERSION) | ||
| 2533 | { | ||
| 2534 | /* assume it is the socket being closed */ | 2537 | /* assume it is the socket being closed */ |
| 2535 | return(SSL_ERROR_ZERO_RETURN); | 2538 | return (SSL_ERROR_ZERO_RETURN); |
| 2536 | } | 2539 | } else { |
| 2537 | else | ||
| 2538 | { | ||
| 2539 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | 2540 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && |
| 2540 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) | 2541 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) |
| 2541 | return(SSL_ERROR_ZERO_RETURN); | 2542 | return (SSL_ERROR_ZERO_RETURN); |
| 2542 | } | ||
| 2543 | } | 2543 | } |
| 2544 | return(SSL_ERROR_SYSCALL); | ||
| 2545 | } | 2544 | } |
| 2545 | return (SSL_ERROR_SYSCALL); | ||
| 2546 | } | ||
| 2546 | 2547 | ||
| 2547 | int SSL_do_handshake(SSL *s) | 2548 | int |
| 2548 | { | 2549 | SSL_do_handshake(SSL *s) |
| 2549 | int ret=1; | 2550 | { |
| 2551 | int ret = 1; | ||
| 2550 | 2552 | ||
| 2551 | if (s->handshake_func == NULL) | 2553 | if (s->handshake_func == NULL) { |
| 2552 | { | 2554 | SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET); |
| 2553 | SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); | 2555 | return (-1); |
| 2554 | return(-1); | 2556 | } |
| 2555 | } | ||
| 2556 | 2557 | ||
| 2557 | s->method->ssl_renegotiate_check(s); | 2558 | s->method->ssl_renegotiate_check(s); |
| 2558 | 2559 | ||
| 2559 | if (SSL_in_init(s) || SSL_in_before(s)) | 2560 | if (SSL_in_init(s) || SSL_in_before(s)) { |
| 2560 | { | 2561 | ret = s->handshake_func(s); |
| 2561 | ret=s->handshake_func(s); | ||
| 2562 | } | ||
| 2563 | return(ret); | ||
| 2564 | } | 2562 | } |
| 2563 | return (ret); | ||
| 2564 | } | ||
| 2565 | 2565 | ||
| 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so | 2566 | /* For the next 2 functions, SSL_clear() sets shutdown and so |
| 2567 | * one of these calls will reset it */ | 2567 | * one of these calls will reset it */ |
| 2568 | void SSL_set_accept_state(SSL *s) | 2568 | void |
| 2569 | { | 2569 | SSL_set_accept_state(SSL *s) |
| 2570 | s->server=1; | 2570 | { |
| 2571 | s->shutdown=0; | 2571 | s->server = 1; |
| 2572 | s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; | 2572 | s->shutdown = 0; |
| 2573 | s->handshake_func=s->method->ssl_accept; | 2573 | s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; |
| 2574 | s->handshake_func = s->method->ssl_accept; | ||
| 2574 | /* clear the current cipher */ | 2575 | /* clear the current cipher */ |
| 2575 | ssl_clear_cipher_ctx(s); | 2576 | ssl_clear_cipher_ctx(s); |
| 2576 | ssl_clear_hash_ctx(&s->read_hash); | 2577 | ssl_clear_hash_ctx(&s->read_hash); |
| 2577 | ssl_clear_hash_ctx(&s->write_hash); | 2578 | ssl_clear_hash_ctx(&s->write_hash); |
| 2578 | } | 2579 | } |
| 2579 | 2580 | ||
| 2580 | void SSL_set_connect_state(SSL *s) | 2581 | void |
| 2581 | { | 2582 | SSL_set_connect_state(SSL *s) |
| 2582 | s->server=0; | 2583 | { |
| 2583 | s->shutdown=0; | 2584 | s->server = 0; |
| 2584 | s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; | 2585 | s->shutdown = 0; |
| 2585 | s->handshake_func=s->method->ssl_connect; | 2586 | s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; |
| 2587 | s->handshake_func = s->method->ssl_connect; | ||
| 2586 | /* clear the current cipher */ | 2588 | /* clear the current cipher */ |
| 2587 | ssl_clear_cipher_ctx(s); | 2589 | ssl_clear_cipher_ctx(s); |
| 2588 | ssl_clear_hash_ctx(&s->read_hash); | 2590 | ssl_clear_hash_ctx(&s->read_hash); |
| 2589 | ssl_clear_hash_ctx(&s->write_hash); | 2591 | ssl_clear_hash_ctx(&s->write_hash); |
| 2590 | } | 2592 | } |
| 2591 | 2593 | ||
| 2592 | int ssl_undefined_function(SSL *s) | 2594 | int |
| 2593 | { | 2595 | ssl_undefined_function(SSL *s) |
| 2594 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2596 | { |
| 2595 | return(0); | 2597 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2596 | } | 2598 | return (0); |
| 2599 | } | ||
| 2597 | 2600 | ||
| 2598 | int ssl_undefined_void_function(void) | 2601 | int |
| 2599 | { | 2602 | ssl_undefined_void_function(void) |
| 2600 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2603 | { |
| 2601 | return(0); | 2604 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2602 | } | 2605 | return (0); |
| 2606 | } | ||
| 2603 | 2607 | ||
| 2604 | int ssl_undefined_const_function(const SSL *s) | 2608 | int |
| 2605 | { | 2609 | ssl_undefined_const_function(const SSL *s) |
| 2606 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2610 | { |
| 2607 | return(0); | 2611 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2608 | } | 2612 | return (0); |
| 2613 | } | ||
| 2609 | 2614 | ||
| 2610 | SSL_METHOD *ssl_bad_method(int ver) | 2615 | SSL_METHOD |
| 2611 | { | 2616 | *ssl_bad_method(int ver) |
| 2612 | SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 2617 | { |
| 2613 | return(NULL); | 2618 | SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 2614 | } | 2619 | return (NULL); |
| 2620 | } | ||
| 2615 | 2621 | ||
| 2616 | const char *SSL_get_version(const SSL *s) | 2622 | const char |
| 2617 | { | 2623 | *SSL_get_version(const SSL *s) |
| 2624 | { | ||
| 2618 | if (s->version == TLS1_2_VERSION) | 2625 | if (s->version == TLS1_2_VERSION) |
| 2619 | return("TLSv1.2"); | 2626 | return("TLSv1.2"); |
| 2620 | else if (s->version == TLS1_1_VERSION) | 2627 | else if (s->version == TLS1_1_VERSION) |
| @@ -2627,29 +2634,27 @@ const char *SSL_get_version(const SSL *s) | |||
| 2627 | return("SSLv2"); | 2634 | return("SSLv2"); |
| 2628 | else | 2635 | else |
| 2629 | return("unknown"); | 2636 | return("unknown"); |
| 2630 | } | 2637 | } |
| 2631 | 2638 | ||
| 2632 | SSL *SSL_dup(SSL *s) | 2639 | SSL |
| 2633 | { | 2640 | *SSL_dup(SSL *s) |
| 2641 | { | ||
| 2634 | STACK_OF(X509_NAME) *sk; | 2642 | STACK_OF(X509_NAME) *sk; |
| 2635 | X509_NAME *xn; | 2643 | X509_NAME *xn; |
| 2636 | SSL *ret; | 2644 | SSL *ret; |
| 2637 | int i; | 2645 | int i; |
| 2638 | 2646 | ||
| 2639 | if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) | 2647 | if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) |
| 2640 | return(NULL); | 2648 | return (NULL); |
| 2641 | 2649 | ||
| 2642 | ret->version = s->version; | 2650 | ret->version = s->version; |
| 2643 | ret->type = s->type; | 2651 | ret->type = s->type; |
| 2644 | ret->method = s->method; | 2652 | ret->method = s->method; |
| 2645 | 2653 | ||
| 2646 | if (s->session != NULL) | 2654 | if (s->session != NULL) { |
| 2647 | { | ||
| 2648 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ | 2655 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ |
| 2649 | SSL_copy_session_id(ret,s); | 2656 | SSL_copy_session_id(ret, s); |
| 2650 | } | 2657 | } else { |
| 2651 | else | ||
| 2652 | { | ||
| 2653 | /* No session has been established yet, so we have to expect | 2658 | /* No session has been established yet, so we have to expect |
| 2654 | * that s->cert or ret->cert will be changed later -- | 2659 | * that s->cert or ret->cert will be changed later -- |
| 2655 | * they should not both point to the same object, | 2660 | * they should not both point to the same object, |
| @@ -2659,56 +2664,50 @@ SSL *SSL_dup(SSL *s) | |||
| 2659 | ret->method = s->method; | 2664 | ret->method = s->method; |
| 2660 | ret->method->ssl_new(ret); | 2665 | ret->method->ssl_new(ret); |
| 2661 | 2666 | ||
| 2662 | if (s->cert != NULL) | 2667 | if (s->cert != NULL) { |
| 2663 | { | 2668 | if (ret->cert != NULL) { |
| 2664 | if (ret->cert != NULL) | ||
| 2665 | { | ||
| 2666 | ssl_cert_free(ret->cert); | 2669 | ssl_cert_free(ret->cert); |
| 2667 | } | 2670 | } |
| 2668 | ret->cert = ssl_cert_dup(s->cert); | 2671 | ret->cert = ssl_cert_dup(s->cert); |
| 2669 | if (ret->cert == NULL) | 2672 | if (ret->cert == NULL) |
| 2670 | goto err; | 2673 | goto err; |
| 2671 | } | ||
| 2672 | |||
| 2673 | SSL_set_session_id_context(ret, | ||
| 2674 | s->sid_ctx, s->sid_ctx_length); | ||
| 2675 | } | 2674 | } |
| 2676 | 2675 | ||
| 2677 | ret->options=s->options; | 2676 | SSL_set_session_id_context(ret, |
| 2678 | ret->mode=s->mode; | 2677 | s->sid_ctx, s->sid_ctx_length); |
| 2679 | SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); | 2678 | } |
| 2680 | SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); | 2679 | |
| 2680 | ret->options = s->options; | ||
| 2681 | ret->mode = s->mode; | ||
| 2682 | SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); | ||
| 2683 | SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); | ||
| 2681 | ret->msg_callback = s->msg_callback; | 2684 | ret->msg_callback = s->msg_callback; |
| 2682 | ret->msg_callback_arg = s->msg_callback_arg; | 2685 | ret->msg_callback_arg = s->msg_callback_arg; |
| 2683 | SSL_set_verify(ret,SSL_get_verify_mode(s), | 2686 | SSL_set_verify(ret, SSL_get_verify_mode(s), |
| 2684 | SSL_get_verify_callback(s)); | 2687 | SSL_get_verify_callback(s)); |
| 2685 | SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); | 2688 | SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); |
| 2686 | ret->generate_session_id = s->generate_session_id; | 2689 | ret->generate_session_id = s->generate_session_id; |
| 2687 | 2690 | ||
| 2688 | SSL_set_info_callback(ret,SSL_get_info_callback(s)); | 2691 | SSL_set_info_callback(ret, SSL_get_info_callback(s)); |
| 2689 | 2692 | ||
| 2690 | ret->debug=s->debug; | 2693 | ret->debug = s->debug; |
| 2691 | 2694 | ||
| 2692 | /* copy app data, a little dangerous perhaps */ | 2695 | /* copy app data, a little dangerous perhaps */ |
| 2693 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) | 2696 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) |
| 2694 | goto err; | 2697 | goto err; |
| 2695 | 2698 | ||
| 2696 | /* setup rbio, and wbio */ | 2699 | /* setup rbio, and wbio */ |
| 2697 | if (s->rbio != NULL) | 2700 | if (s->rbio != NULL) { |
| 2698 | { | ||
| 2699 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) | 2701 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) |
| 2700 | goto err; | 2702 | goto err; |
| 2701 | } | 2703 | } |
| 2702 | if (s->wbio != NULL) | 2704 | if (s->wbio != NULL) { |
| 2703 | { | 2705 | if (s->wbio != s->rbio) { |
| 2704 | if (s->wbio != s->rbio) | ||
| 2705 | { | ||
| 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) | 2706 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) |
| 2707 | goto err; | 2707 | goto err; |
| 2708 | } | 2708 | } else |
| 2709 | else | 2709 | ret->wbio = ret->rbio; |
| 2710 | ret->wbio=ret->rbio; | 2710 | } |
| 2711 | } | ||
| 2712 | ret->rwstate = s->rwstate; | 2711 | ret->rwstate = s->rwstate; |
| 2713 | ret->in_handshake = s->in_handshake; | 2712 | ret->in_handshake = s->in_handshake; |
| 2714 | ret->handshake_func = s->handshake_func; | 2713 | ret->handshake_func = s->handshake_func; |
| @@ -2716,222 +2715,228 @@ SSL *SSL_dup(SSL *s) | |||
| 2716 | ret->renegotiate = s->renegotiate; | 2715 | ret->renegotiate = s->renegotiate; |
| 2717 | ret->new_session = s->new_session; | 2716 | ret->new_session = s->new_session; |
| 2718 | ret->quiet_shutdown = s->quiet_shutdown; | 2717 | ret->quiet_shutdown = s->quiet_shutdown; |
| 2719 | ret->shutdown=s->shutdown; | 2718 | ret->shutdown = s->shutdown; |
| 2720 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ | 2719 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ |
| 2721 | ret->rstate=s->rstate; | 2720 | ret->rstate = s->rstate; |
| 2722 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | 2721 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ |
| 2723 | ret->hit=s->hit; | 2722 | ret->hit = s->hit; |
| 2724 | 2723 | ||
| 2725 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | 2724 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2726 | 2725 | ||
| 2727 | /* dup the cipher_list and cipher_list_by_id stacks */ | 2726 | /* dup the cipher_list and cipher_list_by_id stacks */ |
| 2728 | if (s->cipher_list != NULL) | 2727 | if (s->cipher_list != NULL) { |
| 2729 | { | 2728 | if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) |
| 2730 | if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | ||
| 2731 | goto err; | 2729 | goto err; |
| 2732 | } | 2730 | } |
| 2733 | if (s->cipher_list_by_id != NULL) | 2731 | if (s->cipher_list_by_id != NULL) |
| 2734 | if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) | 2732 | if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id)) |
| 2735 | == NULL) | 2733 | == NULL) |
| 2736 | goto err; | 2734 | goto err; |
| 2737 | 2735 | ||
| 2738 | /* Dup the client_CA list */ | 2736 | /* Dup the client_CA list */ |
| 2739 | if (s->client_CA != NULL) | 2737 | if (s->client_CA != NULL) { |
| 2740 | { | 2738 | if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; |
| 2741 | if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; | 2739 | ret->client_CA = sk; |
| 2742 | ret->client_CA=sk; | 2740 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 2743 | for (i=0; i<sk_X509_NAME_num(sk); i++) | 2741 | xn = sk_X509_NAME_value(sk, i); |
| 2744 | { | 2742 | if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) { |
| 2745 | xn=sk_X509_NAME_value(sk,i); | ||
| 2746 | if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) | ||
| 2747 | { | ||
| 2748 | X509_NAME_free(xn); | 2743 | X509_NAME_free(xn); |
| 2749 | goto err; | 2744 | goto err; |
| 2750 | } | ||
| 2751 | } | 2745 | } |
| 2752 | } | 2746 | } |
| 2747 | } | ||
| 2753 | 2748 | ||
| 2754 | if (0) | 2749 | if (0) { |
| 2755 | { | ||
| 2756 | err: | 2750 | err: |
| 2757 | if (ret != NULL) SSL_free(ret); | 2751 | if (ret != NULL) |
| 2758 | ret=NULL; | 2752 | SSL_free(ret); |
| 2759 | } | 2753 | ret = NULL; |
| 2760 | return(ret); | ||
| 2761 | } | 2754 | } |
| 2755 | return (ret); | ||
| 2756 | } | ||
| 2762 | 2757 | ||
| 2763 | void ssl_clear_cipher_ctx(SSL *s) | 2758 | void |
| 2764 | { | 2759 | ssl_clear_cipher_ctx(SSL *s) |
| 2765 | if (s->enc_read_ctx != NULL) | 2760 | { |
| 2766 | { | 2761 | if (s->enc_read_ctx != NULL) { |
| 2767 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); | 2762 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); |
| 2768 | OPENSSL_free(s->enc_read_ctx); | 2763 | OPENSSL_free(s->enc_read_ctx); |
| 2769 | s->enc_read_ctx=NULL; | 2764 | s->enc_read_ctx = NULL; |
| 2770 | } | 2765 | } |
| 2771 | if (s->enc_write_ctx != NULL) | 2766 | if (s->enc_write_ctx != NULL) { |
| 2772 | { | ||
| 2773 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); | 2767 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); |
| 2774 | OPENSSL_free(s->enc_write_ctx); | 2768 | OPENSSL_free(s->enc_write_ctx); |
| 2775 | s->enc_write_ctx=NULL; | 2769 | s->enc_write_ctx = NULL; |
| 2776 | } | 2770 | } |
| 2777 | #ifndef OPENSSL_NO_COMP | 2771 | #ifndef OPENSSL_NO_COMP |
| 2778 | if (s->expand != NULL) | 2772 | if (s->expand != NULL) { |
| 2779 | { | ||
| 2780 | COMP_CTX_free(s->expand); | 2773 | COMP_CTX_free(s->expand); |
| 2781 | s->expand=NULL; | 2774 | s->expand = NULL; |
| 2782 | } | 2775 | } |
| 2783 | if (s->compress != NULL) | 2776 | if (s->compress != NULL) { |
| 2784 | { | ||
| 2785 | COMP_CTX_free(s->compress); | 2777 | COMP_CTX_free(s->compress); |
| 2786 | s->compress=NULL; | 2778 | s->compress = NULL; |
| 2787 | } | ||
| 2788 | #endif | ||
| 2789 | } | 2779 | } |
| 2780 | #endif | ||
| 2781 | } | ||
| 2790 | 2782 | ||
| 2791 | /* Fix this function so that it takes an optional type parameter */ | 2783 | /* Fix this function so that it takes an optional type parameter */ |
| 2792 | X509 *SSL_get_certificate(const SSL *s) | 2784 | X509 |
| 2793 | { | 2785 | *SSL_get_certificate(const SSL *s) |
| 2786 | { | ||
| 2794 | if (s->cert != NULL) | 2787 | if (s->cert != NULL) |
| 2795 | return(s->cert->key->x509); | 2788 | return (s->cert->key->x509); |
| 2796 | else | 2789 | else |
| 2797 | return(NULL); | 2790 | return (NULL); |
| 2798 | } | 2791 | } |
| 2799 | 2792 | ||
| 2800 | /* Fix this function so that it takes an optional type parameter */ | 2793 | /* Fix this function so that it takes an optional type parameter */ |
| 2801 | EVP_PKEY *SSL_get_privatekey(SSL *s) | 2794 | EVP_PKEY |
| 2802 | { | 2795 | *SSL_get_privatekey(SSL *s) |
| 2796 | { | ||
| 2803 | if (s->cert != NULL) | 2797 | if (s->cert != NULL) |
| 2804 | return(s->cert->key->privatekey); | 2798 | return (s->cert->key->privatekey); |
| 2805 | else | 2799 | else |
| 2806 | return(NULL); | 2800 | return (NULL); |
| 2807 | } | 2801 | } |
| 2808 | 2802 | ||
| 2809 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) | 2803 | const SSL_CIPHER |
| 2810 | { | 2804 | *SSL_get_current_cipher(const SSL *s) |
| 2805 | { | ||
| 2811 | if ((s->session != NULL) && (s->session->cipher != NULL)) | 2806 | if ((s->session != NULL) && (s->session->cipher != NULL)) |
| 2812 | return(s->session->cipher); | 2807 | return (s->session->cipher); |
| 2813 | return(NULL); | 2808 | return (NULL); |
| 2814 | } | 2809 | } |
| 2815 | #ifdef OPENSSL_NO_COMP | 2810 | #ifdef OPENSSL_NO_COMP |
| 2816 | const void *SSL_get_current_compression(SSL *s) | 2811 | const void |
| 2817 | { | 2812 | *SSL_get_current_compression(SSL *s) |
| 2813 | { | ||
| 2818 | return NULL; | 2814 | return NULL; |
| 2819 | } | 2815 | } |
| 2820 | const void *SSL_get_current_expansion(SSL *s) | 2816 | |
| 2821 | { | 2817 | const void |
| 2818 | *SSL_get_current_expansion(SSL *s) | ||
| 2819 | { | ||
| 2822 | return NULL; | 2820 | return NULL; |
| 2823 | } | 2821 | } |
| 2824 | #else | 2822 | #else |
| 2825 | 2823 | ||
| 2826 | const COMP_METHOD *SSL_get_current_compression(SSL *s) | 2824 | const COMP_METHOD |
| 2827 | { | 2825 | *SSL_get_current_compression(SSL *s) |
| 2826 | { | ||
| 2828 | if (s->compress != NULL) | 2827 | if (s->compress != NULL) |
| 2829 | return(s->compress->meth); | 2828 | return (s->compress->meth); |
| 2830 | return(NULL); | 2829 | return (NULL); |
| 2831 | } | 2830 | } |
| 2832 | 2831 | ||
| 2833 | const COMP_METHOD *SSL_get_current_expansion(SSL *s) | 2832 | const COMP_METHOD |
| 2834 | { | 2833 | *SSL_get_current_expansion(SSL *s) |
| 2834 | { | ||
| 2835 | if (s->expand != NULL) | 2835 | if (s->expand != NULL) |
| 2836 | return(s->expand->meth); | 2836 | return (s->expand->meth); |
| 2837 | return(NULL); | 2837 | return (NULL); |
| 2838 | } | 2838 | } |
| 2839 | #endif | 2839 | #endif |
| 2840 | 2840 | ||
| 2841 | int ssl_init_wbio_buffer(SSL *s,int push) | 2841 | int |
| 2842 | { | 2842 | ssl_init_wbio_buffer(SSL *s, int push) |
| 2843 | { | ||
| 2843 | BIO *bbio; | 2844 | BIO *bbio; |
| 2844 | 2845 | ||
| 2845 | if (s->bbio == NULL) | 2846 | if (s->bbio == NULL) { |
| 2846 | { | 2847 | bbio = BIO_new(BIO_f_buffer()); |
| 2847 | bbio=BIO_new(BIO_f_buffer()); | 2848 | if (bbio == NULL) |
| 2848 | if (bbio == NULL) return(0); | 2849 | return (0); |
| 2849 | s->bbio=bbio; | 2850 | s->bbio = bbio; |
| 2850 | } | 2851 | } else { |
| 2851 | else | 2852 | bbio = s->bbio; |
| 2852 | { | ||
| 2853 | bbio=s->bbio; | ||
| 2854 | if (s->bbio == s->wbio) | 2853 | if (s->bbio == s->wbio) |
| 2855 | s->wbio=BIO_pop(s->wbio); | 2854 | s->wbio = BIO_pop(s->wbio); |
| 2856 | } | 2855 | } |
| 2857 | (void)BIO_reset(bbio); | 2856 | (void)BIO_reset(bbio); |
| 2858 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ | 2857 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ |
| 2859 | if (!BIO_set_read_buffer_size(bbio,1)) | 2858 | if (!BIO_set_read_buffer_size(bbio, 1)) { |
| 2860 | { | 2859 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB); |
| 2861 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB); | 2860 | return (0); |
| 2862 | return(0); | 2861 | } |
| 2863 | } | 2862 | if (push) { |
| 2864 | if (push) | ||
| 2865 | { | ||
| 2866 | if (s->wbio != bbio) | 2863 | if (s->wbio != bbio) |
| 2867 | s->wbio=BIO_push(bbio,s->wbio); | 2864 | s->wbio = BIO_push(bbio, s->wbio); |
| 2868 | } | 2865 | } else { |
| 2869 | else | ||
| 2870 | { | ||
| 2871 | if (s->wbio == bbio) | 2866 | if (s->wbio == bbio) |
| 2872 | s->wbio=BIO_pop(bbio); | 2867 | s->wbio = BIO_pop(bbio); |
| 2873 | } | ||
| 2874 | return(1); | ||
| 2875 | } | 2868 | } |
| 2869 | return (1); | ||
| 2870 | } | ||
| 2876 | 2871 | ||
| 2877 | void ssl_free_wbio_buffer(SSL *s) | 2872 | void |
| 2878 | { | 2873 | ssl_free_wbio_buffer(SSL *s) |
| 2879 | if (s->bbio == NULL) return; | 2874 | { |
| 2875 | if (s->bbio == NULL) | ||
| 2876 | return; | ||
| 2880 | 2877 | ||
| 2881 | if (s->bbio == s->wbio) | 2878 | if (s->bbio == s->wbio) { |
| 2882 | { | ||
| 2883 | /* remove buffering */ | 2879 | /* remove buffering */ |
| 2884 | s->wbio=BIO_pop(s->wbio); | 2880 | s->wbio = BIO_pop(s->wbio); |
| 2885 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ | 2881 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ |
| 2886 | assert(s->wbio != NULL); | 2882 | assert(s->wbio != NULL); |
| 2887 | #endif | 2883 | #endif |
| 2888 | } | 2884 | } |
| 2889 | BIO_free(s->bbio); | 2885 | BIO_free(s->bbio); |
| 2890 | s->bbio=NULL; | 2886 | s->bbio = NULL; |
| 2891 | } | 2887 | } |
| 2892 | |||
| 2893 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) | ||
| 2894 | { | ||
| 2895 | ctx->quiet_shutdown=mode; | ||
| 2896 | } | ||
| 2897 | 2888 | ||
| 2898 | int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | 2889 | void |
| 2899 | { | 2890 | SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) |
| 2900 | return(ctx->quiet_shutdown); | 2891 | { |
| 2901 | } | 2892 | ctx->quiet_shutdown = mode; |
| 2893 | } | ||
| 2902 | 2894 | ||
| 2903 | void SSL_set_quiet_shutdown(SSL *s,int mode) | 2895 | int |
| 2904 | { | 2896 | SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) |
| 2905 | s->quiet_shutdown=mode; | 2897 | { |
| 2906 | } | 2898 | return (ctx->quiet_shutdown); |
| 2899 | } | ||
| 2907 | 2900 | ||
| 2908 | int SSL_get_quiet_shutdown(const SSL *s) | 2901 | void |
| 2909 | { | 2902 | SSL_set_quiet_shutdown(SSL *s, int mode) |
| 2910 | return(s->quiet_shutdown); | 2903 | { |
| 2911 | } | 2904 | s->quiet_shutdown = mode; |
| 2905 | } | ||
| 2912 | 2906 | ||
| 2913 | void SSL_set_shutdown(SSL *s,int mode) | 2907 | int |
| 2914 | { | 2908 | SSL_get_quiet_shutdown(const SSL *s) |
| 2915 | s->shutdown=mode; | 2909 | { |
| 2916 | } | 2910 | return (s->quiet_shutdown); |
| 2911 | } | ||
| 2917 | 2912 | ||
| 2918 | int SSL_get_shutdown(const SSL *s) | 2913 | void |
| 2919 | { | 2914 | SSL_set_shutdown(SSL *s, int mode) |
| 2920 | return(s->shutdown); | 2915 | { |
| 2921 | } | 2916 | s->shutdown = mode; |
| 2917 | } | ||
| 2922 | 2918 | ||
| 2923 | int SSL_version(const SSL *s) | 2919 | int |
| 2924 | { | 2920 | SSL_get_shutdown(const SSL *s) |
| 2925 | return(s->version); | 2921 | { |
| 2926 | } | 2922 | return (s->shutdown); |
| 2923 | } | ||
| 2927 | 2924 | ||
| 2928 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) | 2925 | int |
| 2929 | { | 2926 | SSL_version(const SSL *s) |
| 2930 | return(ssl->ctx); | 2927 | { |
| 2931 | } | 2928 | return (s->version); |
| 2929 | } | ||
| 2932 | 2930 | ||
| 2933 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | 2931 | SSL_CTX |
| 2934 | { | 2932 | *SSL_get_SSL_CTX(const SSL *ssl) |
| 2933 | { | ||
| 2934 | return (ssl->ctx); | ||
| 2935 | } | ||
| 2936 | |||
| 2937 | SSL_CTX | ||
| 2938 | *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
| 2939 | { | ||
| 2935 | if (ssl->ctx == ctx) | 2940 | if (ssl->ctx == ctx) |
| 2936 | return ssl->ctx; | 2941 | return ssl->ctx; |
| 2937 | #ifndef OPENSSL_NO_TLSEXT | 2942 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -2941,114 +2946,131 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | |||
| 2941 | if (ssl->cert != NULL) | 2946 | if (ssl->cert != NULL) |
| 2942 | ssl_cert_free(ssl->cert); | 2947 | ssl_cert_free(ssl->cert); |
| 2943 | ssl->cert = ssl_cert_dup(ctx->cert); | 2948 | ssl->cert = ssl_cert_dup(ctx->cert); |
| 2944 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 2949 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 2945 | if (ssl->ctx != NULL) | 2950 | if (ssl->ctx != NULL) |
| 2946 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | 2951 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ |
| 2947 | ssl->ctx = ctx; | 2952 | ssl->ctx = ctx; |
| 2948 | return(ssl->ctx); | 2953 | return (ssl->ctx); |
| 2949 | } | 2954 | } |
| 2950 | 2955 | ||
| 2951 | #ifndef OPENSSL_NO_STDIO | 2956 | #ifndef OPENSSL_NO_STDIO |
| 2952 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | 2957 | int |
| 2953 | { | 2958 | SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) |
| 2954 | return(X509_STORE_set_default_paths(ctx->cert_store)); | 2959 | { |
| 2955 | } | 2960 | return (X509_STORE_set_default_paths(ctx->cert_store)); |
| 2961 | } | ||
| 2956 | 2962 | ||
| 2957 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | 2963 | int |
| 2958 | const char *CApath) | 2964 | SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 2959 | { | 2965 | const char *CApath) |
| 2960 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); | 2966 | { |
| 2961 | } | 2967 | return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); |
| 2968 | } | ||
| 2962 | #endif | 2969 | #endif |
| 2963 | 2970 | ||
| 2964 | void SSL_set_info_callback(SSL *ssl, | 2971 | void |
| 2965 | void (*cb)(const SSL *ssl,int type,int val)) | 2972 | SSL_set_info_callback(SSL *ssl, |
| 2966 | { | 2973 | void (*cb)(const SSL *ssl, int type, int val)) |
| 2967 | ssl->info_callback=cb; | 2974 | { |
| 2968 | } | 2975 | ssl->info_callback = cb; |
| 2976 | } | ||
| 2969 | 2977 | ||
| 2970 | /* One compiler (Diab DCC) doesn't like argument names in returned | 2978 | /* One compiler (Diab DCC) doesn't like argument names in returned |
| 2971 | function pointer. */ | 2979 | function pointer. */ |
| 2972 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) | 2980 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) |
| 2973 | { | 2981 | { |
| 2974 | return ssl->info_callback; | 2982 | return ssl->info_callback; |
| 2975 | } | 2983 | } |
| 2976 | 2984 | ||
| 2977 | int SSL_state(const SSL *ssl) | 2985 | int |
| 2978 | { | 2986 | SSL_state(const SSL *ssl) |
| 2979 | return(ssl->state); | 2987 | { |
| 2980 | } | 2988 | return (ssl->state); |
| 2989 | } | ||
| 2981 | 2990 | ||
| 2982 | void SSL_set_state(SSL *ssl, int state) | 2991 | void |
| 2983 | { | 2992 | SSL_set_state(SSL *ssl, int state) |
| 2993 | { | ||
| 2984 | ssl->state = state; | 2994 | ssl->state = state; |
| 2985 | } | 2995 | } |
| 2986 | 2996 | ||
| 2987 | void SSL_set_verify_result(SSL *ssl,long arg) | 2997 | void |
| 2988 | { | 2998 | SSL_set_verify_result(SSL *ssl, long arg) |
| 2989 | ssl->verify_result=arg; | 2999 | { |
| 2990 | } | 3000 | ssl->verify_result = arg; |
| 3001 | } | ||
| 2991 | 3002 | ||
| 2992 | long SSL_get_verify_result(const SSL *ssl) | 3003 | long |
| 2993 | { | 3004 | SSL_get_verify_result(const SSL *ssl) |
| 2994 | return(ssl->verify_result); | 3005 | { |
| 2995 | } | 3006 | return (ssl->verify_result); |
| 3007 | } | ||
| 2996 | 3008 | ||
| 2997 | int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3009 | int |
| 2998 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3010 | SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 2999 | { | 3011 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3012 | { | ||
| 3000 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, | 3013 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, |
| 3001 | new_func, dup_func, free_func); | 3014 | new_func, dup_func, free_func); |
| 3002 | } | 3015 | } |
| 3003 | 3016 | ||
| 3004 | int SSL_set_ex_data(SSL *s,int idx,void *arg) | 3017 | int |
| 3005 | { | 3018 | SSL_set_ex_data(SSL *s, int idx, void *arg) |
| 3006 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3019 | { |
| 3007 | } | 3020 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3021 | } | ||
| 3008 | 3022 | ||
| 3009 | void *SSL_get_ex_data(const SSL *s,int idx) | 3023 | void |
| 3010 | { | 3024 | *SSL_get_ex_data(const SSL *s, int idx) |
| 3011 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3025 | { |
| 3012 | } | 3026 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3027 | } | ||
| 3013 | 3028 | ||
| 3014 | int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, | 3029 | int |
| 3015 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) | 3030 | SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 3016 | { | 3031 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 3032 | { | ||
| 3017 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, | 3033 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, |
| 3018 | new_func, dup_func, free_func); | 3034 | new_func, dup_func, free_func); |
| 3019 | } | 3035 | } |
| 3020 | 3036 | ||
| 3021 | int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) | 3037 | int |
| 3022 | { | 3038 | SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) |
| 3023 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 3039 | { |
| 3024 | } | 3040 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 3041 | } | ||
| 3025 | 3042 | ||
| 3026 | void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx) | 3043 | void |
| 3027 | { | 3044 | *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) |
| 3028 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 3045 | { |
| 3029 | } | 3046 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 3047 | } | ||
| 3030 | 3048 | ||
| 3031 | int ssl_ok(SSL *s) | 3049 | int |
| 3032 | { | 3050 | ssl_ok(SSL *s) |
| 3033 | return(1); | 3051 | { |
| 3034 | } | 3052 | return (1); |
| 3053 | } | ||
| 3035 | 3054 | ||
| 3036 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) | 3055 | X509_STORE |
| 3037 | { | 3056 | *SSL_CTX_get_cert_store(const SSL_CTX *ctx) |
| 3038 | return(ctx->cert_store); | 3057 | { |
| 3039 | } | 3058 | return (ctx->cert_store); |
| 3059 | } | ||
| 3040 | 3060 | ||
| 3041 | void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) | 3061 | void |
| 3042 | { | 3062 | SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) |
| 3063 | { | ||
| 3043 | if (ctx->cert_store != NULL) | 3064 | if (ctx->cert_store != NULL) |
| 3044 | X509_STORE_free(ctx->cert_store); | 3065 | X509_STORE_free(ctx->cert_store); |
| 3045 | ctx->cert_store=store; | 3066 | ctx->cert_store = store; |
| 3046 | } | 3067 | } |
| 3047 | 3068 | ||
| 3048 | int SSL_want(const SSL *s) | 3069 | int |
| 3049 | { | 3070 | SSL_want(const SSL *s) |
| 3050 | return(s->rwstate); | 3071 | { |
| 3051 | } | 3072 | return (s->rwstate); |
| 3073 | } | ||
| 3052 | 3074 | ||
| 3053 | /*! | 3075 | /*! |
| 3054 | * \brief Set the callback for generating temporary RSA keys. | 3076 | * \brief Set the callback for generating temporary RSA keys. |
| @@ -3057,19 +3079,21 @@ int SSL_want(const SSL *s) | |||
| 3057 | */ | 3079 | */ |
| 3058 | 3080 | ||
| 3059 | #ifndef OPENSSL_NO_RSA | 3081 | #ifndef OPENSSL_NO_RSA |
| 3060 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | 3082 | void |
| 3061 | int is_export, | 3083 | SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, |
| 3062 | int keylength)) | 3084 | int is_export, |
| 3063 | { | 3085 | int keylength)) |
| 3064 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3086 | { |
| 3065 | } | 3087 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); |
| 3066 | 3088 | } | |
| 3067 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | 3089 | |
| 3068 | int is_export, | 3090 | void |
| 3069 | int keylength)) | 3091 | SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, |
| 3070 | { | 3092 | int is_export, |
| 3071 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | 3093 | int keylength)) |
| 3072 | } | 3094 | { |
| 3095 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
| 3096 | } | ||
| 3073 | #endif | 3097 | #endif |
| 3074 | 3098 | ||
| 3075 | #ifdef DOXYGEN | 3099 | #ifdef DOXYGEN |
| @@ -3083,8 +3107,9 @@ void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | |||
| 3083 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback | 3107 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback |
| 3084 | */ | 3108 | */ |
| 3085 | 3109 | ||
| 3086 | RSA *cb(SSL *ssl,int is_export,int keylength) | 3110 | RSA |
| 3087 | {} | 3111 | *cb(SSL *ssl, int is_export, int keylength) |
| 3112 | {} | ||
| 3088 | #endif | 3113 | #endif |
| 3089 | 3114 | ||
| 3090 | /*! | 3115 | /*! |
| @@ -3094,133 +3119,142 @@ RSA *cb(SSL *ssl,int is_export,int keylength) | |||
| 3094 | */ | 3119 | */ |
| 3095 | 3120 | ||
| 3096 | #ifndef OPENSSL_NO_DH | 3121 | #ifndef OPENSSL_NO_DH |
| 3097 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | 3122 | void |
| 3098 | int keylength)) | 3123 | SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, |
| 3099 | { | 3124 | int keylength)) |
| 3100 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3125 | { |
| 3101 | } | 3126 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3127 | } | ||
| 3102 | 3128 | ||
| 3103 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | 3129 | void |
| 3104 | int keylength)) | 3130 | SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, |
| 3105 | { | 3131 | int keylength)) |
| 3106 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | 3132 | { |
| 3107 | } | 3133 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); |
| 3134 | } | ||
| 3108 | #endif | 3135 | #endif |
| 3109 | 3136 | ||
| 3110 | #ifndef OPENSSL_NO_ECDH | 3137 | #ifndef OPENSSL_NO_ECDH |
| 3111 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3138 | void |
| 3112 | int keylength)) | 3139 | SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3113 | { | 3140 | int keylength)) |
| 3114 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3141 | { |
| 3115 | } | 3142 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3143 | } | ||
| 3116 | 3144 | ||
| 3117 | void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, | 3145 | void |
| 3118 | int keylength)) | 3146 | SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, |
| 3119 | { | 3147 | int keylength)) |
| 3120 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | 3148 | { |
| 3121 | } | 3149 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); |
| 3150 | } | ||
| 3122 | #endif | 3151 | #endif |
| 3123 | 3152 | ||
| 3124 | #ifndef OPENSSL_NO_PSK | 3153 | #ifndef OPENSSL_NO_PSK |
| 3125 | int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) | 3154 | int |
| 3126 | { | 3155 | SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) |
| 3127 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3156 | { |
| 3128 | { | 3157 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3129 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3158 | SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3130 | return 0; | 3159 | return 0; |
| 3131 | } | 3160 | } |
| 3132 | if (ctx->psk_identity_hint != NULL) | 3161 | if (ctx->psk_identity_hint != NULL) |
| 3133 | OPENSSL_free(ctx->psk_identity_hint); | 3162 | OPENSSL_free(ctx->psk_identity_hint); |
| 3134 | if (identity_hint != NULL) | 3163 | if (identity_hint != NULL) { |
| 3135 | { | ||
| 3136 | ctx->psk_identity_hint = BUF_strdup(identity_hint); | 3164 | ctx->psk_identity_hint = BUF_strdup(identity_hint); |
| 3137 | if (ctx->psk_identity_hint == NULL) | 3165 | if (ctx->psk_identity_hint == NULL) |
| 3138 | return 0; | 3166 | return 0; |
| 3139 | } | 3167 | } else |
| 3140 | else | ||
| 3141 | ctx->psk_identity_hint = NULL; | 3168 | ctx->psk_identity_hint = NULL; |
| 3142 | return 1; | 3169 | return 1; |
| 3143 | } | 3170 | } |
| 3144 | 3171 | ||
| 3145 | int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) | 3172 | int |
| 3146 | { | 3173 | SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) |
| 3174 | { | ||
| 3147 | if (s == NULL) | 3175 | if (s == NULL) |
| 3148 | return 0; | 3176 | return 0; |
| 3149 | 3177 | ||
| 3150 | if (s->session == NULL) | 3178 | if (s->session == NULL) |
| 3151 | return 1; /* session not created yet, ignored */ | 3179 | return 1; /* session not created yet, ignored */ |
| 3152 | 3180 | ||
| 3153 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) | 3181 | if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) { |
| 3154 | { | ||
| 3155 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); | 3182 | SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); |
| 3156 | return 0; | 3183 | return 0; |
| 3157 | } | 3184 | } |
| 3158 | if (s->session->psk_identity_hint != NULL) | 3185 | if (s->session->psk_identity_hint != NULL) |
| 3159 | OPENSSL_free(s->session->psk_identity_hint); | 3186 | OPENSSL_free(s->session->psk_identity_hint); |
| 3160 | if (identity_hint != NULL) | 3187 | if (identity_hint != NULL) { |
| 3161 | { | ||
| 3162 | s->session->psk_identity_hint = BUF_strdup(identity_hint); | 3188 | s->session->psk_identity_hint = BUF_strdup(identity_hint); |
| 3163 | if (s->session->psk_identity_hint == NULL) | 3189 | if (s->session->psk_identity_hint == NULL) |
| 3164 | return 0; | 3190 | return 0; |
| 3165 | } | 3191 | } else |
| 3166 | else | ||
| 3167 | s->session->psk_identity_hint = NULL; | 3192 | s->session->psk_identity_hint = NULL; |
| 3168 | return 1; | 3193 | return 1; |
| 3169 | } | 3194 | } |
| 3170 | 3195 | ||
| 3171 | const char *SSL_get_psk_identity_hint(const SSL *s) | 3196 | const char |
| 3172 | { | 3197 | *SSL_get_psk_identity_hint(const SSL *s) |
| 3198 | { | ||
| 3173 | if (s == NULL || s->session == NULL) | 3199 | if (s == NULL || s->session == NULL) |
| 3174 | return NULL; | 3200 | return NULL; |
| 3175 | return(s->session->psk_identity_hint); | 3201 | return (s->session->psk_identity_hint); |
| 3176 | } | 3202 | } |
| 3177 | 3203 | ||
| 3178 | const char *SSL_get_psk_identity(const SSL *s) | 3204 | const char |
| 3179 | { | 3205 | *SSL_get_psk_identity(const SSL *s) |
| 3206 | { | ||
| 3180 | if (s == NULL || s->session == NULL) | 3207 | if (s == NULL || s->session == NULL) |
| 3181 | return NULL; | 3208 | return NULL; |
| 3182 | return(s->session->psk_identity); | 3209 | return (s->session->psk_identity); |
| 3183 | } | 3210 | } |
| 3184 | 3211 | ||
| 3185 | void SSL_set_psk_client_callback(SSL *s, | 3212 | void |
| 3213 | SSL_set_psk_client_callback(SSL *s, | ||
| 3186 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3214 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3187 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3215 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3188 | unsigned int max_psk_len)) | 3216 | unsigned int max_psk_len)) |
| 3189 | { | 3217 | { |
| 3190 | s->psk_client_callback = cb; | 3218 | s->psk_client_callback = cb; |
| 3191 | } | 3219 | } |
| 3192 | 3220 | ||
| 3193 | void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | 3221 | void |
| 3222 | SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, | ||
| 3194 | unsigned int (*cb)(SSL *ssl, const char *hint, | 3223 | unsigned int (*cb)(SSL *ssl, const char *hint, |
| 3195 | char *identity, unsigned int max_identity_len, unsigned char *psk, | 3224 | char *identity, unsigned int max_identity_len, unsigned char *psk, |
| 3196 | unsigned int max_psk_len)) | 3225 | unsigned int max_psk_len)) |
| 3197 | { | 3226 | { |
| 3198 | ctx->psk_client_callback = cb; | 3227 | ctx->psk_client_callback = cb; |
| 3199 | } | 3228 | } |
| 3200 | 3229 | ||
| 3201 | void SSL_set_psk_server_callback(SSL *s, | 3230 | void |
| 3231 | SSL_set_psk_server_callback(SSL *s, | ||
| 3202 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3232 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3203 | unsigned char *psk, unsigned int max_psk_len)) | 3233 | unsigned char *psk, unsigned int max_psk_len)) |
| 3204 | { | 3234 | { |
| 3205 | s->psk_server_callback = cb; | 3235 | s->psk_server_callback = cb; |
| 3206 | } | 3236 | } |
| 3207 | 3237 | ||
| 3208 | void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | 3238 | void |
| 3239 | SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, | ||
| 3209 | unsigned int (*cb)(SSL *ssl, const char *identity, | 3240 | unsigned int (*cb)(SSL *ssl, const char *identity, |
| 3210 | unsigned char *psk, unsigned int max_psk_len)) | 3241 | unsigned char *psk, unsigned int max_psk_len)) |
| 3211 | { | 3242 | { |
| 3212 | ctx->psk_server_callback = cb; | 3243 | ctx->psk_server_callback = cb; |
| 3213 | } | 3244 | } |
| 3214 | #endif | 3245 | #endif |
| 3215 | 3246 | ||
| 3216 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3247 | void |
| 3217 | { | 3248 | SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) |
| 3249 | { | ||
| 3218 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3250 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3219 | } | 3251 | } |
| 3220 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | 3252 | |
| 3221 | { | 3253 | void |
| 3254 | SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 3255 | { | ||
| 3222 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | 3256 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); |
| 3223 | } | 3257 | } |
| 3224 | 3258 | ||
| 3225 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer | 3259 | /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer |
| 3226 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if | 3260 | * vairable, freeing EVP_MD_CTX previously stored in that variable, if |
| @@ -3228,31 +3262,38 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con | |||
| 3228 | * Returns newly allocated ctx; | 3262 | * Returns newly allocated ctx; |
| 3229 | */ | 3263 | */ |
| 3230 | 3264 | ||
| 3231 | EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) | 3265 | EVP_MD_CTX |
| 3266 | *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) | ||
| 3232 | { | 3267 | { |
| 3233 | ssl_clear_hash_ctx(hash); | 3268 | ssl_clear_hash_ctx(hash); |
| 3234 | *hash = EVP_MD_CTX_create(); | 3269 | *hash = EVP_MD_CTX_create(); |
| 3235 | if (md) EVP_DigestInit_ex(*hash,md,NULL); | 3270 | if (md) |
| 3271 | EVP_DigestInit_ex(*hash, md, NULL); | ||
| 3236 | return *hash; | 3272 | return *hash; |
| 3237 | } | 3273 | } |
| 3238 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash) | 3274 | |
| 3275 | void | ||
| 3276 | ssl_clear_hash_ctx(EVP_MD_CTX **hash) | ||
| 3239 | { | 3277 | { |
| 3240 | 3278 | ||
| 3241 | if (*hash) EVP_MD_CTX_destroy(*hash); | 3279 | if (*hash) |
| 3242 | *hash=NULL; | 3280 | EVP_MD_CTX_destroy(*hash); |
| 3281 | *hash = NULL; | ||
| 3243 | } | 3282 | } |
| 3244 | 3283 | ||
| 3245 | void SSL_set_debug(SSL *s, int debug) | 3284 | void |
| 3246 | { | 3285 | SSL_set_debug(SSL *s, int debug) |
| 3286 | { | ||
| 3247 | s->debug = debug; | 3287 | s->debug = debug; |
| 3248 | } | 3288 | } |
| 3249 | 3289 | ||
| 3250 | int SSL_cache_hit(SSL *s) | 3290 | int |
| 3251 | { | 3291 | SSL_cache_hit(SSL *s) |
| 3292 | { | ||
| 3252 | return s->hit; | 3293 | return s->hit; |
| 3253 | } | 3294 | } |
| 3254 | 3295 | ||
| 3255 | IMPLEMENT_STACK_OF(SSL_CIPHER) | 3296 | IMPLEMENT_STACK_OF(SSL_CIPHER) |
| 3256 | IMPLEMENT_STACK_OF(SSL_COMP) | 3297 | IMPLEMENT_STACK_OF(SSL_COMP) |
| 3257 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, | 3298 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, |
| 3258 | ssl_cipher_id); | 3299 | ssl_cipher_id); |
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 60e7b66859..078df55f06 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c | |||
| @@ -66,135 +66,126 @@ | |||
| 66 | 66 | ||
| 67 | static int ssl_set_cert(CERT *c, X509 *x509); | 67 | static int ssl_set_cert(CERT *c, X509 *x509); |
| 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); |
| 69 | int SSL_use_certificate(SSL *ssl, X509 *x) | 69 | int |
| 70 | { | 70 | SSL_use_certificate(SSL *ssl, X509 *x) |
| 71 | if (x == NULL) | 71 | { |
| 72 | { | 72 | if (x == NULL) { |
| 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); |
| 74 | return(0); | 74 | return (0); |
| 75 | } | 75 | } |
| 76 | if (!ssl_cert_inst(&ssl->cert)) | 76 | if (!ssl_cert_inst(&ssl->cert)) { |
| 77 | { | 77 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 78 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 78 | return (0); |
| 79 | return(0); | ||
| 80 | } | ||
| 81 | return(ssl_set_cert(ssl->cert,x)); | ||
| 82 | } | 79 | } |
| 80 | return (ssl_set_cert(ssl->cert, x)); | ||
| 81 | } | ||
| 83 | 82 | ||
| 84 | #ifndef OPENSSL_NO_STDIO | 83 | #ifndef OPENSSL_NO_STDIO |
| 85 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type) | 84 | int |
| 86 | { | 85 | SSL_use_certificate_file(SSL *ssl, const char *file, int type) |
| 86 | { | ||
| 87 | int j; | 87 | int j; |
| 88 | BIO *in; | 88 | BIO *in; |
| 89 | int ret=0; | 89 | int ret = 0; |
| 90 | X509 *x=NULL; | 90 | X509 *x = NULL; |
| 91 | 91 | ||
| 92 | in=BIO_new(BIO_s_file_internal()); | 92 | in = BIO_new(BIO_s_file_internal()); |
| 93 | if (in == NULL) | 93 | if (in == NULL) { |
| 94 | { | 94 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 95 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 96 | goto end; | 95 | goto end; |
| 97 | } | 96 | } |
| 98 | 97 | ||
| 99 | if (BIO_read_filename(in,file) <= 0) | 98 | if (BIO_read_filename(in, file) <= 0) { |
| 100 | { | 99 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 101 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 102 | goto end; | 100 | goto end; |
| 103 | } | 101 | } |
| 104 | if (type == SSL_FILETYPE_ASN1) | 102 | if (type == SSL_FILETYPE_ASN1) { |
| 105 | { | 103 | j = ERR_R_ASN1_LIB; |
| 106 | j=ERR_R_ASN1_LIB; | 104 | x = d2i_X509_bio(in, NULL); |
| 107 | x=d2i_X509_bio(in,NULL); | 105 | } else if (type == SSL_FILETYPE_PEM) { |
| 108 | } | 106 | j = ERR_R_PEM_LIB; |
| 109 | else if (type == SSL_FILETYPE_PEM) | 107 | x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 110 | { | 108 | } else { |
| 111 | j=ERR_R_PEM_LIB; | 109 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 112 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 113 | } | ||
| 114 | else | ||
| 115 | { | ||
| 116 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 117 | goto end; | 110 | goto end; |
| 118 | } | 111 | } |
| 119 | 112 | ||
| 120 | if (x == NULL) | 113 | if (x == NULL) { |
| 121 | { | 114 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); |
| 122 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j); | ||
| 123 | goto end; | 115 | goto end; |
| 124 | } | 116 | } |
| 125 | 117 | ||
| 126 | ret=SSL_use_certificate(ssl,x); | 118 | ret = SSL_use_certificate(ssl, x); |
| 127 | end: | 119 | end: |
| 128 | if (x != NULL) X509_free(x); | 120 | if (x != NULL) |
| 129 | if (in != NULL) BIO_free(in); | 121 | X509_free(x); |
| 130 | return(ret); | 122 | if (in != NULL) |
| 131 | } | 123 | BIO_free(in); |
| 124 | return (ret); | ||
| 125 | } | ||
| 132 | #endif | 126 | #endif |
| 133 | 127 | ||
| 134 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) | 128 | int |
| 135 | { | 129 | SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) |
| 130 | { | ||
| 136 | X509 *x; | 131 | X509 *x; |
| 137 | int ret; | 132 | int ret; |
| 138 | 133 | ||
| 139 | x=d2i_X509(NULL,&d,(long)len); | 134 | x = d2i_X509(NULL, &d,(long)len); |
| 140 | if (x == NULL) | 135 | if (x == NULL) { |
| 141 | { | 136 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 142 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 137 | return (0); |
| 143 | return(0); | 138 | } |
| 144 | } | ||
| 145 | 139 | ||
| 146 | ret=SSL_use_certificate(ssl,x); | 140 | ret = SSL_use_certificate(ssl, x); |
| 147 | X509_free(x); | 141 | X509_free(x); |
| 148 | return(ret); | 142 | return (ret); |
| 149 | } | 143 | } |
| 150 | 144 | ||
| 151 | #ifndef OPENSSL_NO_RSA | 145 | #ifndef OPENSSL_NO_RSA |
| 152 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | 146 | int |
| 153 | { | 147 | SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) |
| 148 | { | ||
| 154 | EVP_PKEY *pkey; | 149 | EVP_PKEY *pkey; |
| 155 | int ret; | 150 | int ret; |
| 156 | 151 | ||
| 157 | if (rsa == NULL) | 152 | if (rsa == NULL) { |
| 158 | { | 153 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 159 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 154 | return (0); |
| 160 | return(0); | 155 | } |
| 161 | } | 156 | if (!ssl_cert_inst(&ssl->cert)) { |
| 162 | if (!ssl_cert_inst(&ssl->cert)) | 157 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 163 | { | 158 | return (0); |
| 164 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 159 | } |
| 165 | return(0); | 160 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 166 | } | 161 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 167 | if ((pkey=EVP_PKEY_new()) == NULL) | 162 | return (0); |
| 168 | { | 163 | } |
| 169 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 170 | return(0); | ||
| 171 | } | ||
| 172 | 164 | ||
| 173 | RSA_up_ref(rsa); | 165 | RSA_up_ref(rsa); |
| 174 | EVP_PKEY_assign_RSA(pkey,rsa); | 166 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 175 | 167 | ||
| 176 | ret=ssl_set_pkey(ssl->cert,pkey); | 168 | ret = ssl_set_pkey(ssl->cert, pkey); |
| 177 | EVP_PKEY_free(pkey); | 169 | EVP_PKEY_free(pkey); |
| 178 | return(ret); | 170 | return (ret); |
| 179 | } | 171 | } |
| 180 | #endif | 172 | #endif |
| 181 | 173 | ||
| 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | 174 | static int |
| 183 | { | 175 | ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
| 176 | { | ||
| 184 | int i; | 177 | int i; |
| 185 | 178 | ||
| 186 | i=ssl_cert_type(NULL,pkey); | 179 | i = ssl_cert_type(NULL, pkey); |
| 187 | if (i < 0) | 180 | if (i < 0) { |
| 188 | { | 181 | SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 189 | SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | 182 | return (0); |
| 190 | return(0); | 183 | } |
| 191 | } | ||
| 192 | 184 | ||
| 193 | if (c->pkeys[i].x509 != NULL) | 185 | if (c->pkeys[i].x509 != NULL) { |
| 194 | { | ||
| 195 | EVP_PKEY *pktmp; | 186 | EVP_PKEY *pktmp; |
| 196 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | 187 | pktmp = X509_get_pubkey(c->pkeys[i].x509); |
| 197 | EVP_PKEY_copy_parameters(pktmp,pkey); | 188 | EVP_PKEY_copy_parameters(pktmp, pkey); |
| 198 | EVP_PKEY_free(pktmp); | 189 | EVP_PKEY_free(pktmp); |
| 199 | ERR_clear_error(); | 190 | ERR_clear_error(); |
| 200 | 191 | ||
| @@ -203,217 +194,200 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | |||
| 203 | * for smart cards. */ | 194 | * for smart cards. */ |
| 204 | if ((pkey->type == EVP_PKEY_RSA) && | 195 | if ((pkey->type == EVP_PKEY_RSA) && |
| 205 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) | 196 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) |
| 206 | ; | 197 | ; |
| 207 | else | 198 | else |
| 208 | #endif | 199 | #endif |
| 209 | if (!X509_check_private_key(c->pkeys[i].x509,pkey)) | 200 | if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { |
| 210 | { | ||
| 211 | X509_free(c->pkeys[i].x509); | 201 | X509_free(c->pkeys[i].x509); |
| 212 | c->pkeys[i].x509 = NULL; | 202 | c->pkeys[i].x509 = NULL; |
| 213 | return 0; | 203 | return 0; |
| 214 | } | ||
| 215 | } | 204 | } |
| 205 | } | ||
| 216 | 206 | ||
| 217 | if (c->pkeys[i].privatekey != NULL) | 207 | if (c->pkeys[i].privatekey != NULL) |
| 218 | EVP_PKEY_free(c->pkeys[i].privatekey); | 208 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 219 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 209 | CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 220 | c->pkeys[i].privatekey=pkey; | 210 | c->pkeys[i].privatekey = pkey; |
| 221 | c->key= &(c->pkeys[i]); | 211 | c->key = &(c->pkeys[i]); |
| 222 | 212 | ||
| 223 | c->valid=0; | 213 | c->valid = 0; |
| 224 | return(1); | 214 | return (1); |
| 225 | } | 215 | } |
| 226 | 216 | ||
| 227 | #ifndef OPENSSL_NO_RSA | 217 | #ifndef OPENSSL_NO_RSA |
| 228 | #ifndef OPENSSL_NO_STDIO | 218 | #ifndef OPENSSL_NO_STDIO |
| 229 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) | 219 | int |
| 230 | { | 220 | SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) |
| 231 | int j,ret=0; | 221 | { |
| 222 | int j, ret = 0; | ||
| 232 | BIO *in; | 223 | BIO *in; |
| 233 | RSA *rsa=NULL; | 224 | RSA *rsa = NULL; |
| 234 | 225 | ||
| 235 | in=BIO_new(BIO_s_file_internal()); | 226 | in = BIO_new(BIO_s_file_internal()); |
| 236 | if (in == NULL) | 227 | if (in == NULL) { |
| 237 | { | 228 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 238 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 239 | goto end; | 229 | goto end; |
| 240 | } | 230 | } |
| 241 | 231 | ||
| 242 | if (BIO_read_filename(in,file) <= 0) | 232 | if (BIO_read_filename(in, file) <= 0) { |
| 243 | { | 233 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 245 | goto end; | 234 | goto end; |
| 246 | } | 235 | } |
| 247 | if (type == SSL_FILETYPE_ASN1) | 236 | if (type == SSL_FILETYPE_ASN1) { |
| 248 | { | 237 | j = ERR_R_ASN1_LIB; |
| 249 | j=ERR_R_ASN1_LIB; | 238 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 250 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 239 | } else if (type == SSL_FILETYPE_PEM) { |
| 251 | } | 240 | j = ERR_R_PEM_LIB; |
| 252 | else if (type == SSL_FILETYPE_PEM) | 241 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 253 | { | 242 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 254 | j=ERR_R_PEM_LIB; | 243 | } else { |
| 255 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 244 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 256 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | ||
| 257 | } | ||
| 258 | else | ||
| 259 | { | ||
| 260 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 261 | goto end; | 245 | goto end; |
| 262 | } | 246 | } |
| 263 | if (rsa == NULL) | 247 | if (rsa == NULL) { |
| 264 | { | 248 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); |
| 265 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j); | ||
| 266 | goto end; | 249 | goto end; |
| 267 | } | 250 | } |
| 268 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 251 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 269 | RSA_free(rsa); | 252 | RSA_free(rsa); |
| 270 | end: | 253 | end: |
| 271 | if (in != NULL) BIO_free(in); | 254 | if (in != NULL) |
| 272 | return(ret); | 255 | BIO_free(in); |
| 273 | } | 256 | return (ret); |
| 257 | } | ||
| 274 | #endif | 258 | #endif |
| 275 | 259 | ||
| 276 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) | 260 | int |
| 277 | { | 261 | SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) |
| 262 | { | ||
| 278 | int ret; | 263 | int ret; |
| 279 | const unsigned char *p; | 264 | const unsigned char *p; |
| 280 | RSA *rsa; | 265 | RSA *rsa; |
| 281 | 266 | ||
| 282 | p=d; | 267 | p = d; |
| 283 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 268 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 284 | { | 269 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 285 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 270 | return (0); |
| 286 | return(0); | 271 | } |
| 287 | } | ||
| 288 | 272 | ||
| 289 | ret=SSL_use_RSAPrivateKey(ssl,rsa); | 273 | ret = SSL_use_RSAPrivateKey(ssl, rsa); |
| 290 | RSA_free(rsa); | 274 | RSA_free(rsa); |
| 291 | return(ret); | 275 | return (ret); |
| 292 | } | 276 | } |
| 293 | #endif /* !OPENSSL_NO_RSA */ | 277 | #endif /* !OPENSSL_NO_RSA */ |
| 294 | 278 | ||
| 295 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) | 279 | int |
| 296 | { | 280 | SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) |
| 281 | { | ||
| 297 | int ret; | 282 | int ret; |
| 298 | 283 | ||
| 299 | if (pkey == NULL) | 284 | if (pkey == NULL) { |
| 300 | { | 285 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 301 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 286 | return (0); |
| 302 | return(0); | 287 | } |
| 303 | } | 288 | if (!ssl_cert_inst(&ssl->cert)) { |
| 304 | if (!ssl_cert_inst(&ssl->cert)) | 289 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 305 | { | 290 | return (0); |
| 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 307 | return(0); | ||
| 308 | } | ||
| 309 | ret=ssl_set_pkey(ssl->cert,pkey); | ||
| 310 | return(ret); | ||
| 311 | } | 291 | } |
| 292 | ret = ssl_set_pkey(ssl->cert, pkey); | ||
| 293 | return (ret); | ||
| 294 | } | ||
| 312 | 295 | ||
| 313 | #ifndef OPENSSL_NO_STDIO | 296 | #ifndef OPENSSL_NO_STDIO |
| 314 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | 297 | int |
| 315 | { | 298 | SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) |
| 316 | int j,ret=0; | 299 | { |
| 300 | int j, ret = 0; | ||
| 317 | BIO *in; | 301 | BIO *in; |
| 318 | EVP_PKEY *pkey=NULL; | 302 | EVP_PKEY *pkey = NULL; |
| 319 | 303 | ||
| 320 | in=BIO_new(BIO_s_file_internal()); | 304 | in = BIO_new(BIO_s_file_internal()); |
| 321 | if (in == NULL) | 305 | if (in == NULL) { |
| 322 | { | 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 323 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 324 | goto end; | 307 | goto end; |
| 325 | } | 308 | } |
| 326 | 309 | ||
| 327 | if (BIO_read_filename(in,file) <= 0) | 310 | if (BIO_read_filename(in, file) <= 0) { |
| 328 | { | 311 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 329 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 330 | goto end; | 312 | goto end; |
| 331 | } | 313 | } |
| 332 | if (type == SSL_FILETYPE_PEM) | 314 | if (type == SSL_FILETYPE_PEM) { |
| 333 | { | 315 | j = ERR_R_PEM_LIB; |
| 334 | j=ERR_R_PEM_LIB; | 316 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 335 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 317 | ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); |
| 336 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); | 318 | } else if (type == SSL_FILETYPE_ASN1) { |
| 337 | } | ||
| 338 | else if (type == SSL_FILETYPE_ASN1) | ||
| 339 | { | ||
| 340 | j = ERR_R_ASN1_LIB; | 319 | j = ERR_R_ASN1_LIB; |
| 341 | pkey = d2i_PrivateKey_bio(in,NULL); | 320 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 342 | } | 321 | } else { |
| 343 | else | 322 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 344 | { | ||
| 345 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 346 | goto end; | 323 | goto end; |
| 347 | } | 324 | } |
| 348 | if (pkey == NULL) | 325 | if (pkey == NULL) { |
| 349 | { | 326 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); |
| 350 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j); | ||
| 351 | goto end; | 327 | goto end; |
| 352 | } | 328 | } |
| 353 | ret=SSL_use_PrivateKey(ssl,pkey); | 329 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 354 | EVP_PKEY_free(pkey); | 330 | EVP_PKEY_free(pkey); |
| 355 | end: | 331 | end: |
| 356 | if (in != NULL) BIO_free(in); | 332 | if (in != NULL) |
| 357 | return(ret); | 333 | BIO_free(in); |
| 358 | } | 334 | return (ret); |
| 335 | } | ||
| 359 | #endif | 336 | #endif |
| 360 | 337 | ||
| 361 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) | 338 | int |
| 362 | { | 339 | SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) |
| 340 | { | ||
| 363 | int ret; | 341 | int ret; |
| 364 | const unsigned char *p; | 342 | const unsigned char *p; |
| 365 | EVP_PKEY *pkey; | 343 | EVP_PKEY *pkey; |
| 366 | 344 | ||
| 367 | p=d; | 345 | p = d; |
| 368 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 346 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 369 | { | 347 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 370 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 348 | return (0); |
| 371 | return(0); | 349 | } |
| 372 | } | ||
| 373 | 350 | ||
| 374 | ret=SSL_use_PrivateKey(ssl,pkey); | 351 | ret = SSL_use_PrivateKey(ssl, pkey); |
| 375 | EVP_PKEY_free(pkey); | 352 | EVP_PKEY_free(pkey); |
| 376 | return(ret); | 353 | return (ret); |
| 354 | } | ||
| 355 | |||
| 356 | int | ||
| 357 | SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | ||
| 358 | { | ||
| 359 | if (x == NULL) { | ||
| 360 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); | ||
| 361 | return (0); | ||
| 377 | } | 362 | } |
| 378 | 363 | if (!ssl_cert_inst(&ctx->cert)) { | |
| 379 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | 364 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); |
| 380 | { | 365 | return (0); |
| 381 | if (x == NULL) | ||
| 382 | { | ||
| 383 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | ||
| 384 | return(0); | ||
| 385 | } | ||
| 386 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 387 | { | ||
| 388 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 389 | return(0); | ||
| 390 | } | ||
| 391 | return(ssl_set_cert(ctx->cert, x)); | ||
| 392 | } | 366 | } |
| 367 | return (ssl_set_cert(ctx->cert, x)); | ||
| 368 | } | ||
| 393 | 369 | ||
| 394 | static int ssl_set_cert(CERT *c, X509 *x) | 370 | static int |
| 395 | { | 371 | ssl_set_cert(CERT *c, X509 *x) |
| 372 | { | ||
| 396 | EVP_PKEY *pkey; | 373 | EVP_PKEY *pkey; |
| 397 | int i; | 374 | int i; |
| 398 | 375 | ||
| 399 | pkey=X509_get_pubkey(x); | 376 | pkey = X509_get_pubkey(x); |
| 400 | if (pkey == NULL) | 377 | if (pkey == NULL) { |
| 401 | { | 378 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); |
| 402 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB); | 379 | return (0); |
| 403 | return(0); | 380 | } |
| 404 | } | ||
| 405 | 381 | ||
| 406 | i=ssl_cert_type(x,pkey); | 382 | i = ssl_cert_type(x, pkey); |
| 407 | if (i < 0) | 383 | if (i < 0) { |
| 408 | { | 384 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 409 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 410 | EVP_PKEY_free(pkey); | 385 | EVP_PKEY_free(pkey); |
| 411 | return(0); | 386 | return (0); |
| 412 | } | 387 | } |
| 413 | 388 | ||
| 414 | if (c->pkeys[i].privatekey != NULL) | 389 | if (c->pkeys[i].privatekey != NULL) { |
| 415 | { | 390 | EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); |
| 416 | EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); | ||
| 417 | ERR_clear_error(); | 391 | ERR_clear_error(); |
| 418 | 392 | ||
| 419 | #ifndef OPENSSL_NO_RSA | 393 | #ifndef OPENSSL_NO_RSA |
| @@ -421,280 +395,259 @@ static int ssl_set_cert(CERT *c, X509 *x) | |||
| 421 | * for smart cards. */ | 395 | * for smart cards. */ |
| 422 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | 396 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && |
| 423 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | 397 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & |
| 424 | RSA_METHOD_FLAG_NO_CHECK)) | 398 | RSA_METHOD_FLAG_NO_CHECK)) |
| 425 | ; | 399 | ; |
| 426 | else | 400 | else |
| 427 | #endif /* OPENSSL_NO_RSA */ | 401 | #endif /* OPENSSL_NO_RSA */ |
| 428 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | 402 | if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { |
| 429 | { | ||
| 430 | /* don't fail for a cert/key mismatch, just free | 403 | /* don't fail for a cert/key mismatch, just free |
| 431 | * current private key (when switching to a different | 404 | * current private key (when switching to a different |
| 432 | * cert & key, first this function should be used, | 405 | * cert & key, first this function should be used, |
| 433 | * then ssl_set_pkey */ | 406 | * then ssl_set_pkey */ |
| 434 | EVP_PKEY_free(c->pkeys[i].privatekey); | 407 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| 435 | c->pkeys[i].privatekey=NULL; | 408 | c->pkeys[i].privatekey = NULL; |
| 436 | /* clear error queue */ | 409 | /* clear error queue */ |
| 437 | ERR_clear_error(); | 410 | ERR_clear_error(); |
| 438 | } | ||
| 439 | } | 411 | } |
| 412 | } | ||
| 440 | 413 | ||
| 441 | EVP_PKEY_free(pkey); | 414 | EVP_PKEY_free(pkey); |
| 442 | 415 | ||
| 443 | if (c->pkeys[i].x509 != NULL) | 416 | if (c->pkeys[i].x509 != NULL) |
| 444 | X509_free(c->pkeys[i].x509); | 417 | X509_free(c->pkeys[i].x509); |
| 445 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 418 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 446 | c->pkeys[i].x509=x; | 419 | c->pkeys[i].x509 = x; |
| 447 | c->key= &(c->pkeys[i]); | 420 | c->key = &(c->pkeys[i]); |
| 448 | 421 | ||
| 449 | c->valid=0; | 422 | c->valid = 0; |
| 450 | return(1); | 423 | return (1); |
| 451 | } | 424 | } |
| 452 | 425 | ||
| 453 | #ifndef OPENSSL_NO_STDIO | 426 | #ifndef OPENSSL_NO_STDIO |
| 454 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) | 427 | int |
| 455 | { | 428 | SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) |
| 429 | { | ||
| 456 | int j; | 430 | int j; |
| 457 | BIO *in; | 431 | BIO *in; |
| 458 | int ret=0; | 432 | int ret = 0; |
| 459 | X509 *x=NULL; | 433 | X509 *x = NULL; |
| 460 | 434 | ||
| 461 | in=BIO_new(BIO_s_file_internal()); | 435 | in = BIO_new(BIO_s_file_internal()); |
| 462 | if (in == NULL) | 436 | if (in == NULL) { |
| 463 | { | 437 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); |
| 464 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB); | ||
| 465 | goto end; | 438 | goto end; |
| 466 | } | 439 | } |
| 467 | 440 | ||
| 468 | if (BIO_read_filename(in,file) <= 0) | 441 | if (BIO_read_filename(in, file) <= 0) { |
| 469 | { | 442 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); |
| 470 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB); | ||
| 471 | goto end; | 443 | goto end; |
| 472 | } | 444 | } |
| 473 | if (type == SSL_FILETYPE_ASN1) | 445 | if (type == SSL_FILETYPE_ASN1) { |
| 474 | { | 446 | j = ERR_R_ASN1_LIB; |
| 475 | j=ERR_R_ASN1_LIB; | 447 | x = d2i_X509_bio(in, NULL); |
| 476 | x=d2i_X509_bio(in,NULL); | 448 | } else if (type == SSL_FILETYPE_PEM) { |
| 477 | } | 449 | j = ERR_R_PEM_LIB; |
| 478 | else if (type == SSL_FILETYPE_PEM) | 450 | x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 479 | { | 451 | } else { |
| 480 | j=ERR_R_PEM_LIB; | 452 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 481 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 482 | } | ||
| 483 | else | ||
| 484 | { | ||
| 485 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 486 | goto end; | 453 | goto end; |
| 487 | } | 454 | } |
| 488 | 455 | ||
| 489 | if (x == NULL) | 456 | if (x == NULL) { |
| 490 | { | 457 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); |
| 491 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j); | ||
| 492 | goto end; | 458 | goto end; |
| 493 | } | 459 | } |
| 494 | 460 | ||
| 495 | ret=SSL_CTX_use_certificate(ctx,x); | 461 | ret = SSL_CTX_use_certificate(ctx, x); |
| 496 | end: | 462 | end: |
| 497 | if (x != NULL) X509_free(x); | 463 | if (x != NULL) |
| 498 | if (in != NULL) BIO_free(in); | 464 | X509_free(x); |
| 499 | return(ret); | 465 | if (in != NULL) |
| 500 | } | 466 | BIO_free(in); |
| 467 | return (ret); | ||
| 468 | } | ||
| 501 | #endif | 469 | #endif |
| 502 | 470 | ||
| 503 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) | 471 | int |
| 504 | { | 472 | SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) |
| 473 | { | ||
| 505 | X509 *x; | 474 | X509 *x; |
| 506 | int ret; | 475 | int ret; |
| 507 | 476 | ||
| 508 | x=d2i_X509(NULL,&d,(long)len); | 477 | x = d2i_X509(NULL, &d,(long)len); |
| 509 | if (x == NULL) | 478 | if (x == NULL) { |
| 510 | { | 479 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); |
| 511 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB); | 480 | return (0); |
| 512 | return(0); | 481 | } |
| 513 | } | ||
| 514 | 482 | ||
| 515 | ret=SSL_CTX_use_certificate(ctx,x); | 483 | ret = SSL_CTX_use_certificate(ctx, x); |
| 516 | X509_free(x); | 484 | X509_free(x); |
| 517 | return(ret); | 485 | return (ret); |
| 518 | } | 486 | } |
| 519 | 487 | ||
| 520 | #ifndef OPENSSL_NO_RSA | 488 | #ifndef OPENSSL_NO_RSA |
| 521 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) | 489 | int |
| 522 | { | 490 | SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) |
| 491 | { | ||
| 523 | int ret; | 492 | int ret; |
| 524 | EVP_PKEY *pkey; | 493 | EVP_PKEY *pkey; |
| 525 | 494 | ||
| 526 | if (rsa == NULL) | 495 | if (rsa == NULL) { |
| 527 | { | 496 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 528 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 497 | return (0); |
| 529 | return(0); | 498 | } |
| 530 | } | 499 | if (!ssl_cert_inst(&ctx->cert)) { |
| 531 | if (!ssl_cert_inst(&ctx->cert)) | 500 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); |
| 532 | { | 501 | return (0); |
| 533 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | 502 | } |
| 534 | return(0); | 503 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 535 | } | 504 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); |
| 536 | if ((pkey=EVP_PKEY_new()) == NULL) | 505 | return (0); |
| 537 | { | 506 | } |
| 538 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | ||
| 539 | return(0); | ||
| 540 | } | ||
| 541 | 507 | ||
| 542 | RSA_up_ref(rsa); | 508 | RSA_up_ref(rsa); |
| 543 | EVP_PKEY_assign_RSA(pkey,rsa); | 509 | EVP_PKEY_assign_RSA(pkey, rsa); |
| 544 | 510 | ||
| 545 | ret=ssl_set_pkey(ctx->cert, pkey); | 511 | ret = ssl_set_pkey(ctx->cert, pkey); |
| 546 | EVP_PKEY_free(pkey); | 512 | EVP_PKEY_free(pkey); |
| 547 | return(ret); | 513 | return (ret); |
| 548 | } | 514 | } |
| 549 | 515 | ||
| 550 | #ifndef OPENSSL_NO_STDIO | 516 | #ifndef OPENSSL_NO_STDIO |
| 551 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 517 | int |
| 552 | { | 518 | SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 553 | int j,ret=0; | 519 | { |
| 520 | int j, ret = 0; | ||
| 554 | BIO *in; | 521 | BIO *in; |
| 555 | RSA *rsa=NULL; | 522 | RSA *rsa = NULL; |
| 556 | 523 | ||
| 557 | in=BIO_new(BIO_s_file_internal()); | 524 | in = BIO_new(BIO_s_file_internal()); |
| 558 | if (in == NULL) | 525 | if (in == NULL) { |
| 559 | { | 526 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 560 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 561 | goto end; | 527 | goto end; |
| 562 | } | 528 | } |
| 563 | 529 | ||
| 564 | if (BIO_read_filename(in,file) <= 0) | 530 | if (BIO_read_filename(in, file) <= 0) { |
| 565 | { | 531 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 566 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 567 | goto end; | 532 | goto end; |
| 568 | } | 533 | } |
| 569 | if (type == SSL_FILETYPE_ASN1) | 534 | if (type == SSL_FILETYPE_ASN1) { |
| 570 | { | 535 | j = ERR_R_ASN1_LIB; |
| 571 | j=ERR_R_ASN1_LIB; | 536 | rsa = d2i_RSAPrivateKey_bio(in, NULL); |
| 572 | rsa=d2i_RSAPrivateKey_bio(in,NULL); | 537 | } else if (type == SSL_FILETYPE_PEM) { |
| 573 | } | 538 | j = ERR_R_PEM_LIB; |
| 574 | else if (type == SSL_FILETYPE_PEM) | 539 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, |
| 575 | { | 540 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 576 | j=ERR_R_PEM_LIB; | 541 | } else { |
| 577 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 542 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 578 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 579 | } | ||
| 580 | else | ||
| 581 | { | ||
| 582 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 583 | goto end; | 543 | goto end; |
| 584 | } | 544 | } |
| 585 | if (rsa == NULL) | 545 | if (rsa == NULL) { |
| 586 | { | 546 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); |
| 587 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j); | ||
| 588 | goto end; | 547 | goto end; |
| 589 | } | 548 | } |
| 590 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 549 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 591 | RSA_free(rsa); | 550 | RSA_free(rsa); |
| 592 | end: | 551 | end: |
| 593 | if (in != NULL) BIO_free(in); | 552 | if (in != NULL) |
| 594 | return(ret); | 553 | BIO_free(in); |
| 595 | } | 554 | return (ret); |
| 555 | } | ||
| 596 | #endif | 556 | #endif |
| 597 | 557 | ||
| 598 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) | 558 | int |
| 599 | { | 559 | SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) |
| 560 | { | ||
| 600 | int ret; | 561 | int ret; |
| 601 | const unsigned char *p; | 562 | const unsigned char *p; |
| 602 | RSA *rsa; | 563 | RSA *rsa; |
| 603 | 564 | ||
| 604 | p=d; | 565 | p = d; |
| 605 | if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL) | 566 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { |
| 606 | { | 567 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 607 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 568 | return (0); |
| 608 | return(0); | 569 | } |
| 609 | } | ||
| 610 | 570 | ||
| 611 | ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa); | 571 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); |
| 612 | RSA_free(rsa); | 572 | RSA_free(rsa); |
| 613 | return(ret); | 573 | return (ret); |
| 614 | } | 574 | } |
| 615 | #endif /* !OPENSSL_NO_RSA */ | 575 | #endif /* !OPENSSL_NO_RSA */ |
| 616 | 576 | ||
| 617 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | 577 | int |
| 618 | { | 578 | SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) |
| 619 | if (pkey == NULL) | 579 | { |
| 620 | { | 580 | if (pkey == NULL) { |
| 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 581 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); |
| 622 | return(0); | 582 | return (0); |
| 623 | } | ||
| 624 | if (!ssl_cert_inst(&ctx->cert)) | ||
| 625 | { | ||
| 626 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 627 | return(0); | ||
| 628 | } | ||
| 629 | return(ssl_set_pkey(ctx->cert,pkey)); | ||
| 630 | } | 583 | } |
| 584 | if (!ssl_cert_inst(&ctx->cert)) { | ||
| 585 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 586 | return (0); | ||
| 587 | } | ||
| 588 | return (ssl_set_pkey(ctx->cert, pkey)); | ||
| 589 | } | ||
| 631 | 590 | ||
| 632 | #ifndef OPENSSL_NO_STDIO | 591 | #ifndef OPENSSL_NO_STDIO |
| 633 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | 592 | int |
| 634 | { | 593 | SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 635 | int j,ret=0; | 594 | { |
| 595 | int j, ret = 0; | ||
| 636 | BIO *in; | 596 | BIO *in; |
| 637 | EVP_PKEY *pkey=NULL; | 597 | EVP_PKEY *pkey = NULL; |
| 638 | 598 | ||
| 639 | in=BIO_new(BIO_s_file_internal()); | 599 | in = BIO_new(BIO_s_file_internal()); |
| 640 | if (in == NULL) | 600 | if (in == NULL) { |
| 641 | { | 601 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); |
| 642 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); | ||
| 643 | goto end; | 602 | goto end; |
| 644 | } | 603 | } |
| 645 | 604 | ||
| 646 | if (BIO_read_filename(in,file) <= 0) | 605 | if (BIO_read_filename(in, file) <= 0) { |
| 647 | { | 606 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); |
| 648 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); | ||
| 649 | goto end; | 607 | goto end; |
| 650 | } | 608 | } |
| 651 | if (type == SSL_FILETYPE_PEM) | 609 | if (type == SSL_FILETYPE_PEM) { |
| 652 | { | 610 | j = ERR_R_PEM_LIB; |
| 653 | j=ERR_R_PEM_LIB; | 611 | pkey = PEM_read_bio_PrivateKey(in, NULL, |
| 654 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 612 | ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); |
| 655 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | 613 | } else if (type == SSL_FILETYPE_ASN1) { |
| 656 | } | ||
| 657 | else if (type == SSL_FILETYPE_ASN1) | ||
| 658 | { | ||
| 659 | j = ERR_R_ASN1_LIB; | 614 | j = ERR_R_ASN1_LIB; |
| 660 | pkey = d2i_PrivateKey_bio(in,NULL); | 615 | pkey = d2i_PrivateKey_bio(in, NULL); |
| 661 | } | 616 | } else { |
| 662 | else | 617 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); |
| 663 | { | ||
| 664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); | ||
| 665 | goto end; | 618 | goto end; |
| 666 | } | 619 | } |
| 667 | if (pkey == NULL) | 620 | if (pkey == NULL) { |
| 668 | { | 621 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); |
| 669 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); | ||
| 670 | goto end; | 622 | goto end; |
| 671 | } | 623 | } |
| 672 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 624 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 673 | EVP_PKEY_free(pkey); | 625 | EVP_PKEY_free(pkey); |
| 674 | end: | 626 | end: |
| 675 | if (in != NULL) BIO_free(in); | 627 | if (in != NULL) |
| 676 | return(ret); | 628 | BIO_free(in); |
| 677 | } | 629 | return (ret); |
| 630 | } | ||
| 678 | #endif | 631 | #endif |
| 679 | 632 | ||
| 680 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | 633 | int |
| 681 | long len) | 634 | SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, |
| 682 | { | 635 | long len) |
| 636 | { | ||
| 683 | int ret; | 637 | int ret; |
| 684 | const unsigned char *p; | 638 | const unsigned char *p; |
| 685 | EVP_PKEY *pkey; | 639 | EVP_PKEY *pkey; |
| 686 | 640 | ||
| 687 | p=d; | 641 | p = d; |
| 688 | if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL) | 642 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { |
| 689 | { | 643 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); |
| 690 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB); | 644 | return (0); |
| 691 | return(0); | 645 | } |
| 692 | } | ||
| 693 | 646 | ||
| 694 | ret=SSL_CTX_use_PrivateKey(ctx,pkey); | 647 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
| 695 | EVP_PKEY_free(pkey); | 648 | EVP_PKEY_free(pkey); |
| 696 | return(ret); | 649 | return (ret); |
| 697 | } | 650 | } |
| 698 | 651 | ||
| 699 | 652 | ||
| 700 | #ifndef OPENSSL_NO_STDIO | 653 | #ifndef OPENSSL_NO_STDIO |
| @@ -702,82 +655,79 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | |||
| 702 | * possibly followed by a sequence of CA certificates that should be | 655 | * possibly followed by a sequence of CA certificates that should be |
| 703 | * sent to the peer in the Certificate message. | 656 | * sent to the peer in the Certificate message. |
| 704 | */ | 657 | */ |
| 705 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | 658 | int |
| 706 | { | 659 | SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) |
| 660 | { | ||
| 707 | BIO *in; | 661 | BIO *in; |
| 708 | int ret=0; | 662 | int ret = 0; |
| 709 | X509 *x=NULL; | 663 | X509 *x = NULL; |
| 710 | 664 | ||
| 711 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | 665 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ |
| 712 | 666 | ||
| 713 | in = BIO_new(BIO_s_file_internal()); | 667 | in = BIO_new(BIO_s_file_internal()); |
| 714 | if (in == NULL) | 668 | if (in == NULL) { |
| 715 | { | 669 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); |
| 716 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); | ||
| 717 | goto end; | 670 | goto end; |
| 718 | } | 671 | } |
| 719 | 672 | ||
| 720 | if (BIO_read_filename(in,file) <= 0) | 673 | if (BIO_read_filename(in, file) <= 0) { |
| 721 | { | 674 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); |
| 722 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); | ||
| 723 | goto end; | 675 | goto end; |
| 724 | } | 676 | } |
| 725 | 677 | ||
| 726 | x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback, | 678 | x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, |
| 727 | ctx->default_passwd_callback_userdata); | 679 | ctx->default_passwd_callback_userdata); |
| 728 | if (x == NULL) | 680 | if (x == NULL) { |
| 729 | { | 681 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); |
| 730 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); | ||
| 731 | goto end; | 682 | goto end; |
| 732 | } | 683 | } |
| 733 | 684 | ||
| 734 | ret = SSL_CTX_use_certificate(ctx, x); | 685 | ret = SSL_CTX_use_certificate(ctx, x); |
| 735 | 686 | ||
| 736 | if (ERR_peek_error() != 0) | 687 | if (ERR_peek_error() != 0) |
| 737 | ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ | 688 | ret = 0; |
| 738 | if (ret) | 689 | /* Key/certificate mismatch doesn't imply ret==0 ... */ |
| 739 | { | 690 | if (ret) { |
| 740 | /* If we could set up our certificate, now proceed to | 691 | /* If we could set up our certificate, now proceed to |
| 741 | * the CA certificates. | 692 | * the CA certificates. |
| 742 | */ | 693 | */ |
| 743 | X509 *ca; | 694 | X509 *ca; |
| 744 | int r; | 695 | int r; |
| 745 | unsigned long err; | 696 | unsigned long err; |
| 746 | 697 | ||
| 747 | if (ctx->extra_certs != NULL) | 698 | if (ctx->extra_certs != NULL) { |
| 748 | { | ||
| 749 | sk_X509_pop_free(ctx->extra_certs, X509_free); | 699 | sk_X509_pop_free(ctx->extra_certs, X509_free); |
| 750 | ctx->extra_certs = NULL; | 700 | ctx->extra_certs = NULL; |
| 751 | } | 701 | } |
| 752 | 702 | ||
| 753 | while ((ca = PEM_read_bio_X509(in, NULL, | 703 | while ((ca = PEM_read_bio_X509(in, NULL, |
| 754 | ctx->default_passwd_callback, | 704 | ctx->default_passwd_callback, |
| 755 | ctx->default_passwd_callback_userdata)) | 705 | ctx->default_passwd_callback_userdata)) |
| 756 | != NULL) | 706 | != NULL) { |
| 757 | { | ||
| 758 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | 707 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); |
| 759 | if (!r) | 708 | if (!r) { |
| 760 | { | ||
| 761 | X509_free(ca); | 709 | X509_free(ca); |
| 762 | ret = 0; | 710 | ret = 0; |
| 763 | goto end; | 711 | goto end; |
| 764 | } | 712 | } |
| 765 | /* Note that we must not free r if it was successfully | 713 | /* Note that we must not free r if it was successfully |
| 766 | * added to the chain (while we must free the main | 714 | * added to the chain (while we must free the main |
| 767 | * certificate, since its reference count is increased | 715 | * certificate, since its reference count is increased |
| 768 | * by SSL_CTX_use_certificate). */ | 716 | * by SSL_CTX_use_certificate). */ |
| 769 | } | 717 | } |
| 770 | /* When the while loop ends, it's usually just EOF. */ | 718 | /* When the while loop ends, it's usually just EOF. */ |
| 771 | err = ERR_peek_last_error(); | 719 | err = ERR_peek_last_error(); |
| 772 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) | 720 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) |
| 773 | ERR_clear_error(); | 721 | ERR_clear_error(); |
| 774 | else | 722 | else |
| 775 | ret = 0; /* some real error */ | 723 | ret = 0; /* some real error */ |
| 776 | } | 724 | } |
| 777 | 725 | ||
| 778 | end: | 726 | end: |
| 779 | if (x != NULL) X509_free(x); | 727 | if (x != NULL) |
| 780 | if (in != NULL) BIO_free(in); | 728 | X509_free(x); |
| 781 | return(ret); | 729 | if (in != NULL) |
| 782 | } | 730 | BIO_free(in); |
| 731 | return (ret); | ||
| 732 | } | ||
| 783 | #endif | 733 | #endif |
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index ad40fadd02..b29115862b 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -144,68 +144,74 @@ | |||
| 144 | #include "ssl_locl.h" | 144 | #include "ssl_locl.h" |
| 145 | 145 | ||
| 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); |
| 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); |
| 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); | 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); |
| 149 | 149 | ||
| 150 | SSL_SESSION *SSL_get_session(const SSL *ssl) | 150 | SSL_SESSION |
| 151 | *SSL_get_session(const SSL *ssl) | ||
| 151 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ | 152 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ |
| 152 | { | 153 | { |
| 153 | return(ssl->session); | 154 | return (ssl->session); |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 156 | SSL_SESSION *SSL_get1_session(SSL *ssl) | 157 | SSL_SESSION |
| 158 | *SSL_get1_session(SSL *ssl) | ||
| 157 | /* variant of SSL_get_session: caller really gets something */ | 159 | /* variant of SSL_get_session: caller really gets something */ |
| 158 | { | 160 | { |
| 159 | SSL_SESSION *sess; | 161 | SSL_SESSION *sess; |
| 160 | /* Need to lock this all up rather than just use CRYPTO_add so that | 162 | /* Need to lock this all up rather than just use CRYPTO_add so that |
| 161 | * somebody doesn't free ssl->session between when we check it's | 163 | * somebody doesn't free ssl->session between when we check it's |
| 162 | * non-null and when we up the reference count. */ | 164 | * non-null and when we up the reference count. */ |
| 163 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); | 165 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); |
| 164 | sess = ssl->session; | 166 | sess = ssl->session; |
| 165 | if(sess) | 167 | if (sess) |
| 166 | sess->references++; | 168 | sess->references++; |
| 167 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); | 169 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); |
| 168 | return(sess); | 170 | return (sess); |
| 169 | } | 171 | } |
| 170 | 172 | ||
| 171 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 173 | int |
| 172 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | 174 | SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 173 | { | 175 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 176 | { | ||
| 174 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, | 177 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, |
| 175 | new_func, dup_func, free_func); | 178 | new_func, dup_func, free_func); |
| 176 | } | 179 | } |
| 177 | 180 | ||
| 178 | int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | 181 | int |
| 179 | { | 182 | SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) |
| 180 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 183 | { |
| 181 | } | 184 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); |
| 185 | } | ||
| 182 | 186 | ||
| 183 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) | 187 | void |
| 184 | { | 188 | *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) |
| 185 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 189 | { |
| 186 | } | 190 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); |
| 191 | } | ||
| 187 | 192 | ||
| 188 | SSL_SESSION *SSL_SESSION_new(void) | 193 | SSL_SESSION |
| 189 | { | 194 | *SSL_SESSION_new(void) |
| 195 | { | ||
| 190 | SSL_SESSION *ss; | 196 | SSL_SESSION *ss; |
| 191 | 197 | ||
| 192 | ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); | 198 | ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); |
| 193 | if (ss == NULL) | 199 | if (ss == NULL) { |
| 194 | { | 200 | SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); |
| 195 | SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); | 201 | return (0); |
| 196 | return(0); | 202 | } |
| 197 | } | 203 | memset(ss, 0, sizeof(SSL_SESSION)); |
| 198 | memset(ss,0,sizeof(SSL_SESSION)); | ||
| 199 | 204 | ||
| 200 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 201 | ss->references=1; | 206 | ss->references = 1; |
| 202 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 203 | ss->time=(unsigned long)time(NULL); | 208 | ss->time = (unsigned long)time(NULL); |
| 204 | ss->prev=NULL; | 209 | ss->prev = NULL; |
| 205 | ss->next=NULL; | 210 | ss->next = NULL; |
| 206 | ss->compress_meth=0; | 211 | ss->compress_meth = 0; |
| 207 | #ifndef OPENSSL_NO_TLSEXT | 212 | #ifndef OPENSSL_NO_TLSEXT |
| 208 | ss->tlsext_hostname = NULL; | 213 | ss->tlsext_hostname = NULL; |
| 214 | |||
| 209 | #ifndef OPENSSL_NO_EC | 215 | #ifndef OPENSSL_NO_EC |
| 210 | ss->tlsext_ecpointformatlist_length = 0; | 216 | ss->tlsext_ecpointformatlist_length = 0; |
| 211 | ss->tlsext_ecpointformatlist = NULL; | 217 | ss->tlsext_ecpointformatlist = NULL; |
| @@ -215,26 +221,28 @@ SSL_SESSION *SSL_SESSION_new(void) | |||
| 215 | #endif | 221 | #endif |
| 216 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 222 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 217 | #ifndef OPENSSL_NO_PSK | 223 | #ifndef OPENSSL_NO_PSK |
| 218 | ss->psk_identity_hint=NULL; | 224 | ss->psk_identity_hint = NULL; |
| 219 | ss->psk_identity=NULL; | 225 | ss->psk_identity = NULL; |
| 220 | #endif | 226 | #endif |
| 221 | #ifndef OPENSSL_NO_SRP | 227 | #ifndef OPENSSL_NO_SRP |
| 222 | ss->srp_username=NULL; | 228 | ss->srp_username = NULL; |
| 223 | #endif | 229 | #endif |
| 224 | return(ss); | 230 | return (ss); |
| 225 | } | 231 | } |
| 226 | 232 | ||
| 227 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | 233 | const unsigned char |
| 228 | { | 234 | *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) |
| 229 | if(len) | 235 | { |
| 236 | if (len) | ||
| 230 | *len = s->session_id_length; | 237 | *len = s->session_id_length; |
| 231 | return s->session_id; | 238 | return s->session_id; |
| 232 | } | 239 | } |
| 233 | 240 | ||
| 234 | unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | 241 | unsigned int |
| 235 | { | 242 | SSL_SESSION_get_compress_id(const SSL_SESSION *s) |
| 243 | { | ||
| 236 | return s->compress_meth; | 244 | return s->compress_meth; |
| 237 | } | 245 | } |
| 238 | 246 | ||
| 239 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 | 247 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 |
| 240 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly | 248 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly |
| @@ -246,16 +254,17 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s) | |||
| 246 | * store that many sessions is perhaps a more interesting question ... */ | 254 | * store that many sessions is perhaps a more interesting question ... */ |
| 247 | 255 | ||
| 248 | #define MAX_SESS_ID_ATTEMPTS 10 | 256 | #define MAX_SESS_ID_ATTEMPTS 10 |
| 249 | static int def_generate_session_id(const SSL *ssl, unsigned char *id, | 257 | static int |
| 250 | unsigned int *id_len) | 258 | def_generate_session_id(const SSL *ssl, unsigned char *id, |
| 259 | unsigned int *id_len) | ||
| 251 | { | 260 | { |
| 252 | unsigned int retry = 0; | 261 | unsigned int retry = 0; |
| 253 | do | 262 | do |
| 254 | if (RAND_pseudo_bytes(id, *id_len) <= 0) | 263 | if (RAND_pseudo_bytes(id, *id_len) <= 0) |
| 255 | return 0; | 264 | return 0; |
| 256 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | 265 | while (SSL_has_matching_session_id(ssl, id, *id_len) && |
| 257 | (++retry < MAX_SESS_ID_ATTEMPTS)); | 266 | (++retry < MAX_SESS_ID_ATTEMPTS)); |
| 258 | if(retry < MAX_SESS_ID_ATTEMPTS) | 267 | if (retry < MAX_SESS_ID_ATTEMPTS) |
| 259 | return 1; | 268 | return 1; |
| 260 | /* else - woops a session_id match */ | 269 | /* else - woops a session_id match */ |
| 261 | /* XXX We should also check the external cache -- | 270 | /* XXX We should also check the external cache -- |
| @@ -269,120 +278,100 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, | |||
| 269 | return 0; | 278 | return 0; |
| 270 | } | 279 | } |
| 271 | 280 | ||
| 272 | int ssl_get_new_session(SSL *s, int session) | 281 | int |
| 273 | { | 282 | ssl_get_new_session(SSL *s, int session) |
| 283 | { | ||
| 274 | /* This gets used by clients and servers. */ | 284 | /* This gets used by clients and servers. */ |
| 275 | 285 | ||
| 276 | unsigned int tmp; | 286 | unsigned int tmp; |
| 277 | SSL_SESSION *ss=NULL; | 287 | SSL_SESSION *ss = NULL; |
| 278 | GEN_SESSION_CB cb = def_generate_session_id; | 288 | GEN_SESSION_CB cb = def_generate_session_id; |
| 279 | 289 | ||
| 280 | if ((ss=SSL_SESSION_new()) == NULL) return(0); | 290 | if ((ss = SSL_SESSION_new()) == NULL) return (0); |
| 281 | 291 | ||
| 282 | /* If the context has a default timeout, use it */ | 292 | /* If the context has a default timeout, use it */ |
| 283 | if (s->session_ctx->session_timeout == 0) | 293 | if (s->session_ctx->session_timeout == 0) |
| 284 | ss->timeout=SSL_get_default_timeout(s); | 294 | ss->timeout = SSL_get_default_timeout(s); |
| 285 | else | 295 | else |
| 286 | ss->timeout=s->session_ctx->session_timeout; | 296 | ss->timeout = s->session_ctx->session_timeout; |
| 287 | 297 | ||
| 288 | if (s->session != NULL) | 298 | if (s->session != NULL) { |
| 289 | { | ||
| 290 | SSL_SESSION_free(s->session); | 299 | SSL_SESSION_free(s->session); |
| 291 | s->session=NULL; | 300 | s->session = NULL; |
| 292 | } | 301 | } |
| 293 | 302 | ||
| 294 | if (session) | 303 | if (session) { |
| 295 | { | 304 | if (s->version == SSL2_VERSION) { |
| 296 | if (s->version == SSL2_VERSION) | 305 | ss->ssl_version = SSL2_VERSION; |
| 297 | { | 306 | ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH; |
| 298 | ss->ssl_version=SSL2_VERSION; | 307 | } else if (s->version == SSL3_VERSION) { |
| 299 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; | 308 | ss->ssl_version = SSL3_VERSION; |
| 300 | } | 309 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 301 | else if (s->version == SSL3_VERSION) | 310 | } else if (s->version == TLS1_VERSION) { |
| 302 | { | 311 | ss->ssl_version = TLS1_VERSION; |
| 303 | ss->ssl_version=SSL3_VERSION; | 312 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 304 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 313 | } else if (s->version == TLS1_1_VERSION) { |
| 305 | } | 314 | ss->ssl_version = TLS1_1_VERSION; |
| 306 | else if (s->version == TLS1_VERSION) | 315 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 307 | { | 316 | } else if (s->version == TLS1_2_VERSION) { |
| 308 | ss->ssl_version=TLS1_VERSION; | 317 | ss->ssl_version = TLS1_2_VERSION; |
| 309 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 318 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 310 | } | 319 | } else if (s->version == DTLS1_BAD_VER) { |
| 311 | else if (s->version == TLS1_1_VERSION) | 320 | ss->ssl_version = DTLS1_BAD_VER; |
| 312 | { | 321 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 313 | ss->ssl_version=TLS1_1_VERSION; | 322 | } else if (s->version == DTLS1_VERSION) { |
| 314 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | 323 | ss->ssl_version = DTLS1_VERSION; |
| 315 | } | 324 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; |
| 316 | else if (s->version == TLS1_2_VERSION) | 325 | } else { |
| 317 | { | 326 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION); |
| 318 | ss->ssl_version=TLS1_2_VERSION; | ||
| 319 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 320 | } | ||
| 321 | else if (s->version == DTLS1_BAD_VER) | ||
| 322 | { | ||
| 323 | ss->ssl_version=DTLS1_BAD_VER; | ||
| 324 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 325 | } | ||
| 326 | else if (s->version == DTLS1_VERSION) | ||
| 327 | { | ||
| 328 | ss->ssl_version=DTLS1_VERSION; | ||
| 329 | ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; | ||
| 330 | } | ||
| 331 | else | ||
| 332 | { | ||
| 333 | SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION); | ||
| 334 | SSL_SESSION_free(ss); | 327 | SSL_SESSION_free(ss); |
| 335 | return(0); | 328 | return (0); |
| 336 | } | 329 | } |
| 337 | #ifndef OPENSSL_NO_TLSEXT | 330 | #ifndef OPENSSL_NO_TLSEXT |
| 338 | /* If RFC4507 ticket use empty session ID */ | 331 | /* If RFC4507 ticket use empty session ID */ |
| 339 | if (s->tlsext_ticket_expected) | 332 | if (s->tlsext_ticket_expected) { |
| 340 | { | ||
| 341 | ss->session_id_length = 0; | 333 | ss->session_id_length = 0; |
| 342 | goto sess_id_done; | 334 | goto sess_id_done; |
| 343 | } | 335 | } |
| 344 | #endif | 336 | #endif |
| 345 | /* Choose which callback will set the session ID */ | 337 | /* Choose which callback will set the session ID */ |
| 346 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 338 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 347 | if(s->generate_session_id) | 339 | if (s->generate_session_id) |
| 348 | cb = s->generate_session_id; | 340 | cb = s->generate_session_id; |
| 349 | else if(s->session_ctx->generate_session_id) | 341 | else if (s->session_ctx->generate_session_id) |
| 350 | cb = s->session_ctx->generate_session_id; | 342 | cb = s->session_ctx->generate_session_id; |
| 351 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 343 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 352 | /* Choose a session ID */ | 344 | /* Choose a session ID */ |
| 353 | tmp = ss->session_id_length; | 345 | tmp = ss->session_id_length; |
| 354 | if(!cb(s, ss->session_id, &tmp)) | 346 | if (!cb(s, ss->session_id, &tmp)) { |
| 355 | { | ||
| 356 | /* The callback failed */ | 347 | /* The callback failed */ |
| 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 348 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 358 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); | 349 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); |
| 359 | SSL_SESSION_free(ss); | 350 | SSL_SESSION_free(ss); |
| 360 | return(0); | 351 | return (0); |
| 361 | } | 352 | } |
| 362 | /* Don't allow the callback to set the session length to zero. | 353 | /* Don't allow the callback to set the session length to zero. |
| 363 | * nor set it higher than it was. */ | 354 | * nor set it higher than it was. */ |
| 364 | if(!tmp || (tmp > ss->session_id_length)) | 355 | if (!tmp || (tmp > ss->session_id_length)) { |
| 365 | { | ||
| 366 | /* The callback set an illegal length */ | 356 | /* The callback set an illegal length */ |
| 367 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 357 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 368 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); | 358 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); |
| 369 | SSL_SESSION_free(ss); | 359 | SSL_SESSION_free(ss); |
| 370 | return(0); | 360 | return (0); |
| 371 | } | 361 | } |
| 372 | /* If the session length was shrunk and we're SSLv2, pad it */ | 362 | /* If the session length was shrunk and we're SSLv2, pad it */ |
| 373 | if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) | 363 | if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) |
| 374 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); | 364 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); |
| 375 | else | 365 | else |
| 376 | ss->session_id_length = tmp; | 366 | ss->session_id_length = tmp; |
| 377 | /* Finally, check for a conflict */ | 367 | /* Finally, check for a conflict */ |
| 378 | if(SSL_has_matching_session_id(s, ss->session_id, | 368 | if (SSL_has_matching_session_id(s, ss->session_id, |
| 379 | ss->session_id_length)) | 369 | ss->session_id_length)) { |
| 380 | { | ||
| 381 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | 370 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 382 | SSL_R_SSL_SESSION_ID_CONFLICT); | 371 | SSL_R_SSL_SESSION_ID_CONFLICT); |
| 383 | SSL_SESSION_free(ss); | 372 | SSL_SESSION_free(ss); |
| 384 | return(0); | 373 | return (0); |
| 385 | } | 374 | } |
| 386 | #ifndef OPENSSL_NO_TLSEXT | 375 | #ifndef OPENSSL_NO_TLSEXT |
| 387 | sess_id_done: | 376 | sess_id_done: |
| 388 | if (s->tlsext_hostname) { | 377 | if (s->tlsext_hostname) { |
| @@ -391,55 +380,50 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 391 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 380 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 392 | SSL_SESSION_free(ss); | 381 | SSL_SESSION_free(ss); |
| 393 | return 0; | 382 | return 0; |
| 394 | } | ||
| 395 | } | 383 | } |
| 384 | } | ||
| 396 | #ifndef OPENSSL_NO_EC | 385 | #ifndef OPENSSL_NO_EC |
| 397 | if (s->tlsext_ecpointformatlist) | 386 | if (s->tlsext_ecpointformatlist) { |
| 398 | { | 387 | if (ss->tlsext_ecpointformatlist != NULL) |
| 399 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 388 | OPENSSL_free(ss->tlsext_ecpointformatlist); |
| 400 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) | 389 | if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL) { |
| 401 | { | ||
| 402 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 390 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 403 | SSL_SESSION_free(ss); | 391 | SSL_SESSION_free(ss); |
| 404 | return 0; | 392 | return 0; |
| 405 | } | 393 | } |
| 406 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; | 394 | ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length; |
| 407 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); | 395 | memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); |
| 408 | } | 396 | } |
| 409 | if (s->tlsext_ellipticcurvelist) | 397 | if (s->tlsext_ellipticcurvelist) { |
| 410 | { | 398 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 411 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 399 | OPENSSL_free(ss->tlsext_ellipticcurvelist); |
| 412 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) | 400 | if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) { |
| 413 | { | ||
| 414 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); | 401 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE); |
| 415 | SSL_SESSION_free(ss); | 402 | SSL_SESSION_free(ss); |
| 416 | return 0; | 403 | return 0; |
| 417 | } | 404 | } |
| 418 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; | 405 | ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length; |
| 419 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); | 406 | memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); |
| 420 | } | 407 | } |
| 421 | #endif | 408 | #endif |
| 422 | #endif | 409 | #endif |
| 423 | } | 410 | } else { |
| 424 | else | 411 | ss->session_id_length = 0; |
| 425 | { | 412 | } |
| 426 | ss->session_id_length=0; | ||
| 427 | } | ||
| 428 | 413 | ||
| 429 | if (s->sid_ctx_length > sizeof ss->sid_ctx) | 414 | if (s->sid_ctx_length > sizeof ss->sid_ctx) { |
| 430 | { | ||
| 431 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | 415 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); |
| 432 | SSL_SESSION_free(ss); | 416 | SSL_SESSION_free(ss); |
| 433 | return 0; | 417 | return 0; |
| 434 | } | 418 | } |
| 435 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | 419 | memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); |
| 436 | ss->sid_ctx_length=s->sid_ctx_length; | 420 | ss->sid_ctx_length = s->sid_ctx_length; |
| 437 | s->session=ss; | 421 | s->session = ss; |
| 438 | ss->ssl_version=s->version; | 422 | ss->ssl_version = s->version; |
| 439 | ss->verify_result = X509_V_OK; | 423 | ss->verify_result = X509_V_OK; |
| 440 | 424 | ||
| 441 | return(1); | 425 | return (1); |
| 442 | } | 426 | } |
| 443 | 427 | ||
| 444 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this | 428 | /* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this |
| 445 | * connection. It is only called by servers. | 429 | * connection. It is only called by servers. |
| @@ -460,12 +444,13 @@ int ssl_get_new_session(SSL *s, int session) | |||
| 460 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 | 444 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1 |
| 461 | * if the server should issue a new session ticket (to 0 otherwise). | 445 | * if the server should issue a new session ticket (to 0 otherwise). |
| 462 | */ | 446 | */ |
| 463 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | 447 | int |
| 464 | const unsigned char *limit) | 448 | ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, |
| 465 | { | 449 | const unsigned char *limit) |
| 450 | { | ||
| 466 | /* This is used only by servers. */ | 451 | /* This is used only by servers. */ |
| 467 | 452 | ||
| 468 | SSL_SESSION *ret=NULL; | 453 | SSL_SESSION *ret = NULL; |
| 469 | int fatal = 0; | 454 | int fatal = 0; |
| 470 | int try_session_cache = 1; | 455 | int try_session_cache = 1; |
| 471 | #ifndef OPENSSL_NO_TLSEXT | 456 | #ifndef OPENSSL_NO_TLSEXT |
| @@ -480,8 +465,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 480 | 465 | ||
| 481 | #ifndef OPENSSL_NO_TLSEXT | 466 | #ifndef OPENSSL_NO_TLSEXT |
| 482 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ | 467 | r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */ |
| 483 | switch (r) | 468 | switch (r) { |
| 484 | { | ||
| 485 | case -1: /* Error during processing */ | 469 | case -1: /* Error during processing */ |
| 486 | fatal = 1; | 470 | fatal = 1; |
| 487 | goto err; | 471 | goto err; |
| @@ -494,39 +478,35 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 494 | break; | 478 | break; |
| 495 | default: | 479 | default: |
| 496 | abort(); | 480 | abort(); |
| 497 | } | 481 | } |
| 498 | #endif | 482 | #endif |
| 499 | 483 | ||
| 500 | if (try_session_cache && | 484 | if (try_session_cache && |
| 501 | ret == NULL && | 485 | ret == NULL && |
| 502 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 486 | !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { |
| 503 | { | ||
| 504 | SSL_SESSION data; | 487 | SSL_SESSION data; |
| 505 | data.ssl_version=s->version; | 488 | data.ssl_version = s->version; |
| 506 | data.session_id_length=len; | 489 | data.session_id_length = len; |
| 507 | if (len == 0) | 490 | if (len == 0) |
| 508 | return 0; | 491 | return 0; |
| 509 | memcpy(data.session_id,session_id,len); | 492 | memcpy(data.session_id, session_id, len); |
| 510 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 493 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 511 | ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data); | 494 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); |
| 512 | if (ret != NULL) | 495 | if (ret != NULL) { |
| 513 | { | ||
| 514 | /* don't allow other threads to steal it: */ | 496 | /* don't allow other threads to steal it: */ |
| 515 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 497 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 516 | } | 498 | } |
| 517 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 499 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 518 | if (ret == NULL) | 500 | if (ret == NULL) |
| 519 | s->session_ctx->stats.sess_miss++; | 501 | s->session_ctx->stats.sess_miss++; |
| 520 | } | 502 | } |
| 521 | 503 | ||
| 522 | if (try_session_cache && | 504 | if (try_session_cache && |
| 523 | ret == NULL && | 505 | ret == NULL && |
| 524 | s->session_ctx->get_session_cb != NULL) | 506 | s->session_ctx->get_session_cb != NULL) { |
| 525 | { | 507 | int copy = 1; |
| 526 | int copy=1; | 508 | |
| 527 | 509 | if ((ret = s->session_ctx->get_session_cb(s, session_id, len, ©))) { | |
| 528 | if ((ret=s->session_ctx->get_session_cb(s,session_id,len,©))) | ||
| 529 | { | ||
| 530 | s->session_ctx->stats.sess_cb_hit++; | 510 | s->session_ctx->stats.sess_cb_hit++; |
| 531 | 511 | ||
| 532 | /* Increment reference count now if the session callback | 512 | /* Increment reference count now if the session callback |
| @@ -535,16 +515,16 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 535 | * it must handle the reference count itself [i.e. copy == 0], | 515 | * it must handle the reference count itself [i.e. copy == 0], |
| 536 | * or things won't be thread-safe). */ | 516 | * or things won't be thread-safe). */ |
| 537 | if (copy) | 517 | if (copy) |
| 538 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 518 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 539 | 519 | ||
| 540 | /* Add the externally cached session to the internal | 520 | /* Add the externally cached session to the internal |
| 541 | * cache as well if and only if we are supposed to. */ | 521 | * cache as well if and only if we are supposed to. */ |
| 542 | if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) | 522 | if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) |
| 543 | /* The following should not return 1, otherwise, | 523 | /* The following should not return 1, otherwise, |
| 544 | * things are very strange */ | 524 | * things are very strange */ |
| 545 | SSL_CTX_add_session(s->session_ctx,ret); | 525 | SSL_CTX_add_session(s->session_ctx, ret); |
| 546 | } | ||
| 547 | } | 526 | } |
| 527 | } | ||
| 548 | 528 | ||
| 549 | if (ret == NULL) | 529 | if (ret == NULL) |
| 550 | goto err; | 530 | goto err; |
| @@ -552,15 +532,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 552 | /* Now ret is non-NULL and we own one of its reference counts. */ | 532 | /* Now ret is non-NULL and we own one of its reference counts. */ |
| 553 | 533 | ||
| 554 | if (ret->sid_ctx_length != s->sid_ctx_length | 534 | if (ret->sid_ctx_length != s->sid_ctx_length |
| 555 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) | 535 | || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { |
| 556 | { | ||
| 557 | /* We have the session requested by the client, but we don't | 536 | /* We have the session requested by the client, but we don't |
| 558 | * want to use it in this context. */ | 537 | * want to use it in this context. */ |
| 559 | goto err; /* treat like cache miss */ | 538 | goto err; /* treat like cache miss */ |
| 560 | } | 539 | } |
| 561 | 540 | ||
| 562 | if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) | 541 | if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { |
| 563 | { | ||
| 564 | /* We can't be sure if this session is being used out of | 542 | /* We can't be sure if this session is being used out of |
| 565 | * context, which is especially important for SSL_VERIFY_PEER. | 543 | * context, which is especially important for SSL_VERIFY_PEER. |
| 566 | * The application should have used SSL[_CTX]_set_session_id_context. | 544 | * The application should have used SSL[_CTX]_set_session_id_context. |
| @@ -570,87 +548,83 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 570 | * applications to effectively disable the session cache by | 548 | * applications to effectively disable the session cache by |
| 571 | * accident without anyone noticing). | 549 | * accident without anyone noticing). |
| 572 | */ | 550 | */ |
| 573 | 551 | ||
| 574 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | 552 | SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); |
| 575 | fatal = 1; | 553 | fatal = 1; |
| 576 | goto err; | 554 | goto err; |
| 577 | } | 555 | } |
| 578 | 556 | ||
| 579 | if (ret->cipher == NULL) | 557 | if (ret->cipher == NULL) { |
| 580 | { | 558 | unsigned char buf[5], *p; |
| 581 | unsigned char buf[5],*p; | ||
| 582 | unsigned long l; | 559 | unsigned long l; |
| 583 | 560 | ||
| 584 | p=buf; | 561 | p = buf; |
| 585 | l=ret->cipher_id; | 562 | l = ret->cipher_id; |
| 586 | l2n(l,p); | 563 | l2n(l, p); |
| 587 | if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR) | 564 | if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR) |
| 588 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); | 565 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[2])); |
| 589 | else | 566 | else |
| 590 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); | 567 | ret->cipher = ssl_get_cipher_by_char(s, &(buf[1])); |
| 591 | if (ret->cipher == NULL) | 568 | if (ret->cipher == NULL) |
| 592 | goto err; | 569 | goto err; |
| 593 | } | 570 | } |
| 594 | 571 | ||
| 595 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 572 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ |
| 596 | { | 573 | { |
| 597 | s->session_ctx->stats.sess_timeout++; | 574 | s->session_ctx->stats.sess_timeout++; |
| 598 | if (try_session_cache) | 575 | if (try_session_cache) { |
| 599 | { | ||
| 600 | /* session was from the cache, so remove it */ | 576 | /* session was from the cache, so remove it */ |
| 601 | SSL_CTX_remove_session(s->session_ctx,ret); | 577 | SSL_CTX_remove_session(s->session_ctx, ret); |
| 602 | } | ||
| 603 | goto err; | ||
| 604 | } | 578 | } |
| 579 | goto err; | ||
| 580 | } | ||
| 605 | 581 | ||
| 606 | s->session_ctx->stats.sess_hit++; | 582 | s->session_ctx->stats.sess_hit++; |
| 607 | 583 | ||
| 608 | if (s->session != NULL) | 584 | if (s->session != NULL) |
| 609 | SSL_SESSION_free(s->session); | 585 | SSL_SESSION_free(s->session); |
| 610 | s->session=ret; | 586 | s->session = ret; |
| 611 | s->verify_result = s->session->verify_result; | 587 | s->verify_result = s->session->verify_result; |
| 612 | return 1; | 588 | return 1; |
| 613 | 589 | ||
| 614 | err: | 590 | err: |
| 615 | if (ret != NULL) | 591 | if (ret != NULL) { |
| 616 | { | ||
| 617 | SSL_SESSION_free(ret); | 592 | SSL_SESSION_free(ret); |
| 618 | #ifndef OPENSSL_NO_TLSEXT | 593 | #ifndef OPENSSL_NO_TLSEXT |
| 619 | if (!try_session_cache) | 594 | if (!try_session_cache) { |
| 620 | { | ||
| 621 | /* The session was from a ticket, so we should | 595 | /* The session was from a ticket, so we should |
| 622 | * issue a ticket for the new session */ | 596 | * issue a ticket for the new session */ |
| 623 | s->tlsext_ticket_expected = 1; | 597 | s->tlsext_ticket_expected = 1; |
| 624 | } | ||
| 625 | #endif | ||
| 626 | } | 598 | } |
| 599 | #endif | ||
| 600 | } | ||
| 627 | if (fatal) | 601 | if (fatal) |
| 628 | return -1; | 602 | return -1; |
| 629 | else | 603 | else |
| 630 | return 0; | 604 | return 0; |
| 631 | } | 605 | } |
| 632 | 606 | ||
| 633 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | 607 | int |
| 634 | { | 608 | SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 635 | int ret=0; | 609 | { |
| 610 | int ret = 0; | ||
| 636 | SSL_SESSION *s; | 611 | SSL_SESSION *s; |
| 637 | 612 | ||
| 638 | /* add just 1 reference count for the SSL_CTX's session cache | 613 | /* add just 1 reference count for the SSL_CTX's session cache |
| 639 | * even though it has two ways of access: each session is in a | 614 | * even though it has two ways of access: each session is in a |
| 640 | * doubly linked list and an lhash */ | 615 | * doubly linked list and an lhash */ |
| 641 | CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); | 616 | CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 642 | /* if session c is in already in cache, we take back the increment later */ | 617 | /* if session c is in already in cache, we take back the increment later */ |
| 643 | 618 | ||
| 644 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 619 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 645 | s=lh_SSL_SESSION_insert(ctx->sessions,c); | 620 | s = lh_SSL_SESSION_insert(ctx->sessions, c); |
| 646 | 621 | ||
| 647 | /* s != NULL iff we already had a session with the given PID. | 622 | /* s != NULL iff we already had a session with the given PID. |
| 648 | * In this case, s == c should hold (then we did not really modify | 623 | * In this case, s == c should hold (then we did not really modify |
| 649 | * ctx->sessions), or we're in trouble. */ | 624 | * ctx->sessions), or we're in trouble. */ |
| 650 | if (s != NULL && s != c) | 625 | if (s != NULL && s != c) { |
| 651 | { | ||
| 652 | /* We *are* in trouble ... */ | 626 | /* We *are* in trouble ... */ |
| 653 | SSL_SESSION_list_remove(ctx,s); | 627 | SSL_SESSION_list_remove(ctx, s); |
| 654 | SSL_SESSION_free(s); | 628 | SSL_SESSION_free(s); |
| 655 | /* ... so pretend the other session did not exist in cache | 629 | /* ... so pretend the other session did not exist in cache |
| 656 | * (we cannot handle two SSL_SESSION structures with identical | 630 | * (we cannot handle two SSL_SESSION structures with identical |
| @@ -658,114 +632,117 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | |||
| 658 | * two threads concurrently obtain the same session from an external | 632 | * two threads concurrently obtain the same session from an external |
| 659 | * cache) */ | 633 | * cache) */ |
| 660 | s = NULL; | 634 | s = NULL; |
| 661 | } | 635 | } |
| 662 | 636 | ||
| 663 | /* Put at the head of the queue unless it is already in the cache */ | 637 | /* Put at the head of the queue unless it is already in the cache */ |
| 664 | if (s == NULL) | 638 | if (s == NULL) |
| 665 | SSL_SESSION_list_add(ctx,c); | 639 | SSL_SESSION_list_add(ctx, c); |
| 666 | 640 | ||
| 667 | if (s != NULL) | 641 | if (s != NULL) { |
| 668 | { | ||
| 669 | /* existing cache entry -- decrement previously incremented reference | 642 | /* existing cache entry -- decrement previously incremented reference |
| 670 | * count because it already takes into account the cache */ | 643 | * count because it already takes into account the cache */ |
| 671 | 644 | ||
| 672 | SSL_SESSION_free(s); /* s == c */ | 645 | SSL_SESSION_free(s); /* s == c */ |
| 673 | ret=0; | 646 | ret = 0; |
| 674 | } | 647 | } else { |
| 675 | else | ||
| 676 | { | ||
| 677 | /* new cache entry -- remove old ones if cache has become too large */ | 648 | /* new cache entry -- remove old ones if cache has become too large */ |
| 678 | |||
| 679 | ret=1; | ||
| 680 | 649 | ||
| 681 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) | 650 | ret = 1; |
| 682 | { | 651 | |
| 652 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) { | ||
| 683 | while (SSL_CTX_sess_number(ctx) > | 653 | while (SSL_CTX_sess_number(ctx) > |
| 684 | SSL_CTX_sess_get_cache_size(ctx)) | 654 | SSL_CTX_sess_get_cache_size(ctx)) { |
| 685 | { | ||
| 686 | if (!remove_session_lock(ctx, | 655 | if (!remove_session_lock(ctx, |
| 687 | ctx->session_cache_tail, 0)) | 656 | ctx->session_cache_tail, 0)) |
| 688 | break; | 657 | break; |
| 689 | else | 658 | else |
| 690 | ctx->stats.sess_cache_full++; | 659 | ctx->stats.sess_cache_full++; |
| 691 | } | ||
| 692 | } | 660 | } |
| 693 | } | 661 | } |
| 694 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 695 | return(ret); | ||
| 696 | } | 662 | } |
| 663 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 664 | return (ret); | ||
| 665 | } | ||
| 697 | 666 | ||
| 698 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | 667 | int |
| 668 | SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
| 699 | { | 669 | { |
| 700 | return remove_session_lock(ctx, c, 1); | 670 | return remove_session_lock(ctx, c, 1); |
| 701 | } | 671 | } |
| 702 | 672 | ||
| 703 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | 673 | static int |
| 704 | { | 674 | remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) |
| 675 | { | ||
| 705 | SSL_SESSION *r; | 676 | SSL_SESSION *r; |
| 706 | int ret=0; | 677 | int ret = 0; |
| 707 | 678 | ||
| 708 | if ((c != NULL) && (c->session_id_length != 0)) | 679 | if ((c != NULL) && (c->session_id_length != 0)) { |
| 709 | { | 680 | if (lck) |
| 710 | if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 681 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 711 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c) | 682 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { |
| 712 | { | 683 | ret = 1; |
| 713 | ret=1; | 684 | r = lh_SSL_SESSION_delete(ctx->sessions, c); |
| 714 | r=lh_SSL_SESSION_delete(ctx->sessions,c); | 685 | SSL_SESSION_list_remove(ctx, c); |
| 715 | SSL_SESSION_list_remove(ctx,c); | 686 | } |
| 716 | } | ||
| 717 | 687 | ||
| 718 | if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 688 | if (lck) |
| 689 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 719 | 690 | ||
| 720 | if (ret) | 691 | if (ret) { |
| 721 | { | 692 | r->not_resumable = 1; |
| 722 | r->not_resumable=1; | ||
| 723 | if (ctx->remove_session_cb != NULL) | 693 | if (ctx->remove_session_cb != NULL) |
| 724 | ctx->remove_session_cb(ctx,r); | 694 | ctx->remove_session_cb(ctx, r); |
| 725 | SSL_SESSION_free(r); | 695 | SSL_SESSION_free(r); |
| 726 | } | ||
| 727 | } | 696 | } |
| 728 | else | 697 | } else |
| 729 | ret=0; | 698 | ret = 0; |
| 730 | return(ret); | 699 | return (ret); |
| 731 | } | 700 | } |
| 732 | 701 | ||
| 733 | void SSL_SESSION_free(SSL_SESSION *ss) | 702 | void |
| 734 | { | 703 | SSL_SESSION_free(SSL_SESSION *ss) |
| 704 | { | ||
| 735 | int i; | 705 | int i; |
| 736 | 706 | ||
| 737 | if(ss == NULL) | 707 | if (ss == NULL) |
| 738 | return; | 708 | return; |
| 739 | 709 | ||
| 740 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); | 710 | i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); |
| 741 | #ifdef REF_PRINT | 711 | #ifdef REF_PRINT |
| 742 | REF_PRINT("SSL_SESSION",ss); | 712 | REF_PRINT("SSL_SESSION", ss); |
| 743 | #endif | 713 | #endif |
| 744 | if (i > 0) return; | 714 | if (i > 0) |
| 715 | return; | ||
| 745 | #ifdef REF_CHECK | 716 | #ifdef REF_CHECK |
| 746 | if (i < 0) | 717 | if (i < 0) { |
| 747 | { | 718 | fprintf(stderr, "SSL_SESSION_free, bad reference count\n"); |
| 748 | fprintf(stderr,"SSL_SESSION_free, bad reference count\n"); | ||
| 749 | abort(); /* ok */ | 719 | abort(); /* ok */ |
| 750 | } | 720 | } |
| 751 | #endif | 721 | #endif |
| 752 | 722 | ||
| 753 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 723 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 754 | 724 | ||
| 755 | OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg); | 725 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); |
| 756 | OPENSSL_cleanse(ss->master_key,sizeof ss->master_key); | 726 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 757 | OPENSSL_cleanse(ss->session_id,sizeof ss->session_id); | 727 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 758 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); | 728 | if (ss->sess_cert != NULL) |
| 759 | if (ss->peer != NULL) X509_free(ss->peer); | 729 | ssl_sess_cert_free(ss->sess_cert); |
| 760 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); | 730 | if (ss->peer != NULL) |
| 731 | X509_free(ss->peer); | ||
| 732 | if (ss->ciphers != NULL) | ||
| 733 | sk_SSL_CIPHER_free(ss->ciphers); | ||
| 761 | #ifndef OPENSSL_NO_TLSEXT | 734 | #ifndef OPENSSL_NO_TLSEXT |
| 762 | if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); | 735 | if (ss->tlsext_hostname != NULL) |
| 763 | if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); | 736 | OPENSSL_free(ss->tlsext_hostname); |
| 737 | if (ss->tlsext_tick != NULL) | ||
| 738 | OPENSSL_free(ss->tlsext_tick); | ||
| 764 | #ifndef OPENSSL_NO_EC | 739 | #ifndef OPENSSL_NO_EC |
| 765 | ss->tlsext_ecpointformatlist_length = 0; | 740 | ss->tlsext_ecpointformatlist_length = 0; |
| 766 | if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist); | 741 | if (ss->tlsext_ecpointformatlist != NULL) |
| 742 | OPENSSL_free(ss->tlsext_ecpointformatlist); | ||
| 767 | ss->tlsext_ellipticcurvelist_length = 0; | 743 | ss->tlsext_ellipticcurvelist_length = 0; |
| 768 | if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist); | 744 | if (ss->tlsext_ellipticcurvelist != NULL) |
| 745 | OPENSSL_free(ss->tlsext_ellipticcurvelist); | ||
| 769 | #endif /* OPENSSL_NO_EC */ | 746 | #endif /* OPENSSL_NO_EC */ |
| 770 | #endif | 747 | #endif |
| 771 | #ifndef OPENSSL_NO_PSK | 748 | #ifndef OPENSSL_NO_PSK |
| @@ -778,382 +755,389 @@ void SSL_SESSION_free(SSL_SESSION *ss) | |||
| 778 | if (ss->srp_username != NULL) | 755 | if (ss->srp_username != NULL) |
| 779 | OPENSSL_free(ss->srp_username); | 756 | OPENSSL_free(ss->srp_username); |
| 780 | #endif | 757 | #endif |
| 781 | OPENSSL_cleanse(ss,sizeof(*ss)); | 758 | OPENSSL_cleanse(ss, sizeof(*ss)); |
| 782 | OPENSSL_free(ss); | 759 | OPENSSL_free(ss); |
| 783 | } | 760 | } |
| 784 | 761 | ||
| 785 | int SSL_set_session(SSL *s, SSL_SESSION *session) | 762 | int |
| 786 | { | 763 | SSL_set_session(SSL *s, SSL_SESSION *session) |
| 787 | int ret=0; | 764 | { |
| 765 | int ret = 0; | ||
| 788 | const SSL_METHOD *meth; | 766 | const SSL_METHOD *meth; |
| 789 | 767 | ||
| 790 | if (session != NULL) | 768 | if (session != NULL) { |
| 791 | { | 769 | meth = s->ctx->method->get_ssl_method(session->ssl_version); |
| 792 | meth=s->ctx->method->get_ssl_method(session->ssl_version); | ||
| 793 | if (meth == NULL) | 770 | if (meth == NULL) |
| 794 | meth=s->method->get_ssl_method(session->ssl_version); | 771 | meth = s->method->get_ssl_method(session->ssl_version); |
| 795 | if (meth == NULL) | 772 | if (meth == NULL) { |
| 796 | { | 773 | SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); |
| 797 | SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD); | 774 | return (0); |
| 798 | return(0); | 775 | } |
| 799 | } | ||
| 800 | 776 | ||
| 801 | if (meth != s->method) | 777 | if (meth != s->method) { |
| 802 | { | 778 | if (!SSL_set_ssl_method(s, meth)) |
| 803 | if (!SSL_set_ssl_method(s,meth)) | 779 | return (0); |
| 804 | return(0); | 780 | } |
| 805 | } | ||
| 806 | 781 | ||
| 807 | #ifndef OPENSSL_NO_KRB5 | 782 | #ifndef OPENSSL_NO_KRB5 |
| 808 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | 783 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && |
| 809 | session->krb5_client_princ_len > 0) | 784 | session->krb5_client_princ_len > 0) { |
| 810 | { | 785 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); |
| 811 | s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1); | 786 | memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, |
| 812 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | 787 | session->krb5_client_princ_len); |
| 813 | session->krb5_client_princ_len); | 788 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; |
| 814 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | 789 | } |
| 815 | } | ||
| 816 | #endif /* OPENSSL_NO_KRB5 */ | 790 | #endif /* OPENSSL_NO_KRB5 */ |
| 817 | 791 | ||
| 818 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | 792 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ |
| 819 | CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); | 793 | CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| 820 | if (s->session != NULL) | 794 | if (s->session != NULL) |
| 821 | SSL_SESSION_free(s->session); | 795 | SSL_SESSION_free(s->session); |
| 822 | s->session=session; | 796 | s->session = session; |
| 823 | s->verify_result = s->session->verify_result; | 797 | s->verify_result = s->session->verify_result; |
| 824 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | 798 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ |
| 825 | ret=1; | 799 | ret = 1; |
| 826 | } | 800 | } else { |
| 827 | else | 801 | if (s->session != NULL) { |
| 828 | { | ||
| 829 | if (s->session != NULL) | ||
| 830 | { | ||
| 831 | SSL_SESSION_free(s->session); | 802 | SSL_SESSION_free(s->session); |
| 832 | s->session=NULL; | 803 | s->session = NULL; |
| 833 | } | 804 | } |
| 834 | 805 | ||
| 835 | meth=s->ctx->method; | 806 | meth = s->ctx->method; |
| 836 | if (meth != s->method) | 807 | if (meth != s->method) { |
| 837 | { | 808 | if (!SSL_set_ssl_method(s, meth)) |
| 838 | if (!SSL_set_ssl_method(s,meth)) | 809 | return (0); |
| 839 | return(0); | ||
| 840 | } | ||
| 841 | ret=1; | ||
| 842 | } | 810 | } |
| 843 | return(ret); | 811 | ret = 1; |
| 844 | } | 812 | } |
| 813 | return (ret); | ||
| 814 | } | ||
| 845 | 815 | ||
| 846 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) | 816 | long |
| 847 | { | 817 | SSL_SESSION_set_timeout(SSL_SESSION *s, long t) |
| 848 | if (s == NULL) return(0); | 818 | { |
| 849 | s->timeout=t; | 819 | if (s == NULL) |
| 850 | return(1); | 820 | return (0); |
| 851 | } | 821 | s->timeout = t; |
| 822 | return (1); | ||
| 823 | } | ||
| 852 | 824 | ||
| 853 | long SSL_SESSION_get_timeout(const SSL_SESSION *s) | 825 | long |
| 854 | { | 826 | SSL_SESSION_get_timeout(const SSL_SESSION *s) |
| 855 | if (s == NULL) return(0); | 827 | { |
| 856 | return(s->timeout); | 828 | if (s == NULL) |
| 857 | } | 829 | return (0); |
| 830 | return (s->timeout); | ||
| 831 | } | ||
| 858 | 832 | ||
| 859 | long SSL_SESSION_get_time(const SSL_SESSION *s) | 833 | long |
| 860 | { | 834 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 861 | if (s == NULL) return(0); | 835 | { |
| 862 | return(s->time); | 836 | if (s == NULL) |
| 863 | } | 837 | return (0); |
| 838 | return (s->time); | ||
| 839 | } | ||
| 864 | 840 | ||
| 865 | long SSL_SESSION_set_time(SSL_SESSION *s, long t) | 841 | long |
| 866 | { | 842 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 867 | if (s == NULL) return(0); | 843 | { |
| 868 | s->time=t; | 844 | if (s == NULL) |
| 869 | return(t); | 845 | return (0); |
| 870 | } | 846 | s->time = t; |
| 847 | return (t); | ||
| 848 | } | ||
| 871 | 849 | ||
| 872 | X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) | 850 | X509 |
| 873 | { | 851 | *SSL_SESSION_get0_peer(SSL_SESSION *s) |
| 852 | { | ||
| 874 | return s->peer; | 853 | return s->peer; |
| 875 | } | 854 | } |
| 876 | 855 | ||
| 877 | int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, | 856 | int |
| 878 | unsigned int sid_ctx_len) | 857 | SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, |
| 879 | { | 858 | unsigned int sid_ctx_len) |
| 880 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | 859 | { |
| 881 | { | 860 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { |
| 882 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | 861 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); |
| 883 | return 0; | 862 | return 0; |
| 884 | } | 863 | } |
| 885 | s->sid_ctx_length=sid_ctx_len; | 864 | s->sid_ctx_length = sid_ctx_len; |
| 886 | memcpy(s->sid_ctx,sid_ctx,sid_ctx_len); | 865 | memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); |
| 887 | 866 | ||
| 888 | return 1; | 867 | return 1; |
| 889 | } | 868 | } |
| 890 | 869 | ||
| 891 | long SSL_CTX_set_timeout(SSL_CTX *s, long t) | 870 | long |
| 892 | { | 871 | SSL_CTX_set_timeout(SSL_CTX *s, long t) |
| 872 | { | ||
| 893 | long l; | 873 | long l; |
| 894 | if (s == NULL) return(0); | 874 | if (s == NULL) |
| 895 | l=s->session_timeout; | 875 | return (0); |
| 896 | s->session_timeout=t; | 876 | l = s->session_timeout; |
| 897 | return(l); | 877 | s->session_timeout = t; |
| 898 | } | 878 | return (l); |
| 879 | } | ||
| 899 | 880 | ||
| 900 | long SSL_CTX_get_timeout(const SSL_CTX *s) | 881 | long |
| 901 | { | 882 | SSL_CTX_get_timeout(const SSL_CTX *s) |
| 902 | if (s == NULL) return(0); | 883 | { |
| 903 | return(s->session_timeout); | 884 | if (s == NULL) |
| 904 | } | 885 | return (0); |
| 886 | return (s->session_timeout); | ||
| 887 | } | ||
| 905 | 888 | ||
| 906 | #ifndef OPENSSL_NO_TLSEXT | 889 | #ifndef OPENSSL_NO_TLSEXT |
| 907 | int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, | 890 | int |
| 908 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) | 891 | SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len, |
| 909 | { | 892 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg) |
| 910 | if (s == NULL) return(0); | 893 | { |
| 894 | if (s == NULL) | ||
| 895 | return (0); | ||
| 911 | s->tls_session_secret_cb = tls_session_secret_cb; | 896 | s->tls_session_secret_cb = tls_session_secret_cb; |
| 912 | s->tls_session_secret_cb_arg = arg; | 897 | s->tls_session_secret_cb_arg = arg; |
| 913 | return(1); | 898 | return (1); |
| 914 | } | 899 | } |
| 915 | 900 | ||
| 916 | int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | 901 | int |
| 917 | void *arg) | 902 | SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, |
| 918 | { | 903 | void *arg) |
| 919 | if (s == NULL) return(0); | 904 | { |
| 905 | if (s == NULL) | ||
| 906 | return (0); | ||
| 920 | s->tls_session_ticket_ext_cb = cb; | 907 | s->tls_session_ticket_ext_cb = cb; |
| 921 | s->tls_session_ticket_ext_cb_arg = arg; | 908 | s->tls_session_ticket_ext_cb_arg = arg; |
| 922 | return(1); | 909 | return (1); |
| 923 | } | 910 | } |
| 924 | 911 | ||
| 925 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) | 912 | int |
| 926 | { | 913 | SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) |
| 927 | if (s->version >= TLS1_VERSION) | 914 | { |
| 928 | { | 915 | if (s->version >= TLS1_VERSION) { |
| 929 | if (s->tlsext_session_ticket) | 916 | if (s->tlsext_session_ticket) { |
| 930 | { | ||
| 931 | OPENSSL_free(s->tlsext_session_ticket); | 917 | OPENSSL_free(s->tlsext_session_ticket); |
| 932 | s->tlsext_session_ticket = NULL; | 918 | s->tlsext_session_ticket = NULL; |
| 933 | } | 919 | } |
| 934 | 920 | ||
| 935 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); | 921 | s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); |
| 936 | if (!s->tlsext_session_ticket) | 922 | if (!s->tlsext_session_ticket) { |
| 937 | { | ||
| 938 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); | 923 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); |
| 939 | return 0; | 924 | return 0; |
| 940 | } | 925 | } |
| 941 | 926 | ||
| 942 | if (ext_data) | 927 | if (ext_data) { |
| 943 | { | ||
| 944 | s->tlsext_session_ticket->length = ext_len; | 928 | s->tlsext_session_ticket->length = ext_len; |
| 945 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; | 929 | s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1; |
| 946 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); | 930 | memcpy(s->tlsext_session_ticket->data, ext_data, ext_len); |
| 947 | } | 931 | } else { |
| 948 | else | ||
| 949 | { | ||
| 950 | s->tlsext_session_ticket->length = 0; | 932 | s->tlsext_session_ticket->length = 0; |
| 951 | s->tlsext_session_ticket->data = NULL; | 933 | s->tlsext_session_ticket->data = NULL; |
| 952 | } | 934 | } |
| 953 | 935 | ||
| 954 | return 1; | 936 | return 1; |
| 955 | } | 937 | } |
| 956 | 938 | ||
| 957 | return 0; | 939 | return 0; |
| 958 | } | 940 | } |
| 959 | #endif /* OPENSSL_NO_TLSEXT */ | 941 | #endif /* OPENSSL_NO_TLSEXT */ |
| 960 | 942 | ||
| 961 | typedef struct timeout_param_st | 943 | typedef struct timeout_param_st { |
| 962 | { | ||
| 963 | SSL_CTX *ctx; | 944 | SSL_CTX *ctx; |
| 964 | long time; | 945 | long time; |
| 965 | LHASH_OF(SSL_SESSION) *cache; | 946 | LHASH_OF(SSL_SESSION) *cache; |
| 966 | } TIMEOUT_PARAM; | 947 | } TIMEOUT_PARAM; |
| 967 | 948 | ||
| 968 | static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 949 | static void |
| 969 | { | 950 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 951 | { | ||
| 970 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 952 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ |
| 971 | { | 953 | { |
| 972 | /* The reason we don't call SSL_CTX_remove_session() is to | 954 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 973 | * save on locking overhead */ | 955 | * save on locking overhead */ |
| 974 | (void)lh_SSL_SESSION_delete(p->cache,s); | 956 | (void)lh_SSL_SESSION_delete(p->cache, s); |
| 975 | SSL_SESSION_list_remove(p->ctx,s); | 957 | SSL_SESSION_list_remove(p->ctx, s); |
| 976 | s->not_resumable=1; | 958 | s->not_resumable = 1; |
| 977 | if (p->ctx->remove_session_cb != NULL) | 959 | if (p->ctx->remove_session_cb != NULL) |
| 978 | p->ctx->remove_session_cb(p->ctx,s); | 960 | p->ctx->remove_session_cb(p->ctx, s); |
| 979 | SSL_SESSION_free(s); | 961 | SSL_SESSION_free(s); |
| 980 | } | ||
| 981 | } | 962 | } |
| 963 | } | ||
| 982 | 964 | ||
| 983 | static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 965 | static |
| 966 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | ||
| 984 | 967 | ||
| 985 | void SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 968 | void |
| 986 | { | 969 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 970 | { | ||
| 987 | unsigned long i; | 971 | unsigned long i; |
| 988 | TIMEOUT_PARAM tp; | 972 | TIMEOUT_PARAM tp; |
| 989 | 973 | ||
| 990 | tp.ctx=s; | 974 | tp.ctx = s; |
| 991 | tp.cache=s->sessions; | 975 | tp.cache = s->sessions; |
| 992 | if (tp.cache == NULL) return; | 976 | if (tp.cache == NULL) |
| 993 | tp.time=t; | 977 | return; |
| 978 | tp.time = t; | ||
| 994 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 979 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 995 | i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | 980 | i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; |
| 996 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; | 981 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; |
| 997 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | 982 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), |
| 998 | TIMEOUT_PARAM, &tp); | 983 | TIMEOUT_PARAM, &tp); |
| 999 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; | 984 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; |
| 1000 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 985 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 1001 | } | 986 | } |
| 1002 | 987 | ||
| 1003 | int ssl_clear_bad_session(SSL *s) | 988 | int |
| 1004 | { | 989 | ssl_clear_bad_session(SSL *s) |
| 1005 | if ( (s->session != NULL) && | 990 | { |
| 991 | if ((s->session != NULL) && | ||
| 1006 | !(s->shutdown & SSL_SENT_SHUTDOWN) && | 992 | !(s->shutdown & SSL_SENT_SHUTDOWN) && |
| 1007 | !(SSL_in_init(s) || SSL_in_before(s))) | 993 | !(SSL_in_init(s) || SSL_in_before(s))) { |
| 1008 | { | 994 | SSL_CTX_remove_session(s->ctx, s->session); |
| 1009 | SSL_CTX_remove_session(s->ctx,s->session); | 995 | return (1); |
| 1010 | return(1); | 996 | } else |
| 1011 | } | 997 | return (0); |
| 1012 | else | 998 | } |
| 1013 | return(0); | ||
| 1014 | } | ||
| 1015 | 999 | ||
| 1016 | /* locked by SSL_CTX in the calling function */ | 1000 | /* locked by SSL_CTX in the calling function */ |
| 1017 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) | 1001 | static void |
| 1018 | { | 1002 | SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) |
| 1019 | if ((s->next == NULL) || (s->prev == NULL)) return; | 1003 | { |
| 1004 | if ((s->next == NULL) | ||
| 1005 | || (s->prev == NULL)) return; | ||
| 1020 | 1006 | ||
| 1021 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) | 1007 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) |
| 1022 | { /* last element in list */ | 1008 | { /* last element in list */ |
| 1023 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1009 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1024 | { /* only one element in list */ | 1010 | { /* only one element in list */ |
| 1025 | ctx->session_cache_head=NULL; | 1011 | ctx->session_cache_head = NULL; |
| 1026 | ctx->session_cache_tail=NULL; | 1012 | ctx->session_cache_tail = NULL; |
| 1027 | } | 1013 | } else { |
| 1028 | else | 1014 | ctx->session_cache_tail = s->prev; |
| 1029 | { | 1015 | s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1030 | ctx->session_cache_tail=s->prev; | ||
| 1031 | s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail); | ||
| 1032 | } | ||
| 1033 | } | 1016 | } |
| 1034 | else | 1017 | } else { |
| 1035 | { | ||
| 1036 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) | 1018 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) |
| 1037 | { /* first element in list */ | 1019 | { /* first element in list */ |
| 1038 | ctx->session_cache_head=s->next; | 1020 | ctx->session_cache_head = s->next; |
| 1039 | s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1021 | s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1040 | } | 1022 | } else |
| 1041 | else | 1023 | { /* middle of list */ |
| 1042 | { /* middle of list */ | 1024 | s->next->prev = s->prev; |
| 1043 | s->next->prev=s->prev; | 1025 | s->prev->next = s->next; |
| 1044 | s->prev->next=s->next; | ||
| 1045 | } | ||
| 1046 | } | 1026 | } |
| 1047 | s->prev=s->next=NULL; | ||
| 1048 | } | 1027 | } |
| 1028 | s->prev = s->next = NULL; | ||
| 1029 | } | ||
| 1049 | 1030 | ||
| 1050 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | 1031 | static void |
| 1051 | { | 1032 | SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) |
| 1033 | { | ||
| 1052 | if ((s->next != NULL) && (s->prev != NULL)) | 1034 | if ((s->next != NULL) && (s->prev != NULL)) |
| 1053 | SSL_SESSION_list_remove(ctx,s); | 1035 | SSL_SESSION_list_remove(ctx, s); |
| 1054 | 1036 | ||
| 1055 | if (ctx->session_cache_head == NULL) | 1037 | if (ctx->session_cache_head == NULL) { |
| 1056 | { | 1038 | ctx->session_cache_head = s; |
| 1057 | ctx->session_cache_head=s; | 1039 | ctx->session_cache_tail = s; |
| 1058 | ctx->session_cache_tail=s; | 1040 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1059 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | 1041 | s->next = (SSL_SESSION *)&(ctx->session_cache_tail); |
| 1060 | s->next=(SSL_SESSION *)&(ctx->session_cache_tail); | 1042 | } else { |
| 1061 | } | 1043 | s->next = ctx->session_cache_head; |
| 1062 | else | 1044 | s->next->prev = s; |
| 1063 | { | 1045 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); |
| 1064 | s->next=ctx->session_cache_head; | 1046 | ctx->session_cache_head = s; |
| 1065 | s->next->prev=s; | ||
| 1066 | s->prev=(SSL_SESSION *)&(ctx->session_cache_head); | ||
| 1067 | ctx->session_cache_head=s; | ||
| 1068 | } | ||
| 1069 | } | 1047 | } |
| 1048 | } | ||
| 1070 | 1049 | ||
| 1071 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | 1050 | void |
| 1072 | int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess)) | 1051 | SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, |
| 1073 | { | 1052 | int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { |
| 1074 | ctx->new_session_cb=cb; | 1053 | ctx->new_session_cb = cb; |
| 1075 | } | 1054 | } |
| 1076 | 1055 | ||
| 1077 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | 1056 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) |
| 1078 | { | 1057 | { |
| 1079 | return ctx->new_session_cb; | 1058 | return ctx->new_session_cb; |
| 1080 | } | 1059 | } |
| 1081 | 1060 | ||
| 1082 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | 1061 | void |
| 1083 | void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess)) | 1062 | SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, |
| 1084 | { | 1063 | void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) |
| 1085 | ctx->remove_session_cb=cb; | 1064 | { |
| 1086 | } | 1065 | ctx->remove_session_cb = cb; |
| 1066 | } | ||
| 1087 | 1067 | ||
| 1088 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess) | 1068 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) |
| 1089 | { | 1069 | { |
| 1090 | return ctx->remove_session_cb; | 1070 | return ctx->remove_session_cb; |
| 1091 | } | 1071 | } |
| 1092 | 1072 | ||
| 1093 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | 1073 | void |
| 1094 | SSL_SESSION *(*cb)(struct ssl_st *ssl, | 1074 | SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, |
| 1095 | unsigned char *data,int len,int *copy)) | 1075 | SSL_SESSION *(*cb)(struct ssl_st *ssl, |
| 1096 | { | 1076 | unsigned char *data, int len, int *copy)) |
| 1097 | ctx->get_session_cb=cb; | 1077 | { |
| 1098 | } | 1078 | ctx->get_session_cb = cb; |
| 1079 | } | ||
| 1099 | 1080 | ||
| 1100 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, | 1081 | SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, |
| 1101 | unsigned char *data,int len,int *copy) | 1082 | unsigned char *data, int len, int *copy) |
| 1102 | { | 1083 | { |
| 1103 | return ctx->get_session_cb; | 1084 | return ctx->get_session_cb; |
| 1104 | } | 1085 | } |
| 1105 | 1086 | ||
| 1106 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, | 1087 | void |
| 1107 | void (*cb)(const SSL *ssl,int type,int val)) | 1088 | SSL_CTX_set_info_callback(SSL_CTX *ctx, |
| 1108 | { | 1089 | void (*cb)(const SSL *ssl, int type, int val)) |
| 1109 | ctx->info_callback=cb; | 1090 | { |
| 1110 | } | 1091 | ctx->info_callback = cb; |
| 1092 | } | ||
| 1111 | 1093 | ||
| 1112 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val) | 1094 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) |
| 1113 | { | 1095 | { |
| 1114 | return ctx->info_callback; | 1096 | return ctx->info_callback; |
| 1115 | } | 1097 | } |
| 1116 | 1098 | ||
| 1117 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | 1099 | void |
| 1118 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | 1100 | SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, |
| 1119 | { | 1101 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) |
| 1120 | ctx->client_cert_cb=cb; | 1102 | { |
| 1121 | } | 1103 | ctx->client_cert_cb = cb; |
| 1104 | } | ||
| 1122 | 1105 | ||
| 1123 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) | 1106 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey) |
| 1124 | { | 1107 | { |
| 1125 | return ctx->client_cert_cb; | 1108 | return ctx->client_cert_cb; |
| 1126 | } | 1109 | } |
| 1127 | 1110 | ||
| 1128 | #ifndef OPENSSL_NO_ENGINE | 1111 | #ifndef OPENSSL_NO_ENGINE |
| 1129 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | 1112 | int |
| 1130 | { | 1113 | SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) |
| 1131 | if (!ENGINE_init(e)) | 1114 | { |
| 1132 | { | 1115 | if (!ENGINE_init(e)) { |
| 1133 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); | 1116 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB); |
| 1134 | return 0; | 1117 | return 0; |
| 1135 | } | 1118 | } |
| 1136 | if(!ENGINE_get_ssl_client_cert_function(e)) | 1119 | if (!ENGINE_get_ssl_client_cert_function(e)) { |
| 1137 | { | ||
| 1138 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); | 1120 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD); |
| 1139 | ENGINE_finish(e); | 1121 | ENGINE_finish(e); |
| 1140 | return 0; | 1122 | return 0; |
| 1141 | } | 1123 | } |
| 1142 | ctx->client_cert_engine = e; | 1124 | ctx->client_cert_engine = e; |
| 1143 | return 1; | 1125 | return 1; |
| 1144 | } | 1126 | } |
| 1145 | #endif | 1127 | #endif |
| 1146 | 1128 | ||
| 1147 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | 1129 | void |
| 1148 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | 1130 | SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, |
| 1149 | { | 1131 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) |
| 1150 | ctx->app_gen_cookie_cb=cb; | 1132 | { |
| 1151 | } | 1133 | ctx->app_gen_cookie_cb = cb; |
| 1134 | } | ||
| 1152 | 1135 | ||
| 1153 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | 1136 | void |
| 1154 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | 1137 | SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, |
| 1155 | { | 1138 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) |
| 1156 | ctx->app_verify_cookie_cb=cb; | 1139 | { |
| 1157 | } | 1140 | ctx->app_verify_cookie_cb = cb; |
| 1141 | } | ||
| 1158 | 1142 | ||
| 1159 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) | 1143 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) |
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c index 144b81e55f..3d9371cdd7 100644 --- a/src/lib/libssl/ssl_stat.c +++ b/src/lib/libssl/ssl_stat.c | |||
| @@ -85,311 +85,533 @@ | |||
| 85 | #include <stdio.h> | 85 | #include <stdio.h> |
| 86 | #include "ssl_locl.h" | 86 | #include "ssl_locl.h" |
| 87 | 87 | ||
| 88 | const char *SSL_state_string_long(const SSL *s) | 88 | const char |
| 89 | { | 89 | *SSL_state_string_long(const SSL *s) |
| 90 | { | ||
| 90 | const char *str; | 91 | const char *str; |
| 91 | 92 | ||
| 92 | switch (s->state) | 93 | switch (s->state) { |
| 93 | { | 94 | case SSL_ST_BEFORE: |
| 94 | case SSL_ST_BEFORE: str="before SSL initialization"; break; | 95 | str="before SSL initialization"; break; |
| 95 | case SSL_ST_ACCEPT: str="before accept initialization"; break; | 96 | case SSL_ST_ACCEPT: |
| 96 | case SSL_ST_CONNECT: str="before connect initialization"; break; | 97 | str="before accept initialization"; break; |
| 97 | case SSL_ST_OK: str="SSL negotiation finished successfully"; break; | 98 | case SSL_ST_CONNECT: |
| 98 | case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; | 99 | str="before connect initialization"; break; |
| 99 | case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; | 100 | case SSL_ST_OK: |
| 100 | case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; | 101 | str="SSL negotiation finished successfully"; break; |
| 101 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; | 102 | case SSL_ST_RENEGOTIATE: |
| 102 | case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; | 103 | str="SSL renegotiate ciphers"; break; |
| 104 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 105 | str="before/connect initialization"; break; | ||
| 106 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 107 | str="ok/connect SSL initialization"; break; | ||
| 108 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 109 | str="before/accept initialization"; break; | ||
| 110 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 111 | str="ok/accept SSL initialization"; break; | ||
| 103 | #ifndef OPENSSL_NO_SSL2 | 112 | #ifndef OPENSSL_NO_SSL2 |
| 104 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; | 113 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 105 | case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; | 114 | str="SSLv2 client start encryption"; break; |
| 106 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; | 115 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 107 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break; | 116 | str="SSLv2 server start encryption"; break; |
| 108 | case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break; | 117 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 109 | case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break; | 118 | str="SSLv2 write client hello A"; break; |
| 110 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break; | 119 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 111 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break; | 120 | str="SSLv2 write client hello B"; break; |
| 112 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break; | 121 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 113 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break; | 122 | str="SSLv2 read server hello A"; break; |
| 114 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break; | 123 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 115 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break; | 124 | str="SSLv2 read server hello B"; break; |
| 116 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break; | 125 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 117 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break; | 126 | str="SSLv2 write client master key A"; break; |
| 118 | case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break; | 127 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 119 | case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break; | 128 | str="SSLv2 write client master key B"; break; |
| 120 | case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break; | 129 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 121 | case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break; | 130 | str="SSLv2 write client finished A"; break; |
| 122 | case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break; | 131 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 123 | case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break; | 132 | str="SSLv2 write client finished B"; break; |
| 124 | case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break; | 133 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 125 | case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break; | 134 | str="SSLv2 write client certificate A"; break; |
| 126 | case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break; | 135 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 127 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break; | 136 | str="SSLv2 write client certificate B"; break; |
| 128 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break; | 137 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 129 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break; | 138 | str="SSLv2 write client certificate C"; break; |
| 130 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break; | 139 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 131 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break; | 140 | str="SSLv2 write client certificate D"; break; |
| 132 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break; | 141 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 133 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break; | 142 | str="SSLv2 read server verify A"; break; |
| 134 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break; | 143 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 135 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break; | 144 | str="SSLv2 read server verify B"; break; |
| 136 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break; | 145 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 137 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break; | 146 | str="SSLv2 read server finished A"; break; |
| 138 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break; | 147 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 139 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break; | 148 | str="SSLv2 read server finished B"; break; |
| 140 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break; | 149 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 141 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; | 150 | str="SSLv2 read client hello A"; break; |
| 151 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 152 | str="SSLv2 read client hello B"; break; | ||
| 153 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 154 | str="SSLv2 read client hello C"; break; | ||
| 155 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 156 | str="SSLv2 write server hello A"; break; | ||
| 157 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 158 | str="SSLv2 write server hello B"; break; | ||
| 159 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 160 | str="SSLv2 read client master key A"; break; | ||
| 161 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 162 | str="SSLv2 read client master key B"; break; | ||
| 163 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 164 | str="SSLv2 write server verify A"; break; | ||
| 165 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 166 | str="SSLv2 write server verify B"; break; | ||
| 167 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 168 | str="SSLv2 write server verify C"; break; | ||
| 169 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 170 | str="SSLv2 read client finished A"; break; | ||
| 171 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 172 | str="SSLv2 read client finished B"; break; | ||
| 173 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 174 | str="SSLv2 write server finished A"; break; | ||
| 175 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 176 | str="SSLv2 write server finished B"; break; | ||
| 177 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 178 | str="SSLv2 write request certificate A"; break; | ||
| 179 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 180 | str="SSLv2 write request certificate B"; break; | ||
| 181 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 182 | str="SSLv2 write request certificate C"; break; | ||
| 183 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 184 | str="SSLv2 write request certificate D"; break; | ||
| 185 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 186 | str="SSLv2 X509 read server certificate"; break; | ||
| 187 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 188 | str="SSLv2 X509 read client certificate"; break; | ||
| 142 | #endif | 189 | #endif |
| 143 | 190 | ||
| 144 | #ifndef OPENSSL_NO_SSL3 | 191 | #ifndef OPENSSL_NO_SSL3 |
| 145 | /* SSLv3 additions */ | 192 | /* SSLv3 additions */ |
| 146 | case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; | 193 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 147 | case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; | 194 | str="SSLv3 write client hello A"; break; |
| 148 | case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break; | 195 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 149 | case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break; | 196 | str="SSLv3 write client hello B"; break; |
| 150 | case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break; | 197 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 151 | case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break; | 198 | str="SSLv3 read server hello A"; break; |
| 152 | case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break; | 199 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 153 | case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break; | 200 | str="SSLv3 read server hello B"; break; |
| 154 | case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break; | 201 | case SSL3_ST_CR_CERT_A: |
| 155 | case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break; | 202 | str="SSLv3 read server certificate A"; break; |
| 156 | case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break; | 203 | case SSL3_ST_CR_CERT_B: |
| 157 | case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break; | 204 | str="SSLv3 read server certificate B"; break; |
| 158 | case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | 205 | case SSL3_ST_CR_KEY_EXCH_A: |
| 159 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | 206 | str="SSLv3 read server key exchange A"; break; |
| 160 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | 207 | case SSL3_ST_CR_KEY_EXCH_B: |
| 161 | case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; | 208 | str="SSLv3 read server key exchange B"; break; |
| 162 | case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; | 209 | case SSL3_ST_CR_CERT_REQ_A: |
| 163 | case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; | 210 | str="SSLv3 read server certificate request A"; break; |
| 164 | case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; | 211 | case SSL3_ST_CR_CERT_REQ_B: |
| 165 | case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; | 212 | str="SSLv3 read server certificate request B"; break; |
| 166 | case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; | 213 | case SSL3_ST_CR_SESSION_TICKET_A: |
| 167 | case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; | 214 | str="SSLv3 read server session ticket A";break; |
| 215 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 216 | str="SSLv3 read server session ticket B";break; | ||
| 217 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 218 | str="SSLv3 read server done A"; break; | ||
| 219 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 220 | str="SSLv3 read server done B"; break; | ||
| 221 | case SSL3_ST_CW_CERT_A: | ||
| 222 | str="SSLv3 write client certificate A"; break; | ||
| 223 | case SSL3_ST_CW_CERT_B: | ||
| 224 | str="SSLv3 write client certificate B"; break; | ||
| 225 | case SSL3_ST_CW_CERT_C: | ||
| 226 | str="SSLv3 write client certificate C"; break; | ||
| 227 | case SSL3_ST_CW_CERT_D: | ||
| 228 | str="SSLv3 write client certificate D"; break; | ||
| 229 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 230 | str="SSLv3 write client key exchange A"; break; | ||
| 231 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 232 | str="SSLv3 write client key exchange B"; break; | ||
| 233 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 234 | str="SSLv3 write certificate verify A"; break; | ||
| 235 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 236 | str="SSLv3 write certificate verify B"; break; | ||
| 168 | 237 | ||
| 169 | case SSL3_ST_CW_CHANGE_A: | 238 | case SSL3_ST_CW_CHANGE_A: |
| 170 | case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; | 239 | case SSL3_ST_SW_CHANGE_A: |
| 171 | case SSL3_ST_CW_CHANGE_B: | 240 | str="SSLv3 write change cipher spec A"; break; |
| 172 | case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; | 241 | case SSL3_ST_CW_CHANGE_B: |
| 173 | case SSL3_ST_CW_FINISHED_A: | 242 | case SSL3_ST_SW_CHANGE_B: |
| 174 | case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; | 243 | str="SSLv3 write change cipher spec B"; break; |
| 175 | case SSL3_ST_CW_FINISHED_B: | 244 | case SSL3_ST_CW_FINISHED_A: |
| 176 | case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; | 245 | case SSL3_ST_SW_FINISHED_A: |
| 177 | case SSL3_ST_CR_CHANGE_A: | 246 | str="SSLv3 write finished A"; break; |
| 178 | case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; | 247 | case SSL3_ST_CW_FINISHED_B: |
| 179 | case SSL3_ST_CR_CHANGE_B: | 248 | case SSL3_ST_SW_FINISHED_B: |
| 180 | case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break; | 249 | str="SSLv3 write finished B"; break; |
| 181 | case SSL3_ST_CR_FINISHED_A: | 250 | case SSL3_ST_CR_CHANGE_A: |
| 182 | case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break; | 251 | case SSL3_ST_SR_CHANGE_A: |
| 183 | case SSL3_ST_CR_FINISHED_B: | 252 | str="SSLv3 read change cipher spec A"; break; |
| 184 | case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break; | 253 | case SSL3_ST_CR_CHANGE_B: |
| 254 | case SSL3_ST_SR_CHANGE_B: | ||
| 255 | str="SSLv3 read change cipher spec B"; break; | ||
| 256 | case SSL3_ST_CR_FINISHED_A: | ||
| 257 | case SSL3_ST_SR_FINISHED_A: | ||
| 258 | str="SSLv3 read finished A"; break; | ||
| 259 | case SSL3_ST_CR_FINISHED_B: | ||
| 260 | case SSL3_ST_SR_FINISHED_B: | ||
| 261 | str="SSLv3 read finished B"; break; | ||
| 185 | 262 | ||
| 186 | case SSL3_ST_CW_FLUSH: | 263 | case SSL3_ST_CW_FLUSH: |
| 187 | case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break; | 264 | case SSL3_ST_SW_FLUSH: |
| 265 | str="SSLv3 flush data"; break; | ||
| 188 | 266 | ||
| 189 | case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break; | 267 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 190 | case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break; | 268 | str="SSLv3 read client hello A"; break; |
| 191 | case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break; | 269 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 192 | case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break; | 270 | str="SSLv3 read client hello B"; break; |
| 193 | case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break; | 271 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 194 | case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break; | 272 | str="SSLv3 read client hello C"; break; |
| 195 | case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break; | 273 | case SSL3_ST_SW_HELLO_REQ_A: |
| 196 | case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break; | 274 | str="SSLv3 write hello request A"; break; |
| 197 | case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break; | 275 | case SSL3_ST_SW_HELLO_REQ_B: |
| 198 | case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break; | 276 | str="SSLv3 write hello request B"; break; |
| 199 | case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break; | 277 | case SSL3_ST_SW_HELLO_REQ_C: |
| 200 | case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break; | 278 | str="SSLv3 write hello request C"; break; |
| 201 | case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break; | 279 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 202 | case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break; | 280 | str="SSLv3 write server hello A"; break; |
| 203 | case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break; | 281 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 204 | case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break; | 282 | str="SSLv3 write server hello B"; break; |
| 205 | case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break; | 283 | case SSL3_ST_SW_CERT_A: |
| 206 | case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break; | 284 | str="SSLv3 write certificate A"; break; |
| 207 | case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break; | 285 | case SSL3_ST_SW_CERT_B: |
| 208 | case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break; | 286 | str="SSLv3 write certificate B"; break; |
| 209 | case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break; | 287 | case SSL3_ST_SW_KEY_EXCH_A: |
| 210 | case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break; | 288 | str="SSLv3 write key exchange A"; break; |
| 211 | case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; | 289 | case SSL3_ST_SW_KEY_EXCH_B: |
| 212 | case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; | 290 | str="SSLv3 write key exchange B"; break; |
| 291 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 292 | str="SSLv3 write certificate request A"; break; | ||
| 293 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 294 | str="SSLv3 write certificate request B"; break; | ||
| 295 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 296 | str="SSLv3 write session ticket A"; break; | ||
| 297 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 298 | str="SSLv3 write session ticket B"; break; | ||
| 299 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 300 | str="SSLv3 write server done A"; break; | ||
| 301 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 302 | str="SSLv3 write server done B"; break; | ||
| 303 | case SSL3_ST_SR_CERT_A: | ||
| 304 | str="SSLv3 read client certificate A"; break; | ||
| 305 | case SSL3_ST_SR_CERT_B: | ||
| 306 | str="SSLv3 read client certificate B"; break; | ||
| 307 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 308 | str="SSLv3 read client key exchange A"; break; | ||
| 309 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 310 | str="SSLv3 read client key exchange B"; break; | ||
| 311 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 312 | str="SSLv3 read certificate verify A"; break; | ||
| 313 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 314 | str="SSLv3 read certificate verify B"; break; | ||
| 213 | #endif | 315 | #endif |
| 214 | 316 | ||
| 215 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 317 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 216 | /* SSLv2/v3 compatibility states */ | 318 | /* SSLv2/v3 compatibility states */ |
| 217 | /* client */ | 319 | /* client */ |
| 218 | case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; | 320 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 219 | case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; | 321 | str="SSLv2/v3 write client hello A"; break; |
| 220 | case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break; | 322 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 221 | case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break; | 323 | str="SSLv2/v3 write client hello B"; break; |
| 324 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 325 | str="SSLv2/v3 read server hello A"; break; | ||
| 326 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 327 | str="SSLv2/v3 read server hello B"; break; | ||
| 222 | /* server */ | 328 | /* server */ |
| 223 | case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; | 329 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 224 | case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; | 330 | str="SSLv2/v3 read client hello A"; break; |
| 331 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 332 | str="SSLv2/v3 read client hello B"; break; | ||
| 225 | #endif | 333 | #endif |
| 226 | 334 | ||
| 227 | /* DTLS */ | 335 | /* DTLS */ |
| 228 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; | 336 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 229 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break; | 337 | str="DTLS1 read hello verify request A"; break; |
| 230 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break; | 338 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 231 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break; | 339 | str="DTLS1 read hello verify request B"; break; |
| 340 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 341 | str="DTLS1 write hello verify request A"; break; | ||
| 342 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 343 | str="DTLS1 write hello verify request B"; break; | ||
| 232 | 344 | ||
| 233 | default: str="unknown state"; break; | 345 | default: |
| 234 | } | 346 | str="unknown state"; break; |
| 235 | return(str); | ||
| 236 | } | 347 | } |
| 348 | return (str); | ||
| 349 | } | ||
| 237 | 350 | ||
| 238 | const char *SSL_rstate_string_long(const SSL *s) | 351 | const char |
| 239 | { | 352 | *SSL_rstate_string_long(const SSL *s) |
| 353 | { | ||
| 240 | const char *str; | 354 | const char *str; |
| 241 | 355 | ||
| 242 | switch (s->rstate) | 356 | switch (s->rstate) { |
| 243 | { | 357 | case SSL_ST_READ_HEADER: |
| 244 | case SSL_ST_READ_HEADER: str="read header"; break; | 358 | str="read header"; break; |
| 245 | case SSL_ST_READ_BODY: str="read body"; break; | 359 | case SSL_ST_READ_BODY: |
| 246 | case SSL_ST_READ_DONE: str="read done"; break; | 360 | str="read body"; break; |
| 247 | default: str="unknown"; break; | 361 | case SSL_ST_READ_DONE: |
| 248 | } | 362 | str="read done"; break; |
| 249 | return(str); | 363 | default: |
| 364 | str="unknown"; break; | ||
| 250 | } | 365 | } |
| 366 | return (str); | ||
| 367 | } | ||
| 251 | 368 | ||
| 252 | const char *SSL_state_string(const SSL *s) | 369 | const char |
| 253 | { | 370 | *SSL_state_string(const SSL *s) |
| 371 | { | ||
| 254 | const char *str; | 372 | const char *str; |
| 255 | 373 | ||
| 256 | switch (s->state) | 374 | switch (s->state) { |
| 257 | { | 375 | case SSL_ST_BEFORE: |
| 258 | case SSL_ST_BEFORE: str="PINIT "; break; | 376 | str="PINIT "; break; |
| 259 | case SSL_ST_ACCEPT: str="AINIT "; break; | 377 | case SSL_ST_ACCEPT: |
| 260 | case SSL_ST_CONNECT: str="CINIT "; break; | 378 | str="AINIT "; break; |
| 261 | case SSL_ST_OK: str="SSLOK "; break; | 379 | case SSL_ST_CONNECT: |
| 380 | str="CINIT "; break; | ||
| 381 | case SSL_ST_OK: | ||
| 382 | str="SSLOK "; break; | ||
| 262 | #ifndef OPENSSL_NO_SSL2 | 383 | #ifndef OPENSSL_NO_SSL2 |
| 263 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; | 384 | case SSL2_ST_CLIENT_START_ENCRYPTION: |
| 264 | case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; | 385 | str="2CSENC"; break; |
| 265 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; | 386 | case SSL2_ST_SERVER_START_ENCRYPTION: |
| 266 | case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break; | 387 | str="2SSENC"; break; |
| 267 | case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break; | 388 | case SSL2_ST_SEND_CLIENT_HELLO_A: |
| 268 | case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break; | 389 | str="2SCH_A"; break; |
| 269 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break; | 390 | case SSL2_ST_SEND_CLIENT_HELLO_B: |
| 270 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break; | 391 | str="2SCH_B"; break; |
| 271 | case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break; | 392 | case SSL2_ST_GET_SERVER_HELLO_A: |
| 272 | case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break; | 393 | str="2GSH_A"; break; |
| 273 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break; | 394 | case SSL2_ST_GET_SERVER_HELLO_B: |
| 274 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break; | 395 | str="2GSH_B"; break; |
| 275 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break; | 396 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: |
| 276 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break; | 397 | str="2SCMKA"; break; |
| 277 | case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break; | 398 | case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: |
| 278 | case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break; | 399 | str="2SCMKB"; break; |
| 279 | case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break; | 400 | case SSL2_ST_SEND_CLIENT_FINISHED_A: |
| 280 | case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break; | 401 | str="2SCF_A"; break; |
| 281 | case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break; | 402 | case SSL2_ST_SEND_CLIENT_FINISHED_B: |
| 282 | case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break; | 403 | str="2SCF_B"; break; |
| 283 | case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break; | 404 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: |
| 284 | case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break; | 405 | str="2SCC_A"; break; |
| 285 | case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break; | 406 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: |
| 286 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break; | 407 | str="2SCC_B"; break; |
| 287 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break; | 408 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: |
| 288 | case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break; | 409 | str="2SCC_C"; break; |
| 289 | case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break; | 410 | case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: |
| 290 | case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break; | 411 | str="2SCC_D"; break; |
| 291 | case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break; | 412 | case SSL2_ST_GET_SERVER_VERIFY_A: |
| 292 | case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break; | 413 | str="2GSV_A"; break; |
| 293 | case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break; | 414 | case SSL2_ST_GET_SERVER_VERIFY_B: |
| 294 | case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break; | 415 | str="2GSV_B"; break; |
| 295 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break; | 416 | case SSL2_ST_GET_SERVER_FINISHED_A: |
| 296 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break; | 417 | str="2GSF_A"; break; |
| 297 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break; | 418 | case SSL2_ST_GET_SERVER_FINISHED_B: |
| 298 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break; | 419 | str="2GSF_B"; break; |
| 299 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; | 420 | case SSL2_ST_GET_CLIENT_HELLO_A: |
| 300 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; | 421 | str="2GCH_A"; break; |
| 422 | case SSL2_ST_GET_CLIENT_HELLO_B: | ||
| 423 | str="2GCH_B"; break; | ||
| 424 | case SSL2_ST_GET_CLIENT_HELLO_C: | ||
| 425 | str="2GCH_C"; break; | ||
| 426 | case SSL2_ST_SEND_SERVER_HELLO_A: | ||
| 427 | str="2SSH_A"; break; | ||
| 428 | case SSL2_ST_SEND_SERVER_HELLO_B: | ||
| 429 | str="2SSH_B"; break; | ||
| 430 | case SSL2_ST_GET_CLIENT_MASTER_KEY_A: | ||
| 431 | str="2GCMKA"; break; | ||
| 432 | case SSL2_ST_GET_CLIENT_MASTER_KEY_B: | ||
| 433 | str="2GCMKA"; break; | ||
| 434 | case SSL2_ST_SEND_SERVER_VERIFY_A: | ||
| 435 | str="2SSV_A"; break; | ||
| 436 | case SSL2_ST_SEND_SERVER_VERIFY_B: | ||
| 437 | str="2SSV_B"; break; | ||
| 438 | case SSL2_ST_SEND_SERVER_VERIFY_C: | ||
| 439 | str="2SSV_C"; break; | ||
| 440 | case SSL2_ST_GET_CLIENT_FINISHED_A: | ||
| 441 | str="2GCF_A"; break; | ||
| 442 | case SSL2_ST_GET_CLIENT_FINISHED_B: | ||
| 443 | str="2GCF_B"; break; | ||
| 444 | case SSL2_ST_SEND_SERVER_FINISHED_A: | ||
| 445 | str="2SSF_A"; break; | ||
| 446 | case SSL2_ST_SEND_SERVER_FINISHED_B: | ||
| 447 | str="2SSF_B"; break; | ||
| 448 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: | ||
| 449 | str="2SRC_A"; break; | ||
| 450 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: | ||
| 451 | str="2SRC_B"; break; | ||
| 452 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: | ||
| 453 | str="2SRC_C"; break; | ||
| 454 | case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: | ||
| 455 | str="2SRC_D"; break; | ||
| 456 | case SSL2_ST_X509_GET_SERVER_CERTIFICATE: | ||
| 457 | str="2X9GSC"; break; | ||
| 458 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: | ||
| 459 | str="2X9GCC"; break; | ||
| 301 | #endif | 460 | #endif |
| 302 | 461 | ||
| 303 | #ifndef OPENSSL_NO_SSL3 | 462 | #ifndef OPENSSL_NO_SSL3 |
| 304 | /* SSLv3 additions */ | 463 | /* SSLv3 additions */ |
| 305 | case SSL3_ST_SW_FLUSH: | 464 | case SSL3_ST_SW_FLUSH: |
| 306 | case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; | 465 | case SSL3_ST_CW_FLUSH: |
| 307 | case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break; | 466 | str="3FLUSH"; break; |
| 308 | case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break; | 467 | case SSL3_ST_CW_CLNT_HELLO_A: |
| 309 | case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break; | 468 | str="3WCH_A"; break; |
| 310 | case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break; | 469 | case SSL3_ST_CW_CLNT_HELLO_B: |
| 311 | case SSL3_ST_CR_CERT_A: str="3RSC_A"; break; | 470 | str="3WCH_B"; break; |
| 312 | case SSL3_ST_CR_CERT_B: str="3RSC_B"; break; | 471 | case SSL3_ST_CR_SRVR_HELLO_A: |
| 313 | case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break; | 472 | str="3RSH_A"; break; |
| 314 | case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break; | 473 | case SSL3_ST_CR_SRVR_HELLO_B: |
| 315 | case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break; | 474 | str="3RSH_B"; break; |
| 316 | case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break; | 475 | case SSL3_ST_CR_CERT_A: |
| 317 | case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; | 476 | str="3RSC_A"; break; |
| 318 | case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; | 477 | case SSL3_ST_CR_CERT_B: |
| 319 | case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; | 478 | str="3RSC_B"; break; |
| 320 | case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; | 479 | case SSL3_ST_CR_KEY_EXCH_A: |
| 321 | case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; | 480 | str="3RSKEA"; break; |
| 322 | case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; | 481 | case SSL3_ST_CR_KEY_EXCH_B: |
| 323 | case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; | 482 | str="3RSKEB"; break; |
| 324 | case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; | 483 | case SSL3_ST_CR_CERT_REQ_A: |
| 325 | case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; | 484 | str="3RCR_A"; break; |
| 326 | case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break; | 485 | case SSL3_ST_CR_CERT_REQ_B: |
| 486 | str="3RCR_B"; break; | ||
| 487 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 488 | str="3RSD_A"; break; | ||
| 489 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 490 | str="3RSD_B"; break; | ||
| 491 | case SSL3_ST_CW_CERT_A: | ||
| 492 | str="3WCC_A"; break; | ||
| 493 | case SSL3_ST_CW_CERT_B: | ||
| 494 | str="3WCC_B"; break; | ||
| 495 | case SSL3_ST_CW_CERT_C: | ||
| 496 | str="3WCC_C"; break; | ||
| 497 | case SSL3_ST_CW_CERT_D: | ||
| 498 | str="3WCC_D"; break; | ||
| 499 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 500 | str="3WCKEA"; break; | ||
| 501 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 502 | str="3WCKEB"; break; | ||
| 503 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 504 | str="3WCV_A"; break; | ||
| 505 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 506 | str="3WCV_B"; break; | ||
| 327 | 507 | ||
| 328 | case SSL3_ST_SW_CHANGE_A: | 508 | case SSL3_ST_SW_CHANGE_A: |
| 329 | case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break; | 509 | case SSL3_ST_CW_CHANGE_A: |
| 330 | case SSL3_ST_SW_CHANGE_B: | 510 | str="3WCCSA"; break; |
| 331 | case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break; | 511 | case SSL3_ST_SW_CHANGE_B: |
| 332 | case SSL3_ST_SW_FINISHED_A: | 512 | case SSL3_ST_CW_CHANGE_B: |
| 333 | case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break; | 513 | str="3WCCSB"; break; |
| 334 | case SSL3_ST_SW_FINISHED_B: | 514 | case SSL3_ST_SW_FINISHED_A: |
| 335 | case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break; | 515 | case SSL3_ST_CW_FINISHED_A: |
| 336 | case SSL3_ST_SR_CHANGE_A: | 516 | str="3WFINA"; break; |
| 337 | case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break; | 517 | case SSL3_ST_SW_FINISHED_B: |
| 338 | case SSL3_ST_SR_CHANGE_B: | 518 | case SSL3_ST_CW_FINISHED_B: |
| 339 | case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break; | 519 | str="3WFINB"; break; |
| 340 | case SSL3_ST_SR_FINISHED_A: | 520 | case SSL3_ST_SR_CHANGE_A: |
| 341 | case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break; | 521 | case SSL3_ST_CR_CHANGE_A: |
| 342 | case SSL3_ST_SR_FINISHED_B: | 522 | str="3RCCSA"; break; |
| 343 | case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break; | 523 | case SSL3_ST_SR_CHANGE_B: |
| 524 | case SSL3_ST_CR_CHANGE_B: | ||
| 525 | str="3RCCSB"; break; | ||
| 526 | case SSL3_ST_SR_FINISHED_A: | ||
| 527 | case SSL3_ST_CR_FINISHED_A: | ||
| 528 | str="3RFINA"; break; | ||
| 529 | case SSL3_ST_SR_FINISHED_B: | ||
| 530 | case SSL3_ST_CR_FINISHED_B: | ||
| 531 | str="3RFINB"; break; | ||
| 344 | 532 | ||
| 345 | case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break; | 533 | case SSL3_ST_SW_HELLO_REQ_A: |
| 346 | case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break; | 534 | str="3WHR_A"; break; |
| 347 | case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break; | 535 | case SSL3_ST_SW_HELLO_REQ_B: |
| 348 | case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break; | 536 | str="3WHR_B"; break; |
| 349 | case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break; | 537 | case SSL3_ST_SW_HELLO_REQ_C: |
| 350 | case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break; | 538 | str="3WHR_C"; break; |
| 351 | case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break; | 539 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 352 | case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break; | 540 | str="3RCH_A"; break; |
| 353 | case SSL3_ST_SW_CERT_A: str="3WSC_A"; break; | 541 | case SSL3_ST_SR_CLNT_HELLO_B: |
| 354 | case SSL3_ST_SW_CERT_B: str="3WSC_B"; break; | 542 | str="3RCH_B"; break; |
| 355 | case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break; | 543 | case SSL3_ST_SR_CLNT_HELLO_C: |
| 356 | case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break; | 544 | str="3RCH_C"; break; |
| 357 | case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break; | 545 | case SSL3_ST_SW_SRVR_HELLO_A: |
| 358 | case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break; | 546 | str="3WSH_A"; break; |
| 359 | case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break; | 547 | case SSL3_ST_SW_SRVR_HELLO_B: |
| 360 | case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break; | 548 | str="3WSH_B"; break; |
| 361 | case SSL3_ST_SR_CERT_A: str="3RCC_A"; break; | 549 | case SSL3_ST_SW_CERT_A: |
| 362 | case SSL3_ST_SR_CERT_B: str="3RCC_B"; break; | 550 | str="3WSC_A"; break; |
| 363 | case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break; | 551 | case SSL3_ST_SW_CERT_B: |
| 364 | case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break; | 552 | str="3WSC_B"; break; |
| 365 | case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; | 553 | case SSL3_ST_SW_KEY_EXCH_A: |
| 366 | case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; | 554 | str="3WSKEA"; break; |
| 555 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 556 | str="3WSKEB"; break; | ||
| 557 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 558 | str="3WCR_A"; break; | ||
| 559 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 560 | str="3WCR_B"; break; | ||
| 561 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 562 | str="3WSD_A"; break; | ||
| 563 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 564 | str="3WSD_B"; break; | ||
| 565 | case SSL3_ST_SR_CERT_A: | ||
| 566 | str="3RCC_A"; break; | ||
| 567 | case SSL3_ST_SR_CERT_B: | ||
| 568 | str="3RCC_B"; break; | ||
| 569 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 570 | str="3RCKEA"; break; | ||
| 571 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 572 | str="3RCKEB"; break; | ||
| 573 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 574 | str="3RCV_A"; break; | ||
| 575 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 576 | str="3RCV_B"; break; | ||
| 367 | #endif | 577 | #endif |
| 368 | 578 | ||
| 369 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 579 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 370 | /* SSLv2/v3 compatibility states */ | 580 | /* SSLv2/v3 compatibility states */ |
| 371 | /* client */ | 581 | /* client */ |
| 372 | case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; | 582 | case SSL23_ST_CW_CLNT_HELLO_A: |
| 373 | case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; | 583 | str="23WCHA"; break; |
| 374 | case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break; | 584 | case SSL23_ST_CW_CLNT_HELLO_B: |
| 375 | case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break; | 585 | str="23WCHB"; break; |
| 586 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 587 | str="23RSHA"; break; | ||
| 588 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 589 | str="23RSHA"; break; | ||
| 376 | /* server */ | 590 | /* server */ |
| 377 | case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; | 591 | case SSL23_ST_SR_CLNT_HELLO_A: |
| 378 | case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; | 592 | str="23RCHA"; break; |
| 593 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 594 | str="23RCHB"; break; | ||
| 379 | #endif | 595 | #endif |
| 380 | /* DTLS */ | 596 | /* DTLS */ |
| 381 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; | 597 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: |
| 382 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; | 598 | str="DRCHVA"; break; |
| 383 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break; | 599 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: |
| 384 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break; | 600 | str="DRCHVB"; break; |
| 601 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 602 | str="DWCHVA"; break; | ||
| 603 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 604 | str="DWCHVB"; break; | ||
| 385 | 605 | ||
| 386 | default: str="UNKWN "; break; | 606 | default: |
| 387 | } | 607 | str="UNKWN "; break; |
| 388 | return(str); | ||
| 389 | } | 608 | } |
| 609 | return (str); | ||
| 610 | } | ||
| 390 | 611 | ||
| 391 | const char *SSL_alert_type_string_long(int value) | 612 | const char |
| 392 | { | 613 | *SSL_alert_type_string_long(int value) |
| 614 | { | ||
| 393 | value>>=8; | 615 | value>>=8; |
| 394 | if (value == SSL3_AL_WARNING) | 616 | if (value == SSL3_AL_WARNING) |
| 395 | return("warning"); | 617 | return("warning"); |
| @@ -397,10 +619,11 @@ const char *SSL_alert_type_string_long(int value) | |||
| 397 | return("fatal"); | 619 | return("fatal"); |
| 398 | else | 620 | else |
| 399 | return("unknown"); | 621 | return("unknown"); |
| 400 | } | 622 | } |
| 401 | 623 | ||
| 402 | const char *SSL_alert_type_string(int value) | 624 | const char |
| 403 | { | 625 | *SSL_alert_type_string(int value) |
| 626 | { | ||
| 404 | value>>=8; | 627 | value>>=8; |
| 405 | if (value == SSL3_AL_WARNING) | 628 | if (value == SSL3_AL_WARNING) |
| 406 | return("W"); | 629 | return("W"); |
| @@ -408,55 +631,86 @@ const char *SSL_alert_type_string(int value) | |||
| 408 | return("F"); | 631 | return("F"); |
| 409 | else | 632 | else |
| 410 | return("U"); | 633 | return("U"); |
| 411 | } | 634 | } |
| 412 | 635 | ||
| 413 | const char *SSL_alert_desc_string(int value) | 636 | const char |
| 414 | { | 637 | *SSL_alert_desc_string(int value) |
| 638 | { | ||
| 415 | const char *str; | 639 | const char *str; |
| 416 | 640 | ||
| 417 | switch (value & 0xff) | 641 | switch (value & 0xff) { |
| 418 | { | 642 | case SSL3_AD_CLOSE_NOTIFY: |
| 419 | case SSL3_AD_CLOSE_NOTIFY: str="CN"; break; | 643 | str="CN"; break; |
| 420 | case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break; | 644 | case SSL3_AD_UNEXPECTED_MESSAGE: |
| 421 | case SSL3_AD_BAD_RECORD_MAC: str="BM"; break; | 645 | str="UM"; break; |
| 422 | case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break; | 646 | case SSL3_AD_BAD_RECORD_MAC: |
| 423 | case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break; | 647 | str="BM"; break; |
| 424 | case SSL3_AD_NO_CERTIFICATE: str="NC"; break; | 648 | case SSL3_AD_DECOMPRESSION_FAILURE: |
| 425 | case SSL3_AD_BAD_CERTIFICATE: str="BC"; break; | 649 | str="DF"; break; |
| 426 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break; | 650 | case SSL3_AD_HANDSHAKE_FAILURE: |
| 427 | case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break; | 651 | str="HF"; break; |
| 428 | case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; | 652 | case SSL3_AD_NO_CERTIFICATE: |
| 429 | case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; | 653 | str="NC"; break; |
| 430 | case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; | 654 | case SSL3_AD_BAD_CERTIFICATE: |
| 431 | case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; | 655 | str="BC"; break; |
| 432 | case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; | 656 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: |
| 433 | case TLS1_AD_UNKNOWN_CA: str="CA"; break; | 657 | str="UC"; break; |
| 434 | case TLS1_AD_ACCESS_DENIED: str="AD"; break; | 658 | case SSL3_AD_CERTIFICATE_REVOKED: |
| 435 | case TLS1_AD_DECODE_ERROR: str="DE"; break; | 659 | str="CR"; break; |
| 436 | case TLS1_AD_DECRYPT_ERROR: str="CY"; break; | 660 | case SSL3_AD_CERTIFICATE_EXPIRED: |
| 437 | case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; | 661 | str="CE"; break; |
| 438 | case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; | 662 | case SSL3_AD_CERTIFICATE_UNKNOWN: |
| 439 | case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; | 663 | str="CU"; break; |
| 440 | case TLS1_AD_INTERNAL_ERROR: str="IE"; break; | 664 | case SSL3_AD_ILLEGAL_PARAMETER: |
| 441 | case TLS1_AD_USER_CANCELLED: str="US"; break; | 665 | str="IP"; break; |
| 442 | case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; | 666 | case TLS1_AD_DECRYPTION_FAILED: |
| 443 | case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break; | 667 | str="DC"; break; |
| 444 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break; | 668 | case TLS1_AD_RECORD_OVERFLOW: |
| 445 | case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break; | 669 | str="RO"; break; |
| 446 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break; | 670 | case TLS1_AD_UNKNOWN_CA: |
| 447 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break; | 671 | str="CA"; break; |
| 448 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break; | 672 | case TLS1_AD_ACCESS_DENIED: |
| 449 | default: str="UK"; break; | 673 | str="AD"; break; |
| 450 | } | 674 | case TLS1_AD_DECODE_ERROR: |
| 451 | return(str); | 675 | str="DE"; break; |
| 676 | case TLS1_AD_DECRYPT_ERROR: | ||
| 677 | str="CY"; break; | ||
| 678 | case TLS1_AD_EXPORT_RESTRICTION: | ||
| 679 | str="ER"; break; | ||
| 680 | case TLS1_AD_PROTOCOL_VERSION: | ||
| 681 | str="PV"; break; | ||
| 682 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
| 683 | str="IS"; break; | ||
| 684 | case TLS1_AD_INTERNAL_ERROR: | ||
| 685 | str="IE"; break; | ||
| 686 | case TLS1_AD_USER_CANCELLED: | ||
| 687 | str="US"; break; | ||
| 688 | case TLS1_AD_NO_RENEGOTIATION: | ||
| 689 | str="NR"; break; | ||
| 690 | case TLS1_AD_UNSUPPORTED_EXTENSION: | ||
| 691 | str="UE"; break; | ||
| 692 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: | ||
| 693 | str="CO"; break; | ||
| 694 | case TLS1_AD_UNRECOGNIZED_NAME: | ||
| 695 | str="UN"; break; | ||
| 696 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
| 697 | str="BR"; break; | ||
| 698 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
| 699 | str="BH"; break; | ||
| 700 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | ||
| 701 | str="UP"; break; | ||
| 702 | default: | ||
| 703 | str="UK"; break; | ||
| 452 | } | 704 | } |
| 705 | return (str); | ||
| 706 | } | ||
| 453 | 707 | ||
| 454 | const char *SSL_alert_desc_string_long(int value) | 708 | const char |
| 455 | { | 709 | *SSL_alert_desc_string_long(int value) |
| 710 | { | ||
| 456 | const char *str; | 711 | const char *str; |
| 457 | 712 | ||
| 458 | switch (value & 0xff) | 713 | switch (value & 0xff) { |
| 459 | { | ||
| 460 | case SSL3_AD_CLOSE_NOTIFY: | 714 | case SSL3_AD_CLOSE_NOTIFY: |
| 461 | str="close notify"; | 715 | str="close notify"; |
| 462 | break; | 716 | break; |
| @@ -547,21 +801,26 @@ const char *SSL_alert_desc_string_long(int value) | |||
| 547 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | 801 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: |
| 548 | str="unknown PSK identity"; | 802 | str="unknown PSK identity"; |
| 549 | break; | 803 | break; |
| 550 | default: str="unknown"; break; | 804 | default: |
| 551 | } | 805 | str="unknown"; break; |
| 552 | return(str); | ||
| 553 | } | 806 | } |
| 807 | return (str); | ||
| 808 | } | ||
| 554 | 809 | ||
| 555 | const char *SSL_rstate_string(const SSL *s) | 810 | const char |
| 556 | { | 811 | *SSL_rstate_string(const SSL *s) |
| 812 | { | ||
| 557 | const char *str; | 813 | const char *str; |
| 558 | 814 | ||
| 559 | switch (s->rstate) | 815 | switch (s->rstate) { |
| 560 | { | 816 | case SSL_ST_READ_HEADER: |
| 561 | case SSL_ST_READ_HEADER:str="RH"; break; | 817 | str="RH"; break; |
| 562 | case SSL_ST_READ_BODY: str="RB"; break; | 818 | case SSL_ST_READ_BODY: |
| 563 | case SSL_ST_READ_DONE: str="RD"; break; | 819 | str="RB"; break; |
| 564 | default: str="unknown"; break; | 820 | case SSL_ST_READ_DONE: |
| 565 | } | 821 | str="RD"; break; |
| 566 | return(str); | 822 | default: |
| 823 | str="unknown"; break; | ||
| 567 | } | 824 | } |
| 825 | return (str); | ||
| 826 | } | ||
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index 6479d52c0c..5186e396ec 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c | |||
| @@ -87,30 +87,33 @@ | |||
| 87 | #include "ssl_locl.h" | 87 | #include "ssl_locl.h" |
| 88 | 88 | ||
| 89 | #ifndef OPENSSL_NO_FP_API | 89 | #ifndef OPENSSL_NO_FP_API |
| 90 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | 90 | int |
| 91 | { | 91 | SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) |
| 92 | { | ||
| 92 | BIO *b; | 93 | BIO *b; |
| 93 | int ret; | 94 | int ret; |
| 94 | 95 | ||
| 95 | if ((b=BIO_new(BIO_s_file_internal())) == NULL) | 96 | if ((b = BIO_new(BIO_s_file_internal())) == NULL) { |
| 96 | { | 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); |
| 97 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); | 98 | return (0); |
| 98 | return(0); | ||
| 99 | } | ||
| 100 | BIO_set_fp(b,fp,BIO_NOCLOSE); | ||
| 101 | ret=SSL_SESSION_print(b,x); | ||
| 102 | BIO_free(b); | ||
| 103 | return(ret); | ||
| 104 | } | 99 | } |
| 100 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 101 | ret = SSL_SESSION_print(b, x); | ||
| 102 | BIO_free(b); | ||
| 103 | return (ret); | ||
| 104 | } | ||
| 105 | #endif | 105 | #endif |
| 106 | 106 | ||
| 107 | int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | 107 | int |
| 108 | { | 108 | SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) |
| 109 | { | ||
| 109 | unsigned int i; | 110 | unsigned int i; |
| 110 | const char *s; | 111 | const char *s; |
| 111 | 112 | ||
| 112 | if (x == NULL) goto err; | 113 | if (x == NULL) |
| 113 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | 114 | goto err; |
| 115 | if (BIO_puts(bp, "SSL-Session:\n") | ||
| 116 | <= 0) goto err; | ||
| 114 | if (x->ssl_version == SSL2_VERSION) | 117 | if (x->ssl_version == SSL2_VERSION) |
| 115 | s="SSLv2"; | 118 | s="SSLv2"; |
| 116 | else if (x->ssl_version == SSL3_VERSION) | 119 | else if (x->ssl_version == SSL3_VERSION) |
| @@ -127,122 +130,122 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | |||
| 127 | s="DTLSv1-bad"; | 130 | s="DTLSv1-bad"; |
| 128 | else | 131 | else |
| 129 | s="unknown"; | 132 | s="unknown"; |
| 130 | if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; | 133 | if (BIO_printf(bp, " Protocol : %s\n", s) |
| 134 | <= 0) goto err; | ||
| 131 | 135 | ||
| 132 | if (x->cipher == NULL) | 136 | if (x->cipher == NULL) { |
| 133 | { | 137 | if (((x->cipher_id) & 0xff000000) == 0x02000000) { |
| 134 | if (((x->cipher_id) & 0xff000000) == 0x02000000) | 138 | if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) |
| 135 | { | ||
| 136 | if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) | ||
| 137 | goto err; | 139 | goto err; |
| 138 | } | 140 | } else { |
| 139 | else | 141 | if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) |
| 140 | { | ||
| 141 | if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) | ||
| 142 | goto err; | 142 | goto err; |
| 143 | } | ||
| 144 | } | 143 | } |
| 145 | else | 144 | } else { |
| 146 | { | 145 | if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) |
| 147 | if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) | ||
| 148 | goto err; | 146 | goto err; |
| 149 | } | 147 | } |
| 150 | if (BIO_puts(bp," Session-ID: ") <= 0) goto err; | 148 | if (BIO_puts(bp, " Session-ID: ") |
| 151 | for (i=0; i<x->session_id_length; i++) | 149 | <= 0) goto err; |
| 152 | { | 150 | for (i = 0; i < x->session_id_length; i++) { |
| 153 | if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; | 151 | if (BIO_printf(bp, "%02X", x->session_id[i]) |
| 154 | } | 152 | <= 0) goto err; |
| 155 | if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; | 153 | } |
| 156 | for (i=0; i<x->sid_ctx_length; i++) | 154 | if (BIO_puts(bp, "\n Session-ID-ctx: ") |
| 157 | { | 155 | <= 0) goto err; |
| 158 | if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) | 156 | for (i = 0; i < x->sid_ctx_length; i++) { |
| 157 | if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) | ||
| 159 | goto err; | 158 | goto err; |
| 160 | } | 159 | } |
| 161 | if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; | 160 | if (BIO_puts(bp, "\n Master-Key: ") |
| 162 | for (i=0; i<(unsigned int)x->master_key_length; i++) | 161 | <= 0) goto err; |
| 163 | { | 162 | for (i = 0; i < (unsigned int)x->master_key_length; i++) { |
| 164 | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; | 163 | if (BIO_printf(bp, "%02X", x->master_key[i]) |
| 165 | } | 164 | <= 0) goto err; |
| 166 | if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | 165 | } |
| 167 | if (x->key_arg_length == 0) | 166 | if (BIO_puts(bp, "\n Key-Arg : ") |
| 168 | { | 167 | <= 0) goto err; |
| 169 | if (BIO_puts(bp,"None") <= 0) goto err; | 168 | if (x->key_arg_length == 0) { |
| 170 | } | 169 | if (BIO_puts(bp, "None") |
| 171 | else | 170 | <= 0) goto err; |
| 172 | for (i=0; i<x->key_arg_length; i++) | 171 | } else |
| 173 | { | 172 | for (i = 0; i < x->key_arg_length; i++) { |
| 174 | if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; | 173 | if (BIO_printf(bp, "%02X", x->key_arg[i]) |
| 175 | } | 174 | <= 0) goto err; |
| 175 | } | ||
| 176 | #ifndef OPENSSL_NO_KRB5 | 176 | #ifndef OPENSSL_NO_KRB5 |
| 177 | if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; | 177 | if (BIO_puts(bp, "\n Krb5 Principal: ") |
| 178 | if (x->krb5_client_princ_len == 0) | 178 | <= 0) goto err; |
| 179 | { | 179 | if (x->krb5_client_princ_len == 0) { |
| 180 | if (BIO_puts(bp,"None") <= 0) goto err; | 180 | if (BIO_puts(bp, "None") |
| 181 | } | 181 | <= 0) goto err; |
| 182 | else | 182 | } else |
| 183 | for (i=0; i<x->krb5_client_princ_len; i++) | 183 | for (i = 0; i < x->krb5_client_princ_len; i++) { |
| 184 | { | 184 | if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) |
| 185 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | 185 | <= 0) goto err; |
| 186 | } | 186 | } |
| 187 | #endif /* OPENSSL_NO_KRB5 */ | 187 | #endif /* OPENSSL_NO_KRB5 */ |
| 188 | #ifndef OPENSSL_NO_PSK | 188 | #ifndef OPENSSL_NO_PSK |
| 189 | if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err; | 189 | if (BIO_puts(bp, "\n PSK identity: ") |
| 190 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; | 190 | <= 0) goto err; |
| 191 | if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err; | 191 | if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") |
| 192 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; | 192 | <= 0) goto err; |
| 193 | if (BIO_puts(bp, "\n PSK identity hint: ") | ||
| 194 | <= 0) goto err; | ||
| 195 | if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") | ||
| 196 | <= 0) goto err; | ||
| 193 | #endif | 197 | #endif |
| 194 | #ifndef OPENSSL_NO_SRP | 198 | #ifndef OPENSSL_NO_SRP |
| 195 | if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err; | 199 | if (BIO_puts(bp, "\n SRP username: ") |
| 196 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; | 200 | <= 0) goto err; |
| 201 | if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") | ||
| 202 | <= 0) goto err; | ||
| 197 | #endif | 203 | #endif |
| 198 | #ifndef OPENSSL_NO_TLSEXT | 204 | #ifndef OPENSSL_NO_TLSEXT |
| 199 | if (x->tlsext_tick_lifetime_hint) | 205 | if (x->tlsext_tick_lifetime_hint) { |
| 200 | { | ||
| 201 | if (BIO_printf(bp, | 206 | if (BIO_printf(bp, |
| 202 | "\n TLS session ticket lifetime hint: %ld (seconds)", | 207 | "\n TLS session ticket lifetime hint: %ld (seconds)", |
| 203 | x->tlsext_tick_lifetime_hint) <=0) | 208 | x->tlsext_tick_lifetime_hint) <=0) |
| 204 | goto err; | 209 | goto err; |
| 205 | } | 210 | } |
| 206 | if (x->tlsext_tick) | 211 | if (x->tlsext_tick) { |
| 207 | { | 212 | if (BIO_puts(bp, "\n TLS session ticket:\n") |
| 208 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; | 213 | <= 0) goto err; |
| 209 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | 214 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) |
| 210 | goto err; | 215 | goto err; |
| 211 | } | 216 | } |
| 212 | #endif | 217 | #endif |
| 213 | 218 | ||
| 214 | #ifndef OPENSSL_NO_COMP | 219 | #ifndef OPENSSL_NO_COMP |
| 215 | if (x->compress_meth != 0) | 220 | if (x->compress_meth != 0) { |
| 216 | { | ||
| 217 | SSL_COMP *comp = NULL; | 221 | SSL_COMP *comp = NULL; |
| 218 | 222 | ||
| 219 | ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp); | 223 | ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp); |
| 220 | if (comp == NULL) | 224 | if (comp == NULL) { |
| 221 | { | 225 | if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) |
| 222 | if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; | 226 | <= 0) goto err; |
| 227 | } else { | ||
| 228 | if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->method->name) <= 0) goto err; | ||
| 223 | } | 229 | } |
| 224 | else | 230 | } |
| 225 | { | ||
| 226 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | ||
| 227 | } | ||
| 228 | } | ||
| 229 | #endif | 231 | #endif |
| 230 | if (x->time != 0L) | 232 | if (x->time != 0L) { |
| 231 | { | 233 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) |
| 232 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; | 234 | <= 0) goto err; |
| 233 | } | 235 | } |
| 234 | if (x->timeout != 0L) | 236 | if (x->timeout != 0L) { |
| 235 | { | 237 | if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; |
| 236 | if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; | ||
| 237 | } | 238 | } |
| 238 | if (BIO_puts(bp,"\n") <= 0) goto err; | 239 | if (BIO_puts(bp, "\n") |
| 240 | <= 0) goto err; | ||
| 239 | 241 | ||
| 240 | if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; | 242 | if (BIO_puts(bp, " Verify return code: ") |
| 243 | <= 0) goto err; | ||
| 241 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, | 244 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, |
| 242 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; | 245 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; |
| 243 | 246 | ||
| 244 | return(1); | 247 | return (1); |
| 245 | err: | 248 | err: |
| 246 | return(0); | 249 | return (0); |
| 247 | } | 250 | } |
| 248 | 251 | ||