summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl.h1566
-rw-r--r--src/lib/libssl/ssl2.h269
-rw-r--r--src/lib/libssl/ssl23.h83
-rw-r--r--src/lib/libssl/ssl3.h429
-rw-r--r--src/lib/libssl/ssl_algs.c107
-rw-r--r--src/lib/libssl/ssl_asn1.c349
-rw-r--r--src/lib/libssl/ssl_cert.c757
-rw-r--r--src/lib/libssl/ssl_ciph.c1071
-rw-r--r--src/lib/libssl/ssl_err.c435
-rw-r--r--src/lib/libssl/ssl_err2.c70
-rw-r--r--src/lib/libssl/ssl_lib.c2074
-rw-r--r--src/lib/libssl/ssl_locl.h609
-rw-r--r--src/lib/libssl/ssl_rsa.c815
-rw-r--r--src/lib/libssl/ssl_sess.c681
-rw-r--r--src/lib/libssl/ssl_stat.c454
-rw-r--r--src/lib/libssl/ssl_txt.c174
16 files changed, 0 insertions, 9943 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index 9de9e611ab..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,1566 +0,0 @@
1/* ssl/ssl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL_H
60#define HEADER_SSL_H
61
62#ifndef NO_COMP
63#include <openssl/comp.h>
64#endif
65#ifndef NO_BIO
66#include <openssl/bio.h>
67#endif
68#ifndef NO_X509
69#include <openssl/x509.h>
70#endif
71#include <openssl/safestack.h>
72
73#ifdef __cplusplus
74extern "C" {
75#endif
76
77/* SSLeay version number for ASN.1 encoding of the session information */
78/* Version 0 - initial version
79 * Version 1 - added the optional peer certificate
80 */
81#define SSL_SESSION_ASN1_VERSION 0x0001
82
83/* text strings for the ciphers */
84#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
85#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
86#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
87#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
88#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
89#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
90#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
91#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
92#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
93#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
94
95#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
96#define SSL_MAX_SID_CTX_LENGTH 32
97
98#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
99#define SSL_MAX_KEY_ARG_LENGTH 8
100#define SSL_MAX_MASTER_KEY_LENGTH 48
101
102/* These are used to specify which ciphers to use and not to use */
103#define SSL_TXT_LOW "LOW"
104#define SSL_TXT_MEDIUM "MEDIUM"
105#define SSL_TXT_HIGH "HIGH"
106#define SSL_TXT_kFZA "kFZA"
107#define SSL_TXT_aFZA "aFZA"
108#define SSL_TXT_eFZA "eFZA"
109#define SSL_TXT_FZA "FZA"
110
111#define SSL_TXT_aNULL "aNULL"
112#define SSL_TXT_eNULL "eNULL"
113#define SSL_TXT_NULL "NULL"
114
115#define SSL_TXT_kRSA "kRSA"
116#define SSL_TXT_kDHr "kDHr"
117#define SSL_TXT_kDHd "kDHd"
118#define SSL_TXT_kEDH "kEDH"
119#define SSL_TXT_aRSA "aRSA"
120#define SSL_TXT_aDSS "aDSS"
121#define SSL_TXT_aDH "aDH"
122#define SSL_TXT_DSS "DSS"
123#define SSL_TXT_DH "DH"
124#define SSL_TXT_EDH "EDH"
125#define SSL_TXT_ADH "ADH"
126#define SSL_TXT_RSA "RSA"
127#define SSL_TXT_DES "DES"
128#define SSL_TXT_3DES "3DES"
129#define SSL_TXT_RC4 "RC4"
130#define SSL_TXT_RC2 "RC2"
131#define SSL_TXT_IDEA "IDEA"
132#define SSL_TXT_MD5 "MD5"
133#define SSL_TXT_SHA1 "SHA1"
134#define SSL_TXT_SHA "SHA"
135#define SSL_TXT_EXP "EXP"
136#define SSL_TXT_EXPORT "EXPORT"
137#define SSL_TXT_EXP40 "EXPORT40"
138#define SSL_TXT_EXP56 "EXPORT56"
139#define SSL_TXT_SSLV2 "SSLv2"
140#define SSL_TXT_SSLV3 "SSLv3"
141#define SSL_TXT_TLSV1 "TLSv1"
142#define SSL_TXT_ALL "ALL"
143
144/* 'DEFAULT' at the start of the cipher list insert the following string
145 * in addition to this being the default cipher string */
146#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
147
148/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
149#define SSL_SENT_SHUTDOWN 1
150#define SSL_RECEIVED_SHUTDOWN 2
151
152#ifdef __cplusplus
153}
154#endif
155
156#include <openssl/crypto.h>
157#include <openssl/lhash.h>
158#include <openssl/buffer.h>
159#include <openssl/bio.h>
160#include <openssl/pem.h>
161#include <openssl/x509.h>
162
163#ifdef __cplusplus
164extern "C" {
165#endif
166
167#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
168#define NO_SSL2
169#endif
170
171#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
172#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
173
174/* This is needed to stop compilers complaining about the
175 * 'struct ssl_st *' function parameters used to prototype callbacks
176 * in SSL_CTX. */
177typedef struct ssl_st *ssl_crock_st;
178
179/* used to hold info on the particular ciphers used */
180typedef struct ssl_cipher_st
181 {
182 int valid;
183 const char *name; /* text name */
184 unsigned long id; /* id, 4 bytes, first is version */
185 unsigned long algorithms; /* what ciphers are used */
186 unsigned long algo_strength; /* strength and export flags */
187 unsigned long algorithm2; /* Extra flags */
188 int strength_bits; /* Number of bits really used */
189 int alg_bits; /* Number of bits for algorithm */
190 unsigned long mask; /* used for matching */
191 unsigned long mask_strength; /* also used for matching */
192 } SSL_CIPHER;
193
194DECLARE_STACK_OF(SSL_CIPHER)
195
196typedef struct ssl_st SSL;
197typedef struct ssl_ctx_st SSL_CTX;
198
199/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
200typedef struct ssl_method_st
201 {
202 int version;
203 int (*ssl_new)(SSL *s);
204 void (*ssl_clear)(SSL *s);
205 void (*ssl_free)(SSL *s);
206 int (*ssl_accept)(SSL *s);
207 int (*ssl_connect)(SSL *s);
208 int (*ssl_read)(SSL *s,void *buf,int len);
209 int (*ssl_peek)(SSL *s,void *buf,int len);
210 int (*ssl_write)(SSL *s,const void *buf,int len);
211 int (*ssl_shutdown)(SSL *s);
212 int (*ssl_renegotiate)(SSL *s);
213 int (*ssl_renegotiate_check)(SSL *s);
214 long (*ssl_ctrl)(SSL *s,int cmd,long larg,char *parg);
215 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,char *parg);
216 SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
217 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
218 int (*ssl_pending)(SSL *s);
219 int (*num_ciphers)(void);
220 SSL_CIPHER *(*get_cipher)(unsigned ncipher);
221 struct ssl_method_st *(*get_ssl_method)(int version);
222 long (*get_timeout)(void);
223 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
224 int (*ssl_version)();
225 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
226 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
227 } SSL_METHOD;
228
229/* Lets make this into an ASN.1 type structure as follows
230 * SSL_SESSION_ID ::= SEQUENCE {
231 * version INTEGER, -- structure version number
232 * SSLversion INTEGER, -- SSL version number
233 * Cipher OCTET_STRING, -- the 3 byte cipher ID
234 * Session_ID OCTET_STRING, -- the Session ID
235 * Master_key OCTET_STRING, -- the master key
236 * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
237 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
238 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
239 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
240 * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
241 * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
242 * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
243 * }
244 * Look in ssl/ssl_asn1.c for more details
245 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
246 */
247typedef struct ssl_session_st
248 {
249 int ssl_version; /* what ssl version session info is
250 * being kept in here? */
251
252 /* only really used in SSLv2 */
253 unsigned int key_arg_length;
254 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
255 int master_key_length;
256 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
257 /* session_id - valid? */
258 unsigned int session_id_length;
259 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
260 /* this is used to determine whether the session is being reused in
261 * the appropriate context. It is up to the application to set this,
262 * via SSL_new */
263 unsigned int sid_ctx_length;
264 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
265
266 int not_resumable;
267
268 /* The cert is the certificate used to establish this connection */
269 struct sess_cert_st /* SESS_CERT */ *sess_cert;
270
271 /* This is the cert for the other end.
272 * On clients, it will be the same as sess_cert->peer_key->x509
273 * (the latter is not enough as sess_cert is not retained
274 * in the external representation of sessions, see ssl_asn1.c). */
275 X509 *peer;
276 /* when app_verify_callback accepts a session where the peer's certificate
277 * is not ok, we must remember the error for session reuse: */
278 long verify_result; /* only for servers */
279
280 int references;
281 long timeout;
282 long time;
283
284 int compress_meth; /* Need to lookup the method */
285
286 SSL_CIPHER *cipher;
287 unsigned long cipher_id; /* when ASN.1 loaded, this
288 * needs to be used to load
289 * the 'cipher' structure */
290
291 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
292
293 CRYPTO_EX_DATA ex_data; /* application specific data */
294
295 /* These are used to make removal of session-ids more
296 * efficient and to implement a maximum cache size. */
297 struct ssl_session_st *prev,*next;
298 } SSL_SESSION;
299
300#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
301#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
302#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
303#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
304#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
305#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
306#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
307#define SSL_OP_TLS_D5_BUG 0x00000100L
308#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
309#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L
310
311/* If set, always create a new key when using tmp_dh parameters */
312#define SSL_OP_SINGLE_DH_USE 0x00100000L
313/* Set to also use the tmp_rsa key when doing RSA operations. */
314#define SSL_OP_EPHEMERAL_RSA 0x00200000L
315
316/* The next flag deliberately changes the ciphertest, this is a check
317 * for the PKCS#1 attack */
318#define SSL_OP_PKCS1_CHECK_1 0x08000000L
319#define SSL_OP_PKCS1_CHECK_2 0x10000000L
320#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
321/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
322#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
323#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
324#define SSL_OP_ALL 0x000FFFFFL
325
326#define SSL_OP_NO_SSLv2 0x01000000L
327#define SSL_OP_NO_SSLv3 0x02000000L
328#define SSL_OP_NO_TLSv1 0x04000000L
329
330/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
331 * when just a single record has been written): */
332#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
333/* Make it possible to retry SSL_write() with changed buffer location
334 * (buffer contents must stay the same!); this is not the default to avoid
335 * the misconception that non-blocking SSL_write() behaves like
336 * non-blocking write(): */
337#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
338/* Never bother the application with retries if the transport
339 * is blocking: */
340#define SSL_MODE_AUTO_RETRY 0x00000004L
341
342/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
343 * they cannot be used to clear bits. */
344
345#define SSL_CTX_set_options(ctx,op) \
346 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL)
347#define SSL_CTX_get_options(ctx) \
348 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL)
349#define SSL_set_options(ssl,op) \
350 SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL)
351#define SSL_get_options(ssl) \
352 SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL)
353
354#define SSL_CTX_set_mode(ctx,op) \
355 SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL)
356#define SSL_CTX_get_mode(ctx) \
357 SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL)
358#define SSL_set_mode(ssl,op) \
359 SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL)
360#define SSL_get_mode(ssl) \
361 SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL)
362
363#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
364
365typedef struct ssl_comp_st
366 {
367 int id;
368 char *name;
369#ifndef NO_COMP
370 COMP_METHOD *method;
371#else
372 char *method;
373#endif
374 } SSL_COMP;
375
376DECLARE_STACK_OF(SSL_COMP)
377
378struct ssl_ctx_st
379 {
380 SSL_METHOD *method;
381 unsigned long options;
382 unsigned long mode;
383
384 STACK_OF(SSL_CIPHER) *cipher_list;
385 /* same as above but sorted for lookup */
386 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
387
388 struct x509_store_st /* X509_STORE */ *cert_store;
389 struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
390 /* Most session-ids that will be cached, default is
391 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
392 unsigned long session_cache_size;
393 struct ssl_session_st *session_cache_head;
394 struct ssl_session_st *session_cache_tail;
395
396 /* This can have one of 2 values, ored together,
397 * SSL_SESS_CACHE_CLIENT,
398 * SSL_SESS_CACHE_SERVER,
399 * Default is SSL_SESSION_CACHE_SERVER, which means only
400 * SSL_accept which cache SSL_SESSIONS. */
401 int session_cache_mode;
402
403 /* If timeout is not 0, it is the default timeout value set
404 * when SSL_new() is called. This has been put in to make
405 * life easier to set things up */
406 long session_timeout;
407
408 /* If this callback is not null, it will be called each
409 * time a session id is added to the cache. If this function
410 * returns 1, it means that the callback will do a
411 * SSL_SESSION_free() when it has finished using it. Otherwise,
412 * on 0, it means the callback has finished with it.
413 * If remove_session_cb is not null, it will be called when
414 * a session-id is removed from the cache. After the call,
415 * OpenSSL will SSL_SESSION_free() it. */
416 int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
417 void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
418 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
419 unsigned char *data,int len,int *copy);
420 struct
421 {
422 int sess_connect; /* SSL new conn - started */
423 int sess_connect_renegotiate;/* SSL reneg - requested */
424 int sess_connect_good; /* SSL new conne/reneg - finished */
425 int sess_accept; /* SSL new accept - started */
426 int sess_accept_renegotiate;/* SSL reneg - requested */
427 int sess_accept_good; /* SSL accept/reneg - finished */
428 int sess_miss; /* session lookup misses */
429 int sess_timeout; /* reuse attempt on timeouted session */
430 int sess_cache_full; /* session removed due to full cache */
431 int sess_hit; /* session reuse actually done */
432 int sess_cb_hit; /* session-id that was not
433 * in the cache was
434 * passed back via the callback. This
435 * indicates that the application is
436 * supplying session-id's from other
437 * processes - spooky :-) */
438 } stats;
439
440 int references;
441
442/**/ void (*info_callback)();
443
444 /* if defined, these override the X509_verify_cert() calls */
445/**/ int (*app_verify_callback)();
446/**/ char *app_verify_arg; /* never used; should be void * */
447
448 /* default values to use in SSL structures */
449/**/ struct cert_st /* CERT */ *cert;
450/**/ int read_ahead;
451/**/ int verify_mode;
452/**/ int verify_depth;
453/**/ unsigned int sid_ctx_length;
454/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
455/**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
456
457 int purpose; /* Purpose setting */
458 int trust; /* Trust setting */
459
460 /* Default password callback. */
461/**/ pem_password_cb *default_passwd_callback;
462
463 /* Default password callback user data. */
464/**/ void *default_passwd_callback_userdata;
465
466 /* get client cert callback */
467/**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
468
469 /* what we put in client cert requests */
470 STACK_OF(X509_NAME) *client_CA;
471
472/**/ int quiet_shutdown;
473
474 CRYPTO_EX_DATA ex_data;
475
476 const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
477 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
478 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
479
480 STACK_OF(X509) *extra_certs;
481 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
482 };
483
484#define SSL_SESS_CACHE_OFF 0x0000
485#define SSL_SESS_CACHE_CLIENT 0x0001
486#define SSL_SESS_CACHE_SERVER 0x0002
487#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
488#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
489/* This one, when set, makes the server session-id lookup not look
490 * in the cache. If there is an application get_session callback
491 * defined, this will still get called. */
492#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
493
494 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
495#define SSL_CTX_sess_number(ctx) \
496 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
497#define SSL_CTX_sess_connect(ctx) \
498 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
499#define SSL_CTX_sess_connect_good(ctx) \
500 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
501#define SSL_CTX_sess_connect_renegotiate(ctx) \
502 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
503#define SSL_CTX_sess_accept(ctx) \
504 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
505#define SSL_CTX_sess_accept_renegotiate(ctx) \
506 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
507#define SSL_CTX_sess_accept_good(ctx) \
508 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
509#define SSL_CTX_sess_hits(ctx) \
510 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
511#define SSL_CTX_sess_cb_hits(ctx) \
512 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
513#define SSL_CTX_sess_misses(ctx) \
514 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
515#define SSL_CTX_sess_timeouts(ctx) \
516 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
517#define SSL_CTX_sess_cache_full(ctx) \
518 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
519
520#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
521#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
522#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
523#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
524#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
525#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
526#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
527#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
528#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
529#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
530
531#define SSL_NOTHING 1
532#define SSL_WRITING 2
533#define SSL_READING 3
534#define SSL_X509_LOOKUP 4
535
536/* These will only be used when doing non-blocking IO */
537#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
538#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
539#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
540#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
541
542struct ssl_st
543 {
544 /* protocol version
545 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
546 */
547 int version;
548 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
549
550 SSL_METHOD *method; /* SSLv3 */
551
552 /* There are 2 BIO's even though they are normally both the
553 * same. This is so data can be read and written to different
554 * handlers */
555
556#ifndef NO_BIO
557 BIO *rbio; /* used by SSL_read */
558 BIO *wbio; /* used by SSL_write */
559 BIO *bbio; /* used during session-id reuse to concatenate
560 * messages */
561#else
562 char *rbio; /* used by SSL_read */
563 char *wbio; /* used by SSL_write */
564 char *bbio;
565#endif
566 /* This holds a variable that indicates what we were doing
567 * when a 0 or -1 is returned. This is needed for
568 * non-blocking IO so we know what request needs re-doing when
569 * in SSL_accept or SSL_connect */
570 int rwstate;
571
572 /* true when we are actually in SSL_accept() or SSL_connect() */
573 int in_handshake;
574 int (*handshake_func)();
575
576 /* Imagine that here's a boolean member "init" that is
577 * switched as soon as SSL_set_{accept/connect}_state
578 * is called for the first time, so that "state" and
579 * "handshake_func" are properly initialized. But as
580 * handshake_func is == 0 until then, we use this
581 * test instead of an "init" member.
582 */
583
584 int server; /* are we the server side? - mostly used by SSL_clear*/
585
586 int new_session;/* 1 if we are to use a new session */
587 int quiet_shutdown;/* don't send shutdown packets */
588 int shutdown; /* we have shut things down, 0x01 sent, 0x02
589 * for received */
590 int state; /* where we are */
591 int rstate; /* where we are when reading */
592
593 BUF_MEM *init_buf; /* buffer used during init */
594 int init_num; /* amount read/written */
595 int init_off; /* amount read/written */
596
597 /* used internally to point at a raw packet */
598 unsigned char *packet;
599 unsigned int packet_length;
600
601 struct ssl2_state_st *s2; /* SSLv2 variables */
602 struct ssl3_state_st *s3; /* SSLv3 variables */
603
604 int read_ahead; /* Read as many input bytes as possible
605 * (for non-blocking reads) */
606 int hit; /* reusing a previous session */
607
608 int purpose; /* Purpose setting */
609 int trust; /* Trust setting */
610
611 /* crypto */
612 STACK_OF(SSL_CIPHER) *cipher_list;
613 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
614
615 /* These are the ones being used, the ones in SSL_SESSION are
616 * the ones to be 'copied' into these ones */
617
618 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
619 const EVP_MD *read_hash; /* used for mac generation */
620#ifndef NO_COMP
621 COMP_CTX *expand; /* uncompress */
622#else
623 char *expand;
624#endif
625
626 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
627 const EVP_MD *write_hash; /* used for mac generation */
628#ifndef NO_COMP
629 COMP_CTX *compress; /* compression */
630#else
631 char *compress;
632#endif
633
634 /* session info */
635
636 /* client cert? */
637 /* This is used to hold the server certificate used */
638 struct cert_st /* CERT */ *cert;
639
640 /* the session_id_context is used to ensure sessions are only reused
641 * in the appropriate context */
642 unsigned int sid_ctx_length;
643 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
644
645 /* This can also be in the session once a session is established */
646 SSL_SESSION *session;
647
648 /* Used in SSL2 and SSL3 */
649 int verify_mode; /* 0 don't care about verify failure.
650 * 1 fail if verify fails */
651 int verify_depth;
652 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
653 void (*info_callback)(); /* optional informational callback */
654
655 int error; /* error bytes to be written */
656 int error_code; /* actual code */
657
658 SSL_CTX *ctx;
659 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
660 * and SSL_write() calls, good for nbio debuging :-) */
661 int debug;
662
663 /* extra application data */
664 long verify_result;
665 CRYPTO_EX_DATA ex_data;
666
667 /* for server side, keep the list of CA_dn we can use */
668 STACK_OF(X509_NAME) *client_CA;
669
670 int references;
671 unsigned long options; /* protocol behaviour */
672 unsigned long mode; /* API behaviour */
673 int first_packet;
674 int client_version; /* what was passed, used for
675 * SSLv3/TLS rollback check */
676 };
677
678#ifdef __cplusplus
679}
680#endif
681
682#include <openssl/ssl2.h>
683#include <openssl/ssl3.h>
684#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
685#include <openssl/ssl23.h>
686
687#ifdef __cplusplus
688extern "C" {
689#endif
690
691/* compatibility */
692#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
693#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
694#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
695#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
696#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
697#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
698
699/* The following are the possible values for ssl->state are are
700 * used to indicate where we are up to in the SSL connection establishment.
701 * The macros that follow are about the only things you should need to use
702 * and even then, only when using non-blocking IO.
703 * It can also be useful to work out where you were when the connection
704 * failed */
705
706#define SSL_ST_CONNECT 0x1000
707#define SSL_ST_ACCEPT 0x2000
708#define SSL_ST_MASK 0x0FFF
709#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
710#define SSL_ST_BEFORE 0x4000
711#define SSL_ST_OK 0x03
712#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
713
714#define SSL_CB_LOOP 0x01
715#define SSL_CB_EXIT 0x02
716#define SSL_CB_READ 0x04
717#define SSL_CB_WRITE 0x08
718#define SSL_CB_ALERT 0x4000 /* used in callback */
719#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
720#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
721#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
722#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
723#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
724#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
725#define SSL_CB_HANDSHAKE_START 0x10
726#define SSL_CB_HANDSHAKE_DONE 0x20
727
728/* Is the SSL_connection established? */
729#define SSL_get_state(a) SSL_state(a)
730#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
731#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
732#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
733#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
734#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
735
736/* The following 2 states are kept in ssl->rstate when reads fail,
737 * you should not need these */
738#define SSL_ST_READ_HEADER 0xF0
739#define SSL_ST_READ_BODY 0xF1
740#define SSL_ST_READ_DONE 0xF2
741
742/* Obtain latest Finished message
743 * -- that we sent (SSL_get_finished)
744 * -- that we expected from peer (SSL_get_peer_finished).
745 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
746size_t SSL_get_finished(SSL *s, void *buf, size_t count);
747size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
748
749/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
750 * are 'ored' with SSL_VERIFY_PEER if they are desired */
751#define SSL_VERIFY_NONE 0x00
752#define SSL_VERIFY_PEER 0x01
753#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
754#define SSL_VERIFY_CLIENT_ONCE 0x04
755
756#define OpenSSL_add_ssl_algorithms() SSL_library_init()
757#define SSLeay_add_ssl_algorithms() SSL_library_init()
758
759/* this is for backward compatibility */
760#if 0 /* NEW_SSLEAY */
761#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
762#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
763#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
764#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
765#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
766#endif
767/* More backward compatibility */
768#define SSL_get_cipher(s) \
769 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
770#define SSL_get_cipher_bits(s,np) \
771 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
772#define SSL_get_cipher_version(s) \
773 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
774#define SSL_get_cipher_name(s) \
775 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
776#define SSL_get_time(a) SSL_SESSION_get_time(a)
777#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
778#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
779#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
780
781#if 1 /*SSLEAY_MACROS*/
782#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
783 (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
784 (bp),(unsigned char **)(s_id))
785#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
786 bp,(unsigned char *)s_id)
787#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
788 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
789#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
790 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
791#define PEM_write_SSL_SESSION(fp,x) \
792 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
793 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
794#define PEM_write_bio_SSL_SESSION(bp,x) \
795 PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
796 PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
797#endif
798
799#define SSL_AD_REASON_OFFSET 1000
800/* These alert types are for SSLv3 and TLSv1 */
801#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
802#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
803#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
804#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
805#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
806#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
807#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
808#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
809#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
810#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
811#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
812#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
813#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
814#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
815#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
816#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
817#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
818#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
819#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
820#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
821#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
822#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
823#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
824#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
825
826#define SSL_ERROR_NONE 0
827#define SSL_ERROR_SSL 1
828#define SSL_ERROR_WANT_READ 2
829#define SSL_ERROR_WANT_WRITE 3
830#define SSL_ERROR_WANT_X509_LOOKUP 4
831#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
832#define SSL_ERROR_ZERO_RETURN 6
833#define SSL_ERROR_WANT_CONNECT 7
834
835#define SSL_CTRL_NEED_TMP_RSA 1
836#define SSL_CTRL_SET_TMP_RSA 2
837#define SSL_CTRL_SET_TMP_DH 3
838#define SSL_CTRL_SET_TMP_RSA_CB 4
839#define SSL_CTRL_SET_TMP_DH_CB 5
840/* Add these ones */
841#define SSL_CTRL_GET_SESSION_REUSED 6
842#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7
843#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8
844#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9
845#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10
846#define SSL_CTRL_GET_FLAGS 11
847#define SSL_CTRL_EXTRA_CHAIN_CERT 12
848
849/* Stats */
850#define SSL_CTRL_SESS_NUMBER 20
851#define SSL_CTRL_SESS_CONNECT 21
852#define SSL_CTRL_SESS_CONNECT_GOOD 22
853#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
854#define SSL_CTRL_SESS_ACCEPT 24
855#define SSL_CTRL_SESS_ACCEPT_GOOD 25
856#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
857#define SSL_CTRL_SESS_HIT 27
858#define SSL_CTRL_SESS_CB_HIT 28
859#define SSL_CTRL_SESS_MISSES 29
860#define SSL_CTRL_SESS_TIMEOUTS 30
861#define SSL_CTRL_SESS_CACHE_FULL 31
862#define SSL_CTRL_OPTIONS 32
863#define SSL_CTRL_MODE 33
864
865#define SSL_CTRL_GET_READ_AHEAD 40
866#define SSL_CTRL_SET_READ_AHEAD 41
867#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
868#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
869#define SSL_CTRL_SET_SESS_CACHE_MODE 44
870#define SSL_CTRL_GET_SESS_CACHE_MODE 45
871
872#define SSL_session_reused(ssl) \
873 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
874#define SSL_num_renegotiations(ssl) \
875 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
876#define SSL_clear_num_renegotiations(ssl) \
877 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
878#define SSL_total_renegotiations(ssl) \
879 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
880
881#define SSL_CTX_need_tmp_RSA(ctx) \
882 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
883#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
884 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
885#define SSL_CTX_set_tmp_dh(ctx,dh) \
886 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
887
888#define SSL_need_tmp_RSA(ssl) \
889 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
890#define SSL_set_tmp_rsa(ssl,rsa) \
891 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
892#define SSL_set_tmp_dh(ssl,dh) \
893 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
894
895#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
896 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
897
898/* VMS uses only 31 characters for symbols. */
899#ifdef VMS
900#undef SSL_CTX_set_cert_verify_callback
901#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
902#undef SSL_CTX_use_certificate_chain_file
903#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
904#undef SSL_CTX_set_default_verify_paths
905#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
906#undef SSL_get_ex_data_X509_STORE_CTX_idx
907#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_data_X509_STOR_CTX_i
908#undef SSL_add_file_cert_subjects_to_stack
909#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_sub_to_stack
910#undef SSL_add_dir_cert_subjects_to_stack
911#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
912#endif
913
914#ifndef NO_BIO
915BIO_METHOD *BIO_f_ssl(void);
916BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
917BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
918BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
919int BIO_ssl_copy_session_id(BIO *to,BIO *from);
920void BIO_ssl_shutdown(BIO *ssl_bio);
921
922#endif
923
924int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
925SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
926void SSL_CTX_free(SSL_CTX *);
927long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
928long SSL_CTX_get_timeout(SSL_CTX *ctx);
929X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
930void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
931int SSL_want(SSL *s);
932int SSL_clear(SSL *s);
933
934void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
935
936SSL_CIPHER *SSL_get_current_cipher(SSL *s);
937int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
938char * SSL_CIPHER_get_version(SSL_CIPHER *c);
939const char * SSL_CIPHER_get_name(SSL_CIPHER *c);
940
941int SSL_get_fd(SSL *s);
942const char * SSL_get_cipher_list(SSL *s,int n);
943char * SSL_get_shared_ciphers(SSL *s, char *buf, int len);
944int SSL_get_read_ahead(SSL * s);
945int SSL_pending(SSL *s);
946#ifndef NO_SOCK
947int SSL_set_fd(SSL *s, int fd);
948int SSL_set_rfd(SSL *s, int fd);
949int SSL_set_wfd(SSL *s, int fd);
950#endif
951#ifndef NO_BIO
952void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
953BIO * SSL_get_rbio(SSL *s);
954BIO * SSL_get_wbio(SSL *s);
955#endif
956int SSL_set_cipher_list(SSL *s, const char *str);
957void SSL_set_read_ahead(SSL *s, int yes);
958int SSL_get_verify_mode(SSL *s);
959int SSL_get_verify_depth(SSL *s);
960int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
961void SSL_set_verify(SSL *s, int mode,
962 int (*callback)(int ok,X509_STORE_CTX *ctx));
963void SSL_set_verify_depth(SSL *s, int depth);
964#ifndef NO_RSA
965int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
966#endif
967int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
968int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
969int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
970int SSL_use_certificate(SSL *ssl, X509 *x);
971int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
972
973#ifndef NO_STDIO
974int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
975int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
976int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
977int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
978int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
979int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
980int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
981STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
982int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
983 const char *file);
984int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
985 const char *dir);
986#endif
987
988void ERR_load_SSL_strings(void );
989void SSL_load_error_strings(void );
990char * SSL_state_string(SSL *s);
991char * SSL_rstate_string(SSL *s);
992char * SSL_state_string_long(SSL *s);
993char * SSL_rstate_string_long(SSL *s);
994long SSL_SESSION_get_time(SSL_SESSION *s);
995long SSL_SESSION_set_time(SSL_SESSION *s, long t);
996long SSL_SESSION_get_timeout(SSL_SESSION *s);
997long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
998void SSL_copy_session_id(SSL *to,SSL *from);
999
1000SSL_SESSION *SSL_SESSION_new(void);
1001unsigned long SSL_SESSION_hash(SSL_SESSION *a);
1002int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
1003#ifndef NO_FP_API
1004int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
1005#endif
1006#ifndef NO_BIO
1007int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
1008#endif
1009void SSL_SESSION_free(SSL_SESSION *ses);
1010int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
1011int SSL_set_session(SSL *to, SSL_SESSION *session);
1012int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1013int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
1014SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
1015
1016#ifdef HEADER_X509_H
1017X509 * SSL_get_peer_certificate(SSL *s);
1018#endif
1019
1020STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
1021
1022#ifdef VMS
1023#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
1024#endif
1025
1026int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
1027int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
1028int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
1029void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
1030 int (*callback)(int, X509_STORE_CTX *));
1031void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
1032void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(),char *arg);
1033#ifndef NO_RSA
1034int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1035#endif
1036int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
1037int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1038int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
1039 unsigned char *d, long len);
1040int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1041int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
1042
1043void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
1044void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1045
1046int SSL_CTX_check_private_key(SSL_CTX *ctx);
1047int SSL_check_private_key(SSL *ctx);
1048
1049int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
1050 unsigned int sid_ctx_len);
1051
1052SSL * SSL_new(SSL_CTX *ctx);
1053int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
1054 unsigned int sid_ctx_len);
1055
1056int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1057int SSL_set_purpose(SSL *s, int purpose);
1058int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1059int SSL_set_trust(SSL *s, int trust);
1060
1061void SSL_free(SSL *ssl);
1062int SSL_accept(SSL *ssl);
1063int SSL_connect(SSL *ssl);
1064int SSL_read(SSL *ssl,void *buf,int num);
1065int SSL_peek(SSL *ssl,void *buf,int num);
1066int SSL_write(SSL *ssl,const void *buf,int num);
1067long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
1068long SSL_callback_ctrl(SSL *, int, void (*)());
1069long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
1070long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
1071
1072int SSL_get_error(SSL *s,int ret_code);
1073const char *SSL_get_version(SSL *s);
1074
1075/* This sets the 'default' SSL version that SSL_new() will create */
1076int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
1077
1078SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1079SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1080SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1081
1082SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1083SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1084SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1085
1086SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1087SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1088SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1089
1090SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1091SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1092SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1093
1094STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
1095
1096int SSL_do_handshake(SSL *s);
1097int SSL_renegotiate(SSL *s);
1098int SSL_shutdown(SSL *s);
1099
1100SSL_METHOD *SSL_get_ssl_method(SSL *s);
1101int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
1102char *SSL_alert_type_string_long(int value);
1103char *SSL_alert_type_string(int value);
1104char *SSL_alert_desc_string_long(int value);
1105char *SSL_alert_desc_string(int value);
1106
1107void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
1108void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
1109STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
1110STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
1111int SSL_add_client_CA(SSL *ssl,X509 *x);
1112int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
1113
1114void SSL_set_connect_state(SSL *s);
1115void SSL_set_accept_state(SSL *s);
1116
1117long SSL_get_default_timeout(SSL *s);
1118
1119int SSL_library_init(void );
1120
1121char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
1122STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1123
1124SSL *SSL_dup(SSL *ssl);
1125
1126X509 *SSL_get_certificate(SSL *ssl);
1127/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1128
1129void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1130int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
1131void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1132int SSL_get_quiet_shutdown(SSL *ssl);
1133void SSL_set_shutdown(SSL *ssl,int mode);
1134int SSL_get_shutdown(SSL *ssl);
1135int SSL_version(SSL *ssl);
1136int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1137int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1138 const char *CApath);
1139#define SSL_get0_session SSL_get_session /* just peek at pointer */
1140SSL_SESSION *SSL_get_session(SSL *ssl);
1141SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1142SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
1143void SSL_set_info_callback(SSL *ssl,void (*cb)());
1144void (*SSL_get_info_callback(SSL *ssl))();
1145int SSL_state(SSL *ssl);
1146
1147void SSL_set_verify_result(SSL *ssl,long v);
1148long SSL_get_verify_result(SSL *ssl);
1149
1150int SSL_set_ex_data(SSL *ssl,int idx,void *data);
1151void *SSL_get_ex_data(SSL *ssl,int idx);
1152int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1153 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1154
1155int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
1156void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
1157int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1158 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1159
1160int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
1161void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
1162int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1163 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1164
1165int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1166
1167#define SSL_CTX_sess_set_cache_size(ctx,t) \
1168 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1169#define SSL_CTX_sess_get_cache_size(ctx) \
1170 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1171#define SSL_CTX_set_session_cache_mode(ctx,m) \
1172 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1173#define SSL_CTX_get_session_cache_mode(ctx) \
1174 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1175
1176#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1177#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1178#define SSL_CTX_get_read_ahead(ctx) \
1179 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1180#define SSL_CTX_set_read_ahead(ctx,m) \
1181 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1182
1183 /* NB: the keylength is only applicable when is_export is true */
1184#ifndef NO_RSA
1185void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1186 RSA *(*cb)(SSL *ssl,int is_export,
1187 int keylength));
1188
1189void SSL_set_tmp_rsa_callback(SSL *ssl,
1190 RSA *(*cb)(SSL *ssl,int is_export,
1191 int keylength));
1192#endif
1193#ifndef NO_DH
1194void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1195 DH *(*dh)(SSL *ssl,int is_export,
1196 int keylength));
1197void SSL_set_tmp_dh_callback(SSL *ssl,
1198 DH *(*dh)(SSL *ssl,int is_export,
1199 int keylength));
1200#endif
1201
1202#ifndef NO_COMP
1203int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
1204#else
1205int SSL_COMP_add_compression_method(int id,char *cm);
1206#endif
1207
1208/* BEGIN ERROR CODES */
1209/* The following lines are auto generated by the script mkerr.pl. Any changes
1210 * made after this point may be overwritten when the script is next run.
1211 */
1212void ERR_load_SSL_strings(void);
1213
1214/* Error codes for the SSL functions. */
1215
1216/* Function codes. */
1217#define SSL_F_CLIENT_CERTIFICATE 100
1218#define SSL_F_CLIENT_HELLO 101
1219#define SSL_F_CLIENT_MASTER_KEY 102
1220#define SSL_F_D2I_SSL_SESSION 103
1221#define SSL_F_DO_SSL3_WRITE 104
1222#define SSL_F_GET_CLIENT_FINISHED 105
1223#define SSL_F_GET_CLIENT_HELLO 106
1224#define SSL_F_GET_CLIENT_MASTER_KEY 107
1225#define SSL_F_GET_SERVER_FINISHED 108
1226#define SSL_F_GET_SERVER_HELLO 109
1227#define SSL_F_GET_SERVER_VERIFY 110
1228#define SSL_F_I2D_SSL_SESSION 111
1229#define SSL_F_READ_N 112
1230#define SSL_F_REQUEST_CERTIFICATE 113
1231#define SSL_F_SERVER_HELLO 114
1232#define SSL_F_SSL23_ACCEPT 115
1233#define SSL_F_SSL23_CLIENT_HELLO 116
1234#define SSL_F_SSL23_CONNECT 117
1235#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1236#define SSL_F_SSL23_GET_SERVER_HELLO 119
1237#define SSL_F_SSL23_PEEK 237
1238#define SSL_F_SSL23_READ 120
1239#define SSL_F_SSL23_WRITE 121
1240#define SSL_F_SSL2_ACCEPT 122
1241#define SSL_F_SSL2_CONNECT 123
1242#define SSL_F_SSL2_ENC_INIT 124
1243#define SSL_F_SSL2_PEEK 234
1244#define SSL_F_SSL2_READ 125
1245#define SSL_F_SSL2_READ_INTERNAL 236
1246#define SSL_F_SSL2_SET_CERTIFICATE 126
1247#define SSL_F_SSL2_WRITE 127
1248#define SSL_F_SSL3_ACCEPT 128
1249#define SSL_F_SSL3_CALLBACK_CTRL 233
1250#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1251#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1252#define SSL_F_SSL3_CLIENT_HELLO 131
1253#define SSL_F_SSL3_CONNECT 132
1254#define SSL_F_SSL3_CTRL 213
1255#define SSL_F_SSL3_CTX_CTRL 133
1256#define SSL_F_SSL3_ENC 134
1257#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1258#define SSL_F_SSL3_GET_CERT_VERIFY 136
1259#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1260#define SSL_F_SSL3_GET_CLIENT_HELLO 138
1261#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
1262#define SSL_F_SSL3_GET_FINISHED 140
1263#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1264#define SSL_F_SSL3_GET_MESSAGE 142
1265#define SSL_F_SSL3_GET_RECORD 143
1266#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1267#define SSL_F_SSL3_GET_SERVER_DONE 145
1268#define SSL_F_SSL3_GET_SERVER_HELLO 146
1269#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1270#define SSL_F_SSL3_PEEK 235
1271#define SSL_F_SSL3_READ_BYTES 148
1272#define SSL_F_SSL3_READ_N 149
1273#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
1274#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
1275#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1276#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1277#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1278#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1279#define SSL_F_SSL3_SETUP_BUFFERS 156
1280#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1281#define SSL_F_SSL3_WRITE_BYTES 158
1282#define SSL_F_SSL3_WRITE_PENDING 159
1283#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1284#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1285#define SSL_F_SSL_BAD_METHOD 160
1286#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1287#define SSL_F_SSL_CERT_DUP 221
1288#define SSL_F_SSL_CERT_INST 222
1289#define SSL_F_SSL_CERT_INSTANTIATE 214
1290#define SSL_F_SSL_CERT_NEW 162
1291#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1292#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1293#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1294#define SSL_F_SSL_CLEAR 164
1295#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1296#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1297#define SSL_F_SSL_CTRL 232
1298#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1299#define SSL_F_SSL_CTX_NEW 169
1300#define SSL_F_SSL_CTX_SET_PURPOSE 226
1301#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1302#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
1303#define SSL_F_SSL_CTX_SET_TRUST 229
1304#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
1305#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
1306#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
1307#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
1308#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
1309#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
1310#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
1311#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
1312#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
1313#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
1314#define SSL_F_SSL_DO_HANDSHAKE 180
1315#define SSL_F_SSL_GET_NEW_SESSION 181
1316#define SSL_F_SSL_GET_PREV_SESSION 217
1317#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
1318#define SSL_F_SSL_GET_SIGN_PKEY 183
1319#define SSL_F_SSL_INIT_WBIO_BUFFER 184
1320#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
1321#define SSL_F_SSL_NEW 186
1322#define SSL_F_SSL_READ 223
1323#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
1324#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
1325#define SSL_F_SSL_SESSION_NEW 189
1326#define SSL_F_SSL_SESSION_PRINT_FP 190
1327#define SSL_F_SSL_SESS_CERT_NEW 225
1328#define SSL_F_SSL_SET_CERT 191
1329#define SSL_F_SSL_SET_FD 192
1330#define SSL_F_SSL_SET_PKEY 193
1331#define SSL_F_SSL_SET_PURPOSE 227
1332#define SSL_F_SSL_SET_RFD 194
1333#define SSL_F_SSL_SET_SESSION 195
1334#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1335#define SSL_F_SSL_SET_TRUST 228
1336#define SSL_F_SSL_SET_WFD 196
1337#define SSL_F_SSL_SHUTDOWN 224
1338#define SSL_F_SSL_UNDEFINED_FUNCTION 197
1339#define SSL_F_SSL_USE_CERTIFICATE 198
1340#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
1341#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
1342#define SSL_F_SSL_USE_PRIVATEKEY 201
1343#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
1344#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
1345#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
1346#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
1347#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
1348#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
1349#define SSL_F_SSL_WRITE 208
1350#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
1351#define SSL_F_TLS1_ENC 210
1352#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
1353#define SSL_F_WRITE_PENDING 212
1354
1355/* Reason codes. */
1356#define SSL_R_APP_DATA_IN_HANDSHAKE 100
1357#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
1358#define SSL_R_BAD_ALERT_RECORD 101
1359#define SSL_R_BAD_AUTHENTICATION_TYPE 102
1360#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
1361#define SSL_R_BAD_CHECKSUM 104
1362#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
1363#define SSL_R_BAD_DECOMPRESSION 107
1364#define SSL_R_BAD_DH_G_LENGTH 108
1365#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
1366#define SSL_R_BAD_DH_P_LENGTH 110
1367#define SSL_R_BAD_DIGEST_LENGTH 111
1368#define SSL_R_BAD_DSA_SIGNATURE 112
1369#define SSL_R_BAD_HELLO_REQUEST 105
1370#define SSL_R_BAD_LENGTH 271
1371#define SSL_R_BAD_MAC_DECODE 113
1372#define SSL_R_BAD_MESSAGE_TYPE 114
1373#define SSL_R_BAD_PACKET_LENGTH 115
1374#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
1375#define SSL_R_BAD_RESPONSE_ARGUMENT 117
1376#define SSL_R_BAD_RSA_DECRYPT 118
1377#define SSL_R_BAD_RSA_ENCRYPT 119
1378#define SSL_R_BAD_RSA_E_LENGTH 120
1379#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
1380#define SSL_R_BAD_RSA_SIGNATURE 122
1381#define SSL_R_BAD_SIGNATURE 123
1382#define SSL_R_BAD_SSL_FILETYPE 124
1383#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
1384#define SSL_R_BAD_STATE 126
1385#define SSL_R_BAD_WRITE_RETRY 127
1386#define SSL_R_BIO_NOT_SET 128
1387#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
1388#define SSL_R_BN_LIB 130
1389#define SSL_R_CA_DN_LENGTH_MISMATCH 131
1390#define SSL_R_CA_DN_TOO_LONG 132
1391#define SSL_R_CCS_RECEIVED_EARLY 133
1392#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
1393#define SSL_R_CERT_LENGTH_MISMATCH 135
1394#define SSL_R_CHALLENGE_IS_DIFFERENT 136
1395#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
1396#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
1397#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
1398#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
1399#define SSL_R_COMPRESSION_FAILURE 141
1400#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
1401#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
1402#define SSL_R_CONNECTION_TYPE_NOT_SET 144
1403#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
1404#define SSL_R_DATA_LENGTH_TOO_LONG 146
1405#define SSL_R_DECRYPTION_FAILED 147
1406#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1407#define SSL_R_DIGEST_CHECK_FAILED 149
1408#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1409#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
1410#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
1411#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
1412#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
1413#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
1414#define SSL_R_HTTPS_PROXY_REQUEST 155
1415#define SSL_R_HTTP_REQUEST 156
1416#define SSL_R_INTERNAL_ERROR 157
1417#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1418#define SSL_R_INVALID_COMMAND 280
1419#define SSL_R_INVALID_PURPOSE 278
1420#define SSL_R_INVALID_TRUST 279
1421#define SSL_R_LENGTH_MISMATCH 159
1422#define SSL_R_LENGTH_TOO_SHORT 160
1423#define SSL_R_LIBRARY_BUG 274
1424#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
1425#define SSL_R_MISSING_DH_DSA_CERT 162
1426#define SSL_R_MISSING_DH_KEY 163
1427#define SSL_R_MISSING_DH_RSA_CERT 164
1428#define SSL_R_MISSING_DSA_SIGNING_CERT 165
1429#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
1430#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
1431#define SSL_R_MISSING_RSA_CERTIFICATE 168
1432#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
1433#define SSL_R_MISSING_RSA_SIGNING_CERT 170
1434#define SSL_R_MISSING_TMP_DH_KEY 171
1435#define SSL_R_MISSING_TMP_RSA_KEY 172
1436#define SSL_R_MISSING_TMP_RSA_PKEY 173
1437#define SSL_R_MISSING_VERIFY_MESSAGE 174
1438#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
1439#define SSL_R_NO_CERTIFICATES_RETURNED 176
1440#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
1441#define SSL_R_NO_CERTIFICATE_RETURNED 178
1442#define SSL_R_NO_CERTIFICATE_SET 179
1443#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
1444#define SSL_R_NO_CIPHERS_AVAILABLE 181
1445#define SSL_R_NO_CIPHERS_PASSED 182
1446#define SSL_R_NO_CIPHERS_SPECIFIED 183
1447#define SSL_R_NO_CIPHER_LIST 184
1448#define SSL_R_NO_CIPHER_MATCH 185
1449#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
1450#define SSL_R_NO_COMPRESSION_SPECIFIED 187
1451#define SSL_R_NO_METHOD_SPECIFIED 188
1452#define SSL_R_NO_PRIVATEKEY 189
1453#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
1454#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
1455#define SSL_R_NO_PUBLICKEY 192
1456#define SSL_R_NO_SHARED_CIPHER 193
1457#define SSL_R_NO_VERIFY_CALLBACK 194
1458#define SSL_R_NULL_SSL_CTX 195
1459#define SSL_R_NULL_SSL_METHOD_PASSED 196
1460#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
1461#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1462#define SSL_R_PATH_TOO_LONG 270
1463#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
1464#define SSL_R_PEER_ERROR 200
1465#define SSL_R_PEER_ERROR_CERTIFICATE 201
1466#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
1467#define SSL_R_PEER_ERROR_NO_CIPHER 203
1468#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
1469#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
1470#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
1471#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
1472#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
1473#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
1474#define SSL_R_PUBLIC_KEY_NOT_RSA 210
1475#define SSL_R_READ_BIO_NOT_SET 211
1476#define SSL_R_READ_WRONG_PACKET_TYPE 212
1477#define SSL_R_RECORD_LENGTH_MISMATCH 213
1478#define SSL_R_RECORD_TOO_LARGE 214
1479#define SSL_R_RECORD_TOO_SMALL 1093
1480#define SSL_R_REQUIRED_CIPHER_MISSING 215
1481#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1482#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
1483#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
1484#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
1485#define SSL_R_SHORT_READ 219
1486#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1487#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1488#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1489#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1490#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
1491#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
1492#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
1493#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
1494#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
1495#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
1496#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
1497#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
1498#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
1499#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
1500#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
1501#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
1502#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
1503#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
1504#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
1505#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
1506#define SSL_R_SSL_HANDSHAKE_FAILURE 229
1507#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
1508#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
1509#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
1510#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
1511#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
1512#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
1513#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
1514#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
1515#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
1516#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
1517#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
1518#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
1519#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
1520#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
1521#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
1522#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
1523#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
1524#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
1525#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
1526#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
1527#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
1528#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
1529#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
1530#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
1531#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
1532#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
1533#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
1534#define SSL_R_UNEXPECTED_MESSAGE 244
1535#define SSL_R_UNEXPECTED_RECORD 245
1536#define SSL_R_UNINITIALIZED 276
1537#define SSL_R_UNKNOWN_ALERT_TYPE 246
1538#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
1539#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
1540#define SSL_R_UNKNOWN_CIPHER_TYPE 249
1541#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
1542#define SSL_R_UNKNOWN_PKEY_TYPE 251
1543#define SSL_R_UNKNOWN_PROTOCOL 252
1544#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
1545#define SSL_R_UNKNOWN_SSL_VERSION 254
1546#define SSL_R_UNKNOWN_STATE 255
1547#define SSL_R_UNSUPPORTED_CIPHER 256
1548#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
1549#define SSL_R_UNSUPPORTED_OPTION 1091
1550#define SSL_R_UNSUPPORTED_PROTOCOL 258
1551#define SSL_R_UNSUPPORTED_SSL_VERSION 259
1552#define SSL_R_WRITE_BIO_NOT_SET 260
1553#define SSL_R_WRONG_CIPHER_RETURNED 261
1554#define SSL_R_WRONG_MESSAGE_TYPE 262
1555#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
1556#define SSL_R_WRONG_SIGNATURE_LENGTH 264
1557#define SSL_R_WRONG_SIGNATURE_SIZE 265
1558#define SSL_R_WRONG_SSL_VERSION 266
1559#define SSL_R_WRONG_VERSION_NUMBER 267
1560#define SSL_R_X509_LIB 268
1561#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
1562
1563#ifdef __cplusplus
1564}
1565#endif
1566#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index f8b56afb6b..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,269 +0,0 @@
1/* ssl/ssl2.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#ifdef MPE
137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
138#else
139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
140#endif
141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
142
143#define SSL2_CHALLENGE_LENGTH 16
144/*#define SSL2_CHALLENGE_LENGTH 32 */
145#define SSL2_MIN_CHALLENGE_LENGTH 16
146#define SSL2_MAX_CHALLENGE_LENGTH 32
147#define SSL2_CONNECTION_ID_LENGTH 16
148#define SSL2_MAX_CONNECTION_ID_LENGTH 16
149#define SSL2_SSL_SESSION_ID_LENGTH 16
150#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
151#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
152#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
153
154#ifndef HEADER_SSL_LOCL_H
155#define CERT char
156#endif
157
158typedef struct ssl2_state_st
159 {
160 int three_byte_header;
161 int clear_text; /* clear text */
162 int escape; /* not used in SSLv2 */
163 int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
164
165 /* non-blocking io info, used to make sure the same
166 * args were passwd */
167 unsigned int wnum; /* number of bytes sent so far */
168 int wpend_tot;
169 const unsigned char *wpend_buf;
170
171 int wpend_off; /* offset to data to write */
172 int wpend_len; /* number of bytes passwd to write */
173 int wpend_ret; /* number of bytes to return to caller */
174
175 /* buffer raw data */
176 int rbuf_left;
177 int rbuf_offs;
178 unsigned char *rbuf;
179 unsigned char *wbuf;
180
181 unsigned char *write_ptr;/* used to point to the start due to
182 * 2/3 byte header. */
183
184 unsigned int padding;
185 unsigned int rlength; /* passed to ssl2_enc */
186 int ract_data_length; /* Set when things are encrypted. */
187 unsigned int wlength; /* passed to ssl2_enc */
188 int wact_data_length; /* Set when things are decrypted. */
189 unsigned char *ract_data;
190 unsigned char *wact_data;
191 unsigned char *mac_data;
192 unsigned char *pad_data;
193
194 unsigned char *read_key;
195 unsigned char *write_key;
196
197 /* Stuff specifically to do with this SSL session */
198 unsigned int challenge_length;
199 unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
200 unsigned int conn_id_length;
201 unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
202 unsigned int key_material_length;
203 unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
204
205 unsigned long read_sequence;
206 unsigned long write_sequence;
207
208 struct {
209 unsigned int conn_id_length;
210 unsigned int cert_type;
211 unsigned int cert_length;
212 int csl;
213 int clear;
214 unsigned int enc;
215 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
216 int cipher_spec_length;
217 unsigned int session_id_length;
218 unsigned int clen;
219 unsigned int rlen;
220 } tmp;
221 } SSL2_STATE;
222
223/* SSLv2 */
224/* client */
225#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
226#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
227#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
228#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
229#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
230#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
231#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
232#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
233#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
234#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
235#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
236#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
237#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
238#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
239#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
240#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
241#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
242#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
243/* server */
244#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
245#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
246#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
247#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
248#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
249#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
250#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
251#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
252#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
253#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
254#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
255#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
256#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
257#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
258#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
259#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
260#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
261#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
262#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
263#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
264
265#ifdef __cplusplus
266}
267#endif
268#endif
269
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
1/* ssl/ssl23.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
83
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 7ee1feaa67..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,429 +0,0 @@
1/* ssl/ssl3.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL3_H
60#define HEADER_SSL3_H
61
62#ifndef NO_COMP
63#include <openssl/comp.h>
64#endif
65#include <openssl/buffer.h>
66#include <openssl/evp.h>
67#include <openssl/ssl.h>
68
69#ifdef __cplusplus
70extern "C" {
71#endif
72
73#define SSL3_CK_RSA_NULL_MD5 0x03000001
74#define SSL3_CK_RSA_NULL_SHA 0x03000002
75#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
76#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
77#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
78#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
79#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
80#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
81#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
82#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
83
84#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
85#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
86#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
87#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
88#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
89#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
90
91#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
92#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
93#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
94#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
95#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
96#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
97
98#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
99#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
100#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
101#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
102#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
103
104#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
105#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
106#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
107
108#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
109#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
110#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
111#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
112#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
113#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
114#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
115#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
116#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
117#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
118
119#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
120#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
121#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
122#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
123#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
124#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
125
126#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
127#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
128#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
129#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
130#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
131#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
132
133#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
134#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
135#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
136#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
137#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
138
139#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
140#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
141#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
142
143#define SSL3_SSL_SESSION_ID_LENGTH 32
144#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
145
146#define SSL3_MASTER_SECRET_SIZE 48
147#define SSL3_RANDOM_SIZE 32
148#define SSL3_SESSION_ID_SIZE 32
149#define SSL3_RT_HEADER_LENGTH 5
150
151/* Due to MS stuffing up, this can change.... */
152#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
153#define SSL3_RT_MAX_EXTRA (14000)
154#else
155#define SSL3_RT_MAX_EXTRA (16384)
156#endif
157
158#define SSL3_RT_MAX_PLAIN_LENGTH 16384
159#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
160#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
161#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
162#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
163
164#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
165#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
166
167#define SSL3_VERSION 0x0300
168#define SSL3_VERSION_MAJOR 0x03
169#define SSL3_VERSION_MINOR 0x00
170
171#define SSL3_RT_CHANGE_CIPHER_SPEC 20
172#define SSL3_RT_ALERT 21
173#define SSL3_RT_HANDSHAKE 22
174#define SSL3_RT_APPLICATION_DATA 23
175
176#define SSL3_AL_WARNING 1
177#define SSL3_AL_FATAL 2
178
179#define SSL3_AD_CLOSE_NOTIFY 0
180#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
181#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
182#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
183#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
184#define SSL3_AD_NO_CERTIFICATE 41
185#define SSL3_AD_BAD_CERTIFICATE 42
186#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
187#define SSL3_AD_CERTIFICATE_REVOKED 44
188#define SSL3_AD_CERTIFICATE_EXPIRED 45
189#define SSL3_AD_CERTIFICATE_UNKNOWN 46
190#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
191
192typedef struct ssl3_record_st
193 {
194/*r */ int type; /* type of record */
195/*rw*/ unsigned int length; /* How many bytes available */
196/*r */ unsigned int off; /* read/write offset into 'buf' */
197/*rw*/ unsigned char *data; /* pointer to the record data */
198/*rw*/ unsigned char *input; /* where the decode bytes are */
199/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
200 } SSL3_RECORD;
201
202typedef struct ssl3_buffer_st
203 {
204 unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes (more if
205 * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
206 int offset; /* where to 'copy from' */
207 int left; /* how many bytes left */
208 } SSL3_BUFFER;
209
210#define SSL3_CT_RSA_SIGN 1
211#define SSL3_CT_DSS_SIGN 2
212#define SSL3_CT_RSA_FIXED_DH 3
213#define SSL3_CT_DSS_FIXED_DH 4
214#define SSL3_CT_RSA_EPHEMERAL_DH 5
215#define SSL3_CT_DSS_EPHEMERAL_DH 6
216#define SSL3_CT_FORTEZZA_DMS 20
217#define SSL3_CT_NUMBER 7
218
219#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
220#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
221#define SSL3_FLAGS_POP_BUFFER 0x0004
222#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
223
224typedef struct ssl3_state_st
225 {
226 long flags;
227 int delay_buf_pop_ret;
228
229 unsigned char read_sequence[8];
230 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
231 unsigned char write_sequence[8];
232 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
233
234 unsigned char server_random[SSL3_RANDOM_SIZE];
235 unsigned char client_random[SSL3_RANDOM_SIZE];
236
237 SSL3_BUFFER rbuf; /* read IO goes into here */
238 SSL3_BUFFER wbuf; /* write IO goes into here */
239
240 SSL3_RECORD rrec; /* each decoded record goes in here */
241 SSL3_RECORD wrec; /* goes out from here */
242
243 /* storage for Alert/Handshake protocol data received but not
244 * yet processed by ssl3_read_bytes: */
245 unsigned char alert_fragment[2];
246 unsigned int alert_fragment_len;
247 unsigned char handshake_fragment[4];
248 unsigned int handshake_fragment_len;
249
250 /* partial write - check the numbers match */
251 unsigned int wnum; /* number of bytes sent so far */
252 int wpend_tot; /* number bytes written */
253 int wpend_type;
254 int wpend_ret; /* number of bytes submitted */
255 const unsigned char *wpend_buf;
256
257 /* used during startup, digest all incoming/outgoing packets */
258 EVP_MD_CTX finish_dgst1;
259 EVP_MD_CTX finish_dgst2;
260
261 /* this is set whenerver we see a change_cipher_spec message
262 * come in when we are not looking for one */
263 int change_cipher_spec;
264
265 int warn_alert;
266 int fatal_alert;
267 /* we allow one fatal and one warning alert to be outstanding,
268 * send close alert via the warning alert */
269 int alert_dispatch;
270 unsigned char send_alert[2];
271
272 /* This flag is set when we should renegotiate ASAP, basically when
273 * there is no more data in the read or write buffers */
274 int renegotiate;
275 int total_renegotiations;
276 int num_renegotiations;
277
278 int in_read_app_data;
279
280 struct {
281 /* actually only needs to be 16+20 */
282 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
283
284 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
285 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
286 int finish_md_len;
287 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
288 int peer_finish_md_len;
289
290 unsigned long message_size;
291 int message_type;
292
293 /* used to hold the new cipher we are going to use */
294 SSL_CIPHER *new_cipher;
295#ifndef NO_DH
296 DH *dh;
297#endif
298 /* used when SSL_ST_FLUSH_DATA is entered */
299 int next_state;
300
301 int reuse_message;
302
303 /* used for certificate requests */
304 int cert_req;
305 int ctype_num;
306 char ctype[SSL3_CT_NUMBER];
307 STACK_OF(X509_NAME) *ca_names;
308
309 int use_rsa_tmp;
310
311 int key_block_length;
312 unsigned char *key_block;
313
314 const EVP_CIPHER *new_sym_enc;
315 const EVP_MD *new_hash;
316#ifndef NO_COMP
317 const SSL_COMP *new_compression;
318#else
319 char *new_compression;
320#endif
321 int cert_request;
322 } tmp;
323
324 } SSL3_STATE;
325
326/* SSLv3 */
327/*client */
328/* extra state */
329#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
330/* write to server */
331#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
332#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
333/* read from server */
334#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
335#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
336#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
337#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
338#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
339#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
340#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
341#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
342#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
343#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
344/* write to server */
345#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
346#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
347#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
348#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
349#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
350#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
351#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
352#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
353#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
354#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
355#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
356#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
357/* read from server */
358#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
359#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
360#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
361#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
362
363/* server */
364/* extra state */
365#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
366/* read from client */
367/* Do not change the number values, they do matter */
368#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
369#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
370#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
371/* write to client */
372#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
373#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
374#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
375#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
376#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
377#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
378#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
379#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
380#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
381#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
382#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
383#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
384#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
385/* read from client */
386#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
387#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
388#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
389#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
390#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
391#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
392#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
393#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
394#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
395#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
396/* write to client */
397#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
398#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
399#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
400#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
401
402#define SSL3_MT_HELLO_REQUEST 0
403#define SSL3_MT_CLIENT_HELLO 1
404#define SSL3_MT_SERVER_HELLO 2
405#define SSL3_MT_CERTIFICATE 11
406#define SSL3_MT_SERVER_KEY_EXCHANGE 12
407#define SSL3_MT_CERTIFICATE_REQUEST 13
408#define SSL3_MT_SERVER_DONE 14
409#define SSL3_MT_CERTIFICATE_VERIFY 15
410#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
411#define SSL3_MT_FINISHED 20
412
413#define SSL3_MT_CCS 1
414
415/* These are used when changing over to a new cipher */
416#define SSL3_CC_READ 0x01
417#define SSL3_CC_WRITE 0x02
418#define SSL3_CC_CLIENT 0x10
419#define SSL3_CC_SERVER 0x20
420#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
421#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
422#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
423#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
424
425#ifdef __cplusplus
426}
427#endif
428#endif
429
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index dde8918fe0..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,107 +0,0 @@
1/* ssl/ssl_algs.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/lhash.h>
62#include "ssl_locl.h"
63
64int SSL_library_init(void)
65 {
66#ifndef NO_DES
67 EVP_add_cipher(EVP_des_cbc());
68 EVP_add_cipher(EVP_des_ede3_cbc());
69#endif
70#ifndef NO_IDEA
71 EVP_add_cipher(EVP_idea_cbc());
72#endif
73#ifndef NO_RC4
74 EVP_add_cipher(EVP_rc4());
75#endif
76#ifndef NO_RC2
77 EVP_add_cipher(EVP_rc2_cbc());
78#endif
79
80#ifndef NO_MD2
81 EVP_add_digest(EVP_md2());
82#endif
83#ifndef NO_MD5
84 EVP_add_digest(EVP_md5());
85 EVP_add_digest_alias(SN_md5,"ssl2-md5");
86 EVP_add_digest_alias(SN_md5,"ssl3-md5");
87#endif
88#ifndef NO_SHA
89 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
90 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
91 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
92#endif
93#if !defined(NO_SHA) && !defined(NO_DSA)
94 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
95 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
96 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
97 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
98#endif
99
100 /* If you want support for phased out ciphers, add the following */
101#if 0
102 EVP_add_digest(EVP_sha());
103 EVP_add_digest(EVP_dss());
104#endif
105 return(1);
106 }
107
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index fa6456e4f5..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,349 +0,0 @@
1/* ssl/ssl_asn1.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/asn1_mac.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include "ssl_locl.h"
65
66typedef struct ssl_session_asn1_st
67 {
68 ASN1_INTEGER version;
69 ASN1_INTEGER ssl_version;
70 ASN1_OCTET_STRING cipher;
71 ASN1_OCTET_STRING master_key;
72 ASN1_OCTET_STRING session_id;
73 ASN1_OCTET_STRING session_id_context;
74 ASN1_OCTET_STRING key_arg;
75 ASN1_INTEGER time;
76 ASN1_INTEGER timeout;
77 ASN1_INTEGER verify_result;
78 } SSL_SESSION_ASN1;
79
80int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
81 {
82#define LSIZE2 (sizeof(long)*2)
83 int v1=0,v2=0,v3=0,v4=0,v5=0;
84 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
85 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
86 long l;
87 SSL_SESSION_ASN1 a;
88 M_ASN1_I2D_vars(in);
89
90 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
91 return(0);
92
93 /* Note that I cheat in the following 2 assignments. I know
94 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
95 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
96 * This is a bit evil but makes things simple, no dynamic allocation
97 * to clean up :-) */
98 a.version.length=LSIZE2;
99 a.version.type=V_ASN1_INTEGER;
100 a.version.data=ibuf1;
101 ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
102
103 a.ssl_version.length=LSIZE2;
104 a.ssl_version.type=V_ASN1_INTEGER;
105 a.ssl_version.data=ibuf2;
106 ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
107
108 a.cipher.type=V_ASN1_OCTET_STRING;
109 a.cipher.data=buf;
110
111 if (in->cipher == NULL)
112 l=in->cipher_id;
113 else
114 l=in->cipher->id;
115 if (in->ssl_version == SSL2_VERSION)
116 {
117 a.cipher.length=3;
118 buf[0]=((unsigned char)(l>>16L))&0xff;
119 buf[1]=((unsigned char)(l>> 8L))&0xff;
120 buf[2]=((unsigned char)(l ))&0xff;
121 }
122 else
123 {
124 a.cipher.length=2;
125 buf[0]=((unsigned char)(l>>8L))&0xff;
126 buf[1]=((unsigned char)(l ))&0xff;
127 }
128
129 a.master_key.length=in->master_key_length;
130 a.master_key.type=V_ASN1_OCTET_STRING;
131 a.master_key.data=in->master_key;
132
133 a.session_id.length=in->session_id_length;
134 a.session_id.type=V_ASN1_OCTET_STRING;
135 a.session_id.data=in->session_id;
136
137 a.session_id_context.length=in->sid_ctx_length;
138 a.session_id_context.type=V_ASN1_OCTET_STRING;
139 a.session_id_context.data=in->sid_ctx;
140
141 a.key_arg.length=in->key_arg_length;
142 a.key_arg.type=V_ASN1_OCTET_STRING;
143 a.key_arg.data=in->key_arg;
144
145 if (in->time != 0L)
146 {
147 a.time.length=LSIZE2;
148 a.time.type=V_ASN1_INTEGER;
149 a.time.data=ibuf3;
150 ASN1_INTEGER_set(&(a.time),in->time);
151 }
152
153 if (in->timeout != 0L)
154 {
155 a.timeout.length=LSIZE2;
156 a.timeout.type=V_ASN1_INTEGER;
157 a.timeout.data=ibuf4;
158 ASN1_INTEGER_set(&(a.timeout),in->timeout);
159 }
160
161 if (in->verify_result != X509_V_OK)
162 {
163 a.verify_result.length=LSIZE2;
164 a.verify_result.type=V_ASN1_INTEGER;
165 a.verify_result.data=ibuf5;
166 ASN1_INTEGER_set(&a.verify_result,in->verify_result);
167 }
168
169 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
170 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
171 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
172 M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
173 M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
174 if (in->key_arg_length > 0)
175 M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
176 if (in->time != 0L)
177 M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
178 if (in->timeout != 0L)
179 M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
180 if (in->peer != NULL)
181 M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
182 M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
183 if (in->verify_result != X509_V_OK)
184 M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
185
186 M_ASN1_I2D_seq_total();
187
188 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
189 M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
190 M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
191 M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
192 M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
193 if (in->key_arg_length > 0)
194 M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
195 if (in->time != 0L)
196 M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
197 if (in->timeout != 0L)
198 M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
199 if (in->peer != NULL)
200 M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
201 M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
202 v4);
203 if (in->verify_result != X509_V_OK)
204 M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
205 M_ASN1_I2D_finish();
206 }
207
208SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
209 long length)
210 {
211 int version,ssl_version=0,i;
212 long id;
213 ASN1_INTEGER ai,*aip;
214 ASN1_OCTET_STRING os,*osp;
215 M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
216
217 aip= &ai;
218 osp= &os;
219
220 M_ASN1_D2I_Init();
221 M_ASN1_D2I_start_sequence();
222
223 ai.data=NULL; ai.length=0;
224 M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
225 version=(int)ASN1_INTEGER_get(aip);
226 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
227
228 /* we don't care about the version right now :-) */
229 M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
230 ssl_version=(int)ASN1_INTEGER_get(aip);
231 ret->ssl_version=ssl_version;
232 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
233
234 os.data=NULL; os.length=0;
235 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
236 if (ssl_version == SSL2_VERSION)
237 {
238 if (os.length != 3)
239 {
240 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
241 goto err;
242 }
243 id=0x02000000L|
244 ((unsigned long)os.data[0]<<16L)|
245 ((unsigned long)os.data[1]<< 8L)|
246 (unsigned long)os.data[2];
247 }
248 else if ((ssl_version>>8) == 3)
249 {
250 if (os.length != 2)
251 {
252 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
253 goto err;
254 }
255 id=0x03000000L|
256 ((unsigned long)os.data[0]<<8L)|
257 (unsigned long)os.data[1];
258 }
259 else
260 {
261 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
262 return(NULL);
263 }
264
265 ret->cipher=NULL;
266 ret->cipher_id=id;
267
268 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
269 if ((ssl_version>>8) == SSL3_VERSION)
270 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
271 else /* if (ssl_version == SSL2_VERSION) */
272 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
273
274 if (os.length > i)
275 os.length=i;
276
277 ret->session_id_length=os.length;
278 memcpy(ret->session_id,os.data,os.length);
279
280 M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
281 if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
282 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
283 else
284 ret->master_key_length=os.length;
285 memcpy(ret->master_key,os.data,ret->master_key_length);
286
287 os.length=0;
288 M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
289 if (os.length > SSL_MAX_KEY_ARG_LENGTH)
290 ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
291 else
292 ret->key_arg_length=os.length;
293 memcpy(ret->key_arg,os.data,ret->key_arg_length);
294 if (os.data != NULL) OPENSSL_free(os.data);
295
296 ai.length=0;
297 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
298 if (ai.data != NULL)
299 {
300 ret->time=ASN1_INTEGER_get(aip);
301 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
302 }
303 else
304 ret->time=time(NULL);
305
306 ai.length=0;
307 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
308 if (ai.data != NULL)
309 {
310 ret->timeout=ASN1_INTEGER_get(aip);
311 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
312 }
313 else
314 ret->timeout=3;
315
316 if (ret->peer != NULL)
317 {
318 X509_free(ret->peer);
319 ret->peer=NULL;
320 }
321 M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
322
323 os.length=0;
324 os.data=NULL;
325 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
326
327 if(os.data != NULL)
328 {
329 if (os.length > SSL_MAX_SID_CTX_LENGTH)
330 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
331 ret->sid_ctx_length=os.length;
332 memcpy(ret->sid_ctx,os.data,os.length);
333 OPENSSL_free(os.data); os.data=NULL; os.length=0;
334 }
335 else
336 ret->sid_ctx_length=0;
337
338 ai.length=0;
339 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
340 if (ai.data != NULL)
341 {
342 ret->verify_result=ASN1_INTEGER_get(aip);
343 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
344 }
345 else
346 ret->verify_result=X509_V_OK;
347
348 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
349 }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index 27e7fcc60a..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,757 +0,0 @@
1/*! \file ssl/ssl_cert.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@OpenSSL.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 */
106
107#include <stdio.h>
108
109#include "openssl/e_os.h"
110
111#ifndef NO_SYS_TYPES_H
112# include <sys/types.h>
113#endif
114
115#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
116#include <dirent.h>
117#endif
118
119#ifdef NeXT
120#include <sys/dir.h>
121#define dirent direct
122#endif
123
124#include <openssl/objects.h>
125#include <openssl/bio.h>
126#include <openssl/pem.h>
127#include <openssl/x509v3.h>
128#include "ssl_locl.h"
129
130int SSL_get_ex_data_X509_STORE_CTX_idx(void)
131 {
132 static int ssl_x509_store_ctx_idx= -1;
133
134 if (ssl_x509_store_ctx_idx < 0)
135 {
136 ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
137 0,"SSL for verify callback",NULL,NULL,NULL);
138 }
139 return(ssl_x509_store_ctx_idx);
140 }
141
142CERT *ssl_cert_new(void)
143 {
144 CERT *ret;
145
146 ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
147 if (ret == NULL)
148 {
149 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
150 return(NULL);
151 }
152 memset(ret,0,sizeof(CERT));
153
154 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
155 ret->references=1;
156
157 return(ret);
158 }
159
160CERT *ssl_cert_dup(CERT *cert)
161 {
162 CERT *ret;
163 int i;
164
165 ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
166 if (ret == NULL)
167 {
168 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
169 return(NULL);
170 }
171
172 memset(ret, 0, sizeof(CERT));
173
174 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
175 /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
176 * if you find that more readable */
177
178 ret->valid = cert->valid;
179 ret->mask = cert->mask;
180 ret->export_mask = cert->export_mask;
181
182#ifndef NO_RSA
183 if (cert->rsa_tmp != NULL)
184 {
185 ret->rsa_tmp = cert->rsa_tmp;
186 CRYPTO_add(&ret->rsa_tmp->references, 1, CRYPTO_LOCK_RSA);
187 }
188 ret->rsa_tmp_cb = cert->rsa_tmp_cb;
189#endif
190
191#ifndef NO_DH
192 if (cert->dh_tmp != NULL)
193 {
194 /* DH parameters don't have a reference count */
195 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
196 if (ret->dh_tmp == NULL)
197 {
198 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
199 goto err;
200 }
201 if (cert->dh_tmp->priv_key)
202 {
203 BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
204 if (!b)
205 {
206 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
207 goto err;
208 }
209 ret->dh_tmp->priv_key = b;
210 }
211 if (cert->dh_tmp->pub_key)
212 {
213 BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
214 if (!b)
215 {
216 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
217 goto err;
218 }
219 ret->dh_tmp->pub_key = b;
220 }
221 }
222 ret->dh_tmp_cb = cert->dh_tmp_cb;
223#endif
224
225 for (i = 0; i < SSL_PKEY_NUM; i++)
226 {
227 if (cert->pkeys[i].x509 != NULL)
228 {
229 ret->pkeys[i].x509 = cert->pkeys[i].x509;
230 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
231 CRYPTO_LOCK_X509);
232 }
233
234 if (cert->pkeys[i].privatekey != NULL)
235 {
236 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
237 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
238 CRYPTO_LOCK_EVP_PKEY);
239
240 switch(i)
241 {
242 /* If there was anything special to do for
243 * certain types of keys, we'd do it here.
244 * (Nothing at the moment, I think.) */
245
246 case SSL_PKEY_RSA_ENC:
247 case SSL_PKEY_RSA_SIGN:
248 /* We have an RSA key. */
249 break;
250
251 case SSL_PKEY_DSA_SIGN:
252 /* We have a DSA key. */
253 break;
254
255 case SSL_PKEY_DH_RSA:
256 case SSL_PKEY_DH_DSA:
257 /* We have a DH key. */
258 break;
259
260 default:
261 /* Can't happen. */
262 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
263 }
264 }
265 }
266
267 /* ret->extra_certs *should* exist, but currently the own certificate
268 * chain is held inside SSL_CTX */
269
270 ret->references=1;
271
272 return(ret);
273
274#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */
275err:
276#endif
277#ifndef NO_RSA
278 if (ret->rsa_tmp != NULL)
279 RSA_free(ret->rsa_tmp);
280#endif
281#ifndef NO_DH
282 if (ret->dh_tmp != NULL)
283 DH_free(ret->dh_tmp);
284#endif
285
286 for (i = 0; i < SSL_PKEY_NUM; i++)
287 {
288 if (ret->pkeys[i].x509 != NULL)
289 X509_free(ret->pkeys[i].x509);
290 if (ret->pkeys[i].privatekey != NULL)
291 EVP_PKEY_free(ret->pkeys[i].privatekey);
292 }
293
294 return NULL;
295 }
296
297
298void ssl_cert_free(CERT *c)
299 {
300 int i;
301
302 if(c == NULL)
303 return;
304
305 i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
306#ifdef REF_PRINT
307 REF_PRINT("CERT",c);
308#endif
309 if (i > 0) return;
310#ifdef REF_CHECK
311 if (i < 0)
312 {
313 fprintf(stderr,"ssl_cert_free, bad reference count\n");
314 abort(); /* ok */
315 }
316#endif
317
318#ifndef NO_RSA
319 if (c->rsa_tmp) RSA_free(c->rsa_tmp);
320#endif
321#ifndef NO_DH
322 if (c->dh_tmp) DH_free(c->dh_tmp);
323#endif
324
325 for (i=0; i<SSL_PKEY_NUM; i++)
326 {
327 if (c->pkeys[i].x509 != NULL)
328 X509_free(c->pkeys[i].x509);
329 if (c->pkeys[i].privatekey != NULL)
330 EVP_PKEY_free(c->pkeys[i].privatekey);
331#if 0
332 if (c->pkeys[i].publickey != NULL)
333 EVP_PKEY_free(c->pkeys[i].publickey);
334#endif
335 }
336 OPENSSL_free(c);
337 }
338
339int ssl_cert_inst(CERT **o)
340 {
341 /* Create a CERT if there isn't already one
342 * (which cannot really happen, as it is initially created in
343 * SSL_CTX_new; but the earlier code usually allows for that one
344 * being non-existant, so we follow that behaviour, as it might
345 * turn out that there actually is a reason for it -- but I'm
346 * not sure that *all* of the existing code could cope with
347 * s->cert being NULL, otherwise we could do without the
348 * initialization in SSL_CTX_new).
349 */
350
351 if (o == NULL)
352 {
353 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
354 return(0);
355 }
356 if (*o == NULL)
357 {
358 if ((*o = ssl_cert_new()) == NULL)
359 {
360 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
361 return(0);
362 }
363 }
364 return(1);
365 }
366
367
368SESS_CERT *ssl_sess_cert_new(void)
369 {
370 SESS_CERT *ret;
371
372 ret = OPENSSL_malloc(sizeof *ret);
373 if (ret == NULL)
374 {
375 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
376 return NULL;
377 }
378
379 memset(ret, 0 ,sizeof *ret);
380 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
381 ret->references = 1;
382
383 return ret;
384 }
385
386void ssl_sess_cert_free(SESS_CERT *sc)
387 {
388 int i;
389
390 if (sc == NULL)
391 return;
392
393 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
394#ifdef REF_PRINT
395 REF_PRINT("SESS_CERT", sc);
396#endif
397 if (i > 0)
398 return;
399#ifdef REF_CHECK
400 if (i < 0)
401 {
402 fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
403 abort(); /* ok */
404 }
405#endif
406
407 /* i == 0 */
408 if (sc->cert_chain != NULL)
409 sk_X509_pop_free(sc->cert_chain, X509_free);
410 for (i = 0; i < SSL_PKEY_NUM; i++)
411 {
412 if (sc->peer_pkeys[i].x509 != NULL)
413 X509_free(sc->peer_pkeys[i].x509);
414#if 0 /* We don't have the peer's private key. These lines are just
415 * here as a reminder that we're still using a not-quite-appropriate
416 * data structure. */
417 if (sc->peer_pkeys[i].privatekey != NULL)
418 EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
419#endif
420 }
421
422#ifndef NO_RSA
423 if (sc->peer_rsa_tmp != NULL)
424 RSA_free(sc->peer_rsa_tmp);
425#endif
426#ifndef NO_DH
427 if (sc->peer_dh_tmp != NULL)
428 DH_free(sc->peer_dh_tmp);
429#endif
430
431 OPENSSL_free(sc);
432 }
433
434int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
435 {
436 sc->peer_cert_type = type;
437 return(1);
438 }
439
440int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
441 {
442 X509 *x;
443 int i;
444 X509_STORE_CTX ctx;
445
446 if ((sk == NULL) || (sk_X509_num(sk) == 0))
447 return(0);
448
449 x=sk_X509_value(sk,0);
450 X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
451 if (SSL_get_verify_depth(s) >= 0)
452 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
453 X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
454 /* We need to set the verify purpose. The purpose can be determined by
455 * the context: if its a server it will verify SSL client certificates
456 * or vice versa.
457 */
458
459 if(s->server) i = X509_PURPOSE_SSL_CLIENT;
460 else i = X509_PURPOSE_SSL_SERVER;
461
462 X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
463
464 if (s->ctx->app_verify_callback != NULL)
465 i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
466 else
467 {
468#ifndef NO_X509_VERIFY
469 i=X509_verify_cert(&ctx);
470#else
471 i=0;
472 ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
473 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
474#endif
475 }
476
477 s->verify_result=ctx.error;
478 X509_STORE_CTX_cleanup(&ctx);
479
480 return(i);
481 }
482
483static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
484 {
485 if (*ca_list != NULL)
486 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
487
488 *ca_list=list;
489 }
490
491STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
492 {
493 int i;
494 STACK_OF(X509_NAME) *ret;
495 X509_NAME *name;
496
497 ret=sk_X509_NAME_new_null();
498 for (i=0; i<sk_X509_NAME_num(sk); i++)
499 {
500 name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
501 if ((name == NULL) || !sk_X509_NAME_push(ret,name))
502 {
503 sk_X509_NAME_pop_free(ret,X509_NAME_free);
504 return(NULL);
505 }
506 }
507 return(ret);
508 }
509
510void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
511 {
512 set_client_CA_list(&(s->client_CA),list);
513 }
514
515void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
516 {
517 set_client_CA_list(&(ctx->client_CA),list);
518 }
519
520STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
521 {
522 return(ctx->client_CA);
523 }
524
525STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
526 {
527 if (s->type == SSL_ST_CONNECT)
528 { /* we are in the client */
529 if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
530 (s->s3 != NULL))
531 return(s->s3->tmp.ca_names);
532 else
533 return(NULL);
534 }
535 else
536 {
537 if (s->client_CA != NULL)
538 return(s->client_CA);
539 else
540 return(s->ctx->client_CA);
541 }
542 }
543
544static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
545 {
546 X509_NAME *name;
547
548 if (x == NULL) return(0);
549 if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
550 return(0);
551
552 if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
553 return(0);
554
555 if (!sk_X509_NAME_push(*sk,name))
556 {
557 X509_NAME_free(name);
558 return(0);
559 }
560 return(1);
561 }
562
563int SSL_add_client_CA(SSL *ssl,X509 *x)
564 {
565 return(add_client_CA(&(ssl->client_CA),x));
566 }
567
568int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
569 {
570 return(add_client_CA(&(ctx->client_CA),x));
571 }
572
573static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
574 {
575 return(X509_NAME_cmp(*a,*b));
576 }
577
578#ifndef NO_STDIO
579/*!
580 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
581 * it doesn't really have anything to do with clients (except that a common use
582 * for a stack of CAs is to send it to the client). Actually, it doesn't have
583 * much to do with CAs, either, since it will load any old cert.
584 * \param file the file containing one or more certs.
585 * \return a ::STACK containing the certs.
586 */
587STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
588 {
589 BIO *in;
590 X509 *x=NULL;
591 X509_NAME *xn=NULL;
592 STACK_OF(X509_NAME) *ret,*sk;
593
594 ret=sk_X509_NAME_new_null();
595 sk=sk_X509_NAME_new(xname_cmp);
596
597 in=BIO_new(BIO_s_file_internal());
598
599 if ((ret == NULL) || (sk == NULL) || (in == NULL))
600 {
601 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
602 goto err;
603 }
604
605 if (!BIO_read_filename(in,file))
606 goto err;
607
608 for (;;)
609 {
610 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
611 break;
612 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
613 /* check for duplicates */
614 xn=X509_NAME_dup(xn);
615 if (xn == NULL) goto err;
616 if (sk_X509_NAME_find(sk,xn) >= 0)
617 X509_NAME_free(xn);
618 else
619 {
620 sk_X509_NAME_push(sk,xn);
621 sk_X509_NAME_push(ret,xn);
622 }
623 }
624
625 if (0)
626 {
627err:
628 if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
629 ret=NULL;
630 }
631 if (sk != NULL) sk_X509_NAME_free(sk);
632 if (in != NULL) BIO_free(in);
633 if (x != NULL) X509_free(x);
634 return(ret);
635 }
636#endif
637
638/*!
639 * Add a file of certs to a stack.
640 * \param stack the stack to add to.
641 * \param file the file to add from. All certs in this file that are not
642 * already in the stack will be added.
643 * \return 1 for success, 0 for failure. Note that in the case of failure some
644 * certs may have been added to \c stack.
645 */
646
647int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
648 const char *file)
649 {
650 BIO *in;
651 X509 *x=NULL;
652 X509_NAME *xn=NULL;
653 int ret=1;
654 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
655
656 oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
657
658 in=BIO_new(BIO_s_file_internal());
659
660 if (in == NULL)
661 {
662 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
663 goto err;
664 }
665
666 if (!BIO_read_filename(in,file))
667 goto err;
668
669 for (;;)
670 {
671 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
672 break;
673 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
674 xn=X509_NAME_dup(xn);
675 if (xn == NULL) goto err;
676 if (sk_X509_NAME_find(stack,xn) >= 0)
677 X509_NAME_free(xn);
678 else
679 sk_X509_NAME_push(stack,xn);
680 }
681
682 if (0)
683 {
684err:
685 ret=0;
686 }
687 if(in != NULL)
688 BIO_free(in);
689 if(x != NULL)
690 X509_free(x);
691
692 sk_X509_NAME_set_cmp_func(stack,oldcmp);
693
694 return ret;
695 }
696
697/*!
698 * Add a directory of certs to a stack.
699 * \param stack the stack to append to.
700 * \param dir the directory to append from. All files in this directory will be
701 * examined as potential certs. Any that are acceptable to
702 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
703 * included.
704 * \return 1 for success, 0 for failure. Note that in the case of failure some
705 * certs may have been added to \c stack.
706 */
707
708#ifndef WIN32
709#ifndef VMS /* XXXX This may be fixed in the future */
710#ifndef MAC_OS_pre_X
711
712int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
713 const char *dir)
714 {
715 DIR *d;
716 struct dirent *dstruct;
717 int ret = 0;
718
719 CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
720 d = opendir(dir);
721
722 /* Note that a side effect is that the CAs will be sorted by name */
723 if(!d)
724 {
725 SYSerr(SYS_F_OPENDIR, get_last_sys_error());
726 ERR_add_error_data(3, "opendir('", dir, "')");
727 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
728 goto err;
729 }
730
731 while((dstruct=readdir(d)))
732 {
733 char buf[1024];
734 int r;
735
736 if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
737 {
738 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
739 goto err;
740 }
741
742 r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
743 if (r <= 0 || r >= sizeof buf)
744 goto err;
745 if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
746 goto err;
747 }
748 ret = 1;
749
750err:
751 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
752 return ret;
753 }
754
755#endif
756#endif
757#endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index f63163f26c..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1071 +0,0 @@
1/* ssl/ssl_ciph.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/comp.h>
62#include "ssl_locl.h"
63
64#define SSL_ENC_DES_IDX 0
65#define SSL_ENC_3DES_IDX 1
66#define SSL_ENC_RC4_IDX 2
67#define SSL_ENC_RC2_IDX 3
68#define SSL_ENC_IDEA_IDX 4
69#define SSL_ENC_eFZA_IDX 5
70#define SSL_ENC_NULL_IDX 6
71#define SSL_ENC_NUM_IDX 7
72
73static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
74 NULL,NULL,NULL,NULL,NULL,NULL,
75 };
76
77static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
78
79#define SSL_MD_MD5_IDX 0
80#define SSL_MD_SHA1_IDX 1
81#define SSL_MD_NUM_IDX 2
82static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
83 NULL,NULL,
84 };
85
86#define CIPHER_ADD 1
87#define CIPHER_KILL 2
88#define CIPHER_DEL 3
89#define CIPHER_ORD 4
90#define CIPHER_SPECIAL 5
91
92typedef struct cipher_order_st
93 {
94 SSL_CIPHER *cipher;
95 int active;
96 int dead;
97 struct cipher_order_st *next,*prev;
98 } CIPHER_ORDER;
99
100static const SSL_CIPHER cipher_aliases[]={
101 /* Don't include eNULL unless specifically enabled */
102 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
103 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
104 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
105 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
106 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
107 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
108 {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
109 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
110
111 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
112 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
113 {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},
114 {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
115 {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0},
116 {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0},
117
118 {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0},
119 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
120 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
121 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
122 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
123 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
124 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
125
126 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
127 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
128 {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
129
130 {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
131 {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
132 {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
133 {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
134
135 {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
136 {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
137 {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
138
139 {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
140 {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
141 {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
142 {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
143 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
144 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
145 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
146 };
147
148static int init_ciphers=1;
149
150static void load_ciphers(void)
151 {
152 init_ciphers=0;
153 ssl_cipher_methods[SSL_ENC_DES_IDX]=
154 EVP_get_cipherbyname(SN_des_cbc);
155 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
156 EVP_get_cipherbyname(SN_des_ede3_cbc);
157 ssl_cipher_methods[SSL_ENC_RC4_IDX]=
158 EVP_get_cipherbyname(SN_rc4);
159 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
160 EVP_get_cipherbyname(SN_rc2_cbc);
161 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
162 EVP_get_cipherbyname(SN_idea_cbc);
163
164 ssl_digest_methods[SSL_MD_MD5_IDX]=
165 EVP_get_digestbyname(SN_md5);
166 ssl_digest_methods[SSL_MD_SHA1_IDX]=
167 EVP_get_digestbyname(SN_sha1);
168 }
169
170int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
171 const EVP_MD **md, SSL_COMP **comp)
172 {
173 int i;
174 SSL_CIPHER *c;
175
176 c=s->cipher;
177 if (c == NULL) return(0);
178 if (comp != NULL)
179 {
180 SSL_COMP ctmp;
181
182 if (s->compress_meth == 0)
183 *comp=NULL;
184 else if (ssl_comp_methods == NULL)
185 {
186 /* bad */
187 *comp=NULL;
188 }
189 else
190 {
191
192 ctmp.id=s->compress_meth;
193 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
194 if (i >= 0)
195 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
196 else
197 *comp=NULL;
198 }
199 }
200
201 if ((enc == NULL) || (md == NULL)) return(0);
202
203 switch (c->algorithms & SSL_ENC_MASK)
204 {
205 case SSL_DES:
206 i=SSL_ENC_DES_IDX;
207 break;
208 case SSL_3DES:
209 i=SSL_ENC_3DES_IDX;
210 break;
211 case SSL_RC4:
212 i=SSL_ENC_RC4_IDX;
213 break;
214 case SSL_RC2:
215 i=SSL_ENC_RC2_IDX;
216 break;
217 case SSL_IDEA:
218 i=SSL_ENC_IDEA_IDX;
219 break;
220 case SSL_eNULL:
221 i=SSL_ENC_NULL_IDX;
222 break;
223 default:
224 i= -1;
225 break;
226 }
227
228 if ((i < 0) || (i > SSL_ENC_NUM_IDX))
229 *enc=NULL;
230 else
231 {
232 if (i == SSL_ENC_NULL_IDX)
233 *enc=EVP_enc_null();
234 else
235 *enc=ssl_cipher_methods[i];
236 }
237
238 switch (c->algorithms & SSL_MAC_MASK)
239 {
240 case SSL_MD5:
241 i=SSL_MD_MD5_IDX;
242 break;
243 case SSL_SHA1:
244 i=SSL_MD_SHA1_IDX;
245 break;
246 default:
247 i= -1;
248 break;
249 }
250 if ((i < 0) || (i > SSL_MD_NUM_IDX))
251 *md=NULL;
252 else
253 *md=ssl_digest_methods[i];
254
255 if ((*enc != NULL) && (*md != NULL))
256 return(1);
257 else
258 return(0);
259 }
260
261#define ITEM_SEP(a) \
262 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
263
264static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
265 CIPHER_ORDER **tail)
266 {
267 if (curr == *tail) return;
268 if (curr == *head)
269 *head=curr->next;
270 if (curr->prev != NULL)
271 curr->prev->next=curr->next;
272 if (curr->next != NULL) /* should always be true */
273 curr->next->prev=curr->prev;
274 (*tail)->next=curr;
275 curr->prev= *tail;
276 curr->next=NULL;
277 *tail=curr;
278 }
279
280static unsigned long ssl_cipher_get_disabled(void)
281 {
282 unsigned long mask;
283
284 mask = SSL_kFZA;
285#ifdef NO_RSA
286 mask |= SSL_aRSA|SSL_kRSA;
287#endif
288#ifdef NO_DSA
289 mask |= SSL_aDSS;
290#endif
291#ifdef NO_DH
292 mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
293#endif
294
295#ifdef SSL_FORBID_ENULL
296 mask |= SSL_eNULL;
297#endif
298
299 mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
300 mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
301 mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
302 mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
303 mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
304 mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
305
306 mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
307 mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
308
309 return(mask);
310 }
311
312static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
313 int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
314 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
315 {
316 int i, list_num;
317 SSL_CIPHER *c;
318
319 /*
320 * We have num_of_ciphers descriptions compiled in, depending on the
321 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
322 * These will later be sorted in a linked list with at most num
323 * entries.
324 */
325
326 /* Get the initial list of ciphers */
327 list_num = 0; /* actual count of ciphers */
328 for (i = 0; i < num_of_ciphers; i++)
329 {
330 c = ssl_method->get_cipher(i);
331 /* drop those that use any of that is not available */
332 if ((c != NULL) && c->valid && !(c->algorithms & mask))
333 {
334 list[list_num].cipher = c;
335 list[list_num].next = NULL;
336 list[list_num].prev = NULL;
337 list[list_num].active = 0;
338 list_num++;
339 /*
340 if (!sk_push(ca_list,(char *)c)) goto err;
341 */
342 }
343 }
344
345 /*
346 * Prepare linked list from list entries
347 */
348 for (i = 1; i < list_num - 1; i++)
349 {
350 list[i].prev = &(list[i-1]);
351 list[i].next = &(list[i+1]);
352 }
353 if (list_num > 0)
354 {
355 (*head_p) = &(list[0]);
356 (*head_p)->prev = NULL;
357 (*head_p)->next = &(list[1]);
358 (*tail_p) = &(list[list_num - 1]);
359 (*tail_p)->prev = &(list[list_num - 2]);
360 (*tail_p)->next = NULL;
361 }
362 }
363
364static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
365 int num_of_group_aliases, unsigned long mask,
366 CIPHER_ORDER *head)
367 {
368 CIPHER_ORDER *ciph_curr;
369 SSL_CIPHER **ca_curr;
370 int i;
371
372 /*
373 * First, add the real ciphers as already collected
374 */
375 ciph_curr = head;
376 ca_curr = ca_list;
377 while (ciph_curr != NULL)
378 {
379 *ca_curr = ciph_curr->cipher;
380 ca_curr++;
381 ciph_curr = ciph_curr->next;
382 }
383
384 /*
385 * Now we add the available ones from the cipher_aliases[] table.
386 * They represent either an algorithm, that must be fully
387 * supported (not match any bit in mask) or represent a cipher
388 * strength value (will be added in any case because algorithms=0).
389 */
390 for (i = 0; i < num_of_group_aliases; i++)
391 {
392 if ((i == 0) || /* always fetch "ALL" */
393 !(cipher_aliases[i].algorithms & mask))
394 {
395 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
396 ca_curr++;
397 }
398 }
399
400 *ca_curr = NULL; /* end of list */
401 }
402
403static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
404 unsigned long algo_strength, unsigned long mask_strength,
405 int rule, int strength_bits, CIPHER_ORDER *list,
406 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
407 {
408 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
409 SSL_CIPHER *cp;
410 unsigned long ma, ma_s;
411
412#ifdef CIPHER_DEBUG
413 printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
414 rule, algorithms, mask, algo_strength, mask_strength,
415 strength_bits);
416#endif
417
418 curr = head = *head_p;
419 curr2 = head;
420 tail2 = tail = *tail_p;
421 for (;;)
422 {
423 if ((curr == NULL) || (curr == tail2)) break;
424 curr = curr2;
425 curr2 = curr->next;
426
427 cp = curr->cipher;
428
429 /*
430 * Selection criteria is either the number of strength_bits
431 * or the algorithm used.
432 */
433 if (strength_bits == -1)
434 {
435 ma = mask & cp->algorithms;
436 ma_s = mask_strength & cp->algo_strength;
437
438#ifdef CIPHER_DEBUG
439 printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
440 printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
441#endif
442 /*
443 * Select: if none of the mask bit was met from the
444 * cipher or not all of the bits were met, the
445 * selection does not apply.
446 */
447 if (((ma == 0) && (ma_s == 0)) ||
448 ((ma & algorithms) != ma) ||
449 ((ma_s & algo_strength) != ma_s))
450 continue; /* does not apply */
451 }
452 else if (strength_bits != cp->strength_bits)
453 continue; /* does not apply */
454
455#ifdef CIPHER_DEBUG
456 printf("Action = %d\n", rule);
457#endif
458
459 /* add the cipher if it has not been added yet. */
460 if (rule == CIPHER_ADD)
461 {
462 if (!curr->active)
463 {
464 ll_append_tail(&head, curr, &tail);
465 curr->active = 1;
466 }
467 }
468 /* Move the added cipher to this location */
469 else if (rule == CIPHER_ORD)
470 {
471 if (curr->active)
472 {
473 ll_append_tail(&head, curr, &tail);
474 }
475 }
476 else if (rule == CIPHER_DEL)
477 curr->active = 0;
478 else if (rule == CIPHER_KILL)
479 {
480 if (head == curr)
481 head = curr->next;
482 else
483 curr->prev->next = curr->next;
484 if (tail == curr)
485 tail = curr->prev;
486 curr->active = 0;
487 if (curr->next != NULL)
488 curr->next->prev = curr->prev;
489 if (curr->prev != NULL)
490 curr->prev->next = curr->next;
491 curr->next = NULL;
492 curr->prev = NULL;
493 }
494 }
495
496 *head_p = head;
497 *tail_p = tail;
498 }
499
500static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
501 CIPHER_ORDER **tail_p)
502 {
503 int max_strength_bits, i, *number_uses;
504 CIPHER_ORDER *curr;
505
506 /*
507 * This routine sorts the ciphers with descending strength. The sorting
508 * must keep the pre-sorted sequence, so we apply the normal sorting
509 * routine as '+' movement to the end of the list.
510 */
511 max_strength_bits = 0;
512 curr = *head_p;
513 while (curr != NULL)
514 {
515 if (curr->active &&
516 (curr->cipher->strength_bits > max_strength_bits))
517 max_strength_bits = curr->cipher->strength_bits;
518 curr = curr->next;
519 }
520
521 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
522 if (!number_uses)
523 {
524 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
525 return(0);
526 }
527 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
528
529 /*
530 * Now find the strength_bits values actually used
531 */
532 curr = *head_p;
533 while (curr != NULL)
534 {
535 if (curr->active)
536 number_uses[curr->cipher->strength_bits]++;
537 curr = curr->next;
538 }
539 /*
540 * Go through the list of used strength_bits values in descending
541 * order.
542 */
543 for (i = max_strength_bits; i >= 0; i--)
544 if (number_uses[i] > 0)
545 ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
546 list, head_p, tail_p);
547
548 OPENSSL_free(number_uses);
549 return(1);
550 }
551
552static int ssl_cipher_process_rulestr(const char *rule_str,
553 CIPHER_ORDER *list, CIPHER_ORDER **head_p,
554 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
555 {
556 unsigned long algorithms, mask, algo_strength, mask_strength;
557 const char *l, *start, *buf;
558 int j, multi, found, rule, retval, ok, buflen;
559 char ch;
560
561 retval = 1;
562 l = rule_str;
563 for (;;)
564 {
565 ch = *l;
566
567 if (ch == '\0')
568 break; /* done */
569 if (ch == '-')
570 { rule = CIPHER_DEL; l++; }
571 else if (ch == '+')
572 { rule = CIPHER_ORD; l++; }
573 else if (ch == '!')
574 { rule = CIPHER_KILL; l++; }
575 else if (ch == '@')
576 { rule = CIPHER_SPECIAL; l++; }
577 else
578 { rule = CIPHER_ADD; }
579
580 if (ITEM_SEP(ch))
581 {
582 l++;
583 continue;
584 }
585
586 algorithms = mask = algo_strength = mask_strength = 0;
587
588 start=l;
589 for (;;)
590 {
591 ch = *l;
592 buf = l;
593 buflen = 0;
594#ifndef CHARSET_EBCDIC
595 while ( ((ch >= 'A') && (ch <= 'Z')) ||
596 ((ch >= '0') && (ch <= '9')) ||
597 ((ch >= 'a') && (ch <= 'z')) ||
598 (ch == '-'))
599#else
600 while ( isalnum(ch) || (ch == '-'))
601#endif
602 {
603 ch = *(++l);
604 buflen++;
605 }
606
607 if (buflen == 0)
608 {
609 /*
610 * We hit something we cannot deal with,
611 * it is no command or separator nor
612 * alphanumeric, so we call this an error.
613 */
614 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
615 SSL_R_INVALID_COMMAND);
616 retval = found = 0;
617 l++;
618 break;
619 }
620
621 if (rule == CIPHER_SPECIAL)
622 {
623 found = 0; /* unused -- avoid compiler warning */
624 break; /* special treatment */
625 }
626
627 /* check for multi-part specification */
628 if (ch == '+')
629 {
630 multi=1;
631 l++;
632 }
633 else
634 multi=0;
635
636 /*
637 * Now search for the cipher alias in the ca_list. Be careful
638 * with the strncmp, because the "buflen" limitation
639 * will make the rule "ADH:SOME" and the cipher
640 * "ADH-MY-CIPHER" look like a match for buflen=3.
641 * So additionally check whether the cipher name found
642 * has the correct length. We can save a strlen() call:
643 * just checking for the '\0' at the right place is
644 * sufficient, we have to strncmp() anyway.
645 */
646 j = found = 0;
647 while (ca_list[j])
648 {
649 if ((ca_list[j]->name[buflen] == '\0') &&
650 !strncmp(buf, ca_list[j]->name, buflen))
651 {
652 found = 1;
653 break;
654 }
655 else
656 j++;
657 }
658 if (!found)
659 break; /* ignore this entry */
660
661 algorithms |= ca_list[j]->algorithms;
662 mask |= ca_list[j]->mask;
663 algo_strength |= ca_list[j]->algo_strength;
664 mask_strength |= ca_list[j]->mask_strength;
665
666 if (!multi) break;
667 }
668
669 /*
670 * Ok, we have the rule, now apply it
671 */
672 if (rule == CIPHER_SPECIAL)
673 { /* special command */
674 ok = 0;
675 if ((buflen == 8) &&
676 !strncmp(buf, "STRENGTH", 8))
677 ok = ssl_cipher_strength_sort(list,
678 head_p, tail_p);
679 else
680 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
681 SSL_R_INVALID_COMMAND);
682 if (ok == 0)
683 retval = 0;
684 /*
685 * We do not support any "multi" options
686 * together with "@", so throw away the
687 * rest of the command, if any left, until
688 * end or ':' is found.
689 */
690 while ((*l != '\0') && ITEM_SEP(*l))
691 l++;
692 }
693 else if (found)
694 {
695 ssl_cipher_apply_rule(algorithms, mask,
696 algo_strength, mask_strength, rule, -1,
697 list, head_p, tail_p);
698 }
699 else
700 {
701 while ((*l != '\0') && ITEM_SEP(*l))
702 l++;
703 }
704 if (*l == '\0') break; /* done */
705 }
706
707 return(retval);
708 }
709
710STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
711 STACK_OF(SSL_CIPHER) **cipher_list,
712 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
713 const char *rule_str)
714 {
715 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
716 unsigned long disabled_mask;
717 STACK_OF(SSL_CIPHER) *cipherstack;
718 const char *rule_p;
719 CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
720 SSL_CIPHER **ca_list = NULL;
721
722 /*
723 * Return with error if nothing to do.
724 */
725 if (rule_str == NULL) return(NULL);
726
727 if (init_ciphers) load_ciphers();
728
729 /*
730 * To reduce the work to do we only want to process the compiled
731 * in algorithms, so we first get the mask of disabled ciphers.
732 */
733 disabled_mask = ssl_cipher_get_disabled();
734
735 /*
736 * Now we have to collect the available ciphers from the compiled
737 * in ciphers. We cannot get more than the number compiled in, so
738 * it is used for allocation.
739 */
740 num_of_ciphers = ssl_method->num_ciphers();
741 list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
742 if (list == NULL)
743 {
744 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
745 return(NULL); /* Failure */
746 }
747
748 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
749 list, &head, &tail);
750
751 /*
752 * We also need cipher aliases for selecting based on the rule_str.
753 * There might be two types of entries in the rule_str: 1) names
754 * of ciphers themselves 2) aliases for groups of ciphers.
755 * For 1) we need the available ciphers and for 2) the cipher
756 * groups of cipher_aliases added together in one list (otherwise
757 * we would be happy with just the cipher_aliases table).
758 */
759 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
760 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
761 ca_list =
762 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
763 if (ca_list == NULL)
764 {
765 OPENSSL_free(list);
766 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
767 return(NULL); /* Failure */
768 }
769 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
770 head);
771
772 /*
773 * If the rule_string begins with DEFAULT, apply the default rule
774 * before using the (possibly available) additional rules.
775 */
776 ok = 1;
777 rule_p = rule_str;
778 if (strncmp(rule_str,"DEFAULT",7) == 0)
779 {
780 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
781 list, &head, &tail, ca_list);
782 rule_p += 7;
783 if (*rule_p == ':')
784 rule_p++;
785 }
786
787 if (ok && (strlen(rule_p) > 0))
788 ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
789 ca_list);
790
791 OPENSSL_free(ca_list); /* Not needed anymore */
792
793 if (!ok)
794 { /* Rule processing failure */
795 OPENSSL_free(list);
796 return(NULL);
797 }
798 /*
799 * Allocate new "cipherstack" for the result, return with error
800 * if we cannot get one.
801 */
802 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
803 {
804 OPENSSL_free(list);
805 return(NULL);
806 }
807
808 /*
809 * The cipher selection for the list is done. The ciphers are added
810 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
811 */
812 for (curr = head; curr != NULL; curr = curr->next)
813 {
814 if (curr->active)
815 {
816 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
817#ifdef CIPHER_DEBUG
818 printf("<%s>\n",curr->cipher->name);
819#endif
820 }
821 }
822 OPENSSL_free(list); /* Not needed any longer */
823
824 /*
825 * The following passage is a little bit odd. If pointer variables
826 * were supplied to hold STACK_OF(SSL_CIPHER) return information,
827 * the old memory pointed to is free()ed. Then, however, the
828 * cipher_list entry will be assigned just a copy of the returned
829 * cipher stack. For cipher_list_by_id a copy of the cipher stack
830 * will be created. See next comment...
831 */
832 if (cipher_list != NULL)
833 {
834 if (*cipher_list != NULL)
835 sk_SSL_CIPHER_free(*cipher_list);
836 *cipher_list = cipherstack;
837 }
838
839 if (cipher_list_by_id != NULL)
840 {
841 if (*cipher_list_by_id != NULL)
842 sk_SSL_CIPHER_free(*cipher_list_by_id);
843 *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
844 }
845
846 /*
847 * Now it is getting really strange. If something failed during
848 * the previous pointer assignment or if one of the pointers was
849 * not requested, the error condition is met. That might be
850 * discussable. The strange thing is however that in this case
851 * the memory "ret" pointed to is "free()ed" and hence the pointer
852 * cipher_list becomes wild. The memory reserved for
853 * cipher_list_by_id however is not "free()ed" and stays intact.
854 */
855 if ( (cipher_list_by_id == NULL) ||
856 (*cipher_list_by_id == NULL) ||
857 (cipher_list == NULL) ||
858 (*cipher_list == NULL))
859 {
860 sk_SSL_CIPHER_free(cipherstack);
861 return(NULL);
862 }
863
864 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
865
866 return(cipherstack);
867 }
868
869char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
870 {
871 int is_export,pkl,kl;
872 char *ver,*exp;
873 char *kx,*au,*enc,*mac;
874 unsigned long alg,alg2,alg_s;
875 static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
876
877 alg=cipher->algorithms;
878 alg_s=cipher->algo_strength;
879 alg2=cipher->algorithm2;
880
881 is_export=SSL_C_IS_EXPORT(cipher);
882 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
883 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
884 exp=is_export?" export":"";
885
886 if (alg & SSL_SSLV2)
887 ver="SSLv2";
888 else if (alg & SSL_SSLV3)
889 ver="SSLv3";
890 else
891 ver="unknown";
892
893 switch (alg&SSL_MKEY_MASK)
894 {
895 case SSL_kRSA:
896 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
897 break;
898 case SSL_kDHr:
899 kx="DH/RSA";
900 break;
901 case SSL_kDHd:
902 kx="DH/DSS";
903 break;
904 case SSL_kFZA:
905 kx="Fortezza";
906 break;
907 case SSL_kEDH:
908 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
909 break;
910 default:
911 kx="unknown";
912 }
913
914 switch (alg&SSL_AUTH_MASK)
915 {
916 case SSL_aRSA:
917 au="RSA";
918 break;
919 case SSL_aDSS:
920 au="DSS";
921 break;
922 case SSL_aDH:
923 au="DH";
924 break;
925 case SSL_aFZA:
926 case SSL_aNULL:
927 au="None";
928 break;
929 default:
930 au="unknown";
931 break;
932 }
933
934 switch (alg&SSL_ENC_MASK)
935 {
936 case SSL_DES:
937 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
938 break;
939 case SSL_3DES:
940 enc="3DES(168)";
941 break;
942 case SSL_RC4:
943 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
944 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
945 break;
946 case SSL_RC2:
947 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
948 break;
949 case SSL_IDEA:
950 enc="IDEA(128)";
951 break;
952 case SSL_eFZA:
953 enc="Fortezza";
954 break;
955 case SSL_eNULL:
956 enc="None";
957 break;
958 default:
959 enc="unknown";
960 break;
961 }
962
963 switch (alg&SSL_MAC_MASK)
964 {
965 case SSL_MD5:
966 mac="MD5";
967 break;
968 case SSL_SHA1:
969 mac="SHA1";
970 break;
971 default:
972 mac="unknown";
973 break;
974 }
975
976 if (buf == NULL)
977 {
978 len=128;
979 buf=OPENSSL_malloc(len);
980 if (buf == NULL) return("OPENSSL_malloc Error");
981 }
982 else if (len < 128)
983 return("Buffer too small");
984
985 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
986 return(buf);
987 }
988
989char *SSL_CIPHER_get_version(SSL_CIPHER *c)
990 {
991 int i;
992
993 if (c == NULL) return("(NONE)");
994 i=(int)(c->id>>24L);
995 if (i == 3)
996 return("TLSv1/SSLv3");
997 else if (i == 2)
998 return("SSLv2");
999 else
1000 return("unknown");
1001 }
1002
1003/* return the actual cipher being used */
1004const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
1005 {
1006 if (c != NULL)
1007 return(c->name);
1008 return("(NONE)");
1009 }
1010
1011/* number of bits for symmetric cipher */
1012int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
1013 {
1014 int ret=0;
1015
1016 if (c != NULL)
1017 {
1018 if (alg_bits != NULL) *alg_bits = c->alg_bits;
1019 ret = c->strength_bits;
1020 }
1021 return(ret);
1022 }
1023
1024SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1025 {
1026 SSL_COMP *ctmp;
1027 int i,nn;
1028
1029 if ((n == 0) || (sk == NULL)) return(NULL);
1030 nn=sk_SSL_COMP_num(sk);
1031 for (i=0; i<nn; i++)
1032 {
1033 ctmp=sk_SSL_COMP_value(sk,i);
1034 if (ctmp->id == n)
1035 return(ctmp);
1036 }
1037 return(NULL);
1038 }
1039
1040static int sk_comp_cmp(const SSL_COMP * const *a,
1041 const SSL_COMP * const *b)
1042 {
1043 return((*a)->id-(*b)->id);
1044 }
1045
1046STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1047 {
1048 return(ssl_comp_methods);
1049 }
1050
1051int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1052 {
1053 SSL_COMP *comp;
1054 STACK_OF(SSL_COMP) *sk;
1055
1056 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1057 comp->id=id;
1058 comp->method=cm;
1059 if (ssl_comp_methods == NULL)
1060 sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
1061 else
1062 sk=ssl_comp_methods;
1063 if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
1064 {
1065 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1066 return(0);
1067 }
1068 else
1069 return(1);
1070 }
1071
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 1ae3333407..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,435 +0,0 @@
1/* ssl/ssl_err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/ssl.h>
64
65/* BEGIN ERROR CODES */
66#ifndef NO_ERR
67static ERR_STRING_DATA SSL_str_functs[]=
68 {
69{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"},
70{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"},
71{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"},
72{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"},
73{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"},
74{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"},
75{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"},
76{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"},
77{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"},
78{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"},
79{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"},
80{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"},
81{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"},
82{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"},
83{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"},
84{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"},
85{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"},
86{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"},
87{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"},
88{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"},
89{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"},
90{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"},
91{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"},
92{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"},
93{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"},
94{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"},
95{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"},
96{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"},
97{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"},
98{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"},
99{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"},
100{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"},
101{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0), "SSL3_CALLBACK_CTRL"},
102{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"},
103{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"},
104{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"},
105{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"},
106{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"},
107{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"},
108{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"},
109{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"},
110{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"},
111{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"},
112{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"},
113{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
114{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"},
115{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"},
116{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"},
117{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"},
118{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"},
119{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"},
120{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"},
121{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"},
122{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"},
123{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"},
124{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"},
125{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"},
126{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"},
127{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
128{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"},
129{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"},
130{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
131{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"},
132{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"},
133{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"},
134{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"},
135{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"},
136{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"},
137{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"},
138{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"},
139{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"},
140{ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"},
141{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"},
142{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"},
143{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"},
144{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"},
145{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"},
146{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
147{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"},
148{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
149{ERR_PACK(0,SSL_F_SSL_CTRL,0), "SSL_ctrl"},
150{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
151{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
152{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0), "SSL_CTX_set_purpose"},
153{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"},
154{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
155{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"},
156{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"},
157{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"},
158{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"},
159{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"},
160{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"},
161{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"},
162{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"},
163{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"},
164{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"},
165{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"},
166{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"},
167{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"},
168{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"},
169{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"},
170{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"},
171{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"},
172{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"},
173{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"},
174{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"},
175{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"},
176{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"},
177{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"},
178{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"},
179{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"},
180{ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"},
181{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"},
182{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"},
183{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0), "SSL_set_purpose"},
184{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"},
185{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"},
186{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"},
187{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"},
188{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"},
189{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"},
190{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"},
191{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"},
192{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"},
193{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"},
194{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"},
195{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"},
196{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"},
197{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"},
198{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"},
199{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"},
200{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"},
201{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"},
202{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"},
203{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"},
204{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"},
205{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"},
206{0,NULL}
207 };
208
209static ERR_STRING_DATA SSL_str_reasons[]=
210 {
211{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"},
212{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
213{SSL_R_BAD_ALERT_RECORD ,"bad alert record"},
214{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"},
215{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"},
216{SSL_R_BAD_CHECKSUM ,"bad checksum"},
217{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"},
218{SSL_R_BAD_DECOMPRESSION ,"bad decompression"},
219{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"},
220{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"},
221{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"},
222{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"},
223{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"},
224{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"},
225{SSL_R_BAD_LENGTH ,"bad length"},
226{SSL_R_BAD_MAC_DECODE ,"bad mac decode"},
227{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"},
228{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"},
229{SSL_R_BAD_PROTOCOL_VERSION_NUMBER ,"bad protocol version number"},
230{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"},
231{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"},
232{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"},
233{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"},
234{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"},
235{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"},
236{SSL_R_BAD_SIGNATURE ,"bad signature"},
237{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"},
238{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"},
239{SSL_R_BAD_STATE ,"bad state"},
240{SSL_R_BAD_WRITE_RETRY ,"bad write retry"},
241{SSL_R_BIO_NOT_SET ,"bio not set"},
242{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"},
243{SSL_R_BN_LIB ,"bn lib"},
244{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"},
245{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"},
246{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"},
247{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"},
248{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"},
249{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"},
250{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"},
251{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"},
252{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"},
253{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"},
254{SSL_R_COMPRESSION_FAILURE ,"compression failure"},
255{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"},
256{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"},
257{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"},
258{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"},
259{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"},
260{SSL_R_DECRYPTION_FAILED ,"decryption failed"},
261{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"},
262{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"},
263{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"},
264{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"},
265{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"},
266{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"},
267{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"},
268{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"},
269{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"},
270{SSL_R_HTTP_REQUEST ,"http request"},
271{SSL_R_INTERNAL_ERROR ,"internal error"},
272{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"},
273{SSL_R_INVALID_COMMAND ,"invalid command"},
274{SSL_R_INVALID_PURPOSE ,"invalid purpose"},
275{SSL_R_INVALID_TRUST ,"invalid trust"},
276{SSL_R_LENGTH_MISMATCH ,"length mismatch"},
277{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
278{SSL_R_LIBRARY_BUG ,"library bug"},
279{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"},
280{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"},
281{SSL_R_MISSING_DH_KEY ,"missing dh key"},
282{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"},
283{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"},
284{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"},
285{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"},
286{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"},
287{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"},
288{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"},
289{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"},
290{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"},
291{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"},
292{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"},
293{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"},
294{SSL_R_NO_CERTIFICATES_RETURNED ,"no certificates returned"},
295{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"},
296{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"},
297{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"},
298{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"},
299{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"},
300{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"},
301{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"},
302{SSL_R_NO_CIPHER_LIST ,"no cipher list"},
303{SSL_R_NO_CIPHER_MATCH ,"no cipher match"},
304{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"},
305{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"},
306{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"},
307{SSL_R_NO_PRIVATEKEY ,"no privatekey"},
308{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"},
309{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"},
310{SSL_R_NO_PUBLICKEY ,"no publickey"},
311{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"},
312{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"},
313{SSL_R_NULL_SSL_CTX ,"null ssl ctx"},
314{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"},
315{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"},
316{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"},
317{SSL_R_PATH_TOO_LONG ,"path too long"},
318{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
319{SSL_R_PEER_ERROR ,"peer error"},
320{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"},
321{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"},
322{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"},
323{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"},
324{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"},
325{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"},
326{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"},
327{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"},
328{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"},
329{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
330{SSL_R_READ_BIO_NOT_SET ,"read bio not set"},
331{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"},
332{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"},
333{SSL_R_RECORD_TOO_LARGE ,"record too large"},
334{SSL_R_RECORD_TOO_SMALL ,"record too small"},
335{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"},
336{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"},
337{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"},
338{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"},
339{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"},
340{SSL_R_SHORT_READ ,"short read"},
341{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
342{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"},
343{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"},
344{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"},
345{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"},
346{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"},
347{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"},
348{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"},
349{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"},
350{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"},
351{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"},
352{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"},
353{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"},
354{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"},
355{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"},
356{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"},
357{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"},
358{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"},
359{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"},
360{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
361{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"},
362{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"},
363{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"},
364{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"},
365{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"},
366{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"},
367{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"},
368{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"},
369{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"},
370{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
371{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"},
372{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"},
373{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"},
374{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"},
375{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"},
376{SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"},
377{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
378{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
379{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
380{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"},
381{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"},
382{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"},
383{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"},
384{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
385{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"},
386{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES ,"unable to load ssl2 md5 routines"},
387{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ,"unable to load ssl3 md5 routines"},
388{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
389{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"},
390{SSL_R_UNEXPECTED_RECORD ,"unexpected record"},
391{SSL_R_UNINITIALIZED ,"uninitialized"},
392{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"},
393{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"},
394{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"},
395{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"},
396{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"},
397{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"},
398{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"},
399{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"},
400{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"},
401{SSL_R_UNKNOWN_STATE ,"unknown state"},
402{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
403{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
404{SSL_R_UNSUPPORTED_OPTION ,"unsupported option"},
405{SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"},
406{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"},
407{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"},
408{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"},
409{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"},
410{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"},
411{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
412{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"},
413{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
414{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
415{SSL_R_X509_LIB ,"x509 lib"},
416{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
417{0,NULL}
418 };
419
420#endif
421
422void ERR_load_SSL_strings(void)
423 {
424 static int init=1;
425
426 if (init)
427 {
428 init=0;
429#ifndef NO_ERR
430 ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
431 ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
432#endif
433
434 }
435 }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index cc089a612b..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ssl/ssl_err2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/ssl.h>
62
63void SSL_load_error_strings(void)
64 {
65#ifndef NO_ERR
66 ERR_load_crypto_strings();
67 ERR_load_SSL_strings();
68#endif
69 }
70
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 1fe85b6cb7..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,2074 +0,0 @@
1/*! \file ssl/ssl_lib.c
2 * \brief Version independent SSL functions.
3 */
4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * All rights reserved.
6 *
7 * This package is an SSL implementation written
8 * by Eric Young (eay@cryptsoft.com).
9 * The implementation was written so as to conform with Netscapes SSL.
10 *
11 * This library is free for commercial and non-commercial use as long as
12 * the following conditions are aheared to. The following conditions
13 * apply to all code found in this distribution, be it the RC4, RSA,
14 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15 * included with this distribution is covered by the same copyright terms
16 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17 *
18 * Copyright remains Eric Young's, and as such any Copyright notices in
19 * the code are not to be removed.
20 * If this package is used in a product, Eric Young should be given attribution
21 * as the author of the parts of the library used.
22 * This can be in the form of a textual message at program startup or
23 * in documentation (online or textual) provided with the package.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the copyright
29 * notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in the
32 * documentation and/or other materials provided with the distribution.
33 * 3. All advertising materials mentioning features or use of this software
34 * must display the following acknowledgement:
35 * "This product includes cryptographic software written by
36 * Eric Young (eay@cryptsoft.com)"
37 * The word 'cryptographic' can be left out if the rouines from the library
38 * being used are not cryptographic related :-).
39 * 4. If you include any Windows specific code (or a derivative thereof) from
40 * the apps directory (application code) you must include an acknowledgement:
41 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42 *
43 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * SUCH DAMAGE.
54 *
55 * The licence and distribution terms for any publically available version or
56 * derivative of this code cannot be changed. i.e. this code cannot simply be
57 * copied and put under another distribution licence
58 * [including the GNU Public Licence.]
59 */
60
61
62#include <assert.h>
63#include <stdio.h>
64#include <openssl/objects.h>
65#include <openssl/lhash.h>
66#include <openssl/x509v3.h>
67#include "ssl_locl.h"
68
69const char *SSL_version_str=OPENSSL_VERSION_TEXT;
70
71static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
72static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
73static int ssl_meth_num=0;
74static int ssl_ctx_meth_num=0;
75
76OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
77 /* evil casts, but these functions are only called if there's a library bug */
78 (int (*)(SSL *,int))ssl_undefined_function,
79 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
80 ssl_undefined_function,
81 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
82 (int (*)(SSL*, int))ssl_undefined_function,
83 (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
84 };
85
86int SSL_clear(SSL *s)
87 {
88 int state;
89
90 if (s->method == NULL)
91 {
92 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
93 return(0);
94 }
95
96 s->error=0;
97 s->hit=0;
98 s->shutdown=0;
99
100#if 0 /* Disabled since version 1.10 of this file (early return not
101 * needed because SSL_clear is not called when doing renegotiation) */
102 /* This is set if we are doing dynamic renegotiation so keep
103 * the old cipher. It is sort of a SSL_clear_lite :-) */
104 if (s->new_session) return(1);
105#else
106 if (s->new_session)
107 {
108 SSLerr(SSL_F_SSL_CLEAR,SSL_R_INTERNAL_ERROR);
109 return 0;
110 }
111#endif
112
113 state=s->state; /* Keep to check if we throw away the session-id */
114 s->type=0;
115
116 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
117
118 s->version=s->method->version;
119 s->client_version=s->version;
120 s->rwstate=SSL_NOTHING;
121 s->rstate=SSL_ST_READ_HEADER;
122#if 0
123 s->read_ahead=s->ctx->read_ahead;
124#endif
125
126 if (s->init_buf != NULL)
127 {
128 BUF_MEM_free(s->init_buf);
129 s->init_buf=NULL;
130 }
131
132 ssl_clear_cipher_ctx(s);
133
134 if (ssl_clear_bad_session(s))
135 {
136 SSL_SESSION_free(s->session);
137 s->session=NULL;
138 }
139
140 s->first_packet=0;
141
142#if 1
143 /* Check to see if we were changed into a different method, if
144 * so, revert back if we are not doing session-id reuse. */
145 if ((s->session == NULL) && (s->method != s->ctx->method))
146 {
147 s->method->ssl_free(s);
148 s->method=s->ctx->method;
149 if (!s->method->ssl_new(s))
150 return(0);
151 }
152 else
153#endif
154 s->method->ssl_clear(s);
155 return(1);
156 }
157
158/** Used to change an SSL_CTXs default SSL method type */
159int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
160 {
161 STACK_OF(SSL_CIPHER) *sk;
162
163 ctx->method=meth;
164
165 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
166 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
167 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
168 {
169 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
170 return(0);
171 }
172 return(1);
173 }
174
175SSL *SSL_new(SSL_CTX *ctx)
176 {
177 SSL *s;
178
179 if (ctx == NULL)
180 {
181 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
182 return(NULL);
183 }
184 if (ctx->method == NULL)
185 {
186 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
187 return(NULL);
188 }
189
190 s=(SSL *)OPENSSL_malloc(sizeof(SSL));
191 if (s == NULL) goto err;
192 memset(s,0,sizeof(SSL));
193
194 if (ctx->cert != NULL)
195 {
196 /* Earlier library versions used to copy the pointer to
197 * the CERT, not its contents; only when setting new
198 * parameters for the per-SSL copy, ssl_cert_new would be
199 * called (and the direct reference to the per-SSL_CTX
200 * settings would be lost, but those still were indirectly
201 * accessed for various purposes, and for that reason they
202 * used to be known as s->ctx->default_cert).
203 * Now we don't look at the SSL_CTX's CERT after having
204 * duplicated it once. */
205
206 s->cert = ssl_cert_dup(ctx->cert);
207 if (s->cert == NULL)
208 goto err;
209 }
210 else
211 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
212 s->sid_ctx_length=ctx->sid_ctx_length;
213 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
214 s->verify_mode=ctx->verify_mode;
215 s->verify_depth=ctx->verify_depth;
216 s->verify_callback=ctx->default_verify_callback;
217 s->purpose = ctx->purpose;
218 s->trust = ctx->trust;
219 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
220 s->ctx=ctx;
221
222 s->verify_result=X509_V_OK;
223
224 s->method=ctx->method;
225
226 if (!s->method->ssl_new(s))
227 goto err;
228
229 s->quiet_shutdown=ctx->quiet_shutdown;
230 s->references=1;
231 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
232 s->options=ctx->options;
233 s->mode=ctx->mode;
234 s->read_ahead=ctx->read_ahead; /* used to happen in SSL_clear */
235 SSL_clear(s);
236
237 CRYPTO_new_ex_data(ssl_meth,s,&s->ex_data);
238
239 return(s);
240err:
241 if (s != NULL)
242 {
243 if (s->cert != NULL)
244 ssl_cert_free(s->cert);
245 if (s->ctx != NULL)
246 SSL_CTX_free(s->ctx); /* decrement reference count */
247 OPENSSL_free(s);
248 }
249 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
250 return(NULL);
251 }
252
253int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
254 unsigned int sid_ctx_len)
255 {
256 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
257 {
258 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
259 return 0;
260 }
261 ctx->sid_ctx_length=sid_ctx_len;
262 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
263
264 return 1;
265 }
266
267int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
268 unsigned int sid_ctx_len)
269 {
270 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
271 {
272 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
273 return 0;
274 }
275 ssl->sid_ctx_length=sid_ctx_len;
276 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
277
278 return 1;
279 }
280
281int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
282{
283 if(X509_PURPOSE_get_by_id(purpose) == -1) {
284 SSLerr(SSL_F_SSL_CTX_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
285 return 0;
286 }
287 s->purpose = purpose;
288 return 1;
289}
290
291int SSL_set_purpose(SSL *s, int purpose)
292{
293 if(X509_PURPOSE_get_by_id(purpose) == -1) {
294 SSLerr(SSL_F_SSL_SET_PURPOSE, SSL_R_INVALID_PURPOSE);
295 return 0;
296 }
297 s->purpose = purpose;
298 return 1;
299}
300
301int SSL_CTX_set_trust(SSL_CTX *s, int trust)
302{
303 if(X509_TRUST_get_by_id(trust) == -1) {
304 SSLerr(SSL_F_SSL_CTX_SET_TRUST, SSL_R_INVALID_TRUST);
305 return 0;
306 }
307 s->trust = trust;
308 return 1;
309}
310
311int SSL_set_trust(SSL *s, int trust)
312{
313 if(X509_TRUST_get_by_id(trust) == -1) {
314 SSLerr(SSL_F_SSL_SET_TRUST, SSL_R_INVALID_TRUST);
315 return 0;
316 }
317 s->trust = trust;
318 return 1;
319}
320
321void SSL_free(SSL *s)
322 {
323 int i;
324
325 if(s == NULL)
326 return;
327
328 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
329#ifdef REF_PRINT
330 REF_PRINT("SSL",s);
331#endif
332 if (i > 0) return;
333#ifdef REF_CHECK
334 if (i < 0)
335 {
336 fprintf(stderr,"SSL_free, bad reference count\n");
337 abort(); /* ok */
338 }
339#endif
340
341 CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
342
343 if (s->bbio != NULL)
344 {
345 /* If the buffering BIO is in place, pop it off */
346 if (s->bbio == s->wbio)
347 {
348 s->wbio=BIO_pop(s->wbio);
349 }
350 BIO_free(s->bbio);
351 s->bbio=NULL;
352 }
353 if (s->rbio != NULL)
354 BIO_free_all(s->rbio);
355 if ((s->wbio != NULL) && (s->wbio != s->rbio))
356 BIO_free_all(s->wbio);
357
358 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
359
360 /* add extra stuff */
361 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
362 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
363
364 /* Make the next call work :-) */
365 if (s->session != NULL)
366 {
367 ssl_clear_bad_session(s);
368 SSL_SESSION_free(s->session);
369 }
370
371 ssl_clear_cipher_ctx(s);
372
373 if (s->cert != NULL) ssl_cert_free(s->cert);
374 /* Free up if allocated */
375
376 if (s->ctx) SSL_CTX_free(s->ctx);
377
378 if (s->client_CA != NULL)
379 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
380
381 if (s->method != NULL) s->method->ssl_free(s);
382
383 OPENSSL_free(s);
384 }
385
386void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
387 {
388 /* If the output buffering BIO is still in place, remove it
389 */
390 if (s->bbio != NULL)
391 {
392 if (s->wbio == s->bbio)
393 {
394 s->wbio=s->wbio->next_bio;
395 s->bbio->next_bio=NULL;
396 }
397 }
398 if ((s->rbio != NULL) && (s->rbio != rbio))
399 BIO_free_all(s->rbio);
400 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
401 BIO_free_all(s->wbio);
402 s->rbio=rbio;
403 s->wbio=wbio;
404 }
405
406BIO *SSL_get_rbio(SSL *s)
407 { return(s->rbio); }
408
409BIO *SSL_get_wbio(SSL *s)
410 { return(s->wbio); }
411
412int SSL_get_fd(SSL *s)
413 {
414 int ret= -1;
415 BIO *b,*r;
416
417 b=SSL_get_rbio(s);
418 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
419 if (r != NULL)
420 BIO_get_fd(r,&ret);
421 return(ret);
422 }
423
424#ifndef NO_SOCK
425int SSL_set_fd(SSL *s,int fd)
426 {
427 int ret=0;
428 BIO *bio=NULL;
429
430 bio=BIO_new(BIO_s_socket());
431
432 if (bio == NULL)
433 {
434 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
435 goto err;
436 }
437 BIO_set_fd(bio,fd,BIO_NOCLOSE);
438 SSL_set_bio(s,bio,bio);
439 ret=1;
440err:
441 return(ret);
442 }
443
444int SSL_set_wfd(SSL *s,int fd)
445 {
446 int ret=0;
447 BIO *bio=NULL;
448
449 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
450 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
451 {
452 bio=BIO_new(BIO_s_socket());
453
454 if (bio == NULL)
455 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
456 BIO_set_fd(bio,fd,BIO_NOCLOSE);
457 SSL_set_bio(s,SSL_get_rbio(s),bio);
458 }
459 else
460 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
461 ret=1;
462err:
463 return(ret);
464 }
465
466int SSL_set_rfd(SSL *s,int fd)
467 {
468 int ret=0;
469 BIO *bio=NULL;
470
471 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
472 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
473 {
474 bio=BIO_new(BIO_s_socket());
475
476 if (bio == NULL)
477 {
478 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
479 goto err;
480 }
481 BIO_set_fd(bio,fd,BIO_NOCLOSE);
482 SSL_set_bio(s,bio,SSL_get_wbio(s));
483 }
484 else
485 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
486 ret=1;
487err:
488 return(ret);
489 }
490#endif
491
492
493/* return length of latest Finished message we sent, copy to 'buf' */
494size_t SSL_get_finished(SSL *s, void *buf, size_t count)
495 {
496 size_t ret = 0;
497
498 if (s->s3 != NULL)
499 {
500 ret = s->s3->tmp.finish_md_len;
501 if (count > ret)
502 count = ret;
503 memcpy(buf, s->s3->tmp.finish_md, count);
504 }
505 return ret;
506 }
507
508/* return length of latest Finished message we expected, copy to 'buf' */
509size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count)
510 {
511 size_t ret = 0;
512
513 if (s->s3 != NULL)
514 {
515 ret = s->s3->tmp.peer_finish_md_len;
516 if (count > ret)
517 count = ret;
518 memcpy(buf, s->s3->tmp.peer_finish_md, count);
519 }
520 return ret;
521 }
522
523
524int SSL_get_verify_mode(SSL *s)
525 {
526 return(s->verify_mode);
527 }
528
529int SSL_get_verify_depth(SSL *s)
530 {
531 return(s->verify_depth);
532 }
533
534int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
535 {
536 return(s->verify_callback);
537 }
538
539int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
540 {
541 return(ctx->verify_mode);
542 }
543
544int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
545 {
546 return(ctx->verify_depth);
547 }
548
549int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
550 {
551 return(ctx->default_verify_callback);
552 }
553
554void SSL_set_verify(SSL *s,int mode,
555 int (*callback)(int ok,X509_STORE_CTX *ctx))
556 {
557 s->verify_mode=mode;
558 if (callback != NULL)
559 s->verify_callback=callback;
560 }
561
562void SSL_set_verify_depth(SSL *s,int depth)
563 {
564 s->verify_depth=depth;
565 }
566
567void SSL_set_read_ahead(SSL *s,int yes)
568 {
569 s->read_ahead=yes;
570 }
571
572int SSL_get_read_ahead(SSL *s)
573 {
574 return(s->read_ahead);
575 }
576
577int SSL_pending(SSL *s)
578 {
579 return(s->method->ssl_pending(s));
580 }
581
582X509 *SSL_get_peer_certificate(SSL *s)
583 {
584 X509 *r;
585
586 if ((s == NULL) || (s->session == NULL))
587 r=NULL;
588 else
589 r=s->session->peer;
590
591 if (r == NULL) return(r);
592
593 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
594
595 return(r);
596 }
597
598STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
599 {
600 STACK_OF(X509) *r;
601
602 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
603 r=NULL;
604 else
605 r=s->session->sess_cert->cert_chain;
606
607 /* If we are a client, cert_chain includes the peer's own
608 * certificate; if we are a server, it does not. */
609
610 return(r);
611 }
612
613/* Now in theory, since the calling process own 't' it should be safe to
614 * modify. We need to be able to read f without being hassled */
615void SSL_copy_session_id(SSL *t,SSL *f)
616 {
617 CERT *tmp;
618
619 /* Do we need to to SSL locking? */
620 SSL_set_session(t,SSL_get_session(f));
621
622 /* what if we are setup as SSLv2 but want to talk SSLv3 or
623 * vice-versa */
624 if (t->method != f->method)
625 {
626 t->method->ssl_free(t); /* cleanup current */
627 t->method=f->method; /* change method */
628 t->method->ssl_new(t); /* setup new */
629 }
630
631 tmp=t->cert;
632 if (f->cert != NULL)
633 {
634 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
635 t->cert=f->cert;
636 }
637 else
638 t->cert=NULL;
639 if (tmp != NULL) ssl_cert_free(tmp);
640 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
641 }
642
643/* Fix this so it checks all the valid key/cert options */
644int SSL_CTX_check_private_key(SSL_CTX *ctx)
645 {
646 if ( (ctx == NULL) ||
647 (ctx->cert == NULL) ||
648 (ctx->cert->key->x509 == NULL))
649 {
650 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
651 return(0);
652 }
653 if (ctx->cert->key->privatekey == NULL)
654 {
655 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
656 return(0);
657 }
658 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
659 }
660
661/* Fix this function so that it takes an optional type parameter */
662int SSL_check_private_key(SSL *ssl)
663 {
664 if (ssl == NULL)
665 {
666 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
667 return(0);
668 }
669 if (ssl->cert == NULL)
670 {
671 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
672 return 0;
673 }
674 if (ssl->cert->key->x509 == NULL)
675 {
676 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
677 return(0);
678 }
679 if (ssl->cert->key->privatekey == NULL)
680 {
681 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
682 return(0);
683 }
684 return(X509_check_private_key(ssl->cert->key->x509,
685 ssl->cert->key->privatekey));
686 }
687
688int SSL_accept(SSL *s)
689 {
690 if (s->handshake_func == 0)
691 /* Not properly initialized yet */
692 SSL_set_accept_state(s);
693
694 return(s->method->ssl_accept(s));
695 }
696
697int SSL_connect(SSL *s)
698 {
699 if (s->handshake_func == 0)
700 /* Not properly initialized yet */
701 SSL_set_connect_state(s);
702
703 return(s->method->ssl_connect(s));
704 }
705
706long SSL_get_default_timeout(SSL *s)
707 {
708 return(s->method->get_timeout());
709 }
710
711int SSL_read(SSL *s,void *buf,int num)
712 {
713 if (s->handshake_func == 0)
714 {
715 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
716 return -1;
717 }
718
719 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
720 {
721 s->rwstate=SSL_NOTHING;
722 return(0);
723 }
724 return(s->method->ssl_read(s,buf,num));
725 }
726
727int SSL_peek(SSL *s,void *buf,int num)
728 {
729 if (s->handshake_func == 0)
730 {
731 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
732 return -1;
733 }
734
735 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
736 {
737 return(0);
738 }
739 return(s->method->ssl_peek(s,buf,num));
740 }
741
742int SSL_write(SSL *s,const void *buf,int num)
743 {
744 if (s->handshake_func == 0)
745 {
746 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
747 return -1;
748 }
749
750 if (s->shutdown & SSL_SENT_SHUTDOWN)
751 {
752 s->rwstate=SSL_NOTHING;
753 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
754 return(-1);
755 }
756 return(s->method->ssl_write(s,buf,num));
757 }
758
759int SSL_shutdown(SSL *s)
760 {
761 /* Note that this function behaves differently from what one might
762 * expect. Return values are 0 for no success (yet),
763 * 1 for success; but calling it once is usually not enough,
764 * even if blocking I/O is used (see ssl3_shutdown).
765 */
766
767 if (s->handshake_func == 0)
768 {
769 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
770 return -1;
771 }
772
773 if ((s != NULL) && !SSL_in_init(s))
774 return(s->method->ssl_shutdown(s));
775 else
776 return(1);
777 }
778
779int SSL_renegotiate(SSL *s)
780 {
781 s->new_session=1;
782 return(s->method->ssl_renegotiate(s));
783 }
784
785long SSL_ctrl(SSL *s,int cmd,long larg,char *parg)
786 {
787 long l;
788
789 switch (cmd)
790 {
791 case SSL_CTRL_GET_READ_AHEAD:
792 return(s->read_ahead);
793 case SSL_CTRL_SET_READ_AHEAD:
794 l=s->read_ahead;
795 s->read_ahead=larg;
796 return(l);
797 case SSL_CTRL_OPTIONS:
798 return(s->options|=larg);
799 case SSL_CTRL_MODE:
800 return(s->mode|=larg);
801 default:
802 return(s->method->ssl_ctrl(s,cmd,larg,parg));
803 }
804 }
805
806long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
807 {
808 switch(cmd)
809 {
810 default:
811 return(s->method->ssl_callback_ctrl(s,cmd,fp));
812 }
813 }
814
815struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
816 {
817 return ctx->sessions;
818 }
819
820long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,char *parg)
821 {
822 long l;
823
824 switch (cmd)
825 {
826 case SSL_CTRL_GET_READ_AHEAD:
827 return(ctx->read_ahead);
828 case SSL_CTRL_SET_READ_AHEAD:
829 l=ctx->read_ahead;
830 ctx->read_ahead=larg;
831 return(l);
832
833 case SSL_CTRL_SET_SESS_CACHE_SIZE:
834 l=ctx->session_cache_size;
835 ctx->session_cache_size=larg;
836 return(l);
837 case SSL_CTRL_GET_SESS_CACHE_SIZE:
838 return(ctx->session_cache_size);
839 case SSL_CTRL_SET_SESS_CACHE_MODE:
840 l=ctx->session_cache_mode;
841 ctx->session_cache_mode=larg;
842 return(l);
843 case SSL_CTRL_GET_SESS_CACHE_MODE:
844 return(ctx->session_cache_mode);
845
846 case SSL_CTRL_SESS_NUMBER:
847 return(ctx->sessions->num_items);
848 case SSL_CTRL_SESS_CONNECT:
849 return(ctx->stats.sess_connect);
850 case SSL_CTRL_SESS_CONNECT_GOOD:
851 return(ctx->stats.sess_connect_good);
852 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
853 return(ctx->stats.sess_connect_renegotiate);
854 case SSL_CTRL_SESS_ACCEPT:
855 return(ctx->stats.sess_accept);
856 case SSL_CTRL_SESS_ACCEPT_GOOD:
857 return(ctx->stats.sess_accept_good);
858 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
859 return(ctx->stats.sess_accept_renegotiate);
860 case SSL_CTRL_SESS_HIT:
861 return(ctx->stats.sess_hit);
862 case SSL_CTRL_SESS_CB_HIT:
863 return(ctx->stats.sess_cb_hit);
864 case SSL_CTRL_SESS_MISSES:
865 return(ctx->stats.sess_miss);
866 case SSL_CTRL_SESS_TIMEOUTS:
867 return(ctx->stats.sess_timeout);
868 case SSL_CTRL_SESS_CACHE_FULL:
869 return(ctx->stats.sess_cache_full);
870 case SSL_CTRL_OPTIONS:
871 return(ctx->options|=larg);
872 case SSL_CTRL_MODE:
873 return(ctx->mode|=larg);
874 default:
875 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
876 }
877 }
878
879long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
880 {
881 switch(cmd)
882 {
883 default:
884 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
885 }
886 }
887
888int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
889 {
890 long l;
891
892 l=a->id-b->id;
893 if (l == 0L)
894 return(0);
895 else
896 return((l > 0)?1:-1);
897 }
898
899int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
900 const SSL_CIPHER * const *bp)
901 {
902 long l;
903
904 l=(*ap)->id-(*bp)->id;
905 if (l == 0L)
906 return(0);
907 else
908 return((l > 0)?1:-1);
909 }
910
911/** return a STACK of the ciphers available for the SSL and in order of
912 * preference */
913STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
914 {
915 if ((s != NULL) && (s->cipher_list != NULL))
916 {
917 return(s->cipher_list);
918 }
919 else if ((s->ctx != NULL) &&
920 (s->ctx->cipher_list != NULL))
921 {
922 return(s->ctx->cipher_list);
923 }
924 return(NULL);
925 }
926
927/** return a STACK of the ciphers available for the SSL and in order of
928 * algorithm id */
929STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
930 {
931 if ((s != NULL) && (s->cipher_list_by_id != NULL))
932 {
933 return(s->cipher_list_by_id);
934 }
935 else if ((s != NULL) && (s->ctx != NULL) &&
936 (s->ctx->cipher_list_by_id != NULL))
937 {
938 return(s->ctx->cipher_list_by_id);
939 }
940 return(NULL);
941 }
942
943/** The old interface to get the same thing as SSL_get_ciphers() */
944const char *SSL_get_cipher_list(SSL *s,int n)
945 {
946 SSL_CIPHER *c;
947 STACK_OF(SSL_CIPHER) *sk;
948
949 if (s == NULL) return(NULL);
950 sk=SSL_get_ciphers(s);
951 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
952 return(NULL);
953 c=sk_SSL_CIPHER_value(sk,n);
954 if (c == NULL) return(NULL);
955 return(c->name);
956 }
957
958/** specify the ciphers to be used by default by the SSL_CTX */
959int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
960 {
961 STACK_OF(SSL_CIPHER) *sk;
962
963 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
964 &ctx->cipher_list_by_id,str);
965/* XXXX */
966 return((sk == NULL)?0:1);
967 }
968
969/** specify the ciphers to be used by the SSL */
970int SSL_set_cipher_list(SSL *s,const char *str)
971 {
972 STACK_OF(SSL_CIPHER) *sk;
973
974 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
975 &s->cipher_list_by_id,str);
976/* XXXX */
977 return((sk == NULL)?0:1);
978 }
979
980/* works well for SSLv2, not so good for SSLv3 */
981char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
982 {
983 char *p;
984 const char *cp;
985 STACK_OF(SSL_CIPHER) *sk;
986 SSL_CIPHER *c;
987 int i;
988
989 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
990 (len < 2))
991 return(NULL);
992
993 p=buf;
994 sk=s->session->ciphers;
995 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
996 {
997 /* Decrement for either the ':' or a '\0' */
998 len--;
999 c=sk_SSL_CIPHER_value(sk,i);
1000 for (cp=c->name; *cp; )
1001 {
1002 if (len-- == 0)
1003 {
1004 *p='\0';
1005 return(buf);
1006 }
1007 else
1008 *(p++)= *(cp++);
1009 }
1010 *(p++)=':';
1011 }
1012 p[-1]='\0';
1013 return(buf);
1014 }
1015
1016int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
1017 {
1018 int i,j=0;
1019 SSL_CIPHER *c;
1020 unsigned char *q;
1021
1022 if (sk == NULL) return(0);
1023 q=p;
1024
1025 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1026 {
1027 c=sk_SSL_CIPHER_value(sk,i);
1028 j=ssl_put_cipher_by_char(s,c,p);
1029 p+=j;
1030 }
1031 return(p-q);
1032 }
1033
1034STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1035 STACK_OF(SSL_CIPHER) **skp)
1036 {
1037 SSL_CIPHER *c;
1038 STACK_OF(SSL_CIPHER) *sk;
1039 int i,n;
1040
1041 n=ssl_put_cipher_by_char(s,NULL,NULL);
1042 if ((num%n) != 0)
1043 {
1044 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1045 return(NULL);
1046 }
1047 if ((skp == NULL) || (*skp == NULL))
1048 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1049 else
1050 {
1051 sk= *skp;
1052 sk_SSL_CIPHER_zero(sk);
1053 }
1054
1055 for (i=0; i<num; i+=n)
1056 {
1057 c=ssl_get_cipher_by_char(s,p);
1058 p+=n;
1059 if (c != NULL)
1060 {
1061 if (!sk_SSL_CIPHER_push(sk,c))
1062 {
1063 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1064 goto err;
1065 }
1066 }
1067 }
1068
1069 if (skp != NULL)
1070 *skp=sk;
1071 return(sk);
1072err:
1073 if ((skp == NULL) || (*skp == NULL))
1074 sk_SSL_CIPHER_free(sk);
1075 return(NULL);
1076 }
1077
1078unsigned long SSL_SESSION_hash(SSL_SESSION *a)
1079 {
1080 unsigned long l;
1081
1082 l=(unsigned long)
1083 ((unsigned int) a->session_id[0] )|
1084 ((unsigned int) a->session_id[1]<< 8L)|
1085 ((unsigned long)a->session_id[2]<<16L)|
1086 ((unsigned long)a->session_id[3]<<24L);
1087 return(l);
1088 }
1089
1090int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
1091 {
1092 if (a->ssl_version != b->ssl_version)
1093 return(1);
1094 if (a->session_id_length != b->session_id_length)
1095 return(1);
1096 return(memcmp(a->session_id,b->session_id,a->session_id_length));
1097 }
1098
1099SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1100 {
1101 SSL_CTX *ret=NULL;
1102
1103 if (meth == NULL)
1104 {
1105 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1106 return(NULL);
1107 }
1108
1109 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1110 {
1111 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1112 goto err;
1113 }
1114 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1115 if (ret == NULL)
1116 goto err;
1117
1118 memset(ret,0,sizeof(SSL_CTX));
1119
1120 ret->method=meth;
1121
1122 ret->cert_store=NULL;
1123 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1124 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1125 ret->session_cache_head=NULL;
1126 ret->session_cache_tail=NULL;
1127
1128 /* We take the system default */
1129 ret->session_timeout=meth->get_timeout();
1130
1131 ret->new_session_cb=NULL;
1132 ret->remove_session_cb=NULL;
1133 ret->get_session_cb=NULL;
1134
1135 memset((char *)&ret->stats,0,sizeof(ret->stats));
1136
1137 ret->references=1;
1138 ret->quiet_shutdown=0;
1139
1140/* ret->cipher=NULL;*/
1141/* ret->s2->challenge=NULL;
1142 ret->master_key=NULL;
1143 ret->key_arg=NULL;
1144 ret->s2->conn_id=NULL; */
1145
1146 ret->info_callback=NULL;
1147
1148 ret->app_verify_callback=NULL;
1149 ret->app_verify_arg=NULL;
1150
1151 ret->read_ahead=0;
1152 ret->verify_mode=SSL_VERIFY_NONE;
1153 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1154 ret->default_verify_callback=NULL;
1155 if ((ret->cert=ssl_cert_new()) == NULL)
1156 goto err;
1157
1158 ret->default_passwd_callback=NULL;
1159 ret->default_passwd_callback_userdata=NULL;
1160 ret->client_cert_cb=NULL;
1161
1162 ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
1163 if (ret->sessions == NULL) goto err;
1164 ret->cert_store=X509_STORE_new();
1165 if (ret->cert_store == NULL) goto err;
1166
1167 ssl_create_cipher_list(ret->method,
1168 &ret->cipher_list,&ret->cipher_list_by_id,
1169 SSL_DEFAULT_CIPHER_LIST);
1170 if (ret->cipher_list == NULL
1171 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1172 {
1173 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1174 goto err2;
1175 }
1176
1177 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1178 {
1179 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1180 goto err2;
1181 }
1182 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1183 {
1184 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1185 goto err2;
1186 }
1187 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1188 {
1189 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1190 goto err2;
1191 }
1192
1193 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1194 goto err;
1195
1196 CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
1197
1198 ret->extra_certs=NULL;
1199 ret->comp_methods=SSL_COMP_get_compression_methods();
1200
1201 return(ret);
1202err:
1203 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1204err2:
1205 if (ret != NULL) SSL_CTX_free(ret);
1206 return(NULL);
1207 }
1208
1209static void SSL_COMP_free(SSL_COMP *comp)
1210 { OPENSSL_free(comp); }
1211
1212void SSL_CTX_free(SSL_CTX *a)
1213 {
1214 int i;
1215
1216 if (a == NULL) return;
1217
1218 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1219#ifdef REF_PRINT
1220 REF_PRINT("SSL_CTX",a);
1221#endif
1222 if (i > 0) return;
1223#ifdef REF_CHECK
1224 if (i < 0)
1225 {
1226 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1227 abort(); /* ok */
1228 }
1229#endif
1230 CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
1231
1232 if (a->sessions != NULL)
1233 {
1234 SSL_CTX_flush_sessions(a,0);
1235 lh_free(a->sessions);
1236 }
1237 if (a->cert_store != NULL)
1238 X509_STORE_free(a->cert_store);
1239 if (a->cipher_list != NULL)
1240 sk_SSL_CIPHER_free(a->cipher_list);
1241 if (a->cipher_list_by_id != NULL)
1242 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1243 if (a->cert != NULL)
1244 ssl_cert_free(a->cert);
1245 if (a->client_CA != NULL)
1246 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1247 if (a->extra_certs != NULL)
1248 sk_X509_pop_free(a->extra_certs,X509_free);
1249 if (a->comp_methods != NULL)
1250 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1251 OPENSSL_free(a);
1252 }
1253
1254void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1255 {
1256 ctx->default_passwd_callback=cb;
1257 }
1258
1259void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1260 {
1261 ctx->default_passwd_callback_userdata=u;
1262 }
1263
1264void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
1265 {
1266 /* now
1267 * int (*cb)(X509_STORE_CTX *),
1268 * but should be
1269 * int (*cb)(X509_STORE_CTX *, void *arg)
1270 */
1271 ctx->app_verify_callback=cb;
1272 ctx->app_verify_arg=arg; /* never used */
1273 }
1274
1275void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1276 {
1277 ctx->verify_mode=mode;
1278 ctx->default_verify_callback=cb;
1279 /* This needs cleaning up EAY EAY EAY */
1280 X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
1281 }
1282
1283void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1284 {
1285 ctx->verify_depth=depth;
1286 }
1287
1288void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1289 {
1290 CERT_PKEY *cpk;
1291 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1292 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1293 int rsa_tmp_export,dh_tmp_export,kl;
1294 unsigned long mask,emask;
1295
1296 if (c == NULL) return;
1297
1298 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1299
1300#ifndef NO_RSA
1301 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
1302 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
1303 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
1304#else
1305 rsa_tmp=rsa_tmp_export=0;
1306#endif
1307#ifndef NO_DH
1308 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
1309 dh_tmp_export=(c->dh_tmp_cb != NULL ||
1310 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
1311#else
1312 dh_tmp=dh_tmp_export=0;
1313#endif
1314
1315 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
1316 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
1317 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1318 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
1319 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1320 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
1321 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
1322 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
1323 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1324 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1325 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
1326/* FIX THIS EAY EAY EAY */
1327 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
1328 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1329
1330 mask=0;
1331 emask=0;
1332
1333#ifdef CIPHER_DEBUG
1334 printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1335 rsa_tmp,rsa_tmp_export,dh_tmp,
1336 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1337#endif
1338
1339 if (rsa_enc || (rsa_tmp && rsa_sign))
1340 mask|=SSL_kRSA;
1341 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1342 emask|=SSL_kRSA;
1343
1344#if 0
1345 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1346 if ( (dh_tmp || dh_rsa || dh_dsa) &&
1347 (rsa_enc || rsa_sign || dsa_sign))
1348 mask|=SSL_kEDH;
1349 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1350 (rsa_enc || rsa_sign || dsa_sign))
1351 emask|=SSL_kEDH;
1352#endif
1353
1354 if (dh_tmp_export)
1355 emask|=SSL_kEDH;
1356
1357 if (dh_tmp)
1358 mask|=SSL_kEDH;
1359
1360 if (dh_rsa) mask|=SSL_kDHr;
1361 if (dh_rsa_export) emask|=SSL_kDHr;
1362
1363 if (dh_dsa) mask|=SSL_kDHd;
1364 if (dh_dsa_export) emask|=SSL_kDHd;
1365
1366 if (rsa_enc || rsa_sign)
1367 {
1368 mask|=SSL_aRSA;
1369 emask|=SSL_aRSA;
1370 }
1371
1372 if (dsa_sign)
1373 {
1374 mask|=SSL_aDSS;
1375 emask|=SSL_aDSS;
1376 }
1377
1378 mask|=SSL_aNULL;
1379 emask|=SSL_aNULL;
1380
1381 c->mask=mask;
1382 c->export_mask=emask;
1383 c->valid=1;
1384 }
1385
1386/* THIS NEEDS CLEANING UP */
1387X509 *ssl_get_server_send_cert(SSL *s)
1388 {
1389 unsigned long alg,mask,kalg;
1390 CERT *c;
1391 int i,is_export;
1392
1393 c=s->cert;
1394 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
1395 alg=s->s3->tmp.new_cipher->algorithms;
1396 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
1397 mask=is_export?c->export_mask:c->mask;
1398 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
1399
1400 if (kalg & SSL_kDHr)
1401 i=SSL_PKEY_DH_RSA;
1402 else if (kalg & SSL_kDHd)
1403 i=SSL_PKEY_DH_DSA;
1404 else if (kalg & SSL_aDSS)
1405 i=SSL_PKEY_DSA_SIGN;
1406 else if (kalg & SSL_aRSA)
1407 {
1408 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
1409 i=SSL_PKEY_RSA_SIGN;
1410 else
1411 i=SSL_PKEY_RSA_ENC;
1412 }
1413 else /* if (kalg & SSL_aNULL) */
1414 {
1415 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
1416 return(NULL);
1417 }
1418 if (c->pkeys[i].x509 == NULL) return(NULL);
1419 return(c->pkeys[i].x509);
1420 }
1421
1422EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
1423 {
1424 unsigned long alg;
1425 CERT *c;
1426
1427 alg=cipher->algorithms;
1428 c=s->cert;
1429
1430 if ((alg & SSL_aDSS) &&
1431 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
1432 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
1433 else if (alg & SSL_aRSA)
1434 {
1435 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
1436 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
1437 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
1438 return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
1439 else
1440 return(NULL);
1441 }
1442 else /* if (alg & SSL_aNULL) */
1443 {
1444 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
1445 return(NULL);
1446 }
1447 }
1448
1449void ssl_update_cache(SSL *s,int mode)
1450 {
1451 int i;
1452
1453 /* If the session_id_length is 0, we are not supposed to cache it,
1454 * and it would be rather hard to do anyway :-) */
1455 if (s->session->session_id_length == 0) return;
1456
1457 if ((s->ctx->session_cache_mode & mode)
1458 && (!s->hit)
1459 && SSL_CTX_add_session(s->ctx,s->session)
1460 && (s->ctx->new_session_cb != NULL))
1461 {
1462 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
1463 if (!s->ctx->new_session_cb(s,s->session))
1464 SSL_SESSION_free(s->session);
1465 }
1466
1467 /* auto flush every 255 connections */
1468 i=s->ctx->session_cache_mode;
1469 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
1470 ((i & mode) == mode))
1471 {
1472 if ( (((mode & SSL_SESS_CACHE_CLIENT)
1473 ?s->ctx->stats.sess_connect_good
1474 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1475 {
1476 SSL_CTX_flush_sessions(s->ctx,time(NULL));
1477 }
1478 }
1479 }
1480
1481SSL_METHOD *SSL_get_ssl_method(SSL *s)
1482 {
1483 return(s->method);
1484 }
1485
1486int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
1487 {
1488 int conn= -1;
1489 int ret=1;
1490
1491 if (s->method != meth)
1492 {
1493 if (s->handshake_func != NULL)
1494 conn=(s->handshake_func == s->method->ssl_connect);
1495
1496 if (s->method->version == meth->version)
1497 s->method=meth;
1498 else
1499 {
1500 s->method->ssl_free(s);
1501 s->method=meth;
1502 ret=s->method->ssl_new(s);
1503 }
1504
1505 if (conn == 1)
1506 s->handshake_func=meth->ssl_connect;
1507 else if (conn == 0)
1508 s->handshake_func=meth->ssl_accept;
1509 }
1510 return(ret);
1511 }
1512
1513int SSL_get_error(SSL *s,int i)
1514 {
1515 int reason;
1516 unsigned long l;
1517 BIO *bio;
1518
1519 if (i > 0) return(SSL_ERROR_NONE);
1520
1521 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
1522 * etc, where we do encode the error */
1523 if ((l=ERR_peek_error()) != 0)
1524 {
1525 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
1526 return(SSL_ERROR_SYSCALL);
1527 else
1528 return(SSL_ERROR_SSL);
1529 }
1530
1531 if ((i < 0) && SSL_want_read(s))
1532 {
1533 bio=SSL_get_rbio(s);
1534 if (BIO_should_read(bio))
1535 return(SSL_ERROR_WANT_READ);
1536 else if (BIO_should_write(bio))
1537 /* This one doesn't make too much sense ... We never try
1538 * to write to the rbio, and an application program where
1539 * rbio and wbio are separate couldn't even know what it
1540 * should wait for.
1541 * However if we ever set s->rwstate incorrectly
1542 * (so that we have SSL_want_read(s) instead of
1543 * SSL_want_write(s)) and rbio and wbio *are* the same,
1544 * this test works around that bug; so it might be safer
1545 * to keep it. */
1546 return(SSL_ERROR_WANT_WRITE);
1547 else if (BIO_should_io_special(bio))
1548 {
1549 reason=BIO_get_retry_reason(bio);
1550 if (reason == BIO_RR_CONNECT)
1551 return(SSL_ERROR_WANT_CONNECT);
1552 else
1553 return(SSL_ERROR_SYSCALL); /* unknown */
1554 }
1555 }
1556
1557 if ((i < 0) && SSL_want_write(s))
1558 {
1559 bio=SSL_get_wbio(s);
1560 if (BIO_should_write(bio))
1561 return(SSL_ERROR_WANT_WRITE);
1562 else if (BIO_should_read(bio))
1563 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
1564 return(SSL_ERROR_WANT_READ);
1565 else if (BIO_should_io_special(bio))
1566 {
1567 reason=BIO_get_retry_reason(bio);
1568 if (reason == BIO_RR_CONNECT)
1569 return(SSL_ERROR_WANT_CONNECT);
1570 else
1571 return(SSL_ERROR_SYSCALL);
1572 }
1573 }
1574 if ((i < 0) && SSL_want_x509_lookup(s))
1575 {
1576 return(SSL_ERROR_WANT_X509_LOOKUP);
1577 }
1578
1579 if (i == 0)
1580 {
1581 if (s->version == SSL2_VERSION)
1582 {
1583 /* assume it is the socket being closed */
1584 return(SSL_ERROR_ZERO_RETURN);
1585 }
1586 else
1587 {
1588 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
1589 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
1590 return(SSL_ERROR_ZERO_RETURN);
1591 }
1592 }
1593 return(SSL_ERROR_SYSCALL);
1594 }
1595
1596int SSL_do_handshake(SSL *s)
1597 {
1598 int ret=1;
1599
1600 if (s->handshake_func == NULL)
1601 {
1602 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
1603 return(-1);
1604 }
1605
1606 s->method->ssl_renegotiate_check(s);
1607
1608 if (SSL_in_init(s) || SSL_in_before(s))
1609 {
1610 ret=s->handshake_func(s);
1611 }
1612 return(ret);
1613 }
1614
1615/* For the next 2 functions, SSL_clear() sets shutdown and so
1616 * one of these calls will reset it */
1617void SSL_set_accept_state(SSL *s)
1618 {
1619 s->server=1;
1620 s->shutdown=0;
1621 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
1622 s->handshake_func=s->method->ssl_accept;
1623 /* clear the current cipher */
1624 ssl_clear_cipher_ctx(s);
1625 }
1626
1627void SSL_set_connect_state(SSL *s)
1628 {
1629 s->server=0;
1630 s->shutdown=0;
1631 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
1632 s->handshake_func=s->method->ssl_connect;
1633 /* clear the current cipher */
1634 ssl_clear_cipher_ctx(s);
1635 }
1636
1637int ssl_undefined_function(SSL *s)
1638 {
1639 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1640 return(0);
1641 }
1642
1643SSL_METHOD *ssl_bad_method(int ver)
1644 {
1645 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1646 return(NULL);
1647 }
1648
1649const char *SSL_get_version(SSL *s)
1650 {
1651 if (s->version == TLS1_VERSION)
1652 return("TLSv1");
1653 else if (s->version == SSL3_VERSION)
1654 return("SSLv3");
1655 else if (s->version == SSL2_VERSION)
1656 return("SSLv2");
1657 else
1658 return("unknown");
1659 }
1660
1661SSL *SSL_dup(SSL *s)
1662 {
1663 STACK_OF(X509_NAME) *sk;
1664 X509_NAME *xn;
1665 SSL *ret;
1666 int i;
1667
1668 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
1669 return(NULL);
1670
1671 if (s->session != NULL)
1672 {
1673 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
1674 SSL_copy_session_id(ret,s);
1675 }
1676 else
1677 {
1678 /* No session has been established yet, so we have to expect
1679 * that s->cert or ret->cert will be changed later --
1680 * they should not both point to the same object,
1681 * and thus we can't use SSL_copy_session_id. */
1682
1683 ret->method = s->method;
1684 ret->method->ssl_new(ret);
1685
1686 if (s->cert != NULL)
1687 {
1688 if (ret->cert != NULL)
1689 {
1690 ssl_cert_free(ret->cert);
1691 }
1692 ret->cert = ssl_cert_dup(s->cert);
1693 if (ret->cert == NULL)
1694 goto err;
1695 }
1696
1697 SSL_set_session_id_context(ret,
1698 s->sid_ctx, s->sid_ctx_length);
1699 }
1700
1701 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
1702 SSL_set_verify(ret,SSL_get_verify_mode(s),
1703 SSL_get_verify_callback(s));
1704 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
1705
1706 SSL_set_info_callback(ret,SSL_get_info_callback(s));
1707
1708 ret->debug=s->debug;
1709 ret->options=s->options;
1710
1711 /* copy app data, a little dangerous perhaps */
1712 if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
1713 goto err;
1714
1715 /* setup rbio, and wbio */
1716 if (s->rbio != NULL)
1717 {
1718 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
1719 goto err;
1720 }
1721 if (s->wbio != NULL)
1722 {
1723 if (s->wbio != s->rbio)
1724 {
1725 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
1726 goto err;
1727 }
1728 else
1729 ret->wbio=ret->rbio;
1730 }
1731
1732 /* dup the cipher_list and cipher_list_by_id stacks */
1733 if (s->cipher_list != NULL)
1734 {
1735 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
1736 goto err;
1737 }
1738 if (s->cipher_list_by_id != NULL)
1739 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
1740 == NULL)
1741 goto err;
1742
1743 /* Dup the client_CA list */
1744 if (s->client_CA != NULL)
1745 {
1746 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
1747 ret->client_CA=sk;
1748 for (i=0; i<sk_X509_NAME_num(sk); i++)
1749 {
1750 xn=sk_X509_NAME_value(sk,i);
1751 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
1752 {
1753 X509_NAME_free(xn);
1754 goto err;
1755 }
1756 }
1757 }
1758
1759 ret->shutdown=s->shutdown;
1760 ret->state=s->state;
1761 ret->handshake_func=s->handshake_func;
1762 ret->server=s->server;
1763
1764 if (0)
1765 {
1766err:
1767 if (ret != NULL) SSL_free(ret);
1768 ret=NULL;
1769 }
1770 return(ret);
1771 }
1772
1773void ssl_clear_cipher_ctx(SSL *s)
1774 {
1775 if (s->enc_read_ctx != NULL)
1776 {
1777 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
1778 OPENSSL_free(s->enc_read_ctx);
1779 s->enc_read_ctx=NULL;
1780 }
1781 if (s->enc_write_ctx != NULL)
1782 {
1783 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
1784 OPENSSL_free(s->enc_write_ctx);
1785 s->enc_write_ctx=NULL;
1786 }
1787 if (s->expand != NULL)
1788 {
1789 COMP_CTX_free(s->expand);
1790 s->expand=NULL;
1791 }
1792 if (s->compress != NULL)
1793 {
1794 COMP_CTX_free(s->compress);
1795 s->compress=NULL;
1796 }
1797 }
1798
1799/* Fix this function so that it takes an optional type parameter */
1800X509 *SSL_get_certificate(SSL *s)
1801 {
1802 if (s->cert != NULL)
1803 return(s->cert->key->x509);
1804 else
1805 return(NULL);
1806 }
1807
1808/* Fix this function so that it takes an optional type parameter */
1809EVP_PKEY *SSL_get_privatekey(SSL *s)
1810 {
1811 if (s->cert != NULL)
1812 return(s->cert->key->privatekey);
1813 else
1814 return(NULL);
1815 }
1816
1817SSL_CIPHER *SSL_get_current_cipher(SSL *s)
1818 {
1819 if ((s->session != NULL) && (s->session->cipher != NULL))
1820 return(s->session->cipher);
1821 return(NULL);
1822 }
1823
1824int ssl_init_wbio_buffer(SSL *s,int push)
1825 {
1826 BIO *bbio;
1827
1828 if (s->bbio == NULL)
1829 {
1830 bbio=BIO_new(BIO_f_buffer());
1831 if (bbio == NULL) return(0);
1832 s->bbio=bbio;
1833 }
1834 else
1835 {
1836 bbio=s->bbio;
1837 if (s->bbio == s->wbio)
1838 s->wbio=BIO_pop(s->wbio);
1839 }
1840 (void)BIO_reset(bbio);
1841/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
1842 if (!BIO_set_read_buffer_size(bbio,1))
1843 {
1844 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
1845 return(0);
1846 }
1847 if (push)
1848 {
1849 if (s->wbio != bbio)
1850 s->wbio=BIO_push(bbio,s->wbio);
1851 }
1852 else
1853 {
1854 if (s->wbio == bbio)
1855 s->wbio=BIO_pop(bbio);
1856 }
1857 return(1);
1858 }
1859
1860void ssl_free_wbio_buffer(SSL *s)
1861 {
1862 if (s->bbio == NULL) return;
1863
1864 if (s->bbio == s->wbio)
1865 {
1866 /* remove buffering */
1867 s->wbio=BIO_pop(s->wbio);
1868#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
1869 assert(s->wbio != NULL);
1870#endif
1871 }
1872 BIO_free(s->bbio);
1873 s->bbio=NULL;
1874 }
1875
1876void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
1877 {
1878 ctx->quiet_shutdown=mode;
1879 }
1880
1881int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
1882 {
1883 return(ctx->quiet_shutdown);
1884 }
1885
1886void SSL_set_quiet_shutdown(SSL *s,int mode)
1887 {
1888 s->quiet_shutdown=mode;
1889 }
1890
1891int SSL_get_quiet_shutdown(SSL *s)
1892 {
1893 return(s->quiet_shutdown);
1894 }
1895
1896void SSL_set_shutdown(SSL *s,int mode)
1897 {
1898 s->shutdown=mode;
1899 }
1900
1901int SSL_get_shutdown(SSL *s)
1902 {
1903 return(s->shutdown);
1904 }
1905
1906int SSL_version(SSL *s)
1907 {
1908 return(s->version);
1909 }
1910
1911SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
1912 {
1913 return(ssl->ctx);
1914 }
1915
1916#ifndef NO_STDIO
1917int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
1918 {
1919 return(X509_STORE_set_default_paths(ctx->cert_store));
1920 }
1921
1922int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1923 const char *CApath)
1924 {
1925 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
1926 }
1927#endif
1928
1929void SSL_set_info_callback(SSL *ssl,void (*cb)())
1930 {
1931 ssl->info_callback=cb;
1932 }
1933
1934void (*SSL_get_info_callback(SSL *ssl))(void)
1935 {
1936 return((void (*)())ssl->info_callback);
1937 }
1938
1939int SSL_state(SSL *ssl)
1940 {
1941 return(ssl->state);
1942 }
1943
1944void SSL_set_verify_result(SSL *ssl,long arg)
1945 {
1946 ssl->verify_result=arg;
1947 }
1948
1949long SSL_get_verify_result(SSL *ssl)
1950 {
1951 return(ssl->verify_result);
1952 }
1953
1954int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
1955 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
1956 {
1957 ssl_meth_num++;
1958 return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
1959 &ssl_meth,argl,argp,new_func,dup_func,free_func));
1960 }
1961
1962int SSL_set_ex_data(SSL *s,int idx,void *arg)
1963 {
1964 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1965 }
1966
1967void *SSL_get_ex_data(SSL *s,int idx)
1968 {
1969 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1970 }
1971
1972int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
1973 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
1974 {
1975 ssl_ctx_meth_num++;
1976 return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
1977 &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
1978 }
1979
1980int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
1981 {
1982 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
1983 }
1984
1985void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
1986 {
1987 return(CRYPTO_get_ex_data(&s->ex_data,idx));
1988 }
1989
1990int ssl_ok(SSL *s)
1991 {
1992 return(1);
1993 }
1994
1995X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
1996 {
1997 return(ctx->cert_store);
1998 }
1999
2000void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
2001 {
2002 if (ctx->cert_store != NULL)
2003 X509_STORE_free(ctx->cert_store);
2004 ctx->cert_store=store;
2005 }
2006
2007int SSL_want(SSL *s)
2008 {
2009 return(s->rwstate);
2010 }
2011
2012/*!
2013 * \brief Set the callback for generating temporary RSA keys.
2014 * \param ctx the SSL context.
2015 * \param cb the callback
2016 */
2017
2018#ifndef NO_RSA
2019void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
2020 int is_export,
2021 int keylength))
2022 {
2023 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
2024 }
2025
2026void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
2027 int is_export,
2028 int keylength))
2029 {
2030 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
2031 }
2032#endif
2033
2034#ifdef DOXYGEN
2035/*!
2036 * \brief The RSA temporary key callback function.
2037 * \param ssl the SSL session.
2038 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
2039 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
2040 * of the required key in bits.
2041 * \return the temporary RSA key.
2042 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
2043 */
2044
2045RSA *cb(SSL *ssl,int is_export,int keylength)
2046 {}
2047#endif
2048
2049/*!
2050 * \brief Set the callback for generating temporary DH keys.
2051 * \param ctx the SSL context.
2052 * \param dh the callback
2053 */
2054
2055#ifndef NO_DH
2056void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
2057 int keylength))
2058 {
2059 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
2060 }
2061
2062void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2063 int keylength))
2064 {
2065 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
2066 }
2067#endif
2068
2069#if defined(_WINDLL) && defined(WIN16)
2070#include "../crypto/bio/bss_file.c"
2071#endif
2072
2073IMPLEMENT_STACK_OF(SSL_CIPHER)
2074IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index 516d3cc5ae..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,609 +0,0 @@
1/* ssl/ssl_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#ifndef HEADER_SSL_LOCL_H
113#define HEADER_SSL_LOCL_H
114#include <stdlib.h>
115#include <time.h>
116#include <string.h>
117#include <errno.h>
118
119#include "openssl/e_os.h"
120
121#include <openssl/buffer.h>
122#include <openssl/comp.h>
123#include <openssl/bio.h>
124#include <openssl/crypto.h>
125#include <openssl/evp.h>
126#include <openssl/stack.h>
127#include <openssl/x509.h>
128#include <openssl/err.h>
129#include <openssl/ssl.h>
130
131#define PKCS1_CHECK
132
133#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
134 l|=(((unsigned long)(*((c)++)))<< 8), \
135 l|=(((unsigned long)(*((c)++)))<<16), \
136 l|=(((unsigned long)(*((c)++)))<<24))
137
138/* NOTE - c is not incremented as per c2l */
139#define c2ln(c,l1,l2,n) { \
140 c+=n; \
141 l1=l2=0; \
142 switch (n) { \
143 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
144 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
145 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
146 case 5: l2|=((unsigned long)(*(--(c)))); \
147 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
148 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
149 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
150 case 1: l1|=((unsigned long)(*(--(c)))); \
151 } \
152 }
153
154#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
155 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
156 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
157 *((c)++)=(unsigned char)(((l)>>24)&0xff))
158
159#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
160 l|=((unsigned long)(*((c)++)))<<16, \
161 l|=((unsigned long)(*((c)++)))<< 8, \
162 l|=((unsigned long)(*((c)++))))
163
164#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
165 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
166 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
167 *((c)++)=(unsigned char)(((l) )&0xff))
168
169/* NOTE - c is not incremented as per l2c */
170#define l2cn(l1,l2,c,n) { \
171 c+=n; \
172 switch (n) { \
173 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
174 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
175 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
176 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
177 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
178 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
179 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
180 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
181 } \
182 }
183
184#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
185 (((unsigned int)(c[1])) )),c+=2)
186#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
187 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
188
189#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
190 (((unsigned long)(c[1]))<< 8)| \
191 (((unsigned long)(c[2])) )),c+=3)
192
193#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
194 c[1]=(unsigned char)(((l)>> 8)&0xff), \
195 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
196
197/* LOCAL STUFF */
198
199#define SSL_DECRYPT 0
200#define SSL_ENCRYPT 1
201
202#define TWO_BYTE_BIT 0x80
203#define SEC_ESC_BIT 0x40
204#define TWO_BYTE_MASK 0x7fff
205#define THREE_BYTE_MASK 0x3fff
206
207#define INC32(a) ((a)=((a)+1)&0xffffffffL)
208#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
209#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
210
211/*
212 * Define the Bitmasks for SSL_CIPHER.algorithms.
213 * This bits are used packed as dense as possible. If new methods/ciphers
214 * etc will be added, the bits a likely to change, so this information
215 * is for internal library use only, even though SSL_CIPHER.algorithms
216 * can be publicly accessed.
217 * Use the according functions for cipher management instead.
218 *
219 * The bit mask handling in the selection and sorting scheme in
220 * ssl_create_cipher_list() has only limited capabilities, reflecting
221 * that the different entities within are mutually exclusive:
222 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
223 */
224#define SSL_MKEY_MASK 0x0000001FL
225#define SSL_kRSA 0x00000001L /* RSA key exchange */
226#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
227#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
228#define SSL_kFZA 0x00000008L
229#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
230#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
231
232#define SSL_AUTH_MASK 0x000003e0L
233#define SSL_aRSA 0x00000020L /* Authenticate with RSA */
234#define SSL_aDSS 0x00000040L /* Authenticate with DSS */
235#define SSL_DSS SSL_aDSS
236#define SSL_aFZA 0x00000080L
237#define SSL_aNULL 0x00000100L /* no Authenticate, ADH */
238#define SSL_aDH 0x00000200L /* no Authenticate, ADH */
239
240#define SSL_NULL (SSL_eNULL)
241#define SSL_ADH (SSL_kEDH|SSL_aNULL)
242#define SSL_RSA (SSL_kRSA|SSL_aRSA)
243#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
244#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
245
246#define SSL_ENC_MASK 0x0001Fc00L
247#define SSL_DES 0x00000400L
248#define SSL_3DES 0x00000800L
249#define SSL_RC4 0x00001000L
250#define SSL_RC2 0x00002000L
251#define SSL_IDEA 0x00004000L
252#define SSL_eFZA 0x00008000L
253#define SSL_eNULL 0x00010000L
254
255#define SSL_MAC_MASK 0x00060000L
256#define SSL_MD5 0x00020000L
257#define SSL_SHA1 0x00040000L
258#define SSL_SHA (SSL_SHA1)
259
260#define SSL_SSL_MASK 0x00180000L
261#define SSL_SSLV2 0x00080000L
262#define SSL_SSLV3 0x00100000L
263#define SSL_TLSV1 SSL_SSLV3 /* for now */
264
265/* we have used 001fffff - 11 bits left to go */
266
267/*
268 * Export and cipher strength information. For each cipher we have to decide
269 * whether it is exportable or not. This information is likely to change
270 * over time, since the export control rules are no static technical issue.
271 *
272 * Independent of the export flag the cipher strength is sorted into classes.
273 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
274 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
275 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
276 * since SSL_EXP64 could be similar to SSL_LOW.
277 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
278 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
279 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
280 * be possible.
281 */
282#define SSL_EXP_MASK 0x00000003L
283#define SSL_NOT_EXP 0x00000001L
284#define SSL_EXPORT 0x00000002L
285
286#define SSL_STRONG_MASK 0x0000007cL
287#define SSL_EXP40 0x00000004L
288#define SSL_MICRO (SSL_EXP40)
289#define SSL_EXP56 0x00000008L
290#define SSL_MINI (SSL_EXP56)
291#define SSL_LOW 0x00000010L
292#define SSL_MEDIUM 0x00000020L
293#define SSL_HIGH 0x00000040L
294
295/* we have used 0000007f - 25 bits left to go */
296
297/*
298 * Macros to check the export status and cipher strength for export ciphers.
299 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
300 * their meaning is different:
301 * *_EXPORT macros check the 'exportable' status.
302 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
303 * is given.
304 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
305 * algorithm structure element to be passed (algorithms, algo_strength) and no
306 * typechecking can be done as they are all of type unsigned long, their
307 * direct usage is discouraged.
308 * Use the SSL_C_* macros instead.
309 */
310#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
311#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
312#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
313#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
314#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
315#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
316
317#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
318 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
319#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
320#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \
321 (c)->algo_strength)
322#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
323
324
325#define SSL_ALL 0xffffffffL
326#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
327 SSL_MAC_MASK)
328#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
329
330/* Mostly for SSLv3 */
331#define SSL_PKEY_RSA_ENC 0
332#define SSL_PKEY_RSA_SIGN 1
333#define SSL_PKEY_DSA_SIGN 2
334#define SSL_PKEY_DH_RSA 3
335#define SSL_PKEY_DH_DSA 4
336#define SSL_PKEY_NUM 5
337
338/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
339 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
340 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
341 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
342 * SSL_aRSA <- RSA_ENC | RSA_SIGN
343 * SSL_aDSS <- DSA_SIGN
344 */
345
346/*
347#define CERT_INVALID 0
348#define CERT_PUBLIC_KEY 1
349#define CERT_PRIVATE_KEY 2
350*/
351
352typedef struct cert_pkey_st
353 {
354 X509 *x509;
355 EVP_PKEY *privatekey;
356 } CERT_PKEY;
357
358typedef struct cert_st
359 {
360 /* Current active set */
361 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
362 * Probably it would make more sense to store
363 * an index, not a pointer. */
364
365 /* The following masks are for the key and auth
366 * algorithms that are supported by the certs below */
367 int valid;
368 unsigned long mask;
369 unsigned long export_mask;
370#ifndef NO_RSA
371 RSA *rsa_tmp;
372 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
373#endif
374#ifndef NO_DH
375 DH *dh_tmp;
376 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
377#endif
378
379 CERT_PKEY pkeys[SSL_PKEY_NUM];
380
381 int references; /* >1 only if SSL_copy_session_id is used */
382 } CERT;
383
384
385typedef struct sess_cert_st
386 {
387 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
388
389 /* The 'peer_...' members are used only by clients. */
390 int peer_cert_type;
391
392 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
393 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
394 /* Obviously we don't have the private keys of these,
395 * so maybe we shouldn't even use the CERT_PKEY type here. */
396
397#ifndef NO_RSA
398 RSA *peer_rsa_tmp; /* not used for SSL 2 */
399#endif
400#ifndef NO_DH
401 DH *peer_dh_tmp; /* not used for SSL 2 */
402#endif
403
404 int references; /* actually always 1 at the moment */
405 } SESS_CERT;
406
407
408/*#define MAC_DEBUG */
409
410/*#define ERR_DEBUG */
411/*#define ABORT_DEBUG */
412/*#define PKT_DEBUG 1 */
413/*#define DES_DEBUG */
414/*#define DES_OFB_DEBUG */
415/*#define SSL_DEBUG */
416/*#define RSA_DEBUG */
417/*#define IDEA_DEBUG */
418
419#define FP_ICC (int (*)(const void *,const void *))
420#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
421 ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
422#define ssl_get_cipher_by_char(ssl,ptr) \
423 ((ssl)->method->get_cipher_by_char(ptr))
424
425/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
426 * It is a bit of a mess of functions, but hell, think of it as
427 * an opaque structure :-) */
428typedef struct ssl3_enc_method
429 {
430 int (*enc)(SSL *, int);
431 int (*mac)(SSL *, unsigned char *, int);
432 int (*setup_key_block)(SSL *);
433 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
434 int (*change_cipher_state)(SSL *, int);
435 int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
436 int finish_mac_length;
437 int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
438 const char *client_finished_label;
439 int client_finished_label_len;
440 const char *server_finished_label;
441 int server_finished_label_len;
442 int (*alert_value)(int);
443 } SSL3_ENC_METHOD;
444
445/* Used for holding the relevant compression methods loaded into SSL_CTX */
446typedef struct ssl3_comp_st
447 {
448 int comp_id; /* The identifier byte for this compression type */
449 char *name; /* Text name used for the compression type */
450 COMP_METHOD *method; /* The method :-) */
451 } SSL3_COMP;
452
453OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
454OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
455OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
456
457#ifdef VMS
458#undef SSL_COMP_get_compression_methods
459#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
460#endif
461
462
463SSL_METHOD *ssl_bad_method(int ver);
464SSL_METHOD *sslv2_base_method(void);
465SSL_METHOD *sslv23_base_method(void);
466SSL_METHOD *sslv3_base_method(void);
467
468void ssl_clear_cipher_ctx(SSL *s);
469int ssl_clear_bad_session(SSL *s);
470CERT *ssl_cert_new(void);
471CERT *ssl_cert_dup(CERT *cert);
472int ssl_cert_inst(CERT **o);
473void ssl_cert_free(CERT *c);
474SESS_CERT *ssl_sess_cert_new(void);
475void ssl_sess_cert_free(SESS_CERT *sc);
476int ssl_set_peer_cert_type(SESS_CERT *c, int type);
477int ssl_get_new_session(SSL *s, int session);
478int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
479int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
480int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
481 const SSL_CIPHER * const *bp);
482STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
483 STACK_OF(SSL_CIPHER) **skp);
484int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
485STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
486 STACK_OF(SSL_CIPHER) **pref,
487 STACK_OF(SSL_CIPHER) **sorted,
488 const char *rule_str);
489void ssl_update_cache(SSL *s, int mode);
490int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md,
491 SSL_COMP **comp);
492int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
493int ssl_undefined_function(SSL *s);
494X509 *ssl_get_server_send_cert(SSL *);
495EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
496int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
497void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
498STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
499int ssl_verify_alarm_type(long type);
500
501int ssl2_enc_init(SSL *s, int client);
502void ssl2_generate_key_material(SSL *s);
503void ssl2_enc(SSL *s,int send_data);
504void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
505SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
506int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
507int ssl2_part_read(SSL *s, unsigned long f, int i);
508int ssl2_do_write(SSL *s);
509int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
510void ssl2_return_error(SSL *s,int reason);
511void ssl2_write_error(SSL *s);
512int ssl2_num_ciphers(void);
513SSL_CIPHER *ssl2_get_cipher(unsigned int u);
514int ssl2_new(SSL *s);
515void ssl2_free(SSL *s);
516int ssl2_accept(SSL *s);
517int ssl2_connect(SSL *s);
518int ssl2_read(SSL *s, void *buf, int len);
519int ssl2_peek(SSL *s, void *buf, int len);
520int ssl2_write(SSL *s, const void *buf, int len);
521int ssl2_shutdown(SSL *s);
522void ssl2_clear(SSL *s);
523long ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
524long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
525long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
526long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
527int ssl2_pending(SSL *s);
528
529SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
530int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
531void ssl3_init_finished_mac(SSL *s);
532int ssl3_send_server_certificate(SSL *s);
533int ssl3_get_finished(SSL *s,int state_a,int state_b);
534int ssl3_setup_key_block(SSL *s);
535int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
536int ssl3_change_cipher_state(SSL *s,int which);
537void ssl3_cleanup_key_block(SSL *s);
538int ssl3_do_write(SSL *s,int type);
539void ssl3_send_alert(SSL *s,int level, int desc);
540int ssl3_generate_master_secret(SSL *s, unsigned char *out,
541 unsigned char *p, int len);
542int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
543long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
544int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
545int ssl3_num_ciphers(void);
546SSL_CIPHER *ssl3_get_cipher(unsigned int u);
547int ssl3_renegotiate(SSL *ssl);
548int ssl3_renegotiate_check(SSL *ssl);
549int ssl3_dispatch_alert(SSL *s);
550int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
551int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
552int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
553 const char *sender, int slen,unsigned char *p);
554int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
555void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
556int ssl3_enc(SSL *s, int send_data);
557int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
558unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
559SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *have,
560 STACK_OF(SSL_CIPHER) *pref);
561int ssl3_setup_buffers(SSL *s);
562int ssl3_new(SSL *s);
563void ssl3_free(SSL *s);
564int ssl3_accept(SSL *s);
565int ssl3_connect(SSL *s);
566int ssl3_read(SSL *s, void *buf, int len);
567int ssl3_peek(SSL *s, void *buf, int len);
568int ssl3_write(SSL *s, const void *buf, int len);
569int ssl3_shutdown(SSL *s);
570void ssl3_clear(SSL *s);
571long ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
572long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
573long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
574long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
575int ssl3_pending(SSL *s);
576
577int ssl23_accept(SSL *s);
578int ssl23_connect(SSL *s);
579int ssl23_read_bytes(SSL *s, int n);
580int ssl23_write_bytes(SSL *s);
581
582int tls1_new(SSL *s);
583void tls1_free(SSL *s);
584void tls1_clear(SSL *s);
585long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
586long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
587SSL_METHOD *tlsv1_base_method(void );
588
589int ssl_init_wbio_buffer(SSL *s, int push);
590void ssl_free_wbio_buffer(SSL *s);
591
592int tls1_change_cipher_state(SSL *s, int which);
593int tls1_setup_key_block(SSL *s);
594int tls1_enc(SSL *s, int snd);
595int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
596 const char *str, int slen, unsigned char *p);
597int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
598int tls1_mac(SSL *ssl, unsigned char *md, int snd);
599int tls1_generate_master_secret(SSL *s, unsigned char *out,
600 unsigned char *p, int len);
601int tls1_alert_code(int code);
602int ssl3_alert_code(int code);
603int ssl_ok(SSL *s);
604
605SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
606STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
607
608
609#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 6ec7a5cdb1..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,815 +0,0 @@
1/* ssl/ssl_rsa.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/bio.h>
61#include <openssl/objects.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64#include <openssl/pem.h>
65#include "ssl_locl.h"
66
67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x)
70 {
71 if (x == NULL)
72 {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74 return(0);
75 }
76 if (!ssl_cert_inst(&ssl->cert))
77 {
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 }
83
84#ifndef NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86 {
87 int j;
88 BIO *in;
89 int ret=0;
90 X509 *x=NULL;
91
92 in=BIO_new(BIO_s_file_internal());
93 if (in == NULL)
94 {
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end;
97 }
98
99 if (BIO_read_filename(in,file) <= 0)
100 {
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end;
103 }
104 if (type == SSL_FILETYPE_ASN1)
105 {
106 j=ERR_R_ASN1_LIB;
107 x=d2i_X509_bio(in,NULL);
108 }
109 else if (type == SSL_FILETYPE_PEM)
110 {
111 j=ERR_R_PEM_LIB;
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end;
118 }
119
120 if (x == NULL)
121 {
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end;
124 }
125
126 ret=SSL_use_certificate(ssl,x);
127end:
128 if (x != NULL) X509_free(x);
129 if (in != NULL) BIO_free(in);
130 return(ret);
131 }
132#endif
133
134int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
135 {
136 X509 *x;
137 int ret;
138
139 x=d2i_X509(NULL,&d,(long)len);
140 if (x == NULL)
141 {
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143 return(0);
144 }
145
146 ret=SSL_use_certificate(ssl,x);
147 X509_free(x);
148 return(ret);
149 }
150
151#ifndef NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
153 {
154 EVP_PKEY *pkey;
155 int ret;
156
157 if (rsa == NULL)
158 {
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160 return(0);
161 }
162 if (!ssl_cert_inst(&ssl->cert))
163 {
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165 return(0);
166 }
167 if ((pkey=EVP_PKEY_new()) == NULL)
168 {
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172
173 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
174 EVP_PKEY_assign_RSA(pkey,rsa);
175
176 ret=ssl_set_pkey(ssl->cert,pkey);
177 EVP_PKEY_free(pkey);
178 return(ret);
179 }
180#endif
181
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
183 {
184 int i,ok=0,bad=0;
185
186 i=ssl_cert_type(NULL,pkey);
187 if (i < 0)
188 {
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190 return(0);
191 }
192
193 if (c->pkeys[i].x509 != NULL)
194 {
195 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey);
198 EVP_PKEY_free(pktmp);
199 ERR_clear_error();
200
201#ifndef NO_RSA
202 /* Don't check the public/private key, this is mostly
203 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) &
206 RSA_METHOD_FLAG_NO_CHECK))
207 ok=1;
208 else
209#endif
210 if (!X509_check_private_key(c->pkeys[i].x509,pkey))
211 {
212 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
213 {
214 i=(i == SSL_PKEY_DH_RSA)?
215 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
216
217 if (c->pkeys[i].x509 == NULL)
218 ok=1;
219 else
220 {
221 if (!X509_check_private_key(
222 c->pkeys[i].x509,pkey))
223 bad=1;
224 else
225 ok=1;
226 }
227 }
228 else
229 bad=1;
230 }
231 else
232 ok=1;
233 }
234 else
235 ok=1;
236
237 if (bad)
238 {
239 X509_free(c->pkeys[i].x509);
240 c->pkeys[i].x509=NULL;
241 return(0);
242 }
243
244 if (c->pkeys[i].privatekey != NULL)
245 EVP_PKEY_free(c->pkeys[i].privatekey);
246 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
247 c->pkeys[i].privatekey=pkey;
248 c->key= &(c->pkeys[i]);
249
250 c->valid=0;
251 return(1);
252 }
253
254#ifndef NO_RSA
255#ifndef NO_STDIO
256int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
257 {
258 int j,ret=0;
259 BIO *in;
260 RSA *rsa=NULL;
261
262 in=BIO_new(BIO_s_file_internal());
263 if (in == NULL)
264 {
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
266 goto end;
267 }
268
269 if (BIO_read_filename(in,file) <= 0)
270 {
271 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
272 goto end;
273 }
274 if (type == SSL_FILETYPE_ASN1)
275 {
276 j=ERR_R_ASN1_LIB;
277 rsa=d2i_RSAPrivateKey_bio(in,NULL);
278 }
279 else if (type == SSL_FILETYPE_PEM)
280 {
281 j=ERR_R_PEM_LIB;
282 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
283 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
284 }
285 else
286 {
287 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
288 goto end;
289 }
290 if (rsa == NULL)
291 {
292 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
293 goto end;
294 }
295 ret=SSL_use_RSAPrivateKey(ssl,rsa);
296 RSA_free(rsa);
297end:
298 if (in != NULL) BIO_free(in);
299 return(ret);
300 }
301#endif
302
303int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
304 {
305 int ret;
306 unsigned char *p;
307 RSA *rsa;
308
309 p=d;
310 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
311 {
312 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
313 return(0);
314 }
315
316 ret=SSL_use_RSAPrivateKey(ssl,rsa);
317 RSA_free(rsa);
318 return(ret);
319 }
320#endif /* !NO_RSA */
321
322int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
323 {
324 int ret;
325
326 if (pkey == NULL)
327 {
328 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
329 return(0);
330 }
331 if (!ssl_cert_inst(&ssl->cert))
332 {
333 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
334 return(0);
335 }
336 ret=ssl_set_pkey(ssl->cert,pkey);
337 return(ret);
338 }
339
340#ifndef NO_STDIO
341int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
342 {
343 int j,ret=0;
344 BIO *in;
345 EVP_PKEY *pkey=NULL;
346
347 in=BIO_new(BIO_s_file_internal());
348 if (in == NULL)
349 {
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
351 goto end;
352 }
353
354 if (BIO_read_filename(in,file) <= 0)
355 {
356 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
357 goto end;
358 }
359 if (type == SSL_FILETYPE_PEM)
360 {
361 j=ERR_R_PEM_LIB;
362 pkey=PEM_read_bio_PrivateKey(in,NULL,
363 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
364 }
365 else
366 {
367 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
368 goto end;
369 }
370 if (pkey == NULL)
371 {
372 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
373 goto end;
374 }
375 ret=SSL_use_PrivateKey(ssl,pkey);
376 EVP_PKEY_free(pkey);
377end:
378 if (in != NULL) BIO_free(in);
379 return(ret);
380 }
381#endif
382
383int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
384 {
385 int ret;
386 unsigned char *p;
387 EVP_PKEY *pkey;
388
389 p=d;
390 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
391 {
392 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
393 return(0);
394 }
395
396 ret=SSL_use_PrivateKey(ssl,pkey);
397 EVP_PKEY_free(pkey);
398 return(ret);
399 }
400
401int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
402 {
403 if (x == NULL)
404 {
405 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
406 return(0);
407 }
408 if (!ssl_cert_inst(&ctx->cert))
409 {
410 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
411 return(0);
412 }
413 return(ssl_set_cert(ctx->cert, x));
414 }
415
416static int ssl_set_cert(CERT *c, X509 *x)
417 {
418 EVP_PKEY *pkey;
419 int i,ok=0,bad=0;
420
421 pkey=X509_get_pubkey(x);
422 if (pkey == NULL)
423 {
424 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
425 return(0);
426 }
427
428 i=ssl_cert_type(x,pkey);
429 if (i < 0)
430 {
431 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
432 EVP_PKEY_free(pkey);
433 return(0);
434 }
435
436 if (c->pkeys[i].privatekey != NULL)
437 {
438 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
439 ERR_clear_error();
440
441#ifndef NO_RSA
442 /* Don't check the public/private key, this is mostly
443 * for smart cards. */
444 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
445 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
446 RSA_METHOD_FLAG_NO_CHECK))
447 ok=1;
448 else
449#endif
450 {
451 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
452 {
453 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
454 {
455 i=(i == SSL_PKEY_DH_RSA)?
456 SSL_PKEY_DH_DSA:SSL_PKEY_DH_RSA;
457
458 if (c->pkeys[i].privatekey == NULL)
459 ok=1;
460 else
461 {
462 if (!X509_check_private_key(x,
463 c->pkeys[i].privatekey))
464 bad=1;
465 else
466 ok=1;
467 }
468 }
469 else
470 bad=1;
471 }
472 else
473 ok=1;
474 } /* NO_RSA */
475 }
476 else
477 ok=1;
478
479 EVP_PKEY_free(pkey);
480 if (bad)
481 {
482 EVP_PKEY_free(c->pkeys[i].privatekey);
483 c->pkeys[i].privatekey=NULL;
484 }
485
486 if (c->pkeys[i].x509 != NULL)
487 X509_free(c->pkeys[i].x509);
488 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
489 c->pkeys[i].x509=x;
490 c->key= &(c->pkeys[i]);
491
492 c->valid=0;
493 return(1);
494 }
495
496#ifndef NO_STDIO
497int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
498 {
499 int j;
500 BIO *in;
501 int ret=0;
502 X509 *x=NULL;
503
504 in=BIO_new(BIO_s_file_internal());
505 if (in == NULL)
506 {
507 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
508 goto end;
509 }
510
511 if (BIO_read_filename(in,file) <= 0)
512 {
513 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
514 goto end;
515 }
516 if (type == SSL_FILETYPE_ASN1)
517 {
518 j=ERR_R_ASN1_LIB;
519 x=d2i_X509_bio(in,NULL);
520 }
521 else if (type == SSL_FILETYPE_PEM)
522 {
523 j=ERR_R_PEM_LIB;
524 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
525 }
526 else
527 {
528 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
529 goto end;
530 }
531
532 if (x == NULL)
533 {
534 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
535 goto end;
536 }
537
538 ret=SSL_CTX_use_certificate(ctx,x);
539end:
540 if (x != NULL) X509_free(x);
541 if (in != NULL) BIO_free(in);
542 return(ret);
543 }
544#endif
545
546int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
547 {
548 X509 *x;
549 int ret;
550
551 x=d2i_X509(NULL,&d,(long)len);
552 if (x == NULL)
553 {
554 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
555 return(0);
556 }
557
558 ret=SSL_CTX_use_certificate(ctx,x);
559 X509_free(x);
560 return(ret);
561 }
562
563#ifndef NO_RSA
564int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
565 {
566 int ret;
567 EVP_PKEY *pkey;
568
569 if (rsa == NULL)
570 {
571 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
572 return(0);
573 }
574 if (!ssl_cert_inst(&ctx->cert))
575 {
576 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
577 return(0);
578 }
579 if ((pkey=EVP_PKEY_new()) == NULL)
580 {
581 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
582 return(0);
583 }
584
585 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
586 EVP_PKEY_assign_RSA(pkey,rsa);
587
588 ret=ssl_set_pkey(ctx->cert, pkey);
589 EVP_PKEY_free(pkey);
590 return(ret);
591 }
592
593#ifndef NO_STDIO
594int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
595 {
596 int j,ret=0;
597 BIO *in;
598 RSA *rsa=NULL;
599
600 in=BIO_new(BIO_s_file_internal());
601 if (in == NULL)
602 {
603 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
604 goto end;
605 }
606
607 if (BIO_read_filename(in,file) <= 0)
608 {
609 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
610 goto end;
611 }
612 if (type == SSL_FILETYPE_ASN1)
613 {
614 j=ERR_R_ASN1_LIB;
615 rsa=d2i_RSAPrivateKey_bio(in,NULL);
616 }
617 else if (type == SSL_FILETYPE_PEM)
618 {
619 j=ERR_R_PEM_LIB;
620 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
621 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
622 }
623 else
624 {
625 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
626 goto end;
627 }
628 if (rsa == NULL)
629 {
630 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
631 goto end;
632 }
633 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
634 RSA_free(rsa);
635end:
636 if (in != NULL) BIO_free(in);
637 return(ret);
638 }
639#endif
640
641int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
642 {
643 int ret;
644 unsigned char *p;
645 RSA *rsa;
646
647 p=d;
648 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
649 {
650 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
651 return(0);
652 }
653
654 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
655 RSA_free(rsa);
656 return(ret);
657 }
658#endif /* !NO_RSA */
659
660int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
661 {
662 if (pkey == NULL)
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
665 return(0);
666 }
667 if (!ssl_cert_inst(&ctx->cert))
668 {
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
670 return(0);
671 }
672 return(ssl_set_pkey(ctx->cert,pkey));
673 }
674
675#ifndef NO_STDIO
676int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
677 {
678 int j,ret=0;
679 BIO *in;
680 EVP_PKEY *pkey=NULL;
681
682 in=BIO_new(BIO_s_file_internal());
683 if (in == NULL)
684 {
685 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
686 goto end;
687 }
688
689 if (BIO_read_filename(in,file) <= 0)
690 {
691 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
692 goto end;
693 }
694 if (type == SSL_FILETYPE_PEM)
695 {
696 j=ERR_R_PEM_LIB;
697 pkey=PEM_read_bio_PrivateKey(in,NULL,
698 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
699 }
700 else
701 {
702 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
703 goto end;
704 }
705 if (pkey == NULL)
706 {
707 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
708 goto end;
709 }
710 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
711 EVP_PKEY_free(pkey);
712end:
713 if (in != NULL) BIO_free(in);
714 return(ret);
715 }
716#endif
717
718int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
719 long len)
720 {
721 int ret;
722 unsigned char *p;
723 EVP_PKEY *pkey;
724
725 p=d;
726 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
727 {
728 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
729 return(0);
730 }
731
732 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
733 EVP_PKEY_free(pkey);
734 return(ret);
735 }
736
737
738#ifndef NO_STDIO
739/* Read a file that contains our certificate in "PEM" format,
740 * possibly followed by a sequence of CA certificates that should be
741 * sent to the peer in the Certificate message.
742 */
743int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
744 {
745 BIO *in;
746 int ret=0;
747 X509 *x=NULL;
748
749 in=BIO_new(BIO_s_file_internal());
750 if (in == NULL)
751 {
752 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
753 goto end;
754 }
755
756 if (BIO_read_filename(in,file) <= 0)
757 {
758 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
759 goto end;
760 }
761
762 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
763 if (x == NULL)
764 {
765 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
766 goto end;
767 }
768
769 ret=SSL_CTX_use_certificate(ctx,x);
770 if (ERR_peek_error() != 0)
771 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
772 if (ret)
773 {
774 /* If we could set up our certificate, now proceed to
775 * the CA certificates.
776 */
777 X509 *ca;
778 int r;
779 unsigned long err;
780
781 if (ctx->extra_certs != NULL)
782 {
783 sk_X509_pop_free(ctx->extra_certs, X509_free);
784 ctx->extra_certs = NULL;
785 }
786
787 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
788 != NULL)
789 {
790 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
791 if (!r)
792 {
793 X509_free(ca);
794 ret = 0;
795 goto end;
796 }
797 /* Note that we must not free r if it was successfully
798 * added to the chain (while we must free the main
799 * certificate, since its reference count is increased
800 * by SSL_CTX_use_certificate). */
801 }
802 /* When the while loop ends, it's usually just EOF. */
803 err = ERR_peek_error();
804 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
805 (void) ERR_get_error();
806 else
807 ret = 0; /* some real error */
808 }
809
810end:
811 if (x != NULL) X509_free(x);
812 if (in != NULL) BIO_free(in);
813 return(ret);
814 }
815#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index 7064262def..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,681 +0,0 @@
1/* ssl/ssl_sess.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/lhash.h>
61#include <openssl/rand.h>
62#include "ssl_locl.h"
63
64static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
65static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
66static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
67static int ssl_session_num=0;
68static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
69
70SSL_SESSION *SSL_get_session(SSL *ssl)
71/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
72 {
73 return(ssl->session);
74 }
75
76SSL_SESSION *SSL_get1_session(SSL *ssl)
77/* variant of SSL_get_session: caller really gets something */
78 {
79 SSL_SESSION *sess;
80 /* Need to lock this all up rather than just use CRYPTO_add so that
81 * somebody doesn't free ssl->session between when we check it's
82 * non-null and when we up the reference count. */
83 CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
84 sess = ssl->session;
85 if(sess)
86 sess->references++;
87 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
88 return(sess);
89 }
90
91int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
92 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
93 {
94 ssl_session_num++;
95 return(CRYPTO_get_ex_new_index(ssl_session_num-1,
96 &ssl_session_meth,
97 argl,argp,new_func,dup_func,free_func));
98 }
99
100int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
101 {
102 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
103 }
104
105void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx)
106 {
107 return(CRYPTO_get_ex_data(&s->ex_data,idx));
108 }
109
110SSL_SESSION *SSL_SESSION_new(void)
111 {
112 SSL_SESSION *ss;
113
114 ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
115 if (ss == NULL)
116 {
117 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
118 return(0);
119 }
120 memset(ss,0,sizeof(SSL_SESSION));
121
122 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
123 ss->references=1;
124 ss->timeout=60*5+4; /* 5 minute timeout by default */
125 ss->time=time(NULL);
126 ss->prev=NULL;
127 ss->next=NULL;
128 ss->compress_meth=0;
129 CRYPTO_new_ex_data(ssl_session_meth,ss,&ss->ex_data);
130 return(ss);
131 }
132
133int ssl_get_new_session(SSL *s, int session)
134 {
135 /* This gets used by clients and servers. */
136
137 SSL_SESSION *ss=NULL;
138
139 if ((ss=SSL_SESSION_new()) == NULL) return(0);
140
141 /* If the context has a default timeout, use it */
142 if (s->ctx->session_timeout == 0)
143 ss->timeout=SSL_get_default_timeout(s);
144 else
145 ss->timeout=s->ctx->session_timeout;
146
147 if (s->session != NULL)
148 {
149 SSL_SESSION_free(s->session);
150 s->session=NULL;
151 }
152
153 if (session)
154 {
155 if (s->version == SSL2_VERSION)
156 {
157 ss->ssl_version=SSL2_VERSION;
158 ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
159 }
160 else if (s->version == SSL3_VERSION)
161 {
162 ss->ssl_version=SSL3_VERSION;
163 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
164 }
165 else if (s->version == TLS1_VERSION)
166 {
167 ss->ssl_version=TLS1_VERSION;
168 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
169 }
170 else
171 {
172 SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
173 SSL_SESSION_free(ss);
174 return(0);
175 }
176
177 for (;;)
178 {
179 SSL_SESSION *r;
180
181 RAND_pseudo_bytes(ss->session_id,ss->session_id_length);
182 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
183 r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions, ss);
184 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
185 if (r == NULL) break;
186 /* else - woops a session_id match */
187 /* XXX We should also check the external cache --
188 * but the probability of a collision is negligible, and
189 * we could not prevent the concurrent creation of sessions
190 * with identical IDs since we currently don't have means
191 * to atomically check whether a session ID already exists
192 * and make a reservation for it if it does not
193 * (this problem applies to the internal cache as well).
194 */
195 }
196 }
197 else
198 {
199 ss->session_id_length=0;
200 }
201
202 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
203 ss->sid_ctx_length=s->sid_ctx_length;
204 s->session=ss;
205 ss->ssl_version=s->version;
206 ss->verify_result = X509_V_OK;
207
208 return(1);
209 }
210
211int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
212 {
213 /* This is used only by servers. */
214
215 SSL_SESSION *ret=NULL,data;
216 int fatal = 0;
217
218 data.ssl_version=s->version;
219 data.session_id_length=len;
220 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
221 goto err;
222 memcpy(data.session_id,session_id,len);
223
224 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
225 {
226 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
227 ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
228 if (ret != NULL)
229 /* don't allow other threads to steal it: */
230 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
231 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
232 }
233
234 if (ret == NULL)
235 {
236 int copy=1;
237
238 s->ctx->stats.sess_miss++;
239 ret=NULL;
240 if (s->ctx->get_session_cb != NULL
241 && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
242 != NULL)
243 {
244 s->ctx->stats.sess_cb_hit++;
245
246 /* Increment reference count now if the session callback
247 * asks us to do so (note that if the session structures
248 * returned by the callback are shared between threads,
249 * it must handle the reference count itself [i.e. copy == 0],
250 * or things won't be thread-safe). */
251 if (copy)
252 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
253
254 /* The following should not return 1, otherwise,
255 * things are very strange */
256 SSL_CTX_add_session(s->ctx,ret);
257 }
258 if (ret == NULL)
259 goto err;
260 }
261
262 /* Now ret is non-NULL, and we own one of its reference counts. */
263
264 if((s->verify_mode&SSL_VERIFY_PEER)
265 && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
266 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
267 {
268 /* We've found the session named by the client, but we don't
269 * want to use it in this context. */
270
271 if (s->sid_ctx_length == 0)
272 {
273 /* application should have used SSL[_CTX]_set_session_id_context
274 * -- we could tolerate this and just pretend we never heard
275 * of this session, but then applications could effectively
276 * disable the session cache by accident without anyone noticing */
277
278 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
279 fatal = 1;
280 goto err;
281 }
282 else
283 {
284#if 0 /* The client cannot always know when a session is not appropriate,
285 * so we shouldn't generate an error message. */
286
287 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
288#endif
289 goto err; /* treat like cache miss */
290 }
291 }
292
293 if (ret->cipher == NULL)
294 {
295 unsigned char buf[5],*p;
296 unsigned long l;
297
298 p=buf;
299 l=ret->cipher_id;
300 l2n(l,p);
301 if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
302 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
303 else
304 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
305 if (ret->cipher == NULL)
306 goto err;
307 }
308
309
310#if 0 /* This is way too late. */
311
312 /* If a thread got the session, then 'swaped', and another got
313 * it and then due to a time-out decided to 'OPENSSL_free' it we could
314 * be in trouble. So I'll increment it now, then double decrement
315 * later - am I speaking rubbish?. */
316 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
317#endif
318
319 if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
320 {
321 s->ctx->stats.sess_timeout++;
322 /* remove it from the cache */
323 SSL_CTX_remove_session(s->ctx,ret);
324 goto err;
325 }
326
327 s->ctx->stats.sess_hit++;
328
329 /* ret->time=time(NULL); */ /* rezero timeout? */
330 /* again, just leave the session
331 * if it is the same session, we have just incremented and
332 * then decremented the reference count :-) */
333 if (s->session != NULL)
334 SSL_SESSION_free(s->session);
335 s->session=ret;
336 s->verify_result = s->session->verify_result;
337 return(1);
338
339 err:
340 if (ret != NULL)
341 SSL_SESSION_free(ret);
342 if (fatal)
343 return -1;
344 else
345 return 0;
346 }
347
348int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
349 {
350 int ret=0;
351 SSL_SESSION *s;
352
353 /* add just 1 reference count for the SSL_CTX's session cache
354 * even though it has two ways of access: each session is in a
355 * doubly linked list and an lhash */
356 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
357 /* if session c is in already in cache, we take back the increment later */
358
359 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
360 s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
361
362 /* s != NULL iff we already had a session with the given PID.
363 * In this case, s == c should hold (then we did not really modify
364 * ctx->sessions), or we're in trouble. */
365 if (s != NULL && s != c)
366 {
367 /* We *are* in trouble ... */
368 SSL_SESSION_list_remove(ctx,s);
369 SSL_SESSION_free(s);
370 /* ... so pretend the other session did not exist in cache
371 * (we cannot handle two SSL_SESSION structures with identical
372 * session ID in the same cache, which could happen e.g. when
373 * two threads concurrently obtain the same session from an external
374 * cache) */
375 s = NULL;
376 }
377
378 /* Put at the head of the queue unless it is already in the cache */
379 if (s == NULL)
380 SSL_SESSION_list_add(ctx,c);
381
382 if (s != NULL)
383 {
384 /* existing cache entry -- decrement previously incremented reference
385 * count because it already takes into account the cache */
386
387 SSL_SESSION_free(s); /* s == c */
388 ret=0;
389 }
390 else
391 {
392 /* new cache entry -- remove old ones if cache has become too large */
393
394 ret=1;
395
396 if (SSL_CTX_sess_get_cache_size(ctx) > 0)
397 {
398 while (SSL_CTX_sess_number(ctx) >
399 SSL_CTX_sess_get_cache_size(ctx))
400 {
401 if (!remove_session_lock(ctx,
402 ctx->session_cache_tail, 0))
403 break;
404 else
405 ctx->stats.sess_cache_full++;
406 }
407 }
408 }
409 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
410 return(ret);
411 }
412
413int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
414{
415 return remove_session_lock(ctx, c, 1);
416}
417
418static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
419 {
420 SSL_SESSION *r;
421 int ret=0;
422
423 if ((c != NULL) && (c->session_id_length != 0))
424 {
425 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
426 r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
427 if (r != NULL)
428 {
429 ret=1;
430 SSL_SESSION_list_remove(ctx,c);
431 }
432
433 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
434
435 if (ret)
436 {
437 r->not_resumable=1;
438 if (ctx->remove_session_cb != NULL)
439 ctx->remove_session_cb(ctx,r);
440 SSL_SESSION_free(r);
441 }
442 }
443 else
444 ret=0;
445 return(ret);
446 }
447
448void SSL_SESSION_free(SSL_SESSION *ss)
449 {
450 int i;
451
452 if(ss == NULL)
453 return;
454
455 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
456#ifdef REF_PRINT
457 REF_PRINT("SSL_SESSION",ss);
458#endif
459 if (i > 0) return;
460#ifdef REF_CHECK
461 if (i < 0)
462 {
463 fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
464 abort(); /* ok */
465 }
466#endif
467
468 CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
469
470 memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
471 memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
472 memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
473 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
474 if (ss->peer != NULL) X509_free(ss->peer);
475 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
476 memset(ss,0,sizeof(*ss));
477 OPENSSL_free(ss);
478 }
479
480int SSL_set_session(SSL *s, SSL_SESSION *session)
481 {
482 int ret=0;
483 SSL_METHOD *meth;
484
485 if (session != NULL)
486 {
487 meth=s->ctx->method->get_ssl_method(session->ssl_version);
488 if (meth == NULL)
489 meth=s->method->get_ssl_method(session->ssl_version);
490 if (meth == NULL)
491 {
492 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
493 return(0);
494 }
495
496 if (meth != s->method)
497 {
498 if (!SSL_set_ssl_method(s,meth))
499 return(0);
500 if (s->ctx->session_timeout == 0)
501 session->timeout=SSL_get_default_timeout(s);
502 else
503 session->timeout=s->ctx->session_timeout;
504 }
505
506 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
507 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
508 if (s->session != NULL)
509 SSL_SESSION_free(s->session);
510 s->session=session;
511 s->verify_result = s->session->verify_result;
512 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
513 ret=1;
514 }
515 else
516 {
517 if (s->session != NULL)
518 {
519 SSL_SESSION_free(s->session);
520 s->session=NULL;
521 }
522
523 meth=s->ctx->method;
524 if (meth != s->method)
525 {
526 if (!SSL_set_ssl_method(s,meth))
527 return(0);
528 }
529 ret=1;
530 }
531 return(ret);
532 }
533
534long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
535 {
536 if (s == NULL) return(0);
537 s->timeout=t;
538 return(1);
539 }
540
541long SSL_SESSION_get_timeout(SSL_SESSION *s)
542 {
543 if (s == NULL) return(0);
544 return(s->timeout);
545 }
546
547long SSL_SESSION_get_time(SSL_SESSION *s)
548 {
549 if (s == NULL) return(0);
550 return(s->time);
551 }
552
553long SSL_SESSION_set_time(SSL_SESSION *s, long t)
554 {
555 if (s == NULL) return(0);
556 s->time=t;
557 return(t);
558 }
559
560long SSL_CTX_set_timeout(SSL_CTX *s, long t)
561 {
562 long l;
563 if (s == NULL) return(0);
564 l=s->session_timeout;
565 s->session_timeout=t;
566 return(l);
567 }
568
569long SSL_CTX_get_timeout(SSL_CTX *s)
570 {
571 if (s == NULL) return(0);
572 return(s->session_timeout);
573 }
574
575typedef struct timeout_param_st
576 {
577 SSL_CTX *ctx;
578 long time;
579 LHASH *cache;
580 } TIMEOUT_PARAM;
581
582static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
583 {
584 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
585 {
586 /* The reason we don't call SSL_CTX_remove_session() is to
587 * save on locking overhead */
588 lh_delete(p->cache,s);
589 SSL_SESSION_list_remove(p->ctx,s);
590 s->not_resumable=1;
591 if (p->ctx->remove_session_cb != NULL)
592 p->ctx->remove_session_cb(p->ctx,s);
593 SSL_SESSION_free(s);
594 }
595 }
596
597void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
598 {
599 unsigned long i;
600 TIMEOUT_PARAM tp;
601
602 tp.ctx=s;
603 tp.cache=s->sessions;
604 if (tp.cache == NULL) return;
605 tp.time=t;
606 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
607 i=tp.cache->down_load;
608 tp.cache->down_load=0;
609 lh_doall_arg(tp.cache,(void (*)())timeout,&tp);
610 tp.cache->down_load=i;
611 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
612 }
613
614int ssl_clear_bad_session(SSL *s)
615 {
616 if ( (s->session != NULL) &&
617 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
618 !(SSL_in_init(s) || SSL_in_before(s)))
619 {
620 SSL_CTX_remove_session(s->ctx,s->session);
621 return(1);
622 }
623 else
624 return(0);
625 }
626
627/* locked by SSL_CTX in the calling function */
628static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
629 {
630 if ((s->next == NULL) || (s->prev == NULL)) return;
631
632 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
633 { /* last element in list */
634 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
635 { /* only one element in list */
636 ctx->session_cache_head=NULL;
637 ctx->session_cache_tail=NULL;
638 }
639 else
640 {
641 ctx->session_cache_tail=s->prev;
642 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
643 }
644 }
645 else
646 {
647 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
648 { /* first element in list */
649 ctx->session_cache_head=s->next;
650 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
651 }
652 else
653 { /* middle of list */
654 s->next->prev=s->prev;
655 s->prev->next=s->next;
656 }
657 }
658 s->prev=s->next=NULL;
659 }
660
661static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
662 {
663 if ((s->next != NULL) && (s->prev != NULL))
664 SSL_SESSION_list_remove(ctx,s);
665
666 if (ctx->session_cache_head == NULL)
667 {
668 ctx->session_cache_head=s;
669 ctx->session_cache_tail=s;
670 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
671 s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
672 }
673 else
674 {
675 s->next=ctx->session_cache_head;
676 s->next->prev=s;
677 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
678 ctx->session_cache_head=s;
679 }
680 }
681
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 8e12461f3b..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,454 +0,0 @@
1/* ssl/ssl_stat.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61
62char *SSL_state_string_long(SSL *s)
63 {
64 char *str;
65
66 switch (s->state)
67 {
68case SSL_ST_BEFORE: str="before SSL initialization"; break;
69case SSL_ST_ACCEPT: str="before accept initialization"; break;
70case SSL_ST_CONNECT: str="before connect initialization"; break;
71case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
72case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
73case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
74case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
75case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
76case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
77#ifndef NO_SSL2
78case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
79case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
80case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
81case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
82case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
83case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
84case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
85case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
86case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
87case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
88case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
89case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
90case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
91case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
92case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
93case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
94case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
95case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
96case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
97case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
98case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
99case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
100case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
101case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
102case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
103case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
104case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
105case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
106case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
107case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
108case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
109case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
110case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
111case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
112case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
113case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
114case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
115case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
116#endif
117
118#ifndef NO_SSL3
119/* SSLv3 additions */
120case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
121case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
122case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
123case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
124case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
125case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
126case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
127case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
128case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
129case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
130case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
131case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
132case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
133case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
134case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
135case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
136case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
137case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
138case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
139case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify A"; break;
140
141case SSL3_ST_CW_CHANGE_A:
142case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
143case SSL3_ST_CW_CHANGE_B:
144case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
145case SSL3_ST_CW_FINISHED_A:
146case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
147case SSL3_ST_CW_FINISHED_B:
148case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished A"; break;
149case SSL3_ST_CR_CHANGE_A:
150case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
151case SSL3_ST_CR_CHANGE_B:
152case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
153case SSL3_ST_CR_FINISHED_A:
154case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
155case SSL3_ST_CR_FINISHED_B:
156case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
157
158case SSL3_ST_CW_FLUSH:
159case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
160
161case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
162case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
163case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
164case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
165case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
166case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
167case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
168case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
169case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
170case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
171case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
172case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
173case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
174case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
175case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
176case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
177case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
178case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
179case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
180case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
181case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
182case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
183#endif
184
185#if !defined(NO_SSL2) && !defined(NO_SSL3)
186/* SSLv2/v3 compatibility states */
187/* client */
188case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
189case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
190case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
191case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
192/* server */
193case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
194case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
195#endif
196
197default: str="unknown state"; break;
198 }
199 return(str);
200 }
201
202char *SSL_rstate_string_long(SSL *s)
203 {
204 char *str;
205
206 switch (s->rstate)
207 {
208 case SSL_ST_READ_HEADER: str="read header"; break;
209 case SSL_ST_READ_BODY: str="read body"; break;
210 case SSL_ST_READ_DONE: str="read done"; break;
211 default: str="unknown"; break;
212 }
213 return(str);
214 }
215
216char *SSL_state_string(SSL *s)
217 {
218 char *str;
219
220 switch (s->state)
221 {
222case SSL_ST_BEFORE: str="PINIT "; break;
223case SSL_ST_ACCEPT: str="AINIT "; break;
224case SSL_ST_CONNECT: str="CINIT "; break;
225case SSL_ST_OK: str="SSLOK "; break;
226#ifndef NO_SSL2
227case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
228case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
229case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
230case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
231case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
232case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
233case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
234case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
235case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
236case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
237case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
238case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
239case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
240case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
241case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
242case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
243case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
244case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
245case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
246case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
247case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
248case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
249case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
250case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
251case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
252case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
253case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
254case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
255case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
256case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
257case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
258case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
259case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
260case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
261case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
262case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
263case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
264case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
265#endif
266
267#ifndef NO_SSL3
268/* SSLv3 additions */
269case SSL3_ST_SW_FLUSH:
270case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
271case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
272case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
273case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
274case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
275case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
276case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
277case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
278case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
279case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
280case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
281case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
282case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
283case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
284case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
285case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
286case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
287case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
288case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
289case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
290case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
291
292case SSL3_ST_SW_CHANGE_A:
293case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
294case SSL3_ST_SW_CHANGE_B:
295case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
296case SSL3_ST_SW_FINISHED_A:
297case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
298case SSL3_ST_SW_FINISHED_B:
299case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
300case SSL3_ST_SR_CHANGE_A:
301case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
302case SSL3_ST_SR_CHANGE_B:
303case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
304case SSL3_ST_SR_FINISHED_A:
305case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
306case SSL3_ST_SR_FINISHED_B:
307case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
308
309case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
310case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
311case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
312case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
313case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
314case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
315case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
316case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
317case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
318case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
319case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
320case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
321case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
322case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
323case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
324case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
325case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
326case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
327case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
328case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
329case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
330case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
331#endif
332
333#if !defined(NO_SSL2) && !defined(NO_SSL3)
334/* SSLv2/v3 compatibility states */
335/* client */
336case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
337case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
338case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
339case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
340/* server */
341case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
342case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
343#endif
344
345default: str="UNKWN "; break;
346 }
347 return(str);
348 }
349
350char *SSL_alert_type_string_long(int value)
351 {
352 value>>=8;
353 if (value == SSL3_AL_WARNING)
354 return("warning");
355 else if (value == SSL3_AL_FATAL)
356 return("fatal");
357 else
358 return("unknown");
359 }
360
361char *SSL_alert_type_string(int value)
362 {
363 value>>=8;
364 if (value == SSL3_AL_WARNING)
365 return("W");
366 else if (value == SSL3_AL_FATAL)
367 return("F");
368 else
369 return("U");
370 }
371
372char *SSL_alert_desc_string(int value)
373 {
374 char *str;
375
376 switch (value & 0xff)
377 {
378 case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
379 case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
380 case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
381 case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
382 case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
383 case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
384 case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
385 case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
386 case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
387 case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
388 case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
389 case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
390 default: str="UK"; break;
391 }
392 return(str);
393 }
394
395char *SSL_alert_desc_string_long(int value)
396 {
397 char *str;
398
399 switch (value & 0xff)
400 {
401 case SSL3_AD_CLOSE_NOTIFY:
402 str="close notify";
403 break;
404 case SSL3_AD_UNEXPECTED_MESSAGE:
405 str="unexpected_message";
406 break;
407 case SSL3_AD_BAD_RECORD_MAC:
408 str="bad record mac";
409 break;
410 case SSL3_AD_DECOMPRESSION_FAILURE:
411 str="decompression failure";
412 break;
413 case SSL3_AD_HANDSHAKE_FAILURE:
414 str="handshake failure";
415 break;
416 case SSL3_AD_NO_CERTIFICATE:
417 str="no certificate";
418 break;
419 case SSL3_AD_BAD_CERTIFICATE:
420 str="bad certificate";
421 break;
422 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
423 str="unsupported certificate";
424 break;
425 case SSL3_AD_CERTIFICATE_REVOKED:
426 str="certificate revoked";
427 break;
428 case SSL3_AD_CERTIFICATE_EXPIRED:
429 str="certificate expired";
430 break;
431 case SSL3_AD_CERTIFICATE_UNKNOWN:
432 str="certificate unknown";
433 break;
434 case SSL3_AD_ILLEGAL_PARAMETER:
435 str="illegal parameter";
436 break;
437 default: str="unknown"; break;
438 }
439 return(str);
440 }
441
442char *SSL_rstate_string(SSL *s)
443 {
444 char *str;
445
446 switch (s->rstate)
447 {
448 case SSL_ST_READ_HEADER:str="RH"; break;
449 case SSL_ST_READ_BODY: str="RB"; break;
450 case SSL_ST_READ_DONE: str="RD"; break;
451 default: str="unknown"; break;
452 }
453 return(str);
454 }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index 6e33eec3e4..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,174 +0,0 @@
1/* ssl/ssl_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/buffer.h>
61#include "ssl_locl.h"
62
63#ifndef NO_FP_API
64int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
65 {
66 BIO *b;
67 int ret;
68
69 if ((b=BIO_new(BIO_s_file_internal())) == NULL)
70 {
71 SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
72 return(0);
73 }
74 BIO_set_fp(b,fp,BIO_NOCLOSE);
75 ret=SSL_SESSION_print(b,x);
76 BIO_free(b);
77 return(ret);
78 }
79#endif
80
81int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
82 {
83 unsigned int i;
84 char *s;
85
86 if (x == NULL) goto err;
87 if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
88 if (x->ssl_version == SSL2_VERSION)
89 s="SSLv2";
90 else if (x->ssl_version == SSL3_VERSION)
91 s="SSLv3";
92 else if (x->ssl_version == TLS1_VERSION)
93 s="TLSv1";
94 else
95 s="unknown";
96 if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
97
98 if (x->cipher == NULL)
99 {
100 if (((x->cipher_id) & 0xff000000) == 0x02000000)
101 {
102 if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
103 goto err;
104 }
105 else
106 {
107 if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
108 goto err;
109 }
110 }
111 else
112 {
113 if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
114 goto err;
115 }
116 if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
117 for (i=0; i<x->session_id_length; i++)
118 {
119 if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
120 }
121 if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
122 for (i=0; i<x->sid_ctx_length; i++)
123 {
124 if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
125 goto err;
126 }
127 if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
128 for (i=0; i<(unsigned int)x->master_key_length; i++)
129 {
130 if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
131 }
132 if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
133 if (x->key_arg_length == 0)
134 {
135 if (BIO_puts(bp,"None") <= 0) goto err;
136 }
137 else
138 for (i=0; i<x->key_arg_length; i++)
139 {
140 if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
141 }
142 if (x->compress_meth != 0)
143 {
144 SSL_COMP *comp;
145
146 ssl_cipher_get_evp(x,NULL,NULL,&comp);
147 if (comp == NULL)
148 {
149 if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
150 }
151 else
152 {
153 if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
154 }
155 }
156 if (x->time != 0L)
157 {
158 if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
159 }
160 if (x->timeout != 0L)
161 {
162 if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
163 }
164 if (BIO_puts(bp,"\n") <= 0) goto err;
165
166 if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
167 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
168 X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
169
170 return(1);
171err:
172 return(0);
173 }
174
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-09 14:14:02 +0000