summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/LICENSE127
-rw-r--r--src/lib/libssl/bio_ssl.c605
-rw-r--r--src/lib/libssl/d1_both.c1598
-rw-r--r--src/lib/libssl/d1_clnt.c1710
-rw-r--r--src/lib/libssl/d1_enc.c260
-rw-r--r--src/lib/libssl/d1_lib.c482
-rw-r--r--src/lib/libssl/d1_meth.c77
-rw-r--r--src/lib/libssl/d1_pkt.c1893
-rw-r--r--src/lib/libssl/d1_srtp.c493
-rw-r--r--src/lib/libssl/d1_srvr.c1711
-rw-r--r--src/lib/libssl/doc/openssl.cnf350
-rw-r--r--src/lib/libssl/doc/openssl.txt1254
-rw-r--r--src/lib/libssl/doc/standards.txt285
-rw-r--r--src/lib/libssl/dtls1.h283
-rw-r--r--src/lib/libssl/s23_clnt.c779
-rw-r--r--src/lib/libssl/s23_lib.c187
-rw-r--r--src/lib/libssl/s23_pkt.c117
-rw-r--r--src/lib/libssl/s23_srvr.c638
-rw-r--r--src/lib/libssl/s3_both.c850
-rw-r--r--src/lib/libssl/s3_cbc.c790
-rw-r--r--src/lib/libssl/s3_clnt.c3371
-rw-r--r--src/lib/libssl/s3_lib.c4282
-rw-r--r--src/lib/libssl/s3_pkt.c1528
-rw-r--r--src/lib/libssl/s3_srvr.c3586
-rw-r--r--src/lib/libssl/shlib_version2
-rw-r--r--src/lib/libssl/srtp.h145
-rw-r--r--src/lib/libssl/ssl.h2573
-rw-r--r--src/lib/libssl/ssl2.h272
-rw-r--r--src/lib/libssl/ssl23.h83
-rw-r--r--src/lib/libssl/ssl3.h678
-rw-r--r--src/lib/libssl/ssl_algs.c149
-rw-r--r--src/lib/libssl/ssl_asn1.c642
-rw-r--r--src/lib/libssl/ssl_cert.c853
-rw-r--r--src/lib/libssl/ssl_ciph.c1852
-rw-r--r--src/lib/libssl/ssl_err.c609
-rw-r--r--src/lib/libssl/ssl_err2.c70
-rw-r--r--src/lib/libssl/ssl_lib.c3248
-rw-r--r--src/lib/libssl/ssl_locl.h1174
-rw-r--r--src/lib/libssl/ssl_rsa.c779
-rw-r--r--src/lib/libssl/ssl_sess.c1159
-rw-r--r--src/lib/libssl/ssl_stat.c567
-rw-r--r--src/lib/libssl/ssl_txt.c248
-rw-r--r--src/lib/libssl/t1_clnt.c92
-rw-r--r--src/lib/libssl/t1_enc.c1253
-rw-r--r--src/lib/libssl/t1_lib.c2578
-rw-r--r--src/lib/libssl/t1_meth.c88
-rw-r--r--src/lib/libssl/t1_reneg.c292
-rw-r--r--src/lib/libssl/t1_srvr.c93
-rw-r--r--src/lib/libssl/test/CAss.cnf76
-rw-r--r--src/lib/libssl/test/CAssdh.cnf24
-rw-r--r--src/lib/libssl/test/CAssdsa.cnf23
-rw-r--r--src/lib/libssl/test/CAssrsa.cnf24
-rw-r--r--src/lib/libssl/test/CAtsa.cnf163
-rw-r--r--src/lib/libssl/test/P1ss.cnf37
-rw-r--r--src/lib/libssl/test/P2ss.cnf45
-rw-r--r--src/lib/libssl/test/Sssdsa.cnf27
-rw-r--r--src/lib/libssl/test/Sssrsa.cnf26
-rw-r--r--src/lib/libssl/test/Uss.cnf36
-rw-r--r--src/lib/libssl/test/VMSca-response.11
-rw-r--r--src/lib/libssl/test/VMSca-response.22
-rwxr-xr-xsrc/lib/libssl/test/asn1test.c22
-rw-r--r--src/lib/libssl/test/bctest111
-rw-r--r--src/lib/libssl/test/cms-examples.pl409
-rw-r--r--src/lib/libssl/test/cms-test.pl457
-rw-r--r--src/lib/libssl/test/methtest.c105
-rw-r--r--src/lib/libssl/test/pkcs7-1.pem15
-rw-r--r--src/lib/libssl/test/pkcs7.pem54
-rw-r--r--src/lib/libssl/test/pkits-test.pl949
-rw-r--r--src/lib/libssl/test/r160test.c57
-rw-r--r--src/lib/libssl/test/smcont.txt1
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa1.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa2.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa3.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsap.pem9
-rw-r--r--src/lib/libssl/test/smime-certs/smroot.pem30
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa1.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa2.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa3.pem31
-rw-r--r--src/lib/libssl/test/tcrl78
-rw-r--r--src/lib/libssl/test/test.cnf88
-rw-r--r--src/lib/libssl/test/test_aesni69
-rwxr-xr-xsrc/lib/libssl/test/test_padlock64
-rw-r--r--src/lib/libssl/test/testca51
-rw-r--r--src/lib/libssl/test/testcrl.pem16
-rw-r--r--src/lib/libssl/test/testenc54
-rw-r--r--src/lib/libssl/test/testgen44
-rw-r--r--src/lib/libssl/test/testp7.pem46
-rw-r--r--src/lib/libssl/test/testreq2.pem7
-rw-r--r--src/lib/libssl/test/testrsa.pem9
-rw-r--r--src/lib/libssl/test/testsid.pem12
-rw-r--r--src/lib/libssl/test/testss163
-rw-r--r--src/lib/libssl/test/testssl161
-rw-r--r--src/lib/libssl/test/testsslproxy10
-rw-r--r--src/lib/libssl/test/testtsa238
-rw-r--r--src/lib/libssl/test/testx509.pem10
-rw-r--r--src/lib/libssl/test/times113
-rw-r--r--src/lib/libssl/test/tpkcs748
-rw-r--r--src/lib/libssl/test/tpkcs7d41
-rw-r--r--src/lib/libssl/test/treq83
-rw-r--r--src/lib/libssl/test/trsa83
-rw-r--r--src/lib/libssl/test/tsid78
-rw-r--r--src/lib/libssl/test/tx50978
-rw-r--r--src/lib/libssl/test/v3-cert1.pem16
-rw-r--r--src/lib/libssl/test/v3-cert2.pem16
-rw-r--r--src/lib/libssl/tls1.h735
105 files changed, 0 insertions, 52064 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index e47d101f10..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,127 +0,0 @@
1
2 LICENSE ISSUES
3 ==============
4
5 The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
6 the OpenSSL License and the original SSLeay license apply to the toolkit.
7 See below for the actual license texts. Actually both licenses are BSD-style
8 Open Source licenses. In case of any license issues related to OpenSSL
9 please contact openssl-core@openssl.org.
10
11 OpenSSL License
12 ---------------
13
14/* ====================================================================
15 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 *
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
23 *
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in
26 * the documentation and/or other materials provided with the
27 * distribution.
28 *
29 * 3. All advertising materials mentioning features or use of this
30 * software must display the following acknowledgment:
31 * "This product includes software developed by the OpenSSL Project
32 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
33 *
34 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
35 * endorse or promote products derived from this software without
36 * prior written permission. For written permission, please contact
37 * openssl-core@openssl.org.
38 *
39 * 5. Products derived from this software may not be called "OpenSSL"
40 * nor may "OpenSSL" appear in their names without prior written
41 * permission of the OpenSSL Project.
42 *
43 * 6. Redistributions of any form whatsoever must retain the following
44 * acknowledgment:
45 * "This product includes software developed by the OpenSSL Project
46 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
49 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
51 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
52 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
53 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
54 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
55 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
57 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
59 * OF THE POSSIBILITY OF SUCH DAMAGE.
60 * ====================================================================
61 *
62 * This product includes cryptographic software written by Eric Young
63 * (eay@cryptsoft.com). This product includes software written by Tim
64 * Hudson (tjh@cryptsoft.com).
65 *
66 */
67
68 Original SSLeay License
69 -----------------------
70
71/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
72 * All rights reserved.
73 *
74 * This package is an SSL implementation written
75 * by Eric Young (eay@cryptsoft.com).
76 * The implementation was written so as to conform with Netscapes SSL.
77 *
78 * This library is free for commercial and non-commercial use as long as
79 * the following conditions are aheared to. The following conditions
80 * apply to all code found in this distribution, be it the RC4, RSA,
81 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
82 * included with this distribution is covered by the same copyright terms
83 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
84 *
85 * Copyright remains Eric Young's, and as such any Copyright notices in
86 * the code are not to be removed.
87 * If this package is used in a product, Eric Young should be given attribution
88 * as the author of the parts of the library used.
89 * This can be in the form of a textual message at program startup or
90 * in documentation (online or textual) provided with the package.
91 *
92 * Redistribution and use in source and binary forms, with or without
93 * modification, are permitted provided that the following conditions
94 * are met:
95 * 1. Redistributions of source code must retain the copyright
96 * notice, this list of conditions and the following disclaimer.
97 * 2. Redistributions in binary form must reproduce the above copyright
98 * notice, this list of conditions and the following disclaimer in the
99 * documentation and/or other materials provided with the distribution.
100 * 3. All advertising materials mentioning features or use of this software
101 * must display the following acknowledgement:
102 * "This product includes cryptographic software written by
103 * Eric Young (eay@cryptsoft.com)"
104 * The word 'cryptographic' can be left out if the rouines from the library
105 * being used are not cryptographic related :-).
106 * 4. If you include any Windows specific code (or a derivative thereof) from
107 * the apps directory (application code) you must include an acknowledgement:
108 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
109 *
110 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
111 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
112 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
113 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
114 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
115 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
116 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
117 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
118 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
119 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
120 * SUCH DAMAGE.
121 *
122 * The licence and distribution terms for any publically available version or
123 * derivative of this code cannot be changed. i.e. this code cannot simply be
124 * copied and put under another distribution licence
125 * [including the GNU Public Licence.]
126 */
127
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index e9552caee2..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,605 +0,0 @@
1/* ssl/bio_ssl.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include <errno.h>
63#include <openssl/crypto.h>
64#include <openssl/bio.h>
65#include <openssl/err.h>
66#include <openssl/ssl.h>
67
68static int ssl_write(BIO *h, const char *buf, int num);
69static int ssl_read(BIO *h, char *buf, int size);
70static int ssl_puts(BIO *h, const char *str);
71static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
72static int ssl_new(BIO *h);
73static int ssl_free(BIO *data);
74static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
75typedef struct bio_ssl_st
76 {
77 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates;
80 unsigned long renegotiate_count;
81 unsigned long byte_count;
82 unsigned long renegotiate_timeout;
83 unsigned long last_time;
84 } BIO_SSL;
85
86static BIO_METHOD methods_sslp=
87 {
88 BIO_TYPE_SSL,"ssl",
89 ssl_write,
90 ssl_read,
91 ssl_puts,
92 NULL, /* ssl_gets, */
93 ssl_ctrl,
94 ssl_new,
95 ssl_free,
96 ssl_callback_ctrl,
97 };
98
99BIO_METHOD *BIO_f_ssl(void)
100 {
101 return(&methods_sslp);
102 }
103
104static int ssl_new(BIO *bi)
105 {
106 BIO_SSL *bs;
107
108 bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
109 if (bs == NULL)
110 {
111 BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
112 return(0);
113 }
114 memset(bs,0,sizeof(BIO_SSL));
115 bi->init=0;
116 bi->ptr=(char *)bs;
117 bi->flags=0;
118 return(1);
119 }
120
121static int ssl_free(BIO *a)
122 {
123 BIO_SSL *bs;
124
125 if (a == NULL) return(0);
126 bs=(BIO_SSL *)a->ptr;
127 if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
128 if (a->shutdown)
129 {
130 if (a->init && (bs->ssl != NULL))
131 SSL_free(bs->ssl);
132 a->init=0;
133 a->flags=0;
134 }
135 if (a->ptr != NULL)
136 OPENSSL_free(a->ptr);
137 return(1);
138 }
139
140static int ssl_read(BIO *b, char *out, int outl)
141 {
142 int ret=1;
143 BIO_SSL *sb;
144 SSL *ssl;
145 int retry_reason=0;
146 int r=0;
147
148 if (out == NULL) return(0);
149 sb=(BIO_SSL *)b->ptr;
150 ssl=sb->ssl;
151
152 BIO_clear_retry_flags(b);
153
154#if 0
155 if (!SSL_is_init_finished(ssl))
156 {
157/* ret=SSL_do_handshake(ssl); */
158 if (ret > 0)
159 {
160
161 outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
162 ret= -1;
163 goto end;
164 }
165 }
166#endif
167/* if (ret > 0) */
168 ret=SSL_read(ssl,out,outl);
169
170 switch (SSL_get_error(ssl,ret))
171 {
172 case SSL_ERROR_NONE:
173 if (ret <= 0) break;
174 if (sb->renegotiate_count > 0)
175 {
176 sb->byte_count+=ret;
177 if (sb->byte_count > sb->renegotiate_count)
178 {
179 sb->byte_count=0;
180 sb->num_renegotiates++;
181 SSL_renegotiate(ssl);
182 r=1;
183 }
184 }
185 if ((sb->renegotiate_timeout > 0) && (!r))
186 {
187 unsigned long tm;
188
189 tm=(unsigned long)time(NULL);
190 if (tm > sb->last_time+sb->renegotiate_timeout)
191 {
192 sb->last_time=tm;
193 sb->num_renegotiates++;
194 SSL_renegotiate(ssl);
195 }
196 }
197
198 break;
199 case SSL_ERROR_WANT_READ:
200 BIO_set_retry_read(b);
201 break;
202 case SSL_ERROR_WANT_WRITE:
203 BIO_set_retry_write(b);
204 break;
205 case SSL_ERROR_WANT_X509_LOOKUP:
206 BIO_set_retry_special(b);
207 retry_reason=BIO_RR_SSL_X509_LOOKUP;
208 break;
209 case SSL_ERROR_WANT_ACCEPT:
210 BIO_set_retry_special(b);
211 retry_reason=BIO_RR_ACCEPT;
212 break;
213 case SSL_ERROR_WANT_CONNECT:
214 BIO_set_retry_special(b);
215 retry_reason=BIO_RR_CONNECT;
216 break;
217 case SSL_ERROR_SYSCALL:
218 case SSL_ERROR_SSL:
219 case SSL_ERROR_ZERO_RETURN:
220 default:
221 break;
222 }
223
224 b->retry_reason=retry_reason;
225 return(ret);
226 }
227
228static int ssl_write(BIO *b, const char *out, int outl)
229 {
230 int ret,r=0;
231 int retry_reason=0;
232 SSL *ssl;
233 BIO_SSL *bs;
234
235 if (out == NULL) return(0);
236 bs=(BIO_SSL *)b->ptr;
237 ssl=bs->ssl;
238
239 BIO_clear_retry_flags(b);
240
241/* ret=SSL_do_handshake(ssl);
242 if (ret > 0) */
243 ret=SSL_write(ssl,out,outl);
244
245 switch (SSL_get_error(ssl,ret))
246 {
247 case SSL_ERROR_NONE:
248 if (ret <= 0) break;
249 if (bs->renegotiate_count > 0)
250 {
251 bs->byte_count+=ret;
252 if (bs->byte_count > bs->renegotiate_count)
253 {
254 bs->byte_count=0;
255 bs->num_renegotiates++;
256 SSL_renegotiate(ssl);
257 r=1;
258 }
259 }
260 if ((bs->renegotiate_timeout > 0) && (!r))
261 {
262 unsigned long tm;
263
264 tm=(unsigned long)time(NULL);
265 if (tm > bs->last_time+bs->renegotiate_timeout)
266 {
267 bs->last_time=tm;
268 bs->num_renegotiates++;
269 SSL_renegotiate(ssl);
270 }
271 }
272 break;
273 case SSL_ERROR_WANT_WRITE:
274 BIO_set_retry_write(b);
275 break;
276 case SSL_ERROR_WANT_READ:
277 BIO_set_retry_read(b);
278 break;
279 case SSL_ERROR_WANT_X509_LOOKUP:
280 BIO_set_retry_special(b);
281 retry_reason=BIO_RR_SSL_X509_LOOKUP;
282 break;
283 case SSL_ERROR_WANT_CONNECT:
284 BIO_set_retry_special(b);
285 retry_reason=BIO_RR_CONNECT;
286 case SSL_ERROR_SYSCALL:
287 case SSL_ERROR_SSL:
288 default:
289 break;
290 }
291
292 b->retry_reason=retry_reason;
293 return(ret);
294 }
295
296static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
297 {
298 SSL **sslp,*ssl;
299 BIO_SSL *bs;
300 BIO *dbio,*bio;
301 long ret=1;
302
303 bs=(BIO_SSL *)b->ptr;
304 ssl=bs->ssl;
305 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
306 return(0);
307 switch (cmd)
308 {
309 case BIO_CTRL_RESET:
310 SSL_shutdown(ssl);
311
312 if (ssl->handshake_func == ssl->method->ssl_connect)
313 SSL_set_connect_state(ssl);
314 else if (ssl->handshake_func == ssl->method->ssl_accept)
315 SSL_set_accept_state(ssl);
316
317 SSL_clear(ssl);
318
319 if (b->next_bio != NULL)
320 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
321 else if (ssl->rbio != NULL)
322 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
323 else
324 ret=1;
325 break;
326 case BIO_CTRL_INFO:
327 ret=0;
328 break;
329 case BIO_C_SSL_MODE:
330 if (num) /* client mode */
331 SSL_set_connect_state(ssl);
332 else
333 SSL_set_accept_state(ssl);
334 break;
335 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
336 ret=bs->renegotiate_timeout;
337 if (num < 60) num=5;
338 bs->renegotiate_timeout=(unsigned long)num;
339 bs->last_time=(unsigned long)time(NULL);
340 break;
341 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
342 ret=bs->renegotiate_count;
343 if ((long)num >=512)
344 bs->renegotiate_count=(unsigned long)num;
345 break;
346 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
347 ret=bs->num_renegotiates;
348 break;
349 case BIO_C_SET_SSL:
350 if (ssl != NULL)
351 {
352 ssl_free(b);
353 if (!ssl_new(b))
354 return 0;
355 }
356 b->shutdown=(int)num;
357 ssl=(SSL *)ptr;
358 ((BIO_SSL *)b->ptr)->ssl=ssl;
359 bio=SSL_get_rbio(ssl);
360 if (bio != NULL)
361 {
362 if (b->next_bio != NULL)
363 BIO_push(bio,b->next_bio);
364 b->next_bio=bio;
365 CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
366 }
367 b->init=1;
368 break;
369 case BIO_C_GET_SSL:
370 if (ptr != NULL)
371 {
372 sslp=(SSL **)ptr;
373 *sslp=ssl;
374 }
375 else
376 ret=0;
377 break;
378 case BIO_CTRL_GET_CLOSE:
379 ret=b->shutdown;
380 break;
381 case BIO_CTRL_SET_CLOSE:
382 b->shutdown=(int)num;
383 break;
384 case BIO_CTRL_WPENDING:
385 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
386 break;
387 case BIO_CTRL_PENDING:
388 ret=SSL_pending(ssl);
389 if (ret == 0)
390 ret=BIO_pending(ssl->rbio);
391 break;
392 case BIO_CTRL_FLUSH:
393 BIO_clear_retry_flags(b);
394 ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
395 BIO_copy_next_retry(b);
396 break;
397 case BIO_CTRL_PUSH:
398 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
399 {
400 SSL_set_bio(ssl,b->next_bio,b->next_bio);
401 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
402 }
403 break;
404 case BIO_CTRL_POP:
405 /* Only detach if we are the BIO explicitly being popped */
406 if (b == ptr)
407 {
408 /* Shouldn't happen in practice because the
409 * rbio and wbio are the same when pushed.
410 */
411 if (ssl->rbio != ssl->wbio)
412 BIO_free_all(ssl->wbio);
413 if (b->next_bio != NULL)
414 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
415 ssl->wbio=NULL;
416 ssl->rbio=NULL;
417 }
418 break;
419 case BIO_C_DO_STATE_MACHINE:
420 BIO_clear_retry_flags(b);
421
422 b->retry_reason=0;
423 ret=(int)SSL_do_handshake(ssl);
424
425 switch (SSL_get_error(ssl,(int)ret))
426 {
427 case SSL_ERROR_WANT_READ:
428 BIO_set_flags(b,
429 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
430 break;
431 case SSL_ERROR_WANT_WRITE:
432 BIO_set_flags(b,
433 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
434 break;
435 case SSL_ERROR_WANT_CONNECT:
436 BIO_set_flags(b,
437 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
438 b->retry_reason=b->next_bio->retry_reason;
439 break;
440 default:
441 break;
442 }
443 break;
444 case BIO_CTRL_DUP:
445 dbio=(BIO *)ptr;
446 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
447 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
448 ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
449 ((BIO_SSL *)dbio->ptr)->renegotiate_count=
450 ((BIO_SSL *)b->ptr)->renegotiate_count;
451 ((BIO_SSL *)dbio->ptr)->byte_count=
452 ((BIO_SSL *)b->ptr)->byte_count;
453 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
454 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
455 ((BIO_SSL *)dbio->ptr)->last_time=
456 ((BIO_SSL *)b->ptr)->last_time;
457 ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
458 break;
459 case BIO_C_GET_FD:
460 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
461 break;
462 case BIO_CTRL_SET_CALLBACK:
463 {
464#if 0 /* FIXME: Should this be used? -- Richard Levitte */
465 SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
466 ret = -1;
467#else
468 ret=0;
469#endif
470 }
471 break;
472 case BIO_CTRL_GET_CALLBACK:
473 {
474 void (**fptr)(const SSL *xssl,int type,int val);
475
476 fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
477 *fptr=SSL_get_info_callback(ssl);
478 }
479 break;
480 default:
481 ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
482 break;
483 }
484 return(ret);
485 }
486
487static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
488 {
489 SSL *ssl;
490 BIO_SSL *bs;
491 long ret=1;
492
493 bs=(BIO_SSL *)b->ptr;
494 ssl=bs->ssl;
495 switch (cmd)
496 {
497 case BIO_CTRL_SET_CALLBACK:
498 {
499 /* FIXME: setting this via a completely different prototype
500 seems like a crap idea */
501 SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
502 }
503 break;
504 default:
505 ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
506 break;
507 }
508 return(ret);
509 }
510
511static int ssl_puts(BIO *bp, const char *str)
512 {
513 int n,ret;
514
515 n=strlen(str);
516 ret=BIO_write(bp,str,n);
517 return(ret);
518 }
519
520BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
521 {
522#ifndef OPENSSL_NO_SOCK
523 BIO *ret=NULL,*buf=NULL,*ssl=NULL;
524
525 if ((buf=BIO_new(BIO_f_buffer())) == NULL)
526 return(NULL);
527 if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
528 goto err;
529 if ((ret=BIO_push(buf,ssl)) == NULL)
530 goto err;
531 return(ret);
532err:
533 if (buf != NULL) BIO_free(buf);
534 if (ssl != NULL) BIO_free(ssl);
535#endif
536 return(NULL);
537 }
538
539BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
540 {
541#ifndef OPENSSL_NO_SOCK
542 BIO *ret=NULL,*con=NULL,*ssl=NULL;
543
544 if ((con=BIO_new(BIO_s_connect())) == NULL)
545 return(NULL);
546 if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
547 goto err;
548 if ((ret=BIO_push(ssl,con)) == NULL)
549 goto err;
550 return(ret);
551err:
552 if (con != NULL) BIO_free(con);
553#endif
554 return(NULL);
555 }
556
557BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
558 {
559 BIO *ret;
560 SSL *ssl;
561
562 if ((ret=BIO_new(BIO_f_ssl())) == NULL)
563 return(NULL);
564 if ((ssl=SSL_new(ctx)) == NULL)
565 {
566 BIO_free(ret);
567 return(NULL);
568 }
569 if (client)
570 SSL_set_connect_state(ssl);
571 else
572 SSL_set_accept_state(ssl);
573
574 BIO_set_ssl(ret,ssl,BIO_CLOSE);
575 return(ret);
576 }
577
578int BIO_ssl_copy_session_id(BIO *t, BIO *f)
579 {
580 t=BIO_find_type(t,BIO_TYPE_SSL);
581 f=BIO_find_type(f,BIO_TYPE_SSL);
582 if ((t == NULL) || (f == NULL))
583 return(0);
584 if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
585 (((BIO_SSL *)f->ptr)->ssl == NULL))
586 return(0);
587 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
588 return(1);
589 }
590
591void BIO_ssl_shutdown(BIO *b)
592 {
593 SSL *s;
594
595 while (b != NULL)
596 {
597 if (b->method->type == BIO_TYPE_SSL)
598 {
599 s=((BIO_SSL *)b->ptr)->ssl;
600 SSL_shutdown(s);
601 break;
602 }
603 b=b->next_bio;
604 }
605 }
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
deleted file mode 100644
index 72b3b20ae4..0000000000
--- a/src/lib/libssl/d1_both.c
+++ /dev/null
@@ -1,1598 +0,0 @@
1/* ssl/d1_both.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <string.h>
118#include <stdio.h>
119#include "ssl_locl.h"
120#include <openssl/buffer.h>
121#include <openssl/rand.h>
122#include <openssl/objects.h>
123#include <openssl/evp.h>
124#include <openssl/x509.h>
125
126#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
127
128#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
129 if ((end) - (start) <= 8) { \
130 long ii; \
131 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
132 } else { \
133 long ii; \
134 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
135 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
136 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
137 } }
138
139#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
140 long ii; \
141 OPENSSL_assert((msg_len) > 0); \
142 is_complete = 1; \
143 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
144 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
145 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
146
147#if 0
148#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
149 long ii; \
150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
152 printf("\n"); }
153#endif
154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
156static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
157
158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160
161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163 unsigned long frag_len);
164static unsigned char *dtls1_write_message_header(SSL *s,
165 unsigned char *p);
166static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
167 unsigned long len, unsigned short seq_num, unsigned long frag_off,
168 unsigned long frag_len);
169static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
170 long max, int *ok);
171
172static hm_fragment *
173dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
174 {
175 hm_fragment *frag = NULL;
176 unsigned char *buf = NULL;
177 unsigned char *bitmask = NULL;
178
179 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
180 if ( frag == NULL)
181 return NULL;
182
183 if (frag_len)
184 {
185 buf = (unsigned char *)OPENSSL_malloc(frag_len);
186 if ( buf == NULL)
187 {
188 OPENSSL_free(frag);
189 return NULL;
190 }
191 }
192
193 /* zero length fragment gets zero frag->fragment */
194 frag->fragment = buf;
195
196 /* Initialize reassembly bitmask if necessary */
197 if (reassembly)
198 {
199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
200 if (bitmask == NULL)
201 {
202 if (buf != NULL) OPENSSL_free(buf);
203 OPENSSL_free(frag);
204 return NULL;
205 }
206 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
207 }
208
209 frag->reassembly = bitmask;
210
211 return frag;
212 }
213
214static void
215dtls1_hm_fragment_free(hm_fragment *frag)
216 {
217
218 if (frag->msg_header.is_ccs)
219 {
220 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
221 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
222 }
223
224 if (frag->fragment) OPENSSL_free(frag->fragment);
225 if (frag->reassembly) OPENSSL_free(frag->reassembly);
226 OPENSSL_free(frag);
227 }
228
229/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
230int dtls1_do_write(SSL *s, int type)
231 {
232 int ret;
233 int curr_mtu;
234 unsigned int len, frag_off, mac_size, blocksize;
235
236 /* AHA! Figure out the MTU, and stick to the right size */
237 if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
238 {
239 s->d1->mtu =
240 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
241
242 /* I've seen the kernel return bogus numbers when it doesn't know
243 * (initial write), so just make sure we have a reasonable number */
244 if (s->d1->mtu < dtls1_min_mtu())
245 {
246 s->d1->mtu = 0;
247 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
248 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
249 s->d1->mtu, NULL);
250 }
251 }
252#if 0
253 mtu = s->d1->mtu;
254
255 fprintf(stderr, "using MTU = %d\n", mtu);
256
257 mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
258
259 curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
260
261 if ( curr_mtu > 0)
262 mtu = curr_mtu;
263 else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
264 return ret;
265
266 if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
267 {
268 ret = BIO_flush(SSL_get_wbio(s));
269 if ( ret <= 0)
270 return ret;
271 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
272 }
273#endif
274
275 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */
276
277 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
278 OPENSSL_assert(s->init_num ==
279 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
280
281 if (s->write_hash)
282 mac_size = EVP_MD_CTX_size(s->write_hash);
283 else
284 mac_size = 0;
285
286 if (s->enc_write_ctx &&
287 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
288 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
289 else
290 blocksize = 0;
291
292 frag_off = 0;
293 while( s->init_num)
294 {
295 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
296 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
297
298 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
299 {
300 /* grr.. we could get an error if MTU picked was wrong */
301 ret = BIO_flush(SSL_get_wbio(s));
302 if ( ret <= 0)
303 return ret;
304 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
305 mac_size - blocksize;
306 }
307
308 if ( s->init_num > curr_mtu)
309 len = curr_mtu;
310 else
311 len = s->init_num;
312
313
314 /* XDTLS: this function is too long. split out the CCS part */
315 if ( type == SSL3_RT_HANDSHAKE)
316 {
317 if ( s->init_off != 0)
318 {
319 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
320 s->init_off -= DTLS1_HM_HEADER_LENGTH;
321 s->init_num += DTLS1_HM_HEADER_LENGTH;
322
323 /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
324 if ( len <= DTLS1_HM_HEADER_LENGTH)
325 len += DTLS1_HM_HEADER_LENGTH;
326 }
327
328 dtls1_fix_message_header(s, frag_off,
329 len - DTLS1_HM_HEADER_LENGTH);
330
331 dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
332
333 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
334 }
335
336 ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
337 len);
338 if (ret < 0)
339 {
340 /* might need to update MTU here, but we don't know
341 * which previous packet caused the failure -- so can't
342 * really retransmit anything. continue as if everything
343 * is fine and wait for an alert to handle the
344 * retransmit
345 */
346 if ( BIO_ctrl(SSL_get_wbio(s),
347 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
348 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
349 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
350 else
351 return(-1);
352 }
353 else
354 {
355
356 /* bad if this assert fails, only part of the handshake
357 * message got sent. but why would this happen? */
358 OPENSSL_assert(len == (unsigned int)ret);
359
360 if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
361 {
362 /* should not be done for 'Hello Request's, but in that case
363 * we'll ignore the result anyway */
364 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
365 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
366 int xlen;
367
368 if (frag_off == 0 && s->version != DTLS1_BAD_VER)
369 {
370 /* reconstruct message header is if it
371 * is being sent in single fragment */
372 *p++ = msg_hdr->type;
373 l2n3(msg_hdr->msg_len,p);
374 s2n (msg_hdr->seq,p);
375 l2n3(0,p);
376 l2n3(msg_hdr->msg_len,p);
377 p -= DTLS1_HM_HEADER_LENGTH;
378 xlen = ret;
379 }
380 else
381 {
382 p += DTLS1_HM_HEADER_LENGTH;
383 xlen = ret - DTLS1_HM_HEADER_LENGTH;
384 }
385
386 ssl3_finish_mac(s, p, xlen);
387 }
388
389 if (ret == s->init_num)
390 {
391 if (s->msg_callback)
392 s->msg_callback(1, s->version, type, s->init_buf->data,
393 (size_t)(s->init_off + s->init_num), s,
394 s->msg_callback_arg);
395
396 s->init_off = 0; /* done writing this message */
397 s->init_num = 0;
398
399 return(1);
400 }
401 s->init_off+=ret;
402 s->init_num-=ret;
403 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
404 }
405 }
406 return(0);
407 }
408
409
410/* Obtain handshake message of message type 'mt' (any if mt == -1),
411 * maximum acceptable body length 'max'.
412 * Read an entire handshake message. Handshake messages arrive in
413 * fragments.
414 */
415long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
416 {
417 int i, al;
418 struct hm_header_st *msg_hdr;
419 unsigned char *p;
420 unsigned long msg_len;
421
422 /* s3->tmp is used to store messages that are unexpected, caused
423 * by the absence of an optional handshake message */
424 if (s->s3->tmp.reuse_message)
425 {
426 s->s3->tmp.reuse_message=0;
427 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
428 {
429 al=SSL_AD_UNEXPECTED_MESSAGE;
430 SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
431 goto f_err;
432 }
433 *ok=1;
434 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
435 s->init_num = (int)s->s3->tmp.message_size;
436 return s->init_num;
437 }
438
439 msg_hdr = &s->d1->r_msg_hdr;
440 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
441
442again:
443 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
444 if ( i == DTLS1_HM_BAD_FRAGMENT ||
445 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
446 goto again;
447 else if ( i <= 0 && !*ok)
448 return i;
449
450 p = (unsigned char *)s->init_buf->data;
451 msg_len = msg_hdr->msg_len;
452
453 /* reconstruct message header */
454 *(p++) = msg_hdr->type;
455 l2n3(msg_len,p);
456 s2n (msg_hdr->seq,p);
457 l2n3(0,p);
458 l2n3(msg_len,p);
459 if (s->version != DTLS1_BAD_VER) {
460 p -= DTLS1_HM_HEADER_LENGTH;
461 msg_len += DTLS1_HM_HEADER_LENGTH;
462 }
463
464 ssl3_finish_mac(s, p, msg_len);
465 if (s->msg_callback)
466 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
467 p, msg_len,
468 s, s->msg_callback_arg);
469
470 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
471
472 /* Don't change sequence numbers while listening */
473 if (!s->d1->listen)
474 s->d1->handshake_read_seq++;
475
476 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
477 return s->init_num;
478
479f_err:
480 ssl3_send_alert(s,SSL3_AL_FATAL,al);
481 *ok = 0;
482 return -1;
483 }
484
485
486static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
487 {
488 size_t frag_off,frag_len,msg_len;
489
490 msg_len = msg_hdr->msg_len;
491 frag_off = msg_hdr->frag_off;
492 frag_len = msg_hdr->frag_len;
493
494 /* sanity checking */
495 if ( (frag_off+frag_len) > msg_len)
496 {
497 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
498 return SSL_AD_ILLEGAL_PARAMETER;
499 }
500
501 if ( (frag_off+frag_len) > (unsigned long)max)
502 {
503 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
504 return SSL_AD_ILLEGAL_PARAMETER;
505 }
506
507 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
508 {
509 /* msg_len is limited to 2^24, but is effectively checked
510 * against max above */
511 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH))
512 {
513 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
514 return SSL_AD_INTERNAL_ERROR;
515 }
516
517 s->s3->tmp.message_size = msg_len;
518 s->d1->r_msg_hdr.msg_len = msg_len;
519 s->s3->tmp.message_type = msg_hdr->type;
520 s->d1->r_msg_hdr.type = msg_hdr->type;
521 s->d1->r_msg_hdr.seq = msg_hdr->seq;
522 }
523 else if (msg_len != s->d1->r_msg_hdr.msg_len)
524 {
525 /* They must be playing with us! BTW, failure to enforce
526 * upper limit would open possibility for buffer overrun. */
527 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
528 return SSL_AD_ILLEGAL_PARAMETER;
529 }
530
531 return 0; /* no error */
532 }
533
534
535static int
536dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
537 {
538 /* (0) check whether the desired fragment is available
539 * if so:
540 * (1) copy over the fragment to s->init_buf->data[]
541 * (2) update s->init_num
542 */
543 pitem *item;
544 hm_fragment *frag;
545 int al;
546
547 *ok = 0;
548 item = pqueue_peek(s->d1->buffered_messages);
549 if ( item == NULL)
550 return 0;
551
552 frag = (hm_fragment *)item->data;
553
554 /* Don't return if reassembly still in progress */
555 if (frag->reassembly != NULL)
556 return 0;
557
558 if ( s->d1->handshake_read_seq == frag->msg_header.seq)
559 {
560 unsigned long frag_len = frag->msg_header.frag_len;
561 pqueue_pop(s->d1->buffered_messages);
562
563 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
564
565 if (al==0) /* no alert */
566 {
567 unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
568 memcpy(&p[frag->msg_header.frag_off],
569 frag->fragment,frag->msg_header.frag_len);
570 }
571
572 dtls1_hm_fragment_free(frag);
573 pitem_free(item);
574
575 if (al==0)
576 {
577 *ok = 1;
578 return frag_len;
579 }
580
581 ssl3_send_alert(s,SSL3_AL_FATAL,al);
582 s->init_num = 0;
583 *ok = 0;
584 return -1;
585 }
586 else
587 return 0;
588 }
589
590
591static int
592dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
593 {
594 hm_fragment *frag = NULL;
595 pitem *item = NULL;
596 int i = -1, is_complete;
597 unsigned char seq64be[8];
598 unsigned long frag_len = msg_hdr->frag_len, max_len;
599
600 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
601 goto err;
602
603 /* Determine maximum allowed message size. Depends on (user set)
604 * maximum certificate length, but 16k is minimum.
605 */
606 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
607 max_len = s->max_cert_list;
608 else
609 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
610
611 if ((msg_hdr->frag_off+frag_len) > max_len)
612 goto err;
613
614 /* Try to find item in queue */
615 memset(seq64be,0,sizeof(seq64be));
616 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
617 seq64be[7] = (unsigned char) msg_hdr->seq;
618 item = pqueue_find(s->d1->buffered_messages, seq64be);
619
620 if (item == NULL)
621 {
622 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
623 if ( frag == NULL)
624 goto err;
625 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
626 frag->msg_header.frag_len = frag->msg_header.msg_len;
627 frag->msg_header.frag_off = 0;
628 }
629 else
630 frag = (hm_fragment*) item->data;
631
632 /* If message is already reassembled, this must be a
633 * retransmit and can be dropped.
634 */
635 if (frag->reassembly == NULL)
636 {
637 unsigned char devnull [256];
638
639 while (frag_len)
640 {
641 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
642 devnull,
643 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
644 if (i<=0) goto err;
645 frag_len -= i;
646 }
647 return DTLS1_HM_FRAGMENT_RETRY;
648 }
649
650 /* read the body of the fragment (header has already been read */
651 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
652 frag->fragment + msg_hdr->frag_off,frag_len,0);
653 if (i<=0 || (unsigned long)i!=frag_len)
654 goto err;
655
656 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
657 (long)(msg_hdr->frag_off + frag_len));
658
659 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
660 is_complete);
661
662 if (is_complete)
663 {
664 OPENSSL_free(frag->reassembly);
665 frag->reassembly = NULL;
666 }
667
668 if (item == NULL)
669 {
670 memset(seq64be,0,sizeof(seq64be));
671 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
672 seq64be[7] = (unsigned char)(msg_hdr->seq);
673
674 item = pitem_new(seq64be, frag);
675 if (item == NULL)
676 {
677 goto err;
678 i = -1;
679 }
680
681 pqueue_insert(s->d1->buffered_messages, item);
682 }
683
684 return DTLS1_HM_FRAGMENT_RETRY;
685
686err:
687 if (frag != NULL) dtls1_hm_fragment_free(frag);
688 if (item != NULL) OPENSSL_free(item);
689 *ok = 0;
690 return i;
691 }
692
693
694static int
695dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
696{
697 int i=-1;
698 hm_fragment *frag = NULL;
699 pitem *item = NULL;
700 unsigned char seq64be[8];
701 unsigned long frag_len = msg_hdr->frag_len;
702
703 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
704 goto err;
705
706 /* Try to find item in queue, to prevent duplicate entries */
707 memset(seq64be,0,sizeof(seq64be));
708 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
709 seq64be[7] = (unsigned char) msg_hdr->seq;
710 item = pqueue_find(s->d1->buffered_messages, seq64be);
711
712 /* If we already have an entry and this one is a fragment,
713 * don't discard it and rather try to reassemble it.
714 */
715 if (item != NULL && frag_len < msg_hdr->msg_len)
716 item = NULL;
717
718 /* Discard the message if sequence number was already there, is
719 * too far in the future, already in the queue or if we received
720 * a FINISHED before the SERVER_HELLO, which then must be a stale
721 * retransmit.
722 */
723 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
724 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
725 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
726 {
727 unsigned char devnull [256];
728
729 while (frag_len)
730 {
731 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
732 devnull,
733 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
734 if (i<=0) goto err;
735 frag_len -= i;
736 }
737 }
738 else
739 {
740 if (frag_len && frag_len < msg_hdr->msg_len)
741 return dtls1_reassemble_fragment(s, msg_hdr, ok);
742
743 frag = dtls1_hm_fragment_new(frag_len, 0);
744 if ( frag == NULL)
745 goto err;
746
747 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
748
749 if (frag_len)
750 {
751 /* read the body of the fragment (header has already been read */
752 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
753 frag->fragment,frag_len,0);
754 if (i<=0 || (unsigned long)i!=frag_len)
755 goto err;
756 }
757
758 memset(seq64be,0,sizeof(seq64be));
759 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
760 seq64be[7] = (unsigned char)(msg_hdr->seq);
761
762 item = pitem_new(seq64be, frag);
763 if ( item == NULL)
764 goto err;
765
766 pqueue_insert(s->d1->buffered_messages, item);
767 }
768
769 return DTLS1_HM_FRAGMENT_RETRY;
770
771err:
772 if ( frag != NULL) dtls1_hm_fragment_free(frag);
773 if ( item != NULL) OPENSSL_free(item);
774 *ok = 0;
775 return i;
776 }
777
778
779static long
780dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
781 {
782 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
783 unsigned long len, frag_off, frag_len;
784 int i,al;
785 struct hm_header_st msg_hdr;
786
787 /* see if we have the required fragment already */
788 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
789 {
790 if (*ok) s->init_num = frag_len;
791 return frag_len;
792 }
793
794 /* read handshake message header */
795 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
796 DTLS1_HM_HEADER_LENGTH, 0);
797 if (i <= 0) /* nbio, or an error */
798 {
799 s->rwstate=SSL_READING;
800 *ok = 0;
801 return i;
802 }
803 /* Handshake fails if message header is incomplete */
804 if (i != DTLS1_HM_HEADER_LENGTH)
805 {
806 al=SSL_AD_UNEXPECTED_MESSAGE;
807 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
808 goto f_err;
809 }
810
811 /* parse the message fragment header */
812 dtls1_get_message_header(wire, &msg_hdr);
813
814 /*
815 * if this is a future (or stale) message it gets buffered
816 * (or dropped)--no further processing at this time
817 * While listening, we accept seq 1 (ClientHello with cookie)
818 * although we're still expecting seq 0 (ClientHello)
819 */
820 if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
821 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
822
823 len = msg_hdr.msg_len;
824 frag_off = msg_hdr.frag_off;
825 frag_len = msg_hdr.frag_len;
826
827 if (frag_len && frag_len < len)
828 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
829
830 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
831 wire[0] == SSL3_MT_HELLO_REQUEST)
832 {
833 /* The server may always send 'Hello Request' messages --
834 * we are doing a handshake anyway now, so ignore them
835 * if their format is correct. Does not count for
836 * 'Finished' MAC. */
837 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
838 {
839 if (s->msg_callback)
840 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
841 wire, DTLS1_HM_HEADER_LENGTH, s,
842 s->msg_callback_arg);
843
844 s->init_num = 0;
845 return dtls1_get_message_fragment(s, st1, stn,
846 max, ok);
847 }
848 else /* Incorrectly formated Hello request */
849 {
850 al=SSL_AD_UNEXPECTED_MESSAGE;
851 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
852 goto f_err;
853 }
854 }
855
856 if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
857 goto f_err;
858
859 /* XDTLS: ressurect this when restart is in place */
860 s->state=stn;
861
862 if ( frag_len > 0)
863 {
864 unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
865
866 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
867 &p[frag_off],frag_len,0);
868 /* XDTLS: fix this--message fragments cannot span multiple packets */
869 if (i <= 0)
870 {
871 s->rwstate=SSL_READING;
872 *ok = 0;
873 return i;
874 }
875 }
876 else
877 i = 0;
878
879 /* XDTLS: an incorrectly formatted fragment should cause the
880 * handshake to fail */
881 if (i != (int)frag_len)
882 {
883 al=SSL3_AD_ILLEGAL_PARAMETER;
884 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
885 goto f_err;
886 }
887
888 *ok = 1;
889
890 /* Note that s->init_num is *not* used as current offset in
891 * s->init_buf->data, but as a counter summing up fragments'
892 * lengths: as soon as they sum up to handshake packet
893 * length, we assume we have got all the fragments. */
894 s->init_num = frag_len;
895 return frag_len;
896
897f_err:
898 ssl3_send_alert(s,SSL3_AL_FATAL,al);
899 s->init_num = 0;
900
901 *ok=0;
902 return(-1);
903 }
904
905int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
906 {
907 unsigned char *p,*d;
908 int i;
909 unsigned long l;
910
911 if (s->state == a)
912 {
913 d=(unsigned char *)s->init_buf->data;
914 p= &(d[DTLS1_HM_HEADER_LENGTH]);
915
916 i=s->method->ssl3_enc->final_finish_mac(s,
917 sender,slen,s->s3->tmp.finish_md);
918 s->s3->tmp.finish_md_len = i;
919 memcpy(p, s->s3->tmp.finish_md, i);
920 p+=i;
921 l=i;
922
923 /* Copy the finished so we can use it for
924 * renegotiation checks
925 */
926 if(s->type == SSL_ST_CONNECT)
927 {
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
929 memcpy(s->s3->previous_client_finished,
930 s->s3->tmp.finish_md, i);
931 s->s3->previous_client_finished_len=i;
932 }
933 else
934 {
935 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
936 memcpy(s->s3->previous_server_finished,
937 s->s3->tmp.finish_md, i);
938 s->s3->previous_server_finished_len=i;
939 }
940
941#ifdef OPENSSL_SYS_WIN16
942 /* MSVC 1.5 does not clear the top bytes of the word unless
943 * I do this.
944 */
945 l&=0xffff;
946#endif
947
948 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
949 s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
950 s->init_off=0;
951
952 /* buffer the message to handle re-xmits */
953 dtls1_buffer_message(s, 0);
954
955 s->state=b;
956 }
957
958 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
959 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
960 }
961
962/* for these 2 messages, we need to
963 * ssl->enc_read_ctx re-init
964 * ssl->s3->read_sequence zero
965 * ssl->s3->read_mac_secret re-init
966 * ssl->session->read_sym_enc assign
967 * ssl->session->read_compression assign
968 * ssl->session->read_hash assign
969 */
970int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
971 {
972 unsigned char *p;
973
974 if (s->state == a)
975 {
976 p=(unsigned char *)s->init_buf->data;
977 *p++=SSL3_MT_CCS;
978 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
979 s->init_num=DTLS1_CCS_HEADER_LENGTH;
980
981 if (s->version == DTLS1_BAD_VER) {
982 s->d1->next_handshake_write_seq++;
983 s2n(s->d1->handshake_write_seq,p);
984 s->init_num+=2;
985 }
986
987 s->init_off=0;
988
989 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
990 s->d1->handshake_write_seq, 0, 0);
991
992 /* buffer the message to handle re-xmits */
993 dtls1_buffer_message(s, 1);
994
995 s->state=b;
996 }
997
998 /* SSL3_ST_CW_CHANGE_B */
999 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
1000 }
1001
1002static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
1003 {
1004 int n;
1005 unsigned char *p;
1006
1007 n=i2d_X509(x,NULL);
1008 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
1009 {
1010 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1011 return 0;
1012 }
1013 p=(unsigned char *)&(buf->data[*l]);
1014 l2n3(n,p);
1015 i2d_X509(x,&p);
1016 *l+=n+3;
1017
1018 return 1;
1019 }
1020unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
1021 {
1022 unsigned char *p;
1023 int i;
1024 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
1025 BUF_MEM *buf;
1026
1027 /* TLSv1 sends a chain with nothing in it, instead of an alert */
1028 buf=s->init_buf;
1029 if (!BUF_MEM_grow_clean(buf,10))
1030 {
1031 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
1032 return(0);
1033 }
1034 if (x != NULL)
1035 {
1036 X509_STORE_CTX xs_ctx;
1037
1038 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
1039 {
1040 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
1041 return(0);
1042 }
1043
1044 X509_verify_cert(&xs_ctx);
1045 /* Don't leave errors in the queue */
1046 ERR_clear_error();
1047 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
1048 {
1049 x = sk_X509_value(xs_ctx.chain, i);
1050
1051 if (!dtls1_add_cert_to_buf(buf, &l, x))
1052 {
1053 X509_STORE_CTX_cleanup(&xs_ctx);
1054 return 0;
1055 }
1056 }
1057 X509_STORE_CTX_cleanup(&xs_ctx);
1058 }
1059 /* Thawte special :-) */
1060 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
1061 {
1062 x=sk_X509_value(s->ctx->extra_certs,i);
1063 if (!dtls1_add_cert_to_buf(buf, &l, x))
1064 return 0;
1065 }
1066
1067 l-= (3 + DTLS1_HM_HEADER_LENGTH);
1068
1069 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1070 l2n3(l,p);
1071 l+=3;
1072 p=(unsigned char *)&(buf->data[0]);
1073 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1074
1075 l+=DTLS1_HM_HEADER_LENGTH;
1076 return(l);
1077 }
1078
1079int dtls1_read_failed(SSL *s, int code)
1080 {
1081 if ( code > 0)
1082 {
1083 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
1084 return 1;
1085 }
1086
1087 if (!dtls1_is_timer_expired(s))
1088 {
1089 /* not a timeout, none of our business,
1090 let higher layers handle this. in fact it's probably an error */
1091 return code;
1092 }
1093
1094#ifndef OPENSSL_NO_HEARTBEATS
1095 if (!SSL_in_init(s) && !s->tlsext_hb_pending) /* done, no need to send a retransmit */
1096#else
1097 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1098#endif
1099 {
1100 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1101 return code;
1102 }
1103
1104#if 0 /* for now, each alert contains only one record number */
1105 item = pqueue_peek(state->rcvd_records);
1106 if ( item )
1107 {
1108 /* send an alert immediately for all the missing records */
1109 }
1110 else
1111#endif
1112
1113#if 0 /* no more alert sending, just retransmit the last set of messages */
1114 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
1115 ssl3_send_alert(s,SSL3_AL_WARNING,
1116 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1117#endif
1118
1119 return dtls1_handle_timeout(s);
1120 }
1121
1122int
1123dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1124 {
1125 /* The index of the retransmission queue actually is the message sequence number,
1126 * since the queue only contains messages of a single handshake. However, the
1127 * ChangeCipherSpec has no message sequence number and so using only the sequence
1128 * will result in the CCS and Finished having the same index. To prevent this,
1129 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
1130 * This does not only differ CSS and Finished, it also maintains the order of the
1131 * index (important for priority queues) and fits in the unsigned short variable.
1132 */
1133 return seq * 2 - is_ccs;
1134 }
1135
1136int
1137dtls1_retransmit_buffered_messages(SSL *s)
1138 {
1139 pqueue sent = s->d1->sent_messages;
1140 piterator iter;
1141 pitem *item;
1142 hm_fragment *frag;
1143 int found = 0;
1144
1145 iter = pqueue_iterator(sent);
1146
1147 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
1148 {
1149 frag = (hm_fragment *)item->data;
1150 if ( dtls1_retransmit_message(s,
1151 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
1152 0, &found) <= 0 && found)
1153 {
1154 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1155 return -1;
1156 }
1157 }
1158
1159 return 1;
1160 }
1161
1162int
1163dtls1_buffer_message(SSL *s, int is_ccs)
1164 {
1165 pitem *item;
1166 hm_fragment *frag;
1167 unsigned char seq64be[8];
1168
1169 /* this function is called immediately after a message has
1170 * been serialized */
1171 OPENSSL_assert(s->init_off == 0);
1172
1173 frag = dtls1_hm_fragment_new(s->init_num, 0);
1174
1175 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1176
1177 if ( is_ccs)
1178 {
1179 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1180 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
1181 }
1182 else
1183 {
1184 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1185 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1186 }
1187
1188 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1189 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
1190 frag->msg_header.type = s->d1->w_msg_hdr.type;
1191 frag->msg_header.frag_off = 0;
1192 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1193 frag->msg_header.is_ccs = is_ccs;
1194
1195 /* save current state*/
1196 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1197 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1198 frag->msg_header.saved_retransmit_state.compress = s->compress;
1199 frag->msg_header.saved_retransmit_state.session = s->session;
1200 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1201
1202 memset(seq64be,0,sizeof(seq64be));
1203 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1204 frag->msg_header.is_ccs)>>8);
1205 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1206 frag->msg_header.is_ccs));
1207
1208 item = pitem_new(seq64be, frag);
1209 if ( item == NULL)
1210 {
1211 dtls1_hm_fragment_free(frag);
1212 return 0;
1213 }
1214
1215#if 0
1216 fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
1217 fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
1218 fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
1219#endif
1220
1221 pqueue_insert(s->d1->sent_messages, item);
1222 return 1;
1223 }
1224
1225int
1226dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1227 int *found)
1228 {
1229 int ret;
1230 /* XDTLS: for now assuming that read/writes are blocking */
1231 pitem *item;
1232 hm_fragment *frag ;
1233 unsigned long header_length;
1234 unsigned char seq64be[8];
1235 struct dtls1_retransmit_state saved_state;
1236 unsigned char save_write_sequence[8];
1237
1238 /*
1239 OPENSSL_assert(s->init_num == 0);
1240 OPENSSL_assert(s->init_off == 0);
1241 */
1242
1243 /* XDTLS: the requested message ought to be found, otherwise error */
1244 memset(seq64be,0,sizeof(seq64be));
1245 seq64be[6] = (unsigned char)(seq>>8);
1246 seq64be[7] = (unsigned char)seq;
1247
1248 item = pqueue_find(s->d1->sent_messages, seq64be);
1249 if ( item == NULL)
1250 {
1251 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1252 *found = 0;
1253 return 0;
1254 }
1255
1256 *found = 1;
1257 frag = (hm_fragment *)item->data;
1258
1259 if ( frag->msg_header.is_ccs)
1260 header_length = DTLS1_CCS_HEADER_LENGTH;
1261 else
1262 header_length = DTLS1_HM_HEADER_LENGTH;
1263
1264 memcpy(s->init_buf->data, frag->fragment,
1265 frag->msg_header.msg_len + header_length);
1266 s->init_num = frag->msg_header.msg_len + header_length;
1267
1268 dtls1_set_message_header_int(s, frag->msg_header.type,
1269 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1270 frag->msg_header.frag_len);
1271
1272 /* save current state */
1273 saved_state.enc_write_ctx = s->enc_write_ctx;
1274 saved_state.write_hash = s->write_hash;
1275 saved_state.compress = s->compress;
1276 saved_state.session = s->session;
1277 saved_state.epoch = s->d1->w_epoch;
1278 saved_state.epoch = s->d1->w_epoch;
1279
1280 s->d1->retransmitting = 1;
1281
1282 /* restore state in which the message was originally sent */
1283 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1284 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1285 s->compress = frag->msg_header.saved_retransmit_state.compress;
1286 s->session = frag->msg_header.saved_retransmit_state.session;
1287 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1288
1289 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1290 {
1291 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1292 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1293 }
1294
1295 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1296 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1297
1298 /* restore current state */
1299 s->enc_write_ctx = saved_state.enc_write_ctx;
1300 s->write_hash = saved_state.write_hash;
1301 s->compress = saved_state.compress;
1302 s->session = saved_state.session;
1303 s->d1->w_epoch = saved_state.epoch;
1304
1305 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1306 {
1307 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1308 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1309 }
1310
1311 s->d1->retransmitting = 0;
1312
1313 (void)BIO_flush(SSL_get_wbio(s));
1314 return ret;
1315 }
1316
1317/* call this function when the buffered messages are no longer needed */
1318void
1319dtls1_clear_record_buffer(SSL *s)
1320 {
1321 pitem *item;
1322
1323 for(item = pqueue_pop(s->d1->sent_messages);
1324 item != NULL; item = pqueue_pop(s->d1->sent_messages))
1325 {
1326 dtls1_hm_fragment_free((hm_fragment *)item->data);
1327 pitem_free(item);
1328 }
1329 }
1330
1331
1332unsigned char *
1333dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1334 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1335 {
1336 /* Don't change sequence numbers while listening */
1337 if (frag_off == 0 && !s->d1->listen)
1338 {
1339 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1340 s->d1->next_handshake_write_seq++;
1341 }
1342
1343 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1344 frag_off, frag_len);
1345
1346 return p += DTLS1_HM_HEADER_LENGTH;
1347 }
1348
1349
1350/* don't actually do the writing, wait till the MTU has been retrieved */
1351static void
1352dtls1_set_message_header_int(SSL *s, unsigned char mt,
1353 unsigned long len, unsigned short seq_num, unsigned long frag_off,
1354 unsigned long frag_len)
1355 {
1356 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1357
1358 msg_hdr->type = mt;
1359 msg_hdr->msg_len = len;
1360 msg_hdr->seq = seq_num;
1361 msg_hdr->frag_off = frag_off;
1362 msg_hdr->frag_len = frag_len;
1363 }
1364
1365static void
1366dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1367 unsigned long frag_len)
1368 {
1369 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1370
1371 msg_hdr->frag_off = frag_off;
1372 msg_hdr->frag_len = frag_len;
1373 }
1374
1375static unsigned char *
1376dtls1_write_message_header(SSL *s, unsigned char *p)
1377 {
1378 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1379
1380 *p++ = msg_hdr->type;
1381 l2n3(msg_hdr->msg_len, p);
1382
1383 s2n(msg_hdr->seq, p);
1384 l2n3(msg_hdr->frag_off, p);
1385 l2n3(msg_hdr->frag_len, p);
1386
1387 return p;
1388 }
1389
1390unsigned int
1391dtls1_min_mtu(void)
1392 {
1393 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1394 sizeof(g_probable_mtu[0])) - 1]);
1395 }
1396
1397static unsigned int
1398dtls1_guess_mtu(unsigned int curr_mtu)
1399 {
1400 unsigned int i;
1401
1402 if ( curr_mtu == 0 )
1403 return g_probable_mtu[0] ;
1404
1405 for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
1406 if ( curr_mtu > g_probable_mtu[i])
1407 return g_probable_mtu[i];
1408
1409 return curr_mtu;
1410 }
1411
1412void
1413dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1414 {
1415 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1416 msg_hdr->type = *(data++);
1417 n2l3(data, msg_hdr->msg_len);
1418
1419 n2s(data, msg_hdr->seq);
1420 n2l3(data, msg_hdr->frag_off);
1421 n2l3(data, msg_hdr->frag_len);
1422 }
1423
1424void
1425dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1426 {
1427 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1428
1429 ccs_hdr->type = *(data++);
1430 }
1431
1432int dtls1_shutdown(SSL *s)
1433 {
1434 int ret;
1435#ifndef OPENSSL_NO_SCTP
1436 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1437 !(s->shutdown & SSL_SENT_SHUTDOWN))
1438 {
1439 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
1440 if (ret < 0) return -1;
1441
1442 if (ret == 0)
1443 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
1444 }
1445#endif
1446 ret = ssl3_shutdown(s);
1447#ifndef OPENSSL_NO_SCTP
1448 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
1449#endif
1450 return ret;
1451 }
1452
1453#ifndef OPENSSL_NO_HEARTBEATS
1454int
1455dtls1_process_heartbeat(SSL *s)
1456 {
1457 unsigned char *p = &s->s3->rrec.data[0], *pl;
1458 unsigned short hbtype;
1459 unsigned int payload;
1460 unsigned int padding = 16; /* Use minimum padding */
1461
1462 /* Read type and payload length first */
1463 hbtype = *p++;
1464 n2s(p, payload);
1465 pl = p;
1466
1467 if (s->msg_callback)
1468 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
1469 &s->s3->rrec.data[0], s->s3->rrec.length,
1470 s, s->msg_callback_arg);
1471
1472 if (hbtype == TLS1_HB_REQUEST)
1473 {
1474 unsigned char *buffer, *bp;
1475 int r;
1476
1477 /* Allocate memory for the response, size is 1 byte
1478 * message type, plus 2 bytes payload length, plus
1479 * payload, plus padding
1480 */
1481 buffer = OPENSSL_malloc(1 + 2 + payload + padding);
1482 bp = buffer;
1483
1484 /* Enter response type, length and copy payload */
1485 *bp++ = TLS1_HB_RESPONSE;
1486 s2n(payload, bp);
1487 memcpy(bp, pl, payload);
1488 bp += payload;
1489 /* Random padding */
1490 RAND_pseudo_bytes(bp, padding);
1491
1492 r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
1493
1494 if (r >= 0 && s->msg_callback)
1495 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1496 buffer, 3 + payload + padding,
1497 s, s->msg_callback_arg);
1498
1499 OPENSSL_free(buffer);
1500
1501 if (r < 0)
1502 return r;
1503 }
1504 else if (hbtype == TLS1_HB_RESPONSE)
1505 {
1506 unsigned int seq;
1507
1508 /* We only send sequence numbers (2 bytes unsigned int),
1509 * and 16 random bytes, so we just try to read the
1510 * sequence number */
1511 n2s(pl, seq);
1512
1513 if (payload == 18 && seq == s->tlsext_hb_seq)
1514 {
1515 dtls1_stop_timer(s);
1516 s->tlsext_hb_seq++;
1517 s->tlsext_hb_pending = 0;
1518 }
1519 }
1520
1521 return 0;
1522 }
1523
1524int
1525dtls1_heartbeat(SSL *s)
1526 {
1527 unsigned char *buf, *p;
1528 int ret;
1529 unsigned int payload = 18; /* Sequence number + random bytes */
1530 unsigned int padding = 16; /* Use minimum padding */
1531
1532 /* Only send if peer supports and accepts HB requests... */
1533 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
1534 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS)
1535 {
1536 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
1537 return -1;
1538 }
1539
1540 /* ...and there is none in flight yet... */
1541 if (s->tlsext_hb_pending)
1542 {
1543 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
1544 return -1;
1545 }
1546
1547 /* ...and no handshake in progress. */
1548 if (SSL_in_init(s) || s->in_handshake)
1549 {
1550 SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
1551 return -1;
1552 }
1553
1554 /* Check if padding is too long, payload and padding
1555 * must not exceed 2^14 - 3 = 16381 bytes in total.
1556 */
1557 OPENSSL_assert(payload + padding <= 16381);
1558
1559 /* Create HeartBeat message, we just use a sequence number
1560 * as payload to distuingish different messages and add
1561 * some random stuff.
1562 * - Message Type, 1 byte
1563 * - Payload Length, 2 bytes (unsigned int)
1564 * - Payload, the sequence number (2 bytes uint)
1565 * - Payload, random bytes (16 bytes uint)
1566 * - Padding
1567 */
1568 buf = OPENSSL_malloc(1 + 2 + payload + padding);
1569 p = buf;
1570 /* Message Type */
1571 *p++ = TLS1_HB_REQUEST;
1572 /* Payload length (18 bytes here) */
1573 s2n(payload, p);
1574 /* Sequence number */
1575 s2n(s->tlsext_hb_seq, p);
1576 /* 16 random bytes */
1577 RAND_pseudo_bytes(p, 16);
1578 p += 16;
1579 /* Random padding */
1580 RAND_pseudo_bytes(p, padding);
1581
1582 ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
1583 if (ret >= 0)
1584 {
1585 if (s->msg_callback)
1586 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
1587 buf, 3 + payload + padding,
1588 s, s->msg_callback_arg);
1589
1590 dtls1_start_timer(s);
1591 s->tlsext_hb_pending = 1;
1592 }
1593
1594 OPENSSL_free(buf);
1595
1596 return ret;
1597 }
1598#endif
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
deleted file mode 100644
index a6ed09c51d..0000000000
--- a/src/lib/libssl/d1_clnt.c
+++ /dev/null
@@ -1,1710 +0,0 @@
1/* ssl/d1_clnt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_KRB5
119#include "kssl_lcl.h"
120#endif
121#include <openssl/buffer.h>
122#include <openssl/rand.h>
123#include <openssl/objects.h>
124#include <openssl/evp.h>
125#include <openssl/md5.h>
126#include <openssl/bn.h>
127#ifndef OPENSSL_NO_DH
128#include <openssl/dh.h>
129#endif
130
131static const SSL_METHOD *dtls1_get_client_method(int ver);
132static int dtls1_get_hello_verify(SSL *s);
133
134static const SSL_METHOD *dtls1_get_client_method(int ver)
135 {
136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
137 return(DTLSv1_client_method());
138 else
139 return(NULL);
140 }
141
142IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
143 ssl_undefined_function,
144 dtls1_connect,
145 dtls1_get_client_method)
146
147int dtls1_connect(SSL *s)
148 {
149 BUF_MEM *buf=NULL;
150 unsigned long Time=(unsigned long)time(NULL);
151 void (*cb)(const SSL *ssl,int type,int val)=NULL;
152 int ret= -1;
153 int new_state,state,skip=0;
154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif
158
159 RAND_add(&Time,sizeof(Time),0);
160 ERR_clear_error();
161 clear_sys_error();
162
163 if (s->info_callback != NULL)
164 cb=s->info_callback;
165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback;
167
168 s->in_handshake++;
169 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
170
171#ifndef OPENSSL_NO_SCTP
172 /* Notify SCTP BIO socket to enter handshake
173 * mode and prevent stream identifier other
174 * than 0. Will be ignored if no SCTP is used.
175 */
176 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
177#endif
178
179#ifndef OPENSSL_NO_HEARTBEATS
180 /* If we're awaiting a HeartbeatResponse, pretend we
181 * already got and don't await it anymore, because
182 * Heartbeats don't make sense during handshakes anyway.
183 */
184 if (s->tlsext_hb_pending)
185 {
186 dtls1_stop_timer(s);
187 s->tlsext_hb_pending = 0;
188 s->tlsext_hb_seq++;
189 }
190#endif
191
192 for (;;)
193 {
194 state=s->state;
195
196 switch(s->state)
197 {
198 case SSL_ST_RENEGOTIATE:
199 s->renegotiate=1;
200 s->state=SSL_ST_CONNECT;
201 s->ctx->stats.sess_connect_renegotiate++;
202 /* break */
203 case SSL_ST_BEFORE:
204 case SSL_ST_CONNECT:
205 case SSL_ST_BEFORE|SSL_ST_CONNECT:
206 case SSL_ST_OK|SSL_ST_CONNECT:
207
208 s->server=0;
209 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
210
211 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
212 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
213 {
214 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
215 ret = -1;
216 goto end;
217 }
218
219 /* s->version=SSL3_VERSION; */
220 s->type=SSL_ST_CONNECT;
221
222 if (s->init_buf == NULL)
223 {
224 if ((buf=BUF_MEM_new()) == NULL)
225 {
226 ret= -1;
227 goto end;
228 }
229 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
230 {
231 ret= -1;
232 goto end;
233 }
234 s->init_buf=buf;
235 buf=NULL;
236 }
237
238 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
239
240 /* setup buffing BIO */
241 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
242
243 /* don't push the buffering BIO quite yet */
244
245 s->state=SSL3_ST_CW_CLNT_HELLO_A;
246 s->ctx->stats.sess_connect++;
247 s->init_num=0;
248 /* mark client_random uninitialized */
249 memset(s->s3->client_random,0,sizeof(s->s3->client_random));
250 s->d1->send_cookie = 0;
251 s->hit = 0;
252 break;
253
254#ifndef OPENSSL_NO_SCTP
255 case DTLS1_SCTP_ST_CR_READ_SOCK:
256
257 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
258 {
259 s->s3->in_read_app_data=2;
260 s->rwstate=SSL_READING;
261 BIO_clear_retry_flags(SSL_get_rbio(s));
262 BIO_set_retry_read(SSL_get_rbio(s));
263 ret = -1;
264 goto end;
265 }
266
267 s->state=s->s3->tmp.next_state;
268 break;
269
270 case DTLS1_SCTP_ST_CW_WRITE_SOCK:
271 /* read app data until dry event */
272
273 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
274 if (ret < 0) goto end;
275
276 if (ret == 0)
277 {
278 s->s3->in_read_app_data=2;
279 s->rwstate=SSL_READING;
280 BIO_clear_retry_flags(SSL_get_rbio(s));
281 BIO_set_retry_read(SSL_get_rbio(s));
282 ret = -1;
283 goto end;
284 }
285
286 s->state=s->d1->next_state;
287 break;
288#endif
289
290 case SSL3_ST_CW_CLNT_HELLO_A:
291 case SSL3_ST_CW_CLNT_HELLO_B:
292
293 s->shutdown=0;
294
295 /* every DTLS ClientHello resets Finished MAC */
296 ssl3_init_finished_mac(s);
297
298 dtls1_start_timer(s);
299 ret=dtls1_client_hello(s);
300 if (ret <= 0) goto end;
301
302 if ( s->d1->send_cookie)
303 {
304 s->state=SSL3_ST_CW_FLUSH;
305 s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
306 }
307 else
308 s->state=SSL3_ST_CR_SRVR_HELLO_A;
309
310 s->init_num=0;
311
312#ifndef OPENSSL_NO_SCTP
313 /* Disable buffering for SCTP */
314 if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
315 {
316#endif
317 /* turn on buffering for the next lot of output */
318 if (s->bbio != s->wbio)
319 s->wbio=BIO_push(s->bbio,s->wbio);
320#ifndef OPENSSL_NO_SCTP
321 }
322#endif
323
324 break;
325
326 case SSL3_ST_CR_SRVR_HELLO_A:
327 case SSL3_ST_CR_SRVR_HELLO_B:
328 ret=ssl3_get_server_hello(s);
329 if (ret <= 0) goto end;
330 else
331 {
332 if (s->hit)
333 {
334#ifndef OPENSSL_NO_SCTP
335 /* Add new shared key for SCTP-Auth,
336 * will be ignored if no SCTP used.
337 */
338 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
339 DTLS1_SCTP_AUTH_LABEL);
340
341 SSL_export_keying_material(s, sctpauthkey,
342 sizeof(sctpauthkey), labelbuffer,
343 sizeof(labelbuffer), NULL, 0, 0);
344
345 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
346 sizeof(sctpauthkey), sctpauthkey);
347#endif
348
349 s->state=SSL3_ST_CR_FINISHED_A;
350 }
351 else
352 s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
353 }
354 s->init_num=0;
355 break;
356
357 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
358 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
359
360 ret = dtls1_get_hello_verify(s);
361 if ( ret <= 0)
362 goto end;
363 dtls1_stop_timer(s);
364 if ( s->d1->send_cookie) /* start again, with a cookie */
365 s->state=SSL3_ST_CW_CLNT_HELLO_A;
366 else
367 s->state = SSL3_ST_CR_CERT_A;
368 s->init_num = 0;
369 break;
370
371 case SSL3_ST_CR_CERT_A:
372 case SSL3_ST_CR_CERT_B:
373#ifndef OPENSSL_NO_TLSEXT
374 ret=ssl3_check_finished(s);
375 if (ret <= 0) goto end;
376 if (ret == 2)
377 {
378 s->hit = 1;
379 if (s->tlsext_ticket_expected)
380 s->state=SSL3_ST_CR_SESSION_TICKET_A;
381 else
382 s->state=SSL3_ST_CR_FINISHED_A;
383 s->init_num=0;
384 break;
385 }
386#endif
387 /* Check if it is anon DH or PSK */
388 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
389 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
390 {
391 ret=ssl3_get_server_certificate(s);
392 if (ret <= 0) goto end;
393#ifndef OPENSSL_NO_TLSEXT
394 if (s->tlsext_status_expected)
395 s->state=SSL3_ST_CR_CERT_STATUS_A;
396 else
397 s->state=SSL3_ST_CR_KEY_EXCH_A;
398 }
399 else
400 {
401 skip = 1;
402 s->state=SSL3_ST_CR_KEY_EXCH_A;
403 }
404#else
405 }
406 else
407 skip=1;
408
409 s->state=SSL3_ST_CR_KEY_EXCH_A;
410#endif
411 s->init_num=0;
412 break;
413
414 case SSL3_ST_CR_KEY_EXCH_A:
415 case SSL3_ST_CR_KEY_EXCH_B:
416 ret=ssl3_get_key_exchange(s);
417 if (ret <= 0) goto end;
418 s->state=SSL3_ST_CR_CERT_REQ_A;
419 s->init_num=0;
420
421 /* at this point we check that we have the
422 * required stuff from the server */
423 if (!ssl3_check_cert_and_algorithm(s))
424 {
425 ret= -1;
426 goto end;
427 }
428 break;
429
430 case SSL3_ST_CR_CERT_REQ_A:
431 case SSL3_ST_CR_CERT_REQ_B:
432 ret=ssl3_get_certificate_request(s);
433 if (ret <= 0) goto end;
434 s->state=SSL3_ST_CR_SRVR_DONE_A;
435 s->init_num=0;
436 break;
437
438 case SSL3_ST_CR_SRVR_DONE_A:
439 case SSL3_ST_CR_SRVR_DONE_B:
440 ret=ssl3_get_server_done(s);
441 if (ret <= 0) goto end;
442 dtls1_stop_timer(s);
443 if (s->s3->tmp.cert_req)
444 s->s3->tmp.next_state=SSL3_ST_CW_CERT_A;
445 else
446 s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A;
447 s->init_num=0;
448
449#ifndef OPENSSL_NO_SCTP
450 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
451 state == SSL_ST_RENEGOTIATE)
452 s->state=DTLS1_SCTP_ST_CR_READ_SOCK;
453 else
454#endif
455 s->state=s->s3->tmp.next_state;
456 break;
457
458 case SSL3_ST_CW_CERT_A:
459 case SSL3_ST_CW_CERT_B:
460 case SSL3_ST_CW_CERT_C:
461 case SSL3_ST_CW_CERT_D:
462 dtls1_start_timer(s);
463 ret=dtls1_send_client_certificate(s);
464 if (ret <= 0) goto end;
465 s->state=SSL3_ST_CW_KEY_EXCH_A;
466 s->init_num=0;
467 break;
468
469 case SSL3_ST_CW_KEY_EXCH_A:
470 case SSL3_ST_CW_KEY_EXCH_B:
471 dtls1_start_timer(s);
472 ret=dtls1_send_client_key_exchange(s);
473 if (ret <= 0) goto end;
474
475#ifndef OPENSSL_NO_SCTP
476 /* Add new shared key for SCTP-Auth,
477 * will be ignored if no SCTP used.
478 */
479 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
480 DTLS1_SCTP_AUTH_LABEL);
481
482 SSL_export_keying_material(s, sctpauthkey,
483 sizeof(sctpauthkey), labelbuffer,
484 sizeof(labelbuffer), NULL, 0, 0);
485
486 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
487 sizeof(sctpauthkey), sctpauthkey);
488#endif
489
490 /* EAY EAY EAY need to check for DH fix cert
491 * sent back */
492 /* For TLS, cert_req is set to 2, so a cert chain
493 * of nothing is sent, but no verify packet is sent */
494 if (s->s3->tmp.cert_req == 1)
495 {
496 s->state=SSL3_ST_CW_CERT_VRFY_A;
497 }
498 else
499 {
500#ifndef OPENSSL_NO_SCTP
501 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
502 {
503 s->d1->next_state=SSL3_ST_CW_CHANGE_A;
504 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
505 }
506 else
507#endif
508 s->state=SSL3_ST_CW_CHANGE_A;
509 s->s3->change_cipher_spec=0;
510 }
511
512 s->init_num=0;
513 break;
514
515 case SSL3_ST_CW_CERT_VRFY_A:
516 case SSL3_ST_CW_CERT_VRFY_B:
517 dtls1_start_timer(s);
518 ret=dtls1_send_client_verify(s);
519 if (ret <= 0) goto end;
520#ifndef OPENSSL_NO_SCTP
521 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
522 {
523 s->d1->next_state=SSL3_ST_CW_CHANGE_A;
524 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
525 }
526 else
527#endif
528 s->state=SSL3_ST_CW_CHANGE_A;
529 s->init_num=0;
530 s->s3->change_cipher_spec=0;
531 break;
532
533 case SSL3_ST_CW_CHANGE_A:
534 case SSL3_ST_CW_CHANGE_B:
535 if (!s->hit)
536 dtls1_start_timer(s);
537 ret=dtls1_send_change_cipher_spec(s,
538 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
539 if (ret <= 0) goto end;
540
541#ifndef OPENSSL_NO_SCTP
542 /* Change to new shared key of SCTP-Auth,
543 * will be ignored if no SCTP used.
544 */
545 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
546#endif
547
548 s->state=SSL3_ST_CW_FINISHED_A;
549 s->init_num=0;
550
551 s->session->cipher=s->s3->tmp.new_cipher;
552#ifdef OPENSSL_NO_COMP
553 s->session->compress_meth=0;
554#else
555 if (s->s3->tmp.new_compression == NULL)
556 s->session->compress_meth=0;
557 else
558 s->session->compress_meth=
559 s->s3->tmp.new_compression->id;
560#endif
561 if (!s->method->ssl3_enc->setup_key_block(s))
562 {
563 ret= -1;
564 goto end;
565 }
566
567 if (!s->method->ssl3_enc->change_cipher_state(s,
568 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
569 {
570 ret= -1;
571 goto end;
572 }
573
574 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
575 break;
576
577 case SSL3_ST_CW_FINISHED_A:
578 case SSL3_ST_CW_FINISHED_B:
579 if (!s->hit)
580 dtls1_start_timer(s);
581 ret=dtls1_send_finished(s,
582 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
583 s->method->ssl3_enc->client_finished_label,
584 s->method->ssl3_enc->client_finished_label_len);
585 if (ret <= 0) goto end;
586 s->state=SSL3_ST_CW_FLUSH;
587
588 /* clear flags */
589 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
590 if (s->hit)
591 {
592 s->s3->tmp.next_state=SSL_ST_OK;
593#ifndef OPENSSL_NO_SCTP
594 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
595 {
596 s->d1->next_state = s->s3->tmp.next_state;
597 s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
598 }
599#endif
600 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
601 {
602 s->state=SSL_ST_OK;
603#ifndef OPENSSL_NO_SCTP
604 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
605 {
606 s->d1->next_state = SSL_ST_OK;
607 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
608 }
609#endif
610 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
611 s->s3->delay_buf_pop_ret=0;
612 }
613 }
614 else
615 {
616#ifndef OPENSSL_NO_TLSEXT
617 /* Allow NewSessionTicket if ticket expected */
618 if (s->tlsext_ticket_expected)
619 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
620 else
621#endif
622
623 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
624 }
625 s->init_num=0;
626 break;
627
628#ifndef OPENSSL_NO_TLSEXT
629 case SSL3_ST_CR_SESSION_TICKET_A:
630 case SSL3_ST_CR_SESSION_TICKET_B:
631 ret=ssl3_get_new_session_ticket(s);
632 if (ret <= 0) goto end;
633 s->state=SSL3_ST_CR_FINISHED_A;
634 s->init_num=0;
635 break;
636
637 case SSL3_ST_CR_CERT_STATUS_A:
638 case SSL3_ST_CR_CERT_STATUS_B:
639 ret=ssl3_get_cert_status(s);
640 if (ret <= 0) goto end;
641 s->state=SSL3_ST_CR_KEY_EXCH_A;
642 s->init_num=0;
643 break;
644#endif
645
646 case SSL3_ST_CR_FINISHED_A:
647 case SSL3_ST_CR_FINISHED_B:
648 s->d1->change_cipher_spec_ok = 1;
649 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
650 SSL3_ST_CR_FINISHED_B);
651 if (ret <= 0) goto end;
652 dtls1_stop_timer(s);
653
654 if (s->hit)
655 s->state=SSL3_ST_CW_CHANGE_A;
656 else
657 s->state=SSL_ST_OK;
658
659#ifndef OPENSSL_NO_SCTP
660 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
661 state == SSL_ST_RENEGOTIATE)
662 {
663 s->d1->next_state=s->state;
664 s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
665 }
666#endif
667
668 s->init_num=0;
669 break;
670
671 case SSL3_ST_CW_FLUSH:
672 s->rwstate=SSL_WRITING;
673 if (BIO_flush(s->wbio) <= 0)
674 {
675 /* If the write error was fatal, stop trying */
676 if (!BIO_should_retry(s->wbio))
677 {
678 s->rwstate=SSL_NOTHING;
679 s->state=s->s3->tmp.next_state;
680 }
681
682 ret= -1;
683 goto end;
684 }
685 s->rwstate=SSL_NOTHING;
686 s->state=s->s3->tmp.next_state;
687 break;
688
689 case SSL_ST_OK:
690 /* clean a few things up */
691 ssl3_cleanup_key_block(s);
692
693#if 0
694 if (s->init_buf != NULL)
695 {
696 BUF_MEM_free(s->init_buf);
697 s->init_buf=NULL;
698 }
699#endif
700
701 /* If we are not 'joining' the last two packets,
702 * remove the buffering now */
703 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
704 ssl_free_wbio_buffer(s);
705 /* else do it later in ssl3_write */
706
707 s->init_num=0;
708 s->renegotiate=0;
709 s->new_session=0;
710
711 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
712 if (s->hit) s->ctx->stats.sess_hit++;
713
714 ret=1;
715 /* s->server=0; */
716 s->handshake_func=dtls1_connect;
717 s->ctx->stats.sess_connect_good++;
718
719 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
720
721 /* done with handshaking */
722 s->d1->handshake_read_seq = 0;
723 s->d1->next_handshake_write_seq = 0;
724 goto end;
725 /* break; */
726
727 default:
728 SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
729 ret= -1;
730 goto end;
731 /* break; */
732 }
733
734 /* did we do anything */
735 if (!s->s3->tmp.reuse_message && !skip)
736 {
737 if (s->debug)
738 {
739 if ((ret=BIO_flush(s->wbio)) <= 0)
740 goto end;
741 }
742
743 if ((cb != NULL) && (s->state != state))
744 {
745 new_state=s->state;
746 s->state=state;
747 cb(s,SSL_CB_CONNECT_LOOP,1);
748 s->state=new_state;
749 }
750 }
751 skip=0;
752 }
753end:
754 s->in_handshake--;
755
756#ifndef OPENSSL_NO_SCTP
757 /* Notify SCTP BIO socket to leave handshake
758 * mode and allow stream identifier other
759 * than 0. Will be ignored if no SCTP is used.
760 */
761 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
762#endif
763
764 if (buf != NULL)
765 BUF_MEM_free(buf);
766 if (cb != NULL)
767 cb(s,SSL_CB_CONNECT_EXIT,ret);
768 return(ret);
769 }
770
771int dtls1_client_hello(SSL *s)
772 {
773 unsigned char *buf;
774 unsigned char *p,*d;
775 unsigned int i,j;
776 unsigned long Time,l;
777 SSL_COMP *comp;
778
779 buf=(unsigned char *)s->init_buf->data;
780 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
781 {
782 SSL_SESSION *sess = s->session;
783 if ((s->session == NULL) ||
784 (s->session->ssl_version != s->version) ||
785#ifdef OPENSSL_NO_TLSEXT
786 !sess->session_id_length ||
787#else
788 (!sess->session_id_length && !sess->tlsext_tick) ||
789#endif
790 (s->session->not_resumable))
791 {
792 if (!ssl_get_new_session(s,0))
793 goto err;
794 }
795 /* else use the pre-loaded session */
796
797 p=s->s3->client_random;
798
799 /* if client_random is initialized, reuse it, we are
800 * required to use same upon reply to HelloVerify */
801 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
802 if (i==sizeof(s->s3->client_random))
803 {
804 Time=(unsigned long)time(NULL); /* Time */
805 l2n(Time,p);
806 RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
807 }
808
809 /* Do the message type and length last */
810 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
811
812 *(p++)=s->version>>8;
813 *(p++)=s->version&0xff;
814 s->client_version=s->version;
815
816 /* Random stuff */
817 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
818 p+=SSL3_RANDOM_SIZE;
819
820 /* Session ID */
821 if (s->new_session)
822 i=0;
823 else
824 i=s->session->session_id_length;
825 *(p++)=i;
826 if (i != 0)
827 {
828 if (i > sizeof s->session->session_id)
829 {
830 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
831 goto err;
832 }
833 memcpy(p,s->session->session_id,i);
834 p+=i;
835 }
836
837 /* cookie stuff */
838 if ( s->d1->cookie_len > sizeof(s->d1->cookie))
839 {
840 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
841 goto err;
842 }
843 *(p++) = s->d1->cookie_len;
844 memcpy(p, s->d1->cookie, s->d1->cookie_len);
845 p += s->d1->cookie_len;
846
847 /* Ciphers supported */
848 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
849 if (i == 0)
850 {
851 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
852 goto err;
853 }
854 s2n(i,p);
855 p+=i;
856
857 /* COMPRESSION */
858 if (s->ctx->comp_methods == NULL)
859 j=0;
860 else
861 j=sk_SSL_COMP_num(s->ctx->comp_methods);
862 *(p++)=1+j;
863 for (i=0; i<j; i++)
864 {
865 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
866 *(p++)=comp->id;
867 }
868 *(p++)=0; /* Add the NULL method */
869
870#ifndef OPENSSL_NO_TLSEXT
871 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
872 {
873 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
874 goto err;
875 }
876#endif
877
878 l=(p-d);
879 d=buf;
880
881 d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
882
883 s->state=SSL3_ST_CW_CLNT_HELLO_B;
884 /* number of bytes to write */
885 s->init_num=p-buf;
886 s->init_off=0;
887
888 /* buffer the message to handle re-xmits */
889 dtls1_buffer_message(s, 0);
890 }
891
892 /* SSL3_ST_CW_CLNT_HELLO_B */
893 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
894err:
895 return(-1);
896 }
897
898static int dtls1_get_hello_verify(SSL *s)
899 {
900 int n, al, ok = 0;
901 unsigned char *data;
902 unsigned int cookie_len;
903
904 n=s->method->ssl_get_message(s,
905 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
906 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
907 -1,
908 s->max_cert_list,
909 &ok);
910
911 if (!ok) return((int)n);
912
913 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
914 {
915 s->d1->send_cookie = 0;
916 s->s3->tmp.reuse_message=1;
917 return(1);
918 }
919
920 data = (unsigned char *)s->init_msg;
921
922 if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
923 {
924 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
925 s->version=(s->version&0xff00)|data[1];
926 al = SSL_AD_PROTOCOL_VERSION;
927 goto f_err;
928 }
929 data+=2;
930
931 cookie_len = *(data++);
932 if ( cookie_len > sizeof(s->d1->cookie))
933 {
934 al=SSL_AD_ILLEGAL_PARAMETER;
935 goto f_err;
936 }
937
938 memcpy(s->d1->cookie, data, cookie_len);
939 s->d1->cookie_len = cookie_len;
940
941 s->d1->send_cookie = 1;
942 return 1;
943
944f_err:
945 ssl3_send_alert(s, SSL3_AL_FATAL, al);
946 return -1;
947 }
948
949int dtls1_send_client_key_exchange(SSL *s)
950 {
951 unsigned char *p,*d;
952 int n;
953 unsigned long alg_k;
954#ifndef OPENSSL_NO_RSA
955 unsigned char *q;
956 EVP_PKEY *pkey=NULL;
957#endif
958#ifndef OPENSSL_NO_KRB5
959 KSSL_ERR kssl_err;
960#endif /* OPENSSL_NO_KRB5 */
961#ifndef OPENSSL_NO_ECDH
962 EC_KEY *clnt_ecdh = NULL;
963 const EC_POINT *srvr_ecpoint = NULL;
964 EVP_PKEY *srvr_pub_pkey = NULL;
965 unsigned char *encodedPoint = NULL;
966 int encoded_pt_len = 0;
967 BN_CTX * bn_ctx = NULL;
968#endif
969
970 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
971 {
972 d=(unsigned char *)s->init_buf->data;
973 p= &(d[DTLS1_HM_HEADER_LENGTH]);
974
975 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
976
977 /* Fool emacs indentation */
978 if (0) {}
979#ifndef OPENSSL_NO_RSA
980 else if (alg_k & SSL_kRSA)
981 {
982 RSA *rsa;
983 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
984
985 if (s->session->sess_cert->peer_rsa_tmp != NULL)
986 rsa=s->session->sess_cert->peer_rsa_tmp;
987 else
988 {
989 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
990 if ((pkey == NULL) ||
991 (pkey->type != EVP_PKEY_RSA) ||
992 (pkey->pkey.rsa == NULL))
993 {
994 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
995 goto err;
996 }
997 rsa=pkey->pkey.rsa;
998 EVP_PKEY_free(pkey);
999 }
1000
1001 tmp_buf[0]=s->client_version>>8;
1002 tmp_buf[1]=s->client_version&0xff;
1003 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
1004 goto err;
1005
1006 s->session->master_key_length=sizeof tmp_buf;
1007
1008 q=p;
1009 /* Fix buf for TLS and [incidentally] DTLS */
1010 if (s->version > SSL3_VERSION)
1011 p+=2;
1012 n=RSA_public_encrypt(sizeof tmp_buf,
1013 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
1014#ifdef PKCS1_CHECK
1015 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
1016 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
1017#endif
1018 if (n <= 0)
1019 {
1020 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
1021 goto err;
1022 }
1023
1024 /* Fix buf for TLS and [incidentally] DTLS */
1025 if (s->version > SSL3_VERSION)
1026 {
1027 s2n(n,q);
1028 n+=2;
1029 }
1030
1031 s->session->master_key_length=
1032 s->method->ssl3_enc->generate_master_secret(s,
1033 s->session->master_key,
1034 tmp_buf,sizeof tmp_buf);
1035 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
1036 }
1037#endif
1038#ifndef OPENSSL_NO_KRB5
1039 else if (alg_k & SSL_kKRB5)
1040 {
1041 krb5_error_code krb5rc;
1042 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1043 /* krb5_data krb5_ap_req; */
1044 krb5_data *enc_ticket;
1045 krb5_data authenticator, *authp = NULL;
1046 EVP_CIPHER_CTX ciph_ctx;
1047 const EVP_CIPHER *enc = NULL;
1048 unsigned char iv[EVP_MAX_IV_LENGTH];
1049 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1050 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
1051 + EVP_MAX_IV_LENGTH];
1052 int padl, outl = sizeof(epms);
1053
1054 EVP_CIPHER_CTX_init(&ciph_ctx);
1055
1056#ifdef KSSL_DEBUG
1057 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1058 alg_k, SSL_kKRB5);
1059#endif /* KSSL_DEBUG */
1060
1061 authp = NULL;
1062#ifdef KRB5SENDAUTH
1063 if (KRB5SENDAUTH) authp = &authenticator;
1064#endif /* KRB5SENDAUTH */
1065
1066 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
1067 &kssl_err);
1068 enc = kssl_map_enc(kssl_ctx->enctype);
1069 if (enc == NULL)
1070 goto err;
1071#ifdef KSSL_DEBUG
1072 {
1073 printf("kssl_cget_tkt rtn %d\n", krb5rc);
1074 if (krb5rc && kssl_err.text)
1075 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
1076 }
1077#endif /* KSSL_DEBUG */
1078
1079 if (krb5rc)
1080 {
1081 ssl3_send_alert(s,SSL3_AL_FATAL,
1082 SSL_AD_HANDSHAKE_FAILURE);
1083 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1084 kssl_err.reason);
1085 goto err;
1086 }
1087
1088 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
1089 ** in place of RFC 2712 KerberosWrapper, as in:
1090 **
1091 ** Send ticket (copy to *p, set n = length)
1092 ** n = krb5_ap_req.length;
1093 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
1094 ** if (krb5_ap_req.data)
1095 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
1096 **
1097 ** Now using real RFC 2712 KerberosWrapper
1098 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
1099 ** Note: 2712 "opaque" types are here replaced
1100 ** with a 2-byte length followed by the value.
1101 ** Example:
1102 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
1103 ** Where "xx xx" = length bytes. Shown here with
1104 ** optional authenticator omitted.
1105 */
1106
1107 /* KerberosWrapper.Ticket */
1108 s2n(enc_ticket->length,p);
1109 memcpy(p, enc_ticket->data, enc_ticket->length);
1110 p+= enc_ticket->length;
1111 n = enc_ticket->length + 2;
1112
1113 /* KerberosWrapper.Authenticator */
1114 if (authp && authp->length)
1115 {
1116 s2n(authp->length,p);
1117 memcpy(p, authp->data, authp->length);
1118 p+= authp->length;
1119 n+= authp->length + 2;
1120
1121 free(authp->data);
1122 authp->data = NULL;
1123 authp->length = 0;
1124 }
1125 else
1126 {
1127 s2n(0,p);/* null authenticator length */
1128 n+=2;
1129 }
1130
1131 if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
1132 goto err;
1133
1134 /* 20010420 VRS. Tried it this way; failed.
1135 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
1136 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
1137 ** kssl_ctx->length);
1138 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
1139 */
1140
1141 memset(iv, 0, sizeof iv); /* per RFC 1510 */
1142 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
1143 kssl_ctx->key,iv);
1144 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
1145 sizeof tmp_buf);
1146 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
1147 outl += padl;
1148 if (outl > (int)sizeof epms)
1149 {
1150 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1151 goto err;
1152 }
1153 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
1154
1155 /* KerberosWrapper.EncryptedPreMasterSecret */
1156 s2n(outl,p);
1157 memcpy(p, epms, outl);
1158 p+=outl;
1159 n+=outl + 2;
1160
1161 s->session->master_key_length=
1162 s->method->ssl3_enc->generate_master_secret(s,
1163 s->session->master_key,
1164 tmp_buf, sizeof tmp_buf);
1165
1166 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1167 OPENSSL_cleanse(epms, outl);
1168 }
1169#endif
1170#ifndef OPENSSL_NO_DH
1171 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1172 {
1173 DH *dh_srvr,*dh_clnt;
1174
1175 if (s->session->sess_cert->peer_dh_tmp != NULL)
1176 dh_srvr=s->session->sess_cert->peer_dh_tmp;
1177 else
1178 {
1179 /* we get them from the cert */
1180 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1181 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1182 goto err;
1183 }
1184
1185 /* generate a new random key */
1186 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
1187 {
1188 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1189 goto err;
1190 }
1191 if (!DH_generate_key(dh_clnt))
1192 {
1193 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1194 goto err;
1195 }
1196
1197 /* use the 'p' output buffer for the DH key, but
1198 * make sure to clear it out afterwards */
1199
1200 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
1201
1202 if (n <= 0)
1203 {
1204 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
1205 goto err;
1206 }
1207
1208 /* generate master key from the result */
1209 s->session->master_key_length=
1210 s->method->ssl3_enc->generate_master_secret(s,
1211 s->session->master_key,p,n);
1212 /* clean up */
1213 memset(p,0,n);
1214
1215 /* send off the data */
1216 n=BN_num_bytes(dh_clnt->pub_key);
1217 s2n(n,p);
1218 BN_bn2bin(dh_clnt->pub_key,p);
1219 n+=2;
1220
1221 DH_free(dh_clnt);
1222
1223 /* perhaps clean things up a bit EAY EAY EAY EAY*/
1224 }
1225#endif
1226#ifndef OPENSSL_NO_ECDH
1227 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
1228 {
1229 const EC_GROUP *srvr_group = NULL;
1230 EC_KEY *tkey;
1231 int ecdh_clnt_cert = 0;
1232 int field_size = 0;
1233
1234 /* Did we send out the client's
1235 * ECDH share for use in premaster
1236 * computation as part of client certificate?
1237 * If so, set ecdh_clnt_cert to 1.
1238 */
1239 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
1240 {
1241 /* XXX: For now, we do not support client
1242 * authentication using ECDH certificates.
1243 * To add such support, one needs to add
1244 * code that checks for appropriate
1245 * conditions and sets ecdh_clnt_cert to 1.
1246 * For example, the cert have an ECC
1247 * key on the same curve as the server's
1248 * and the key should be authorized for
1249 * key agreement.
1250 *
1251 * One also needs to add code in ssl3_connect
1252 * to skip sending the certificate verify
1253 * message.
1254 *
1255 * if ((s->cert->key->privatekey != NULL) &&
1256 * (s->cert->key->privatekey->type ==
1257 * EVP_PKEY_EC) && ...)
1258 * ecdh_clnt_cert = 1;
1259 */
1260 }
1261
1262 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
1263 {
1264 tkey = s->session->sess_cert->peer_ecdh_tmp;
1265 }
1266 else
1267 {
1268 /* Get the Server Public Key from Cert */
1269 srvr_pub_pkey = X509_get_pubkey(s->session-> \
1270 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1271 if ((srvr_pub_pkey == NULL) ||
1272 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1273 (srvr_pub_pkey->pkey.ec == NULL))
1274 {
1275 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1276 ERR_R_INTERNAL_ERROR);
1277 goto err;
1278 }
1279
1280 tkey = srvr_pub_pkey->pkey.ec;
1281 }
1282
1283 srvr_group = EC_KEY_get0_group(tkey);
1284 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
1285
1286 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
1287 {
1288 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1289 ERR_R_INTERNAL_ERROR);
1290 goto err;
1291 }
1292
1293 if ((clnt_ecdh=EC_KEY_new()) == NULL)
1294 {
1295 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1296 goto err;
1297 }
1298
1299 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
1300 {
1301 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1302 goto err;
1303 }
1304 if (ecdh_clnt_cert)
1305 {
1306 /* Reuse key info from our certificate
1307 * We only need our private key to perform
1308 * the ECDH computation.
1309 */
1310 const BIGNUM *priv_key;
1311 tkey = s->cert->key->privatekey->pkey.ec;
1312 priv_key = EC_KEY_get0_private_key(tkey);
1313 if (priv_key == NULL)
1314 {
1315 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1316 goto err;
1317 }
1318 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
1319 {
1320 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1321 goto err;
1322 }
1323 }
1324 else
1325 {
1326 /* Generate a new ECDH key pair */
1327 if (!(EC_KEY_generate_key(clnt_ecdh)))
1328 {
1329 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1330 goto err;
1331 }
1332 }
1333
1334 /* use the 'p' output buffer for the ECDH key, but
1335 * make sure to clear it out afterwards
1336 */
1337
1338 field_size = EC_GROUP_get_degree(srvr_group);
1339 if (field_size <= 0)
1340 {
1341 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1342 ERR_R_ECDH_LIB);
1343 goto err;
1344 }
1345 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1346 if (n <= 0)
1347 {
1348 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1349 ERR_R_ECDH_LIB);
1350 goto err;
1351 }
1352
1353 /* generate master key from the result */
1354 s->session->master_key_length = s->method->ssl3_enc \
1355 -> generate_master_secret(s,
1356 s->session->master_key,
1357 p, n);
1358
1359 memset(p, 0, n); /* clean up */
1360
1361 if (ecdh_clnt_cert)
1362 {
1363 /* Send empty client key exch message */
1364 n = 0;
1365 }
1366 else
1367 {
1368 /* First check the size of encoding and
1369 * allocate memory accordingly.
1370 */
1371 encoded_pt_len =
1372 EC_POINT_point2oct(srvr_group,
1373 EC_KEY_get0_public_key(clnt_ecdh),
1374 POINT_CONVERSION_UNCOMPRESSED,
1375 NULL, 0, NULL);
1376
1377 encodedPoint = (unsigned char *)
1378 OPENSSL_malloc(encoded_pt_len *
1379 sizeof(unsigned char));
1380 bn_ctx = BN_CTX_new();
1381 if ((encodedPoint == NULL) ||
1382 (bn_ctx == NULL))
1383 {
1384 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1385 goto err;
1386 }
1387
1388 /* Encode the public key */
1389 n = EC_POINT_point2oct(srvr_group,
1390 EC_KEY_get0_public_key(clnt_ecdh),
1391 POINT_CONVERSION_UNCOMPRESSED,
1392 encodedPoint, encoded_pt_len, bn_ctx);
1393
1394 *p = n; /* length of encoded point */
1395 /* Encoded point will be copied here */
1396 p += 1;
1397 /* copy the point */
1398 memcpy((unsigned char *)p, encodedPoint, n);
1399 /* increment n to account for length field */
1400 n += 1;
1401 }
1402
1403 /* Free allocated memory */
1404 BN_CTX_free(bn_ctx);
1405 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1406 if (clnt_ecdh != NULL)
1407 EC_KEY_free(clnt_ecdh);
1408 EVP_PKEY_free(srvr_pub_pkey);
1409 }
1410#endif /* !OPENSSL_NO_ECDH */
1411
1412#ifndef OPENSSL_NO_PSK
1413 else if (alg_k & SSL_kPSK)
1414 {
1415 char identity[PSK_MAX_IDENTITY_LEN];
1416 unsigned char *t = NULL;
1417 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
1418 unsigned int pre_ms_len = 0, psk_len = 0;
1419 int psk_err = 1;
1420
1421 n = 0;
1422 if (s->psk_client_callback == NULL)
1423 {
1424 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1425 SSL_R_PSK_NO_CLIENT_CB);
1426 goto err;
1427 }
1428
1429 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
1430 identity, PSK_MAX_IDENTITY_LEN,
1431 psk_or_pre_ms, sizeof(psk_or_pre_ms));
1432 if (psk_len > PSK_MAX_PSK_LEN)
1433 {
1434 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1435 ERR_R_INTERNAL_ERROR);
1436 goto psk_err;
1437 }
1438 else if (psk_len == 0)
1439 {
1440 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1441 SSL_R_PSK_IDENTITY_NOT_FOUND);
1442 goto psk_err;
1443 }
1444
1445 /* create PSK pre_master_secret */
1446 pre_ms_len = 2+psk_len+2+psk_len;
1447 t = psk_or_pre_ms;
1448 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
1449 s2n(psk_len, t);
1450 memset(t, 0, psk_len);
1451 t+=psk_len;
1452 s2n(psk_len, t);
1453
1454 if (s->session->psk_identity_hint != NULL)
1455 OPENSSL_free(s->session->psk_identity_hint);
1456 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
1457 if (s->ctx->psk_identity_hint != NULL &&
1458 s->session->psk_identity_hint == NULL)
1459 {
1460 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1461 ERR_R_MALLOC_FAILURE);
1462 goto psk_err;
1463 }
1464
1465 if (s->session->psk_identity != NULL)
1466 OPENSSL_free(s->session->psk_identity);
1467 s->session->psk_identity = BUF_strdup(identity);
1468 if (s->session->psk_identity == NULL)
1469 {
1470 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1471 ERR_R_MALLOC_FAILURE);
1472 goto psk_err;
1473 }
1474
1475 s->session->master_key_length =
1476 s->method->ssl3_enc->generate_master_secret(s,
1477 s->session->master_key,
1478 psk_or_pre_ms, pre_ms_len);
1479 n = strlen(identity);
1480 s2n(n, p);
1481 memcpy(p, identity, n);
1482 n+=2;
1483 psk_err = 0;
1484 psk_err:
1485 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1486 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1487 if (psk_err != 0)
1488 {
1489 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1490 goto err;
1491 }
1492 }
1493#endif
1494 else
1495 {
1496 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1497 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1498 goto err;
1499 }
1500
1501 d = dtls1_set_message_header(s, d,
1502 SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
1503 /*
1504 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
1505 l2n3(n,d);
1506 l2n(s->d1->handshake_write_seq,d);
1507 s->d1->handshake_write_seq++;
1508 */
1509
1510 s->state=SSL3_ST_CW_KEY_EXCH_B;
1511 /* number of bytes to write */
1512 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1513 s->init_off=0;
1514
1515 /* buffer the message to handle re-xmits */
1516 dtls1_buffer_message(s, 0);
1517 }
1518
1519 /* SSL3_ST_CW_KEY_EXCH_B */
1520 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1521err:
1522#ifndef OPENSSL_NO_ECDH
1523 BN_CTX_free(bn_ctx);
1524 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1525 if (clnt_ecdh != NULL)
1526 EC_KEY_free(clnt_ecdh);
1527 EVP_PKEY_free(srvr_pub_pkey);
1528#endif
1529 return(-1);
1530 }
1531
1532int dtls1_send_client_verify(SSL *s)
1533 {
1534 unsigned char *p,*d;
1535 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1536 EVP_PKEY *pkey;
1537#ifndef OPENSSL_NO_RSA
1538 unsigned u=0;
1539#endif
1540 unsigned long n;
1541#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1542 int j;
1543#endif
1544
1545 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
1546 {
1547 d=(unsigned char *)s->init_buf->data;
1548 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1549 pkey=s->cert->key->privatekey;
1550
1551 s->method->ssl3_enc->cert_verify_mac(s,
1552 NID_sha1,
1553 &(data[MD5_DIGEST_LENGTH]));
1554
1555#ifndef OPENSSL_NO_RSA
1556 if (pkey->type == EVP_PKEY_RSA)
1557 {
1558 s->method->ssl3_enc->cert_verify_mac(s,
1559 NID_md5,
1560 &(data[0]));
1561 if (RSA_sign(NID_md5_sha1, data,
1562 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1563 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
1564 {
1565 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
1566 goto err;
1567 }
1568 s2n(u,p);
1569 n=u+2;
1570 }
1571 else
1572#endif
1573#ifndef OPENSSL_NO_DSA
1574 if (pkey->type == EVP_PKEY_DSA)
1575 {
1576 if (!DSA_sign(pkey->save_type,
1577 &(data[MD5_DIGEST_LENGTH]),
1578 SHA_DIGEST_LENGTH,&(p[2]),
1579 (unsigned int *)&j,pkey->pkey.dsa))
1580 {
1581 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
1582 goto err;
1583 }
1584 s2n(j,p);
1585 n=j+2;
1586 }
1587 else
1588#endif
1589#ifndef OPENSSL_NO_ECDSA
1590 if (pkey->type == EVP_PKEY_EC)
1591 {
1592 if (!ECDSA_sign(pkey->save_type,
1593 &(data[MD5_DIGEST_LENGTH]),
1594 SHA_DIGEST_LENGTH,&(p[2]),
1595 (unsigned int *)&j,pkey->pkey.ec))
1596 {
1597 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1598 ERR_R_ECDSA_LIB);
1599 goto err;
1600 }
1601 s2n(j,p);
1602 n=j+2;
1603 }
1604 else
1605#endif
1606 {
1607 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
1608 goto err;
1609 }
1610
1611 d = dtls1_set_message_header(s, d,
1612 SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
1613
1614 s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
1615 s->init_off=0;
1616
1617 /* buffer the message to handle re-xmits */
1618 dtls1_buffer_message(s, 0);
1619
1620 s->state = SSL3_ST_CW_CERT_VRFY_B;
1621 }
1622
1623 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1624 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1625err:
1626 return(-1);
1627 }
1628
1629int dtls1_send_client_certificate(SSL *s)
1630 {
1631 X509 *x509=NULL;
1632 EVP_PKEY *pkey=NULL;
1633 int i;
1634 unsigned long l;
1635
1636 if (s->state == SSL3_ST_CW_CERT_A)
1637 {
1638 if ((s->cert == NULL) ||
1639 (s->cert->key->x509 == NULL) ||
1640 (s->cert->key->privatekey == NULL))
1641 s->state=SSL3_ST_CW_CERT_B;
1642 else
1643 s->state=SSL3_ST_CW_CERT_C;
1644 }
1645
1646 /* We need to get a client cert */
1647 if (s->state == SSL3_ST_CW_CERT_B)
1648 {
1649 /* If we get an error, we need to
1650 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1651 * We then get retied later */
1652 i=0;
1653 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1654 if (i < 0)
1655 {
1656 s->rwstate=SSL_X509_LOOKUP;
1657 return(-1);
1658 }
1659 s->rwstate=SSL_NOTHING;
1660 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
1661 {
1662 s->state=SSL3_ST_CW_CERT_B;
1663 if ( !SSL_use_certificate(s,x509) ||
1664 !SSL_use_PrivateKey(s,pkey))
1665 i=0;
1666 }
1667 else if (i == 1)
1668 {
1669 i=0;
1670 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1671 }
1672
1673 if (x509 != NULL) X509_free(x509);
1674 if (pkey != NULL) EVP_PKEY_free(pkey);
1675 if (i == 0)
1676 {
1677 if (s->version == SSL3_VERSION)
1678 {
1679 s->s3->tmp.cert_req=0;
1680 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
1681 return(1);
1682 }
1683 else
1684 {
1685 s->s3->tmp.cert_req=2;
1686 }
1687 }
1688
1689 /* Ok, we have a cert */
1690 s->state=SSL3_ST_CW_CERT_C;
1691 }
1692
1693 if (s->state == SSL3_ST_CW_CERT_C)
1694 {
1695 s->state=SSL3_ST_CW_CERT_D;
1696 l=dtls1_output_cert_chain(s,
1697 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
1698 s->init_num=(int)l;
1699 s->init_off=0;
1700
1701 /* set header called by dtls1_output_cert_chain() */
1702
1703 /* buffer the message to handle re-xmits */
1704 dtls1_buffer_message(s, 0);
1705 }
1706 /* SSL3_ST_CW_CERT_D */
1707 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1708 }
1709
1710
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index 712c4647f2..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,260 +0,0 @@
1/* ssl/d1_enc.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h>
120#endif
121#include <openssl/evp.h>
122#include <openssl/hmac.h>
123#include <openssl/md5.h>
124#include <openssl/rand.h>
125#ifdef KSSL_DEBUG
126#include <openssl/des.h>
127#endif
128
129/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
130 *
131 * Returns:
132 * 0: (in non-constant time) if the record is publically invalid (i.e. too
133 * short etc).
134 * 1: if the record's padding is valid / the encryption was successful.
135 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
136 * an internal error occured. */
137int dtls1_enc(SSL *s, int send)
138 {
139 SSL3_RECORD *rec;
140 EVP_CIPHER_CTX *ds;
141 unsigned long l;
142 int bs,i,j,k,mac_size=0;
143 const EVP_CIPHER *enc;
144
145 if (send)
146 {
147 if (EVP_MD_CTX_md(s->write_hash))
148 {
149 mac_size=EVP_MD_CTX_size(s->write_hash);
150 if (mac_size < 0)
151 return -1;
152 }
153 ds=s->enc_write_ctx;
154 rec= &(s->s3->wrec);
155 if (s->enc_write_ctx == NULL)
156 enc=NULL;
157 else
158 {
159 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
160 if ( rec->data != rec->input)
161 /* we can't write into the input stream */
162 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
163 __FILE__, __LINE__);
164 else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
165 {
166 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
167 return -1;
168 }
169 }
170 }
171 else
172 {
173 if (EVP_MD_CTX_md(s->read_hash))
174 {
175 mac_size=EVP_MD_CTX_size(s->read_hash);
176 OPENSSL_assert(mac_size >= 0);
177 }
178 ds=s->enc_read_ctx;
179 rec= &(s->s3->rrec);
180 if (s->enc_read_ctx == NULL)
181 enc=NULL;
182 else
183 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
184 }
185
186#ifdef KSSL_DEBUG
187 printf("dtls1_enc(%d)\n", send);
188#endif /* KSSL_DEBUG */
189
190 if ((s->session == NULL) || (ds == NULL) ||
191 (enc == NULL))
192 {
193 memmove(rec->data,rec->input,rec->length);
194 rec->input=rec->data;
195 }
196 else
197 {
198 l=rec->length;
199 bs=EVP_CIPHER_block_size(ds->cipher);
200
201 if ((bs != 1) && send)
202 {
203 i=bs-((int)l%bs);
204
205 /* Add weird padding of upto 256 bytes */
206
207 /* we need to add 'i' padding bytes of value j */
208 j=i-1;
209 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
210 {
211 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
212 j++;
213 }
214 for (k=(int)l; k<(int)(l+i); k++)
215 rec->input[k]=j;
216 l+=i;
217 rec->length+=i;
218 }
219
220#ifdef KSSL_DEBUG
221 {
222 unsigned long ui;
223 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
224 ds,rec->data,rec->input,l);
225 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
226 ds->buf_len, ds->cipher->key_len,
227 DES_KEY_SZ, DES_SCHEDULE_SZ,
228 ds->cipher->iv_len);
229 printf("\t\tIV: ");
230 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
231 printf("\n");
232 printf("\trec->input=");
233 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
234 printf("\n");
235 }
236#endif /* KSSL_DEBUG */
237
238 if (!send)
239 {
240 if (l == 0 || l%bs != 0)
241 return 0;
242 }
243
244 EVP_Cipher(ds,rec->data,rec->input,l);
245
246#ifdef KSSL_DEBUG
247 {
248 unsigned long i;
249 printf("\trec->data=");
250 for (i=0; i<l; i++)
251 printf(" %02x", rec->data[i]); printf("\n");
252 }
253#endif /* KSSL_DEBUG */
254
255 if ((bs != 1) && !send)
256 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
257 }
258 return(1);
259 }
260
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
deleted file mode 100644
index f61f718183..0000000000
--- a/src/lib/libssl/d1_lib.c
+++ /dev/null
@@ -1,482 +0,0 @@
1/* ssl/d1_lib.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#define USE_SOCKETS
62#include <openssl/objects.h>
63#include "ssl_locl.h"
64
65#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
66#include <sys/timeb.h>
67#endif
68
69static void get_current_time(struct timeval *t);
70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client);
72
73SSL3_ENC_METHOD DTLSv1_enc_data={
74 dtls1_enc,
75 tls1_mac,
76 tls1_setup_key_block,
77 tls1_generate_master_secret,
78 tls1_change_cipher_state,
79 tls1_final_finish_mac,
80 TLS1_FINISH_MAC_LENGTH,
81 tls1_cert_verify_mac,
82 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
83 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
84 tls1_alert_code,
85 tls1_export_keying_material,
86 };
87
88long dtls1_default_timeout(void)
89 {
90 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
91 * is way too long for http, the cache would over fill */
92 return(60*60*2);
93 }
94
95int dtls1_new(SSL *s)
96 {
97 DTLS1_STATE *d1;
98
99 if (!ssl3_new(s)) return(0);
100 if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
101 memset(d1,0, sizeof *d1);
102
103 /* d1->handshake_epoch=0; */
104
105 d1->unprocessed_rcds.q=pqueue_new();
106 d1->processed_rcds.q=pqueue_new();
107 d1->buffered_messages = pqueue_new();
108 d1->sent_messages=pqueue_new();
109 d1->buffered_app_data.q=pqueue_new();
110
111 if ( s->server)
112 {
113 d1->cookie_len = sizeof(s->d1->cookie);
114 }
115
116 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
117 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
118 {
119 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
120 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
121 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
122 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
123 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
124 OPENSSL_free(d1);
125 return (0);
126 }
127
128 s->d1=d1;
129 s->method->ssl_clear(s);
130 return(1);
131 }
132
133static void dtls1_clear_queues(SSL *s)
134 {
135 pitem *item = NULL;
136 hm_fragment *frag = NULL;
137 DTLS1_RECORD_DATA *rdata;
138
139 while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
140 {
141 rdata = (DTLS1_RECORD_DATA *) item->data;
142 if (rdata->rbuf.buf)
143 {
144 OPENSSL_free(rdata->rbuf.buf);
145 }
146 OPENSSL_free(item->data);
147 pitem_free(item);
148 }
149
150 while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
151 {
152 rdata = (DTLS1_RECORD_DATA *) item->data;
153 if (rdata->rbuf.buf)
154 {
155 OPENSSL_free(rdata->rbuf.buf);
156 }
157 OPENSSL_free(item->data);
158 pitem_free(item);
159 }
160
161 while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
162 {
163 frag = (hm_fragment *)item->data;
164 OPENSSL_free(frag->fragment);
165 OPENSSL_free(frag);
166 pitem_free(item);
167 }
168
169 while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
170 {
171 frag = (hm_fragment *)item->data;
172 OPENSSL_free(frag->fragment);
173 OPENSSL_free(frag);
174 pitem_free(item);
175 }
176
177 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
178 {
179 frag = (hm_fragment *)item->data;
180 OPENSSL_free(frag->fragment);
181 OPENSSL_free(frag);
182 pitem_free(item);
183 }
184 }
185
186void dtls1_free(SSL *s)
187 {
188 ssl3_free(s);
189
190 dtls1_clear_queues(s);
191
192 pqueue_free(s->d1->unprocessed_rcds.q);
193 pqueue_free(s->d1->processed_rcds.q);
194 pqueue_free(s->d1->buffered_messages);
195 pqueue_free(s->d1->sent_messages);
196 pqueue_free(s->d1->buffered_app_data.q);
197
198 OPENSSL_free(s->d1);
199 }
200
201void dtls1_clear(SSL *s)
202 {
203 pqueue unprocessed_rcds;
204 pqueue processed_rcds;
205 pqueue buffered_messages;
206 pqueue sent_messages;
207 pqueue buffered_app_data;
208 unsigned int mtu;
209
210 if (s->d1)
211 {
212 unprocessed_rcds = s->d1->unprocessed_rcds.q;
213 processed_rcds = s->d1->processed_rcds.q;
214 buffered_messages = s->d1->buffered_messages;
215 sent_messages = s->d1->sent_messages;
216 buffered_app_data = s->d1->buffered_app_data.q;
217 mtu = s->d1->mtu;
218
219 dtls1_clear_queues(s);
220
221 memset(s->d1, 0, sizeof(*(s->d1)));
222
223 if (s->server)
224 {
225 s->d1->cookie_len = sizeof(s->d1->cookie);
226 }
227
228 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
229 {
230 s->d1->mtu = mtu;
231 }
232
233 s->d1->unprocessed_rcds.q = unprocessed_rcds;
234 s->d1->processed_rcds.q = processed_rcds;
235 s->d1->buffered_messages = buffered_messages;
236 s->d1->sent_messages = sent_messages;
237 s->d1->buffered_app_data.q = buffered_app_data;
238 }
239
240 ssl3_clear(s);
241 if (s->options & SSL_OP_CISCO_ANYCONNECT)
242 s->version=DTLS1_BAD_VER;
243 else
244 s->version=DTLS1_VERSION;
245 }
246
247long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
248 {
249 int ret=0;
250
251 switch (cmd)
252 {
253 case DTLS_CTRL_GET_TIMEOUT:
254 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
255 {
256 ret = 1;
257 }
258 break;
259 case DTLS_CTRL_HANDLE_TIMEOUT:
260 ret = dtls1_handle_timeout(s);
261 break;
262 case DTLS_CTRL_LISTEN:
263 ret = dtls1_listen(s, parg);
264 break;
265
266 default:
267 ret = ssl3_ctrl(s, cmd, larg, parg);
268 break;
269 }
270 return(ret);
271 }
272
273/*
274 * As it's impossible to use stream ciphers in "datagram" mode, this
275 * simple filter is designed to disengage them in DTLS. Unfortunately
276 * there is no universal way to identify stream SSL_CIPHER, so we have
277 * to explicitly list their SSL_* codes. Currently RC4 is the only one
278 * available, but if new ones emerge, they will have to be added...
279 */
280const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
281 {
282 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
283
284 if (ciph != NULL)
285 {
286 if (ciph->algorithm_enc == SSL_RC4)
287 return NULL;
288 }
289
290 return ciph;
291 }
292
293void dtls1_start_timer(SSL *s)
294 {
295#ifndef OPENSSL_NO_SCTP
296 /* Disable timer for SCTP */
297 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
298 {
299 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
300 return;
301 }
302#endif
303
304 /* If timer is not set, initialize duration with 1 second */
305 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
306 {
307 s->d1->timeout_duration = 1;
308 }
309
310 /* Set timeout to current time */
311 get_current_time(&(s->d1->next_timeout));
312
313 /* Add duration to current time */
314 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
315 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
316 }
317
318struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
319 {
320 struct timeval timenow;
321
322 /* If no timeout is set, just return NULL */
323 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
324 {
325 return NULL;
326 }
327
328 /* Get current time */
329 get_current_time(&timenow);
330
331 /* If timer already expired, set remaining time to 0 */
332 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
333 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
334 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
335 {
336 memset(timeleft, 0, sizeof(struct timeval));
337 return timeleft;
338 }
339
340 /* Calculate time left until timer expires */
341 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
342 timeleft->tv_sec -= timenow.tv_sec;
343 timeleft->tv_usec -= timenow.tv_usec;
344 if (timeleft->tv_usec < 0)
345 {
346 timeleft->tv_sec--;
347 timeleft->tv_usec += 1000000;
348 }
349
350 /* If remaining time is less than 15 ms, set it to 0
351 * to prevent issues because of small devergences with
352 * socket timeouts.
353 */
354 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
355 {
356 memset(timeleft, 0, sizeof(struct timeval));
357 }
358
359
360 return timeleft;
361 }
362
363int dtls1_is_timer_expired(SSL *s)
364 {
365 struct timeval timeleft;
366
367 /* Get time left until timeout, return false if no timer running */
368 if (dtls1_get_timeout(s, &timeleft) == NULL)
369 {
370 return 0;
371 }
372
373 /* Return false if timer is not expired yet */
374 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
375 {
376 return 0;
377 }
378
379 /* Timer expired, so return true */
380 return 1;
381 }
382
383void dtls1_double_timeout(SSL *s)
384 {
385 s->d1->timeout_duration *= 2;
386 if (s->d1->timeout_duration > 60)
387 s->d1->timeout_duration = 60;
388 dtls1_start_timer(s);
389 }
390
391void dtls1_stop_timer(SSL *s)
392 {
393 /* Reset everything */
394 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
395 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
396 s->d1->timeout_duration = 1;
397 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
398 /* Clear retransmission buffer */
399 dtls1_clear_record_buffer(s);
400 }
401
402int dtls1_check_timeout_num(SSL *s)
403 {
404 s->d1->timeout.num_alerts++;
405
406 /* Reduce MTU after 2 unsuccessful retransmissions */
407 if (s->d1->timeout.num_alerts > 2)
408 {
409 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
410 }
411
412 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
413 {
414 /* fail the connection, enough alerts have been sent */
415 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
416 return -1;
417 }
418
419 return 0;
420 }
421
422int dtls1_handle_timeout(SSL *s)
423 {
424 /* if no timer is expired, don't do anything */
425 if (!dtls1_is_timer_expired(s))
426 {
427 return 0;
428 }
429
430 dtls1_double_timeout(s);
431
432 if (dtls1_check_timeout_num(s) < 0)
433 return -1;
434
435 s->d1->timeout.read_timeouts++;
436 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
437 {
438 s->d1->timeout.read_timeouts = 1;
439 }
440
441#ifndef OPENSSL_NO_HEARTBEATS
442 if (s->tlsext_hb_pending)
443 {
444 s->tlsext_hb_pending = 0;
445 return dtls1_heartbeat(s);
446 }
447#endif
448
449 dtls1_start_timer(s);
450 return dtls1_retransmit_buffered_messages(s);
451 }
452
453static void get_current_time(struct timeval *t)
454{
455#ifdef OPENSSL_SYS_WIN32
456 struct _timeb tb;
457 _ftime(&tb);
458 t->tv_sec = (long)tb.time;
459 t->tv_usec = (long)tb.millitm * 1000;
460#elif defined(OPENSSL_SYS_VMS)
461 struct timeb tb;
462 ftime(&tb);
463 t->tv_sec = (long)tb.time;
464 t->tv_usec = (long)tb.millitm * 1000;
465#else
466 gettimeofday(t, NULL);
467#endif
468}
469
470int dtls1_listen(SSL *s, struct sockaddr *client)
471 {
472 int ret;
473
474 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
475 s->d1->listen = 1;
476
477 ret = SSL_accept(s);
478 if (ret <= 0) return ret;
479
480 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
481 return 1;
482 }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
deleted file mode 100644
index 5c4004bfe3..0000000000
--- a/src/lib/libssl/d1_meth.c
+++ /dev/null
@@ -1,77 +0,0 @@
1/* ssl/d1_meth.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include <openssl/objects.h>
62#include "ssl_locl.h"
63
64static const SSL_METHOD *dtls1_get_method(int ver);
65static const SSL_METHOD *dtls1_get_method(int ver)
66 {
67 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method());
69 else
70 return(NULL);
71 }
72
73IMPLEMENT_dtls1_meth_func(DTLSv1_method,
74 dtls1_accept,
75 dtls1_connect,
76 dtls1_get_method)
77
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
deleted file mode 100644
index cfe4524553..0000000000
--- a/src/lib/libssl/d1_pkt.c
+++ /dev/null
@@ -1,1893 +0,0 @@
1/* ssl/d1_pkt.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include <errno.h>
118#define USE_SOCKETS
119#include "ssl_locl.h"
120#include <openssl/evp.h>
121#include <openssl/buffer.h>
122#include <openssl/pqueue.h>
123#include <openssl/rand.h>
124
125/* mod 128 saturating subtract of two 64-bit values in big-endian order */
126static int satsub64be(const unsigned char *v1,const unsigned char *v2)
127{ int ret,sat,brw,i;
128
129 if (sizeof(long) == 8) do
130 { const union { long one; char little; } is_endian = {1};
131 long l;
132
133 if (is_endian.little) break;
134 /* not reached on little-endians */
135 /* following test is redundant, because input is
136 * always aligned, but I take no chances... */
137 if (((size_t)v1|(size_t)v2)&0x7) break;
138
139 l = *((long *)v1);
140 l -= *((long *)v2);
141 if (l>128) return 128;
142 else if (l<-128) return -128;
143 else return (int)l;
144 } while (0);
145
146 ret = (int)v1[7]-(int)v2[7];
147 sat = 0;
148 brw = ret>>8; /* brw is either 0 or -1 */
149 if (ret & 0x80)
150 { for (i=6;i>=0;i--)
151 { brw += (int)v1[i]-(int)v2[i];
152 sat |= ~brw;
153 brw >>= 8;
154 }
155 }
156 else
157 { for (i=6;i>=0;i--)
158 { brw += (int)v1[i]-(int)v2[i];
159 sat |= brw;
160 brw >>= 8;
161 }
162 }
163 brw <<= 8; /* brw is either 0 or -256 */
164
165 if (sat&0xff) return brw | 0x80;
166 else return brw + (ret&0xFF);
167}
168
169static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
170 int len, int peek);
171static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
172static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
173static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
174 unsigned int *is_next_epoch);
175#if 0
176static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
177 unsigned short *priority, unsigned long *offset);
178#endif
179static int dtls1_buffer_record(SSL *s, record_pqueue *q,
180 unsigned char *priority);
181static int dtls1_process_record(SSL *s);
182
183/* copy buffered record into SSL structure */
184static int
185dtls1_copy_record(SSL *s, pitem *item)
186 {
187 DTLS1_RECORD_DATA *rdata;
188
189 rdata = (DTLS1_RECORD_DATA *)item->data;
190
191 if (s->s3->rbuf.buf != NULL)
192 OPENSSL_free(s->s3->rbuf.buf);
193
194 s->packet = rdata->packet;
195 s->packet_length = rdata->packet_length;
196 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
197 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
198
199 /* Set proper sequence number for mac calculation */
200 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
201
202 return(1);
203 }
204
205
206static int
207dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
208 {
209 DTLS1_RECORD_DATA *rdata;
210 pitem *item;
211
212 /* Limit the size of the queue to prevent DOS attacks */
213 if (pqueue_size(queue->q) >= 100)
214 return 0;
215
216 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
217 item = pitem_new(priority, rdata);
218 if (rdata == NULL || item == NULL)
219 {
220 if (rdata != NULL) OPENSSL_free(rdata);
221 if (item != NULL) pitem_free(item);
222
223 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
224 return(0);
225 }
226
227 rdata->packet = s->packet;
228 rdata->packet_length = s->packet_length;
229 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
230 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
231
232 item->data = rdata;
233
234#ifndef OPENSSL_NO_SCTP
235 /* Store bio_dgram_sctp_rcvinfo struct */
236 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
237 (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
238 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
239 }
240#endif
241
242 /* insert should not fail, since duplicates are dropped */
243 if (pqueue_insert(queue->q, item) == NULL)
244 {
245 OPENSSL_free(rdata);
246 pitem_free(item);
247 return(0);
248 }
249
250 s->packet = NULL;
251 s->packet_length = 0;
252 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
253 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
254
255 if (!ssl3_setup_buffers(s))
256 {
257 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
258 OPENSSL_free(rdata);
259 pitem_free(item);
260 return(0);
261 }
262
263 return(1);
264 }
265
266
267static int
268dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
269 {
270 pitem *item;
271
272 item = pqueue_pop(queue->q);
273 if (item)
274 {
275 dtls1_copy_record(s, item);
276
277 OPENSSL_free(item->data);
278 pitem_free(item);
279
280 return(1);
281 }
282
283 return(0);
284 }
285
286
287/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
288 * yet */
289#define dtls1_get_unprocessed_record(s) \
290 dtls1_retrieve_buffered_record((s), \
291 &((s)->d1->unprocessed_rcds))
292
293/* retrieve a buffered record that belongs to the current epoch, ie, processed */
294#define dtls1_get_processed_record(s) \
295 dtls1_retrieve_buffered_record((s), \
296 &((s)->d1->processed_rcds))
297
298static int
299dtls1_process_buffered_records(SSL *s)
300 {
301 pitem *item;
302
303 item = pqueue_peek(s->d1->unprocessed_rcds.q);
304 if (item)
305 {
306 /* Check if epoch is current. */
307 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
308 return(1); /* Nothing to do. */
309
310 /* Process all the records. */
311 while (pqueue_peek(s->d1->unprocessed_rcds.q))
312 {
313 dtls1_get_unprocessed_record(s);
314 if ( ! dtls1_process_record(s))
315 return(0);
316 dtls1_buffer_record(s, &(s->d1->processed_rcds),
317 s->s3->rrec.seq_num);
318 }
319 }
320
321 /* sync epoch numbers once all the unprocessed records
322 * have been processed */
323 s->d1->processed_rcds.epoch = s->d1->r_epoch;
324 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
325
326 return(1);
327 }
328
329
330#if 0
331
332static int
333dtls1_get_buffered_record(SSL *s)
334 {
335 pitem *item;
336 PQ_64BIT priority =
337 (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
338 ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
339
340 if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
341 nothing buffered */
342 return 0;
343
344
345 item = pqueue_peek(s->d1->rcvd_records);
346 if (item && item->priority == priority)
347 {
348 /* Check if we've received the record of interest. It must be
349 * a handshake record, since data records as passed up without
350 * buffering */
351 DTLS1_RECORD_DATA *rdata;
352 item = pqueue_pop(s->d1->rcvd_records);
353 rdata = (DTLS1_RECORD_DATA *)item->data;
354
355 if (s->s3->rbuf.buf != NULL)
356 OPENSSL_free(s->s3->rbuf.buf);
357
358 s->packet = rdata->packet;
359 s->packet_length = rdata->packet_length;
360 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
361 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
362
363 OPENSSL_free(item->data);
364 pitem_free(item);
365
366 /* s->d1->next_expected_seq_num++; */
367 return(1);
368 }
369
370 return 0;
371 }
372
373#endif
374
375static int
376dtls1_process_record(SSL *s)
377{
378 int i,al;
379 int enc_err;
380 SSL_SESSION *sess;
381 SSL3_RECORD *rr;
382 unsigned int mac_size, orig_len;
383 unsigned char md[EVP_MAX_MD_SIZE];
384
385 rr= &(s->s3->rrec);
386 sess = s->session;
387
388 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
389 * and we have that many bytes in s->packet
390 */
391 rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
392
393 /* ok, we can now read from 's->packet' data into 'rr'
394 * rr->input points at rr->length bytes, which
395 * need to be copied into rr->data by either
396 * the decryption or by the decompression
397 * When the data is 'copied' into the rr->data buffer,
398 * rr->input will be pointed at the new buffer */
399
400 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
401 * rr->length bytes of encrypted compressed stuff. */
402
403 /* check is not needed I believe */
404 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
405 {
406 al=SSL_AD_RECORD_OVERFLOW;
407 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
408 goto f_err;
409 }
410
411 /* decrypt in place in 'rr->input' */
412 rr->data=rr->input;
413
414 enc_err = s->method->ssl3_enc->enc(s,0);
415 /* enc_err is:
416 * 0: (in non-constant time) if the record is publically invalid.
417 * 1: if the padding is valid
418 * -1: if the padding is invalid */
419 if (enc_err == 0)
420 {
421 /* For DTLS we simply ignore bad packets. */
422 rr->length = 0;
423 s->packet_length = 0;
424 goto err;
425 }
426
427#ifdef TLS_DEBUG
428printf("dec %d\n",rr->length);
429{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
430printf("\n");
431#endif
432
433 /* r->length is now the compressed data plus mac */
434 if ((sess != NULL) &&
435 (s->enc_read_ctx != NULL) &&
436 (EVP_MD_CTX_md(s->read_hash) != NULL))
437 {
438 /* s->read_hash != NULL => mac_size != -1 */
439 unsigned char *mac = NULL;
440 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
441 mac_size=EVP_MD_CTX_size(s->read_hash);
442 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
443
444 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
445 orig_len = rr->length+((unsigned int)rr->type>>8);
446
447 /* orig_len is the length of the record before any padding was
448 * removed. This is public information, as is the MAC in use,
449 * therefore we can safely process the record in a different
450 * amount of time if it's too short to possibly contain a MAC.
451 */
452 if (orig_len < mac_size ||
453 /* CBC records must have a padding length byte too. */
454 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
455 orig_len < mac_size+1))
456 {
457 al=SSL_AD_DECODE_ERROR;
458 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
459 goto f_err;
460 }
461
462 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
463 {
464 /* We update the length so that the TLS header bytes
465 * can be constructed correctly but we need to extract
466 * the MAC in constant time from within the record,
467 * without leaking the contents of the padding bytes.
468 * */
469 mac = mac_tmp;
470 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
471 rr->length -= mac_size;
472 }
473 else
474 {
475 /* In this case there's no padding, so |orig_len|
476 * equals |rec->length| and we checked that there's
477 * enough bytes for |mac_size| above. */
478 rr->length -= mac_size;
479 mac = &rr->data[rr->length];
480 }
481
482 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
483 if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0)
484 enc_err = -1;
485 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
486 enc_err = -1;
487 }
488
489 if (enc_err < 0)
490 {
491 /* decryption failed, silently discard message */
492 rr->length = 0;
493 s->packet_length = 0;
494 goto err;
495 }
496
497 /* r->length is now just compressed */
498 if (s->expand != NULL)
499 {
500 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
501 {
502 al=SSL_AD_RECORD_OVERFLOW;
503 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
504 goto f_err;
505 }
506 if (!ssl3_do_uncompress(s))
507 {
508 al=SSL_AD_DECOMPRESSION_FAILURE;
509 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
510 goto f_err;
511 }
512 }
513
514 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
515 {
516 al=SSL_AD_RECORD_OVERFLOW;
517 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
518 goto f_err;
519 }
520
521 rr->off=0;
522 /* So at this point the following is true
523 * ssl->s3->rrec.type is the type of record
524 * ssl->s3->rrec.length == number of bytes in record
525 * ssl->s3->rrec.off == offset to first valid byte
526 * ssl->s3->rrec.data == where to take bytes from, increment
527 * after use :-).
528 */
529
530 /* we have pulled in a full packet so zero things */
531 s->packet_length=0;
532 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
533 return(1);
534
535f_err:
536 ssl3_send_alert(s,SSL3_AL_FATAL,al);
537err:
538 return(0);
539}
540
541
542/* Call this to get a new input record.
543 * It will return <= 0 if more data is needed, normally due to an error
544 * or non-blocking IO.
545 * When it finishes, one packet has been decoded and can be found in
546 * ssl->s3->rrec.type - is the type of record
547 * ssl->s3->rrec.data, - data
548 * ssl->s3->rrec.length, - number of bytes
549 */
550/* used only by dtls1_read_bytes */
551int dtls1_get_record(SSL *s)
552 {
553 int ssl_major,ssl_minor;
554 int i,n;
555 SSL3_RECORD *rr;
556 unsigned char *p = NULL;
557 unsigned short version;
558 DTLS1_BITMAP *bitmap;
559 unsigned int is_next_epoch;
560
561 rr= &(s->s3->rrec);
562
563 /* The epoch may have changed. If so, process all the
564 * pending records. This is a non-blocking operation. */
565 dtls1_process_buffered_records(s);
566
567 /* if we're renegotiating, then there may be buffered records */
568 if (dtls1_get_processed_record(s))
569 return 1;
570
571 /* get something from the wire */
572again:
573 /* check if we have the header */
574 if ( (s->rstate != SSL_ST_READ_BODY) ||
575 (s->packet_length < DTLS1_RT_HEADER_LENGTH))
576 {
577 n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
578 /* read timeout is handled by dtls1_read_bytes */
579 if (n <= 0) return(n); /* error or non-blocking */
580
581 /* this packet contained a partial record, dump it */
582 if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
583 {
584 s->packet_length = 0;
585 goto again;
586 }
587
588 s->rstate=SSL_ST_READ_BODY;
589
590 p=s->packet;
591
592 /* Pull apart the header into the DTLS1_RECORD */
593 rr->type= *(p++);
594 ssl_major= *(p++);
595 ssl_minor= *(p++);
596 version=(ssl_major<<8)|ssl_minor;
597
598 /* sequence number is 64 bits, with top 2 bytes = epoch */
599 n2s(p,rr->epoch);
600
601 memcpy(&(s->s3->read_sequence[2]), p, 6);
602 p+=6;
603
604 n2s(p,rr->length);
605
606 /* Lets check version */
607 if (!s->first_packet)
608 {
609 if (version != s->version)
610 {
611 /* unexpected version, silently discard */
612 rr->length = 0;
613 s->packet_length = 0;
614 goto again;
615 }
616 }
617
618 if ((version & 0xff00) != (s->version & 0xff00))
619 {
620 /* wrong version, silently discard record */
621 rr->length = 0;
622 s->packet_length = 0;
623 goto again;
624 }
625
626 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
627 {
628 /* record too long, silently discard it */
629 rr->length = 0;
630 s->packet_length = 0;
631 goto again;
632 }
633
634 /* now s->rstate == SSL_ST_READ_BODY */
635 }
636
637 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
638
639 if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
640 {
641 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
642 i=rr->length;
643 n=ssl3_read_n(s,i,i,1);
644 if (n <= 0) return(n); /* error or non-blocking io */
645
646 /* this packet contained a partial record, dump it */
647 if ( n != i)
648 {
649 rr->length = 0;
650 s->packet_length = 0;
651 goto again;
652 }
653
654 /* now n == rr->length,
655 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
656 }
657 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
658
659 /* match epochs. NULL means the packet is dropped on the floor */
660 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
661 if ( bitmap == NULL)
662 {
663 rr->length = 0;
664 s->packet_length = 0; /* dump this record */
665 goto again; /* get another record */
666 }
667
668#ifndef OPENSSL_NO_SCTP
669 /* Only do replay check if no SCTP bio */
670 if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
671 {
672#endif
673 /* Check whether this is a repeat, or aged record.
674 * Don't check if we're listening and this message is
675 * a ClientHello. They can look as if they're replayed,
676 * since they arrive from different connections and
677 * would be dropped unnecessarily.
678 */
679 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
680 *p == SSL3_MT_CLIENT_HELLO) &&
681 !dtls1_record_replay_check(s, bitmap))
682 {
683 rr->length = 0;
684 s->packet_length=0; /* dump this record */
685 goto again; /* get another record */
686 }
687#ifndef OPENSSL_NO_SCTP
688 }
689#endif
690
691 /* just read a 0 length packet */
692 if (rr->length == 0) goto again;
693
694 /* If this record is from the next epoch (either HM or ALERT),
695 * and a handshake is currently in progress, buffer it since it
696 * cannot be processed at this time. However, do not buffer
697 * anything while listening.
698 */
699 if (is_next_epoch)
700 {
701 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
702 {
703 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
704 }
705 rr->length = 0;
706 s->packet_length = 0;
707 goto again;
708 }
709
710 if (!dtls1_process_record(s))
711 {
712 rr->length = 0;
713 s->packet_length = 0; /* dump this record */
714 goto again; /* get another record */
715 }
716
717 return(1);
718
719 }
720
721/* Return up to 'len' payload bytes received in 'type' records.
722 * 'type' is one of the following:
723 *
724 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
725 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
726 * - 0 (during a shutdown, no data has to be returned)
727 *
728 * If we don't have stored data to work from, read a SSL/TLS record first
729 * (possibly multiple records if we still don't have anything to return).
730 *
731 * This function must handle any surprises the peer may have for us, such as
732 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
733 * a surprise, but handled as if it were), or renegotiation requests.
734 * Also if record payloads contain fragments too small to process, we store
735 * them until there is enough for the respective protocol (the record protocol
736 * may use arbitrary fragmentation and even interleaving):
737 * Change cipher spec protocol
738 * just 1 byte needed, no need for keeping anything stored
739 * Alert protocol
740 * 2 bytes needed (AlertLevel, AlertDescription)
741 * Handshake protocol
742 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
743 * to detect unexpected Client Hello and Hello Request messages
744 * here, anything else is handled by higher layers
745 * Application data protocol
746 * none of our business
747 */
748int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
749 {
750 int al,i,j,ret;
751 unsigned int n;
752 SSL3_RECORD *rr;
753 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
754
755 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
756 if (!ssl3_setup_buffers(s))
757 return(-1);
758
759 /* XXX: check what the second '&& type' is about */
760 if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
761 (type != SSL3_RT_HANDSHAKE) && type) ||
762 (peek && (type != SSL3_RT_APPLICATION_DATA)))
763 {
764 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
765 return -1;
766 }
767
768 /* check whether there's a handshake message (client hello?) waiting */
769 if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
770 return ret;
771
772 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
773
774#ifndef OPENSSL_NO_SCTP
775 /* Continue handshake if it had to be interrupted to read
776 * app data with SCTP.
777 */
778 if ((!s->in_handshake && SSL_in_init(s)) ||
779 (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
780 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
781 s->s3->in_read_app_data != 2))
782#else
783 if (!s->in_handshake && SSL_in_init(s))
784#endif
785 {
786 /* type == SSL3_RT_APPLICATION_DATA */
787 i=s->handshake_func(s);
788 if (i < 0) return(i);
789 if (i == 0)
790 {
791 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
792 return(-1);
793 }
794 }
795
796start:
797 s->rwstate=SSL_NOTHING;
798
799 /* s->s3->rrec.type - is the type of record
800 * s->s3->rrec.data, - data
801 * s->s3->rrec.off, - offset into 'data' for next read
802 * s->s3->rrec.length, - number of bytes. */
803 rr = &(s->s3->rrec);
804
805 /* We are not handshaking and have no data yet,
806 * so process data buffered during the last handshake
807 * in advance, if any.
808 */
809 if (s->state == SSL_ST_OK && rr->length == 0)
810 {
811 pitem *item;
812 item = pqueue_pop(s->d1->buffered_app_data.q);
813 if (item)
814 {
815#ifndef OPENSSL_NO_SCTP
816 /* Restore bio_dgram_sctp_rcvinfo struct */
817 if (BIO_dgram_is_sctp(SSL_get_rbio(s)))
818 {
819 DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
820 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
821 }
822#endif
823
824 dtls1_copy_record(s, item);
825
826 OPENSSL_free(item->data);
827 pitem_free(item);
828 }
829 }
830
831 /* Check for timeout */
832 if (dtls1_handle_timeout(s) > 0)
833 goto start;
834
835 /* get new packet if necessary */
836 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
837 {
838 ret=dtls1_get_record(s);
839 if (ret <= 0)
840 {
841 ret = dtls1_read_failed(s, ret);
842 /* anything other than a timeout is an error */
843 if (ret <= 0)
844 return(ret);
845 else
846 goto start;
847 }
848 }
849
850 /* we now have a packet which can be read and processed */
851
852 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
853 * reset by ssl3_get_finished */
854 && (rr->type != SSL3_RT_HANDSHAKE))
855 {
856 /* We now have application data between CCS and Finished.
857 * Most likely the packets were reordered on their way, so
858 * buffer the application data for later processing rather
859 * than dropping the connection.
860 */
861 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
862 rr->length = 0;
863 goto start;
864 }
865
866 /* If the other end has shut down, throw anything we read away
867 * (even in 'peek' mode) */
868 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
869 {
870 rr->length=0;
871 s->rwstate=SSL_NOTHING;
872 return(0);
873 }
874
875
876 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
877 {
878 /* make sure that we are not getting application data when we
879 * are doing a handshake for the first time */
880 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
881 (s->enc_read_ctx == NULL))
882 {
883 al=SSL_AD_UNEXPECTED_MESSAGE;
884 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
885 goto f_err;
886 }
887
888 if (len <= 0) return(len);
889
890 if ((unsigned int)len > rr->length)
891 n = rr->length;
892 else
893 n = (unsigned int)len;
894
895 memcpy(buf,&(rr->data[rr->off]),n);
896 if (!peek)
897 {
898 rr->length-=n;
899 rr->off+=n;
900 if (rr->length == 0)
901 {
902 s->rstate=SSL_ST_READ_HEADER;
903 rr->off=0;
904 }
905 }
906
907#ifndef OPENSSL_NO_SCTP
908 /* We were about to renegotiate but had to read
909 * belated application data first, so retry.
910 */
911 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
912 rr->type == SSL3_RT_APPLICATION_DATA &&
913 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))
914 {
915 s->rwstate=SSL_READING;
916 BIO_clear_retry_flags(SSL_get_rbio(s));
917 BIO_set_retry_read(SSL_get_rbio(s));
918 }
919
920 /* We might had to delay a close_notify alert because
921 * of reordered app data. If there was an alert and there
922 * is no message to read anymore, finally set shutdown.
923 */
924 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
925 s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
926 {
927 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
928 return(0);
929 }
930#endif
931 return(n);
932 }
933
934
935 /* If we get here, then type != rr->type; if we have a handshake
936 * message, then it was unexpected (Hello Request or Client Hello). */
937
938 /* In case of record types for which we have 'fragment' storage,
939 * fill that so that we can process the data at a fixed place.
940 */
941 {
942 unsigned int k, dest_maxlen = 0;
943 unsigned char *dest = NULL;
944 unsigned int *dest_len = NULL;
945
946 if (rr->type == SSL3_RT_HANDSHAKE)
947 {
948 dest_maxlen = sizeof s->d1->handshake_fragment;
949 dest = s->d1->handshake_fragment;
950 dest_len = &s->d1->handshake_fragment_len;
951 }
952 else if (rr->type == SSL3_RT_ALERT)
953 {
954 dest_maxlen = sizeof(s->d1->alert_fragment);
955 dest = s->d1->alert_fragment;
956 dest_len = &s->d1->alert_fragment_len;
957 }
958#ifndef OPENSSL_NO_HEARTBEATS
959 else if (rr->type == TLS1_RT_HEARTBEAT)
960 {
961 dtls1_process_heartbeat(s);
962
963 /* Exit and notify application to read again */
964 rr->length = 0;
965 s->rwstate=SSL_READING;
966 BIO_clear_retry_flags(SSL_get_rbio(s));
967 BIO_set_retry_read(SSL_get_rbio(s));
968 return(-1);
969 }
970#endif
971 /* else it's a CCS message, or application data or wrong */
972 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
973 {
974 /* Application data while renegotiating
975 * is allowed. Try again reading.
976 */
977 if (rr->type == SSL3_RT_APPLICATION_DATA)
978 {
979 BIO *bio;
980 s->s3->in_read_app_data=2;
981 bio=SSL_get_rbio(s);
982 s->rwstate=SSL_READING;
983 BIO_clear_retry_flags(bio);
984 BIO_set_retry_read(bio);
985 return(-1);
986 }
987
988 /* Not certain if this is the right error handling */
989 al=SSL_AD_UNEXPECTED_MESSAGE;
990 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
991 goto f_err;
992 }
993
994 if (dest_maxlen > 0)
995 {
996 /* XDTLS: In a pathalogical case, the Client Hello
997 * may be fragmented--don't always expect dest_maxlen bytes */
998 if ( rr->length < dest_maxlen)
999 {
1000#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1001 /*
1002 * for normal alerts rr->length is 2, while
1003 * dest_maxlen is 7 if we were to handle this
1004 * non-existing alert...
1005 */
1006 FIX ME
1007#endif
1008 s->rstate=SSL_ST_READ_HEADER;
1009 rr->length = 0;
1010 goto start;
1011 }
1012
1013 /* now move 'n' bytes: */
1014 for ( k = 0; k < dest_maxlen; k++)
1015 {
1016 dest[k] = rr->data[rr->off++];
1017 rr->length--;
1018 }
1019 *dest_len = dest_maxlen;
1020 }
1021 }
1022
1023 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
1024 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
1025 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1026
1027 /* If we are a client, check for an incoming 'Hello Request': */
1028 if ((!s->server) &&
1029 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1030 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1031 (s->session != NULL) && (s->session->cipher != NULL))
1032 {
1033 s->d1->handshake_fragment_len = 0;
1034
1035 if ((s->d1->handshake_fragment[1] != 0) ||
1036 (s->d1->handshake_fragment[2] != 0) ||
1037 (s->d1->handshake_fragment[3] != 0))
1038 {
1039 al=SSL_AD_DECODE_ERROR;
1040 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1041 goto err;
1042 }
1043
1044 /* no need to check sequence number on HELLO REQUEST messages */
1045
1046 if (s->msg_callback)
1047 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1048 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
1049
1050 if (SSL_is_init_finished(s) &&
1051 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1052 !s->s3->renegotiate)
1053 {
1054 s->new_session = 1;
1055 ssl3_renegotiate(s);
1056 if (ssl3_renegotiate_check(s))
1057 {
1058 i=s->handshake_func(s);
1059 if (i < 0) return(i);
1060 if (i == 0)
1061 {
1062 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1063 return(-1);
1064 }
1065
1066 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1067 {
1068 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1069 {
1070 BIO *bio;
1071 /* In the case where we try to read application data,
1072 * but we trigger an SSL handshake, we return -1 with
1073 * the retry option set. Otherwise renegotiation may
1074 * cause nasty problems in the blocking world */
1075 s->rwstate=SSL_READING;
1076 bio=SSL_get_rbio(s);
1077 BIO_clear_retry_flags(bio);
1078 BIO_set_retry_read(bio);
1079 return(-1);
1080 }
1081 }
1082 }
1083 }
1084 /* we either finished a handshake or ignored the request,
1085 * now try again to obtain the (application) data we were asked for */
1086 goto start;
1087 }
1088
1089 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
1090 {
1091 int alert_level = s->d1->alert_fragment[0];
1092 int alert_descr = s->d1->alert_fragment[1];
1093
1094 s->d1->alert_fragment_len = 0;
1095
1096 if (s->msg_callback)
1097 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1098 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
1099
1100 if (s->info_callback != NULL)
1101 cb=s->info_callback;
1102 else if (s->ctx->info_callback != NULL)
1103 cb=s->ctx->info_callback;
1104
1105 if (cb != NULL)
1106 {
1107 j = (alert_level << 8) | alert_descr;
1108 cb(s, SSL_CB_READ_ALERT, j);
1109 }
1110
1111 if (alert_level == 1) /* warning */
1112 {
1113 s->s3->warn_alert = alert_descr;
1114 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1115 {
1116#ifndef OPENSSL_NO_SCTP
1117 /* With SCTP and streams the socket may deliver app data
1118 * after a close_notify alert. We have to check this
1119 * first so that nothing gets discarded.
1120 */
1121 if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
1122 BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
1123 {
1124 s->d1->shutdown_received = 1;
1125 s->rwstate=SSL_READING;
1126 BIO_clear_retry_flags(SSL_get_rbio(s));
1127 BIO_set_retry_read(SSL_get_rbio(s));
1128 return -1;
1129 }
1130#endif
1131 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1132 return(0);
1133 }
1134#if 0
1135 /* XXX: this is a possible improvement in the future */
1136 /* now check if it's a missing record */
1137 if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1138 {
1139 unsigned short seq;
1140 unsigned int frag_off;
1141 unsigned char *p = &(s->d1->alert_fragment[2]);
1142
1143 n2s(p, seq);
1144 n2l3(p, frag_off);
1145
1146 dtls1_retransmit_message(s,
1147 dtls1_get_queue_priority(frag->msg_header.seq, 0),
1148 frag_off, &found);
1149 if ( ! found && SSL_in_init(s))
1150 {
1151 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
1152 /* requested a message not yet sent,
1153 send an alert ourselves */
1154 ssl3_send_alert(s,SSL3_AL_WARNING,
1155 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1156 }
1157 }
1158#endif
1159 }
1160 else if (alert_level == 2) /* fatal */
1161 {
1162 char tmp[16];
1163
1164 s->rwstate=SSL_NOTHING;
1165 s->s3->fatal_alert = alert_descr;
1166 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1167 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1168 ERR_add_error_data(2,"SSL alert number ",tmp);
1169 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1170 SSL_CTX_remove_session(s->ctx,s->session);
1171 return(0);
1172 }
1173 else
1174 {
1175 al=SSL_AD_ILLEGAL_PARAMETER;
1176 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1177 goto f_err;
1178 }
1179
1180 goto start;
1181 }
1182
1183 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1184 {
1185 s->rwstate=SSL_NOTHING;
1186 rr->length=0;
1187 return(0);
1188 }
1189
1190 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1191 {
1192 struct ccs_header_st ccs_hdr;
1193 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
1194
1195 dtls1_get_ccs_header(rr->data, &ccs_hdr);
1196
1197 if (s->version == DTLS1_BAD_VER)
1198 ccs_hdr_len = 3;
1199
1200 /* 'Change Cipher Spec' is just a single byte, so we know
1201 * exactly what the record payload has to look like */
1202 /* XDTLS: check that epoch is consistent */
1203 if ( (rr->length != ccs_hdr_len) ||
1204 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
1205 {
1206 i=SSL_AD_ILLEGAL_PARAMETER;
1207 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1208 goto err;
1209 }
1210
1211 rr->length=0;
1212
1213 if (s->msg_callback)
1214 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1215 rr->data, 1, s, s->msg_callback_arg);
1216
1217 /* We can't process a CCS now, because previous handshake
1218 * messages are still missing, so just drop it.
1219 */
1220 if (!s->d1->change_cipher_spec_ok)
1221 {
1222 goto start;
1223 }
1224
1225 s->d1->change_cipher_spec_ok = 0;
1226
1227 s->s3->change_cipher_spec=1;
1228 if (!ssl3_do_change_cipher_spec(s))
1229 goto err;
1230
1231 /* do this whenever CCS is processed */
1232 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1233
1234 if (s->version == DTLS1_BAD_VER)
1235 s->d1->handshake_read_seq++;
1236
1237#ifndef OPENSSL_NO_SCTP
1238 /* Remember that a CCS has been received,
1239 * so that an old key of SCTP-Auth can be
1240 * deleted when a CCS is sent. Will be ignored
1241 * if no SCTP is used
1242 */
1243 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
1244#endif
1245
1246 goto start;
1247 }
1248
1249 /* Unexpected handshake message (Client Hello, or protocol violation) */
1250 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1251 !s->in_handshake)
1252 {
1253 struct hm_header_st msg_hdr;
1254
1255 /* this may just be a stale retransmit */
1256 dtls1_get_message_header(rr->data, &msg_hdr);
1257 if( rr->epoch != s->d1->r_epoch)
1258 {
1259 rr->length = 0;
1260 goto start;
1261 }
1262
1263 /* If we are server, we may have a repeated FINISHED of the
1264 * client here, then retransmit our CCS and FINISHED.
1265 */
1266 if (msg_hdr.type == SSL3_MT_FINISHED)
1267 {
1268 if (dtls1_check_timeout_num(s) < 0)
1269 return -1;
1270
1271 dtls1_retransmit_buffered_messages(s);
1272 rr->length = 0;
1273 goto start;
1274 }
1275
1276 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1277 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1278 {
1279#if 0 /* worked only because C operator preferences are not as expected (and
1280 * because this is not really needed for clients except for detecting
1281 * protocol violations): */
1282 s->state=SSL_ST_BEFORE|(s->server)
1283 ?SSL_ST_ACCEPT
1284 :SSL_ST_CONNECT;
1285#else
1286 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1287#endif
1288 s->renegotiate=1;
1289 s->new_session=1;
1290 }
1291 i=s->handshake_func(s);
1292 if (i < 0) return(i);
1293 if (i == 0)
1294 {
1295 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1296 return(-1);
1297 }
1298
1299 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1300 {
1301 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1302 {
1303 BIO *bio;
1304 /* In the case where we try to read application data,
1305 * but we trigger an SSL handshake, we return -1 with
1306 * the retry option set. Otherwise renegotiation may
1307 * cause nasty problems in the blocking world */
1308 s->rwstate=SSL_READING;
1309 bio=SSL_get_rbio(s);
1310 BIO_clear_retry_flags(bio);
1311 BIO_set_retry_read(bio);
1312 return(-1);
1313 }
1314 }
1315 goto start;
1316 }
1317
1318 switch (rr->type)
1319 {
1320 default:
1321#ifndef OPENSSL_NO_TLS
1322 /* TLS just ignores unknown message types */
1323 if (s->version == TLS1_VERSION)
1324 {
1325 rr->length = 0;
1326 goto start;
1327 }
1328#endif
1329 al=SSL_AD_UNEXPECTED_MESSAGE;
1330 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1331 goto f_err;
1332 case SSL3_RT_CHANGE_CIPHER_SPEC:
1333 case SSL3_RT_ALERT:
1334 case SSL3_RT_HANDSHAKE:
1335 /* we already handled all of these, with the possible exception
1336 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1337 * should not happen when type != rr->type */
1338 al=SSL_AD_UNEXPECTED_MESSAGE;
1339 SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
1340 goto f_err;
1341 case SSL3_RT_APPLICATION_DATA:
1342 /* At this point, we were expecting handshake data,
1343 * but have application data. If the library was
1344 * running inside ssl3_read() (i.e. in_read_app_data
1345 * is set) and it makes sense to read application data
1346 * at this point (session renegotiation not yet started),
1347 * we will indulge it.
1348 */
1349 if (s->s3->in_read_app_data &&
1350 (s->s3->total_renegotiations != 0) &&
1351 ((
1352 (s->state & SSL_ST_CONNECT) &&
1353 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1354 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1355 ) || (
1356 (s->state & SSL_ST_ACCEPT) &&
1357 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1358 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1359 )
1360 ))
1361 {
1362 s->s3->in_read_app_data=2;
1363 return(-1);
1364 }
1365 else
1366 {
1367 al=SSL_AD_UNEXPECTED_MESSAGE;
1368 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1369 goto f_err;
1370 }
1371 }
1372 /* not reached */
1373
1374f_err:
1375 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1376err:
1377 return(-1);
1378 }
1379
1380int
1381dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1382 {
1383 int i;
1384
1385#ifndef OPENSSL_NO_SCTP
1386 /* Check if we have to continue an interrupted handshake
1387 * for reading belated app data with SCTP.
1388 */
1389 if ((SSL_in_init(s) && !s->in_handshake) ||
1390 (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
1391 (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
1392#else
1393 if (SSL_in_init(s) && !s->in_handshake)
1394#endif
1395 {
1396 i=s->handshake_func(s);
1397 if (i < 0) return(i);
1398 if (i == 0)
1399 {
1400 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1401 return -1;
1402 }
1403 }
1404
1405 if (len > SSL3_RT_MAX_PLAIN_LENGTH)
1406 {
1407 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG);
1408 return -1;
1409 }
1410
1411 i = dtls1_write_bytes(s, type, buf_, len);
1412 return i;
1413 }
1414
1415
1416 /* this only happens when a client hello is received and a handshake
1417 * is started. */
1418static int
1419have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1420 int len, int peek)
1421 {
1422
1423 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1424 /* (partially) satisfy request from storage */
1425 {
1426 unsigned char *src = s->d1->handshake_fragment;
1427 unsigned char *dst = buf;
1428 unsigned int k,n;
1429
1430 /* peek == 0 */
1431 n = 0;
1432 while ((len > 0) && (s->d1->handshake_fragment_len > 0))
1433 {
1434 *dst++ = *src++;
1435 len--; s->d1->handshake_fragment_len--;
1436 n++;
1437 }
1438 /* move any remaining fragment bytes: */
1439 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1440 s->d1->handshake_fragment[k] = *src++;
1441 return n;
1442 }
1443
1444 return 0;
1445 }
1446
1447
1448
1449
1450/* Call this to write data in records of type 'type'
1451 * It will return <= 0 if not all data has been sent or non-blocking IO.
1452 */
1453int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1454 {
1455 int i;
1456
1457 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1458 s->rwstate=SSL_NOTHING;
1459 i=do_dtls1_write(s, type, buf, len, 0);
1460 return i;
1461 }
1462
1463int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
1464 {
1465 unsigned char *p,*pseq;
1466 int i,mac_size,clear=0;
1467 int prefix_len = 0;
1468 SSL3_RECORD *wr;
1469 SSL3_BUFFER *wb;
1470 SSL_SESSION *sess;
1471 int bs;
1472
1473 /* first check if there is a SSL3_BUFFER still being written
1474 * out. This will happen with non blocking IO */
1475 if (s->s3->wbuf.left != 0)
1476 {
1477 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1478 return(ssl3_write_pending(s,type,buf,len));
1479 }
1480
1481 /* If we have an alert to send, lets send it */
1482 if (s->s3->alert_dispatch)
1483 {
1484 i=s->method->ssl_dispatch_alert(s);
1485 if (i <= 0)
1486 return(i);
1487 /* if it went, fall through and send more stuff */
1488 }
1489
1490 if (len == 0 && !create_empty_fragment)
1491 return 0;
1492
1493 wr= &(s->s3->wrec);
1494 wb= &(s->s3->wbuf);
1495 sess=s->session;
1496
1497 if ( (sess == NULL) ||
1498 (s->enc_write_ctx == NULL) ||
1499 (EVP_MD_CTX_md(s->write_hash) == NULL))
1500 clear=1;
1501
1502 if (clear)
1503 mac_size=0;
1504 else
1505 {
1506 mac_size=EVP_MD_CTX_size(s->write_hash);
1507 if (mac_size < 0)
1508 goto err;
1509 }
1510
1511 /* DTLS implements explicit IV, so no need for empty fragments */
1512#if 0
1513 /* 'create_empty_fragment' is true only when this function calls itself */
1514 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
1515 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
1516 {
1517 /* countermeasure against known-IV weakness in CBC ciphersuites
1518 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
1519 */
1520
1521 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
1522 {
1523 /* recursive function call with 'create_empty_fragment' set;
1524 * this prepares and buffers the data for an empty fragment
1525 * (these 'prefix_len' bytes are sent out later
1526 * together with the actual payload) */
1527 prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
1528 if (prefix_len <= 0)
1529 goto err;
1530
1531 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
1532 {
1533 /* insufficient space */
1534 SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
1535 goto err;
1536 }
1537 }
1538
1539 s->s3->empty_fragment_done = 1;
1540 }
1541#endif
1542 p = wb->buf + prefix_len;
1543
1544 /* write the header */
1545
1546 *(p++)=type&0xff;
1547 wr->type=type;
1548
1549 *(p++)=(s->version>>8);
1550 *(p++)=s->version&0xff;
1551
1552 /* field where we are to write out packet epoch, seq num and len */
1553 pseq=p;
1554 p+=10;
1555
1556 /* lets setup the record stuff. */
1557
1558 /* Make space for the explicit IV in case of CBC.
1559 * (this is a bit of a boundary violation, but what the heck).
1560 */
1561 if ( s->enc_write_ctx &&
1562 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1563 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1564 else
1565 bs = 0;
1566
1567 wr->data=p + bs; /* make room for IV in case of CBC */
1568 wr->length=(int)len;
1569 wr->input=(unsigned char *)buf;
1570
1571 /* we now 'read' from wr->input, wr->length bytes into
1572 * wr->data */
1573
1574 /* first we compress */
1575 if (s->compress != NULL)
1576 {
1577 if (!ssl3_do_compress(s))
1578 {
1579 SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
1580 goto err;
1581 }
1582 }
1583 else
1584 {
1585 memcpy(wr->data,wr->input,wr->length);
1586 wr->input=wr->data;
1587 }
1588
1589 /* we should still have the output to wr->data and the input
1590 * from wr->input. Length should be wr->length.
1591 * wr->data still points in the wb->buf */
1592
1593 if (mac_size != 0)
1594 {
1595 if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1596 goto err;
1597 wr->length+=mac_size;
1598 }
1599
1600 /* this is true regardless of mac size */
1601 wr->input=p;
1602 wr->data=p;
1603
1604
1605 /* ssl3_enc can only have an error on read */
1606 if (bs) /* bs != 0 in case of CBC */
1607 {
1608 RAND_pseudo_bytes(p,bs);
1609 /* master IV and last CBC residue stand for
1610 * the rest of randomness */
1611 wr->length += bs;
1612 }
1613
1614 s->method->ssl3_enc->enc(s,1);
1615
1616 /* record length after mac and block padding */
1617/* if (type == SSL3_RT_APPLICATION_DATA ||
1618 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1619
1620 /* there's only one epoch between handshake and app data */
1621
1622 s2n(s->d1->w_epoch, pseq);
1623
1624 /* XDTLS: ?? */
1625/* else
1626 s2n(s->d1->handshake_epoch, pseq); */
1627
1628 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1629 pseq+=6;
1630 s2n(wr->length,pseq);
1631
1632 /* we should now have
1633 * wr->data pointing to the encrypted data, which is
1634 * wr->length long */
1635 wr->type=type; /* not needed but helps for debugging */
1636 wr->length+=DTLS1_RT_HEADER_LENGTH;
1637
1638#if 0 /* this is now done at the message layer */
1639 /* buffer the record, making it easy to handle retransmits */
1640 if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
1641 dtls1_buffer_record(s, wr->data, wr->length,
1642 *((PQ_64BIT *)&(s->s3->write_sequence[0])));
1643#endif
1644
1645 ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
1646
1647 if (create_empty_fragment)
1648 {
1649 /* we are in a recursive call;
1650 * just return the length, don't write out anything here
1651 */
1652 return wr->length;
1653 }
1654
1655 /* now let's set up wb */
1656 wb->left = prefix_len + wr->length;
1657 wb->offset = 0;
1658
1659 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1660 s->s3->wpend_tot=len;
1661 s->s3->wpend_buf=buf;
1662 s->s3->wpend_type=type;
1663 s->s3->wpend_ret=len;
1664
1665 /* we now just need to write the buffer */
1666 return ssl3_write_pending(s,type,buf,len);
1667err:
1668 return -1;
1669 }
1670
1671
1672
1673static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1674 {
1675 int cmp;
1676 unsigned int shift;
1677 const unsigned char *seq = s->s3->read_sequence;
1678
1679 cmp = satsub64be(seq,bitmap->max_seq_num);
1680 if (cmp > 0)
1681 {
1682 memcpy (s->s3->rrec.seq_num,seq,8);
1683 return 1; /* this record in new */
1684 }
1685 shift = -cmp;
1686 if (shift >= sizeof(bitmap->map)*8)
1687 return 0; /* stale, outside the window */
1688 else if (bitmap->map & (1UL<<shift))
1689 return 0; /* record previously received */
1690
1691 memcpy (s->s3->rrec.seq_num,seq,8);
1692 return 1;
1693 }
1694
1695
1696static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1697 {
1698 int cmp;
1699 unsigned int shift;
1700 const unsigned char *seq = s->s3->read_sequence;
1701
1702 cmp = satsub64be(seq,bitmap->max_seq_num);
1703 if (cmp > 0)
1704 {
1705 shift = cmp;
1706 if (shift < sizeof(bitmap->map)*8)
1707 bitmap->map <<= shift, bitmap->map |= 1UL;
1708 else
1709 bitmap->map = 1UL;
1710 memcpy(bitmap->max_seq_num,seq,8);
1711 }
1712 else {
1713 shift = -cmp;
1714 if (shift < sizeof(bitmap->map)*8)
1715 bitmap->map |= 1UL<<shift;
1716 }
1717 }
1718
1719
1720int dtls1_dispatch_alert(SSL *s)
1721 {
1722 int i,j;
1723 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1724 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1725 unsigned char *ptr = &buf[0];
1726
1727 s->s3->alert_dispatch=0;
1728
1729 memset(buf, 0x00, sizeof(buf));
1730 *ptr++ = s->s3->send_alert[0];
1731 *ptr++ = s->s3->send_alert[1];
1732
1733#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1734 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1735 {
1736 s2n(s->d1->handshake_read_seq, ptr);
1737#if 0
1738 if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
1739
1740 else
1741 s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
1742#endif
1743
1744#if 0
1745 fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
1746#endif
1747 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1748 }
1749#endif
1750
1751 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1752 if (i <= 0)
1753 {
1754 s->s3->alert_dispatch=1;
1755 /* fprintf( stderr, "not done with alert\n" ); */
1756 }
1757 else
1758 {
1759 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1760#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1761 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1762#endif
1763 )
1764 (void)BIO_flush(s->wbio);
1765
1766 if (s->msg_callback)
1767 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
1768 2, s, s->msg_callback_arg);
1769
1770 if (s->info_callback != NULL)
1771 cb=s->info_callback;
1772 else if (s->ctx->info_callback != NULL)
1773 cb=s->ctx->info_callback;
1774
1775 if (cb != NULL)
1776 {
1777 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1778 cb(s,SSL_CB_WRITE_ALERT,j);
1779 }
1780 }
1781 return(i);
1782 }
1783
1784
1785static DTLS1_BITMAP *
1786dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1787 {
1788
1789 *is_next_epoch = 0;
1790
1791 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1792 if (rr->epoch == s->d1->r_epoch)
1793 return &s->d1->bitmap;
1794
1795 /* Only HM and ALERT messages can be from the next epoch */
1796 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1797 (rr->type == SSL3_RT_HANDSHAKE ||
1798 rr->type == SSL3_RT_ALERT))
1799 {
1800 *is_next_epoch = 1;
1801 return &s->d1->next_bitmap;
1802 }
1803
1804 return NULL;
1805 }
1806
1807#if 0
1808static int
1809dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
1810 unsigned long *offset)
1811 {
1812
1813 /* alerts are passed up immediately */
1814 if ( rr->type == SSL3_RT_APPLICATION_DATA ||
1815 rr->type == SSL3_RT_ALERT)
1816 return 0;
1817
1818 /* Only need to buffer if a handshake is underway.
1819 * (this implies that Hello Request and Client Hello are passed up
1820 * immediately) */
1821 if ( SSL_in_init(s))
1822 {
1823 unsigned char *data = rr->data;
1824 /* need to extract the HM/CCS sequence number here */
1825 if ( rr->type == SSL3_RT_HANDSHAKE ||
1826 rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1827 {
1828 unsigned short seq_num;
1829 struct hm_header_st msg_hdr;
1830 struct ccs_header_st ccs_hdr;
1831
1832 if ( rr->type == SSL3_RT_HANDSHAKE)
1833 {
1834 dtls1_get_message_header(data, &msg_hdr);
1835 seq_num = msg_hdr.seq;
1836 *offset = msg_hdr.frag_off;
1837 }
1838 else
1839 {
1840 dtls1_get_ccs_header(data, &ccs_hdr);
1841 seq_num = ccs_hdr.seq;
1842 *offset = 0;
1843 }
1844
1845 /* this is either a record we're waiting for, or a
1846 * retransmit of something we happened to previously
1847 * receive (higher layers will drop the repeat silently */
1848 if ( seq_num < s->d1->handshake_read_seq)
1849 return 0;
1850 if (rr->type == SSL3_RT_HANDSHAKE &&
1851 seq_num == s->d1->handshake_read_seq &&
1852 msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
1853 return 0;
1854 else if ( seq_num == s->d1->handshake_read_seq &&
1855 (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
1856 msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
1857 return 0;
1858 else
1859 {
1860 *priority = seq_num;
1861 return 1;
1862 }
1863 }
1864 else /* unknown record type */
1865 return 0;
1866 }
1867
1868 return 0;
1869 }
1870#endif
1871
1872void
1873dtls1_reset_seq_numbers(SSL *s, int rw)
1874 {
1875 unsigned char *seq;
1876 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1877
1878 if ( rw & SSL3_CC_READ)
1879 {
1880 seq = s->s3->read_sequence;
1881 s->d1->r_epoch++;
1882 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1883 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1884 }
1885 else
1886 {
1887 seq = s->s3->write_sequence;
1888 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1889 s->d1->w_epoch++;
1890 }
1891
1892 memset(seq, 0x00, seq_bytes);
1893 }
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
deleted file mode 100644
index 928935bd8b..0000000000
--- a/src/lib/libssl/d1_srtp.c
+++ /dev/null
@@ -1,493 +0,0 @@
1/* ssl/t1_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/*
112 DTLS code by Eric Rescorla <ekr@rtfm.com>
113
114 Copyright (C) 2006, Network Resonance, Inc.
115 Copyright (C) 2011, RTFM, Inc.
116*/
117
118#ifndef OPENSSL_NO_SRTP
119
120#include <stdio.h>
121#include <openssl/objects.h>
122#include "ssl_locl.h"
123#include "srtp.h"
124
125
126static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
127 {
128 {
129 "SRTP_AES128_CM_SHA1_80",
130 SRTP_AES128_CM_SHA1_80,
131 },
132 {
133 "SRTP_AES128_CM_SHA1_32",
134 SRTP_AES128_CM_SHA1_32,
135 },
136#if 0
137 {
138 "SRTP_NULL_SHA1_80",
139 SRTP_NULL_SHA1_80,
140 },
141 {
142 "SRTP_NULL_SHA1_32",
143 SRTP_NULL_SHA1_32,
144 },
145#endif
146 {0}
147 };
148
149static int find_profile_by_name(char *profile_name,
150 SRTP_PROTECTION_PROFILE **pptr,unsigned len)
151 {
152 SRTP_PROTECTION_PROFILE *p;
153
154 p=srtp_known_profiles;
155 while(p->name)
156 {
157 if((len == strlen(p->name)) && !strncmp(p->name,profile_name,
158 len))
159 {
160 *pptr=p;
161 return 0;
162 }
163
164 p++;
165 }
166
167 return 1;
168 }
169
170static int find_profile_by_num(unsigned profile_num,
171 SRTP_PROTECTION_PROFILE **pptr)
172 {
173 SRTP_PROTECTION_PROFILE *p;
174
175 p=srtp_known_profiles;
176 while(p->name)
177 {
178 if(p->id == profile_num)
179 {
180 *pptr=p;
181 return 0;
182 }
183 p++;
184 }
185
186 return 1;
187 }
188
189static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out)
190 {
191 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
192
193 char *col;
194 char *ptr=(char *)profiles_string;
195
196 SRTP_PROTECTION_PROFILE *p;
197
198 if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null()))
199 {
200 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
201 return 1;
202 }
203
204 do
205 {
206 col=strchr(ptr,':');
207
208 if(!find_profile_by_name(ptr,&p,
209 col ? col-ptr : (int)strlen(ptr)))
210 {
211 sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
212 }
213 else
214 {
215 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
216 return 1;
217 }
218
219 if(col) ptr=col+1;
220 } while (col);
221
222 *out=profiles;
223
224 return 0;
225 }
226
227int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles)
228 {
229 return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
230 }
231
232int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles)
233 {
234 return ssl_ctx_make_profiles(profiles,&s->srtp_profiles);
235 }
236
237
238STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
239 {
240 if(s != NULL)
241 {
242 if(s->srtp_profiles != NULL)
243 {
244 return s->srtp_profiles;
245 }
246 else if((s->ctx != NULL) &&
247 (s->ctx->srtp_profiles != NULL))
248 {
249 return s->ctx->srtp_profiles;
250 }
251 }
252
253 return NULL;
254 }
255
256SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
257 {
258 return s->srtp_profile;
259 }
260
261/* Note: this function returns 0 length if there are no
262 profiles specified */
263int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
264 {
265 int ct=0;
266 int i;
267 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0;
268 SRTP_PROTECTION_PROFILE *prof;
269
270 clnt=SSL_get_srtp_profiles(s);
271 ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
272
273 if(p)
274 {
275 if(ct==0)
276 {
277 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
278 return 1;
279 }
280
281 if((2 + ct*2 + 1) > maxlen)
282 {
283 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
284 return 1;
285 }
286
287 /* Add the length */
288 s2n(ct * 2, p);
289 for(i=0;i<ct;i++)
290 {
291 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
292 s2n(prof->id,p);
293 }
294
295 /* Add an empty use_mki value */
296 *p++ = 0;
297 }
298
299 *len=2 + ct*2 + 1;
300
301 return 0;
302 }
303
304
305int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
306 {
307 SRTP_PROTECTION_PROFILE *cprof,*sprof;
308 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr;
309 int ct;
310 int mki_len;
311 int i,j;
312 int id;
313 int ret;
314
315 /* Length value + the MKI length */
316 if(len < 3)
317 {
318 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
319 *al=SSL_AD_DECODE_ERROR;
320 return 1;
321 }
322
323 /* Pull off the length of the cipher suite list */
324 n2s(d, ct);
325 len -= 2;
326
327 /* Check that it is even */
328 if(ct%2)
329 {
330 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
331 *al=SSL_AD_DECODE_ERROR;
332 return 1;
333 }
334
335 /* Check that lengths are consistent */
336 if(len < (ct + 1))
337 {
338 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
339 *al=SSL_AD_DECODE_ERROR;
340 return 1;
341 }
342
343
344 clnt=sk_SRTP_PROTECTION_PROFILE_new_null();
345
346 while(ct)
347 {
348 n2s(d,id);
349 ct-=2;
350 len-=2;
351
352 if(!find_profile_by_num(id,&cprof))
353 {
354 sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof);
355 }
356 else
357 {
358 ; /* Ignore */
359 }
360 }
361
362 /* Now extract the MKI value as a sanity check, but discard it for now */
363 mki_len = *d;
364 d++; len--;
365
366 if (mki_len != len)
367 {
368 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
369 *al=SSL_AD_DECODE_ERROR;
370 return 1;
371 }
372
373 srvr=SSL_get_srtp_profiles(s);
374
375 /* Pick our most preferred profile. If no profiles have been
376 configured then the outer loop doesn't run
377 (sk_SRTP_PROTECTION_PROFILE_num() = -1)
378 and so we just return without doing anything */
379 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(srvr);i++)
380 {
381 sprof=sk_SRTP_PROTECTION_PROFILE_value(srvr,i);
382
383 for(j=0;j<sk_SRTP_PROTECTION_PROFILE_num(clnt);j++)
384 {
385 cprof=sk_SRTP_PROTECTION_PROFILE_value(clnt,j);
386
387 if(cprof->id==sprof->id)
388 {
389 s->srtp_profile=sprof;
390 *al=0;
391 ret=0;
392 goto done;
393 }
394 }
395 }
396
397 ret=0;
398
399done:
400 if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt);
401
402 return ret;
403 }
404
405int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
406 {
407 if(p)
408 {
409 if(maxlen < 5)
410 {
411 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
412 return 1;
413 }
414
415 if(s->srtp_profile==0)
416 {
417 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED);
418 return 1;
419 }
420 s2n(2, p);
421 s2n(s->srtp_profile->id,p);
422 *p++ = 0;
423 }
424 *len=5;
425
426 return 0;
427 }
428
429
430int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
431 {
432 unsigned id;
433 int i;
434 int ct;
435
436 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
437 SRTP_PROTECTION_PROFILE *prof;
438
439 if(len!=5)
440 {
441 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
442 *al=SSL_AD_DECODE_ERROR;
443 return 1;
444 }
445
446 n2s(d, ct);
447 if(ct!=2)
448 {
449 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
450 *al=SSL_AD_DECODE_ERROR;
451 return 1;
452 }
453
454 n2s(d,id);
455 if (*d) /* Must be no MKI, since we never offer one */
456 {
457 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
458 *al=SSL_AD_ILLEGAL_PARAMETER;
459 return 1;
460 }
461
462 clnt=SSL_get_srtp_profiles(s);
463
464 /* Throw an error if the server gave us an unsolicited extension */
465 if (clnt == NULL)
466 {
467 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES);
468 *al=SSL_AD_DECODE_ERROR;
469 return 1;
470 }
471
472 /* Check to see if the server gave us something we support
473 (and presumably offered)
474 */
475 for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++)
476 {
477 prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
478
479 if(prof->id == id)
480 {
481 s->srtp_profile=prof;
482 *al=0;
483 return 0;
484 }
485 }
486
487 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
488 *al=SSL_AD_DECODE_ERROR;
489 return 1;
490 }
491
492
493#endif
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
deleted file mode 100644
index 29421da9aa..0000000000
--- a/src/lib/libssl/d1_srvr.c
+++ /dev/null
@@ -1,1711 +0,0 @@
1/* ssl/d1_srvr.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117#include "ssl_locl.h"
118#include <openssl/buffer.h>
119#include <openssl/rand.h>
120#include <openssl/objects.h>
121#include <openssl/evp.h>
122#include <openssl/x509.h>
123#include <openssl/md5.h>
124#include <openssl/bn.h>
125#ifndef OPENSSL_NO_DH
126#include <openssl/dh.h>
127#endif
128
129static const SSL_METHOD *dtls1_get_server_method(int ver);
130static int dtls1_send_hello_verify_request(SSL *s);
131
132static const SSL_METHOD *dtls1_get_server_method(int ver)
133 {
134 if (ver == DTLS1_VERSION)
135 return(DTLSv1_server_method());
136 else
137 return(NULL);
138 }
139
140IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
141 dtls1_accept,
142 ssl_undefined_function,
143 dtls1_get_server_method)
144
145int dtls1_accept(SSL *s)
146 {
147 BUF_MEM *buf;
148 unsigned long Time=(unsigned long)time(NULL);
149 void (*cb)(const SSL *ssl,int type,int val)=NULL;
150 unsigned long alg_k;
151 int ret= -1;
152 int new_state,state,skip=0;
153 int listen;
154#ifndef OPENSSL_NO_SCTP
155 unsigned char sctpauthkey[64];
156 char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
157#endif
158
159 RAND_add(&Time,sizeof(Time),0);
160 ERR_clear_error();
161 clear_sys_error();
162
163 if (s->info_callback != NULL)
164 cb=s->info_callback;
165 else if (s->ctx->info_callback != NULL)
166 cb=s->ctx->info_callback;
167
168 listen = s->d1->listen;
169
170 /* init things to blank */
171 s->in_handshake++;
172 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
173
174 s->d1->listen = listen;
175#ifndef OPENSSL_NO_SCTP
176 /* Notify SCTP BIO socket to enter handshake
177 * mode and prevent stream identifier other
178 * than 0. Will be ignored if no SCTP is used.
179 */
180 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
181#endif
182
183 if (s->cert == NULL)
184 {
185 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
186 return(-1);
187 }
188
189#ifndef OPENSSL_NO_HEARTBEATS
190 /* If we're awaiting a HeartbeatResponse, pretend we
191 * already got and don't await it anymore, because
192 * Heartbeats don't make sense during handshakes anyway.
193 */
194 if (s->tlsext_hb_pending)
195 {
196 dtls1_stop_timer(s);
197 s->tlsext_hb_pending = 0;
198 s->tlsext_hb_seq++;
199 }
200#endif
201
202 for (;;)
203 {
204 state=s->state;
205
206 switch (s->state)
207 {
208 case SSL_ST_RENEGOTIATE:
209 s->renegotiate=1;
210 /* s->state=SSL_ST_ACCEPT; */
211
212 case SSL_ST_BEFORE:
213 case SSL_ST_ACCEPT:
214 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
215 case SSL_ST_OK|SSL_ST_ACCEPT:
216
217 s->server=1;
218 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
219
220 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
221 {
222 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
223 return -1;
224 }
225 s->type=SSL_ST_ACCEPT;
226
227 if (s->init_buf == NULL)
228 {
229 if ((buf=BUF_MEM_new()) == NULL)
230 {
231 ret= -1;
232 goto end;
233 }
234 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
235 {
236 ret= -1;
237 goto end;
238 }
239 s->init_buf=buf;
240 }
241
242 if (!ssl3_setup_buffers(s))
243 {
244 ret= -1;
245 goto end;
246 }
247
248 s->init_num=0;
249
250 if (s->state != SSL_ST_RENEGOTIATE)
251 {
252 /* Ok, we now need to push on a buffering BIO so that
253 * the output is sent in a way that TCP likes :-)
254 * ...but not with SCTP :-)
255 */
256#ifndef OPENSSL_NO_SCTP
257 if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
258#endif
259 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
260
261 ssl3_init_finished_mac(s);
262 s->state=SSL3_ST_SR_CLNT_HELLO_A;
263 s->ctx->stats.sess_accept++;
264 }
265 else
266 {
267 /* s->state == SSL_ST_RENEGOTIATE,
268 * we will just send a HelloRequest */
269 s->ctx->stats.sess_accept_renegotiate++;
270 s->state=SSL3_ST_SW_HELLO_REQ_A;
271 }
272
273 break;
274
275 case SSL3_ST_SW_HELLO_REQ_A:
276 case SSL3_ST_SW_HELLO_REQ_B:
277
278 s->shutdown=0;
279 dtls1_start_timer(s);
280 ret=dtls1_send_hello_request(s);
281 if (ret <= 0) goto end;
282 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
283 s->state=SSL3_ST_SW_FLUSH;
284 s->init_num=0;
285
286 ssl3_init_finished_mac(s);
287 break;
288
289 case SSL3_ST_SW_HELLO_REQ_C:
290 s->state=SSL_ST_OK;
291 break;
292
293 case SSL3_ST_SR_CLNT_HELLO_A:
294 case SSL3_ST_SR_CLNT_HELLO_B:
295 case SSL3_ST_SR_CLNT_HELLO_C:
296
297 s->shutdown=0;
298 ret=ssl3_get_client_hello(s);
299 if (ret <= 0) goto end;
300 dtls1_stop_timer(s);
301
302 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
303 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
304 else
305 s->state = SSL3_ST_SW_SRVR_HELLO_A;
306
307 s->init_num=0;
308
309 /* Reflect ClientHello sequence to remain stateless while listening */
310 if (listen)
311 {
312 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
313 }
314
315 /* If we're just listening, stop here */
316 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
317 {
318 ret = 2;
319 s->d1->listen = 0;
320 /* Set expected sequence numbers
321 * to continue the handshake.
322 */
323 s->d1->handshake_read_seq = 2;
324 s->d1->handshake_write_seq = 1;
325 s->d1->next_handshake_write_seq = 1;
326 goto end;
327 }
328
329 break;
330
331 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
332 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
333
334 ret = dtls1_send_hello_verify_request(s);
335 if ( ret <= 0) goto end;
336 s->state=SSL3_ST_SW_FLUSH;
337 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
338
339 /* HelloVerifyRequest resets Finished MAC */
340 if (s->version != DTLS1_BAD_VER)
341 ssl3_init_finished_mac(s);
342 break;
343
344#ifndef OPENSSL_NO_SCTP
345 case DTLS1_SCTP_ST_SR_READ_SOCK:
346
347 if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
348 {
349 s->s3->in_read_app_data=2;
350 s->rwstate=SSL_READING;
351 BIO_clear_retry_flags(SSL_get_rbio(s));
352 BIO_set_retry_read(SSL_get_rbio(s));
353 ret = -1;
354 goto end;
355 }
356
357 s->state=SSL3_ST_SR_FINISHED_A;
358 break;
359
360 case DTLS1_SCTP_ST_SW_WRITE_SOCK:
361 ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
362 if (ret < 0) goto end;
363
364 if (ret == 0)
365 {
366 if (s->d1->next_state != SSL_ST_OK)
367 {
368 s->s3->in_read_app_data=2;
369 s->rwstate=SSL_READING;
370 BIO_clear_retry_flags(SSL_get_rbio(s));
371 BIO_set_retry_read(SSL_get_rbio(s));
372 ret = -1;
373 goto end;
374 }
375 }
376
377 s->state=s->d1->next_state;
378 break;
379#endif
380
381 case SSL3_ST_SW_SRVR_HELLO_A:
382 case SSL3_ST_SW_SRVR_HELLO_B:
383 s->renegotiate = 2;
384 dtls1_start_timer(s);
385 ret=dtls1_send_server_hello(s);
386 if (ret <= 0) goto end;
387
388 if (s->hit)
389 {
390#ifndef OPENSSL_NO_SCTP
391 /* Add new shared key for SCTP-Auth,
392 * will be ignored if no SCTP used.
393 */
394 snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
395 DTLS1_SCTP_AUTH_LABEL);
396
397 SSL_export_keying_material(s, sctpauthkey,
398 sizeof(sctpauthkey), labelbuffer,
399 sizeof(labelbuffer), NULL, 0, 0);
400
401 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
402 sizeof(sctpauthkey), sctpauthkey);
403#endif
404#ifndef OPENSSL_NO_TLSEXT
405 if (s->tlsext_ticket_expected)
406 s->state=SSL3_ST_SW_SESSION_TICKET_A;
407 else
408 s->state=SSL3_ST_SW_CHANGE_A;
409#else
410 s->state=SSL3_ST_SW_CHANGE_A;
411#endif
412 }
413 else
414 s->state=SSL3_ST_SW_CERT_A;
415 s->init_num=0;
416 break;
417
418 case SSL3_ST_SW_CERT_A:
419 case SSL3_ST_SW_CERT_B:
420 /* Check if it is anon DH or normal PSK */
421 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
422 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
423 {
424 dtls1_start_timer(s);
425 ret=dtls1_send_server_certificate(s);
426 if (ret <= 0) goto end;
427#ifndef OPENSSL_NO_TLSEXT
428 if (s->tlsext_status_expected)
429 s->state=SSL3_ST_SW_CERT_STATUS_A;
430 else
431 s->state=SSL3_ST_SW_KEY_EXCH_A;
432 }
433 else
434 {
435 skip = 1;
436 s->state=SSL3_ST_SW_KEY_EXCH_A;
437 }
438#else
439 }
440 else
441 skip=1;
442
443 s->state=SSL3_ST_SW_KEY_EXCH_A;
444#endif
445 s->init_num=0;
446 break;
447
448 case SSL3_ST_SW_KEY_EXCH_A:
449 case SSL3_ST_SW_KEY_EXCH_B:
450 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
451
452 /* clear this, it may get reset by
453 * send_server_key_exchange */
454 if ((s->options & SSL_OP_EPHEMERAL_RSA)
455#ifndef OPENSSL_NO_KRB5
456 && !(alg_k & SSL_kKRB5)
457#endif /* OPENSSL_NO_KRB5 */
458 )
459 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
460 * even when forbidden by protocol specs
461 * (handshake may fail as clients are not required to
462 * be able to handle this) */
463 s->s3->tmp.use_rsa_tmp=1;
464 else
465 s->s3->tmp.use_rsa_tmp=0;
466
467 /* only send if a DH key exchange or
468 * RSA but we have a sign only certificate */
469 if (s->s3->tmp.use_rsa_tmp
470 /* PSK: send ServerKeyExchange if PSK identity
471 * hint if provided */
472#ifndef OPENSSL_NO_PSK
473 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
474#endif
475 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
476 || (alg_k & SSL_kEECDH)
477 || ((alg_k & SSL_kRSA)
478 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
479 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
480 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
481 )
482 )
483 )
484 )
485 {
486 dtls1_start_timer(s);
487 ret=dtls1_send_server_key_exchange(s);
488 if (ret <= 0) goto end;
489 }
490 else
491 skip=1;
492
493 s->state=SSL3_ST_SW_CERT_REQ_A;
494 s->init_num=0;
495 break;
496
497 case SSL3_ST_SW_CERT_REQ_A:
498 case SSL3_ST_SW_CERT_REQ_B:
499 if (/* don't request cert unless asked for it: */
500 !(s->verify_mode & SSL_VERIFY_PEER) ||
501 /* if SSL_VERIFY_CLIENT_ONCE is set,
502 * don't request cert during re-negotiation: */
503 ((s->session->peer != NULL) &&
504 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
505 /* never request cert in anonymous ciphersuites
506 * (see section "Certificate request" in SSL 3 drafts
507 * and in RFC 2246): */
508 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
509 /* ... except when the application insists on verification
510 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
511 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
512 /* never request cert in Kerberos ciphersuites */
513 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
514 /* With normal PSK Certificates and
515 * Certificate Requests are omitted */
516 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
517 {
518 /* no cert request */
519 skip=1;
520 s->s3->tmp.cert_request=0;
521 s->state=SSL3_ST_SW_SRVR_DONE_A;
522#ifndef OPENSSL_NO_SCTP
523 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
524 {
525 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
526 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
527 }
528#endif
529 }
530 else
531 {
532 s->s3->tmp.cert_request=1;
533 dtls1_start_timer(s);
534 ret=dtls1_send_certificate_request(s);
535 if (ret <= 0) goto end;
536#ifndef NETSCAPE_HANG_BUG
537 s->state=SSL3_ST_SW_SRVR_DONE_A;
538#ifndef OPENSSL_NO_SCTP
539 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
540 {
541 s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
542 s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
543 }
544#endif
545#else
546 s->state=SSL3_ST_SW_FLUSH;
547 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
548#ifndef OPENSSL_NO_SCTP
549 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
550 {
551 s->d1->next_state = s->s3->tmp.next_state;
552 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
553 }
554#endif
555#endif
556 s->init_num=0;
557 }
558 break;
559
560 case SSL3_ST_SW_SRVR_DONE_A:
561 case SSL3_ST_SW_SRVR_DONE_B:
562 dtls1_start_timer(s);
563 ret=dtls1_send_server_done(s);
564 if (ret <= 0) goto end;
565 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
566 s->state=SSL3_ST_SW_FLUSH;
567 s->init_num=0;
568 break;
569
570 case SSL3_ST_SW_FLUSH:
571 s->rwstate=SSL_WRITING;
572 if (BIO_flush(s->wbio) <= 0)
573 {
574 /* If the write error was fatal, stop trying */
575 if (!BIO_should_retry(s->wbio))
576 {
577 s->rwstate=SSL_NOTHING;
578 s->state=s->s3->tmp.next_state;
579 }
580
581 ret= -1;
582 goto end;
583 }
584 s->rwstate=SSL_NOTHING;
585 s->state=s->s3->tmp.next_state;
586 break;
587
588 case SSL3_ST_SR_CERT_A:
589 case SSL3_ST_SR_CERT_B:
590 /* Check for second client hello (MS SGC) */
591 ret = ssl3_check_client_hello(s);
592 if (ret <= 0)
593 goto end;
594 if (ret == 2)
595 {
596 dtls1_stop_timer(s);
597 s->state = SSL3_ST_SR_CLNT_HELLO_C;
598 }
599 else {
600 /* could be sent for a DH cert, even if we
601 * have not asked for it :-) */
602 ret=ssl3_get_client_certificate(s);
603 if (ret <= 0) goto end;
604 s->init_num=0;
605 s->state=SSL3_ST_SR_KEY_EXCH_A;
606 }
607 break;
608
609 case SSL3_ST_SR_KEY_EXCH_A:
610 case SSL3_ST_SR_KEY_EXCH_B:
611 ret=ssl3_get_client_key_exchange(s);
612 if (ret <= 0) goto end;
613#ifndef OPENSSL_NO_SCTP
614 /* Add new shared key for SCTP-Auth,
615 * will be ignored if no SCTP used.
616 */
617 snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
618 DTLS1_SCTP_AUTH_LABEL);
619
620 SSL_export_keying_material(s, sctpauthkey,
621 sizeof(sctpauthkey), labelbuffer,
622 sizeof(labelbuffer), NULL, 0, 0);
623
624 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
625 sizeof(sctpauthkey), sctpauthkey);
626#endif
627
628 s->state=SSL3_ST_SR_CERT_VRFY_A;
629 s->init_num=0;
630
631 if (ret == 2)
632 {
633 /* For the ECDH ciphersuites when
634 * the client sends its ECDH pub key in
635 * a certificate, the CertificateVerify
636 * message is not sent.
637 */
638 s->state=SSL3_ST_SR_FINISHED_A;
639 s->init_num = 0;
640 }
641 else
642 {
643 s->state=SSL3_ST_SR_CERT_VRFY_A;
644 s->init_num=0;
645
646 /* We need to get hashes here so if there is
647 * a client cert, it can be verified */
648 s->method->ssl3_enc->cert_verify_mac(s,
649 NID_md5,
650 &(s->s3->tmp.cert_verify_md[0]));
651 s->method->ssl3_enc->cert_verify_mac(s,
652 NID_sha1,
653 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
654 }
655 break;
656
657 case SSL3_ST_SR_CERT_VRFY_A:
658 case SSL3_ST_SR_CERT_VRFY_B:
659
660 s->d1->change_cipher_spec_ok = 1;
661 /* we should decide if we expected this one */
662 ret=ssl3_get_cert_verify(s);
663 if (ret <= 0) goto end;
664#ifndef OPENSSL_NO_SCTP
665 if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
666 state == SSL_ST_RENEGOTIATE)
667 s->state=DTLS1_SCTP_ST_SR_READ_SOCK;
668 else
669#endif
670 s->state=SSL3_ST_SR_FINISHED_A;
671 s->init_num=0;
672 break;
673
674 case SSL3_ST_SR_FINISHED_A:
675 case SSL3_ST_SR_FINISHED_B:
676 s->d1->change_cipher_spec_ok = 1;
677 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
678 SSL3_ST_SR_FINISHED_B);
679 if (ret <= 0) goto end;
680 dtls1_stop_timer(s);
681 if (s->hit)
682 s->state=SSL_ST_OK;
683#ifndef OPENSSL_NO_TLSEXT
684 else if (s->tlsext_ticket_expected)
685 s->state=SSL3_ST_SW_SESSION_TICKET_A;
686#endif
687 else
688 s->state=SSL3_ST_SW_CHANGE_A;
689 s->init_num=0;
690 break;
691
692#ifndef OPENSSL_NO_TLSEXT
693 case SSL3_ST_SW_SESSION_TICKET_A:
694 case SSL3_ST_SW_SESSION_TICKET_B:
695 ret=dtls1_send_newsession_ticket(s);
696 if (ret <= 0) goto end;
697 s->state=SSL3_ST_SW_CHANGE_A;
698 s->init_num=0;
699 break;
700
701 case SSL3_ST_SW_CERT_STATUS_A:
702 case SSL3_ST_SW_CERT_STATUS_B:
703 ret=ssl3_send_cert_status(s);
704 if (ret <= 0) goto end;
705 s->state=SSL3_ST_SW_KEY_EXCH_A;
706 s->init_num=0;
707 break;
708
709#endif
710
711 case SSL3_ST_SW_CHANGE_A:
712 case SSL3_ST_SW_CHANGE_B:
713
714 s->session->cipher=s->s3->tmp.new_cipher;
715 if (!s->method->ssl3_enc->setup_key_block(s))
716 { ret= -1; goto end; }
717
718 ret=dtls1_send_change_cipher_spec(s,
719 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
720
721 if (ret <= 0) goto end;
722
723#ifndef OPENSSL_NO_SCTP
724 /* Change to new shared key of SCTP-Auth,
725 * will be ignored if no SCTP used.
726 */
727 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
728#endif
729
730 s->state=SSL3_ST_SW_FINISHED_A;
731 s->init_num=0;
732
733 if (!s->method->ssl3_enc->change_cipher_state(s,
734 SSL3_CHANGE_CIPHER_SERVER_WRITE))
735 {
736 ret= -1;
737 goto end;
738 }
739
740 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
741 break;
742
743 case SSL3_ST_SW_FINISHED_A:
744 case SSL3_ST_SW_FINISHED_B:
745 ret=dtls1_send_finished(s,
746 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
747 s->method->ssl3_enc->server_finished_label,
748 s->method->ssl3_enc->server_finished_label_len);
749 if (ret <= 0) goto end;
750 s->state=SSL3_ST_SW_FLUSH;
751 if (s->hit)
752 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
753 else
754 {
755 s->s3->tmp.next_state=SSL_ST_OK;
756#ifndef OPENSSL_NO_SCTP
757 if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
758 {
759 s->d1->next_state = s->s3->tmp.next_state;
760 s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
761 }
762#endif
763 }
764 s->init_num=0;
765 break;
766
767 case SSL_ST_OK:
768 /* clean a few things up */
769 ssl3_cleanup_key_block(s);
770
771#if 0
772 BUF_MEM_free(s->init_buf);
773 s->init_buf=NULL;
774#endif
775
776 /* remove buffering on output */
777 ssl_free_wbio_buffer(s);
778
779 s->init_num=0;
780
781 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
782 {
783 s->renegotiate=0;
784 s->new_session=0;
785
786 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
787
788 s->ctx->stats.sess_accept_good++;
789 /* s->server=1; */
790 s->handshake_func=dtls1_accept;
791
792 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
793 }
794
795 ret = 1;
796
797 /* done handshaking, next message is client hello */
798 s->d1->handshake_read_seq = 0;
799 /* next message is server hello */
800 s->d1->handshake_write_seq = 0;
801 s->d1->next_handshake_write_seq = 0;
802 goto end;
803 /* break; */
804
805 default:
806 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
807 ret= -1;
808 goto end;
809 /* break; */
810 }
811
812 if (!s->s3->tmp.reuse_message && !skip)
813 {
814 if (s->debug)
815 {
816 if ((ret=BIO_flush(s->wbio)) <= 0)
817 goto end;
818 }
819
820
821 if ((cb != NULL) && (s->state != state))
822 {
823 new_state=s->state;
824 s->state=state;
825 cb(s,SSL_CB_ACCEPT_LOOP,1);
826 s->state=new_state;
827 }
828 }
829 skip=0;
830 }
831end:
832 /* BIO_flush(s->wbio); */
833
834 s->in_handshake--;
835#ifndef OPENSSL_NO_SCTP
836 /* Notify SCTP BIO socket to leave handshake
837 * mode and prevent stream identifier other
838 * than 0. Will be ignored if no SCTP is used.
839 */
840 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
841#endif
842
843 if (cb != NULL)
844 cb(s,SSL_CB_ACCEPT_EXIT,ret);
845 return(ret);
846 }
847
848int dtls1_send_hello_request(SSL *s)
849 {
850 unsigned char *p;
851
852 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
853 {
854 p=(unsigned char *)s->init_buf->data;
855 p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
856
857 s->state=SSL3_ST_SW_HELLO_REQ_B;
858 /* number of bytes to write */
859 s->init_num=DTLS1_HM_HEADER_LENGTH;
860 s->init_off=0;
861
862 /* no need to buffer this message, since there are no retransmit
863 * requests for it */
864 }
865
866 /* SSL3_ST_SW_HELLO_REQ_B */
867 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
868 }
869
870int dtls1_send_hello_verify_request(SSL *s)
871 {
872 unsigned int msg_len;
873 unsigned char *msg, *buf, *p;
874
875 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
876 {
877 buf = (unsigned char *)s->init_buf->data;
878
879 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
880 *(p++) = s->version >> 8;
881 *(p++) = s->version & 0xFF;
882
883 if (s->ctx->app_gen_cookie_cb == NULL ||
884 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
885 &(s->d1->cookie_len)) == 0)
886 {
887 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
888 return 0;
889 }
890
891 *(p++) = (unsigned char) s->d1->cookie_len;
892 memcpy(p, s->d1->cookie, s->d1->cookie_len);
893 p += s->d1->cookie_len;
894 msg_len = p - msg;
895
896 dtls1_set_message_header(s, buf,
897 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
898
899 s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
900 /* number of bytes to write */
901 s->init_num=p-buf;
902 s->init_off=0;
903 }
904
905 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
906 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
907 }
908
909int dtls1_send_server_hello(SSL *s)
910 {
911 unsigned char *buf;
912 unsigned char *p,*d;
913 int i;
914 unsigned int sl;
915 unsigned long l,Time;
916
917 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
918 {
919 buf=(unsigned char *)s->init_buf->data;
920 p=s->s3->server_random;
921 Time=(unsigned long)time(NULL); /* Time */
922 l2n(Time,p);
923 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
924 /* Do the message type and length last */
925 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
926
927 *(p++)=s->version>>8;
928 *(p++)=s->version&0xff;
929
930 /* Random stuff */
931 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
932 p+=SSL3_RANDOM_SIZE;
933
934 /* now in theory we have 3 options to sending back the
935 * session id. If it is a re-use, we send back the
936 * old session-id, if it is a new session, we send
937 * back the new session-id or we send back a 0 length
938 * session-id if we want it to be single use.
939 * Currently I will not implement the '0' length session-id
940 * 12-Jan-98 - I'll now support the '0' length stuff.
941 */
942 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
943 s->session->session_id_length=0;
944
945 sl=s->session->session_id_length;
946 if (sl > sizeof s->session->session_id)
947 {
948 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
949 return -1;
950 }
951 *(p++)=sl;
952 memcpy(p,s->session->session_id,sl);
953 p+=sl;
954
955 /* put the cipher */
956 if (s->s3->tmp.new_cipher == NULL)
957 return -1;
958 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
959 p+=i;
960
961 /* put the compression method */
962#ifdef OPENSSL_NO_COMP
963 *(p++)=0;
964#else
965 if (s->s3->tmp.new_compression == NULL)
966 *(p++)=0;
967 else
968 *(p++)=s->s3->tmp.new_compression->id;
969#endif
970
971#ifndef OPENSSL_NO_TLSEXT
972 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
973 {
974 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
975 return -1;
976 }
977#endif
978
979 /* do the header */
980 l=(p-d);
981 d=buf;
982
983 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
984
985 s->state=SSL3_ST_SW_SRVR_HELLO_B;
986 /* number of bytes to write */
987 s->init_num=p-buf;
988 s->init_off=0;
989
990 /* buffer the message to handle re-xmits */
991 dtls1_buffer_message(s, 0);
992 }
993
994 /* SSL3_ST_SW_SRVR_HELLO_B */
995 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
996 }
997
998int dtls1_send_server_done(SSL *s)
999 {
1000 unsigned char *p;
1001
1002 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
1003 {
1004 p=(unsigned char *)s->init_buf->data;
1005
1006 /* do the header */
1007 p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
1008
1009 s->state=SSL3_ST_SW_SRVR_DONE_B;
1010 /* number of bytes to write */
1011 s->init_num=DTLS1_HM_HEADER_LENGTH;
1012 s->init_off=0;
1013
1014 /* buffer the message to handle re-xmits */
1015 dtls1_buffer_message(s, 0);
1016 }
1017
1018 /* SSL3_ST_SW_SRVR_DONE_B */
1019 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1020 }
1021
1022int dtls1_send_server_key_exchange(SSL *s)
1023 {
1024#ifndef OPENSSL_NO_RSA
1025 unsigned char *q;
1026 int j,num;
1027 RSA *rsa;
1028 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1029 unsigned int u;
1030#endif
1031#ifndef OPENSSL_NO_DH
1032 DH *dh=NULL,*dhp;
1033#endif
1034#ifndef OPENSSL_NO_ECDH
1035 EC_KEY *ecdh=NULL, *ecdhp;
1036 unsigned char *encodedPoint = NULL;
1037 int encodedlen = 0;
1038 int curve_id = 0;
1039 BN_CTX *bn_ctx = NULL;
1040#endif
1041 EVP_PKEY *pkey;
1042 unsigned char *p,*d;
1043 int al,i;
1044 unsigned long type;
1045 int n;
1046 CERT *cert;
1047 BIGNUM *r[4];
1048 int nr[4],kn;
1049 BUF_MEM *buf;
1050 EVP_MD_CTX md_ctx;
1051
1052 EVP_MD_CTX_init(&md_ctx);
1053 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
1054 {
1055 type=s->s3->tmp.new_cipher->algorithm_mkey;
1056 cert=s->cert;
1057
1058 buf=s->init_buf;
1059
1060 r[0]=r[1]=r[2]=r[3]=NULL;
1061 n=0;
1062#ifndef OPENSSL_NO_RSA
1063 if (type & SSL_kRSA)
1064 {
1065 rsa=cert->rsa_tmp;
1066 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
1067 {
1068 rsa=s->cert->rsa_tmp_cb(s,
1069 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1070 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1071 if(rsa == NULL)
1072 {
1073 al=SSL_AD_HANDSHAKE_FAILURE;
1074 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1075 goto f_err;
1076 }
1077 RSA_up_ref(rsa);
1078 cert->rsa_tmp=rsa;
1079 }
1080 if (rsa == NULL)
1081 {
1082 al=SSL_AD_HANDSHAKE_FAILURE;
1083 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1084 goto f_err;
1085 }
1086 r[0]=rsa->n;
1087 r[1]=rsa->e;
1088 s->s3->tmp.use_rsa_tmp=1;
1089 }
1090 else
1091#endif
1092#ifndef OPENSSL_NO_DH
1093 if (type & SSL_kEDH)
1094 {
1095 dhp=cert->dh_tmp;
1096 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1097 dhp=s->cert->dh_tmp_cb(s,
1098 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1099 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1100 if (dhp == NULL)
1101 {
1102 al=SSL_AD_HANDSHAKE_FAILURE;
1103 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1104 goto f_err;
1105 }
1106
1107 if (s->s3->tmp.dh != NULL)
1108 {
1109 DH_free(dh);
1110 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1111 goto err;
1112 }
1113
1114 if ((dh=DHparams_dup(dhp)) == NULL)
1115 {
1116 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1117 goto err;
1118 }
1119
1120 s->s3->tmp.dh=dh;
1121 if ((dhp->pub_key == NULL ||
1122 dhp->priv_key == NULL ||
1123 (s->options & SSL_OP_SINGLE_DH_USE)))
1124 {
1125 if(!DH_generate_key(dh))
1126 {
1127 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
1128 ERR_R_DH_LIB);
1129 goto err;
1130 }
1131 }
1132 else
1133 {
1134 dh->pub_key=BN_dup(dhp->pub_key);
1135 dh->priv_key=BN_dup(dhp->priv_key);
1136 if ((dh->pub_key == NULL) ||
1137 (dh->priv_key == NULL))
1138 {
1139 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1140 goto err;
1141 }
1142 }
1143 r[0]=dh->p;
1144 r[1]=dh->g;
1145 r[2]=dh->pub_key;
1146 }
1147 else
1148#endif
1149#ifndef OPENSSL_NO_ECDH
1150 if (type & SSL_kEECDH)
1151 {
1152 const EC_GROUP *group;
1153
1154 ecdhp=cert->ecdh_tmp;
1155 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
1156 {
1157 ecdhp=s->cert->ecdh_tmp_cb(s,
1158 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1159 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1160 }
1161 if (ecdhp == NULL)
1162 {
1163 al=SSL_AD_HANDSHAKE_FAILURE;
1164 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1165 goto f_err;
1166 }
1167
1168 if (s->s3->tmp.ecdh != NULL)
1169 {
1170 EC_KEY_free(s->s3->tmp.ecdh);
1171 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1172 goto err;
1173 }
1174
1175 /* Duplicate the ECDH structure. */
1176 if (ecdhp == NULL)
1177 {
1178 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1179 goto err;
1180 }
1181 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1182 {
1183 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1184 goto err;
1185 }
1186
1187 s->s3->tmp.ecdh=ecdh;
1188 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1189 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1190 (s->options & SSL_OP_SINGLE_ECDH_USE))
1191 {
1192 if(!EC_KEY_generate_key(ecdh))
1193 {
1194 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1195 goto err;
1196 }
1197 }
1198
1199 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1200 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1201 (EC_KEY_get0_private_key(ecdh) == NULL))
1202 {
1203 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1204 goto err;
1205 }
1206
1207 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1208 (EC_GROUP_get_degree(group) > 163))
1209 {
1210 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1211 goto err;
1212 }
1213
1214 /* XXX: For now, we only support ephemeral ECDH
1215 * keys over named (not generic) curves. For
1216 * supported named curves, curve_id is non-zero.
1217 */
1218 if ((curve_id =
1219 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1220 == 0)
1221 {
1222 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1223 goto err;
1224 }
1225
1226 /* Encode the public key.
1227 * First check the size of encoding and
1228 * allocate memory accordingly.
1229 */
1230 encodedlen = EC_POINT_point2oct(group,
1231 EC_KEY_get0_public_key(ecdh),
1232 POINT_CONVERSION_UNCOMPRESSED,
1233 NULL, 0, NULL);
1234
1235 encodedPoint = (unsigned char *)
1236 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1237 bn_ctx = BN_CTX_new();
1238 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1239 {
1240 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1241 goto err;
1242 }
1243
1244
1245 encodedlen = EC_POINT_point2oct(group,
1246 EC_KEY_get0_public_key(ecdh),
1247 POINT_CONVERSION_UNCOMPRESSED,
1248 encodedPoint, encodedlen, bn_ctx);
1249
1250 if (encodedlen == 0)
1251 {
1252 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1253 goto err;
1254 }
1255
1256 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1257
1258 /* XXX: For now, we only support named (not
1259 * generic) curves in ECDH ephemeral key exchanges.
1260 * In this situation, we need four additional bytes
1261 * to encode the entire ServerECDHParams
1262 * structure.
1263 */
1264 n = 4 + encodedlen;
1265
1266 /* We'll generate the serverKeyExchange message
1267 * explicitly so we can set these to NULLs
1268 */
1269 r[0]=NULL;
1270 r[1]=NULL;
1271 r[2]=NULL;
1272 r[3]=NULL;
1273 }
1274 else
1275#endif /* !OPENSSL_NO_ECDH */
1276#ifndef OPENSSL_NO_PSK
1277 if (type & SSL_kPSK)
1278 {
1279 /* reserve size for record length and PSK identity hint*/
1280 n+=2+strlen(s->ctx->psk_identity_hint);
1281 }
1282 else
1283#endif /* !OPENSSL_NO_PSK */
1284 {
1285 al=SSL_AD_HANDSHAKE_FAILURE;
1286 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1287 goto f_err;
1288 }
1289 for (i=0; r[i] != NULL; i++)
1290 {
1291 nr[i]=BN_num_bytes(r[i]);
1292 n+=2+nr[i];
1293 }
1294
1295 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1296 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1297 {
1298 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL))
1299 == NULL)
1300 {
1301 al=SSL_AD_DECODE_ERROR;
1302 goto f_err;
1303 }
1304 kn=EVP_PKEY_size(pkey);
1305 }
1306 else
1307 {
1308 pkey=NULL;
1309 kn=0;
1310 }
1311
1312 if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
1313 {
1314 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1315 goto err;
1316 }
1317 d=(unsigned char *)s->init_buf->data;
1318 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1319
1320 for (i=0; r[i] != NULL; i++)
1321 {
1322 s2n(nr[i],p);
1323 BN_bn2bin(r[i],p);
1324 p+=nr[i];
1325 }
1326
1327#ifndef OPENSSL_NO_ECDH
1328 if (type & SSL_kEECDH)
1329 {
1330 /* XXX: For now, we only support named (not generic) curves.
1331 * In this situation, the serverKeyExchange message has:
1332 * [1 byte CurveType], [2 byte CurveName]
1333 * [1 byte length of encoded point], followed by
1334 * the actual encoded point itself
1335 */
1336 *p = NAMED_CURVE_TYPE;
1337 p += 1;
1338 *p = 0;
1339 p += 1;
1340 *p = curve_id;
1341 p += 1;
1342 *p = encodedlen;
1343 p += 1;
1344 memcpy((unsigned char*)p,
1345 (unsigned char *)encodedPoint,
1346 encodedlen);
1347 OPENSSL_free(encodedPoint);
1348 p += encodedlen;
1349 }
1350#endif
1351
1352#ifndef OPENSSL_NO_PSK
1353 if (type & SSL_kPSK)
1354 {
1355 /* copy PSK identity hint */
1356 s2n(strlen(s->ctx->psk_identity_hint), p);
1357 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1358 p+=strlen(s->ctx->psk_identity_hint);
1359 }
1360#endif
1361
1362 /* not anonymous */
1363 if (pkey != NULL)
1364 {
1365 /* n is the length of the params, they start at
1366 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
1367 * at the end. */
1368#ifndef OPENSSL_NO_RSA
1369 if (pkey->type == EVP_PKEY_RSA)
1370 {
1371 q=md_buf;
1372 j=0;
1373 for (num=2; num > 0; num--)
1374 {
1375 EVP_DigestInit_ex(&md_ctx,(num == 2)
1376 ?s->ctx->md5:s->ctx->sha1, NULL);
1377 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1378 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1379 EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1380 EVP_DigestFinal_ex(&md_ctx,q,
1381 (unsigned int *)&i);
1382 q+=i;
1383 j+=i;
1384 }
1385 if (RSA_sign(NID_md5_sha1, md_buf, j,
1386 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1387 {
1388 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1389 goto err;
1390 }
1391 s2n(u,p);
1392 n+=u+2;
1393 }
1394 else
1395#endif
1396#if !defined(OPENSSL_NO_DSA)
1397 if (pkey->type == EVP_PKEY_DSA)
1398 {
1399 /* lets do DSS */
1400 EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
1401 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1402 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1403 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1404 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1405 (unsigned int *)&i,pkey))
1406 {
1407 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
1408 goto err;
1409 }
1410 s2n(i,p);
1411 n+=i+2;
1412 }
1413 else
1414#endif
1415#if !defined(OPENSSL_NO_ECDSA)
1416 if (pkey->type == EVP_PKEY_EC)
1417 {
1418 /* let's do ECDSA */
1419 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1420 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1421 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1422 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1423 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1424 (unsigned int *)&i,pkey))
1425 {
1426 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1427 goto err;
1428 }
1429 s2n(i,p);
1430 n+=i+2;
1431 }
1432 else
1433#endif
1434 {
1435 /* Is this error check actually needed? */
1436 al=SSL_AD_HANDSHAKE_FAILURE;
1437 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1438 goto f_err;
1439 }
1440 }
1441
1442 d = dtls1_set_message_header(s, d,
1443 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
1444
1445 /* we should now have things packed up, so lets send
1446 * it off */
1447 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1448 s->init_off=0;
1449
1450 /* buffer the message to handle re-xmits */
1451 dtls1_buffer_message(s, 0);
1452 }
1453
1454 s->state = SSL3_ST_SW_KEY_EXCH_B;
1455 EVP_MD_CTX_cleanup(&md_ctx);
1456 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1457f_err:
1458 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1459err:
1460#ifndef OPENSSL_NO_ECDH
1461 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1462 BN_CTX_free(bn_ctx);
1463#endif
1464 EVP_MD_CTX_cleanup(&md_ctx);
1465 return(-1);
1466 }
1467
1468int dtls1_send_certificate_request(SSL *s)
1469 {
1470 unsigned char *p,*d;
1471 int i,j,nl,off,n;
1472 STACK_OF(X509_NAME) *sk=NULL;
1473 X509_NAME *name;
1474 BUF_MEM *buf;
1475 unsigned int msg_len;
1476
1477 if (s->state == SSL3_ST_SW_CERT_REQ_A)
1478 {
1479 buf=s->init_buf;
1480
1481 d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1482
1483 /* get the list of acceptable cert types */
1484 p++;
1485 n=ssl3_get_req_cert_type(s,p);
1486 d[0]=n;
1487 p+=n;
1488 n++;
1489
1490 off=n;
1491 p+=2;
1492 n+=2;
1493
1494 sk=SSL_get_client_CA_list(s);
1495 nl=0;
1496 if (sk != NULL)
1497 {
1498 for (i=0; i<sk_X509_NAME_num(sk); i++)
1499 {
1500 name=sk_X509_NAME_value(sk,i);
1501 j=i2d_X509_NAME(name,NULL);
1502 if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
1503 {
1504 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
1505 goto err;
1506 }
1507 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
1508 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1509 {
1510 s2n(j,p);
1511 i2d_X509_NAME(name,&p);
1512 n+=2+j;
1513 nl+=2+j;
1514 }
1515 else
1516 {
1517 d=p;
1518 i2d_X509_NAME(name,&p);
1519 j-=2; s2n(j,d); j+=2;
1520 n+=j;
1521 nl+=j;
1522 }
1523 }
1524 }
1525 /* else no CA names */
1526 p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
1527 s2n(nl,p);
1528
1529 d=(unsigned char *)buf->data;
1530 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
1531 l2n3(n,d);
1532 s2n(s->d1->handshake_write_seq,d);
1533 s->d1->handshake_write_seq++;
1534
1535 /* we should now have things packed up, so lets send
1536 * it off */
1537
1538 s->init_num=n+DTLS1_HM_HEADER_LENGTH;
1539 s->init_off=0;
1540#ifdef NETSCAPE_HANG_BUG
1541/* XXX: what to do about this? */
1542 p=(unsigned char *)s->init_buf->data + s->init_num;
1543
1544 /* do the header */
1545 *(p++)=SSL3_MT_SERVER_DONE;
1546 *(p++)=0;
1547 *(p++)=0;
1548 *(p++)=0;
1549 s->init_num += 4;
1550#endif
1551
1552 /* XDTLS: set message header ? */
1553 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1554 dtls1_set_message_header(s, (void *)s->init_buf->data,
1555 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1556
1557 /* buffer the message to handle re-xmits */
1558 dtls1_buffer_message(s, 0);
1559
1560 s->state = SSL3_ST_SW_CERT_REQ_B;
1561 }
1562
1563 /* SSL3_ST_SW_CERT_REQ_B */
1564 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1565err:
1566 return(-1);
1567 }
1568
1569int dtls1_send_server_certificate(SSL *s)
1570 {
1571 unsigned long l;
1572 X509 *x;
1573
1574 if (s->state == SSL3_ST_SW_CERT_A)
1575 {
1576 x=ssl_get_server_send_cert(s);
1577 if (x == NULL)
1578 {
1579 /* VRS: allow null cert if auth == KRB5 */
1580 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
1581 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
1582 {
1583 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
1584 return(0);
1585 }
1586 }
1587
1588 l=dtls1_output_cert_chain(s,x);
1589 s->state=SSL3_ST_SW_CERT_B;
1590 s->init_num=(int)l;
1591 s->init_off=0;
1592
1593 /* buffer the message to handle re-xmits */
1594 dtls1_buffer_message(s, 0);
1595 }
1596
1597 /* SSL3_ST_SW_CERT_B */
1598 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1599 }
1600
1601#ifndef OPENSSL_NO_TLSEXT
1602int dtls1_send_newsession_ticket(SSL *s)
1603 {
1604 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
1605 {
1606 unsigned char *p, *senc, *macstart;
1607 int len, slen;
1608 unsigned int hlen, msg_len;
1609 EVP_CIPHER_CTX ctx;
1610 HMAC_CTX hctx;
1611 SSL_CTX *tctx = s->initial_ctx;
1612 unsigned char iv[EVP_MAX_IV_LENGTH];
1613 unsigned char key_name[16];
1614
1615 /* get session encoding length */
1616 slen = i2d_SSL_SESSION(s->session, NULL);
1617 /* Some length values are 16 bits, so forget it if session is
1618 * too long
1619 */
1620 if (slen > 0xFF00)
1621 return -1;
1622 /* Grow buffer if need be: the length calculation is as
1623 * follows 12 (DTLS handshake message header) +
1624 * 4 (ticket lifetime hint) + 2 (ticket length) +
1625 * 16 (key name) + max_iv_len (iv length) +
1626 * session_length + max_enc_block_size (max encrypted session
1627 * length) + max_md_size (HMAC).
1628 */
1629 if (!BUF_MEM_grow(s->init_buf,
1630 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1631 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1632 return -1;
1633 senc = OPENSSL_malloc(slen);
1634 if (!senc)
1635 return -1;
1636 p = senc;
1637 i2d_SSL_SESSION(s->session, &p);
1638
1639 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1640 EVP_CIPHER_CTX_init(&ctx);
1641 HMAC_CTX_init(&hctx);
1642 /* Initialize HMAC and cipher contexts. If callback present
1643 * it does all the work otherwise use generated values
1644 * from parent ctx.
1645 */
1646 if (tctx->tlsext_ticket_key_cb)
1647 {
1648 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1649 &hctx, 1) < 0)
1650 {
1651 OPENSSL_free(senc);
1652 return -1;
1653 }
1654 }
1655 else
1656 {
1657 RAND_pseudo_bytes(iv, 16);
1658 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1659 tctx->tlsext_tick_aes_key, iv);
1660 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1661 tlsext_tick_md(), NULL);
1662 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1663 }
1664 l2n(s->session->tlsext_tick_lifetime_hint, p);
1665 /* Skip ticket length for now */
1666 p += 2;
1667 /* Output key name */
1668 macstart = p;
1669 memcpy(p, key_name, 16);
1670 p += 16;
1671 /* output IV */
1672 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
1673 p += EVP_CIPHER_CTX_iv_length(&ctx);
1674 /* Encrypt session data */
1675 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
1676 p += len;
1677 EVP_EncryptFinal(&ctx, p, &len);
1678 p += len;
1679 EVP_CIPHER_CTX_cleanup(&ctx);
1680
1681 HMAC_Update(&hctx, macstart, p - macstart);
1682 HMAC_Final(&hctx, p, &hlen);
1683 HMAC_CTX_cleanup(&hctx);
1684
1685 p += hlen;
1686 /* Now write out lengths: p points to end of data written */
1687 /* Total length */
1688 len = p - (unsigned char *)(s->init_buf->data);
1689 /* Ticket length */
1690 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1691 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1692
1693 /* number of bytes to write */
1694 s->init_num= len;
1695 s->state=SSL3_ST_SW_SESSION_TICKET_B;
1696 s->init_off=0;
1697 OPENSSL_free(senc);
1698
1699 /* XDTLS: set message header ? */
1700 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1701 dtls1_set_message_header(s, (void *)s->init_buf->data,
1702 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1703
1704 /* buffer the message to handle re-xmits */
1705 dtls1_buffer_message(s, 0);
1706 }
1707
1708 /* SSL3_ST_SW_SESSION_TICKET_B */
1709 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1710 }
1711#endif
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index 18760c6e67..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,350 +0,0 @@
1#
2# OpenSSL example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6# This definition stops the following lines choking if HOME isn't
7# defined.
8HOME = .
9RANDFILE = $ENV::HOME/.rnd
10
11# Extra OBJECT IDENTIFIER info:
12#oid_file = $ENV::HOME/.oid
13oid_section = new_oids
14
15# To use this configuration file with the "-extfile" option of the
16# "openssl x509" utility, name here the section containing the
17# X.509v3 extensions to use:
18# extensions =
19# (Alternatively, use a configuration file that has only
20# X.509v3 extensions in its main [= default] section.)
21
22[ new_oids ]
23
24# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
25# Add a simple OID like this:
26# testoid1=1.2.3.4
27# Or use config file substitution like this:
28# testoid2=${testoid1}.5.6
29
30# Policies used by the TSA examples.
31tsa_policy1 = 1.2.3.4.1
32tsa_policy2 = 1.2.3.4.5.6
33tsa_policy3 = 1.2.3.4.5.7
34
35####################################################################
36[ ca ]
37default_ca = CA_default # The default ca section
38
39####################################################################
40[ CA_default ]
41
42dir = ./demoCA # Where everything is kept
43certs = $dir/certs # Where the issued certs are kept
44crl_dir = $dir/crl # Where the issued crl are kept
45database = $dir/index.txt # database index file.
46#unique_subject = no # Set to 'no' to allow creation of
47 # several ctificates with same subject.
48new_certs_dir = $dir/newcerts # default place for new certs.
49
50certificate = $dir/cacert.pem # The CA certificate
51serial = $dir/serial # The current serial number
52crlnumber = $dir/crlnumber # the current crl number
53 # must be commented out to leave a V1 CRL
54crl = $dir/crl.pem # The current CRL
55private_key = $dir/private/cakey.pem# The private key
56RANDFILE = $dir/private/.rand # private random number file
57
58x509_extensions = usr_cert # The extentions to add to the cert
59
60# Comment out the following two lines for the "traditional"
61# (and highly broken) format.
62name_opt = ca_default # Subject Name options
63cert_opt = ca_default # Certificate field options
64
65# Extension copying option: use with caution.
66# copy_extensions = copy
67
68# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
69# so this is commented out by default to leave a V1 CRL.
70# crlnumber must also be commented out to leave a V1 CRL.
71# crl_extensions = crl_ext
72
73default_days = 365 # how long to certify for
74default_crl_days= 30 # how long before next CRL
75default_md = default # use public key default MD
76preserve = no # keep passed DN ordering
77
78# A few difference way of specifying how similar the request should look
79# For type CA, the listed attributes must be the same, and the optional
80# and supplied fields are just that :-)
81policy = policy_match
82
83# For the CA policy
84[ policy_match ]
85countryName = match
86stateOrProvinceName = match
87organizationName = match
88organizationalUnitName = optional
89commonName = supplied
90emailAddress = optional
91
92# For the 'anything' policy
93# At this point in time, you must list all acceptable 'object'
94# types.
95[ policy_anything ]
96countryName = optional
97stateOrProvinceName = optional
98localityName = optional
99organizationName = optional
100organizationalUnitName = optional
101commonName = supplied
102emailAddress = optional
103
104####################################################################
105[ req ]
106default_bits = 1024
107default_keyfile = privkey.pem
108distinguished_name = req_distinguished_name
109attributes = req_attributes
110x509_extensions = v3_ca # The extentions to add to the self signed cert
111
112# Passwords for private keys if not present they will be prompted for
113# input_password = secret
114# output_password = secret
115
116# This sets a mask for permitted string types. There are several options.
117# default: PrintableString, T61String, BMPString.
118# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
119# utf8only: only UTF8Strings (PKIX recommendation after 2004).
120# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
121# MASK:XXXX a literal mask value.
122# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
123string_mask = utf8only
124
125# req_extensions = v3_req # The extensions to add to a certificate request
126
127[ req_distinguished_name ]
128countryName = Country Name (2 letter code)
129countryName_default = AU
130countryName_min = 2
131countryName_max = 2
132
133stateOrProvinceName = State or Province Name (full name)
134stateOrProvinceName_default = Some-State
135
136localityName = Locality Name (eg, city)
137
1380.organizationName = Organization Name (eg, company)
1390.organizationName_default = Internet Widgits Pty Ltd
140
141# we can do this but it is not needed normally :-)
142#1.organizationName = Second Organization Name (eg, company)
143#1.organizationName_default = World Wide Web Pty Ltd
144
145organizationalUnitName = Organizational Unit Name (eg, section)
146#organizationalUnitName_default =
147
148commonName = Common Name (e.g. server FQDN or YOUR name)
149commonName_max = 64
150
151emailAddress = Email Address
152emailAddress_max = 64
153
154# SET-ex3 = SET extension number 3
155
156[ req_attributes ]
157challengePassword = A challenge password
158challengePassword_min = 4
159challengePassword_max = 20
160
161unstructuredName = An optional company name
162
163[ usr_cert ]
164
165# These extensions are added when 'ca' signs a request.
166
167# This goes against PKIX guidelines but some CAs do it and some software
168# requires this to avoid interpreting an end user certificate as a CA.
169
170basicConstraints=CA:FALSE
171
172# Here are some examples of the usage of nsCertType. If it is omitted
173# the certificate can be used for anything *except* object signing.
174
175# This is OK for an SSL server.
176# nsCertType = server
177
178# For an object signing certificate this would be used.
179# nsCertType = objsign
180
181# For normal client use this is typical
182# nsCertType = client, email
183
184# and for everything including object signing:
185# nsCertType = client, email, objsign
186
187# This is typical in keyUsage for a client certificate.
188# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
189
190# This will be displayed in Netscape's comment listbox.
191nsComment = "OpenSSL Generated Certificate"
192
193# PKIX recommendations harmless if included in all certificates.
194subjectKeyIdentifier=hash
195authorityKeyIdentifier=keyid,issuer
196
197# This stuff is for subjectAltName and issuerAltname.
198# Import the email address.
199# subjectAltName=email:copy
200# An alternative to produce certificates that aren't
201# deprecated according to PKIX.
202# subjectAltName=email:move
203
204# Copy subject details
205# issuerAltName=issuer:copy
206
207#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
208#nsBaseUrl
209#nsRevocationUrl
210#nsRenewalUrl
211#nsCaPolicyUrl
212#nsSslServerName
213
214# This is required for TSA certificates.
215# extendedKeyUsage = critical,timeStamping
216
217[ v3_req ]
218
219# Extensions to add to a certificate request
220
221basicConstraints = CA:FALSE
222keyUsage = nonRepudiation, digitalSignature, keyEncipherment
223
224[ v3_ca ]
225
226
227# Extensions for a typical CA
228
229
230# PKIX recommendation.
231
232subjectKeyIdentifier=hash
233
234authorityKeyIdentifier=keyid:always,issuer
235
236# This is what PKIX recommends but some broken software chokes on critical
237# extensions.
238#basicConstraints = critical,CA:true
239# So we do this instead.
240basicConstraints = CA:true
241
242# Key usage: this is typical for a CA certificate. However since it will
243# prevent it being used as an test self-signed certificate it is best
244# left out by default.
245# keyUsage = cRLSign, keyCertSign
246
247# Some might want this also
248# nsCertType = sslCA, emailCA
249
250# Include email address in subject alt name: another PKIX recommendation
251# subjectAltName=email:copy
252# Copy issuer details
253# issuerAltName=issuer:copy
254
255# DER hex encoding of an extension: beware experts only!
256# obj=DER:02:03
257# Where 'obj' is a standard or added object
258# You can even override a supported extension:
259# basicConstraints= critical, DER:30:03:01:01:FF
260
261[ crl_ext ]
262
263# CRL extensions.
264# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
265
266# issuerAltName=issuer:copy
267authorityKeyIdentifier=keyid:always
268
269[ proxy_cert_ext ]
270# These extensions should be added when creating a proxy certificate
271
272# This goes against PKIX guidelines but some CAs do it and some software
273# requires this to avoid interpreting an end user certificate as a CA.
274
275basicConstraints=CA:FALSE
276
277# Here are some examples of the usage of nsCertType. If it is omitted
278# the certificate can be used for anything *except* object signing.
279
280# This is OK for an SSL server.
281# nsCertType = server
282
283# For an object signing certificate this would be used.
284# nsCertType = objsign
285
286# For normal client use this is typical
287# nsCertType = client, email
288
289# and for everything including object signing:
290# nsCertType = client, email, objsign
291
292# This is typical in keyUsage for a client certificate.
293# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
294
295# This will be displayed in Netscape's comment listbox.
296nsComment = "OpenSSL Generated Certificate"
297
298# PKIX recommendations harmless if included in all certificates.
299subjectKeyIdentifier=hash
300authorityKeyIdentifier=keyid,issuer
301
302# This stuff is for subjectAltName and issuerAltname.
303# Import the email address.
304# subjectAltName=email:copy
305# An alternative to produce certificates that aren't
306# deprecated according to PKIX.
307# subjectAltName=email:move
308
309# Copy subject details
310# issuerAltName=issuer:copy
311
312#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
313#nsBaseUrl
314#nsRevocationUrl
315#nsRenewalUrl
316#nsCaPolicyUrl
317#nsSslServerName
318
319# This really needs to be in place for it to be a proxy certificate.
320proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
321
322####################################################################
323[ tsa ]
324
325default_tsa = tsa_config1 # the default TSA section
326
327[ tsa_config1 ]
328
329# These are used by the TSA reply generation only.
330dir = ./demoCA # TSA root directory
331serial = $dir/tsaserial # The current serial number (mandatory)
332crypto_device = builtin # OpenSSL engine to use for signing
333signer_cert = $dir/tsacert.pem # The TSA signing certificate
334 # (optional)
335certs = $dir/cacert.pem # Certificate chain to include in reply
336 # (optional)
337signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
338
339default_policy = tsa_policy1 # Policy if request did not specify it
340 # (optional)
341other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
342digests = md5, sha1 # Acceptable message digests (mandatory)
343accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
344clock_precision_digits = 0 # number of digits after dot. (optional)
345ordering = yes # Is ordering defined for timestamps?
346 # (optional, default: no)
347tsa_name = yes # Must the TSA name be included in the reply?
348 # (optional, default: no)
349ess_cert_id_chain = no # Must the ESS cert id chain be included?
350 # (optional, default: no)
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index f8817b0a71..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
1
2This is some preliminary documentation for OpenSSL.
3
4Contents:
5
6 OpenSSL X509V3 extension configuration
7 X509V3 Extension code: programmers guide
8 PKCS#12 Library
9
10
11==============================================================================
12 OpenSSL X509V3 extension configuration
13==============================================================================
14
15OpenSSL X509V3 extension configuration: preliminary documentation.
16
17INTRODUCTION.
18
19For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
20possible to add and print out common X509 V3 certificate and CRL extensions.
21
22BEGINNERS NOTE
23
24For most simple applications you don't need to know too much about extensions:
25the default openssl.cnf values will usually do sensible things.
26
27If you want to know more you can initially quickly look through the sections
28describing how the standard OpenSSL utilities display and add extensions and
29then the list of supported extensions.
30
31For more technical information about the meaning of extensions see:
32
33http://www.imc.org/ietf-pkix/
34http://home.netscape.com/eng/security/certs.html
35
36PRINTING EXTENSIONS.
37
38Extension values are automatically printed out for supported extensions.
39
40openssl x509 -in cert.pem -text
41openssl crl -in crl.pem -text
42
43will give information in the extension printout, for example:
44
45 X509v3 extensions:
46 X509v3 Basic Constraints:
47 CA:TRUE
48 X509v3 Subject Key Identifier:
49 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
50 X509v3 Authority Key Identifier:
51 keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
52 X509v3 Key Usage:
53 Certificate Sign, CRL Sign
54 X509v3 Subject Alternative Name:
55 email:email@1.address, email:email@2.address
56
57CONFIGURATION FILES.
58
59The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
60which certificate extensions to include. In each case a line:
61
62x509_extensions = extension_section
63
64indicates which section contains the extensions. In the case of 'req' the
65extension section is used when the -x509 option is present to create a
66self signed root certificate.
67
68The 'x509' utility also supports extensions when it signs a certificate.
69The -extfile option is used to set the configuration file containing the
70extensions. In this case a line with:
71
72extensions = extension_section
73
74in the nameless (default) section is used. If no such line is included then
75it uses the default section.
76
77You can also add extensions to CRLs: a line
78
79crl_extensions = crl_extension_section
80
81will include extensions when the -gencrl option is used with the 'ca' utility.
82You can add any extension to a CRL but of the supported extensions only
83issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
84CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
85CRL entry extensions can be displayed.
86
87NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
88you should not include a crl_extensions line in the configuration file.
89
90As with all configuration files you can use the inbuilt environment expansion
91to allow the values to be passed in the environment. Therefore if you have
92several extension sections used for different purposes you can have a line:
93
94x509_extensions = $ENV::ENV_EXT
95
96and set the ENV_EXT environment variable before calling the relevant utility.
97
98EXTENSION SYNTAX.
99
100Extensions have the basic form:
101
102extension_name=[critical,] extension_options
103
104the use of the critical option makes the extension critical. Extreme caution
105should be made when using the critical flag. If an extension is marked
106as critical then any client that does not understand the extension should
107reject it as invalid. Some broken software will reject certificates which
108have *any* critical extensions (these violates PKIX but we have to live
109with it).
110
111There are three main types of extension: string extensions, multi-valued
112extensions, and raw extensions.
113
114String extensions simply have a string which contains either the value itself
115or how it is obtained.
116
117For example:
118
119nsComment="This is a Comment"
120
121Multi-valued extensions have a short form and a long form. The short form
122is a list of names and values:
123
124basicConstraints=critical,CA:true,pathlen:1
125
126The long form allows the values to be placed in a separate section:
127
128basicConstraints=critical,@bs_section
129
130[bs_section]
131
132CA=true
133pathlen=1
134
135Both forms are equivalent. However it should be noted that in some cases the
136same name can appear multiple times, for example,
137
138subjectAltName=email:steve@here,email:steve@there
139
140in this case an equivalent long form is:
141
142subjectAltName=@alt_section
143
144[alt_section]
145
146email.1=steve@here
147email.2=steve@there
148
149This is because the configuration file code cannot handle the same name
150occurring twice in the same section.
151
152The syntax of raw extensions is governed by the extension code: it can
153for example contain data in multiple sections. The correct syntax to
154use is defined by the extension code itself: check out the certificate
155policies extension for an example.
156
157There are two ways to encode arbitrary extensions.
158
159The first way is to use the word ASN1 followed by the extension content
160using the same syntax as ASN1_generate_nconf(). For example:
161
1621.2.3.4=critical,ASN1:UTF8String:Some random data
163
1641.2.3.4=ASN1:SEQUENCE:seq_sect
165
166[seq_sect]
167
168field1 = UTF8:field1
169field2 = UTF8:field2
170
171It is also possible to use the word DER to include arbitrary data in any
172extension.
173
1741.2.3.4=critical,DER:01:02:03:04
1751.2.3.4=DER:01020304
176
177The value following DER is a hex dump of the DER encoding of the extension
178Any extension can be placed in this form to override the default behaviour.
179For example:
180
181basicConstraints=critical,DER:00:01:02:03
182
183WARNING: DER should be used with caution. It is possible to create totally
184invalid extensions unless care is taken.
185
186CURRENTLY SUPPORTED EXTENSIONS.
187
188If you aren't sure about extensions then they can be largely ignored: its only
189when you want to do things like restrict certificate usage when you need to
190worry about them.
191
192The only extension that a beginner might want to look at is Basic Constraints.
193If in addition you want to try Netscape object signing the you should also
194look at Netscape Certificate Type.
195
196Literal String extensions.
197
198In each case the 'value' of the extension is placed directly in the
199extension. Currently supported extensions in this category are: nsBaseUrl,
200nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
201nsSslServerName and nsComment.
202
203For example:
204
205nsComment="This is a test comment"
206
207Bit Strings.
208
209Bit string extensions just consist of a list of supported bits, currently
210two extensions are in this category: PKIX keyUsage and the Netscape specific
211nsCertType.
212
213nsCertType (netscape certificate type) takes the flags: client, server, email,
214objsign, reserved, sslCA, emailCA, objCA.
215
216keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
217keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
218encipherOnly, decipherOnly.
219
220For example:
221
222nsCertType=server
223
224keyUsage=digitalSignature, nonRepudiation
225
226Hints on Netscape Certificate Type.
227
228Other than Basic Constraints this is the only extension a beginner might
229want to use, if you want to try Netscape object signing, otherwise it can
230be ignored.
231
232If you want a certificate that can be used just for object signing then:
233
234nsCertType=objsign
235
236will do the job. If you want to use it as a normal end user and server
237certificate as well then
238
239nsCertType=objsign,email,server
240
241is more appropriate. You cannot use a self signed certificate for object
242signing (well Netscape signtool can but it cheats!) so you need to create
243a CA certificate and sign an end user certificate with it.
244
245Side note: If you want to conform to the Netscape specifications then you
246should really also set:
247
248nsCertType=objCA
249
250in the *CA* certificate for just an object signing CA and
251
252nsCertType=objCA,emailCA,sslCA
253
254for everything. Current Netscape software doesn't enforce this so it can
255be omitted.
256
257Basic Constraints.
258
259This is generally the only extension you need to worry about for simple
260applications. If you want your certificate to be usable as a CA certificate
261(in addition to an end user certificate) then you set this to:
262
263basicConstraints=CA:TRUE
264
265if you want to be certain the certificate cannot be used as a CA then do:
266
267basicConstraints=CA:FALSE
268
269The rest of this section describes more advanced usage.
270
271Basic constraints is a multi-valued extension that supports a CA and an
272optional pathlen option. The CA option takes the values true and false and
273pathlen takes an integer. Note if the CA option is false the pathlen option
274should be omitted.
275
276The pathlen parameter indicates the maximum number of CAs that can appear
277below this one in a chain. So if you have a CA with a pathlen of zero it can
278only be used to sign end user certificates and not further CAs. This all
279assumes that the software correctly interprets this extension of course.
280
281Examples:
282
283basicConstraints=CA:TRUE
284basicConstraints=critical,CA:TRUE, pathlen:0
285
286NOTE: for a CA to be considered valid it must have the CA option set to
287TRUE. An end user certificate MUST NOT have the CA value set to true.
288According to PKIX recommendations it should exclude the extension entirely,
289however some software may require CA set to FALSE for end entity certificates.
290
291Extended Key Usage.
292
293This extensions consists of a list of usages.
294
295These can either be object short names of the dotted numerical form of OIDs.
296While any OID can be used only certain values make sense. In particular the
297following PKIX, NS and MS values are meaningful:
298
299Value Meaning
300----- -------
301serverAuth SSL/TLS Web Server Authentication.
302clientAuth SSL/TLS Web Client Authentication.
303codeSigning Code signing.
304emailProtection E-mail Protection (S/MIME).
305timeStamping Trusted Timestamping
306msCodeInd Microsoft Individual Code Signing (authenticode)
307msCodeCom Microsoft Commercial Code Signing (authenticode)
308msCTLSign Microsoft Trust List Signing
309msSGC Microsoft Server Gated Crypto
310msEFS Microsoft Encrypted File System
311nsSGC Netscape Server Gated Crypto
312
313For example, under IE5 a CA can be used for any purpose: by including a list
314of the above usages the CA can be restricted to only authorised uses.
315
316Note: software packages may place additional interpretations on certificate
317use, in particular some usages may only work for selected CAs. Don't for example
318expect just including msSGC or nsSGC will automatically mean that a certificate
319can be used for SGC ("step up" encryption) otherwise anyone could use it.
320
321Examples:
322
323extendedKeyUsage=critical,codeSigning,1.2.3.4
324extendedKeyUsage=nsSGC,msSGC
325
326Subject Key Identifier.
327
328This is really a string extension and can take two possible values. Either
329a hex string giving details of the extension value to include or the word
330'hash' which then automatically follow PKIX guidelines in selecting and
331appropriate key identifier. The use of the hex string is strongly discouraged.
332
333Example: subjectKeyIdentifier=hash
334
335Authority Key Identifier.
336
337The authority key identifier extension permits two options. keyid and issuer:
338both can take the optional value "always".
339
340If the keyid option is present an attempt is made to copy the subject key
341identifier from the parent certificate. If the value "always" is present
342then an error is returned if the option fails.
343
344The issuer option copies the issuer and serial number from the issuer
345certificate. Normally this will only be done if the keyid option fails or
346is not included: the "always" flag will always include the value.
347
348Subject Alternative Name.
349
350The subject alternative name extension allows various literal values to be
351included in the configuration file. These include "email" (an email address)
352"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
353registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
354
355Also the email option include a special 'copy' value. This will automatically
356include and email addresses contained in the certificate subject name in
357the extension.
358
359otherName can include arbitrary data associated with an OID: the value
360should be the OID followed by a semicolon and the content in standard
361ASN1_generate_nconf() format.
362
363Examples:
364
365subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
366subjectAltName=email:my@other.address,RID:1.2.3.4
367subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
368
369Issuer Alternative Name.
370
371The issuer alternative name option supports all the literal options of
372subject alternative name. It does *not* support the email:copy option because
373that would not make sense. It does support an additional issuer:copy option
374that will copy all the subject alternative name values from the issuer
375certificate (if possible).
376
377Example:
378
379issuserAltName = issuer:copy
380
381Authority Info Access.
382
383The authority information access extension gives details about how to access
384certain information relating to the CA. Its syntax is accessOID;location
385where 'location' has the same syntax as subject alternative name (except
386that email:copy is not supported). accessOID can be any valid OID but only
387certain values are meaningful for example OCSP and caIssuers. OCSP gives the
388location of an OCSP responder: this is used by Netscape PSM and other software.
389
390Example:
391
392authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
393authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
394
395CRL distribution points.
396
397This is a multi-valued extension that supports all the literal options of
398subject alternative name. Of the few software packages that currently interpret
399this extension most only interpret the URI option.
400
401Currently each option will set a new DistributionPoint with the fullName
402field set to the given value.
403
404Other fields like cRLissuer and reasons cannot currently be set or displayed:
405at this time no examples were available that used these fields.
406
407If you see this extension with <UNSUPPORTED> when you attempt to print it out
408or it doesn't appear to display correctly then let me know, including the
409certificate (mail me at steve@openssl.org) .
410
411Examples:
412
413crlDistributionPoints=URI:http://www.myhost.com/myca.crl
414crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
415
416Certificate Policies.
417
418This is a RAW extension. It attempts to display the contents of this extension:
419unfortunately this extension is often improperly encoded.
420
421The certificate policies extension will rarely be used in practice: few
422software packages interpret it correctly or at all. IE5 does partially
423support this extension: but it needs the 'ia5org' option because it will
424only correctly support a broken encoding. Of the options below only the
425policy OID, explicitText and CPS options are displayed with IE5.
426
427All the fields of this extension can be set by using the appropriate syntax.
428
429If you follow the PKIX recommendations of not including any qualifiers and just
430using only one OID then you just include the value of that OID. Multiple OIDs
431can be set separated by commas, for example:
432
433certificatePolicies= 1.2.4.5, 1.1.3.4
434
435If you wish to include qualifiers then the policy OID and qualifiers need to
436be specified in a separate section: this is done by using the @section syntax
437instead of a literal OID value.
438
439The section referred to must include the policy OID using the name
440policyIdentifier, cPSuri qualifiers can be included using the syntax:
441
442CPS.nnn=value
443
444userNotice qualifiers can be set using the syntax:
445
446userNotice.nnn=@notice
447
448The value of the userNotice qualifier is specified in the relevant section.
449This section can include explicitText, organization and noticeNumbers
450options. explicitText and organization are text strings, noticeNumbers is a
451comma separated list of numbers. The organization and noticeNumbers options
452(if included) must BOTH be present. If you use the userNotice option with IE5
453then you need the 'ia5org' option at the top level to modify the encoding:
454otherwise it will not be interpreted properly.
455
456Example:
457
458certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
459
460[polsect]
461
462policyIdentifier = 1.3.5.8
463CPS.1="http://my.host.name/"
464CPS.2="http://my.your.name/"
465userNotice.1=@notice
466
467[notice]
468
469explicitText="Explicit Text Here"
470organization="Organisation Name"
471noticeNumbers=1,2,3,4
472
473TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
474according to PKIX it should be of type DisplayText but Verisign uses an
475IA5STRING and IE5 needs this too.
476
477Display only extensions.
478
479Some extensions are only partially supported and currently are only displayed
480but cannot be set. These include private key usage period, CRL number, and
481CRL reason.
482
483==============================================================================
484 X509V3 Extension code: programmers guide
485==============================================================================
486
487The purpose of the extension code is twofold. It allows an extension to be
488created from a string or structure describing its contents and it prints out an
489extension in a human or machine readable form.
490
4911. Initialisation and cleanup.
492
493No special initialisation is needed before calling the extension functions.
494You used to have to call X509V3_add_standard_extensions(); but this is no longer
495required and this function no longer does anything.
496
497void X509V3_EXT_cleanup(void);
498
499This function should be called to cleanup the extension code if any custom
500extensions have been added. If no custom extensions have been added then this
501call does nothing. After this call all custom extension code is freed up but
502you can still use the standard extensions.
503
5042. Printing and parsing extensions.
505
506The simplest way to print out extensions is via the standard X509 printing
507routines: if you use the standard X509_print() function, the supported
508extensions will be printed out automatically.
509
510The following functions allow finer control over extension display:
511
512int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
513int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
514
515These two functions print out an individual extension to a BIO or FILE pointer.
516Currently the flag argument is unused and should be set to 0. The 'indent'
517argument is the number of spaces to indent each line.
518
519void *X509V3_EXT_d2i(X509_EXTENSION *ext);
520
521This function parses an extension and returns its internal structure. The
522precise structure you get back depends on the extension being parsed. If the
523extension if basicConstraints you will get back a pointer to a
524BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
525details about the structures returned. The returned structure should be freed
526after use using the relevant free function, BASIC_CONSTRAINTS_free() for
527example.
528
529void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
530void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
531void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
532void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
533
534These functions combine the operations of searching for extensions and
535parsing them. They search a certificate, a CRL a CRL entry or a stack
536of extensions respectively for extension whose NID is 'nid' and return
537the parsed result of NULL if an error occurred. For example:
538
539BASIC_CONSTRAINTS *bs;
540bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
541
542This will search for the basicConstraints extension and either return
543it value or NULL. NULL can mean either the extension was not found, it
544occurred more than once or it could not be parsed.
545
546If 'idx' is NULL then an extension is only parsed if it occurs precisely
547once. This is standard behaviour because extensions normally cannot occur
548more than once. If however more than one extension of the same type can
549occur it can be used to parse successive extensions for example:
550
551int i;
552void *ext;
553
554i = -1;
555for(;;) {
556 ext = X509_get_ext_d2i(x, nid, crit, &idx);
557 if(ext == NULL) break;
558 /* Do something with ext */
559}
560
561If 'crit' is not NULL and the extension was found then the int it points to
562is set to 1 for critical extensions and 0 for non critical. Therefore if the
563function returns NULL but 'crit' is set to 0 or 1 then the extension was
564found but it could not be parsed.
565
566The int pointed to by crit will be set to -1 if the extension was not found
567and -2 if the extension occurred more than once (this will only happen if
568idx is NULL). In both cases the function will return NULL.
569
5703. Generating extensions.
571
572An extension will typically be generated from a configuration file, or some
573other kind of configuration database.
574
575int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
576 X509 *cert);
577int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
578 X509_CRL *crl);
579
580These functions add all the extensions in the given section to the given
581certificate or CRL. They will normally be called just before the certificate
582or CRL is due to be signed. Both return 0 on error on non zero for success.
583
584In each case 'conf' is the LHASH pointer of the configuration file to use
585and 'section' is the section containing the extension details.
586
587See the 'context functions' section for a description of the ctx parameter.
588
589
590X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
591 char *value);
592
593This function returns an extension based on a name and value pair, if the
594pair will not need to access other sections in a config file (or there is no
595config file) then the 'conf' parameter can be set to NULL.
596
597X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
598 char *value);
599
600This function creates an extension in the same way as X509V3_EXT_conf() but
601takes the NID of the extension rather than its name.
602
603For example to produce basicConstraints with the CA flag and a path length of
60410:
605
606x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
607
608
609X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
610
611This function sets up an extension from its internal structure. The ext_nid
612parameter is the NID of the extension and 'crit' is the critical flag.
613
6144. Context functions.
615
616The following functions set and manipulate an extension context structure.
617The purpose of the extension context is to allow the extension code to
618access various structures relating to the "environment" of the certificate:
619for example the issuers certificate or the certificate request.
620
621void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
622 X509_REQ *req, X509_CRL *crl, int flags);
623
624This function sets up an X509V3_CTX structure with details of the certificate
625environment: specifically the issuers certificate, the subject certificate,
626the certificate request and the CRL: if these are not relevant or not
627available then they can be set to NULL. The 'flags' parameter should be set
628to zero.
629
630X509V3_set_ctx_test(ctx)
631
632This macro is used to set the 'ctx' structure to a 'test' value: this is to
633allow the syntax of an extension (or configuration file) to be tested.
634
635X509V3_set_ctx_nodb(ctx)
636
637This macro is used when no configuration database is present.
638
639void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
640
641This function is used to set the configuration database when it is an LHASH
642structure: typically a configuration file.
643
644The following functions are used to access a configuration database: they
645should only be used in RAW extensions.
646
647char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
648
649This function returns the value of the parameter "name" in "section", or NULL
650if there has been an error.
651
652void X509V3_string_free(X509V3_CTX *ctx, char *str);
653
654This function frees up the string returned by the above function.
655
656STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
657
658This function returns a whole section as a STACK_OF(CONF_VALUE) .
659
660void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
661
662This function frees up the STACK returned by the above function.
663
664Note: it is possible to use the extension code with a custom configuration
665database. To do this the "db_meth" element of the X509V3_CTX structure should
666be set to an X509V3_CTX_METHOD structure. This structure contains the following
667function pointers:
668
669char * (*get_string)(void *db, char *section, char *value);
670STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
671void (*free_string)(void *db, char * string);
672void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
673
674these will be called and passed the 'db' element in the X509V3_CTX structure
675to access the database. If a given function is not implemented or not required
676it can be set to NULL.
677
6785. String helper functions.
679
680There are several "i2s" and "s2i" functions that convert structures to and
681from ASCII strings. In all the "i2s" cases the returned string should be
682freed using Free() after use. Since some of these are part of other extension
683code they may take a 'method' parameter. Unless otherwise stated it can be
684safely set to NULL.
685
686char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
687
688This returns a hex string from an ASN1_OCTET_STRING.
689
690char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
691char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
692
693These return a string decimal representations of an ASN1_INTEGER and an
694ASN1_ENUMERATED type, respectively.
695
696ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
697 X509V3_CTX *ctx, char *str);
698
699This converts an ASCII hex string to an ASN1_OCTET_STRING.
700
701ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
702
703This converts a decimal ASCII string into an ASN1_INTEGER.
704
7056. Multi valued extension helper functions.
706
707The following functions can be used to manipulate STACKs of CONF_VALUE
708structures, as used by multi valued extensions.
709
710int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
711
712This function expects a boolean value in 'value' and sets 'asn1_bool' to
713it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
714strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
715"false", "N", "n", "NO" or "no".
716
717int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
718
719This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
720
721int X509V3_add_value(const char *name, const char *value,
722 STACK_OF(CONF_VALUE) **extlist);
723
724This simply adds a string name and value pair.
725
726int X509V3_add_value_uchar(const char *name, const unsigned char *value,
727 STACK_OF(CONF_VALUE) **extlist);
728
729The same as above but for an unsigned character value.
730
731int X509V3_add_value_bool(const char *name, int asn1_bool,
732 STACK_OF(CONF_VALUE) **extlist);
733
734This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
735
736int X509V3_add_value_bool_nf(char *name, int asn1_bool,
737 STACK_OF(CONF_VALUE) **extlist);
738
739This is the same as above except it adds nothing if asn1_bool is FALSE.
740
741int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
742 STACK_OF(CONF_VALUE) **extlist);
743
744This function adds the value of the ASN1_INTEGER in decimal form.
745
7467. Other helper functions.
747
748<to be added>
749
750ADDING CUSTOM EXTENSIONS.
751
752Currently there are three types of supported extensions.
753
754String extensions are simple strings where the value is placed directly in the
755extensions, and the string returned is printed out.
756
757Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
758or return a STACK_OF(CONF_VALUE).
759
760Raw extensions are just passed a BIO or a value and it is the extensions
761responsibility to handle all the necessary printing.
762
763There are two ways to add an extension. One is simply as an alias to an already
764existing extension. An alias is an extension that is identical in ASN1 structure
765to an existing extension but has a different OBJECT IDENTIFIER. This can be
766done by calling:
767
768int X509V3_EXT_add_alias(int nid_to, int nid_from);
769
770'nid_to' is the new extension NID and 'nid_from' is the already existing
771extension NID.
772
773Alternatively an extension can be written from scratch. This involves writing
774the ASN1 code to encode and decode the extension and functions to print out and
775generate the extension from strings. The relevant functions are then placed in
776a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
777called.
778
779The X509V3_EXT_METHOD structure is described below.
780
781struct {
782int ext_nid;
783int ext_flags;
784X509V3_EXT_NEW ext_new;
785X509V3_EXT_FREE ext_free;
786X509V3_EXT_D2I d2i;
787X509V3_EXT_I2D i2d;
788X509V3_EXT_I2S i2s;
789X509V3_EXT_S2I s2i;
790X509V3_EXT_I2V i2v;
791X509V3_EXT_V2I v2i;
792X509V3_EXT_R2I r2i;
793X509V3_EXT_I2R i2r;
794
795void *usr_data;
796};
797
798The elements have the following meanings.
799
800ext_nid is the NID of the object identifier of the extension.
801
802ext_flags is set of flags. Currently the only external flag is
803 X509V3_EXT_MULTILINE which means a multi valued extensions
804 should be printed on separate lines.
805
806usr_data is an extension specific pointer to any relevant data. This
807 allows extensions to share identical code but have different
808 uses. An example of this is the bit string extension which uses
809 usr_data to contain a list of the bit names.
810
811All the remaining elements are function pointers.
812
813ext_new is a pointer to a function that allocates memory for the
814 extension ASN1 structure: for example ASN1_OBJECT_new().
815
816ext_free is a pointer to a function that free up memory of the extension
817 ASN1 structure: for example ASN1_OBJECT_free().
818
819d2i is the standard ASN1 function that converts a DER buffer into
820 the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
821
822i2d is the standard ASN1 function that converts the internal
823 structure into the DER representation: for example
824 i2d_ASN1_IA5STRING().
825
826The remaining functions are depend on the type of extension. One i2X and
827one X2i should be set and the rest set to NULL. The types set do not need
828to match up, for example the extension could be set using the multi valued
829v2i function and printed out using the raw i2r.
830
831All functions have the X509V3_EXT_METHOD passed to them in the 'method'
832parameter and an X509V3_CTX structure. Extension code can then access the
833parent structure via the 'method' parameter to for example make use of the value
834of usr_data. If the code needs to use detail relating to the request it can
835use the 'ctx' parameter.
836
837A note should be given here about the 'flags' member of the 'ctx' parameter.
838If it has the value CTX_TEST then the configuration syntax is being checked
839and no actual certificate or CRL exists. Therefore any attempt in the config
840file to access such information should silently succeed. If the syntax is OK
841then it should simply return a (possibly bogus) extension, otherwise it
842should return NULL.
843
844char *i2s(struct v3_ext_method *method, void *ext);
845
846This function takes the internal structure in the ext parameter and returns
847a Malloc'ed string representing its value.
848
849void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
850
851This function takes the string representation in the ext parameter and returns
852an allocated internal structure: ext_free() will be used on this internal
853structure after use.
854
855i2v and v2i handle a STACK_OF(CONF_VALUE):
856
857typedef struct
858{
859 char *section;
860 char *name;
861 char *value;
862} CONF_VALUE;
863
864Only the name and value members are currently used.
865
866STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
867
868This function is passed the internal structure in the ext parameter and
869returns a STACK of CONF_VALUE structures. The values of name, value,
870section and the structure itself will be freed up with Free after use.
871Several helper functions are available to add values to this STACK.
872
873void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
874 STACK_OF(CONF_VALUE) *values);
875
876This function takes a STACK_OF(CONF_VALUE) structures and should set the
877values of the external structure. This typically uses the name element to
878determine which structure element to set and the value element to determine
879what to set it to. Several helper functions are available for this
880purpose (see above).
881
882int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
883
884This function is passed the internal extension structure in the ext parameter
885and sends out a human readable version of the extension to out. The 'indent'
886parameter should be noted to determine the necessary amount of indentation
887needed on the output.
888
889void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
890
891This is just passed the string representation of the extension. It is intended
892to be used for more elaborate extensions where the standard single and multi
893valued options are insufficient. They can use the 'ctx' parameter to parse the
894configuration database themselves. See the context functions section for details
895of how to do this.
896
897Note: although this type takes the same parameters as the "r2s" function there
898is a subtle difference. Whereas an "r2i" function can access a configuration
899database an "s2i" function MUST NOT. This is so the internal code can safely
900assume that an "s2i" function will work without a configuration database.
901
902==============================================================================
903 PKCS#12 Library
904==============================================================================
905
906This section describes the internal PKCS#12 support. There are very few
907differences between the old external library and the new internal code at
908present. This may well change because the external library will not be updated
909much in future.
910
911This version now includes a couple of high level PKCS#12 functions which
912generally "do the right thing" and should make it much easier to handle PKCS#12
913structures.
914
915HIGH LEVEL FUNCTIONS.
916
917For most applications you only need concern yourself with the high level
918functions. They can parse and generate simple PKCS#12 files as produced by
919Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
920private key and certificate pair.
921
9221. Initialisation and cleanup.
923
924No special initialisation is needed for the internal PKCS#12 library: the
925standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
926add all algorithms (you should at least add SHA1 though) then you can manually
927initialise the PKCS#12 library with:
928
929PKCS12_PBE_add();
930
931The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
932called or it can be directly freed with:
933
934EVP_PBE_cleanup();
935
936after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
937be called.
938
9392. I/O functions.
940
941i2d_PKCS12_bio(bp, p12)
942
943This writes out a PKCS12 structure to a BIO.
944
945i2d_PKCS12_fp(fp, p12)
946
947This is the same but for a FILE pointer.
948
949d2i_PKCS12_bio(bp, p12)
950
951This reads in a PKCS12 structure from a BIO.
952
953d2i_PKCS12_fp(fp, p12)
954
955This is the same but for a FILE pointer.
956
9573. High level functions.
958
9593.1 Parsing with PKCS12_parse().
960
961int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
962 STACK **ca);
963
964This function takes a PKCS12 structure and a password (ASCII, null terminated)
965and returns the private key, the corresponding certificate and any CA
966certificates. If any of these is not required it can be passed as a NULL.
967The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
968structure. Typically to read in a PKCS#12 file you might do:
969
970p12 = d2i_PKCS12_fp(fp, NULL);
971PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
972PKCS12_free(p12);
973
9743.2 PKCS#12 creation with PKCS12_create().
975
976PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
977 STACK *ca, int nid_key, int nid_cert, int iter,
978 int mac_iter, int keytype);
979
980This function will create a PKCS12 structure from a given password, name,
981private key, certificate and optional STACK of CA certificates. The remaining
9825 parameters can be set to 0 and sensible defaults will be used.
983
984The parameters nid_key and nid_cert are the key and certificate encryption
985algorithms, iter is the encryption iteration count, mac_iter is the MAC
986iteration count and keytype is the type of private key. If you really want
987to know what these last 5 parameters do then read the low level section.
988
989Typically to create a PKCS#12 file the following could be used:
990
991p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
992i2d_PKCS12_fp(fp, p12);
993PKCS12_free(p12);
994
9953.3 Changing a PKCS#12 structure password.
996
997int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
998
999This changes the password of an already existing PKCS#12 structure. oldpass
1000is the old password and newpass is the new one. An error occurs if the old
1001password is incorrect.
1002
1003LOW LEVEL FUNCTIONS.
1004
1005In some cases the high level functions do not provide the necessary
1006functionality. For example if you want to generate or parse more complex
1007PKCS#12 files. The sample pkcs12 application uses the low level functions
1008to display details about the internal structure of a PKCS#12 file.
1009
1010Introduction.
1011
1012This is a brief description of how a PKCS#12 file is represented internally:
1013some knowledge of PKCS#12 is assumed.
1014
1015A PKCS#12 object contains several levels.
1016
1017At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
1018CRL, a private key, encrypted or unencrypted, a set of safebags (so the
1019structure can be nested) or other secrets (not documented at present).
1020A safebag can optionally have attributes, currently these are: a unicode
1021friendlyName (a Unicode string) or a localKeyID (a string of bytes).
1022
1023At the next level is an authSafe which is a set of safebags collected into
1024a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
1025
1026At the top level is the PKCS12 structure itself which contains a set of
1027authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
1028contains a MAC which is a kind of password protected digest to preserve
1029integrity (so any unencrypted stuff below can't be tampered with).
1030
1031The reason for these levels is so various objects can be encrypted in various
1032ways. For example you might want to encrypt a set of private keys with
1033triple-DES and then include the related certificates either unencrypted or
1034with lower encryption. Yes it's the dreaded crypto laws at work again which
1035allow strong encryption on private keys and only weak encryption on other
1036stuff.
1037
1038To build one of these things you turn all certificates and keys into safebags
1039(with optional attributes). You collect the safebags into (one or more) STACKS
1040and convert these into authsafes (encrypted or unencrypted). The authsafes
1041are collected into a STACK and added to a PKCS12 structure. Finally a MAC
1042inserted.
1043
1044Pulling one apart is basically the reverse process. The MAC is verified against
1045the given password. The authsafes are extracted and each authsafe split into
1046a set of safebags (possibly involving decryption). Finally the safebags are
1047decomposed into the original keys and certificates and the attributes used to
1048match up private key and certificate pairs.
1049
1050Anyway here are the functions that do the dirty work.
1051
10521. Construction functions.
1053
10541.1 Safebag functions.
1055
1056M_PKCS12_x5092certbag(x509)
1057
1058This macro takes an X509 structure and returns a certificate bag. The
1059X509 structure can be freed up after calling this function.
1060
1061M_PKCS12_x509crl2certbag(crl)
1062
1063As above but for a CRL.
1064
1065PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
1066
1067Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
1068Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
1069structure contains a private key data in plain text form it should be free'd
1070up as soon as it has been encrypted for security reasons (freeing up the
1071structure zeros out the sensitive data). This can be done with
1072PKCS8_PRIV_KEY_INFO_free().
1073
1074PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
1075
1076This sets the key type when a key is imported into MSIE or Outlook 98. Two
1077values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
1078key that can also be used for signing but its size is limited in the export
1079versions of MS software to 512 bits, it is also the default. KEY_SIG is a
1080signing only key but the keysize is unlimited (well 16K is supposed to work).
1081If you are using the domestic version of MSIE then you can ignore this because
1082KEY_EX is not limited and can be used for both.
1083
1084PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
1085
1086Convert a PKCS8 private key structure into a keybag. This routine embeds the
1087p8 structure in the keybag so p8 should not be freed up or used after it is
1088called. The p8 structure will be freed up when the safebag is freed.
1089
1090PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
1091
1092Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
1093embedded and can be freed up after use.
1094
1095int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1096int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1097
1098Add a local key id or a friendlyname to a safebag.
1099
11001.2 Authsafe functions.
1101
1102PKCS7 *PKCS12_pack_p7data(STACK *sk)
1103Take a stack of safebags and convert them into an unencrypted authsafe. The
1104stack of safebags can be freed up after calling this function.
1105
1106PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
1107
1108As above but encrypted.
1109
11101.3 PKCS12 functions.
1111
1112PKCS12 *PKCS12_init(int mode)
1113
1114Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
1115
1116M_PKCS12_pack_authsafes(p12, safes)
1117
1118This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
1119
1120int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
1121
1122Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
1123that SHA-1 should be used.
1124
11252. Extraction Functions.
1126
11272.1 Safebags.
1128
1129M_PKCS12_bag_type(bag)
1130
1131Return the type of "bag". Returns one of the following
1132
1133NID_keyBag
1134NID_pkcs8ShroudedKeyBag 7
1135NID_certBag 8
1136NID_crlBag 9
1137NID_secretBag 10
1138NID_safeContentsBag 11
1139
1140M_PKCS12_cert_bag_type(bag)
1141
1142Returns type of certificate bag, following are understood.
1143
1144NID_x509Certificate 14
1145NID_sdsiCertificate 15
1146
1147M_PKCS12_crl_bag_type(bag)
1148
1149Returns crl bag type, currently only NID_crlBag is recognised.
1150
1151M_PKCS12_certbag2x509(bag)
1152
1153This macro extracts an X509 certificate from a certificate bag.
1154
1155M_PKCS12_certbag2x509crl(bag)
1156
1157As above but for a CRL.
1158
1159EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
1160
1161Extract a private key from a PKCS8 private key info structure.
1162
1163M_PKCS12_decrypt_skey(bag, pass, passlen)
1164
1165Decrypt a shrouded key bag and return a PKCS8 private key info structure.
1166Works with both RSA and DSA keys
1167
1168char *PKCS12_get_friendlyname(bag)
1169
1170Returns the friendlyName of a bag if present or NULL if none. The returned
1171string is a null terminated ASCII string allocated with Malloc(). It should
1172thus be freed up with Free() after use.
1173
11742.2 AuthSafe functions.
1175
1176M_PKCS12_unpack_p7data(p7)
1177
1178Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
1179
1180#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
1181
1182As above but for an encrypted content info.
1183
11842.3 PKCS12 functions.
1185
1186M_PKCS12_unpack_authsafes(p12)
1187
1188Extract a STACK of authsafes from a PKCS12 structure.
1189
1190M_PKCS12_mac_present(p12)
1191
1192Check to see if a MAC is present.
1193
1194int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
1195
1196Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
1197
1198
1199Notes.
1200
12011. All the function return 0 or NULL on error.
12022. Encryption based functions take a common set of parameters. These are
1203described below.
1204
1205pass, passlen
1206ASCII password and length. The password on the MAC is called the "integrity
1207password" the encryption password is called the "privacy password" in the
1208PKCS#12 documentation. The passwords do not have to be the same. If -1 is
1209passed for the length it is worked out by the function itself (currently
1210this is sometimes done whatever is passed as the length but that may change).
1211
1212salt, saltlen
1213A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
1214default length is used.
1215
1216iter
1217Iteration count. This is a measure of how many times an internal function is
1218called to encrypt the data. The larger this value is the longer it takes, it
1219makes dictionary attacks on passwords harder. NOTE: Some implementations do
1220not support an iteration count on the MAC. If the password for the MAC and
1221encryption is the same then there is no point in having a high iteration
1222count for encryption if the MAC has no count. The MAC could be attacked
1223and the password used for the main decryption.
1224
1225pbe_nid
1226This is the NID of the password based encryption method used. The following are
1227supported.
1228NID_pbe_WithSHA1And128BitRC4
1229NID_pbe_WithSHA1And40BitRC4
1230NID_pbe_WithSHA1And3_Key_TripleDES_CBC
1231NID_pbe_WithSHA1And2_Key_TripleDES_CBC
1232NID_pbe_WithSHA1And128BitRC2_CBC
1233NID_pbe_WithSHA1And40BitRC2_CBC
1234
1235Which you use depends on the implementation you are exporting to. "Export
1236grade" (i.e. cryptographically challenged) products cannot support all
1237algorithms. Typically you may be able to use any encryption on shrouded key
1238bags but they must then be placed in an unencrypted authsafe. Other authsafes
1239may only support 40bit encryption. Of course if you are using SSLeay
1240throughout you can strongly encrypt everything and have high iteration counts
1241on everything.
1242
12433. For decryption routines only the password and length are needed.
1244
12454. Unlike the external version the nid's of objects are the values of the
1246constants: that is NID_certBag is the real nid, therefore there is no
1247PKCS12_obj_offset() function. Note the object constants are not the same as
1248those of the external version. If you use these constants then you will need
1249to recompile your code.
1250
12515. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or
1252macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
1253reused or freed up safely.
1254
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index 7bada8d35f..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,285 +0,0 @@
1Standards related to OpenSSL
2============================
3
4[Please, this is currently a draft. I made a first try at finding
5 documents that describe parts of what OpenSSL implements. There are
6 big gaps, and I've most certainly done something wrong. Please
7 correct whatever is... Also, this note should be removed when this
8 file is reaching a somewhat correct state. -- Richard Levitte]
9
10
11All pointers in here will be either URL's or blobs of text borrowed
12from miscellaneous indexes, like rfc-index.txt (index of RFCs),
131id-index.txt (index of Internet drafts) and the like.
14
15To find the latest possible RFCs, it's recommended to either browse
16ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
17use the search mechanism found there.
18To find the latest possible Internet drafts, it's recommended to
19browse ftp://ftp.isi.edu/internet-drafts/.
20To find the latest possible PKCS, it's recommended to browse
21http://www.rsasecurity.com/rsalabs/pkcs/.
22
23
24Implemented:
25------------
26
27These are documents that describe things that are implemented (in
28whole or at least great parts) in OpenSSL.
29
301319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
31 (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
32
331320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
34 TXT=32407 bytes) (Status: INFORMATIONAL)
35
361321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
37 TXT=35222 bytes) (Status: INFORMATIONAL)
38
392246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
40 (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
41
422268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
43 January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
44
452315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
46 March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
47
48PKCS#8: Private-Key Information Syntax Standard
49
50PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
51
522560 X.509 Internet Public Key Infrastructure Online Certificate
53 Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
54 C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
55 STANDARD)
56
572712 Addition of Kerberos Cipher Suites to Transport Layer Security
58 (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
59 (Status: PROPOSED STANDARD)
60
612898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
62 B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
63 INFORMATIONAL)
64
652986 PKCS #10: Certification Request Syntax Specification Version 1.7.
66 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
67 (Obsoletes RFC2314) (Status: INFORMATIONAL)
68
693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
71
723161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
73 C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
74 (Status: PROPOSED STANDARD)
75
763268 Advanced Encryption Standard (AES) Ciphersuites for Transport
77 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
78 (Status: PROPOSED STANDARD)
79
803279 Algorithms and Identifiers for the Internet X.509 Public Key
81 Infrastructure Certificate and Certificate Revocation List (CRL)
82 Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
83 TXT=53833 bytes) (Status: PROPOSED STANDARD)
84
853280 Internet X.509 Public Key Infrastructure Certificate and
86 Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
87 Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
88 RFC2459) (Status: PROPOSED STANDARD)
89
903447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
91 Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
92 (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
93 INFORMATIONAL)
94
953713 A Description of the Camellia Encryption Algorithm. M. Matsui,
96 J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
97 (Status: INFORMATIONAL)
98
993820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
100 Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
101 June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
102
1034132 Addition of Camellia Cipher Suites to Transport Layer Security
104 (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
105 bytes) (Status: PROPOSED STANDARD)
106
1074162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
108 H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
109 (Status: PROPOSED STANDARD)
110
1114269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
112 D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
113 (Obsoletes RFC4009) (Status: INFORMATIONAL)
114
115
116Related:
117--------
118
119These are documents that are close to OpenSSL, for example the
120STARTTLS documents.
121
1221421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
123 Encryption and Authentication Procedures. J. Linn. February 1993.
124 (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
125 STANDARD)
126
1271422 Privacy Enhancement for Internet Electronic Mail: Part II:
128 Certificate-Based Key Management. S. Kent. February 1993. (Format:
129 TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
130
1311423 Privacy Enhancement for Internet Electronic Mail: Part III:
132 Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
133 (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
134 STANDARD)
135
1361424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
137 Certification and Related Services. B. Kaliski. February 1993.
138 (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
139
1402025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
141 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
142
1432510 Internet X.509 Public Key Infrastructure Certificate Management
144 Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
145 bytes) (Status: PROPOSED STANDARD)
146
1472511 Internet X.509 Certificate Request Message Format. M. Myers, C.
148 Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
149 (Status: PROPOSED STANDARD)
150
1512527 Internet X.509 Public Key Infrastructure Certificate Policy and
152 Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
153 (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
154
1552538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
156 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
157 PROPOSED STANDARD)
158
1592539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
160 D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
161 PROPOSED STANDARD)
162
1632559 Internet X.509 Public Key Infrastructure Operational Protocols -
164 LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
165 TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
166
1672585 Internet X.509 Public Key Infrastructure Operational Protocols:
168 FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
169 bytes) (Status: PROPOSED STANDARD)
170
1712587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
172 Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
173 (Status: PROPOSED STANDARD)
174
1752595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
176 (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
177
1782631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
179 (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
180
1812632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
182 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
183
1842716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
185 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
186
1872773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
188 February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
189 EXPERIMENTAL)
190
1912797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
192 Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
193 PROPOSED STANDARD)
194
1952817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
196 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
197 STANDARD)
198
1992818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
200 (Status: INFORMATIONAL)
201
2022876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
203 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
204
2052984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
206 October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
207
2082985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
209 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
210 (Status: INFORMATIONAL)
211
2123029 Internet X.509 Public Key Infrastructure Data Validation and
213 Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
214 R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
215 EXPERIMENTAL)
216
2173039 Internet X.509 Public Key Infrastructure Qualified Certificates
218 Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
219 (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
220
2213058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
222 Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
223 (Status: INFORMATIONAL)
224
2253161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
226 (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
227 (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
228
2293185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
230 October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
231
2323207 SMTP Service Extension for Secure SMTP over Transport Layer
233 Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
234 (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
235
2363217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
237 (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
238
2393274 Compressed Data Content Type for Cryptographic Message Syntax
240 (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
241 PROPOSED STANDARD)
242
2433278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
244 Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
245 Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
246 INFORMATIONAL)
247
2483281 An Internet Attribute Certificate Profile for Authorization. S.
249 Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
250 PROPOSED STANDARD)
251
2523369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
253 (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
254 PROPOSED STANDARD)
255
2563370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
257 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
258 PROPOSED STANDARD)
259
2603377 Lightweight Directory Access Protocol (v3): Technical
261 Specification. J. Hodges, R. Morgan. September 2002. (Format:
262 TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
263 RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
264
2653394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
266 R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
267 INFORMATIONAL)
268
2693436 Transport Layer Security over Stream Control Transmission
270 Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
271 (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
272
2733657 Use of the Camellia Encryption Algorithm in Cryptographic
274 Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
275 (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
276
277"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
278
279
280To be implemented:
281------------------
282
283These are documents that describe things that are planed to be
284implemented in the hopefully short future.
285
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
deleted file mode 100644
index 5008bf6081..0000000000
--- a/src/lib/libssl/dtls1.h
+++ /dev/null
@@ -1,283 +0,0 @@
1/* ssl/dtls1.h */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifndef HEADER_DTLS1_H
61#define HEADER_DTLS1_H
62
63#include <openssl/buffer.h>
64#include <openssl/pqueue.h>
65#ifdef OPENSSL_SYS_VMS
66#include <resource.h>
67#include <sys/timeb.h>
68#endif
69#ifdef OPENSSL_SYS_WIN32
70/* Needed for struct timeval */
71#include <winsock.h>
72#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
73#include <sys/timeval.h>
74#else
75#include <sys/time.h>
76#endif
77
78#ifdef __cplusplus
79extern "C" {
80#endif
81
82#define DTLS1_VERSION 0xFEFF
83#define DTLS1_BAD_VER 0x0100
84
85#if 0
86/* this alert description is not specified anywhere... */
87#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
88#endif
89
90/* lengths of messages */
91#define DTLS1_COOKIE_LENGTH 256
92
93#define DTLS1_RT_HEADER_LENGTH 13
94
95#define DTLS1_HM_HEADER_LENGTH 12
96
97#define DTLS1_HM_BAD_FRAGMENT -2
98#define DTLS1_HM_FRAGMENT_RETRY -3
99
100#define DTLS1_CCS_HEADER_LENGTH 1
101
102#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
103#define DTLS1_AL_HEADER_LENGTH 7
104#else
105#define DTLS1_AL_HEADER_LENGTH 2
106#endif
107
108#ifndef OPENSSL_NO_SSL_INTERN
109
110#ifndef OPENSSL_NO_SCTP
111#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
112#endif
113
114typedef struct dtls1_bitmap_st
115 {
116 unsigned long map; /* track 32 packets on 32-bit systems
117 and 64 - on 64-bit systems */
118 unsigned char max_seq_num[8]; /* max record number seen so far,
119 64-bit value in big-endian
120 encoding */
121 } DTLS1_BITMAP;
122
123struct dtls1_retransmit_state
124 {
125 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
126 EVP_MD_CTX *write_hash; /* used for mac generation */
127#ifndef OPENSSL_NO_COMP
128 COMP_CTX *compress; /* compression */
129#else
130 char *compress;
131#endif
132 SSL_SESSION *session;
133 unsigned short epoch;
134 };
135
136struct hm_header_st
137 {
138 unsigned char type;
139 unsigned long msg_len;
140 unsigned short seq;
141 unsigned long frag_off;
142 unsigned long frag_len;
143 unsigned int is_ccs;
144 struct dtls1_retransmit_state saved_retransmit_state;
145 };
146
147struct ccs_header_st
148 {
149 unsigned char type;
150 unsigned short seq;
151 };
152
153struct dtls1_timeout_st
154 {
155 /* Number of read timeouts so far */
156 unsigned int read_timeouts;
157
158 /* Number of write timeouts so far */
159 unsigned int write_timeouts;
160
161 /* Number of alerts received so far */
162 unsigned int num_alerts;
163 };
164
165typedef struct record_pqueue_st
166 {
167 unsigned short epoch;
168 pqueue q;
169 } record_pqueue;
170
171typedef struct hm_fragment_st
172 {
173 struct hm_header_st msg_header;
174 unsigned char *fragment;
175 unsigned char *reassembly;
176 } hm_fragment;
177
178typedef struct dtls1_state_st
179 {
180 unsigned int send_cookie;
181 unsigned char cookie[DTLS1_COOKIE_LENGTH];
182 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
183 unsigned int cookie_len;
184
185 /*
186 * The current data and handshake epoch. This is initially
187 * undefined, and starts at zero once the initial handshake is
188 * completed
189 */
190 unsigned short r_epoch;
191 unsigned short w_epoch;
192
193 /* records being received in the current epoch */
194 DTLS1_BITMAP bitmap;
195
196 /* renegotiation starts a new set of sequence numbers */
197 DTLS1_BITMAP next_bitmap;
198
199 /* handshake message numbers */
200 unsigned short handshake_write_seq;
201 unsigned short next_handshake_write_seq;
202
203 unsigned short handshake_read_seq;
204
205 /* save last sequence number for retransmissions */
206 unsigned char last_write_sequence[8];
207
208 /* Received handshake records (processed and unprocessed) */
209 record_pqueue unprocessed_rcds;
210 record_pqueue processed_rcds;
211
212 /* Buffered handshake messages */
213 pqueue buffered_messages;
214
215 /* Buffered (sent) handshake records */
216 pqueue sent_messages;
217
218 /* Buffered application records.
219 * Only for records between CCS and Finished
220 * to prevent either protocol violation or
221 * unnecessary message loss.
222 */
223 record_pqueue buffered_app_data;
224
225 /* Is set when listening for new connections with dtls1_listen() */
226 unsigned int listen;
227
228 unsigned int mtu; /* max DTLS packet size */
229
230 struct hm_header_st w_msg_hdr;
231 struct hm_header_st r_msg_hdr;
232
233 struct dtls1_timeout_st timeout;
234
235 /* Indicates when the last handshake msg or heartbeat sent will timeout */
236 struct timeval next_timeout;
237
238 /* Timeout duration */
239 unsigned short timeout_duration;
240
241 /* storage for Alert/Handshake protocol data received but not
242 * yet processed by ssl3_read_bytes: */
243 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
244 unsigned int alert_fragment_len;
245 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
246 unsigned int handshake_fragment_len;
247
248 unsigned int retransmitting;
249 unsigned int change_cipher_spec_ok;
250
251#ifndef OPENSSL_NO_SCTP
252 /* used when SSL_ST_XX_FLUSH is entered */
253 int next_state;
254
255 int shutdown_received;
256#endif
257
258 } DTLS1_STATE;
259
260typedef struct dtls1_record_data_st
261 {
262 unsigned char *packet;
263 unsigned int packet_length;
264 SSL3_BUFFER rbuf;
265 SSL3_RECORD rrec;
266#ifndef OPENSSL_NO_SCTP
267 struct bio_dgram_sctp_rcvinfo recordinfo;
268#endif
269 } DTLS1_RECORD_DATA;
270
271#endif
272
273/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
274#define DTLS1_TMO_READ_COUNT 2
275#define DTLS1_TMO_WRITE_COUNT 2
276
277#define DTLS1_TMO_ALERT_COUNT 12
278
279#ifdef __cplusplus
280}
281#endif
282#endif
283
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
deleted file mode 100644
index 47673e740a..0000000000
--- a/src/lib/libssl/s23_clnt.c
+++ /dev/null
@@ -1,779 +0,0 @@
1/* ssl/s23_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#include <openssl/buffer.h>
115#include <openssl/rand.h>
116#include <openssl/objects.h>
117#include <openssl/evp.h>
118
119static const SSL_METHOD *ssl23_get_client_method(int ver);
120static int ssl23_client_hello(SSL *s);
121static int ssl23_get_server_hello(SSL *s);
122static const SSL_METHOD *ssl23_get_client_method(int ver)
123 {
124#ifndef OPENSSL_NO_SSL2
125 if (ver == SSL2_VERSION)
126 return(SSLv2_client_method());
127#endif
128 if (ver == SSL3_VERSION)
129 return(SSLv3_client_method());
130 else if (ver == TLS1_VERSION)
131 return(TLSv1_client_method());
132 else if (ver == TLS1_1_VERSION)
133 return(TLSv1_1_client_method());
134 else if (ver == TLS1_2_VERSION)
135 return(TLSv1_2_client_method());
136 else
137 return(NULL);
138 }
139
140IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
141 ssl_undefined_function,
142 ssl23_connect,
143 ssl23_get_client_method)
144
145int ssl23_connect(SSL *s)
146 {
147 BUF_MEM *buf=NULL;
148 unsigned long Time=(unsigned long)time(NULL);
149 void (*cb)(const SSL *ssl,int type,int val)=NULL;
150 int ret= -1;
151 int new_state,state;
152
153 RAND_add(&Time,sizeof(Time),0);
154 ERR_clear_error();
155 clear_sys_error();
156
157 if (s->info_callback != NULL)
158 cb=s->info_callback;
159 else if (s->ctx->info_callback != NULL)
160 cb=s->ctx->info_callback;
161
162 s->in_handshake++;
163 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
164
165 for (;;)
166 {
167 state=s->state;
168
169 switch(s->state)
170 {
171 case SSL_ST_BEFORE:
172 case SSL_ST_CONNECT:
173 case SSL_ST_BEFORE|SSL_ST_CONNECT:
174 case SSL_ST_OK|SSL_ST_CONNECT:
175
176 if (s->session != NULL)
177 {
178 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
179 ret= -1;
180 goto end;
181 }
182 s->server=0;
183 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
184
185 /* s->version=TLS1_VERSION; */
186 s->type=SSL_ST_CONNECT;
187
188 if (s->init_buf == NULL)
189 {
190 if ((buf=BUF_MEM_new()) == NULL)
191 {
192 ret= -1;
193 goto end;
194 }
195 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
196 {
197 ret= -1;
198 goto end;
199 }
200 s->init_buf=buf;
201 buf=NULL;
202 }
203
204 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
205
206 ssl3_init_finished_mac(s);
207
208 s->state=SSL23_ST_CW_CLNT_HELLO_A;
209 s->ctx->stats.sess_connect++;
210 s->init_num=0;
211 break;
212
213 case SSL23_ST_CW_CLNT_HELLO_A:
214 case SSL23_ST_CW_CLNT_HELLO_B:
215
216 s->shutdown=0;
217 ret=ssl23_client_hello(s);
218 if (ret <= 0) goto end;
219 s->state=SSL23_ST_CR_SRVR_HELLO_A;
220 s->init_num=0;
221
222 break;
223
224 case SSL23_ST_CR_SRVR_HELLO_A:
225 case SSL23_ST_CR_SRVR_HELLO_B:
226 ret=ssl23_get_server_hello(s);
227 if (ret >= 0) cb=NULL;
228 goto end;
229 /* break; */
230
231 default:
232 SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
233 ret= -1;
234 goto end;
235 /* break; */
236 }
237
238 if (s->debug) { (void)BIO_flush(s->wbio); }
239
240 if ((cb != NULL) && (s->state != state))
241 {
242 new_state=s->state;
243 s->state=state;
244 cb(s,SSL_CB_CONNECT_LOOP,1);
245 s->state=new_state;
246 }
247 }
248end:
249 s->in_handshake--;
250 if (buf != NULL)
251 BUF_MEM_free(buf);
252 if (cb != NULL)
253 cb(s,SSL_CB_CONNECT_EXIT,ret);
254 return(ret);
255 }
256
257static int ssl23_no_ssl2_ciphers(SSL *s)
258 {
259 SSL_CIPHER *cipher;
260 STACK_OF(SSL_CIPHER) *ciphers;
261 int i;
262 ciphers = SSL_get_ciphers(s);
263 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
264 {
265 cipher = sk_SSL_CIPHER_value(ciphers, i);
266 if (cipher->algorithm_ssl == SSL_SSLV2)
267 return 0;
268 }
269 return 1;
270 }
271
272static int ssl23_client_hello(SSL *s)
273 {
274 unsigned char *buf;
275 unsigned char *p,*d;
276 int i,ch_len;
277 unsigned long Time,l;
278 int ssl2_compat;
279 int version = 0, version_major, version_minor;
280#ifndef OPENSSL_NO_COMP
281 int j;
282 SSL_COMP *comp;
283#endif
284 int ret;
285 unsigned long mask, options = s->options;
286
287 ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
288
289 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
290 ssl2_compat = 0;
291
292 /*
293 * SSL_OP_NO_X disables all protocols above X *if* there are
294 * some protocols below X enabled. This is required in order
295 * to maintain "version capability" vector contiguous. So
296 * that if application wants to disable TLS1.0 in favour of
297 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
298 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
299 */
300 mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1
301#if !defined(OPENSSL_NO_SSL3)
302 |SSL_OP_NO_SSLv3
303#endif
304#if !defined(OPENSSL_NO_SSL2)
305 |(ssl2_compat?SSL_OP_NO_SSLv2:0)
306#endif
307 ;
308#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
309 version = TLS1_2_VERSION;
310
311 if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
312 version = TLS1_1_VERSION;
313#else
314 version = TLS1_1_VERSION;
315#endif
316 mask &= ~SSL_OP_NO_TLSv1_1;
317 if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
318 version = TLS1_VERSION;
319 mask &= ~SSL_OP_NO_TLSv1;
320#if !defined(OPENSSL_NO_SSL3)
321 if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
322 version = SSL3_VERSION;
323 mask &= ~SSL_OP_NO_SSLv3;
324#endif
325#if !defined(OPENSSL_NO_SSL2)
326 if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask)
327 version = SSL2_VERSION;
328#endif
329
330#ifndef OPENSSL_NO_TLSEXT
331 if (version != SSL2_VERSION)
332 {
333 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
334
335 if (s->tlsext_hostname != NULL)
336 ssl2_compat = 0;
337 if (s->tlsext_status_type != -1)
338 ssl2_compat = 0;
339#ifdef TLSEXT_TYPE_opaque_prf_input
340 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
341 ssl2_compat = 0;
342#endif
343 }
344#endif
345
346 buf=(unsigned char *)s->init_buf->data;
347 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
348 {
349#if 0
350 /* don't reuse session-id's */
351 if (!ssl_get_new_session(s,0))
352 {
353 return(-1);
354 }
355#endif
356
357 p=s->s3->client_random;
358 Time=(unsigned long)time(NULL); /* Time */
359 l2n(Time,p);
360 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
361 return -1;
362
363 if (version == TLS1_2_VERSION)
364 {
365 version_major = TLS1_2_VERSION_MAJOR;
366 version_minor = TLS1_2_VERSION_MINOR;
367 }
368 else if (version == TLS1_1_VERSION)
369 {
370 version_major = TLS1_1_VERSION_MAJOR;
371 version_minor = TLS1_1_VERSION_MINOR;
372 }
373 else if (version == TLS1_VERSION)
374 {
375 version_major = TLS1_VERSION_MAJOR;
376 version_minor = TLS1_VERSION_MINOR;
377 }
378#ifdef OPENSSL_FIPS
379 else if(FIPS_mode())
380 {
381 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
382 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
383 return -1;
384 }
385#endif
386 else if (version == SSL3_VERSION)
387 {
388 version_major = SSL3_VERSION_MAJOR;
389 version_minor = SSL3_VERSION_MINOR;
390 }
391 else if (version == SSL2_VERSION)
392 {
393 version_major = SSL2_VERSION_MAJOR;
394 version_minor = SSL2_VERSION_MINOR;
395 }
396 else
397 {
398 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
399 return(-1);
400 }
401
402 s->client_version = version;
403
404 if (ssl2_compat)
405 {
406 /* create SSL 2.0 compatible Client Hello */
407
408 /* two byte record header will be written last */
409 d = &(buf[2]);
410 p = d + 9; /* leave space for message type, version, individual length fields */
411
412 *(d++) = SSL2_MT_CLIENT_HELLO;
413 *(d++) = version_major;
414 *(d++) = version_minor;
415
416 /* Ciphers supported */
417 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
418 if (i == 0)
419 {
420 /* no ciphers */
421 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
422 return -1;
423 }
424 s2n(i,d);
425 p+=i;
426
427 /* put in the session-id length (zero since there is no reuse) */
428#if 0
429 s->session->session_id_length=0;
430#endif
431 s2n(0,d);
432
433 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
434 ch_len=SSL2_CHALLENGE_LENGTH;
435 else
436 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
437
438 /* write out sslv2 challenge */
439 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
440 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
441 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
442 check in for futurproofing */
443 if (SSL3_RANDOM_SIZE < ch_len)
444 i=SSL3_RANDOM_SIZE;
445 else
446 i=ch_len;
447 s2n(i,d);
448 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
449 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
450 return -1;
451
452 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
453 p+=i;
454
455 i= p- &(buf[2]);
456 buf[0]=((i>>8)&0xff)|0x80;
457 buf[1]=(i&0xff);
458
459 /* number of bytes to write */
460 s->init_num=i+2;
461 s->init_off=0;
462
463 ssl3_finish_mac(s,&(buf[2]),i);
464 }
465 else
466 {
467 /* create Client Hello in SSL 3.0/TLS 1.0 format */
468
469 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
470 d = p = &(buf[9]);
471
472 *(p++) = version_major;
473 *(p++) = version_minor;
474
475 /* Random stuff */
476 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
477 p += SSL3_RANDOM_SIZE;
478
479 /* Session ID (zero since there is no reuse) */
480 *(p++) = 0;
481
482 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
483 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
484 if (i == 0)
485 {
486 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
487 return -1;
488 }
489#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
490 /* Some servers hang if client hello > 256 bytes
491 * as hack workaround chop number of supported ciphers
492 * to keep it well below this if we use TLS v1.2
493 */
494 if (TLS1_get_version(s) >= TLS1_2_VERSION
495 && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
496 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
497#endif
498 s2n(i,p);
499 p+=i;
500
501 /* COMPRESSION */
502#ifdef OPENSSL_NO_COMP
503 *(p++)=1;
504#else
505 if ((s->options & SSL_OP_NO_COMPRESSION)
506 || !s->ctx->comp_methods)
507 j=0;
508 else
509 j=sk_SSL_COMP_num(s->ctx->comp_methods);
510 *(p++)=1+j;
511 for (i=0; i<j; i++)
512 {
513 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
514 *(p++)=comp->id;
515 }
516#endif
517 *(p++)=0; /* Add the NULL method */
518
519#ifndef OPENSSL_NO_TLSEXT
520 /* TLS extensions*/
521 if (ssl_prepare_clienthello_tlsext(s) <= 0)
522 {
523 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
524 return -1;
525 }
526 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
527 {
528 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
529 return -1;
530 }
531#endif
532
533 l = p-d;
534
535 /* fill in 4-byte handshake header */
536 d=&(buf[5]);
537 *(d++)=SSL3_MT_CLIENT_HELLO;
538 l2n3(l,d);
539
540 l += 4;
541
542 if (l > SSL3_RT_MAX_PLAIN_LENGTH)
543 {
544 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
545 return -1;
546 }
547
548 /* fill in 5-byte record header */
549 d=buf;
550 *(d++) = SSL3_RT_HANDSHAKE;
551 *(d++) = version_major;
552 /* Some servers hang if we use long client hellos
553 * and a record number > TLS 1.0.
554 */
555 if (TLS1_get_client_version(s) > TLS1_VERSION)
556 *(d++) = 1;
557 else
558 *(d++) = version_minor;
559 s2n((int)l,d);
560
561 /* number of bytes to write */
562 s->init_num=p-buf;
563 s->init_off=0;
564
565 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
566 }
567
568 s->state=SSL23_ST_CW_CLNT_HELLO_B;
569 s->init_off=0;
570 }
571
572 /* SSL3_ST_CW_CLNT_HELLO_B */
573 ret = ssl23_write_bytes(s);
574
575 if ((ret >= 2) && s->msg_callback)
576 {
577 /* Client Hello has been sent; tell msg_callback */
578
579 if (ssl2_compat)
580 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
581 else
582 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
583 }
584
585 return ret;
586 }
587
588static int ssl23_get_server_hello(SSL *s)
589 {
590 char buf[8];
591 unsigned char *p;
592 int i;
593 int n;
594
595 n=ssl23_read_bytes(s,7);
596
597 if (n != 7) return(n);
598 p=s->packet;
599
600 memcpy(buf,p,n);
601
602 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
603 (p[5] == 0x00) && (p[6] == 0x02))
604 {
605#ifdef OPENSSL_NO_SSL2
606 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
607 goto err;
608#else
609 /* we are talking sslv2 */
610 /* we need to clean up the SSLv3 setup and put in the
611 * sslv2 stuff. */
612 int ch_len;
613
614 if (s->options & SSL_OP_NO_SSLv2)
615 {
616 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
617 goto err;
618 }
619 if (s->s2 == NULL)
620 {
621 if (!ssl2_new(s))
622 goto err;
623 }
624 else
625 ssl2_clear(s);
626
627 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
628 ch_len=SSL2_CHALLENGE_LENGTH;
629 else
630 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
631
632 /* write out sslv2 challenge */
633 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
634 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
635 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
636 futurproofing */
637 i=(SSL3_RANDOM_SIZE < ch_len)
638 ?SSL3_RANDOM_SIZE:ch_len;
639 s->s2->challenge_length=i;
640 memcpy(s->s2->challenge,
641 &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
642
643 if (s->s3 != NULL) ssl3_free(s);
644
645 if (!BUF_MEM_grow_clean(s->init_buf,
646 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
647 {
648 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
649 goto err;
650 }
651
652 s->state=SSL2_ST_GET_SERVER_HELLO_A;
653 if (!(s->client_version == SSL2_VERSION))
654 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
655 s->s2->ssl2_rollback=1;
656
657 /* setup the 7 bytes we have read so we get them from
658 * the sslv2 buffer */
659 s->rstate=SSL_ST_READ_HEADER;
660 s->packet_length=n;
661 s->packet= &(s->s2->rbuf[0]);
662 memcpy(s->packet,buf,n);
663 s->s2->rbuf_left=n;
664 s->s2->rbuf_offs=0;
665
666 /* we have already written one */
667 s->s2->write_sequence=1;
668
669 s->method=SSLv2_client_method();
670 s->handshake_func=s->method->ssl_connect;
671#endif
672 }
673 else if (p[1] == SSL3_VERSION_MAJOR &&
674 p[2] <= TLS1_2_VERSION_MINOR &&
675 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
676 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
677 {
678 /* we have sslv3 or tls1 (server hello or alert) */
679
680 if ((p[2] == SSL3_VERSION_MINOR) &&
681 !(s->options & SSL_OP_NO_SSLv3))
682 {
683#ifdef OPENSSL_FIPS
684 if(FIPS_mode())
685 {
686 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
687 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
688 goto err;
689 }
690#endif
691 s->version=SSL3_VERSION;
692 s->method=SSLv3_client_method();
693 }
694 else if ((p[2] == TLS1_VERSION_MINOR) &&
695 !(s->options & SSL_OP_NO_TLSv1))
696 {
697 s->version=TLS1_VERSION;
698 s->method=TLSv1_client_method();
699 }
700 else if ((p[2] == TLS1_1_VERSION_MINOR) &&
701 !(s->options & SSL_OP_NO_TLSv1_1))
702 {
703 s->version=TLS1_1_VERSION;
704 s->method=TLSv1_1_client_method();
705 }
706 else if ((p[2] == TLS1_2_VERSION_MINOR) &&
707 !(s->options & SSL_OP_NO_TLSv1_2))
708 {
709 s->version=TLS1_2_VERSION;
710 s->method=TLSv1_2_client_method();
711 }
712 else
713 {
714 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
715 goto err;
716 }
717
718 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
719 {
720 /* fatal alert */
721
722 void (*cb)(const SSL *ssl,int type,int val)=NULL;
723 int j;
724
725 if (s->info_callback != NULL)
726 cb=s->info_callback;
727 else if (s->ctx->info_callback != NULL)
728 cb=s->ctx->info_callback;
729
730 i=p[5];
731 if (cb != NULL)
732 {
733 j=(i<<8)|p[6];
734 cb(s,SSL_CB_READ_ALERT,j);
735 }
736
737 if (s->msg_callback)
738 s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
739
740 s->rwstate=SSL_NOTHING;
741 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
742 goto err;
743 }
744
745 if (!ssl_init_wbio_buffer(s,1)) goto err;
746
747 /* we are in this state */
748 s->state=SSL3_ST_CR_SRVR_HELLO_A;
749
750 /* put the 7 bytes we have read into the input buffer
751 * for SSLv3 */
752 s->rstate=SSL_ST_READ_HEADER;
753 s->packet_length=n;
754 if (s->s3->rbuf.buf == NULL)
755 if (!ssl3_setup_read_buffer(s))
756 goto err;
757 s->packet= &(s->s3->rbuf.buf[0]);
758 memcpy(s->packet,buf,n);
759 s->s3->rbuf.left=n;
760 s->s3->rbuf.offset=0;
761
762 s->handshake_func=s->method->ssl_connect;
763 }
764 else
765 {
766 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
767 goto err;
768 }
769 s->init_num=0;
770
771 /* Since, if we are sending a ssl23 client hello, we are not
772 * reusing a session-id */
773 if (!ssl_get_new_session(s,0))
774 goto err;
775
776 return(SSL_connect(s));
777err:
778 return(-1);
779 }
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
deleted file mode 100644
index 3bf728318a..0000000000
--- a/src/lib/libssl/s23_lib.c
+++ /dev/null
@@ -1,187 +0,0 @@
1/* ssl/s23_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63long ssl23_default_timeout(void)
64 {
65 return(300);
66 }
67
68int ssl23_num_ciphers(void)
69 {
70 return(ssl3_num_ciphers()
71#ifndef OPENSSL_NO_SSL2
72 + ssl2_num_ciphers()
73#endif
74 );
75 }
76
77const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
78 {
79 unsigned int uu=ssl3_num_ciphers();
80
81 if (u < uu)
82 return(ssl3_get_cipher(u));
83 else
84#ifndef OPENSSL_NO_SSL2
85 return(ssl2_get_cipher(u-uu));
86#else
87 return(NULL);
88#endif
89 }
90
91/* This function needs to check if the ciphers required are actually
92 * available */
93const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
94 {
95 const SSL_CIPHER *cp;
96
97 cp=ssl3_get_cipher_by_char(p);
98#ifndef OPENSSL_NO_SSL2
99 if (cp == NULL)
100 cp=ssl2_get_cipher_by_char(p);
101#endif
102 return(cp);
103 }
104
105int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
106 {
107 long l;
108
109 /* We can write SSLv2 and SSLv3 ciphers */
110 if (p != NULL)
111 {
112 l=c->id;
113 p[0]=((unsigned char)(l>>16L))&0xFF;
114 p[1]=((unsigned char)(l>> 8L))&0xFF;
115 p[2]=((unsigned char)(l ))&0xFF;
116 }
117 return(3);
118 }
119
120int ssl23_read(SSL *s, void *buf, int len)
121 {
122 int n;
123
124 clear_sys_error();
125 if (SSL_in_init(s) && (!s->in_handshake))
126 {
127 n=s->handshake_func(s);
128 if (n < 0) return(n);
129 if (n == 0)
130 {
131 SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
132 return(-1);
133 }
134 return(SSL_read(s,buf,len));
135 }
136 else
137 {
138 ssl_undefined_function(s);
139 return(-1);
140 }
141 }
142
143int ssl23_peek(SSL *s, void *buf, int len)
144 {
145 int n;
146
147 clear_sys_error();
148 if (SSL_in_init(s) && (!s->in_handshake))
149 {
150 n=s->handshake_func(s);
151 if (n < 0) return(n);
152 if (n == 0)
153 {
154 SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
155 return(-1);
156 }
157 return(SSL_peek(s,buf,len));
158 }
159 else
160 {
161 ssl_undefined_function(s);
162 return(-1);
163 }
164 }
165
166int ssl23_write(SSL *s, const void *buf, int len)
167 {
168 int n;
169
170 clear_sys_error();
171 if (SSL_in_init(s) && (!s->in_handshake))
172 {
173 n=s->handshake_func(s);
174 if (n < 0) return(n);
175 if (n == 0)
176 {
177 SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
178 return(-1);
179 }
180 return(SSL_write(s,buf,len));
181 }
182 else
183 {
184 ssl_undefined_function(s);
185 return(-1);
186 }
187 }
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
deleted file mode 100644
index 4ca6a1b258..0000000000
--- a/src/lib/libssl/s23_pkt.c
+++ /dev/null
@@ -1,117 +0,0 @@
1/* ssl/s23_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <errno.h>
61#define USE_SOCKETS
62#include "ssl_locl.h"
63#include <openssl/evp.h>
64#include <openssl/buffer.h>
65
66int ssl23_write_bytes(SSL *s)
67 {
68 int i,num,tot;
69 char *buf;
70
71 buf=s->init_buf->data;
72 tot=s->init_off;
73 num=s->init_num;
74 for (;;)
75 {
76 s->rwstate=SSL_WRITING;
77 i=BIO_write(s->wbio,&(buf[tot]),num);
78 if (i <= 0)
79 {
80 s->init_off=tot;
81 s->init_num=num;
82 return(i);
83 }
84 s->rwstate=SSL_NOTHING;
85 if (i == num) return(tot+i);
86
87 num-=i;
88 tot+=i;
89 }
90 }
91
92/* return regularly only when we have read (at least) 'n' bytes */
93int ssl23_read_bytes(SSL *s, int n)
94 {
95 unsigned char *p;
96 int j;
97
98 if (s->packet_length < (unsigned int)n)
99 {
100 p=s->packet;
101
102 for (;;)
103 {
104 s->rwstate=SSL_READING;
105 j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
106 n-s->packet_length);
107 if (j <= 0)
108 return(j);
109 s->rwstate=SSL_NOTHING;
110 s->packet_length+=j;
111 if (s->packet_length >= (unsigned int)n)
112 return(s->packet_length);
113 }
114 }
115 return(n);
116 }
117
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
deleted file mode 100644
index 4877849013..0000000000
--- a/src/lib/libssl/s23_srvr.c
+++ /dev/null
@@ -1,638 +0,0 @@
1/* ssl/s23_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "ssl_locl.h"
114#include <openssl/buffer.h>
115#include <openssl/rand.h>
116#include <openssl/objects.h>
117#include <openssl/evp.h>
118#ifdef OPENSSL_FIPS
119#include <openssl/fips.h>
120#endif
121
122static const SSL_METHOD *ssl23_get_server_method(int ver);
123int ssl23_get_client_hello(SSL *s);
124static const SSL_METHOD *ssl23_get_server_method(int ver)
125 {
126#ifndef OPENSSL_NO_SSL2
127 if (ver == SSL2_VERSION)
128 return(SSLv2_server_method());
129#endif
130 if (ver == SSL3_VERSION)
131 return(SSLv3_server_method());
132 else if (ver == TLS1_VERSION)
133 return(TLSv1_server_method());
134 else if (ver == TLS1_1_VERSION)
135 return(TLSv1_1_server_method());
136 else if (ver == TLS1_2_VERSION)
137 return(TLSv1_2_server_method());
138 else
139 return(NULL);
140 }
141
142IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
143 ssl23_accept,
144 ssl_undefined_function,
145 ssl23_get_server_method)
146
147int ssl23_accept(SSL *s)
148 {
149 BUF_MEM *buf;
150 unsigned long Time=(unsigned long)time(NULL);
151 void (*cb)(const SSL *ssl,int type,int val)=NULL;
152 int ret= -1;
153 int new_state,state;
154
155 RAND_add(&Time,sizeof(Time),0);
156 ERR_clear_error();
157 clear_sys_error();
158
159 if (s->info_callback != NULL)
160 cb=s->info_callback;
161 else if (s->ctx->info_callback != NULL)
162 cb=s->ctx->info_callback;
163
164 s->in_handshake++;
165 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
166
167 for (;;)
168 {
169 state=s->state;
170
171 switch(s->state)
172 {
173 case SSL_ST_BEFORE:
174 case SSL_ST_ACCEPT:
175 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
176 case SSL_ST_OK|SSL_ST_ACCEPT:
177
178 s->server=1;
179 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
180
181 /* s->version=SSL3_VERSION; */
182 s->type=SSL_ST_ACCEPT;
183
184 if (s->init_buf == NULL)
185 {
186 if ((buf=BUF_MEM_new()) == NULL)
187 {
188 ret= -1;
189 goto end;
190 }
191 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
192 {
193 ret= -1;
194 goto end;
195 }
196 s->init_buf=buf;
197 }
198
199 ssl3_init_finished_mac(s);
200
201 s->state=SSL23_ST_SR_CLNT_HELLO_A;
202 s->ctx->stats.sess_accept++;
203 s->init_num=0;
204 break;
205
206 case SSL23_ST_SR_CLNT_HELLO_A:
207 case SSL23_ST_SR_CLNT_HELLO_B:
208
209 s->shutdown=0;
210 ret=ssl23_get_client_hello(s);
211 if (ret >= 0) cb=NULL;
212 goto end;
213 /* break; */
214
215 default:
216 SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
217 ret= -1;
218 goto end;
219 /* break; */
220 }
221
222 if ((cb != NULL) && (s->state != state))
223 {
224 new_state=s->state;
225 s->state=state;
226 cb(s,SSL_CB_ACCEPT_LOOP,1);
227 s->state=new_state;
228 }
229 }
230end:
231 s->in_handshake--;
232 if (cb != NULL)
233 cb(s,SSL_CB_ACCEPT_EXIT,ret);
234 return(ret);
235 }
236
237
238int ssl23_get_client_hello(SSL *s)
239 {
240 char buf_space[11]; /* Request this many bytes in initial read.
241 * We can detect SSL 3.0/TLS 1.0 Client Hellos
242 * ('type == 3') correctly only when the following
243 * is in a single record, which is not guaranteed by
244 * the protocol specification:
245 * Byte Content
246 * 0 type \
247 * 1/2 version > record header
248 * 3/4 length /
249 * 5 msg_type \
250 * 6-8 length > Client Hello message
251 * 9/10 client_version /
252 */
253 char *buf= &(buf_space[0]);
254 unsigned char *p,*d,*d_len,*dd;
255 unsigned int i;
256 unsigned int csl,sil,cl;
257 int n=0,j;
258 int type=0;
259 int v[2];
260
261 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
262 {
263 /* read the initial header */
264 v[0]=v[1]=0;
265
266 if (!ssl3_setup_buffers(s)) goto err;
267
268 n=ssl23_read_bytes(s, sizeof buf_space);
269 if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
270
271 p=s->packet;
272
273 memcpy(buf,p,n);
274
275 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
276 {
277 /*
278 * SSLv2 header
279 */
280 if ((p[3] == 0x00) && (p[4] == 0x02))
281 {
282 v[0]=p[3]; v[1]=p[4];
283 /* SSLv2 */
284 if (!(s->options & SSL_OP_NO_SSLv2))
285 type=1;
286 }
287 else if (p[3] == SSL3_VERSION_MAJOR)
288 {
289 v[0]=p[3]; v[1]=p[4];
290 /* SSLv3/TLSv1 */
291 if (p[4] >= TLS1_VERSION_MINOR)
292 {
293 if (p[4] >= TLS1_2_VERSION_MINOR &&
294 !(s->options & SSL_OP_NO_TLSv1_2))
295 {
296 s->version=TLS1_2_VERSION;
297 s->state=SSL23_ST_SR_CLNT_HELLO_B;
298 }
299 else if (p[4] >= TLS1_1_VERSION_MINOR &&
300 !(s->options & SSL_OP_NO_TLSv1_1))
301 {
302 s->version=TLS1_1_VERSION;
303 /* type=2; */ /* done later to survive restarts */
304 s->state=SSL23_ST_SR_CLNT_HELLO_B;
305 }
306 else if (!(s->options & SSL_OP_NO_TLSv1))
307 {
308 s->version=TLS1_VERSION;
309 /* type=2; */ /* done later to survive restarts */
310 s->state=SSL23_ST_SR_CLNT_HELLO_B;
311 }
312 else if (!(s->options & SSL_OP_NO_SSLv3))
313 {
314 s->version=SSL3_VERSION;
315 /* type=2; */
316 s->state=SSL23_ST_SR_CLNT_HELLO_B;
317 }
318 else if (!(s->options & SSL_OP_NO_SSLv2))
319 {
320 type=1;
321 }
322 }
323 else if (!(s->options & SSL_OP_NO_SSLv3))
324 {
325 s->version=SSL3_VERSION;
326 /* type=2; */
327 s->state=SSL23_ST_SR_CLNT_HELLO_B;
328 }
329 else if (!(s->options & SSL_OP_NO_SSLv2))
330 type=1;
331
332 }
333 }
334 else if ((p[0] == SSL3_RT_HANDSHAKE) &&
335 (p[1] == SSL3_VERSION_MAJOR) &&
336 (p[5] == SSL3_MT_CLIENT_HELLO) &&
337 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
338 || (p[9] >= p[1])))
339 {
340 /*
341 * SSLv3 or tls1 header
342 */
343
344 v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
345 /* We must look at client_version inside the Client Hello message
346 * to get the correct minor version.
347 * However if we have only a pathologically small fragment of the
348 * Client Hello message, this would be difficult, and we'd have
349 * to read more records to find out.
350 * No known SSL 3.0 client fragments ClientHello like this,
351 * so we simply assume TLS 1.0 to avoid protocol version downgrade
352 * attacks. */
353 if (p[3] == 0 && p[4] < 6)
354 {
355#if 0
356 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
357 goto err;
358#else
359 v[1] = TLS1_VERSION_MINOR;
360#endif
361 }
362 /* if major version number > 3 set minor to a value
363 * which will use the highest version 3 we support.
364 * If TLS 2.0 ever appears we will need to revise
365 * this....
366 */
367 else if (p[9] > SSL3_VERSION_MAJOR)
368 v[1]=0xff;
369 else
370 v[1]=p[10]; /* minor version according to client_version */
371 if (v[1] >= TLS1_VERSION_MINOR)
372 {
373 if (v[1] >= TLS1_2_VERSION_MINOR &&
374 !(s->options & SSL_OP_NO_TLSv1_2))
375 {
376 s->version=TLS1_2_VERSION;
377 type=3;
378 }
379 else if (v[1] >= TLS1_1_VERSION_MINOR &&
380 !(s->options & SSL_OP_NO_TLSv1_1))
381 {
382 s->version=TLS1_1_VERSION;
383 type=3;
384 }
385 else if (!(s->options & SSL_OP_NO_TLSv1))
386 {
387 s->version=TLS1_VERSION;
388 type=3;
389 }
390 else if (!(s->options & SSL_OP_NO_SSLv3))
391 {
392 s->version=SSL3_VERSION;
393 type=3;
394 }
395 }
396 else
397 {
398 /* client requests SSL 3.0 */
399 if (!(s->options & SSL_OP_NO_SSLv3))
400 {
401 s->version=SSL3_VERSION;
402 type=3;
403 }
404 else if (!(s->options & SSL_OP_NO_TLSv1))
405 {
406 /* we won't be able to use TLS of course,
407 * but this will send an appropriate alert */
408 s->version=TLS1_VERSION;
409 type=3;
410 }
411 }
412 }
413 else if ((strncmp("GET ", (char *)p,4) == 0) ||
414 (strncmp("POST ",(char *)p,5) == 0) ||
415 (strncmp("HEAD ",(char *)p,5) == 0) ||
416 (strncmp("PUT ", (char *)p,4) == 0))
417 {
418 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
419 goto err;
420 }
421 else if (strncmp("CONNECT",(char *)p,7) == 0)
422 {
423 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
424 goto err;
425 }
426 }
427
428#ifdef OPENSSL_FIPS
429 if (FIPS_mode() && (s->version < TLS1_VERSION))
430 {
431 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
432 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
433 goto err;
434 }
435#endif
436
437 if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
438 {
439 /* we have SSLv3/TLSv1 in an SSLv2 header
440 * (other cases skip this state) */
441
442 type=2;
443 p=s->packet;
444 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
445 v[1] = p[4];
446
447 n=((p[0]&0x7f)<<8)|p[1];
448 if (n > (1024*4))
449 {
450 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
451 goto err;
452 }
453
454 j=ssl23_read_bytes(s,n+2);
455 if (j <= 0) return(j);
456
457 ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
458 if (s->msg_callback)
459 s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
460
461 p=s->packet;
462 p+=5;
463 n2s(p,csl);
464 n2s(p,sil);
465 n2s(p,cl);
466 d=(unsigned char *)s->init_buf->data;
467 if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
468 * Client Hello, can we? Error condition should be
469 * '>' otherweise */
470 {
471 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
472 goto err;
473 }
474
475 /* record header: msg_type ... */
476 *(d++) = SSL3_MT_CLIENT_HELLO;
477 /* ... and length (actual value will be written later) */
478 d_len = d;
479 d += 3;
480
481 /* client_version */
482 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
483 *(d++) = v[1];
484
485 /* lets populate the random area */
486 /* get the challenge_length */
487 i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
488 memset(d,0,SSL3_RANDOM_SIZE);
489 memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
490 d+=SSL3_RANDOM_SIZE;
491
492 /* no session-id reuse */
493 *(d++)=0;
494
495 /* ciphers */
496 j=0;
497 dd=d;
498 d+=2;
499 for (i=0; i<csl; i+=3)
500 {
501 if (p[i] != 0) continue;
502 *(d++)=p[i+1];
503 *(d++)=p[i+2];
504 j+=2;
505 }
506 s2n(j,dd);
507
508 /* COMPRESSION */
509 *(d++)=1;
510 *(d++)=0;
511
512#if 0
513 /* copy any remaining data with may be extensions */
514 p = p+csl+sil+cl;
515 while (p < s->packet+s->packet_length)
516 {
517 *(d++)=*(p++);
518 }
519#endif
520
521 i = (d-(unsigned char *)s->init_buf->data) - 4;
522 l2n3((long)i, d_len);
523
524 /* get the data reused from the init_buf */
525 s->s3->tmp.reuse_message=1;
526 s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
527 s->s3->tmp.message_size=i;
528 }
529
530 /* imaginary new state (for program structure): */
531 /* s->state = SSL23_SR_CLNT_HELLO_C */
532
533 if (type == 1)
534 {
535#ifdef OPENSSL_NO_SSL2
536 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
537 goto err;
538#else
539 /* we are talking sslv2 */
540 /* we need to clean up the SSLv3/TLSv1 setup and put in the
541 * sslv2 stuff. */
542
543 if (s->s2 == NULL)
544 {
545 if (!ssl2_new(s))
546 goto err;
547 }
548 else
549 ssl2_clear(s);
550
551 if (s->s3 != NULL) ssl3_free(s);
552
553 if (!BUF_MEM_grow_clean(s->init_buf,
554 SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
555 {
556 goto err;
557 }
558
559 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
560 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
561 s->s2->ssl2_rollback=0;
562 else
563 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
564 * (SSL 3.0 draft/RFC 2246, App. E.2) */
565 s->s2->ssl2_rollback=1;
566
567 /* setup the n bytes we have read so we get them from
568 * the sslv2 buffer */
569 s->rstate=SSL_ST_READ_HEADER;
570 s->packet_length=n;
571 s->packet= &(s->s2->rbuf[0]);
572 memcpy(s->packet,buf,n);
573 s->s2->rbuf_left=n;
574 s->s2->rbuf_offs=0;
575
576 s->method=SSLv2_server_method();
577 s->handshake_func=s->method->ssl_accept;
578#endif
579 }
580
581 if ((type == 2) || (type == 3))
582 {
583 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
584
585 if (!ssl_init_wbio_buffer(s,1)) goto err;
586
587 /* we are in this state */
588 s->state=SSL3_ST_SR_CLNT_HELLO_A;
589
590 if (type == 3)
591 {
592 /* put the 'n' bytes we have read into the input buffer
593 * for SSLv3 */
594 s->rstate=SSL_ST_READ_HEADER;
595 s->packet_length=n;
596 if (s->s3->rbuf.buf == NULL)
597 if (!ssl3_setup_read_buffer(s))
598 goto err;
599
600 s->packet= &(s->s3->rbuf.buf[0]);
601 memcpy(s->packet,buf,n);
602 s->s3->rbuf.left=n;
603 s->s3->rbuf.offset=0;
604 }
605 else
606 {
607 s->packet_length=0;
608 s->s3->rbuf.left=0;
609 s->s3->rbuf.offset=0;
610 }
611 if (s->version == TLS1_2_VERSION)
612 s->method = TLSv1_2_server_method();
613 else if (s->version == TLS1_1_VERSION)
614 s->method = TLSv1_1_server_method();
615 else if (s->version == TLS1_VERSION)
616 s->method = TLSv1_server_method();
617 else
618 s->method = SSLv3_server_method();
619#if 0 /* ssl3_get_client_hello does this */
620 s->client_version=(v[0]<<8)|v[1];
621#endif
622 s->handshake_func=s->method->ssl_accept;
623 }
624
625 if ((type < 1) || (type > 3))
626 {
627 /* bad, very bad */
628 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
629 goto err;
630 }
631 s->init_num=0;
632
633 if (buf != buf_space) OPENSSL_free(buf);
634 return(SSL_accept(s));
635err:
636 if (buf != buf_space) OPENSSL_free(buf);
637 return(-1);
638 }
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
deleted file mode 100644
index ed0fcfc532..0000000000
--- a/src/lib/libssl/s3_both.c
+++ /dev/null
@@ -1,850 +0,0 @@
1/* ssl/s3_both.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <limits.h>
118#include <string.h>
119#include <stdio.h>
120#include "ssl_locl.h"
121#include <openssl/buffer.h>
122#include <openssl/rand.h>
123#include <openssl/objects.h>
124#include <openssl/evp.h>
125#include <openssl/x509.h>
126
127/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
128int ssl3_do_write(SSL *s, int type)
129 {
130 int ret;
131
132 ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
133 s->init_num);
134 if (ret < 0) return(-1);
135 if (type == SSL3_RT_HANDSHAKE)
136 /* should not be done for 'Hello Request's, but in that case
137 * we'll ignore the result anyway */
138 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
139
140 if (ret == s->init_num)
141 {
142 if (s->msg_callback)
143 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
144 return(1);
145 }
146 s->init_off+=ret;
147 s->init_num-=ret;
148 return(0);
149 }
150
151int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
152 {
153 unsigned char *p,*d;
154 int i;
155 unsigned long l;
156
157 if (s->state == a)
158 {
159 d=(unsigned char *)s->init_buf->data;
160 p= &(d[4]);
161
162 i=s->method->ssl3_enc->final_finish_mac(s,
163 sender,slen,s->s3->tmp.finish_md);
164 if (i == 0)
165 return 0;
166 s->s3->tmp.finish_md_len = i;
167 memcpy(p, s->s3->tmp.finish_md, i);
168 p+=i;
169 l=i;
170
171 /* Copy the finished so we can use it for
172 renegotiation checks */
173 if(s->type == SSL_ST_CONNECT)
174 {
175 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
176 memcpy(s->s3->previous_client_finished,
177 s->s3->tmp.finish_md, i);
178 s->s3->previous_client_finished_len=i;
179 }
180 else
181 {
182 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
183 memcpy(s->s3->previous_server_finished,
184 s->s3->tmp.finish_md, i);
185 s->s3->previous_server_finished_len=i;
186 }
187
188#ifdef OPENSSL_SYS_WIN16
189 /* MSVC 1.5 does not clear the top bytes of the word unless
190 * I do this.
191 */
192 l&=0xffff;
193#endif
194
195 *(d++)=SSL3_MT_FINISHED;
196 l2n3(l,d);
197 s->init_num=(int)l+4;
198 s->init_off=0;
199
200 s->state=b;
201 }
202
203 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
204 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
205 }
206
207#ifndef OPENSSL_NO_NEXTPROTONEG
208/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
209static void ssl3_take_mac(SSL *s) {
210 const char *sender;
211 int slen;
212
213 /* If no new cipher setup return immediately: other functions will
214 * set the appropriate error.
215 */
216 if (s->s3->tmp.new_cipher == NULL)
217 return;
218 if (s->state & SSL_ST_CONNECT)
219 {
220 sender=s->method->ssl3_enc->server_finished_label;
221 slen=s->method->ssl3_enc->server_finished_label_len;
222 }
223 else
224 {
225 sender=s->method->ssl3_enc->client_finished_label;
226 slen=s->method->ssl3_enc->client_finished_label_len;
227 }
228
229 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
230 sender,slen,s->s3->tmp.peer_finish_md);
231}
232#endif
233
234int ssl3_get_finished(SSL *s, int a, int b)
235 {
236 int al,i,ok;
237 long n;
238 unsigned char *p;
239
240#ifdef OPENSSL_NO_NEXTPROTONEG
241 /* the mac has already been generated when we received the change
242 * cipher spec message and is in s->s3->tmp.peer_finish_md. */
243#endif
244
245 n=s->method->ssl_get_message(s,
246 a,
247 b,
248 SSL3_MT_FINISHED,
249 64, /* should actually be 36+4 :-) */
250 &ok);
251
252 if (!ok) return((int)n);
253
254 /* If this occurs, we have missed a message */
255 if (!s->s3->change_cipher_spec)
256 {
257 al=SSL_AD_UNEXPECTED_MESSAGE;
258 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
259 goto f_err;
260 }
261 s->s3->change_cipher_spec=0;
262
263 p = (unsigned char *)s->init_msg;
264 i = s->s3->tmp.peer_finish_md_len;
265
266 if (i != n)
267 {
268 al=SSL_AD_DECODE_ERROR;
269 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
270 goto f_err;
271 }
272
273 if (timingsafe_bcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
274 {
275 al=SSL_AD_DECRYPT_ERROR;
276 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
277 goto f_err;
278 }
279
280 /* Copy the finished so we can use it for
281 renegotiation checks */
282 if(s->type == SSL_ST_ACCEPT)
283 {
284 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
285 memcpy(s->s3->previous_client_finished,
286 s->s3->tmp.peer_finish_md, i);
287 s->s3->previous_client_finished_len=i;
288 }
289 else
290 {
291 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
292 memcpy(s->s3->previous_server_finished,
293 s->s3->tmp.peer_finish_md, i);
294 s->s3->previous_server_finished_len=i;
295 }
296
297 return(1);
298f_err:
299 ssl3_send_alert(s,SSL3_AL_FATAL,al);
300 return(0);
301 }
302
303/* for these 2 messages, we need to
304 * ssl->enc_read_ctx re-init
305 * ssl->s3->read_sequence zero
306 * ssl->s3->read_mac_secret re-init
307 * ssl->session->read_sym_enc assign
308 * ssl->session->read_compression assign
309 * ssl->session->read_hash assign
310 */
311int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
312 {
313 unsigned char *p;
314
315 if (s->state == a)
316 {
317 p=(unsigned char *)s->init_buf->data;
318 *p=SSL3_MT_CCS;
319 s->init_num=1;
320 s->init_off=0;
321
322 s->state=b;
323 }
324
325 /* SSL3_ST_CW_CHANGE_B */
326 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
327 }
328
329static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
330 {
331 int n;
332 unsigned char *p;
333
334 n=i2d_X509(x,NULL);
335 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
336 {
337 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
338 return(-1);
339 }
340 p=(unsigned char *)&(buf->data[*l]);
341 l2n3(n,p);
342 i2d_X509(x,&p);
343 *l+=n+3;
344
345 return(0);
346 }
347
348unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
349 {
350 unsigned char *p;
351 int i;
352 unsigned long l=7;
353 BUF_MEM *buf;
354 int no_chain;
355
356 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
357 no_chain = 1;
358 else
359 no_chain = 0;
360
361 /* TLSv1 sends a chain with nothing in it, instead of an alert */
362 buf=s->init_buf;
363 if (!BUF_MEM_grow_clean(buf,10))
364 {
365 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
366 return(0);
367 }
368 if (x != NULL)
369 {
370 if (no_chain)
371 {
372 if (ssl3_add_cert_to_buf(buf, &l, x))
373 return(0);
374 }
375 else
376 {
377 X509_STORE_CTX xs_ctx;
378
379 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
380 {
381 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
382 return(0);
383 }
384 X509_verify_cert(&xs_ctx);
385 /* Don't leave errors in the queue */
386 ERR_clear_error();
387 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
388 {
389 x = sk_X509_value(xs_ctx.chain, i);
390
391 if (ssl3_add_cert_to_buf(buf, &l, x))
392 {
393 X509_STORE_CTX_cleanup(&xs_ctx);
394 return 0;
395 }
396 }
397 X509_STORE_CTX_cleanup(&xs_ctx);
398 }
399 }
400 /* Thawte special :-) */
401 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
402 {
403 x=sk_X509_value(s->ctx->extra_certs,i);
404 if (ssl3_add_cert_to_buf(buf, &l, x))
405 return(0);
406 }
407
408 l-=7;
409 p=(unsigned char *)&(buf->data[4]);
410 l2n3(l,p);
411 l+=3;
412 p=(unsigned char *)&(buf->data[0]);
413 *(p++)=SSL3_MT_CERTIFICATE;
414 l2n3(l,p);
415 l+=4;
416 return(l);
417 }
418
419/* Obtain handshake message of message type 'mt' (any if mt == -1),
420 * maximum acceptable body length 'max'.
421 * The first four bytes (msg_type and length) are read in state 'st1',
422 * the body is read in state 'stn'.
423 */
424long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
425 {
426 unsigned char *p;
427 unsigned long l;
428 long n;
429 int i,al;
430
431 if (s->s3->tmp.reuse_message)
432 {
433 s->s3->tmp.reuse_message=0;
434 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
435 {
436 al=SSL_AD_UNEXPECTED_MESSAGE;
437 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
438 goto f_err;
439 }
440 *ok=1;
441 s->init_msg = s->init_buf->data + 4;
442 s->init_num = (int)s->s3->tmp.message_size;
443 return s->init_num;
444 }
445
446 p=(unsigned char *)s->init_buf->data;
447
448 if (s->state == st1) /* s->init_num < 4 */
449 {
450 int skip_message;
451
452 do
453 {
454 while (s->init_num < 4)
455 {
456 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
457 &p[s->init_num],4 - s->init_num, 0);
458 if (i <= 0)
459 {
460 s->rwstate=SSL_READING;
461 *ok = 0;
462 return i;
463 }
464 s->init_num+=i;
465 }
466
467 skip_message = 0;
468 if (!s->server)
469 if (p[0] == SSL3_MT_HELLO_REQUEST)
470 /* The server may always send 'Hello Request' messages --
471 * we are doing a handshake anyway now, so ignore them
472 * if their format is correct. Does not count for
473 * 'Finished' MAC. */
474 if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
475 {
476 s->init_num = 0;
477 skip_message = 1;
478
479 if (s->msg_callback)
480 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
481 }
482 }
483 while (skip_message);
484
485 /* s->init_num == 4 */
486
487 if ((mt >= 0) && (*p != mt))
488 {
489 al=SSL_AD_UNEXPECTED_MESSAGE;
490 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
491 goto f_err;
492 }
493 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
494 (st1 == SSL3_ST_SR_CERT_A) &&
495 (stn == SSL3_ST_SR_CERT_B))
496 {
497 /* At this point we have got an MS SGC second client
498 * hello (maybe we should always allow the client to
499 * start a new handshake?). We need to restart the mac.
500 * Don't increment {num,total}_renegotiations because
501 * we have not completed the handshake. */
502 ssl3_init_finished_mac(s);
503 }
504
505 s->s3->tmp.message_type= *(p++);
506
507 n2l3(p,l);
508 if (l > (unsigned long)max)
509 {
510 al=SSL_AD_ILLEGAL_PARAMETER;
511 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
512 goto f_err;
513 }
514 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
515 {
516 al=SSL_AD_ILLEGAL_PARAMETER;
517 SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
518 goto f_err;
519 }
520 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
521 {
522 SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
523 goto err;
524 }
525 s->s3->tmp.message_size=l;
526 s->state=stn;
527
528 s->init_msg = s->init_buf->data + 4;
529 s->init_num = 0;
530 }
531
532 /* next state (stn) */
533 p = s->init_msg;
534 n = s->s3->tmp.message_size - s->init_num;
535 while (n > 0)
536 {
537 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
538 if (i <= 0)
539 {
540 s->rwstate=SSL_READING;
541 *ok = 0;
542 return i;
543 }
544 s->init_num += i;
545 n -= i;
546 }
547#ifndef OPENSSL_NO_NEXTPROTONEG
548 /* If receiving Finished, record MAC of prior handshake messages for
549 * Finished verification. */
550 if (*s->init_buf->data == SSL3_MT_FINISHED)
551 ssl3_take_mac(s);
552#endif
553 /* Feed this message into MAC computation. */
554 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
555 if (s->msg_callback)
556 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
557 *ok=1;
558 return s->init_num;
559f_err:
560 ssl3_send_alert(s,SSL3_AL_FATAL,al);
561err:
562 *ok=0;
563 return(-1);
564 }
565
566int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
567 {
568 EVP_PKEY *pk;
569 int ret= -1,i;
570
571 if (pkey == NULL)
572 pk=X509_get_pubkey(x);
573 else
574 pk=pkey;
575 if (pk == NULL) goto err;
576
577 i=pk->type;
578 if (i == EVP_PKEY_RSA)
579 {
580 ret=SSL_PKEY_RSA_ENC;
581 }
582 else if (i == EVP_PKEY_DSA)
583 {
584 ret=SSL_PKEY_DSA_SIGN;
585 }
586#ifndef OPENSSL_NO_EC
587 else if (i == EVP_PKEY_EC)
588 {
589 ret = SSL_PKEY_ECC;
590 }
591#endif
592 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc)
593 {
594 ret = SSL_PKEY_GOST94;
595 }
596 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
597 {
598 ret = SSL_PKEY_GOST01;
599 }
600err:
601 if(!pkey) EVP_PKEY_free(pk);
602 return(ret);
603 }
604
605int ssl_verify_alarm_type(long type)
606 {
607 int al;
608
609 switch(type)
610 {
611 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
612 case X509_V_ERR_UNABLE_TO_GET_CRL:
613 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
614 al=SSL_AD_UNKNOWN_CA;
615 break;
616 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
617 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
618 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
619 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
620 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
621 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
622 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
623 case X509_V_ERR_CERT_NOT_YET_VALID:
624 case X509_V_ERR_CRL_NOT_YET_VALID:
625 case X509_V_ERR_CERT_UNTRUSTED:
626 case X509_V_ERR_CERT_REJECTED:
627 al=SSL_AD_BAD_CERTIFICATE;
628 break;
629 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
630 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
631 al=SSL_AD_DECRYPT_ERROR;
632 break;
633 case X509_V_ERR_CERT_HAS_EXPIRED:
634 case X509_V_ERR_CRL_HAS_EXPIRED:
635 al=SSL_AD_CERTIFICATE_EXPIRED;
636 break;
637 case X509_V_ERR_CERT_REVOKED:
638 al=SSL_AD_CERTIFICATE_REVOKED;
639 break;
640 case X509_V_ERR_OUT_OF_MEM:
641 al=SSL_AD_INTERNAL_ERROR;
642 break;
643 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
644 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
645 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
646 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
647 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
648 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
649 case X509_V_ERR_INVALID_CA:
650 al=SSL_AD_UNKNOWN_CA;
651 break;
652 case X509_V_ERR_APPLICATION_VERIFICATION:
653 al=SSL_AD_HANDSHAKE_FAILURE;
654 break;
655 case X509_V_ERR_INVALID_PURPOSE:
656 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
657 break;
658 default:
659 al=SSL_AD_CERTIFICATE_UNKNOWN;
660 break;
661 }
662 return(al);
663 }
664
665#ifndef OPENSSL_NO_BUF_FREELISTS
666/* On some platforms, malloc() performance is bad enough that you can't just
667 * free() and malloc() buffers all the time, so we need to use freelists from
668 * unused buffers. Currently, each freelist holds memory chunks of only a
669 * given size (list->chunklen); other sized chunks are freed and malloced.
670 * This doesn't help much if you're using many different SSL option settings
671 * with a given context. (The options affecting buffer size are
672 * max_send_fragment, read buffer vs write buffer,
673 * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
674 * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
675 * possible size is not an option, since max_send_fragment can take on many
676 * different values.
677 *
678 * If you are on a platform with a slow malloc(), and you're using SSL
679 * connections with many different settings for these options, and you need to
680 * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
681 * - Link against a faster malloc implementation.
682 * - Use a separate SSL_CTX for each option set.
683 * - Improve this code.
684 */
685static void *
686freelist_extract(SSL_CTX *ctx, int for_read, int sz)
687 {
688 SSL3_BUF_FREELIST *list;
689 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
690 void *result = NULL;
691
692 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
693 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
694 if (list != NULL && sz == (int)list->chunklen)
695 ent = list->head;
696 if (ent != NULL)
697 {
698 list->head = ent->next;
699 result = ent;
700 if (--list->len == 0)
701 list->chunklen = 0;
702 }
703 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
704 if (!result)
705 result = OPENSSL_malloc(sz);
706 return result;
707}
708
709static void
710freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
711 {
712 SSL3_BUF_FREELIST *list;
713 SSL3_BUF_FREELIST_ENTRY *ent;
714
715 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
716 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
717 if (list != NULL &&
718 (sz == list->chunklen || list->chunklen == 0) &&
719 list->len < ctx->freelist_max_len &&
720 sz >= sizeof(*ent))
721 {
722 list->chunklen = sz;
723 ent = mem;
724 ent->next = list->head;
725 list->head = ent;
726 ++list->len;
727 mem = NULL;
728 }
729
730 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
731 if (mem)
732 OPENSSL_free(mem);
733 }
734#else
735#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
736#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
737#endif
738
739int ssl3_setup_read_buffer(SSL *s)
740 {
741 unsigned char *p;
742 size_t len,align=0,headerlen;
743
744 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
745 headerlen = DTLS1_RT_HEADER_LENGTH;
746 else
747 headerlen = SSL3_RT_HEADER_LENGTH;
748
749#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
750 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
751#endif
752
753 if (s->s3->rbuf.buf == NULL)
754 {
755 len = SSL3_RT_MAX_PLAIN_LENGTH
756 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
757 + headerlen + align;
758 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
759 {
760 s->s3->init_extra = 1;
761 len += SSL3_RT_MAX_EXTRA;
762 }
763#ifndef OPENSSL_NO_COMP
764 if (!(s->options & SSL_OP_NO_COMPRESSION))
765 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
766#endif
767 if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
768 goto err;
769 s->s3->rbuf.buf = p;
770 s->s3->rbuf.len = len;
771 }
772
773 s->packet= &(s->s3->rbuf.buf[0]);
774 return 1;
775
776err:
777 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
778 return 0;
779 }
780
781int ssl3_setup_write_buffer(SSL *s)
782 {
783 unsigned char *p;
784 size_t len,align=0,headerlen;
785
786 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
787 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
788 else
789 headerlen = SSL3_RT_HEADER_LENGTH;
790
791#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
792 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
793#endif
794
795 if (s->s3->wbuf.buf == NULL)
796 {
797 len = s->max_send_fragment
798 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
799 + headerlen + align;
800#ifndef OPENSSL_NO_COMP
801 if (!(s->options & SSL_OP_NO_COMPRESSION))
802 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
803#endif
804 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
805 len += headerlen + align
806 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
807
808 if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
809 goto err;
810 s->s3->wbuf.buf = p;
811 s->s3->wbuf.len = len;
812 }
813
814 return 1;
815
816err:
817 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
818 return 0;
819 }
820
821
822int ssl3_setup_buffers(SSL *s)
823 {
824 if (!ssl3_setup_read_buffer(s))
825 return 0;
826 if (!ssl3_setup_write_buffer(s))
827 return 0;
828 return 1;
829 }
830
831int ssl3_release_write_buffer(SSL *s)
832 {
833 if (s->s3->wbuf.buf != NULL)
834 {
835 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
836 s->s3->wbuf.buf = NULL;
837 }
838 return 1;
839 }
840
841int ssl3_release_read_buffer(SSL *s)
842 {
843 if (s->s3->rbuf.buf != NULL)
844 {
845 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
846 s->s3->rbuf.buf = NULL;
847 }
848 return 1;
849 }
850
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
deleted file mode 100644
index 443a31e746..0000000000
--- a/src/lib/libssl/s3_cbc.c
+++ /dev/null
@@ -1,790 +0,0 @@
1/* ssl/s3_cbc.c */
2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "ssl_locl.h"
57
58#include <openssl/md5.h>
59#include <openssl/sha.h>
60
61/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
62 * field. (SHA-384/512 have 128-bit length.) */
63#define MAX_HASH_BIT_COUNT_BYTES 16
64
65/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
66 * Currently SHA-384/512 has a 128-byte block size and that's the largest
67 * supported by TLS.) */
68#define MAX_HASH_BLOCK_SIZE 128
69
70/* Some utility functions are needed:
71 *
72 * These macros return the given value with the MSB copied to all the other
73 * bits. They use the fact that arithmetic shift shifts-in the sign bit.
74 * However, this is not ensured by the C standard so you may need to replace
75 * them with something else on odd CPUs. */
76#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
78
79/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
80static unsigned constant_time_lt(unsigned a, unsigned b)
81 {
82 a -= b;
83 return DUPLICATE_MSB_TO_ALL(a);
84 }
85
86/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
87static unsigned constant_time_ge(unsigned a, unsigned b)
88 {
89 a -= b;
90 return DUPLICATE_MSB_TO_ALL(~a);
91 }
92
93/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
94static unsigned char constant_time_eq_8(unsigned a, unsigned b)
95 {
96 unsigned c = a ^ b;
97 c--;
98 return DUPLICATE_MSB_TO_ALL_8(c);
99 }
100
101/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
102 * record in |rec| by updating |rec->length| in constant time.
103 *
104 * block_size: the block size of the cipher used to encrypt the record.
105 * returns:
106 * 0: (in non-constant time) if the record is publicly invalid.
107 * 1: if the padding was valid
108 * -1: otherwise. */
109int ssl3_cbc_remove_padding(const SSL* s,
110 SSL3_RECORD *rec,
111 unsigned block_size,
112 unsigned mac_size)
113 {
114 unsigned padding_length, good;
115 const unsigned overhead = 1 /* padding length byte */ + mac_size;
116
117 /* These lengths are all public so we can test them in non-constant
118 * time. */
119 if (overhead > rec->length)
120 return 0;
121
122 padding_length = rec->data[rec->length-1];
123 good = constant_time_ge(rec->length, padding_length+overhead);
124 /* SSLv3 requires that the padding is minimal. */
125 good &= constant_time_ge(block_size, padding_length+1);
126 padding_length = good & (padding_length+1);
127 rec->length -= padding_length;
128 rec->type |= padding_length<<8; /* kludge: pass padding length */
129 return (int)((good & 1) | (~good & -1));
130}
131
132/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
133 * record in |rec| in constant time and returns 1 if the padding is valid and
134 * -1 otherwise. It also removes any explicit IV from the start of the record
135 * without leaking any timing about whether there was enough space after the
136 * padding was removed.
137 *
138 * block_size: the block size of the cipher used to encrypt the record.
139 * returns:
140 * 0: (in non-constant time) if the record is publicly invalid.
141 * 1: if the padding was valid
142 * -1: otherwise. */
143int tls1_cbc_remove_padding(const SSL* s,
144 SSL3_RECORD *rec,
145 unsigned block_size,
146 unsigned mac_size)
147 {
148 unsigned padding_length, good, to_check, i;
149 const unsigned overhead = 1 /* padding length byte */ + mac_size;
150 /* Check if version requires explicit IV */
151 if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
152 {
153 /* These lengths are all public so we can test them in
154 * non-constant time.
155 */
156 if (overhead + block_size > rec->length)
157 return 0;
158 /* We can now safely skip explicit IV */
159 rec->data += block_size;
160 rec->input += block_size;
161 rec->length -= block_size;
162 }
163 else if (overhead > rec->length)
164 return 0;
165
166 padding_length = rec->data[rec->length-1];
167
168 /* NB: if compression is in operation the first packet may not be of
169 * even length so the padding bug check cannot be performed. This bug
170 * workaround has been around since SSLeay so hopefully it is either
171 * fixed now or no buggy implementation supports compression [steve]
172 */
173 if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
174 {
175 /* First packet is even in size, so check */
176 if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
177 !(padding_length & 1))
178 {
179 s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
180 }
181 if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
182 padding_length > 0)
183 {
184 padding_length--;
185 }
186 }
187
188 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
189 {
190 /* padding is already verified */
191 rec->length -= padding_length + 1;
192 return 1;
193 }
194
195 good = constant_time_ge(rec->length, overhead+padding_length);
196 /* The padding consists of a length byte at the end of the record and
197 * then that many bytes of padding, all with the same value as the
198 * length byte. Thus, with the length byte included, there are i+1
199 * bytes of padding.
200 *
201 * We can't check just |padding_length+1| bytes because that leaks
202 * decrypted information. Therefore we always have to check the maximum
203 * amount of padding possible. (Again, the length of the record is
204 * public information so we can use it.) */
205 to_check = 255; /* maximum amount of padding. */
206 if (to_check > rec->length-1)
207 to_check = rec->length-1;
208
209 for (i = 0; i < to_check; i++)
210 {
211 unsigned char mask = constant_time_ge(padding_length, i);
212 unsigned char b = rec->data[rec->length-1-i];
213 /* The final |padding_length+1| bytes should all have the value
214 * |padding_length|. Therefore the XOR should be zero. */
215 good &= ~(mask&(padding_length ^ b));
216 }
217
218 /* If any of the final |padding_length+1| bytes had the wrong value,
219 * one or more of the lower eight bits of |good| will be cleared. We
220 * AND the bottom 8 bits together and duplicate the result to all the
221 * bits. */
222 good &= good >> 4;
223 good &= good >> 2;
224 good &= good >> 1;
225 good <<= sizeof(good)*8-1;
226 good = DUPLICATE_MSB_TO_ALL(good);
227
228 padding_length = good & (padding_length+1);
229 rec->length -= padding_length;
230 rec->type |= padding_length<<8; /* kludge: pass padding length */
231
232 return (int)((good & 1) | (~good & -1));
233 }
234
235/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
236 * constant time (independent of the concrete value of rec->length, which may
237 * vary within a 256-byte window).
238 *
239 * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
240 * this function.
241 *
242 * On entry:
243 * rec->orig_len >= md_size
244 * md_size <= EVP_MAX_MD_SIZE
245 *
246 * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
247 * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
248 * a single or pair of cache-lines, then the variable memory accesses don't
249 * actually affect the timing. CPUs with smaller cache-lines [if any] are
250 * not multi-core and are not considered vulnerable to cache-timing attacks.
251 */
252#define CBC_MAC_ROTATE_IN_PLACE
253
254void ssl3_cbc_copy_mac(unsigned char* out,
255 const SSL3_RECORD *rec,
256 unsigned md_size,unsigned orig_len)
257 {
258#if defined(CBC_MAC_ROTATE_IN_PLACE)
259 unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE];
260 unsigned char *rotated_mac;
261#else
262 unsigned char rotated_mac[EVP_MAX_MD_SIZE];
263#endif
264
265 /* mac_end is the index of |rec->data| just after the end of the MAC. */
266 unsigned mac_end = rec->length;
267 unsigned mac_start = mac_end - md_size;
268 /* scan_start contains the number of bytes that we can ignore because
269 * the MAC's position can only vary by 255 bytes. */
270 unsigned scan_start = 0;
271 unsigned i, j;
272 unsigned div_spoiler;
273 unsigned rotate_offset;
274
275 OPENSSL_assert(orig_len >= md_size);
276 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
277
278#if defined(CBC_MAC_ROTATE_IN_PLACE)
279 rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63);
280#endif
281
282 /* This information is public so it's safe to branch based on it. */
283 if (orig_len > md_size + 255 + 1)
284 scan_start = orig_len - (md_size + 255 + 1);
285 /* div_spoiler contains a multiple of md_size that is used to cause the
286 * modulo operation to be constant time. Without this, the time varies
287 * based on the amount of padding when running on Intel chips at least.
288 *
289 * The aim of right-shifting md_size is so that the compiler doesn't
290 * figure out that it can remove div_spoiler as that would require it
291 * to prove that md_size is always even, which I hope is beyond it. */
292 div_spoiler = md_size >> 1;
293 div_spoiler <<= (sizeof(div_spoiler)-1)*8;
294 rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
295
296 memset(rotated_mac, 0, md_size);
297 for (i = scan_start, j = 0; i < orig_len; i++)
298 {
299 unsigned char mac_started = constant_time_ge(i, mac_start);
300 unsigned char mac_ended = constant_time_ge(i, mac_end);
301 unsigned char b = rec->data[i];
302 rotated_mac[j++] |= b & mac_started & ~mac_ended;
303 j &= constant_time_lt(j,md_size);
304 }
305
306 /* Now rotate the MAC */
307#if defined(CBC_MAC_ROTATE_IN_PLACE)
308 j = 0;
309 for (i = 0; i < md_size; i++)
310 {
311 /* in case cache-line is 32 bytes, touch second line */
312 ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
313 out[j++] = rotated_mac[rotate_offset++];
314 rotate_offset &= constant_time_lt(rotate_offset,md_size);
315 }
316#else
317 memset(out, 0, md_size);
318 rotate_offset = md_size - rotate_offset;
319 rotate_offset &= constant_time_lt(rotate_offset,md_size);
320 for (i = 0; i < md_size; i++)
321 {
322 for (j = 0; j < md_size; j++)
323 out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
324 rotate_offset++;
325 rotate_offset &= constant_time_lt(rotate_offset,md_size);
326 }
327#endif
328 }
329
330/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
331 * little-endian order. The value of p is advanced by four. */
332#define u32toLE(n, p) \
333 (*((p)++)=(unsigned char)(n), \
334 *((p)++)=(unsigned char)(n>>8), \
335 *((p)++)=(unsigned char)(n>>16), \
336 *((p)++)=(unsigned char)(n>>24))
337
338/* These functions serialize the state of a hash and thus perform the standard
339 * "final" operation without adding the padding and length that such a function
340 * typically does. */
341static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
342 {
343 MD5_CTX *md5 = ctx;
344 u32toLE(md5->A, md_out);
345 u32toLE(md5->B, md_out);
346 u32toLE(md5->C, md_out);
347 u32toLE(md5->D, md_out);
348 }
349
350static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
351 {
352 SHA_CTX *sha1 = ctx;
353 l2n(sha1->h0, md_out);
354 l2n(sha1->h1, md_out);
355 l2n(sha1->h2, md_out);
356 l2n(sha1->h3, md_out);
357 l2n(sha1->h4, md_out);
358 }
359#define LARGEST_DIGEST_CTX SHA_CTX
360
361#ifndef OPENSSL_NO_SHA256
362static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
363 {
364 SHA256_CTX *sha256 = ctx;
365 unsigned i;
366
367 for (i = 0; i < 8; i++)
368 {
369 l2n(sha256->h[i], md_out);
370 }
371 }
372#undef LARGEST_DIGEST_CTX
373#define LARGEST_DIGEST_CTX SHA256_CTX
374#endif
375
376#ifndef OPENSSL_NO_SHA512
377static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
378 {
379 SHA512_CTX *sha512 = ctx;
380 unsigned i;
381
382 for (i = 0; i < 8; i++)
383 {
384 l2n8(sha512->h[i], md_out);
385 }
386 }
387#undef LARGEST_DIGEST_CTX
388#define LARGEST_DIGEST_CTX SHA512_CTX
389#endif
390
391/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
392 * which ssl3_cbc_digest_record supports. */
393char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
394 {
395#ifdef OPENSSL_FIPS
396 if (FIPS_mode())
397 return 0;
398#endif
399 switch (EVP_MD_CTX_type(ctx))
400 {
401 case NID_md5:
402 case NID_sha1:
403#ifndef OPENSSL_NO_SHA256
404 case NID_sha224:
405 case NID_sha256:
406#endif
407#ifndef OPENSSL_NO_SHA512
408 case NID_sha384:
409 case NID_sha512:
410#endif
411 return 1;
412 default:
413 return 0;
414 }
415 }
416
417/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
418 * record.
419 *
420 * ctx: the EVP_MD_CTX from which we take the hash function.
421 * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
422 * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
423 * md_out_size: if non-NULL, the number of output bytes is written here.
424 * header: the 13-byte, TLS record header.
425 * data: the record data itself, less any preceeding explicit IV.
426 * data_plus_mac_size: the secret, reported length of the data and MAC
427 * once the padding has been removed.
428 * data_plus_mac_plus_padding_size: the public length of the whole
429 * record, including padding.
430 * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
431 *
432 * On entry: by virtue of having been through one of the remove_padding
433 * functions, above, we know that data_plus_mac_size is large enough to contain
434 * a padding byte and MAC. (If the padding was invalid, it might contain the
435 * padding too. ) */
436void ssl3_cbc_digest_record(
437 const EVP_MD_CTX *ctx,
438 unsigned char* md_out,
439 size_t* md_out_size,
440 const unsigned char header[13],
441 const unsigned char *data,
442 size_t data_plus_mac_size,
443 size_t data_plus_mac_plus_padding_size,
444 const unsigned char *mac_secret,
445 unsigned mac_secret_length,
446 char is_sslv3)
447 {
448 union { double align;
449 unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
450 void (*md_final_raw)(void *ctx, unsigned char *md_out);
451 void (*md_transform)(void *ctx, const unsigned char *block);
452 unsigned md_size, md_block_size = 64;
453 unsigned sslv3_pad_length = 40, header_length, variance_blocks,
454 len, max_mac_bytes, num_blocks,
455 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
456 unsigned int bits; /* at most 18 bits */
457 unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
458 /* hmac_pad is the masked HMAC key. */
459 unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
460 unsigned char first_block[MAX_HASH_BLOCK_SIZE];
461 unsigned char mac_out[EVP_MAX_MD_SIZE];
462 unsigned i, j, md_out_size_u;
463 EVP_MD_CTX md_ctx;
464 /* mdLengthSize is the number of bytes in the length field that terminates
465 * the hash. */
466 unsigned md_length_size = 8;
467 char length_is_big_endian = 1;
468
469 /* This is a, hopefully redundant, check that allows us to forget about
470 * many possible overflows later in this function. */
471 OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
472
473 switch (EVP_MD_CTX_type(ctx))
474 {
475 case NID_md5:
476 MD5_Init((MD5_CTX*)md_state.c);
477 md_final_raw = tls1_md5_final_raw;
478 md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
479 md_size = 16;
480 sslv3_pad_length = 48;
481 length_is_big_endian = 0;
482 break;
483 case NID_sha1:
484 SHA1_Init((SHA_CTX*)md_state.c);
485 md_final_raw = tls1_sha1_final_raw;
486 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
487 md_size = 20;
488 break;
489#ifndef OPENSSL_NO_SHA256
490 case NID_sha224:
491 SHA224_Init((SHA256_CTX*)md_state.c);
492 md_final_raw = tls1_sha256_final_raw;
493 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
494 md_size = 224/8;
495 break;
496 case NID_sha256:
497 SHA256_Init((SHA256_CTX*)md_state.c);
498 md_final_raw = tls1_sha256_final_raw;
499 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
500 md_size = 32;
501 break;
502#endif
503#ifndef OPENSSL_NO_SHA512
504 case NID_sha384:
505 SHA384_Init((SHA512_CTX*)md_state.c);
506 md_final_raw = tls1_sha512_final_raw;
507 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
508 md_size = 384/8;
509 md_block_size = 128;
510 md_length_size = 16;
511 break;
512 case NID_sha512:
513 SHA512_Init((SHA512_CTX*)md_state.c);
514 md_final_raw = tls1_sha512_final_raw;
515 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
516 md_size = 64;
517 md_block_size = 128;
518 md_length_size = 16;
519 break;
520#endif
521 default:
522 /* ssl3_cbc_record_digest_supported should have been
523 * called first to check that the hash function is
524 * supported. */
525 OPENSSL_assert(0);
526 if (md_out_size)
527 *md_out_size = -1;
528 return;
529 }
530
531 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
532 OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
533 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
534
535 header_length = 13;
536 if (is_sslv3)
537 {
538 header_length =
539 mac_secret_length +
540 sslv3_pad_length +
541 8 /* sequence number */ +
542 1 /* record type */ +
543 2 /* record length */;
544 }
545
546 /* variance_blocks is the number of blocks of the hash that we have to
547 * calculate in constant time because they could be altered by the
548 * padding value.
549 *
550 * In SSLv3, the padding must be minimal so the end of the plaintext
551 * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
552 * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
553 * termination (0x80 + 64-bit length) don't fit in the final block, we
554 * say that the final two blocks can vary based on the padding.
555 *
556 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
557 * required to be minimal. Therefore we say that the final six blocks
558 * can vary based on the padding.
559 *
560 * Later in the function, if the message is short and there obviously
561 * cannot be this many blocks then variance_blocks can be reduced. */
562 variance_blocks = is_sslv3 ? 2 : 6;
563 /* From now on we're dealing with the MAC, which conceptually has 13
564 * bytes of `header' before the start of the data (TLS) or 71/75 bytes
565 * (SSLv3) */
566 len = data_plus_mac_plus_padding_size + header_length;
567 /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
568 * |header|, assuming that there's no padding. */
569 max_mac_bytes = len - md_size - 1;
570 /* num_blocks is the maximum number of hash blocks. */
571 num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
572 /* In order to calculate the MAC in constant time we have to handle
573 * the final blocks specially because the padding value could cause the
574 * end to appear somewhere in the final |variance_blocks| blocks and we
575 * can't leak where. However, |num_starting_blocks| worth of data can
576 * be hashed right away because no padding value can affect whether
577 * they are plaintext. */
578 num_starting_blocks = 0;
579 /* k is the starting byte offset into the conceptual header||data where
580 * we start processing. */
581 k = 0;
582 /* mac_end_offset is the index just past the end of the data to be
583 * MACed. */
584 mac_end_offset = data_plus_mac_size + header_length - md_size;
585 /* c is the index of the 0x80 byte in the final hash block that
586 * contains application data. */
587 c = mac_end_offset % md_block_size;
588 /* index_a is the hash block number that contains the 0x80 terminating
589 * value. */
590 index_a = mac_end_offset / md_block_size;
591 /* index_b is the hash block number that contains the 64-bit hash
592 * length, in bits. */
593 index_b = (mac_end_offset + md_length_size) / md_block_size;
594 /* bits is the hash-length in bits. It includes the additional hash
595 * block for the masked HMAC key, or whole of |header| in the case of
596 * SSLv3. */
597
598 /* For SSLv3, if we're going to have any starting blocks then we need
599 * at least two because the header is larger than a single block. */
600 if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0))
601 {
602 num_starting_blocks = num_blocks - variance_blocks;
603 k = md_block_size*num_starting_blocks;
604 }
605
606 bits = 8*mac_end_offset;
607 if (!is_sslv3)
608 {
609 /* Compute the initial HMAC block. For SSLv3, the padding and
610 * secret bytes are included in |header| because they take more
611 * than a single block. */
612 bits += 8*md_block_size;
613 memset(hmac_pad, 0, md_block_size);
614 OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
615 memcpy(hmac_pad, mac_secret, mac_secret_length);
616 for (i = 0; i < md_block_size; i++)
617 hmac_pad[i] ^= 0x36;
618
619 md_transform(md_state.c, hmac_pad);
620 }
621
622 if (length_is_big_endian)
623 {
624 memset(length_bytes,0,md_length_size-4);
625 length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
626 length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
627 length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
628 length_bytes[md_length_size-1] = (unsigned char)bits;
629 }
630 else
631 {
632 memset(length_bytes,0,md_length_size);
633 length_bytes[md_length_size-5] = (unsigned char)(bits>>24);
634 length_bytes[md_length_size-6] = (unsigned char)(bits>>16);
635 length_bytes[md_length_size-7] = (unsigned char)(bits>>8);
636 length_bytes[md_length_size-8] = (unsigned char)bits;
637 }
638
639 if (k > 0)
640 {
641 if (is_sslv3)
642 {
643 /* The SSLv3 header is larger than a single block.
644 * overhang is the number of bytes beyond a single
645 * block that the header consumes: either 7 bytes
646 * (SHA1) or 11 bytes (MD5). */
647 unsigned overhang = header_length-md_block_size;
648 md_transform(md_state.c, header);
649 memcpy(first_block, header + md_block_size, overhang);
650 memcpy(first_block + overhang, data, md_block_size-overhang);
651 md_transform(md_state.c, first_block);
652 for (i = 1; i < k/md_block_size - 1; i++)
653 md_transform(md_state.c, data + md_block_size*i - overhang);
654 }
655 else
656 {
657 /* k is a multiple of md_block_size. */
658 memcpy(first_block, header, 13);
659 memcpy(first_block+13, data, md_block_size-13);
660 md_transform(md_state.c, first_block);
661 for (i = 1; i < k/md_block_size; i++)
662 md_transform(md_state.c, data + md_block_size*i - 13);
663 }
664 }
665
666 memset(mac_out, 0, sizeof(mac_out));
667
668 /* We now process the final hash blocks. For each block, we construct
669 * it in constant time. If the |i==index_a| then we'll include the 0x80
670 * bytes and zero pad etc. For each block we selectively copy it, in
671 * constant time, to |mac_out|. */
672 for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++)
673 {
674 unsigned char block[MAX_HASH_BLOCK_SIZE];
675 unsigned char is_block_a = constant_time_eq_8(i, index_a);
676 unsigned char is_block_b = constant_time_eq_8(i, index_b);
677 for (j = 0; j < md_block_size; j++)
678 {
679 unsigned char b = 0, is_past_c, is_past_cp1;
680 if (k < header_length)
681 b = header[k];
682 else if (k < data_plus_mac_plus_padding_size + header_length)
683 b = data[k-header_length];
684 k++;
685
686 is_past_c = is_block_a & constant_time_ge(j, c);
687 is_past_cp1 = is_block_a & constant_time_ge(j, c+1);
688 /* If this is the block containing the end of the
689 * application data, and we are at the offset for the
690 * 0x80 value, then overwrite b with 0x80. */
691 b = (b&~is_past_c) | (0x80&is_past_c);
692 /* If this the the block containing the end of the
693 * application data and we're past the 0x80 value then
694 * just write zero. */
695 b = b&~is_past_cp1;
696 /* If this is index_b (the final block), but not
697 * index_a (the end of the data), then the 64-bit
698 * length didn't fit into index_a and we're having to
699 * add an extra block of zeros. */
700 b &= ~is_block_b | is_block_a;
701
702 /* The final bytes of one of the blocks contains the
703 * length. */
704 if (j >= md_block_size - md_length_size)
705 {
706 /* If this is index_b, write a length byte. */
707 b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]);
708 }
709 block[j] = b;
710 }
711
712 md_transform(md_state.c, block);
713 md_final_raw(md_state.c, block);
714 /* If this is index_b, copy the hash value to |mac_out|. */
715 for (j = 0; j < md_size; j++)
716 mac_out[j] |= block[j]&is_block_b;
717 }
718
719 EVP_MD_CTX_init(&md_ctx);
720 EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */);
721 if (is_sslv3)
722 {
723 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
724 memset(hmac_pad, 0x5c, sslv3_pad_length);
725
726 EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
727 EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
728 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
729 }
730 else
731 {
732 /* Complete the HMAC in the standard manner. */
733 for (i = 0; i < md_block_size; i++)
734 hmac_pad[i] ^= 0x6a;
735
736 EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
737 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
738 }
739 EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
740 if (md_out_size)
741 *md_out_size = md_out_size_u;
742 EVP_MD_CTX_cleanup(&md_ctx);
743 }
744
745#ifdef OPENSSL_FIPS
746
747/* Due to the need to use EVP in FIPS mode we can't reimplement digests but
748 * we can ensure the number of blocks processed is equal for all cases
749 * by digesting additional data.
750 */
751
752void tls_fips_digest_extra(
753 const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
754 const unsigned char *data, size_t data_len, size_t orig_len)
755 {
756 size_t block_size, digest_pad, blocks_data, blocks_orig;
757 if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
758 return;
759 block_size = EVP_MD_CTX_block_size(mac_ctx);
760 /* We are in FIPS mode if we get this far so we know we have only SHA*
761 * digests and TLS to deal with.
762 * Minimum digest padding length is 17 for SHA384/SHA512 and 9
763 * otherwise.
764 * Additional header is 13 bytes. To get the number of digest blocks
765 * processed round up the amount of data plus padding to the nearest
766 * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
767 * So we have:
768 * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
769 * equivalently:
770 * blocks = (payload_len + digest_pad + 12)/block_size + 1
771 * HMAC adds a constant overhead.
772 * We're ultimately only interested in differences so this becomes
773 * blocks = (payload_len + 29)/128
774 * for SHA384/SHA512 and
775 * blocks = (payload_len + 21)/64
776 * otherwise.
777 */
778 digest_pad = block_size == 64 ? 21 : 29;
779 blocks_orig = (orig_len + digest_pad)/block_size;
780 blocks_data = (data_len + digest_pad)/block_size;
781 /* MAC enough blocks to make up the difference between the original
782 * and actual lengths plus one extra block to ensure this is never a
783 * no op. The "data" pointer should always have enough space to
784 * perform this operation as it is large enough for a maximum
785 * length TLS buffer.
786 */
787 EVP_DigestSignUpdate(mac_ctx, data,
788 (blocks_orig - blocks_data + 1) * block_size);
789 }
790#endif
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
deleted file mode 100644
index b80d052e1f..0000000000
--- a/src/lib/libssl/s3_clnt.c
+++ /dev/null
@@ -1,3371 +0,0 @@
1/* ssl/s3_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152#include "ssl_locl.h"
153#include "kssl_lcl.h"
154#include <openssl/buffer.h>
155#include <openssl/rand.h>
156#include <openssl/objects.h>
157#include <openssl/evp.h>
158#include <openssl/md5.h>
159#ifdef OPENSSL_FIPS
160#include <openssl/fips.h>
161#endif
162#ifndef OPENSSL_NO_DH
163#include <openssl/dh.h>
164#endif
165#include <openssl/bn.h>
166#ifndef OPENSSL_NO_ENGINE
167#include <openssl/engine.h>
168#endif
169
170static const SSL_METHOD *ssl3_get_client_method(int ver);
171static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
172
173static const SSL_METHOD *ssl3_get_client_method(int ver)
174 {
175 if (ver == SSL3_VERSION)
176 return(SSLv3_client_method());
177 else
178 return(NULL);
179 }
180
181IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
182 ssl_undefined_function,
183 ssl3_connect,
184 ssl3_get_client_method)
185
186int ssl3_connect(SSL *s)
187 {
188 BUF_MEM *buf=NULL;
189 unsigned long Time=(unsigned long)time(NULL);
190 void (*cb)(const SSL *ssl,int type,int val)=NULL;
191 int ret= -1;
192 int new_state,state,skip=0;
193
194 RAND_add(&Time,sizeof(Time),0);
195 ERR_clear_error();
196 clear_sys_error();
197
198 if (s->info_callback != NULL)
199 cb=s->info_callback;
200 else if (s->ctx->info_callback != NULL)
201 cb=s->ctx->info_callback;
202
203 s->in_handshake++;
204 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
205
206#ifndef OPENSSL_NO_HEARTBEATS
207 /* If we're awaiting a HeartbeatResponse, pretend we
208 * already got and don't await it anymore, because
209 * Heartbeats don't make sense during handshakes anyway.
210 */
211 if (s->tlsext_hb_pending)
212 {
213 s->tlsext_hb_pending = 0;
214 s->tlsext_hb_seq++;
215 }
216#endif
217
218 for (;;)
219 {
220 state=s->state;
221
222 switch(s->state)
223 {
224 case SSL_ST_RENEGOTIATE:
225 s->renegotiate=1;
226 s->state=SSL_ST_CONNECT;
227 s->ctx->stats.sess_connect_renegotiate++;
228 /* break */
229 case SSL_ST_BEFORE:
230 case SSL_ST_CONNECT:
231 case SSL_ST_BEFORE|SSL_ST_CONNECT:
232 case SSL_ST_OK|SSL_ST_CONNECT:
233
234 s->server=0;
235 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
236
237 if ((s->version & 0xff00 ) != 0x0300)
238 {
239 SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
240 ret = -1;
241 goto end;
242 }
243
244 /* s->version=SSL3_VERSION; */
245 s->type=SSL_ST_CONNECT;
246
247 if (s->init_buf == NULL)
248 {
249 if ((buf=BUF_MEM_new()) == NULL)
250 {
251 ret= -1;
252 goto end;
253 }
254 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
255 {
256 ret= -1;
257 goto end;
258 }
259 s->init_buf=buf;
260 buf=NULL;
261 }
262
263 if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
264
265 /* setup buffing BIO */
266 if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
267
268 /* don't push the buffering BIO quite yet */
269
270 ssl3_init_finished_mac(s);
271
272 s->state=SSL3_ST_CW_CLNT_HELLO_A;
273 s->ctx->stats.sess_connect++;
274 s->init_num=0;
275 break;
276
277 case SSL3_ST_CW_CLNT_HELLO_A:
278 case SSL3_ST_CW_CLNT_HELLO_B:
279
280 s->shutdown=0;
281 ret=ssl3_client_hello(s);
282 if (ret <= 0) goto end;
283 s->state=SSL3_ST_CR_SRVR_HELLO_A;
284 s->init_num=0;
285
286 /* turn on buffering for the next lot of output */
287 if (s->bbio != s->wbio)
288 s->wbio=BIO_push(s->bbio,s->wbio);
289
290 break;
291
292 case SSL3_ST_CR_SRVR_HELLO_A:
293 case SSL3_ST_CR_SRVR_HELLO_B:
294 ret=ssl3_get_server_hello(s);
295 if (ret <= 0) goto end;
296
297 if (s->hit)
298 {
299 s->state=SSL3_ST_CR_FINISHED_A;
300#ifndef OPENSSL_NO_TLSEXT
301 if (s->tlsext_ticket_expected)
302 {
303 /* receive renewed session ticket */
304 s->state=SSL3_ST_CR_SESSION_TICKET_A;
305 }
306#endif
307 }
308 else
309 s->state=SSL3_ST_CR_CERT_A;
310 s->init_num=0;
311 break;
312
313 case SSL3_ST_CR_CERT_A:
314 case SSL3_ST_CR_CERT_B:
315#ifndef OPENSSL_NO_TLSEXT
316 ret=ssl3_check_finished(s);
317 if (ret <= 0) goto end;
318 if (ret == 2)
319 {
320 s->hit = 1;
321 if (s->tlsext_ticket_expected)
322 s->state=SSL3_ST_CR_SESSION_TICKET_A;
323 else
324 s->state=SSL3_ST_CR_FINISHED_A;
325 s->init_num=0;
326 break;
327 }
328#endif
329 /* Check if it is anon DH/ECDH */
330 /* or PSK */
331 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
332 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
333 {
334 ret=ssl3_get_server_certificate(s);
335 if (ret <= 0) goto end;
336#ifndef OPENSSL_NO_TLSEXT
337 if (s->tlsext_status_expected)
338 s->state=SSL3_ST_CR_CERT_STATUS_A;
339 else
340 s->state=SSL3_ST_CR_KEY_EXCH_A;
341 }
342 else
343 {
344 skip = 1;
345 s->state=SSL3_ST_CR_KEY_EXCH_A;
346 }
347#else
348 }
349 else
350 skip=1;
351
352 s->state=SSL3_ST_CR_KEY_EXCH_A;
353#endif
354 s->init_num=0;
355 break;
356
357 case SSL3_ST_CR_KEY_EXCH_A:
358 case SSL3_ST_CR_KEY_EXCH_B:
359 ret=ssl3_get_key_exchange(s);
360 if (ret <= 0) goto end;
361 s->state=SSL3_ST_CR_CERT_REQ_A;
362 s->init_num=0;
363
364 /* at this point we check that we have the
365 * required stuff from the server */
366 if (!ssl3_check_cert_and_algorithm(s))
367 {
368 ret= -1;
369 goto end;
370 }
371 break;
372
373 case SSL3_ST_CR_CERT_REQ_A:
374 case SSL3_ST_CR_CERT_REQ_B:
375 ret=ssl3_get_certificate_request(s);
376 if (ret <= 0) goto end;
377 s->state=SSL3_ST_CR_SRVR_DONE_A;
378 s->init_num=0;
379 break;
380
381 case SSL3_ST_CR_SRVR_DONE_A:
382 case SSL3_ST_CR_SRVR_DONE_B:
383 ret=ssl3_get_server_done(s);
384 if (ret <= 0) goto end;
385#ifndef OPENSSL_NO_SRP
386 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP)
387 {
388 if ((ret = SRP_Calc_A_param(s))<=0)
389 {
390 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC);
391 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
392 goto end;
393 }
394 }
395#endif
396 if (s->s3->tmp.cert_req)
397 s->state=SSL3_ST_CW_CERT_A;
398 else
399 s->state=SSL3_ST_CW_KEY_EXCH_A;
400 s->init_num=0;
401
402 break;
403
404 case SSL3_ST_CW_CERT_A:
405 case SSL3_ST_CW_CERT_B:
406 case SSL3_ST_CW_CERT_C:
407 case SSL3_ST_CW_CERT_D:
408 ret=ssl3_send_client_certificate(s);
409 if (ret <= 0) goto end;
410 s->state=SSL3_ST_CW_KEY_EXCH_A;
411 s->init_num=0;
412 break;
413
414 case SSL3_ST_CW_KEY_EXCH_A:
415 case SSL3_ST_CW_KEY_EXCH_B:
416 ret=ssl3_send_client_key_exchange(s);
417 if (ret <= 0) goto end;
418 /* EAY EAY EAY need to check for DH fix cert
419 * sent back */
420 /* For TLS, cert_req is set to 2, so a cert chain
421 * of nothing is sent, but no verify packet is sent */
422 /* XXX: For now, we do not support client
423 * authentication in ECDH cipher suites with
424 * ECDH (rather than ECDSA) certificates.
425 * We need to skip the certificate verify
426 * message when client's ECDH public key is sent
427 * inside the client certificate.
428 */
429 if (s->s3->tmp.cert_req == 1)
430 {
431 s->state=SSL3_ST_CW_CERT_VRFY_A;
432 }
433 else
434 {
435 s->state=SSL3_ST_CW_CHANGE_A;
436 s->s3->change_cipher_spec=0;
437 }
438 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
439 {
440 s->state=SSL3_ST_CW_CHANGE_A;
441 s->s3->change_cipher_spec=0;
442 }
443
444 s->init_num=0;
445 break;
446
447 case SSL3_ST_CW_CERT_VRFY_A:
448 case SSL3_ST_CW_CERT_VRFY_B:
449 ret=ssl3_send_client_verify(s);
450 if (ret <= 0) goto end;
451 s->state=SSL3_ST_CW_CHANGE_A;
452 s->init_num=0;
453 s->s3->change_cipher_spec=0;
454 break;
455
456 case SSL3_ST_CW_CHANGE_A:
457 case SSL3_ST_CW_CHANGE_B:
458 ret=ssl3_send_change_cipher_spec(s,
459 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
460 if (ret <= 0) goto end;
461
462
463#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
464 s->state=SSL3_ST_CW_FINISHED_A;
465#else
466 if (s->s3->next_proto_neg_seen)
467 s->state=SSL3_ST_CW_NEXT_PROTO_A;
468 else
469 s->state=SSL3_ST_CW_FINISHED_A;
470#endif
471 s->init_num=0;
472
473 s->session->cipher=s->s3->tmp.new_cipher;
474#ifdef OPENSSL_NO_COMP
475 s->session->compress_meth=0;
476#else
477 if (s->s3->tmp.new_compression == NULL)
478 s->session->compress_meth=0;
479 else
480 s->session->compress_meth=
481 s->s3->tmp.new_compression->id;
482#endif
483 if (!s->method->ssl3_enc->setup_key_block(s))
484 {
485 ret= -1;
486 goto end;
487 }
488
489 if (!s->method->ssl3_enc->change_cipher_state(s,
490 SSL3_CHANGE_CIPHER_CLIENT_WRITE))
491 {
492 ret= -1;
493 goto end;
494 }
495
496 break;
497
498#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
499 case SSL3_ST_CW_NEXT_PROTO_A:
500 case SSL3_ST_CW_NEXT_PROTO_B:
501 ret=ssl3_send_next_proto(s);
502 if (ret <= 0) goto end;
503 s->state=SSL3_ST_CW_FINISHED_A;
504 break;
505#endif
506
507 case SSL3_ST_CW_FINISHED_A:
508 case SSL3_ST_CW_FINISHED_B:
509 ret=ssl3_send_finished(s,
510 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
511 s->method->ssl3_enc->client_finished_label,
512 s->method->ssl3_enc->client_finished_label_len);
513 if (ret <= 0) goto end;
514 s->state=SSL3_ST_CW_FLUSH;
515
516 /* clear flags */
517 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
518 if (s->hit)
519 {
520 s->s3->tmp.next_state=SSL_ST_OK;
521 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
522 {
523 s->state=SSL_ST_OK;
524 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
525 s->s3->delay_buf_pop_ret=0;
526 }
527 }
528 else
529 {
530#ifndef OPENSSL_NO_TLSEXT
531 /* Allow NewSessionTicket if ticket expected */
532 if (s->tlsext_ticket_expected)
533 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
534 else
535#endif
536
537 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
538 }
539 s->init_num=0;
540 break;
541
542#ifndef OPENSSL_NO_TLSEXT
543 case SSL3_ST_CR_SESSION_TICKET_A:
544 case SSL3_ST_CR_SESSION_TICKET_B:
545 ret=ssl3_get_new_session_ticket(s);
546 if (ret <= 0) goto end;
547 s->state=SSL3_ST_CR_FINISHED_A;
548 s->init_num=0;
549 break;
550
551 case SSL3_ST_CR_CERT_STATUS_A:
552 case SSL3_ST_CR_CERT_STATUS_B:
553 ret=ssl3_get_cert_status(s);
554 if (ret <= 0) goto end;
555 s->state=SSL3_ST_CR_KEY_EXCH_A;
556 s->init_num=0;
557 break;
558#endif
559
560 case SSL3_ST_CR_FINISHED_A:
561 case SSL3_ST_CR_FINISHED_B:
562
563 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
564 SSL3_ST_CR_FINISHED_B);
565 if (ret <= 0) goto end;
566
567 if (s->hit)
568 s->state=SSL3_ST_CW_CHANGE_A;
569 else
570 s->state=SSL_ST_OK;
571 s->init_num=0;
572 break;
573
574 case SSL3_ST_CW_FLUSH:
575 s->rwstate=SSL_WRITING;
576 if (BIO_flush(s->wbio) <= 0)
577 {
578 ret= -1;
579 goto end;
580 }
581 s->rwstate=SSL_NOTHING;
582 s->state=s->s3->tmp.next_state;
583 break;
584
585 case SSL_ST_OK:
586 /* clean a few things up */
587 ssl3_cleanup_key_block(s);
588
589 if (s->init_buf != NULL)
590 {
591 BUF_MEM_free(s->init_buf);
592 s->init_buf=NULL;
593 }
594
595 /* If we are not 'joining' the last two packets,
596 * remove the buffering now */
597 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
598 ssl_free_wbio_buffer(s);
599 /* else do it later in ssl3_write */
600
601 s->init_num=0;
602 s->renegotiate=0;
603 s->new_session=0;
604
605 ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
606 if (s->hit) s->ctx->stats.sess_hit++;
607
608 ret=1;
609 /* s->server=0; */
610 s->handshake_func=ssl3_connect;
611 s->ctx->stats.sess_connect_good++;
612
613 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
614
615 goto end;
616 /* break; */
617
618 default:
619 SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
620 ret= -1;
621 goto end;
622 /* break; */
623 }
624
625 /* did we do anything */
626 if (!s->s3->tmp.reuse_message && !skip)
627 {
628 if (s->debug)
629 {
630 if ((ret=BIO_flush(s->wbio)) <= 0)
631 goto end;
632 }
633
634 if ((cb != NULL) && (s->state != state))
635 {
636 new_state=s->state;
637 s->state=state;
638 cb(s,SSL_CB_CONNECT_LOOP,1);
639 s->state=new_state;
640 }
641 }
642 skip=0;
643 }
644end:
645 s->in_handshake--;
646 if (buf != NULL)
647 BUF_MEM_free(buf);
648 if (cb != NULL)
649 cb(s,SSL_CB_CONNECT_EXIT,ret);
650 return(ret);
651 }
652
653
654int ssl3_client_hello(SSL *s)
655 {
656 unsigned char *buf;
657 unsigned char *p,*d;
658 int i;
659 unsigned long Time,l;
660#ifndef OPENSSL_NO_COMP
661 int j;
662 SSL_COMP *comp;
663#endif
664
665 buf=(unsigned char *)s->init_buf->data;
666 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
667 {
668 SSL_SESSION *sess = s->session;
669 if ((sess == NULL) ||
670 (sess->ssl_version != s->version) ||
671#ifdef OPENSSL_NO_TLSEXT
672 !sess->session_id_length ||
673#else
674 (!sess->session_id_length && !sess->tlsext_tick) ||
675#endif
676 (sess->not_resumable))
677 {
678 if (!ssl_get_new_session(s,0))
679 goto err;
680 }
681 /* else use the pre-loaded session */
682
683 p=s->s3->client_random;
684 Time=(unsigned long)time(NULL); /* Time */
685 l2n(Time,p);
686 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
687 goto err;
688
689 /* Do the message type and length last */
690 d=p= &(buf[4]);
691
692 /* version indicates the negotiated version: for example from
693 * an SSLv2/v3 compatible client hello). The client_version
694 * field is the maximum version we permit and it is also
695 * used in RSA encrypted premaster secrets. Some servers can
696 * choke if we initially report a higher version then
697 * renegotiate to a lower one in the premaster secret. This
698 * didn't happen with TLS 1.0 as most servers supported it
699 * but it can with TLS 1.1 or later if the server only supports
700 * 1.0.
701 *
702 * Possible scenario with previous logic:
703 * 1. Client hello indicates TLS 1.2
704 * 2. Server hello says TLS 1.0
705 * 3. RSA encrypted premaster secret uses 1.2.
706 * 4. Handhaked proceeds using TLS 1.0.
707 * 5. Server sends hello request to renegotiate.
708 * 6. Client hello indicates TLS v1.0 as we now
709 * know that is maximum server supports.
710 * 7. Server chokes on RSA encrypted premaster secret
711 * containing version 1.0.
712 *
713 * For interoperability it should be OK to always use the
714 * maximum version we support in client hello and then rely
715 * on the checking of version to ensure the servers isn't
716 * being inconsistent: for example initially negotiating with
717 * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
718 * client_version in client hello and not resetting it to
719 * the negotiated version.
720 */
721#if 0
722 *(p++)=s->version>>8;
723 *(p++)=s->version&0xff;
724 s->client_version=s->version;
725#else
726 *(p++)=s->client_version>>8;
727 *(p++)=s->client_version&0xff;
728#endif
729
730 /* Random stuff */
731 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
732 p+=SSL3_RANDOM_SIZE;
733
734 /* Session ID */
735 if (s->new_session)
736 i=0;
737 else
738 i=s->session->session_id_length;
739 *(p++)=i;
740 if (i != 0)
741 {
742 if (i > (int)sizeof(s->session->session_id))
743 {
744 SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
745 goto err;
746 }
747 memcpy(p,s->session->session_id,i);
748 p+=i;
749 }
750
751 /* Ciphers supported */
752 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
753 if (i == 0)
754 {
755 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
756 goto err;
757 }
758#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
759 /* Some servers hang if client hello > 256 bytes
760 * as hack workaround chop number of supported ciphers
761 * to keep it well below this if we use TLS v1.2
762 */
763 if (TLS1_get_version(s) >= TLS1_2_VERSION
764 && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
765 i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
766#endif
767 s2n(i,p);
768 p+=i;
769
770 /* COMPRESSION */
771#ifdef OPENSSL_NO_COMP
772 *(p++)=1;
773#else
774
775 if ((s->options & SSL_OP_NO_COMPRESSION)
776 || !s->ctx->comp_methods)
777 j=0;
778 else
779 j=sk_SSL_COMP_num(s->ctx->comp_methods);
780 *(p++)=1+j;
781 for (i=0; i<j; i++)
782 {
783 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
784 *(p++)=comp->id;
785 }
786#endif
787 *(p++)=0; /* Add the NULL method */
788
789#ifndef OPENSSL_NO_TLSEXT
790 /* TLS extensions*/
791 if (ssl_prepare_clienthello_tlsext(s) <= 0)
792 {
793 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
794 goto err;
795 }
796 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
797 {
798 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
799 goto err;
800 }
801#endif
802
803 l=(p-d);
804 d=buf;
805 *(d++)=SSL3_MT_CLIENT_HELLO;
806 l2n3(l,d);
807
808 s->state=SSL3_ST_CW_CLNT_HELLO_B;
809 /* number of bytes to write */
810 s->init_num=p-buf;
811 s->init_off=0;
812 }
813
814 /* SSL3_ST_CW_CLNT_HELLO_B */
815 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
816err:
817 return(-1);
818 }
819
820int ssl3_get_server_hello(SSL *s)
821 {
822 STACK_OF(SSL_CIPHER) *sk;
823 const SSL_CIPHER *c;
824 unsigned char *p,*d;
825 int i,al,ok;
826 unsigned int j;
827 long n;
828#ifndef OPENSSL_NO_COMP
829 SSL_COMP *comp;
830#endif
831
832 n=s->method->ssl_get_message(s,
833 SSL3_ST_CR_SRVR_HELLO_A,
834 SSL3_ST_CR_SRVR_HELLO_B,
835 -1,
836 20000, /* ?? */
837 &ok);
838
839 if (!ok) return((int)n);
840
841 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
842 {
843 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
844 {
845 if ( s->d1->send_cookie == 0)
846 {
847 s->s3->tmp.reuse_message = 1;
848 return 1;
849 }
850 else /* already sent a cookie */
851 {
852 al=SSL_AD_UNEXPECTED_MESSAGE;
853 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
854 goto f_err;
855 }
856 }
857 }
858
859 if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
860 {
861 al=SSL_AD_UNEXPECTED_MESSAGE;
862 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
863 goto f_err;
864 }
865
866 d=p=(unsigned char *)s->init_msg;
867
868 if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
869 {
870 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
871 s->version=(s->version&0xff00)|p[1];
872 al=SSL_AD_PROTOCOL_VERSION;
873 goto f_err;
874 }
875 p+=2;
876
877 /* load the server hello data */
878 /* load the server random */
879 memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
880 p+=SSL3_RANDOM_SIZE;
881
882 /* get the session-id */
883 j= *(p++);
884
885 if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
886 {
887 al=SSL_AD_ILLEGAL_PARAMETER;
888 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
889 goto f_err;
890 }
891
892#ifndef OPENSSL_NO_TLSEXT
893 /* check if we want to resume the session based on external pre-shared secret */
894 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
895 {
896 SSL_CIPHER *pref_cipher=NULL;
897 s->session->master_key_length=sizeof(s->session->master_key);
898 if (s->tls_session_secret_cb(s, s->session->master_key,
899 &s->session->master_key_length,
900 NULL, &pref_cipher,
901 s->tls_session_secret_cb_arg))
902 {
903 s->session->cipher = pref_cipher ?
904 pref_cipher : ssl_get_cipher_by_char(s, p+j);
905 }
906 }
907#endif /* OPENSSL_NO_TLSEXT */
908
909 if (j != 0 && j == s->session->session_id_length
910 && memcmp(p,s->session->session_id,j) == 0)
911 {
912 if(s->sid_ctx_length != s->session->sid_ctx_length
913 || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
914 {
915 /* actually a client application bug */
916 al=SSL_AD_ILLEGAL_PARAMETER;
917 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
918 goto f_err;
919 }
920 s->hit=1;
921 }
922 else /* a miss or crap from the other end */
923 {
924 /* If we were trying for session-id reuse, make a new
925 * SSL_SESSION so we don't stuff up other people */
926 s->hit=0;
927 if (s->session->session_id_length > 0)
928 {
929 if (!ssl_get_new_session(s,0))
930 {
931 al=SSL_AD_INTERNAL_ERROR;
932 goto f_err;
933 }
934 }
935 s->session->session_id_length=j;
936 memcpy(s->session->session_id,p,j); /* j could be 0 */
937 }
938 p+=j;
939 c=ssl_get_cipher_by_char(s,p);
940 if (c == NULL)
941 {
942 /* unknown cipher */
943 al=SSL_AD_ILLEGAL_PARAMETER;
944 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
945 goto f_err;
946 }
947 /* TLS v1.2 only ciphersuites require v1.2 or later */
948 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
949 (TLS1_get_version(s) < TLS1_2_VERSION))
950 {
951 al=SSL_AD_ILLEGAL_PARAMETER;
952 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
953 goto f_err;
954 }
955 p+=ssl_put_cipher_by_char(s,NULL,NULL);
956
957 sk=ssl_get_ciphers_by_id(s);
958 i=sk_SSL_CIPHER_find(sk,c);
959 if (i < 0)
960 {
961 /* we did not say we would use this cipher */
962 al=SSL_AD_ILLEGAL_PARAMETER;
963 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
964 goto f_err;
965 }
966
967 /* Depending on the session caching (internal/external), the cipher
968 and/or cipher_id values may not be set. Make sure that
969 cipher_id is set and use it for comparison. */
970 if (s->session->cipher)
971 s->session->cipher_id = s->session->cipher->id;
972 if (s->hit && (s->session->cipher_id != c->id))
973 {
974/* Workaround is now obsolete */
975#if 0
976 if (!(s->options &
977 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
978#endif
979 {
980 al=SSL_AD_ILLEGAL_PARAMETER;
981 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
982 goto f_err;
983 }
984 }
985 s->s3->tmp.new_cipher=c;
986 /* Don't digest cached records if TLS v1.2: we may need them for
987 * client authentication.
988 */
989 if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s))
990 goto f_err;
991 /* lets get the compression algorithm */
992 /* COMPRESSION */
993#ifdef OPENSSL_NO_COMP
994 if (*(p++) != 0)
995 {
996 al=SSL_AD_ILLEGAL_PARAMETER;
997 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
998 goto f_err;
999 }
1000 /* If compression is disabled we'd better not try to resume a session
1001 * using compression.
1002 */
1003 if (s->session->compress_meth != 0)
1004 {
1005 al=SSL_AD_INTERNAL_ERROR;
1006 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1007 goto f_err;
1008 }
1009#else
1010 j= *(p++);
1011 if (s->hit && j != s->session->compress_meth)
1012 {
1013 al=SSL_AD_ILLEGAL_PARAMETER;
1014 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
1015 goto f_err;
1016 }
1017 if (j == 0)
1018 comp=NULL;
1019 else if (s->options & SSL_OP_NO_COMPRESSION)
1020 {
1021 al=SSL_AD_ILLEGAL_PARAMETER;
1022 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
1023 goto f_err;
1024 }
1025 else
1026 comp=ssl3_comp_find(s->ctx->comp_methods,j);
1027
1028 if ((j != 0) && (comp == NULL))
1029 {
1030 al=SSL_AD_ILLEGAL_PARAMETER;
1031 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
1032 goto f_err;
1033 }
1034 else
1035 {
1036 s->s3->tmp.new_compression=comp;
1037 }
1038#endif
1039
1040#ifndef OPENSSL_NO_TLSEXT
1041 /* TLS extensions*/
1042 if (s->version >= SSL3_VERSION)
1043 {
1044 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
1045 {
1046 /* 'al' set by ssl_parse_serverhello_tlsext */
1047 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
1048 goto f_err;
1049 }
1050 if (ssl_check_serverhello_tlsext(s) <= 0)
1051 {
1052 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1053 goto err;
1054 }
1055 }
1056#endif
1057
1058 if (p != (d+n))
1059 {
1060 /* wrong packet length */
1061 al=SSL_AD_DECODE_ERROR;
1062 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
1063 goto f_err;
1064 }
1065
1066 return(1);
1067f_err:
1068 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1069err:
1070 return(-1);
1071 }
1072
1073int ssl3_get_server_certificate(SSL *s)
1074 {
1075 int al,i,ok,ret= -1;
1076 unsigned long n,nc,llen,l;
1077 X509 *x=NULL;
1078 const unsigned char *q,*p;
1079 unsigned char *d;
1080 STACK_OF(X509) *sk=NULL;
1081 SESS_CERT *sc;
1082 EVP_PKEY *pkey=NULL;
1083 int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
1084
1085 n=s->method->ssl_get_message(s,
1086 SSL3_ST_CR_CERT_A,
1087 SSL3_ST_CR_CERT_B,
1088 -1,
1089 s->max_cert_list,
1090 &ok);
1091
1092 if (!ok) return((int)n);
1093
1094 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
1095 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
1096 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
1097 {
1098 s->s3->tmp.reuse_message=1;
1099 return(1);
1100 }
1101
1102 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
1103 {
1104 al=SSL_AD_UNEXPECTED_MESSAGE;
1105 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
1106 goto f_err;
1107 }
1108 p=d=(unsigned char *)s->init_msg;
1109
1110 if ((sk=sk_X509_new_null()) == NULL)
1111 {
1112 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1113 goto err;
1114 }
1115
1116 n2l3(p,llen);
1117 if (llen+3 != n)
1118 {
1119 al=SSL_AD_DECODE_ERROR;
1120 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
1121 goto f_err;
1122 }
1123 for (nc=0; nc<llen; )
1124 {
1125 n2l3(p,l);
1126 if ((l+nc+3) > llen)
1127 {
1128 al=SSL_AD_DECODE_ERROR;
1129 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1130 goto f_err;
1131 }
1132
1133 q=p;
1134 x=d2i_X509(NULL,&q,l);
1135 if (x == NULL)
1136 {
1137 al=SSL_AD_BAD_CERTIFICATE;
1138 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
1139 goto f_err;
1140 }
1141 if (q != (p+l))
1142 {
1143 al=SSL_AD_DECODE_ERROR;
1144 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
1145 goto f_err;
1146 }
1147 if (!sk_X509_push(sk,x))
1148 {
1149 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1150 goto err;
1151 }
1152 x=NULL;
1153 nc+=l+3;
1154 p=q;
1155 }
1156
1157 i=ssl_verify_cert_chain(s,sk);
1158 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
1159#ifndef OPENSSL_NO_KRB5
1160 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1161 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1162#endif /* OPENSSL_NO_KRB5 */
1163 )
1164 {
1165 al=ssl_verify_alarm_type(s->verify_result);
1166 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
1167 goto f_err;
1168 }
1169 ERR_clear_error(); /* but we keep s->verify_result */
1170
1171 sc=ssl_sess_cert_new();
1172 if (sc == NULL) goto err;
1173
1174 if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
1175 s->session->sess_cert=sc;
1176
1177 sc->cert_chain=sk;
1178 /* Inconsistency alert: cert_chain does include the peer's
1179 * certificate, which we don't include in s3_srvr.c */
1180 x=sk_X509_value(sk,0);
1181 sk=NULL;
1182 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1183
1184 pkey=X509_get_pubkey(x);
1185
1186 /* VRS: allow null cert if auth == KRB5 */
1187 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1188 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1189 ? 0 : 1;
1190
1191#ifdef KSSL_DEBUG
1192 printf("pkey,x = %p, %p\n", pkey,x);
1193 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1194 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1195 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1196#endif /* KSSL_DEBUG */
1197
1198 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
1199 {
1200 x=NULL;
1201 al=SSL3_AL_FATAL;
1202 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1203 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1204 goto f_err;
1205 }
1206
1207 i=ssl_cert_type(x,pkey);
1208 if (need_cert && i < 0)
1209 {
1210 x=NULL;
1211 al=SSL3_AL_FATAL;
1212 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1213 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1214 goto f_err;
1215 }
1216
1217 if (need_cert)
1218 {
1219 sc->peer_cert_type=i;
1220 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1221 /* Why would the following ever happen?
1222 * We just created sc a couple of lines ago. */
1223 if (sc->peer_pkeys[i].x509 != NULL)
1224 X509_free(sc->peer_pkeys[i].x509);
1225 sc->peer_pkeys[i].x509=x;
1226 sc->peer_key= &(sc->peer_pkeys[i]);
1227
1228 if (s->session->peer != NULL)
1229 X509_free(s->session->peer);
1230 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
1231 s->session->peer=x;
1232 }
1233 else
1234 {
1235 sc->peer_cert_type=i;
1236 sc->peer_key= NULL;
1237
1238 if (s->session->peer != NULL)
1239 X509_free(s->session->peer);
1240 s->session->peer=NULL;
1241 }
1242 s->session->verify_result = s->verify_result;
1243
1244 x=NULL;
1245 ret=1;
1246
1247 if (0)
1248 {
1249f_err:
1250 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1251 }
1252err:
1253 EVP_PKEY_free(pkey);
1254 X509_free(x);
1255 sk_X509_pop_free(sk,X509_free);
1256 return(ret);
1257 }
1258
1259int ssl3_get_key_exchange(SSL *s)
1260 {
1261#ifndef OPENSSL_NO_RSA
1262 unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
1263#endif
1264 EVP_MD_CTX md_ctx;
1265 unsigned char *param,*p;
1266 int al,i,j,param_len,ok;
1267 long n,alg_k,alg_a;
1268 EVP_PKEY *pkey=NULL;
1269 const EVP_MD *md = NULL;
1270#ifndef OPENSSL_NO_RSA
1271 RSA *rsa=NULL;
1272#endif
1273#ifndef OPENSSL_NO_DH
1274 DH *dh=NULL;
1275#endif
1276#ifndef OPENSSL_NO_ECDH
1277 EC_KEY *ecdh = NULL;
1278 BN_CTX *bn_ctx = NULL;
1279 EC_POINT *srvr_ecpoint = NULL;
1280 int curve_nid = 0;
1281 int encoded_pt_len = 0;
1282#endif
1283
1284 /* use same message size as in ssl3_get_certificate_request()
1285 * as ServerKeyExchange message may be skipped */
1286 n=s->method->ssl_get_message(s,
1287 SSL3_ST_CR_KEY_EXCH_A,
1288 SSL3_ST_CR_KEY_EXCH_B,
1289 -1,
1290 s->max_cert_list,
1291 &ok);
1292 if (!ok) return((int)n);
1293
1294 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1295 {
1296#ifndef OPENSSL_NO_PSK
1297 /* In plain PSK ciphersuite, ServerKeyExchange can be
1298 omitted if no identity hint is sent. Set
1299 session->sess_cert anyway to avoid problems
1300 later.*/
1301 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
1302 {
1303 s->session->sess_cert=ssl_sess_cert_new();
1304 if (s->ctx->psk_identity_hint)
1305 OPENSSL_free(s->ctx->psk_identity_hint);
1306 s->ctx->psk_identity_hint = NULL;
1307 }
1308#endif
1309 s->s3->tmp.reuse_message=1;
1310 return(1);
1311 }
1312
1313 param=p=(unsigned char *)s->init_msg;
1314 if (s->session->sess_cert != NULL)
1315 {
1316#ifndef OPENSSL_NO_RSA
1317 if (s->session->sess_cert->peer_rsa_tmp != NULL)
1318 {
1319 RSA_free(s->session->sess_cert->peer_rsa_tmp);
1320 s->session->sess_cert->peer_rsa_tmp=NULL;
1321 }
1322#endif
1323#ifndef OPENSSL_NO_DH
1324 if (s->session->sess_cert->peer_dh_tmp)
1325 {
1326 DH_free(s->session->sess_cert->peer_dh_tmp);
1327 s->session->sess_cert->peer_dh_tmp=NULL;
1328 }
1329#endif
1330#ifndef OPENSSL_NO_ECDH
1331 if (s->session->sess_cert->peer_ecdh_tmp)
1332 {
1333 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1334 s->session->sess_cert->peer_ecdh_tmp=NULL;
1335 }
1336#endif
1337 }
1338 else
1339 {
1340 s->session->sess_cert=ssl_sess_cert_new();
1341 }
1342
1343 param_len=0;
1344 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1345 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
1346 EVP_MD_CTX_init(&md_ctx);
1347
1348#ifndef OPENSSL_NO_PSK
1349 if (alg_k & SSL_kPSK)
1350 {
1351 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1352
1353 al=SSL_AD_HANDSHAKE_FAILURE;
1354 n2s(p,i);
1355 param_len=i+2;
1356 /* Store PSK identity hint for later use, hint is used
1357 * in ssl3_send_client_key_exchange. Assume that the
1358 * maximum length of a PSK identity hint can be as
1359 * long as the maximum length of a PSK identity. */
1360 if (i > PSK_MAX_IDENTITY_LEN)
1361 {
1362 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1363 SSL_R_DATA_LENGTH_TOO_LONG);
1364 goto f_err;
1365 }
1366 if (param_len > n)
1367 {
1368 al=SSL_AD_DECODE_ERROR;
1369 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1370 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1371 goto f_err;
1372 }
1373 /* If received PSK identity hint contains NULL
1374 * characters, the hint is truncated from the first
1375 * NULL. p may not be ending with NULL, so create a
1376 * NULL-terminated string. */
1377 memcpy(tmp_id_hint, p, i);
1378 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
1379 if (s->ctx->psk_identity_hint != NULL)
1380 OPENSSL_free(s->ctx->psk_identity_hint);
1381 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1382 if (s->ctx->psk_identity_hint == NULL)
1383 {
1384 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1385 goto f_err;
1386 }
1387
1388 p+=i;
1389 n-=param_len;
1390 }
1391 else
1392#endif /* !OPENSSL_NO_PSK */
1393#ifndef OPENSSL_NO_SRP
1394 if (alg_k & SSL_kSRP)
1395 {
1396 n2s(p,i);
1397 param_len=i+2;
1398 if (param_len > n)
1399 {
1400 al=SSL_AD_DECODE_ERROR;
1401 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH);
1402 goto f_err;
1403 }
1404 if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL)))
1405 {
1406 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1407 goto err;
1408 }
1409 p+=i;
1410
1411 n2s(p,i);
1412 param_len+=i+2;
1413 if (param_len > n)
1414 {
1415 al=SSL_AD_DECODE_ERROR;
1416 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH);
1417 goto f_err;
1418 }
1419 if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL)))
1420 {
1421 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1422 goto err;
1423 }
1424 p+=i;
1425
1426 i = (unsigned int)(p[0]);
1427 p++;
1428 param_len+=i+1;
1429 if (param_len > n)
1430 {
1431 al=SSL_AD_DECODE_ERROR;
1432 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH);
1433 goto f_err;
1434 }
1435 if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL)))
1436 {
1437 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1438 goto err;
1439 }
1440 p+=i;
1441
1442 n2s(p,i);
1443 param_len+=i+2;
1444 if (param_len > n)
1445 {
1446 al=SSL_AD_DECODE_ERROR;
1447 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH);
1448 goto f_err;
1449 }
1450 if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL)))
1451 {
1452 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1453 goto err;
1454 }
1455 p+=i;
1456 n-=param_len;
1457
1458/* We must check if there is a certificate */
1459#ifndef OPENSSL_NO_RSA
1460 if (alg_a & SSL_aRSA)
1461 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1462#else
1463 if (0)
1464 ;
1465#endif
1466#ifndef OPENSSL_NO_DSA
1467 else if (alg_a & SSL_aDSS)
1468 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1469#endif
1470 }
1471 else
1472#endif /* !OPENSSL_NO_SRP */
1473#ifndef OPENSSL_NO_RSA
1474 if (alg_k & SSL_kRSA)
1475 {
1476 if ((rsa=RSA_new()) == NULL)
1477 {
1478 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1479 goto err;
1480 }
1481 n2s(p,i);
1482 param_len=i+2;
1483 if (param_len > n)
1484 {
1485 al=SSL_AD_DECODE_ERROR;
1486 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
1487 goto f_err;
1488 }
1489 if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
1490 {
1491 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1492 goto err;
1493 }
1494 p+=i;
1495
1496 n2s(p,i);
1497 param_len+=i+2;
1498 if (param_len > n)
1499 {
1500 al=SSL_AD_DECODE_ERROR;
1501 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
1502 goto f_err;
1503 }
1504 if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
1505 {
1506 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1507 goto err;
1508 }
1509 p+=i;
1510 n-=param_len;
1511
1512 /* this should be because we are using an export cipher */
1513 if (alg_a & SSL_aRSA)
1514 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1515 else
1516 {
1517 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1518 goto err;
1519 }
1520 s->session->sess_cert->peer_rsa_tmp=rsa;
1521 rsa=NULL;
1522 }
1523#else /* OPENSSL_NO_RSA */
1524 if (0)
1525 ;
1526#endif
1527#ifndef OPENSSL_NO_DH
1528 else if (alg_k & SSL_kEDH)
1529 {
1530 if ((dh=DH_new()) == NULL)
1531 {
1532 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
1533 goto err;
1534 }
1535 n2s(p,i);
1536 param_len=i+2;
1537 if (param_len > n)
1538 {
1539 al=SSL_AD_DECODE_ERROR;
1540 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
1541 goto f_err;
1542 }
1543 if (!(dh->p=BN_bin2bn(p,i,NULL)))
1544 {
1545 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1546 goto err;
1547 }
1548 p+=i;
1549
1550 n2s(p,i);
1551 param_len+=i+2;
1552 if (param_len > n)
1553 {
1554 al=SSL_AD_DECODE_ERROR;
1555 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
1556 goto f_err;
1557 }
1558 if (!(dh->g=BN_bin2bn(p,i,NULL)))
1559 {
1560 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1561 goto err;
1562 }
1563 p+=i;
1564
1565 n2s(p,i);
1566 param_len+=i+2;
1567 if (param_len > n)
1568 {
1569 al=SSL_AD_DECODE_ERROR;
1570 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
1571 goto f_err;
1572 }
1573 if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
1574 {
1575 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
1576 goto err;
1577 }
1578 p+=i;
1579 n-=param_len;
1580
1581#ifndef OPENSSL_NO_RSA
1582 if (alg_a & SSL_aRSA)
1583 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1584#else
1585 if (0)
1586 ;
1587#endif
1588#ifndef OPENSSL_NO_DSA
1589 else if (alg_a & SSL_aDSS)
1590 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1591#endif
1592 /* else anonymous DH, so no certificate or pkey. */
1593
1594 s->session->sess_cert->peer_dh_tmp=dh;
1595 dh=NULL;
1596 }
1597 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
1598 {
1599 al=SSL_AD_ILLEGAL_PARAMETER;
1600 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1601 goto f_err;
1602 }
1603#endif /* !OPENSSL_NO_DH */
1604
1605#ifndef OPENSSL_NO_ECDH
1606 else if (alg_k & SSL_kEECDH)
1607 {
1608 EC_GROUP *ngroup;
1609 const EC_GROUP *group;
1610
1611 if ((ecdh=EC_KEY_new()) == NULL)
1612 {
1613 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1614 goto err;
1615 }
1616
1617 /* Extract elliptic curve parameters and the
1618 * server's ephemeral ECDH public key.
1619 * Keep accumulating lengths of various components in
1620 * param_len and make sure it never exceeds n.
1621 */
1622
1623 /* XXX: For now we only support named (not generic) curves
1624 * and the ECParameters in this case is just three bytes.
1625 */
1626 param_len=3;
1627 if ((param_len > n) ||
1628 (*p != NAMED_CURVE_TYPE) ||
1629 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
1630 {
1631 al=SSL_AD_INTERNAL_ERROR;
1632 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1633 goto f_err;
1634 }
1635
1636 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1637 if (ngroup == NULL)
1638 {
1639 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1640 goto err;
1641 }
1642 if (EC_KEY_set_group(ecdh, ngroup) == 0)
1643 {
1644 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
1645 goto err;
1646 }
1647 EC_GROUP_free(ngroup);
1648
1649 group = EC_KEY_get0_group(ecdh);
1650
1651 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1652 (EC_GROUP_get_degree(group) > 163))
1653 {
1654 al=SSL_AD_EXPORT_RESTRICTION;
1655 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1656 goto f_err;
1657 }
1658
1659 p+=3;
1660
1661 /* Next, get the encoded ECPoint */
1662 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1663 ((bn_ctx = BN_CTX_new()) == NULL))
1664 {
1665 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1666 goto err;
1667 }
1668
1669 encoded_pt_len = *p; /* length of encoded point */
1670 p+=1;
1671 param_len += (1 + encoded_pt_len);
1672 if ((param_len > n) ||
1673 (EC_POINT_oct2point(group, srvr_ecpoint,
1674 p, encoded_pt_len, bn_ctx) == 0))
1675 {
1676 al=SSL_AD_DECODE_ERROR;
1677 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
1678 goto f_err;
1679 }
1680
1681 n-=param_len;
1682 p+=encoded_pt_len;
1683
1684 /* The ECC/TLS specification does not mention
1685 * the use of DSA to sign ECParameters in the server
1686 * key exchange message. We do support RSA and ECDSA.
1687 */
1688 if (0) ;
1689#ifndef OPENSSL_NO_RSA
1690 else if (alg_a & SSL_aRSA)
1691 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1692#endif
1693#ifndef OPENSSL_NO_ECDSA
1694 else if (alg_a & SSL_aECDSA)
1695 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1696#endif
1697 /* else anonymous ECDH, so no certificate or pkey. */
1698 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1699 s->session->sess_cert->peer_ecdh_tmp=ecdh;
1700 ecdh=NULL;
1701 BN_CTX_free(bn_ctx);
1702 bn_ctx = NULL;
1703 EC_POINT_free(srvr_ecpoint);
1704 srvr_ecpoint = NULL;
1705 }
1706 else if (alg_k)
1707 {
1708 al=SSL_AD_UNEXPECTED_MESSAGE;
1709 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1710 goto f_err;
1711 }
1712#endif /* !OPENSSL_NO_ECDH */
1713
1714
1715 /* p points to the next byte, there are 'n' bytes left */
1716
1717 /* if it was signed, check the signature */
1718 if (pkey != NULL)
1719 {
1720 if (TLS1_get_version(s) >= TLS1_2_VERSION)
1721 {
1722 int sigalg = tls12_get_sigid(pkey);
1723 /* Should never happen */
1724 if (sigalg == -1)
1725 {
1726 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1727 goto err;
1728 }
1729 /* Check key type is consistent with signature */
1730 if (sigalg != (int)p[1])
1731 {
1732 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE);
1733 al=SSL_AD_DECODE_ERROR;
1734 goto f_err;
1735 }
1736 md = tls12_get_hash(p[0]);
1737 if (md == NULL)
1738 {
1739 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST);
1740 al=SSL_AD_DECODE_ERROR;
1741 goto f_err;
1742 }
1743#ifdef SSL_DEBUG
1744fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
1745#endif
1746 p += 2;
1747 n -= 2;
1748 }
1749 else
1750 md = EVP_sha1();
1751
1752 n2s(p,i);
1753 n-=2;
1754 j=EVP_PKEY_size(pkey);
1755
1756 if ((i != n) || (n > j) || (n <= 0))
1757 {
1758 /* wrong packet length */
1759 al=SSL_AD_DECODE_ERROR;
1760 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
1761 goto f_err;
1762 }
1763
1764#ifndef OPENSSL_NO_RSA
1765 if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION)
1766 {
1767 int num;
1768
1769 j=0;
1770 q=md_buf;
1771 for (num=2; num > 0; num--)
1772 {
1773 EVP_MD_CTX_set_flags(&md_ctx,
1774 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1775 EVP_DigestInit_ex(&md_ctx,(num == 2)
1776 ?s->ctx->md5:s->ctx->sha1, NULL);
1777 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1778 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1779 EVP_DigestUpdate(&md_ctx,param,param_len);
1780 EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
1781 q+=i;
1782 j+=i;
1783 }
1784 i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
1785 pkey->pkey.rsa);
1786 if (i < 0)
1787 {
1788 al=SSL_AD_DECRYPT_ERROR;
1789 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1790 goto f_err;
1791 }
1792 if (i == 0)
1793 {
1794 /* bad signature */
1795 al=SSL_AD_DECRYPT_ERROR;
1796 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1797 goto f_err;
1798 }
1799 }
1800 else
1801#endif
1802 {
1803 EVP_VerifyInit_ex(&md_ctx, md, NULL);
1804 EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1805 EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1806 EVP_VerifyUpdate(&md_ctx,param,param_len);
1807 if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1808 {
1809 /* bad signature */
1810 al=SSL_AD_DECRYPT_ERROR;
1811 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
1812 goto f_err;
1813 }
1814 }
1815 }
1816 else
1817 {
1818 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
1819 /* aNULL or kPSK do not need public keys */
1820 {
1821 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1822 goto err;
1823 }
1824 /* still data left over */
1825 if (n != 0)
1826 {
1827 al=SSL_AD_DECODE_ERROR;
1828 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
1829 goto f_err;
1830 }
1831 }
1832 EVP_PKEY_free(pkey);
1833 EVP_MD_CTX_cleanup(&md_ctx);
1834 return(1);
1835f_err:
1836 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1837err:
1838 EVP_PKEY_free(pkey);
1839#ifndef OPENSSL_NO_RSA
1840 if (rsa != NULL)
1841 RSA_free(rsa);
1842#endif
1843#ifndef OPENSSL_NO_DH
1844 if (dh != NULL)
1845 DH_free(dh);
1846#endif
1847#ifndef OPENSSL_NO_ECDH
1848 BN_CTX_free(bn_ctx);
1849 EC_POINT_free(srvr_ecpoint);
1850 if (ecdh != NULL)
1851 EC_KEY_free(ecdh);
1852#endif
1853 EVP_MD_CTX_cleanup(&md_ctx);
1854 return(-1);
1855 }
1856
1857int ssl3_get_certificate_request(SSL *s)
1858 {
1859 int ok,ret=0;
1860 unsigned long n,nc,l;
1861 unsigned int llen, ctype_num,i;
1862 X509_NAME *xn=NULL;
1863 const unsigned char *p,*q;
1864 unsigned char *d;
1865 STACK_OF(X509_NAME) *ca_sk=NULL;
1866
1867 n=s->method->ssl_get_message(s,
1868 SSL3_ST_CR_CERT_REQ_A,
1869 SSL3_ST_CR_CERT_REQ_B,
1870 -1,
1871 s->max_cert_list,
1872 &ok);
1873
1874 if (!ok) return((int)n);
1875
1876 s->s3->tmp.cert_req=0;
1877
1878 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
1879 {
1880 s->s3->tmp.reuse_message=1;
1881 /* If we get here we don't need any cached handshake records
1882 * as we wont be doing client auth.
1883 */
1884 if (s->s3->handshake_buffer)
1885 {
1886 if (!ssl3_digest_cached_records(s))
1887 goto err;
1888 }
1889 return(1);
1890 }
1891
1892 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
1893 {
1894 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1895 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
1896 goto err;
1897 }
1898
1899 /* TLS does not like anon-DH with client cert */
1900 if (s->version > SSL3_VERSION)
1901 {
1902 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1903 {
1904 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1905 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1906 goto err;
1907 }
1908 }
1909
1910 p=d=(unsigned char *)s->init_msg;
1911
1912 if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
1913 {
1914 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
1915 goto err;
1916 }
1917
1918 /* get the certificate types */
1919 ctype_num= *(p++);
1920 if (ctype_num > SSL3_CT_NUMBER)
1921 ctype_num=SSL3_CT_NUMBER;
1922 for (i=0; i<ctype_num; i++)
1923 s->s3->tmp.ctype[i]= p[i];
1924 p+=ctype_num;
1925 if (TLS1_get_version(s) >= TLS1_2_VERSION)
1926 {
1927 n2s(p, llen);
1928 /* Check we have enough room for signature algorithms and
1929 * following length value.
1930 */
1931 if ((unsigned long)(p - d + llen + 2) > n)
1932 {
1933 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1934 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
1935 goto err;
1936 }
1937 if ((llen & 1) || !tls1_process_sigalgs(s, p, llen))
1938 {
1939 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1940 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1941 goto err;
1942 }
1943 p += llen;
1944 }
1945
1946 /* get the CA RDNs */
1947 n2s(p,llen);
1948#if 0
1949{
1950FILE *out;
1951out=fopen("/tmp/vsign.der","w");
1952fwrite(p,1,llen,out);
1953fclose(out);
1954}
1955#endif
1956
1957 if ((unsigned long)(p - d + llen) != n)
1958 {
1959 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1960 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
1961 goto err;
1962 }
1963
1964 for (nc=0; nc<llen; )
1965 {
1966 n2s(p,l);
1967 if ((l+nc+2) > llen)
1968 {
1969 if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
1970 goto cont; /* netscape bugs */
1971 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1972 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
1973 goto err;
1974 }
1975
1976 q=p;
1977
1978 if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
1979 {
1980 /* If netscape tolerance is on, ignore errors */
1981 if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
1982 goto cont;
1983 else
1984 {
1985 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1986 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
1987 goto err;
1988 }
1989 }
1990
1991 if (q != (p+l))
1992 {
1993 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
1994 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
1995 goto err;
1996 }
1997 if (!sk_X509_NAME_push(ca_sk,xn))
1998 {
1999 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
2000 goto err;
2001 }
2002
2003 p+=l;
2004 nc+=l+2;
2005 }
2006
2007 if (0)
2008 {
2009cont:
2010 ERR_clear_error();
2011 }
2012
2013 /* we should setup a certificate to return.... */
2014 s->s3->tmp.cert_req=1;
2015 s->s3->tmp.ctype_num=ctype_num;
2016 if (s->s3->tmp.ca_names != NULL)
2017 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2018 s->s3->tmp.ca_names=ca_sk;
2019 ca_sk=NULL;
2020
2021 ret=1;
2022err:
2023 if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
2024 return(ret);
2025 }
2026
2027static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
2028 {
2029 return(X509_NAME_cmp(*a,*b));
2030 }
2031#ifndef OPENSSL_NO_TLSEXT
2032int ssl3_get_new_session_ticket(SSL *s)
2033 {
2034 int ok,al,ret=0, ticklen;
2035 long n;
2036 const unsigned char *p;
2037 unsigned char *d;
2038
2039 n=s->method->ssl_get_message(s,
2040 SSL3_ST_CR_SESSION_TICKET_A,
2041 SSL3_ST_CR_SESSION_TICKET_B,
2042 -1,
2043 16384,
2044 &ok);
2045
2046 if (!ok)
2047 return((int)n);
2048
2049 if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
2050 {
2051 s->s3->tmp.reuse_message=1;
2052 return(1);
2053 }
2054 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
2055 {
2056 al=SSL_AD_UNEXPECTED_MESSAGE;
2057 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
2058 goto f_err;
2059 }
2060 if (n < 6)
2061 {
2062 /* need at least ticket_lifetime_hint + ticket length */
2063 al = SSL_AD_DECODE_ERROR;
2064 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
2065 goto f_err;
2066 }
2067
2068 p=d=(unsigned char *)s->init_msg;
2069 n2l(p, s->session->tlsext_tick_lifetime_hint);
2070 n2s(p, ticklen);
2071 /* ticket_lifetime_hint + ticket_length + ticket */
2072 if (ticklen + 6 != n)
2073 {
2074 al = SSL_AD_DECODE_ERROR;
2075 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
2076 goto f_err;
2077 }
2078 if (s->session->tlsext_tick)
2079 {
2080 OPENSSL_free(s->session->tlsext_tick);
2081 s->session->tlsext_ticklen = 0;
2082 }
2083 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
2084 if (!s->session->tlsext_tick)
2085 {
2086 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
2087 goto err;
2088 }
2089 memcpy(s->session->tlsext_tick, p, ticklen);
2090 s->session->tlsext_ticklen = ticklen;
2091 /* There are two ways to detect a resumed ticket sesion.
2092 * One is to set an appropriate session ID and then the server
2093 * must return a match in ServerHello. This allows the normal
2094 * client session ID matching to work and we know much
2095 * earlier that the ticket has been accepted.
2096 *
2097 * The other way is to set zero length session ID when the
2098 * ticket is presented and rely on the handshake to determine
2099 * session resumption.
2100 *
2101 * We choose the former approach because this fits in with
2102 * assumptions elsewhere in OpenSSL. The session ID is set
2103 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
2104 * ticket.
2105 */
2106 EVP_Digest(p, ticklen,
2107 s->session->session_id, &s->session->session_id_length,
2108#ifndef OPENSSL_NO_SHA256
2109 EVP_sha256(), NULL);
2110#else
2111 EVP_sha1(), NULL);
2112#endif
2113 ret=1;
2114 return(ret);
2115f_err:
2116 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2117err:
2118 return(-1);
2119 }
2120
2121int ssl3_get_cert_status(SSL *s)
2122 {
2123 int ok, al;
2124 unsigned long resplen,n;
2125 const unsigned char *p;
2126
2127 n=s->method->ssl_get_message(s,
2128 SSL3_ST_CR_CERT_STATUS_A,
2129 SSL3_ST_CR_CERT_STATUS_B,
2130 SSL3_MT_CERTIFICATE_STATUS,
2131 16384,
2132 &ok);
2133
2134 if (!ok) return((int)n);
2135 if (n < 4)
2136 {
2137 /* need at least status type + length */
2138 al = SSL_AD_DECODE_ERROR;
2139 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
2140 goto f_err;
2141 }
2142 p = (unsigned char *)s->init_msg;
2143 if (*p++ != TLSEXT_STATUSTYPE_ocsp)
2144 {
2145 al = SSL_AD_DECODE_ERROR;
2146 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
2147 goto f_err;
2148 }
2149 n2l3(p, resplen);
2150 if (resplen + 4 != n)
2151 {
2152 al = SSL_AD_DECODE_ERROR;
2153 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
2154 goto f_err;
2155 }
2156 if (s->tlsext_ocsp_resp)
2157 OPENSSL_free(s->tlsext_ocsp_resp);
2158 s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
2159 if (!s->tlsext_ocsp_resp)
2160 {
2161 al = SSL_AD_INTERNAL_ERROR;
2162 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
2163 goto f_err;
2164 }
2165 s->tlsext_ocsp_resplen = resplen;
2166 if (s->ctx->tlsext_status_cb)
2167 {
2168 int ret;
2169 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
2170 if (ret == 0)
2171 {
2172 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
2173 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
2174 goto f_err;
2175 }
2176 if (ret < 0)
2177 {
2178 al = SSL_AD_INTERNAL_ERROR;
2179 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
2180 goto f_err;
2181 }
2182 }
2183 return 1;
2184f_err:
2185 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2186 return(-1);
2187 }
2188#endif
2189
2190int ssl3_get_server_done(SSL *s)
2191 {
2192 int ok,ret=0;
2193 long n;
2194
2195 n=s->method->ssl_get_message(s,
2196 SSL3_ST_CR_SRVR_DONE_A,
2197 SSL3_ST_CR_SRVR_DONE_B,
2198 SSL3_MT_SERVER_DONE,
2199 30, /* should be very small, like 0 :-) */
2200 &ok);
2201
2202 if (!ok) return((int)n);
2203 if (n > 0)
2204 {
2205 /* should contain no data */
2206 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
2207 SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
2208 return -1;
2209 }
2210 ret=1;
2211 return(ret);
2212 }
2213
2214
2215int ssl3_send_client_key_exchange(SSL *s)
2216 {
2217 unsigned char *p,*d;
2218 int n;
2219 unsigned long alg_k;
2220#ifndef OPENSSL_NO_RSA
2221 unsigned char *q;
2222 EVP_PKEY *pkey=NULL;
2223#endif
2224#ifndef OPENSSL_NO_KRB5
2225 KSSL_ERR kssl_err;
2226#endif /* OPENSSL_NO_KRB5 */
2227#ifndef OPENSSL_NO_ECDH
2228 EC_KEY *clnt_ecdh = NULL;
2229 const EC_POINT *srvr_ecpoint = NULL;
2230 EVP_PKEY *srvr_pub_pkey = NULL;
2231 unsigned char *encodedPoint = NULL;
2232 int encoded_pt_len = 0;
2233 BN_CTX * bn_ctx = NULL;
2234#endif
2235
2236 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
2237 {
2238 d=(unsigned char *)s->init_buf->data;
2239 p= &(d[4]);
2240
2241 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2242
2243 /* Fool emacs indentation */
2244 if (0) {}
2245#ifndef OPENSSL_NO_RSA
2246 else if (alg_k & SSL_kRSA)
2247 {
2248 RSA *rsa;
2249 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2250
2251 if (s->session->sess_cert->peer_rsa_tmp != NULL)
2252 rsa=s->session->sess_cert->peer_rsa_tmp;
2253 else
2254 {
2255 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
2256 if ((pkey == NULL) ||
2257 (pkey->type != EVP_PKEY_RSA) ||
2258 (pkey->pkey.rsa == NULL))
2259 {
2260 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2261 goto err;
2262 }
2263 rsa=pkey->pkey.rsa;
2264 EVP_PKEY_free(pkey);
2265 }
2266
2267 tmp_buf[0]=s->client_version>>8;
2268 tmp_buf[1]=s->client_version&0xff;
2269 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2270 goto err;
2271
2272 s->session->master_key_length=sizeof tmp_buf;
2273
2274 q=p;
2275 /* Fix buf for TLS and beyond */
2276 if (s->version > SSL3_VERSION)
2277 p+=2;
2278 n=RSA_public_encrypt(sizeof tmp_buf,
2279 tmp_buf,p,rsa,RSA_PKCS1_PADDING);
2280#ifdef PKCS1_CHECK
2281 if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
2282 if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
2283#endif
2284 if (n <= 0)
2285 {
2286 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
2287 goto err;
2288 }
2289
2290 /* Fix buf for TLS and beyond */
2291 if (s->version > SSL3_VERSION)
2292 {
2293 s2n(n,q);
2294 n+=2;
2295 }
2296
2297 s->session->master_key_length=
2298 s->method->ssl3_enc->generate_master_secret(s,
2299 s->session->master_key,
2300 tmp_buf,sizeof tmp_buf);
2301 OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
2302 }
2303#endif
2304#ifndef OPENSSL_NO_KRB5
2305 else if (alg_k & SSL_kKRB5)
2306 {
2307 krb5_error_code krb5rc;
2308 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2309 /* krb5_data krb5_ap_req; */
2310 krb5_data *enc_ticket;
2311 krb5_data authenticator, *authp = NULL;
2312 EVP_CIPHER_CTX ciph_ctx;
2313 const EVP_CIPHER *enc = NULL;
2314 unsigned char iv[EVP_MAX_IV_LENGTH];
2315 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
2316 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
2317 + EVP_MAX_IV_LENGTH];
2318 int padl, outl = sizeof(epms);
2319
2320 EVP_CIPHER_CTX_init(&ciph_ctx);
2321
2322#ifdef KSSL_DEBUG
2323 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
2324 alg_k, SSL_kKRB5);
2325#endif /* KSSL_DEBUG */
2326
2327 authp = NULL;
2328#ifdef KRB5SENDAUTH
2329 if (KRB5SENDAUTH) authp = &authenticator;
2330#endif /* KRB5SENDAUTH */
2331
2332 krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
2333 &kssl_err);
2334 enc = kssl_map_enc(kssl_ctx->enctype);
2335 if (enc == NULL)
2336 goto err;
2337#ifdef KSSL_DEBUG
2338 {
2339 printf("kssl_cget_tkt rtn %d\n", krb5rc);
2340 if (krb5rc && kssl_err.text)
2341 printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
2342 }
2343#endif /* KSSL_DEBUG */
2344
2345 if (krb5rc)
2346 {
2347 ssl3_send_alert(s,SSL3_AL_FATAL,
2348 SSL_AD_HANDSHAKE_FAILURE);
2349 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2350 kssl_err.reason);
2351 goto err;
2352 }
2353
2354 /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
2355 ** in place of RFC 2712 KerberosWrapper, as in:
2356 **
2357 ** Send ticket (copy to *p, set n = length)
2358 ** n = krb5_ap_req.length;
2359 ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
2360 ** if (krb5_ap_req.data)
2361 ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
2362 **
2363 ** Now using real RFC 2712 KerberosWrapper
2364 ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
2365 ** Note: 2712 "opaque" types are here replaced
2366 ** with a 2-byte length followed by the value.
2367 ** Example:
2368 ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
2369 ** Where "xx xx" = length bytes. Shown here with
2370 ** optional authenticator omitted.
2371 */
2372
2373 /* KerberosWrapper.Ticket */
2374 s2n(enc_ticket->length,p);
2375 memcpy(p, enc_ticket->data, enc_ticket->length);
2376 p+= enc_ticket->length;
2377 n = enc_ticket->length + 2;
2378
2379 /* KerberosWrapper.Authenticator */
2380 if (authp && authp->length)
2381 {
2382 s2n(authp->length,p);
2383 memcpy(p, authp->data, authp->length);
2384 p+= authp->length;
2385 n+= authp->length + 2;
2386
2387 free(authp->data);
2388 authp->data = NULL;
2389 authp->length = 0;
2390 }
2391 else
2392 {
2393 s2n(0,p);/* null authenticator length */
2394 n+=2;
2395 }
2396
2397 tmp_buf[0]=s->client_version>>8;
2398 tmp_buf[1]=s->client_version&0xff;
2399 if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
2400 goto err;
2401
2402 /* 20010420 VRS. Tried it this way; failed.
2403 ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
2404 ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
2405 ** kssl_ctx->length);
2406 ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
2407 */
2408
2409 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2410 EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
2411 kssl_ctx->key,iv);
2412 EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
2413 sizeof tmp_buf);
2414 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
2415 outl += padl;
2416 if (outl > (int)sizeof epms)
2417 {
2418 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2419 goto err;
2420 }
2421 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2422
2423 /* KerberosWrapper.EncryptedPreMasterSecret */
2424 s2n(outl,p);
2425 memcpy(p, epms, outl);
2426 p+=outl;
2427 n+=outl + 2;
2428
2429 s->session->master_key_length=
2430 s->method->ssl3_enc->generate_master_secret(s,
2431 s->session->master_key,
2432 tmp_buf, sizeof tmp_buf);
2433
2434 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
2435 OPENSSL_cleanse(epms, outl);
2436 }
2437#endif
2438#ifndef OPENSSL_NO_DH
2439 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2440 {
2441 DH *dh_srvr,*dh_clnt;
2442
2443 if (s->session->sess_cert == NULL)
2444 {
2445 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2446 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2447 goto err;
2448 }
2449
2450 if (s->session->sess_cert->peer_dh_tmp != NULL)
2451 dh_srvr=s->session->sess_cert->peer_dh_tmp;
2452 else
2453 {
2454 /* we get them from the cert */
2455 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
2456 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
2457 goto err;
2458 }
2459
2460 /* generate a new random key */
2461 if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
2462 {
2463 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2464 goto err;
2465 }
2466 if (!DH_generate_key(dh_clnt))
2467 {
2468 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2469 DH_free(dh_clnt);
2470 goto err;
2471 }
2472
2473 /* use the 'p' output buffer for the DH key, but
2474 * make sure to clear it out afterwards */
2475
2476 n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
2477
2478 if (n <= 0)
2479 {
2480 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2481 DH_free(dh_clnt);
2482 goto err;
2483 }
2484
2485 /* generate master key from the result */
2486 s->session->master_key_length=
2487 s->method->ssl3_enc->generate_master_secret(s,
2488 s->session->master_key,p,n);
2489 /* clean up */
2490 memset(p,0,n);
2491
2492 /* send off the data */
2493 n=BN_num_bytes(dh_clnt->pub_key);
2494 s2n(n,p);
2495 BN_bn2bin(dh_clnt->pub_key,p);
2496 n+=2;
2497
2498 DH_free(dh_clnt);
2499
2500 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2501 }
2502#endif
2503
2504#ifndef OPENSSL_NO_ECDH
2505 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2506 {
2507 const EC_GROUP *srvr_group = NULL;
2508 EC_KEY *tkey;
2509 int ecdh_clnt_cert = 0;
2510 int field_size = 0;
2511
2512 /* Did we send out the client's
2513 * ECDH share for use in premaster
2514 * computation as part of client certificate?
2515 * If so, set ecdh_clnt_cert to 1.
2516 */
2517 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
2518 {
2519 /* XXX: For now, we do not support client
2520 * authentication using ECDH certificates.
2521 * To add such support, one needs to add
2522 * code that checks for appropriate
2523 * conditions and sets ecdh_clnt_cert to 1.
2524 * For example, the cert have an ECC
2525 * key on the same curve as the server's
2526 * and the key should be authorized for
2527 * key agreement.
2528 *
2529 * One also needs to add code in ssl3_connect
2530 * to skip sending the certificate verify
2531 * message.
2532 *
2533 * if ((s->cert->key->privatekey != NULL) &&
2534 * (s->cert->key->privatekey->type ==
2535 * EVP_PKEY_EC) && ...)
2536 * ecdh_clnt_cert = 1;
2537 */
2538 }
2539
2540 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
2541 {
2542 tkey = s->session->sess_cert->peer_ecdh_tmp;
2543 }
2544 else
2545 {
2546 /* Get the Server Public Key from Cert */
2547 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2548 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2549 if ((srvr_pub_pkey == NULL) ||
2550 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
2551 (srvr_pub_pkey->pkey.ec == NULL))
2552 {
2553 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2554 ERR_R_INTERNAL_ERROR);
2555 goto err;
2556 }
2557
2558 tkey = srvr_pub_pkey->pkey.ec;
2559 }
2560
2561 srvr_group = EC_KEY_get0_group(tkey);
2562 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2563
2564 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
2565 {
2566 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2567 ERR_R_INTERNAL_ERROR);
2568 goto err;
2569 }
2570
2571 if ((clnt_ecdh=EC_KEY_new()) == NULL)
2572 {
2573 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2574 goto err;
2575 }
2576
2577 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
2578 {
2579 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2580 goto err;
2581 }
2582 if (ecdh_clnt_cert)
2583 {
2584 /* Reuse key info from our certificate
2585 * We only need our private key to perform
2586 * the ECDH computation.
2587 */
2588 const BIGNUM *priv_key;
2589 tkey = s->cert->key->privatekey->pkey.ec;
2590 priv_key = EC_KEY_get0_private_key(tkey);
2591 if (priv_key == NULL)
2592 {
2593 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2594 goto err;
2595 }
2596 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
2597 {
2598 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
2599 goto err;
2600 }
2601 }
2602 else
2603 {
2604 /* Generate a new ECDH key pair */
2605 if (!(EC_KEY_generate_key(clnt_ecdh)))
2606 {
2607 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
2608 goto err;
2609 }
2610 }
2611
2612 /* use the 'p' output buffer for the ECDH key, but
2613 * make sure to clear it out afterwards
2614 */
2615
2616 field_size = EC_GROUP_get_degree(srvr_group);
2617 if (field_size <= 0)
2618 {
2619 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2620 ERR_R_ECDH_LIB);
2621 goto err;
2622 }
2623 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
2624 if (n <= 0)
2625 {
2626 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2627 ERR_R_ECDH_LIB);
2628 goto err;
2629 }
2630
2631 /* generate master key from the result */
2632 s->session->master_key_length = s->method->ssl3_enc \
2633 -> generate_master_secret(s,
2634 s->session->master_key,
2635 p, n);
2636
2637 memset(p, 0, n); /* clean up */
2638
2639 if (ecdh_clnt_cert)
2640 {
2641 /* Send empty client key exch message */
2642 n = 0;
2643 }
2644 else
2645 {
2646 /* First check the size of encoding and
2647 * allocate memory accordingly.
2648 */
2649 encoded_pt_len =
2650 EC_POINT_point2oct(srvr_group,
2651 EC_KEY_get0_public_key(clnt_ecdh),
2652 POINT_CONVERSION_UNCOMPRESSED,
2653 NULL, 0, NULL);
2654
2655 encodedPoint = (unsigned char *)
2656 OPENSSL_malloc(encoded_pt_len *
2657 sizeof(unsigned char));
2658 bn_ctx = BN_CTX_new();
2659 if ((encodedPoint == NULL) ||
2660 (bn_ctx == NULL))
2661 {
2662 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
2663 goto err;
2664 }
2665
2666 /* Encode the public key */
2667 n = EC_POINT_point2oct(srvr_group,
2668 EC_KEY_get0_public_key(clnt_ecdh),
2669 POINT_CONVERSION_UNCOMPRESSED,
2670 encodedPoint, encoded_pt_len, bn_ctx);
2671
2672 *p = n; /* length of encoded point */
2673 /* Encoded point will be copied here */
2674 p += 1;
2675 /* copy the point */
2676 memcpy((unsigned char *)p, encodedPoint, n);
2677 /* increment n to account for length field */
2678 n += 1;
2679 }
2680
2681 /* Free allocated memory */
2682 BN_CTX_free(bn_ctx);
2683 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2684 if (clnt_ecdh != NULL)
2685 EC_KEY_free(clnt_ecdh);
2686 EVP_PKEY_free(srvr_pub_pkey);
2687 }
2688#endif /* !OPENSSL_NO_ECDH */
2689 else if (alg_k & SSL_kGOST)
2690 {
2691 /* GOST key exchange message creation */
2692 EVP_PKEY_CTX *pkey_ctx;
2693 X509 *peer_cert;
2694 size_t msglen;
2695 unsigned int md_len;
2696 int keytype;
2697 unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
2698 EVP_MD_CTX *ukm_hash;
2699 EVP_PKEY *pub_key;
2700
2701 /* Get server sertificate PKEY and create ctx from it */
2702 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
2703 if (!peer_cert)
2704 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
2705 if (!peer_cert) {
2706 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2707 goto err;
2708 }
2709
2710 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
2711 /* If we have send a certificate, and certificate key
2712
2713 * parameters match those of server certificate, use
2714 * certificate key for key exchange
2715 */
2716
2717 /* Otherwise, generate ephemeral key pair */
2718
2719 EVP_PKEY_encrypt_init(pkey_ctx);
2720 /* Generate session key */
2721 RAND_bytes(premaster_secret,32);
2722 /* If we have client certificate, use its secret as peer key */
2723 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2724 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
2725 /* If there was an error - just ignore it. Ephemeral key
2726 * would be used
2727 */
2728 ERR_clear_error();
2729 }
2730 }
2731 /* Compute shared IV and store it in algorithm-specific
2732 * context data */
2733 ukm_hash = EVP_MD_CTX_create();
2734 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
2735 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
2736 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
2737 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2738 EVP_MD_CTX_destroy(ukm_hash);
2739 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
2740 8,shared_ukm)<0) {
2741 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2742 SSL_R_LIBRARY_BUG);
2743 goto err;
2744 }
2745 /* Make GOST keytransport blob message */
2746 /*Encapsulate it into sequence */
2747 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2748 msglen=255;
2749 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
2750 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2751 SSL_R_LIBRARY_BUG);
2752 goto err;
2753 }
2754 if (msglen >= 0x80)
2755 {
2756 *(p++)=0x81;
2757 *(p++)= msglen & 0xff;
2758 n=msglen+3;
2759 }
2760 else
2761 {
2762 *(p++)= msglen & 0xff;
2763 n=msglen+2;
2764 }
2765 memcpy(p, tmp, msglen);
2766 /* Check if pubkey from client certificate was used */
2767 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2768 {
2769 /* Set flag "skip certificate verify" */
2770 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2771 }
2772 EVP_PKEY_CTX_free(pkey_ctx);
2773 s->session->master_key_length=
2774 s->method->ssl3_enc->generate_master_secret(s,
2775 s->session->master_key,premaster_secret,32);
2776 EVP_PKEY_free(pub_key);
2777
2778 }
2779#ifndef OPENSSL_NO_SRP
2780 else if (alg_k & SSL_kSRP)
2781 {
2782 if (s->srp_ctx.A != NULL)
2783 {
2784 /* send off the data */
2785 n=BN_num_bytes(s->srp_ctx.A);
2786 s2n(n,p);
2787 BN_bn2bin(s->srp_ctx.A,p);
2788 n+=2;
2789 }
2790 else
2791 {
2792 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2793 goto err;
2794 }
2795 if (s->session->srp_username != NULL)
2796 OPENSSL_free(s->session->srp_username);
2797 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2798 if (s->session->srp_username == NULL)
2799 {
2800 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2801 ERR_R_MALLOC_FAILURE);
2802 goto err;
2803 }
2804
2805 if ((s->session->master_key_length = SRP_generate_client_master_secret(s,s->session->master_key))<0)
2806 {
2807 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2808 goto err;
2809 }
2810 }
2811#endif
2812#ifndef OPENSSL_NO_PSK
2813 else if (alg_k & SSL_kPSK)
2814 {
2815 char identity[PSK_MAX_IDENTITY_LEN];
2816 unsigned char *t = NULL;
2817 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2818 unsigned int pre_ms_len = 0, psk_len = 0;
2819 int psk_err = 1;
2820
2821 n = 0;
2822 if (s->psk_client_callback == NULL)
2823 {
2824 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2825 SSL_R_PSK_NO_CLIENT_CB);
2826 goto err;
2827 }
2828
2829 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2830 identity, PSK_MAX_IDENTITY_LEN,
2831 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2832 if (psk_len > PSK_MAX_PSK_LEN)
2833 {
2834 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2835 ERR_R_INTERNAL_ERROR);
2836 goto psk_err;
2837 }
2838 else if (psk_len == 0)
2839 {
2840 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2841 SSL_R_PSK_IDENTITY_NOT_FOUND);
2842 goto psk_err;
2843 }
2844
2845 /* create PSK pre_master_secret */
2846 pre_ms_len = 2+psk_len+2+psk_len;
2847 t = psk_or_pre_ms;
2848 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2849 s2n(psk_len, t);
2850 memset(t, 0, psk_len);
2851 t+=psk_len;
2852 s2n(psk_len, t);
2853
2854 if (s->session->psk_identity_hint != NULL)
2855 OPENSSL_free(s->session->psk_identity_hint);
2856 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2857 if (s->ctx->psk_identity_hint != NULL &&
2858 s->session->psk_identity_hint == NULL)
2859 {
2860 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2861 ERR_R_MALLOC_FAILURE);
2862 goto psk_err;
2863 }
2864
2865 if (s->session->psk_identity != NULL)
2866 OPENSSL_free(s->session->psk_identity);
2867 s->session->psk_identity = BUF_strdup(identity);
2868 if (s->session->psk_identity == NULL)
2869 {
2870 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2871 ERR_R_MALLOC_FAILURE);
2872 goto psk_err;
2873 }
2874
2875 s->session->master_key_length =
2876 s->method->ssl3_enc->generate_master_secret(s,
2877 s->session->master_key,
2878 psk_or_pre_ms, pre_ms_len);
2879 n = strlen(identity);
2880 s2n(n, p);
2881 memcpy(p, identity, n);
2882 n+=2;
2883 psk_err = 0;
2884 psk_err:
2885 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2886 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2887 if (psk_err != 0)
2888 {
2889 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2890 goto err;
2891 }
2892 }
2893#endif
2894 else
2895 {
2896 ssl3_send_alert(s, SSL3_AL_FATAL,
2897 SSL_AD_HANDSHAKE_FAILURE);
2898 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2899 ERR_R_INTERNAL_ERROR);
2900 goto err;
2901 }
2902
2903 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
2904 l2n3(n,d);
2905
2906 s->state=SSL3_ST_CW_KEY_EXCH_B;
2907 /* number of bytes to write */
2908 s->init_num=n+4;
2909 s->init_off=0;
2910 }
2911
2912 /* SSL3_ST_CW_KEY_EXCH_B */
2913 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2914err:
2915#ifndef OPENSSL_NO_ECDH
2916 BN_CTX_free(bn_ctx);
2917 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2918 if (clnt_ecdh != NULL)
2919 EC_KEY_free(clnt_ecdh);
2920 EVP_PKEY_free(srvr_pub_pkey);
2921#endif
2922 return(-1);
2923 }
2924
2925int ssl3_send_client_verify(SSL *s)
2926 {
2927 unsigned char *p,*d;
2928 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
2929 EVP_PKEY *pkey;
2930 EVP_PKEY_CTX *pctx=NULL;
2931 EVP_MD_CTX mctx;
2932 unsigned u=0;
2933 unsigned long n;
2934 int j;
2935
2936 EVP_MD_CTX_init(&mctx);
2937
2938 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
2939 {
2940 d=(unsigned char *)s->init_buf->data;
2941 p= &(d[4]);
2942 pkey=s->cert->key->privatekey;
2943/* Create context from key and test if sha1 is allowed as digest */
2944 pctx = EVP_PKEY_CTX_new(pkey,NULL);
2945 EVP_PKEY_sign_init(pctx);
2946 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
2947 {
2948 if (TLS1_get_version(s) < TLS1_2_VERSION)
2949 s->method->ssl3_enc->cert_verify_mac(s,
2950 NID_sha1,
2951 &(data[MD5_DIGEST_LENGTH]));
2952 }
2953 else
2954 {
2955 ERR_clear_error();
2956 }
2957 /* For TLS v1.2 send signature algorithm and signature
2958 * using agreed digest and cached handshake records.
2959 */
2960 if (TLS1_get_version(s) >= TLS1_2_VERSION)
2961 {
2962 long hdatalen = 0;
2963 void *hdata;
2964 const EVP_MD *md = s->cert->key->digest;
2965 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
2966 &hdata);
2967 if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md))
2968 {
2969 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2970 ERR_R_INTERNAL_ERROR);
2971 goto err;
2972 }
2973 p += 2;
2974#ifdef SSL_DEBUG
2975 fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
2976 EVP_MD_name(md));
2977#endif
2978 if (!EVP_SignInit_ex(&mctx, md, NULL)
2979 || !EVP_SignUpdate(&mctx, hdata, hdatalen)
2980 || !EVP_SignFinal(&mctx, p + 2, &u, pkey))
2981 {
2982 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2983 ERR_R_EVP_LIB);
2984 goto err;
2985 }
2986 s2n(u,p);
2987 n = u + 4;
2988 if (!ssl3_digest_cached_records(s))
2989 goto err;
2990 }
2991 else
2992#ifndef OPENSSL_NO_RSA
2993 if (pkey->type == EVP_PKEY_RSA)
2994 {
2995 s->method->ssl3_enc->cert_verify_mac(s,
2996 NID_md5,
2997 &(data[0]));
2998 if (RSA_sign(NID_md5_sha1, data,
2999 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
3000 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
3001 {
3002 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
3003 goto err;
3004 }
3005 s2n(u,p);
3006 n=u+2;
3007 }
3008 else
3009#endif
3010#ifndef OPENSSL_NO_DSA
3011 if (pkey->type == EVP_PKEY_DSA)
3012 {
3013 if (!DSA_sign(pkey->save_type,
3014 &(data[MD5_DIGEST_LENGTH]),
3015 SHA_DIGEST_LENGTH,&(p[2]),
3016 (unsigned int *)&j,pkey->pkey.dsa))
3017 {
3018 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
3019 goto err;
3020 }
3021 s2n(j,p);
3022 n=j+2;
3023 }
3024 else
3025#endif
3026#ifndef OPENSSL_NO_ECDSA
3027 if (pkey->type == EVP_PKEY_EC)
3028 {
3029 if (!ECDSA_sign(pkey->save_type,
3030 &(data[MD5_DIGEST_LENGTH]),
3031 SHA_DIGEST_LENGTH,&(p[2]),
3032 (unsigned int *)&j,pkey->pkey.ec))
3033 {
3034 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
3035 ERR_R_ECDSA_LIB);
3036 goto err;
3037 }
3038 s2n(j,p);
3039 n=j+2;
3040 }
3041 else
3042#endif
3043 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
3044 {
3045 unsigned char signbuf[64];
3046 int i;
3047 size_t sigsize=64;
3048 s->method->ssl3_enc->cert_verify_mac(s,
3049 NID_id_GostR3411_94,
3050 data);
3051 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
3052 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
3053 ERR_R_INTERNAL_ERROR);
3054 goto err;
3055 }
3056 for (i=63,j=0; i>=0; j++, i--) {
3057 p[2+j]=signbuf[i];
3058 }
3059 s2n(j,p);
3060 n=j+2;
3061 }
3062 else
3063 {
3064 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
3065 goto err;
3066 }
3067 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
3068 l2n3(n,d);
3069
3070 s->state=SSL3_ST_CW_CERT_VRFY_B;
3071 s->init_num=(int)n+4;
3072 s->init_off=0;
3073 }
3074 EVP_MD_CTX_cleanup(&mctx);
3075 EVP_PKEY_CTX_free(pctx);
3076 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3077err:
3078 EVP_MD_CTX_cleanup(&mctx);
3079 EVP_PKEY_CTX_free(pctx);
3080 return(-1);
3081 }
3082
3083int ssl3_send_client_certificate(SSL *s)
3084 {
3085 X509 *x509=NULL;
3086 EVP_PKEY *pkey=NULL;
3087 int i;
3088 unsigned long l;
3089
3090 if (s->state == SSL3_ST_CW_CERT_A)
3091 {
3092 if ((s->cert == NULL) ||
3093 (s->cert->key->x509 == NULL) ||
3094 (s->cert->key->privatekey == NULL))
3095 s->state=SSL3_ST_CW_CERT_B;
3096 else
3097 s->state=SSL3_ST_CW_CERT_C;
3098 }
3099
3100 /* We need to get a client cert */
3101 if (s->state == SSL3_ST_CW_CERT_B)
3102 {
3103 /* If we get an error, we need to
3104 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
3105 * We then get retied later */
3106 i=0;
3107 i = ssl_do_client_cert_cb(s, &x509, &pkey);
3108 if (i < 0)
3109 {
3110 s->rwstate=SSL_X509_LOOKUP;
3111 return(-1);
3112 }
3113 s->rwstate=SSL_NOTHING;
3114 if ((i == 1) && (pkey != NULL) && (x509 != NULL))
3115 {
3116 s->state=SSL3_ST_CW_CERT_B;
3117 if ( !SSL_use_certificate(s,x509) ||
3118 !SSL_use_PrivateKey(s,pkey))
3119 i=0;
3120 }
3121 else if (i == 1)
3122 {
3123 i=0;
3124 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
3125 }
3126
3127 if (x509 != NULL) X509_free(x509);
3128 if (pkey != NULL) EVP_PKEY_free(pkey);
3129 if (i == 0)
3130 {
3131 if (s->version == SSL3_VERSION)
3132 {
3133 s->s3->tmp.cert_req=0;
3134 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
3135 return(1);
3136 }
3137 else
3138 {
3139 s->s3->tmp.cert_req=2;
3140 }
3141 }
3142
3143 /* Ok, we have a cert */
3144 s->state=SSL3_ST_CW_CERT_C;
3145 }
3146
3147 if (s->state == SSL3_ST_CW_CERT_C)
3148 {
3149 s->state=SSL3_ST_CW_CERT_D;
3150 l=ssl3_output_cert_chain(s,
3151 (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
3152 s->init_num=(int)l;
3153 s->init_off=0;
3154 }
3155 /* SSL3_ST_CW_CERT_D */
3156 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3157 }
3158
3159#define has_bits(i,m) (((i)&(m)) == (m))
3160
3161int ssl3_check_cert_and_algorithm(SSL *s)
3162 {
3163 int i,idx;
3164 long alg_k,alg_a;
3165 EVP_PKEY *pkey=NULL;
3166 SESS_CERT *sc;
3167#ifndef OPENSSL_NO_RSA
3168 RSA *rsa;
3169#endif
3170#ifndef OPENSSL_NO_DH
3171 DH *dh;
3172#endif
3173
3174 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
3175 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
3176
3177 /* we don't have a certificate */
3178 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
3179 return(1);
3180
3181 sc=s->session->sess_cert;
3182 if (sc == NULL)
3183 {
3184 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
3185 goto err;
3186 }
3187
3188#ifndef OPENSSL_NO_RSA
3189 rsa=s->session->sess_cert->peer_rsa_tmp;
3190#endif
3191#ifndef OPENSSL_NO_DH
3192 dh=s->session->sess_cert->peer_dh_tmp;
3193#endif
3194
3195 /* This is the passed certificate */
3196
3197 idx=sc->peer_cert_type;
3198#ifndef OPENSSL_NO_ECDH
3199 if (idx == SSL_PKEY_ECC)
3200 {
3201 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
3202 s) == 0)
3203 { /* check failed */
3204 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
3205 goto f_err;
3206 }
3207 else
3208 {
3209 return 1;
3210 }
3211 }
3212#endif
3213 pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
3214 i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
3215 EVP_PKEY_free(pkey);
3216
3217
3218 /* Check that we have a certificate if we require one */
3219 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
3220 {
3221 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
3222 goto f_err;
3223 }
3224#ifndef OPENSSL_NO_DSA
3225 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
3226 {
3227 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
3228 goto f_err;
3229 }
3230#endif
3231#ifndef OPENSSL_NO_RSA
3232 if ((alg_k & SSL_kRSA) &&
3233 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
3234 {
3235 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
3236 goto f_err;
3237 }
3238#endif
3239#ifndef OPENSSL_NO_DH
3240 if ((alg_k & SSL_kEDH) &&
3241 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
3242 {
3243 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
3244 goto f_err;
3245 }
3246 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
3247 {
3248 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
3249 goto f_err;
3250 }
3251#ifndef OPENSSL_NO_DSA
3252 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
3253 {
3254 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
3255 goto f_err;
3256 }
3257#endif
3258#endif
3259
3260 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
3261 {
3262#ifndef OPENSSL_NO_RSA
3263 if (alg_k & SSL_kRSA)
3264 {
3265 if (rsa == NULL
3266 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
3267 {
3268 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
3269 goto f_err;
3270 }
3271 }
3272 else
3273#endif
3274#ifndef OPENSSL_NO_DH
3275 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
3276 {
3277 if (dh == NULL
3278 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
3279 {
3280 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
3281 goto f_err;
3282 }
3283 }
3284 else
3285#endif
3286 {
3287 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
3288 goto f_err;
3289 }
3290 }
3291 return(1);
3292f_err:
3293 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
3294err:
3295 return(0);
3296 }
3297
3298#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3299int ssl3_send_next_proto(SSL *s)
3300 {
3301 unsigned int len, padding_len;
3302 unsigned char *d;
3303
3304 if (s->state == SSL3_ST_CW_NEXT_PROTO_A)
3305 {
3306 len = s->next_proto_negotiated_len;
3307 padding_len = 32 - ((len + 2) % 32);
3308 d = (unsigned char *)s->init_buf->data;
3309 d[4] = len;
3310 memcpy(d + 5, s->next_proto_negotiated, len);
3311 d[5 + len] = padding_len;
3312 memset(d + 6 + len, 0, padding_len);
3313 *(d++)=SSL3_MT_NEXT_PROTO;
3314 l2n3(2 + len + padding_len, d);
3315 s->state = SSL3_ST_CW_NEXT_PROTO_B;
3316 s->init_num = 4 + 2 + len + padding_len;
3317 s->init_off = 0;
3318 }
3319
3320 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
3321}
3322#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
3323
3324/* Check to see if handshake is full or resumed. Usually this is just a
3325 * case of checking to see if a cache hit has occurred. In the case of
3326 * session tickets we have to check the next message to be sure.
3327 */
3328
3329#ifndef OPENSSL_NO_TLSEXT
3330int ssl3_check_finished(SSL *s)
3331 {
3332 int ok;
3333 long n;
3334 /* If we have no ticket it cannot be a resumed session. */
3335 if (!s->session->tlsext_tick)
3336 return 1;
3337 /* this function is called when we really expect a Certificate
3338 * message, so permit appropriate message length */
3339 n=s->method->ssl_get_message(s,
3340 SSL3_ST_CR_CERT_A,
3341 SSL3_ST_CR_CERT_B,
3342 -1,
3343 s->max_cert_list,
3344 &ok);
3345 if (!ok) return((int)n);
3346 s->s3->tmp.reuse_message = 1;
3347 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
3348 || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
3349 return 2;
3350
3351 return 1;
3352 }
3353#endif
3354
3355int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
3356 {
3357 int i = 0;
3358#ifndef OPENSSL_NO_ENGINE
3359 if (s->ctx->client_cert_engine)
3360 {
3361 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
3362 SSL_get_client_CA_list(s),
3363 px509, ppkey, NULL, NULL, NULL);
3364 if (i != 0)
3365 return i;
3366 }
3367#endif
3368 if (s->ctx->client_cert_cb)
3369 i = s->ctx->client_cert_cb(s,px509,ppkey);
3370 return i;
3371 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index b73b5ac87f..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,4282 +0,0 @@
1/* ssl/s3_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152#include <openssl/objects.h>
153#include "ssl_locl.h"
154#include "kssl_lcl.h"
155#ifndef OPENSSL_NO_TLSEXT
156#ifndef OPENSSL_NO_EC
157#include "../crypto/ec/ec_lcl.h"
158#endif /* OPENSSL_NO_EC */
159#endif /* OPENSSL_NO_TLSEXT */
160#include <openssl/md5.h>
161#ifndef OPENSSL_NO_DH
162#include <openssl/dh.h>
163#endif
164
165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
166
167#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
168
169/* list of available SSLv3 ciphers (sorted by id) */
170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
172/* The RSA ciphers */
173/* Cipher 01 */
174 {
175 1,
176 SSL3_TXT_RSA_NULL_MD5,
177 SSL3_CK_RSA_NULL_MD5,
178 SSL_kRSA,
179 SSL_aRSA,
180 SSL_eNULL,
181 SSL_MD5,
182 SSL_SSLV3,
183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 0,
186 0,
187 },
188
189/* Cipher 02 */
190 {
191 1,
192 SSL3_TXT_RSA_NULL_SHA,
193 SSL3_CK_RSA_NULL_SHA,
194 SSL_kRSA,
195 SSL_aRSA,
196 SSL_eNULL,
197 SSL_SHA1,
198 SSL_SSLV3,
199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 0,
202 0,
203 },
204
205/* Cipher 03 */
206 {
207 1,
208 SSL3_TXT_RSA_RC4_40_MD5,
209 SSL3_CK_RSA_RC4_40_MD5,
210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_RC4,
213 SSL_MD5,
214 SSL_SSLV3,
215 SSL_EXPORT|SSL_EXP40,
216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 40,
218 128,
219 },
220
221/* Cipher 04 */
222 {
223 1,
224 SSL3_TXT_RSA_RC4_128_MD5,
225 SSL3_CK_RSA_RC4_128_MD5,
226 SSL_kRSA,
227 SSL_aRSA,
228 SSL_RC4,
229 SSL_MD5,
230 SSL_SSLV3,
231 SSL_NOT_EXP|SSL_MEDIUM,
232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 128,
234 128,
235 },
236
237/* Cipher 05 */
238 {
239 1,
240 SSL3_TXT_RSA_RC4_128_SHA,
241 SSL3_CK_RSA_RC4_128_SHA,
242 SSL_kRSA,
243 SSL_aRSA,
244 SSL_RC4,
245 SSL_SHA1,
246 SSL_SSLV3,
247 SSL_NOT_EXP|SSL_MEDIUM,
248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
249 128,
250 128,
251 },
252
253/* Cipher 06 */
254 {
255 1,
256 SSL3_TXT_RSA_RC2_40_MD5,
257 SSL3_CK_RSA_RC2_40_MD5,
258 SSL_kRSA,
259 SSL_aRSA,
260 SSL_RC2,
261 SSL_MD5,
262 SSL_SSLV3,
263 SSL_EXPORT|SSL_EXP40,
264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
265 40,
266 128,
267 },
268
269/* Cipher 07 */
270#ifndef OPENSSL_NO_IDEA
271 {
272 1,
273 SSL3_TXT_RSA_IDEA_128_SHA,
274 SSL3_CK_RSA_IDEA_128_SHA,
275 SSL_kRSA,
276 SSL_aRSA,
277 SSL_IDEA,
278 SSL_SHA1,
279 SSL_SSLV3,
280 SSL_NOT_EXP|SSL_MEDIUM,
281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
282 128,
283 128,
284 },
285#endif
286
287/* Cipher 08 */
288 {
289 1,
290 SSL3_TXT_RSA_DES_40_CBC_SHA,
291 SSL3_CK_RSA_DES_40_CBC_SHA,
292 SSL_kRSA,
293 SSL_aRSA,
294 SSL_DES,
295 SSL_SHA1,
296 SSL_SSLV3,
297 SSL_EXPORT|SSL_EXP40,
298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
299 40,
300 56,
301 },
302
303/* Cipher 09 */
304 {
305 1,
306 SSL3_TXT_RSA_DES_64_CBC_SHA,
307 SSL3_CK_RSA_DES_64_CBC_SHA,
308 SSL_kRSA,
309 SSL_aRSA,
310 SSL_DES,
311 SSL_SHA1,
312 SSL_SSLV3,
313 SSL_NOT_EXP|SSL_LOW,
314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
315 56,
316 56,
317 },
318
319/* Cipher 0A */
320 {
321 1,
322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
323 SSL3_CK_RSA_DES_192_CBC3_SHA,
324 SSL_kRSA,
325 SSL_aRSA,
326 SSL_3DES,
327 SSL_SHA1,
328 SSL_SSLV3,
329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
331 168,
332 168,
333 },
334
335/* The DH ciphers */
336/* Cipher 0B */
337 {
338 0,
339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
341 SSL_kDHd,
342 SSL_aDH,
343 SSL_DES,
344 SSL_SHA1,
345 SSL_SSLV3,
346 SSL_EXPORT|SSL_EXP40,
347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 40,
349 56,
350 },
351
352/* Cipher 0C */
353 {
354 0, /* not implemented (non-ephemeral DH) */
355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
357 SSL_kDHd,
358 SSL_aDH,
359 SSL_DES,
360 SSL_SHA1,
361 SSL_SSLV3,
362 SSL_NOT_EXP|SSL_LOW,
363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
364 56,
365 56,
366 },
367
368/* Cipher 0D */
369 {
370 0, /* not implemented (non-ephemeral DH) */
371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
373 SSL_kDHd,
374 SSL_aDH,
375 SSL_3DES,
376 SSL_SHA1,
377 SSL_SSLV3,
378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
380 168,
381 168,
382 },
383
384/* Cipher 0E */
385 {
386 0, /* not implemented (non-ephemeral DH) */
387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
389 SSL_kDHr,
390 SSL_aDH,
391 SSL_DES,
392 SSL_SHA1,
393 SSL_SSLV3,
394 SSL_EXPORT|SSL_EXP40,
395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
396 40,
397 56,
398 },
399
400/* Cipher 0F */
401 {
402 0, /* not implemented (non-ephemeral DH) */
403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
405 SSL_kDHr,
406 SSL_aDH,
407 SSL_DES,
408 SSL_SHA1,
409 SSL_SSLV3,
410 SSL_NOT_EXP|SSL_LOW,
411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
412 56,
413 56,
414 },
415
416/* Cipher 10 */
417 {
418 0, /* not implemented (non-ephemeral DH) */
419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
421 SSL_kDHr,
422 SSL_aDH,
423 SSL_3DES,
424 SSL_SHA1,
425 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168,
429 168,
430 },
431
432/* The Ephemeral DH ciphers */
433/* Cipher 11 */
434 {
435 1,
436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
438 SSL_kEDH,
439 SSL_aDSS,
440 SSL_DES,
441 SSL_SHA1,
442 SSL_SSLV3,
443 SSL_EXPORT|SSL_EXP40,
444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
445 40,
446 56,
447 },
448
449/* Cipher 12 */
450 {
451 1,
452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
454 SSL_kEDH,
455 SSL_aDSS,
456 SSL_DES,
457 SSL_SHA1,
458 SSL_SSLV3,
459 SSL_NOT_EXP|SSL_LOW,
460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
461 56,
462 56,
463 },
464
465/* Cipher 13 */
466 {
467 1,
468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
470 SSL_kEDH,
471 SSL_aDSS,
472 SSL_3DES,
473 SSL_SHA1,
474 SSL_SSLV3,
475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
477 168,
478 168,
479 },
480
481/* Cipher 14 */
482 {
483 1,
484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
486 SSL_kEDH,
487 SSL_aRSA,
488 SSL_DES,
489 SSL_SHA1,
490 SSL_SSLV3,
491 SSL_EXPORT|SSL_EXP40,
492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 40,
494 56,
495 },
496
497/* Cipher 15 */
498 {
499 1,
500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
502 SSL_kEDH,
503 SSL_aRSA,
504 SSL_DES,
505 SSL_SHA1,
506 SSL_SSLV3,
507 SSL_NOT_EXP|SSL_LOW,
508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
509 56,
510 56,
511 },
512
513/* Cipher 16 */
514 {
515 1,
516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
518 SSL_kEDH,
519 SSL_aRSA,
520 SSL_3DES,
521 SSL_SHA1,
522 SSL_SSLV3,
523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
525 168,
526 168,
527 },
528
529/* Cipher 17 */
530 {
531 1,
532 SSL3_TXT_ADH_RC4_40_MD5,
533 SSL3_CK_ADH_RC4_40_MD5,
534 SSL_kEDH,
535 SSL_aNULL,
536 SSL_RC4,
537 SSL_MD5,
538 SSL_SSLV3,
539 SSL_EXPORT|SSL_EXP40,
540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
541 40,
542 128,
543 },
544
545/* Cipher 18 */
546 {
547 1,
548 SSL3_TXT_ADH_RC4_128_MD5,
549 SSL3_CK_ADH_RC4_128_MD5,
550 SSL_kEDH,
551 SSL_aNULL,
552 SSL_RC4,
553 SSL_MD5,
554 SSL_SSLV3,
555 SSL_NOT_EXP|SSL_MEDIUM,
556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
557 128,
558 128,
559 },
560
561/* Cipher 19 */
562 {
563 1,
564 SSL3_TXT_ADH_DES_40_CBC_SHA,
565 SSL3_CK_ADH_DES_40_CBC_SHA,
566 SSL_kEDH,
567 SSL_aNULL,
568 SSL_DES,
569 SSL_SHA1,
570 SSL_SSLV3,
571 SSL_EXPORT|SSL_EXP40,
572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
573 40,
574 128,
575 },
576
577/* Cipher 1A */
578 {
579 1,
580 SSL3_TXT_ADH_DES_64_CBC_SHA,
581 SSL3_CK_ADH_DES_64_CBC_SHA,
582 SSL_kEDH,
583 SSL_aNULL,
584 SSL_DES,
585 SSL_SHA1,
586 SSL_SSLV3,
587 SSL_NOT_EXP|SSL_LOW,
588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
589 56,
590 56,
591 },
592
593/* Cipher 1B */
594 {
595 1,
596 SSL3_TXT_ADH_DES_192_CBC_SHA,
597 SSL3_CK_ADH_DES_192_CBC_SHA,
598 SSL_kEDH,
599 SSL_aNULL,
600 SSL_3DES,
601 SSL_SHA1,
602 SSL_SSLV3,
603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
605 168,
606 168,
607 },
608
609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0
611/* Cipher 1C */
612 {
613 0,
614 SSL3_TXT_FZA_DMS_NULL_SHA,
615 SSL3_CK_FZA_DMS_NULL_SHA,
616 SSL_kFZA,
617 SSL_aFZA,
618 SSL_eNULL,
619 SSL_SHA1,
620 SSL_SSLV3,
621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
623 0,
624 0,
625 },
626
627/* Cipher 1D */
628 {
629 0,
630 SSL3_TXT_FZA_DMS_FZA_SHA,
631 SSL3_CK_FZA_DMS_FZA_SHA,
632 SSL_kFZA,
633 SSL_aFZA,
634 SSL_eFZA,
635 SSL_SHA1,
636 SSL_SSLV3,
637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
639 0,
640 0,
641 },
642
643/* Cipher 1E */
644 {
645 0,
646 SSL3_TXT_FZA_DMS_RC4_SHA,
647 SSL3_CK_FZA_DMS_RC4_SHA,
648 SSL_kFZA,
649 SSL_aFZA,
650 SSL_RC4,
651 SSL_SHA1,
652 SSL_SSLV3,
653 SSL_NOT_EXP|SSL_MEDIUM,
654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
655 128,
656 128,
657 },
658#endif
659
660#ifndef OPENSSL_NO_KRB5
661/* The Kerberos ciphers*/
662/* Cipher 1E */
663 {
664 1,
665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
666 SSL3_CK_KRB5_DES_64_CBC_SHA,
667 SSL_kKRB5,
668 SSL_aKRB5,
669 SSL_DES,
670 SSL_SHA1,
671 SSL_SSLV3,
672 SSL_NOT_EXP|SSL_LOW,
673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
674 56,
675 56,
676 },
677
678/* Cipher 1F */
679 {
680 1,
681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
683 SSL_kKRB5,
684 SSL_aKRB5,
685 SSL_3DES,
686 SSL_SHA1,
687 SSL_SSLV3,
688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
690 168,
691 168,
692 },
693
694/* Cipher 20 */
695 {
696 1,
697 SSL3_TXT_KRB5_RC4_128_SHA,
698 SSL3_CK_KRB5_RC4_128_SHA,
699 SSL_kKRB5,
700 SSL_aKRB5,
701 SSL_RC4,
702 SSL_SHA1,
703 SSL_SSLV3,
704 SSL_NOT_EXP|SSL_MEDIUM,
705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
706 128,
707 128,
708 },
709
710/* Cipher 21 */
711 {
712 1,
713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
715 SSL_kKRB5,
716 SSL_aKRB5,
717 SSL_IDEA,
718 SSL_SHA1,
719 SSL_SSLV3,
720 SSL_NOT_EXP|SSL_MEDIUM,
721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 128,
723 128,
724 },
725
726/* Cipher 22 */
727 {
728 1,
729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
730 SSL3_CK_KRB5_DES_64_CBC_MD5,
731 SSL_kKRB5,
732 SSL_aKRB5,
733 SSL_DES,
734 SSL_MD5,
735 SSL_SSLV3,
736 SSL_NOT_EXP|SSL_LOW,
737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
738 56,
739 56,
740 },
741
742/* Cipher 23 */
743 {
744 1,
745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
747 SSL_kKRB5,
748 SSL_aKRB5,
749 SSL_3DES,
750 SSL_MD5,
751 SSL_SSLV3,
752 SSL_NOT_EXP|SSL_HIGH,
753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
754 168,
755 168,
756 },
757
758/* Cipher 24 */
759 {
760 1,
761 SSL3_TXT_KRB5_RC4_128_MD5,
762 SSL3_CK_KRB5_RC4_128_MD5,
763 SSL_kKRB5,
764 SSL_aKRB5,
765 SSL_RC4,
766 SSL_MD5,
767 SSL_SSLV3,
768 SSL_NOT_EXP|SSL_MEDIUM,
769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
770 128,
771 128,
772 },
773
774/* Cipher 25 */
775 {
776 1,
777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
779 SSL_kKRB5,
780 SSL_aKRB5,
781 SSL_IDEA,
782 SSL_MD5,
783 SSL_SSLV3,
784 SSL_NOT_EXP|SSL_MEDIUM,
785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
786 128,
787 128,
788 },
789
790/* Cipher 26 */
791 {
792 1,
793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
794 SSL3_CK_KRB5_DES_40_CBC_SHA,
795 SSL_kKRB5,
796 SSL_aKRB5,
797 SSL_DES,
798 SSL_SHA1,
799 SSL_SSLV3,
800 SSL_EXPORT|SSL_EXP40,
801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
802 40,
803 56,
804 },
805
806/* Cipher 27 */
807 {
808 1,
809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
811 SSL_kKRB5,
812 SSL_aKRB5,
813 SSL_RC2,
814 SSL_SHA1,
815 SSL_SSLV3,
816 SSL_EXPORT|SSL_EXP40,
817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
818 40,
819 128,
820 },
821
822/* Cipher 28 */
823 {
824 1,
825 SSL3_TXT_KRB5_RC4_40_SHA,
826 SSL3_CK_KRB5_RC4_40_SHA,
827 SSL_kKRB5,
828 SSL_aKRB5,
829 SSL_RC4,
830 SSL_SHA1,
831 SSL_SSLV3,
832 SSL_EXPORT|SSL_EXP40,
833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
834 40,
835 128,
836 },
837
838/* Cipher 29 */
839 {
840 1,
841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
842 SSL3_CK_KRB5_DES_40_CBC_MD5,
843 SSL_kKRB5,
844 SSL_aKRB5,
845 SSL_DES,
846 SSL_MD5,
847 SSL_SSLV3,
848 SSL_EXPORT|SSL_EXP40,
849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
850 40,
851 56,
852 },
853
854/* Cipher 2A */
855 {
856 1,
857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
859 SSL_kKRB5,
860 SSL_aKRB5,
861 SSL_RC2,
862 SSL_MD5,
863 SSL_SSLV3,
864 SSL_EXPORT|SSL_EXP40,
865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
866 40,
867 128,
868 },
869
870/* Cipher 2B */
871 {
872 1,
873 SSL3_TXT_KRB5_RC4_40_MD5,
874 SSL3_CK_KRB5_RC4_40_MD5,
875 SSL_kKRB5,
876 SSL_aKRB5,
877 SSL_RC4,
878 SSL_MD5,
879 SSL_SSLV3,
880 SSL_EXPORT|SSL_EXP40,
881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
882 40,
883 128,
884 },
885#endif /* OPENSSL_NO_KRB5 */
886
887/* New AES ciphersuites */
888/* Cipher 2F */
889 {
890 1,
891 TLS1_TXT_RSA_WITH_AES_128_SHA,
892 TLS1_CK_RSA_WITH_AES_128_SHA,
893 SSL_kRSA,
894 SSL_aRSA,
895 SSL_AES128,
896 SSL_SHA1,
897 SSL_TLSV1,
898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
900 128,
901 128,
902 },
903/* Cipher 30 */
904 {
905 0,
906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
908 SSL_kDHd,
909 SSL_aDH,
910 SSL_AES128,
911 SSL_SHA1,
912 SSL_TLSV1,
913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
915 128,
916 128,
917 },
918/* Cipher 31 */
919 {
920 0,
921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
923 SSL_kDHr,
924 SSL_aDH,
925 SSL_AES128,
926 SSL_SHA1,
927 SSL_TLSV1,
928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
930 128,
931 128,
932 },
933/* Cipher 32 */
934 {
935 1,
936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
938 SSL_kEDH,
939 SSL_aDSS,
940 SSL_AES128,
941 SSL_SHA1,
942 SSL_TLSV1,
943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
945 128,
946 128,
947 },
948/* Cipher 33 */
949 {
950 1,
951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
953 SSL_kEDH,
954 SSL_aRSA,
955 SSL_AES128,
956 SSL_SHA1,
957 SSL_TLSV1,
958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
960 128,
961 128,
962 },
963/* Cipher 34 */
964 {
965 1,
966 TLS1_TXT_ADH_WITH_AES_128_SHA,
967 TLS1_CK_ADH_WITH_AES_128_SHA,
968 SSL_kEDH,
969 SSL_aNULL,
970 SSL_AES128,
971 SSL_SHA1,
972 SSL_TLSV1,
973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
975 128,
976 128,
977 },
978
979/* Cipher 35 */
980 {
981 1,
982 TLS1_TXT_RSA_WITH_AES_256_SHA,
983 TLS1_CK_RSA_WITH_AES_256_SHA,
984 SSL_kRSA,
985 SSL_aRSA,
986 SSL_AES256,
987 SSL_SHA1,
988 SSL_TLSV1,
989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
991 256,
992 256,
993 },
994/* Cipher 36 */
995 {
996 0,
997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
999 SSL_kDHd,
1000 SSL_aDH,
1001 SSL_AES256,
1002 SSL_SHA1,
1003 SSL_TLSV1,
1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1006 256,
1007 256,
1008 },
1009
1010/* Cipher 37 */
1011 {
1012 0, /* not implemented (non-ephemeral DH) */
1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
1015 SSL_kDHr,
1016 SSL_aDH,
1017 SSL_AES256,
1018 SSL_SHA1,
1019 SSL_TLSV1,
1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1022 256,
1023 256,
1024 },
1025
1026/* Cipher 38 */
1027 {
1028 1,
1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
1031 SSL_kEDH,
1032 SSL_aDSS,
1033 SSL_AES256,
1034 SSL_SHA1,
1035 SSL_TLSV1,
1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1038 256,
1039 256,
1040 },
1041
1042/* Cipher 39 */
1043 {
1044 1,
1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
1047 SSL_kEDH,
1048 SSL_aRSA,
1049 SSL_AES256,
1050 SSL_SHA1,
1051 SSL_TLSV1,
1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1054 256,
1055 256,
1056 },
1057
1058 /* Cipher 3A */
1059 {
1060 1,
1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
1062 TLS1_CK_ADH_WITH_AES_256_SHA,
1063 SSL_kEDH,
1064 SSL_aNULL,
1065 SSL_AES256,
1066 SSL_SHA1,
1067 SSL_TLSV1,
1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1070 256,
1071 256,
1072 },
1073
1074 /* TLS v1.2 ciphersuites */
1075 /* Cipher 3B */
1076 {
1077 1,
1078 TLS1_TXT_RSA_WITH_NULL_SHA256,
1079 TLS1_CK_RSA_WITH_NULL_SHA256,
1080 SSL_kRSA,
1081 SSL_aRSA,
1082 SSL_eNULL,
1083 SSL_SHA256,
1084 SSL_TLSV1_2,
1085 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
1086 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1087 0,
1088 0,
1089 },
1090
1091 /* Cipher 3C */
1092 {
1093 1,
1094 TLS1_TXT_RSA_WITH_AES_128_SHA256,
1095 TLS1_CK_RSA_WITH_AES_128_SHA256,
1096 SSL_kRSA,
1097 SSL_aRSA,
1098 SSL_AES128,
1099 SSL_SHA256,
1100 SSL_TLSV1_2,
1101 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1102 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1103 128,
1104 128,
1105 },
1106
1107 /* Cipher 3D */
1108 {
1109 1,
1110 TLS1_TXT_RSA_WITH_AES_256_SHA256,
1111 TLS1_CK_RSA_WITH_AES_256_SHA256,
1112 SSL_kRSA,
1113 SSL_aRSA,
1114 SSL_AES256,
1115 SSL_SHA256,
1116 SSL_TLSV1_2,
1117 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1118 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256,
1120 256,
1121 },
1122
1123 /* Cipher 3E */
1124 {
1125 0, /* not implemented (non-ephemeral DH) */
1126 TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
1127 TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
1128 SSL_kDHr,
1129 SSL_aDH,
1130 SSL_AES128,
1131 SSL_SHA256,
1132 SSL_TLSV1_2,
1133 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1134 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1135 128,
1136 128,
1137 },
1138
1139 /* Cipher 3F */
1140 {
1141 0, /* not implemented (non-ephemeral DH) */
1142 TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
1143 TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
1144 SSL_kDHr,
1145 SSL_aDH,
1146 SSL_AES128,
1147 SSL_SHA256,
1148 SSL_TLSV1_2,
1149 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1150 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1151 128,
1152 128,
1153 },
1154
1155 /* Cipher 40 */
1156 {
1157 1,
1158 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
1159 TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
1160 SSL_kEDH,
1161 SSL_aDSS,
1162 SSL_AES128,
1163 SSL_SHA256,
1164 SSL_TLSV1_2,
1165 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1166 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1167 128,
1168 128,
1169 },
1170
1171#ifndef OPENSSL_NO_CAMELLIA
1172 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
1173
1174 /* Cipher 41 */
1175 {
1176 1,
1177 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
1178 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
1179 SSL_kRSA,
1180 SSL_aRSA,
1181 SSL_CAMELLIA128,
1182 SSL_SHA1,
1183 SSL_TLSV1,
1184 SSL_NOT_EXP|SSL_HIGH,
1185 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1186 128,
1187 128,
1188 },
1189
1190 /* Cipher 42 */
1191 {
1192 0, /* not implemented (non-ephemeral DH) */
1193 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1194 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
1195 SSL_kDHd,
1196 SSL_aDH,
1197 SSL_CAMELLIA128,
1198 SSL_SHA1,
1199 SSL_TLSV1,
1200 SSL_NOT_EXP|SSL_HIGH,
1201 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1202 128,
1203 128,
1204 },
1205
1206 /* Cipher 43 */
1207 {
1208 0, /* not implemented (non-ephemeral DH) */
1209 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1210 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
1211 SSL_kDHr,
1212 SSL_aDH,
1213 SSL_CAMELLIA128,
1214 SSL_SHA1,
1215 SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_HIGH,
1217 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 128,
1219 128,
1220 },
1221
1222 /* Cipher 44 */
1223 {
1224 1,
1225 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1226 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
1227 SSL_kEDH,
1228 SSL_aDSS,
1229 SSL_CAMELLIA128,
1230 SSL_SHA1,
1231 SSL_TLSV1,
1232 SSL_NOT_EXP|SSL_HIGH,
1233 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1234 128,
1235 128,
1236 },
1237
1238 /* Cipher 45 */
1239 {
1240 1,
1241 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1242 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
1243 SSL_kEDH,
1244 SSL_aRSA,
1245 SSL_CAMELLIA128,
1246 SSL_SHA1,
1247 SSL_TLSV1,
1248 SSL_NOT_EXP|SSL_HIGH,
1249 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1250 128,
1251 128,
1252 },
1253
1254 /* Cipher 46 */
1255 {
1256 1,
1257 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
1258 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
1259 SSL_kEDH,
1260 SSL_aNULL,
1261 SSL_CAMELLIA128,
1262 SSL_SHA1,
1263 SSL_TLSV1,
1264 SSL_NOT_EXP|SSL_HIGH,
1265 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1266 128,
1267 128,
1268 },
1269#endif /* OPENSSL_NO_CAMELLIA */
1270
1271#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
1272 /* New TLS Export CipherSuites from expired ID */
1273#if 0
1274 /* Cipher 60 */
1275 {
1276 1,
1277 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
1278 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
1279 SSL_kRSA,
1280 SSL_aRSA,
1281 SSL_RC4,
1282 SSL_MD5,
1283 SSL_TLSV1,
1284 SSL_EXPORT|SSL_EXP56,
1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1286 56,
1287 128,
1288 },
1289
1290 /* Cipher 61 */
1291 {
1292 1,
1293 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1294 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1295 SSL_kRSA,
1296 SSL_aRSA,
1297 SSL_RC2,
1298 SSL_MD5,
1299 SSL_TLSV1,
1300 SSL_EXPORT|SSL_EXP56,
1301 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1302 56,
1303 128,
1304 },
1305#endif
1306
1307 /* Cipher 62 */
1308 {
1309 1,
1310 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1311 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1312 SSL_kRSA,
1313 SSL_aRSA,
1314 SSL_DES,
1315 SSL_SHA1,
1316 SSL_TLSV1,
1317 SSL_EXPORT|SSL_EXP56,
1318 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1319 56,
1320 56,
1321 },
1322
1323 /* Cipher 63 */
1324 {
1325 1,
1326 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1327 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1328 SSL_kEDH,
1329 SSL_aDSS,
1330 SSL_DES,
1331 SSL_SHA1,
1332 SSL_TLSV1,
1333 SSL_EXPORT|SSL_EXP56,
1334 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1335 56,
1336 56,
1337 },
1338
1339 /* Cipher 64 */
1340 {
1341 1,
1342 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1343 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1344 SSL_kRSA,
1345 SSL_aRSA,
1346 SSL_RC4,
1347 SSL_SHA1,
1348 SSL_TLSV1,
1349 SSL_EXPORT|SSL_EXP56,
1350 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 56,
1352 128,
1353 },
1354
1355 /* Cipher 65 */
1356 {
1357 1,
1358 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1359 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1360 SSL_kEDH,
1361 SSL_aDSS,
1362 SSL_RC4,
1363 SSL_SHA1,
1364 SSL_TLSV1,
1365 SSL_EXPORT|SSL_EXP56,
1366 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1367 56,
1368 128,
1369 },
1370
1371 /* Cipher 66 */
1372 {
1373 1,
1374 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1375 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1376 SSL_kEDH,
1377 SSL_aDSS,
1378 SSL_RC4,
1379 SSL_SHA1,
1380 SSL_TLSV1,
1381 SSL_NOT_EXP|SSL_MEDIUM,
1382 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1383 128,
1384 128,
1385 },
1386#endif
1387
1388 /* TLS v1.2 ciphersuites */
1389 /* Cipher 67 */
1390 {
1391 1,
1392 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
1393 TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
1394 SSL_kEDH,
1395 SSL_aRSA,
1396 SSL_AES128,
1397 SSL_SHA256,
1398 SSL_TLSV1_2,
1399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1401 128,
1402 128,
1403 },
1404
1405 /* Cipher 68 */
1406 {
1407 0, /* not implemented (non-ephemeral DH) */
1408 TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
1409 TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
1410 SSL_kDHr,
1411 SSL_aDH,
1412 SSL_AES256,
1413 SSL_SHA256,
1414 SSL_TLSV1_2,
1415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1417 256,
1418 256,
1419 },
1420
1421 /* Cipher 69 */
1422 {
1423 0, /* not implemented (non-ephemeral DH) */
1424 TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
1425 TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
1426 SSL_kDHr,
1427 SSL_aDH,
1428 SSL_AES256,
1429 SSL_SHA256,
1430 SSL_TLSV1_2,
1431 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1432 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1433 256,
1434 256,
1435 },
1436
1437 /* Cipher 6A */
1438 {
1439 1,
1440 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
1441 TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
1442 SSL_kEDH,
1443 SSL_aDSS,
1444 SSL_AES256,
1445 SSL_SHA256,
1446 SSL_TLSV1_2,
1447 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1448 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 256,
1450 256,
1451 },
1452
1453 /* Cipher 6B */
1454 {
1455 1,
1456 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
1457 TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
1458 SSL_kEDH,
1459 SSL_aRSA,
1460 SSL_AES256,
1461 SSL_SHA256,
1462 SSL_TLSV1_2,
1463 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1464 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1465 256,
1466 256,
1467 },
1468
1469 /* Cipher 6C */
1470 {
1471 1,
1472 TLS1_TXT_ADH_WITH_AES_128_SHA256,
1473 TLS1_CK_ADH_WITH_AES_128_SHA256,
1474 SSL_kEDH,
1475 SSL_aNULL,
1476 SSL_AES128,
1477 SSL_SHA256,
1478 SSL_TLSV1_2,
1479 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1480 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1481 128,
1482 128,
1483 },
1484
1485 /* Cipher 6D */
1486 {
1487 1,
1488 TLS1_TXT_ADH_WITH_AES_256_SHA256,
1489 TLS1_CK_ADH_WITH_AES_256_SHA256,
1490 SSL_kEDH,
1491 SSL_aNULL,
1492 SSL_AES256,
1493 SSL_SHA256,
1494 SSL_TLSV1_2,
1495 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1496 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1497 256,
1498 256,
1499 },
1500
1501 /* GOST Ciphersuites */
1502
1503 {
1504 1,
1505 "GOST94-GOST89-GOST89",
1506 0x3000080,
1507 SSL_kGOST,
1508 SSL_aGOST94,
1509 SSL_eGOST2814789CNT,
1510 SSL_GOST89MAC,
1511 SSL_TLSV1,
1512 SSL_NOT_EXP|SSL_HIGH,
1513 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1514 256,
1515 256
1516 },
1517 {
1518 1,
1519 "GOST2001-GOST89-GOST89",
1520 0x3000081,
1521 SSL_kGOST,
1522 SSL_aGOST01,
1523 SSL_eGOST2814789CNT,
1524 SSL_GOST89MAC,
1525 SSL_TLSV1,
1526 SSL_NOT_EXP|SSL_HIGH,
1527 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1528 256,
1529 256
1530 },
1531 {
1532 1,
1533 "GOST94-NULL-GOST94",
1534 0x3000082,
1535 SSL_kGOST,
1536 SSL_aGOST94,
1537 SSL_eNULL,
1538 SSL_GOST94,
1539 SSL_TLSV1,
1540 SSL_NOT_EXP|SSL_STRONG_NONE,
1541 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1542 0,
1543 0
1544 },
1545 {
1546 1,
1547 "GOST2001-NULL-GOST94",
1548 0x3000083,
1549 SSL_kGOST,
1550 SSL_aGOST01,
1551 SSL_eNULL,
1552 SSL_GOST94,
1553 SSL_TLSV1,
1554 SSL_NOT_EXP|SSL_STRONG_NONE,
1555 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1556 0,
1557 0
1558 },
1559
1560#ifndef OPENSSL_NO_CAMELLIA
1561 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
1562
1563 /* Cipher 84 */
1564 {
1565 1,
1566 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1567 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1568 SSL_kRSA,
1569 SSL_aRSA,
1570 SSL_CAMELLIA256,
1571 SSL_SHA1,
1572 SSL_TLSV1,
1573 SSL_NOT_EXP|SSL_HIGH,
1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 256,
1576 256,
1577 },
1578 /* Cipher 85 */
1579 {
1580 0, /* not implemented (non-ephemeral DH) */
1581 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1582 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1583 SSL_kDHd,
1584 SSL_aDH,
1585 SSL_CAMELLIA256,
1586 SSL_SHA1,
1587 SSL_TLSV1,
1588 SSL_NOT_EXP|SSL_HIGH,
1589 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1590 256,
1591 256,
1592 },
1593
1594 /* Cipher 86 */
1595 {
1596 0, /* not implemented (non-ephemeral DH) */
1597 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1598 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1599 SSL_kDHr,
1600 SSL_aDH,
1601 SSL_CAMELLIA256,
1602 SSL_SHA1,
1603 SSL_TLSV1,
1604 SSL_NOT_EXP|SSL_HIGH,
1605 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1606 256,
1607 256,
1608 },
1609
1610 /* Cipher 87 */
1611 {
1612 1,
1613 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1614 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1615 SSL_kEDH,
1616 SSL_aDSS,
1617 SSL_CAMELLIA256,
1618 SSL_SHA1,
1619 SSL_TLSV1,
1620 SSL_NOT_EXP|SSL_HIGH,
1621 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1622 256,
1623 256,
1624 },
1625
1626 /* Cipher 88 */
1627 {
1628 1,
1629 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1630 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1631 SSL_kEDH,
1632 SSL_aRSA,
1633 SSL_CAMELLIA256,
1634 SSL_SHA1,
1635 SSL_TLSV1,
1636 SSL_NOT_EXP|SSL_HIGH,
1637 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1638 256,
1639 256,
1640 },
1641
1642 /* Cipher 89 */
1643 {
1644 1,
1645 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1646 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1647 SSL_kEDH,
1648 SSL_aNULL,
1649 SSL_CAMELLIA256,
1650 SSL_SHA1,
1651 SSL_TLSV1,
1652 SSL_NOT_EXP|SSL_HIGH,
1653 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1654 256,
1655 256,
1656 },
1657#endif /* OPENSSL_NO_CAMELLIA */
1658
1659#ifndef OPENSSL_NO_PSK
1660 /* Cipher 8A */
1661 {
1662 1,
1663 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1664 TLS1_CK_PSK_WITH_RC4_128_SHA,
1665 SSL_kPSK,
1666 SSL_aPSK,
1667 SSL_RC4,
1668 SSL_SHA1,
1669 SSL_TLSV1,
1670 SSL_NOT_EXP|SSL_MEDIUM,
1671 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1672 128,
1673 128,
1674 },
1675
1676 /* Cipher 8B */
1677 {
1678 1,
1679 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1680 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1681 SSL_kPSK,
1682 SSL_aPSK,
1683 SSL_3DES,
1684 SSL_SHA1,
1685 SSL_TLSV1,
1686 SSL_NOT_EXP|SSL_HIGH,
1687 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1688 168,
1689 168,
1690 },
1691
1692 /* Cipher 8C */
1693 {
1694 1,
1695 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1696 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1697 SSL_kPSK,
1698 SSL_aPSK,
1699 SSL_AES128,
1700 SSL_SHA1,
1701 SSL_TLSV1,
1702 SSL_NOT_EXP|SSL_HIGH,
1703 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1704 128,
1705 128,
1706 },
1707
1708 /* Cipher 8D */
1709 {
1710 1,
1711 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1712 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1713 SSL_kPSK,
1714 SSL_aPSK,
1715 SSL_AES256,
1716 SSL_SHA1,
1717 SSL_TLSV1,
1718 SSL_NOT_EXP|SSL_HIGH,
1719 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1720 256,
1721 256,
1722 },
1723#endif /* OPENSSL_NO_PSK */
1724
1725#ifndef OPENSSL_NO_SEED
1726 /* SEED ciphersuites from RFC4162 */
1727
1728 /* Cipher 96 */
1729 {
1730 1,
1731 TLS1_TXT_RSA_WITH_SEED_SHA,
1732 TLS1_CK_RSA_WITH_SEED_SHA,
1733 SSL_kRSA,
1734 SSL_aRSA,
1735 SSL_SEED,
1736 SSL_SHA1,
1737 SSL_TLSV1,
1738 SSL_NOT_EXP|SSL_MEDIUM,
1739 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1740 128,
1741 128,
1742 },
1743
1744 /* Cipher 97 */
1745 {
1746 0, /* not implemented (non-ephemeral DH) */
1747 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1748 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1749 SSL_kDHd,
1750 SSL_aDH,
1751 SSL_SEED,
1752 SSL_SHA1,
1753 SSL_TLSV1,
1754 SSL_NOT_EXP|SSL_MEDIUM,
1755 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1756 128,
1757 128,
1758 },
1759
1760 /* Cipher 98 */
1761 {
1762 0, /* not implemented (non-ephemeral DH) */
1763 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1764 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1765 SSL_kDHr,
1766 SSL_aDH,
1767 SSL_SEED,
1768 SSL_SHA1,
1769 SSL_TLSV1,
1770 SSL_NOT_EXP|SSL_MEDIUM,
1771 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1772 128,
1773 128,
1774 },
1775
1776 /* Cipher 99 */
1777 {
1778 1,
1779 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1780 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1781 SSL_kEDH,
1782 SSL_aDSS,
1783 SSL_SEED,
1784 SSL_SHA1,
1785 SSL_TLSV1,
1786 SSL_NOT_EXP|SSL_MEDIUM,
1787 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1788 128,
1789 128,
1790 },
1791
1792 /* Cipher 9A */
1793 {
1794 1,
1795 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1796 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1797 SSL_kEDH,
1798 SSL_aRSA,
1799 SSL_SEED,
1800 SSL_SHA1,
1801 SSL_TLSV1,
1802 SSL_NOT_EXP|SSL_MEDIUM,
1803 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1804 128,
1805 128,
1806 },
1807
1808 /* Cipher 9B */
1809 {
1810 1,
1811 TLS1_TXT_ADH_WITH_SEED_SHA,
1812 TLS1_CK_ADH_WITH_SEED_SHA,
1813 SSL_kEDH,
1814 SSL_aNULL,
1815 SSL_SEED,
1816 SSL_SHA1,
1817 SSL_TLSV1,
1818 SSL_NOT_EXP|SSL_MEDIUM,
1819 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1820 128,
1821 128,
1822 },
1823
1824#endif /* OPENSSL_NO_SEED */
1825
1826 /* GCM ciphersuites from RFC5288 */
1827
1828 /* Cipher 9C */
1829 {
1830 1,
1831 TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
1832 TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
1833 SSL_kRSA,
1834 SSL_aRSA,
1835 SSL_AES128GCM,
1836 SSL_AEAD,
1837 SSL_TLSV1_2,
1838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1839 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1840 128,
1841 128,
1842 },
1843
1844 /* Cipher 9D */
1845 {
1846 1,
1847 TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
1848 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
1849 SSL_kRSA,
1850 SSL_aRSA,
1851 SSL_AES256GCM,
1852 SSL_AEAD,
1853 SSL_TLSV1_2,
1854 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1855 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1856 256,
1857 256,
1858 },
1859
1860 /* Cipher 9E */
1861 {
1862 1,
1863 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
1864 TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
1865 SSL_kEDH,
1866 SSL_aRSA,
1867 SSL_AES128GCM,
1868 SSL_AEAD,
1869 SSL_TLSV1_2,
1870 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1871 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1872 128,
1873 128,
1874 },
1875
1876 /* Cipher 9F */
1877 {
1878 1,
1879 TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
1880 TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
1881 SSL_kEDH,
1882 SSL_aRSA,
1883 SSL_AES256GCM,
1884 SSL_AEAD,
1885 SSL_TLSV1_2,
1886 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1887 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1888 256,
1889 256,
1890 },
1891
1892 /* Cipher A0 */
1893 {
1894 0,
1895 TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
1896 TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
1897 SSL_kDHr,
1898 SSL_aDH,
1899 SSL_AES128GCM,
1900 SSL_AEAD,
1901 SSL_TLSV1_2,
1902 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1903 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1904 128,
1905 128,
1906 },
1907
1908 /* Cipher A1 */
1909 {
1910 0,
1911 TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
1912 TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
1913 SSL_kDHr,
1914 SSL_aDH,
1915 SSL_AES256GCM,
1916 SSL_AEAD,
1917 SSL_TLSV1_2,
1918 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1919 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1920 256,
1921 256,
1922 },
1923
1924 /* Cipher A2 */
1925 {
1926 1,
1927 TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
1928 TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
1929 SSL_kEDH,
1930 SSL_aDSS,
1931 SSL_AES128GCM,
1932 SSL_AEAD,
1933 SSL_TLSV1_2,
1934 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1935 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1936 128,
1937 128,
1938 },
1939
1940 /* Cipher A3 */
1941 {
1942 1,
1943 TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
1944 TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
1945 SSL_kEDH,
1946 SSL_aDSS,
1947 SSL_AES256GCM,
1948 SSL_AEAD,
1949 SSL_TLSV1_2,
1950 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1951 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1952 256,
1953 256,
1954 },
1955
1956 /* Cipher A4 */
1957 {
1958 0,
1959 TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
1960 TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
1961 SSL_kDHr,
1962 SSL_aDH,
1963 SSL_AES128GCM,
1964 SSL_AEAD,
1965 SSL_TLSV1_2,
1966 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1967 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1968 128,
1969 128,
1970 },
1971
1972 /* Cipher A5 */
1973 {
1974 0,
1975 TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
1976 TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
1977 SSL_kDHr,
1978 SSL_aDH,
1979 SSL_AES256GCM,
1980 SSL_AEAD,
1981 SSL_TLSV1_2,
1982 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1983 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1984 256,
1985 256,
1986 },
1987
1988 /* Cipher A6 */
1989 {
1990 1,
1991 TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
1992 TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
1993 SSL_kEDH,
1994 SSL_aNULL,
1995 SSL_AES128GCM,
1996 SSL_AEAD,
1997 SSL_TLSV1_2,
1998 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
1999 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2000 128,
2001 128,
2002 },
2003
2004 /* Cipher A7 */
2005 {
2006 1,
2007 TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
2008 TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
2009 SSL_kEDH,
2010 SSL_aNULL,
2011 SSL_AES256GCM,
2012 SSL_AEAD,
2013 SSL_TLSV1_2,
2014 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2015 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2016 256,
2017 256,
2018 },
2019
2020#ifndef OPENSSL_NO_ECDH
2021 /* Cipher C001 */
2022 {
2023 1,
2024 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
2025 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
2026 SSL_kECDHe,
2027 SSL_aECDH,
2028 SSL_eNULL,
2029 SSL_SHA1,
2030 SSL_TLSV1,
2031 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2032 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2033 0,
2034 0,
2035 },
2036
2037 /* Cipher C002 */
2038 {
2039 1,
2040 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
2041 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
2042 SSL_kECDHe,
2043 SSL_aECDH,
2044 SSL_RC4,
2045 SSL_SHA1,
2046 SSL_TLSV1,
2047 SSL_NOT_EXP|SSL_MEDIUM,
2048 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2049 128,
2050 128,
2051 },
2052
2053 /* Cipher C003 */
2054 {
2055 1,
2056 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2057 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
2058 SSL_kECDHe,
2059 SSL_aECDH,
2060 SSL_3DES,
2061 SSL_SHA1,
2062 SSL_TLSV1,
2063 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2064 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2065 168,
2066 168,
2067 },
2068
2069 /* Cipher C004 */
2070 {
2071 1,
2072 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2073 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
2074 SSL_kECDHe,
2075 SSL_aECDH,
2076 SSL_AES128,
2077 SSL_SHA1,
2078 SSL_TLSV1,
2079 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2080 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2081 128,
2082 128,
2083 },
2084
2085 /* Cipher C005 */
2086 {
2087 1,
2088 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2089 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
2090 SSL_kECDHe,
2091 SSL_aECDH,
2092 SSL_AES256,
2093 SSL_SHA1,
2094 SSL_TLSV1,
2095 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2096 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2097 256,
2098 256,
2099 },
2100
2101 /* Cipher C006 */
2102 {
2103 1,
2104 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
2105 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
2106 SSL_kEECDH,
2107 SSL_aECDSA,
2108 SSL_eNULL,
2109 SSL_SHA1,
2110 SSL_TLSV1,
2111 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2112 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2113 0,
2114 0,
2115 },
2116
2117 /* Cipher C007 */
2118 {
2119 1,
2120 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
2121 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
2122 SSL_kEECDH,
2123 SSL_aECDSA,
2124 SSL_RC4,
2125 SSL_SHA1,
2126 SSL_TLSV1,
2127 SSL_NOT_EXP|SSL_MEDIUM,
2128 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2129 128,
2130 128,
2131 },
2132
2133 /* Cipher C008 */
2134 {
2135 1,
2136 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2137 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
2138 SSL_kEECDH,
2139 SSL_aECDSA,
2140 SSL_3DES,
2141 SSL_SHA1,
2142 SSL_TLSV1,
2143 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2144 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2145 168,
2146 168,
2147 },
2148
2149 /* Cipher C009 */
2150 {
2151 1,
2152 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2153 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
2154 SSL_kEECDH,
2155 SSL_aECDSA,
2156 SSL_AES128,
2157 SSL_SHA1,
2158 SSL_TLSV1,
2159 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2160 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2161 128,
2162 128,
2163 },
2164
2165 /* Cipher C00A */
2166 {
2167 1,
2168 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2169 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
2170 SSL_kEECDH,
2171 SSL_aECDSA,
2172 SSL_AES256,
2173 SSL_SHA1,
2174 SSL_TLSV1,
2175 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2176 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2177 256,
2178 256,
2179 },
2180
2181 /* Cipher C00B */
2182 {
2183 1,
2184 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
2185 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
2186 SSL_kECDHr,
2187 SSL_aECDH,
2188 SSL_eNULL,
2189 SSL_SHA1,
2190 SSL_TLSV1,
2191 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2192 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2193 0,
2194 0,
2195 },
2196
2197 /* Cipher C00C */
2198 {
2199 1,
2200 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
2201 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
2202 SSL_kECDHr,
2203 SSL_aECDH,
2204 SSL_RC4,
2205 SSL_SHA1,
2206 SSL_TLSV1,
2207 SSL_NOT_EXP|SSL_MEDIUM,
2208 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2209 128,
2210 128,
2211 },
2212
2213 /* Cipher C00D */
2214 {
2215 1,
2216 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2217 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
2218 SSL_kECDHr,
2219 SSL_aECDH,
2220 SSL_3DES,
2221 SSL_SHA1,
2222 SSL_TLSV1,
2223 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2224 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2225 168,
2226 168,
2227 },
2228
2229 /* Cipher C00E */
2230 {
2231 1,
2232 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
2233 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
2234 SSL_kECDHr,
2235 SSL_aECDH,
2236 SSL_AES128,
2237 SSL_SHA1,
2238 SSL_TLSV1,
2239 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2240 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2241 128,
2242 128,
2243 },
2244
2245 /* Cipher C00F */
2246 {
2247 1,
2248 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
2249 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
2250 SSL_kECDHr,
2251 SSL_aECDH,
2252 SSL_AES256,
2253 SSL_SHA1,
2254 SSL_TLSV1,
2255 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2256 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2257 256,
2258 256,
2259 },
2260
2261 /* Cipher C010 */
2262 {
2263 1,
2264 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
2265 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
2266 SSL_kEECDH,
2267 SSL_aRSA,
2268 SSL_eNULL,
2269 SSL_SHA1,
2270 SSL_TLSV1,
2271 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2272 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2273 0,
2274 0,
2275 },
2276
2277 /* Cipher C011 */
2278 {
2279 1,
2280 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
2281 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
2282 SSL_kEECDH,
2283 SSL_aRSA,
2284 SSL_RC4,
2285 SSL_SHA1,
2286 SSL_TLSV1,
2287 SSL_NOT_EXP|SSL_MEDIUM,
2288 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2289 128,
2290 128,
2291 },
2292
2293 /* Cipher C012 */
2294 {
2295 1,
2296 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2297 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
2298 SSL_kEECDH,
2299 SSL_aRSA,
2300 SSL_3DES,
2301 SSL_SHA1,
2302 SSL_TLSV1,
2303 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2304 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2305 168,
2306 168,
2307 },
2308
2309 /* Cipher C013 */
2310 {
2311 1,
2312 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2313 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
2314 SSL_kEECDH,
2315 SSL_aRSA,
2316 SSL_AES128,
2317 SSL_SHA1,
2318 SSL_TLSV1,
2319 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2320 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2321 128,
2322 128,
2323 },
2324
2325 /* Cipher C014 */
2326 {
2327 1,
2328 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2329 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
2330 SSL_kEECDH,
2331 SSL_aRSA,
2332 SSL_AES256,
2333 SSL_SHA1,
2334 SSL_TLSV1,
2335 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2336 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2337 256,
2338 256,
2339 },
2340
2341 /* Cipher C015 */
2342 {
2343 1,
2344 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
2345 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
2346 SSL_kEECDH,
2347 SSL_aNULL,
2348 SSL_eNULL,
2349 SSL_SHA1,
2350 SSL_TLSV1,
2351 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
2352 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2353 0,
2354 0,
2355 },
2356
2357 /* Cipher C016 */
2358 {
2359 1,
2360 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
2361 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
2362 SSL_kEECDH,
2363 SSL_aNULL,
2364 SSL_RC4,
2365 SSL_SHA1,
2366 SSL_TLSV1,
2367 SSL_NOT_EXP|SSL_MEDIUM,
2368 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2369 128,
2370 128,
2371 },
2372
2373 /* Cipher C017 */
2374 {
2375 1,
2376 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
2377 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
2378 SSL_kEECDH,
2379 SSL_aNULL,
2380 SSL_3DES,
2381 SSL_SHA1,
2382 SSL_TLSV1,
2383 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2384 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2385 168,
2386 168,
2387 },
2388
2389 /* Cipher C018 */
2390 {
2391 1,
2392 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
2393 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
2394 SSL_kEECDH,
2395 SSL_aNULL,
2396 SSL_AES128,
2397 SSL_SHA1,
2398 SSL_TLSV1,
2399 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2400 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2401 128,
2402 128,
2403 },
2404
2405 /* Cipher C019 */
2406 {
2407 1,
2408 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
2409 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
2410 SSL_kEECDH,
2411 SSL_aNULL,
2412 SSL_AES256,
2413 SSL_SHA1,
2414 SSL_TLSV1,
2415 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2416 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2417 256,
2418 256,
2419 },
2420#endif /* OPENSSL_NO_ECDH */
2421
2422#ifndef OPENSSL_NO_SRP
2423 /* Cipher C01A */
2424 {
2425 1,
2426 TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2427 TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
2428 SSL_kSRP,
2429 SSL_aNULL,
2430 SSL_3DES,
2431 SSL_SHA1,
2432 SSL_TLSV1,
2433 SSL_NOT_EXP|SSL_HIGH,
2434 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2435 168,
2436 168,
2437 },
2438
2439 /* Cipher C01B */
2440 {
2441 1,
2442 TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2443 TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
2444 SSL_kSRP,
2445 SSL_aRSA,
2446 SSL_3DES,
2447 SSL_SHA1,
2448 SSL_TLSV1,
2449 SSL_NOT_EXP|SSL_HIGH,
2450 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2451 168,
2452 168,
2453 },
2454
2455 /* Cipher C01C */
2456 {
2457 1,
2458 TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2459 TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
2460 SSL_kSRP,
2461 SSL_aDSS,
2462 SSL_3DES,
2463 SSL_SHA1,
2464 SSL_TLSV1,
2465 SSL_NOT_EXP|SSL_HIGH,
2466 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2467 168,
2468 168,
2469 },
2470
2471 /* Cipher C01D */
2472 {
2473 1,
2474 TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
2475 TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
2476 SSL_kSRP,
2477 SSL_aNULL,
2478 SSL_AES128,
2479 SSL_SHA1,
2480 SSL_TLSV1,
2481 SSL_NOT_EXP|SSL_HIGH,
2482 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2483 128,
2484 128,
2485 },
2486
2487 /* Cipher C01E */
2488 {
2489 1,
2490 TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2491 TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
2492 SSL_kSRP,
2493 SSL_aRSA,
2494 SSL_AES128,
2495 SSL_SHA1,
2496 SSL_TLSV1,
2497 SSL_NOT_EXP|SSL_HIGH,
2498 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2499 128,
2500 128,
2501 },
2502
2503 /* Cipher C01F */
2504 {
2505 1,
2506 TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2507 TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
2508 SSL_kSRP,
2509 SSL_aDSS,
2510 SSL_AES128,
2511 SSL_SHA1,
2512 SSL_TLSV1,
2513 SSL_NOT_EXP|SSL_HIGH,
2514 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2515 128,
2516 128,
2517 },
2518
2519 /* Cipher C020 */
2520 {
2521 1,
2522 TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
2523 TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
2524 SSL_kSRP,
2525 SSL_aNULL,
2526 SSL_AES256,
2527 SSL_SHA1,
2528 SSL_TLSV1,
2529 SSL_NOT_EXP|SSL_HIGH,
2530 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2531 256,
2532 256,
2533 },
2534
2535 /* Cipher C021 */
2536 {
2537 1,
2538 TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2539 TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
2540 SSL_kSRP,
2541 SSL_aRSA,
2542 SSL_AES256,
2543 SSL_SHA1,
2544 SSL_TLSV1,
2545 SSL_NOT_EXP|SSL_HIGH,
2546 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2547 256,
2548 256,
2549 },
2550
2551 /* Cipher C022 */
2552 {
2553 1,
2554 TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2555 TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
2556 SSL_kSRP,
2557 SSL_aDSS,
2558 SSL_AES256,
2559 SSL_SHA1,
2560 SSL_TLSV1,
2561 SSL_NOT_EXP|SSL_HIGH,
2562 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2563 256,
2564 256,
2565 },
2566#endif /* OPENSSL_NO_SRP */
2567#ifndef OPENSSL_NO_ECDH
2568
2569 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
2570
2571 /* Cipher C023 */
2572 {
2573 1,
2574 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
2575 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
2576 SSL_kEECDH,
2577 SSL_aECDSA,
2578 SSL_AES128,
2579 SSL_SHA256,
2580 SSL_TLSV1_2,
2581 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2582 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2583 128,
2584 128,
2585 },
2586
2587 /* Cipher C024 */
2588 {
2589 1,
2590 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
2591 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
2592 SSL_kEECDH,
2593 SSL_aECDSA,
2594 SSL_AES256,
2595 SSL_SHA384,
2596 SSL_TLSV1_2,
2597 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2598 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2599 256,
2600 256,
2601 },
2602
2603 /* Cipher C025 */
2604 {
2605 1,
2606 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
2607 TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
2608 SSL_kECDHe,
2609 SSL_aECDH,
2610 SSL_AES128,
2611 SSL_SHA256,
2612 SSL_TLSV1_2,
2613 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2614 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2615 128,
2616 128,
2617 },
2618
2619 /* Cipher C026 */
2620 {
2621 1,
2622 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
2623 TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
2624 SSL_kECDHe,
2625 SSL_aECDH,
2626 SSL_AES256,
2627 SSL_SHA384,
2628 SSL_TLSV1_2,
2629 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2630 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2631 256,
2632 256,
2633 },
2634
2635 /* Cipher C027 */
2636 {
2637 1,
2638 TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
2639 TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
2640 SSL_kEECDH,
2641 SSL_aRSA,
2642 SSL_AES128,
2643 SSL_SHA256,
2644 SSL_TLSV1_2,
2645 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2646 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2647 128,
2648 128,
2649 },
2650
2651 /* Cipher C028 */
2652 {
2653 1,
2654 TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
2655 TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
2656 SSL_kEECDH,
2657 SSL_aRSA,
2658 SSL_AES256,
2659 SSL_SHA384,
2660 SSL_TLSV1_2,
2661 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2662 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2663 256,
2664 256,
2665 },
2666
2667 /* Cipher C029 */
2668 {
2669 1,
2670 TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
2671 TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
2672 SSL_kECDHe,
2673 SSL_aECDH,
2674 SSL_AES128,
2675 SSL_SHA256,
2676 SSL_TLSV1_2,
2677 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2678 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2679 128,
2680 128,
2681 },
2682
2683 /* Cipher C02A */
2684 {
2685 1,
2686 TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
2687 TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
2688 SSL_kECDHe,
2689 SSL_aECDH,
2690 SSL_AES256,
2691 SSL_SHA384,
2692 SSL_TLSV1_2,
2693 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2694 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2695 256,
2696 256,
2697 },
2698
2699 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
2700
2701 /* Cipher C02B */
2702 {
2703 1,
2704 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2705 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
2706 SSL_kEECDH,
2707 SSL_aECDSA,
2708 SSL_AES128GCM,
2709 SSL_AEAD,
2710 SSL_TLSV1_2,
2711 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2712 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2713 128,
2714 128,
2715 },
2716
2717 /* Cipher C02C */
2718 {
2719 1,
2720 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2721 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
2722 SSL_kEECDH,
2723 SSL_aECDSA,
2724 SSL_AES256GCM,
2725 SSL_AEAD,
2726 SSL_TLSV1_2,
2727 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2728 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2729 256,
2730 256,
2731 },
2732
2733 /* Cipher C02D */
2734 {
2735 1,
2736 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2737 TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
2738 SSL_kECDHe,
2739 SSL_aECDH,
2740 SSL_AES128GCM,
2741 SSL_AEAD,
2742 SSL_TLSV1_2,
2743 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2744 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2745 128,
2746 128,
2747 },
2748
2749 /* Cipher C02E */
2750 {
2751 1,
2752 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2753 TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
2754 SSL_kECDHe,
2755 SSL_aECDH,
2756 SSL_AES256GCM,
2757 SSL_AEAD,
2758 SSL_TLSV1_2,
2759 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2760 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2761 256,
2762 256,
2763 },
2764
2765 /* Cipher C02F */
2766 {
2767 1,
2768 TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2769 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
2770 SSL_kEECDH,
2771 SSL_aRSA,
2772 SSL_AES128GCM,
2773 SSL_AEAD,
2774 SSL_TLSV1_2,
2775 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2776 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2777 128,
2778 128,
2779 },
2780
2781 /* Cipher C030 */
2782 {
2783 1,
2784 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2785 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
2786 SSL_kEECDH,
2787 SSL_aRSA,
2788 SSL_AES256GCM,
2789 SSL_AEAD,
2790 SSL_TLSV1_2,
2791 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2792 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2793 256,
2794 256,
2795 },
2796
2797 /* Cipher C031 */
2798 {
2799 1,
2800 TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2801 TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
2802 SSL_kECDHe,
2803 SSL_aECDH,
2804 SSL_AES128GCM,
2805 SSL_AEAD,
2806 SSL_TLSV1_2,
2807 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2808 SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
2809 128,
2810 128,
2811 },
2812
2813 /* Cipher C032 */
2814 {
2815 1,
2816 TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2817 TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
2818 SSL_kECDHe,
2819 SSL_aECDH,
2820 SSL_AES256GCM,
2821 SSL_AEAD,
2822 SSL_TLSV1_2,
2823 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
2824 SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
2825 256,
2826 256,
2827 },
2828
2829#endif /* OPENSSL_NO_ECDH */
2830
2831
2832#ifdef TEMP_GOST_TLS
2833/* Cipher FF00 */
2834 {
2835 1,
2836 "GOST-MD5",
2837 0x0300ff00,
2838 SSL_kRSA,
2839 SSL_aRSA,
2840 SSL_eGOST2814789CNT,
2841 SSL_MD5,
2842 SSL_TLSV1,
2843 SSL_NOT_EXP|SSL_HIGH,
2844 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2845 256,
2846 256,
2847 },
2848 {
2849 1,
2850 "GOST-GOST94",
2851 0x0300ff01,
2852 SSL_kRSA,
2853 SSL_aRSA,
2854 SSL_eGOST2814789CNT,
2855 SSL_GOST94,
2856 SSL_TLSV1,
2857 SSL_NOT_EXP|SSL_HIGH,
2858 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2859 256,
2860 256
2861 },
2862 {
2863 1,
2864 "GOST-GOST89MAC",
2865 0x0300ff02,
2866 SSL_kRSA,
2867 SSL_aRSA,
2868 SSL_eGOST2814789CNT,
2869 SSL_GOST89MAC,
2870 SSL_TLSV1,
2871 SSL_NOT_EXP|SSL_HIGH,
2872 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2873 256,
2874 256
2875 },
2876 {
2877 1,
2878 "GOST-GOST89STREAM",
2879 0x0300ff03,
2880 SSL_kRSA,
2881 SSL_aRSA,
2882 SSL_eGOST2814789CNT,
2883 SSL_GOST89MAC,
2884 SSL_TLSV1,
2885 SSL_NOT_EXP|SSL_HIGH,
2886 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2887 256,
2888 256
2889 },
2890#endif
2891
2892/* end of list */
2893 };
2894
2895SSL3_ENC_METHOD SSLv3_enc_data={
2896 ssl3_enc,
2897 n_ssl3_mac,
2898 ssl3_setup_key_block,
2899 ssl3_generate_master_secret,
2900 ssl3_change_cipher_state,
2901 ssl3_final_finish_mac,
2902 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2903 ssl3_cert_verify_mac,
2904 SSL3_MD_CLIENT_FINISHED_CONST,4,
2905 SSL3_MD_SERVER_FINISHED_CONST,4,
2906 ssl3_alert_code,
2907 (int (*)(SSL *, unsigned char *, size_t, const char *,
2908 size_t, const unsigned char *, size_t,
2909 int use_context))ssl_undefined_function,
2910 };
2911
2912long ssl3_default_timeout(void)
2913 {
2914 /* 2 hours, the 24 hours mentioned in the SSLv3 spec
2915 * is way too long for http, the cache would over fill */
2916 return(60*60*2);
2917 }
2918
2919int ssl3_num_ciphers(void)
2920 {
2921 return(SSL3_NUM_CIPHERS);
2922 }
2923
2924const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
2925 {
2926 if (u < SSL3_NUM_CIPHERS)
2927 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
2928 else
2929 return(NULL);
2930 }
2931
2932int ssl3_pending(const SSL *s)
2933 {
2934 if (s->rstate == SSL_ST_READ_BODY)
2935 return 0;
2936
2937 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
2938 }
2939
2940int ssl3_new(SSL *s)
2941 {
2942 SSL3_STATE *s3;
2943
2944 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
2945 memset(s3,0,sizeof *s3);
2946 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
2947 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
2948
2949 s->s3=s3;
2950
2951#ifndef OPENSSL_NO_SRP
2952 SSL_SRP_CTX_init(s);
2953#endif
2954 s->method->ssl_clear(s);
2955 return(1);
2956err:
2957 return(0);
2958 }
2959
2960void ssl3_free(SSL *s)
2961 {
2962 if(s == NULL)
2963 return;
2964
2965#ifdef TLSEXT_TYPE_opaque_prf_input
2966 if (s->s3->client_opaque_prf_input != NULL)
2967 OPENSSL_free(s->s3->client_opaque_prf_input);
2968 if (s->s3->server_opaque_prf_input != NULL)
2969 OPENSSL_free(s->s3->server_opaque_prf_input);
2970#endif
2971
2972 ssl3_cleanup_key_block(s);
2973 if (s->s3->rbuf.buf != NULL)
2974 ssl3_release_read_buffer(s);
2975 if (s->s3->wbuf.buf != NULL)
2976 ssl3_release_write_buffer(s);
2977 if (s->s3->rrec.comp != NULL)
2978 OPENSSL_free(s->s3->rrec.comp);
2979#ifndef OPENSSL_NO_DH
2980 if (s->s3->tmp.dh != NULL)
2981 DH_free(s->s3->tmp.dh);
2982#endif
2983#ifndef OPENSSL_NO_ECDH
2984 if (s->s3->tmp.ecdh != NULL)
2985 EC_KEY_free(s->s3->tmp.ecdh);
2986#endif
2987
2988 if (s->s3->tmp.ca_names != NULL)
2989 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2990 if (s->s3->handshake_buffer) {
2991 BIO_free(s->s3->handshake_buffer);
2992 }
2993 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
2994#ifndef OPENSSL_NO_SRP
2995 SSL_SRP_CTX_free(s);
2996#endif
2997 OPENSSL_cleanse(s->s3,sizeof *s->s3);
2998 OPENSSL_free(s->s3);
2999 s->s3=NULL;
3000 }
3001
3002void ssl3_clear(SSL *s)
3003 {
3004 unsigned char *rp,*wp;
3005 size_t rlen, wlen;
3006 int init_extra;
3007
3008#ifdef TLSEXT_TYPE_opaque_prf_input
3009 if (s->s3->client_opaque_prf_input != NULL)
3010 OPENSSL_free(s->s3->client_opaque_prf_input);
3011 s->s3->client_opaque_prf_input = NULL;
3012 if (s->s3->server_opaque_prf_input != NULL)
3013 OPENSSL_free(s->s3->server_opaque_prf_input);
3014 s->s3->server_opaque_prf_input = NULL;
3015#endif
3016
3017 ssl3_cleanup_key_block(s);
3018 if (s->s3->tmp.ca_names != NULL)
3019 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
3020
3021 if (s->s3->rrec.comp != NULL)
3022 {
3023 OPENSSL_free(s->s3->rrec.comp);
3024 s->s3->rrec.comp=NULL;
3025 }
3026#ifndef OPENSSL_NO_DH
3027 if (s->s3->tmp.dh != NULL)
3028 {
3029 DH_free(s->s3->tmp.dh);
3030 s->s3->tmp.dh = NULL;
3031 }
3032#endif
3033#ifndef OPENSSL_NO_ECDH
3034 if (s->s3->tmp.ecdh != NULL)
3035 {
3036 EC_KEY_free(s->s3->tmp.ecdh);
3037 s->s3->tmp.ecdh = NULL;
3038 }
3039#endif
3040
3041 rp = s->s3->rbuf.buf;
3042 wp = s->s3->wbuf.buf;
3043 rlen = s->s3->rbuf.len;
3044 wlen = s->s3->wbuf.len;
3045 init_extra = s->s3->init_extra;
3046 if (s->s3->handshake_buffer) {
3047 BIO_free(s->s3->handshake_buffer);
3048 s->s3->handshake_buffer = NULL;
3049 }
3050 if (s->s3->handshake_dgst) {
3051 ssl3_free_digest_list(s);
3052 }
3053 memset(s->s3,0,sizeof *s->s3);
3054 s->s3->rbuf.buf = rp;
3055 s->s3->wbuf.buf = wp;
3056 s->s3->rbuf.len = rlen;
3057 s->s3->wbuf.len = wlen;
3058 s->s3->init_extra = init_extra;
3059
3060 ssl_free_wbio_buffer(s);
3061
3062 s->packet_length=0;
3063 s->s3->renegotiate=0;
3064 s->s3->total_renegotiations=0;
3065 s->s3->num_renegotiations=0;
3066 s->s3->in_read_app_data=0;
3067 s->version=SSL3_VERSION;
3068
3069#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
3070 if (s->next_proto_negotiated)
3071 {
3072 OPENSSL_free(s->next_proto_negotiated);
3073 s->next_proto_negotiated = NULL;
3074 s->next_proto_negotiated_len = 0;
3075 }
3076#endif
3077 }
3078
3079#ifndef OPENSSL_NO_SRP
3080static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
3081 {
3082 return BUF_strdup(s->srp_ctx.info) ;
3083 }
3084#endif
3085
3086long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
3087 {
3088 int ret=0;
3089
3090#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3091 if (
3092#ifndef OPENSSL_NO_RSA
3093 cmd == SSL_CTRL_SET_TMP_RSA ||
3094 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3095#endif
3096#ifndef OPENSSL_NO_DSA
3097 cmd == SSL_CTRL_SET_TMP_DH ||
3098 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3099#endif
3100 0)
3101 {
3102 if (!ssl_cert_inst(&s->cert))
3103 {
3104 SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
3105 return(0);
3106 }
3107 }
3108#endif
3109
3110 switch (cmd)
3111 {
3112 case SSL_CTRL_GET_SESSION_REUSED:
3113 ret=s->hit;
3114 break;
3115 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
3116 break;
3117 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
3118 ret=s->s3->num_renegotiations;
3119 break;
3120 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
3121 ret=s->s3->num_renegotiations;
3122 s->s3->num_renegotiations=0;
3123 break;
3124 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
3125 ret=s->s3->total_renegotiations;
3126 break;
3127 case SSL_CTRL_GET_FLAGS:
3128 ret=(int)(s->s3->flags);
3129 break;
3130#ifndef OPENSSL_NO_RSA
3131 case SSL_CTRL_NEED_TMP_RSA:
3132 if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
3133 ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3134 (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
3135 ret = 1;
3136 break;
3137 case SSL_CTRL_SET_TMP_RSA:
3138 {
3139 RSA *rsa = (RSA *)parg;
3140 if (rsa == NULL)
3141 {
3142 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3143 return(ret);
3144 }
3145 if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
3146 {
3147 SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
3148 return(ret);
3149 }
3150 if (s->cert->rsa_tmp != NULL)
3151 RSA_free(s->cert->rsa_tmp);
3152 s->cert->rsa_tmp = rsa;
3153 ret = 1;
3154 }
3155 break;
3156 case SSL_CTRL_SET_TMP_RSA_CB:
3157 {
3158 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3159 return(ret);
3160 }
3161 break;
3162#endif
3163#ifndef OPENSSL_NO_DH
3164 case SSL_CTRL_SET_TMP_DH:
3165 {
3166 DH *dh = (DH *)parg;
3167 if (dh == NULL)
3168 {
3169 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3170 return(ret);
3171 }
3172 if ((dh = DHparams_dup(dh)) == NULL)
3173 {
3174 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3175 return(ret);
3176 }
3177 if (!(s->options & SSL_OP_SINGLE_DH_USE))
3178 {
3179 if (!DH_generate_key(dh))
3180 {
3181 DH_free(dh);
3182 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
3183 return(ret);
3184 }
3185 }
3186 if (s->cert->dh_tmp != NULL)
3187 DH_free(s->cert->dh_tmp);
3188 s->cert->dh_tmp = dh;
3189 ret = 1;
3190 }
3191 break;
3192 case SSL_CTRL_SET_TMP_DH_CB:
3193 {
3194 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3195 return(ret);
3196 }
3197 break;
3198#endif
3199#ifndef OPENSSL_NO_ECDH
3200 case SSL_CTRL_SET_TMP_ECDH:
3201 {
3202 EC_KEY *ecdh = NULL;
3203
3204 if (parg == NULL)
3205 {
3206 SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
3207 return(ret);
3208 }
3209 if (!EC_KEY_up_ref((EC_KEY *)parg))
3210 {
3211 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3212 return(ret);
3213 }
3214 ecdh = (EC_KEY *)parg;
3215 if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
3216 {
3217 if (!EC_KEY_generate_key(ecdh))
3218 {
3219 EC_KEY_free(ecdh);
3220 SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
3221 return(ret);
3222 }
3223 }
3224 if (s->cert->ecdh_tmp != NULL)
3225 EC_KEY_free(s->cert->ecdh_tmp);
3226 s->cert->ecdh_tmp = ecdh;
3227 ret = 1;
3228 }
3229 break;
3230 case SSL_CTRL_SET_TMP_ECDH_CB:
3231 {
3232 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3233 return(ret);
3234 }
3235 break;
3236#endif /* !OPENSSL_NO_ECDH */
3237#ifndef OPENSSL_NO_TLSEXT
3238 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
3239 if (larg == TLSEXT_NAMETYPE_host_name)
3240 {
3241 if (s->tlsext_hostname != NULL)
3242 OPENSSL_free(s->tlsext_hostname);
3243 s->tlsext_hostname = NULL;
3244
3245 ret = 1;
3246 if (parg == NULL)
3247 break;
3248 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
3249 {
3250 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
3251 return 0;
3252 }
3253 if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
3254 {
3255 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
3256 return 0;
3257 }
3258 }
3259 else
3260 {
3261 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
3262 return 0;
3263 }
3264 break;
3265 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
3266 s->tlsext_debug_arg=parg;
3267 ret = 1;
3268 break;
3269
3270#ifdef TLSEXT_TYPE_opaque_prf_input
3271 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
3272 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
3273 * (including the cert chain and everything) */
3274 {
3275 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
3276 break;
3277 }
3278 if (s->tlsext_opaque_prf_input != NULL)
3279 OPENSSL_free(s->tlsext_opaque_prf_input);
3280 if ((size_t)larg == 0)
3281 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
3282 else
3283 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
3284 if (s->tlsext_opaque_prf_input != NULL)
3285 {
3286 s->tlsext_opaque_prf_input_len = (size_t)larg;
3287 ret = 1;
3288 }
3289 else
3290 s->tlsext_opaque_prf_input_len = 0;
3291 break;
3292#endif
3293
3294 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
3295 s->tlsext_status_type=larg;
3296 ret = 1;
3297 break;
3298
3299 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
3300 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
3301 ret = 1;
3302 break;
3303
3304 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
3305 s->tlsext_ocsp_exts = parg;
3306 ret = 1;
3307 break;
3308
3309 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
3310 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
3311 ret = 1;
3312 break;
3313
3314 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
3315 s->tlsext_ocsp_ids = parg;
3316 ret = 1;
3317 break;
3318
3319 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
3320 *(unsigned char **)parg = s->tlsext_ocsp_resp;
3321 return s->tlsext_ocsp_resplen;
3322
3323 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
3324 if (s->tlsext_ocsp_resp)
3325 OPENSSL_free(s->tlsext_ocsp_resp);
3326 s->tlsext_ocsp_resp = parg;
3327 s->tlsext_ocsp_resplen = larg;
3328 ret = 1;
3329 break;
3330
3331#ifndef OPENSSL_NO_HEARTBEATS
3332 case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
3333 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
3334 ret = dtls1_heartbeat(s);
3335 else
3336 ret = tls1_heartbeat(s);
3337 break;
3338
3339 case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
3340 ret = s->tlsext_hb_pending;
3341 break;
3342
3343 case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
3344 if (larg)
3345 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3346 else
3347 s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
3348 ret = 1;
3349 break;
3350#endif
3351
3352#endif /* !OPENSSL_NO_TLSEXT */
3353 default:
3354 break;
3355 }
3356 return(ret);
3357 }
3358
3359long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
3360 {
3361 int ret=0;
3362
3363#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
3364 if (
3365#ifndef OPENSSL_NO_RSA
3366 cmd == SSL_CTRL_SET_TMP_RSA_CB ||
3367#endif
3368#ifndef OPENSSL_NO_DSA
3369 cmd == SSL_CTRL_SET_TMP_DH_CB ||
3370#endif
3371 0)
3372 {
3373 if (!ssl_cert_inst(&s->cert))
3374 {
3375 SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
3376 return(0);
3377 }
3378 }
3379#endif
3380
3381 switch (cmd)
3382 {
3383#ifndef OPENSSL_NO_RSA
3384 case SSL_CTRL_SET_TMP_RSA_CB:
3385 {
3386 s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3387 }
3388 break;
3389#endif
3390#ifndef OPENSSL_NO_DH
3391 case SSL_CTRL_SET_TMP_DH_CB:
3392 {
3393 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3394 }
3395 break;
3396#endif
3397#ifndef OPENSSL_NO_ECDH
3398 case SSL_CTRL_SET_TMP_ECDH_CB:
3399 {
3400 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3401 }
3402 break;
3403#endif
3404#ifndef OPENSSL_NO_TLSEXT
3405 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
3406 s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
3407 unsigned char *, int, void *))fp;
3408 break;
3409#endif
3410 default:
3411 break;
3412 }
3413 return(ret);
3414 }
3415
3416long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
3417 {
3418 CERT *cert;
3419
3420 cert=ctx->cert;
3421
3422 switch (cmd)
3423 {
3424#ifndef OPENSSL_NO_RSA
3425 case SSL_CTRL_NEED_TMP_RSA:
3426 if ( (cert->rsa_tmp == NULL) &&
3427 ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
3428 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
3429 )
3430 return(1);
3431 else
3432 return(0);
3433 /* break; */
3434 case SSL_CTRL_SET_TMP_RSA:
3435 {
3436 RSA *rsa;
3437 int i;
3438
3439 rsa=(RSA *)parg;
3440 i=1;
3441 if (rsa == NULL)
3442 i=0;
3443 else
3444 {
3445 if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
3446 i=0;
3447 }
3448 if (!i)
3449 {
3450 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
3451 return(0);
3452 }
3453 else
3454 {
3455 if (cert->rsa_tmp != NULL)
3456 RSA_free(cert->rsa_tmp);
3457 cert->rsa_tmp=rsa;
3458 return(1);
3459 }
3460 }
3461 /* break; */
3462 case SSL_CTRL_SET_TMP_RSA_CB:
3463 {
3464 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3465 return(0);
3466 }
3467 break;
3468#endif
3469#ifndef OPENSSL_NO_DH
3470 case SSL_CTRL_SET_TMP_DH:
3471 {
3472 DH *new=NULL,*dh;
3473
3474 dh=(DH *)parg;
3475 if ((new=DHparams_dup(dh)) == NULL)
3476 {
3477 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3478 return 0;
3479 }
3480 if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
3481 {
3482 if (!DH_generate_key(new))
3483 {
3484 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
3485 DH_free(new);
3486 return 0;
3487 }
3488 }
3489 if (cert->dh_tmp != NULL)
3490 DH_free(cert->dh_tmp);
3491 cert->dh_tmp=new;
3492 return 1;
3493 }
3494 /*break; */
3495 case SSL_CTRL_SET_TMP_DH_CB:
3496 {
3497 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3498 return(0);
3499 }
3500 break;
3501#endif
3502#ifndef OPENSSL_NO_ECDH
3503 case SSL_CTRL_SET_TMP_ECDH:
3504 {
3505 EC_KEY *ecdh = NULL;
3506
3507 if (parg == NULL)
3508 {
3509 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3510 return 0;
3511 }
3512 ecdh = EC_KEY_dup((EC_KEY *)parg);
3513 if (ecdh == NULL)
3514 {
3515 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
3516 return 0;
3517 }
3518 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
3519 {
3520 if (!EC_KEY_generate_key(ecdh))
3521 {
3522 EC_KEY_free(ecdh);
3523 SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
3524 return 0;
3525 }
3526 }
3527
3528 if (cert->ecdh_tmp != NULL)
3529 {
3530 EC_KEY_free(cert->ecdh_tmp);
3531 }
3532 cert->ecdh_tmp = ecdh;
3533 return 1;
3534 }
3535 /* break; */
3536 case SSL_CTRL_SET_TMP_ECDH_CB:
3537 {
3538 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
3539 return(0);
3540 }
3541 break;
3542#endif /* !OPENSSL_NO_ECDH */
3543#ifndef OPENSSL_NO_TLSEXT
3544 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
3545 ctx->tlsext_servername_arg=parg;
3546 break;
3547 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
3548 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
3549 {
3550 unsigned char *keys = parg;
3551 if (!keys)
3552 return 48;
3553 if (larg != 48)
3554 {
3555 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
3556 return 0;
3557 }
3558 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
3559 {
3560 memcpy(ctx->tlsext_tick_key_name, keys, 16);
3561 memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
3562 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
3563 }
3564 else
3565 {
3566 memcpy(keys, ctx->tlsext_tick_key_name, 16);
3567 memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
3568 memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
3569 }
3570 return 1;
3571 }
3572
3573#ifdef TLSEXT_TYPE_opaque_prf_input
3574 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
3575 ctx->tlsext_opaque_prf_input_callback_arg = parg;
3576 return 1;
3577#endif
3578
3579 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
3580 ctx->tlsext_status_arg=parg;
3581 return 1;
3582 break;
3583
3584#ifndef OPENSSL_NO_SRP
3585 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
3586 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3587 if (ctx->srp_ctx.login != NULL)
3588 OPENSSL_free(ctx->srp_ctx.login);
3589 ctx->srp_ctx.login = NULL;
3590 if (parg == NULL)
3591 break;
3592 if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
3593 {
3594 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
3595 return 0;
3596 }
3597 if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
3598 {
3599 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
3600 return 0;
3601 }
3602 break;
3603 case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
3604 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
3605 ctx->srp_ctx.info=parg;
3606 break;
3607 case SSL_CTRL_SET_SRP_ARG:
3608 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3609 ctx->srp_ctx.SRP_cb_arg=parg;
3610 break;
3611
3612 case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
3613 ctx->srp_ctx.strength=larg;
3614 break;
3615#endif
3616#endif /* !OPENSSL_NO_TLSEXT */
3617
3618 /* A Thawte special :-) */
3619 case SSL_CTRL_EXTRA_CHAIN_CERT:
3620 if (ctx->extra_certs == NULL)
3621 {
3622 if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
3623 return(0);
3624 }
3625 sk_X509_push(ctx->extra_certs,(X509 *)parg);
3626 break;
3627
3628 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
3629 *(STACK_OF(X509) **)parg = ctx->extra_certs;
3630 break;
3631
3632 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
3633 if (ctx->extra_certs)
3634 {
3635 sk_X509_pop_free(ctx->extra_certs, X509_free);
3636 ctx->extra_certs = NULL;
3637 }
3638 break;
3639
3640 default:
3641 return(0);
3642 }
3643 return(1);
3644 }
3645
3646long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
3647 {
3648 CERT *cert;
3649
3650 cert=ctx->cert;
3651
3652 switch (cmd)
3653 {
3654#ifndef OPENSSL_NO_RSA
3655 case SSL_CTRL_SET_TMP_RSA_CB:
3656 {
3657 cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
3658 }
3659 break;
3660#endif
3661#ifndef OPENSSL_NO_DH
3662 case SSL_CTRL_SET_TMP_DH_CB:
3663 {
3664 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
3665 }
3666 break;
3667#endif
3668#ifndef OPENSSL_NO_ECDH
3669 case SSL_CTRL_SET_TMP_ECDH_CB:
3670 {
3671 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
3672 }
3673 break;
3674#endif
3675#ifndef OPENSSL_NO_TLSEXT
3676 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
3677 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
3678 break;
3679
3680#ifdef TLSEXT_TYPE_opaque_prf_input
3681 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
3682 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
3683 break;
3684#endif
3685
3686 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
3687 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
3688 break;
3689
3690 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
3691 ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
3692 unsigned char *,
3693 EVP_CIPHER_CTX *,
3694 HMAC_CTX *, int))fp;
3695 break;
3696
3697#ifndef OPENSSL_NO_SRP
3698 case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
3699 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3700 ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
3701 break;
3702 case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
3703 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3704 ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
3705 break;
3706 case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
3707 ctx->srp_ctx.srp_Mask|=SSL_kSRP;
3708 ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
3709 break;
3710#endif
3711#endif
3712 default:
3713 return(0);
3714 }
3715 return(1);
3716 }
3717
3718/* This function needs to check if the ciphers required are actually
3719 * available */
3720const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
3721 {
3722 SSL_CIPHER c;
3723 const SSL_CIPHER *cp;
3724 unsigned long id;
3725
3726 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
3727 c.id=id;
3728 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
3729#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
3730if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
3731#endif
3732 if (cp == NULL || cp->valid == 0)
3733 return NULL;
3734 else
3735 return cp;
3736 }
3737
3738int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
3739 {
3740 long l;
3741
3742 if (p != NULL)
3743 {
3744 l=c->id;
3745 if ((l & 0xff000000) != 0x03000000) return(0);
3746 p[0]=((unsigned char)(l>> 8L))&0xFF;
3747 p[1]=((unsigned char)(l ))&0xFF;
3748 }
3749 return(2);
3750 }
3751
3752SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
3753 STACK_OF(SSL_CIPHER) *srvr)
3754 {
3755 SSL_CIPHER *c,*ret=NULL;
3756 STACK_OF(SSL_CIPHER) *prio, *allow;
3757 int i,ii,ok;
3758#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
3759 unsigned int j;
3760 int ec_ok, ec_nid;
3761 unsigned char ec_search1 = 0, ec_search2 = 0;
3762#endif
3763 CERT *cert;
3764 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
3765
3766 /* Let's see which ciphers we can support */
3767 cert=s->cert;
3768
3769#if 0
3770 /* Do not set the compare functions, because this may lead to a
3771 * reordering by "id". We want to keep the original ordering.
3772 * We may pay a price in performance during sk_SSL_CIPHER_find(),
3773 * but would have to pay with the price of sk_SSL_CIPHER_dup().
3774 */
3775 sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
3776 sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
3777#endif
3778
3779#ifdef CIPHER_DEBUG
3780 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
3781 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
3782 {
3783 c=sk_SSL_CIPHER_value(srvr,i);
3784 printf("%p:%s\n",(void *)c,c->name);
3785 }
3786 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
3787 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
3788 {
3789 c=sk_SSL_CIPHER_value(clnt,i);
3790 printf("%p:%s\n",(void *)c,c->name);
3791 }
3792#endif
3793
3794 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
3795 {
3796 prio = srvr;
3797 allow = clnt;
3798 }
3799 else
3800 {
3801 prio = clnt;
3802 allow = srvr;
3803 }
3804
3805 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
3806 {
3807 c=sk_SSL_CIPHER_value(prio,i);
3808
3809 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
3810 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
3811 (TLS1_get_version(s) < TLS1_2_VERSION))
3812 continue;
3813
3814 ssl_set_cert_masks(cert,c);
3815 mask_k = cert->mask_k;
3816 mask_a = cert->mask_a;
3817 emask_k = cert->export_mask_k;
3818 emask_a = cert->export_mask_a;
3819#ifndef OPENSSL_NO_SRP
3820 mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
3821 emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
3822#endif
3823
3824#ifdef KSSL_DEBUG
3825/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
3826#endif /* KSSL_DEBUG */
3827
3828 alg_k=c->algorithm_mkey;
3829 alg_a=c->algorithm_auth;
3830
3831#ifndef OPENSSL_NO_KRB5
3832 if (alg_k & SSL_kKRB5)
3833 {
3834 if ( !kssl_keytab_is_available(s->kssl_ctx) )
3835 continue;
3836 }
3837#endif /* OPENSSL_NO_KRB5 */
3838#ifndef OPENSSL_NO_PSK
3839 /* with PSK there must be server callback set */
3840 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
3841 continue;
3842#endif /* OPENSSL_NO_PSK */
3843
3844 if (SSL_C_IS_EXPORT(c))
3845 {
3846 ok = (alg_k & emask_k) && (alg_a & emask_a);
3847#ifdef CIPHER_DEBUG
3848 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
3849 (void *)c,c->name);
3850#endif
3851 }
3852 else
3853 {
3854 ok = (alg_k & mask_k) && (alg_a & mask_a);
3855#ifdef CIPHER_DEBUG
3856 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
3857 c->name);
3858#endif
3859 }
3860
3861#ifndef OPENSSL_NO_TLSEXT
3862#ifndef OPENSSL_NO_EC
3863 if (
3864 /* if we are considering an ECC cipher suite that uses our certificate */
3865 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3866 /* and we have an ECC certificate */
3867 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3868 /* and the client specified a Supported Point Formats extension */
3869 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
3870 /* and our certificate's point is compressed */
3871 && (
3872 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
3873 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
3874 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
3875 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
3876 && (
3877 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
3878 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
3879 )
3880 )
3881 )
3882 {
3883 ec_ok = 0;
3884 /* if our certificate's curve is over a field type that the client does not support
3885 * then do not allow this cipher suite to be negotiated */
3886 if (
3887 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3888 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3889 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3890 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3891 )
3892 {
3893 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3894 {
3895 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
3896 {
3897 ec_ok = 1;
3898 break;
3899 }
3900 }
3901 }
3902 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3903 {
3904 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
3905 {
3906 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
3907 {
3908 ec_ok = 1;
3909 break;
3910 }
3911 }
3912 }
3913 ok = ok && ec_ok;
3914 }
3915 if (
3916 /* if we are considering an ECC cipher suite that uses our certificate */
3917 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
3918 /* and we have an ECC certificate */
3919 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
3920 /* and the client specified an EllipticCurves extension */
3921 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3922 )
3923 {
3924 ec_ok = 0;
3925 if (
3926 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
3927 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
3928 )
3929 {
3930 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
3931 if ((ec_nid == 0)
3932 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
3933 )
3934 {
3935 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
3936 {
3937 ec_search1 = 0xFF;
3938 ec_search2 = 0x01;
3939 }
3940 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
3941 {
3942 ec_search1 = 0xFF;
3943 ec_search2 = 0x02;
3944 }
3945 }
3946 else
3947 {
3948 ec_search1 = 0x00;
3949 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3950 }
3951 if ((ec_search1 != 0) || (ec_search2 != 0))
3952 {
3953 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3954 {
3955 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3956 {
3957 ec_ok = 1;
3958 break;
3959 }
3960 }
3961 }
3962 }
3963 ok = ok && ec_ok;
3964 }
3965 if (
3966 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3967 (alg_k & SSL_kEECDH)
3968 /* and we have an ephemeral EC key */
3969 && (s->cert->ecdh_tmp != NULL)
3970 /* and the client specified an EllipticCurves extension */
3971 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3972 )
3973 {
3974 ec_ok = 0;
3975 if (s->cert->ecdh_tmp->group != NULL)
3976 {
3977 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3978 if ((ec_nid == 0)
3979 && (s->cert->ecdh_tmp->group->meth != NULL)
3980 )
3981 {
3982 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3983 {
3984 ec_search1 = 0xFF;
3985 ec_search2 = 0x01;
3986 }
3987 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3988 {
3989 ec_search1 = 0xFF;
3990 ec_search2 = 0x02;
3991 }
3992 }
3993 else
3994 {
3995 ec_search1 = 0x00;
3996 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3997 }
3998 if ((ec_search1 != 0) || (ec_search2 != 0))
3999 {
4000 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
4001 {
4002 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
4003 {
4004 ec_ok = 1;
4005 break;
4006 }
4007 }
4008 }
4009 }
4010 ok = ok && ec_ok;
4011 }
4012#endif /* OPENSSL_NO_EC */
4013#endif /* OPENSSL_NO_TLSEXT */
4014
4015 if (!ok) continue;
4016 ii=sk_SSL_CIPHER_find(allow,c);
4017 if (ii >= 0)
4018 {
4019 ret=sk_SSL_CIPHER_value(allow,ii);
4020 break;
4021 }
4022 }
4023 return(ret);
4024 }
4025
4026int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
4027 {
4028 int ret=0;
4029 unsigned long alg_k;
4030
4031 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
4032
4033#ifndef OPENSSL_NO_GOST
4034 if (s->version >= TLS1_VERSION)
4035 {
4036 if (alg_k & SSL_kGOST)
4037 {
4038 p[ret++]=TLS_CT_GOST94_SIGN;
4039 p[ret++]=TLS_CT_GOST01_SIGN;
4040 return(ret);
4041 }
4042 }
4043#endif
4044
4045#ifndef OPENSSL_NO_DH
4046 if (alg_k & (SSL_kDHr|SSL_kEDH))
4047 {
4048# ifndef OPENSSL_NO_RSA
4049 p[ret++]=SSL3_CT_RSA_FIXED_DH;
4050# endif
4051# ifndef OPENSSL_NO_DSA
4052 p[ret++]=SSL3_CT_DSS_FIXED_DH;
4053# endif
4054 }
4055 if ((s->version == SSL3_VERSION) &&
4056 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
4057 {
4058# ifndef OPENSSL_NO_RSA
4059 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
4060# endif
4061# ifndef OPENSSL_NO_DSA
4062 p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
4063# endif
4064 }
4065#endif /* !OPENSSL_NO_DH */
4066#ifndef OPENSSL_NO_RSA
4067 p[ret++]=SSL3_CT_RSA_SIGN;
4068#endif
4069#ifndef OPENSSL_NO_DSA
4070 p[ret++]=SSL3_CT_DSS_SIGN;
4071#endif
4072#ifndef OPENSSL_NO_ECDH
4073 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
4074 {
4075 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
4076 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
4077 }
4078#endif
4079
4080#ifndef OPENSSL_NO_ECDSA
4081 /* ECDSA certs can be used with RSA cipher suites as well
4082 * so we don't need to check for SSL_kECDH or SSL_kEECDH
4083 */
4084 if (s->version >= TLS1_VERSION)
4085 {
4086 p[ret++]=TLS_CT_ECDSA_SIGN;
4087 }
4088#endif
4089 return(ret);
4090 }
4091
4092int ssl3_shutdown(SSL *s)
4093 {
4094 int ret;
4095
4096 /* Don't do anything much if we have not done the handshake or
4097 * we don't want to send messages :-) */
4098 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
4099 {
4100 s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
4101 return(1);
4102 }
4103
4104 if (!(s->shutdown & SSL_SENT_SHUTDOWN))
4105 {
4106 s->shutdown|=SSL_SENT_SHUTDOWN;
4107#if 1
4108 ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
4109#endif
4110 /* our shutdown alert has been sent now, and if it still needs
4111 * to be written, s->s3->alert_dispatch will be true */
4112 if (s->s3->alert_dispatch)
4113 return(-1); /* return WANT_WRITE */
4114 }
4115 else if (s->s3->alert_dispatch)
4116 {
4117 /* resend it if not sent */
4118#if 1
4119 ret=s->method->ssl_dispatch_alert(s);
4120 if(ret == -1)
4121 {
4122 /* we only get to return -1 here the 2nd/Nth
4123 * invocation, we must have already signalled
4124 * return 0 upon a previous invoation,
4125 * return WANT_WRITE */
4126 return(ret);
4127 }
4128#endif
4129 }
4130 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4131 {
4132 /* If we are waiting for a close from our peer, we are closed */
4133 s->method->ssl_read_bytes(s,0,NULL,0,0);
4134 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
4135 {
4136 return(-1); /* return WANT_READ */
4137 }
4138 }
4139
4140 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
4141 !s->s3->alert_dispatch)
4142 return(1);
4143 else
4144 return(0);
4145 }
4146
4147int ssl3_write(SSL *s, const void *buf, int len)
4148 {
4149 int ret,n;
4150
4151#if 0
4152 if (s->shutdown & SSL_SEND_SHUTDOWN)
4153 {
4154 s->rwstate=SSL_NOTHING;
4155 return(0);
4156 }
4157#endif
4158 clear_sys_error();
4159 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4160
4161 /* This is an experimental flag that sends the
4162 * last handshake message in the same packet as the first
4163 * use data - used to see if it helps the TCP protocol during
4164 * session-id reuse */
4165 /* The second test is because the buffer may have been removed */
4166 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
4167 {
4168 /* First time through, we write into the buffer */
4169 if (s->s3->delay_buf_pop_ret == 0)
4170 {
4171 ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4172 buf,len);
4173 if (ret <= 0) return(ret);
4174
4175 s->s3->delay_buf_pop_ret=ret;
4176 }
4177
4178 s->rwstate=SSL_WRITING;
4179 n=BIO_flush(s->wbio);
4180 if (n <= 0) return(n);
4181 s->rwstate=SSL_NOTHING;
4182
4183 /* We have flushed the buffer, so remove it */
4184 ssl_free_wbio_buffer(s);
4185 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
4186
4187 ret=s->s3->delay_buf_pop_ret;
4188 s->s3->delay_buf_pop_ret=0;
4189 }
4190 else
4191 {
4192 ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
4193 buf,len);
4194 if (ret <= 0) return(ret);
4195 }
4196
4197 return(ret);
4198 }
4199
4200static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
4201 {
4202 int ret;
4203
4204 clear_sys_error();
4205 if (s->s3->renegotiate) ssl3_renegotiate_check(s);
4206 s->s3->in_read_app_data=1;
4207 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4208 if ((ret == -1) && (s->s3->in_read_app_data == 2))
4209 {
4210 /* ssl3_read_bytes decided to call s->handshake_func, which
4211 * called ssl3_read_bytes to read handshake data.
4212 * However, ssl3_read_bytes actually found application data
4213 * and thinks that application data makes sense here; so disable
4214 * handshake processing and try to read application data again. */
4215 s->in_handshake++;
4216 ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
4217 s->in_handshake--;
4218 }
4219 else
4220 s->s3->in_read_app_data=0;
4221
4222 return(ret);
4223 }
4224
4225int ssl3_read(SSL *s, void *buf, int len)
4226 {
4227 return ssl3_read_internal(s, buf, len, 0);
4228 }
4229
4230int ssl3_peek(SSL *s, void *buf, int len)
4231 {
4232 return ssl3_read_internal(s, buf, len, 1);
4233 }
4234
4235int ssl3_renegotiate(SSL *s)
4236 {
4237 if (s->handshake_func == NULL)
4238 return(1);
4239
4240 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
4241 return(0);
4242
4243 s->s3->renegotiate=1;
4244 return(1);
4245 }
4246
4247int ssl3_renegotiate_check(SSL *s)
4248 {
4249 int ret=0;
4250
4251 if (s->s3->renegotiate)
4252 {
4253 if ( (s->s3->rbuf.left == 0) &&
4254 (s->s3->wbuf.left == 0) &&
4255 !SSL_in_init(s))
4256 {
4257/*
4258if we are the server, and we have sent a 'RENEGOTIATE' message, we
4259need to go to SSL_ST_ACCEPT.
4260*/
4261 /* SSL_ST_ACCEPT */
4262 s->state=SSL_ST_RENEGOTIATE;
4263 s->s3->renegotiate=0;
4264 s->s3->num_renegotiations++;
4265 s->s3->total_renegotiations++;
4266 ret=1;
4267 }
4268 }
4269 return(ret);
4270 }
4271/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
4272 * to new SHA256 PRF and handshake macs
4273 */
4274long ssl_get_algorithm2(SSL *s)
4275 {
4276 long alg2 = s->s3->tmp.new_cipher->algorithm2;
4277 if (s->method->version == TLS1_2_VERSION &&
4278 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
4279 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
4280 return alg2;
4281 }
4282
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
deleted file mode 100644
index c499c29cb5..0000000000
--- a/src/lib/libssl/s3_pkt.c
+++ /dev/null
@@ -1,1528 +0,0 @@
1/* ssl/s3_pkt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <errno.h>
114#define USE_SOCKETS
115#include "ssl_locl.h"
116#include <openssl/evp.h>
117#include <openssl/buffer.h>
118#include <openssl/rand.h>
119
120static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
121 unsigned int len, int create_empty_fragment);
122static int ssl3_get_record(SSL *s);
123
124int ssl3_read_n(SSL *s, int n, int max, int extend)
125 {
126 /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
127 * packet by another n bytes.
128 * The packet will be in the sub-array of s->s3->rbuf.buf specified
129 * by s->packet and s->packet_length.
130 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
131 * [plus s->packet_length bytes if extend == 1].)
132 */
133 int i,len,left;
134 long align=0;
135 unsigned char *pkt;
136 SSL3_BUFFER *rb;
137
138 if (n <= 0) return n;
139
140 rb = &(s->s3->rbuf);
141 if (rb->buf == NULL)
142 if (!ssl3_setup_read_buffer(s))
143 return -1;
144
145 left = rb->left;
146#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
147 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
148 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
149#endif
150
151 if (!extend)
152 {
153 /* start with empty packet ... */
154 if (left == 0)
155 rb->offset = align;
156 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
157 {
158 /* check if next packet length is large
159 * enough to justify payload alignment... */
160 pkt = rb->buf + rb->offset;
161 if (pkt[0] == SSL3_RT_APPLICATION_DATA
162 && (pkt[3]<<8|pkt[4]) >= 128)
163 {
164 /* Note that even if packet is corrupted
165 * and its length field is insane, we can
166 * only be led to wrong decision about
167 * whether memmove will occur or not.
168 * Header values has no effect on memmove
169 * arguments and therefore no buffer
170 * overrun can be triggered. */
171 memmove (rb->buf+align,pkt,left);
172 rb->offset = align;
173 }
174 }
175 s->packet = rb->buf + rb->offset;
176 s->packet_length = 0;
177 /* ... now we can act as if 'extend' was set */
178 }
179
180 /* For DTLS/UDP reads should not span multiple packets
181 * because the read operation returns the whole packet
182 * at once (as long as it fits into the buffer). */
183 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
184 {
185 if (left > 0 && n > left)
186 n = left;
187 }
188
189 /* if there is enough in the buffer from a previous read, take some */
190 if (left >= n)
191 {
192 s->packet_length+=n;
193 rb->left=left-n;
194 rb->offset+=n;
195 return(n);
196 }
197
198 /* else we need to read more data */
199
200 len = s->packet_length;
201 pkt = rb->buf+align;
202 /* Move any available bytes to front of buffer:
203 * 'len' bytes already pointed to by 'packet',
204 * 'left' extra ones at the end */
205 if (s->packet != pkt) /* len > 0 */
206 {
207 memmove(pkt, s->packet, len+left);
208 s->packet = pkt;
209 rb->offset = len + align;
210 }
211
212 if (n > (int)(rb->len - rb->offset)) /* does not happen */
213 {
214 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
215 return -1;
216 }
217
218 if (!s->read_ahead)
219 /* ignore max parameter */
220 max = n;
221 else
222 {
223 if (max < n)
224 max = n;
225 if (max > (int)(rb->len - rb->offset))
226 max = rb->len - rb->offset;
227 }
228
229 while (left < n)
230 {
231 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
232 * and need to read in more until we have len+n (up to
233 * len+max if possible) */
234
235 clear_sys_error();
236 if (s->rbio != NULL)
237 {
238 s->rwstate=SSL_READING;
239 i=BIO_read(s->rbio,pkt+len+left, max-left);
240 }
241 else
242 {
243 SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
244 i = -1;
245 }
246
247 if (i <= 0)
248 {
249 rb->left = left;
250 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
251 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
252 if (len+left == 0)
253 ssl3_release_read_buffer(s);
254 return(i);
255 }
256 left+=i;
257 /* reads should *never* span multiple packets for DTLS because
258 * the underlying transport protocol is message oriented as opposed
259 * to byte oriented as in the TLS case. */
260 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
261 {
262 if (n > left)
263 n = left; /* makes the while condition false */
264 }
265 }
266
267 /* done reading, now the book-keeping */
268 rb->offset += n;
269 rb->left = left - n;
270 s->packet_length += n;
271 s->rwstate=SSL_NOTHING;
272 return(n);
273 }
274
275/* Call this to get a new input record.
276 * It will return <= 0 if more data is needed, normally due to an error
277 * or non-blocking IO.
278 * When it finishes, one packet has been decoded and can be found in
279 * ssl->s3->rrec.type - is the type of record
280 * ssl->s3->rrec.data, - data
281 * ssl->s3->rrec.length, - number of bytes
282 */
283/* used only by ssl3_read_bytes */
284static int ssl3_get_record(SSL *s)
285 {
286 int ssl_major,ssl_minor,al;
287 int enc_err,n,i,ret= -1;
288 SSL3_RECORD *rr;
289 SSL_SESSION *sess;
290 unsigned char *p;
291 unsigned char md[EVP_MAX_MD_SIZE];
292 short version;
293 unsigned mac_size, orig_len;
294 size_t extra;
295
296 rr= &(s->s3->rrec);
297 sess=s->session;
298
299 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
300 extra=SSL3_RT_MAX_EXTRA;
301 else
302 extra=0;
303 if (extra && !s->s3->init_extra)
304 {
305 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
306 * set after ssl3_setup_buffers() was done */
307 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
308 return -1;
309 }
310
311again:
312 /* check if we have the header */
313 if ( (s->rstate != SSL_ST_READ_BODY) ||
314 (s->packet_length < SSL3_RT_HEADER_LENGTH))
315 {
316 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
317 if (n <= 0) return(n); /* error or non-blocking */
318 s->rstate=SSL_ST_READ_BODY;
319
320 p=s->packet;
321
322 /* Pull apart the header into the SSL3_RECORD */
323 rr->type= *(p++);
324 ssl_major= *(p++);
325 ssl_minor= *(p++);
326 version=(ssl_major<<8)|ssl_minor;
327 n2s(p,rr->length);
328#if 0
329fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
330#endif
331
332 /* Lets check version */
333 if (!s->first_packet)
334 {
335 if (version != s->version)
336 {
337 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
338 if ((s->version & 0xFF00) == (version & 0xFF00))
339 /* Send back error using their minor version number :-) */
340 s->version = (unsigned short)version;
341 al=SSL_AD_PROTOCOL_VERSION;
342 goto f_err;
343 }
344 }
345
346 if ((version>>8) != SSL3_VERSION_MAJOR)
347 {
348 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
349 goto err;
350 }
351
352 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
353 {
354 al=SSL_AD_RECORD_OVERFLOW;
355 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
356 goto f_err;
357 }
358
359 /* now s->rstate == SSL_ST_READ_BODY */
360 }
361
362 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
363
364 if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
365 {
366 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
367 i=rr->length;
368 n=ssl3_read_n(s,i,i,1);
369 if (n <= 0) return(n); /* error or non-blocking io */
370 /* now n == rr->length,
371 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
372 }
373
374 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
375
376 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
377 * and we have that many bytes in s->packet
378 */
379 rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
380
381 /* ok, we can now read from 's->packet' data into 'rr'
382 * rr->input points at rr->length bytes, which
383 * need to be copied into rr->data by either
384 * the decryption or by the decompression
385 * When the data is 'copied' into the rr->data buffer,
386 * rr->input will be pointed at the new buffer */
387
388 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
389 * rr->length bytes of encrypted compressed stuff. */
390
391 /* check is not needed I believe */
392 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
393 {
394 al=SSL_AD_RECORD_OVERFLOW;
395 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
396 goto f_err;
397 }
398
399 /* decrypt in place in 'rr->input' */
400 rr->data=rr->input;
401
402 enc_err = s->method->ssl3_enc->enc(s,0);
403 /* enc_err is:
404 * 0: (in non-constant time) if the record is publically invalid.
405 * 1: if the padding is valid
406 * -1: if the padding is invalid */
407 if (enc_err == 0)
408 {
409 al=SSL_AD_DECRYPTION_FAILED;
410 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
411 goto f_err;
412 }
413
414#ifdef TLS_DEBUG
415printf("dec %d\n",rr->length);
416{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
417printf("\n");
418#endif
419
420 /* r->length is now the compressed data plus mac */
421 if ((sess != NULL) &&
422 (s->enc_read_ctx != NULL) &&
423 (EVP_MD_CTX_md(s->read_hash) != NULL))
424 {
425 /* s->read_hash != NULL => mac_size != -1 */
426 unsigned char *mac = NULL;
427 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
428 mac_size=EVP_MD_CTX_size(s->read_hash);
429 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
430
431 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
432 orig_len = rr->length+((unsigned int)rr->type>>8);
433
434 /* orig_len is the length of the record before any padding was
435 * removed. This is public information, as is the MAC in use,
436 * therefore we can safely process the record in a different
437 * amount of time if it's too short to possibly contain a MAC.
438 */
439 if (orig_len < mac_size ||
440 /* CBC records must have a padding length byte too. */
441 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
442 orig_len < mac_size+1))
443 {
444 al=SSL_AD_DECODE_ERROR;
445 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
446 goto f_err;
447 }
448
449 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
450 {
451 /* We update the length so that the TLS header bytes
452 * can be constructed correctly but we need to extract
453 * the MAC in constant time from within the record,
454 * without leaking the contents of the padding bytes.
455 * */
456 mac = mac_tmp;
457 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
458 rr->length -= mac_size;
459 }
460 else
461 {
462 /* In this case there's no padding, so |orig_len|
463 * equals |rec->length| and we checked that there's
464 * enough bytes for |mac_size| above. */
465 rr->length -= mac_size;
466 mac = &rr->data[rr->length];
467 }
468
469 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
470 if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0)
471 enc_err = -1;
472 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
473 enc_err = -1;
474 }
475
476 if (enc_err < 0)
477 {
478 /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
479 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
480 * failure is directly visible from the ciphertext anyway,
481 * we should not reveal which kind of error occured -- this
482 * might become visible to an attacker (e.g. via a logfile) */
483 al=SSL_AD_BAD_RECORD_MAC;
484 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
485 goto f_err;
486 }
487
488 /* r->length is now just compressed */
489 if (s->expand != NULL)
490 {
491 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
492 {
493 al=SSL_AD_RECORD_OVERFLOW;
494 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
495 goto f_err;
496 }
497 if (!ssl3_do_uncompress(s))
498 {
499 al=SSL_AD_DECOMPRESSION_FAILURE;
500 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
501 goto f_err;
502 }
503 }
504
505 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
506 {
507 al=SSL_AD_RECORD_OVERFLOW;
508 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
509 goto f_err;
510 }
511
512 rr->off=0;
513 /* So at this point the following is true
514 * ssl->s3->rrec.type is the type of record
515 * ssl->s3->rrec.length == number of bytes in record
516 * ssl->s3->rrec.off == offset to first valid byte
517 * ssl->s3->rrec.data == where to take bytes from, increment
518 * after use :-).
519 */
520
521 /* we have pulled in a full packet so zero things */
522 s->packet_length=0;
523
524 /* just read a 0 length packet */
525 if (rr->length == 0) goto again;
526
527#if 0
528fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
529#endif
530
531 return(1);
532
533f_err:
534 ssl3_send_alert(s,SSL3_AL_FATAL,al);
535err:
536 return(ret);
537 }
538
539int ssl3_do_uncompress(SSL *ssl)
540 {
541#ifndef OPENSSL_NO_COMP
542 int i;
543 SSL3_RECORD *rr;
544
545 rr= &(ssl->s3->rrec);
546 i=COMP_expand_block(ssl->expand,rr->comp,
547 SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
548 if (i < 0)
549 return(0);
550 else
551 rr->length=i;
552 rr->data=rr->comp;
553#endif
554 return(1);
555 }
556
557int ssl3_do_compress(SSL *ssl)
558 {
559#ifndef OPENSSL_NO_COMP
560 int i;
561 SSL3_RECORD *wr;
562
563 wr= &(ssl->s3->wrec);
564 i=COMP_compress_block(ssl->compress,wr->data,
565 SSL3_RT_MAX_COMPRESSED_LENGTH,
566 wr->input,(int)wr->length);
567 if (i < 0)
568 return(0);
569 else
570 wr->length=i;
571
572 wr->input=wr->data;
573#endif
574 return(1);
575 }
576
577/* Call this to write data in records of type 'type'
578 * It will return <= 0 if not all data has been sent or non-blocking IO.
579 */
580int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
581 {
582 const unsigned char *buf=buf_;
583 unsigned int tot,n,nw;
584 int i;
585
586 s->rwstate=SSL_NOTHING;
587 tot=s->s3->wnum;
588 s->s3->wnum=0;
589
590 if (SSL_in_init(s) && !s->in_handshake)
591 {
592 i=s->handshake_func(s);
593 if (i < 0) return(i);
594 if (i == 0)
595 {
596 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
597 return -1;
598 }
599 }
600
601 n=(len-tot);
602 for (;;)
603 {
604 if (n > s->max_send_fragment)
605 nw=s->max_send_fragment;
606 else
607 nw=n;
608
609 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
610 if (i <= 0)
611 {
612 s->s3->wnum=tot;
613 return i;
614 }
615
616 if ((i == (int)n) ||
617 (type == SSL3_RT_APPLICATION_DATA &&
618 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
619 {
620 /* next chunk of data should get another prepended empty fragment
621 * in ciphersuites with known-IV weakness: */
622 s->s3->empty_fragment_done = 0;
623
624 return tot+i;
625 }
626
627 n-=i;
628 tot+=i;
629 }
630 }
631
632static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
633 unsigned int len, int create_empty_fragment)
634 {
635 unsigned char *p,*plen;
636 int i,mac_size,clear=0;
637 int prefix_len=0;
638 int eivlen;
639 long align=0;
640 SSL3_RECORD *wr;
641 SSL3_BUFFER *wb=&(s->s3->wbuf);
642 SSL_SESSION *sess;
643
644 if (wb->buf == NULL)
645 if (!ssl3_setup_write_buffer(s))
646 return -1;
647
648 /* first check if there is a SSL3_BUFFER still being written
649 * out. This will happen with non blocking IO */
650 if (wb->left != 0)
651 return(ssl3_write_pending(s,type,buf,len));
652
653 /* If we have an alert to send, lets send it */
654 if (s->s3->alert_dispatch)
655 {
656 i=s->method->ssl_dispatch_alert(s);
657 if (i <= 0)
658 return(i);
659 /* if it went, fall through and send more stuff */
660 }
661
662 if (len == 0 && !create_empty_fragment)
663 return 0;
664
665 wr= &(s->s3->wrec);
666 sess=s->session;
667
668 if ( (sess == NULL) ||
669 (s->enc_write_ctx == NULL) ||
670 (EVP_MD_CTX_md(s->write_hash) == NULL))
671 {
672#if 1
673 clear=s->enc_write_ctx?0:1; /* must be AEAD cipher */
674#else
675 clear=1;
676#endif
677 mac_size=0;
678 }
679 else
680 {
681 mac_size=EVP_MD_CTX_size(s->write_hash);
682 if (mac_size < 0)
683 goto err;
684 }
685
686 /* 'create_empty_fragment' is true only when this function calls itself */
687 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
688 {
689 /* countermeasure against known-IV weakness in CBC ciphersuites
690 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
691
692 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
693 {
694 /* recursive function call with 'create_empty_fragment' set;
695 * this prepares and buffers the data for an empty fragment
696 * (these 'prefix_len' bytes are sent out later
697 * together with the actual payload) */
698 prefix_len = do_ssl3_write(s, type, buf, 0, 1);
699 if (prefix_len <= 0)
700 goto err;
701
702 if (prefix_len >
703 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
704 {
705 /* insufficient space */
706 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
707 goto err;
708 }
709 }
710
711 s->s3->empty_fragment_done = 1;
712 }
713
714 if (create_empty_fragment)
715 {
716#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
717 /* extra fragment would be couple of cipher blocks,
718 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
719 * if we want to align the real payload, then we can
720 * just pretent we simply have two headers. */
721 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
722 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
723#endif
724 p = wb->buf + align;
725 wb->offset = align;
726 }
727 else if (prefix_len)
728 {
729 p = wb->buf + wb->offset + prefix_len;
730 }
731 else
732 {
733#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
734 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
735 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
736#endif
737 p = wb->buf + align;
738 wb->offset = align;
739 }
740
741 /* write the header */
742
743 *(p++)=type&0xff;
744 wr->type=type;
745
746 *(p++)=(s->version>>8);
747 /* Some servers hang if iniatial client hello is larger than 256
748 * bytes and record version number > TLS 1.0
749 */
750 if (s->state == SSL3_ST_CW_CLNT_HELLO_B
751 && TLS1_get_version(s) > TLS1_VERSION)
752 *(p++) = 0x1;
753 else
754 *(p++)=s->version&0xff;
755
756 /* field where we are to write out packet length */
757 plen=p;
758 p+=2;
759 /* Explicit IV length, block ciphers and TLS version 1.1 or later */
760 if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
761 {
762 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
763 if (mode == EVP_CIPH_CBC_MODE)
764 {
765 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
766 if (eivlen <= 1)
767 eivlen = 0;
768 }
769 /* Need explicit part of IV for GCM mode */
770 else if (mode == EVP_CIPH_GCM_MODE)
771 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
772 else
773 eivlen = 0;
774 }
775 else
776 eivlen = 0;
777
778 /* lets setup the record stuff. */
779 wr->data=p + eivlen;
780 wr->length=(int)len;
781 wr->input=(unsigned char *)buf;
782
783 /* we now 'read' from wr->input, wr->length bytes into
784 * wr->data */
785
786 /* first we compress */
787 if (s->compress != NULL)
788 {
789 if (!ssl3_do_compress(s))
790 {
791 SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
792 goto err;
793 }
794 }
795 else
796 {
797 memcpy(wr->data,wr->input,wr->length);
798 wr->input=wr->data;
799 }
800
801 /* we should still have the output to wr->data and the input
802 * from wr->input. Length should be wr->length.
803 * wr->data still points in the wb->buf */
804
805 if (mac_size != 0)
806 {
807 if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
808 goto err;
809 wr->length+=mac_size;
810 }
811
812 wr->input=p;
813 wr->data=p;
814
815 if (eivlen)
816 {
817 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
818 goto err; */
819 wr->length += eivlen;
820 }
821
822 /* ssl3_enc can only have an error on read */
823 s->method->ssl3_enc->enc(s,1);
824
825 /* record length after mac and block padding */
826 s2n(wr->length,plen);
827
828 /* we should now have
829 * wr->data pointing to the encrypted data, which is
830 * wr->length long */
831 wr->type=type; /* not needed but helps for debugging */
832 wr->length+=SSL3_RT_HEADER_LENGTH;
833
834 if (create_empty_fragment)
835 {
836 /* we are in a recursive call;
837 * just return the length, don't write out anything here
838 */
839 return wr->length;
840 }
841
842 /* now let's set up wb */
843 wb->left = prefix_len + wr->length;
844
845 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
846 s->s3->wpend_tot=len;
847 s->s3->wpend_buf=buf;
848 s->s3->wpend_type=type;
849 s->s3->wpend_ret=len;
850
851 /* we now just need to write the buffer */
852 return ssl3_write_pending(s,type,buf,len);
853err:
854 return -1;
855 }
856
857/* if s->s3->wbuf.left != 0, we need to call this */
858int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
859 unsigned int len)
860 {
861 int i;
862 SSL3_BUFFER *wb=&(s->s3->wbuf);
863
864/* XXXX */
865 if ((s->s3->wpend_tot > (int)len)
866 || ((s->s3->wpend_buf != buf) &&
867 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
868 || (s->s3->wpend_type != type))
869 {
870 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
871 return(-1);
872 }
873
874 for (;;)
875 {
876 clear_sys_error();
877 if (s->wbio != NULL)
878 {
879 s->rwstate=SSL_WRITING;
880 i=BIO_write(s->wbio,
881 (char *)&(wb->buf[wb->offset]),
882 (unsigned int)wb->left);
883 }
884 else
885 {
886 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
887 i= -1;
888 }
889 if (i == wb->left)
890 {
891 wb->left=0;
892 wb->offset+=i;
893 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
894 SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
895 ssl3_release_write_buffer(s);
896 s->rwstate=SSL_NOTHING;
897 return(s->s3->wpend_ret);
898 }
899 else if (i <= 0) {
900 if (s->version == DTLS1_VERSION ||
901 s->version == DTLS1_BAD_VER) {
902 /* For DTLS, just drop it. That's kind of the whole
903 point in using a datagram service */
904 wb->left = 0;
905 }
906 return(i);
907 }
908 wb->offset+=i;
909 wb->left-=i;
910 }
911 }
912
913/* Return up to 'len' payload bytes received in 'type' records.
914 * 'type' is one of the following:
915 *
916 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
917 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
918 * - 0 (during a shutdown, no data has to be returned)
919 *
920 * If we don't have stored data to work from, read a SSL/TLS record first
921 * (possibly multiple records if we still don't have anything to return).
922 *
923 * This function must handle any surprises the peer may have for us, such as
924 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
925 * a surprise, but handled as if it were), or renegotiation requests.
926 * Also if record payloads contain fragments too small to process, we store
927 * them until there is enough for the respective protocol (the record protocol
928 * may use arbitrary fragmentation and even interleaving):
929 * Change cipher spec protocol
930 * just 1 byte needed, no need for keeping anything stored
931 * Alert protocol
932 * 2 bytes needed (AlertLevel, AlertDescription)
933 * Handshake protocol
934 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
935 * to detect unexpected Client Hello and Hello Request messages
936 * here, anything else is handled by higher layers
937 * Application data protocol
938 * none of our business
939 */
940int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
941 {
942 int al,i,j,ret;
943 unsigned int n;
944 SSL3_RECORD *rr;
945 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
946
947 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
948 if (!ssl3_setup_read_buffer(s))
949 return(-1);
950
951 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
952 (peek && (type != SSL3_RT_APPLICATION_DATA)))
953 {
954 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
955 return -1;
956 }
957
958 if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
959 /* (partially) satisfy request from storage */
960 {
961 unsigned char *src = s->s3->handshake_fragment;
962 unsigned char *dst = buf;
963 unsigned int k;
964
965 /* peek == 0 */
966 n = 0;
967 while ((len > 0) && (s->s3->handshake_fragment_len > 0))
968 {
969 *dst++ = *src++;
970 len--; s->s3->handshake_fragment_len--;
971 n++;
972 }
973 /* move any remaining fragment bytes: */
974 for (k = 0; k < s->s3->handshake_fragment_len; k++)
975 s->s3->handshake_fragment[k] = *src++;
976 return n;
977 }
978
979 /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
980
981 if (!s->in_handshake && SSL_in_init(s))
982 {
983 /* type == SSL3_RT_APPLICATION_DATA */
984 i=s->handshake_func(s);
985 if (i < 0) return(i);
986 if (i == 0)
987 {
988 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
989 return(-1);
990 }
991 }
992start:
993 s->rwstate=SSL_NOTHING;
994
995 /* s->s3->rrec.type - is the type of record
996 * s->s3->rrec.data, - data
997 * s->s3->rrec.off, - offset into 'data' for next read
998 * s->s3->rrec.length, - number of bytes. */
999 rr = &(s->s3->rrec);
1000
1001 /* get new packet if necessary */
1002 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
1003 {
1004 ret=ssl3_get_record(s);
1005 if (ret <= 0) return(ret);
1006 }
1007
1008 /* we now have a packet which can be read and processed */
1009
1010 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
1011 * reset by ssl3_get_finished */
1012 && (rr->type != SSL3_RT_HANDSHAKE))
1013 {
1014 al=SSL_AD_UNEXPECTED_MESSAGE;
1015 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
1016 goto f_err;
1017 }
1018
1019 /* If the other end has shut down, throw anything we read away
1020 * (even in 'peek' mode) */
1021 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
1022 {
1023 rr->length=0;
1024 s->rwstate=SSL_NOTHING;
1025 return(0);
1026 }
1027
1028
1029 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
1030 {
1031 /* make sure that we are not getting application data when we
1032 * are doing a handshake for the first time */
1033 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
1034 (s->enc_read_ctx == NULL))
1035 {
1036 al=SSL_AD_UNEXPECTED_MESSAGE;
1037 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
1038 goto f_err;
1039 }
1040
1041 if (len <= 0) return(len);
1042
1043 if ((unsigned int)len > rr->length)
1044 n = rr->length;
1045 else
1046 n = (unsigned int)len;
1047
1048 memcpy(buf,&(rr->data[rr->off]),n);
1049 if (!peek)
1050 {
1051 rr->length-=n;
1052 rr->off+=n;
1053 if (rr->length == 0)
1054 {
1055 s->rstate=SSL_ST_READ_HEADER;
1056 rr->off=0;
1057 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1058 ssl3_release_read_buffer(s);
1059 }
1060 }
1061 return(n);
1062 }
1063
1064
1065 /* If we get here, then type != rr->type; if we have a handshake
1066 * message, then it was unexpected (Hello Request or Client Hello). */
1067
1068 /* In case of record types for which we have 'fragment' storage,
1069 * fill that so that we can process the data at a fixed place.
1070 */
1071 {
1072 unsigned int dest_maxlen = 0;
1073 unsigned char *dest = NULL;
1074 unsigned int *dest_len = NULL;
1075
1076 if (rr->type == SSL3_RT_HANDSHAKE)
1077 {
1078 dest_maxlen = sizeof s->s3->handshake_fragment;
1079 dest = s->s3->handshake_fragment;
1080 dest_len = &s->s3->handshake_fragment_len;
1081 }
1082 else if (rr->type == SSL3_RT_ALERT)
1083 {
1084 dest_maxlen = sizeof s->s3->alert_fragment;
1085 dest = s->s3->alert_fragment;
1086 dest_len = &s->s3->alert_fragment_len;
1087 }
1088#ifndef OPENSSL_NO_HEARTBEATS
1089 else if (rr->type == TLS1_RT_HEARTBEAT)
1090 {
1091 tls1_process_heartbeat(s);
1092
1093 /* Exit and notify application to read again */
1094 rr->length = 0;
1095 s->rwstate=SSL_READING;
1096 BIO_clear_retry_flags(SSL_get_rbio(s));
1097 BIO_set_retry_read(SSL_get_rbio(s));
1098 return(-1);
1099 }
1100#endif
1101
1102 if (dest_maxlen > 0)
1103 {
1104 n = dest_maxlen - *dest_len; /* available space in 'dest' */
1105 if (rr->length < n)
1106 n = rr->length; /* available bytes */
1107
1108 /* now move 'n' bytes: */
1109 while (n-- > 0)
1110 {
1111 dest[(*dest_len)++] = rr->data[rr->off++];
1112 rr->length--;
1113 }
1114
1115 if (*dest_len < dest_maxlen)
1116 goto start; /* fragment was too small */
1117 }
1118 }
1119
1120 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1121 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1122 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1123
1124 /* If we are a client, check for an incoming 'Hello Request': */
1125 if ((!s->server) &&
1126 (s->s3->handshake_fragment_len >= 4) &&
1127 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1128 (s->session != NULL) && (s->session->cipher != NULL))
1129 {
1130 s->s3->handshake_fragment_len = 0;
1131
1132 if ((s->s3->handshake_fragment[1] != 0) ||
1133 (s->s3->handshake_fragment[2] != 0) ||
1134 (s->s3->handshake_fragment[3] != 0))
1135 {
1136 al=SSL_AD_DECODE_ERROR;
1137 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
1138 goto f_err;
1139 }
1140
1141 if (s->msg_callback)
1142 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
1143
1144 if (SSL_is_init_finished(s) &&
1145 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1146 !s->s3->renegotiate)
1147 {
1148 ssl3_renegotiate(s);
1149 if (ssl3_renegotiate_check(s))
1150 {
1151 i=s->handshake_func(s);
1152 if (i < 0) return(i);
1153 if (i == 0)
1154 {
1155 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1156 return(-1);
1157 }
1158
1159 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1160 {
1161 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1162 {
1163 BIO *bio;
1164 /* In the case where we try to read application data,
1165 * but we trigger an SSL handshake, we return -1 with
1166 * the retry option set. Otherwise renegotiation may
1167 * cause nasty problems in the blocking world */
1168 s->rwstate=SSL_READING;
1169 bio=SSL_get_rbio(s);
1170 BIO_clear_retry_flags(bio);
1171 BIO_set_retry_read(bio);
1172 return(-1);
1173 }
1174 }
1175 }
1176 }
1177 /* we either finished a handshake or ignored the request,
1178 * now try again to obtain the (application) data we were asked for */
1179 goto start;
1180 }
1181 /* If we are a server and get a client hello when renegotiation isn't
1182 * allowed send back a no renegotiation alert and carry on.
1183 * WARNING: experimental code, needs reviewing (steve)
1184 */
1185 if (s->server &&
1186 SSL_is_init_finished(s) &&
1187 !s->s3->send_connection_binding &&
1188 (s->version > SSL3_VERSION) &&
1189 (s->s3->handshake_fragment_len >= 4) &&
1190 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1191 (s->session != NULL) && (s->session->cipher != NULL) &&
1192 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1193
1194 {
1195 /*s->s3->handshake_fragment_len = 0;*/
1196 rr->length = 0;
1197 ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1198 goto start;
1199 }
1200 if (s->s3->alert_fragment_len >= 2)
1201 {
1202 int alert_level = s->s3->alert_fragment[0];
1203 int alert_descr = s->s3->alert_fragment[1];
1204
1205 s->s3->alert_fragment_len = 0;
1206
1207 if (s->msg_callback)
1208 s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1209
1210 if (s->info_callback != NULL)
1211 cb=s->info_callback;
1212 else if (s->ctx->info_callback != NULL)
1213 cb=s->ctx->info_callback;
1214
1215 if (cb != NULL)
1216 {
1217 j = (alert_level << 8) | alert_descr;
1218 cb(s, SSL_CB_READ_ALERT, j);
1219 }
1220
1221 if (alert_level == 1) /* warning */
1222 {
1223 s->s3->warn_alert = alert_descr;
1224 if (alert_descr == SSL_AD_CLOSE_NOTIFY)
1225 {
1226 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1227 return(0);
1228 }
1229 /* This is a warning but we receive it if we requested
1230 * renegotiation and the peer denied it. Terminate with
1231 * a fatal alert because if application tried to
1232 * renegotiatie it presumably had a good reason and
1233 * expects it to succeed.
1234 *
1235 * In future we might have a renegotiation where we
1236 * don't care if the peer refused it where we carry on.
1237 */
1238 else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
1239 {
1240 al = SSL_AD_HANDSHAKE_FAILURE;
1241 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1242 goto f_err;
1243 }
1244#ifdef SSL_AD_MISSING_SRP_USERNAME
1245 if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
1246 return(0);
1247#endif
1248 }
1249 else if (alert_level == 2) /* fatal */
1250 {
1251 char tmp[16];
1252
1253 s->rwstate=SSL_NOTHING;
1254 s->s3->fatal_alert = alert_descr;
1255 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
1256 BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
1257 ERR_add_error_data(2,"SSL alert number ",tmp);
1258 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
1259 SSL_CTX_remove_session(s->ctx,s->session);
1260 return(0);
1261 }
1262 else
1263 {
1264 al=SSL_AD_ILLEGAL_PARAMETER;
1265 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
1266 goto f_err;
1267 }
1268
1269 goto start;
1270 }
1271
1272 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
1273 {
1274 s->rwstate=SSL_NOTHING;
1275 rr->length=0;
1276 return(0);
1277 }
1278
1279 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
1280 {
1281 /* 'Change Cipher Spec' is just a single byte, so we know
1282 * exactly what the record payload has to look like */
1283 if ( (rr->length != 1) || (rr->off != 0) ||
1284 (rr->data[0] != SSL3_MT_CCS))
1285 {
1286 al=SSL_AD_ILLEGAL_PARAMETER;
1287 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
1288 goto f_err;
1289 }
1290
1291 /* Check we have a cipher to change to */
1292 if (s->s3->tmp.new_cipher == NULL)
1293 {
1294 al=SSL_AD_UNEXPECTED_MESSAGE;
1295 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
1296 goto f_err;
1297 }
1298
1299 rr->length=0;
1300
1301 if (s->msg_callback)
1302 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
1303
1304 s->s3->change_cipher_spec=1;
1305 if (!ssl3_do_change_cipher_spec(s))
1306 goto err;
1307 else
1308 goto start;
1309 }
1310
1311 /* Unexpected handshake message (Client Hello, or protocol violation) */
1312 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
1313 {
1314 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1315 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1316 {
1317#if 0 /* worked only because C operator preferences are not as expected (and
1318 * because this is not really needed for clients except for detecting
1319 * protocol violations): */
1320 s->state=SSL_ST_BEFORE|(s->server)
1321 ?SSL_ST_ACCEPT
1322 :SSL_ST_CONNECT;
1323#else
1324 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1325#endif
1326 s->renegotiate=1;
1327 s->new_session=1;
1328 }
1329 i=s->handshake_func(s);
1330 if (i < 0) return(i);
1331 if (i == 0)
1332 {
1333 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
1334 return(-1);
1335 }
1336
1337 if (!(s->mode & SSL_MODE_AUTO_RETRY))
1338 {
1339 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1340 {
1341 BIO *bio;
1342 /* In the case where we try to read application data,
1343 * but we trigger an SSL handshake, we return -1 with
1344 * the retry option set. Otherwise renegotiation may
1345 * cause nasty problems in the blocking world */
1346 s->rwstate=SSL_READING;
1347 bio=SSL_get_rbio(s);
1348 BIO_clear_retry_flags(bio);
1349 BIO_set_retry_read(bio);
1350 return(-1);
1351 }
1352 }
1353 goto start;
1354 }
1355
1356 switch (rr->type)
1357 {
1358 default:
1359#ifndef OPENSSL_NO_TLS
1360 /* TLS up to v1.1 just ignores unknown message types:
1361 * TLS v1.2 give an unexpected message alert.
1362 */
1363 if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
1364 {
1365 rr->length = 0;
1366 goto start;
1367 }
1368#endif
1369 al=SSL_AD_UNEXPECTED_MESSAGE;
1370 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1371 goto f_err;
1372 case SSL3_RT_CHANGE_CIPHER_SPEC:
1373 case SSL3_RT_ALERT:
1374 case SSL3_RT_HANDSHAKE:
1375 /* we already handled all of these, with the possible exception
1376 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1377 * should not happen when type != rr->type */
1378 al=SSL_AD_UNEXPECTED_MESSAGE;
1379 SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
1380 goto f_err;
1381 case SSL3_RT_APPLICATION_DATA:
1382 /* At this point, we were expecting handshake data,
1383 * but have application data. If the library was
1384 * running inside ssl3_read() (i.e. in_read_app_data
1385 * is set) and it makes sense to read application data
1386 * at this point (session renegotiation not yet started),
1387 * we will indulge it.
1388 */
1389 if (s->s3->in_read_app_data &&
1390 (s->s3->total_renegotiations != 0) &&
1391 ((
1392 (s->state & SSL_ST_CONNECT) &&
1393 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1394 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
1395 ) || (
1396 (s->state & SSL_ST_ACCEPT) &&
1397 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1398 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
1399 )
1400 ))
1401 {
1402 s->s3->in_read_app_data=2;
1403 return(-1);
1404 }
1405 else
1406 {
1407 al=SSL_AD_UNEXPECTED_MESSAGE;
1408 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
1409 goto f_err;
1410 }
1411 }
1412 /* not reached */
1413
1414f_err:
1415 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1416err:
1417 return(-1);
1418 }
1419
1420int ssl3_do_change_cipher_spec(SSL *s)
1421 {
1422 int i;
1423 const char *sender;
1424 int slen;
1425
1426 if (s->state & SSL_ST_ACCEPT)
1427 i=SSL3_CHANGE_CIPHER_SERVER_READ;
1428 else
1429 i=SSL3_CHANGE_CIPHER_CLIENT_READ;
1430
1431 if (s->s3->tmp.key_block == NULL)
1432 {
1433 if (s->session == NULL)
1434 {
1435 /* might happen if dtls1_read_bytes() calls this */
1436 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
1437 return (0);
1438 }
1439
1440 s->session->cipher=s->s3->tmp.new_cipher;
1441 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1442 }
1443
1444 if (!s->method->ssl3_enc->change_cipher_state(s,i))
1445 return(0);
1446
1447 /* we have to record the message digest at
1448 * this point so we can get it before we read
1449 * the finished message */
1450 if (s->state & SSL_ST_CONNECT)
1451 {
1452 sender=s->method->ssl3_enc->server_finished_label;
1453 slen=s->method->ssl3_enc->server_finished_label_len;
1454 }
1455 else
1456 {
1457 sender=s->method->ssl3_enc->client_finished_label;
1458 slen=s->method->ssl3_enc->client_finished_label_len;
1459 }
1460
1461 i = s->method->ssl3_enc->final_finish_mac(s,
1462 sender,slen,s->s3->tmp.peer_finish_md);
1463 if (i == 0)
1464 {
1465 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
1466 return 0;
1467 }
1468 s->s3->tmp.peer_finish_md_len = i;
1469
1470 return(1);
1471 }
1472
1473int ssl3_send_alert(SSL *s, int level, int desc)
1474 {
1475 /* Map tls/ssl alert value to correct one */
1476 desc=s->method->ssl3_enc->alert_value(desc);
1477 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1478 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1479 if (desc < 0) return -1;
1480 /* If a fatal one, remove from cache */
1481 if ((level == 2) && (s->session != NULL))
1482 SSL_CTX_remove_session(s->ctx,s->session);
1483
1484 s->s3->alert_dispatch=1;
1485 s->s3->send_alert[0]=level;
1486 s->s3->send_alert[1]=desc;
1487 if (s->s3->wbuf.left == 0) /* data still being written out? */
1488 return s->method->ssl_dispatch_alert(s);
1489 /* else data is still being written out, we will get written
1490 * some time in the future */
1491 return -1;
1492 }
1493
1494int ssl3_dispatch_alert(SSL *s)
1495 {
1496 int i,j;
1497 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1498
1499 s->s3->alert_dispatch=0;
1500 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1501 if (i <= 0)
1502 {
1503 s->s3->alert_dispatch=1;
1504 }
1505 else
1506 {
1507 /* Alert sent to BIO. If it is important, flush it now.
1508 * If the message does not get sent due to non-blocking IO,
1509 * we will not worry too much. */
1510 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1511 (void)BIO_flush(s->wbio);
1512
1513 if (s->msg_callback)
1514 s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
1515
1516 if (s->info_callback != NULL)
1517 cb=s->info_callback;
1518 else if (s->ctx->info_callback != NULL)
1519 cb=s->ctx->info_callback;
1520
1521 if (cb != NULL)
1522 {
1523 j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1524 cb(s,SSL_CB_WRITE_ALERT,j);
1525 }
1526 }
1527 return(i);
1528 }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
deleted file mode 100644
index 118939fabb..0000000000
--- a/src/lib/libssl/s3_srvr.c
+++ /dev/null
@@ -1,3586 +0,0 @@
1/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#define REUSE_CIPHER_BUG
152#define NETSCAPE_HANG_BUG
153
154#include <stdio.h>
155#include "ssl_locl.h"
156#include "kssl_lcl.h"
157#include <openssl/buffer.h>
158#include <openssl/rand.h>
159#include <openssl/objects.h>
160#include <openssl/evp.h>
161#include <openssl/hmac.h>
162#include <openssl/x509.h>
163#ifndef OPENSSL_NO_DH
164#include <openssl/dh.h>
165#endif
166#include <openssl/bn.h>
167#ifndef OPENSSL_NO_KRB5
168#include <openssl/krb5_asn.h>
169#endif
170#include <openssl/md5.h>
171
172static const SSL_METHOD *ssl3_get_server_method(int ver);
173
174static const SSL_METHOD *ssl3_get_server_method(int ver)
175 {
176 if (ver == SSL3_VERSION)
177 return(SSLv3_server_method());
178 else
179 return(NULL);
180 }
181
182#ifndef OPENSSL_NO_SRP
183static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
184 {
185 int ret = SSL_ERROR_NONE;
186
187 *al = SSL_AD_UNRECOGNIZED_NAME;
188
189 if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
190 (s->srp_ctx.TLS_ext_srp_username_callback != NULL))
191 {
192 if(s->srp_ctx.login == NULL)
193 {
194 /* There isn't any srp login extension !!! */
195 ret = SSL3_AL_FATAL;
196 *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
197 }
198 else
199 {
200 ret = SSL_srp_server_param_with_username(s,al);
201 }
202 }
203 return ret;
204 }
205#endif
206
207IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
208 ssl3_accept,
209 ssl_undefined_function,
210 ssl3_get_server_method)
211
212int ssl3_accept(SSL *s)
213 {
214 BUF_MEM *buf;
215 unsigned long alg_k,Time=(unsigned long)time(NULL);
216 void (*cb)(const SSL *ssl,int type,int val)=NULL;
217 int ret= -1;
218 int new_state,state,skip=0;
219
220 RAND_add(&Time,sizeof(Time),0);
221 ERR_clear_error();
222 clear_sys_error();
223
224 if (s->info_callback != NULL)
225 cb=s->info_callback;
226 else if (s->ctx->info_callback != NULL)
227 cb=s->ctx->info_callback;
228
229 /* init things to blank */
230 s->in_handshake++;
231 if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
232
233 if (s->cert == NULL)
234 {
235 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
236 return(-1);
237 }
238
239#ifndef OPENSSL_NO_HEARTBEATS
240 /* If we're awaiting a HeartbeatResponse, pretend we
241 * already got and don't await it anymore, because
242 * Heartbeats don't make sense during handshakes anyway.
243 */
244 if (s->tlsext_hb_pending)
245 {
246 s->tlsext_hb_pending = 0;
247 s->tlsext_hb_seq++;
248 }
249#endif
250
251 for (;;)
252 {
253 state=s->state;
254
255 switch (s->state)
256 {
257 case SSL_ST_RENEGOTIATE:
258 s->renegotiate=1;
259 /* s->state=SSL_ST_ACCEPT; */
260
261 case SSL_ST_BEFORE:
262 case SSL_ST_ACCEPT:
263 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
264 case SSL_ST_OK|SSL_ST_ACCEPT:
265
266 s->server=1;
267 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
268
269 if ((s->version>>8) != 3)
270 {
271 SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
272 return -1;
273 }
274 s->type=SSL_ST_ACCEPT;
275
276 if (s->init_buf == NULL)
277 {
278 if ((buf=BUF_MEM_new()) == NULL)
279 {
280 ret= -1;
281 goto end;
282 }
283 if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
284 {
285 ret= -1;
286 goto end;
287 }
288 s->init_buf=buf;
289 }
290
291 if (!ssl3_setup_buffers(s))
292 {
293 ret= -1;
294 goto end;
295 }
296
297 s->init_num=0;
298 s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
299
300 if (s->state != SSL_ST_RENEGOTIATE)
301 {
302 /* Ok, we now need to push on a buffering BIO so that
303 * the output is sent in a way that TCP likes :-)
304 */
305 if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
306
307 ssl3_init_finished_mac(s);
308 s->state=SSL3_ST_SR_CLNT_HELLO_A;
309 s->ctx->stats.sess_accept++;
310 }
311 else if (!s->s3->send_connection_binding &&
312 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
313 {
314 /* Server attempting to renegotiate with
315 * client that doesn't support secure
316 * renegotiation.
317 */
318 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
319 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
320 ret = -1;
321 goto end;
322 }
323 else
324 {
325 /* s->state == SSL_ST_RENEGOTIATE,
326 * we will just send a HelloRequest */
327 s->ctx->stats.sess_accept_renegotiate++;
328 s->state=SSL3_ST_SW_HELLO_REQ_A;
329 }
330 break;
331
332 case SSL3_ST_SW_HELLO_REQ_A:
333 case SSL3_ST_SW_HELLO_REQ_B:
334
335 s->shutdown=0;
336 ret=ssl3_send_hello_request(s);
337 if (ret <= 0) goto end;
338 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
339 s->state=SSL3_ST_SW_FLUSH;
340 s->init_num=0;
341
342 ssl3_init_finished_mac(s);
343 break;
344
345 case SSL3_ST_SW_HELLO_REQ_C:
346 s->state=SSL_ST_OK;
347 break;
348
349 case SSL3_ST_SR_CLNT_HELLO_A:
350 case SSL3_ST_SR_CLNT_HELLO_B:
351 case SSL3_ST_SR_CLNT_HELLO_C:
352
353 s->shutdown=0;
354 if (s->rwstate != SSL_X509_LOOKUP)
355 {
356 ret=ssl3_get_client_hello(s);
357 if (ret <= 0) goto end;
358 }
359#ifndef OPENSSL_NO_SRP
360 {
361 int al;
362 if ((ret = ssl_check_srp_ext_ClientHello(s,&al)) < 0)
363 {
364 /* callback indicates firther work to be done */
365 s->rwstate=SSL_X509_LOOKUP;
366 goto end;
367 }
368 if (ret != SSL_ERROR_NONE)
369 {
370 ssl3_send_alert(s,SSL3_AL_FATAL,al);
371 /* This is not really an error but the only means to
372 for a client to detect whether srp is supported. */
373 if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
374 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);
375 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
376 ret= -1;
377 goto end;
378 }
379 }
380#endif
381 s->renegotiate = 2;
382 s->state=SSL3_ST_SW_SRVR_HELLO_A;
383 s->init_num=0;
384 break;
385
386 case SSL3_ST_SW_SRVR_HELLO_A:
387 case SSL3_ST_SW_SRVR_HELLO_B:
388 ret=ssl3_send_server_hello(s);
389 if (ret <= 0) goto end;
390#ifndef OPENSSL_NO_TLSEXT
391 if (s->hit)
392 {
393 if (s->tlsext_ticket_expected)
394 s->state=SSL3_ST_SW_SESSION_TICKET_A;
395 else
396 s->state=SSL3_ST_SW_CHANGE_A;
397 }
398#else
399 if (s->hit)
400 s->state=SSL3_ST_SW_CHANGE_A;
401#endif
402 else
403 s->state=SSL3_ST_SW_CERT_A;
404 s->init_num=0;
405 break;
406
407 case SSL3_ST_SW_CERT_A:
408 case SSL3_ST_SW_CERT_B:
409 /* Check if it is anon DH or anon ECDH, */
410 /* normal PSK or KRB5 or SRP */
411 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
412 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
413 && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
414 {
415 ret=ssl3_send_server_certificate(s);
416 if (ret <= 0) goto end;
417#ifndef OPENSSL_NO_TLSEXT
418 if (s->tlsext_status_expected)
419 s->state=SSL3_ST_SW_CERT_STATUS_A;
420 else
421 s->state=SSL3_ST_SW_KEY_EXCH_A;
422 }
423 else
424 {
425 skip = 1;
426 s->state=SSL3_ST_SW_KEY_EXCH_A;
427 }
428#else
429 }
430 else
431 skip=1;
432
433 s->state=SSL3_ST_SW_KEY_EXCH_A;
434#endif
435 s->init_num=0;
436 break;
437
438 case SSL3_ST_SW_KEY_EXCH_A:
439 case SSL3_ST_SW_KEY_EXCH_B:
440 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
441
442 /* clear this, it may get reset by
443 * send_server_key_exchange */
444 if ((s->options & SSL_OP_EPHEMERAL_RSA)
445#ifndef OPENSSL_NO_KRB5
446 && !(alg_k & SSL_kKRB5)
447#endif /* OPENSSL_NO_KRB5 */
448 )
449 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
450 * even when forbidden by protocol specs
451 * (handshake may fail as clients are not required to
452 * be able to handle this) */
453 s->s3->tmp.use_rsa_tmp=1;
454 else
455 s->s3->tmp.use_rsa_tmp=0;
456
457
458 /* only send if a DH key exchange, fortezza or
459 * RSA but we have a sign only certificate
460 *
461 * PSK: may send PSK identity hints
462 *
463 * For ECC ciphersuites, we send a serverKeyExchange
464 * message only if the cipher suite is either
465 * ECDH-anon or ECDHE. In other cases, the
466 * server certificate contains the server's
467 * public key for key exchange.
468 */
469 if (s->s3->tmp.use_rsa_tmp
470 /* PSK: send ServerKeyExchange if PSK identity
471 * hint if provided */
472#ifndef OPENSSL_NO_PSK
473 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
474#endif
475#ifndef OPENSSL_NO_SRP
476 /* SRP: send ServerKeyExchange */
477 || (alg_k & SSL_kSRP)
478#endif
479 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
480 || (alg_k & SSL_kEECDH)
481 || ((alg_k & SSL_kRSA)
482 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
483 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
484 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
485 )
486 )
487 )
488 )
489 {
490 ret=ssl3_send_server_key_exchange(s);
491 if (ret <= 0) goto end;
492 }
493 else
494 skip=1;
495
496 s->state=SSL3_ST_SW_CERT_REQ_A;
497 s->init_num=0;
498 break;
499
500 case SSL3_ST_SW_CERT_REQ_A:
501 case SSL3_ST_SW_CERT_REQ_B:
502 if (/* don't request cert unless asked for it: */
503 !(s->verify_mode & SSL_VERIFY_PEER) ||
504 /* if SSL_VERIFY_CLIENT_ONCE is set,
505 * don't request cert during re-negotiation: */
506 ((s->session->peer != NULL) &&
507 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
508 /* never request cert in anonymous ciphersuites
509 * (see section "Certificate request" in SSL 3 drafts
510 * and in RFC 2246): */
511 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
512 /* ... except when the application insists on verification
513 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
514 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
515 /* never request cert in Kerberos ciphersuites */
516 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
517 /* With normal PSK Certificates and
518 * Certificate Requests are omitted */
519 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
520 {
521 /* no cert request */
522 skip=1;
523 s->s3->tmp.cert_request=0;
524 s->state=SSL3_ST_SW_SRVR_DONE_A;
525 if (s->s3->handshake_buffer)
526 if (!ssl3_digest_cached_records(s))
527 return -1;
528 }
529 else
530 {
531 s->s3->tmp.cert_request=1;
532 ret=ssl3_send_certificate_request(s);
533 if (ret <= 0) goto end;
534#ifndef NETSCAPE_HANG_BUG
535 s->state=SSL3_ST_SW_SRVR_DONE_A;
536#else
537 s->state=SSL3_ST_SW_FLUSH;
538 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
539#endif
540 s->init_num=0;
541 }
542 break;
543
544 case SSL3_ST_SW_SRVR_DONE_A:
545 case SSL3_ST_SW_SRVR_DONE_B:
546 ret=ssl3_send_server_done(s);
547 if (ret <= 0) goto end;
548 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
549 s->state=SSL3_ST_SW_FLUSH;
550 s->init_num=0;
551 break;
552
553 case SSL3_ST_SW_FLUSH:
554
555 /* This code originally checked to see if
556 * any data was pending using BIO_CTRL_INFO
557 * and then flushed. This caused problems
558 * as documented in PR#1939. The proposed
559 * fix doesn't completely resolve this issue
560 * as buggy implementations of BIO_CTRL_PENDING
561 * still exist. So instead we just flush
562 * unconditionally.
563 */
564
565 s->rwstate=SSL_WRITING;
566 if (BIO_flush(s->wbio) <= 0)
567 {
568 ret= -1;
569 goto end;
570 }
571 s->rwstate=SSL_NOTHING;
572
573 s->state=s->s3->tmp.next_state;
574 break;
575
576 case SSL3_ST_SR_CERT_A:
577 case SSL3_ST_SR_CERT_B:
578 /* Check for second client hello (MS SGC) */
579 ret = ssl3_check_client_hello(s);
580 if (ret <= 0)
581 goto end;
582 if (ret == 2)
583 s->state = SSL3_ST_SR_CLNT_HELLO_C;
584 else {
585 if (s->s3->tmp.cert_request)
586 {
587 ret=ssl3_get_client_certificate(s);
588 if (ret <= 0) goto end;
589 }
590 s->init_num=0;
591 s->state=SSL3_ST_SR_KEY_EXCH_A;
592 }
593 break;
594
595 case SSL3_ST_SR_KEY_EXCH_A:
596 case SSL3_ST_SR_KEY_EXCH_B:
597 ret=ssl3_get_client_key_exchange(s);
598 if (ret <= 0)
599 goto end;
600 if (ret == 2)
601 {
602 /* For the ECDH ciphersuites when
603 * the client sends its ECDH pub key in
604 * a certificate, the CertificateVerify
605 * message is not sent.
606 * Also for GOST ciphersuites when
607 * the client uses its key from the certificate
608 * for key exchange.
609 */
610#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
611 s->state=SSL3_ST_SR_FINISHED_A;
612#else
613 if (s->s3->next_proto_neg_seen)
614 s->state=SSL3_ST_SR_NEXT_PROTO_A;
615 else
616 s->state=SSL3_ST_SR_FINISHED_A;
617#endif
618 s->init_num = 0;
619 }
620 else if (TLS1_get_version(s) >= TLS1_2_VERSION)
621 {
622 s->state=SSL3_ST_SR_CERT_VRFY_A;
623 s->init_num=0;
624 if (!s->session->peer)
625 break;
626 /* For TLS v1.2 freeze the handshake buffer
627 * at this point and digest cached records.
628 */
629 if (!s->s3->handshake_buffer)
630 {
631 SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
632 return -1;
633 }
634 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
635 if (!ssl3_digest_cached_records(s))
636 return -1;
637 }
638 else
639 {
640 int offset=0;
641 int dgst_num;
642
643 s->state=SSL3_ST_SR_CERT_VRFY_A;
644 s->init_num=0;
645
646 /* We need to get hashes here so if there is
647 * a client cert, it can be verified
648 * FIXME - digest processing for CertificateVerify
649 * should be generalized. But it is next step
650 */
651 if (s->s3->handshake_buffer)
652 if (!ssl3_digest_cached_records(s))
653 return -1;
654 for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
655 if (s->s3->handshake_dgst[dgst_num])
656 {
657 int dgst_size;
658
659 s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
660 dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
661 if (dgst_size < 0)
662 {
663 ret = -1;
664 goto end;
665 }
666 offset+=dgst_size;
667 }
668 }
669 break;
670
671 case SSL3_ST_SR_CERT_VRFY_A:
672 case SSL3_ST_SR_CERT_VRFY_B:
673
674 /* we should decide if we expected this one */
675 ret=ssl3_get_cert_verify(s);
676 if (ret <= 0) goto end;
677
678#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
679 s->state=SSL3_ST_SR_FINISHED_A;
680#else
681 if (s->s3->next_proto_neg_seen)
682 s->state=SSL3_ST_SR_NEXT_PROTO_A;
683 else
684 s->state=SSL3_ST_SR_FINISHED_A;
685#endif
686 s->init_num=0;
687 break;
688
689#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
690 case SSL3_ST_SR_NEXT_PROTO_A:
691 case SSL3_ST_SR_NEXT_PROTO_B:
692 ret=ssl3_get_next_proto(s);
693 if (ret <= 0) goto end;
694 s->init_num = 0;
695 s->state=SSL3_ST_SR_FINISHED_A;
696 break;
697#endif
698
699 case SSL3_ST_SR_FINISHED_A:
700 case SSL3_ST_SR_FINISHED_B:
701 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
702 SSL3_ST_SR_FINISHED_B);
703 if (ret <= 0) goto end;
704 if (s->hit)
705 s->state=SSL_ST_OK;
706#ifndef OPENSSL_NO_TLSEXT
707 else if (s->tlsext_ticket_expected)
708 s->state=SSL3_ST_SW_SESSION_TICKET_A;
709#endif
710 else
711 s->state=SSL3_ST_SW_CHANGE_A;
712 s->init_num=0;
713 break;
714
715#ifndef OPENSSL_NO_TLSEXT
716 case SSL3_ST_SW_SESSION_TICKET_A:
717 case SSL3_ST_SW_SESSION_TICKET_B:
718 ret=ssl3_send_newsession_ticket(s);
719 if (ret <= 0) goto end;
720 s->state=SSL3_ST_SW_CHANGE_A;
721 s->init_num=0;
722 break;
723
724 case SSL3_ST_SW_CERT_STATUS_A:
725 case SSL3_ST_SW_CERT_STATUS_B:
726 ret=ssl3_send_cert_status(s);
727 if (ret <= 0) goto end;
728 s->state=SSL3_ST_SW_KEY_EXCH_A;
729 s->init_num=0;
730 break;
731
732#endif
733
734 case SSL3_ST_SW_CHANGE_A:
735 case SSL3_ST_SW_CHANGE_B:
736
737 s->session->cipher=s->s3->tmp.new_cipher;
738 if (!s->method->ssl3_enc->setup_key_block(s))
739 { ret= -1; goto end; }
740
741 ret=ssl3_send_change_cipher_spec(s,
742 SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
743
744 if (ret <= 0) goto end;
745 s->state=SSL3_ST_SW_FINISHED_A;
746 s->init_num=0;
747
748 if (!s->method->ssl3_enc->change_cipher_state(s,
749 SSL3_CHANGE_CIPHER_SERVER_WRITE))
750 {
751 ret= -1;
752 goto end;
753 }
754
755 break;
756
757 case SSL3_ST_SW_FINISHED_A:
758 case SSL3_ST_SW_FINISHED_B:
759 ret=ssl3_send_finished(s,
760 SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
761 s->method->ssl3_enc->server_finished_label,
762 s->method->ssl3_enc->server_finished_label_len);
763 if (ret <= 0) goto end;
764 s->state=SSL3_ST_SW_FLUSH;
765 if (s->hit)
766 {
767#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
768 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
769#else
770 if (s->s3->next_proto_neg_seen)
771 s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
772 else
773 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
774#endif
775 }
776 else
777 s->s3->tmp.next_state=SSL_ST_OK;
778 s->init_num=0;
779 break;
780
781 case SSL_ST_OK:
782 /* clean a few things up */
783 ssl3_cleanup_key_block(s);
784
785 BUF_MEM_free(s->init_buf);
786 s->init_buf=NULL;
787
788 /* remove buffering on output */
789 ssl_free_wbio_buffer(s);
790
791 s->init_num=0;
792
793 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
794 {
795 s->renegotiate=0;
796 s->new_session=0;
797
798 ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
799
800 s->ctx->stats.sess_accept_good++;
801 /* s->server=1; */
802 s->handshake_func=ssl3_accept;
803
804 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
805 }
806
807 ret = 1;
808 goto end;
809 /* break; */
810
811 default:
812 SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
813 ret= -1;
814 goto end;
815 /* break; */
816 }
817
818 if (!s->s3->tmp.reuse_message && !skip)
819 {
820 if (s->debug)
821 {
822 if ((ret=BIO_flush(s->wbio)) <= 0)
823 goto end;
824 }
825
826
827 if ((cb != NULL) && (s->state != state))
828 {
829 new_state=s->state;
830 s->state=state;
831 cb(s,SSL_CB_ACCEPT_LOOP,1);
832 s->state=new_state;
833 }
834 }
835 skip=0;
836 }
837end:
838 /* BIO_flush(s->wbio); */
839
840 s->in_handshake--;
841 if (cb != NULL)
842 cb(s,SSL_CB_ACCEPT_EXIT,ret);
843 return(ret);
844 }
845
846int ssl3_send_hello_request(SSL *s)
847 {
848 unsigned char *p;
849
850 if (s->state == SSL3_ST_SW_HELLO_REQ_A)
851 {
852 p=(unsigned char *)s->init_buf->data;
853 *(p++)=SSL3_MT_HELLO_REQUEST;
854 *(p++)=0;
855 *(p++)=0;
856 *(p++)=0;
857
858 s->state=SSL3_ST_SW_HELLO_REQ_B;
859 /* number of bytes to write */
860 s->init_num=4;
861 s->init_off=0;
862 }
863
864 /* SSL3_ST_SW_HELLO_REQ_B */
865 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
866 }
867
868int ssl3_check_client_hello(SSL *s)
869 {
870 int ok;
871 long n;
872
873 /* this function is called when we really expect a Certificate message,
874 * so permit appropriate message length */
875 n=s->method->ssl_get_message(s,
876 SSL3_ST_SR_CERT_A,
877 SSL3_ST_SR_CERT_B,
878 -1,
879 s->max_cert_list,
880 &ok);
881 if (!ok) return((int)n);
882 s->s3->tmp.reuse_message = 1;
883 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
884 {
885 /* We only allow the client to restart the handshake once per
886 * negotiation. */
887 if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
888 {
889 SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
890 return -1;
891 }
892 /* Throw away what we have done so far in the current handshake,
893 * which will now be aborted. (A full SSL_clear would be too much.) */
894#ifndef OPENSSL_NO_DH
895 if (s->s3->tmp.dh != NULL)
896 {
897 DH_free(s->s3->tmp.dh);
898 s->s3->tmp.dh = NULL;
899 }
900#endif
901#ifndef OPENSSL_NO_ECDH
902 if (s->s3->tmp.ecdh != NULL)
903 {
904 EC_KEY_free(s->s3->tmp.ecdh);
905 s->s3->tmp.ecdh = NULL;
906 }
907#endif
908 s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
909 return 2;
910 }
911 return 1;
912}
913
914int ssl3_get_client_hello(SSL *s)
915 {
916 int i,j,ok,al,ret= -1;
917 unsigned int cookie_len;
918 long n;
919 unsigned long id;
920 unsigned char *p,*d,*q;
921 SSL_CIPHER *c;
922#ifndef OPENSSL_NO_COMP
923 SSL_COMP *comp=NULL;
924#endif
925 STACK_OF(SSL_CIPHER) *ciphers=NULL;
926
927 /* We do this so that we will respond with our native type.
928 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
929 * This down switching should be handled by a different method.
930 * If we are SSLv3, we will respond with SSLv3, even if prompted with
931 * TLSv1.
932 */
933 if (s->state == SSL3_ST_SR_CLNT_HELLO_A
934 )
935 {
936 s->state=SSL3_ST_SR_CLNT_HELLO_B;
937 }
938 s->first_packet=1;
939 n=s->method->ssl_get_message(s,
940 SSL3_ST_SR_CLNT_HELLO_B,
941 SSL3_ST_SR_CLNT_HELLO_C,
942 SSL3_MT_CLIENT_HELLO,
943 SSL3_RT_MAX_PLAIN_LENGTH,
944 &ok);
945
946 if (!ok) return((int)n);
947 s->first_packet=0;
948 d=p=(unsigned char *)s->init_msg;
949
950 /* use version from inside client hello, not from record header
951 * (may differ: see RFC 2246, Appendix E, second paragraph) */
952 s->client_version=(((int)p[0])<<8)|(int)p[1];
953 p+=2;
954
955 if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
956 (s->version != DTLS1_VERSION && s->client_version < s->version))
957 {
958 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
959 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
960 {
961 /* similar to ssl3_get_record, send alert using remote version number */
962 s->version = s->client_version;
963 }
964 al = SSL_AD_PROTOCOL_VERSION;
965 goto f_err;
966 }
967
968 /* If we require cookies and this ClientHello doesn't
969 * contain one, just return since we do not want to
970 * allocate any memory yet. So check cookie length...
971 */
972 if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
973 {
974 unsigned int session_length, cookie_length;
975
976 session_length = *(p + SSL3_RANDOM_SIZE);
977 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
978
979 if (cookie_length == 0)
980 return 1;
981 }
982
983 /* load the client random */
984 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
985 p+=SSL3_RANDOM_SIZE;
986
987 /* get the session-id */
988 j= *(p++);
989
990 s->hit=0;
991 /* Versions before 0.9.7 always allow clients to resume sessions in renegotiation.
992 * 0.9.7 and later allow this by default, but optionally ignore resumption requests
993 * with flag SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
994 * than a change to default behavior so that applications relying on this for security
995 * won't even compile against older library versions).
996 *
997 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to request
998 * renegotiation but not a new session (s->new_session remains unset): for servers,
999 * this essentially just means that the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
1000 * setting will be ignored.
1001 */
1002 if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
1003 {
1004 if (!ssl_get_new_session(s,1))
1005 goto err;
1006 }
1007 else
1008 {
1009 i=ssl_get_prev_session(s, p, j, d + n);
1010 if (i == 1)
1011 { /* previous session */
1012 s->hit=1;
1013 }
1014 else if (i == -1)
1015 goto err;
1016 else /* i == 0 */
1017 {
1018 if (!ssl_get_new_session(s,1))
1019 goto err;
1020 }
1021 }
1022
1023 p+=j;
1024
1025 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
1026 {
1027 /* cookie stuff */
1028 cookie_len = *(p++);
1029
1030 /*
1031 * The ClientHello may contain a cookie even if the
1032 * HelloVerify message has not been sent--make sure that it
1033 * does not cause an overflow.
1034 */
1035 if ( cookie_len > sizeof(s->d1->rcvd_cookie))
1036 {
1037 /* too much data */
1038 al = SSL_AD_DECODE_ERROR;
1039 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
1040 goto f_err;
1041 }
1042
1043 /* verify the cookie if appropriate option is set. */
1044 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
1045 cookie_len > 0)
1046 {
1047 memcpy(s->d1->rcvd_cookie, p, cookie_len);
1048
1049 if ( s->ctx->app_verify_cookie_cb != NULL)
1050 {
1051 if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
1052 cookie_len) == 0)
1053 {
1054 al=SSL_AD_HANDSHAKE_FAILURE;
1055 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1056 SSL_R_COOKIE_MISMATCH);
1057 goto f_err;
1058 }
1059 /* else cookie verification succeeded */
1060 }
1061 else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
1062 s->d1->cookie_len) != 0) /* default verification */
1063 {
1064 al=SSL_AD_HANDSHAKE_FAILURE;
1065 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1066 SSL_R_COOKIE_MISMATCH);
1067 goto f_err;
1068 }
1069
1070 ret = 2;
1071 }
1072
1073 p += cookie_len;
1074 }
1075
1076 n2s(p,i);
1077 if ((i == 0) && (j != 0))
1078 {
1079 /* we need a cipher if we are not resuming a session */
1080 al=SSL_AD_ILLEGAL_PARAMETER;
1081 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
1082 goto f_err;
1083 }
1084 if ((p+i) >= (d+n))
1085 {
1086 /* not enough data */
1087 al=SSL_AD_DECODE_ERROR;
1088 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1089 goto f_err;
1090 }
1091 if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
1092 == NULL))
1093 {
1094 goto err;
1095 }
1096 p+=i;
1097
1098 /* If it is a hit, check that the cipher is in the list */
1099 if ((s->hit) && (i > 0))
1100 {
1101 j=0;
1102 id=s->session->cipher->id;
1103
1104#ifdef CIPHER_DEBUG
1105 printf("client sent %d ciphers\n",sk_num(ciphers));
1106#endif
1107 for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
1108 {
1109 c=sk_SSL_CIPHER_value(ciphers,i);
1110#ifdef CIPHER_DEBUG
1111 printf("client [%2d of %2d]:%s\n",
1112 i,sk_num(ciphers),SSL_CIPHER_get_name(c));
1113#endif
1114 if (c->id == id)
1115 {
1116 j=1;
1117 break;
1118 }
1119 }
1120/* Disabled because it can be used in a ciphersuite downgrade
1121 * attack: CVE-2010-4180.
1122 */
1123#if 0
1124 if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
1125 {
1126 /* Special case as client bug workaround: the previously used cipher may
1127 * not be in the current list, the client instead might be trying to
1128 * continue using a cipher that before wasn't chosen due to server
1129 * preferences. We'll have to reject the connection if the cipher is not
1130 * enabled, though. */
1131 c = sk_SSL_CIPHER_value(ciphers, 0);
1132 if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
1133 {
1134 s->session->cipher = c;
1135 j = 1;
1136 }
1137 }
1138#endif
1139 if (j == 0)
1140 {
1141 /* we need to have the cipher in the cipher
1142 * list if we are asked to reuse it */
1143 al=SSL_AD_ILLEGAL_PARAMETER;
1144 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
1145 goto f_err;
1146 }
1147 }
1148
1149 /* compression */
1150 i= *(p++);
1151 if ((p+i) > (d+n))
1152 {
1153 /* not enough data */
1154 al=SSL_AD_DECODE_ERROR;
1155 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1156 goto f_err;
1157 }
1158 q=p;
1159 for (j=0; j<i; j++)
1160 {
1161 if (p[j] == 0) break;
1162 }
1163
1164 p+=i;
1165 if (j >= i)
1166 {
1167 /* no compress */
1168 al=SSL_AD_DECODE_ERROR;
1169 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
1170 goto f_err;
1171 }
1172
1173#ifndef OPENSSL_NO_TLSEXT
1174 /* TLS extensions*/
1175 if (s->version >= SSL3_VERSION)
1176 {
1177 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
1178 {
1179 /* 'al' set by ssl_parse_clienthello_tlsext */
1180 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
1181 goto f_err;
1182 }
1183 }
1184 if (ssl_check_clienthello_tlsext(s) <= 0) {
1185 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
1186 goto err;
1187 }
1188
1189 /* Check if we want to use external pre-shared secret for this
1190 * handshake for not reused session only. We need to generate
1191 * server_random before calling tls_session_secret_cb in order to allow
1192 * SessionTicket processing to use it in key derivation. */
1193 {
1194 unsigned long Time;
1195 unsigned char *pos;
1196 Time=(unsigned long)time(NULL); /* Time */
1197 pos=s->s3->server_random;
1198 l2n(Time,pos);
1199 if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
1200 {
1201 al=SSL_AD_INTERNAL_ERROR;
1202 goto f_err;
1203 }
1204 }
1205
1206 if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
1207 {
1208 SSL_CIPHER *pref_cipher=NULL;
1209
1210 s->session->master_key_length=sizeof(s->session->master_key);
1211 if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
1212 ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
1213 {
1214 s->hit=1;
1215 s->session->ciphers=ciphers;
1216 s->session->verify_result=X509_V_OK;
1217
1218 ciphers=NULL;
1219
1220 /* check if some cipher was preferred by call back */
1221 pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
1222 if (pref_cipher == NULL)
1223 {
1224 al=SSL_AD_HANDSHAKE_FAILURE;
1225 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1226 goto f_err;
1227 }
1228
1229 s->session->cipher=pref_cipher;
1230
1231 if (s->cipher_list)
1232 sk_SSL_CIPHER_free(s->cipher_list);
1233
1234 if (s->cipher_list_by_id)
1235 sk_SSL_CIPHER_free(s->cipher_list_by_id);
1236
1237 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1238 s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1239 }
1240 }
1241#endif
1242
1243 /* Worst case, we will use the NULL compression, but if we have other
1244 * options, we will now look for them. We have i-1 compression
1245 * algorithms from the client, starting at q. */
1246 s->s3->tmp.new_compression=NULL;
1247#ifndef OPENSSL_NO_COMP
1248 /* This only happens if we have a cache hit */
1249 if (s->session->compress_meth != 0)
1250 {
1251 int m, comp_id = s->session->compress_meth;
1252 /* Perform sanity checks on resumed compression algorithm */
1253 /* Can't disable compression */
1254 if (s->options & SSL_OP_NO_COMPRESSION)
1255 {
1256 al=SSL_AD_INTERNAL_ERROR;
1257 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1258 goto f_err;
1259 }
1260 /* Look for resumed compression method */
1261 for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
1262 {
1263 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1264 if (comp_id == comp->id)
1265 {
1266 s->s3->tmp.new_compression=comp;
1267 break;
1268 }
1269 }
1270 if (s->s3->tmp.new_compression == NULL)
1271 {
1272 al=SSL_AD_INTERNAL_ERROR;
1273 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
1274 goto f_err;
1275 }
1276 /* Look for resumed method in compression list */
1277 for (m = 0; m < i; m++)
1278 {
1279 if (q[m] == comp_id)
1280 break;
1281 }
1282 if (m >= i)
1283 {
1284 al=SSL_AD_ILLEGAL_PARAMETER;
1285 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1286 goto f_err;
1287 }
1288 }
1289 else if (s->hit)
1290 comp = NULL;
1291 else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
1292 { /* See if we have a match */
1293 int m,nn,o,v,done=0;
1294
1295 nn=sk_SSL_COMP_num(s->ctx->comp_methods);
1296 for (m=0; m<nn; m++)
1297 {
1298 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1299 v=comp->id;
1300 for (o=0; o<i; o++)
1301 {
1302 if (v == q[o])
1303 {
1304 done=1;
1305 break;
1306 }
1307 }
1308 if (done) break;
1309 }
1310 if (done)
1311 s->s3->tmp.new_compression=comp;
1312 else
1313 comp=NULL;
1314 }
1315#else
1316 /* If compression is disabled we'd better not try to resume a session
1317 * using compression.
1318 */
1319 if (s->session->compress_meth != 0)
1320 {
1321 al=SSL_AD_INTERNAL_ERROR;
1322 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1323 goto f_err;
1324 }
1325#endif
1326
1327 /* Given s->session->ciphers and SSL_get_ciphers, we must
1328 * pick a cipher */
1329
1330 if (!s->hit)
1331 {
1332#ifdef OPENSSL_NO_COMP
1333 s->session->compress_meth=0;
1334#else
1335 s->session->compress_meth=(comp == NULL)?0:comp->id;
1336#endif
1337 if (s->session->ciphers != NULL)
1338 sk_SSL_CIPHER_free(s->session->ciphers);
1339 s->session->ciphers=ciphers;
1340 if (ciphers == NULL)
1341 {
1342 al=SSL_AD_ILLEGAL_PARAMETER;
1343 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
1344 goto f_err;
1345 }
1346 ciphers=NULL;
1347 c=ssl3_choose_cipher(s,s->session->ciphers,
1348 SSL_get_ciphers(s));
1349
1350 if (c == NULL)
1351 {
1352 al=SSL_AD_HANDSHAKE_FAILURE;
1353 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1354 goto f_err;
1355 }
1356 s->s3->tmp.new_cipher=c;
1357 }
1358 else
1359 {
1360 /* Session-id reuse */
1361#ifdef REUSE_CIPHER_BUG
1362 STACK_OF(SSL_CIPHER) *sk;
1363 SSL_CIPHER *nc=NULL;
1364 SSL_CIPHER *ec=NULL;
1365
1366 if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
1367 {
1368 sk=s->session->ciphers;
1369 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1370 {
1371 c=sk_SSL_CIPHER_value(sk,i);
1372 if (c->algorithm_enc & SSL_eNULL)
1373 nc=c;
1374 if (SSL_C_IS_EXPORT(c))
1375 ec=c;
1376 }
1377 if (nc != NULL)
1378 s->s3->tmp.new_cipher=nc;
1379 else if (ec != NULL)
1380 s->s3->tmp.new_cipher=ec;
1381 else
1382 s->s3->tmp.new_cipher=s->session->cipher;
1383 }
1384 else
1385#endif
1386 s->s3->tmp.new_cipher=s->session->cipher;
1387 }
1388
1389 if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER))
1390 {
1391 if (!ssl3_digest_cached_records(s))
1392 goto f_err;
1393 }
1394
1395 /* we now have the following setup.
1396 * client_random
1397 * cipher_list - our prefered list of ciphers
1398 * ciphers - the clients prefered list of ciphers
1399 * compression - basically ignored right now
1400 * ssl version is set - sslv3
1401 * s->session - The ssl session has been setup.
1402 * s->hit - session reuse flag
1403 * s->tmp.new_cipher - the new cipher to use.
1404 */
1405
1406 if (ret < 0) ret=1;
1407 if (0)
1408 {
1409f_err:
1410 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1411 }
1412err:
1413 if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
1414 return(ret);
1415 }
1416
1417int ssl3_send_server_hello(SSL *s)
1418 {
1419 unsigned char *buf;
1420 unsigned char *p,*d;
1421 int i,sl;
1422 unsigned long l;
1423#ifdef OPENSSL_NO_TLSEXT
1424 unsigned long Time;
1425#endif
1426
1427 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
1428 {
1429 buf=(unsigned char *)s->init_buf->data;
1430#ifdef OPENSSL_NO_TLSEXT
1431 p=s->s3->server_random;
1432 /* Generate server_random if it was not needed previously */
1433 Time=(unsigned long)time(NULL); /* Time */
1434 l2n(Time,p);
1435 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
1436 return -1;
1437#endif
1438 /* Do the message type and length last */
1439 d=p= &(buf[4]);
1440
1441 *(p++)=s->version>>8;
1442 *(p++)=s->version&0xff;
1443
1444 /* Random stuff */
1445 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
1446 p+=SSL3_RANDOM_SIZE;
1447
1448 /* There are several cases for the session ID to send
1449 * back in the server hello:
1450 * - For session reuse from the session cache,
1451 * we send back the old session ID.
1452 * - If stateless session reuse (using a session ticket)
1453 * is successful, we send back the client's "session ID"
1454 * (which doesn't actually identify the session).
1455 * - If it is a new session, we send back the new
1456 * session ID.
1457 * - However, if we want the new session to be single-use,
1458 * we send back a 0-length session ID.
1459 * s->hit is non-zero in either case of session reuse,
1460 * so the following won't overwrite an ID that we're supposed
1461 * to send back.
1462 */
1463 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1464 && !s->hit)
1465 s->session->session_id_length=0;
1466
1467 sl=s->session->session_id_length;
1468 if (sl > (int)sizeof(s->session->session_id))
1469 {
1470 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
1471 return -1;
1472 }
1473 *(p++)=sl;
1474 memcpy(p,s->session->session_id,sl);
1475 p+=sl;
1476
1477 /* put the cipher */
1478 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
1479 p+=i;
1480
1481 /* put the compression method */
1482#ifdef OPENSSL_NO_COMP
1483 *(p++)=0;
1484#else
1485 if (s->s3->tmp.new_compression == NULL)
1486 *(p++)=0;
1487 else
1488 *(p++)=s->s3->tmp.new_compression->id;
1489#endif
1490#ifndef OPENSSL_NO_TLSEXT
1491 if (ssl_prepare_serverhello_tlsext(s) <= 0)
1492 {
1493 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1494 return -1;
1495 }
1496 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
1497 {
1498 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
1499 return -1;
1500 }
1501#endif
1502 /* do the header */
1503 l=(p-d);
1504 d=buf;
1505 *(d++)=SSL3_MT_SERVER_HELLO;
1506 l2n3(l,d);
1507
1508 s->state=SSL3_ST_SW_SRVR_HELLO_B;
1509 /* number of bytes to write */
1510 s->init_num=p-buf;
1511 s->init_off=0;
1512 }
1513
1514 /* SSL3_ST_SW_SRVR_HELLO_B */
1515 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1516 }
1517
1518int ssl3_send_server_done(SSL *s)
1519 {
1520 unsigned char *p;
1521
1522 if (s->state == SSL3_ST_SW_SRVR_DONE_A)
1523 {
1524 p=(unsigned char *)s->init_buf->data;
1525
1526 /* do the header */
1527 *(p++)=SSL3_MT_SERVER_DONE;
1528 *(p++)=0;
1529 *(p++)=0;
1530 *(p++)=0;
1531
1532 s->state=SSL3_ST_SW_SRVR_DONE_B;
1533 /* number of bytes to write */
1534 s->init_num=4;
1535 s->init_off=0;
1536 }
1537
1538 /* SSL3_ST_SW_SRVR_DONE_B */
1539 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1540 }
1541
1542int ssl3_send_server_key_exchange(SSL *s)
1543 {
1544#ifndef OPENSSL_NO_RSA
1545 unsigned char *q;
1546 int j,num;
1547 RSA *rsa;
1548 unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
1549 unsigned int u;
1550#endif
1551#ifndef OPENSSL_NO_DH
1552 DH *dh=NULL,*dhp;
1553#endif
1554#ifndef OPENSSL_NO_ECDH
1555 EC_KEY *ecdh=NULL, *ecdhp;
1556 unsigned char *encodedPoint = NULL;
1557 int encodedlen = 0;
1558 int curve_id = 0;
1559 BN_CTX *bn_ctx = NULL;
1560#endif
1561 EVP_PKEY *pkey;
1562 const EVP_MD *md = NULL;
1563 unsigned char *p,*d;
1564 int al,i;
1565 unsigned long type;
1566 int n;
1567 CERT *cert;
1568 BIGNUM *r[4];
1569 int nr[4],kn;
1570 BUF_MEM *buf;
1571 EVP_MD_CTX md_ctx;
1572
1573 EVP_MD_CTX_init(&md_ctx);
1574 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
1575 {
1576 type=s->s3->tmp.new_cipher->algorithm_mkey;
1577 cert=s->cert;
1578
1579 buf=s->init_buf;
1580
1581 r[0]=r[1]=r[2]=r[3]=NULL;
1582 n=0;
1583#ifndef OPENSSL_NO_RSA
1584 if (type & SSL_kRSA)
1585 {
1586 rsa=cert->rsa_tmp;
1587 if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
1588 {
1589 rsa=s->cert->rsa_tmp_cb(s,
1590 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1591 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1592 if(rsa == NULL)
1593 {
1594 al=SSL_AD_HANDSHAKE_FAILURE;
1595 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
1596 goto f_err;
1597 }
1598 RSA_up_ref(rsa);
1599 cert->rsa_tmp=rsa;
1600 }
1601 if (rsa == NULL)
1602 {
1603 al=SSL_AD_HANDSHAKE_FAILURE;
1604 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
1605 goto f_err;
1606 }
1607 r[0]=rsa->n;
1608 r[1]=rsa->e;
1609 s->s3->tmp.use_rsa_tmp=1;
1610 }
1611 else
1612#endif
1613#ifndef OPENSSL_NO_DH
1614 if (type & SSL_kEDH)
1615 {
1616 dhp=cert->dh_tmp;
1617 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1618 dhp=s->cert->dh_tmp_cb(s,
1619 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1620 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1621 if (dhp == NULL)
1622 {
1623 al=SSL_AD_HANDSHAKE_FAILURE;
1624 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
1625 goto f_err;
1626 }
1627
1628 if (s->s3->tmp.dh != NULL)
1629 {
1630 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1631 goto err;
1632 }
1633
1634 if ((dh=DHparams_dup(dhp)) == NULL)
1635 {
1636 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1637 goto err;
1638 }
1639
1640 s->s3->tmp.dh=dh;
1641 if ((dhp->pub_key == NULL ||
1642 dhp->priv_key == NULL ||
1643 (s->options & SSL_OP_SINGLE_DH_USE)))
1644 {
1645 if(!DH_generate_key(dh))
1646 {
1647 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1648 ERR_R_DH_LIB);
1649 goto err;
1650 }
1651 }
1652 else
1653 {
1654 dh->pub_key=BN_dup(dhp->pub_key);
1655 dh->priv_key=BN_dup(dhp->priv_key);
1656 if ((dh->pub_key == NULL) ||
1657 (dh->priv_key == NULL))
1658 {
1659 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
1660 goto err;
1661 }
1662 }
1663 r[0]=dh->p;
1664 r[1]=dh->g;
1665 r[2]=dh->pub_key;
1666 }
1667 else
1668#endif
1669#ifndef OPENSSL_NO_ECDH
1670 if (type & SSL_kEECDH)
1671 {
1672 const EC_GROUP *group;
1673
1674 ecdhp=cert->ecdh_tmp;
1675 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
1676 {
1677 ecdhp=s->cert->ecdh_tmp_cb(s,
1678 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
1679 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
1680 }
1681 if (ecdhp == NULL)
1682 {
1683 al=SSL_AD_HANDSHAKE_FAILURE;
1684 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1685 goto f_err;
1686 }
1687
1688 if (s->s3->tmp.ecdh != NULL)
1689 {
1690 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1691 goto err;
1692 }
1693
1694 /* Duplicate the ECDH structure. */
1695 if (ecdhp == NULL)
1696 {
1697 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1698 goto err;
1699 }
1700 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
1701 {
1702 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1703 goto err;
1704 }
1705
1706 s->s3->tmp.ecdh=ecdh;
1707 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1708 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1709 (s->options & SSL_OP_SINGLE_ECDH_USE))
1710 {
1711 if(!EC_KEY_generate_key(ecdh))
1712 {
1713 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1714 goto err;
1715 }
1716 }
1717
1718 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1719 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1720 (EC_KEY_get0_private_key(ecdh) == NULL))
1721 {
1722 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1723 goto err;
1724 }
1725
1726 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1727 (EC_GROUP_get_degree(group) > 163))
1728 {
1729 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1730 goto err;
1731 }
1732
1733 /* XXX: For now, we only support ephemeral ECDH
1734 * keys over named (not generic) curves. For
1735 * supported named curves, curve_id is non-zero.
1736 */
1737 if ((curve_id =
1738 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1739 == 0)
1740 {
1741 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1742 goto err;
1743 }
1744
1745 /* Encode the public key.
1746 * First check the size of encoding and
1747 * allocate memory accordingly.
1748 */
1749 encodedlen = EC_POINT_point2oct(group,
1750 EC_KEY_get0_public_key(ecdh),
1751 POINT_CONVERSION_UNCOMPRESSED,
1752 NULL, 0, NULL);
1753
1754 encodedPoint = (unsigned char *)
1755 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1756 bn_ctx = BN_CTX_new();
1757 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1758 {
1759 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1760 goto err;
1761 }
1762
1763
1764 encodedlen = EC_POINT_point2oct(group,
1765 EC_KEY_get0_public_key(ecdh),
1766 POINT_CONVERSION_UNCOMPRESSED,
1767 encodedPoint, encodedlen, bn_ctx);
1768
1769 if (encodedlen == 0)
1770 {
1771 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1772 goto err;
1773 }
1774
1775 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1776
1777 /* XXX: For now, we only support named (not
1778 * generic) curves in ECDH ephemeral key exchanges.
1779 * In this situation, we need four additional bytes
1780 * to encode the entire ServerECDHParams
1781 * structure.
1782 */
1783 n = 4 + encodedlen;
1784
1785 /* We'll generate the serverKeyExchange message
1786 * explicitly so we can set these to NULLs
1787 */
1788 r[0]=NULL;
1789 r[1]=NULL;
1790 r[2]=NULL;
1791 r[3]=NULL;
1792 }
1793 else
1794#endif /* !OPENSSL_NO_ECDH */
1795#ifndef OPENSSL_NO_PSK
1796 if (type & SSL_kPSK)
1797 {
1798 /* reserve size for record length and PSK identity hint*/
1799 n+=2+strlen(s->ctx->psk_identity_hint);
1800 }
1801 else
1802#endif /* !OPENSSL_NO_PSK */
1803#ifndef OPENSSL_NO_SRP
1804 if (type & SSL_kSRP)
1805 {
1806 if ((s->srp_ctx.N == NULL) ||
1807 (s->srp_ctx.g == NULL) ||
1808 (s->srp_ctx.s == NULL) ||
1809 (s->srp_ctx.B == NULL))
1810 {
1811 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_SRP_PARAM);
1812 goto err;
1813 }
1814 r[0]=s->srp_ctx.N;
1815 r[1]=s->srp_ctx.g;
1816 r[2]=s->srp_ctx.s;
1817 r[3]=s->srp_ctx.B;
1818 }
1819 else
1820#endif
1821 {
1822 al=SSL_AD_HANDSHAKE_FAILURE;
1823 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1824 goto f_err;
1825 }
1826 for (i=0; r[i] != NULL && i<4; i++)
1827 {
1828 nr[i]=BN_num_bytes(r[i]);
1829#ifndef OPENSSL_NO_SRP
1830 if ((i == 2) && (type & SSL_kSRP))
1831 n+=1+nr[i];
1832 else
1833#endif
1834 n+=2+nr[i];
1835 }
1836
1837 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1838 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1839 {
1840 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))
1841 == NULL)
1842 {
1843 al=SSL_AD_DECODE_ERROR;
1844 goto f_err;
1845 }
1846 kn=EVP_PKEY_size(pkey);
1847 }
1848 else
1849 {
1850 pkey=NULL;
1851 kn=0;
1852 }
1853
1854 if (!BUF_MEM_grow_clean(buf,n+4+kn))
1855 {
1856 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
1857 goto err;
1858 }
1859 d=(unsigned char *)s->init_buf->data;
1860 p= &(d[4]);
1861
1862 for (i=0; r[i] != NULL && i<4; i++)
1863 {
1864#ifndef OPENSSL_NO_SRP
1865 if ((i == 2) && (type & SSL_kSRP))
1866 {
1867 *p = nr[i];
1868 p++;
1869 }
1870 else
1871#endif
1872 s2n(nr[i],p);
1873 BN_bn2bin(r[i],p);
1874 p+=nr[i];
1875 }
1876
1877#ifndef OPENSSL_NO_ECDH
1878 if (type & SSL_kEECDH)
1879 {
1880 /* XXX: For now, we only support named (not generic) curves.
1881 * In this situation, the serverKeyExchange message has:
1882 * [1 byte CurveType], [2 byte CurveName]
1883 * [1 byte length of encoded point], followed by
1884 * the actual encoded point itself
1885 */
1886 *p = NAMED_CURVE_TYPE;
1887 p += 1;
1888 *p = 0;
1889 p += 1;
1890 *p = curve_id;
1891 p += 1;
1892 *p = encodedlen;
1893 p += 1;
1894 memcpy((unsigned char*)p,
1895 (unsigned char *)encodedPoint,
1896 encodedlen);
1897 OPENSSL_free(encodedPoint);
1898 encodedPoint = NULL;
1899 p += encodedlen;
1900 }
1901#endif
1902
1903#ifndef OPENSSL_NO_PSK
1904 if (type & SSL_kPSK)
1905 {
1906 /* copy PSK identity hint */
1907 s2n(strlen(s->ctx->psk_identity_hint), p);
1908 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1909 p+=strlen(s->ctx->psk_identity_hint);
1910 }
1911#endif
1912
1913 /* not anonymous */
1914 if (pkey != NULL)
1915 {
1916 /* n is the length of the params, they start at &(d[4])
1917 * and p points to the space at the end. */
1918#ifndef OPENSSL_NO_RSA
1919 if (pkey->type == EVP_PKEY_RSA
1920 && TLS1_get_version(s) < TLS1_2_VERSION)
1921 {
1922 q=md_buf;
1923 j=0;
1924 for (num=2; num > 0; num--)
1925 {
1926 EVP_MD_CTX_set_flags(&md_ctx,
1927 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1928 EVP_DigestInit_ex(&md_ctx,(num == 2)
1929 ?s->ctx->md5:s->ctx->sha1, NULL);
1930 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1931 EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1932 EVP_DigestUpdate(&md_ctx,&(d[4]),n);
1933 EVP_DigestFinal_ex(&md_ctx,q,
1934 (unsigned int *)&i);
1935 q+=i;
1936 j+=i;
1937 }
1938 if (RSA_sign(NID_md5_sha1, md_buf, j,
1939 &(p[2]), &u, pkey->pkey.rsa) <= 0)
1940 {
1941 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
1942 goto err;
1943 }
1944 s2n(u,p);
1945 n+=u+2;
1946 }
1947 else
1948#endif
1949 if (md)
1950 {
1951 /* For TLS1.2 and later send signature
1952 * algorithm */
1953 if (TLS1_get_version(s) >= TLS1_2_VERSION)
1954 {
1955 if (!tls12_get_sigandhash(p, pkey, md))
1956 {
1957 /* Should never happen */
1958 al=SSL_AD_INTERNAL_ERROR;
1959 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1960 goto f_err;
1961 }
1962 p+=2;
1963 }
1964#ifdef SSL_DEBUG
1965 fprintf(stderr, "Using hash %s\n",
1966 EVP_MD_name(md));
1967#endif
1968 EVP_SignInit_ex(&md_ctx, md, NULL);
1969 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1970 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1971 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1972 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1973 (unsigned int *)&i,pkey))
1974 {
1975 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_EVP);
1976 goto err;
1977 }
1978 s2n(i,p);
1979 n+=i+2;
1980 if (TLS1_get_version(s) >= TLS1_2_VERSION)
1981 n+= 2;
1982 }
1983 else
1984 {
1985 /* Is this error check actually needed? */
1986 al=SSL_AD_HANDSHAKE_FAILURE;
1987 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
1988 goto f_err;
1989 }
1990 }
1991
1992 *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
1993 l2n3(n,d);
1994
1995 /* we should now have things packed up, so lets send
1996 * it off */
1997 s->init_num=n+4;
1998 s->init_off=0;
1999 }
2000
2001 s->state = SSL3_ST_SW_KEY_EXCH_B;
2002 EVP_MD_CTX_cleanup(&md_ctx);
2003 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2004f_err:
2005 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2006err:
2007#ifndef OPENSSL_NO_ECDH
2008 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
2009 BN_CTX_free(bn_ctx);
2010#endif
2011 EVP_MD_CTX_cleanup(&md_ctx);
2012 return(-1);
2013 }
2014
2015int ssl3_send_certificate_request(SSL *s)
2016 {
2017 unsigned char *p,*d;
2018 int i,j,nl,off,n;
2019 STACK_OF(X509_NAME) *sk=NULL;
2020 X509_NAME *name;
2021 BUF_MEM *buf;
2022
2023 if (s->state == SSL3_ST_SW_CERT_REQ_A)
2024 {
2025 buf=s->init_buf;
2026
2027 d=p=(unsigned char *)&(buf->data[4]);
2028
2029 /* get the list of acceptable cert types */
2030 p++;
2031 n=ssl3_get_req_cert_type(s,p);
2032 d[0]=n;
2033 p+=n;
2034 n++;
2035
2036 if (TLS1_get_version(s) >= TLS1_2_VERSION)
2037 {
2038 nl = tls12_get_req_sig_algs(s, p + 2);
2039 s2n(nl, p);
2040 p += nl + 2;
2041 n += nl + 2;
2042 }
2043
2044 off=n;
2045 p+=2;
2046 n+=2;
2047
2048 sk=SSL_get_client_CA_list(s);
2049 nl=0;
2050 if (sk != NULL)
2051 {
2052 for (i=0; i<sk_X509_NAME_num(sk); i++)
2053 {
2054 name=sk_X509_NAME_value(sk,i);
2055 j=i2d_X509_NAME(name,NULL);
2056 if (!BUF_MEM_grow_clean(buf,4+n+j+2))
2057 {
2058 SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
2059 goto err;
2060 }
2061 p=(unsigned char *)&(buf->data[4+n]);
2062 if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
2063 {
2064 s2n(j,p);
2065 i2d_X509_NAME(name,&p);
2066 n+=2+j;
2067 nl+=2+j;
2068 }
2069 else
2070 {
2071 d=p;
2072 i2d_X509_NAME(name,&p);
2073 j-=2; s2n(j,d); j+=2;
2074 n+=j;
2075 nl+=j;
2076 }
2077 }
2078 }
2079 /* else no CA names */
2080 p=(unsigned char *)&(buf->data[4+off]);
2081 s2n(nl,p);
2082
2083 d=(unsigned char *)buf->data;
2084 *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
2085 l2n3(n,d);
2086
2087 /* we should now have things packed up, so lets send
2088 * it off */
2089
2090 s->init_num=n+4;
2091 s->init_off=0;
2092#ifdef NETSCAPE_HANG_BUG
2093 p=(unsigned char *)s->init_buf->data + s->init_num;
2094
2095 /* do the header */
2096 *(p++)=SSL3_MT_SERVER_DONE;
2097 *(p++)=0;
2098 *(p++)=0;
2099 *(p++)=0;
2100 s->init_num += 4;
2101#endif
2102
2103 s->state = SSL3_ST_SW_CERT_REQ_B;
2104 }
2105
2106 /* SSL3_ST_SW_CERT_REQ_B */
2107 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2108err:
2109 return(-1);
2110 }
2111
2112int ssl3_get_client_key_exchange(SSL *s)
2113 {
2114 int i,al,ok;
2115 long n;
2116 unsigned long alg_k;
2117 unsigned char *p;
2118#ifndef OPENSSL_NO_RSA
2119 RSA *rsa=NULL;
2120 EVP_PKEY *pkey=NULL;
2121#endif
2122#ifndef OPENSSL_NO_DH
2123 BIGNUM *pub=NULL;
2124 DH *dh_srvr;
2125#endif
2126#ifndef OPENSSL_NO_KRB5
2127 KSSL_ERR kssl_err;
2128#endif /* OPENSSL_NO_KRB5 */
2129
2130#ifndef OPENSSL_NO_ECDH
2131 EC_KEY *srvr_ecdh = NULL;
2132 EVP_PKEY *clnt_pub_pkey = NULL;
2133 EC_POINT *clnt_ecpoint = NULL;
2134 BN_CTX *bn_ctx = NULL;
2135#endif
2136
2137 n=s->method->ssl_get_message(s,
2138 SSL3_ST_SR_KEY_EXCH_A,
2139 SSL3_ST_SR_KEY_EXCH_B,
2140 SSL3_MT_CLIENT_KEY_EXCHANGE,
2141 2048, /* ??? */
2142 &ok);
2143
2144 if (!ok) return((int)n);
2145 p=(unsigned char *)s->init_msg;
2146
2147 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2148
2149#ifndef OPENSSL_NO_RSA
2150 if (alg_k & SSL_kRSA)
2151 {
2152 /* FIX THIS UP EAY EAY EAY EAY */
2153 if (s->s3->tmp.use_rsa_tmp)
2154 {
2155 if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
2156 rsa=s->cert->rsa_tmp;
2157 /* Don't do a callback because rsa_tmp should
2158 * be sent already */
2159 if (rsa == NULL)
2160 {
2161 al=SSL_AD_HANDSHAKE_FAILURE;
2162 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
2163 goto f_err;
2164
2165 }
2166 }
2167 else
2168 {
2169 pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
2170 if ( (pkey == NULL) ||
2171 (pkey->type != EVP_PKEY_RSA) ||
2172 (pkey->pkey.rsa == NULL))
2173 {
2174 al=SSL_AD_HANDSHAKE_FAILURE;
2175 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
2176 goto f_err;
2177 }
2178 rsa=pkey->pkey.rsa;
2179 }
2180
2181 /* TLS and [incidentally] DTLS{0xFEFF} */
2182 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
2183 {
2184 n2s(p,i);
2185 if (n != i+2)
2186 {
2187 if (!(s->options & SSL_OP_TLS_D5_BUG))
2188 {
2189 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
2190 goto err;
2191 }
2192 else
2193 p-=2;
2194 }
2195 else
2196 n=i;
2197 }
2198
2199 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
2200
2201 al = -1;
2202
2203 if (i != SSL_MAX_MASTER_KEY_LENGTH)
2204 {
2205 al=SSL_AD_DECODE_ERROR;
2206 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
2207 }
2208
2209 if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
2210 {
2211 /* The premaster secret must contain the same version number as the
2212 * ClientHello to detect version rollback attacks (strangely, the
2213 * protocol does not offer such protection for DH ciphersuites).
2214 * However, buggy clients exist that send the negotiated protocol
2215 * version instead if the server does not support the requested
2216 * protocol version.
2217 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
2218 if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
2219 (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
2220 {
2221 al=SSL_AD_DECODE_ERROR;
2222 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
2223
2224 /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
2225 * (http://eprint.iacr.org/2003/052/) exploits the version
2226 * number check as a "bad version oracle" -- an alert would
2227 * reveal that the plaintext corresponding to some ciphertext
2228 * made up by the adversary is properly formatted except
2229 * that the version number is wrong. To avoid such attacks,
2230 * we should treat this just like any other decryption error. */
2231 }
2232 }
2233
2234 if (al != -1)
2235 {
2236 /* Some decryption failure -- use random value instead as countermeasure
2237 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
2238 * (see RFC 2246, section 7.4.7.1). */
2239 ERR_clear_error();
2240 i = SSL_MAX_MASTER_KEY_LENGTH;
2241 p[0] = s->client_version >> 8;
2242 p[1] = s->client_version & 0xff;
2243 if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
2244 goto err;
2245 }
2246
2247 s->session->master_key_length=
2248 s->method->ssl3_enc->generate_master_secret(s,
2249 s->session->master_key,
2250 p,i);
2251 OPENSSL_cleanse(p,i);
2252 }
2253 else
2254#endif
2255#ifndef OPENSSL_NO_DH
2256 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2257 {
2258 n2s(p,i);
2259 if (n != i+2)
2260 {
2261 if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
2262 {
2263 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
2264 goto err;
2265 }
2266 else
2267 {
2268 p-=2;
2269 i=(int)n;
2270 }
2271 }
2272
2273 if (n == 0L) /* the parameters are in the cert */
2274 {
2275 al=SSL_AD_HANDSHAKE_FAILURE;
2276 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
2277 goto f_err;
2278 }
2279 else
2280 {
2281 if (s->s3->tmp.dh == NULL)
2282 {
2283 al=SSL_AD_HANDSHAKE_FAILURE;
2284 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
2285 goto f_err;
2286 }
2287 else
2288 dh_srvr=s->s3->tmp.dh;
2289 }
2290
2291 pub=BN_bin2bn(p,i,NULL);
2292 if (pub == NULL)
2293 {
2294 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
2295 goto err;
2296 }
2297
2298 i=DH_compute_key(p,pub,dh_srvr);
2299
2300 if (i <= 0)
2301 {
2302 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
2303 BN_clear_free(pub);
2304 goto err;
2305 }
2306
2307 DH_free(s->s3->tmp.dh);
2308 s->s3->tmp.dh=NULL;
2309
2310 BN_clear_free(pub);
2311 pub=NULL;
2312 s->session->master_key_length=
2313 s->method->ssl3_enc->generate_master_secret(s,
2314 s->session->master_key,p,i);
2315 OPENSSL_cleanse(p,i);
2316 }
2317 else
2318#endif
2319#ifndef OPENSSL_NO_KRB5
2320 if (alg_k & SSL_kKRB5)
2321 {
2322 krb5_error_code krb5rc;
2323 krb5_data enc_ticket;
2324 krb5_data authenticator;
2325 krb5_data enc_pms;
2326 KSSL_CTX *kssl_ctx = s->kssl_ctx;
2327 EVP_CIPHER_CTX ciph_ctx;
2328 const EVP_CIPHER *enc = NULL;
2329 unsigned char iv[EVP_MAX_IV_LENGTH];
2330 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
2331 + EVP_MAX_BLOCK_LENGTH];
2332 int padl, outl;
2333 krb5_timestamp authtime = 0;
2334 krb5_ticket_times ttimes;
2335
2336 EVP_CIPHER_CTX_init(&ciph_ctx);
2337
2338 if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
2339
2340 n2s(p,i);
2341 enc_ticket.length = i;
2342
2343 if (n < (long)(enc_ticket.length + 6))
2344 {
2345 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2346 SSL_R_DATA_LENGTH_TOO_LONG);
2347 goto err;
2348 }
2349
2350 enc_ticket.data = (char *)p;
2351 p+=enc_ticket.length;
2352
2353 n2s(p,i);
2354 authenticator.length = i;
2355
2356 if (n < (long)(enc_ticket.length + authenticator.length + 6))
2357 {
2358 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2359 SSL_R_DATA_LENGTH_TOO_LONG);
2360 goto err;
2361 }
2362
2363 authenticator.data = (char *)p;
2364 p+=authenticator.length;
2365
2366 n2s(p,i);
2367 enc_pms.length = i;
2368 enc_pms.data = (char *)p;
2369 p+=enc_pms.length;
2370
2371 /* Note that the length is checked again below,
2372 ** after decryption
2373 */
2374 if(enc_pms.length > sizeof pms)
2375 {
2376 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2377 SSL_R_DATA_LENGTH_TOO_LONG);
2378 goto err;
2379 }
2380
2381 if (n != (long)(enc_ticket.length + authenticator.length +
2382 enc_pms.length + 6))
2383 {
2384 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2385 SSL_R_DATA_LENGTH_TOO_LONG);
2386 goto err;
2387 }
2388
2389 if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2390 &kssl_err)) != 0)
2391 {
2392#ifdef KSSL_DEBUG
2393 printf("kssl_sget_tkt rtn %d [%d]\n",
2394 krb5rc, kssl_err.reason);
2395 if (kssl_err.text)
2396 printf("kssl_err text= %s\n", kssl_err.text);
2397#endif /* KSSL_DEBUG */
2398 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2399 kssl_err.reason);
2400 goto err;
2401 }
2402
2403 /* Note: no authenticator is not considered an error,
2404 ** but will return authtime == 0.
2405 */
2406 if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
2407 &authtime, &kssl_err)) != 0)
2408 {
2409#ifdef KSSL_DEBUG
2410 printf("kssl_check_authent rtn %d [%d]\n",
2411 krb5rc, kssl_err.reason);
2412 if (kssl_err.text)
2413 printf("kssl_err text= %s\n", kssl_err.text);
2414#endif /* KSSL_DEBUG */
2415 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2416 kssl_err.reason);
2417 goto err;
2418 }
2419
2420 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
2421 {
2422 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
2423 goto err;
2424 }
2425
2426#ifdef KSSL_DEBUG
2427 kssl_ctx_show(kssl_ctx);
2428#endif /* KSSL_DEBUG */
2429
2430 enc = kssl_map_enc(kssl_ctx->enctype);
2431 if (enc == NULL)
2432 goto err;
2433
2434 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2435
2436 if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
2437 {
2438 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2439 SSL_R_DECRYPTION_FAILED);
2440 goto err;
2441 }
2442 if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
2443 (unsigned char *)enc_pms.data, enc_pms.length))
2444 {
2445 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2446 SSL_R_DECRYPTION_FAILED);
2447 goto err;
2448 }
2449 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2450 {
2451 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2452 SSL_R_DATA_LENGTH_TOO_LONG);
2453 goto err;
2454 }
2455 if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
2456 {
2457 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2458 SSL_R_DECRYPTION_FAILED);
2459 goto err;
2460 }
2461 outl += padl;
2462 if (outl > SSL_MAX_MASTER_KEY_LENGTH)
2463 {
2464 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2465 SSL_R_DATA_LENGTH_TOO_LONG);
2466 goto err;
2467 }
2468 if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
2469 {
2470 /* The premaster secret must contain the same version number as the
2471 * ClientHello to detect version rollback attacks (strangely, the
2472 * protocol does not offer such protection for DH ciphersuites).
2473 * However, buggy clients exist that send random bytes instead of
2474 * the protocol version.
2475 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
2476 * (Perhaps we should have a separate BUG value for the Kerberos cipher)
2477 */
2478 if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
2479 {
2480 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2481 SSL_AD_DECODE_ERROR);
2482 goto err;
2483 }
2484 }
2485
2486 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2487
2488 s->session->master_key_length=
2489 s->method->ssl3_enc->generate_master_secret(s,
2490 s->session->master_key, pms, outl);
2491
2492 if (kssl_ctx->client_princ)
2493 {
2494 size_t len = strlen(kssl_ctx->client_princ);
2495 if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
2496 {
2497 s->session->krb5_client_princ_len = len;
2498 memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
2499 }
2500 }
2501
2502
2503 /* Was doing kssl_ctx_free() here,
2504 ** but it caused problems for apache.
2505 ** kssl_ctx = kssl_ctx_free(kssl_ctx);
2506 ** if (s->kssl_ctx) s->kssl_ctx = NULL;
2507 */
2508 }
2509 else
2510#endif /* OPENSSL_NO_KRB5 */
2511
2512#ifndef OPENSSL_NO_ECDH
2513 if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2514 {
2515 int ret = 1;
2516 int field_size = 0;
2517 const EC_KEY *tkey;
2518 const EC_GROUP *group;
2519 const BIGNUM *priv_key;
2520
2521 /* initialize structures for server's ECDH key pair */
2522 if ((srvr_ecdh = EC_KEY_new()) == NULL)
2523 {
2524 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2525 ERR_R_MALLOC_FAILURE);
2526 goto err;
2527 }
2528
2529 /* Let's get server private key and group information */
2530 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2531 {
2532 /* use the certificate */
2533 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
2534 }
2535 else
2536 {
2537 /* use the ephermeral values we saved when
2538 * generating the ServerKeyExchange msg.
2539 */
2540 tkey = s->s3->tmp.ecdh;
2541 }
2542
2543 group = EC_KEY_get0_group(tkey);
2544 priv_key = EC_KEY_get0_private_key(tkey);
2545
2546 if (!EC_KEY_set_group(srvr_ecdh, group) ||
2547 !EC_KEY_set_private_key(srvr_ecdh, priv_key))
2548 {
2549 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2550 ERR_R_EC_LIB);
2551 goto err;
2552 }
2553
2554 /* Let's get client's public key */
2555 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
2556 {
2557 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2558 ERR_R_MALLOC_FAILURE);
2559 goto err;
2560 }
2561
2562 if (n == 0L)
2563 {
2564 /* Client Publickey was in Client Certificate */
2565
2566 if (alg_k & SSL_kEECDH)
2567 {
2568 al=SSL_AD_HANDSHAKE_FAILURE;
2569 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
2570 goto f_err;
2571 }
2572 if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
2573 == NULL) ||
2574 (clnt_pub_pkey->type != EVP_PKEY_EC))
2575 {
2576 /* XXX: For now, we do not support client
2577 * authentication using ECDH certificates
2578 * so this branch (n == 0L) of the code is
2579 * never executed. When that support is
2580 * added, we ought to ensure the key
2581 * received in the certificate is
2582 * authorized for key agreement.
2583 * ECDH_compute_key implicitly checks that
2584 * the two ECDH shares are for the same
2585 * group.
2586 */
2587 al=SSL_AD_HANDSHAKE_FAILURE;
2588 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2589 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
2590 goto f_err;
2591 }
2592
2593 if (EC_POINT_copy(clnt_ecpoint,
2594 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
2595 {
2596 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2597 ERR_R_EC_LIB);
2598 goto err;
2599 }
2600 ret = 2; /* Skip certificate verify processing */
2601 }
2602 else
2603 {
2604 /* Get client's public key from encoded point
2605 * in the ClientKeyExchange message.
2606 */
2607 if ((bn_ctx = BN_CTX_new()) == NULL)
2608 {
2609 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2610 ERR_R_MALLOC_FAILURE);
2611 goto err;
2612 }
2613
2614 /* Get encoded point length */
2615 i = *p;
2616 p += 1;
2617 if (n != 1 + i)
2618 {
2619 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2620 ERR_R_EC_LIB);
2621 goto err;
2622 }
2623 if (EC_POINT_oct2point(group,
2624 clnt_ecpoint, p, i, bn_ctx) == 0)
2625 {
2626 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2627 ERR_R_EC_LIB);
2628 goto err;
2629 }
2630 /* p is pointing to somewhere in the buffer
2631 * currently, so set it to the start
2632 */
2633 p=(unsigned char *)s->init_buf->data;
2634 }
2635
2636 /* Compute the shared pre-master secret */
2637 field_size = EC_GROUP_get_degree(group);
2638 if (field_size <= 0)
2639 {
2640 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2641 ERR_R_ECDH_LIB);
2642 goto err;
2643 }
2644 i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
2645 if (i <= 0)
2646 {
2647 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2648 ERR_R_ECDH_LIB);
2649 goto err;
2650 }
2651
2652 EVP_PKEY_free(clnt_pub_pkey);
2653 EC_POINT_free(clnt_ecpoint);
2654 EC_KEY_free(srvr_ecdh);
2655 BN_CTX_free(bn_ctx);
2656 EC_KEY_free(s->s3->tmp.ecdh);
2657 s->s3->tmp.ecdh = NULL;
2658
2659 /* Compute the master secret */
2660 s->session->master_key_length = s->method->ssl3_enc-> \
2661 generate_master_secret(s, s->session->master_key, p, i);
2662
2663 OPENSSL_cleanse(p, i);
2664 return (ret);
2665 }
2666 else
2667#endif
2668#ifndef OPENSSL_NO_PSK
2669 if (alg_k & SSL_kPSK)
2670 {
2671 unsigned char *t = NULL;
2672 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2673 unsigned int pre_ms_len = 0, psk_len = 0;
2674 int psk_err = 1;
2675 char tmp_id[PSK_MAX_IDENTITY_LEN+1];
2676
2677 al=SSL_AD_HANDSHAKE_FAILURE;
2678
2679 n2s(p,i);
2680 if (n != i+2)
2681 {
2682 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2683 SSL_R_LENGTH_MISMATCH);
2684 goto psk_err;
2685 }
2686 if (i > PSK_MAX_IDENTITY_LEN)
2687 {
2688 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2689 SSL_R_DATA_LENGTH_TOO_LONG);
2690 goto psk_err;
2691 }
2692 if (s->psk_server_callback == NULL)
2693 {
2694 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2695 SSL_R_PSK_NO_SERVER_CB);
2696 goto psk_err;
2697 }
2698
2699 /* Create guaranteed NULL-terminated identity
2700 * string for the callback */
2701 memcpy(tmp_id, p, i);
2702 memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
2703 psk_len = s->psk_server_callback(s, tmp_id,
2704 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2705 OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
2706
2707 if (psk_len > PSK_MAX_PSK_LEN)
2708 {
2709 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2710 ERR_R_INTERNAL_ERROR);
2711 goto psk_err;
2712 }
2713 else if (psk_len == 0)
2714 {
2715 /* PSK related to the given identity not found */
2716 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2717 SSL_R_PSK_IDENTITY_NOT_FOUND);
2718 al=SSL_AD_UNKNOWN_PSK_IDENTITY;
2719 goto psk_err;
2720 }
2721
2722 /* create PSK pre_master_secret */
2723 pre_ms_len=2+psk_len+2+psk_len;
2724 t = psk_or_pre_ms;
2725 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2726 s2n(psk_len, t);
2727 memset(t, 0, psk_len);
2728 t+=psk_len;
2729 s2n(psk_len, t);
2730
2731 if (s->session->psk_identity != NULL)
2732 OPENSSL_free(s->session->psk_identity);
2733 s->session->psk_identity = BUF_strdup((char *)p);
2734 if (s->session->psk_identity == NULL)
2735 {
2736 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2737 ERR_R_MALLOC_FAILURE);
2738 goto psk_err;
2739 }
2740
2741 if (s->session->psk_identity_hint != NULL)
2742 OPENSSL_free(s->session->psk_identity_hint);
2743 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2744 if (s->ctx->psk_identity_hint != NULL &&
2745 s->session->psk_identity_hint == NULL)
2746 {
2747 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2748 ERR_R_MALLOC_FAILURE);
2749 goto psk_err;
2750 }
2751
2752 s->session->master_key_length=
2753 s->method->ssl3_enc->generate_master_secret(s,
2754 s->session->master_key, psk_or_pre_ms, pre_ms_len);
2755 psk_err = 0;
2756 psk_err:
2757 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2758 if (psk_err != 0)
2759 goto f_err;
2760 }
2761 else
2762#endif
2763#ifndef OPENSSL_NO_SRP
2764 if (alg_k & SSL_kSRP)
2765 {
2766 int param_len;
2767
2768 n2s(p,i);
2769 param_len=i+2;
2770 if (param_len > n)
2771 {
2772 al=SSL_AD_DECODE_ERROR;
2773 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_A_LENGTH);
2774 goto f_err;
2775 }
2776 if (!(s->srp_ctx.A=BN_bin2bn(p,i,NULL)))
2777 {
2778 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
2779 goto err;
2780 }
2781 if (s->session->srp_username != NULL)
2782 OPENSSL_free(s->session->srp_username);
2783 s->session->srp_username = BUF_strdup(s->srp_ctx.login);
2784 if (s->session->srp_username == NULL)
2785 {
2786 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2787 ERR_R_MALLOC_FAILURE);
2788 goto err;
2789 }
2790
2791 if ((s->session->master_key_length = SRP_generate_server_master_secret(s,s->session->master_key))<0)
2792 {
2793 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
2794 goto err;
2795 }
2796
2797 p+=i;
2798 }
2799 else
2800#endif /* OPENSSL_NO_SRP */
2801 if (alg_k & SSL_kGOST)
2802 {
2803 int ret = 0;
2804 EVP_PKEY_CTX *pkey_ctx;
2805 EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
2806 unsigned char premaster_secret[32], *start;
2807 size_t outlen=32, inlen;
2808 unsigned long alg_a;
2809
2810 /* Get our certificate private key*/
2811 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2812 if (alg_a & SSL_aGOST94)
2813 pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
2814 else if (alg_a & SSL_aGOST01)
2815 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
2816
2817 pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
2818 EVP_PKEY_decrypt_init(pkey_ctx);
2819 /* If client certificate is present and is of the same type, maybe
2820 * use it for key exchange. Don't mind errors from
2821 * EVP_PKEY_derive_set_peer, because it is completely valid to use
2822 * a client certificate for authorization only. */
2823 client_pub_pkey = X509_get_pubkey(s->session->peer);
2824 if (client_pub_pkey)
2825 {
2826 if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
2827 ERR_clear_error();
2828 }
2829 /* Decrypt session key */
2830 if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)))
2831 {
2832 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2833 goto gerr;
2834 }
2835 if (p[1] == 0x81)
2836 {
2837 start = p+3;
2838 inlen = p[2];
2839 }
2840 else if (p[1] < 0x80)
2841 {
2842 start = p+2;
2843 inlen = p[1];
2844 }
2845 else
2846 {
2847 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2848 goto gerr;
2849 }
2850 if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0)
2851
2852 {
2853 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2854 goto gerr;
2855 }
2856 /* Generate master secret */
2857 s->session->master_key_length=
2858 s->method->ssl3_enc->generate_master_secret(s,
2859 s->session->master_key,premaster_secret,32);
2860 /* Check if pubkey from client certificate was used */
2861 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2862 ret = 2;
2863 else
2864 ret = 1;
2865 gerr:
2866 EVP_PKEY_free(client_pub_pkey);
2867 EVP_PKEY_CTX_free(pkey_ctx);
2868 if (ret)
2869 return ret;
2870 else
2871 goto err;
2872 }
2873 else
2874 {
2875 al=SSL_AD_HANDSHAKE_FAILURE;
2876 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2877 SSL_R_UNKNOWN_CIPHER_TYPE);
2878 goto f_err;
2879 }
2880
2881 return(1);
2882f_err:
2883 ssl3_send_alert(s,SSL3_AL_FATAL,al);
2884#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
2885err:
2886#endif
2887#ifndef OPENSSL_NO_ECDH
2888 EVP_PKEY_free(clnt_pub_pkey);
2889 EC_POINT_free(clnt_ecpoint);
2890 if (srvr_ecdh != NULL)
2891 EC_KEY_free(srvr_ecdh);
2892 BN_CTX_free(bn_ctx);
2893#endif
2894 return(-1);
2895 }
2896
2897int ssl3_get_cert_verify(SSL *s)
2898 {
2899 EVP_PKEY *pkey=NULL;
2900 unsigned char *p;
2901 int al,ok,ret=0;
2902 long n;
2903 int type=0,i,j;
2904 X509 *peer;
2905 const EVP_MD *md = NULL;
2906 EVP_MD_CTX mctx;
2907 EVP_MD_CTX_init(&mctx);
2908
2909 n=s->method->ssl_get_message(s,
2910 SSL3_ST_SR_CERT_VRFY_A,
2911 SSL3_ST_SR_CERT_VRFY_B,
2912 -1,
2913 516, /* Enough for 4096 bit RSA key with TLS v1.2 */
2914 &ok);
2915
2916 if (!ok) return((int)n);
2917
2918 if (s->session->peer != NULL)
2919 {
2920 peer=s->session->peer;
2921 pkey=X509_get_pubkey(peer);
2922 type=X509_certificate_type(peer,pkey);
2923 }
2924 else
2925 {
2926 peer=NULL;
2927 pkey=NULL;
2928 }
2929
2930 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
2931 {
2932 s->s3->tmp.reuse_message=1;
2933 if ((peer != NULL) && (type & EVP_PKT_SIGN))
2934 {
2935 al=SSL_AD_UNEXPECTED_MESSAGE;
2936 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
2937 goto f_err;
2938 }
2939 ret=1;
2940 goto end;
2941 }
2942
2943 if (peer == NULL)
2944 {
2945 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
2946 al=SSL_AD_UNEXPECTED_MESSAGE;
2947 goto f_err;
2948 }
2949
2950 if (!(type & EVP_PKT_SIGN))
2951 {
2952 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2953 al=SSL_AD_ILLEGAL_PARAMETER;
2954 goto f_err;
2955 }
2956
2957 if (s->s3->change_cipher_spec)
2958 {
2959 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
2960 al=SSL_AD_UNEXPECTED_MESSAGE;
2961 goto f_err;
2962 }
2963
2964 /* we now have a signature that we need to verify */
2965 p=(unsigned char *)s->init_msg;
2966 /* Check for broken implementations of GOST ciphersuites */
2967 /* If key is GOST and n is exactly 64, it is bare
2968 * signature without length field */
2969 if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
2970 pkey->type == NID_id_GostR3410_2001) )
2971 {
2972 i=64;
2973 }
2974 else
2975 {
2976 if (TLS1_get_version(s) >= TLS1_2_VERSION)
2977 {
2978 int sigalg = tls12_get_sigid(pkey);
2979 /* Should never happen */
2980 if (sigalg == -1)
2981 {
2982 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
2983 al=SSL_AD_INTERNAL_ERROR;
2984 goto f_err;
2985 }
2986 /* Check key type is consistent with signature */
2987 if (sigalg != (int)p[1])
2988 {
2989 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE);
2990 al=SSL_AD_DECODE_ERROR;
2991 goto f_err;
2992 }
2993 md = tls12_get_hash(p[0]);
2994 if (md == NULL)
2995 {
2996 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST);
2997 al=SSL_AD_DECODE_ERROR;
2998 goto f_err;
2999 }
3000#ifdef SSL_DEBUG
3001fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
3002#endif
3003 p += 2;
3004 n -= 2;
3005 }
3006 n2s(p,i);
3007 n-=2;
3008 if (i > n)
3009 {
3010 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
3011 al=SSL_AD_DECODE_ERROR;
3012 goto f_err;
3013 }
3014 }
3015 j=EVP_PKEY_size(pkey);
3016 if ((i > j) || (n > j) || (n <= 0))
3017 {
3018 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
3019 al=SSL_AD_DECODE_ERROR;
3020 goto f_err;
3021 }
3022
3023 if (TLS1_get_version(s) >= TLS1_2_VERSION)
3024 {
3025 long hdatalen = 0;
3026 void *hdata;
3027 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
3028 if (hdatalen <= 0)
3029 {
3030 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
3031 al=SSL_AD_INTERNAL_ERROR;
3032 goto f_err;
3033 }
3034#ifdef SSL_DEBUG
3035 fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
3036 EVP_MD_name(md));
3037#endif
3038 if (!EVP_VerifyInit_ex(&mctx, md, NULL)
3039 || !EVP_VerifyUpdate(&mctx, hdata, hdatalen))
3040 {
3041 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
3042 al=SSL_AD_INTERNAL_ERROR;
3043 goto f_err;
3044 }
3045
3046 if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0)
3047 {
3048 al=SSL_AD_DECRYPT_ERROR;
3049 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_SIGNATURE);
3050 goto f_err;
3051 }
3052 }
3053 else
3054#ifndef OPENSSL_NO_RSA
3055 if (pkey->type == EVP_PKEY_RSA)
3056 {
3057 i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
3058 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
3059 pkey->pkey.rsa);
3060 if (i < 0)
3061 {
3062 al=SSL_AD_DECRYPT_ERROR;
3063 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
3064 goto f_err;
3065 }
3066 if (i == 0)
3067 {
3068 al=SSL_AD_DECRYPT_ERROR;
3069 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
3070 goto f_err;
3071 }
3072 }
3073 else
3074#endif
3075#ifndef OPENSSL_NO_DSA
3076 if (pkey->type == EVP_PKEY_DSA)
3077 {
3078 j=DSA_verify(pkey->save_type,
3079 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
3080 SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
3081 if (j <= 0)
3082 {
3083 /* bad signature */
3084 al=SSL_AD_DECRYPT_ERROR;
3085 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
3086 goto f_err;
3087 }
3088 }
3089 else
3090#endif
3091#ifndef OPENSSL_NO_ECDSA
3092 if (pkey->type == EVP_PKEY_EC)
3093 {
3094 j=ECDSA_verify(pkey->save_type,
3095 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
3096 SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
3097 if (j <= 0)
3098 {
3099 /* bad signature */
3100 al=SSL_AD_DECRYPT_ERROR;
3101 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
3102 SSL_R_BAD_ECDSA_SIGNATURE);
3103 goto f_err;
3104 }
3105 }
3106 else
3107#endif
3108 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
3109 { unsigned char signature[64];
3110 int idx;
3111 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
3112 EVP_PKEY_verify_init(pctx);
3113 if (i!=64) {
3114 fprintf(stderr,"GOST signature length is %d",i);
3115 }
3116 for (idx=0;idx<64;idx++) {
3117 signature[63-idx]=p[idx];
3118 }
3119 j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
3120 EVP_PKEY_CTX_free(pctx);
3121 if (j<=0)
3122 {
3123 al=SSL_AD_DECRYPT_ERROR;
3124 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
3125 SSL_R_BAD_ECDSA_SIGNATURE);
3126 goto f_err;
3127 }
3128 }
3129 else
3130 {
3131 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
3132 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
3133 goto f_err;
3134 }
3135
3136
3137 ret=1;
3138 if (0)
3139 {
3140f_err:
3141 ssl3_send_alert(s,SSL3_AL_FATAL,al);
3142 }
3143end:
3144 if (s->s3->handshake_buffer)
3145 {
3146 BIO_free(s->s3->handshake_buffer);
3147 s->s3->handshake_buffer = NULL;
3148 s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
3149 }
3150 EVP_MD_CTX_cleanup(&mctx);
3151 EVP_PKEY_free(pkey);
3152 return(ret);
3153 }
3154
3155int ssl3_get_client_certificate(SSL *s)
3156 {
3157 int i,ok,al,ret= -1;
3158 X509 *x=NULL;
3159 unsigned long l,nc,llen,n;
3160 const unsigned char *p,*q;
3161 unsigned char *d;
3162 STACK_OF(X509) *sk=NULL;
3163
3164 n=s->method->ssl_get_message(s,
3165 SSL3_ST_SR_CERT_A,
3166 SSL3_ST_SR_CERT_B,
3167 -1,
3168 s->max_cert_list,
3169 &ok);
3170
3171 if (!ok) return((int)n);
3172
3173 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
3174 {
3175 if ( (s->verify_mode & SSL_VERIFY_PEER) &&
3176 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
3177 {
3178 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
3179 al=SSL_AD_HANDSHAKE_FAILURE;
3180 goto f_err;
3181 }
3182 /* If tls asked for a client cert, the client must return a 0 list */
3183 if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
3184 {
3185 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
3186 al=SSL_AD_UNEXPECTED_MESSAGE;
3187 goto f_err;
3188 }
3189 s->s3->tmp.reuse_message=1;
3190 return(1);
3191 }
3192
3193 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
3194 {
3195 al=SSL_AD_UNEXPECTED_MESSAGE;
3196 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
3197 goto f_err;
3198 }
3199 p=d=(unsigned char *)s->init_msg;
3200
3201 if ((sk=sk_X509_new_null()) == NULL)
3202 {
3203 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
3204 goto err;
3205 }
3206
3207 n2l3(p,llen);
3208 if (llen+3 != n)
3209 {
3210 al=SSL_AD_DECODE_ERROR;
3211 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
3212 goto f_err;
3213 }
3214 for (nc=0; nc<llen; )
3215 {
3216 n2l3(p,l);
3217 if ((l+nc+3) > llen)
3218 {
3219 al=SSL_AD_DECODE_ERROR;
3220 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
3221 goto f_err;
3222 }
3223
3224 q=p;
3225 x=d2i_X509(NULL,&p,l);
3226 if (x == NULL)
3227 {
3228 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
3229 goto err;
3230 }
3231 if (p != (q+l))
3232 {
3233 al=SSL_AD_DECODE_ERROR;
3234 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
3235 goto f_err;
3236 }
3237 if (!sk_X509_push(sk,x))
3238 {
3239 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
3240 goto err;
3241 }
3242 x=NULL;
3243 nc+=l+3;
3244 }
3245
3246 if (sk_X509_num(sk) <= 0)
3247 {
3248 /* TLS does not mind 0 certs returned */
3249 if (s->version == SSL3_VERSION)
3250 {
3251 al=SSL_AD_HANDSHAKE_FAILURE;
3252 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
3253 goto f_err;
3254 }
3255 /* Fail for TLS only if we required a certificate */
3256 else if ((s->verify_mode & SSL_VERIFY_PEER) &&
3257 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
3258 {
3259 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
3260 al=SSL_AD_HANDSHAKE_FAILURE;
3261 goto f_err;
3262 }
3263 /* No client certificate so digest cached records */
3264 if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s))
3265 {
3266 al=SSL_AD_INTERNAL_ERROR;
3267 goto f_err;
3268 }
3269 }
3270 else
3271 {
3272 i=ssl_verify_cert_chain(s,sk);
3273 if (i <= 0)
3274 {
3275 al=ssl_verify_alarm_type(s->verify_result);
3276 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
3277 goto f_err;
3278 }
3279 }
3280
3281 if (s->session->peer != NULL) /* This should not be needed */
3282 X509_free(s->session->peer);
3283 s->session->peer=sk_X509_shift(sk);
3284 s->session->verify_result = s->verify_result;
3285
3286 /* With the current implementation, sess_cert will always be NULL
3287 * when we arrive here. */
3288 if (s->session->sess_cert == NULL)
3289 {
3290 s->session->sess_cert = ssl_sess_cert_new();
3291 if (s->session->sess_cert == NULL)
3292 {
3293 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
3294 goto err;
3295 }
3296 }
3297 if (s->session->sess_cert->cert_chain != NULL)
3298 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
3299 s->session->sess_cert->cert_chain=sk;
3300 /* Inconsistency alert: cert_chain does *not* include the
3301 * peer's own certificate, while we do include it in s3_clnt.c */
3302
3303 sk=NULL;
3304
3305 ret=1;
3306 if (0)
3307 {
3308f_err:
3309 ssl3_send_alert(s,SSL3_AL_FATAL,al);
3310 }
3311err:
3312 if (x != NULL) X509_free(x);
3313 if (sk != NULL) sk_X509_pop_free(sk,X509_free);
3314 return(ret);
3315 }
3316
3317int ssl3_send_server_certificate(SSL *s)
3318 {
3319 unsigned long l;
3320 X509 *x;
3321
3322 if (s->state == SSL3_ST_SW_CERT_A)
3323 {
3324 x=ssl_get_server_send_cert(s);
3325 if (x == NULL)
3326 {
3327 /* VRS: allow null cert if auth == KRB5 */
3328 if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
3329 (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
3330 {
3331 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
3332 return(0);
3333 }
3334 }
3335
3336 l=ssl3_output_cert_chain(s,x);
3337 s->state=SSL3_ST_SW_CERT_B;
3338 s->init_num=(int)l;
3339 s->init_off=0;
3340 }
3341
3342 /* SSL3_ST_SW_CERT_B */
3343 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3344 }
3345
3346#ifndef OPENSSL_NO_TLSEXT
3347/* send a new session ticket (not necessarily for a new session) */
3348int ssl3_send_newsession_ticket(SSL *s)
3349 {
3350 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
3351 {
3352 unsigned char *p, *senc, *macstart;
3353 const unsigned char *const_p;
3354 int len, slen_full, slen;
3355 SSL_SESSION *sess;
3356 unsigned int hlen;
3357 EVP_CIPHER_CTX ctx;
3358 HMAC_CTX hctx;
3359 SSL_CTX *tctx = s->initial_ctx;
3360 unsigned char iv[EVP_MAX_IV_LENGTH];
3361 unsigned char key_name[16];
3362
3363 /* get session encoding length */
3364 slen_full = i2d_SSL_SESSION(s->session, NULL);
3365 /* Some length values are 16 bits, so forget it if session is
3366 * too long
3367 */
3368 if (slen_full > 0xFF00)
3369 return -1;
3370 senc = OPENSSL_malloc(slen_full);
3371 if (!senc)
3372 return -1;
3373 p = senc;
3374 i2d_SSL_SESSION(s->session, &p);
3375
3376 /* create a fresh copy (not shared with other threads) to clean up */
3377 const_p = senc;
3378 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
3379 if (sess == NULL)
3380 {
3381 OPENSSL_free(senc);
3382 return -1;
3383 }
3384 sess->session_id_length = 0; /* ID is irrelevant for the ticket */
3385
3386 slen = i2d_SSL_SESSION(sess, NULL);
3387 if (slen > slen_full) /* shouldn't ever happen */
3388 {
3389 OPENSSL_free(senc);
3390 return -1;
3391 }
3392 p = senc;
3393 i2d_SSL_SESSION(sess, &p);
3394 SSL_SESSION_free(sess);
3395
3396 /* Grow buffer if need be: the length calculation is as
3397 * follows 1 (size of message name) + 3 (message length
3398 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
3399 * 16 (key name) + max_iv_len (iv length) +
3400 * session_length + max_enc_block_size (max encrypted session
3401 * length) + max_md_size (HMAC).
3402 */
3403 if (!BUF_MEM_grow(s->init_buf,
3404 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
3405 EVP_MAX_MD_SIZE + slen))
3406 return -1;
3407
3408 p=(unsigned char *)s->init_buf->data;
3409 /* do the header */
3410 *(p++)=SSL3_MT_NEWSESSION_TICKET;
3411 /* Skip message length for now */
3412 p += 3;
3413 EVP_CIPHER_CTX_init(&ctx);
3414 HMAC_CTX_init(&hctx);
3415 /* Initialize HMAC and cipher contexts. If callback present
3416 * it does all the work otherwise use generated values
3417 * from parent ctx.
3418 */
3419 if (tctx->tlsext_ticket_key_cb)
3420 {
3421 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
3422 &hctx, 1) < 0)
3423 {
3424 OPENSSL_free(senc);
3425 return -1;
3426 }
3427 }
3428 else
3429 {
3430 RAND_pseudo_bytes(iv, 16);
3431 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
3432 tctx->tlsext_tick_aes_key, iv);
3433 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
3434 tlsext_tick_md(), NULL);
3435 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
3436 }
3437
3438 /* Ticket lifetime hint (advisory only):
3439 * We leave this unspecified for resumed session (for simplicity),
3440 * and guess that tickets for new sessions will live as long
3441 * as their sessions. */
3442 l2n(s->hit ? 0 : s->session->timeout, p);
3443
3444 /* Skip ticket length for now */
3445 p += 2;
3446 /* Output key name */
3447 macstart = p;
3448 memcpy(p, key_name, 16);
3449 p += 16;
3450 /* output IV */
3451 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
3452 p += EVP_CIPHER_CTX_iv_length(&ctx);
3453 /* Encrypt session data */
3454 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
3455 p += len;
3456 EVP_EncryptFinal(&ctx, p, &len);
3457 p += len;
3458 EVP_CIPHER_CTX_cleanup(&ctx);
3459
3460 HMAC_Update(&hctx, macstart, p - macstart);
3461 HMAC_Final(&hctx, p, &hlen);
3462 HMAC_CTX_cleanup(&hctx);
3463
3464 p += hlen;
3465 /* Now write out lengths: p points to end of data written */
3466 /* Total length */
3467 len = p - (unsigned char *)s->init_buf->data;
3468 p=(unsigned char *)s->init_buf->data + 1;
3469 l2n3(len - 4, p); /* Message length */
3470 p += 4;
3471 s2n(len - 10, p); /* Ticket length */
3472
3473 /* number of bytes to write */
3474 s->init_num= len;
3475 s->state=SSL3_ST_SW_SESSION_TICKET_B;
3476 s->init_off=0;
3477 OPENSSL_free(senc);
3478 }
3479
3480 /* SSL3_ST_SW_SESSION_TICKET_B */
3481 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3482 }
3483
3484int ssl3_send_cert_status(SSL *s)
3485 {
3486 if (s->state == SSL3_ST_SW_CERT_STATUS_A)
3487 {
3488 unsigned char *p;
3489 /* Grow buffer if need be: the length calculation is as
3490 * follows 1 (message type) + 3 (message length) +
3491 * 1 (ocsp response type) + 3 (ocsp response length)
3492 * + (ocsp response)
3493 */
3494 if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
3495 return -1;
3496
3497 p=(unsigned char *)s->init_buf->data;
3498
3499 /* do the header */
3500 *(p++)=SSL3_MT_CERTIFICATE_STATUS;
3501 /* message length */
3502 l2n3(s->tlsext_ocsp_resplen + 4, p);
3503 /* status type */
3504 *(p++)= s->tlsext_status_type;
3505 /* length of OCSP response */
3506 l2n3(s->tlsext_ocsp_resplen, p);
3507 /* actual response */
3508 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
3509 /* number of bytes to write */
3510 s->init_num = 8 + s->tlsext_ocsp_resplen;
3511 s->state=SSL3_ST_SW_CERT_STATUS_B;
3512 s->init_off = 0;
3513 }
3514
3515 /* SSL3_ST_SW_CERT_STATUS_B */
3516 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
3517 }
3518
3519# ifndef OPENSSL_NO_NEXTPROTONEG
3520/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
3521 * sets the next_proto member in s if found */
3522int ssl3_get_next_proto(SSL *s)
3523 {
3524 int ok;
3525 int proto_len, padding_len;
3526 long n;
3527 const unsigned char *p;
3528
3529 /* Clients cannot send a NextProtocol message if we didn't see the
3530 * extension in their ClientHello */
3531 if (!s->s3->next_proto_neg_seen)
3532 {
3533 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
3534 return -1;
3535 }
3536
3537 n=s->method->ssl_get_message(s,
3538 SSL3_ST_SR_NEXT_PROTO_A,
3539 SSL3_ST_SR_NEXT_PROTO_B,
3540 SSL3_MT_NEXT_PROTO,
3541 514, /* See the payload format below */
3542 &ok);
3543
3544 if (!ok)
3545 return((int)n);
3546
3547 /* s->state doesn't reflect whether ChangeCipherSpec has been received
3548 * in this handshake, but s->s3->change_cipher_spec does (will be reset
3549 * by ssl3_get_finished). */
3550 if (!s->s3->change_cipher_spec)
3551 {
3552 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
3553 return -1;
3554 }
3555
3556 if (n < 2)
3557 return 0; /* The body must be > 1 bytes long */
3558
3559 p=(unsigned char *)s->init_msg;
3560
3561 /* The payload looks like:
3562 * uint8 proto_len;
3563 * uint8 proto[proto_len];
3564 * uint8 padding_len;
3565 * uint8 padding[padding_len];
3566 */
3567 proto_len = p[0];
3568 if (proto_len + 2 > s->init_num)
3569 return 0;
3570 padding_len = p[proto_len + 1];
3571 if (proto_len + padding_len + 2 != s->init_num)
3572 return 0;
3573
3574 s->next_proto_negotiated = OPENSSL_malloc(proto_len);
3575 if (!s->next_proto_negotiated)
3576 {
3577 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);
3578 return 0;
3579 }
3580 memcpy(s->next_proto_negotiated, p + 1, proto_len);
3581 s->next_proto_negotiated_len = proto_len;
3582
3583 return 1;
3584 }
3585# endif
3586#endif
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index a5757c1bcc..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,2 +0,0 @@
1major=20
2minor=0
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h
deleted file mode 100644
index c0cf33ef28..0000000000
--- a/src/lib/libssl/srtp.h
+++ /dev/null
@@ -1,145 +0,0 @@
1/* ssl/tls1.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/*
112 DTLS code by Eric Rescorla <ekr@rtfm.com>
113
114 Copyright (C) 2006, Network Resonance, Inc.
115 Copyright (C) 2011, RTFM, Inc.
116*/
117
118#ifndef HEADER_D1_SRTP_H
119#define HEADER_D1_SRTP_H
120
121#ifdef __cplusplus
122extern "C" {
123#endif
124
125
126#define SRTP_AES128_CM_SHA1_80 0x0001
127#define SRTP_AES128_CM_SHA1_32 0x0002
128#define SRTP_AES128_F8_SHA1_80 0x0003
129#define SRTP_AES128_F8_SHA1_32 0x0004
130#define SRTP_NULL_SHA1_80 0x0005
131#define SRTP_NULL_SHA1_32 0x0006
132
133int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
134int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
135SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
136
137STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
138SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
139
140#ifdef __cplusplus
141}
142#endif
143
144#endif
145
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index 8b0c2a2dac..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,2573 +0,0 @@
1/* ssl/ssl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_H
144#define HEADER_SSL_H
145
146#include <openssl/e_os2.h>
147
148#ifndef OPENSSL_NO_COMP
149#include <openssl/comp.h>
150#endif
151#ifndef OPENSSL_NO_BIO
152#include <openssl/bio.h>
153#endif
154#ifndef OPENSSL_NO_DEPRECATED
155#ifndef OPENSSL_NO_X509
156#include <openssl/x509.h>
157#endif
158#include <openssl/crypto.h>
159#include <openssl/lhash.h>
160#include <openssl/buffer.h>
161#endif
162#include <openssl/pem.h>
163#include <openssl/hmac.h>
164
165#include <openssl/kssl.h>
166#include <openssl/safestack.h>
167#include <openssl/symhacks.h>
168
169#ifdef __cplusplus
170extern "C" {
171#endif
172
173/* SSLeay version number for ASN.1 encoding of the session information */
174/* Version 0 - initial version
175 * Version 1 - added the optional peer certificate
176 */
177#define SSL_SESSION_ASN1_VERSION 0x0001
178
179/* text strings for the ciphers */
180#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
181#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
182#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
183#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
184#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
185#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
186#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
187#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
188#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
189#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
190
191/* VRS Additional Kerberos5 entries
192 */
193#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
194#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
195#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
196#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
197#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
198#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
199#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
200#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
201
202#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
203#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
204#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
205#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
206#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
207#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
208
209#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
210#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
211#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
212#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
213#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
214#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
215#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
216
217#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
218#define SSL_MAX_SID_CTX_LENGTH 32
219
220#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
221#define SSL_MAX_KEY_ARG_LENGTH 8
222#define SSL_MAX_MASTER_KEY_LENGTH 48
223
224
225/* These are used to specify which ciphers to use and not to use */
226
227#define SSL_TXT_EXP40 "EXPORT40"
228#define SSL_TXT_EXP56 "EXPORT56"
229#define SSL_TXT_LOW "LOW"
230#define SSL_TXT_MEDIUM "MEDIUM"
231#define SSL_TXT_HIGH "HIGH"
232#define SSL_TXT_FIPS "FIPS"
233
234#define SSL_TXT_kFZA "kFZA" /* unused! */
235#define SSL_TXT_aFZA "aFZA" /* unused! */
236#define SSL_TXT_eFZA "eFZA" /* unused! */
237#define SSL_TXT_FZA "FZA" /* unused! */
238
239#define SSL_TXT_aNULL "aNULL"
240#define SSL_TXT_eNULL "eNULL"
241#define SSL_TXT_NULL "NULL"
242
243#define SSL_TXT_kRSA "kRSA"
244#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
245#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
246#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
247#define SSL_TXT_kEDH "kEDH"
248#define SSL_TXT_kKRB5 "kKRB5"
249#define SSL_TXT_kECDHr "kECDHr"
250#define SSL_TXT_kECDHe "kECDHe"
251#define SSL_TXT_kECDH "kECDH"
252#define SSL_TXT_kEECDH "kEECDH"
253#define SSL_TXT_kPSK "kPSK"
254#define SSL_TXT_kGOST "kGOST"
255#define SSL_TXT_kSRP "kSRP"
256
257#define SSL_TXT_aRSA "aRSA"
258#define SSL_TXT_aDSS "aDSS"
259#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
260#define SSL_TXT_aECDH "aECDH"
261#define SSL_TXT_aKRB5 "aKRB5"
262#define SSL_TXT_aECDSA "aECDSA"
263#define SSL_TXT_aPSK "aPSK"
264#define SSL_TXT_aGOST94 "aGOST94"
265#define SSL_TXT_aGOST01 "aGOST01"
266#define SSL_TXT_aGOST "aGOST"
267
268#define SSL_TXT_DSS "DSS"
269#define SSL_TXT_DH "DH"
270#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */
271#define SSL_TXT_ADH "ADH"
272#define SSL_TXT_RSA "RSA"
273#define SSL_TXT_ECDH "ECDH"
274#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
275#define SSL_TXT_AECDH "AECDH"
276#define SSL_TXT_ECDSA "ECDSA"
277#define SSL_TXT_KRB5 "KRB5"
278#define SSL_TXT_PSK "PSK"
279#define SSL_TXT_SRP "SRP"
280
281#define SSL_TXT_DES "DES"
282#define SSL_TXT_3DES "3DES"
283#define SSL_TXT_RC4 "RC4"
284#define SSL_TXT_RC2 "RC2"
285#define SSL_TXT_IDEA "IDEA"
286#define SSL_TXT_SEED "SEED"
287#define SSL_TXT_AES128 "AES128"
288#define SSL_TXT_AES256 "AES256"
289#define SSL_TXT_AES "AES"
290#define SSL_TXT_AES_GCM "AESGCM"
291#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
292#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
293#define SSL_TXT_CAMELLIA "CAMELLIA"
294
295#define SSL_TXT_MD5 "MD5"
296#define SSL_TXT_SHA1 "SHA1"
297#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
298#define SSL_TXT_GOST94 "GOST94"
299#define SSL_TXT_GOST89MAC "GOST89MAC"
300#define SSL_TXT_SHA256 "SHA256"
301#define SSL_TXT_SHA384 "SHA384"
302
303#define SSL_TXT_SSLV2 "SSLv2"
304#define SSL_TXT_SSLV3 "SSLv3"
305#define SSL_TXT_TLSV1 "TLSv1"
306#define SSL_TXT_TLSV1_1 "TLSv1.1"
307#define SSL_TXT_TLSV1_2 "TLSv1.2"
308
309#define SSL_TXT_EXP "EXP"
310#define SSL_TXT_EXPORT "EXPORT"
311
312#define SSL_TXT_ALL "ALL"
313
314/*
315 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
316 * ciphers normally not being used.
317 * Example: "RC4" will activate all ciphers using RC4 including ciphers
318 * without authentication, which would normally disabled by DEFAULT (due
319 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
320 * will make sure that it is also disabled in the specific selection.
321 * COMPLEMENTOF* identifiers are portable between version, as adjustments
322 * to the default cipher setup will also be included here.
323 *
324 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
325 * DEFAULT gets, as only selection is being done and no sorting as needed
326 * for DEFAULT.
327 */
328#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
329#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
330
331/* The following cipher list is used by default.
332 * It also is substituted when an application-defined cipher list string
333 * starts with 'DEFAULT'. */
334#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
335/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
336 * starts with a reasonable order, and all we have to do for DEFAULT is
337 * throwing out anonymous and unencrypted ciphersuites!
338 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
339 * some of them.)
340 */
341
342/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
343#define SSL_SENT_SHUTDOWN 1
344#define SSL_RECEIVED_SHUTDOWN 2
345
346#ifdef __cplusplus
347}
348#endif
349
350#ifdef __cplusplus
351extern "C" {
352#endif
353
354#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
355#define OPENSSL_NO_SSL2
356#endif
357
358#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
359#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
360
361/* This is needed to stop compilers complaining about the
362 * 'struct ssl_st *' function parameters used to prototype callbacks
363 * in SSL_CTX. */
364typedef struct ssl_st *ssl_crock_st;
365typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
366typedef struct ssl_method_st SSL_METHOD;
367typedef struct ssl_cipher_st SSL_CIPHER;
368typedef struct ssl_session_st SSL_SESSION;
369
370DECLARE_STACK_OF(SSL_CIPHER)
371
372/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
373typedef struct srtp_protection_profile_st
374 {
375 const char *name;
376 unsigned long id;
377 } SRTP_PROTECTION_PROFILE;
378
379DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
380
381typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
382typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
383
384
385#ifndef OPENSSL_NO_SSL_INTERN
386
387/* used to hold info on the particular ciphers used */
388struct ssl_cipher_st
389 {
390 int valid;
391 const char *name; /* text name */
392 unsigned long id; /* id, 4 bytes, first is version */
393
394 /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
395 unsigned long algorithm_mkey; /* key exchange algorithm */
396 unsigned long algorithm_auth; /* server authentication */
397 unsigned long algorithm_enc; /* symmetric encryption */
398 unsigned long algorithm_mac; /* symmetric authentication */
399 unsigned long algorithm_ssl; /* (major) protocol version */
400
401 unsigned long algo_strength; /* strength and export flags */
402 unsigned long algorithm2; /* Extra flags */
403 int strength_bits; /* Number of bits really used */
404 int alg_bits; /* Number of bits for algorithm */
405 };
406
407
408/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
409struct ssl_method_st
410 {
411 int version;
412 int (*ssl_new)(SSL *s);
413 void (*ssl_clear)(SSL *s);
414 void (*ssl_free)(SSL *s);
415 int (*ssl_accept)(SSL *s);
416 int (*ssl_connect)(SSL *s);
417 int (*ssl_read)(SSL *s,void *buf,int len);
418 int (*ssl_peek)(SSL *s,void *buf,int len);
419 int (*ssl_write)(SSL *s,const void *buf,int len);
420 int (*ssl_shutdown)(SSL *s);
421 int (*ssl_renegotiate)(SSL *s);
422 int (*ssl_renegotiate_check)(SSL *s);
423 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
424 max, int *ok);
425 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
426 int peek);
427 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
428 int (*ssl_dispatch_alert)(SSL *s);
429 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
430 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
431 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
432 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
433 int (*ssl_pending)(const SSL *s);
434 int (*num_ciphers)(void);
435 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
436 const struct ssl_method_st *(*get_ssl_method)(int version);
437 long (*get_timeout)(void);
438 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
439 int (*ssl_version)(void);
440 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
441 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
442 };
443
444/* Lets make this into an ASN.1 type structure as follows
445 * SSL_SESSION_ID ::= SEQUENCE {
446 * version INTEGER, -- structure version number
447 * SSLversion INTEGER, -- SSL version number
448 * Cipher OCTET STRING, -- the 3 byte cipher ID
449 * Session_ID OCTET STRING, -- the Session ID
450 * Master_key OCTET STRING, -- the master key
451 * KRB5_principal OCTET STRING -- optional Kerberos principal
452 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
453 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
454 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
455 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
456 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
457 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
458 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
459 * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
460 * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
461 * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
462 * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
463 * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
464 * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
465 * }
466 * Look in ssl/ssl_asn1.c for more details
467 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
468 */
469struct ssl_session_st
470 {
471 int ssl_version; /* what ssl version session info is
472 * being kept in here? */
473
474 /* only really used in SSLv2 */
475 unsigned int key_arg_length;
476 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
477 int master_key_length;
478 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
479 /* session_id - valid? */
480 unsigned int session_id_length;
481 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
482 /* this is used to determine whether the session is being reused in
483 * the appropriate context. It is up to the application to set this,
484 * via SSL_new */
485 unsigned int sid_ctx_length;
486 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
487
488#ifndef OPENSSL_NO_KRB5
489 unsigned int krb5_client_princ_len;
490 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
491#endif /* OPENSSL_NO_KRB5 */
492#ifndef OPENSSL_NO_PSK
493 char *psk_identity_hint;
494 char *psk_identity;
495#endif
496 int not_resumable;
497
498 /* The cert is the certificate used to establish this connection */
499 struct sess_cert_st /* SESS_CERT */ *sess_cert;
500
501 /* This is the cert for the other end.
502 * On clients, it will be the same as sess_cert->peer_key->x509
503 * (the latter is not enough as sess_cert is not retained
504 * in the external representation of sessions, see ssl_asn1.c). */
505 X509 *peer;
506 /* when app_verify_callback accepts a session where the peer's certificate
507 * is not ok, we must remember the error for session reuse: */
508 long verify_result; /* only for servers */
509
510 int references;
511 long timeout;
512 long time;
513
514 unsigned int compress_meth; /* Need to lookup the method */
515
516 const SSL_CIPHER *cipher;
517 unsigned long cipher_id; /* when ASN.1 loaded, this
518 * needs to be used to load
519 * the 'cipher' structure */
520
521 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
522
523 CRYPTO_EX_DATA ex_data; /* application specific data */
524
525 /* These are used to make removal of session-ids more
526 * efficient and to implement a maximum cache size. */
527 struct ssl_session_st *prev,*next;
528#ifndef OPENSSL_NO_TLSEXT
529 char *tlsext_hostname;
530#ifndef OPENSSL_NO_EC
531 size_t tlsext_ecpointformatlist_length;
532 unsigned char *tlsext_ecpointformatlist; /* peer's list */
533 size_t tlsext_ellipticcurvelist_length;
534 unsigned char *tlsext_ellipticcurvelist; /* peer's list */
535#endif /* OPENSSL_NO_EC */
536 /* RFC4507 info */
537 unsigned char *tlsext_tick; /* Session ticket */
538 size_t tlsext_ticklen; /* Session ticket length */
539 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
540#endif
541#ifndef OPENSSL_NO_SRP
542 char *srp_username;
543#endif
544 };
545
546#endif
547
548#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
549#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
550/* Allow initial connection to servers that don't support RI */
551#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
552#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
553#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
554#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
555#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
556#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
557#define SSL_OP_TLS_D5_BUG 0x00000100L
558#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
559
560/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
561 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
562 * the workaround is not needed. Unfortunately some broken SSL/TLS
563 * implementations cannot handle it at all, which is why we include
564 * it in SSL_OP_ALL. */
565#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
566
567/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
568 * This used to be 0x000FFFFFL before 0.9.7. */
569#define SSL_OP_ALL 0x80000BFFL
570
571/* DTLS options */
572#define SSL_OP_NO_QUERY_MTU 0x00001000L
573/* Turn on Cookie Exchange (on relevant for servers) */
574#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
575/* Don't use RFC4507 ticket extension */
576#define SSL_OP_NO_TICKET 0x00004000L
577/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
578#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
579
580/* As server, disallow session resumption on renegotiation */
581#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
582/* Don't use compression even if supported */
583#define SSL_OP_NO_COMPRESSION 0x00020000L
584/* Permit unsafe legacy renegotiation */
585#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
586/* If set, always create a new key when using tmp_ecdh parameters */
587#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
588/* If set, always create a new key when using tmp_dh parameters */
589#define SSL_OP_SINGLE_DH_USE 0x00100000L
590/* Set to always use the tmp_rsa key when doing RSA operations,
591 * even when this violates protocol specs */
592#define SSL_OP_EPHEMERAL_RSA 0x00200000L
593/* Set on servers to choose the cipher according to the server's
594 * preferences */
595#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
596/* If set, a server will allow a client to issue a SSLv3.0 version number
597 * as latest version supported in the premaster secret, even when TLSv1.0
598 * (version 3.1) was announced in the client hello. Normally this is
599 * forbidden to prevent version rollback attacks. */
600#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
601
602#define SSL_OP_NO_SSLv2 0x01000000L
603#define SSL_OP_NO_SSLv3 0x02000000L
604#define SSL_OP_NO_TLSv1 0x04000000L
605#define SSL_OP_NO_TLSv1_2 0x08000000L
606#define SSL_OP_NO_TLSv1_1 0x10000000L
607
608/* These next two were never actually used for anything since SSLeay
609 * zap so we have some more flags.
610 */
611/* The next flag deliberately changes the ciphertest, this is a check
612 * for the PKCS#1 attack */
613#define SSL_OP_PKCS1_CHECK_1 0x0
614#define SSL_OP_PKCS1_CHECK_2 0x0
615
616#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
617#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
618/* Make server add server-hello extension from early version of
619 * cryptopro draft, when GOST ciphersuite is negotiated.
620 * Required for interoperability with CryptoPro CSP 3.x
621 */
622#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
623
624/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
625 * when just a single record has been written): */
626#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
627/* Make it possible to retry SSL_write() with changed buffer location
628 * (buffer contents must stay the same!); this is not the default to avoid
629 * the misconception that non-blocking SSL_write() behaves like
630 * non-blocking write(): */
631#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
632/* Never bother the application with retries if the transport
633 * is blocking: */
634#define SSL_MODE_AUTO_RETRY 0x00000004L
635/* Don't attempt to automatically build certificate chain */
636#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
637/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
638 * TLS only.) "Released" buffers are put onto a free-list in the context
639 * or just freed (depending on the context's setting for freelist_max_len). */
640#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
641
642/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
643 * they cannot be used to clear bits. */
644
645#define SSL_CTX_set_options(ctx,op) \
646 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
647#define SSL_CTX_clear_options(ctx,op) \
648 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
649#define SSL_CTX_get_options(ctx) \
650 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
651#define SSL_set_options(ssl,op) \
652 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
653#define SSL_clear_options(ssl,op) \
654 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
655#define SSL_get_options(ssl) \
656 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
657
658#define SSL_CTX_set_mode(ctx,op) \
659 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
660#define SSL_CTX_clear_mode(ctx,op) \
661 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
662#define SSL_CTX_get_mode(ctx) \
663 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
664#define SSL_clear_mode(ssl,op) \
665 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
666#define SSL_set_mode(ssl,op) \
667 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
668#define SSL_get_mode(ssl) \
669 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
670#define SSL_set_mtu(ssl, mtu) \
671 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
672
673#define SSL_get_secure_renegotiation_support(ssl) \
674 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
675
676#ifndef OPENSSL_NO_HEARTBEATS
677#define SSL_heartbeat(ssl) \
678 SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
679#endif
680
681void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
682void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
683#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
684#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
685
686#ifndef OPENSSL_NO_SRP
687
688#ifndef OPENSSL_NO_SSL_INTERN
689
690typedef struct srp_ctx_st
691 {
692 /* param for all the callbacks */
693 void *SRP_cb_arg;
694 /* set client Hello login callback */
695 int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
696 /* set SRP N/g param callback for verification */
697 int (*SRP_verify_param_callback)(SSL *, void *);
698 /* set SRP client passwd callback */
699 char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
700
701 char *login;
702 BIGNUM *N,*g,*s,*B,*A;
703 BIGNUM *a,*b,*v;
704 char *info;
705 int strength;
706
707 unsigned long srp_Mask;
708 } SRP_CTX;
709
710#endif
711
712/* see tls_srp.c */
713int SSL_SRP_CTX_init(SSL *s);
714int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
715int SSL_SRP_CTX_free(SSL *ctx);
716int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
717int SSL_srp_server_param_with_username(SSL *s, int *ad);
718int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
719int SRP_Calc_A_param(SSL *s);
720int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
721
722#endif
723
724#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
725#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
726#else
727#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
728#endif
729
730#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
731
732/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
733 * them. It is used to override the generation of SSL/TLS session IDs in a
734 * server. Return value should be zero on an error, non-zero to proceed. Also,
735 * callbacks should themselves check if the id they generate is unique otherwise
736 * the SSL handshake will fail with an error - callbacks can do this using the
737 * 'ssl' value they're passed by;
738 * SSL_has_matching_session_id(ssl, id, *id_len)
739 * The length value passed in is set at the maximum size the session ID can be.
740 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
741 * can alter this length to be less if desired, but under SSLv2 session IDs are
742 * supposed to be fixed at 16 bytes so the id will be padded after the callback
743 * returns in this case. It is also an error for the callback to set the size to
744 * zero. */
745typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
746 unsigned int *id_len);
747
748typedef struct ssl_comp_st SSL_COMP;
749
750#ifndef OPENSSL_NO_SSL_INTERN
751
752struct ssl_comp_st
753 {
754 int id;
755 const char *name;
756#ifndef OPENSSL_NO_COMP
757 COMP_METHOD *method;
758#else
759 char *method;
760#endif
761 };
762
763DECLARE_STACK_OF(SSL_COMP)
764DECLARE_LHASH_OF(SSL_SESSION);
765
766struct ssl_ctx_st
767 {
768 const SSL_METHOD *method;
769
770 STACK_OF(SSL_CIPHER) *cipher_list;
771 /* same as above but sorted for lookup */
772 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
773
774 struct x509_store_st /* X509_STORE */ *cert_store;
775 LHASH_OF(SSL_SESSION) *sessions;
776 /* Most session-ids that will be cached, default is
777 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
778 unsigned long session_cache_size;
779 struct ssl_session_st *session_cache_head;
780 struct ssl_session_st *session_cache_tail;
781
782 /* This can have one of 2 values, ored together,
783 * SSL_SESS_CACHE_CLIENT,
784 * SSL_SESS_CACHE_SERVER,
785 * Default is SSL_SESSION_CACHE_SERVER, which means only
786 * SSL_accept which cache SSL_SESSIONS. */
787 int session_cache_mode;
788
789 /* If timeout is not 0, it is the default timeout value set
790 * when SSL_new() is called. This has been put in to make
791 * life easier to set things up */
792 long session_timeout;
793
794 /* If this callback is not null, it will be called each
795 * time a session id is added to the cache. If this function
796 * returns 1, it means that the callback will do a
797 * SSL_SESSION_free() when it has finished using it. Otherwise,
798 * on 0, it means the callback has finished with it.
799 * If remove_session_cb is not null, it will be called when
800 * a session-id is removed from the cache. After the call,
801 * OpenSSL will SSL_SESSION_free() it. */
802 int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
803 void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
804 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
805 unsigned char *data,int len,int *copy);
806
807 struct
808 {
809 int sess_connect; /* SSL new conn - started */
810 int sess_connect_renegotiate;/* SSL reneg - requested */
811 int sess_connect_good; /* SSL new conne/reneg - finished */
812 int sess_accept; /* SSL new accept - started */
813 int sess_accept_renegotiate;/* SSL reneg - requested */
814 int sess_accept_good; /* SSL accept/reneg - finished */
815 int sess_miss; /* session lookup misses */
816 int sess_timeout; /* reuse attempt on timeouted session */
817 int sess_cache_full; /* session removed due to full cache */
818 int sess_hit; /* session reuse actually done */
819 int sess_cb_hit; /* session-id that was not
820 * in the cache was
821 * passed back via the callback. This
822 * indicates that the application is
823 * supplying session-id's from other
824 * processes - spooky :-) */
825 } stats;
826
827 int references;
828
829 /* if defined, these override the X509_verify_cert() calls */
830 int (*app_verify_callback)(X509_STORE_CTX *, void *);
831 void *app_verify_arg;
832 /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
833 * ('app_verify_callback' was called with just one argument) */
834
835 /* Default password callback. */
836 pem_password_cb *default_passwd_callback;
837
838 /* Default password callback user data. */
839 void *default_passwd_callback_userdata;
840
841 /* get client cert callback */
842 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
843
844 /* cookie generate callback */
845 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
846 unsigned int *cookie_len);
847
848 /* verify cookie callback */
849 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
850 unsigned int cookie_len);
851
852 CRYPTO_EX_DATA ex_data;
853
854 const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
855 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
856 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
857
858 STACK_OF(X509) *extra_certs;
859 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
860
861
862 /* Default values used when no per-SSL value is defined follow */
863
864 void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
865
866 /* what we put in client cert requests */
867 STACK_OF(X509_NAME) *client_CA;
868
869
870 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
871
872 unsigned long options;
873 unsigned long mode;
874 long max_cert_list;
875
876 struct cert_st /* CERT */ *cert;
877 int read_ahead;
878
879 /* callback that allows applications to peek at protocol messages */
880 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
881 void *msg_callback_arg;
882
883 int verify_mode;
884 unsigned int sid_ctx_length;
885 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
886 int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
887
888 /* Default generate session ID callback. */
889 GEN_SESSION_CB generate_session_id;
890
891 X509_VERIFY_PARAM *param;
892
893#if 0
894 int purpose; /* Purpose setting */
895 int trust; /* Trust setting */
896#endif
897
898 int quiet_shutdown;
899
900 /* Maximum amount of data to send in one fragment.
901 * actual record size can be more than this due to
902 * padding and MAC overheads.
903 */
904 unsigned int max_send_fragment;
905
906#ifndef OPENSSL_ENGINE
907 /* Engine to pass requests for client certs to
908 */
909 ENGINE *client_cert_engine;
910#endif
911
912#ifndef OPENSSL_NO_TLSEXT
913 /* TLS extensions servername callback */
914 int (*tlsext_servername_callback)(SSL*, int *, void *);
915 void *tlsext_servername_arg;
916 /* RFC 4507 session ticket keys */
917 unsigned char tlsext_tick_key_name[16];
918 unsigned char tlsext_tick_hmac_key[16];
919 unsigned char tlsext_tick_aes_key[16];
920 /* Callback to support customisation of ticket key setting */
921 int (*tlsext_ticket_key_cb)(SSL *ssl,
922 unsigned char *name, unsigned char *iv,
923 EVP_CIPHER_CTX *ectx,
924 HMAC_CTX *hctx, int enc);
925
926 /* certificate status request info */
927 /* Callback for status request */
928 int (*tlsext_status_cb)(SSL *ssl, void *arg);
929 void *tlsext_status_arg;
930 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
931 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
932 void *tlsext_opaque_prf_input_callback_arg;
933#endif
934
935#ifndef OPENSSL_NO_PSK
936 char *psk_identity_hint;
937 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
938 unsigned int max_identity_len, unsigned char *psk,
939 unsigned int max_psk_len);
940 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
941 unsigned char *psk, unsigned int max_psk_len);
942#endif
943
944#ifndef OPENSSL_NO_BUF_FREELISTS
945#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
946 unsigned int freelist_max_len;
947 struct ssl3_buf_freelist_st *wbuf_freelist;
948 struct ssl3_buf_freelist_st *rbuf_freelist;
949#endif
950#ifndef OPENSSL_NO_SRP
951 SRP_CTX srp_ctx; /* ctx for SRP authentication */
952#endif
953
954#ifndef OPENSSL_NO_TLSEXT
955# ifndef OPENSSL_NO_NEXTPROTONEG
956 /* Next protocol negotiation information */
957 /* (for experimental NPN extension). */
958
959 /* For a server, this contains a callback function by which the set of
960 * advertised protocols can be provided. */
961 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
962 unsigned int *len, void *arg);
963 void *next_protos_advertised_cb_arg;
964 /* For a client, this contains a callback function that selects the
965 * next protocol from the list provided by the server. */
966 int (*next_proto_select_cb)(SSL *s, unsigned char **out,
967 unsigned char *outlen,
968 const unsigned char *in,
969 unsigned int inlen,
970 void *arg);
971 void *next_proto_select_cb_arg;
972# endif
973 /* SRTP profiles we are willing to do from RFC 5764 */
974 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
975#endif
976 };
977
978#endif
979
980#define SSL_SESS_CACHE_OFF 0x0000
981#define SSL_SESS_CACHE_CLIENT 0x0001
982#define SSL_SESS_CACHE_SERVER 0x0002
983#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
984#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
985/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
986#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
987#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
988#define SSL_SESS_CACHE_NO_INTERNAL \
989 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
990
991LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
992#define SSL_CTX_sess_number(ctx) \
993 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
994#define SSL_CTX_sess_connect(ctx) \
995 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
996#define SSL_CTX_sess_connect_good(ctx) \
997 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
998#define SSL_CTX_sess_connect_renegotiate(ctx) \
999 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
1000#define SSL_CTX_sess_accept(ctx) \
1001 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
1002#define SSL_CTX_sess_accept_renegotiate(ctx) \
1003 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
1004#define SSL_CTX_sess_accept_good(ctx) \
1005 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
1006#define SSL_CTX_sess_hits(ctx) \
1007 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
1008#define SSL_CTX_sess_cb_hits(ctx) \
1009 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
1010#define SSL_CTX_sess_misses(ctx) \
1011 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
1012#define SSL_CTX_sess_timeouts(ctx) \
1013 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
1014#define SSL_CTX_sess_cache_full(ctx) \
1015 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
1016
1017void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
1018int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
1019void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
1020void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
1021void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
1022SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
1023void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
1024void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
1025void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
1026int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
1027#ifndef OPENSSL_NO_ENGINE
1028int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
1029#endif
1030void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
1031void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
1032#ifndef OPENSSL_NO_NEXTPROTONEG
1033void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
1034 int (*cb) (SSL *ssl,
1035 const unsigned char **out,
1036 unsigned int *outlen,
1037 void *arg),
1038 void *arg);
1039void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
1040 int (*cb) (SSL *ssl,
1041 unsigned char **out,
1042 unsigned char *outlen,
1043 const unsigned char *in,
1044 unsigned int inlen,
1045 void *arg),
1046 void *arg);
1047
1048int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1049 const unsigned char *in, unsigned int inlen,
1050 const unsigned char *client, unsigned int client_len);
1051void SSL_get0_next_proto_negotiated(const SSL *s,
1052 const unsigned char **data, unsigned *len);
1053
1054#define OPENSSL_NPN_UNSUPPORTED 0
1055#define OPENSSL_NPN_NEGOTIATED 1
1056#define OPENSSL_NPN_NO_OVERLAP 2
1057#endif
1058
1059#ifndef OPENSSL_NO_PSK
1060/* the maximum length of the buffer given to callbacks containing the
1061 * resulting identity/psk */
1062#define PSK_MAX_IDENTITY_LEN 128
1063#define PSK_MAX_PSK_LEN 256
1064void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
1065 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1066 char *identity, unsigned int max_identity_len, unsigned char *psk,
1067 unsigned int max_psk_len));
1068void SSL_set_psk_client_callback(SSL *ssl,
1069 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1070 char *identity, unsigned int max_identity_len, unsigned char *psk,
1071 unsigned int max_psk_len));
1072void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
1073 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1074 unsigned char *psk, unsigned int max_psk_len));
1075void SSL_set_psk_server_callback(SSL *ssl,
1076 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1077 unsigned char *psk, unsigned int max_psk_len));
1078int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
1079int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
1080const char *SSL_get_psk_identity_hint(const SSL *s);
1081const char *SSL_get_psk_identity(const SSL *s);
1082#endif
1083
1084#define SSL_NOTHING 1
1085#define SSL_WRITING 2
1086#define SSL_READING 3
1087#define SSL_X509_LOOKUP 4
1088
1089/* These will only be used when doing non-blocking IO */
1090#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
1091#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
1092#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
1093#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
1094
1095#define SSL_MAC_FLAG_READ_MAC_STREAM 1
1096#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
1097
1098#ifndef OPENSSL_NO_SSL_INTERN
1099
1100struct ssl_st
1101 {
1102 /* protocol version
1103 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1104 */
1105 int version;
1106 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
1107
1108 const SSL_METHOD *method; /* SSLv3 */
1109
1110 /* There are 2 BIO's even though they are normally both the
1111 * same. This is so data can be read and written to different
1112 * handlers */
1113
1114#ifndef OPENSSL_NO_BIO
1115 BIO *rbio; /* used by SSL_read */
1116 BIO *wbio; /* used by SSL_write */
1117 BIO *bbio; /* used during session-id reuse to concatenate
1118 * messages */
1119#else
1120 char *rbio; /* used by SSL_read */
1121 char *wbio; /* used by SSL_write */
1122 char *bbio;
1123#endif
1124 /* This holds a variable that indicates what we were doing
1125 * when a 0 or -1 is returned. This is needed for
1126 * non-blocking IO so we know what request needs re-doing when
1127 * in SSL_accept or SSL_connect */
1128 int rwstate;
1129
1130 /* true when we are actually in SSL_accept() or SSL_connect() */
1131 int in_handshake;
1132 int (*handshake_func)(SSL *);
1133
1134 /* Imagine that here's a boolean member "init" that is
1135 * switched as soon as SSL_set_{accept/connect}_state
1136 * is called for the first time, so that "state" and
1137 * "handshake_func" are properly initialized. But as
1138 * handshake_func is == 0 until then, we use this
1139 * test instead of an "init" member.
1140 */
1141
1142 int server; /* are we the server side? - mostly used by SSL_clear*/
1143
1144 int new_session;/* Generate a new session or reuse an old one.
1145 * NB: For servers, the 'new' session may actually be a previously
1146 * cached session or even the previous session unless
1147 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1148 int quiet_shutdown;/* don't send shutdown packets */
1149 int shutdown; /* we have shut things down, 0x01 sent, 0x02
1150 * for received */
1151 int state; /* where we are */
1152 int rstate; /* where we are when reading */
1153
1154 BUF_MEM *init_buf; /* buffer used during init */
1155 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
1156 int init_num; /* amount read/written */
1157 int init_off; /* amount read/written */
1158
1159 /* used internally to point at a raw packet */
1160 unsigned char *packet;
1161 unsigned int packet_length;
1162
1163 struct ssl2_state_st *s2; /* SSLv2 variables */
1164 struct ssl3_state_st *s3; /* SSLv3 variables */
1165 struct dtls1_state_st *d1; /* DTLSv1 variables */
1166
1167 int read_ahead; /* Read as many input bytes as possible
1168 * (for non-blocking reads) */
1169
1170 /* callback that allows applications to peek at protocol messages */
1171 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
1172 void *msg_callback_arg;
1173
1174 int hit; /* reusing a previous session */
1175
1176 X509_VERIFY_PARAM *param;
1177
1178#if 0
1179 int purpose; /* Purpose setting */
1180 int trust; /* Trust setting */
1181#endif
1182
1183 /* crypto */
1184 STACK_OF(SSL_CIPHER) *cipher_list;
1185 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1186
1187 /* These are the ones being used, the ones in SSL_SESSION are
1188 * the ones to be 'copied' into these ones */
1189 int mac_flags;
1190 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1191 EVP_MD_CTX *read_hash; /* used for mac generation */
1192#ifndef OPENSSL_NO_COMP
1193 COMP_CTX *expand; /* uncompress */
1194#else
1195 char *expand;
1196#endif
1197
1198 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1199 EVP_MD_CTX *write_hash; /* used for mac generation */
1200#ifndef OPENSSL_NO_COMP
1201 COMP_CTX *compress; /* compression */
1202#else
1203 char *compress;
1204#endif
1205
1206 /* session info */
1207
1208 /* client cert? */
1209 /* This is used to hold the server certificate used */
1210 struct cert_st /* CERT */ *cert;
1211
1212 /* the session_id_context is used to ensure sessions are only reused
1213 * in the appropriate context */
1214 unsigned int sid_ctx_length;
1215 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1216
1217 /* This can also be in the session once a session is established */
1218 SSL_SESSION *session;
1219
1220 /* Default generate session ID callback. */
1221 GEN_SESSION_CB generate_session_id;
1222
1223 /* Used in SSL2 and SSL3 */
1224 int verify_mode; /* 0 don't care about verify failure.
1225 * 1 fail if verify fails */
1226 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
1227
1228 void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
1229
1230 int error; /* error bytes to be written */
1231 int error_code; /* actual code */
1232
1233#ifndef OPENSSL_NO_KRB5
1234 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
1235#endif /* OPENSSL_NO_KRB5 */
1236
1237#ifndef OPENSSL_NO_PSK
1238 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
1239 unsigned int max_identity_len, unsigned char *psk,
1240 unsigned int max_psk_len);
1241 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1242 unsigned char *psk, unsigned int max_psk_len);
1243#endif
1244
1245 SSL_CTX *ctx;
1246 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
1247 * and SSL_write() calls, good for nbio debuging :-) */
1248 int debug;
1249
1250 /* extra application data */
1251 long verify_result;
1252 CRYPTO_EX_DATA ex_data;
1253
1254 /* for server side, keep the list of CA_dn we can use */
1255 STACK_OF(X509_NAME) *client_CA;
1256
1257 int references;
1258 unsigned long options; /* protocol behaviour */
1259 unsigned long mode; /* API behaviour */
1260 long max_cert_list;
1261 int first_packet;
1262 int client_version; /* what was passed, used for
1263 * SSLv3/TLS rollback check */
1264 unsigned int max_send_fragment;
1265#ifndef OPENSSL_NO_TLSEXT
1266 /* TLS extension debug callback */
1267 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1268 unsigned char *data, int len,
1269 void *arg);
1270 void *tlsext_debug_arg;
1271 char *tlsext_hostname;
1272 int servername_done; /* no further mod of servername
1273 0 : call the servername extension callback.
1274 1 : prepare 2, allow last ack just after in server callback.
1275 2 : don't call servername callback, no ack in server hello
1276 */
1277 /* certificate status request info */
1278 /* Status type or -1 if no status type */
1279 int tlsext_status_type;
1280 /* Expect OCSP CertificateStatus message */
1281 int tlsext_status_expected;
1282 /* OCSP status request only */
1283 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
1284 X509_EXTENSIONS *tlsext_ocsp_exts;
1285 /* OCSP response received or to be sent */
1286 unsigned char *tlsext_ocsp_resp;
1287 int tlsext_ocsp_resplen;
1288
1289 /* RFC4507 session ticket expected to be received or sent */
1290 int tlsext_ticket_expected;
1291#ifndef OPENSSL_NO_EC
1292 size_t tlsext_ecpointformatlist_length;
1293 unsigned char *tlsext_ecpointformatlist; /* our list */
1294 size_t tlsext_ellipticcurvelist_length;
1295 unsigned char *tlsext_ellipticcurvelist; /* our list */
1296#endif /* OPENSSL_NO_EC */
1297
1298 /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
1299 void *tlsext_opaque_prf_input;
1300 size_t tlsext_opaque_prf_input_len;
1301
1302 /* TLS Session Ticket extension override */
1303 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1304
1305 /* TLS Session Ticket extension callback */
1306 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
1307 void *tls_session_ticket_ext_cb_arg;
1308
1309 /* TLS pre-shared secret session resumption */
1310 tls_session_secret_cb_fn tls_session_secret_cb;
1311 void *tls_session_secret_cb_arg;
1312
1313 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1314
1315#ifndef OPENSSL_NO_NEXTPROTONEG
1316 /* Next protocol negotiation. For the client, this is the protocol that
1317 * we sent in NextProtocol and is set when handling ServerHello
1318 * extensions.
1319 *
1320 * For a server, this is the client's selected_protocol from
1321 * NextProtocol and is set when handling the NextProtocol message,
1322 * before the Finished message. */
1323 unsigned char *next_proto_negotiated;
1324 unsigned char next_proto_negotiated_len;
1325#endif
1326
1327#define session_ctx initial_ctx
1328
1329 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
1330 SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
1331
1332 unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated?
1333 0: disabled
1334 1: enabled
1335 2: enabled, but not allowed to send Requests
1336 */
1337 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1338 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1339#else
1340#define session_ctx ctx
1341#endif /* OPENSSL_NO_TLSEXT */
1342
1343 int renegotiate;/* 1 if we are renegotiating.
1344 * 2 if we are a server and are inside a handshake
1345 * (i.e. not just sending a HelloRequest) */
1346
1347#ifndef OPENSSL_NO_SRP
1348 SRP_CTX srp_ctx; /* ctx for SRP authentication */
1349#endif
1350 };
1351
1352#endif
1353
1354#ifdef __cplusplus
1355}
1356#endif
1357
1358#include <openssl/ssl2.h>
1359#include <openssl/ssl3.h>
1360#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1361#include <openssl/dtls1.h> /* Datagram TLS */
1362#include <openssl/ssl23.h>
1363#include <openssl/srtp.h> /* Support for the use_srtp extension */
1364
1365#ifdef __cplusplus
1366extern "C" {
1367#endif
1368
1369/* compatibility */
1370#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
1371#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
1372#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
1373#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
1374#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
1375#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1376
1377/* The following are the possible values for ssl->state are are
1378 * used to indicate where we are up to in the SSL connection establishment.
1379 * The macros that follow are about the only things you should need to use
1380 * and even then, only when using non-blocking IO.
1381 * It can also be useful to work out where you were when the connection
1382 * failed */
1383
1384#define SSL_ST_CONNECT 0x1000
1385#define SSL_ST_ACCEPT 0x2000
1386#define SSL_ST_MASK 0x0FFF
1387#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
1388#define SSL_ST_BEFORE 0x4000
1389#define SSL_ST_OK 0x03
1390#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
1391
1392#define SSL_CB_LOOP 0x01
1393#define SSL_CB_EXIT 0x02
1394#define SSL_CB_READ 0x04
1395#define SSL_CB_WRITE 0x08
1396#define SSL_CB_ALERT 0x4000 /* used in callback */
1397#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
1398#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
1399#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
1400#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
1401#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
1402#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
1403#define SSL_CB_HANDSHAKE_START 0x10
1404#define SSL_CB_HANDSHAKE_DONE 0x20
1405
1406/* Is the SSL_connection established? */
1407#define SSL_get_state(a) SSL_state(a)
1408#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
1409#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
1410#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
1411#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
1412#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
1413
1414/* The following 2 states are kept in ssl->rstate when reads fail,
1415 * you should not need these */
1416#define SSL_ST_READ_HEADER 0xF0
1417#define SSL_ST_READ_BODY 0xF1
1418#define SSL_ST_READ_DONE 0xF2
1419
1420/* Obtain latest Finished message
1421 * -- that we sent (SSL_get_finished)
1422 * -- that we expected from peer (SSL_get_peer_finished).
1423 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
1424size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
1425size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1426
1427/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
1428 * are 'ored' with SSL_VERIFY_PEER if they are desired */
1429#define SSL_VERIFY_NONE 0x00
1430#define SSL_VERIFY_PEER 0x01
1431#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
1432#define SSL_VERIFY_CLIENT_ONCE 0x04
1433
1434#define OpenSSL_add_ssl_algorithms() SSL_library_init()
1435#define SSLeay_add_ssl_algorithms() SSL_library_init()
1436
1437/* this is for backward compatibility */
1438#if 0 /* NEW_SSLEAY */
1439#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
1440#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
1441#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
1442#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
1443#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
1444#endif
1445/* More backward compatibility */
1446#define SSL_get_cipher(s) \
1447 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1448#define SSL_get_cipher_bits(s,np) \
1449 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
1450#define SSL_get_cipher_version(s) \
1451 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
1452#define SSL_get_cipher_name(s) \
1453 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1454#define SSL_get_time(a) SSL_SESSION_get_time(a)
1455#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
1456#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1457#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1458
1459#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1460#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1461
1462DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1463
1464#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
1465
1466/* These alert types are for SSLv3 and TLSv1 */
1467#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1468#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
1469#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
1470#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
1471#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
1472#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
1473#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
1474#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
1475#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
1476#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
1477#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
1478#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
1479#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
1480#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
1481#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
1482#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
1483#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
1484#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
1485#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
1486#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
1487#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
1488#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
1489#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
1490#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
1491#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
1492#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1493#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1494#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1495#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1496#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1497
1498#define SSL_ERROR_NONE 0
1499#define SSL_ERROR_SSL 1
1500#define SSL_ERROR_WANT_READ 2
1501#define SSL_ERROR_WANT_WRITE 3
1502#define SSL_ERROR_WANT_X509_LOOKUP 4
1503#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
1504#define SSL_ERROR_ZERO_RETURN 6
1505#define SSL_ERROR_WANT_CONNECT 7
1506#define SSL_ERROR_WANT_ACCEPT 8
1507
1508#define SSL_CTRL_NEED_TMP_RSA 1
1509#define SSL_CTRL_SET_TMP_RSA 2
1510#define SSL_CTRL_SET_TMP_DH 3
1511#define SSL_CTRL_SET_TMP_ECDH 4
1512#define SSL_CTRL_SET_TMP_RSA_CB 5
1513#define SSL_CTRL_SET_TMP_DH_CB 6
1514#define SSL_CTRL_SET_TMP_ECDH_CB 7
1515
1516#define SSL_CTRL_GET_SESSION_REUSED 8
1517#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
1518#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
1519#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
1520#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
1521#define SSL_CTRL_GET_FLAGS 13
1522#define SSL_CTRL_EXTRA_CHAIN_CERT 14
1523
1524#define SSL_CTRL_SET_MSG_CALLBACK 15
1525#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
1526
1527/* only applies to datagram connections */
1528#define SSL_CTRL_SET_MTU 17
1529/* Stats */
1530#define SSL_CTRL_SESS_NUMBER 20
1531#define SSL_CTRL_SESS_CONNECT 21
1532#define SSL_CTRL_SESS_CONNECT_GOOD 22
1533#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
1534#define SSL_CTRL_SESS_ACCEPT 24
1535#define SSL_CTRL_SESS_ACCEPT_GOOD 25
1536#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
1537#define SSL_CTRL_SESS_HIT 27
1538#define SSL_CTRL_SESS_CB_HIT 28
1539#define SSL_CTRL_SESS_MISSES 29
1540#define SSL_CTRL_SESS_TIMEOUTS 30
1541#define SSL_CTRL_SESS_CACHE_FULL 31
1542#define SSL_CTRL_OPTIONS 32
1543#define SSL_CTRL_MODE 33
1544
1545#define SSL_CTRL_GET_READ_AHEAD 40
1546#define SSL_CTRL_SET_READ_AHEAD 41
1547#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
1548#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
1549#define SSL_CTRL_SET_SESS_CACHE_MODE 44
1550#define SSL_CTRL_GET_SESS_CACHE_MODE 45
1551
1552#define SSL_CTRL_GET_MAX_CERT_LIST 50
1553#define SSL_CTRL_SET_MAX_CERT_LIST 51
1554
1555#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1556
1557/* see tls1.h for macros based on these */
1558#ifndef OPENSSL_NO_TLSEXT
1559#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1560#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1561#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
1562#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
1563#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1564#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1565#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1566#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
1567#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
1568#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1569#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1570#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1571#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
1572#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
1573#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
1574#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
1575#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
1576#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
1577#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
1578
1579#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1580
1581#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
1582#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
1583#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
1584
1585#define SSL_CTRL_SET_SRP_ARG 78
1586#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1587#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1588#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1589#ifndef OPENSSL_NO_HEARTBEATS
1590#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
1591#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
1592#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
1593#endif
1594#endif
1595
1596#define DTLS_CTRL_GET_TIMEOUT 73
1597#define DTLS_CTRL_HANDLE_TIMEOUT 74
1598#define DTLS_CTRL_LISTEN 75
1599
1600#define SSL_CTRL_GET_RI_SUPPORT 76
1601#define SSL_CTRL_CLEAR_OPTIONS 77
1602#define SSL_CTRL_CLEAR_MODE 78
1603
1604#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
1605#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
1606
1607#define DTLSv1_get_timeout(ssl, arg) \
1608 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1609#define DTLSv1_handle_timeout(ssl) \
1610 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1611#define DTLSv1_listen(ssl, peer) \
1612 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
1613
1614#define SSL_session_reused(ssl) \
1615 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1616#define SSL_num_renegotiations(ssl) \
1617 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
1618#define SSL_clear_num_renegotiations(ssl) \
1619 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
1620#define SSL_total_renegotiations(ssl) \
1621 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1622
1623#define SSL_CTX_need_tmp_RSA(ctx) \
1624 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1625#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
1626 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1627#define SSL_CTX_set_tmp_dh(ctx,dh) \
1628 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1629#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
1630 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1631
1632#define SSL_need_tmp_RSA(ssl) \
1633 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1634#define SSL_set_tmp_rsa(ssl,rsa) \
1635 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1636#define SSL_set_tmp_dh(ssl,dh) \
1637 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1638#define SSL_set_tmp_ecdh(ssl,ecdh) \
1639 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1640
1641#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1642 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1643#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
1644 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
1645#define SSL_CTX_clear_extra_chain_certs(ctx) \
1646 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
1647
1648#ifndef OPENSSL_NO_BIO
1649BIO_METHOD *BIO_f_ssl(void);
1650BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
1651BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
1652BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1653int BIO_ssl_copy_session_id(BIO *to,BIO *from);
1654void BIO_ssl_shutdown(BIO *ssl_bio);
1655
1656#endif
1657
1658int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
1659SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1660void SSL_CTX_free(SSL_CTX *);
1661long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
1662long SSL_CTX_get_timeout(const SSL_CTX *ctx);
1663X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1664void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
1665int SSL_want(const SSL *s);
1666int SSL_clear(SSL *s);
1667
1668void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
1669
1670const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1671int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
1672char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1673const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1674unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
1675
1676int SSL_get_fd(const SSL *s);
1677int SSL_get_rfd(const SSL *s);
1678int SSL_get_wfd(const SSL *s);
1679const char * SSL_get_cipher_list(const SSL *s,int n);
1680char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
1681int SSL_get_read_ahead(const SSL * s);
1682int SSL_pending(const SSL *s);
1683#ifndef OPENSSL_NO_SOCK
1684int SSL_set_fd(SSL *s, int fd);
1685int SSL_set_rfd(SSL *s, int fd);
1686int SSL_set_wfd(SSL *s, int fd);
1687#endif
1688#ifndef OPENSSL_NO_BIO
1689void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
1690BIO * SSL_get_rbio(const SSL *s);
1691BIO * SSL_get_wbio(const SSL *s);
1692#endif
1693int SSL_set_cipher_list(SSL *s, const char *str);
1694void SSL_set_read_ahead(SSL *s, int yes);
1695int SSL_get_verify_mode(const SSL *s);
1696int SSL_get_verify_depth(const SSL *s);
1697int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
1698void SSL_set_verify(SSL *s, int mode,
1699 int (*callback)(int ok,X509_STORE_CTX *ctx));
1700void SSL_set_verify_depth(SSL *s, int depth);
1701#ifndef OPENSSL_NO_RSA
1702int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1703#endif
1704int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
1705int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1706int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
1707int SSL_use_certificate(SSL *ssl, X509 *x);
1708int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1709
1710#ifndef OPENSSL_NO_STDIO
1711int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
1712int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
1713int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
1714int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1715int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1716int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1717int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
1718STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
1719int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1720 const char *file);
1721#ifndef OPENSSL_SYS_VMS
1722#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
1723int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1724 const char *dir);
1725#endif
1726#endif
1727
1728#endif
1729
1730void SSL_load_error_strings(void );
1731const char *SSL_state_string(const SSL *s);
1732const char *SSL_rstate_string(const SSL *s);
1733const char *SSL_state_string_long(const SSL *s);
1734const char *SSL_rstate_string_long(const SSL *s);
1735long SSL_SESSION_get_time(const SSL_SESSION *s);
1736long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1737long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1738long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1739void SSL_copy_session_id(SSL *to,const SSL *from);
1740X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
1741int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
1742 unsigned int sid_ctx_len);
1743
1744SSL_SESSION *SSL_SESSION_new(void);
1745const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1746 unsigned int *len);
1747unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1748#ifndef OPENSSL_NO_FP_API
1749int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1750#endif
1751#ifndef OPENSSL_NO_BIO
1752int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
1753#endif
1754void SSL_SESSION_free(SSL_SESSION *ses);
1755int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
1756int SSL_set_session(SSL *to, SSL_SESSION *session);
1757int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1758int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
1759int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
1760int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1761int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1762 unsigned int id_len);
1763SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
1764 long length);
1765
1766#ifdef HEADER_X509_H
1767X509 * SSL_get_peer_certificate(const SSL *s);
1768#endif
1769
1770STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1771
1772int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
1773int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
1774int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
1775void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
1776 int (*callback)(int, X509_STORE_CTX *));
1777void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
1778void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
1779#ifndef OPENSSL_NO_RSA
1780int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1781#endif
1782int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1783int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1784int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
1785 const unsigned char *d, long len);
1786int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1787int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1788
1789void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
1790void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1791
1792int SSL_CTX_check_private_key(const SSL_CTX *ctx);
1793int SSL_check_private_key(const SSL *ctx);
1794
1795int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
1796 unsigned int sid_ctx_len);
1797
1798SSL * SSL_new(SSL_CTX *ctx);
1799int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
1800 unsigned int sid_ctx_len);
1801
1802int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1803int SSL_set_purpose(SSL *s, int purpose);
1804int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1805int SSL_set_trust(SSL *s, int trust);
1806
1807int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1808int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1809
1810#ifndef OPENSSL_NO_SRP
1811int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
1812int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
1813int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
1814int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
1815 char *(*cb)(SSL *,void *));
1816int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
1817 int (*cb)(SSL *,void *));
1818int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
1819 int (*cb)(SSL *,int *,void *));
1820int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
1821
1822int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
1823 BIGNUM *sa, BIGNUM *v, char *info);
1824int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
1825 const char *grp);
1826
1827BIGNUM *SSL_get_srp_g(SSL *s);
1828BIGNUM *SSL_get_srp_N(SSL *s);
1829
1830char *SSL_get_srp_username(SSL *s);
1831char *SSL_get_srp_userinfo(SSL *s);
1832#endif
1833
1834void SSL_free(SSL *ssl);
1835int SSL_accept(SSL *ssl);
1836int SSL_connect(SSL *ssl);
1837int SSL_read(SSL *ssl,void *buf,int num);
1838int SSL_peek(SSL *ssl,void *buf,int num);
1839int SSL_write(SSL *ssl,const void *buf,int num);
1840long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
1841long SSL_callback_ctrl(SSL *, int, void (*)(void));
1842long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
1843long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1844
1845int SSL_get_error(const SSL *s,int ret_code);
1846const char *SSL_get_version(const SSL *s);
1847
1848/* This sets the 'default' SSL version that SSL_new() will create */
1849int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1850
1851#ifndef OPENSSL_NO_SSL2
1852const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1853const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1854const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1855#endif
1856
1857const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1858const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1859const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1860
1861const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1862const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1863const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1864
1865const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1866const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1867const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1868
1869const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
1870const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
1871const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
1872
1873const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
1874const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
1875const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
1876
1877
1878const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1879const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1880const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1881
1882STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1883
1884int SSL_do_handshake(SSL *s);
1885int SSL_renegotiate(SSL *s);
1886int SSL_renegotiate_abbreviated(SSL *s);
1887int SSL_renegotiate_pending(SSL *s);
1888int SSL_shutdown(SSL *s);
1889
1890const SSL_METHOD *SSL_get_ssl_method(SSL *s);
1891int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
1892const char *SSL_alert_type_string_long(int value);
1893const char *SSL_alert_type_string(int value);
1894const char *SSL_alert_desc_string_long(int value);
1895const char *SSL_alert_desc_string(int value);
1896
1897void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1898void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1899STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
1900STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1901int SSL_add_client_CA(SSL *ssl,X509 *x);
1902int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
1903
1904void SSL_set_connect_state(SSL *s);
1905void SSL_set_accept_state(SSL *s);
1906
1907long SSL_get_default_timeout(const SSL *s);
1908
1909int SSL_library_init(void );
1910
1911char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
1912STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1913
1914SSL *SSL_dup(SSL *ssl);
1915
1916X509 *SSL_get_certificate(const SSL *ssl);
1917/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1918
1919void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1920int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1921void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1922int SSL_get_quiet_shutdown(const SSL *ssl);
1923void SSL_set_shutdown(SSL *ssl,int mode);
1924int SSL_get_shutdown(const SSL *ssl);
1925int SSL_version(const SSL *ssl);
1926int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1927int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1928 const char *CApath);
1929#define SSL_get0_session SSL_get_session /* just peek at pointer */
1930SSL_SESSION *SSL_get_session(const SSL *ssl);
1931SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1932SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1933SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
1934void SSL_set_info_callback(SSL *ssl,
1935 void (*cb)(const SSL *ssl,int type,int val));
1936void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
1937int SSL_state(const SSL *ssl);
1938void SSL_set_state(SSL *ssl, int state);
1939
1940void SSL_set_verify_result(SSL *ssl,long v);
1941long SSL_get_verify_result(const SSL *ssl);
1942
1943int SSL_set_ex_data(SSL *ssl,int idx,void *data);
1944void *SSL_get_ex_data(const SSL *ssl,int idx);
1945int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1946 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1947
1948int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
1949void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
1950int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1951 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1952
1953int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
1954void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
1955int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1956 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1957
1958int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1959
1960#define SSL_CTX_sess_set_cache_size(ctx,t) \
1961 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1962#define SSL_CTX_sess_get_cache_size(ctx) \
1963 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1964#define SSL_CTX_set_session_cache_mode(ctx,m) \
1965 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1966#define SSL_CTX_get_session_cache_mode(ctx) \
1967 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1968
1969#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1970#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1971#define SSL_CTX_get_read_ahead(ctx) \
1972 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1973#define SSL_CTX_set_read_ahead(ctx,m) \
1974 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1975#define SSL_CTX_get_max_cert_list(ctx) \
1976 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1977#define SSL_CTX_set_max_cert_list(ctx,m) \
1978 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1979#define SSL_get_max_cert_list(ssl) \
1980 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1981#define SSL_set_max_cert_list(ssl,m) \
1982 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1983
1984#define SSL_CTX_set_max_send_fragment(ctx,m) \
1985 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1986#define SSL_set_max_send_fragment(ssl,m) \
1987 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1988
1989 /* NB: the keylength is only applicable when is_export is true */
1990#ifndef OPENSSL_NO_RSA
1991void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1992 RSA *(*cb)(SSL *ssl,int is_export,
1993 int keylength));
1994
1995void SSL_set_tmp_rsa_callback(SSL *ssl,
1996 RSA *(*cb)(SSL *ssl,int is_export,
1997 int keylength));
1998#endif
1999#ifndef OPENSSL_NO_DH
2000void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
2001 DH *(*dh)(SSL *ssl,int is_export,
2002 int keylength));
2003void SSL_set_tmp_dh_callback(SSL *ssl,
2004 DH *(*dh)(SSL *ssl,int is_export,
2005 int keylength));
2006#endif
2007#ifndef OPENSSL_NO_ECDH
2008void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
2009 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2010 int keylength));
2011void SSL_set_tmp_ecdh_callback(SSL *ssl,
2012 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2013 int keylength));
2014#endif
2015
2016#ifndef OPENSSL_NO_COMP
2017const COMP_METHOD *SSL_get_current_compression(SSL *s);
2018const COMP_METHOD *SSL_get_current_expansion(SSL *s);
2019const char *SSL_COMP_get_name(const COMP_METHOD *comp);
2020STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
2021int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
2022#else
2023const void *SSL_get_current_compression(SSL *s);
2024const void *SSL_get_current_expansion(SSL *s);
2025const char *SSL_COMP_get_name(const void *comp);
2026void *SSL_COMP_get_compression_methods(void);
2027int SSL_COMP_add_compression_method(int id,void *cm);
2028#endif
2029
2030/* TLS extensions functions */
2031int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
2032
2033int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
2034 void *arg);
2035
2036/* Pre-shared secret session resumption functions */
2037int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
2038
2039void SSL_set_debug(SSL *s, int debug);
2040int SSL_cache_hit(SSL *s);
2041
2042/* BEGIN ERROR CODES */
2043/* The following lines are auto generated by the script mkerr.pl. Any changes
2044 * made after this point may be overwritten when the script is next run.
2045 */
2046void ERR_load_SSL_strings(void);
2047
2048/* Error codes for the SSL functions. */
2049
2050/* Function codes. */
2051#define SSL_F_CLIENT_CERTIFICATE 100
2052#define SSL_F_CLIENT_FINISHED 167
2053#define SSL_F_CLIENT_HELLO 101
2054#define SSL_F_CLIENT_MASTER_KEY 102
2055#define SSL_F_D2I_SSL_SESSION 103
2056#define SSL_F_DO_DTLS1_WRITE 245
2057#define SSL_F_DO_SSL3_WRITE 104
2058#define SSL_F_DTLS1_ACCEPT 246
2059#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
2060#define SSL_F_DTLS1_BUFFER_RECORD 247
2061#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316
2062#define SSL_F_DTLS1_CLIENT_HELLO 248
2063#define SSL_F_DTLS1_CONNECT 249
2064#define SSL_F_DTLS1_ENC 250
2065#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
2066#define SSL_F_DTLS1_GET_MESSAGE 252
2067#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
2068#define SSL_F_DTLS1_GET_RECORD 254
2069#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
2070#define SSL_F_DTLS1_HEARTBEAT 305
2071#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
2072#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
2073#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
2074#define SSL_F_DTLS1_PROCESS_RECORD 257
2075#define SSL_F_DTLS1_READ_BYTES 258
2076#define SSL_F_DTLS1_READ_FAILED 259
2077#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
2078#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
2079#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
2080#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
2081#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
2082#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
2083#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
2084#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
2085#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
2086#define SSL_F_GET_CLIENT_FINISHED 105
2087#define SSL_F_GET_CLIENT_HELLO 106
2088#define SSL_F_GET_CLIENT_MASTER_KEY 107
2089#define SSL_F_GET_SERVER_FINISHED 108
2090#define SSL_F_GET_SERVER_HELLO 109
2091#define SSL_F_GET_SERVER_VERIFY 110
2092#define SSL_F_I2D_SSL_SESSION 111
2093#define SSL_F_READ_N 112
2094#define SSL_F_REQUEST_CERTIFICATE 113
2095#define SSL_F_SERVER_FINISH 239
2096#define SSL_F_SERVER_HELLO 114
2097#define SSL_F_SERVER_VERIFY 240
2098#define SSL_F_SSL23_ACCEPT 115
2099#define SSL_F_SSL23_CLIENT_HELLO 116
2100#define SSL_F_SSL23_CONNECT 117
2101#define SSL_F_SSL23_GET_CLIENT_HELLO 118
2102#define SSL_F_SSL23_GET_SERVER_HELLO 119
2103#define SSL_F_SSL23_PEEK 237
2104#define SSL_F_SSL23_READ 120
2105#define SSL_F_SSL23_WRITE 121
2106#define SSL_F_SSL2_ACCEPT 122
2107#define SSL_F_SSL2_CONNECT 123
2108#define SSL_F_SSL2_ENC_INIT 124
2109#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
2110#define SSL_F_SSL2_PEEK 234
2111#define SSL_F_SSL2_READ 125
2112#define SSL_F_SSL2_READ_INTERNAL 236
2113#define SSL_F_SSL2_SET_CERTIFICATE 126
2114#define SSL_F_SSL2_WRITE 127
2115#define SSL_F_SSL3_ACCEPT 128
2116#define SSL_F_SSL3_ADD_CERT_TO_BUF 296
2117#define SSL_F_SSL3_CALLBACK_CTRL 233
2118#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
2119#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
2120#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
2121#define SSL_F_SSL3_CLIENT_HELLO 131
2122#define SSL_F_SSL3_CONNECT 132
2123#define SSL_F_SSL3_CTRL 213
2124#define SSL_F_SSL3_CTX_CTRL 133
2125#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
2126#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
2127#define SSL_F_SSL3_ENC 134
2128#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
2129#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
2130#define SSL_F_SSL3_GET_CERT_STATUS 289
2131#define SSL_F_SSL3_GET_CERT_VERIFY 136
2132#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
2133#define SSL_F_SSL3_GET_CLIENT_HELLO 138
2134#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
2135#define SSL_F_SSL3_GET_FINISHED 140
2136#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
2137#define SSL_F_SSL3_GET_MESSAGE 142
2138#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
2139#define SSL_F_SSL3_GET_NEXT_PROTO 306
2140#define SSL_F_SSL3_GET_RECORD 143
2141#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
2142#define SSL_F_SSL3_GET_SERVER_DONE 145
2143#define SSL_F_SSL3_GET_SERVER_HELLO 146
2144#define SSL_F_SSL3_HANDSHAKE_MAC 285
2145#define SSL_F_SSL3_NEW_SESSION_TICKET 287
2146#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
2147#define SSL_F_SSL3_PEEK 235
2148#define SSL_F_SSL3_READ_BYTES 148
2149#define SSL_F_SSL3_READ_N 149
2150#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
2151#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
2152#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
2153#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
2154#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
2155#define SSL_F_SSL3_SEND_SERVER_HELLO 242
2156#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
2157#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
2158#define SSL_F_SSL3_SETUP_READ_BUFFER 156
2159#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
2160#define SSL_F_SSL3_WRITE_BYTES 158
2161#define SSL_F_SSL3_WRITE_PENDING 159
2162#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
2163#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
2164#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307
2165#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
2166#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
2167#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
2168#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
2169#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308
2170#define SSL_F_SSL_BAD_METHOD 160
2171#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
2172#define SSL_F_SSL_CERT_DUP 221
2173#define SSL_F_SSL_CERT_INST 222
2174#define SSL_F_SSL_CERT_INSTANTIATE 214
2175#define SSL_F_SSL_CERT_NEW 162
2176#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
2177#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
2178#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
2179#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
2180#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
2181#define SSL_F_SSL_CLEAR 164
2182#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
2183#define SSL_F_SSL_CREATE_CIPHER_LIST 166
2184#define SSL_F_SSL_CTRL 232
2185#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
2186#define SSL_F_SSL_CTX_MAKE_PROFILES 309
2187#define SSL_F_SSL_CTX_NEW 169
2188#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
2189#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
2190#define SSL_F_SSL_CTX_SET_PURPOSE 226
2191#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
2192#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
2193#define SSL_F_SSL_CTX_SET_TRUST 229
2194#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
2195#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
2196#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
2197#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
2198#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
2199#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
2200#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
2201#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
2202#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
2203#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
2204#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
2205#define SSL_F_SSL_DO_HANDSHAKE 180
2206#define SSL_F_SSL_GET_NEW_SESSION 181
2207#define SSL_F_SSL_GET_PREV_SESSION 217
2208#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
2209#define SSL_F_SSL_GET_SIGN_PKEY 183
2210#define SSL_F_SSL_INIT_WBIO_BUFFER 184
2211#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
2212#define SSL_F_SSL_NEW 186
2213#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
2214#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
2215#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310
2216#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
2217#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
2218#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
2219#define SSL_F_SSL_PEEK 270
2220#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
2221#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
2222#define SSL_F_SSL_READ 223
2223#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
2224#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
2225#define SSL_F_SSL_SESSION_NEW 189
2226#define SSL_F_SSL_SESSION_PRINT_FP 190
2227#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
2228#define SSL_F_SSL_SESS_CERT_NEW 225
2229#define SSL_F_SSL_SET_CERT 191
2230#define SSL_F_SSL_SET_CIPHER_LIST 271
2231#define SSL_F_SSL_SET_FD 192
2232#define SSL_F_SSL_SET_PKEY 193
2233#define SSL_F_SSL_SET_PURPOSE 227
2234#define SSL_F_SSL_SET_RFD 194
2235#define SSL_F_SSL_SET_SESSION 195
2236#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
2237#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
2238#define SSL_F_SSL_SET_TRUST 228
2239#define SSL_F_SSL_SET_WFD 196
2240#define SSL_F_SSL_SHUTDOWN 224
2241#define SSL_F_SSL_SRP_CTX_INIT 313
2242#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
2243#define SSL_F_SSL_UNDEFINED_FUNCTION 197
2244#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
2245#define SSL_F_SSL_USE_CERTIFICATE 198
2246#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
2247#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
2248#define SSL_F_SSL_USE_PRIVATEKEY 201
2249#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
2250#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
2251#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
2252#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
2253#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
2254#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
2255#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
2256#define SSL_F_SSL_WRITE 208
2257#define SSL_F_TLS1_CERT_VERIFY_MAC 286
2258#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2259#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
2260#define SSL_F_TLS1_ENC 210
2261#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
2262#define SSL_F_TLS1_HEARTBEAT 315
2263#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2264#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2265#define SSL_F_TLS1_PRF 284
2266#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
2267#define SSL_F_WRITE_PENDING 212
2268
2269/* Reason codes. */
2270#define SSL_R_APP_DATA_IN_HANDSHAKE 100
2271#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2272#define SSL_R_BAD_ALERT_RECORD 101
2273#define SSL_R_BAD_AUTHENTICATION_TYPE 102
2274#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
2275#define SSL_R_BAD_CHECKSUM 104
2276#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
2277#define SSL_R_BAD_DECOMPRESSION 107
2278#define SSL_R_BAD_DH_G_LENGTH 108
2279#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
2280#define SSL_R_BAD_DH_P_LENGTH 110
2281#define SSL_R_BAD_DIGEST_LENGTH 111
2282#define SSL_R_BAD_DSA_SIGNATURE 112
2283#define SSL_R_BAD_ECC_CERT 304
2284#define SSL_R_BAD_ECDSA_SIGNATURE 305
2285#define SSL_R_BAD_ECPOINT 306
2286#define SSL_R_BAD_HANDSHAKE_LENGTH 332
2287#define SSL_R_BAD_HELLO_REQUEST 105
2288#define SSL_R_BAD_LENGTH 271
2289#define SSL_R_BAD_MAC_DECODE 113
2290#define SSL_R_BAD_MAC_LENGTH 333
2291#define SSL_R_BAD_MESSAGE_TYPE 114
2292#define SSL_R_BAD_PACKET_LENGTH 115
2293#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
2294#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
2295#define SSL_R_BAD_RESPONSE_ARGUMENT 117
2296#define SSL_R_BAD_RSA_DECRYPT 118
2297#define SSL_R_BAD_RSA_ENCRYPT 119
2298#define SSL_R_BAD_RSA_E_LENGTH 120
2299#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
2300#define SSL_R_BAD_RSA_SIGNATURE 122
2301#define SSL_R_BAD_SIGNATURE 123
2302#define SSL_R_BAD_SRP_A_LENGTH 347
2303#define SSL_R_BAD_SRP_B_LENGTH 348
2304#define SSL_R_BAD_SRP_G_LENGTH 349
2305#define SSL_R_BAD_SRP_N_LENGTH 350
2306#define SSL_R_BAD_SRP_S_LENGTH 351
2307#define SSL_R_BAD_SRTP_MKI_VALUE 352
2308#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
2309#define SSL_R_BAD_SSL_FILETYPE 124
2310#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
2311#define SSL_R_BAD_STATE 126
2312#define SSL_R_BAD_WRITE_RETRY 127
2313#define SSL_R_BIO_NOT_SET 128
2314#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
2315#define SSL_R_BN_LIB 130
2316#define SSL_R_CA_DN_LENGTH_MISMATCH 131
2317#define SSL_R_CA_DN_TOO_LONG 132
2318#define SSL_R_CCS_RECEIVED_EARLY 133
2319#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
2320#define SSL_R_CERT_LENGTH_MISMATCH 135
2321#define SSL_R_CHALLENGE_IS_DIFFERENT 136
2322#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
2323#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
2324#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
2325#define SSL_R_CLIENTHELLO_TLSEXT 226
2326#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
2327#define SSL_R_COMPRESSION_DISABLED 343
2328#define SSL_R_COMPRESSION_FAILURE 141
2329#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
2330#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
2331#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
2332#define SSL_R_CONNECTION_TYPE_NOT_SET 144
2333#define SSL_R_COOKIE_MISMATCH 308
2334#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
2335#define SSL_R_DATA_LENGTH_TOO_LONG 146
2336#define SSL_R_DECRYPTION_FAILED 147
2337#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
2338#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
2339#define SSL_R_DIGEST_CHECK_FAILED 149
2340#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
2341#define SSL_R_DUPLICATE_COMPRESSION_ID 309
2342#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
2343#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
2344#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2345#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
2346#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
2347#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
2348#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
2349#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
2350#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
2351#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
2352#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
2353#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
2354#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
2355#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
2356#define SSL_R_HTTPS_PROXY_REQUEST 155
2357#define SSL_R_HTTP_REQUEST 156
2358#define SSL_R_ILLEGAL_PADDING 283
2359#define SSL_R_INCONSISTENT_COMPRESSION 340
2360#define SSL_R_INVALID_CHALLENGE_LENGTH 158
2361#define SSL_R_INVALID_COMMAND 280
2362#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
2363#define SSL_R_INVALID_PURPOSE 278
2364#define SSL_R_INVALID_SRP_USERNAME 357
2365#define SSL_R_INVALID_STATUS_RESPONSE 328
2366#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
2367#define SSL_R_INVALID_TRUST 279
2368#define SSL_R_KEY_ARG_TOO_LONG 284
2369#define SSL_R_KRB5 285
2370#define SSL_R_KRB5_C_CC_PRINC 286
2371#define SSL_R_KRB5_C_GET_CRED 287
2372#define SSL_R_KRB5_C_INIT 288
2373#define SSL_R_KRB5_C_MK_REQ 289
2374#define SSL_R_KRB5_S_BAD_TICKET 290
2375#define SSL_R_KRB5_S_INIT 291
2376#define SSL_R_KRB5_S_RD_REQ 292
2377#define SSL_R_KRB5_S_TKT_EXPIRED 293
2378#define SSL_R_KRB5_S_TKT_NYV 294
2379#define SSL_R_KRB5_S_TKT_SKEW 295
2380#define SSL_R_LENGTH_MISMATCH 159
2381#define SSL_R_LENGTH_TOO_SHORT 160
2382#define SSL_R_LIBRARY_BUG 274
2383#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
2384#define SSL_R_MESSAGE_TOO_LONG 296
2385#define SSL_R_MISSING_DH_DSA_CERT 162
2386#define SSL_R_MISSING_DH_KEY 163
2387#define SSL_R_MISSING_DH_RSA_CERT 164
2388#define SSL_R_MISSING_DSA_SIGNING_CERT 165
2389#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
2390#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
2391#define SSL_R_MISSING_RSA_CERTIFICATE 168
2392#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
2393#define SSL_R_MISSING_RSA_SIGNING_CERT 170
2394#define SSL_R_MISSING_SRP_PARAM 358
2395#define SSL_R_MISSING_TMP_DH_KEY 171
2396#define SSL_R_MISSING_TMP_ECDH_KEY 311
2397#define SSL_R_MISSING_TMP_RSA_KEY 172
2398#define SSL_R_MISSING_TMP_RSA_PKEY 173
2399#define SSL_R_MISSING_VERIFY_MESSAGE 174
2400#define SSL_R_MULTIPLE_SGC_RESTARTS 346
2401#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
2402#define SSL_R_NO_CERTIFICATES_RETURNED 176
2403#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
2404#define SSL_R_NO_CERTIFICATE_RETURNED 178
2405#define SSL_R_NO_CERTIFICATE_SET 179
2406#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
2407#define SSL_R_NO_CIPHERS_AVAILABLE 181
2408#define SSL_R_NO_CIPHERS_PASSED 182
2409#define SSL_R_NO_CIPHERS_SPECIFIED 183
2410#define SSL_R_NO_CIPHER_LIST 184
2411#define SSL_R_NO_CIPHER_MATCH 185
2412#define SSL_R_NO_CLIENT_CERT_METHOD 331
2413#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
2414#define SSL_R_NO_COMPRESSION_SPECIFIED 187
2415#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
2416#define SSL_R_NO_METHOD_SPECIFIED 188
2417#define SSL_R_NO_PRIVATEKEY 189
2418#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
2419#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
2420#define SSL_R_NO_PUBLICKEY 192
2421#define SSL_R_NO_RENEGOTIATION 339
2422#define SSL_R_NO_REQUIRED_DIGEST 324
2423#define SSL_R_NO_SHARED_CIPHER 193
2424#define SSL_R_NO_SRTP_PROFILES 359
2425#define SSL_R_NO_VERIFY_CALLBACK 194
2426#define SSL_R_NULL_SSL_CTX 195
2427#define SSL_R_NULL_SSL_METHOD_PASSED 196
2428#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2429#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2430#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2431#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
2432#define SSL_R_PACKET_LENGTH_TOO_LONG 198
2433#define SSL_R_PARSE_TLSEXT 227
2434#define SSL_R_PATH_TOO_LONG 270
2435#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
2436#define SSL_R_PEER_ERROR 200
2437#define SSL_R_PEER_ERROR_CERTIFICATE 201
2438#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
2439#define SSL_R_PEER_ERROR_NO_CIPHER 203
2440#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
2441#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
2442#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
2443#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
2444#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
2445#define SSL_R_PSK_NO_CLIENT_CB 224
2446#define SSL_R_PSK_NO_SERVER_CB 225
2447#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
2448#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
2449#define SSL_R_PUBLIC_KEY_NOT_RSA 210
2450#define SSL_R_READ_BIO_NOT_SET 211
2451#define SSL_R_READ_TIMEOUT_EXPIRED 312
2452#define SSL_R_READ_WRONG_PACKET_TYPE 212
2453#define SSL_R_RECORD_LENGTH_MISMATCH 213
2454#define SSL_R_RECORD_TOO_LARGE 214
2455#define SSL_R_RECORD_TOO_SMALL 298
2456#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
2457#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
2458#define SSL_R_RENEGOTIATION_MISMATCH 337
2459#define SSL_R_REQUIRED_CIPHER_MISSING 215
2460#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
2461#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
2462#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
2463#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
2464#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
2465#define SSL_R_SERVERHELLO_TLSEXT 275
2466#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
2467#define SSL_R_SHORT_READ 219
2468#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
2469#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
2470#define SSL_R_SRP_A_CALC 361
2471#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
2472#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
2473#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
2474#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
2475#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
2476#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
2477#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
2478#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
2479#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
2480#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
2481#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
2482#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
2483#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
2484#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
2485#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
2486#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
2487#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
2488#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
2489#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
2490#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
2491#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
2492#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
2493#define SSL_R_SSL_HANDSHAKE_FAILURE 229
2494#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
2495#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
2496#define SSL_R_SSL_SESSION_ID_CONFLICT 302
2497#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
2498#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
2499#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
2500#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
2501#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
2502#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
2503#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
2504#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
2505#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
2506#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
2507#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
2508#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
2509#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2510#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2511#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2512#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
2513#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
2514#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
2515#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2516#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2517#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2518#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
2519#define SSL_R_TLS_HEARTBEAT_PENDING 366
2520#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
2521#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2522#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2523#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2524#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
2525#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
2526#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
2527#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
2528#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
2529#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
2530#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
2531#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
2532#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
2533#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
2534#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
2535#define SSL_R_UNEXPECTED_MESSAGE 244
2536#define SSL_R_UNEXPECTED_RECORD 245
2537#define SSL_R_UNINITIALIZED 276
2538#define SSL_R_UNKNOWN_ALERT_TYPE 246
2539#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
2540#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
2541#define SSL_R_UNKNOWN_CIPHER_TYPE 249
2542#define SSL_R_UNKNOWN_DIGEST 368
2543#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
2544#define SSL_R_UNKNOWN_PKEY_TYPE 251
2545#define SSL_R_UNKNOWN_PROTOCOL 252
2546#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2547#define SSL_R_UNKNOWN_SSL_VERSION 254
2548#define SSL_R_UNKNOWN_STATE 255
2549#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
2550#define SSL_R_UNSUPPORTED_CIPHER 256
2551#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2552#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
2553#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2554#define SSL_R_UNSUPPORTED_PROTOCOL 258
2555#define SSL_R_UNSUPPORTED_SSL_VERSION 259
2556#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
2557#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
2558#define SSL_R_WRITE_BIO_NOT_SET 260
2559#define SSL_R_WRONG_CIPHER_RETURNED 261
2560#define SSL_R_WRONG_MESSAGE_TYPE 262
2561#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2562#define SSL_R_WRONG_SIGNATURE_LENGTH 264
2563#define SSL_R_WRONG_SIGNATURE_SIZE 265
2564#define SSL_R_WRONG_SIGNATURE_TYPE 370
2565#define SSL_R_WRONG_SSL_VERSION 266
2566#define SSL_R_WRONG_VERSION_NUMBER 267
2567#define SSL_R_X509_LIB 268
2568#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
2569
2570#ifdef __cplusplus
2571}
2572#endif
2573#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index eb25dcb0bf..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,272 +0,0 @@
1/* ssl/ssl2.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#ifdef OPENSSL_SYS_MPE
137#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
138#else
139#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
140#endif
141#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
142
143#define SSL2_CHALLENGE_LENGTH 16
144/*#define SSL2_CHALLENGE_LENGTH 32 */
145#define SSL2_MIN_CHALLENGE_LENGTH 16
146#define SSL2_MAX_CHALLENGE_LENGTH 32
147#define SSL2_CONNECTION_ID_LENGTH 16
148#define SSL2_MAX_CONNECTION_ID_LENGTH 16
149#define SSL2_SSL_SESSION_ID_LENGTH 16
150#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
151#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
152#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
153
154#ifndef HEADER_SSL_LOCL_H
155#define CERT char
156#endif
157
158#ifndef OPENSSL_NO_SSL_INTERN
159
160typedef struct ssl2_state_st
161 {
162 int three_byte_header;
163 int clear_text; /* clear text */
164 int escape; /* not used in SSLv2 */
165 int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
166
167 /* non-blocking io info, used to make sure the same
168 * args were passwd */
169 unsigned int wnum; /* number of bytes sent so far */
170 int wpend_tot;
171 const unsigned char *wpend_buf;
172
173 int wpend_off; /* offset to data to write */
174 int wpend_len; /* number of bytes passwd to write */
175 int wpend_ret; /* number of bytes to return to caller */
176
177 /* buffer raw data */
178 int rbuf_left;
179 int rbuf_offs;
180 unsigned char *rbuf;
181 unsigned char *wbuf;
182
183 unsigned char *write_ptr;/* used to point to the start due to
184 * 2/3 byte header. */
185
186 unsigned int padding;
187 unsigned int rlength; /* passed to ssl2_enc */
188 int ract_data_length; /* Set when things are encrypted. */
189 unsigned int wlength; /* passed to ssl2_enc */
190 int wact_data_length; /* Set when things are decrypted. */
191 unsigned char *ract_data;
192 unsigned char *wact_data;
193 unsigned char *mac_data;
194
195 unsigned char *read_key;
196 unsigned char *write_key;
197
198 /* Stuff specifically to do with this SSL session */
199 unsigned int challenge_length;
200 unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
201 unsigned int conn_id_length;
202 unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
203 unsigned int key_material_length;
204 unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
205
206 unsigned long read_sequence;
207 unsigned long write_sequence;
208
209 struct {
210 unsigned int conn_id_length;
211 unsigned int cert_type;
212 unsigned int cert_length;
213 unsigned int csl;
214 unsigned int clear;
215 unsigned int enc;
216 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
217 unsigned int cipher_spec_length;
218 unsigned int session_id_length;
219 unsigned int clen;
220 unsigned int rlen;
221 } tmp;
222 } SSL2_STATE;
223
224#endif
225
226/* SSLv2 */
227/* client */
228#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
229#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
230#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
231#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
232#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
233#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
234#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
235#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
236#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
237#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
238#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
239#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
240#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
241#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
242#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
243#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
244#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
245#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
246/* server */
247#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
248#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
249#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
250#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
251#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
252#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
253#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
254#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
255#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
256#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
257#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
258#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
259#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
260#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
261#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
262#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
263#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
264#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
265#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
266#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
267
268#ifdef __cplusplus
269}
270#endif
271#endif
272
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
1/* ssl/ssl23.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
83
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 112e627de0..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,678 +0,0 @@
1/* ssl/ssl3.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H
119
120#ifndef OPENSSL_NO_COMP
121#include <openssl/comp.h>
122#endif
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125#include <openssl/ssl.h>
126
127#ifdef __cplusplus
128extern "C" {
129#endif
130
131/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
132#define SSL3_CK_SCSV 0x030000FF
133
134#define SSL3_CK_RSA_NULL_MD5 0x03000001
135#define SSL3_CK_RSA_NULL_SHA 0x03000002
136#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
137#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
138#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
139#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
140#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
141#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
142#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
143#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
144
145#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
146#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
147#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
148#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
149#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
150#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
151
152#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
153#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
154#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
155#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
156#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
157#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
158
159#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
160#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
161#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
162#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
163#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
164
165#if 0
166 #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
167 #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
168 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
169 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
170 of the ietf-tls list */
171 #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
172 #endif
173#endif
174
175/* VRS Additional Kerberos5 entries
176 */
177#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
178#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
179#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
180#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
181#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
182#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
183#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
184#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
185
186#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
187#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
188#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
189#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
190#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
191#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
192
193#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
194#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
195#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
196#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
197#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
198#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
199#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
200#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
201#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
202#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
203
204#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
205#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
206#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
207#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
208#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
209#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
210
211#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
212#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
213#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
214#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
215#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
216#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
217
218#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
219#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
220#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
221#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
222#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
223
224#if 0
225 #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
226 #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
227 #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
228#endif
229
230#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
231#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
232#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
233#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
234#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
235#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
236#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
237#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
238
239#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
240#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
241#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
242#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
243#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
244#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
245
246#define SSL3_SSL_SESSION_ID_LENGTH 32
247#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
248
249#define SSL3_MASTER_SECRET_SIZE 48
250#define SSL3_RANDOM_SIZE 32
251#define SSL3_SESSION_ID_SIZE 32
252#define SSL3_RT_HEADER_LENGTH 5
253
254#ifndef SSL3_ALIGN_PAYLOAD
255 /* Some will argue that this increases memory footprint, but it's
256 * not actually true. Point is that malloc has to return at least
257 * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
258 * 3 bytes in either case. Suggested pre-gaping simply moves these
259 * wasted bytes from the end of allocated region to its front,
260 * but makes data payload aligned, which improves performance:-) */
261# define SSL3_ALIGN_PAYLOAD 8
262#else
263# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
264# error "insane SSL3_ALIGN_PAYLOAD"
265# undef SSL3_ALIGN_PAYLOAD
266# endif
267#endif
268
269/* This is the maximum MAC (digest) size used by the SSL library.
270 * Currently maximum of 20 is used by SHA1, but we reserve for
271 * future extension for 512-bit hashes.
272 */
273
274#define SSL3_RT_MAX_MD_SIZE 64
275
276/* Maximum block size used in all ciphersuites. Currently 16 for AES.
277 */
278
279#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
280
281#define SSL3_RT_MAX_EXTRA (16384)
282
283/* Maximum plaintext length: defined by SSL/TLS standards */
284#define SSL3_RT_MAX_PLAIN_LENGTH 16384
285/* Maximum compression overhead: defined by SSL/TLS standards */
286#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
287
288/* The standards give a maximum encryption overhead of 1024 bytes.
289 * In practice the value is lower than this. The overhead is the maximum
290 * number of padding bytes (256) plus the mac size.
291 */
292#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
293
294/* OpenSSL currently only uses a padding length of at most one block so
295 * the send overhead is smaller.
296 */
297
298#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
299 (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
300
301/* If compression isn't used don't include the compression overhead */
302
303#ifdef OPENSSL_NO_COMP
304#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
305#else
306#define SSL3_RT_MAX_COMPRESSED_LENGTH \
307 (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
308#endif
309#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
310 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
311#define SSL3_RT_MAX_PACKET_SIZE \
312 (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
313
314#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
315#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
316
317#define SSL3_VERSION 0x0300
318#define SSL3_VERSION_MAJOR 0x03
319#define SSL3_VERSION_MINOR 0x00
320
321#define SSL3_RT_CHANGE_CIPHER_SPEC 20
322#define SSL3_RT_ALERT 21
323#define SSL3_RT_HANDSHAKE 22
324#define SSL3_RT_APPLICATION_DATA 23
325#define TLS1_RT_HEARTBEAT 24
326
327#define SSL3_AL_WARNING 1
328#define SSL3_AL_FATAL 2
329
330#define SSL3_AD_CLOSE_NOTIFY 0
331#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
332#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
333#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
334#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
335#define SSL3_AD_NO_CERTIFICATE 41
336#define SSL3_AD_BAD_CERTIFICATE 42
337#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
338#define SSL3_AD_CERTIFICATE_REVOKED 44
339#define SSL3_AD_CERTIFICATE_EXPIRED 45
340#define SSL3_AD_CERTIFICATE_UNKNOWN 46
341#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
342
343#define TLS1_HB_REQUEST 1
344#define TLS1_HB_RESPONSE 2
345
346#ifndef OPENSSL_NO_SSL_INTERN
347
348typedef struct ssl3_record_st
349 {
350/*r */ int type; /* type of record */
351/*rw*/ unsigned int length; /* How many bytes available */
352/*r */ unsigned int off; /* read/write offset into 'buf' */
353/*rw*/ unsigned char *data; /* pointer to the record data */
354/*rw*/ unsigned char *input; /* where the decode bytes are */
355/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
356/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
357/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
358 } SSL3_RECORD;
359
360typedef struct ssl3_buffer_st
361 {
362 unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
363 * see ssl3_setup_buffers() */
364 size_t len; /* buffer size */
365 int offset; /* where to 'copy from' */
366 int left; /* how many bytes left */
367 } SSL3_BUFFER;
368
369#endif
370
371#define SSL3_CT_RSA_SIGN 1
372#define SSL3_CT_DSS_SIGN 2
373#define SSL3_CT_RSA_FIXED_DH 3
374#define SSL3_CT_DSS_FIXED_DH 4
375#define SSL3_CT_RSA_EPHEMERAL_DH 5
376#define SSL3_CT_DSS_EPHEMERAL_DH 6
377#define SSL3_CT_FORTEZZA_DMS 20
378/* SSL3_CT_NUMBER is used to size arrays and it must be large
379 * enough to contain all of the cert types defined either for
380 * SSLv3 and TLSv1.
381 */
382#define SSL3_CT_NUMBER 9
383
384
385#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
386#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
387#define SSL3_FLAGS_POP_BUFFER 0x0004
388#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
389#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
390#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
391
392/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
393 * restart a handshake because of MS SGC and so prevents us
394 * from restarting the handshake in a loop. It's reset on a
395 * renegotiation, so effectively limits the client to one restart
396 * per negotiation. This limits the possibility of a DDoS
397 * attack where the client handshakes in a loop using SGC to
398 * restart. Servers which permit renegotiation can still be
399 * effected, but we can't prevent that.
400 */
401#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
402
403#ifndef OPENSSL_NO_SSL_INTERN
404
405typedef struct ssl3_state_st
406 {
407 long flags;
408 int delay_buf_pop_ret;
409
410 unsigned char read_sequence[8];
411 int read_mac_secret_size;
412 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
413 unsigned char write_sequence[8];
414 int write_mac_secret_size;
415 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
416
417 unsigned char server_random[SSL3_RANDOM_SIZE];
418 unsigned char client_random[SSL3_RANDOM_SIZE];
419
420 /* flags for countermeasure against known-IV weakness */
421 int need_empty_fragments;
422 int empty_fragment_done;
423
424 /* The value of 'extra' when the buffers were initialized */
425 int init_extra;
426
427 SSL3_BUFFER rbuf; /* read IO goes into here */
428 SSL3_BUFFER wbuf; /* write IO goes into here */
429
430 SSL3_RECORD rrec; /* each decoded record goes in here */
431 SSL3_RECORD wrec; /* goes out from here */
432
433 /* storage for Alert/Handshake protocol data received but not
434 * yet processed by ssl3_read_bytes: */
435 unsigned char alert_fragment[2];
436 unsigned int alert_fragment_len;
437 unsigned char handshake_fragment[4];
438 unsigned int handshake_fragment_len;
439
440 /* partial write - check the numbers match */
441 unsigned int wnum; /* number of bytes sent so far */
442 int wpend_tot; /* number bytes written */
443 int wpend_type;
444 int wpend_ret; /* number of bytes submitted */
445 const unsigned char *wpend_buf;
446
447 /* used during startup, digest all incoming/outgoing packets */
448 BIO *handshake_buffer;
449 /* When set of handshake digests is determined, buffer is hashed
450 * and freed and MD_CTX-es for all required digests are stored in
451 * this array */
452 EVP_MD_CTX **handshake_dgst;
453 /* this is set whenerver we see a change_cipher_spec message
454 * come in when we are not looking for one */
455 int change_cipher_spec;
456
457 int warn_alert;
458 int fatal_alert;
459 /* we allow one fatal and one warning alert to be outstanding,
460 * send close alert via the warning alert */
461 int alert_dispatch;
462 unsigned char send_alert[2];
463
464 /* This flag is set when we should renegotiate ASAP, basically when
465 * there is no more data in the read or write buffers */
466 int renegotiate;
467 int total_renegotiations;
468 int num_renegotiations;
469
470 int in_read_app_data;
471
472 /* Opaque PRF input as used for the current handshake.
473 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
474 * (otherwise, they are merely present to improve binary compatibility) */
475 void *client_opaque_prf_input;
476 size_t client_opaque_prf_input_len;
477 void *server_opaque_prf_input;
478 size_t server_opaque_prf_input_len;
479
480 struct {
481 /* actually only needs to be 16+20 */
482 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
483
484 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
485 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
486 int finish_md_len;
487 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
488 int peer_finish_md_len;
489
490 unsigned long message_size;
491 int message_type;
492
493 /* used to hold the new cipher we are going to use */
494 const SSL_CIPHER *new_cipher;
495#ifndef OPENSSL_NO_DH
496 DH *dh;
497#endif
498
499#ifndef OPENSSL_NO_ECDH
500 EC_KEY *ecdh; /* holds short lived ECDH key */
501#endif
502
503 /* used when SSL_ST_FLUSH_DATA is entered */
504 int next_state;
505
506 int reuse_message;
507
508 /* used for certificate requests */
509 int cert_req;
510 int ctype_num;
511 char ctype[SSL3_CT_NUMBER];
512 STACK_OF(X509_NAME) *ca_names;
513
514 int use_rsa_tmp;
515
516 int key_block_length;
517 unsigned char *key_block;
518
519 const EVP_CIPHER *new_sym_enc;
520 const EVP_MD *new_hash;
521 int new_mac_pkey_type;
522 int new_mac_secret_size;
523#ifndef OPENSSL_NO_COMP
524 const SSL_COMP *new_compression;
525#else
526 char *new_compression;
527#endif
528 int cert_request;
529 } tmp;
530
531 /* Connection binding to prevent renegotiation attacks */
532 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
533 unsigned char previous_client_finished_len;
534 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
535 unsigned char previous_server_finished_len;
536 int send_connection_binding; /* TODOEKR */
537
538#ifndef OPENSSL_NO_NEXTPROTONEG
539 /* Set if we saw the Next Protocol Negotiation extension from our peer. */
540 int next_proto_neg_seen;
541#endif
542 } SSL3_STATE;
543
544#endif
545
546/* SSLv3 */
547/*client */
548/* extra state */
549#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
550#ifndef OPENSSL_NO_SCTP
551#define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT)
552#define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT)
553#endif
554/* write to server */
555#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
556#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
557/* read from server */
558#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
559#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
560#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
561#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
562#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
563#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
564#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
565#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
566#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
567#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
568#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
569#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
570/* write to server */
571#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
572#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
573#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
574#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
575#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
576#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
577#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
578#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
579#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
580#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
581#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
582#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
583#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
584#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
585/* read from server */
586#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
587#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
588#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
589#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
590#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
591#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
592#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
593#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
594
595/* server */
596/* extra state */
597#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
598#ifndef OPENSSL_NO_SCTP
599#define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT)
600#define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT)
601#endif
602/* read from client */
603/* Do not change the number values, they do matter */
604#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
605#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
606#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
607/* write to client */
608#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
609#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
610#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
611#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
612#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
613#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
614#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
615#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
616#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
617#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
618#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
619#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
620#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
621#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
622#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
623/* read from client */
624#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
625#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
626#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
627#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
628#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
629#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
630#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
631#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
632#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
633#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
634#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
635#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
636/* write to client */
637#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
638#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
639#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
640#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
641#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
642#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
643#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
644#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
645
646#define SSL3_MT_HELLO_REQUEST 0
647#define SSL3_MT_CLIENT_HELLO 1
648#define SSL3_MT_SERVER_HELLO 2
649#define SSL3_MT_NEWSESSION_TICKET 4
650#define SSL3_MT_CERTIFICATE 11
651#define SSL3_MT_SERVER_KEY_EXCHANGE 12
652#define SSL3_MT_CERTIFICATE_REQUEST 13
653#define SSL3_MT_SERVER_DONE 14
654#define SSL3_MT_CERTIFICATE_VERIFY 15
655#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
656#define SSL3_MT_FINISHED 20
657#define SSL3_MT_CERTIFICATE_STATUS 22
658#define SSL3_MT_NEXT_PROTO 67
659#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
660
661
662#define SSL3_MT_CCS 1
663
664/* These are used when changing over to a new cipher */
665#define SSL3_CC_READ 0x01
666#define SSL3_CC_WRITE 0x02
667#define SSL3_CC_CLIENT 0x10
668#define SSL3_CC_SERVER 0x20
669#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
670#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
671#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
672#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
673
674#ifdef __cplusplus
675}
676#endif
677#endif
678
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index d443143c59..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,149 +0,0 @@
1/* ssl/ssl_algs.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include <openssl/lhash.h>
62#include "ssl_locl.h"
63
64int SSL_library_init(void)
65 {
66
67#ifndef OPENSSL_NO_DES
68 EVP_add_cipher(EVP_des_cbc());
69 EVP_add_cipher(EVP_des_ede3_cbc());
70#endif
71#ifndef OPENSSL_NO_IDEA
72 EVP_add_cipher(EVP_idea_cbc());
73#endif
74#ifndef OPENSSL_NO_RC4
75 EVP_add_cipher(EVP_rc4());
76#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
77 EVP_add_cipher(EVP_rc4_hmac_md5());
78#endif
79#endif
80#ifndef OPENSSL_NO_RC2
81 EVP_add_cipher(EVP_rc2_cbc());
82 /* Not actually used for SSL/TLS but this makes PKCS#12 work
83 * if an application only calls SSL_library_init().
84 */
85 EVP_add_cipher(EVP_rc2_40_cbc());
86#endif
87#ifndef OPENSSL_NO_AES
88 EVP_add_cipher(EVP_aes_128_cbc());
89 EVP_add_cipher(EVP_aes_192_cbc());
90 EVP_add_cipher(EVP_aes_256_cbc());
91 EVP_add_cipher(EVP_aes_128_gcm());
92 EVP_add_cipher(EVP_aes_256_gcm());
93#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
94 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
95 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
96#endif
97#endif
98#ifndef OPENSSL_NO_CAMELLIA
99 EVP_add_cipher(EVP_camellia_128_cbc());
100 EVP_add_cipher(EVP_camellia_256_cbc());
101#endif
102
103#ifndef OPENSSL_NO_SEED
104 EVP_add_cipher(EVP_seed_cbc());
105#endif
106
107#ifndef OPENSSL_NO_MD5
108 EVP_add_digest(EVP_md5());
109 EVP_add_digest_alias(SN_md5,"ssl2-md5");
110 EVP_add_digest_alias(SN_md5,"ssl3-md5");
111#endif
112#ifndef OPENSSL_NO_SHA
113 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
114 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
115 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
116#endif
117#ifndef OPENSSL_NO_SHA256
118 EVP_add_digest(EVP_sha224());
119 EVP_add_digest(EVP_sha256());
120#endif
121#ifndef OPENSSL_NO_SHA512
122 EVP_add_digest(EVP_sha384());
123 EVP_add_digest(EVP_sha512());
124#endif
125#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
126 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
127 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
128 EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
129 EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
130#endif
131#ifndef OPENSSL_NO_ECDSA
132 EVP_add_digest(EVP_ecdsa());
133#endif
134 /* If you want support for phased out ciphers, add the following */
135#if 0
136 EVP_add_digest(EVP_sha());
137 EVP_add_digest(EVP_dss());
138#endif
139#ifndef OPENSSL_NO_COMP
140 /* This will initialise the built-in compression algorithms.
141 The value returned is a STACK_OF(SSL_COMP), but that can
142 be discarded safely */
143 (void)SSL_COMP_get_compression_methods();
144#endif
145 /* initialize cipher/digest methods table */
146 ssl_load_ciphers();
147 return(1);
148 }
149
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index 38540be1e5..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,642 +0,0 @@
1/* ssl/ssl_asn1.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include <stdlib.h>
87#include "ssl_locl.h"
88#include <openssl/asn1_mac.h>
89#include <openssl/objects.h>
90#include <openssl/x509.h>
91
92typedef struct ssl_session_asn1_st
93 {
94 ASN1_INTEGER version;
95 ASN1_INTEGER ssl_version;
96 ASN1_OCTET_STRING cipher;
97 ASN1_OCTET_STRING comp_id;
98 ASN1_OCTET_STRING master_key;
99 ASN1_OCTET_STRING session_id;
100 ASN1_OCTET_STRING session_id_context;
101 ASN1_OCTET_STRING key_arg;
102#ifndef OPENSSL_NO_KRB5
103 ASN1_OCTET_STRING krb5_princ;
104#endif /* OPENSSL_NO_KRB5 */
105 ASN1_INTEGER time;
106 ASN1_INTEGER timeout;
107 ASN1_INTEGER verify_result;
108#ifndef OPENSSL_NO_TLSEXT
109 ASN1_OCTET_STRING tlsext_hostname;
110 ASN1_INTEGER tlsext_tick_lifetime;
111 ASN1_OCTET_STRING tlsext_tick;
112#endif /* OPENSSL_NO_TLSEXT */
113#ifndef OPENSSL_NO_PSK
114 ASN1_OCTET_STRING psk_identity_hint;
115 ASN1_OCTET_STRING psk_identity;
116#endif /* OPENSSL_NO_PSK */
117#ifndef OPENSSL_NO_SRP
118 ASN1_OCTET_STRING srp_username;
119#endif /* OPENSSL_NO_SRP */
120 } SSL_SESSION_ASN1;
121
122int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
123 {
124#define LSIZE2 (sizeof(long)*2)
125 int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
126 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
127 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
128#ifndef OPENSSL_NO_TLSEXT
129 int v6=0,v9=0,v10=0;
130 unsigned char ibuf6[LSIZE2];
131#endif
132#ifndef OPENSSL_NO_COMP
133 unsigned char cbuf;
134 int v11=0;
135#endif
136#ifndef OPENSSL_NO_SRP
137 int v12=0;
138#endif
139 long l;
140 SSL_SESSION_ASN1 a;
141 M_ASN1_I2D_vars(in);
142
143 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
144 return(0);
145
146 /* Note that I cheat in the following 2 assignments. I know
147 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
148 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
149 * This is a bit evil but makes things simple, no dynamic allocation
150 * to clean up :-) */
151 a.version.length=LSIZE2;
152 a.version.type=V_ASN1_INTEGER;
153 a.version.data=ibuf1;
154 ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
155
156 a.ssl_version.length=LSIZE2;
157 a.ssl_version.type=V_ASN1_INTEGER;
158 a.ssl_version.data=ibuf2;
159 ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
160
161 a.cipher.type=V_ASN1_OCTET_STRING;
162 a.cipher.data=buf;
163
164 if (in->cipher == NULL)
165 l=in->cipher_id;
166 else
167 l=in->cipher->id;
168 if (in->ssl_version == SSL2_VERSION)
169 {
170 a.cipher.length=3;
171 buf[0]=((unsigned char)(l>>16L))&0xff;
172 buf[1]=((unsigned char)(l>> 8L))&0xff;
173 buf[2]=((unsigned char)(l ))&0xff;
174 }
175 else
176 {
177 a.cipher.length=2;
178 buf[0]=((unsigned char)(l>>8L))&0xff;
179 buf[1]=((unsigned char)(l ))&0xff;
180 }
181
182#ifndef OPENSSL_NO_COMP
183 if (in->compress_meth)
184 {
185 cbuf = (unsigned char)in->compress_meth;
186 a.comp_id.length = 1;
187 a.comp_id.type = V_ASN1_OCTET_STRING;
188 a.comp_id.data = &cbuf;
189 }
190#endif
191
192 a.master_key.length=in->master_key_length;
193 a.master_key.type=V_ASN1_OCTET_STRING;
194 a.master_key.data=in->master_key;
195
196 a.session_id.length=in->session_id_length;
197 a.session_id.type=V_ASN1_OCTET_STRING;
198 a.session_id.data=in->session_id;
199
200 a.session_id_context.length=in->sid_ctx_length;
201 a.session_id_context.type=V_ASN1_OCTET_STRING;
202 a.session_id_context.data=in->sid_ctx;
203
204 a.key_arg.length=in->key_arg_length;
205 a.key_arg.type=V_ASN1_OCTET_STRING;
206 a.key_arg.data=in->key_arg;
207
208#ifndef OPENSSL_NO_KRB5
209 if (in->krb5_client_princ_len)
210 {
211 a.krb5_princ.length=in->krb5_client_princ_len;
212 a.krb5_princ.type=V_ASN1_OCTET_STRING;
213 a.krb5_princ.data=in->krb5_client_princ;
214 }
215#endif /* OPENSSL_NO_KRB5 */
216
217 if (in->time != 0L)
218 {
219 a.time.length=LSIZE2;
220 a.time.type=V_ASN1_INTEGER;
221 a.time.data=ibuf3;
222 ASN1_INTEGER_set(&(a.time),in->time);
223 }
224
225 if (in->timeout != 0L)
226 {
227 a.timeout.length=LSIZE2;
228 a.timeout.type=V_ASN1_INTEGER;
229 a.timeout.data=ibuf4;
230 ASN1_INTEGER_set(&(a.timeout),in->timeout);
231 }
232
233 if (in->verify_result != X509_V_OK)
234 {
235 a.verify_result.length=LSIZE2;
236 a.verify_result.type=V_ASN1_INTEGER;
237 a.verify_result.data=ibuf5;
238 ASN1_INTEGER_set(&a.verify_result,in->verify_result);
239 }
240
241#ifndef OPENSSL_NO_TLSEXT
242 if (in->tlsext_hostname)
243 {
244 a.tlsext_hostname.length=strlen(in->tlsext_hostname);
245 a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
246 a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
247 }
248 if (in->tlsext_tick)
249 {
250 a.tlsext_tick.length= in->tlsext_ticklen;
251 a.tlsext_tick.type=V_ASN1_OCTET_STRING;
252 a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
253 }
254 if (in->tlsext_tick_lifetime_hint > 0)
255 {
256 a.tlsext_tick_lifetime.length=LSIZE2;
257 a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
258 a.tlsext_tick_lifetime.data=ibuf6;
259 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
260 }
261#endif /* OPENSSL_NO_TLSEXT */
262#ifndef OPENSSL_NO_PSK
263 if (in->psk_identity_hint)
264 {
265 a.psk_identity_hint.length=strlen(in->psk_identity_hint);
266 a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
267 a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
268 }
269 if (in->psk_identity)
270 {
271 a.psk_identity.length=strlen(in->psk_identity);
272 a.psk_identity.type=V_ASN1_OCTET_STRING;
273 a.psk_identity.data=(unsigned char *)(in->psk_identity);
274 }
275#endif /* OPENSSL_NO_PSK */
276#ifndef OPENSSL_NO_SRP
277 if (in->srp_username)
278 {
279 a.srp_username.length=strlen(in->srp_username);
280 a.srp_username.type=V_ASN1_OCTET_STRING;
281 a.srp_username.data=(unsigned char *)(in->srp_username);
282 }
283#endif /* OPENSSL_NO_SRP */
284
285 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
286 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
287 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
288 M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
289 M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
290#ifndef OPENSSL_NO_KRB5
291 if (in->krb5_client_princ_len)
292 M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
293#endif /* OPENSSL_NO_KRB5 */
294 if (in->key_arg_length > 0)
295 M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
296 if (in->time != 0L)
297 M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
298 if (in->timeout != 0L)
299 M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
300 if (in->peer != NULL)
301 M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
302 M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
303 if (in->verify_result != X509_V_OK)
304 M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
305
306#ifndef OPENSSL_NO_TLSEXT
307 if (in->tlsext_tick_lifetime_hint > 0)
308 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
309 if (in->tlsext_tick)
310 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
311 if (in->tlsext_hostname)
312 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
313#ifndef OPENSSL_NO_COMP
314 if (in->compress_meth)
315 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
316#endif
317#endif /* OPENSSL_NO_TLSEXT */
318#ifndef OPENSSL_NO_PSK
319 if (in->psk_identity_hint)
320 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
321 if (in->psk_identity)
322 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
323#endif /* OPENSSL_NO_PSK */
324#ifndef OPENSSL_NO_SRP
325 if (in->srp_username)
326 M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
327#endif /* OPENSSL_NO_SRP */
328
329 M_ASN1_I2D_seq_total();
330
331 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
332 M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
333 M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
334 M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
335 M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
336#ifndef OPENSSL_NO_KRB5
337 if (in->krb5_client_princ_len)
338 M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
339#endif /* OPENSSL_NO_KRB5 */
340 if (in->key_arg_length > 0)
341 M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
342 if (in->time != 0L)
343 M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
344 if (in->timeout != 0L)
345 M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
346 if (in->peer != NULL)
347 M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
348 M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
349 v4);
350 if (in->verify_result != X509_V_OK)
351 M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
352#ifndef OPENSSL_NO_TLSEXT
353 if (in->tlsext_hostname)
354 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
355#endif /* OPENSSL_NO_TLSEXT */
356#ifndef OPENSSL_NO_PSK
357 if (in->psk_identity_hint)
358 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
359 if (in->psk_identity)
360 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
361#endif /* OPENSSL_NO_PSK */
362#ifndef OPENSSL_NO_TLSEXT
363 if (in->tlsext_tick_lifetime_hint > 0)
364 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
365 if (in->tlsext_tick)
366 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
367#endif /* OPENSSL_NO_TLSEXT */
368#ifndef OPENSSL_NO_COMP
369 if (in->compress_meth)
370 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
371#endif
372#ifndef OPENSSL_NO_SRP
373 if (in->srp_username)
374 M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
375#endif /* OPENSSL_NO_SRP */
376 M_ASN1_I2D_finish();
377 }
378
379SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
380 long length)
381 {
382 int ssl_version=0,i;
383 long id;
384 ASN1_INTEGER ai,*aip;
385 ASN1_OCTET_STRING os,*osp;
386 M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
387
388 aip= &ai;
389 osp= &os;
390
391 M_ASN1_D2I_Init();
392 M_ASN1_D2I_start_sequence();
393
394 ai.data=NULL; ai.length=0;
395 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
396 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
397
398 /* we don't care about the version right now :-) */
399 M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
400 ssl_version=(int)ASN1_INTEGER_get(aip);
401 ret->ssl_version=ssl_version;
402 if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
403
404 os.data=NULL; os.length=0;
405 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
406 if (ssl_version == SSL2_VERSION)
407 {
408 if (os.length != 3)
409 {
410 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
411 goto err;
412 }
413 id=0x02000000L|
414 ((unsigned long)os.data[0]<<16L)|
415 ((unsigned long)os.data[1]<< 8L)|
416 (unsigned long)os.data[2];
417 }
418 else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
419 {
420 if (os.length != 2)
421 {
422 c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
423 goto err;
424 }
425 id=0x03000000L|
426 ((unsigned long)os.data[0]<<8L)|
427 (unsigned long)os.data[1];
428 }
429 else
430 {
431 c.error=SSL_R_UNKNOWN_SSL_VERSION;
432 goto err;
433 }
434
435 ret->cipher=NULL;
436 ret->cipher_id=id;
437
438 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
439 if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
440 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
441 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
442 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
443
444 if (os.length > i)
445 os.length = i;
446 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
447 os.length = sizeof(ret->session_id);
448
449 ret->session_id_length=os.length;
450 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
451 memcpy(ret->session_id,os.data,os.length);
452
453 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
454 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
455 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
456 else
457 ret->master_key_length=os.length;
458 memcpy(ret->master_key,os.data,ret->master_key_length);
459
460 os.length=0;
461
462#ifndef OPENSSL_NO_KRB5
463 os.length=0;
464 M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
465 if (os.data)
466 {
467 if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
468 ret->krb5_client_princ_len=0;
469 else
470 ret->krb5_client_princ_len=os.length;
471 memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
472 OPENSSL_free(os.data);
473 os.data = NULL;
474 os.length = 0;
475 }
476 else
477 ret->krb5_client_princ_len=0;
478#endif /* OPENSSL_NO_KRB5 */
479
480 M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
481 if (os.length > SSL_MAX_KEY_ARG_LENGTH)
482 ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
483 else
484 ret->key_arg_length=os.length;
485 memcpy(ret->key_arg,os.data,ret->key_arg_length);
486 if (os.data != NULL) OPENSSL_free(os.data);
487
488 ai.length=0;
489 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
490 if (ai.data != NULL)
491 {
492 ret->time=ASN1_INTEGER_get(aip);
493 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
494 }
495 else
496 ret->time=(unsigned long)time(NULL);
497
498 ai.length=0;
499 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
500 if (ai.data != NULL)
501 {
502 ret->timeout=ASN1_INTEGER_get(aip);
503 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
504 }
505 else
506 ret->timeout=3;
507
508 if (ret->peer != NULL)
509 {
510 X509_free(ret->peer);
511 ret->peer=NULL;
512 }
513 M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
514
515 os.length=0;
516 os.data=NULL;
517 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
518
519 if(os.data != NULL)
520 {
521 if (os.length > SSL_MAX_SID_CTX_LENGTH)
522 {
523 c.error=SSL_R_BAD_LENGTH;
524 goto err;
525 }
526 else
527 {
528 ret->sid_ctx_length=os.length;
529 memcpy(ret->sid_ctx,os.data,os.length);
530 }
531 OPENSSL_free(os.data); os.data=NULL; os.length=0;
532 }
533 else
534 ret->sid_ctx_length=0;
535
536 ai.length=0;
537 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
538 if (ai.data != NULL)
539 {
540 ret->verify_result=ASN1_INTEGER_get(aip);
541 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
542 }
543 else
544 ret->verify_result=X509_V_OK;
545
546#ifndef OPENSSL_NO_TLSEXT
547 os.length=0;
548 os.data=NULL;
549 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
550 if (os.data)
551 {
552 ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
553 OPENSSL_free(os.data);
554 os.data = NULL;
555 os.length = 0;
556 }
557 else
558 ret->tlsext_hostname=NULL;
559#endif /* OPENSSL_NO_TLSEXT */
560
561#ifndef OPENSSL_NO_PSK
562 os.length=0;
563 os.data=NULL;
564 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
565 if (os.data)
566 {
567 ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
568 OPENSSL_free(os.data);
569 os.data = NULL;
570 os.length = 0;
571 }
572 else
573 ret->psk_identity_hint=NULL;
574
575 os.length=0;
576 os.data=NULL;
577 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8);
578 if (os.data)
579 {
580 ret->psk_identity = BUF_strndup((char *)os.data, os.length);
581 OPENSSL_free(os.data);
582 os.data = NULL;
583 os.length = 0;
584 }
585 else
586 ret->psk_identity=NULL;
587#endif /* OPENSSL_NO_PSK */
588
589#ifndef OPENSSL_NO_TLSEXT
590 ai.length=0;
591 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
592 if (ai.data != NULL)
593 {
594 ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
595 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
596 }
597 else if (ret->tlsext_ticklen && ret->session_id_length)
598 ret->tlsext_tick_lifetime_hint = -1;
599 else
600 ret->tlsext_tick_lifetime_hint=0;
601 os.length=0;
602 os.data=NULL;
603 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
604 if (os.data)
605 {
606 ret->tlsext_tick = os.data;
607 ret->tlsext_ticklen = os.length;
608 os.data = NULL;
609 os.length = 0;
610 }
611 else
612 ret->tlsext_tick=NULL;
613#endif /* OPENSSL_NO_TLSEXT */
614#ifndef OPENSSL_NO_COMP
615 os.length=0;
616 os.data=NULL;
617 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
618 if (os.data)
619 {
620 ret->compress_meth = os.data[0];
621 OPENSSL_free(os.data);
622 os.data = NULL;
623 }
624#endif
625
626#ifndef OPENSSL_NO_SRP
627 os.length=0;
628 os.data=NULL;
629 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12);
630 if (os.data)
631 {
632 ret->srp_username = BUF_strndup((char *)os.data, os.length);
633 OPENSSL_free(os.data);
634 os.data = NULL;
635 os.length = 0;
636 }
637 else
638 ret->srp_username=NULL;
639#endif /* OPENSSL_NO_SRP */
640
641 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
642 }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index 917be31876..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,853 +0,0 @@
1/*! \file ssl/ssl_cert.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <stdio.h>
118
119#include "e_os.h"
120#ifndef NO_SYS_TYPES_H
121# include <sys/types.h>
122#endif
123
124#include "o_dir.h"
125#include <openssl/objects.h>
126#include <openssl/bio.h>
127#include <openssl/pem.h>
128#include <openssl/x509v3.h>
129#ifndef OPENSSL_NO_DH
130#include <openssl/dh.h>
131#endif
132#include <openssl/bn.h>
133#include "ssl_locl.h"
134
135int SSL_get_ex_data_X509_STORE_CTX_idx(void)
136 {
137 static volatile int ssl_x509_store_ctx_idx= -1;
138 int got_write_lock = 0;
139
140 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
141
142 if (ssl_x509_store_ctx_idx < 0)
143 {
144 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
145 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
146 got_write_lock = 1;
147
148 if (ssl_x509_store_ctx_idx < 0)
149 {
150 ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
151 0,"SSL for verify callback",NULL,NULL,NULL);
152 }
153 }
154
155 if (got_write_lock)
156 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
157 else
158 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
159
160 return ssl_x509_store_ctx_idx;
161 }
162
163static void ssl_cert_set_default_md(CERT *cert)
164 {
165 /* Set digest values to defaults */
166#ifndef OPENSSL_NO_DSA
167 cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
168#endif
169#ifndef OPENSSL_NO_RSA
170 cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
171 cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
172#endif
173#ifndef OPENSSL_NO_ECDSA
174 cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
175#endif
176 }
177
178CERT *ssl_cert_new(void)
179 {
180 CERT *ret;
181
182 ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
183 if (ret == NULL)
184 {
185 SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
186 return(NULL);
187 }
188 memset(ret,0,sizeof(CERT));
189
190 ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
191 ret->references=1;
192 ssl_cert_set_default_md(ret);
193 return(ret);
194 }
195
196CERT *ssl_cert_dup(CERT *cert)
197 {
198 CERT *ret;
199 int i;
200
201 ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
202 if (ret == NULL)
203 {
204 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
205 return(NULL);
206 }
207
208 memset(ret, 0, sizeof(CERT));
209
210 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
211 /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
212 * if you find that more readable */
213
214 ret->valid = cert->valid;
215 ret->mask_k = cert->mask_k;
216 ret->mask_a = cert->mask_a;
217 ret->export_mask_k = cert->export_mask_k;
218 ret->export_mask_a = cert->export_mask_a;
219
220#ifndef OPENSSL_NO_RSA
221 if (cert->rsa_tmp != NULL)
222 {
223 RSA_up_ref(cert->rsa_tmp);
224 ret->rsa_tmp = cert->rsa_tmp;
225 }
226 ret->rsa_tmp_cb = cert->rsa_tmp_cb;
227#endif
228
229#ifndef OPENSSL_NO_DH
230 if (cert->dh_tmp != NULL)
231 {
232 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
233 if (ret->dh_tmp == NULL)
234 {
235 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
236 goto err;
237 }
238 if (cert->dh_tmp->priv_key)
239 {
240 BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
241 if (!b)
242 {
243 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
244 goto err;
245 }
246 ret->dh_tmp->priv_key = b;
247 }
248 if (cert->dh_tmp->pub_key)
249 {
250 BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
251 if (!b)
252 {
253 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
254 goto err;
255 }
256 ret->dh_tmp->pub_key = b;
257 }
258 }
259 ret->dh_tmp_cb = cert->dh_tmp_cb;
260#endif
261
262#ifndef OPENSSL_NO_ECDH
263 if (cert->ecdh_tmp)
264 {
265 ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
266 if (ret->ecdh_tmp == NULL)
267 {
268 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
269 goto err;
270 }
271 }
272 ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
273#endif
274
275 for (i = 0; i < SSL_PKEY_NUM; i++)
276 {
277 if (cert->pkeys[i].x509 != NULL)
278 {
279 ret->pkeys[i].x509 = cert->pkeys[i].x509;
280 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
281 CRYPTO_LOCK_X509);
282 }
283
284 if (cert->pkeys[i].privatekey != NULL)
285 {
286 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
287 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
288 CRYPTO_LOCK_EVP_PKEY);
289
290 switch(i)
291 {
292 /* If there was anything special to do for
293 * certain types of keys, we'd do it here.
294 * (Nothing at the moment, I think.) */
295
296 case SSL_PKEY_RSA_ENC:
297 case SSL_PKEY_RSA_SIGN:
298 /* We have an RSA key. */
299 break;
300
301 case SSL_PKEY_DSA_SIGN:
302 /* We have a DSA key. */
303 break;
304
305 case SSL_PKEY_DH_RSA:
306 case SSL_PKEY_DH_DSA:
307 /* We have a DH key. */
308 break;
309
310 case SSL_PKEY_ECC:
311 /* We have an ECC key */
312 break;
313
314 default:
315 /* Can't happen. */
316 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
317 }
318 }
319 }
320
321 /* ret->extra_certs *should* exist, but currently the own certificate
322 * chain is held inside SSL_CTX */
323
324 ret->references=1;
325 /* Set digests to defaults. NB: we don't copy existing values as they
326 * will be set during handshake.
327 */
328 ssl_cert_set_default_md(ret);
329
330 return(ret);
331
332#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
333err:
334#endif
335#ifndef OPENSSL_NO_RSA
336 if (ret->rsa_tmp != NULL)
337 RSA_free(ret->rsa_tmp);
338#endif
339#ifndef OPENSSL_NO_DH
340 if (ret->dh_tmp != NULL)
341 DH_free(ret->dh_tmp);
342#endif
343#ifndef OPENSSL_NO_ECDH
344 if (ret->ecdh_tmp != NULL)
345 EC_KEY_free(ret->ecdh_tmp);
346#endif
347
348 for (i = 0; i < SSL_PKEY_NUM; i++)
349 {
350 if (ret->pkeys[i].x509 != NULL)
351 X509_free(ret->pkeys[i].x509);
352 if (ret->pkeys[i].privatekey != NULL)
353 EVP_PKEY_free(ret->pkeys[i].privatekey);
354 }
355
356 return NULL;
357 }
358
359
360void ssl_cert_free(CERT *c)
361 {
362 int i;
363
364 if(c == NULL)
365 return;
366
367 i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
368#ifdef REF_PRINT
369 REF_PRINT("CERT",c);
370#endif
371 if (i > 0) return;
372#ifdef REF_CHECK
373 if (i < 0)
374 {
375 fprintf(stderr,"ssl_cert_free, bad reference count\n");
376 abort(); /* ok */
377 }
378#endif
379
380#ifndef OPENSSL_NO_RSA
381 if (c->rsa_tmp) RSA_free(c->rsa_tmp);
382#endif
383#ifndef OPENSSL_NO_DH
384 if (c->dh_tmp) DH_free(c->dh_tmp);
385#endif
386#ifndef OPENSSL_NO_ECDH
387 if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
388#endif
389
390 for (i=0; i<SSL_PKEY_NUM; i++)
391 {
392 if (c->pkeys[i].x509 != NULL)
393 X509_free(c->pkeys[i].x509);
394 if (c->pkeys[i].privatekey != NULL)
395 EVP_PKEY_free(c->pkeys[i].privatekey);
396#if 0
397 if (c->pkeys[i].publickey != NULL)
398 EVP_PKEY_free(c->pkeys[i].publickey);
399#endif
400 }
401 OPENSSL_free(c);
402 }
403
404int ssl_cert_inst(CERT **o)
405 {
406 /* Create a CERT if there isn't already one
407 * (which cannot really happen, as it is initially created in
408 * SSL_CTX_new; but the earlier code usually allows for that one
409 * being non-existant, so we follow that behaviour, as it might
410 * turn out that there actually is a reason for it -- but I'm
411 * not sure that *all* of the existing code could cope with
412 * s->cert being NULL, otherwise we could do without the
413 * initialization in SSL_CTX_new).
414 */
415
416 if (o == NULL)
417 {
418 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
419 return(0);
420 }
421 if (*o == NULL)
422 {
423 if ((*o = ssl_cert_new()) == NULL)
424 {
425 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
426 return(0);
427 }
428 }
429 return(1);
430 }
431
432
433SESS_CERT *ssl_sess_cert_new(void)
434 {
435 SESS_CERT *ret;
436
437 ret = OPENSSL_malloc(sizeof *ret);
438 if (ret == NULL)
439 {
440 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
441 return NULL;
442 }
443
444 memset(ret, 0 ,sizeof *ret);
445 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
446 ret->references = 1;
447
448 return ret;
449 }
450
451void ssl_sess_cert_free(SESS_CERT *sc)
452 {
453 int i;
454
455 if (sc == NULL)
456 return;
457
458 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
459#ifdef REF_PRINT
460 REF_PRINT("SESS_CERT", sc);
461#endif
462 if (i > 0)
463 return;
464#ifdef REF_CHECK
465 if (i < 0)
466 {
467 fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
468 abort(); /* ok */
469 }
470#endif
471
472 /* i == 0 */
473 if (sc->cert_chain != NULL)
474 sk_X509_pop_free(sc->cert_chain, X509_free);
475 for (i = 0; i < SSL_PKEY_NUM; i++)
476 {
477 if (sc->peer_pkeys[i].x509 != NULL)
478 X509_free(sc->peer_pkeys[i].x509);
479#if 0 /* We don't have the peer's private key. These lines are just
480 * here as a reminder that we're still using a not-quite-appropriate
481 * data structure. */
482 if (sc->peer_pkeys[i].privatekey != NULL)
483 EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
484#endif
485 }
486
487#ifndef OPENSSL_NO_RSA
488 if (sc->peer_rsa_tmp != NULL)
489 RSA_free(sc->peer_rsa_tmp);
490#endif
491#ifndef OPENSSL_NO_DH
492 if (sc->peer_dh_tmp != NULL)
493 DH_free(sc->peer_dh_tmp);
494#endif
495#ifndef OPENSSL_NO_ECDH
496 if (sc->peer_ecdh_tmp != NULL)
497 EC_KEY_free(sc->peer_ecdh_tmp);
498#endif
499
500 OPENSSL_free(sc);
501 }
502
503int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
504 {
505 sc->peer_cert_type = type;
506 return(1);
507 }
508
509int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
510 {
511 X509 *x;
512 int i;
513 X509_STORE_CTX ctx;
514
515 if ((sk == NULL) || (sk_X509_num(sk) == 0))
516 return(0);
517
518 x=sk_X509_value(sk,0);
519 if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
520 {
521 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
522 return(0);
523 }
524#if 0
525 if (SSL_get_verify_depth(s) >= 0)
526 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
527#endif
528 X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
529
530 /* We need to inherit the verify parameters. These can be determined by
531 * the context: if its a server it will verify SSL client certificates
532 * or vice versa.
533 */
534
535 X509_STORE_CTX_set_default(&ctx,
536 s->server ? "ssl_client" : "ssl_server");
537 /* Anything non-default in "param" should overwrite anything in the
538 * ctx.
539 */
540 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
541
542 if (s->verify_callback)
543 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
544
545 if (s->ctx->app_verify_callback != NULL)
546#if 1 /* new with OpenSSL 0.9.7 */
547 i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
548#else
549 i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
550#endif
551 else
552 {
553#ifndef OPENSSL_NO_X509_VERIFY
554 i=X509_verify_cert(&ctx);
555#else
556 i=0;
557 ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
558 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
559#endif
560 }
561
562 s->verify_result=ctx.error;
563 X509_STORE_CTX_cleanup(&ctx);
564
565 return(i);
566 }
567
568static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
569 {
570 if (*ca_list != NULL)
571 sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
572
573 *ca_list=name_list;
574 }
575
576STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
577 {
578 int i;
579 STACK_OF(X509_NAME) *ret;
580 X509_NAME *name;
581
582 ret=sk_X509_NAME_new_null();
583 for (i=0; i<sk_X509_NAME_num(sk); i++)
584 {
585 name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
586 if ((name == NULL) || !sk_X509_NAME_push(ret,name))
587 {
588 sk_X509_NAME_pop_free(ret,X509_NAME_free);
589 return(NULL);
590 }
591 }
592 return(ret);
593 }
594
595void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
596 {
597 set_client_CA_list(&(s->client_CA),name_list);
598 }
599
600void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
601 {
602 set_client_CA_list(&(ctx->client_CA),name_list);
603 }
604
605STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
606 {
607 return(ctx->client_CA);
608 }
609
610STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
611 {
612 if (s->type == SSL_ST_CONNECT)
613 { /* we are in the client */
614 if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
615 (s->s3 != NULL))
616 return(s->s3->tmp.ca_names);
617 else
618 return(NULL);
619 }
620 else
621 {
622 if (s->client_CA != NULL)
623 return(s->client_CA);
624 else
625 return(s->ctx->client_CA);
626 }
627 }
628
629static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
630 {
631 X509_NAME *name;
632
633 if (x == NULL) return(0);
634 if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
635 return(0);
636
637 if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
638 return(0);
639
640 if (!sk_X509_NAME_push(*sk,name))
641 {
642 X509_NAME_free(name);
643 return(0);
644 }
645 return(1);
646 }
647
648int SSL_add_client_CA(SSL *ssl,X509 *x)
649 {
650 return(add_client_CA(&(ssl->client_CA),x));
651 }
652
653int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
654 {
655 return(add_client_CA(&(ctx->client_CA),x));
656 }
657
658static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
659 {
660 return(X509_NAME_cmp(*a,*b));
661 }
662
663#ifndef OPENSSL_NO_STDIO
664/*!
665 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
666 * it doesn't really have anything to do with clients (except that a common use
667 * for a stack of CAs is to send it to the client). Actually, it doesn't have
668 * much to do with CAs, either, since it will load any old cert.
669 * \param file the file containing one or more certs.
670 * \return a ::STACK containing the certs.
671 */
672STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
673 {
674 BIO *in;
675 X509 *x=NULL;
676 X509_NAME *xn=NULL;
677 STACK_OF(X509_NAME) *ret = NULL,*sk;
678
679 sk=sk_X509_NAME_new(xname_cmp);
680
681 in=BIO_new(BIO_s_file_internal());
682
683 if ((sk == NULL) || (in == NULL))
684 {
685 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
686 goto err;
687 }
688
689 if (!BIO_read_filename(in,file))
690 goto err;
691
692 for (;;)
693 {
694 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
695 break;
696 if (ret == NULL)
697 {
698 ret = sk_X509_NAME_new_null();
699 if (ret == NULL)
700 {
701 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
702 goto err;
703 }
704 }
705 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
706 /* check for duplicates */
707 xn=X509_NAME_dup(xn);
708 if (xn == NULL) goto err;
709 if (sk_X509_NAME_find(sk,xn) >= 0)
710 X509_NAME_free(xn);
711 else
712 {
713 sk_X509_NAME_push(sk,xn);
714 sk_X509_NAME_push(ret,xn);
715 }
716 }
717
718 if (0)
719 {
720err:
721 if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
722 ret=NULL;
723 }
724 if (sk != NULL) sk_X509_NAME_free(sk);
725 if (in != NULL) BIO_free(in);
726 if (x != NULL) X509_free(x);
727 if (ret != NULL)
728 ERR_clear_error();
729 return(ret);
730 }
731#endif
732
733/*!
734 * Add a file of certs to a stack.
735 * \param stack the stack to add to.
736 * \param file the file to add from. All certs in this file that are not
737 * already in the stack will be added.
738 * \return 1 for success, 0 for failure. Note that in the case of failure some
739 * certs may have been added to \c stack.
740 */
741
742int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
743 const char *file)
744 {
745 BIO *in;
746 X509 *x=NULL;
747 X509_NAME *xn=NULL;
748 int ret=1;
749 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
750
751 oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
752
753 in=BIO_new(BIO_s_file_internal());
754
755 if (in == NULL)
756 {
757 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
758 goto err;
759 }
760
761 if (!BIO_read_filename(in,file))
762 goto err;
763
764 for (;;)
765 {
766 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
767 break;
768 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
769 xn=X509_NAME_dup(xn);
770 if (xn == NULL) goto err;
771 if (sk_X509_NAME_find(stack,xn) >= 0)
772 X509_NAME_free(xn);
773 else
774 sk_X509_NAME_push(stack,xn);
775 }
776
777 ERR_clear_error();
778
779 if (0)
780 {
781err:
782 ret=0;
783 }
784 if(in != NULL)
785 BIO_free(in);
786 if(x != NULL)
787 X509_free(x);
788
789 (void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
790
791 return ret;
792 }
793
794/*!
795 * Add a directory of certs to a stack.
796 * \param stack the stack to append to.
797 * \param dir the directory to append from. All files in this directory will be
798 * examined as potential certs. Any that are acceptable to
799 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
800 * included.
801 * \return 1 for success, 0 for failure. Note that in the case of failure some
802 * certs may have been added to \c stack.
803 */
804
805int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
806 const char *dir)
807 {
808 OPENSSL_DIR_CTX *d = NULL;
809 const char *filename;
810 int ret = 0;
811
812 CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
813
814 /* Note that a side effect is that the CAs will be sorted by name */
815
816 while((filename = OPENSSL_DIR_read(&d, dir)))
817 {
818 char buf[1024];
819 int r;
820
821 if(strlen(dir)+strlen(filename)+2 > sizeof buf)
822 {
823 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
824 goto err;
825 }
826
827#ifdef OPENSSL_SYS_VMS
828 r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
829#else
830 r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
831#endif
832 if (r <= 0 || r >= (int)sizeof(buf))
833 goto err;
834 if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
835 goto err;
836 }
837
838 if (errno)
839 {
840 SYSerr(SYS_F_OPENDIR, get_last_sys_error());
841 ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
842 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
843 goto err;
844 }
845
846 ret = 1;
847
848err:
849 if (d) OPENSSL_DIR_end(&d);
850 CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
851 return ret;
852 }
853
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index 92d1e94d6a..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1852 +0,0 @@
1/* ssl/ssl_ciph.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144#include <openssl/objects.h>
145#ifndef OPENSSL_NO_COMP
146#include <openssl/comp.h>
147#endif
148#ifndef OPENSSL_NO_ENGINE
149#include <openssl/engine.h>
150#endif
151#include "ssl_locl.h"
152
153#define SSL_ENC_DES_IDX 0
154#define SSL_ENC_3DES_IDX 1
155#define SSL_ENC_RC4_IDX 2
156#define SSL_ENC_RC2_IDX 3
157#define SSL_ENC_IDEA_IDX 4
158#define SSL_ENC_NULL_IDX 5
159#define SSL_ENC_AES128_IDX 6
160#define SSL_ENC_AES256_IDX 7
161#define SSL_ENC_CAMELLIA128_IDX 8
162#define SSL_ENC_CAMELLIA256_IDX 9
163#define SSL_ENC_GOST89_IDX 10
164#define SSL_ENC_SEED_IDX 11
165#define SSL_ENC_AES128GCM_IDX 12
166#define SSL_ENC_AES256GCM_IDX 13
167#define SSL_ENC_NUM_IDX 14
168
169
170static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
171 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
172 };
173
174#define SSL_COMP_NULL_IDX 0
175#define SSL_COMP_ZLIB_IDX 1
176#define SSL_COMP_NUM_IDX 2
177
178static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
179
180#define SSL_MD_MD5_IDX 0
181#define SSL_MD_SHA1_IDX 1
182#define SSL_MD_GOST94_IDX 2
183#define SSL_MD_GOST89MAC_IDX 3
184#define SSL_MD_SHA256_IDX 4
185#define SSL_MD_SHA384_IDX 5
186/*Constant SSL_MAX_DIGEST equal to size of digests array should be
187 * defined in the
188 * ssl_locl.h */
189#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
190static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
191 NULL,NULL,NULL,NULL,NULL,NULL
192 };
193/* PKEY_TYPE for GOST89MAC is known in advance, but, because
194 * implementation is engine-provided, we'll fill it only if
195 * corresponding EVP_PKEY_METHOD is found
196 */
197static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
198 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
199 EVP_PKEY_HMAC,EVP_PKEY_HMAC
200 };
201
202static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
203 0,0,0,0,0,0
204 };
205
206static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
207 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
208 SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
209 SSL_HANDSHAKE_MAC_SHA384
210 };
211
212#define CIPHER_ADD 1
213#define CIPHER_KILL 2
214#define CIPHER_DEL 3
215#define CIPHER_ORD 4
216#define CIPHER_SPECIAL 5
217
218typedef struct cipher_order_st
219 {
220 const SSL_CIPHER *cipher;
221 int active;
222 int dead;
223 struct cipher_order_st *next,*prev;
224 } CIPHER_ORDER;
225
226static const SSL_CIPHER cipher_aliases[]={
227 /* "ALL" doesn't include eNULL (must be specifically enabled) */
228 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
229 /* "COMPLEMENTOFALL" */
230 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
231
232 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
233 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
234
235 /* key exchange aliases
236 * (some of those using only a single bit here combine
237 * multiple key exchange algs according to the RFCs,
238 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
239 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
240
241 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
242 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
243 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
244 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
245 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
246
247 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
248
249 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
250 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
251 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
252 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
253 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
254
255 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
256 {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
257 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
258
259 /* server authentication aliases */
260 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
261 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
262 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
263 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
264 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
265 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
266 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
267 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
268 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
269 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
270 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
271 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
272 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
273
274 /* aliases combining key exchange and server authentication */
275 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
276 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
277 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
278 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
279 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
280 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
281 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
282 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
283 {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
284
285
286 /* symmetric encryption aliases */
287 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
288 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
289 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
290 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
291 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
292 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
293 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
294 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
295 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
296 {0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0},
297 {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
298 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
299 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
300 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
301
302 /* MAC aliases */
303 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
304 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
305 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
306 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
307 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
308 {0,SSL_TXT_SHA256,0, 0,0,0,SSL_SHA256, 0,0,0,0,0},
309 {0,SSL_TXT_SHA384,0, 0,0,0,SSL_SHA384, 0,0,0,0,0},
310
311 /* protocol version aliases */
312 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
313 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
314 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
315
316 /* export flag */
317 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
318 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
319
320 /* strength classes */
321 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
322 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
323 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
324 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
325 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
326 /* FIPS 140-2 approved ciphersuite */
327 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
328 };
329/* Search for public key algorithm with given name and
330 * return its pkey_id if it is available. Otherwise return 0
331 */
332#ifdef OPENSSL_NO_ENGINE
333
334static int get_optional_pkey_id(const char *pkey_name)
335 {
336 const EVP_PKEY_ASN1_METHOD *ameth;
337 int pkey_id=0;
338 ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
339 if (ameth)
340 {
341 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
342 }
343 return pkey_id;
344 }
345
346#else
347
348static int get_optional_pkey_id(const char *pkey_name)
349 {
350 const EVP_PKEY_ASN1_METHOD *ameth;
351 ENGINE *tmpeng = NULL;
352 int pkey_id=0;
353 ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
354 if (ameth)
355 {
356 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
357 }
358 if (tmpeng) ENGINE_finish(tmpeng);
359 return pkey_id;
360 }
361
362#endif
363
364void ssl_load_ciphers(void)
365 {
366 ssl_cipher_methods[SSL_ENC_DES_IDX]=
367 EVP_get_cipherbyname(SN_des_cbc);
368 ssl_cipher_methods[SSL_ENC_3DES_IDX]=
369 EVP_get_cipherbyname(SN_des_ede3_cbc);
370 ssl_cipher_methods[SSL_ENC_RC4_IDX]=
371 EVP_get_cipherbyname(SN_rc4);
372 ssl_cipher_methods[SSL_ENC_RC2_IDX]=
373 EVP_get_cipherbyname(SN_rc2_cbc);
374#ifndef OPENSSL_NO_IDEA
375 ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
376 EVP_get_cipherbyname(SN_idea_cbc);
377#else
378 ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
379#endif
380 ssl_cipher_methods[SSL_ENC_AES128_IDX]=
381 EVP_get_cipherbyname(SN_aes_128_cbc);
382 ssl_cipher_methods[SSL_ENC_AES256_IDX]=
383 EVP_get_cipherbyname(SN_aes_256_cbc);
384 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
385 EVP_get_cipherbyname(SN_camellia_128_cbc);
386 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
387 EVP_get_cipherbyname(SN_camellia_256_cbc);
388 ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
389 EVP_get_cipherbyname(SN_gost89_cnt);
390 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
391 EVP_get_cipherbyname(SN_seed_cbc);
392
393 ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
394 EVP_get_cipherbyname(SN_aes_128_gcm);
395 ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
396 EVP_get_cipherbyname(SN_aes_256_gcm);
397
398 ssl_digest_methods[SSL_MD_MD5_IDX]=
399 EVP_get_digestbyname(SN_md5);
400 ssl_mac_secret_size[SSL_MD_MD5_IDX]=
401 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
402 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
403 ssl_digest_methods[SSL_MD_SHA1_IDX]=
404 EVP_get_digestbyname(SN_sha1);
405 ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
406 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
407 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
408 ssl_digest_methods[SSL_MD_GOST94_IDX]=
409 EVP_get_digestbyname(SN_id_GostR3411_94);
410 if (ssl_digest_methods[SSL_MD_GOST94_IDX])
411 {
412 ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
413 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
414 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
415 }
416 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
417 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
418 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
419 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
420 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
421 }
422
423 ssl_digest_methods[SSL_MD_SHA256_IDX]=
424 EVP_get_digestbyname(SN_sha256);
425 ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
426 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
427 ssl_digest_methods[SSL_MD_SHA384_IDX]=
428 EVP_get_digestbyname(SN_sha384);
429 ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
430 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
431 }
432#ifndef OPENSSL_NO_COMP
433
434static int sk_comp_cmp(const SSL_COMP * const *a,
435 const SSL_COMP * const *b)
436 {
437 return((*a)->id-(*b)->id);
438 }
439
440static void load_builtin_compressions(void)
441 {
442 int got_write_lock = 0;
443
444 CRYPTO_r_lock(CRYPTO_LOCK_SSL);
445 if (ssl_comp_methods == NULL)
446 {
447 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
448 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
449 got_write_lock = 1;
450
451 if (ssl_comp_methods == NULL)
452 {
453 SSL_COMP *comp = NULL;
454
455 MemCheck_off();
456 ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
457 if (ssl_comp_methods != NULL)
458 {
459 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
460 if (comp != NULL)
461 {
462 comp->method=COMP_zlib();
463 if (comp->method
464 && comp->method->type == NID_undef)
465 OPENSSL_free(comp);
466 else
467 {
468 comp->id=SSL_COMP_ZLIB_IDX;
469 comp->name=comp->method->name;
470 sk_SSL_COMP_push(ssl_comp_methods,comp);
471 }
472 }
473 sk_SSL_COMP_sort(ssl_comp_methods);
474 }
475 MemCheck_on();
476 }
477 }
478
479 if (got_write_lock)
480 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
481 else
482 CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
483 }
484#endif
485
486int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
487 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
488 {
489 int i;
490 const SSL_CIPHER *c;
491
492 c=s->cipher;
493 if (c == NULL) return(0);
494 if (comp != NULL)
495 {
496 SSL_COMP ctmp;
497#ifndef OPENSSL_NO_COMP
498 load_builtin_compressions();
499#endif
500
501 *comp=NULL;
502 ctmp.id=s->compress_meth;
503 if (ssl_comp_methods != NULL)
504 {
505 i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
506 if (i >= 0)
507 *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
508 else
509 *comp=NULL;
510 }
511 }
512
513 if ((enc == NULL) || (md == NULL)) return(0);
514
515 switch (c->algorithm_enc)
516 {
517 case SSL_DES:
518 i=SSL_ENC_DES_IDX;
519 break;
520 case SSL_3DES:
521 i=SSL_ENC_3DES_IDX;
522 break;
523 case SSL_RC4:
524 i=SSL_ENC_RC4_IDX;
525 break;
526 case SSL_RC2:
527 i=SSL_ENC_RC2_IDX;
528 break;
529 case SSL_IDEA:
530 i=SSL_ENC_IDEA_IDX;
531 break;
532 case SSL_eNULL:
533 i=SSL_ENC_NULL_IDX;
534 break;
535 case SSL_AES128:
536 i=SSL_ENC_AES128_IDX;
537 break;
538 case SSL_AES256:
539 i=SSL_ENC_AES256_IDX;
540 break;
541 case SSL_CAMELLIA128:
542 i=SSL_ENC_CAMELLIA128_IDX;
543 break;
544 case SSL_CAMELLIA256:
545 i=SSL_ENC_CAMELLIA256_IDX;
546 break;
547 case SSL_eGOST2814789CNT:
548 i=SSL_ENC_GOST89_IDX;
549 break;
550 case SSL_SEED:
551 i=SSL_ENC_SEED_IDX;
552 break;
553 case SSL_AES128GCM:
554 i=SSL_ENC_AES128GCM_IDX;
555 break;
556 case SSL_AES256GCM:
557 i=SSL_ENC_AES256GCM_IDX;
558 break;
559 default:
560 i= -1;
561 break;
562 }
563
564 if ((i < 0) || (i > SSL_ENC_NUM_IDX))
565 *enc=NULL;
566 else
567 {
568 if (i == SSL_ENC_NULL_IDX)
569 *enc=EVP_enc_null();
570 else
571 *enc=ssl_cipher_methods[i];
572 }
573
574 switch (c->algorithm_mac)
575 {
576 case SSL_MD5:
577 i=SSL_MD_MD5_IDX;
578 break;
579 case SSL_SHA1:
580 i=SSL_MD_SHA1_IDX;
581 break;
582 case SSL_SHA256:
583 i=SSL_MD_SHA256_IDX;
584 break;
585 case SSL_SHA384:
586 i=SSL_MD_SHA384_IDX;
587 break;
588 case SSL_GOST94:
589 i = SSL_MD_GOST94_IDX;
590 break;
591 case SSL_GOST89MAC:
592 i = SSL_MD_GOST89MAC_IDX;
593 break;
594 default:
595 i= -1;
596 break;
597 }
598 if ((i < 0) || (i > SSL_MD_NUM_IDX))
599 {
600 *md=NULL;
601 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
602 if (mac_secret_size!=NULL) *mac_secret_size = 0;
603 if (c->algorithm_mac == SSL_AEAD)
604 mac_pkey_type = NULL;
605 }
606 else
607 {
608 *md=ssl_digest_methods[i];
609 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
610 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
611 }
612
613 if ((*enc != NULL) &&
614 (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
615 (!mac_pkey_type||*mac_pkey_type != NID_undef))
616 {
617 const EVP_CIPHER *evp;
618
619 if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
620 s->ssl_version < TLS1_VERSION)
621 return 1;
622
623#ifdef OPENSSL_FIPS
624 if (FIPS_mode())
625 return 1;
626#endif
627
628 if (c->algorithm_enc == SSL_RC4 &&
629 c->algorithm_mac == SSL_MD5 &&
630 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
631 *enc = evp, *md = NULL;
632 else if (c->algorithm_enc == SSL_AES128 &&
633 c->algorithm_mac == SSL_SHA1 &&
634 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
635 *enc = evp, *md = NULL;
636 else if (c->algorithm_enc == SSL_AES256 &&
637 c->algorithm_mac == SSL_SHA1 &&
638 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
639 *enc = evp, *md = NULL;
640 return(1);
641 }
642 else
643 return(0);
644 }
645
646int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
647{
648 if (idx <0||idx>=SSL_MD_NUM_IDX)
649 {
650 return 0;
651 }
652 *mask = ssl_handshake_digest_flag[idx];
653 if (*mask)
654 *md = ssl_digest_methods[idx];
655 else
656 *md = NULL;
657 return 1;
658}
659
660#define ITEM_SEP(a) \
661 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
662
663static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
664 CIPHER_ORDER **tail)
665 {
666 if (curr == *tail) return;
667 if (curr == *head)
668 *head=curr->next;
669 if (curr->prev != NULL)
670 curr->prev->next=curr->next;
671 if (curr->next != NULL)
672 curr->next->prev=curr->prev;
673 (*tail)->next=curr;
674 curr->prev= *tail;
675 curr->next=NULL;
676 *tail=curr;
677 }
678
679static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
680 CIPHER_ORDER **tail)
681 {
682 if (curr == *head) return;
683 if (curr == *tail)
684 *tail=curr->prev;
685 if (curr->next != NULL)
686 curr->next->prev=curr->prev;
687 if (curr->prev != NULL)
688 curr->prev->next=curr->next;
689 (*head)->prev=curr;
690 curr->next= *head;
691 curr->prev=NULL;
692 *head=curr;
693 }
694
695static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
696 {
697 *mkey = 0;
698 *auth = 0;
699 *enc = 0;
700 *mac = 0;
701 *ssl = 0;
702
703#ifdef OPENSSL_NO_RSA
704 *mkey |= SSL_kRSA;
705 *auth |= SSL_aRSA;
706#endif
707#ifdef OPENSSL_NO_DSA
708 *auth |= SSL_aDSS;
709#endif
710 *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
711 *auth |= SSL_aDH;
712#ifdef OPENSSL_NO_DH
713 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
714 *auth |= SSL_aDH;
715#endif
716#ifdef OPENSSL_NO_KRB5
717 *mkey |= SSL_kKRB5;
718 *auth |= SSL_aKRB5;
719#endif
720#ifdef OPENSSL_NO_ECDSA
721 *auth |= SSL_aECDSA;
722#endif
723#ifdef OPENSSL_NO_ECDH
724 *mkey |= SSL_kECDHe|SSL_kECDHr;
725 *auth |= SSL_aECDH;
726#endif
727#ifdef OPENSSL_NO_PSK
728 *mkey |= SSL_kPSK;
729 *auth |= SSL_aPSK;
730#endif
731#ifdef OPENSSL_NO_SRP
732 *mkey |= SSL_kSRP;
733#endif
734 /* Check for presence of GOST 34.10 algorithms, and if they
735 * do not present, disable appropriate auth and key exchange */
736 if (!get_optional_pkey_id("gost94")) {
737 *auth |= SSL_aGOST94;
738 }
739 if (!get_optional_pkey_id("gost2001")) {
740 *auth |= SSL_aGOST01;
741 }
742 /* Disable GOST key exchange if no GOST signature algs are available * */
743 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
744 *mkey |= SSL_kGOST;
745 }
746#ifdef SSL_FORBID_ENULL
747 *enc |= SSL_eNULL;
748#endif
749
750
751
752 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
753 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
754 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
755 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
756 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
757 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
758 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
759 *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
760 *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
761 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
762 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
763 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
764 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
765
766 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
767 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
768 *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
769 *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
770 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
771 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
772
773 }
774
775static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
776 int num_of_ciphers,
777 unsigned long disabled_mkey, unsigned long disabled_auth,
778 unsigned long disabled_enc, unsigned long disabled_mac,
779 unsigned long disabled_ssl,
780 CIPHER_ORDER *co_list,
781 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
782 {
783 int i, co_list_num;
784 const SSL_CIPHER *c;
785
786 /*
787 * We have num_of_ciphers descriptions compiled in, depending on the
788 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
789 * These will later be sorted in a linked list with at most num
790 * entries.
791 */
792
793 /* Get the initial list of ciphers */
794 co_list_num = 0; /* actual count of ciphers */
795 for (i = 0; i < num_of_ciphers; i++)
796 {
797 c = ssl_method->get_cipher(i);
798 /* drop those that use any of that is not available */
799 if ((c != NULL) && c->valid &&
800#ifdef OPENSSL_FIPS
801 (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
802#endif
803 !(c->algorithm_mkey & disabled_mkey) &&
804 !(c->algorithm_auth & disabled_auth) &&
805 !(c->algorithm_enc & disabled_enc) &&
806 !(c->algorithm_mac & disabled_mac) &&
807 !(c->algorithm_ssl & disabled_ssl))
808 {
809 co_list[co_list_num].cipher = c;
810 co_list[co_list_num].next = NULL;
811 co_list[co_list_num].prev = NULL;
812 co_list[co_list_num].active = 0;
813 co_list_num++;
814#ifdef KSSL_DEBUG
815 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
816#endif /* KSSL_DEBUG */
817 /*
818 if (!sk_push(ca_list,(char *)c)) goto err;
819 */
820 }
821 }
822
823 /*
824 * Prepare linked list from list entries
825 */
826 if (co_list_num > 0)
827 {
828 co_list[0].prev = NULL;
829
830 if (co_list_num > 1)
831 {
832 co_list[0].next = &co_list[1];
833
834 for (i = 1; i < co_list_num - 1; i++)
835 {
836 co_list[i].prev = &co_list[i - 1];
837 co_list[i].next = &co_list[i + 1];
838 }
839
840 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
841 }
842
843 co_list[co_list_num - 1].next = NULL;
844
845 *head_p = &co_list[0];
846 *tail_p = &co_list[co_list_num - 1];
847 }
848 }
849
850static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
851 int num_of_group_aliases,
852 unsigned long disabled_mkey, unsigned long disabled_auth,
853 unsigned long disabled_enc, unsigned long disabled_mac,
854 unsigned long disabled_ssl,
855 CIPHER_ORDER *head)
856 {
857 CIPHER_ORDER *ciph_curr;
858 const SSL_CIPHER **ca_curr;
859 int i;
860 unsigned long mask_mkey = ~disabled_mkey;
861 unsigned long mask_auth = ~disabled_auth;
862 unsigned long mask_enc = ~disabled_enc;
863 unsigned long mask_mac = ~disabled_mac;
864 unsigned long mask_ssl = ~disabled_ssl;
865
866 /*
867 * First, add the real ciphers as already collected
868 */
869 ciph_curr = head;
870 ca_curr = ca_list;
871 while (ciph_curr != NULL)
872 {
873 *ca_curr = ciph_curr->cipher;
874 ca_curr++;
875 ciph_curr = ciph_curr->next;
876 }
877
878 /*
879 * Now we add the available ones from the cipher_aliases[] table.
880 * They represent either one or more algorithms, some of which
881 * in any affected category must be supported (set in enabled_mask),
882 * or represent a cipher strength value (will be added in any case because algorithms=0).
883 */
884 for (i = 0; i < num_of_group_aliases; i++)
885 {
886 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
887 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
888 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
889 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
890 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
891
892 if (algorithm_mkey)
893 if ((algorithm_mkey & mask_mkey) == 0)
894 continue;
895
896 if (algorithm_auth)
897 if ((algorithm_auth & mask_auth) == 0)
898 continue;
899
900 if (algorithm_enc)
901 if ((algorithm_enc & mask_enc) == 0)
902 continue;
903
904 if (algorithm_mac)
905 if ((algorithm_mac & mask_mac) == 0)
906 continue;
907
908 if (algorithm_ssl)
909 if ((algorithm_ssl & mask_ssl) == 0)
910 continue;
911
912 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
913 ca_curr++;
914 }
915
916 *ca_curr = NULL; /* end of list */
917 }
918
919static void ssl_cipher_apply_rule(unsigned long cipher_id,
920 unsigned long alg_mkey, unsigned long alg_auth,
921 unsigned long alg_enc, unsigned long alg_mac,
922 unsigned long alg_ssl,
923 unsigned long algo_strength,
924 int rule, int strength_bits,
925 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
926 {
927 CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
928 const SSL_CIPHER *cp;
929 int reverse = 0;
930
931#ifdef CIPHER_DEBUG
932 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
933 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
934#endif
935
936 if (rule == CIPHER_DEL)
937 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
938
939 head = *head_p;
940 tail = *tail_p;
941
942 if (reverse)
943 {
944 curr = tail;
945 last = head;
946 }
947 else
948 {
949 curr = head;
950 last = tail;
951 }
952
953 curr2 = curr;
954 for (;;)
955 {
956 if ((curr == NULL) || (curr == last)) break;
957 curr = curr2;
958 curr2 = reverse ? curr->prev : curr->next;
959
960 cp = curr->cipher;
961
962 /*
963 * Selection criteria is either the value of strength_bits
964 * or the algorithms used.
965 */
966 if (strength_bits >= 0)
967 {
968 if (strength_bits != cp->strength_bits)
969 continue;
970 }
971 else
972 {
973#ifdef CIPHER_DEBUG
974 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
975#endif
976
977 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
978 continue;
979 if (alg_auth && !(alg_auth & cp->algorithm_auth))
980 continue;
981 if (alg_enc && !(alg_enc & cp->algorithm_enc))
982 continue;
983 if (alg_mac && !(alg_mac & cp->algorithm_mac))
984 continue;
985 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
986 continue;
987 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
988 continue;
989 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
990 continue;
991 }
992
993#ifdef CIPHER_DEBUG
994 printf("Action = %d\n", rule);
995#endif
996
997 /* add the cipher if it has not been added yet. */
998 if (rule == CIPHER_ADD)
999 {
1000 /* reverse == 0 */
1001 if (!curr->active)
1002 {
1003 ll_append_tail(&head, curr, &tail);
1004 curr->active = 1;
1005 }
1006 }
1007 /* Move the added cipher to this location */
1008 else if (rule == CIPHER_ORD)
1009 {
1010 /* reverse == 0 */
1011 if (curr->active)
1012 {
1013 ll_append_tail(&head, curr, &tail);
1014 }
1015 }
1016 else if (rule == CIPHER_DEL)
1017 {
1018 /* reverse == 1 */
1019 if (curr->active)
1020 {
1021 /* most recently deleted ciphersuites get best positions
1022 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
1023 * works in reverse to maintain the order) */
1024 ll_append_head(&head, curr, &tail);
1025 curr->active = 0;
1026 }
1027 }
1028 else if (rule == CIPHER_KILL)
1029 {
1030 /* reverse == 0 */
1031 if (head == curr)
1032 head = curr->next;
1033 else
1034 curr->prev->next = curr->next;
1035 if (tail == curr)
1036 tail = curr->prev;
1037 curr->active = 0;
1038 if (curr->next != NULL)
1039 curr->next->prev = curr->prev;
1040 if (curr->prev != NULL)
1041 curr->prev->next = curr->next;
1042 curr->next = NULL;
1043 curr->prev = NULL;
1044 }
1045 }
1046
1047 *head_p = head;
1048 *tail_p = tail;
1049 }
1050
1051static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
1052 CIPHER_ORDER **tail_p)
1053 {
1054 int max_strength_bits, i, *number_uses;
1055 CIPHER_ORDER *curr;
1056
1057 /*
1058 * This routine sorts the ciphers with descending strength. The sorting
1059 * must keep the pre-sorted sequence, so we apply the normal sorting
1060 * routine as '+' movement to the end of the list.
1061 */
1062 max_strength_bits = 0;
1063 curr = *head_p;
1064 while (curr != NULL)
1065 {
1066 if (curr->active &&
1067 (curr->cipher->strength_bits > max_strength_bits))
1068 max_strength_bits = curr->cipher->strength_bits;
1069 curr = curr->next;
1070 }
1071
1072 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
1073 if (!number_uses)
1074 {
1075 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
1076 return(0);
1077 }
1078 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
1079
1080 /*
1081 * Now find the strength_bits values actually used
1082 */
1083 curr = *head_p;
1084 while (curr != NULL)
1085 {
1086 if (curr->active)
1087 number_uses[curr->cipher->strength_bits]++;
1088 curr = curr->next;
1089 }
1090 /*
1091 * Go through the list of used strength_bits values in descending
1092 * order.
1093 */
1094 for (i = max_strength_bits; i >= 0; i--)
1095 if (number_uses[i] > 0)
1096 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
1097
1098 OPENSSL_free(number_uses);
1099 return(1);
1100 }
1101
1102static int ssl_cipher_process_rulestr(const char *rule_str,
1103 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
1104 const SSL_CIPHER **ca_list)
1105 {
1106 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
1107 const char *l, *buf;
1108 int j, multi, found, rule, retval, ok, buflen;
1109 unsigned long cipher_id = 0;
1110 char ch;
1111
1112 retval = 1;
1113 l = rule_str;
1114 for (;;)
1115 {
1116 ch = *l;
1117
1118 if (ch == '\0')
1119 break; /* done */
1120 if (ch == '-')
1121 { rule = CIPHER_DEL; l++; }
1122 else if (ch == '+')
1123 { rule = CIPHER_ORD; l++; }
1124 else if (ch == '!')
1125 { rule = CIPHER_KILL; l++; }
1126 else if (ch == '@')
1127 { rule = CIPHER_SPECIAL; l++; }
1128 else
1129 { rule = CIPHER_ADD; }
1130
1131 if (ITEM_SEP(ch))
1132 {
1133 l++;
1134 continue;
1135 }
1136
1137 alg_mkey = 0;
1138 alg_auth = 0;
1139 alg_enc = 0;
1140 alg_mac = 0;
1141 alg_ssl = 0;
1142 algo_strength = 0;
1143
1144 for (;;)
1145 {
1146 ch = *l;
1147 buf = l;
1148 buflen = 0;
1149#ifndef CHARSET_EBCDIC
1150 while ( ((ch >= 'A') && (ch <= 'Z')) ||
1151 ((ch >= '0') && (ch <= '9')) ||
1152 ((ch >= 'a') && (ch <= 'z')) ||
1153 (ch == '-'))
1154#else
1155 while ( isalnum(ch) || (ch == '-'))
1156#endif
1157 {
1158 ch = *(++l);
1159 buflen++;
1160 }
1161
1162 if (buflen == 0)
1163 {
1164 /*
1165 * We hit something we cannot deal with,
1166 * it is no command or separator nor
1167 * alphanumeric, so we call this an error.
1168 */
1169 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1170 SSL_R_INVALID_COMMAND);
1171 retval = found = 0;
1172 l++;
1173 break;
1174 }
1175
1176 if (rule == CIPHER_SPECIAL)
1177 {
1178 found = 0; /* unused -- avoid compiler warning */
1179 break; /* special treatment */
1180 }
1181
1182 /* check for multi-part specification */
1183 if (ch == '+')
1184 {
1185 multi=1;
1186 l++;
1187 }
1188 else
1189 multi=0;
1190
1191 /*
1192 * Now search for the cipher alias in the ca_list. Be careful
1193 * with the strncmp, because the "buflen" limitation
1194 * will make the rule "ADH:SOME" and the cipher
1195 * "ADH-MY-CIPHER" look like a match for buflen=3.
1196 * So additionally check whether the cipher name found
1197 * has the correct length. We can save a strlen() call:
1198 * just checking for the '\0' at the right place is
1199 * sufficient, we have to strncmp() anyway. (We cannot
1200 * use strcmp(), because buf is not '\0' terminated.)
1201 */
1202 j = found = 0;
1203 cipher_id = 0;
1204 while (ca_list[j])
1205 {
1206 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1207 (ca_list[j]->name[buflen] == '\0'))
1208 {
1209 found = 1;
1210 break;
1211 }
1212 else
1213 j++;
1214 }
1215
1216 if (!found)
1217 break; /* ignore this entry */
1218
1219 if (ca_list[j]->algorithm_mkey)
1220 {
1221 if (alg_mkey)
1222 {
1223 alg_mkey &= ca_list[j]->algorithm_mkey;
1224 if (!alg_mkey) { found = 0; break; }
1225 }
1226 else
1227 alg_mkey = ca_list[j]->algorithm_mkey;
1228 }
1229
1230 if (ca_list[j]->algorithm_auth)
1231 {
1232 if (alg_auth)
1233 {
1234 alg_auth &= ca_list[j]->algorithm_auth;
1235 if (!alg_auth) { found = 0; break; }
1236 }
1237 else
1238 alg_auth = ca_list[j]->algorithm_auth;
1239 }
1240
1241 if (ca_list[j]->algorithm_enc)
1242 {
1243 if (alg_enc)
1244 {
1245 alg_enc &= ca_list[j]->algorithm_enc;
1246 if (!alg_enc) { found = 0; break; }
1247 }
1248 else
1249 alg_enc = ca_list[j]->algorithm_enc;
1250 }
1251
1252 if (ca_list[j]->algorithm_mac)
1253 {
1254 if (alg_mac)
1255 {
1256 alg_mac &= ca_list[j]->algorithm_mac;
1257 if (!alg_mac) { found = 0; break; }
1258 }
1259 else
1260 alg_mac = ca_list[j]->algorithm_mac;
1261 }
1262
1263 if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1264 {
1265 if (algo_strength & SSL_EXP_MASK)
1266 {
1267 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1268 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1269 }
1270 else
1271 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1272 }
1273
1274 if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1275 {
1276 if (algo_strength & SSL_STRONG_MASK)
1277 {
1278 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1279 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1280 }
1281 else
1282 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1283 }
1284
1285 if (ca_list[j]->valid)
1286 {
1287 /* explicit ciphersuite found; its protocol version
1288 * does not become part of the search pattern!*/
1289
1290 cipher_id = ca_list[j]->id;
1291 }
1292 else
1293 {
1294 /* not an explicit ciphersuite; only in this case, the
1295 * protocol version is considered part of the search pattern */
1296
1297 if (ca_list[j]->algorithm_ssl)
1298 {
1299 if (alg_ssl)
1300 {
1301 alg_ssl &= ca_list[j]->algorithm_ssl;
1302 if (!alg_ssl) { found = 0; break; }
1303 }
1304 else
1305 alg_ssl = ca_list[j]->algorithm_ssl;
1306 }
1307 }
1308
1309 if (!multi) break;
1310 }
1311
1312 /*
1313 * Ok, we have the rule, now apply it
1314 */
1315 if (rule == CIPHER_SPECIAL)
1316 { /* special command */
1317 ok = 0;
1318 if ((buflen == 8) &&
1319 !strncmp(buf, "STRENGTH", 8))
1320 ok = ssl_cipher_strength_sort(head_p, tail_p);
1321 else
1322 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1323 SSL_R_INVALID_COMMAND);
1324 if (ok == 0)
1325 retval = 0;
1326 /*
1327 * We do not support any "multi" options
1328 * together with "@", so throw away the
1329 * rest of the command, if any left, until
1330 * end or ':' is found.
1331 */
1332 while ((*l != '\0') && !ITEM_SEP(*l))
1333 l++;
1334 }
1335 else if (found)
1336 {
1337 ssl_cipher_apply_rule(cipher_id,
1338 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
1339 rule, -1, head_p, tail_p);
1340 }
1341 else
1342 {
1343 while ((*l != '\0') && !ITEM_SEP(*l))
1344 l++;
1345 }
1346 if (*l == '\0') break; /* done */
1347 }
1348
1349 return(retval);
1350 }
1351
1352STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1353 STACK_OF(SSL_CIPHER) **cipher_list,
1354 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1355 const char *rule_str)
1356 {
1357 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1358 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1359 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1360 const char *rule_p;
1361 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1362 const SSL_CIPHER **ca_list = NULL;
1363
1364 /*
1365 * Return with error if nothing to do.
1366 */
1367 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
1368 return NULL;
1369
1370 /*
1371 * To reduce the work to do we only want to process the compiled
1372 * in algorithms, so we first get the mask of disabled ciphers.
1373 */
1374 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1375
1376 /*
1377 * Now we have to collect the available ciphers from the compiled
1378 * in ciphers. We cannot get more than the number compiled in, so
1379 * it is used for allocation.
1380 */
1381 num_of_ciphers = ssl_method->num_ciphers();
1382#ifdef KSSL_DEBUG
1383 printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
1384#endif /* KSSL_DEBUG */
1385 co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
1386 if (co_list == NULL)
1387 {
1388 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1389 return(NULL); /* Failure */
1390 }
1391
1392 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1393 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1394 co_list, &head, &tail);
1395
1396
1397 /* Now arrange all ciphers by preference: */
1398
1399 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1400 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1401 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1402
1403 /* AES is our preferred symmetric cipher */
1404 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1405
1406 /* Temporarily enable everything else for sorting */
1407 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1408
1409 /* Low priority for MD5 */
1410 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1411
1412 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1413 * (For applications that allow them, they aren't too bad, but we prefer
1414 * authenticated ciphers.) */
1415 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1416
1417 /* Move ciphers without forward secrecy to the end */
1418 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1419 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1420 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1421 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1422 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1423
1424 /* RC4 is sort-of broken -- move the the end */
1425 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1426
1427 /* Now sort by symmetric encryption strength. The above ordering remains
1428 * in force within each class */
1429 if (!ssl_cipher_strength_sort(&head, &tail))
1430 {
1431 OPENSSL_free(co_list);
1432 return NULL;
1433 }
1434
1435 /* Now disable everything (maintaining the ordering!) */
1436 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1437
1438
1439 /*
1440 * We also need cipher aliases for selecting based on the rule_str.
1441 * There might be two types of entries in the rule_str: 1) names
1442 * of ciphers themselves 2) aliases for groups of ciphers.
1443 * For 1) we need the available ciphers and for 2) the cipher
1444 * groups of cipher_aliases added together in one list (otherwise
1445 * we would be happy with just the cipher_aliases table).
1446 */
1447 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1448 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1449 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1450 if (ca_list == NULL)
1451 {
1452 OPENSSL_free(co_list);
1453 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1454 return(NULL); /* Failure */
1455 }
1456 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1457 disabled_mkey, disabled_auth, disabled_enc,
1458 disabled_mac, disabled_ssl, head);
1459
1460 /*
1461 * If the rule_string begins with DEFAULT, apply the default rule
1462 * before using the (possibly available) additional rules.
1463 */
1464 ok = 1;
1465 rule_p = rule_str;
1466 if (strncmp(rule_str,"DEFAULT",7) == 0)
1467 {
1468 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1469 &head, &tail, ca_list);
1470 rule_p += 7;
1471 if (*rule_p == ':')
1472 rule_p++;
1473 }
1474
1475 if (ok && (strlen(rule_p) > 0))
1476 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1477
1478 OPENSSL_free((void *)ca_list); /* Not needed anymore */
1479
1480 if (!ok)
1481 { /* Rule processing failure */
1482 OPENSSL_free(co_list);
1483 return(NULL);
1484 }
1485
1486 /*
1487 * Allocate new "cipherstack" for the result, return with error
1488 * if we cannot get one.
1489 */
1490 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
1491 {
1492 OPENSSL_free(co_list);
1493 return(NULL);
1494 }
1495
1496 /*
1497 * The cipher selection for the list is done. The ciphers are added
1498 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1499 */
1500 for (curr = head; curr != NULL; curr = curr->next)
1501 {
1502#ifdef OPENSSL_FIPS
1503 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1504#else
1505 if (curr->active)
1506#endif
1507 {
1508 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1509#ifdef CIPHER_DEBUG
1510 printf("<%s>\n",curr->cipher->name);
1511#endif
1512 }
1513 }
1514 OPENSSL_free(co_list); /* Not needed any longer */
1515
1516 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1517 if (tmp_cipher_list == NULL)
1518 {
1519 sk_SSL_CIPHER_free(cipherstack);
1520 return NULL;
1521 }
1522 if (*cipher_list != NULL)
1523 sk_SSL_CIPHER_free(*cipher_list);
1524 *cipher_list = cipherstack;
1525 if (*cipher_list_by_id != NULL)
1526 sk_SSL_CIPHER_free(*cipher_list_by_id);
1527 *cipher_list_by_id = tmp_cipher_list;
1528 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1529
1530 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1531 return(cipherstack);
1532 }
1533
1534char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1535 {
1536 int is_export,pkl,kl;
1537 const char *ver,*exp_str;
1538 const char *kx,*au,*enc,*mac;
1539 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
1540#ifdef KSSL_DEBUG
1541 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1542#else
1543 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1544#endif /* KSSL_DEBUG */
1545
1546 alg_mkey = cipher->algorithm_mkey;
1547 alg_auth = cipher->algorithm_auth;
1548 alg_enc = cipher->algorithm_enc;
1549 alg_mac = cipher->algorithm_mac;
1550 alg_ssl = cipher->algorithm_ssl;
1551
1552 alg2=cipher->algorithm2;
1553
1554 is_export=SSL_C_IS_EXPORT(cipher);
1555 pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
1556 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1557 exp_str=is_export?" export":"";
1558
1559 if (alg_ssl & SSL_SSLV2)
1560 ver="SSLv2";
1561 else if (alg_ssl & SSL_SSLV3)
1562 ver="SSLv3";
1563 else if (alg_ssl & SSL_TLSV1_2)
1564 ver="TLSv1.2";
1565 else
1566 ver="unknown";
1567
1568 switch (alg_mkey)
1569 {
1570 case SSL_kRSA:
1571 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
1572 break;
1573 case SSL_kDHr:
1574 kx="DH/RSA";
1575 break;
1576 case SSL_kDHd:
1577 kx="DH/DSS";
1578 break;
1579 case SSL_kKRB5:
1580 kx="KRB5";
1581 break;
1582 case SSL_kEDH:
1583 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1584 break;
1585 case SSL_kECDHr:
1586 kx="ECDH/RSA";
1587 break;
1588 case SSL_kECDHe:
1589 kx="ECDH/ECDSA";
1590 break;
1591 case SSL_kEECDH:
1592 kx="ECDH";
1593 break;
1594 case SSL_kPSK:
1595 kx="PSK";
1596 break;
1597 case SSL_kSRP:
1598 kx="SRP";
1599 break;
1600 default:
1601 kx="unknown";
1602 }
1603
1604 switch (alg_auth)
1605 {
1606 case SSL_aRSA:
1607 au="RSA";
1608 break;
1609 case SSL_aDSS:
1610 au="DSS";
1611 break;
1612 case SSL_aDH:
1613 au="DH";
1614 break;
1615 case SSL_aKRB5:
1616 au="KRB5";
1617 break;
1618 case SSL_aECDH:
1619 au="ECDH";
1620 break;
1621 case SSL_aNULL:
1622 au="None";
1623 break;
1624 case SSL_aECDSA:
1625 au="ECDSA";
1626 break;
1627 case SSL_aPSK:
1628 au="PSK";
1629 break;
1630 default:
1631 au="unknown";
1632 break;
1633 }
1634
1635 switch (alg_enc)
1636 {
1637 case SSL_DES:
1638 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
1639 break;
1640 case SSL_3DES:
1641 enc="3DES(168)";
1642 break;
1643 case SSL_RC4:
1644 enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
1645 :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
1646 break;
1647 case SSL_RC2:
1648 enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
1649 break;
1650 case SSL_IDEA:
1651 enc="IDEA(128)";
1652 break;
1653 case SSL_eNULL:
1654 enc="None";
1655 break;
1656 case SSL_AES128:
1657 enc="AES(128)";
1658 break;
1659 case SSL_AES256:
1660 enc="AES(256)";
1661 break;
1662 case SSL_AES128GCM:
1663 enc="AESGCM(128)";
1664 break;
1665 case SSL_AES256GCM:
1666 enc="AESGCM(256)";
1667 break;
1668 case SSL_CAMELLIA128:
1669 enc="Camellia(128)";
1670 break;
1671 case SSL_CAMELLIA256:
1672 enc="Camellia(256)";
1673 break;
1674 case SSL_SEED:
1675 enc="SEED(128)";
1676 break;
1677 default:
1678 enc="unknown";
1679 break;
1680 }
1681
1682 switch (alg_mac)
1683 {
1684 case SSL_MD5:
1685 mac="MD5";
1686 break;
1687 case SSL_SHA1:
1688 mac="SHA1";
1689 break;
1690 case SSL_SHA256:
1691 mac="SHA256";
1692 break;
1693 case SSL_SHA384:
1694 mac="SHA384";
1695 break;
1696 case SSL_AEAD:
1697 mac="AEAD";
1698 break;
1699 default:
1700 mac="unknown";
1701 break;
1702 }
1703
1704 if (buf == NULL)
1705 {
1706 len=128;
1707 buf=OPENSSL_malloc(len);
1708 if (buf == NULL) return("OPENSSL_malloc Error");
1709 }
1710 else if (len < 128)
1711 return("Buffer too small");
1712
1713#ifdef KSSL_DEBUG
1714 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1715#else
1716 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1717#endif /* KSSL_DEBUG */
1718 return(buf);
1719 }
1720
1721char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
1722 {
1723 int i;
1724
1725 if (c == NULL) return("(NONE)");
1726 i=(int)(c->id>>24L);
1727 if (i == 3)
1728 return("TLSv1/SSLv3");
1729 else if (i == 2)
1730 return("SSLv2");
1731 else
1732 return("unknown");
1733 }
1734
1735/* return the actual cipher being used */
1736const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
1737 {
1738 if (c != NULL)
1739 return(c->name);
1740 return("(NONE)");
1741 }
1742
1743/* number of bits for symmetric cipher */
1744int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1745 {
1746 int ret=0;
1747
1748 if (c != NULL)
1749 {
1750 if (alg_bits != NULL) *alg_bits = c->alg_bits;
1751 ret = c->strength_bits;
1752 }
1753 return(ret);
1754 }
1755
1756unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
1757 {
1758 return c->id;
1759 }
1760
1761SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
1762 {
1763 SSL_COMP *ctmp;
1764 int i,nn;
1765
1766 if ((n == 0) || (sk == NULL)) return(NULL);
1767 nn=sk_SSL_COMP_num(sk);
1768 for (i=0; i<nn; i++)
1769 {
1770 ctmp=sk_SSL_COMP_value(sk,i);
1771 if (ctmp->id == n)
1772 return(ctmp);
1773 }
1774 return(NULL);
1775 }
1776
1777#ifdef OPENSSL_NO_COMP
1778void *SSL_COMP_get_compression_methods(void)
1779 {
1780 return NULL;
1781 }
1782int SSL_COMP_add_compression_method(int id, void *cm)
1783 {
1784 return 1;
1785 }
1786
1787const char *SSL_COMP_get_name(const void *comp)
1788 {
1789 return NULL;
1790 }
1791#else
1792STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
1793 {
1794 load_builtin_compressions();
1795 return(ssl_comp_methods);
1796 }
1797
1798int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
1799 {
1800 SSL_COMP *comp;
1801
1802 if (cm == NULL || cm->type == NID_undef)
1803 return 1;
1804
1805 /* According to draft-ietf-tls-compression-04.txt, the
1806 compression number ranges should be the following:
1807
1808 0 to 63: methods defined by the IETF
1809 64 to 192: external party methods assigned by IANA
1810 193 to 255: reserved for private use */
1811 if (id < 193 || id > 255)
1812 {
1813 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
1814 return 0;
1815 }
1816
1817 MemCheck_off();
1818 comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
1819 comp->id=id;
1820 comp->method=cm;
1821 load_builtin_compressions();
1822 if (ssl_comp_methods
1823 && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
1824 {
1825 OPENSSL_free(comp);
1826 MemCheck_on();
1827 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
1828 return(1);
1829 }
1830 else if ((ssl_comp_methods == NULL)
1831 || !sk_SSL_COMP_push(ssl_comp_methods,comp))
1832 {
1833 OPENSSL_free(comp);
1834 MemCheck_on();
1835 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
1836 return(1);
1837 }
1838 else
1839 {
1840 MemCheck_on();
1841 return(0);
1842 }
1843 }
1844
1845const char *SSL_COMP_get_name(const COMP_METHOD *comp)
1846 {
1847 if (comp)
1848 return comp->name;
1849 return NULL;
1850 }
1851
1852#endif
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 2577c6895a..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,609 +0,0 @@
1/* ssl/ssl_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/ssl.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
70
71static ERR_STRING_DATA SSL_str_functs[]=
72 {
73{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
74{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
75{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
76{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
77{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
78{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
79{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
80{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
81{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
82{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
83{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
84{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
85{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
86{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
87{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
88{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
89{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
90{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
91{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
92{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"},
93{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
94{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
95{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
96{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
97{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
98{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
99{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
100{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
101{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
102{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
103{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
104{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
105{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
106{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
107{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
108{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
109{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
110{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
111{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
112{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
113{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
114{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
115{ERR_FUNC(SSL_F_READ_N), "READ_N"},
116{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
117{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
118{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
119{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
120{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
121{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
122{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
123{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
124{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
125{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
126{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
127{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
128{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
129{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
130{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
131{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
132{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
133{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
134{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
135{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
136{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
137{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
138{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
139{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
140{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
141{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
142{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
143{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
144{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
145{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
146{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
147{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"},
148{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
149{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
150{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
151{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
152{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
153{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
154{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
155{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
156{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
157{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
158{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
159{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
160{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
161{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
162{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
163{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
164{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
165{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
166{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
167{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
168{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
169{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
170{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
171{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
172{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
173{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
174{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
175{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
176{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
177{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
178{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
179{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
180{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
181{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
182{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
183{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
184{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
185{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
186{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
187{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
188{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
189{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
190{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
191{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
192{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
193{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
194{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
195{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
196{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
197{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
198{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
199{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
200{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
201{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
202{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
203{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
204{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
205{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
206{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
207{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
208{ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"},
209{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
210{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
211{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
212{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
213{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
214{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
215{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
216{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
217{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
218{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
219{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
220{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
221{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
222{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
223{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
224{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
225{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
226{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
227{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
228{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
229{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
230{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
231{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
232{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
233{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
234{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
235{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
236{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
237{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
238{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
239{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
240{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
241{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
242{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
243{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
244{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
245{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
246{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
247{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
248{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
249{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"},
250{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
251{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
252{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
253{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
254{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
255{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
256{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
257{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
258{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
259{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
260{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
261{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
262{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
263{ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
264{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
265{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
266{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
267{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
268{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
269{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
270{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
271{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
272{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
273{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
274{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
275{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
276{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
277{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
278{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
279{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
280{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
281{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"},
282{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
283{ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"},
284{ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"},
285{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
286{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
287{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
288{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
289{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
290{0,NULL}
291 };
292
293static ERR_STRING_DATA SSL_str_reasons[]=
294 {
295{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
296{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
297{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
298{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
299{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
300{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
301{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
302{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
303{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
304{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
305{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
306{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
307{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
308{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
309{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
310{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
311{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"},
312{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
313{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
314{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
315{ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"},
316{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
317{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
318{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
319{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"},
320{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
321{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
322{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
323{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
324{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
325{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
326{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
327{ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) ,"bad srp a length"},
328{ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) ,"bad srp b length"},
329{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) ,"bad srp g length"},
330{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) ,"bad srp n length"},
331{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) ,"bad srp s length"},
332{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) ,"bad srtp mki value"},
333{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"},
334{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
335{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
336{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
337{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
338{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
339{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
340{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
341{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
342{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
343{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
344{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
345{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
346{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
347{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
348{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
349{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
350{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
351{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
352{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"},
353{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
354{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
355{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
356{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
357{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
358{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
359{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
360{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
361{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
362{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
363{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
364{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
365{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"},
366{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
367{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},
368{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
369{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
370{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
371{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
372{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},
373{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
374{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
375{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
376{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
377{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
378{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
379{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
380{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"},
381{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
382{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
383{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
384{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
385{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
386{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
387{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
388{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
389{ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"},
390{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
391{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
392{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
393{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
394{ERR_REASON(SSL_R_KRB5) ,"krb5"},
395{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
396{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
397{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
398{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
399{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
400{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
401{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
402{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
403{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
404{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
405{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
406{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
407{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
408{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
409{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
410{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
411{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
412{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
413{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
414{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
415{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
416{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
417{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
418{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
419{ERR_REASON(SSL_R_MISSING_SRP_PARAM) ,"can't find SRP server param"},
420{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
421{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
422{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
423{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
424{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
425{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
426{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
427{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
428{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
429{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
430{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
431{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
432{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
433{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
434{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
435{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
436{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
437{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
438{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
439{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
440{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
441{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
442{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
443{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
444{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
445{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
446{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"},
447{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"},
448{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
449{ERR_REASON(SSL_R_NO_SRTP_PROFILES) ,"no srtp profiles"},
450{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
451{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
452{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
453{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
454{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
455{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
456{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
457{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
458{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"},
459{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
460{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
461{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
462{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
463{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
464{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
465{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
466{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
467{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
468{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
469{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"},
470{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"},
471{ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"},
472{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
473{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
474{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
475{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
476{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"},
477{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
478{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
479{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
480{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
481{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"},
482{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
483{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
484{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
485{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
486{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
487{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
488{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
489{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
490{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
491{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
492{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
493{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"},
494{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
495{ERR_REASON(SSL_R_SRP_A_CALC) ,"error with the srp params"},
496{ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"},
497{ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"},
498{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"},
499{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
500{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
501{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"},
502{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
503{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
504{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
505{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
506{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
507{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
508{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
509{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
510{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
511{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
512{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
513{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
514{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
515{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
516{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
517{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
518{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
519{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
520{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
521{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
522{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
523{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
524{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
525{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
526{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
527{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
528{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
529{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
530{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
531{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
532{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
533{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
534{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
535{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
536{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
537{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
538{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
539{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
540{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
541{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
542{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
543{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"},
544{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"},
545{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"},
546{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
547{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
548{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
549{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
550{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
551{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
552{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
553{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
554{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
555{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
556{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
557{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
558{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
559{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
560{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
561{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
562{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
563{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
564{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
565{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
566{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
567{ERR_REASON(SSL_R_UNKNOWN_DIGEST) ,"unknown digest"},
568{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
569{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
570{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
571{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
572{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
573{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
574{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
575{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
576{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
577{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
578{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
579{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
580{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
581{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
582{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"},
583{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
584{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
585{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
586{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
587{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
588{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
589{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) ,"wrong signature type"},
590{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
591{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
592{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
593{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
594{0,NULL}
595 };
596
597#endif
598
599void ERR_load_SSL_strings(void)
600 {
601#ifndef OPENSSL_NO_ERR
602
603 if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
604 {
605 ERR_load_strings(0,SSL_str_functs);
606 ERR_load_strings(0,SSL_str_reasons);
607 }
608#endif
609 }
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index ea95a5f983..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ssl/ssl_err2.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/err.h>
61#include <openssl/ssl.h>
62
63void SSL_load_error_strings(void)
64 {
65#ifndef OPENSSL_NO_ERR
66 ERR_load_crypto_strings();
67 ERR_load_SSL_strings();
68#endif
69 }
70
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index c91f0018e4..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3248 +0,0 @@
1/*! \file ssl/ssl_lib.c
2 * \brief Version independent SSL functions.
3 */
4/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * All rights reserved.
6 *
7 * This package is an SSL implementation written
8 * by Eric Young (eay@cryptsoft.com).
9 * The implementation was written so as to conform with Netscapes SSL.
10 *
11 * This library is free for commercial and non-commercial use as long as
12 * the following conditions are aheared to. The following conditions
13 * apply to all code found in this distribution, be it the RC4, RSA,
14 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
15 * included with this distribution is covered by the same copyright terms
16 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
17 *
18 * Copyright remains Eric Young's, and as such any Copyright notices in
19 * the code are not to be removed.
20 * If this package is used in a product, Eric Young should be given attribution
21 * as the author of the parts of the library used.
22 * This can be in the form of a textual message at program startup or
23 * in documentation (online or textual) provided with the package.
24 *
25 * Redistribution and use in source and binary forms, with or without
26 * modification, are permitted provided that the following conditions
27 * are met:
28 * 1. Redistributions of source code must retain the copyright
29 * notice, this list of conditions and the following disclaimer.
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in the
32 * documentation and/or other materials provided with the distribution.
33 * 3. All advertising materials mentioning features or use of this software
34 * must display the following acknowledgement:
35 * "This product includes cryptographic software written by
36 * Eric Young (eay@cryptsoft.com)"
37 * The word 'cryptographic' can be left out if the rouines from the library
38 * being used are not cryptographic related :-).
39 * 4. If you include any Windows specific code (or a derivative thereof) from
40 * the apps directory (application code) you must include an acknowledgement:
41 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
42 *
43 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * SUCH DAMAGE.
54 *
55 * The licence and distribution terms for any publically available version or
56 * derivative of this code cannot be changed. i.e. this code cannot simply be
57 * copied and put under another distribution licence
58 * [including the GNU Public Licence.]
59 */
60/* ====================================================================
61 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
62 *
63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions
65 * are met:
66 *
67 * 1. Redistributions of source code must retain the above copyright
68 * notice, this list of conditions and the following disclaimer.
69 *
70 * 2. Redistributions in binary form must reproduce the above copyright
71 * notice, this list of conditions and the following disclaimer in
72 * the documentation and/or other materials provided with the
73 * distribution.
74 *
75 * 3. All advertising materials mentioning features or use of this
76 * software must display the following acknowledgment:
77 * "This product includes software developed by the OpenSSL Project
78 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
79 *
80 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
81 * endorse or promote products derived from this software without
82 * prior written permission. For written permission, please contact
83 * openssl-core@openssl.org.
84 *
85 * 5. Products derived from this software may not be called "OpenSSL"
86 * nor may "OpenSSL" appear in their names without prior written
87 * permission of the OpenSSL Project.
88 *
89 * 6. Redistributions of any form whatsoever must retain the following
90 * acknowledgment:
91 * "This product includes software developed by the OpenSSL Project
92 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
93 *
94 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
95 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
96 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
97 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
98 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
99 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
100 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
101 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
102 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
103 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
104 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
105 * OF THE POSSIBILITY OF SUCH DAMAGE.
106 * ====================================================================
107 *
108 * This product includes cryptographic software written by Eric Young
109 * (eay@cryptsoft.com). This product includes software written by Tim
110 * Hudson (tjh@cryptsoft.com).
111 *
112 */
113/* ====================================================================
114 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
115 * ECC cipher suite support in OpenSSL originally developed by
116 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
117 */
118/* ====================================================================
119 * Copyright 2005 Nokia. All rights reserved.
120 *
121 * The portions of the attached software ("Contribution") is developed by
122 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * license.
124 *
125 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
126 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
127 * support (see RFC 4279) to OpenSSL.
128 *
129 * No patent licenses or other rights except those expressly stated in
130 * the OpenSSL open source license shall be deemed granted or received
131 * expressly, by implication, estoppel, or otherwise.
132 *
133 * No assurances are provided by Nokia that the Contribution does not
134 * infringe the patent or other intellectual property rights of any third
135 * party or that the license provides you with all the necessary rights
136 * to make use of the Contribution.
137 *
138 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
139 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
140 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
141 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
142 * OTHERWISE.
143 */
144
145#ifdef REF_CHECK
146# include <assert.h>
147#endif
148#include <stdio.h>
149#include "ssl_locl.h"
150#include "kssl_lcl.h"
151#include <openssl/objects.h>
152#include <openssl/lhash.h>
153#include <openssl/x509v3.h>
154#include <openssl/rand.h>
155#include <openssl/ocsp.h>
156#ifndef OPENSSL_NO_DH
157#include <openssl/dh.h>
158#endif
159#ifndef OPENSSL_NO_ENGINE
160#include <openssl/engine.h>
161#endif
162
163const char *SSL_version_str=OPENSSL_VERSION_TEXT;
164
165SSL3_ENC_METHOD ssl3_undef_enc_method={
166 /* evil casts, but these functions are only called if there's a library bug */
167 (int (*)(SSL *,int))ssl_undefined_function,
168 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 ssl_undefined_function,
170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
171 (int (*)(SSL*, int))ssl_undefined_function,
172 (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function,
173 0, /* finish_mac_length */
174 (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
175 NULL, /* client_finished_label */
176 0, /* client_finished_label_len */
177 NULL, /* server_finished_label */
178 0, /* server_finished_label_len */
179 (int (*)(int))ssl_undefined_function,
180 (int (*)(SSL *, unsigned char *, size_t, const char *,
181 size_t, const unsigned char *, size_t,
182 int use_context)) ssl_undefined_function,
183 };
184
185int SSL_clear(SSL *s)
186 {
187
188 if (s->method == NULL)
189 {
190 SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
191 return(0);
192 }
193
194 if (ssl_clear_bad_session(s))
195 {
196 SSL_SESSION_free(s->session);
197 s->session=NULL;
198 }
199
200 s->error=0;
201 s->hit=0;
202 s->shutdown=0;
203
204#if 0 /* Disabled since version 1.10 of this file (early return not
205 * needed because SSL_clear is not called when doing renegotiation) */
206 /* This is set if we are doing dynamic renegotiation so keep
207 * the old cipher. It is sort of a SSL_clear_lite :-) */
208 if (s->renegotiate) return(1);
209#else
210 if (s->renegotiate)
211 {
212 SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
213 return 0;
214 }
215#endif
216
217 s->type=0;
218
219 s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
220
221 s->version=s->method->version;
222 s->client_version=s->version;
223 s->rwstate=SSL_NOTHING;
224 s->rstate=SSL_ST_READ_HEADER;
225#if 0
226 s->read_ahead=s->ctx->read_ahead;
227#endif
228
229 if (s->init_buf != NULL)
230 {
231 BUF_MEM_free(s->init_buf);
232 s->init_buf=NULL;
233 }
234
235 ssl_clear_cipher_ctx(s);
236 ssl_clear_hash_ctx(&s->read_hash);
237 ssl_clear_hash_ctx(&s->write_hash);
238
239 s->first_packet=0;
240
241#if 1
242 /* Check to see if we were changed into a different method, if
243 * so, revert back if we are not doing session-id reuse. */
244 if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
245 {
246 s->method->ssl_free(s);
247 s->method=s->ctx->method;
248 if (!s->method->ssl_new(s))
249 return(0);
250 }
251 else
252#endif
253 s->method->ssl_clear(s);
254 return(1);
255 }
256
257/** Used to change an SSL_CTXs default SSL method type */
258int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
259 {
260 STACK_OF(SSL_CIPHER) *sk;
261
262 ctx->method=meth;
263
264 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
265 &(ctx->cipher_list_by_id),
266 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
267 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
268 {
269 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
270 return(0);
271 }
272 return(1);
273 }
274
275SSL *SSL_new(SSL_CTX *ctx)
276 {
277 SSL *s;
278
279 if (ctx == NULL)
280 {
281 SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
282 return(NULL);
283 }
284 if (ctx->method == NULL)
285 {
286 SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
287 return(NULL);
288 }
289
290 s=(SSL *)OPENSSL_malloc(sizeof(SSL));
291 if (s == NULL) goto err;
292 memset(s,0,sizeof(SSL));
293
294#ifndef OPENSSL_NO_KRB5
295 s->kssl_ctx = kssl_ctx_new();
296#endif /* OPENSSL_NO_KRB5 */
297
298 s->options=ctx->options;
299 s->mode=ctx->mode;
300 s->max_cert_list=ctx->max_cert_list;
301
302 if (ctx->cert != NULL)
303 {
304 /* Earlier library versions used to copy the pointer to
305 * the CERT, not its contents; only when setting new
306 * parameters for the per-SSL copy, ssl_cert_new would be
307 * called (and the direct reference to the per-SSL_CTX
308 * settings would be lost, but those still were indirectly
309 * accessed for various purposes, and for that reason they
310 * used to be known as s->ctx->default_cert).
311 * Now we don't look at the SSL_CTX's CERT after having
312 * duplicated it once. */
313
314 s->cert = ssl_cert_dup(ctx->cert);
315 if (s->cert == NULL)
316 goto err;
317 }
318 else
319 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
320
321 s->read_ahead=ctx->read_ahead;
322 s->msg_callback=ctx->msg_callback;
323 s->msg_callback_arg=ctx->msg_callback_arg;
324 s->verify_mode=ctx->verify_mode;
325#if 0
326 s->verify_depth=ctx->verify_depth;
327#endif
328 s->sid_ctx_length=ctx->sid_ctx_length;
329 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
330 memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
331 s->verify_callback=ctx->default_verify_callback;
332 s->generate_session_id=ctx->generate_session_id;
333
334 s->param = X509_VERIFY_PARAM_new();
335 if (!s->param)
336 goto err;
337 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
338#if 0
339 s->purpose = ctx->purpose;
340 s->trust = ctx->trust;
341#endif
342 s->quiet_shutdown=ctx->quiet_shutdown;
343 s->max_send_fragment = ctx->max_send_fragment;
344
345 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
346 s->ctx=ctx;
347#ifndef OPENSSL_NO_TLSEXT
348 s->tlsext_debug_cb = 0;
349 s->tlsext_debug_arg = NULL;
350 s->tlsext_ticket_expected = 0;
351 s->tlsext_status_type = -1;
352 s->tlsext_status_expected = 0;
353 s->tlsext_ocsp_ids = NULL;
354 s->tlsext_ocsp_exts = NULL;
355 s->tlsext_ocsp_resp = NULL;
356 s->tlsext_ocsp_resplen = -1;
357 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
358 s->initial_ctx=ctx;
359# ifndef OPENSSL_NO_NEXTPROTONEG
360 s->next_proto_negotiated = NULL;
361# endif
362#endif
363
364 s->verify_result=X509_V_OK;
365
366 s->method=ctx->method;
367
368 if (!s->method->ssl_new(s))
369 goto err;
370
371 s->references=1;
372 s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
373
374 SSL_clear(s);
375
376 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
377
378#ifndef OPENSSL_NO_PSK
379 s->psk_client_callback=ctx->psk_client_callback;
380 s->psk_server_callback=ctx->psk_server_callback;
381#endif
382
383 return(s);
384err:
385 if (s != NULL)
386 {
387 if (s->cert != NULL)
388 ssl_cert_free(s->cert);
389 if (s->ctx != NULL)
390 SSL_CTX_free(s->ctx); /* decrement reference count */
391 OPENSSL_free(s);
392 }
393 SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
394 return(NULL);
395 }
396
397int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
398 unsigned int sid_ctx_len)
399 {
400 if(sid_ctx_len > sizeof ctx->sid_ctx)
401 {
402 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
403 return 0;
404 }
405 ctx->sid_ctx_length=sid_ctx_len;
406 memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
407
408 return 1;
409 }
410
411int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
412 unsigned int sid_ctx_len)
413 {
414 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
415 {
416 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
417 return 0;
418 }
419 ssl->sid_ctx_length=sid_ctx_len;
420 memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
421
422 return 1;
423 }
424
425int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
426 {
427 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
428 ctx->generate_session_id = cb;
429 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
430 return 1;
431 }
432
433int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
434 {
435 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
436 ssl->generate_session_id = cb;
437 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
438 return 1;
439 }
440
441int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
442 unsigned int id_len)
443 {
444 /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
445 * we can "construct" a session to give us the desired check - ie. to
446 * find if there's a session in the hash table that would conflict with
447 * any new session built out of this id/id_len and the ssl_version in
448 * use by this SSL. */
449 SSL_SESSION r, *p;
450
451 if(id_len > sizeof r.session_id)
452 return 0;
453
454 r.ssl_version = ssl->version;
455 r.session_id_length = id_len;
456 memcpy(r.session_id, id, id_len);
457 /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
458 * callback is calling us to check the uniqueness of a shorter ID, it
459 * must be compared as a padded-out ID because that is what it will be
460 * converted to when the callback has finished choosing it. */
461 if((r.ssl_version == SSL2_VERSION) &&
462 (id_len < SSL2_SSL_SESSION_ID_LENGTH))
463 {
464 memset(r.session_id + id_len, 0,
465 SSL2_SSL_SESSION_ID_LENGTH - id_len);
466 r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
467 }
468
469 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
470 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
471 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
472 return (p != NULL);
473 }
474
475int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
476 {
477 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
478 }
479
480int SSL_set_purpose(SSL *s, int purpose)
481 {
482 return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
483 }
484
485int SSL_CTX_set_trust(SSL_CTX *s, int trust)
486 {
487 return X509_VERIFY_PARAM_set_trust(s->param, trust);
488 }
489
490int SSL_set_trust(SSL *s, int trust)
491 {
492 return X509_VERIFY_PARAM_set_trust(s->param, trust);
493 }
494
495int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
496 {
497 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
498 }
499
500int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
501 {
502 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
503 }
504
505void SSL_free(SSL *s)
506 {
507 int i;
508
509 if(s == NULL)
510 return;
511
512 i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
513#ifdef REF_PRINT
514 REF_PRINT("SSL",s);
515#endif
516 if (i > 0) return;
517#ifdef REF_CHECK
518 if (i < 0)
519 {
520 fprintf(stderr,"SSL_free, bad reference count\n");
521 abort(); /* ok */
522 }
523#endif
524
525 if (s->param)
526 X509_VERIFY_PARAM_free(s->param);
527
528 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
529
530 if (s->bbio != NULL)
531 {
532 /* If the buffering BIO is in place, pop it off */
533 if (s->bbio == s->wbio)
534 {
535 s->wbio=BIO_pop(s->wbio);
536 }
537 BIO_free(s->bbio);
538 s->bbio=NULL;
539 }
540 if (s->rbio != NULL)
541 BIO_free_all(s->rbio);
542 if ((s->wbio != NULL) && (s->wbio != s->rbio))
543 BIO_free_all(s->wbio);
544
545 if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
546
547 /* add extra stuff */
548 if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
549 if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
550
551 /* Make the next call work :-) */
552 if (s->session != NULL)
553 {
554 ssl_clear_bad_session(s);
555 SSL_SESSION_free(s->session);
556 }
557
558 ssl_clear_cipher_ctx(s);
559 ssl_clear_hash_ctx(&s->read_hash);
560 ssl_clear_hash_ctx(&s->write_hash);
561
562 if (s->cert != NULL) ssl_cert_free(s->cert);
563 /* Free up if allocated */
564
565#ifndef OPENSSL_NO_TLSEXT
566 if (s->tlsext_hostname)
567 OPENSSL_free(s->tlsext_hostname);
568 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
569#ifndef OPENSSL_NO_EC
570 if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
571 if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
572#endif /* OPENSSL_NO_EC */
573 if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
574 if (s->tlsext_ocsp_exts)
575 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
576 X509_EXTENSION_free);
577 if (s->tlsext_ocsp_ids)
578 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
579 if (s->tlsext_ocsp_resp)
580 OPENSSL_free(s->tlsext_ocsp_resp);
581#endif
582
583 if (s->client_CA != NULL)
584 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
585
586 if (s->method != NULL) s->method->ssl_free(s);
587
588 if (s->ctx) SSL_CTX_free(s->ctx);
589
590#ifndef OPENSSL_NO_KRB5
591 if (s->kssl_ctx != NULL)
592 kssl_ctx_free(s->kssl_ctx);
593#endif /* OPENSSL_NO_KRB5 */
594
595#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
596 if (s->next_proto_negotiated)
597 OPENSSL_free(s->next_proto_negotiated);
598#endif
599
600 if (s->srtp_profiles)
601 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
602
603 OPENSSL_free(s);
604 }
605
606void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
607 {
608 /* If the output buffering BIO is still in place, remove it
609 */
610 if (s->bbio != NULL)
611 {
612 if (s->wbio == s->bbio)
613 {
614 s->wbio=s->wbio->next_bio;
615 s->bbio->next_bio=NULL;
616 }
617 }
618 if ((s->rbio != NULL) && (s->rbio != rbio))
619 BIO_free_all(s->rbio);
620 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
621 BIO_free_all(s->wbio);
622 s->rbio=rbio;
623 s->wbio=wbio;
624 }
625
626BIO *SSL_get_rbio(const SSL *s)
627 { return(s->rbio); }
628
629BIO *SSL_get_wbio(const SSL *s)
630 { return(s->wbio); }
631
632int SSL_get_fd(const SSL *s)
633 {
634 return(SSL_get_rfd(s));
635 }
636
637int SSL_get_rfd(const SSL *s)
638 {
639 int ret= -1;
640 BIO *b,*r;
641
642 b=SSL_get_rbio(s);
643 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
644 if (r != NULL)
645 BIO_get_fd(r,&ret);
646 return(ret);
647 }
648
649int SSL_get_wfd(const SSL *s)
650 {
651 int ret= -1;
652 BIO *b,*r;
653
654 b=SSL_get_wbio(s);
655 r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
656 if (r != NULL)
657 BIO_get_fd(r,&ret);
658 return(ret);
659 }
660
661#ifndef OPENSSL_NO_SOCK
662int SSL_set_fd(SSL *s,int fd)
663 {
664 int ret=0;
665 BIO *bio=NULL;
666
667 bio=BIO_new(BIO_s_socket());
668
669 if (bio == NULL)
670 {
671 SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
672 goto err;
673 }
674 BIO_set_fd(bio,fd,BIO_NOCLOSE);
675 SSL_set_bio(s,bio,bio);
676 ret=1;
677err:
678 return(ret);
679 }
680
681int SSL_set_wfd(SSL *s,int fd)
682 {
683 int ret=0;
684 BIO *bio=NULL;
685
686 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
687 || ((int)BIO_get_fd(s->rbio,NULL) != fd))
688 {
689 bio=BIO_new(BIO_s_socket());
690
691 if (bio == NULL)
692 { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
693 BIO_set_fd(bio,fd,BIO_NOCLOSE);
694 SSL_set_bio(s,SSL_get_rbio(s),bio);
695 }
696 else
697 SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
698 ret=1;
699err:
700 return(ret);
701 }
702
703int SSL_set_rfd(SSL *s,int fd)
704 {
705 int ret=0;
706 BIO *bio=NULL;
707
708 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
709 || ((int)BIO_get_fd(s->wbio,NULL) != fd))
710 {
711 bio=BIO_new(BIO_s_socket());
712
713 if (bio == NULL)
714 {
715 SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
716 goto err;
717 }
718 BIO_set_fd(bio,fd,BIO_NOCLOSE);
719 SSL_set_bio(s,bio,SSL_get_wbio(s));
720 }
721 else
722 SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
723 ret=1;
724err:
725 return(ret);
726 }
727#endif
728
729
730/* return length of latest Finished message we sent, copy to 'buf' */
731size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
732 {
733 size_t ret = 0;
734
735 if (s->s3 != NULL)
736 {
737 ret = s->s3->tmp.finish_md_len;
738 if (count > ret)
739 count = ret;
740 memcpy(buf, s->s3->tmp.finish_md, count);
741 }
742 return ret;
743 }
744
745/* return length of latest Finished message we expected, copy to 'buf' */
746size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
747 {
748 size_t ret = 0;
749
750 if (s->s3 != NULL)
751 {
752 ret = s->s3->tmp.peer_finish_md_len;
753 if (count > ret)
754 count = ret;
755 memcpy(buf, s->s3->tmp.peer_finish_md, count);
756 }
757 return ret;
758 }
759
760
761int SSL_get_verify_mode(const SSL *s)
762 {
763 return(s->verify_mode);
764 }
765
766int SSL_get_verify_depth(const SSL *s)
767 {
768 return X509_VERIFY_PARAM_get_depth(s->param);
769 }
770
771int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
772 {
773 return(s->verify_callback);
774 }
775
776int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
777 {
778 return(ctx->verify_mode);
779 }
780
781int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
782 {
783 return X509_VERIFY_PARAM_get_depth(ctx->param);
784 }
785
786int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
787 {
788 return(ctx->default_verify_callback);
789 }
790
791void SSL_set_verify(SSL *s,int mode,
792 int (*callback)(int ok,X509_STORE_CTX *ctx))
793 {
794 s->verify_mode=mode;
795 if (callback != NULL)
796 s->verify_callback=callback;
797 }
798
799void SSL_set_verify_depth(SSL *s,int depth)
800 {
801 X509_VERIFY_PARAM_set_depth(s->param, depth);
802 }
803
804void SSL_set_read_ahead(SSL *s,int yes)
805 {
806 s->read_ahead=yes;
807 }
808
809int SSL_get_read_ahead(const SSL *s)
810 {
811 return(s->read_ahead);
812 }
813
814int SSL_pending(const SSL *s)
815 {
816 /* SSL_pending cannot work properly if read-ahead is enabled
817 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
818 * and it is impossible to fix since SSL_pending cannot report
819 * errors that may be observed while scanning the new data.
820 * (Note that SSL_pending() is often used as a boolean value,
821 * so we'd better not return -1.)
822 */
823 return(s->method->ssl_pending(s));
824 }
825
826X509 *SSL_get_peer_certificate(const SSL *s)
827 {
828 X509 *r;
829
830 if ((s == NULL) || (s->session == NULL))
831 r=NULL;
832 else
833 r=s->session->peer;
834
835 if (r == NULL) return(r);
836
837 CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
838
839 return(r);
840 }
841
842STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
843 {
844 STACK_OF(X509) *r;
845
846 if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
847 r=NULL;
848 else
849 r=s->session->sess_cert->cert_chain;
850
851 /* If we are a client, cert_chain includes the peer's own
852 * certificate; if we are a server, it does not. */
853
854 return(r);
855 }
856
857/* Now in theory, since the calling process own 't' it should be safe to
858 * modify. We need to be able to read f without being hassled */
859void SSL_copy_session_id(SSL *t,const SSL *f)
860 {
861 CERT *tmp;
862
863 /* Do we need to to SSL locking? */
864 SSL_set_session(t,SSL_get_session(f));
865
866 /* what if we are setup as SSLv2 but want to talk SSLv3 or
867 * vice-versa */
868 if (t->method != f->method)
869 {
870 t->method->ssl_free(t); /* cleanup current */
871 t->method=f->method; /* change method */
872 t->method->ssl_new(t); /* setup new */
873 }
874
875 tmp=t->cert;
876 if (f->cert != NULL)
877 {
878 CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
879 t->cert=f->cert;
880 }
881 else
882 t->cert=NULL;
883 if (tmp != NULL) ssl_cert_free(tmp);
884 SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
885 }
886
887/* Fix this so it checks all the valid key/cert options */
888int SSL_CTX_check_private_key(const SSL_CTX *ctx)
889 {
890 if ( (ctx == NULL) ||
891 (ctx->cert == NULL) ||
892 (ctx->cert->key->x509 == NULL))
893 {
894 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
895 return(0);
896 }
897 if (ctx->cert->key->privatekey == NULL)
898 {
899 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
900 return(0);
901 }
902 return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
903 }
904
905/* Fix this function so that it takes an optional type parameter */
906int SSL_check_private_key(const SSL *ssl)
907 {
908 if (ssl == NULL)
909 {
910 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
911 return(0);
912 }
913 if (ssl->cert == NULL)
914 {
915 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
916 return 0;
917 }
918 if (ssl->cert->key->x509 == NULL)
919 {
920 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
921 return(0);
922 }
923 if (ssl->cert->key->privatekey == NULL)
924 {
925 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
926 return(0);
927 }
928 return(X509_check_private_key(ssl->cert->key->x509,
929 ssl->cert->key->privatekey));
930 }
931
932int SSL_accept(SSL *s)
933 {
934 if (s->handshake_func == 0)
935 /* Not properly initialized yet */
936 SSL_set_accept_state(s);
937
938 return(s->method->ssl_accept(s));
939 }
940
941int SSL_connect(SSL *s)
942 {
943 if (s->handshake_func == 0)
944 /* Not properly initialized yet */
945 SSL_set_connect_state(s);
946
947 return(s->method->ssl_connect(s));
948 }
949
950long SSL_get_default_timeout(const SSL *s)
951 {
952 return(s->method->get_timeout());
953 }
954
955int SSL_read(SSL *s,void *buf,int num)
956 {
957 if (s->handshake_func == 0)
958 {
959 SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
960 return -1;
961 }
962
963 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
964 {
965 s->rwstate=SSL_NOTHING;
966 return(0);
967 }
968 return(s->method->ssl_read(s,buf,num));
969 }
970
971int SSL_peek(SSL *s,void *buf,int num)
972 {
973 if (s->handshake_func == 0)
974 {
975 SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
976 return -1;
977 }
978
979 if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
980 {
981 return(0);
982 }
983 return(s->method->ssl_peek(s,buf,num));
984 }
985
986int SSL_write(SSL *s,const void *buf,int num)
987 {
988 if (s->handshake_func == 0)
989 {
990 SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
991 return -1;
992 }
993
994 if (s->shutdown & SSL_SENT_SHUTDOWN)
995 {
996 s->rwstate=SSL_NOTHING;
997 SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
998 return(-1);
999 }
1000 return(s->method->ssl_write(s,buf,num));
1001 }
1002
1003int SSL_shutdown(SSL *s)
1004 {
1005 /* Note that this function behaves differently from what one might
1006 * expect. Return values are 0 for no success (yet),
1007 * 1 for success; but calling it once is usually not enough,
1008 * even if blocking I/O is used (see ssl3_shutdown).
1009 */
1010
1011 if (s->handshake_func == 0)
1012 {
1013 SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
1014 return -1;
1015 }
1016
1017 if ((s != NULL) && !SSL_in_init(s))
1018 return(s->method->ssl_shutdown(s));
1019 else
1020 return(1);
1021 }
1022
1023int SSL_renegotiate(SSL *s)
1024 {
1025 if (s->renegotiate == 0)
1026 s->renegotiate=1;
1027
1028 s->new_session=1;
1029
1030 return(s->method->ssl_renegotiate(s));
1031 }
1032
1033int SSL_renegotiate_abbreviated(SSL *s)
1034 {
1035 if (s->renegotiate == 0)
1036 s->renegotiate=1;
1037
1038 s->new_session=0;
1039
1040 return(s->method->ssl_renegotiate(s));
1041 }
1042
1043int SSL_renegotiate_pending(SSL *s)
1044 {
1045 /* becomes true when negotiation is requested;
1046 * false again once a handshake has finished */
1047 return (s->renegotiate != 0);
1048 }
1049
1050long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
1051 {
1052 long l;
1053
1054 switch (cmd)
1055 {
1056 case SSL_CTRL_GET_READ_AHEAD:
1057 return(s->read_ahead);
1058 case SSL_CTRL_SET_READ_AHEAD:
1059 l=s->read_ahead;
1060 s->read_ahead=larg;
1061 return(l);
1062
1063 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1064 s->msg_callback_arg = parg;
1065 return 1;
1066
1067 case SSL_CTRL_OPTIONS:
1068 return(s->options|=larg);
1069 case SSL_CTRL_CLEAR_OPTIONS:
1070 return(s->options&=~larg);
1071 case SSL_CTRL_MODE:
1072 return(s->mode|=larg);
1073 case SSL_CTRL_CLEAR_MODE:
1074 return(s->mode &=~larg);
1075 case SSL_CTRL_GET_MAX_CERT_LIST:
1076 return(s->max_cert_list);
1077 case SSL_CTRL_SET_MAX_CERT_LIST:
1078 l=s->max_cert_list;
1079 s->max_cert_list=larg;
1080 return(l);
1081 case SSL_CTRL_SET_MTU:
1082#ifndef OPENSSL_NO_DTLS1
1083 if (larg < (long)dtls1_min_mtu())
1084 return 0;
1085#endif
1086
1087 if (SSL_version(s) == DTLS1_VERSION ||
1088 SSL_version(s) == DTLS1_BAD_VER)
1089 {
1090 s->d1->mtu = larg;
1091 return larg;
1092 }
1093 return 0;
1094 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1095 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1096 return 0;
1097 s->max_send_fragment = larg;
1098 return 1;
1099 case SSL_CTRL_GET_RI_SUPPORT:
1100 if (s->s3)
1101 return s->s3->send_connection_binding;
1102 else return 0;
1103 default:
1104 return(s->method->ssl_ctrl(s,cmd,larg,parg));
1105 }
1106 }
1107
1108long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1109 {
1110 switch(cmd)
1111 {
1112 case SSL_CTRL_SET_MSG_CALLBACK:
1113 s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1114 return 1;
1115
1116 default:
1117 return(s->method->ssl_callback_ctrl(s,cmd,fp));
1118 }
1119 }
1120
1121LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
1122 {
1123 return ctx->sessions;
1124 }
1125
1126long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1127 {
1128 long l;
1129
1130 switch (cmd)
1131 {
1132 case SSL_CTRL_GET_READ_AHEAD:
1133 return(ctx->read_ahead);
1134 case SSL_CTRL_SET_READ_AHEAD:
1135 l=ctx->read_ahead;
1136 ctx->read_ahead=larg;
1137 return(l);
1138
1139 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1140 ctx->msg_callback_arg = parg;
1141 return 1;
1142
1143 case SSL_CTRL_GET_MAX_CERT_LIST:
1144 return(ctx->max_cert_list);
1145 case SSL_CTRL_SET_MAX_CERT_LIST:
1146 l=ctx->max_cert_list;
1147 ctx->max_cert_list=larg;
1148 return(l);
1149
1150 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1151 l=ctx->session_cache_size;
1152 ctx->session_cache_size=larg;
1153 return(l);
1154 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1155 return(ctx->session_cache_size);
1156 case SSL_CTRL_SET_SESS_CACHE_MODE:
1157 l=ctx->session_cache_mode;
1158 ctx->session_cache_mode=larg;
1159 return(l);
1160 case SSL_CTRL_GET_SESS_CACHE_MODE:
1161 return(ctx->session_cache_mode);
1162
1163 case SSL_CTRL_SESS_NUMBER:
1164 return(lh_SSL_SESSION_num_items(ctx->sessions));
1165 case SSL_CTRL_SESS_CONNECT:
1166 return(ctx->stats.sess_connect);
1167 case SSL_CTRL_SESS_CONNECT_GOOD:
1168 return(ctx->stats.sess_connect_good);
1169 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1170 return(ctx->stats.sess_connect_renegotiate);
1171 case SSL_CTRL_SESS_ACCEPT:
1172 return(ctx->stats.sess_accept);
1173 case SSL_CTRL_SESS_ACCEPT_GOOD:
1174 return(ctx->stats.sess_accept_good);
1175 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1176 return(ctx->stats.sess_accept_renegotiate);
1177 case SSL_CTRL_SESS_HIT:
1178 return(ctx->stats.sess_hit);
1179 case SSL_CTRL_SESS_CB_HIT:
1180 return(ctx->stats.sess_cb_hit);
1181 case SSL_CTRL_SESS_MISSES:
1182 return(ctx->stats.sess_miss);
1183 case SSL_CTRL_SESS_TIMEOUTS:
1184 return(ctx->stats.sess_timeout);
1185 case SSL_CTRL_SESS_CACHE_FULL:
1186 return(ctx->stats.sess_cache_full);
1187 case SSL_CTRL_OPTIONS:
1188 return(ctx->options|=larg);
1189 case SSL_CTRL_CLEAR_OPTIONS:
1190 return(ctx->options&=~larg);
1191 case SSL_CTRL_MODE:
1192 return(ctx->mode|=larg);
1193 case SSL_CTRL_CLEAR_MODE:
1194 return(ctx->mode&=~larg);
1195 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1196 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1197 return 0;
1198 ctx->max_send_fragment = larg;
1199 return 1;
1200 default:
1201 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
1202 }
1203 }
1204
1205long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1206 {
1207 switch(cmd)
1208 {
1209 case SSL_CTRL_SET_MSG_CALLBACK:
1210 ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
1211 return 1;
1212
1213 default:
1214 return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
1215 }
1216 }
1217
1218int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1219 {
1220 long l;
1221
1222 l=a->id-b->id;
1223 if (l == 0L)
1224 return(0);
1225 else
1226 return((l > 0)?1:-1);
1227 }
1228
1229int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1230 const SSL_CIPHER * const *bp)
1231 {
1232 long l;
1233
1234 l=(*ap)->id-(*bp)->id;
1235 if (l == 0L)
1236 return(0);
1237 else
1238 return((l > 0)?1:-1);
1239 }
1240
1241/** return a STACK of the ciphers available for the SSL and in order of
1242 * preference */
1243STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
1244 {
1245 if (s != NULL)
1246 {
1247 if (s->cipher_list != NULL)
1248 {
1249 return(s->cipher_list);
1250 }
1251 else if ((s->ctx != NULL) &&
1252 (s->ctx->cipher_list != NULL))
1253 {
1254 return(s->ctx->cipher_list);
1255 }
1256 }
1257 return(NULL);
1258 }
1259
1260/** return a STACK of the ciphers available for the SSL and in order of
1261 * algorithm id */
1262STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
1263 {
1264 if (s != NULL)
1265 {
1266 if (s->cipher_list_by_id != NULL)
1267 {
1268 return(s->cipher_list_by_id);
1269 }
1270 else if ((s->ctx != NULL) &&
1271 (s->ctx->cipher_list_by_id != NULL))
1272 {
1273 return(s->ctx->cipher_list_by_id);
1274 }
1275 }
1276 return(NULL);
1277 }
1278
1279/** The old interface to get the same thing as SSL_get_ciphers() */
1280const char *SSL_get_cipher_list(const SSL *s,int n)
1281 {
1282 SSL_CIPHER *c;
1283 STACK_OF(SSL_CIPHER) *sk;
1284
1285 if (s == NULL) return(NULL);
1286 sk=SSL_get_ciphers(s);
1287 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1288 return(NULL);
1289 c=sk_SSL_CIPHER_value(sk,n);
1290 if (c == NULL) return(NULL);
1291 return(c->name);
1292 }
1293
1294/** specify the ciphers to be used by default by the SSL_CTX */
1295int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1296 {
1297 STACK_OF(SSL_CIPHER) *sk;
1298
1299 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1300 &ctx->cipher_list_by_id,str);
1301 /* ssl_create_cipher_list may return an empty stack if it
1302 * was unable to find a cipher matching the given rule string
1303 * (for example if the rule string specifies a cipher which
1304 * has been disabled). This is not an error as far as
1305 * ssl_create_cipher_list is concerned, and hence
1306 * ctx->cipher_list and ctx->cipher_list_by_id has been
1307 * updated. */
1308 if (sk == NULL)
1309 return 0;
1310 else if (sk_SSL_CIPHER_num(sk) == 0)
1311 {
1312 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1313 return 0;
1314 }
1315 return 1;
1316 }
1317
1318/** specify the ciphers to be used by the SSL */
1319int SSL_set_cipher_list(SSL *s,const char *str)
1320 {
1321 STACK_OF(SSL_CIPHER) *sk;
1322
1323 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1324 &s->cipher_list_by_id,str);
1325 /* see comment in SSL_CTX_set_cipher_list */
1326 if (sk == NULL)
1327 return 0;
1328 else if (sk_SSL_CIPHER_num(sk) == 0)
1329 {
1330 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1331 return 0;
1332 }
1333 return 1;
1334 }
1335
1336/* works well for SSLv2, not so good for SSLv3 */
1337char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1338 {
1339 char *end;
1340 STACK_OF(SSL_CIPHER) *sk;
1341 SSL_CIPHER *c;
1342 size_t curlen = 0;
1343 int i;
1344
1345 if ((s->session == NULL) || (s->session->ciphers == NULL) ||
1346 (len < 2))
1347 return(NULL);
1348
1349 sk=s->session->ciphers;
1350 buf[0] = '\0';
1351 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1352 {
1353 c=sk_SSL_CIPHER_value(sk,i);
1354 end = buf + curlen;
1355 if (strlcat(buf, c->name, len) >= len ||
1356 (curlen = strlcat(buf, ":", len)) >= len)
1357 {
1358 /* remove truncated cipher from list */
1359 *end = '\0';
1360 break;
1361 }
1362 }
1363 /* remove trailing colon */
1364 if ((end = strrchr(buf, ':')) != NULL)
1365 *end = '\0';
1366 return(buf);
1367 }
1368
1369int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1370 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1371 {
1372 int i,j=0;
1373 SSL_CIPHER *c;
1374 unsigned char *q;
1375#ifndef OPENSSL_NO_KRB5
1376 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1377#endif /* OPENSSL_NO_KRB5 */
1378
1379 if (sk == NULL) return(0);
1380 q=p;
1381
1382 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1383 {
1384 c=sk_SSL_CIPHER_value(sk,i);
1385 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1386 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1387 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1388 continue;
1389#ifndef OPENSSL_NO_KRB5
1390 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
1391 nokrb5)
1392 continue;
1393#endif /* OPENSSL_NO_KRB5 */
1394#ifndef OPENSSL_NO_PSK
1395 /* with PSK there must be client callback set */
1396 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
1397 s->psk_client_callback == NULL)
1398 continue;
1399#endif /* OPENSSL_NO_PSK */
1400 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1401 p+=j;
1402 }
1403 /* If p == q, no ciphers and caller indicates an error. Otherwise
1404 * add SCSV if not renegotiating.
1405 */
1406 if (p != q && !s->renegotiate)
1407 {
1408 static SSL_CIPHER scsv =
1409 {
1410 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1411 };
1412 j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
1413 p+=j;
1414#ifdef OPENSSL_RI_DEBUG
1415 fprintf(stderr, "SCSV sent by client\n");
1416#endif
1417 }
1418
1419 return(p-q);
1420 }
1421
1422STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1423 STACK_OF(SSL_CIPHER) **skp)
1424 {
1425 const SSL_CIPHER *c;
1426 STACK_OF(SSL_CIPHER) *sk;
1427 int i,n;
1428 if (s->s3)
1429 s->s3->send_connection_binding = 0;
1430
1431 n=ssl_put_cipher_by_char(s,NULL,NULL);
1432 if ((num%n) != 0)
1433 {
1434 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1435 return(NULL);
1436 }
1437 if ((skp == NULL) || (*skp == NULL))
1438 sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
1439 else
1440 {
1441 sk= *skp;
1442 sk_SSL_CIPHER_zero(sk);
1443 }
1444
1445 for (i=0; i<num; i+=n)
1446 {
1447 /* Check for SCSV */
1448 if (s->s3 && (n != 3 || !p[0]) &&
1449 (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1450 (p[n-1] == (SSL3_CK_SCSV & 0xff)))
1451 {
1452 /* SCSV fatal if renegotiating */
1453 if (s->renegotiate)
1454 {
1455 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1456 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1457 goto err;
1458 }
1459 s->s3->send_connection_binding = 1;
1460 p += n;
1461#ifdef OPENSSL_RI_DEBUG
1462 fprintf(stderr, "SCSV received by server\n");
1463#endif
1464 continue;
1465 }
1466
1467 c=ssl_get_cipher_by_char(s,p);
1468 p+=n;
1469 if (c != NULL)
1470 {
1471 if (!sk_SSL_CIPHER_push(sk,c))
1472 {
1473 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
1474 goto err;
1475 }
1476 }
1477 }
1478
1479 if (skp != NULL)
1480 *skp=sk;
1481 return(sk);
1482err:
1483 if ((skp == NULL) || (*skp == NULL))
1484 sk_SSL_CIPHER_free(sk);
1485 return(NULL);
1486 }
1487
1488
1489#ifndef OPENSSL_NO_TLSEXT
1490/** return a servername extension value if provided in Client Hello, or NULL.
1491 * So far, only host_name types are defined (RFC 3546).
1492 */
1493
1494const char *SSL_get_servername(const SSL *s, const int type)
1495 {
1496 if (type != TLSEXT_NAMETYPE_host_name)
1497 return NULL;
1498
1499 return s->session && !s->tlsext_hostname ?
1500 s->session->tlsext_hostname :
1501 s->tlsext_hostname;
1502 }
1503
1504int SSL_get_servername_type(const SSL *s)
1505 {
1506 if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
1507 return TLSEXT_NAMETYPE_host_name;
1508 return -1;
1509 }
1510
1511# ifndef OPENSSL_NO_NEXTPROTONEG
1512/* SSL_select_next_proto implements the standard protocol selection. It is
1513 * expected that this function is called from the callback set by
1514 * SSL_CTX_set_next_proto_select_cb.
1515 *
1516 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1517 * strings. The length byte itself is not included in the length. A byte
1518 * string of length 0 is invalid. No byte string may be truncated.
1519 *
1520 * The current, but experimental algorithm for selecting the protocol is:
1521 *
1522 * 1) If the server doesn't support NPN then this is indicated to the
1523 * callback. In this case, the client application has to abort the connection
1524 * or have a default application level protocol.
1525 *
1526 * 2) If the server supports NPN, but advertises an empty list then the
1527 * client selects the first protcol in its list, but indicates via the
1528 * API that this fallback case was enacted.
1529 *
1530 * 3) Otherwise, the client finds the first protocol in the server's list
1531 * that it supports and selects this protocol. This is because it's
1532 * assumed that the server has better information about which protocol
1533 * a client should use.
1534 *
1535 * 4) If the client doesn't support any of the server's advertised
1536 * protocols, then this is treated the same as case 2.
1537 *
1538 * It returns either
1539 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1540 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1541 */
1542int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
1543 {
1544 unsigned int i, j;
1545 const unsigned char *result;
1546 int status = OPENSSL_NPN_UNSUPPORTED;
1547
1548 /* For each protocol in server preference order, see if we support it. */
1549 for (i = 0; i < server_len; )
1550 {
1551 for (j = 0; j < client_len; )
1552 {
1553 if (server[i] == client[j] &&
1554 memcmp(&server[i+1], &client[j+1], server[i]) == 0)
1555 {
1556 /* We found a match */
1557 result = &server[i];
1558 status = OPENSSL_NPN_NEGOTIATED;
1559 goto found;
1560 }
1561 j += client[j];
1562 j++;
1563 }
1564 i += server[i];
1565 i++;
1566 }
1567
1568 /* There's no overlap between our protocols and the server's list. */
1569 result = client;
1570 status = OPENSSL_NPN_NO_OVERLAP;
1571
1572 found:
1573 *out = (unsigned char *) result + 1;
1574 *outlen = result[0];
1575 return status;
1576 }
1577
1578/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1579 * requested protocol for this connection and returns 0. If the client didn't
1580 * request any protocol, then *data is set to NULL.
1581 *
1582 * Note that the client can request any protocol it chooses. The value returned
1583 * from this function need not be a member of the list of supported protocols
1584 * provided by the callback.
1585 */
1586void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
1587 {
1588 *data = s->next_proto_negotiated;
1589 if (!*data) {
1590 *len = 0;
1591 } else {
1592 *len = s->next_proto_negotiated_len;
1593 }
1594}
1595
1596/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1597 * TLS server needs a list of supported protocols for Next Protocol
1598 * Negotiation. The returned list must be in wire format. The list is returned
1599 * by setting |out| to point to it and |outlen| to its length. This memory will
1600 * not be modified, but one should assume that the SSL* keeps a reference to
1601 * it.
1602 *
1603 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
1604 * such extension will be included in the ServerHello. */
1605void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1606 {
1607 ctx->next_protos_advertised_cb = cb;
1608 ctx->next_protos_advertised_cb_arg = arg;
1609 }
1610
1611/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1612 * client needs to select a protocol from the server's provided list. |out|
1613 * must be set to point to the selected protocol (which may be within |in|).
1614 * The length of the protocol name must be written into |outlen|. The server's
1615 * advertised protocols are provided in |in| and |inlen|. The callback can
1616 * assume that |in| is syntactically valid.
1617 *
1618 * The client must select a protocol. It is fatal to the connection if this
1619 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1620 */
1621void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1622 {
1623 ctx->next_proto_select_cb = cb;
1624 ctx->next_proto_select_cb_arg = arg;
1625 }
1626# endif
1627#endif
1628
1629int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1630 const char *label, size_t llen, const unsigned char *p, size_t plen,
1631 int use_context)
1632 {
1633 if (s->version < TLS1_VERSION)
1634 return -1;
1635
1636 return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
1637 llen, p, plen,
1638 use_context);
1639 }
1640
1641static unsigned long ssl_session_hash(const SSL_SESSION *a)
1642 {
1643 unsigned long l;
1644
1645 l=(unsigned long)
1646 ((unsigned int) a->session_id[0] )|
1647 ((unsigned int) a->session_id[1]<< 8L)|
1648 ((unsigned long)a->session_id[2]<<16L)|
1649 ((unsigned long)a->session_id[3]<<24L);
1650 return(l);
1651 }
1652
1653/* NB: If this function (or indeed the hash function which uses a sort of
1654 * coarser function than this one) is changed, ensure
1655 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1656 * able to construct an SSL_SESSION that will collide with any existing session
1657 * with a matching session ID. */
1658static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
1659 {
1660 if (a->ssl_version != b->ssl_version)
1661 return(1);
1662 if (a->session_id_length != b->session_id_length)
1663 return(1);
1664 return(memcmp(a->session_id,b->session_id,a->session_id_length));
1665 }
1666
1667/* These wrapper functions should remain rather than redeclaring
1668 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1669 * variable. The reason is that the functions aren't static, they're exposed via
1670 * ssl.h. */
1671static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1672static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1673
1674SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1675 {
1676 SSL_CTX *ret=NULL;
1677
1678 if (meth == NULL)
1679 {
1680 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1681 return(NULL);
1682 }
1683
1684#ifdef OPENSSL_FIPS
1685 if (FIPS_mode() && (meth->version < TLS1_VERSION))
1686 {
1687 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1688 return NULL;
1689 }
1690#endif
1691
1692 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1693 {
1694 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1695 goto err;
1696 }
1697 ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
1698 if (ret == NULL)
1699 goto err;
1700
1701 memset(ret,0,sizeof(SSL_CTX));
1702
1703 ret->method=meth;
1704
1705 ret->cert_store=NULL;
1706 ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
1707 ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1708 ret->session_cache_head=NULL;
1709 ret->session_cache_tail=NULL;
1710
1711 /* We take the system default */
1712 ret->session_timeout=meth->get_timeout();
1713
1714 ret->new_session_cb=0;
1715 ret->remove_session_cb=0;
1716 ret->get_session_cb=0;
1717 ret->generate_session_id=0;
1718
1719 memset((char *)&ret->stats,0,sizeof(ret->stats));
1720
1721 ret->references=1;
1722 ret->quiet_shutdown=0;
1723
1724/* ret->cipher=NULL;*/
1725/* ret->s2->challenge=NULL;
1726 ret->master_key=NULL;
1727 ret->key_arg=NULL;
1728 ret->s2->conn_id=NULL; */
1729
1730 ret->info_callback=NULL;
1731
1732 ret->app_verify_callback=0;
1733 ret->app_verify_arg=NULL;
1734
1735 ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
1736 ret->read_ahead=0;
1737 ret->msg_callback=0;
1738 ret->msg_callback_arg=NULL;
1739 ret->verify_mode=SSL_VERIFY_NONE;
1740#if 0
1741 ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
1742#endif
1743 ret->sid_ctx_length=0;
1744 ret->default_verify_callback=NULL;
1745 if ((ret->cert=ssl_cert_new()) == NULL)
1746 goto err;
1747
1748 ret->default_passwd_callback=0;
1749 ret->default_passwd_callback_userdata=NULL;
1750 ret->client_cert_cb=0;
1751 ret->app_gen_cookie_cb=0;
1752 ret->app_verify_cookie_cb=0;
1753
1754 ret->sessions=lh_SSL_SESSION_new();
1755 if (ret->sessions == NULL) goto err;
1756 ret->cert_store=X509_STORE_new();
1757 if (ret->cert_store == NULL) goto err;
1758
1759 ssl_create_cipher_list(ret->method,
1760 &ret->cipher_list,&ret->cipher_list_by_id,
1761 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
1762 if (ret->cipher_list == NULL
1763 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1764 {
1765 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
1766 goto err2;
1767 }
1768
1769 ret->param = X509_VERIFY_PARAM_new();
1770 if (!ret->param)
1771 goto err;
1772
1773 if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
1774 {
1775 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
1776 goto err2;
1777 }
1778 if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
1779 {
1780 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1781 goto err2;
1782 }
1783 if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
1784 {
1785 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1786 goto err2;
1787 }
1788
1789 if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
1790 goto err;
1791
1792 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1793
1794 ret->extra_certs=NULL;
1795 ret->comp_methods=SSL_COMP_get_compression_methods();
1796
1797 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1798
1799#ifndef OPENSSL_NO_TLSEXT
1800 ret->tlsext_servername_callback = 0;
1801 ret->tlsext_servername_arg = NULL;
1802 /* Setup RFC4507 ticket keys */
1803 if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
1804 || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
1805 || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
1806 ret->options |= SSL_OP_NO_TICKET;
1807
1808 ret->tlsext_status_cb = 0;
1809 ret->tlsext_status_arg = NULL;
1810
1811# ifndef OPENSSL_NO_NEXTPROTONEG
1812 ret->next_protos_advertised_cb = 0;
1813 ret->next_proto_select_cb = 0;
1814# endif
1815#endif
1816#ifndef OPENSSL_NO_PSK
1817 ret->psk_identity_hint=NULL;
1818 ret->psk_client_callback=NULL;
1819 ret->psk_server_callback=NULL;
1820#endif
1821#ifndef OPENSSL_NO_SRP
1822 SSL_CTX_SRP_CTX_init(ret);
1823#endif
1824#ifndef OPENSSL_NO_BUF_FREELISTS
1825 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1826 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1827 if (!ret->rbuf_freelist)
1828 goto err;
1829 ret->rbuf_freelist->chunklen = 0;
1830 ret->rbuf_freelist->len = 0;
1831 ret->rbuf_freelist->head = NULL;
1832 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1833 if (!ret->wbuf_freelist)
1834 {
1835 OPENSSL_free(ret->rbuf_freelist);
1836 goto err;
1837 }
1838 ret->wbuf_freelist->chunklen = 0;
1839 ret->wbuf_freelist->len = 0;
1840 ret->wbuf_freelist->head = NULL;
1841#endif
1842#ifndef OPENSSL_NO_ENGINE
1843 ret->client_cert_engine = NULL;
1844#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1845#define eng_strx(x) #x
1846#define eng_str(x) eng_strx(x)
1847 /* Use specific client engine automatically... ignore errors */
1848 {
1849 ENGINE *eng;
1850 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1851 if (!eng)
1852 {
1853 ERR_clear_error();
1854 ENGINE_load_builtin_engines();
1855 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1856 }
1857 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1858 ERR_clear_error();
1859 }
1860#endif
1861#endif
1862 /* Default is to connect to non-RI servers. When RI is more widely
1863 * deployed might change this.
1864 */
1865 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1866
1867 return(ret);
1868err:
1869 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
1870err2:
1871 if (ret != NULL) SSL_CTX_free(ret);
1872 return(NULL);
1873 }
1874
1875#if 0
1876static void SSL_COMP_free(SSL_COMP *comp)
1877 { OPENSSL_free(comp); }
1878#endif
1879
1880#ifndef OPENSSL_NO_BUF_FREELISTS
1881static void
1882ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1883 {
1884 SSL3_BUF_FREELIST_ENTRY *ent, *next;
1885 for (ent = list->head; ent; ent = next)
1886 {
1887 next = ent->next;
1888 OPENSSL_free(ent);
1889 }
1890 OPENSSL_free(list);
1891 }
1892#endif
1893
1894void SSL_CTX_free(SSL_CTX *a)
1895 {
1896 int i;
1897
1898 if (a == NULL) return;
1899
1900 i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
1901#ifdef REF_PRINT
1902 REF_PRINT("SSL_CTX",a);
1903#endif
1904 if (i > 0) return;
1905#ifdef REF_CHECK
1906 if (i < 0)
1907 {
1908 fprintf(stderr,"SSL_CTX_free, bad reference count\n");
1909 abort(); /* ok */
1910 }
1911#endif
1912
1913 if (a->param)
1914 X509_VERIFY_PARAM_free(a->param);
1915
1916 /*
1917 * Free internal session cache. However: the remove_cb() may reference
1918 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1919 * after the sessions were flushed.
1920 * As the ex_data handling routines might also touch the session cache,
1921 * the most secure solution seems to be: empty (flush) the cache, then
1922 * free ex_data, then finally free the cache.
1923 * (See ticket [openssl.org #212].)
1924 */
1925 if (a->sessions != NULL)
1926 SSL_CTX_flush_sessions(a,0);
1927
1928 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1929
1930 if (a->sessions != NULL)
1931 lh_SSL_SESSION_free(a->sessions);
1932
1933 if (a->cert_store != NULL)
1934 X509_STORE_free(a->cert_store);
1935 if (a->cipher_list != NULL)
1936 sk_SSL_CIPHER_free(a->cipher_list);
1937 if (a->cipher_list_by_id != NULL)
1938 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1939 if (a->cert != NULL)
1940 ssl_cert_free(a->cert);
1941 if (a->client_CA != NULL)
1942 sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
1943 if (a->extra_certs != NULL)
1944 sk_X509_pop_free(a->extra_certs,X509_free);
1945#if 0 /* This should never be done, since it removes a global database */
1946 if (a->comp_methods != NULL)
1947 sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
1948#else
1949 a->comp_methods = NULL;
1950#endif
1951
1952 if (a->srtp_profiles)
1953 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1954
1955#ifndef OPENSSL_NO_PSK
1956 if (a->psk_identity_hint)
1957 OPENSSL_free(a->psk_identity_hint);
1958#endif
1959#ifndef OPENSSL_NO_SRP
1960 SSL_CTX_SRP_CTX_free(a);
1961#endif
1962#ifndef OPENSSL_NO_ENGINE
1963 if (a->client_cert_engine)
1964 ENGINE_finish(a->client_cert_engine);
1965#endif
1966
1967#ifndef OPENSSL_NO_BUF_FREELISTS
1968 if (a->wbuf_freelist)
1969 ssl_buf_freelist_free(a->wbuf_freelist);
1970 if (a->rbuf_freelist)
1971 ssl_buf_freelist_free(a->rbuf_freelist);
1972#endif
1973
1974 OPENSSL_free(a);
1975 }
1976
1977void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1978 {
1979 ctx->default_passwd_callback=cb;
1980 }
1981
1982void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
1983 {
1984 ctx->default_passwd_callback_userdata=u;
1985 }
1986
1987void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
1988 {
1989 ctx->app_verify_callback=cb;
1990 ctx->app_verify_arg=arg;
1991 }
1992
1993void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
1994 {
1995 ctx->verify_mode=mode;
1996 ctx->default_verify_callback=cb;
1997 }
1998
1999void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
2000 {
2001 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2002 }
2003
2004void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2005 {
2006 CERT_PKEY *cpk;
2007 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
2008 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
2009 int rsa_tmp_export,dh_tmp_export,kl;
2010 unsigned long mask_k,mask_a,emask_k,emask_a;
2011 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
2012#ifndef OPENSSL_NO_ECDH
2013 int have_ecdh_tmp;
2014#endif
2015 X509 *x = NULL;
2016 EVP_PKEY *ecc_pkey = NULL;
2017 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2018
2019 if (c == NULL) return;
2020
2021 kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
2022
2023#ifndef OPENSSL_NO_RSA
2024 rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
2025 rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
2026 (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
2027#else
2028 rsa_tmp=rsa_tmp_export=0;
2029#endif
2030#ifndef OPENSSL_NO_DH
2031 dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
2032 dh_tmp_export=(c->dh_tmp_cb != NULL ||
2033 (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
2034#else
2035 dh_tmp=dh_tmp_export=0;
2036#endif
2037
2038#ifndef OPENSSL_NO_ECDH
2039 have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
2040#endif
2041 cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
2042 rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
2043 rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2044 cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2045 rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
2046 cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2047 dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
2048 cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
2049 dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
2050 dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2051 cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
2052/* FIX THIS EAY EAY EAY */
2053 dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
2054 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
2055 cpk= &(c->pkeys[SSL_PKEY_ECC]);
2056 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
2057 mask_k=0;
2058 mask_a=0;
2059 emask_k=0;
2060 emask_a=0;
2061
2062
2063
2064#ifdef CIPHER_DEBUG
2065 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
2066 rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
2067 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
2068#endif
2069
2070 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2071 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2072 mask_k |= SSL_kGOST;
2073 mask_a |= SSL_aGOST01;
2074 }
2075 cpk = &(c->pkeys[SSL_PKEY_GOST94]);
2076 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2077 mask_k |= SSL_kGOST;
2078 mask_a |= SSL_aGOST94;
2079 }
2080
2081 if (rsa_enc || (rsa_tmp && rsa_sign))
2082 mask_k|=SSL_kRSA;
2083 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
2084 emask_k|=SSL_kRSA;
2085
2086#if 0
2087 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
2088 if ( (dh_tmp || dh_rsa || dh_dsa) &&
2089 (rsa_enc || rsa_sign || dsa_sign))
2090 mask_k|=SSL_kEDH;
2091 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
2092 (rsa_enc || rsa_sign || dsa_sign))
2093 emask_k|=SSL_kEDH;
2094#endif
2095
2096 if (dh_tmp_export)
2097 emask_k|=SSL_kEDH;
2098
2099 if (dh_tmp)
2100 mask_k|=SSL_kEDH;
2101
2102 if (dh_rsa) mask_k|=SSL_kDHr;
2103 if (dh_rsa_export) emask_k|=SSL_kDHr;
2104
2105 if (dh_dsa) mask_k|=SSL_kDHd;
2106 if (dh_dsa_export) emask_k|=SSL_kDHd;
2107
2108 if (rsa_enc || rsa_sign)
2109 {
2110 mask_a|=SSL_aRSA;
2111 emask_a|=SSL_aRSA;
2112 }
2113
2114 if (dsa_sign)
2115 {
2116 mask_a|=SSL_aDSS;
2117 emask_a|=SSL_aDSS;
2118 }
2119
2120 mask_a|=SSL_aNULL;
2121 emask_a|=SSL_aNULL;
2122
2123#ifndef OPENSSL_NO_KRB5
2124 mask_k|=SSL_kKRB5;
2125 mask_a|=SSL_aKRB5;
2126 emask_k|=SSL_kKRB5;
2127 emask_a|=SSL_aKRB5;
2128#endif
2129
2130 /* An ECC certificate may be usable for ECDH and/or
2131 * ECDSA cipher suites depending on the key usage extension.
2132 */
2133 if (have_ecc_cert)
2134 {
2135 /* This call populates extension flags (ex_flags) */
2136 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2137 X509_check_purpose(x, -1, 0);
2138 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2139 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2140 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2141 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2142 ecc_pkey = X509_get_pubkey(x);
2143 ecc_pkey_size = (ecc_pkey != NULL) ?
2144 EVP_PKEY_bits(ecc_pkey) : 0;
2145 EVP_PKEY_free(ecc_pkey);
2146 if ((x->sig_alg) && (x->sig_alg->algorithm))
2147 {
2148 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2149 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2150 }
2151#ifndef OPENSSL_NO_ECDH
2152 if (ecdh_ok)
2153 {
2154
2155 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
2156 {
2157 mask_k|=SSL_kECDHr;
2158 mask_a|=SSL_aECDH;
2159 if (ecc_pkey_size <= 163)
2160 {
2161 emask_k|=SSL_kECDHr;
2162 emask_a|=SSL_aECDH;
2163 }
2164 }
2165
2166 if (pk_nid == NID_X9_62_id_ecPublicKey)
2167 {
2168 mask_k|=SSL_kECDHe;
2169 mask_a|=SSL_aECDH;
2170 if (ecc_pkey_size <= 163)
2171 {
2172 emask_k|=SSL_kECDHe;
2173 emask_a|=SSL_aECDH;
2174 }
2175 }
2176 }
2177#endif
2178#ifndef OPENSSL_NO_ECDSA
2179 if (ecdsa_ok)
2180 {
2181 mask_a|=SSL_aECDSA;
2182 emask_a|=SSL_aECDSA;
2183 }
2184#endif
2185 }
2186
2187#ifndef OPENSSL_NO_ECDH
2188 if (have_ecdh_tmp)
2189 {
2190 mask_k|=SSL_kEECDH;
2191 emask_k|=SSL_kEECDH;
2192 }
2193#endif
2194
2195#ifndef OPENSSL_NO_PSK
2196 mask_k |= SSL_kPSK;
2197 mask_a |= SSL_aPSK;
2198 emask_k |= SSL_kPSK;
2199 emask_a |= SSL_aPSK;
2200#endif
2201
2202 c->mask_k=mask_k;
2203 c->mask_a=mask_a;
2204 c->export_mask_k=emask_k;
2205 c->export_mask_a=emask_a;
2206 c->valid=1;
2207 }
2208
2209/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2210#define ku_reject(x, usage) \
2211 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2212
2213#ifndef OPENSSL_NO_EC
2214
2215int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2216 {
2217 unsigned long alg_k, alg_a;
2218 EVP_PKEY *pkey = NULL;
2219 int keysize = 0;
2220 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2221 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2222
2223 alg_k = cs->algorithm_mkey;
2224 alg_a = cs->algorithm_auth;
2225
2226 if (SSL_C_IS_EXPORT(cs))
2227 {
2228 /* ECDH key length in export ciphers must be <= 163 bits */
2229 pkey = X509_get_pubkey(x);
2230 if (pkey == NULL) return 0;
2231 keysize = EVP_PKEY_bits(pkey);
2232 EVP_PKEY_free(pkey);
2233 if (keysize > 163) return 0;
2234 }
2235
2236 /* This call populates the ex_flags field correctly */
2237 X509_check_purpose(x, -1, 0);
2238 if ((x->sig_alg) && (x->sig_alg->algorithm))
2239 {
2240 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2241 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2242 }
2243 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
2244 {
2245 /* key usage, if present, must allow key agreement */
2246 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
2247 {
2248 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2249 return 0;
2250 }
2251 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
2252 {
2253 /* signature alg must be ECDSA */
2254 if (pk_nid != NID_X9_62_id_ecPublicKey)
2255 {
2256 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2257 return 0;
2258 }
2259 }
2260 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
2261 {
2262 /* signature alg must be RSA */
2263
2264 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
2265 {
2266 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2267 return 0;
2268 }
2269 }
2270 }
2271 if (alg_a & SSL_aECDSA)
2272 {
2273 /* key usage, if present, must allow signing */
2274 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
2275 {
2276 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2277 return 0;
2278 }
2279 }
2280
2281 return 1; /* all checks are ok */
2282 }
2283
2284#endif
2285
2286/* THIS NEEDS CLEANING UP */
2287X509 *ssl_get_server_send_cert(SSL *s)
2288 {
2289 unsigned long alg_k,alg_a;
2290 CERT *c;
2291 int i;
2292
2293 c=s->cert;
2294 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2295
2296 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2297 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2298
2299 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2300 {
2301 /* we don't need to look at SSL_kEECDH
2302 * since no certificate is needed for
2303 * anon ECDH and for authenticated
2304 * EECDH, the check for the auth
2305 * algorithm will set i correctly
2306 * NOTE: For ECDH-RSA, we need an ECC
2307 * not an RSA cert but for EECDH-RSA
2308 * we need an RSA cert. Placing the
2309 * checks for SSL_kECDH before RSA
2310 * checks ensures the correct cert is chosen.
2311 */
2312 i=SSL_PKEY_ECC;
2313 }
2314 else if (alg_a & SSL_aECDSA)
2315 {
2316 i=SSL_PKEY_ECC;
2317 }
2318 else if (alg_k & SSL_kDHr)
2319 i=SSL_PKEY_DH_RSA;
2320 else if (alg_k & SSL_kDHd)
2321 i=SSL_PKEY_DH_DSA;
2322 else if (alg_a & SSL_aDSS)
2323 i=SSL_PKEY_DSA_SIGN;
2324 else if (alg_a & SSL_aRSA)
2325 {
2326 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2327 i=SSL_PKEY_RSA_SIGN;
2328 else
2329 i=SSL_PKEY_RSA_ENC;
2330 }
2331 else if (alg_a & SSL_aKRB5)
2332 {
2333 /* VRS something else here? */
2334 return(NULL);
2335 }
2336 else if (alg_a & SSL_aGOST94)
2337 i=SSL_PKEY_GOST94;
2338 else if (alg_a & SSL_aGOST01)
2339 i=SSL_PKEY_GOST01;
2340 else /* if (alg_a & SSL_aNULL) */
2341 {
2342 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
2343 return(NULL);
2344 }
2345 if (c->pkeys[i].x509 == NULL) return(NULL);
2346
2347 return(c->pkeys[i].x509);
2348 }
2349
2350EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
2351 {
2352 unsigned long alg_a;
2353 CERT *c;
2354 int idx = -1;
2355
2356 alg_a = cipher->algorithm_auth;
2357 c=s->cert;
2358
2359 if ((alg_a & SSL_aDSS) &&
2360 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2361 idx = SSL_PKEY_DSA_SIGN;
2362 else if (alg_a & SSL_aRSA)
2363 {
2364 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2365 idx = SSL_PKEY_RSA_SIGN;
2366 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2367 idx = SSL_PKEY_RSA_ENC;
2368 }
2369 else if ((alg_a & SSL_aECDSA) &&
2370 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2371 idx = SSL_PKEY_ECC;
2372 if (idx == -1)
2373 {
2374 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
2375 return(NULL);
2376 }
2377 if (pmd)
2378 *pmd = c->pkeys[idx].digest;
2379 return c->pkeys[idx].privatekey;
2380 }
2381
2382void ssl_update_cache(SSL *s,int mode)
2383 {
2384 int i;
2385
2386 /* If the session_id_length is 0, we are not supposed to cache it,
2387 * and it would be rather hard to do anyway :-) */
2388 if (s->session->session_id_length == 0) return;
2389
2390 i=s->session_ctx->session_cache_mode;
2391 if ((i & mode) && (!s->hit)
2392 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2393 || SSL_CTX_add_session(s->session_ctx,s->session))
2394 && (s->session_ctx->new_session_cb != NULL))
2395 {
2396 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
2397 if (!s->session_ctx->new_session_cb(s,s->session))
2398 SSL_SESSION_free(s->session);
2399 }
2400
2401 /* auto flush every 255 connections */
2402 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2403 ((i & mode) == mode))
2404 {
2405 if ( (((mode & SSL_SESS_CACHE_CLIENT)
2406 ?s->session_ctx->stats.sess_connect_good
2407 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
2408 {
2409 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2410 }
2411 }
2412 }
2413
2414const SSL_METHOD *SSL_get_ssl_method(SSL *s)
2415 {
2416 return(s->method);
2417 }
2418
2419int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2420 {
2421 int conn= -1;
2422 int ret=1;
2423
2424 if (s->method != meth)
2425 {
2426 if (s->handshake_func != NULL)
2427 conn=(s->handshake_func == s->method->ssl_connect);
2428
2429 if (s->method->version == meth->version)
2430 s->method=meth;
2431 else
2432 {
2433 s->method->ssl_free(s);
2434 s->method=meth;
2435 ret=s->method->ssl_new(s);
2436 }
2437
2438 if (conn == 1)
2439 s->handshake_func=meth->ssl_connect;
2440 else if (conn == 0)
2441 s->handshake_func=meth->ssl_accept;
2442 }
2443 return(ret);
2444 }
2445
2446int SSL_get_error(const SSL *s,int i)
2447 {
2448 int reason;
2449 unsigned long l;
2450 BIO *bio;
2451
2452 if (i > 0) return(SSL_ERROR_NONE);
2453
2454 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2455 * etc, where we do encode the error */
2456 if ((l=ERR_peek_error()) != 0)
2457 {
2458 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2459 return(SSL_ERROR_SYSCALL);
2460 else
2461 return(SSL_ERROR_SSL);
2462 }
2463
2464 if ((i < 0) && SSL_want_read(s))
2465 {
2466 bio=SSL_get_rbio(s);
2467 if (BIO_should_read(bio))
2468 return(SSL_ERROR_WANT_READ);
2469 else if (BIO_should_write(bio))
2470 /* This one doesn't make too much sense ... We never try
2471 * to write to the rbio, and an application program where
2472 * rbio and wbio are separate couldn't even know what it
2473 * should wait for.
2474 * However if we ever set s->rwstate incorrectly
2475 * (so that we have SSL_want_read(s) instead of
2476 * SSL_want_write(s)) and rbio and wbio *are* the same,
2477 * this test works around that bug; so it might be safer
2478 * to keep it. */
2479 return(SSL_ERROR_WANT_WRITE);
2480 else if (BIO_should_io_special(bio))
2481 {
2482 reason=BIO_get_retry_reason(bio);
2483 if (reason == BIO_RR_CONNECT)
2484 return(SSL_ERROR_WANT_CONNECT);
2485 else if (reason == BIO_RR_ACCEPT)
2486 return(SSL_ERROR_WANT_ACCEPT);
2487 else
2488 return(SSL_ERROR_SYSCALL); /* unknown */
2489 }
2490 }
2491
2492 if ((i < 0) && SSL_want_write(s))
2493 {
2494 bio=SSL_get_wbio(s);
2495 if (BIO_should_write(bio))
2496 return(SSL_ERROR_WANT_WRITE);
2497 else if (BIO_should_read(bio))
2498 /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
2499 return(SSL_ERROR_WANT_READ);
2500 else if (BIO_should_io_special(bio))
2501 {
2502 reason=BIO_get_retry_reason(bio);
2503 if (reason == BIO_RR_CONNECT)
2504 return(SSL_ERROR_WANT_CONNECT);
2505 else if (reason == BIO_RR_ACCEPT)
2506 return(SSL_ERROR_WANT_ACCEPT);
2507 else
2508 return(SSL_ERROR_SYSCALL);
2509 }
2510 }
2511 if ((i < 0) && SSL_want_x509_lookup(s))
2512 {
2513 return(SSL_ERROR_WANT_X509_LOOKUP);
2514 }
2515
2516 if (i == 0)
2517 {
2518 if (s->version == SSL2_VERSION)
2519 {
2520 /* assume it is the socket being closed */
2521 return(SSL_ERROR_ZERO_RETURN);
2522 }
2523 else
2524 {
2525 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2526 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2527 return(SSL_ERROR_ZERO_RETURN);
2528 }
2529 }
2530 return(SSL_ERROR_SYSCALL);
2531 }
2532
2533int SSL_do_handshake(SSL *s)
2534 {
2535 int ret=1;
2536
2537 if (s->handshake_func == NULL)
2538 {
2539 SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
2540 return(-1);
2541 }
2542
2543 s->method->ssl_renegotiate_check(s);
2544
2545 if (SSL_in_init(s) || SSL_in_before(s))
2546 {
2547 ret=s->handshake_func(s);
2548 }
2549 return(ret);
2550 }
2551
2552/* For the next 2 functions, SSL_clear() sets shutdown and so
2553 * one of these calls will reset it */
2554void SSL_set_accept_state(SSL *s)
2555 {
2556 s->server=1;
2557 s->shutdown=0;
2558 s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
2559 s->handshake_func=s->method->ssl_accept;
2560 /* clear the current cipher */
2561 ssl_clear_cipher_ctx(s);
2562 ssl_clear_hash_ctx(&s->read_hash);
2563 ssl_clear_hash_ctx(&s->write_hash);
2564 }
2565
2566void SSL_set_connect_state(SSL *s)
2567 {
2568 s->server=0;
2569 s->shutdown=0;
2570 s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
2571 s->handshake_func=s->method->ssl_connect;
2572 /* clear the current cipher */
2573 ssl_clear_cipher_ctx(s);
2574 ssl_clear_hash_ctx(&s->read_hash);
2575 ssl_clear_hash_ctx(&s->write_hash);
2576 }
2577
2578int ssl_undefined_function(SSL *s)
2579 {
2580 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2581 return(0);
2582 }
2583
2584int ssl_undefined_void_function(void)
2585 {
2586 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2587 return(0);
2588 }
2589
2590int ssl_undefined_const_function(const SSL *s)
2591 {
2592 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2593 return(0);
2594 }
2595
2596SSL_METHOD *ssl_bad_method(int ver)
2597 {
2598 SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2599 return(NULL);
2600 }
2601
2602const char *SSL_get_version(const SSL *s)
2603 {
2604 if (s->version == TLS1_2_VERSION)
2605 return("TLSv1.2");
2606 else if (s->version == TLS1_1_VERSION)
2607 return("TLSv1.1");
2608 if (s->version == TLS1_VERSION)
2609 return("TLSv1");
2610 else if (s->version == SSL3_VERSION)
2611 return("SSLv3");
2612 else if (s->version == SSL2_VERSION)
2613 return("SSLv2");
2614 else
2615 return("unknown");
2616 }
2617
2618SSL *SSL_dup(SSL *s)
2619 {
2620 STACK_OF(X509_NAME) *sk;
2621 X509_NAME *xn;
2622 SSL *ret;
2623 int i;
2624
2625 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2626 return(NULL);
2627
2628 ret->version = s->version;
2629 ret->type = s->type;
2630 ret->method = s->method;
2631
2632 if (s->session != NULL)
2633 {
2634 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2635 SSL_copy_session_id(ret,s);
2636 }
2637 else
2638 {
2639 /* No session has been established yet, so we have to expect
2640 * that s->cert or ret->cert will be changed later --
2641 * they should not both point to the same object,
2642 * and thus we can't use SSL_copy_session_id. */
2643
2644 ret->method->ssl_free(ret);
2645 ret->method = s->method;
2646 ret->method->ssl_new(ret);
2647
2648 if (s->cert != NULL)
2649 {
2650 if (ret->cert != NULL)
2651 {
2652 ssl_cert_free(ret->cert);
2653 }
2654 ret->cert = ssl_cert_dup(s->cert);
2655 if (ret->cert == NULL)
2656 goto err;
2657 }
2658
2659 SSL_set_session_id_context(ret,
2660 s->sid_ctx, s->sid_ctx_length);
2661 }
2662
2663 ret->options=s->options;
2664 ret->mode=s->mode;
2665 SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
2666 SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
2667 ret->msg_callback = s->msg_callback;
2668 ret->msg_callback_arg = s->msg_callback_arg;
2669 SSL_set_verify(ret,SSL_get_verify_mode(s),
2670 SSL_get_verify_callback(s));
2671 SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
2672 ret->generate_session_id = s->generate_session_id;
2673
2674 SSL_set_info_callback(ret,SSL_get_info_callback(s));
2675
2676 ret->debug=s->debug;
2677
2678 /* copy app data, a little dangerous perhaps */
2679 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
2680 goto err;
2681
2682 /* setup rbio, and wbio */
2683 if (s->rbio != NULL)
2684 {
2685 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2686 goto err;
2687 }
2688 if (s->wbio != NULL)
2689 {
2690 if (s->wbio != s->rbio)
2691 {
2692 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2693 goto err;
2694 }
2695 else
2696 ret->wbio=ret->rbio;
2697 }
2698 ret->rwstate = s->rwstate;
2699 ret->in_handshake = s->in_handshake;
2700 ret->handshake_func = s->handshake_func;
2701 ret->server = s->server;
2702 ret->renegotiate = s->renegotiate;
2703 ret->new_session = s->new_session;
2704 ret->quiet_shutdown = s->quiet_shutdown;
2705 ret->shutdown=s->shutdown;
2706 ret->state=s->state; /* SSL_dup does not really work at any state, though */
2707 ret->rstate=s->rstate;
2708 ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
2709 ret->hit=s->hit;
2710
2711 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2712
2713 /* dup the cipher_list and cipher_list_by_id stacks */
2714 if (s->cipher_list != NULL)
2715 {
2716 if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2717 goto err;
2718 }
2719 if (s->cipher_list_by_id != NULL)
2720 if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
2721 == NULL)
2722 goto err;
2723
2724 /* Dup the client_CA list */
2725 if (s->client_CA != NULL)
2726 {
2727 if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2728 ret->client_CA=sk;
2729 for (i=0; i<sk_X509_NAME_num(sk); i++)
2730 {
2731 xn=sk_X509_NAME_value(sk,i);
2732 if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
2733 {
2734 X509_NAME_free(xn);
2735 goto err;
2736 }
2737 }
2738 }
2739
2740 if (0)
2741 {
2742err:
2743 if (ret != NULL) SSL_free(ret);
2744 ret=NULL;
2745 }
2746 return(ret);
2747 }
2748
2749void ssl_clear_cipher_ctx(SSL *s)
2750 {
2751 if (s->enc_read_ctx != NULL)
2752 {
2753 EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
2754 OPENSSL_free(s->enc_read_ctx);
2755 s->enc_read_ctx=NULL;
2756 }
2757 if (s->enc_write_ctx != NULL)
2758 {
2759 EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
2760 OPENSSL_free(s->enc_write_ctx);
2761 s->enc_write_ctx=NULL;
2762 }
2763#ifndef OPENSSL_NO_COMP
2764 if (s->expand != NULL)
2765 {
2766 COMP_CTX_free(s->expand);
2767 s->expand=NULL;
2768 }
2769 if (s->compress != NULL)
2770 {
2771 COMP_CTX_free(s->compress);
2772 s->compress=NULL;
2773 }
2774#endif
2775 }
2776
2777/* Fix this function so that it takes an optional type parameter */
2778X509 *SSL_get_certificate(const SSL *s)
2779 {
2780 if (s->cert != NULL)
2781 return(s->cert->key->x509);
2782 else
2783 return(NULL);
2784 }
2785
2786/* Fix this function so that it takes an optional type parameter */
2787EVP_PKEY *SSL_get_privatekey(SSL *s)
2788 {
2789 if (s->cert != NULL)
2790 return(s->cert->key->privatekey);
2791 else
2792 return(NULL);
2793 }
2794
2795const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
2796 {
2797 if ((s->session != NULL) && (s->session->cipher != NULL))
2798 return(s->session->cipher);
2799 return(NULL);
2800 }
2801#ifdef OPENSSL_NO_COMP
2802const void *SSL_get_current_compression(SSL *s)
2803 {
2804 return NULL;
2805 }
2806const void *SSL_get_current_expansion(SSL *s)
2807 {
2808 return NULL;
2809 }
2810#else
2811
2812const COMP_METHOD *SSL_get_current_compression(SSL *s)
2813 {
2814 if (s->compress != NULL)
2815 return(s->compress->meth);
2816 return(NULL);
2817 }
2818
2819const COMP_METHOD *SSL_get_current_expansion(SSL *s)
2820 {
2821 if (s->expand != NULL)
2822 return(s->expand->meth);
2823 return(NULL);
2824 }
2825#endif
2826
2827int ssl_init_wbio_buffer(SSL *s,int push)
2828 {
2829 BIO *bbio;
2830
2831 if (s->bbio == NULL)
2832 {
2833 bbio=BIO_new(BIO_f_buffer());
2834 if (bbio == NULL) return(0);
2835 s->bbio=bbio;
2836 }
2837 else
2838 {
2839 bbio=s->bbio;
2840 if (s->bbio == s->wbio)
2841 s->wbio=BIO_pop(s->wbio);
2842 }
2843 (void)BIO_reset(bbio);
2844/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2845 if (!BIO_set_read_buffer_size(bbio,1))
2846 {
2847 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
2848 return(0);
2849 }
2850 if (push)
2851 {
2852 if (s->wbio != bbio)
2853 s->wbio=BIO_push(bbio,s->wbio);
2854 }
2855 else
2856 {
2857 if (s->wbio == bbio)
2858 s->wbio=BIO_pop(bbio);
2859 }
2860 return(1);
2861 }
2862
2863void ssl_free_wbio_buffer(SSL *s)
2864 {
2865 if (s->bbio == NULL) return;
2866
2867 if (s->bbio == s->wbio)
2868 {
2869 /* remove buffering */
2870 s->wbio=BIO_pop(s->wbio);
2871#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2872 assert(s->wbio != NULL);
2873#endif
2874 }
2875 BIO_free(s->bbio);
2876 s->bbio=NULL;
2877 }
2878
2879void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
2880 {
2881 ctx->quiet_shutdown=mode;
2882 }
2883
2884int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2885 {
2886 return(ctx->quiet_shutdown);
2887 }
2888
2889void SSL_set_quiet_shutdown(SSL *s,int mode)
2890 {
2891 s->quiet_shutdown=mode;
2892 }
2893
2894int SSL_get_quiet_shutdown(const SSL *s)
2895 {
2896 return(s->quiet_shutdown);
2897 }
2898
2899void SSL_set_shutdown(SSL *s,int mode)
2900 {
2901 s->shutdown=mode;
2902 }
2903
2904int SSL_get_shutdown(const SSL *s)
2905 {
2906 return(s->shutdown);
2907 }
2908
2909int SSL_version(const SSL *s)
2910 {
2911 return(s->version);
2912 }
2913
2914SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
2915 {
2916 return(ssl->ctx);
2917 }
2918
2919SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2920 {
2921 if (ssl->ctx == ctx)
2922 return ssl->ctx;
2923#ifndef OPENSSL_NO_TLSEXT
2924 if (ctx == NULL)
2925 ctx = ssl->initial_ctx;
2926#endif
2927 if (ssl->cert != NULL)
2928 ssl_cert_free(ssl->cert);
2929 ssl->cert = ssl_cert_dup(ctx->cert);
2930 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
2931 if (ssl->ctx != NULL)
2932 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2933 ssl->ctx = ctx;
2934 return(ssl->ctx);
2935 }
2936
2937#ifndef OPENSSL_NO_STDIO
2938int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2939 {
2940 return(X509_STORE_set_default_paths(ctx->cert_store));
2941 }
2942
2943int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2944 const char *CApath)
2945 {
2946 return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
2947 }
2948#endif
2949
2950void SSL_set_info_callback(SSL *ssl,
2951 void (*cb)(const SSL *ssl,int type,int val))
2952 {
2953 ssl->info_callback=cb;
2954 }
2955
2956/* One compiler (Diab DCC) doesn't like argument names in returned
2957 function pointer. */
2958void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2959 {
2960 return ssl->info_callback;
2961 }
2962
2963int SSL_state(const SSL *ssl)
2964 {
2965 return(ssl->state);
2966 }
2967
2968void SSL_set_state(SSL *ssl, int state)
2969 {
2970 ssl->state = state;
2971 }
2972
2973void SSL_set_verify_result(SSL *ssl,long arg)
2974 {
2975 ssl->verify_result=arg;
2976 }
2977
2978long SSL_get_verify_result(const SSL *ssl)
2979 {
2980 return(ssl->verify_result);
2981 }
2982
2983int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
2984 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
2985 {
2986 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2987 new_func, dup_func, free_func);
2988 }
2989
2990int SSL_set_ex_data(SSL *s,int idx,void *arg)
2991 {
2992 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
2993 }
2994
2995void *SSL_get_ex_data(const SSL *s,int idx)
2996 {
2997 return(CRYPTO_get_ex_data(&s->ex_data,idx));
2998 }
2999
3000int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
3001 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
3002 {
3003 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
3004 new_func, dup_func, free_func);
3005 }
3006
3007int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
3008 {
3009 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
3010 }
3011
3012void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
3013 {
3014 return(CRYPTO_get_ex_data(&s->ex_data,idx));
3015 }
3016
3017int ssl_ok(SSL *s)
3018 {
3019 return(1);
3020 }
3021
3022X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3023 {
3024 return(ctx->cert_store);
3025 }
3026
3027void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
3028 {
3029 if (ctx->cert_store != NULL)
3030 X509_STORE_free(ctx->cert_store);
3031 ctx->cert_store=store;
3032 }
3033
3034int SSL_want(const SSL *s)
3035 {
3036 return(s->rwstate);
3037 }
3038
3039/*!
3040 * \brief Set the callback for generating temporary RSA keys.
3041 * \param ctx the SSL context.
3042 * \param cb the callback
3043 */
3044
3045#ifndef OPENSSL_NO_RSA
3046void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
3047 int is_export,
3048 int keylength))
3049 {
3050 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3051 }
3052
3053void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
3054 int is_export,
3055 int keylength))
3056 {
3057 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3058 }
3059#endif
3060
3061#ifdef DOXYGEN
3062/*!
3063 * \brief The RSA temporary key callback function.
3064 * \param ssl the SSL session.
3065 * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
3066 * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
3067 * of the required key in bits.
3068 * \return the temporary RSA key.
3069 * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
3070 */
3071
3072RSA *cb(SSL *ssl,int is_export,int keylength)
3073 {}
3074#endif
3075
3076/*!
3077 * \brief Set the callback for generating temporary DH keys.
3078 * \param ctx the SSL context.
3079 * \param dh the callback
3080 */
3081
3082#ifndef OPENSSL_NO_DH
3083void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
3084 int keylength))
3085 {
3086 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3087 }
3088
3089void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
3090 int keylength))
3091 {
3092 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3093 }
3094#endif
3095
3096#ifndef OPENSSL_NO_ECDH
3097void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
3098 int keylength))
3099 {
3100 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3101 }
3102
3103void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
3104 int keylength))
3105 {
3106 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3107 }
3108#endif
3109
3110#ifndef OPENSSL_NO_PSK
3111int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
3112 {
3113 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
3114 {
3115 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3116 return 0;
3117 }
3118 if (ctx->psk_identity_hint != NULL)
3119 OPENSSL_free(ctx->psk_identity_hint);
3120 if (identity_hint != NULL)
3121 {
3122 ctx->psk_identity_hint = BUF_strdup(identity_hint);
3123 if (ctx->psk_identity_hint == NULL)
3124 return 0;
3125 }
3126 else
3127 ctx->psk_identity_hint = NULL;
3128 return 1;
3129 }
3130
3131int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
3132 {
3133 if (s == NULL)
3134 return 0;
3135
3136 if (s->session == NULL)
3137 return 1; /* session not created yet, ignored */
3138
3139 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
3140 {
3141 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
3142 return 0;
3143 }
3144 if (s->session->psk_identity_hint != NULL)
3145 OPENSSL_free(s->session->psk_identity_hint);
3146 if (identity_hint != NULL)
3147 {
3148 s->session->psk_identity_hint = BUF_strdup(identity_hint);
3149 if (s->session->psk_identity_hint == NULL)
3150 return 0;
3151 }
3152 else
3153 s->session->psk_identity_hint = NULL;
3154 return 1;
3155 }
3156
3157const char *SSL_get_psk_identity_hint(const SSL *s)
3158 {
3159 if (s == NULL || s->session == NULL)
3160 return NULL;
3161 return(s->session->psk_identity_hint);
3162 }
3163
3164const char *SSL_get_psk_identity(const SSL *s)
3165 {
3166 if (s == NULL || s->session == NULL)
3167 return NULL;
3168 return(s->session->psk_identity);
3169 }
3170
3171void SSL_set_psk_client_callback(SSL *s,
3172 unsigned int (*cb)(SSL *ssl, const char *hint,
3173 char *identity, unsigned int max_identity_len, unsigned char *psk,
3174 unsigned int max_psk_len))
3175 {
3176 s->psk_client_callback = cb;
3177 }
3178
3179void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3180 unsigned int (*cb)(SSL *ssl, const char *hint,
3181 char *identity, unsigned int max_identity_len, unsigned char *psk,
3182 unsigned int max_psk_len))
3183 {
3184 ctx->psk_client_callback = cb;
3185 }
3186
3187void SSL_set_psk_server_callback(SSL *s,
3188 unsigned int (*cb)(SSL *ssl, const char *identity,
3189 unsigned char *psk, unsigned int max_psk_len))
3190 {
3191 s->psk_server_callback = cb;
3192 }
3193
3194void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3195 unsigned int (*cb)(SSL *ssl, const char *identity,
3196 unsigned char *psk, unsigned int max_psk_len))
3197 {
3198 ctx->psk_server_callback = cb;
3199 }
3200#endif
3201
3202void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3203 {
3204 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3205 }
3206void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3207 {
3208 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3209 }
3210
3211/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3212 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
3213 * any. If EVP_MD pointer is passed, initializes ctx with this md
3214 * Returns newly allocated ctx;
3215 */
3216
3217EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
3218{
3219 ssl_clear_hash_ctx(hash);
3220 *hash = EVP_MD_CTX_create();
3221 if (md) EVP_DigestInit_ex(*hash,md,NULL);
3222 return *hash;
3223}
3224void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3225{
3226
3227 if (*hash) EVP_MD_CTX_destroy(*hash);
3228 *hash=NULL;
3229}
3230
3231void SSL_set_debug(SSL *s, int debug)
3232 {
3233 s->debug = debug;
3234 }
3235
3236int SSL_cache_hit(SSL *s)
3237 {
3238 return s->hit;
3239 }
3240
3241#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
3242#include "../crypto/bio/bss_file.c"
3243#endif
3244
3245IMPLEMENT_STACK_OF(SSL_CIPHER)
3246IMPLEMENT_STACK_OF(SSL_COMP)
3247IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3248 ssl_cipher_id);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index c3c4c21d38..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,1174 +0,0 @@
1/* ssl/ssl_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_LOCL_H
144#define HEADER_SSL_LOCL_H
145#include <stdlib.h>
146#include <time.h>
147#include <string.h>
148#include <errno.h>
149
150#include "e_os.h"
151
152#include <openssl/buffer.h>
153#ifndef OPENSSL_NO_COMP
154#include <openssl/comp.h>
155#endif
156#include <openssl/bio.h>
157#include <openssl/stack.h>
158#ifndef OPENSSL_NO_RSA
159#include <openssl/rsa.h>
160#endif
161#ifndef OPENSSL_NO_DSA
162#include <openssl/dsa.h>
163#endif
164#include <openssl/err.h>
165#include <openssl/ssl.h>
166#include <openssl/symhacks.h>
167
168#ifdef OPENSSL_BUILD_SHLIBSSL
169# undef OPENSSL_EXTERN
170# define OPENSSL_EXTERN OPENSSL_EXPORT
171#endif
172
173#undef PKCS1_CHECK
174
175#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
176 l|=(((unsigned long)(*((c)++)))<< 8), \
177 l|=(((unsigned long)(*((c)++)))<<16), \
178 l|=(((unsigned long)(*((c)++)))<<24))
179
180/* NOTE - c is not incremented as per c2l */
181#define c2ln(c,l1,l2,n) { \
182 c+=n; \
183 l1=l2=0; \
184 switch (n) { \
185 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
186 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
187 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
188 case 5: l2|=((unsigned long)(*(--(c)))); \
189 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
190 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
191 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
192 case 1: l1|=((unsigned long)(*(--(c)))); \
193 } \
194 }
195
196#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
197 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
198 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
199 *((c)++)=(unsigned char)(((l)>>24)&0xff))
200
201#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
202 l|=((unsigned long)(*((c)++)))<<16, \
203 l|=((unsigned long)(*((c)++)))<< 8, \
204 l|=((unsigned long)(*((c)++))))
205
206#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
207 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
208 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
209 *((c)++)=(unsigned char)(((l) )&0xff))
210
211#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
212 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
213 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
214 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
215 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
216 *((c)++)=(unsigned char)(((l) )&0xff))
217
218#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
219 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
220 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
221 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
222 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
223 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
224 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
225 *((c)++)=(unsigned char)(((l) )&0xff))
226
227#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
228 l|=((BN_ULLONG)(*((c)++)))<<32, \
229 l|=((BN_ULLONG)(*((c)++)))<<24, \
230 l|=((BN_ULLONG)(*((c)++)))<<16, \
231 l|=((BN_ULLONG)(*((c)++)))<< 8, \
232 l|=((BN_ULLONG)(*((c)++))))
233
234/* NOTE - c is not incremented as per l2c */
235#define l2cn(l1,l2,c,n) { \
236 c+=n; \
237 switch (n) { \
238 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
239 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
240 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
241 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
242 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
243 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
244 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
245 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
246 } \
247 }
248
249#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
250 (((unsigned int)(c[1])) )),c+=2)
251#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
252 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
253
254#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
255 (((unsigned long)(c[1]))<< 8)| \
256 (((unsigned long)(c[2])) )),c+=3)
257
258#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
259 c[1]=(unsigned char)(((l)>> 8)&0xff), \
260 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
261
262/* LOCAL STUFF */
263
264#define SSL_DECRYPT 0
265#define SSL_ENCRYPT 1
266
267#define TWO_BYTE_BIT 0x80
268#define SEC_ESC_BIT 0x40
269#define TWO_BYTE_MASK 0x7fff
270#define THREE_BYTE_MASK 0x3fff
271
272#define INC32(a) ((a)=((a)+1)&0xffffffffL)
273#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
274#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
275
276/*
277 * Define the Bitmasks for SSL_CIPHER.algorithms.
278 * This bits are used packed as dense as possible. If new methods/ciphers
279 * etc will be added, the bits a likely to change, so this information
280 * is for internal library use only, even though SSL_CIPHER.algorithms
281 * can be publicly accessed.
282 * Use the according functions for cipher management instead.
283 *
284 * The bit mask handling in the selection and sorting scheme in
285 * ssl_create_cipher_list() has only limited capabilities, reflecting
286 * that the different entities within are mutually exclusive:
287 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
288 */
289
290/* Bits for algorithm_mkey (key exchange algorithm) */
291#define SSL_kRSA 0x00000001L /* RSA key exchange */
292#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
293#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
294#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
295#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
296#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
297#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
298#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
299#define SSL_kPSK 0x00000100L /* PSK */
300#define SSL_kGOST 0x00000200L /* GOST key exchange */
301#define SSL_kSRP 0x00000400L /* SRP */
302
303/* Bits for algorithm_auth (server authentication) */
304#define SSL_aRSA 0x00000001L /* RSA auth */
305#define SSL_aDSS 0x00000002L /* DSS auth */
306#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
307#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
308#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
309#define SSL_aKRB5 0x00000020L /* KRB5 auth */
310#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
311#define SSL_aPSK 0x00000080L /* PSK auth */
312#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
313#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
314
315
316/* Bits for algorithm_enc (symmetric encryption) */
317#define SSL_DES 0x00000001L
318#define SSL_3DES 0x00000002L
319#define SSL_RC4 0x00000004L
320#define SSL_RC2 0x00000008L
321#define SSL_IDEA 0x00000010L
322#define SSL_eNULL 0x00000020L
323#define SSL_AES128 0x00000040L
324#define SSL_AES256 0x00000080L
325#define SSL_CAMELLIA128 0x00000100L
326#define SSL_CAMELLIA256 0x00000200L
327#define SSL_eGOST2814789CNT 0x00000400L
328#define SSL_SEED 0x00000800L
329#define SSL_AES128GCM 0x00001000L
330#define SSL_AES256GCM 0x00002000L
331
332#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
333#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
334
335
336/* Bits for algorithm_mac (symmetric authentication) */
337
338#define SSL_MD5 0x00000001L
339#define SSL_SHA1 0x00000002L
340#define SSL_GOST94 0x00000004L
341#define SSL_GOST89MAC 0x00000008L
342#define SSL_SHA256 0x00000010L
343#define SSL_SHA384 0x00000020L
344/* Not a real MAC, just an indication it is part of cipher */
345#define SSL_AEAD 0x00000040L
346
347/* Bits for algorithm_ssl (protocol version) */
348#define SSL_SSLV2 0x00000001L
349#define SSL_SSLV3 0x00000002L
350#define SSL_TLSV1 SSL_SSLV3 /* for now */
351#define SSL_TLSV1_2 0x00000004L
352
353
354/* Bits for algorithm2 (handshake digests and other extra flags) */
355
356#define SSL_HANDSHAKE_MAC_MD5 0x10
357#define SSL_HANDSHAKE_MAC_SHA 0x20
358#define SSL_HANDSHAKE_MAC_GOST94 0x40
359#define SSL_HANDSHAKE_MAC_SHA256 0x80
360#define SSL_HANDSHAKE_MAC_SHA384 0x100
361#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
362
363/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
364 * make sure to update this constant too */
365#define SSL_MAX_DIGEST 6
366
367#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)
368
369#define TLS1_PRF_DGST_SHIFT 10
370#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
371#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
372#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
373#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
374#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
375#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
376
377/* Stream MAC for GOST ciphersuites from cryptopro draft
378 * (currently this also goes into algorithm2) */
379#define TLS1_STREAM_MAC 0x04
380
381
382
383/*
384 * Export and cipher strength information. For each cipher we have to decide
385 * whether it is exportable or not. This information is likely to change
386 * over time, since the export control rules are no static technical issue.
387 *
388 * Independent of the export flag the cipher strength is sorted into classes.
389 * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
390 * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
391 * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
392 * since SSL_EXP64 could be similar to SSL_LOW.
393 * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
394 * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
395 * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
396 * be possible.
397 */
398#define SSL_EXP_MASK 0x00000003L
399#define SSL_STRONG_MASK 0x000001fcL
400
401#define SSL_NOT_EXP 0x00000001L
402#define SSL_EXPORT 0x00000002L
403
404#define SSL_STRONG_NONE 0x00000004L
405#define SSL_EXP40 0x00000008L
406#define SSL_MICRO (SSL_EXP40)
407#define SSL_EXP56 0x00000010L
408#define SSL_MINI (SSL_EXP56)
409#define SSL_LOW 0x00000020L
410#define SSL_MEDIUM 0x00000040L
411#define SSL_HIGH 0x00000080L
412#define SSL_FIPS 0x00000100L
413
414/* we have used 000001ff - 23 bits left to go */
415
416/*
417 * Macros to check the export status and cipher strength for export ciphers.
418 * Even though the macros for EXPORT and EXPORT40/56 have similar names,
419 * their meaning is different:
420 * *_EXPORT macros check the 'exportable' status.
421 * *_EXPORT40/56 macros are used to check whether a certain cipher strength
422 * is given.
423 * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
424 * algorithm structure element to be passed (algorithms, algo_strength) and no
425 * typechecking can be done as they are all of type unsigned long, their
426 * direct usage is discouraged.
427 * Use the SSL_C_* macros instead.
428 */
429#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
430#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
431#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
432#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
433#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
434#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
435
436#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
437 (a) == SSL_DES ? 8 : 7)
438#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
439#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
440 (c)->algo_strength)
441#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
442
443
444
445
446/* Mostly for SSLv3 */
447#define SSL_PKEY_RSA_ENC 0
448#define SSL_PKEY_RSA_SIGN 1
449#define SSL_PKEY_DSA_SIGN 2
450#define SSL_PKEY_DH_RSA 3
451#define SSL_PKEY_DH_DSA 4
452#define SSL_PKEY_ECC 5
453#define SSL_PKEY_GOST94 6
454#define SSL_PKEY_GOST01 7
455#define SSL_PKEY_NUM 8
456
457/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
458 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
459 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
460 * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
461 * SSL_aRSA <- RSA_ENC | RSA_SIGN
462 * SSL_aDSS <- DSA_SIGN
463 */
464
465/*
466#define CERT_INVALID 0
467#define CERT_PUBLIC_KEY 1
468#define CERT_PRIVATE_KEY 2
469*/
470
471#ifndef OPENSSL_NO_EC
472/* From ECC-TLS draft, used in encoding the curve type in
473 * ECParameters
474 */
475#define EXPLICIT_PRIME_CURVE_TYPE 1
476#define EXPLICIT_CHAR2_CURVE_TYPE 2
477#define NAMED_CURVE_TYPE 3
478#endif /* OPENSSL_NO_EC */
479
480typedef struct cert_pkey_st
481 {
482 X509 *x509;
483 EVP_PKEY *privatekey;
484 /* Digest to use when signing */
485 const EVP_MD *digest;
486 } CERT_PKEY;
487
488typedef struct cert_st
489 {
490 /* Current active set */
491 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
492 * Probably it would make more sense to store
493 * an index, not a pointer. */
494
495 /* The following masks are for the key and auth
496 * algorithms that are supported by the certs below */
497 int valid;
498 unsigned long mask_k;
499 unsigned long mask_a;
500 unsigned long export_mask_k;
501 unsigned long export_mask_a;
502#ifndef OPENSSL_NO_RSA
503 RSA *rsa_tmp;
504 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
505#endif
506#ifndef OPENSSL_NO_DH
507 DH *dh_tmp;
508 DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
509#endif
510#ifndef OPENSSL_NO_ECDH
511 EC_KEY *ecdh_tmp;
512 /* Callback for generating ephemeral ECDH keys */
513 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
514#endif
515
516 CERT_PKEY pkeys[SSL_PKEY_NUM];
517
518 int references; /* >1 only if SSL_copy_session_id is used */
519 } CERT;
520
521
522typedef struct sess_cert_st
523 {
524 STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
525
526 /* The 'peer_...' members are used only by clients. */
527 int peer_cert_type;
528
529 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
530 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
531 /* Obviously we don't have the private keys of these,
532 * so maybe we shouldn't even use the CERT_PKEY type here. */
533
534#ifndef OPENSSL_NO_RSA
535 RSA *peer_rsa_tmp; /* not used for SSL 2 */
536#endif
537#ifndef OPENSSL_NO_DH
538 DH *peer_dh_tmp; /* not used for SSL 2 */
539#endif
540#ifndef OPENSSL_NO_ECDH
541 EC_KEY *peer_ecdh_tmp;
542#endif
543
544 int references; /* actually always 1 at the moment */
545 } SESS_CERT;
546
547
548/*#define MAC_DEBUG */
549
550/*#define ERR_DEBUG */
551/*#define ABORT_DEBUG */
552/*#define PKT_DEBUG 1 */
553/*#define DES_DEBUG */
554/*#define DES_OFB_DEBUG */
555/*#define SSL_DEBUG */
556/*#define RSA_DEBUG */
557/*#define IDEA_DEBUG */
558
559#define FP_ICC (int (*)(const void *,const void *))
560#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
561 ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
562#define ssl_get_cipher_by_char(ssl,ptr) \
563 ((ssl)->method->get_cipher_by_char(ptr))
564
565/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
566 * It is a bit of a mess of functions, but hell, think of it as
567 * an opaque structure :-) */
568typedef struct ssl3_enc_method
569 {
570 int (*enc)(SSL *, int);
571 int (*mac)(SSL *, unsigned char *, int);
572 int (*setup_key_block)(SSL *);
573 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
574 int (*change_cipher_state)(SSL *, int);
575 int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
576 int finish_mac_length;
577 int (*cert_verify_mac)(SSL *, int, unsigned char *);
578 const char *client_finished_label;
579 int client_finished_label_len;
580 const char *server_finished_label;
581 int server_finished_label_len;
582 int (*alert_value)(int);
583 int (*export_keying_material)(SSL *, unsigned char *, size_t,
584 const char *, size_t,
585 const unsigned char *, size_t,
586 int use_context);
587 } SSL3_ENC_METHOD;
588
589#ifndef OPENSSL_NO_COMP
590/* Used for holding the relevant compression methods loaded into SSL_CTX */
591typedef struct ssl3_comp_st
592 {
593 int comp_id; /* The identifier byte for this compression type */
594 char *name; /* Text name used for the compression type */
595 COMP_METHOD *method; /* The method :-) */
596 } SSL3_COMP;
597#endif
598
599#ifndef OPENSSL_NO_BUF_FREELISTS
600typedef struct ssl3_buf_freelist_st
601 {
602 size_t chunklen;
603 unsigned int len;
604 struct ssl3_buf_freelist_entry_st *head;
605 } SSL3_BUF_FREELIST;
606
607typedef struct ssl3_buf_freelist_entry_st
608 {
609 struct ssl3_buf_freelist_entry_st *next;
610 } SSL3_BUF_FREELIST_ENTRY;
611#endif
612
613extern SSL3_ENC_METHOD ssl3_undef_enc_method;
614OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
615OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
616
617
618SSL_METHOD *ssl_bad_method(int ver);
619
620extern SSL3_ENC_METHOD TLSv1_enc_data;
621extern SSL3_ENC_METHOD SSLv3_enc_data;
622extern SSL3_ENC_METHOD DTLSv1_enc_data;
623
624#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
625
626#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
627 s_get_meth) \
628const SSL_METHOD *func_name(void) \
629 { \
630 static const SSL_METHOD func_name##_data= { \
631 version, \
632 tls1_new, \
633 tls1_clear, \
634 tls1_free, \
635 s_accept, \
636 s_connect, \
637 ssl3_read, \
638 ssl3_peek, \
639 ssl3_write, \
640 ssl3_shutdown, \
641 ssl3_renegotiate, \
642 ssl3_renegotiate_check, \
643 ssl3_get_message, \
644 ssl3_read_bytes, \
645 ssl3_write_bytes, \
646 ssl3_dispatch_alert, \
647 ssl3_ctrl, \
648 ssl3_ctx_ctrl, \
649 ssl3_get_cipher_by_char, \
650 ssl3_put_cipher_by_char, \
651 ssl3_pending, \
652 ssl3_num_ciphers, \
653 ssl3_get_cipher, \
654 s_get_meth, \
655 tls1_default_timeout, \
656 &TLSv1_enc_data, \
657 ssl_undefined_void_function, \
658 ssl3_callback_ctrl, \
659 ssl3_ctx_callback_ctrl, \
660 }; \
661 return &func_name##_data; \
662 }
663
664#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
665const SSL_METHOD *func_name(void) \
666 { \
667 static const SSL_METHOD func_name##_data= { \
668 SSL3_VERSION, \
669 ssl3_new, \
670 ssl3_clear, \
671 ssl3_free, \
672 s_accept, \
673 s_connect, \
674 ssl3_read, \
675 ssl3_peek, \
676 ssl3_write, \
677 ssl3_shutdown, \
678 ssl3_renegotiate, \
679 ssl3_renegotiate_check, \
680 ssl3_get_message, \
681 ssl3_read_bytes, \
682 ssl3_write_bytes, \
683 ssl3_dispatch_alert, \
684 ssl3_ctrl, \
685 ssl3_ctx_ctrl, \
686 ssl3_get_cipher_by_char, \
687 ssl3_put_cipher_by_char, \
688 ssl3_pending, \
689 ssl3_num_ciphers, \
690 ssl3_get_cipher, \
691 s_get_meth, \
692 ssl3_default_timeout, \
693 &SSLv3_enc_data, \
694 ssl_undefined_void_function, \
695 ssl3_callback_ctrl, \
696 ssl3_ctx_callback_ctrl, \
697 }; \
698 return &func_name##_data; \
699 }
700
701#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
702const SSL_METHOD *func_name(void) \
703 { \
704 static const SSL_METHOD func_name##_data= { \
705 TLS1_2_VERSION, \
706 tls1_new, \
707 tls1_clear, \
708 tls1_free, \
709 s_accept, \
710 s_connect, \
711 ssl23_read, \
712 ssl23_peek, \
713 ssl23_write, \
714 ssl_undefined_function, \
715 ssl_undefined_function, \
716 ssl_ok, \
717 ssl3_get_message, \
718 ssl3_read_bytes, \
719 ssl3_write_bytes, \
720 ssl3_dispatch_alert, \
721 ssl3_ctrl, \
722 ssl3_ctx_ctrl, \
723 ssl23_get_cipher_by_char, \
724 ssl23_put_cipher_by_char, \
725 ssl_undefined_const_function, \
726 ssl23_num_ciphers, \
727 ssl23_get_cipher, \
728 s_get_meth, \
729 ssl23_default_timeout, \
730 &ssl3_undef_enc_method, \
731 ssl_undefined_void_function, \
732 ssl3_callback_ctrl, \
733 ssl3_ctx_callback_ctrl, \
734 }; \
735 return &func_name##_data; \
736 }
737
738#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
739const SSL_METHOD *func_name(void) \
740 { \
741 static const SSL_METHOD func_name##_data= { \
742 SSL2_VERSION, \
743 ssl2_new, /* local */ \
744 ssl2_clear, /* local */ \
745 ssl2_free, /* local */ \
746 s_accept, \
747 s_connect, \
748 ssl2_read, \
749 ssl2_peek, \
750 ssl2_write, \
751 ssl2_shutdown, \
752 ssl_ok, /* NULL - renegotiate */ \
753 ssl_ok, /* NULL - check renegotiate */ \
754 NULL, /* NULL - ssl_get_message */ \
755 NULL, /* NULL - ssl_get_record */ \
756 NULL, /* NULL - ssl_write_bytes */ \
757 NULL, /* NULL - dispatch_alert */ \
758 ssl2_ctrl, /* local */ \
759 ssl2_ctx_ctrl, /* local */ \
760 ssl2_get_cipher_by_char, \
761 ssl2_put_cipher_by_char, \
762 ssl2_pending, \
763 ssl2_num_ciphers, \
764 ssl2_get_cipher, \
765 s_get_meth, \
766 ssl2_default_timeout, \
767 &ssl3_undef_enc_method, \
768 ssl_undefined_void_function, \
769 ssl2_callback_ctrl, /* local */ \
770 ssl2_ctx_callback_ctrl, /* local */ \
771 }; \
772 return &func_name##_data; \
773 }
774
775#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
776const SSL_METHOD *func_name(void) \
777 { \
778 static const SSL_METHOD func_name##_data= { \
779 DTLS1_VERSION, \
780 dtls1_new, \
781 dtls1_clear, \
782 dtls1_free, \
783 s_accept, \
784 s_connect, \
785 ssl3_read, \
786 ssl3_peek, \
787 ssl3_write, \
788 dtls1_shutdown, \
789 ssl3_renegotiate, \
790 ssl3_renegotiate_check, \
791 dtls1_get_message, \
792 dtls1_read_bytes, \
793 dtls1_write_app_data_bytes, \
794 dtls1_dispatch_alert, \
795 dtls1_ctrl, \
796 ssl3_ctx_ctrl, \
797 ssl3_get_cipher_by_char, \
798 ssl3_put_cipher_by_char, \
799 ssl3_pending, \
800 ssl3_num_ciphers, \
801 dtls1_get_cipher, \
802 s_get_meth, \
803 dtls1_default_timeout, \
804 &DTLSv1_enc_data, \
805 ssl_undefined_void_function, \
806 ssl3_callback_ctrl, \
807 ssl3_ctx_callback_ctrl, \
808 }; \
809 return &func_name##_data; \
810 }
811
812void ssl_clear_cipher_ctx(SSL *s);
813int ssl_clear_bad_session(SSL *s);
814CERT *ssl_cert_new(void);
815CERT *ssl_cert_dup(CERT *cert);
816int ssl_cert_inst(CERT **o);
817void ssl_cert_free(CERT *c);
818SESS_CERT *ssl_sess_cert_new(void);
819void ssl_sess_cert_free(SESS_CERT *sc);
820int ssl_set_peer_cert_type(SESS_CERT *c, int type);
821int ssl_get_new_session(SSL *s, int session);
822int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
823int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
824DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
825 ssl_cipher_id);
826int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
827 const SSL_CIPHER * const *bp);
828STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
829 STACK_OF(SSL_CIPHER) **skp);
830int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
831 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
832STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
833 STACK_OF(SSL_CIPHER) **pref,
834 STACK_OF(SSL_CIPHER) **sorted,
835 const char *rule_str);
836void ssl_update_cache(SSL *s, int mode);
837int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
838 const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
839int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
840int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
841int ssl_undefined_function(SSL *s);
842int ssl_undefined_void_function(void);
843int ssl_undefined_const_function(const SSL *s);
844X509 *ssl_get_server_send_cert(SSL *);
845EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
846int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
847void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
848STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
849int ssl_verify_alarm_type(long type);
850void ssl_load_ciphers(void);
851
852int ssl2_enc_init(SSL *s, int client);
853int ssl2_generate_key_material(SSL *s);
854void ssl2_enc(SSL *s,int send_data);
855void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
856const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
857int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
858int ssl2_part_read(SSL *s, unsigned long f, int i);
859int ssl2_do_write(SSL *s);
860int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
861void ssl2_return_error(SSL *s,int reason);
862void ssl2_write_error(SSL *s);
863int ssl2_num_ciphers(void);
864const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
865int ssl2_new(SSL *s);
866void ssl2_free(SSL *s);
867int ssl2_accept(SSL *s);
868int ssl2_connect(SSL *s);
869int ssl2_read(SSL *s, void *buf, int len);
870int ssl2_peek(SSL *s, void *buf, int len);
871int ssl2_write(SSL *s, const void *buf, int len);
872int ssl2_shutdown(SSL *s);
873void ssl2_clear(SSL *s);
874long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
875long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
876long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
877long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
878int ssl2_pending(const SSL *s);
879long ssl2_default_timeout(void );
880
881const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
882int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
883void ssl3_init_finished_mac(SSL *s);
884int ssl3_send_server_certificate(SSL *s);
885int ssl3_send_newsession_ticket(SSL *s);
886int ssl3_send_cert_status(SSL *s);
887int ssl3_get_finished(SSL *s,int state_a,int state_b);
888int ssl3_setup_key_block(SSL *s);
889int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
890int ssl3_change_cipher_state(SSL *s,int which);
891void ssl3_cleanup_key_block(SSL *s);
892int ssl3_do_write(SSL *s,int type);
893int ssl3_send_alert(SSL *s,int level, int desc);
894int ssl3_generate_master_secret(SSL *s, unsigned char *out,
895 unsigned char *p, int len);
896int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
897long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
898int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
899int ssl3_num_ciphers(void);
900const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
901int ssl3_renegotiate(SSL *ssl);
902int ssl3_renegotiate_check(SSL *ssl);
903int ssl3_dispatch_alert(SSL *s);
904int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
905int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
906int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
907int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
908void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
909int ssl3_enc(SSL *s, int send_data);
910int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
911void ssl3_free_digest_list(SSL *s);
912unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
913SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
914 STACK_OF(SSL_CIPHER) *srvr);
915int ssl3_setup_buffers(SSL *s);
916int ssl3_setup_read_buffer(SSL *s);
917int ssl3_setup_write_buffer(SSL *s);
918int ssl3_release_read_buffer(SSL *s);
919int ssl3_release_write_buffer(SSL *s);
920int ssl3_digest_cached_records(SSL *s);
921int ssl3_new(SSL *s);
922void ssl3_free(SSL *s);
923int ssl3_accept(SSL *s);
924int ssl3_connect(SSL *s);
925int ssl3_read(SSL *s, void *buf, int len);
926int ssl3_peek(SSL *s, void *buf, int len);
927int ssl3_write(SSL *s, const void *buf, int len);
928int ssl3_shutdown(SSL *s);
929void ssl3_clear(SSL *s);
930long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
931long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
932long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
933long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
934int ssl3_pending(const SSL *s);
935
936void ssl3_record_sequence_update(unsigned char *seq);
937int ssl3_do_change_cipher_spec(SSL *ssl);
938long ssl3_default_timeout(void );
939
940int ssl23_num_ciphers(void );
941const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
942int ssl23_read(SSL *s, void *buf, int len);
943int ssl23_peek(SSL *s, void *buf, int len);
944int ssl23_write(SSL *s, const void *buf, int len);
945int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
946const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
947long ssl23_default_timeout(void );
948
949long tls1_default_timeout(void);
950int dtls1_do_write(SSL *s,int type);
951int ssl3_read_n(SSL *s, int n, int max, int extend);
952int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
953int ssl3_do_compress(SSL *ssl);
954int ssl3_do_uncompress(SSL *ssl);
955int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
956 unsigned int len);
957unsigned char *dtls1_set_message_header(SSL *s,
958 unsigned char *p, unsigned char mt, unsigned long len,
959 unsigned long frag_off, unsigned long frag_len);
960
961int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
962int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
963
964int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
965int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
966unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
967int dtls1_read_failed(SSL *s, int code);
968int dtls1_buffer_message(SSL *s, int ccs);
969int dtls1_retransmit_message(SSL *s, unsigned short seq,
970 unsigned long frag_off, int *found);
971int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
972int dtls1_retransmit_buffered_messages(SSL *s);
973void dtls1_clear_record_buffer(SSL *s);
974void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
975void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
976void dtls1_reset_seq_numbers(SSL *s, int rw);
977long dtls1_default_timeout(void);
978struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
979int dtls1_check_timeout_num(SSL *s);
980int dtls1_handle_timeout(SSL *s);
981const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
982void dtls1_start_timer(SSL *s);
983void dtls1_stop_timer(SSL *s);
984int dtls1_is_timer_expired(SSL *s);
985void dtls1_double_timeout(SSL *s);
986int dtls1_send_newsession_ticket(SSL *s);
987unsigned int dtls1_min_mtu(void);
988
989/* some client-only functions */
990int ssl3_client_hello(SSL *s);
991int ssl3_get_server_hello(SSL *s);
992int ssl3_get_certificate_request(SSL *s);
993int ssl3_get_new_session_ticket(SSL *s);
994int ssl3_get_cert_status(SSL *s);
995int ssl3_get_server_done(SSL *s);
996int ssl3_send_client_verify(SSL *s);
997int ssl3_send_client_certificate(SSL *s);
998int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
999int ssl3_send_client_key_exchange(SSL *s);
1000int ssl3_get_key_exchange(SSL *s);
1001int ssl3_get_server_certificate(SSL *s);
1002int ssl3_check_cert_and_algorithm(SSL *s);
1003#ifndef OPENSSL_NO_TLSEXT
1004int ssl3_check_finished(SSL *s);
1005# ifndef OPENSSL_NO_NEXTPROTONEG
1006int ssl3_send_next_proto(SSL *s);
1007# endif
1008#endif
1009
1010int dtls1_client_hello(SSL *s);
1011int dtls1_send_client_certificate(SSL *s);
1012int dtls1_send_client_key_exchange(SSL *s);
1013int dtls1_send_client_verify(SSL *s);
1014
1015/* some server-only functions */
1016int ssl3_get_client_hello(SSL *s);
1017int ssl3_send_server_hello(SSL *s);
1018int ssl3_send_hello_request(SSL *s);
1019int ssl3_send_server_key_exchange(SSL *s);
1020int ssl3_send_certificate_request(SSL *s);
1021int ssl3_send_server_done(SSL *s);
1022int ssl3_check_client_hello(SSL *s);
1023int ssl3_get_client_certificate(SSL *s);
1024int ssl3_get_client_key_exchange(SSL *s);
1025int ssl3_get_cert_verify(SSL *s);
1026#ifndef OPENSSL_NO_NEXTPROTONEG
1027int ssl3_get_next_proto(SSL *s);
1028#endif
1029
1030int dtls1_send_hello_request(SSL *s);
1031int dtls1_send_server_hello(SSL *s);
1032int dtls1_send_server_certificate(SSL *s);
1033int dtls1_send_server_key_exchange(SSL *s);
1034int dtls1_send_certificate_request(SSL *s);
1035int dtls1_send_server_done(SSL *s);
1036
1037
1038
1039int ssl23_accept(SSL *s);
1040int ssl23_connect(SSL *s);
1041int ssl23_read_bytes(SSL *s, int n);
1042int ssl23_write_bytes(SSL *s);
1043
1044int tls1_new(SSL *s);
1045void tls1_free(SSL *s);
1046void tls1_clear(SSL *s);
1047long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1048long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
1049
1050int dtls1_new(SSL *s);
1051int dtls1_accept(SSL *s);
1052int dtls1_connect(SSL *s);
1053void dtls1_free(SSL *s);
1054void dtls1_clear(SSL *s);
1055long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
1056int dtls1_shutdown(SSL *s);
1057
1058long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
1059int dtls1_get_record(SSL *s);
1060int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
1061 unsigned int len, int create_empty_fragement);
1062int dtls1_dispatch_alert(SSL *s);
1063int dtls1_enc(SSL *s, int snd);
1064
1065int ssl_init_wbio_buffer(SSL *s, int push);
1066void ssl_free_wbio_buffer(SSL *s);
1067
1068int tls1_change_cipher_state(SSL *s, int which);
1069int tls1_setup_key_block(SSL *s);
1070int tls1_enc(SSL *s, int snd);
1071int tls1_final_finish_mac(SSL *s,
1072 const char *str, int slen, unsigned char *p);
1073int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
1074int tls1_mac(SSL *ssl, unsigned char *md, int snd);
1075int tls1_generate_master_secret(SSL *s, unsigned char *out,
1076 unsigned char *p, int len);
1077int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1078 const char *label, size_t llen,
1079 const unsigned char *p, size_t plen, int use_context);
1080int tls1_alert_code(int code);
1081int ssl3_alert_code(int code);
1082int ssl_ok(SSL *s);
1083
1084#ifndef OPENSSL_NO_ECDH
1085int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
1086#endif
1087
1088SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
1089
1090#ifndef OPENSSL_NO_EC
1091int tls1_ec_curve_id2nid(int curve_id);
1092int tls1_ec_nid2curve_id(int nid);
1093#endif /* OPENSSL_NO_EC */
1094
1095#ifndef OPENSSL_NO_TLSEXT
1096unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1097unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
1098int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1099int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
1100int ssl_prepare_clienthello_tlsext(SSL *s);
1101int ssl_prepare_serverhello_tlsext(SSL *s);
1102int ssl_check_clienthello_tlsext(SSL *s);
1103int ssl_check_serverhello_tlsext(SSL *s);
1104
1105#ifndef OPENSSL_NO_HEARTBEATS
1106int tls1_heartbeat(SSL *s);
1107int dtls1_heartbeat(SSL *s);
1108int tls1_process_heartbeat(SSL *s);
1109int dtls1_process_heartbeat(SSL *s);
1110#endif
1111
1112#ifdef OPENSSL_NO_SHA256
1113#define tlsext_tick_md EVP_sha1
1114#else
1115#define tlsext_tick_md EVP_sha256
1116#endif
1117int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
1118 const unsigned char *limit, SSL_SESSION **ret);
1119
1120int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
1121 const EVP_MD *md);
1122int tls12_get_sigid(const EVP_PKEY *pk);
1123const EVP_MD *tls12_get_hash(unsigned char hash_alg);
1124
1125#endif
1126EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
1127void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
1128int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1129 int maxlen);
1130int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1131 int *al);
1132int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1133 int maxlen);
1134int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1135 int *al);
1136long ssl_get_algorithm2(SSL *s);
1137int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
1138int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
1139
1140int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
1141int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
1142int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
1143int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
1144
1145/* s3_cbc.c */
1146void ssl3_cbc_copy_mac(unsigned char* out,
1147 const SSL3_RECORD *rec,
1148 unsigned md_size,unsigned orig_len);
1149int ssl3_cbc_remove_padding(const SSL* s,
1150 SSL3_RECORD *rec,
1151 unsigned block_size,
1152 unsigned mac_size);
1153int tls1_cbc_remove_padding(const SSL* s,
1154 SSL3_RECORD *rec,
1155 unsigned block_size,
1156 unsigned mac_size);
1157char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
1158void ssl3_cbc_digest_record(
1159 const EVP_MD_CTX *ctx,
1160 unsigned char* md_out,
1161 size_t* md_out_size,
1162 const unsigned char header[13],
1163 const unsigned char *data,
1164 size_t data_plus_mac_size,
1165 size_t data_plus_mac_plus_padding_size,
1166 const unsigned char *mac_secret,
1167 unsigned mac_secret_length,
1168 char is_sslv3);
1169
1170void tls_fips_digest_extra(
1171 const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
1172 const unsigned char *data, size_t data_len, size_t orig_len);
1173
1174#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index c0960b5712..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,779 +0,0 @@
1/* ssl/ssl_rsa.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/bio.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66
67static int ssl_set_cert(CERT *c, X509 *x509);
68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
69int SSL_use_certificate(SSL *ssl, X509 *x)
70 {
71 if (x == NULL)
72 {
73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
74 return(0);
75 }
76 if (!ssl_cert_inst(&ssl->cert))
77 {
78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
79 return(0);
80 }
81 return(ssl_set_cert(ssl->cert,x));
82 }
83
84#ifndef OPENSSL_NO_STDIO
85int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
86 {
87 int j;
88 BIO *in;
89 int ret=0;
90 X509 *x=NULL;
91
92 in=BIO_new(BIO_s_file_internal());
93 if (in == NULL)
94 {
95 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
96 goto end;
97 }
98
99 if (BIO_read_filename(in,file) <= 0)
100 {
101 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
102 goto end;
103 }
104 if (type == SSL_FILETYPE_ASN1)
105 {
106 j=ERR_R_ASN1_LIB;
107 x=d2i_X509_bio(in,NULL);
108 }
109 else if (type == SSL_FILETYPE_PEM)
110 {
111 j=ERR_R_PEM_LIB;
112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
113 }
114 else
115 {
116 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
117 goto end;
118 }
119
120 if (x == NULL)
121 {
122 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
123 goto end;
124 }
125
126 ret=SSL_use_certificate(ssl,x);
127end:
128 if (x != NULL) X509_free(x);
129 if (in != NULL) BIO_free(in);
130 return(ret);
131 }
132#endif
133
134int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
135 {
136 X509 *x;
137 int ret;
138
139 x=d2i_X509(NULL,&d,(long)len);
140 if (x == NULL)
141 {
142 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
143 return(0);
144 }
145
146 ret=SSL_use_certificate(ssl,x);
147 X509_free(x);
148 return(ret);
149 }
150
151#ifndef OPENSSL_NO_RSA
152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
153 {
154 EVP_PKEY *pkey;
155 int ret;
156
157 if (rsa == NULL)
158 {
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
160 return(0);
161 }
162 if (!ssl_cert_inst(&ssl->cert))
163 {
164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
165 return(0);
166 }
167 if ((pkey=EVP_PKEY_new()) == NULL)
168 {
169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
170 return(0);
171 }
172
173 RSA_up_ref(rsa);
174 EVP_PKEY_assign_RSA(pkey,rsa);
175
176 ret=ssl_set_pkey(ssl->cert,pkey);
177 EVP_PKEY_free(pkey);
178 return(ret);
179 }
180#endif
181
182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
183 {
184 int i;
185
186 i=ssl_cert_type(NULL,pkey);
187 if (i < 0)
188 {
189 SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
190 return(0);
191 }
192
193 if (c->pkeys[i].x509 != NULL)
194 {
195 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey);
198 EVP_PKEY_free(pktmp);
199 ERR_clear_error();
200
201#ifndef OPENSSL_NO_RSA
202 /* Don't check the public/private key, this is mostly
203 * for smart cards. */
204 if ((pkey->type == EVP_PKEY_RSA) &&
205 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
206 ;
207 else
208#endif
209 if (!X509_check_private_key(c->pkeys[i].x509,pkey))
210 {
211 X509_free(c->pkeys[i].x509);
212 c->pkeys[i].x509 = NULL;
213 return 0;
214 }
215 }
216
217 if (c->pkeys[i].privatekey != NULL)
218 EVP_PKEY_free(c->pkeys[i].privatekey);
219 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
220 c->pkeys[i].privatekey=pkey;
221 c->key= &(c->pkeys[i]);
222
223 c->valid=0;
224 return(1);
225 }
226
227#ifndef OPENSSL_NO_RSA
228#ifndef OPENSSL_NO_STDIO
229int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
230 {
231 int j,ret=0;
232 BIO *in;
233 RSA *rsa=NULL;
234
235 in=BIO_new(BIO_s_file_internal());
236 if (in == NULL)
237 {
238 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
239 goto end;
240 }
241
242 if (BIO_read_filename(in,file) <= 0)
243 {
244 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
245 goto end;
246 }
247 if (type == SSL_FILETYPE_ASN1)
248 {
249 j=ERR_R_ASN1_LIB;
250 rsa=d2i_RSAPrivateKey_bio(in,NULL);
251 }
252 else if (type == SSL_FILETYPE_PEM)
253 {
254 j=ERR_R_PEM_LIB;
255 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
256 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
257 }
258 else
259 {
260 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
261 goto end;
262 }
263 if (rsa == NULL)
264 {
265 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
266 goto end;
267 }
268 ret=SSL_use_RSAPrivateKey(ssl,rsa);
269 RSA_free(rsa);
270end:
271 if (in != NULL) BIO_free(in);
272 return(ret);
273 }
274#endif
275
276int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
277 {
278 int ret;
279 const unsigned char *p;
280 RSA *rsa;
281
282 p=d;
283 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
284 {
285 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
286 return(0);
287 }
288
289 ret=SSL_use_RSAPrivateKey(ssl,rsa);
290 RSA_free(rsa);
291 return(ret);
292 }
293#endif /* !OPENSSL_NO_RSA */
294
295int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
296 {
297 int ret;
298
299 if (pkey == NULL)
300 {
301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
302 return(0);
303 }
304 if (!ssl_cert_inst(&ssl->cert))
305 {
306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
307 return(0);
308 }
309 ret=ssl_set_pkey(ssl->cert,pkey);
310 return(ret);
311 }
312
313#ifndef OPENSSL_NO_STDIO
314int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
315 {
316 int j,ret=0;
317 BIO *in;
318 EVP_PKEY *pkey=NULL;
319
320 in=BIO_new(BIO_s_file_internal());
321 if (in == NULL)
322 {
323 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
324 goto end;
325 }
326
327 if (BIO_read_filename(in,file) <= 0)
328 {
329 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
330 goto end;
331 }
332 if (type == SSL_FILETYPE_PEM)
333 {
334 j=ERR_R_PEM_LIB;
335 pkey=PEM_read_bio_PrivateKey(in,NULL,
336 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
337 }
338 else if (type == SSL_FILETYPE_ASN1)
339 {
340 j = ERR_R_ASN1_LIB;
341 pkey = d2i_PrivateKey_bio(in,NULL);
342 }
343 else
344 {
345 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
346 goto end;
347 }
348 if (pkey == NULL)
349 {
350 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
351 goto end;
352 }
353 ret=SSL_use_PrivateKey(ssl,pkey);
354 EVP_PKEY_free(pkey);
355end:
356 if (in != NULL) BIO_free(in);
357 return(ret);
358 }
359#endif
360
361int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
362 {
363 int ret;
364 const unsigned char *p;
365 EVP_PKEY *pkey;
366
367 p=d;
368 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
369 {
370 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
371 return(0);
372 }
373
374 ret=SSL_use_PrivateKey(ssl,pkey);
375 EVP_PKEY_free(pkey);
376 return(ret);
377 }
378
379int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
380 {
381 if (x == NULL)
382 {
383 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
384 return(0);
385 }
386 if (!ssl_cert_inst(&ctx->cert))
387 {
388 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
389 return(0);
390 }
391 return(ssl_set_cert(ctx->cert, x));
392 }
393
394static int ssl_set_cert(CERT *c, X509 *x)
395 {
396 EVP_PKEY *pkey;
397 int i;
398
399 pkey=X509_get_pubkey(x);
400 if (pkey == NULL)
401 {
402 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
403 return(0);
404 }
405
406 i=ssl_cert_type(x,pkey);
407 if (i < 0)
408 {
409 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
410 EVP_PKEY_free(pkey);
411 return(0);
412 }
413
414 if (c->pkeys[i].privatekey != NULL)
415 {
416 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
417 ERR_clear_error();
418
419#ifndef OPENSSL_NO_RSA
420 /* Don't check the public/private key, this is mostly
421 * for smart cards. */
422 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
423 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
424 RSA_METHOD_FLAG_NO_CHECK))
425 ;
426 else
427#endif /* OPENSSL_NO_RSA */
428 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
429 {
430 /* don't fail for a cert/key mismatch, just free
431 * current private key (when switching to a different
432 * cert & key, first this function should be used,
433 * then ssl_set_pkey */
434 EVP_PKEY_free(c->pkeys[i].privatekey);
435 c->pkeys[i].privatekey=NULL;
436 /* clear error queue */
437 ERR_clear_error();
438 }
439 }
440
441 EVP_PKEY_free(pkey);
442
443 if (c->pkeys[i].x509 != NULL)
444 X509_free(c->pkeys[i].x509);
445 CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
446 c->pkeys[i].x509=x;
447 c->key= &(c->pkeys[i]);
448
449 c->valid=0;
450 return(1);
451 }
452
453#ifndef OPENSSL_NO_STDIO
454int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
455 {
456 int j;
457 BIO *in;
458 int ret=0;
459 X509 *x=NULL;
460
461 in=BIO_new(BIO_s_file_internal());
462 if (in == NULL)
463 {
464 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
465 goto end;
466 }
467
468 if (BIO_read_filename(in,file) <= 0)
469 {
470 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
471 goto end;
472 }
473 if (type == SSL_FILETYPE_ASN1)
474 {
475 j=ERR_R_ASN1_LIB;
476 x=d2i_X509_bio(in,NULL);
477 }
478 else if (type == SSL_FILETYPE_PEM)
479 {
480 j=ERR_R_PEM_LIB;
481 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
482 }
483 else
484 {
485 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
486 goto end;
487 }
488
489 if (x == NULL)
490 {
491 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
492 goto end;
493 }
494
495 ret=SSL_CTX_use_certificate(ctx,x);
496end:
497 if (x != NULL) X509_free(x);
498 if (in != NULL) BIO_free(in);
499 return(ret);
500 }
501#endif
502
503int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
504 {
505 X509 *x;
506 int ret;
507
508 x=d2i_X509(NULL,&d,(long)len);
509 if (x == NULL)
510 {
511 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
512 return(0);
513 }
514
515 ret=SSL_CTX_use_certificate(ctx,x);
516 X509_free(x);
517 return(ret);
518 }
519
520#ifndef OPENSSL_NO_RSA
521int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
522 {
523 int ret;
524 EVP_PKEY *pkey;
525
526 if (rsa == NULL)
527 {
528 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
529 return(0);
530 }
531 if (!ssl_cert_inst(&ctx->cert))
532 {
533 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
534 return(0);
535 }
536 if ((pkey=EVP_PKEY_new()) == NULL)
537 {
538 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
539 return(0);
540 }
541
542 RSA_up_ref(rsa);
543 EVP_PKEY_assign_RSA(pkey,rsa);
544
545 ret=ssl_set_pkey(ctx->cert, pkey);
546 EVP_PKEY_free(pkey);
547 return(ret);
548 }
549
550#ifndef OPENSSL_NO_STDIO
551int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
552 {
553 int j,ret=0;
554 BIO *in;
555 RSA *rsa=NULL;
556
557 in=BIO_new(BIO_s_file_internal());
558 if (in == NULL)
559 {
560 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
561 goto end;
562 }
563
564 if (BIO_read_filename(in,file) <= 0)
565 {
566 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
567 goto end;
568 }
569 if (type == SSL_FILETYPE_ASN1)
570 {
571 j=ERR_R_ASN1_LIB;
572 rsa=d2i_RSAPrivateKey_bio(in,NULL);
573 }
574 else if (type == SSL_FILETYPE_PEM)
575 {
576 j=ERR_R_PEM_LIB;
577 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
578 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
579 }
580 else
581 {
582 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
583 goto end;
584 }
585 if (rsa == NULL)
586 {
587 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
588 goto end;
589 }
590 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
591 RSA_free(rsa);
592end:
593 if (in != NULL) BIO_free(in);
594 return(ret);
595 }
596#endif
597
598int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
599 {
600 int ret;
601 const unsigned char *p;
602 RSA *rsa;
603
604 p=d;
605 if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
606 {
607 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
608 return(0);
609 }
610
611 ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
612 RSA_free(rsa);
613 return(ret);
614 }
615#endif /* !OPENSSL_NO_RSA */
616
617int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
618 {
619 if (pkey == NULL)
620 {
621 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
622 return(0);
623 }
624 if (!ssl_cert_inst(&ctx->cert))
625 {
626 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
627 return(0);
628 }
629 return(ssl_set_pkey(ctx->cert,pkey));
630 }
631
632#ifndef OPENSSL_NO_STDIO
633int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
634 {
635 int j,ret=0;
636 BIO *in;
637 EVP_PKEY *pkey=NULL;
638
639 in=BIO_new(BIO_s_file_internal());
640 if (in == NULL)
641 {
642 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
643 goto end;
644 }
645
646 if (BIO_read_filename(in,file) <= 0)
647 {
648 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
649 goto end;
650 }
651 if (type == SSL_FILETYPE_PEM)
652 {
653 j=ERR_R_PEM_LIB;
654 pkey=PEM_read_bio_PrivateKey(in,NULL,
655 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
656 }
657 else if (type == SSL_FILETYPE_ASN1)
658 {
659 j = ERR_R_ASN1_LIB;
660 pkey = d2i_PrivateKey_bio(in,NULL);
661 }
662 else
663 {
664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
665 goto end;
666 }
667 if (pkey == NULL)
668 {
669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
670 goto end;
671 }
672 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
673 EVP_PKEY_free(pkey);
674end:
675 if (in != NULL) BIO_free(in);
676 return(ret);
677 }
678#endif
679
680int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
681 long len)
682 {
683 int ret;
684 const unsigned char *p;
685 EVP_PKEY *pkey;
686
687 p=d;
688 if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
689 {
690 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
691 return(0);
692 }
693
694 ret=SSL_CTX_use_PrivateKey(ctx,pkey);
695 EVP_PKEY_free(pkey);
696 return(ret);
697 }
698
699
700#ifndef OPENSSL_NO_STDIO
701/* Read a file that contains our certificate in "PEM" format,
702 * possibly followed by a sequence of CA certificates that should be
703 * sent to the peer in the Certificate message.
704 */
705int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
706 {
707 BIO *in;
708 int ret=0;
709 X509 *x=NULL;
710
711 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
712
713 in=BIO_new(BIO_s_file_internal());
714 if (in == NULL)
715 {
716 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
717 goto end;
718 }
719
720 if (BIO_read_filename(in,file) <= 0)
721 {
722 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
723 goto end;
724 }
725
726 x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
727 if (x == NULL)
728 {
729 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
730 goto end;
731 }
732
733 ret=SSL_CTX_use_certificate(ctx,x);
734 if (ERR_peek_error() != 0)
735 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
736 if (ret)
737 {
738 /* If we could set up our certificate, now proceed to
739 * the CA certificates.
740 */
741 X509 *ca;
742 int r;
743 unsigned long err;
744
745 if (ctx->extra_certs != NULL)
746 {
747 sk_X509_pop_free(ctx->extra_certs, X509_free);
748 ctx->extra_certs = NULL;
749 }
750
751 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
752 != NULL)
753 {
754 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
755 if (!r)
756 {
757 X509_free(ca);
758 ret = 0;
759 goto end;
760 }
761 /* Note that we must not free r if it was successfully
762 * added to the chain (while we must free the main
763 * certificate, since its reference count is increased
764 * by SSL_CTX_use_certificate). */
765 }
766 /* When the while loop ends, it's usually just EOF. */
767 err = ERR_peek_last_error();
768 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
769 ERR_clear_error();
770 else
771 ret = 0; /* some real error */
772 }
773
774end:
775 if (x != NULL) X509_free(x);
776 if (in != NULL) BIO_free(in);
777 return(ret);
778 }
779#endif
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index ad40fadd02..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,1159 +0,0 @@
1/* ssl/ssl_sess.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139#include <openssl/lhash.h>
140#include <openssl/rand.h>
141#ifndef OPENSSL_NO_ENGINE
142#include <openssl/engine.h>
143#endif
144#include "ssl_locl.h"
145
146static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
147static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
148static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
149
150SSL_SESSION *SSL_get_session(const SSL *ssl)
151/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
152 {
153 return(ssl->session);
154 }
155
156SSL_SESSION *SSL_get1_session(SSL *ssl)
157/* variant of SSL_get_session: caller really gets something */
158 {
159 SSL_SESSION *sess;
160 /* Need to lock this all up rather than just use CRYPTO_add so that
161 * somebody doesn't free ssl->session between when we check it's
162 * non-null and when we up the reference count. */
163 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
164 sess = ssl->session;
165 if(sess)
166 sess->references++;
167 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
168 return(sess);
169 }
170
171int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
172 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
173 {
174 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
175 new_func, dup_func, free_func);
176 }
177
178int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
179 {
180 return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
181 }
182
183void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
184 {
185 return(CRYPTO_get_ex_data(&s->ex_data,idx));
186 }
187
188SSL_SESSION *SSL_SESSION_new(void)
189 {
190 SSL_SESSION *ss;
191
192 ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
193 if (ss == NULL)
194 {
195 SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
196 return(0);
197 }
198 memset(ss,0,sizeof(SSL_SESSION));
199
200 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
201 ss->references=1;
202 ss->timeout=60*5+4; /* 5 minute timeout by default */
203 ss->time=(unsigned long)time(NULL);
204 ss->prev=NULL;
205 ss->next=NULL;
206 ss->compress_meth=0;
207#ifndef OPENSSL_NO_TLSEXT
208 ss->tlsext_hostname = NULL;
209#ifndef OPENSSL_NO_EC
210 ss->tlsext_ecpointformatlist_length = 0;
211 ss->tlsext_ecpointformatlist = NULL;
212 ss->tlsext_ellipticcurvelist_length = 0;
213 ss->tlsext_ellipticcurvelist = NULL;
214#endif
215#endif
216 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
217#ifndef OPENSSL_NO_PSK
218 ss->psk_identity_hint=NULL;
219 ss->psk_identity=NULL;
220#endif
221#ifndef OPENSSL_NO_SRP
222 ss->srp_username=NULL;
223#endif
224 return(ss);
225 }
226
227const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
228 {
229 if(len)
230 *len = s->session_id_length;
231 return s->session_id;
232 }
233
234unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
235 {
236 return s->compress_meth;
237 }
238
239/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
240 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
241 * until we have no conflict is going to complete in one iteration pretty much
242 * "most" of the time (btw: understatement). So, if it takes us 10 iterations
243 * and we still can't avoid a conflict - well that's a reasonable point to call
244 * it quits. Either the RAND code is broken or someone is trying to open roughly
245 * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
246 * store that many sessions is perhaps a more interesting question ... */
247
248#define MAX_SESS_ID_ATTEMPTS 10
249static int def_generate_session_id(const SSL *ssl, unsigned char *id,
250 unsigned int *id_len)
251{
252 unsigned int retry = 0;
253 do
254 if (RAND_pseudo_bytes(id, *id_len) <= 0)
255 return 0;
256 while(SSL_has_matching_session_id(ssl, id, *id_len) &&
257 (++retry < MAX_SESS_ID_ATTEMPTS));
258 if(retry < MAX_SESS_ID_ATTEMPTS)
259 return 1;
260 /* else - woops a session_id match */
261 /* XXX We should also check the external cache --
262 * but the probability of a collision is negligible, and
263 * we could not prevent the concurrent creation of sessions
264 * with identical IDs since we currently don't have means
265 * to atomically check whether a session ID already exists
266 * and make a reservation for it if it does not
267 * (this problem applies to the internal cache as well).
268 */
269 return 0;
270}
271
272int ssl_get_new_session(SSL *s, int session)
273 {
274 /* This gets used by clients and servers. */
275
276 unsigned int tmp;
277 SSL_SESSION *ss=NULL;
278 GEN_SESSION_CB cb = def_generate_session_id;
279
280 if ((ss=SSL_SESSION_new()) == NULL) return(0);
281
282 /* If the context has a default timeout, use it */
283 if (s->session_ctx->session_timeout == 0)
284 ss->timeout=SSL_get_default_timeout(s);
285 else
286 ss->timeout=s->session_ctx->session_timeout;
287
288 if (s->session != NULL)
289 {
290 SSL_SESSION_free(s->session);
291 s->session=NULL;
292 }
293
294 if (session)
295 {
296 if (s->version == SSL2_VERSION)
297 {
298 ss->ssl_version=SSL2_VERSION;
299 ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
300 }
301 else if (s->version == SSL3_VERSION)
302 {
303 ss->ssl_version=SSL3_VERSION;
304 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
305 }
306 else if (s->version == TLS1_VERSION)
307 {
308 ss->ssl_version=TLS1_VERSION;
309 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
310 }
311 else if (s->version == TLS1_1_VERSION)
312 {
313 ss->ssl_version=TLS1_1_VERSION;
314 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
315 }
316 else if (s->version == TLS1_2_VERSION)
317 {
318 ss->ssl_version=TLS1_2_VERSION;
319 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
320 }
321 else if (s->version == DTLS1_BAD_VER)
322 {
323 ss->ssl_version=DTLS1_BAD_VER;
324 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
325 }
326 else if (s->version == DTLS1_VERSION)
327 {
328 ss->ssl_version=DTLS1_VERSION;
329 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
330 }
331 else
332 {
333 SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
334 SSL_SESSION_free(ss);
335 return(0);
336 }
337#ifndef OPENSSL_NO_TLSEXT
338 /* If RFC4507 ticket use empty session ID */
339 if (s->tlsext_ticket_expected)
340 {
341 ss->session_id_length = 0;
342 goto sess_id_done;
343 }
344#endif
345 /* Choose which callback will set the session ID */
346 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
347 if(s->generate_session_id)
348 cb = s->generate_session_id;
349 else if(s->session_ctx->generate_session_id)
350 cb = s->session_ctx->generate_session_id;
351 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
352 /* Choose a session ID */
353 tmp = ss->session_id_length;
354 if(!cb(s, ss->session_id, &tmp))
355 {
356 /* The callback failed */
357 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
358 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
359 SSL_SESSION_free(ss);
360 return(0);
361 }
362 /* Don't allow the callback to set the session length to zero.
363 * nor set it higher than it was. */
364 if(!tmp || (tmp > ss->session_id_length))
365 {
366 /* The callback set an illegal length */
367 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
368 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
369 SSL_SESSION_free(ss);
370 return(0);
371 }
372 /* If the session length was shrunk and we're SSLv2, pad it */
373 if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
374 memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
375 else
376 ss->session_id_length = tmp;
377 /* Finally, check for a conflict */
378 if(SSL_has_matching_session_id(s, ss->session_id,
379 ss->session_id_length))
380 {
381 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
382 SSL_R_SSL_SESSION_ID_CONFLICT);
383 SSL_SESSION_free(ss);
384 return(0);
385 }
386#ifndef OPENSSL_NO_TLSEXT
387 sess_id_done:
388 if (s->tlsext_hostname) {
389 ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
390 if (ss->tlsext_hostname == NULL) {
391 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
392 SSL_SESSION_free(ss);
393 return 0;
394 }
395 }
396#ifndef OPENSSL_NO_EC
397 if (s->tlsext_ecpointformatlist)
398 {
399 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
400 if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
401 {
402 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
403 SSL_SESSION_free(ss);
404 return 0;
405 }
406 ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
407 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
408 }
409 if (s->tlsext_ellipticcurvelist)
410 {
411 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
412 if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
413 {
414 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
415 SSL_SESSION_free(ss);
416 return 0;
417 }
418 ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
419 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
420 }
421#endif
422#endif
423 }
424 else
425 {
426 ss->session_id_length=0;
427 }
428
429 if (s->sid_ctx_length > sizeof ss->sid_ctx)
430 {
431 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
432 SSL_SESSION_free(ss);
433 return 0;
434 }
435 memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
436 ss->sid_ctx_length=s->sid_ctx_length;
437 s->session=ss;
438 ss->ssl_version=s->version;
439 ss->verify_result = X509_V_OK;
440
441 return(1);
442 }
443
444/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
445 * connection. It is only called by servers.
446 *
447 * session_id: points at the session ID in the ClientHello. This code will
448 * read past the end of this in order to parse out the session ticket
449 * extension, if any.
450 * len: the length of the session ID.
451 * limit: a pointer to the first byte after the ClientHello.
452 *
453 * Returns:
454 * -1: error
455 * 0: a session may have been found.
456 *
457 * Side effects:
458 * - If a session is found then s->session is pointed at it (after freeing an
459 * existing session if need be) and s->verify_result is set from the session.
460 * - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
461 * if the server should issue a new session ticket (to 0 otherwise).
462 */
463int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
464 const unsigned char *limit)
465 {
466 /* This is used only by servers. */
467
468 SSL_SESSION *ret=NULL;
469 int fatal = 0;
470 int try_session_cache = 1;
471#ifndef OPENSSL_NO_TLSEXT
472 int r;
473#endif
474
475 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
476 goto err;
477
478 if (len == 0)
479 try_session_cache = 0;
480
481#ifndef OPENSSL_NO_TLSEXT
482 r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */
483 switch (r)
484 {
485 case -1: /* Error during processing */
486 fatal = 1;
487 goto err;
488 case 0: /* No ticket found */
489 case 1: /* Zero length ticket found */
490 break; /* Ok to carry on processing session id. */
491 case 2: /* Ticket found but not decrypted. */
492 case 3: /* Ticket decrypted, *ret has been set. */
493 try_session_cache = 0;
494 break;
495 default:
496 abort();
497 }
498#endif
499
500 if (try_session_cache &&
501 ret == NULL &&
502 !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
503 {
504 SSL_SESSION data;
505 data.ssl_version=s->version;
506 data.session_id_length=len;
507 if (len == 0)
508 return 0;
509 memcpy(data.session_id,session_id,len);
510 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
511 ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data);
512 if (ret != NULL)
513 {
514 /* don't allow other threads to steal it: */
515 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
516 }
517 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
518 if (ret == NULL)
519 s->session_ctx->stats.sess_miss++;
520 }
521
522 if (try_session_cache &&
523 ret == NULL &&
524 s->session_ctx->get_session_cb != NULL)
525 {
526 int copy=1;
527
528 if ((ret=s->session_ctx->get_session_cb(s,session_id,len,&copy)))
529 {
530 s->session_ctx->stats.sess_cb_hit++;
531
532 /* Increment reference count now if the session callback
533 * asks us to do so (note that if the session structures
534 * returned by the callback are shared between threads,
535 * it must handle the reference count itself [i.e. copy == 0],
536 * or things won't be thread-safe). */
537 if (copy)
538 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
539
540 /* Add the externally cached session to the internal
541 * cache as well if and only if we are supposed to. */
542 if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
543 /* The following should not return 1, otherwise,
544 * things are very strange */
545 SSL_CTX_add_session(s->session_ctx,ret);
546 }
547 }
548
549 if (ret == NULL)
550 goto err;
551
552 /* Now ret is non-NULL and we own one of its reference counts. */
553
554 if (ret->sid_ctx_length != s->sid_ctx_length
555 || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
556 {
557 /* We have the session requested by the client, but we don't
558 * want to use it in this context. */
559 goto err; /* treat like cache miss */
560 }
561
562 if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
563 {
564 /* We can't be sure if this session is being used out of
565 * context, which is especially important for SSL_VERIFY_PEER.
566 * The application should have used SSL[_CTX]_set_session_id_context.
567 *
568 * For this error case, we generate an error instead of treating
569 * the event like a cache miss (otherwise it would be easy for
570 * applications to effectively disable the session cache by
571 * accident without anyone noticing).
572 */
573
574 SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
575 fatal = 1;
576 goto err;
577 }
578
579 if (ret->cipher == NULL)
580 {
581 unsigned char buf[5],*p;
582 unsigned long l;
583
584 p=buf;
585 l=ret->cipher_id;
586 l2n(l,p);
587 if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
588 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
589 else
590 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
591 if (ret->cipher == NULL)
592 goto err;
593 }
594
595 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
596 {
597 s->session_ctx->stats.sess_timeout++;
598 if (try_session_cache)
599 {
600 /* session was from the cache, so remove it */
601 SSL_CTX_remove_session(s->session_ctx,ret);
602 }
603 goto err;
604 }
605
606 s->session_ctx->stats.sess_hit++;
607
608 if (s->session != NULL)
609 SSL_SESSION_free(s->session);
610 s->session=ret;
611 s->verify_result = s->session->verify_result;
612 return 1;
613
614 err:
615 if (ret != NULL)
616 {
617 SSL_SESSION_free(ret);
618#ifndef OPENSSL_NO_TLSEXT
619 if (!try_session_cache)
620 {
621 /* The session was from a ticket, so we should
622 * issue a ticket for the new session */
623 s->tlsext_ticket_expected = 1;
624 }
625#endif
626 }
627 if (fatal)
628 return -1;
629 else
630 return 0;
631 }
632
633int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
634 {
635 int ret=0;
636 SSL_SESSION *s;
637
638 /* add just 1 reference count for the SSL_CTX's session cache
639 * even though it has two ways of access: each session is in a
640 * doubly linked list and an lhash */
641 CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
642 /* if session c is in already in cache, we take back the increment later */
643
644 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
645 s=lh_SSL_SESSION_insert(ctx->sessions,c);
646
647 /* s != NULL iff we already had a session with the given PID.
648 * In this case, s == c should hold (then we did not really modify
649 * ctx->sessions), or we're in trouble. */
650 if (s != NULL && s != c)
651 {
652 /* We *are* in trouble ... */
653 SSL_SESSION_list_remove(ctx,s);
654 SSL_SESSION_free(s);
655 /* ... so pretend the other session did not exist in cache
656 * (we cannot handle two SSL_SESSION structures with identical
657 * session ID in the same cache, which could happen e.g. when
658 * two threads concurrently obtain the same session from an external
659 * cache) */
660 s = NULL;
661 }
662
663 /* Put at the head of the queue unless it is already in the cache */
664 if (s == NULL)
665 SSL_SESSION_list_add(ctx,c);
666
667 if (s != NULL)
668 {
669 /* existing cache entry -- decrement previously incremented reference
670 * count because it already takes into account the cache */
671
672 SSL_SESSION_free(s); /* s == c */
673 ret=0;
674 }
675 else
676 {
677 /* new cache entry -- remove old ones if cache has become too large */
678
679 ret=1;
680
681 if (SSL_CTX_sess_get_cache_size(ctx) > 0)
682 {
683 while (SSL_CTX_sess_number(ctx) >
684 SSL_CTX_sess_get_cache_size(ctx))
685 {
686 if (!remove_session_lock(ctx,
687 ctx->session_cache_tail, 0))
688 break;
689 else
690 ctx->stats.sess_cache_full++;
691 }
692 }
693 }
694 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
695 return(ret);
696 }
697
698int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
699{
700 return remove_session_lock(ctx, c, 1);
701}
702
703static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
704 {
705 SSL_SESSION *r;
706 int ret=0;
707
708 if ((c != NULL) && (c->session_id_length != 0))
709 {
710 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
711 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c)
712 {
713 ret=1;
714 r=lh_SSL_SESSION_delete(ctx->sessions,c);
715 SSL_SESSION_list_remove(ctx,c);
716 }
717
718 if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
719
720 if (ret)
721 {
722 r->not_resumable=1;
723 if (ctx->remove_session_cb != NULL)
724 ctx->remove_session_cb(ctx,r);
725 SSL_SESSION_free(r);
726 }
727 }
728 else
729 ret=0;
730 return(ret);
731 }
732
733void SSL_SESSION_free(SSL_SESSION *ss)
734 {
735 int i;
736
737 if(ss == NULL)
738 return;
739
740 i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
741#ifdef REF_PRINT
742 REF_PRINT("SSL_SESSION",ss);
743#endif
744 if (i > 0) return;
745#ifdef REF_CHECK
746 if (i < 0)
747 {
748 fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
749 abort(); /* ok */
750 }
751#endif
752
753 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
754
755 OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
756 OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
757 OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
758 if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
759 if (ss->peer != NULL) X509_free(ss->peer);
760 if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
761#ifndef OPENSSL_NO_TLSEXT
762 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
763 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
764#ifndef OPENSSL_NO_EC
765 ss->tlsext_ecpointformatlist_length = 0;
766 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
767 ss->tlsext_ellipticcurvelist_length = 0;
768 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
769#endif /* OPENSSL_NO_EC */
770#endif
771#ifndef OPENSSL_NO_PSK
772 if (ss->psk_identity_hint != NULL)
773 OPENSSL_free(ss->psk_identity_hint);
774 if (ss->psk_identity != NULL)
775 OPENSSL_free(ss->psk_identity);
776#endif
777#ifndef OPENSSL_NO_SRP
778 if (ss->srp_username != NULL)
779 OPENSSL_free(ss->srp_username);
780#endif
781 OPENSSL_cleanse(ss,sizeof(*ss));
782 OPENSSL_free(ss);
783 }
784
785int SSL_set_session(SSL *s, SSL_SESSION *session)
786 {
787 int ret=0;
788 const SSL_METHOD *meth;
789
790 if (session != NULL)
791 {
792 meth=s->ctx->method->get_ssl_method(session->ssl_version);
793 if (meth == NULL)
794 meth=s->method->get_ssl_method(session->ssl_version);
795 if (meth == NULL)
796 {
797 SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
798 return(0);
799 }
800
801 if (meth != s->method)
802 {
803 if (!SSL_set_ssl_method(s,meth))
804 return(0);
805 }
806
807#ifndef OPENSSL_NO_KRB5
808 if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
809 session->krb5_client_princ_len > 0)
810 {
811 s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
812 memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
813 session->krb5_client_princ_len);
814 s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
815 }
816#endif /* OPENSSL_NO_KRB5 */
817
818 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
819 CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
820 if (s->session != NULL)
821 SSL_SESSION_free(s->session);
822 s->session=session;
823 s->verify_result = s->session->verify_result;
824 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
825 ret=1;
826 }
827 else
828 {
829 if (s->session != NULL)
830 {
831 SSL_SESSION_free(s->session);
832 s->session=NULL;
833 }
834
835 meth=s->ctx->method;
836 if (meth != s->method)
837 {
838 if (!SSL_set_ssl_method(s,meth))
839 return(0);
840 }
841 ret=1;
842 }
843 return(ret);
844 }
845
846long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
847 {
848 if (s == NULL) return(0);
849 s->timeout=t;
850 return(1);
851 }
852
853long SSL_SESSION_get_timeout(const SSL_SESSION *s)
854 {
855 if (s == NULL) return(0);
856 return(s->timeout);
857 }
858
859long SSL_SESSION_get_time(const SSL_SESSION *s)
860 {
861 if (s == NULL) return(0);
862 return(s->time);
863 }
864
865long SSL_SESSION_set_time(SSL_SESSION *s, long t)
866 {
867 if (s == NULL) return(0);
868 s->time=t;
869 return(t);
870 }
871
872X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
873 {
874 return s->peer;
875 }
876
877int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
878 unsigned int sid_ctx_len)
879 {
880 if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
881 {
882 SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
883 return 0;
884 }
885 s->sid_ctx_length=sid_ctx_len;
886 memcpy(s->sid_ctx,sid_ctx,sid_ctx_len);
887
888 return 1;
889 }
890
891long SSL_CTX_set_timeout(SSL_CTX *s, long t)
892 {
893 long l;
894 if (s == NULL) return(0);
895 l=s->session_timeout;
896 s->session_timeout=t;
897 return(l);
898 }
899
900long SSL_CTX_get_timeout(const SSL_CTX *s)
901 {
902 if (s == NULL) return(0);
903 return(s->session_timeout);
904 }
905
906#ifndef OPENSSL_NO_TLSEXT
907int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
908 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
909 {
910 if (s == NULL) return(0);
911 s->tls_session_secret_cb = tls_session_secret_cb;
912 s->tls_session_secret_cb_arg = arg;
913 return(1);
914 }
915
916int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
917 void *arg)
918 {
919 if (s == NULL) return(0);
920 s->tls_session_ticket_ext_cb = cb;
921 s->tls_session_ticket_ext_cb_arg = arg;
922 return(1);
923 }
924
925int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
926 {
927 if (s->version >= TLS1_VERSION)
928 {
929 if (s->tlsext_session_ticket)
930 {
931 OPENSSL_free(s->tlsext_session_ticket);
932 s->tlsext_session_ticket = NULL;
933 }
934
935 s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
936 if (!s->tlsext_session_ticket)
937 {
938 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
939 return 0;
940 }
941
942 if (ext_data)
943 {
944 s->tlsext_session_ticket->length = ext_len;
945 s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
946 memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
947 }
948 else
949 {
950 s->tlsext_session_ticket->length = 0;
951 s->tlsext_session_ticket->data = NULL;
952 }
953
954 return 1;
955 }
956
957 return 0;
958 }
959#endif /* OPENSSL_NO_TLSEXT */
960
961typedef struct timeout_param_st
962 {
963 SSL_CTX *ctx;
964 long time;
965 LHASH_OF(SSL_SESSION) *cache;
966 } TIMEOUT_PARAM;
967
968static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
969 {
970 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
971 {
972 /* The reason we don't call SSL_CTX_remove_session() is to
973 * save on locking overhead */
974 (void)lh_SSL_SESSION_delete(p->cache,s);
975 SSL_SESSION_list_remove(p->ctx,s);
976 s->not_resumable=1;
977 if (p->ctx->remove_session_cb != NULL)
978 p->ctx->remove_session_cb(p->ctx,s);
979 SSL_SESSION_free(s);
980 }
981 }
982
983static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
984
985void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
986 {
987 unsigned long i;
988 TIMEOUT_PARAM tp;
989
990 tp.ctx=s;
991 tp.cache=s->sessions;
992 if (tp.cache == NULL) return;
993 tp.time=t;
994 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
995 i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
996 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
997 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
998 TIMEOUT_PARAM, &tp);
999 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
1000 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1001 }
1002
1003int ssl_clear_bad_session(SSL *s)
1004 {
1005 if ( (s->session != NULL) &&
1006 !(s->shutdown & SSL_SENT_SHUTDOWN) &&
1007 !(SSL_in_init(s) || SSL_in_before(s)))
1008 {
1009 SSL_CTX_remove_session(s->ctx,s->session);
1010 return(1);
1011 }
1012 else
1013 return(0);
1014 }
1015
1016/* locked by SSL_CTX in the calling function */
1017static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
1018 {
1019 if ((s->next == NULL) || (s->prev == NULL)) return;
1020
1021 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
1022 { /* last element in list */
1023 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
1024 { /* only one element in list */
1025 ctx->session_cache_head=NULL;
1026 ctx->session_cache_tail=NULL;
1027 }
1028 else
1029 {
1030 ctx->session_cache_tail=s->prev;
1031 s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
1032 }
1033 }
1034 else
1035 {
1036 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
1037 { /* first element in list */
1038 ctx->session_cache_head=s->next;
1039 s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
1040 }
1041 else
1042 { /* middle of list */
1043 s->next->prev=s->prev;
1044 s->prev->next=s->next;
1045 }
1046 }
1047 s->prev=s->next=NULL;
1048 }
1049
1050static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
1051 {
1052 if ((s->next != NULL) && (s->prev != NULL))
1053 SSL_SESSION_list_remove(ctx,s);
1054
1055 if (ctx->session_cache_head == NULL)
1056 {
1057 ctx->session_cache_head=s;
1058 ctx->session_cache_tail=s;
1059 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
1060 s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
1061 }
1062 else
1063 {
1064 s->next=ctx->session_cache_head;
1065 s->next->prev=s;
1066 s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
1067 ctx->session_cache_head=s;
1068 }
1069 }
1070
1071void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1072 int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
1073 {
1074 ctx->new_session_cb=cb;
1075 }
1076
1077int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
1078 {
1079 return ctx->new_session_cb;
1080 }
1081
1082void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1083 void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
1084 {
1085 ctx->remove_session_cb=cb;
1086 }
1087
1088void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
1089 {
1090 return ctx->remove_session_cb;
1091 }
1092
1093void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1094 SSL_SESSION *(*cb)(struct ssl_st *ssl,
1095 unsigned char *data,int len,int *copy))
1096 {
1097 ctx->get_session_cb=cb;
1098 }
1099
1100SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
1101 unsigned char *data,int len,int *copy)
1102 {
1103 return ctx->get_session_cb;
1104 }
1105
1106void SSL_CTX_set_info_callback(SSL_CTX *ctx,
1107 void (*cb)(const SSL *ssl,int type,int val))
1108 {
1109 ctx->info_callback=cb;
1110 }
1111
1112void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
1113 {
1114 return ctx->info_callback;
1115 }
1116
1117void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1118 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
1119 {
1120 ctx->client_cert_cb=cb;
1121 }
1122
1123int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
1124 {
1125 return ctx->client_cert_cb;
1126 }
1127
1128#ifndef OPENSSL_NO_ENGINE
1129int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1130 {
1131 if (!ENGINE_init(e))
1132 {
1133 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
1134 return 0;
1135 }
1136 if(!ENGINE_get_ssl_client_cert_function(e))
1137 {
1138 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
1139 ENGINE_finish(e);
1140 return 0;
1141 }
1142 ctx->client_cert_engine = e;
1143 return 1;
1144 }
1145#endif
1146
1147void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1148 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
1149 {
1150 ctx->app_gen_cookie_cb=cb;
1151 }
1152
1153void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1154 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
1155 {
1156 ctx->app_verify_cookie_cb=cb;
1157 }
1158
1159IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 144b81e55f..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,567 +0,0 @@
1/* ssl/ssl_stat.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include "ssl_locl.h"
87
88const char *SSL_state_string_long(const SSL *s)
89 {
90 const char *str;
91
92 switch (s->state)
93 {
94case SSL_ST_BEFORE: str="before SSL initialization"; break;
95case SSL_ST_ACCEPT: str="before accept initialization"; break;
96case SSL_ST_CONNECT: str="before connect initialization"; break;
97case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
98case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
99case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
100case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
101case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
102case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
103#ifndef OPENSSL_NO_SSL2
104case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
105case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
106case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
107case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
108case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
109case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
110case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
111case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
112case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
113case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
114case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
115case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
116case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
117case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
118case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
119case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
120case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
121case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
122case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
123case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
124case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
125case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
126case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
127case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
128case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
129case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
130case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
131case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
132case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
133case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
134case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
135case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
136case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
137case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
138case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
139case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
140case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
141case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
142#endif
143
144#ifndef OPENSSL_NO_SSL3
145/* SSLv3 additions */
146case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
147case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
148case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
149case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
150case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
151case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
152case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
153case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
154case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
155case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
156case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
157case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
158case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
159case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
160case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
161case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
162case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
163case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
164case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
165case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
166case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
167case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
168
169case SSL3_ST_CW_CHANGE_A:
170case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
171case SSL3_ST_CW_CHANGE_B:
172case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
173case SSL3_ST_CW_FINISHED_A:
174case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
175case SSL3_ST_CW_FINISHED_B:
176case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
177case SSL3_ST_CR_CHANGE_A:
178case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
179case SSL3_ST_CR_CHANGE_B:
180case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
181case SSL3_ST_CR_FINISHED_A:
182case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
183case SSL3_ST_CR_FINISHED_B:
184case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
185
186case SSL3_ST_CW_FLUSH:
187case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
188
189case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
190case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
191case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
192case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
193case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
194case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
195case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
196case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
197case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
198case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
199case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
200case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
201case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
202case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
203case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
204case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
205case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
206case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
207case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
208case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
209case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
210case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
211case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
212case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
213#endif
214
215#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
216/* SSLv2/v3 compatibility states */
217/* client */
218case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
219case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
220case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
221case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
222/* server */
223case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
224case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
225#endif
226
227/* DTLS */
228case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
229case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
230case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
231case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
232
233default: str="unknown state"; break;
234 }
235 return(str);
236 }
237
238const char *SSL_rstate_string_long(const SSL *s)
239 {
240 const char *str;
241
242 switch (s->rstate)
243 {
244 case SSL_ST_READ_HEADER: str="read header"; break;
245 case SSL_ST_READ_BODY: str="read body"; break;
246 case SSL_ST_READ_DONE: str="read done"; break;
247 default: str="unknown"; break;
248 }
249 return(str);
250 }
251
252const char *SSL_state_string(const SSL *s)
253 {
254 const char *str;
255
256 switch (s->state)
257 {
258case SSL_ST_BEFORE: str="PINIT "; break;
259case SSL_ST_ACCEPT: str="AINIT "; break;
260case SSL_ST_CONNECT: str="CINIT "; break;
261case SSL_ST_OK: str="SSLOK "; break;
262#ifndef OPENSSL_NO_SSL2
263case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
264case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
265case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
266case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
267case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
268case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
269case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
270case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
271case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
272case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
273case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
274case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
275case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
276case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
277case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
278case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
279case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
280case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
281case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
282case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
283case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
284case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
285case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
286case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
287case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
288case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
289case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
290case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
291case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
292case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
293case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
294case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
295case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
296case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
297case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
298case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
299case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
300case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
301#endif
302
303#ifndef OPENSSL_NO_SSL3
304/* SSLv3 additions */
305case SSL3_ST_SW_FLUSH:
306case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
307case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
308case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
309case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
310case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
311case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
312case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
313case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
314case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
315case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
316case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
317case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
318case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
319case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
320case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
321case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
322case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
323case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
324case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
325case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
326case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
327
328case SSL3_ST_SW_CHANGE_A:
329case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
330case SSL3_ST_SW_CHANGE_B:
331case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
332case SSL3_ST_SW_FINISHED_A:
333case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
334case SSL3_ST_SW_FINISHED_B:
335case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
336case SSL3_ST_SR_CHANGE_A:
337case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
338case SSL3_ST_SR_CHANGE_B:
339case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
340case SSL3_ST_SR_FINISHED_A:
341case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
342case SSL3_ST_SR_FINISHED_B:
343case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
344
345case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
346case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
347case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
348case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
349case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
350case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
351case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
352case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
353case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
354case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
355case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
356case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
357case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
358case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
359case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
360case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
361case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
362case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
363case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
364case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
365case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
366case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
367#endif
368
369#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
370/* SSLv2/v3 compatibility states */
371/* client */
372case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
373case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
374case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
375case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
376/* server */
377case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
378case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
379#endif
380/* DTLS */
381case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
382case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
383case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
384case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
385
386default: str="UNKWN "; break;
387 }
388 return(str);
389 }
390
391const char *SSL_alert_type_string_long(int value)
392 {
393 value>>=8;
394 if (value == SSL3_AL_WARNING)
395 return("warning");
396 else if (value == SSL3_AL_FATAL)
397 return("fatal");
398 else
399 return("unknown");
400 }
401
402const char *SSL_alert_type_string(int value)
403 {
404 value>>=8;
405 if (value == SSL3_AL_WARNING)
406 return("W");
407 else if (value == SSL3_AL_FATAL)
408 return("F");
409 else
410 return("U");
411 }
412
413const char *SSL_alert_desc_string(int value)
414 {
415 const char *str;
416
417 switch (value & 0xff)
418 {
419 case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
420 case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
421 case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
422 case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
423 case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
424 case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
425 case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
426 case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
427 case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
428 case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
429 case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
430 case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
431 case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
432 case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
433 case TLS1_AD_UNKNOWN_CA: str="CA"; break;
434 case TLS1_AD_ACCESS_DENIED: str="AD"; break;
435 case TLS1_AD_DECODE_ERROR: str="DE"; break;
436 case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
437 case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
438 case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
439 case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
440 case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
441 case TLS1_AD_USER_CANCELLED: str="US"; break;
442 case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
443 case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break;
444 case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break;
445 case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break;
446 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
447 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
448 case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break;
449 default: str="UK"; break;
450 }
451 return(str);
452 }
453
454const char *SSL_alert_desc_string_long(int value)
455 {
456 const char *str;
457
458 switch (value & 0xff)
459 {
460 case SSL3_AD_CLOSE_NOTIFY:
461 str="close notify";
462 break;
463 case SSL3_AD_UNEXPECTED_MESSAGE:
464 str="unexpected_message";
465 break;
466 case SSL3_AD_BAD_RECORD_MAC:
467 str="bad record mac";
468 break;
469 case SSL3_AD_DECOMPRESSION_FAILURE:
470 str="decompression failure";
471 break;
472 case SSL3_AD_HANDSHAKE_FAILURE:
473 str="handshake failure";
474 break;
475 case SSL3_AD_NO_CERTIFICATE:
476 str="no certificate";
477 break;
478 case SSL3_AD_BAD_CERTIFICATE:
479 str="bad certificate";
480 break;
481 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
482 str="unsupported certificate";
483 break;
484 case SSL3_AD_CERTIFICATE_REVOKED:
485 str="certificate revoked";
486 break;
487 case SSL3_AD_CERTIFICATE_EXPIRED:
488 str="certificate expired";
489 break;
490 case SSL3_AD_CERTIFICATE_UNKNOWN:
491 str="certificate unknown";
492 break;
493 case SSL3_AD_ILLEGAL_PARAMETER:
494 str="illegal parameter";
495 break;
496 case TLS1_AD_DECRYPTION_FAILED:
497 str="decryption failed";
498 break;
499 case TLS1_AD_RECORD_OVERFLOW:
500 str="record overflow";
501 break;
502 case TLS1_AD_UNKNOWN_CA:
503 str="unknown CA";
504 break;
505 case TLS1_AD_ACCESS_DENIED:
506 str="access denied";
507 break;
508 case TLS1_AD_DECODE_ERROR:
509 str="decode error";
510 break;
511 case TLS1_AD_DECRYPT_ERROR:
512 str="decrypt error";
513 break;
514 case TLS1_AD_EXPORT_RESTRICTION:
515 str="export restriction";
516 break;
517 case TLS1_AD_PROTOCOL_VERSION:
518 str="protocol version";
519 break;
520 case TLS1_AD_INSUFFICIENT_SECURITY:
521 str="insufficient security";
522 break;
523 case TLS1_AD_INTERNAL_ERROR:
524 str="internal error";
525 break;
526 case TLS1_AD_USER_CANCELLED:
527 str="user canceled";
528 break;
529 case TLS1_AD_NO_RENEGOTIATION:
530 str="no renegotiation";
531 break;
532 case TLS1_AD_UNSUPPORTED_EXTENSION:
533 str="unsupported extension";
534 break;
535 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
536 str="certificate unobtainable";
537 break;
538 case TLS1_AD_UNRECOGNIZED_NAME:
539 str="unrecognized name";
540 break;
541 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
542 str="bad certificate status response";
543 break;
544 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
545 str="bad certificate hash value";
546 break;
547 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
548 str="unknown PSK identity";
549 break;
550 default: str="unknown"; break;
551 }
552 return(str);
553 }
554
555const char *SSL_rstate_string(const SSL *s)
556 {
557 const char *str;
558
559 switch (s->rstate)
560 {
561 case SSL_ST_READ_HEADER:str="RH"; break;
562 case SSL_ST_READ_BODY: str="RB"; break;
563 case SSL_ST_READ_DONE: str="RD"; break;
564 default: str="unknown"; break;
565 }
566 return(str);
567 }
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index 6479d52c0c..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,248 +0,0 @@
1/* ssl/ssl_txt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86#include <openssl/buffer.h>
87#include "ssl_locl.h"
88
89#ifndef OPENSSL_NO_FP_API
90int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
91 {
92 BIO *b;
93 int ret;
94
95 if ((b=BIO_new(BIO_s_file_internal())) == NULL)
96 {
97 SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
98 return(0);
99 }
100 BIO_set_fp(b,fp,BIO_NOCLOSE);
101 ret=SSL_SESSION_print(b,x);
102 BIO_free(b);
103 return(ret);
104 }
105#endif
106
107int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
108 {
109 unsigned int i;
110 const char *s;
111
112 if (x == NULL) goto err;
113 if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
114 if (x->ssl_version == SSL2_VERSION)
115 s="SSLv2";
116 else if (x->ssl_version == SSL3_VERSION)
117 s="SSLv3";
118 else if (x->ssl_version == TLS1_2_VERSION)
119 s="TLSv1.2";
120 else if (x->ssl_version == TLS1_1_VERSION)
121 s="TLSv1.1";
122 else if (x->ssl_version == TLS1_VERSION)
123 s="TLSv1";
124 else if (x->ssl_version == DTLS1_VERSION)
125 s="DTLSv1";
126 else if (x->ssl_version == DTLS1_BAD_VER)
127 s="DTLSv1-bad";
128 else
129 s="unknown";
130 if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
131
132 if (x->cipher == NULL)
133 {
134 if (((x->cipher_id) & 0xff000000) == 0x02000000)
135 {
136 if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
137 goto err;
138 }
139 else
140 {
141 if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
142 goto err;
143 }
144 }
145 else
146 {
147 if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
148 goto err;
149 }
150 if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
151 for (i=0; i<x->session_id_length; i++)
152 {
153 if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
154 }
155 if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
156 for (i=0; i<x->sid_ctx_length; i++)
157 {
158 if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
159 goto err;
160 }
161 if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
162 for (i=0; i<(unsigned int)x->master_key_length; i++)
163 {
164 if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
165 }
166 if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
167 if (x->key_arg_length == 0)
168 {
169 if (BIO_puts(bp,"None") <= 0) goto err;
170 }
171 else
172 for (i=0; i<x->key_arg_length; i++)
173 {
174 if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
175 }
176#ifndef OPENSSL_NO_KRB5
177 if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err;
178 if (x->krb5_client_princ_len == 0)
179 {
180 if (BIO_puts(bp,"None") <= 0) goto err;
181 }
182 else
183 for (i=0; i<x->krb5_client_princ_len; i++)
184 {
185 if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
186 }
187#endif /* OPENSSL_NO_KRB5 */
188#ifndef OPENSSL_NO_PSK
189 if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err;
190 if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
191 if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err;
192 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
193#endif
194#ifndef OPENSSL_NO_SRP
195 if (BIO_puts(bp,"\n SRP username: ") <= 0) goto err;
196 if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err;
197#endif
198#ifndef OPENSSL_NO_TLSEXT
199 if (x->tlsext_tick_lifetime_hint)
200 {
201 if (BIO_printf(bp,
202 "\n TLS session ticket lifetime hint: %ld (seconds)",
203 x->tlsext_tick_lifetime_hint) <=0)
204 goto err;
205 }
206 if (x->tlsext_tick)
207 {
208 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
209 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
210 goto err;
211 }
212#endif
213
214#ifndef OPENSSL_NO_COMP
215 if (x->compress_meth != 0)
216 {
217 SSL_COMP *comp = NULL;
218
219 ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp);
220 if (comp == NULL)
221 {
222 if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
223 }
224 else
225 {
226 if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
227 }
228 }
229#endif
230 if (x->time != 0L)
231 {
232 if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
233 }
234 if (x->timeout != 0L)
235 {
236 if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
237 }
238 if (BIO_puts(bp,"\n") <= 0) goto err;
239
240 if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
241 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
242 X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
243
244 return(1);
245err:
246 return(0);
247 }
248
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
deleted file mode 100644
index 578617ed84..0000000000
--- a/src/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,92 +0,0 @@
1/* ssl/t1_clnt.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65
66static const SSL_METHOD *tls1_get_client_method(int ver);
67static const SSL_METHOD *tls1_get_client_method(int ver)
68 {
69 if (ver == TLS1_2_VERSION)
70 return TLSv1_2_client_method();
71 if (ver == TLS1_1_VERSION)
72 return TLSv1_1_client_method();
73 if (ver == TLS1_VERSION)
74 return TLSv1_client_method();
75 return NULL;
76 }
77
78IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method,
79 ssl_undefined_function,
80 ssl3_connect,
81 tls1_get_client_method)
82
83IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method,
84 ssl_undefined_function,
85 ssl3_connect,
86 tls1_get_client_method)
87
88IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method,
89 ssl_undefined_function,
90 ssl3_connect,
91 tls1_get_client_method)
92
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 638405ec39..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,1253 +0,0 @@
1/* ssl/t1_enc.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139#include "ssl_locl.h"
140#ifndef OPENSSL_NO_COMP
141#include <openssl/comp.h>
142#endif
143#include <openssl/evp.h>
144#include <openssl/hmac.h>
145#include <openssl/md5.h>
146#include <openssl/rand.h>
147#ifdef KSSL_DEBUG
148#include <openssl/des.h>
149#endif
150
151/* seed1 through seed5 are virtually concatenated */
152static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
153 int sec_len,
154 const void *seed1, int seed1_len,
155 const void *seed2, int seed2_len,
156 const void *seed3, int seed3_len,
157 const void *seed4, int seed4_len,
158 const void *seed5, int seed5_len,
159 unsigned char *out, int olen)
160 {
161 int chunk;
162 size_t j;
163 EVP_MD_CTX ctx, ctx_tmp;
164 EVP_PKEY *mac_key;
165 unsigned char A1[EVP_MAX_MD_SIZE];
166 size_t A1_len;
167 int ret = 0;
168
169 chunk=EVP_MD_size(md);
170 OPENSSL_assert(chunk >= 0);
171
172 EVP_MD_CTX_init(&ctx);
173 EVP_MD_CTX_init(&ctx_tmp);
174 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
175 EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
176 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
177 if (!mac_key)
178 goto err;
179 if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
180 goto err;
181 if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
182 goto err;
183 if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
184 goto err;
185 if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
186 goto err;
187 if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
188 goto err;
189 if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
190 goto err;
191 if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
192 goto err;
193 if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
194 goto err;
195
196 for (;;)
197 {
198 /* Reinit mac contexts */
199 if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
200 goto err;
201 if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
202 goto err;
203 if (!EVP_DigestSignUpdate(&ctx,A1,A1_len))
204 goto err;
205 if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len))
206 goto err;
207 if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
208 goto err;
209 if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
210 goto err;
211 if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
212 goto err;
213 if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
214 goto err;
215 if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
216 goto err;
217
218 if (olen > chunk)
219 {
220 if (!EVP_DigestSignFinal(&ctx,out,&j))
221 goto err;
222 out+=j;
223 olen-=j;
224 /* calc the next A1 value */
225 if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
226 goto err;
227 }
228 else /* last one */
229 {
230 if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
231 goto err;
232 memcpy(out,A1,olen);
233 break;
234 }
235 }
236 ret = 1;
237err:
238 EVP_PKEY_free(mac_key);
239 EVP_MD_CTX_cleanup(&ctx);
240 EVP_MD_CTX_cleanup(&ctx_tmp);
241 OPENSSL_cleanse(A1,sizeof(A1));
242 return ret;
243 }
244
245/* seed1 through seed5 are virtually concatenated */
246static int tls1_PRF(long digest_mask,
247 const void *seed1, int seed1_len,
248 const void *seed2, int seed2_len,
249 const void *seed3, int seed3_len,
250 const void *seed4, int seed4_len,
251 const void *seed5, int seed5_len,
252 const unsigned char *sec, int slen,
253 unsigned char *out1,
254 unsigned char *out2, int olen)
255 {
256 int len,i,idx,count;
257 const unsigned char *S1;
258 long m;
259 const EVP_MD *md;
260 int ret = 0;
261
262 /* Count number of digests and partition sec evenly */
263 count=0;
264 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
265 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
266 }
267 len=slen/count;
268 if (count == 1)
269 slen = 0;
270 S1=sec;
271 memset(out1,0,olen);
272 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
273 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
274 if (!md) {
275 SSLerr(SSL_F_TLS1_PRF,
276 SSL_R_UNSUPPORTED_DIGEST_TYPE);
277 goto err;
278 }
279 if (!tls1_P_hash(md ,S1,len+(slen&1),
280 seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
281 out2,olen))
282 goto err;
283 S1+=len;
284 for (i=0; i<olen; i++)
285 {
286 out1[i]^=out2[i];
287 }
288 }
289 }
290 ret = 1;
291err:
292 return ret;
293}
294static int tls1_generate_key_block(SSL *s, unsigned char *km,
295 unsigned char *tmp, int num)
296 {
297 int ret;
298 ret = tls1_PRF(ssl_get_algorithm2(s),
299 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
300 s->s3->server_random,SSL3_RANDOM_SIZE,
301 s->s3->client_random,SSL3_RANDOM_SIZE,
302 NULL,0,NULL,0,
303 s->session->master_key,s->session->master_key_length,
304 km,tmp,num);
305#ifdef KSSL_DEBUG
306 printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
307 s->session->master_key_length);
308 {
309 int i;
310 for (i=0; i < s->session->master_key_length; i++)
311 {
312 printf("%02X", s->session->master_key[i]);
313 }
314 printf("\n"); }
315#endif /* KSSL_DEBUG */
316 return ret;
317 }
318
319int tls1_change_cipher_state(SSL *s, int which)
320 {
321 static const unsigned char empty[]="";
322 unsigned char *p,*mac_secret;
323 unsigned char *exp_label;
324 unsigned char tmp1[EVP_MAX_KEY_LENGTH];
325 unsigned char tmp2[EVP_MAX_KEY_LENGTH];
326 unsigned char iv1[EVP_MAX_IV_LENGTH*2];
327 unsigned char iv2[EVP_MAX_IV_LENGTH*2];
328 unsigned char *ms,*key,*iv;
329 int client_write;
330 EVP_CIPHER_CTX *dd;
331 const EVP_CIPHER *c;
332#ifndef OPENSSL_NO_COMP
333 const SSL_COMP *comp;
334#endif
335 const EVP_MD *m;
336 int mac_type;
337 int *mac_secret_size;
338 EVP_MD_CTX *mac_ctx;
339 EVP_PKEY *mac_key;
340 int is_export,n,i,j,k,exp_label_len,cl;
341 int reuse_dd = 0;
342
343 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
344 c=s->s3->tmp.new_sym_enc;
345 m=s->s3->tmp.new_hash;
346 mac_type = s->s3->tmp.new_mac_pkey_type;
347#ifndef OPENSSL_NO_COMP
348 comp=s->s3->tmp.new_compression;
349#endif
350
351#ifdef KSSL_DEBUG
352 printf("tls1_change_cipher_state(which= %d) w/\n", which);
353 printf("\talg= %ld/%ld, comp= %p\n",
354 s->s3->tmp.new_cipher->algorithm_mkey,
355 s->s3->tmp.new_cipher->algorithm_auth,
356 comp);
357 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
358 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
359 c->nid,c->block_size,c->key_len,c->iv_len);
360 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
361 {
362 int i;
363 for (i=0; i<s->s3->tmp.key_block_length; i++)
364 printf("%02x", key_block[i]); printf("\n");
365 }
366#endif /* KSSL_DEBUG */
367
368 if (which & SSL3_CC_READ)
369 {
370 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
371 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
372 else
373 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
374
375 if (s->enc_read_ctx != NULL)
376 reuse_dd = 1;
377 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
378 goto err;
379 else
380 /* make sure it's intialized in case we exit later with an error */
381 EVP_CIPHER_CTX_init(s->enc_read_ctx);
382 dd= s->enc_read_ctx;
383 mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
384#ifndef OPENSSL_NO_COMP
385 if (s->expand != NULL)
386 {
387 COMP_CTX_free(s->expand);
388 s->expand=NULL;
389 }
390 if (comp != NULL)
391 {
392 s->expand=COMP_CTX_new(comp->method);
393 if (s->expand == NULL)
394 {
395 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
396 goto err2;
397 }
398 if (s->s3->rrec.comp == NULL)
399 s->s3->rrec.comp=(unsigned char *)
400 OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
401 if (s->s3->rrec.comp == NULL)
402 goto err;
403 }
404#endif
405 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
406 if (s->version != DTLS1_VERSION)
407 memset(&(s->s3->read_sequence[0]),0,8);
408 mac_secret= &(s->s3->read_mac_secret[0]);
409 mac_secret_size=&(s->s3->read_mac_secret_size);
410 }
411 else
412 {
413 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
414 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
415 else
416 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
417 if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
418 reuse_dd = 1;
419 else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
420 goto err;
421 dd= s->enc_write_ctx;
422 if (SSL_IS_DTLS(s))
423 {
424 mac_ctx = EVP_MD_CTX_create();
425 if (!mac_ctx)
426 goto err;
427 s->write_hash = mac_ctx;
428 }
429 else
430 mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
431#ifndef OPENSSL_NO_COMP
432 if (s->compress != NULL)
433 {
434 COMP_CTX_free(s->compress);
435 s->compress=NULL;
436 }
437 if (comp != NULL)
438 {
439 s->compress=COMP_CTX_new(comp->method);
440 if (s->compress == NULL)
441 {
442 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
443 goto err2;
444 }
445 }
446#endif
447 /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
448 if (s->version != DTLS1_VERSION)
449 memset(&(s->s3->write_sequence[0]),0,8);
450 mac_secret= &(s->s3->write_mac_secret[0]);
451 mac_secret_size = &(s->s3->write_mac_secret_size);
452 }
453
454 if (reuse_dd)
455 EVP_CIPHER_CTX_cleanup(dd);
456
457 p=s->s3->tmp.key_block;
458 i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
459
460 cl=EVP_CIPHER_key_length(c);
461 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
462 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
463 /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
464 /* If GCM mode only part of IV comes from PRF */
465 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
466 k = EVP_GCM_TLS_FIXED_IV_LEN;
467 else
468 k=EVP_CIPHER_iv_length(c);
469 if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
470 (which == SSL3_CHANGE_CIPHER_SERVER_READ))
471 {
472 ms= &(p[ 0]); n=i+i;
473 key= &(p[ n]); n+=j+j;
474 iv= &(p[ n]); n+=k+k;
475 exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
476 exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
477 client_write=1;
478 }
479 else
480 {
481 n=i;
482 ms= &(p[ n]); n+=i+j;
483 key= &(p[ n]); n+=j+k;
484 iv= &(p[ n]); n+=k;
485 exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
486 exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
487 client_write=0;
488 }
489
490 if (n > s->s3->tmp.key_block_length)
491 {
492 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
493 goto err2;
494 }
495
496 memcpy(mac_secret,ms,i);
497
498 if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER))
499 {
500 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
501 mac_secret,*mac_secret_size);
502 EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
503 EVP_PKEY_free(mac_key);
504 }
505#ifdef TLS_DEBUG
506printf("which = %04X\nmac key=",which);
507{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
508#endif
509 if (is_export)
510 {
511 /* In here I set both the read and write key/iv to the
512 * same value since only the correct one will be used :-).
513 */
514 if (!tls1_PRF(ssl_get_algorithm2(s),
515 exp_label,exp_label_len,
516 s->s3->client_random,SSL3_RANDOM_SIZE,
517 s->s3->server_random,SSL3_RANDOM_SIZE,
518 NULL,0,NULL,0,
519 key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
520 goto err2;
521 key=tmp1;
522
523 if (k > 0)
524 {
525 if (!tls1_PRF(ssl_get_algorithm2(s),
526 TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
527 s->s3->client_random,SSL3_RANDOM_SIZE,
528 s->s3->server_random,SSL3_RANDOM_SIZE,
529 NULL,0,NULL,0,
530 empty,0,iv1,iv2,k*2))
531 goto err2;
532 if (client_write)
533 iv=iv1;
534 else
535 iv= &(iv1[k]);
536 }
537 }
538
539 s->session->key_arg_length=0;
540#ifdef KSSL_DEBUG
541 {
542 int i;
543 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
544 printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
545 printf("\n");
546 printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
547 printf("\n");
548 }
549#endif /* KSSL_DEBUG */
550
551 if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
552 {
553 EVP_CipherInit_ex(dd,c,NULL,key,NULL,(which & SSL3_CC_WRITE));
554 EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv);
555 }
556 else
557 EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
558
559 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
560 if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
561 EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY,
562 *mac_secret_size,mac_secret);
563
564#ifdef TLS_DEBUG
565printf("which = %04X\nkey=",which);
566{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
567printf("\niv=");
568{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
569printf("\n");
570#endif
571
572 OPENSSL_cleanse(tmp1,sizeof(tmp1));
573 OPENSSL_cleanse(tmp2,sizeof(tmp1));
574 OPENSSL_cleanse(iv1,sizeof(iv1));
575 OPENSSL_cleanse(iv2,sizeof(iv2));
576 return(1);
577err:
578 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
579err2:
580 return(0);
581 }
582
583int tls1_setup_key_block(SSL *s)
584 {
585 unsigned char *p1,*p2=NULL;
586 const EVP_CIPHER *c;
587 const EVP_MD *hash;
588 int num;
589 SSL_COMP *comp;
590 int mac_type= NID_undef,mac_secret_size=0;
591 int ret=0;
592
593#ifdef KSSL_DEBUG
594 printf ("tls1_setup_key_block()\n");
595#endif /* KSSL_DEBUG */
596
597 if (s->s3->tmp.key_block_length != 0)
598 return(1);
599
600 if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp))
601 {
602 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
603 return(0);
604 }
605
606 s->s3->tmp.new_sym_enc=c;
607 s->s3->tmp.new_hash=hash;
608 s->s3->tmp.new_mac_pkey_type = mac_type;
609 s->s3->tmp.new_mac_secret_size = mac_secret_size;
610 num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
611 num*=2;
612
613 ssl3_cleanup_key_block(s);
614
615 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
616 {
617 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
618 goto err;
619 }
620
621 s->s3->tmp.key_block_length=num;
622 s->s3->tmp.key_block=p1;
623
624 if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
625 {
626 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
627 goto err;
628 }
629
630#ifdef TLS_DEBUG
631printf("client random\n");
632{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
633printf("server random\n");
634{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
635printf("pre-master\n");
636{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
637#endif
638 if (!tls1_generate_key_block(s,p1,p2,num))
639 goto err;
640#ifdef TLS_DEBUG
641printf("\nkey block\n");
642{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
643#endif
644
645 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
646 && s->method->version <= TLS1_VERSION)
647 {
648 /* enable vulnerability countermeasure for CBC ciphers with
649 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
650 */
651 s->s3->need_empty_fragments = 1;
652
653 if (s->session->cipher != NULL)
654 {
655 if (s->session->cipher->algorithm_enc == SSL_eNULL)
656 s->s3->need_empty_fragments = 0;
657
658#ifndef OPENSSL_NO_RC4
659 if (s->session->cipher->algorithm_enc == SSL_RC4)
660 s->s3->need_empty_fragments = 0;
661#endif
662 }
663 }
664
665 ret = 1;
666err:
667 if (p2)
668 {
669 OPENSSL_cleanse(p2,num);
670 OPENSSL_free(p2);
671 }
672 return(ret);
673 }
674
675/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
676 *
677 * Returns:
678 * 0: (in non-constant time) if the record is publically invalid (i.e. too
679 * short etc).
680 * 1: if the record's padding is valid / the encryption was successful.
681 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
682 * an internal error occured.
683 */
684int tls1_enc(SSL *s, int send)
685 {
686 SSL3_RECORD *rec;
687 EVP_CIPHER_CTX *ds;
688 unsigned long l;
689 int bs,i,j,k,pad=0,ret,mac_size=0;
690 const EVP_CIPHER *enc;
691
692 if (send)
693 {
694 if (EVP_MD_CTX_md(s->write_hash))
695 {
696 int n=EVP_MD_CTX_size(s->write_hash);
697 OPENSSL_assert(n >= 0);
698 }
699 ds=s->enc_write_ctx;
700 rec= &(s->s3->wrec);
701 if (s->enc_write_ctx == NULL)
702 enc=NULL;
703 else
704 {
705 int ivlen;
706 enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
707 /* For TLSv1.1 and later explicit IV */
708 if (s->version >= TLS1_1_VERSION
709 && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
710 ivlen = EVP_CIPHER_iv_length(enc);
711 else
712 ivlen = 0;
713 if (ivlen > 1)
714 {
715 if ( rec->data != rec->input)
716 /* we can't write into the input stream:
717 * Can this ever happen?? (steve)
718 */
719 fprintf(stderr,
720 "%s:%d: rec->data != rec->input\n",
721 __FILE__, __LINE__);
722 else if (RAND_bytes(rec->input, ivlen) <= 0)
723 return -1;
724 }
725 }
726 }
727 else
728 {
729 if (EVP_MD_CTX_md(s->read_hash))
730 {
731 int n=EVP_MD_CTX_size(s->read_hash);
732 OPENSSL_assert(n >= 0);
733 }
734 ds=s->enc_read_ctx;
735 rec= &(s->s3->rrec);
736 if (s->enc_read_ctx == NULL)
737 enc=NULL;
738 else
739 enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
740 }
741
742#ifdef KSSL_DEBUG
743 printf("tls1_enc(%d)\n", send);
744#endif /* KSSL_DEBUG */
745
746 if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
747 {
748 memmove(rec->data,rec->input,rec->length);
749 rec->input=rec->data;
750 ret = 1;
751 }
752 else
753 {
754 l=rec->length;
755 bs=EVP_CIPHER_block_size(ds->cipher);
756
757 if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
758 {
759 unsigned char buf[13],*seq;
760
761 seq = send?s->s3->write_sequence:s->s3->read_sequence;
762
763 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
764 {
765 unsigned char dtlsseq[9],*p=dtlsseq;
766
767 s2n(send?s->d1->w_epoch:s->d1->r_epoch,p);
768 memcpy(p,&seq[2],6);
769 memcpy(buf,dtlsseq,8);
770 }
771 else
772 {
773 memcpy(buf,seq,8);
774 for (i=7; i>=0; i--) /* increment */
775 {
776 ++seq[i];
777 if (seq[i] != 0) break;
778 }
779 }
780
781 buf[8]=rec->type;
782 buf[9]=(unsigned char)(s->version>>8);
783 buf[10]=(unsigned char)(s->version);
784 buf[11]=rec->length>>8;
785 buf[12]=rec->length&0xff;
786 pad=EVP_CIPHER_CTX_ctrl(ds,EVP_CTRL_AEAD_TLS1_AAD,13,buf);
787 if (send)
788 {
789 l+=pad;
790 rec->length+=pad;
791 }
792 }
793 else if ((bs != 1) && send)
794 {
795 i=bs-((int)l%bs);
796
797 /* Add weird padding of upto 256 bytes */
798
799 /* we need to add 'i' padding bytes of value j */
800 j=i-1;
801 if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
802 {
803 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
804 j++;
805 }
806 for (k=(int)l; k<(int)(l+i); k++)
807 rec->input[k]=j;
808 l+=i;
809 rec->length+=i;
810 }
811
812#ifdef KSSL_DEBUG
813 {
814 unsigned long ui;
815 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
816 ds,rec->data,rec->input,l);
817 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
818 ds->buf_len, ds->cipher->key_len,
819 DES_KEY_SZ, DES_SCHEDULE_SZ,
820 ds->cipher->iv_len);
821 printf("\t\tIV: ");
822 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
823 printf("\n");
824 printf("\trec->input=");
825 for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
826 printf("\n");
827 }
828#endif /* KSSL_DEBUG */
829
830 if (!send)
831 {
832 if (l == 0 || l%bs != 0)
833 return 0;
834 }
835
836 i = EVP_Cipher(ds,rec->data,rec->input,l);
837 if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER)
838 ?(i<0)
839 :(i==0))
840 return -1; /* AEAD can fail to verify MAC */
841 if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send)
842 {
843 rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
844 rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
845 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
846 }
847
848#ifdef KSSL_DEBUG
849 {
850 unsigned long i;
851 printf("\trec->data=");
852 for (i=0; i<l; i++)
853 printf(" %02x", rec->data[i]); printf("\n");
854 }
855#endif /* KSSL_DEBUG */
856
857 ret = 1;
858 if (EVP_MD_CTX_md(s->read_hash) != NULL)
859 mac_size = EVP_MD_CTX_size(s->read_hash);
860 if ((bs != 1) && !send)
861 ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
862 if (pad && !send)
863 rec->length -= pad;
864 }
865 return ret;
866 }
867
868int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
869 {
870 unsigned int ret;
871 EVP_MD_CTX ctx, *d=NULL;
872 int i;
873
874 if (s->s3->handshake_buffer)
875 if (!ssl3_digest_cached_records(s))
876 return 0;
877
878 for (i=0;i<SSL_MAX_DIGEST;i++)
879 {
880 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
881 {
882 d=s->s3->handshake_dgst[i];
883 break;
884 }
885 }
886 if (!d) {
887 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
888 return 0;
889 }
890
891 EVP_MD_CTX_init(&ctx);
892 EVP_MD_CTX_copy_ex(&ctx,d);
893 EVP_DigestFinal_ex(&ctx,out,&ret);
894 EVP_MD_CTX_cleanup(&ctx);
895 return((int)ret);
896 }
897
898int tls1_final_finish_mac(SSL *s,
899 const char *str, int slen, unsigned char *out)
900 {
901 unsigned int i;
902 EVP_MD_CTX ctx;
903 unsigned char buf[2*EVP_MAX_MD_SIZE];
904 unsigned char *q,buf2[12];
905 int idx;
906 long mask;
907 int err=0;
908 const EVP_MD *md;
909
910 q=buf;
911
912 if (s->s3->handshake_buffer)
913 if (!ssl3_digest_cached_records(s))
914 return 0;
915
916 EVP_MD_CTX_init(&ctx);
917
918 for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
919 {
920 if (mask & ssl_get_algorithm2(s))
921 {
922 int hashsize = EVP_MD_size(md);
923 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
924 if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
925 {
926 /* internal error: 'buf' is too small for this cipersuite! */
927 err = 1;
928 }
929 else
930 {
931 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
932 !EVP_DigestFinal_ex(&ctx,q,&i) ||
933 (i != (unsigned int)hashsize))
934 err = 1;
935 q+=hashsize;
936 }
937 }
938 }
939
940 if (!tls1_PRF(ssl_get_algorithm2(s),
941 str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
942 s->session->master_key,s->session->master_key_length,
943 out,buf2,sizeof buf2))
944 err = 1;
945 EVP_MD_CTX_cleanup(&ctx);
946
947 if (err)
948 return 0;
949 else
950 return sizeof buf2;
951 }
952
953int tls1_mac(SSL *ssl, unsigned char *md, int send)
954 {
955 SSL3_RECORD *rec;
956 unsigned char *seq;
957 EVP_MD_CTX *hash;
958 size_t md_size, orig_len;
959 int i;
960 EVP_MD_CTX hmac, *mac_ctx;
961 unsigned char header[13];
962 int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
963 int t;
964
965 if (send)
966 {
967 rec= &(ssl->s3->wrec);
968 seq= &(ssl->s3->write_sequence[0]);
969 hash=ssl->write_hash;
970 }
971 else
972 {
973 rec= &(ssl->s3->rrec);
974 seq= &(ssl->s3->read_sequence[0]);
975 hash=ssl->read_hash;
976 }
977
978 t=EVP_MD_CTX_size(hash);
979 OPENSSL_assert(t >= 0);
980 md_size=t;
981
982 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
983 if (stream_mac)
984 {
985 mac_ctx = hash;
986 }
987 else
988 {
989 EVP_MD_CTX_copy(&hmac,hash);
990 mac_ctx = &hmac;
991 }
992
993 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
994 {
995 unsigned char dtlsseq[8],*p=dtlsseq;
996
997 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
998 memcpy (p,&seq[2],6);
999
1000 memcpy(header, dtlsseq, 8);
1001 }
1002 else
1003 memcpy(header, seq, 8);
1004
1005 /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
1006 orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
1007 rec->type &= 0xff;
1008
1009 header[8]=rec->type;
1010 header[9]=(unsigned char)(ssl->version>>8);
1011 header[10]=(unsigned char)(ssl->version);
1012 header[11]=(rec->length)>>8;
1013 header[12]=(rec->length)&0xff;
1014
1015 if (!send &&
1016 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
1017 ssl3_cbc_record_digest_supported(mac_ctx))
1018 {
1019 /* This is a CBC-encrypted record. We must avoid leaking any
1020 * timing-side channel information about how many blocks of
1021 * data we are hashing because that gives an attacker a
1022 * timing-oracle. */
1023 ssl3_cbc_digest_record(
1024 mac_ctx,
1025 md, &md_size,
1026 header, rec->input,
1027 rec->length + md_size, orig_len,
1028 ssl->s3->read_mac_secret,
1029 ssl->s3->read_mac_secret_size,
1030 0 /* not SSLv3 */);
1031 }
1032 else
1033 {
1034 EVP_DigestSignUpdate(mac_ctx,header,sizeof(header));
1035 EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
1036 t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
1037 OPENSSL_assert(t > 0);
1038#ifdef OPENSSL_FIPS
1039 if (!send && FIPS_mode())
1040 tls_fips_digest_extra(
1041 ssl->enc_read_ctx,
1042 mac_ctx, rec->input,
1043 rec->length, orig_len);
1044#endif
1045 }
1046
1047 if (!stream_mac)
1048 EVP_MD_CTX_cleanup(&hmac);
1049#ifdef TLS_DEBUG
1050printf("sec=");
1051{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
1052printf("seq=");
1053{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
1054printf("buf=");
1055{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
1056printf("rec=");
1057{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
1058#endif
1059
1060 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
1061 {
1062 for (i=7; i>=0; i--)
1063 {
1064 ++seq[i];
1065 if (seq[i] != 0) break;
1066 }
1067 }
1068
1069#ifdef TLS_DEBUG
1070{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
1071#endif
1072 return(md_size);
1073 }
1074
1075int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1076 int len)
1077 {
1078 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
1079 const void *co = NULL, *so = NULL;
1080 int col = 0, sol = 0;
1081
1082
1083#ifdef KSSL_DEBUG
1084 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
1085#endif /* KSSL_DEBUG */
1086
1087#ifdef TLSEXT_TYPE_opaque_prf_input
1088 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
1089 s->s3->client_opaque_prf_input_len > 0 &&
1090 s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
1091 {
1092 co = s->s3->client_opaque_prf_input;
1093 col = s->s3->server_opaque_prf_input_len;
1094 so = s->s3->server_opaque_prf_input;
1095 sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
1096 }
1097#endif
1098
1099 tls1_PRF(ssl_get_algorithm2(s),
1100 TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
1101 s->s3->client_random,SSL3_RANDOM_SIZE,
1102 co, col,
1103 s->s3->server_random,SSL3_RANDOM_SIZE,
1104 so, sol,
1105 p,len,
1106 s->session->master_key,buff,sizeof buff);
1107#ifdef SSL_DEBUG
1108 fprintf(stderr, "Premaster Secret:\n");
1109 BIO_dump_fp(stderr, (char *)p, len);
1110 fprintf(stderr, "Client Random:\n");
1111 BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
1112 fprintf(stderr, "Server Random:\n");
1113 BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
1114 fprintf(stderr, "Master Secret:\n");
1115 BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
1116#endif
1117
1118#ifdef KSSL_DEBUG
1119 printf ("tls1_generate_master_secret() complete\n");
1120#endif /* KSSL_DEBUG */
1121 return(SSL3_MASTER_SECRET_SIZE);
1122 }
1123
1124int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1125 const char *label, size_t llen, const unsigned char *context,
1126 size_t contextlen, int use_context)
1127 {
1128 unsigned char *buff;
1129 unsigned char *val = NULL;
1130 size_t vallen, currentvalpos;
1131 int rv;
1132
1133#ifdef KSSL_DEBUG
1134 printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
1135#endif /* KSSL_DEBUG */
1136
1137 buff = OPENSSL_malloc(olen);
1138 if (buff == NULL) goto err2;
1139
1140 /* construct PRF arguments
1141 * we construct the PRF argument ourself rather than passing separate
1142 * values into the TLS PRF to ensure that the concatenation of values
1143 * does not create a prohibited label.
1144 */
1145 vallen = llen + SSL3_RANDOM_SIZE * 2;
1146 if (use_context)
1147 {
1148 vallen += 2 + contextlen;
1149 }
1150
1151 val = OPENSSL_malloc(vallen);
1152 if (val == NULL) goto err2;
1153 currentvalpos = 0;
1154 memcpy(val + currentvalpos, (unsigned char *) label, llen);
1155 currentvalpos += llen;
1156 memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
1157 currentvalpos += SSL3_RANDOM_SIZE;
1158 memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
1159 currentvalpos += SSL3_RANDOM_SIZE;
1160
1161 if (use_context)
1162 {
1163 val[currentvalpos] = (contextlen >> 8) & 0xff;
1164 currentvalpos++;
1165 val[currentvalpos] = contextlen & 0xff;
1166 currentvalpos++;
1167 if ((contextlen > 0) || (context != NULL))
1168 {
1169 memcpy(val + currentvalpos, context, contextlen);
1170 }
1171 }
1172
1173 /* disallow prohibited labels
1174 * note that SSL3_RANDOM_SIZE > max(prohibited label len) =
1175 * 15, so size of val > max(prohibited label len) = 15 and the
1176 * comparisons won't have buffer overflow
1177 */
1178 if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
1179 TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1;
1180 if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
1181 TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1;
1182 if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
1183 TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1;
1184 if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
1185 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
1186
1187 rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
1188 val, vallen,
1189 NULL, 0,
1190 NULL, 0,
1191 NULL, 0,
1192 NULL, 0,
1193 s->session->master_key,s->session->master_key_length,
1194 out,buff,olen);
1195
1196#ifdef KSSL_DEBUG
1197 printf ("tls1_export_keying_material() complete\n");
1198#endif /* KSSL_DEBUG */
1199 goto ret;
1200err1:
1201 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1202 rv = 0;
1203 goto ret;
1204err2:
1205 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1206 rv = 0;
1207ret:
1208 if (buff != NULL) OPENSSL_free(buff);
1209 if (val != NULL) OPENSSL_free(val);
1210 return(rv);
1211 }
1212
1213int tls1_alert_code(int code)
1214 {
1215 switch (code)
1216 {
1217 case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
1218 case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
1219 case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
1220 case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
1221 case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
1222 case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
1223 case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
1224 case SSL_AD_NO_CERTIFICATE: return(-1);
1225 case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
1226 case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
1227 case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
1228 case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
1229 case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
1230 case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
1231 case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
1232 case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
1233 case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
1234 case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
1235 case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
1236 case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
1237 case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
1238 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
1239 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
1240 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
1241 case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
1242 case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
1243 case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
1244 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
1245 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
1246 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
1247#if 0 /* not appropriate for TLS, not used for DTLS */
1248 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
1249 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
1250#endif
1251 default: return(-1);
1252 }
1253 }
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index bfd4731365..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,2578 +0,0 @@
1/* ssl/t1_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include <openssl/objects.h>
114#include <openssl/evp.h>
115#include <openssl/hmac.h>
116#include <openssl/ocsp.h>
117#include <openssl/rand.h>
118#include "ssl_locl.h"
119
120const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
121
122#ifndef OPENSSL_NO_TLSEXT
123static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
124 const unsigned char *sess_id, int sesslen,
125 SSL_SESSION **psess);
126#endif
127
128SSL3_ENC_METHOD TLSv1_enc_data={
129 tls1_enc,
130 tls1_mac,
131 tls1_setup_key_block,
132 tls1_generate_master_secret,
133 tls1_change_cipher_state,
134 tls1_final_finish_mac,
135 TLS1_FINISH_MAC_LENGTH,
136 tls1_cert_verify_mac,
137 TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
138 TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
139 tls1_alert_code,
140 tls1_export_keying_material,
141 };
142
143long tls1_default_timeout(void)
144 {
145 /* 2 hours, the 24 hours mentioned in the TLSv1 spec
146 * is way too long for http, the cache would over fill */
147 return(60*60*2);
148 }
149
150int tls1_new(SSL *s)
151 {
152 if (!ssl3_new(s)) return(0);
153 s->method->ssl_clear(s);
154 return(1);
155 }
156
157void tls1_free(SSL *s)
158 {
159#ifndef OPENSSL_NO_TLSEXT
160 if (s->tlsext_session_ticket)
161 {
162 OPENSSL_free(s->tlsext_session_ticket);
163 }
164#endif /* OPENSSL_NO_TLSEXT */
165 ssl3_free(s);
166 }
167
168void tls1_clear(SSL *s)
169 {
170 ssl3_clear(s);
171 s->version = s->method->version;
172 }
173
174#ifndef OPENSSL_NO_EC
175
176static int nid_list[] =
177 {
178 NID_sect163k1, /* sect163k1 (1) */
179 NID_sect163r1, /* sect163r1 (2) */
180 NID_sect163r2, /* sect163r2 (3) */
181 NID_sect193r1, /* sect193r1 (4) */
182 NID_sect193r2, /* sect193r2 (5) */
183 NID_sect233k1, /* sect233k1 (6) */
184 NID_sect233r1, /* sect233r1 (7) */
185 NID_sect239k1, /* sect239k1 (8) */
186 NID_sect283k1, /* sect283k1 (9) */
187 NID_sect283r1, /* sect283r1 (10) */
188 NID_sect409k1, /* sect409k1 (11) */
189 NID_sect409r1, /* sect409r1 (12) */
190 NID_sect571k1, /* sect571k1 (13) */
191 NID_sect571r1, /* sect571r1 (14) */
192 NID_secp160k1, /* secp160k1 (15) */
193 NID_secp160r1, /* secp160r1 (16) */
194 NID_secp160r2, /* secp160r2 (17) */
195 NID_secp192k1, /* secp192k1 (18) */
196 NID_X9_62_prime192v1, /* secp192r1 (19) */
197 NID_secp224k1, /* secp224k1 (20) */
198 NID_secp224r1, /* secp224r1 (21) */
199 NID_secp256k1, /* secp256k1 (22) */
200 NID_X9_62_prime256v1, /* secp256r1 (23) */
201 NID_secp384r1, /* secp384r1 (24) */
202 NID_secp521r1 /* secp521r1 (25) */
203 };
204
205static int pref_list[] =
206 {
207 NID_sect571r1, /* sect571r1 (14) */
208 NID_sect571k1, /* sect571k1 (13) */
209 NID_secp521r1, /* secp521r1 (25) */
210 NID_sect409k1, /* sect409k1 (11) */
211 NID_sect409r1, /* sect409r1 (12) */
212 NID_secp384r1, /* secp384r1 (24) */
213 NID_sect283k1, /* sect283k1 (9) */
214 NID_sect283r1, /* sect283r1 (10) */
215 NID_secp256k1, /* secp256k1 (22) */
216 NID_X9_62_prime256v1, /* secp256r1 (23) */
217 NID_sect239k1, /* sect239k1 (8) */
218 NID_sect233k1, /* sect233k1 (6) */
219 NID_sect233r1, /* sect233r1 (7) */
220 NID_secp224k1, /* secp224k1 (20) */
221 NID_secp224r1, /* secp224r1 (21) */
222 NID_sect193r1, /* sect193r1 (4) */
223 NID_sect193r2, /* sect193r2 (5) */
224 NID_secp192k1, /* secp192k1 (18) */
225 NID_X9_62_prime192v1, /* secp192r1 (19) */
226 NID_sect163k1, /* sect163k1 (1) */
227 NID_sect163r1, /* sect163r1 (2) */
228 NID_sect163r2, /* sect163r2 (3) */
229 NID_secp160k1, /* secp160k1 (15) */
230 NID_secp160r1, /* secp160r1 (16) */
231 NID_secp160r2, /* secp160r2 (17) */
232 };
233
234int tls1_ec_curve_id2nid(int curve_id)
235 {
236 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
237 if ((curve_id < 1) || ((unsigned int)curve_id >
238 sizeof(nid_list)/sizeof(nid_list[0])))
239 return 0;
240 return nid_list[curve_id-1];
241 }
242
243int tls1_ec_nid2curve_id(int nid)
244 {
245 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
246 switch (nid)
247 {
248 case NID_sect163k1: /* sect163k1 (1) */
249 return 1;
250 case NID_sect163r1: /* sect163r1 (2) */
251 return 2;
252 case NID_sect163r2: /* sect163r2 (3) */
253 return 3;
254 case NID_sect193r1: /* sect193r1 (4) */
255 return 4;
256 case NID_sect193r2: /* sect193r2 (5) */
257 return 5;
258 case NID_sect233k1: /* sect233k1 (6) */
259 return 6;
260 case NID_sect233r1: /* sect233r1 (7) */
261 return 7;
262 case NID_sect239k1: /* sect239k1 (8) */
263 return 8;
264 case NID_sect283k1: /* sect283k1 (9) */
265 return 9;
266 case NID_sect283r1: /* sect283r1 (10) */
267 return 10;
268 case NID_sect409k1: /* sect409k1 (11) */
269 return 11;
270 case NID_sect409r1: /* sect409r1 (12) */
271 return 12;
272 case NID_sect571k1: /* sect571k1 (13) */
273 return 13;
274 case NID_sect571r1: /* sect571r1 (14) */
275 return 14;
276 case NID_secp160k1: /* secp160k1 (15) */
277 return 15;
278 case NID_secp160r1: /* secp160r1 (16) */
279 return 16;
280 case NID_secp160r2: /* secp160r2 (17) */
281 return 17;
282 case NID_secp192k1: /* secp192k1 (18) */
283 return 18;
284 case NID_X9_62_prime192v1: /* secp192r1 (19) */
285 return 19;
286 case NID_secp224k1: /* secp224k1 (20) */
287 return 20;
288 case NID_secp224r1: /* secp224r1 (21) */
289 return 21;
290 case NID_secp256k1: /* secp256k1 (22) */
291 return 22;
292 case NID_X9_62_prime256v1: /* secp256r1 (23) */
293 return 23;
294 case NID_secp384r1: /* secp384r1 (24) */
295 return 24;
296 case NID_secp521r1: /* secp521r1 (25) */
297 return 25;
298 default:
299 return 0;
300 }
301 }
302#endif /* OPENSSL_NO_EC */
303
304#ifndef OPENSSL_NO_TLSEXT
305
306/* List of supported signature algorithms and hashes. Should make this
307 * customisable at some point, for now include everything we support.
308 */
309
310#ifdef OPENSSL_NO_RSA
311#define tlsext_sigalg_rsa(md) /* */
312#else
313#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
314#endif
315
316#ifdef OPENSSL_NO_DSA
317#define tlsext_sigalg_dsa(md) /* */
318#else
319#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
320#endif
321
322#ifdef OPENSSL_NO_ECDSA
323#define tlsext_sigalg_ecdsa(md) /* */
324#else
325#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
326#endif
327
328#define tlsext_sigalg(md) \
329 tlsext_sigalg_rsa(md) \
330 tlsext_sigalg_dsa(md) \
331 tlsext_sigalg_ecdsa(md)
332
333static unsigned char tls12_sigalgs[] = {
334#ifndef OPENSSL_NO_SHA512
335 tlsext_sigalg(TLSEXT_hash_sha512)
336 tlsext_sigalg(TLSEXT_hash_sha384)
337#endif
338#ifndef OPENSSL_NO_SHA256
339 tlsext_sigalg(TLSEXT_hash_sha256)
340 tlsext_sigalg(TLSEXT_hash_sha224)
341#endif
342#ifndef OPENSSL_NO_SHA
343 tlsext_sigalg(TLSEXT_hash_sha1)
344#endif
345#ifndef OPENSSL_NO_MD5
346 tlsext_sigalg_rsa(TLSEXT_hash_md5)
347#endif
348};
349
350int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
351 {
352 size_t slen = sizeof(tls12_sigalgs);
353#ifdef OPENSSL_FIPS
354 /* If FIPS mode don't include MD5 which is last */
355 if (FIPS_mode())
356 slen -= 2;
357#endif
358 if (p)
359 memcpy(p, tls12_sigalgs, slen);
360 return (int)slen;
361 }
362
363unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
364 {
365 int extdatalen=0;
366 unsigned char *ret = p;
367
368 /* don't add extensions for SSLv3 unless doing secure renegotiation */
369 if (s->client_version == SSL3_VERSION
370 && !s->s3->send_connection_binding)
371 return p;
372
373 ret+=2;
374
375 if (ret>=limit) return NULL; /* this really never occurs, but ... */
376
377 if (s->tlsext_hostname != NULL)
378 {
379 /* Add TLS extension servername to the Client Hello message */
380 unsigned long size_str;
381 long lenmax;
382
383 /* check for enough space.
384 4 for the servername type and entension length
385 2 for servernamelist length
386 1 for the hostname type
387 2 for hostname length
388 + hostname length
389 */
390
391 if ((lenmax = limit - ret - 9) < 0
392 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
393 return NULL;
394
395 /* extension type and length */
396 s2n(TLSEXT_TYPE_server_name,ret);
397 s2n(size_str+5,ret);
398
399 /* length of servername list */
400 s2n(size_str+3,ret);
401
402 /* hostname type, length and hostname */
403 *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
404 s2n(size_str,ret);
405 memcpy(ret, s->tlsext_hostname, size_str);
406 ret+=size_str;
407 }
408
409 /* Add RI if renegotiating */
410 if (s->renegotiate)
411 {
412 int el;
413
414 if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
415 {
416 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
417 return NULL;
418 }
419
420 if((limit - p - 4 - el) < 0) return NULL;
421
422 s2n(TLSEXT_TYPE_renegotiate,ret);
423 s2n(el,ret);
424
425 if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
426 {
427 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
428 return NULL;
429 }
430
431 ret += el;
432 }
433
434#ifndef OPENSSL_NO_SRP
435 /* Add SRP username if there is one */
436 if (s->srp_ctx.login != NULL)
437 { /* Add TLS extension SRP username to the Client Hello message */
438
439 int login_len = strlen(s->srp_ctx.login);
440 if (login_len > 255 || login_len == 0)
441 {
442 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
443 return NULL;
444 }
445
446 /* check for enough space.
447 4 for the srp type type and entension length
448 1 for the srp user identity
449 + srp user identity length
450 */
451 if ((limit - ret - 5 - login_len) < 0) return NULL;
452
453 /* fill in the extension */
454 s2n(TLSEXT_TYPE_srp,ret);
455 s2n(login_len+1,ret);
456 (*ret++) = (unsigned char) login_len;
457 memcpy(ret, s->srp_ctx.login, login_len);
458 ret+=login_len;
459 }
460#endif
461
462#ifndef OPENSSL_NO_EC
463 if (s->tlsext_ecpointformatlist != NULL &&
464 s->version != DTLS1_VERSION)
465 {
466 /* Add TLS extension ECPointFormats to the ClientHello message */
467 long lenmax;
468
469 if ((lenmax = limit - ret - 5) < 0) return NULL;
470 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
471 if (s->tlsext_ecpointformatlist_length > 255)
472 {
473 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
474 return NULL;
475 }
476
477 s2n(TLSEXT_TYPE_ec_point_formats,ret);
478 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
479 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
480 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
481 ret+=s->tlsext_ecpointformatlist_length;
482 }
483 if (s->tlsext_ellipticcurvelist != NULL &&
484 s->version != DTLS1_VERSION)
485 {
486 /* Add TLS extension EllipticCurves to the ClientHello message */
487 long lenmax;
488
489 if ((lenmax = limit - ret - 6) < 0) return NULL;
490 if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
491 if (s->tlsext_ellipticcurvelist_length > 65532)
492 {
493 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
494 return NULL;
495 }
496
497 s2n(TLSEXT_TYPE_elliptic_curves,ret);
498 s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
499
500 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
501 * elliptic_curve_list, but the examples use two bytes.
502 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
503 * resolves this to two bytes.
504 */
505 s2n(s->tlsext_ellipticcurvelist_length, ret);
506 memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
507 ret+=s->tlsext_ellipticcurvelist_length;
508 }
509#endif /* OPENSSL_NO_EC */
510
511 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
512 {
513 int ticklen;
514 if (!s->new_session && s->session && s->session->tlsext_tick)
515 ticklen = s->session->tlsext_ticklen;
516 else if (s->session && s->tlsext_session_ticket &&
517 s->tlsext_session_ticket->data)
518 {
519 ticklen = s->tlsext_session_ticket->length;
520 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
521 if (!s->session->tlsext_tick)
522 return NULL;
523 memcpy(s->session->tlsext_tick,
524 s->tlsext_session_ticket->data,
525 ticklen);
526 s->session->tlsext_ticklen = ticklen;
527 }
528 else
529 ticklen = 0;
530 if (ticklen == 0 && s->tlsext_session_ticket &&
531 s->tlsext_session_ticket->data == NULL)
532 goto skip_ext;
533 /* Check for enough room 2 for extension type, 2 for len
534 * rest for ticket
535 */
536 if ((long)(limit - ret - 4 - ticklen) < 0) return NULL;
537 s2n(TLSEXT_TYPE_session_ticket,ret);
538 s2n(ticklen,ret);
539 if (ticklen)
540 {
541 memcpy(ret, s->session->tlsext_tick, ticklen);
542 ret += ticklen;
543 }
544 }
545 skip_ext:
546
547 if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
548 {
549 if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
550 return NULL;
551 s2n(TLSEXT_TYPE_signature_algorithms,ret);
552 s2n(sizeof(tls12_sigalgs) + 2, ret);
553 s2n(sizeof(tls12_sigalgs), ret);
554 memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
555 ret += sizeof(tls12_sigalgs);
556 }
557
558#ifdef TLSEXT_TYPE_opaque_prf_input
559 if (s->s3->client_opaque_prf_input != NULL &&
560 s->version != DTLS1_VERSION)
561 {
562 size_t col = s->s3->client_opaque_prf_input_len;
563
564 if ((long)(limit - ret - 6 - col < 0))
565 return NULL;
566 if (col > 0xFFFD) /* can't happen */
567 return NULL;
568
569 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
570 s2n(col + 2, ret);
571 s2n(col, ret);
572 memcpy(ret, s->s3->client_opaque_prf_input, col);
573 ret += col;
574 }
575#endif
576
577 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
578 s->version != DTLS1_VERSION)
579 {
580 int i;
581 long extlen, idlen, itmp;
582 OCSP_RESPID *id;
583
584 idlen = 0;
585 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
586 {
587 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
588 itmp = i2d_OCSP_RESPID(id, NULL);
589 if (itmp <= 0)
590 return NULL;
591 idlen += itmp + 2;
592 }
593
594 if (s->tlsext_ocsp_exts)
595 {
596 extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
597 if (extlen < 0)
598 return NULL;
599 }
600 else
601 extlen = 0;
602
603 if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
604 s2n(TLSEXT_TYPE_status_request, ret);
605 if (extlen + idlen > 0xFFF0)
606 return NULL;
607 s2n(extlen + idlen + 5, ret);
608 *(ret++) = TLSEXT_STATUSTYPE_ocsp;
609 s2n(idlen, ret);
610 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
611 {
612 /* save position of id len */
613 unsigned char *q = ret;
614 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
615 /* skip over id len */
616 ret += 2;
617 itmp = i2d_OCSP_RESPID(id, &ret);
618 /* write id len */
619 s2n(itmp, q);
620 }
621 s2n(extlen, ret);
622 if (extlen > 0)
623 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
624 }
625
626#ifndef OPENSSL_NO_HEARTBEATS
627 /* Add Heartbeat extension */
628 s2n(TLSEXT_TYPE_heartbeat,ret);
629 s2n(1,ret);
630 /* Set mode:
631 * 1: peer may send requests
632 * 2: peer not allowed to send requests
633 */
634 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
635 *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
636 else
637 *(ret++) = SSL_TLSEXT_HB_ENABLED;
638#endif
639
640#ifndef OPENSSL_NO_NEXTPROTONEG
641 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
642 {
643 /* The client advertises an emtpy extension to indicate its
644 * support for Next Protocol Negotiation */
645 if (limit - ret - 4 < 0)
646 return NULL;
647 s2n(TLSEXT_TYPE_next_proto_neg,ret);
648 s2n(0,ret);
649 }
650#endif
651
652 if(SSL_get_srtp_profiles(s))
653 {
654 int el;
655
656 ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
657
658 if((limit - p - 4 - el) < 0) return NULL;
659
660 s2n(TLSEXT_TYPE_use_srtp,ret);
661 s2n(el,ret);
662
663 if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el))
664 {
665 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
666 return NULL;
667 }
668 ret += el;
669 }
670
671 if ((extdatalen = ret-p-2)== 0)
672 return p;
673
674 s2n(extdatalen,p);
675 return ret;
676 }
677
678unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
679 {
680 int extdatalen=0;
681 unsigned char *ret = p;
682#ifndef OPENSSL_NO_NEXTPROTONEG
683 int next_proto_neg_seen;
684#endif
685
686 /* don't add extensions for SSLv3, unless doing secure renegotiation */
687 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
688 return p;
689
690 ret+=2;
691 if (ret>=limit) return NULL; /* this really never occurs, but ... */
692
693 if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
694 {
695 if ((long)(limit - ret - 4) < 0) return NULL;
696
697 s2n(TLSEXT_TYPE_server_name,ret);
698 s2n(0,ret);
699 }
700
701 if(s->s3->send_connection_binding)
702 {
703 int el;
704
705 if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
706 {
707 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
708 return NULL;
709 }
710
711 if((limit - p - 4 - el) < 0) return NULL;
712
713 s2n(TLSEXT_TYPE_renegotiate,ret);
714 s2n(el,ret);
715
716 if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
717 {
718 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
719 return NULL;
720 }
721
722 ret += el;
723 }
724
725#ifndef OPENSSL_NO_EC
726 if (s->tlsext_ecpointformatlist != NULL &&
727 s->version != DTLS1_VERSION)
728 {
729 /* Add TLS extension ECPointFormats to the ServerHello message */
730 long lenmax;
731
732 if ((lenmax = limit - ret - 5) < 0) return NULL;
733 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
734 if (s->tlsext_ecpointformatlist_length > 255)
735 {
736 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
737 return NULL;
738 }
739
740 s2n(TLSEXT_TYPE_ec_point_formats,ret);
741 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
742 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
743 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
744 ret+=s->tlsext_ecpointformatlist_length;
745
746 }
747 /* Currently the server should not respond with a SupportedCurves extension */
748#endif /* OPENSSL_NO_EC */
749
750 if (s->tlsext_ticket_expected
751 && !(SSL_get_options(s) & SSL_OP_NO_TICKET))
752 {
753 if ((long)(limit - ret - 4) < 0) return NULL;
754 s2n(TLSEXT_TYPE_session_ticket,ret);
755 s2n(0,ret);
756 }
757
758 if (s->tlsext_status_expected)
759 {
760 if ((long)(limit - ret - 4) < 0) return NULL;
761 s2n(TLSEXT_TYPE_status_request,ret);
762 s2n(0,ret);
763 }
764
765#ifdef TLSEXT_TYPE_opaque_prf_input
766 if (s->s3->server_opaque_prf_input != NULL &&
767 s->version != DTLS1_VERSION)
768 {
769 size_t sol = s->s3->server_opaque_prf_input_len;
770
771 if ((long)(limit - ret - 6 - sol) < 0)
772 return NULL;
773 if (sol > 0xFFFD) /* can't happen */
774 return NULL;
775
776 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
777 s2n(sol + 2, ret);
778 s2n(sol, ret);
779 memcpy(ret, s->s3->server_opaque_prf_input, sol);
780 ret += sol;
781 }
782#endif
783
784 if(s->srtp_profile)
785 {
786 int el;
787
788 ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
789
790 if((limit - p - 4 - el) < 0) return NULL;
791
792 s2n(TLSEXT_TYPE_use_srtp,ret);
793 s2n(el,ret);
794
795 if(ssl_add_serverhello_use_srtp_ext(s, ret, &el, el))
796 {
797 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
798 return NULL;
799 }
800 ret+=el;
801 }
802
803 if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
804 && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
805 { const unsigned char cryptopro_ext[36] = {
806 0xfd, 0xe8, /*65000*/
807 0x00, 0x20, /*32 bytes length*/
808 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
809 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
810 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
811 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17};
812 if (limit-ret<36) return NULL;
813 memcpy(ret,cryptopro_ext,36);
814 ret+=36;
815
816 }
817
818#ifndef OPENSSL_NO_HEARTBEATS
819 /* Add Heartbeat extension if we've received one */
820 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
821 {
822 s2n(TLSEXT_TYPE_heartbeat,ret);
823 s2n(1,ret);
824 /* Set mode:
825 * 1: peer may send requests
826 * 2: peer not allowed to send requests
827 */
828 if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
829 *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
830 else
831 *(ret++) = SSL_TLSEXT_HB_ENABLED;
832
833 }
834#endif
835
836#ifndef OPENSSL_NO_NEXTPROTONEG
837 next_proto_neg_seen = s->s3->next_proto_neg_seen;
838 s->s3->next_proto_neg_seen = 0;
839 if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb)
840 {
841 const unsigned char *npa;
842 unsigned int npalen;
843 int r;
844
845 r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg);
846 if (r == SSL_TLSEXT_ERR_OK)
847 {
848 if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
849 s2n(TLSEXT_TYPE_next_proto_neg,ret);
850 s2n(npalen,ret);
851 memcpy(ret, npa, npalen);
852 ret += npalen;
853 s->s3->next_proto_neg_seen = 1;
854 }
855 }
856#endif
857
858 if ((extdatalen = ret-p-2)== 0)
859 return p;
860
861 s2n(extdatalen,p);
862 return ret;
863 }
864
865int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
866 {
867 unsigned short type;
868 unsigned short size;
869 unsigned short len;
870 unsigned char *data = *p;
871 int renegotiate_seen = 0;
872 int sigalg_seen = 0;
873
874 s->servername_done = 0;
875 s->tlsext_status_type = -1;
876#ifndef OPENSSL_NO_NEXTPROTONEG
877 s->s3->next_proto_neg_seen = 0;
878#endif
879
880#ifndef OPENSSL_NO_HEARTBEATS
881 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
882 SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
883#endif
884
885 if (data >= (d+n-2))
886 goto ri_check;
887 n2s(data,len);
888
889 if (data > (d+n-len))
890 goto ri_check;
891
892 while (data <= (d+n-4))
893 {
894 n2s(data,type);
895 n2s(data,size);
896
897 if (data+size > (d+n))
898 goto ri_check;
899#if 0
900 fprintf(stderr,"Received extension type %d size %d\n",type,size);
901#endif
902 if (s->tlsext_debug_cb)
903 s->tlsext_debug_cb(s, 0, type, data, size,
904 s->tlsext_debug_arg);
905/* The servername extension is treated as follows:
906
907 - Only the hostname type is supported with a maximum length of 255.
908 - The servername is rejected if too long or if it contains zeros,
909 in which case an fatal alert is generated.
910 - The servername field is maintained together with the session cache.
911 - When a session is resumed, the servername call back invoked in order
912 to allow the application to position itself to the right context.
913 - The servername is acknowledged if it is new for a session or when
914 it is identical to a previously used for the same session.
915 Applications can control the behaviour. They can at any time
916 set a 'desirable' servername for a new SSL object. This can be the
917 case for example with HTTPS when a Host: header field is received and
918 a renegotiation is requested. In this case, a possible servername
919 presented in the new client hello is only acknowledged if it matches
920 the value of the Host: field.
921 - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
922 if they provide for changing an explicit servername context for the session,
923 i.e. when the session has been established with a servername extension.
924 - On session reconnect, the servername extension may be absent.
925
926*/
927
928 if (type == TLSEXT_TYPE_server_name)
929 {
930 unsigned char *sdata;
931 int servname_type;
932 int dsize;
933
934 if (size < 2)
935 {
936 *al = SSL_AD_DECODE_ERROR;
937 return 0;
938 }
939 n2s(data,dsize);
940 size -= 2;
941 if (dsize > size )
942 {
943 *al = SSL_AD_DECODE_ERROR;
944 return 0;
945 }
946
947 sdata = data;
948 while (dsize > 3)
949 {
950 servname_type = *(sdata++);
951 n2s(sdata,len);
952 dsize -= 3;
953
954 if (len > dsize)
955 {
956 *al = SSL_AD_DECODE_ERROR;
957 return 0;
958 }
959 if (s->servername_done == 0)
960 switch (servname_type)
961 {
962 case TLSEXT_NAMETYPE_host_name:
963 if (!s->hit)
964 {
965 if(s->session->tlsext_hostname)
966 {
967 *al = SSL_AD_DECODE_ERROR;
968 return 0;
969 }
970 if (len > TLSEXT_MAXLEN_host_name)
971 {
972 *al = TLS1_AD_UNRECOGNIZED_NAME;
973 return 0;
974 }
975 if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
976 {
977 *al = TLS1_AD_INTERNAL_ERROR;
978 return 0;
979 }
980 memcpy(s->session->tlsext_hostname, sdata, len);
981 s->session->tlsext_hostname[len]='\0';
982 if (strlen(s->session->tlsext_hostname) != len) {
983 OPENSSL_free(s->session->tlsext_hostname);
984 s->session->tlsext_hostname = NULL;
985 *al = TLS1_AD_UNRECOGNIZED_NAME;
986 return 0;
987 }
988 s->servername_done = 1;
989
990 }
991 else
992 s->servername_done = s->session->tlsext_hostname
993 && strlen(s->session->tlsext_hostname) == len
994 && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
995
996 break;
997
998 default:
999 break;
1000 }
1001
1002 dsize -= len;
1003 }
1004 if (dsize != 0)
1005 {
1006 *al = SSL_AD_DECODE_ERROR;
1007 return 0;
1008 }
1009
1010 }
1011#ifndef OPENSSL_NO_SRP
1012 else if (type == TLSEXT_TYPE_srp)
1013 {
1014 if (size <= 0 || ((len = data[0])) != (size -1))
1015 {
1016 *al = SSL_AD_DECODE_ERROR;
1017 return 0;
1018 }
1019 if (s->srp_ctx.login != NULL)
1020 {
1021 *al = SSL_AD_DECODE_ERROR;
1022 return 0;
1023 }
1024 if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL)
1025 return -1;
1026 memcpy(s->srp_ctx.login, &data[1], len);
1027 s->srp_ctx.login[len]='\0';
1028
1029 if (strlen(s->srp_ctx.login) != len)
1030 {
1031 *al = SSL_AD_DECODE_ERROR;
1032 return 0;
1033 }
1034 }
1035#endif
1036
1037#ifndef OPENSSL_NO_EC
1038 else if (type == TLSEXT_TYPE_ec_point_formats &&
1039 s->version != DTLS1_VERSION)
1040 {
1041 unsigned char *sdata = data;
1042 int ecpointformatlist_length = *(sdata++);
1043
1044 if (ecpointformatlist_length != size - 1)
1045 {
1046 *al = TLS1_AD_DECODE_ERROR;
1047 return 0;
1048 }
1049 if (!s->hit)
1050 {
1051 if(s->session->tlsext_ecpointformatlist)
1052 {
1053 OPENSSL_free(s->session->tlsext_ecpointformatlist);
1054 s->session->tlsext_ecpointformatlist = NULL;
1055 }
1056 s->session->tlsext_ecpointformatlist_length = 0;
1057 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
1058 {
1059 *al = TLS1_AD_INTERNAL_ERROR;
1060 return 0;
1061 }
1062 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
1063 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
1064 }
1065#if 0
1066 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
1067 sdata = s->session->tlsext_ecpointformatlist;
1068 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1069 fprintf(stderr,"%i ",*(sdata++));
1070 fprintf(stderr,"\n");
1071#endif
1072 }
1073 else if (type == TLSEXT_TYPE_elliptic_curves &&
1074 s->version != DTLS1_VERSION)
1075 {
1076 unsigned char *sdata = data;
1077 int ellipticcurvelist_length = (*(sdata++) << 8);
1078 ellipticcurvelist_length += (*(sdata++));
1079
1080 if (ellipticcurvelist_length != size - 2)
1081 {
1082 *al = TLS1_AD_DECODE_ERROR;
1083 return 0;
1084 }
1085 if (!s->hit)
1086 {
1087 if(s->session->tlsext_ellipticcurvelist)
1088 {
1089 *al = TLS1_AD_DECODE_ERROR;
1090 return 0;
1091 }
1092 s->session->tlsext_ellipticcurvelist_length = 0;
1093 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
1094 {
1095 *al = TLS1_AD_INTERNAL_ERROR;
1096 return 0;
1097 }
1098 s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
1099 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
1100 }
1101#if 0
1102 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
1103 sdata = s->session->tlsext_ellipticcurvelist;
1104 for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
1105 fprintf(stderr,"%i ",*(sdata++));
1106 fprintf(stderr,"\n");
1107#endif
1108 }
1109#endif /* OPENSSL_NO_EC */
1110#ifdef TLSEXT_TYPE_opaque_prf_input
1111 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1112 s->version != DTLS1_VERSION)
1113 {
1114 unsigned char *sdata = data;
1115
1116 if (size < 2)
1117 {
1118 *al = SSL_AD_DECODE_ERROR;
1119 return 0;
1120 }
1121 n2s(sdata, s->s3->client_opaque_prf_input_len);
1122 if (s->s3->client_opaque_prf_input_len != size - 2)
1123 {
1124 *al = SSL_AD_DECODE_ERROR;
1125 return 0;
1126 }
1127
1128 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1129 OPENSSL_free(s->s3->client_opaque_prf_input);
1130 if (s->s3->client_opaque_prf_input_len == 0)
1131 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1132 else
1133 s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
1134 if (s->s3->client_opaque_prf_input == NULL)
1135 {
1136 *al = TLS1_AD_INTERNAL_ERROR;
1137 return 0;
1138 }
1139 }
1140#endif
1141 else if (type == TLSEXT_TYPE_session_ticket)
1142 {
1143 if (s->tls_session_ticket_ext_cb &&
1144 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
1145 {
1146 *al = TLS1_AD_INTERNAL_ERROR;
1147 return 0;
1148 }
1149 }
1150 else if (type == TLSEXT_TYPE_renegotiate)
1151 {
1152 if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
1153 return 0;
1154 renegotiate_seen = 1;
1155 }
1156 else if (type == TLSEXT_TYPE_signature_algorithms)
1157 {
1158 int dsize;
1159 if (sigalg_seen || size < 2)
1160 {
1161 *al = SSL_AD_DECODE_ERROR;
1162 return 0;
1163 }
1164 sigalg_seen = 1;
1165 n2s(data,dsize);
1166 size -= 2;
1167 if (dsize != size || dsize & 1)
1168 {
1169 *al = SSL_AD_DECODE_ERROR;
1170 return 0;
1171 }
1172 if (!tls1_process_sigalgs(s, data, dsize))
1173 {
1174 *al = SSL_AD_DECODE_ERROR;
1175 return 0;
1176 }
1177 }
1178 else if (type == TLSEXT_TYPE_status_request &&
1179 s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
1180 {
1181
1182 if (size < 5)
1183 {
1184 *al = SSL_AD_DECODE_ERROR;
1185 return 0;
1186 }
1187
1188 s->tlsext_status_type = *data++;
1189 size--;
1190 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
1191 {
1192 const unsigned char *sdata;
1193 int dsize;
1194 /* Read in responder_id_list */
1195 n2s(data,dsize);
1196 size -= 2;
1197 if (dsize > size )
1198 {
1199 *al = SSL_AD_DECODE_ERROR;
1200 return 0;
1201 }
1202 while (dsize > 0)
1203 {
1204 OCSP_RESPID *id;
1205 int idsize;
1206 if (dsize < 4)
1207 {
1208 *al = SSL_AD_DECODE_ERROR;
1209 return 0;
1210 }
1211 n2s(data, idsize);
1212 dsize -= 2 + idsize;
1213 size -= 2 + idsize;
1214 if (dsize < 0)
1215 {
1216 *al = SSL_AD_DECODE_ERROR;
1217 return 0;
1218 }
1219 sdata = data;
1220 data += idsize;
1221 id = d2i_OCSP_RESPID(NULL,
1222 &sdata, idsize);
1223 if (!id)
1224 {
1225 *al = SSL_AD_DECODE_ERROR;
1226 return 0;
1227 }
1228 if (data != sdata)
1229 {
1230 OCSP_RESPID_free(id);
1231 *al = SSL_AD_DECODE_ERROR;
1232 return 0;
1233 }
1234 if (!s->tlsext_ocsp_ids
1235 && !(s->tlsext_ocsp_ids =
1236 sk_OCSP_RESPID_new_null()))
1237 {
1238 OCSP_RESPID_free(id);
1239 *al = SSL_AD_INTERNAL_ERROR;
1240 return 0;
1241 }
1242 if (!sk_OCSP_RESPID_push(
1243 s->tlsext_ocsp_ids, id))
1244 {
1245 OCSP_RESPID_free(id);
1246 *al = SSL_AD_INTERNAL_ERROR;
1247 return 0;
1248 }
1249 }
1250
1251 /* Read in request_extensions */
1252 if (size < 2)
1253 {
1254 *al = SSL_AD_DECODE_ERROR;
1255 return 0;
1256 }
1257 n2s(data,dsize);
1258 size -= 2;
1259 if (dsize != size)
1260 {
1261 *al = SSL_AD_DECODE_ERROR;
1262 return 0;
1263 }
1264 sdata = data;
1265 if (dsize > 0)
1266 {
1267 if (s->tlsext_ocsp_exts)
1268 {
1269 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
1270 X509_EXTENSION_free);
1271 }
1272
1273 s->tlsext_ocsp_exts =
1274 d2i_X509_EXTENSIONS(NULL,
1275 &sdata, dsize);
1276 if (!s->tlsext_ocsp_exts
1277 || (data + dsize != sdata))
1278 {
1279 *al = SSL_AD_DECODE_ERROR;
1280 return 0;
1281 }
1282 }
1283 }
1284 /* We don't know what to do with any other type
1285 * so ignore it.
1286 */
1287 else
1288 s->tlsext_status_type = -1;
1289 }
1290#ifndef OPENSSL_NO_HEARTBEATS
1291 else if (type == TLSEXT_TYPE_heartbeat)
1292 {
1293 switch(data[0])
1294 {
1295 case 0x01: /* Client allows us to send HB requests */
1296 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1297 break;
1298 case 0x02: /* Client doesn't accept HB requests */
1299 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1300 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
1301 break;
1302 default: *al = SSL_AD_ILLEGAL_PARAMETER;
1303 return 0;
1304 }
1305 }
1306#endif
1307#ifndef OPENSSL_NO_NEXTPROTONEG
1308 else if (type == TLSEXT_TYPE_next_proto_neg &&
1309 s->s3->tmp.finish_md_len == 0)
1310 {
1311 /* We shouldn't accept this extension on a
1312 * renegotiation.
1313 *
1314 * s->new_session will be set on renegotiation, but we
1315 * probably shouldn't rely that it couldn't be set on
1316 * the initial renegotation too in certain cases (when
1317 * there's some other reason to disallow resuming an
1318 * earlier session -- the current code won't be doing
1319 * anything like that, but this might change).
1320
1321 * A valid sign that there's been a previous handshake
1322 * in this connection is if s->s3->tmp.finish_md_len >
1323 * 0. (We are talking about a check that will happen
1324 * in the Hello protocol round, well before a new
1325 * Finished message could have been computed.) */
1326 s->s3->next_proto_neg_seen = 1;
1327 }
1328#endif
1329
1330 /* session ticket processed earlier */
1331 else if (type == TLSEXT_TYPE_use_srtp)
1332 {
1333 if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
1334 al))
1335 return 0;
1336 }
1337
1338 data+=size;
1339 }
1340
1341 *p = data;
1342
1343 ri_check:
1344
1345 /* Need RI if renegotiating */
1346
1347 if (!renegotiate_seen && s->renegotiate &&
1348 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1349 {
1350 *al = SSL_AD_HANDSHAKE_FAILURE;
1351 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
1352 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1353 return 0;
1354 }
1355
1356 return 1;
1357 }
1358
1359#ifndef OPENSSL_NO_NEXTPROTONEG
1360/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
1361 * elements of zero length are allowed and the set of elements must exactly fill
1362 * the length of the block. */
1363static char ssl_next_proto_validate(unsigned char *d, unsigned len)
1364 {
1365 unsigned int off = 0;
1366
1367 while (off < len)
1368 {
1369 if (d[off] == 0)
1370 return 0;
1371 off += d[off];
1372 off++;
1373 }
1374
1375 return off == len;
1376 }
1377#endif
1378
1379int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
1380 {
1381 unsigned short length;
1382 unsigned short type;
1383 unsigned short size;
1384 unsigned char *data = *p;
1385 int tlsext_servername = 0;
1386 int renegotiate_seen = 0;
1387
1388#ifndef OPENSSL_NO_NEXTPROTONEG
1389 s->s3->next_proto_neg_seen = 0;
1390#endif
1391
1392#ifndef OPENSSL_NO_HEARTBEATS
1393 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
1394 SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
1395#endif
1396
1397 if (data >= (d+n-2))
1398 goto ri_check;
1399
1400 n2s(data,length);
1401 if (data+length != d+n)
1402 {
1403 *al = SSL_AD_DECODE_ERROR;
1404 return 0;
1405 }
1406
1407 while(data <= (d+n-4))
1408 {
1409 n2s(data,type);
1410 n2s(data,size);
1411
1412 if (data+size > (d+n))
1413 goto ri_check;
1414
1415 if (s->tlsext_debug_cb)
1416 s->tlsext_debug_cb(s, 1, type, data, size,
1417 s->tlsext_debug_arg);
1418
1419 if (type == TLSEXT_TYPE_server_name)
1420 {
1421 if (s->tlsext_hostname == NULL || size > 0)
1422 {
1423 *al = TLS1_AD_UNRECOGNIZED_NAME;
1424 return 0;
1425 }
1426 tlsext_servername = 1;
1427 }
1428
1429#ifndef OPENSSL_NO_EC
1430 else if (type == TLSEXT_TYPE_ec_point_formats &&
1431 s->version != DTLS1_VERSION)
1432 {
1433 unsigned char *sdata = data;
1434 int ecpointformatlist_length = *(sdata++);
1435
1436 if (ecpointformatlist_length != size - 1)
1437 {
1438 *al = TLS1_AD_DECODE_ERROR;
1439 return 0;
1440 }
1441 s->session->tlsext_ecpointformatlist_length = 0;
1442 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
1443 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
1444 {
1445 *al = TLS1_AD_INTERNAL_ERROR;
1446 return 0;
1447 }
1448 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
1449 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
1450#if 0
1451 fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
1452 sdata = s->session->tlsext_ecpointformatlist;
1453 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1454 fprintf(stderr,"%i ",*(sdata++));
1455 fprintf(stderr,"\n");
1456#endif
1457 }
1458#endif /* OPENSSL_NO_EC */
1459
1460 else if (type == TLSEXT_TYPE_session_ticket)
1461 {
1462 if (s->tls_session_ticket_ext_cb &&
1463 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
1464 {
1465 *al = TLS1_AD_INTERNAL_ERROR;
1466 return 0;
1467 }
1468 if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
1469 || (size > 0))
1470 {
1471 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1472 return 0;
1473 }
1474 s->tlsext_ticket_expected = 1;
1475 }
1476#ifdef TLSEXT_TYPE_opaque_prf_input
1477 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1478 s->version != DTLS1_VERSION)
1479 {
1480 unsigned char *sdata = data;
1481
1482 if (size < 2)
1483 {
1484 *al = SSL_AD_DECODE_ERROR;
1485 return 0;
1486 }
1487 n2s(sdata, s->s3->server_opaque_prf_input_len);
1488 if (s->s3->server_opaque_prf_input_len != size - 2)
1489 {
1490 *al = SSL_AD_DECODE_ERROR;
1491 return 0;
1492 }
1493
1494 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1495 OPENSSL_free(s->s3->server_opaque_prf_input);
1496 if (s->s3->server_opaque_prf_input_len == 0)
1497 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1498 else
1499 s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
1500
1501 if (s->s3->server_opaque_prf_input == NULL)
1502 {
1503 *al = TLS1_AD_INTERNAL_ERROR;
1504 return 0;
1505 }
1506 }
1507#endif
1508 else if (type == TLSEXT_TYPE_status_request &&
1509 s->version != DTLS1_VERSION)
1510 {
1511 /* MUST be empty and only sent if we've requested
1512 * a status request message.
1513 */
1514 if ((s->tlsext_status_type == -1) || (size > 0))
1515 {
1516 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1517 return 0;
1518 }
1519 /* Set flag to expect CertificateStatus message */
1520 s->tlsext_status_expected = 1;
1521 }
1522#ifndef OPENSSL_NO_NEXTPROTONEG
1523 else if (type == TLSEXT_TYPE_next_proto_neg &&
1524 s->s3->tmp.finish_md_len == 0)
1525 {
1526 unsigned char *selected;
1527 unsigned char selected_len;
1528
1529 /* We must have requested it. */
1530 if ((s->ctx->next_proto_select_cb == NULL))
1531 {
1532 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1533 return 0;
1534 }
1535 /* The data must be valid */
1536 if (!ssl_next_proto_validate(data, size))
1537 {
1538 *al = TLS1_AD_DECODE_ERROR;
1539 return 0;
1540 }
1541 if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK)
1542 {
1543 *al = TLS1_AD_INTERNAL_ERROR;
1544 return 0;
1545 }
1546 s->next_proto_negotiated = OPENSSL_malloc(selected_len);
1547 if (!s->next_proto_negotiated)
1548 {
1549 *al = TLS1_AD_INTERNAL_ERROR;
1550 return 0;
1551 }
1552 memcpy(s->next_proto_negotiated, selected, selected_len);
1553 s->next_proto_negotiated_len = selected_len;
1554 s->s3->next_proto_neg_seen = 1;
1555 }
1556#endif
1557 else if (type == TLSEXT_TYPE_renegotiate)
1558 {
1559 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1560 return 0;
1561 renegotiate_seen = 1;
1562 }
1563#ifndef OPENSSL_NO_HEARTBEATS
1564 else if (type == TLSEXT_TYPE_heartbeat)
1565 {
1566 switch(data[0])
1567 {
1568 case 0x01: /* Server allows us to send HB requests */
1569 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1570 break;
1571 case 0x02: /* Server doesn't accept HB requests */
1572 s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
1573 s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
1574 break;
1575 default: *al = SSL_AD_ILLEGAL_PARAMETER;
1576 return 0;
1577 }
1578 }
1579#endif
1580 else if (type == TLSEXT_TYPE_use_srtp)
1581 {
1582 if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
1583 al))
1584 return 0;
1585 }
1586
1587 data+=size;
1588 }
1589
1590 if (data != d+n)
1591 {
1592 *al = SSL_AD_DECODE_ERROR;
1593 return 0;
1594 }
1595
1596 if (!s->hit && tlsext_servername == 1)
1597 {
1598 if (s->tlsext_hostname)
1599 {
1600 if (s->session->tlsext_hostname == NULL)
1601 {
1602 s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
1603 if (!s->session->tlsext_hostname)
1604 {
1605 *al = SSL_AD_UNRECOGNIZED_NAME;
1606 return 0;
1607 }
1608 }
1609 else
1610 {
1611 *al = SSL_AD_DECODE_ERROR;
1612 return 0;
1613 }
1614 }
1615 }
1616
1617 *p = data;
1618
1619 ri_check:
1620
1621 /* Determine if we need to see RI. Strictly speaking if we want to
1622 * avoid an attack we should *always* see RI even on initial server
1623 * hello because the client doesn't see any renegotiation during an
1624 * attack. However this would mean we could not connect to any server
1625 * which doesn't support RI so for the immediate future tolerate RI
1626 * absence on initial connect only.
1627 */
1628 if (!renegotiate_seen
1629 && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
1630 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1631 {
1632 *al = SSL_AD_HANDSHAKE_FAILURE;
1633 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
1634 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1635 return 0;
1636 }
1637
1638 return 1;
1639 }
1640
1641
1642int ssl_prepare_clienthello_tlsext(SSL *s)
1643 {
1644#ifndef OPENSSL_NO_EC
1645 /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats
1646 * and elliptic curves we support.
1647 */
1648 int using_ecc = 0;
1649 int i;
1650 unsigned char *j;
1651 unsigned long alg_k, alg_a;
1652 STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
1653
1654 for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
1655 {
1656 SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
1657
1658 alg_k = c->algorithm_mkey;
1659 alg_a = c->algorithm_auth;
1660 if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA)))
1661 {
1662 using_ecc = 1;
1663 break;
1664 }
1665 }
1666 using_ecc = using_ecc && (s->version >= TLS1_VERSION);
1667 if (using_ecc)
1668 {
1669 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1670 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1671 {
1672 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1673 return -1;
1674 }
1675 s->tlsext_ecpointformatlist_length = 3;
1676 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1677 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1678 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1679
1680 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1681 if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
1682 s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
1683 if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
1684 {
1685 s->tlsext_ellipticcurvelist_length = 0;
1686 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1687 return -1;
1688 }
1689 for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
1690 sizeof(pref_list)/sizeof(pref_list[0]); i++)
1691 {
1692 int id = tls1_ec_nid2curve_id(pref_list[i]);
1693 s2n(id,j);
1694 }
1695 }
1696#endif /* OPENSSL_NO_EC */
1697
1698#ifdef TLSEXT_TYPE_opaque_prf_input
1699 {
1700 int r = 1;
1701
1702 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1703 {
1704 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1705 if (!r)
1706 return -1;
1707 }
1708
1709 if (s->tlsext_opaque_prf_input != NULL)
1710 {
1711 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1712 OPENSSL_free(s->s3->client_opaque_prf_input);
1713
1714 if (s->tlsext_opaque_prf_input_len == 0)
1715 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1716 else
1717 s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1718 if (s->s3->client_opaque_prf_input == NULL)
1719 {
1720 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1721 return -1;
1722 }
1723 s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1724 }
1725
1726 if (r == 2)
1727 /* at callback's request, insist on receiving an appropriate server opaque PRF input */
1728 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1729 }
1730#endif
1731
1732 return 1;
1733 }
1734
1735int ssl_prepare_serverhello_tlsext(SSL *s)
1736 {
1737#ifndef OPENSSL_NO_EC
1738 /* If we are server and using an ECC cipher suite, send the point formats we support
1739 * if the client sent us an ECPointsFormat extension. Note that the server is not
1740 * supposed to send an EllipticCurves extension.
1741 */
1742
1743 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1744 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1745 int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
1746 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1747
1748 if (using_ecc)
1749 {
1750 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1751 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1752 {
1753 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1754 return -1;
1755 }
1756 s->tlsext_ecpointformatlist_length = 3;
1757 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1758 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1759 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1760 }
1761#endif /* OPENSSL_NO_EC */
1762
1763 return 1;
1764 }
1765
1766int ssl_check_clienthello_tlsext(SSL *s)
1767 {
1768 int ret=SSL_TLSEXT_ERR_NOACK;
1769 int al = SSL_AD_UNRECOGNIZED_NAME;
1770
1771#ifndef OPENSSL_NO_EC
1772 /* The handling of the ECPointFormats extension is done elsewhere, namely in
1773 * ssl3_choose_cipher in s3_lib.c.
1774 */
1775 /* The handling of the EllipticCurves extension is done elsewhere, namely in
1776 * ssl3_choose_cipher in s3_lib.c.
1777 */
1778#endif
1779
1780 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1781 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1782 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1783 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1784
1785 /* If status request then ask callback what to do.
1786 * Note: this must be called after servername callbacks in case
1787 * the certificate has changed.
1788 */
1789 if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
1790 {
1791 int r;
1792 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1793 switch (r)
1794 {
1795 /* We don't want to send a status request response */
1796 case SSL_TLSEXT_ERR_NOACK:
1797 s->tlsext_status_expected = 0;
1798 break;
1799 /* status request response should be sent */
1800 case SSL_TLSEXT_ERR_OK:
1801 if (s->tlsext_ocsp_resp)
1802 s->tlsext_status_expected = 1;
1803 else
1804 s->tlsext_status_expected = 0;
1805 break;
1806 /* something bad happened */
1807 case SSL_TLSEXT_ERR_ALERT_FATAL:
1808 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1809 al = SSL_AD_INTERNAL_ERROR;
1810 goto err;
1811 }
1812 }
1813 else
1814 s->tlsext_status_expected = 0;
1815
1816#ifdef TLSEXT_TYPE_opaque_prf_input
1817 {
1818 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
1819 * but we might be sending an alert in response to the client hello,
1820 * so this has to happen here in ssl_check_clienthello_tlsext(). */
1821
1822 int r = 1;
1823
1824 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1825 {
1826 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1827 if (!r)
1828 {
1829 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1830 al = SSL_AD_INTERNAL_ERROR;
1831 goto err;
1832 }
1833 }
1834
1835 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1836 OPENSSL_free(s->s3->server_opaque_prf_input);
1837 s->s3->server_opaque_prf_input = NULL;
1838
1839 if (s->tlsext_opaque_prf_input != NULL)
1840 {
1841 if (s->s3->client_opaque_prf_input != NULL &&
1842 s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len)
1843 {
1844 /* can only use this extension if we have a server opaque PRF input
1845 * of the same length as the client opaque PRF input! */
1846
1847 if (s->tlsext_opaque_prf_input_len == 0)
1848 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1849 else
1850 s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1851 if (s->s3->server_opaque_prf_input == NULL)
1852 {
1853 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1854 al = SSL_AD_INTERNAL_ERROR;
1855 goto err;
1856 }
1857 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1858 }
1859 }
1860
1861 if (r == 2 && s->s3->server_opaque_prf_input == NULL)
1862 {
1863 /* The callback wants to enforce use of the extension,
1864 * but we can't do that with the client opaque PRF input;
1865 * abort the handshake.
1866 */
1867 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1868 al = SSL_AD_HANDSHAKE_FAILURE;
1869 }
1870 }
1871
1872#endif
1873 err:
1874 switch (ret)
1875 {
1876 case SSL_TLSEXT_ERR_ALERT_FATAL:
1877 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1878 return -1;
1879
1880 case SSL_TLSEXT_ERR_ALERT_WARNING:
1881 ssl3_send_alert(s,SSL3_AL_WARNING,al);
1882 return 1;
1883
1884 case SSL_TLSEXT_ERR_NOACK:
1885 s->servername_done=0;
1886 default:
1887 return 1;
1888 }
1889 }
1890
1891int ssl_check_serverhello_tlsext(SSL *s)
1892 {
1893 int ret=SSL_TLSEXT_ERR_NOACK;
1894 int al = SSL_AD_UNRECOGNIZED_NAME;
1895
1896#ifndef OPENSSL_NO_EC
1897 /* If we are client and using an elliptic curve cryptography cipher
1898 * suite, then if server returns an EC point formats lists extension
1899 * it must contain uncompressed.
1900 */
1901 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1902 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1903 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
1904 (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
1905 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
1906 {
1907 /* we are using an ECC cipher */
1908 size_t i;
1909 unsigned char *list;
1910 int found_uncompressed = 0;
1911 list = s->session->tlsext_ecpointformatlist;
1912 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1913 {
1914 if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed)
1915 {
1916 found_uncompressed = 1;
1917 break;
1918 }
1919 }
1920 if (!found_uncompressed)
1921 {
1922 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1923 return -1;
1924 }
1925 }
1926 ret = SSL_TLSEXT_ERR_OK;
1927#endif /* OPENSSL_NO_EC */
1928
1929 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1930 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1931 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1932 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1933
1934#ifdef TLSEXT_TYPE_opaque_prf_input
1935 if (s->s3->server_opaque_prf_input_len > 0)
1936 {
1937 /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
1938 * So first verify that we really have a value from the server too. */
1939
1940 if (s->s3->server_opaque_prf_input == NULL)
1941 {
1942 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1943 al = SSL_AD_HANDSHAKE_FAILURE;
1944 }
1945
1946 /* Anytime the server *has* sent an opaque PRF input, we need to check
1947 * that we have a client opaque PRF input of the same size. */
1948 if (s->s3->client_opaque_prf_input == NULL ||
1949 s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len)
1950 {
1951 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1952 al = SSL_AD_ILLEGAL_PARAMETER;
1953 }
1954 }
1955#endif
1956
1957 /* If we've requested certificate status and we wont get one
1958 * tell the callback
1959 */
1960 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
1961 && s->ctx && s->ctx->tlsext_status_cb)
1962 {
1963 int r;
1964 /* Set resp to NULL, resplen to -1 so callback knows
1965 * there is no response.
1966 */
1967 if (s->tlsext_ocsp_resp)
1968 {
1969 OPENSSL_free(s->tlsext_ocsp_resp);
1970 s->tlsext_ocsp_resp = NULL;
1971 }
1972 s->tlsext_ocsp_resplen = -1;
1973 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1974 if (r == 0)
1975 {
1976 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1977 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1978 }
1979 if (r < 0)
1980 {
1981 al = SSL_AD_INTERNAL_ERROR;
1982 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1983 }
1984 }
1985
1986 switch (ret)
1987 {
1988 case SSL_TLSEXT_ERR_ALERT_FATAL:
1989 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1990 return -1;
1991
1992 case SSL_TLSEXT_ERR_ALERT_WARNING:
1993 ssl3_send_alert(s,SSL3_AL_WARNING,al);
1994 return 1;
1995
1996 case SSL_TLSEXT_ERR_NOACK:
1997 s->servername_done=0;
1998 default:
1999 return 1;
2000 }
2001 }
2002
2003/* Since the server cache lookup is done early on in the processing of the
2004 * ClientHello, and other operations depend on the result, we need to handle
2005 * any TLS session ticket extension at the same time.
2006 *
2007 * session_id: points at the session ID in the ClientHello. This code will
2008 * read past the end of this in order to parse out the session ticket
2009 * extension, if any.
2010 * len: the length of the session ID.
2011 * limit: a pointer to the first byte after the ClientHello.
2012 * ret: (output) on return, if a ticket was decrypted, then this is set to
2013 * point to the resulting session.
2014 *
2015 * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
2016 * ciphersuite, in which case we have no use for session tickets and one will
2017 * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
2018 *
2019 * Returns:
2020 * -1: fatal error, either from parsing or decrypting the ticket.
2021 * 0: no ticket was found (or was ignored, based on settings).
2022 * 1: a zero length extension was found, indicating that the client supports
2023 * session tickets but doesn't currently have one to offer.
2024 * 2: either s->tls_session_secret_cb was set, or a ticket was offered but
2025 * couldn't be decrypted because of a non-fatal error.
2026 * 3: a ticket was successfully decrypted and *ret was set.
2027 *
2028 * Side effects:
2029 * Sets s->tlsext_ticket_expected to 1 if the server will have to issue
2030 * a new session ticket to the client because the client indicated support
2031 * (and s->tls_session_secret_cb is NULL) but the client either doesn't have
2032 * a session ticket or we couldn't use the one it gave us, or if
2033 * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
2034 * Otherwise, s->tlsext_ticket_expected is set to 0.
2035 */
2036int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
2037 const unsigned char *limit, SSL_SESSION **ret)
2038 {
2039 /* Point after session ID in client hello */
2040 const unsigned char *p = session_id + len;
2041 unsigned short i;
2042
2043 *ret = NULL;
2044 s->tlsext_ticket_expected = 0;
2045
2046 /* If tickets disabled behave as if no ticket present
2047 * to permit stateful resumption.
2048 */
2049 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
2050 return 0;
2051 if ((s->version <= SSL3_VERSION) || !limit)
2052 return 0;
2053 if (p >= limit)
2054 return -1;
2055 /* Skip past DTLS cookie */
2056 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
2057 {
2058 i = *(p++);
2059 p+= i;
2060 if (p >= limit)
2061 return -1;
2062 }
2063 /* Skip past cipher list */
2064 n2s(p, i);
2065 p+= i;
2066 if (p >= limit)
2067 return -1;
2068 /* Skip past compression algorithm list */
2069 i = *(p++);
2070 p += i;
2071 if (p > limit)
2072 return -1;
2073 /* Now at start of extensions */
2074 if ((p + 2) >= limit)
2075 return 0;
2076 n2s(p, i);
2077 while ((p + 4) <= limit)
2078 {
2079 unsigned short type, size;
2080 n2s(p, type);
2081 n2s(p, size);
2082 if (p + size > limit)
2083 return 0;
2084 if (type == TLSEXT_TYPE_session_ticket)
2085 {
2086 int r;
2087 if (size == 0)
2088 {
2089 /* The client will accept a ticket but doesn't
2090 * currently have one. */
2091 s->tlsext_ticket_expected = 1;
2092 return 1;
2093 }
2094 if (s->tls_session_secret_cb)
2095 {
2096 /* Indicate that the ticket couldn't be
2097 * decrypted rather than generating the session
2098 * from ticket now, trigger abbreviated
2099 * handshake based on external mechanism to
2100 * calculate the master secret later. */
2101 return 2;
2102 }
2103 r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
2104 switch (r)
2105 {
2106 case 2: /* ticket couldn't be decrypted */
2107 s->tlsext_ticket_expected = 1;
2108 return 2;
2109 case 3: /* ticket was decrypted */
2110 return r;
2111 case 4: /* ticket decrypted but need to renew */
2112 s->tlsext_ticket_expected = 1;
2113 return 3;
2114 default: /* fatal error */
2115 return -1;
2116 }
2117 }
2118 p += size;
2119 }
2120 return 0;
2121 }
2122
2123/* tls_decrypt_ticket attempts to decrypt a session ticket.
2124 *
2125 * etick: points to the body of the session ticket extension.
2126 * eticklen: the length of the session tickets extenion.
2127 * sess_id: points at the session ID.
2128 * sesslen: the length of the session ID.
2129 * psess: (output) on return, if a ticket was decrypted, then this is set to
2130 * point to the resulting session.
2131 *
2132 * Returns:
2133 * -1: fatal error, either from parsing or decrypting the ticket.
2134 * 2: the ticket couldn't be decrypted.
2135 * 3: a ticket was successfully decrypted and *psess was set.
2136 * 4: same as 3, but the ticket needs to be renewed.
2137 */
2138static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
2139 const unsigned char *sess_id, int sesslen,
2140 SSL_SESSION **psess)
2141 {
2142 SSL_SESSION *sess;
2143 unsigned char *sdec;
2144 const unsigned char *p;
2145 int slen, mlen, renew_ticket = 0;
2146 unsigned char tick_hmac[EVP_MAX_MD_SIZE];
2147 HMAC_CTX hctx;
2148 EVP_CIPHER_CTX ctx;
2149 SSL_CTX *tctx = s->initial_ctx;
2150 /* Need at least keyname + iv + some encrypted data */
2151 if (eticklen < 48)
2152 return 2;
2153 /* Initialize session ticket encryption and HMAC contexts */
2154 HMAC_CTX_init(&hctx);
2155 EVP_CIPHER_CTX_init(&ctx);
2156 if (tctx->tlsext_ticket_key_cb)
2157 {
2158 unsigned char *nctick = (unsigned char *)etick;
2159 int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
2160 &ctx, &hctx, 0);
2161 if (rv < 0)
2162 return -1;
2163 if (rv == 0)
2164 return 2;
2165 if (rv == 2)
2166 renew_ticket = 1;
2167 }
2168 else
2169 {
2170 /* Check key name matches */
2171 if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
2172 return 2;
2173 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2174 tlsext_tick_md(), NULL);
2175 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2176 tctx->tlsext_tick_aes_key, etick + 16);
2177 }
2178 /* Attempt to process session ticket, first conduct sanity and
2179 * integrity checks on ticket.
2180 */
2181 mlen = HMAC_size(&hctx);
2182 if (mlen < 0)
2183 {
2184 EVP_CIPHER_CTX_cleanup(&ctx);
2185 return -1;
2186 }
2187 eticklen -= mlen;
2188 /* Check HMAC of encrypted ticket */
2189 HMAC_Update(&hctx, etick, eticklen);
2190 HMAC_Final(&hctx, tick_hmac, NULL);
2191 HMAC_CTX_cleanup(&hctx);
2192 if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen))
2193 return 2;
2194 /* Attempt to decrypt session data */
2195 /* Move p after IV to start of encrypted ticket, update length */
2196 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2197 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2198 sdec = OPENSSL_malloc(eticklen);
2199 if (!sdec)
2200 {
2201 EVP_CIPHER_CTX_cleanup(&ctx);
2202 return -1;
2203 }
2204 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
2205 if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
2206 return 2;
2207 slen += mlen;
2208 EVP_CIPHER_CTX_cleanup(&ctx);
2209 p = sdec;
2210
2211 sess = d2i_SSL_SESSION(NULL, &p, slen);
2212 OPENSSL_free(sdec);
2213 if (sess)
2214 {
2215 /* The session ID, if non-empty, is used by some clients to
2216 * detect that the ticket has been accepted. So we copy it to
2217 * the session structure. If it is empty set length to zero
2218 * as required by standard.
2219 */
2220 if (sesslen)
2221 memcpy(sess->session_id, sess_id, sesslen);
2222 sess->session_id_length = sesslen;
2223 *psess = sess;
2224 if (renew_ticket)
2225 return 4;
2226 else
2227 return 3;
2228 }
2229 ERR_clear_error();
2230 /* For session parse failure, indicate that we need to send a new
2231 * ticket. */
2232 return 2;
2233 }
2234
2235/* Tables to translate from NIDs to TLS v1.2 ids */
2236
2237typedef struct
2238 {
2239 int nid;
2240 int id;
2241 } tls12_lookup;
2242
2243static tls12_lookup tls12_md[] = {
2244#ifndef OPENSSL_NO_MD5
2245 {NID_md5, TLSEXT_hash_md5},
2246#endif
2247#ifndef OPENSSL_NO_SHA
2248 {NID_sha1, TLSEXT_hash_sha1},
2249#endif
2250#ifndef OPENSSL_NO_SHA256
2251 {NID_sha224, TLSEXT_hash_sha224},
2252 {NID_sha256, TLSEXT_hash_sha256},
2253#endif
2254#ifndef OPENSSL_NO_SHA512
2255 {NID_sha384, TLSEXT_hash_sha384},
2256 {NID_sha512, TLSEXT_hash_sha512}
2257#endif
2258};
2259
2260static tls12_lookup tls12_sig[] = {
2261#ifndef OPENSSL_NO_RSA
2262 {EVP_PKEY_RSA, TLSEXT_signature_rsa},
2263#endif
2264#ifndef OPENSSL_NO_DSA
2265 {EVP_PKEY_DSA, TLSEXT_signature_dsa},
2266#endif
2267#ifndef OPENSSL_NO_ECDSA
2268 {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
2269#endif
2270};
2271
2272static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
2273 {
2274 size_t i;
2275 for (i = 0; i < tlen; i++)
2276 {
2277 if (table[i].nid == nid)
2278 return table[i].id;
2279 }
2280 return -1;
2281 }
2282#if 0
2283static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
2284 {
2285 size_t i;
2286 for (i = 0; i < tlen; i++)
2287 {
2288 if (table[i].id == id)
2289 return table[i].nid;
2290 }
2291 return -1;
2292 }
2293#endif
2294
2295int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
2296 {
2297 int sig_id, md_id;
2298 if (!md)
2299 return 0;
2300 md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
2301 sizeof(tls12_md)/sizeof(tls12_lookup));
2302 if (md_id == -1)
2303 return 0;
2304 sig_id = tls12_get_sigid(pk);
2305 if (sig_id == -1)
2306 return 0;
2307 p[0] = (unsigned char)md_id;
2308 p[1] = (unsigned char)sig_id;
2309 return 1;
2310 }
2311
2312int tls12_get_sigid(const EVP_PKEY *pk)
2313 {
2314 return tls12_find_id(pk->type, tls12_sig,
2315 sizeof(tls12_sig)/sizeof(tls12_lookup));
2316 }
2317
2318const EVP_MD *tls12_get_hash(unsigned char hash_alg)
2319 {
2320 switch(hash_alg)
2321 {
2322#ifndef OPENSSL_NO_MD5
2323 case TLSEXT_hash_md5:
2324#ifdef OPENSSL_FIPS
2325 if (FIPS_mode())
2326 return NULL;
2327#endif
2328 return EVP_md5();
2329#endif
2330#ifndef OPENSSL_NO_SHA
2331 case TLSEXT_hash_sha1:
2332 return EVP_sha1();
2333#endif
2334#ifndef OPENSSL_NO_SHA256
2335 case TLSEXT_hash_sha224:
2336 return EVP_sha224();
2337
2338 case TLSEXT_hash_sha256:
2339 return EVP_sha256();
2340#endif
2341#ifndef OPENSSL_NO_SHA512
2342 case TLSEXT_hash_sha384:
2343 return EVP_sha384();
2344
2345 case TLSEXT_hash_sha512:
2346 return EVP_sha512();
2347#endif
2348 default:
2349 return NULL;
2350
2351 }
2352 }
2353
2354/* Set preferred digest for each key type */
2355
2356int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2357 {
2358 int i, idx;
2359 const EVP_MD *md;
2360 CERT *c = s->cert;
2361 /* Extension ignored for TLS versions below 1.2 */
2362 if (TLS1_get_version(s) < TLS1_2_VERSION)
2363 return 1;
2364 /* Should never happen */
2365 if (!c)
2366 return 0;
2367
2368 c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
2369 c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
2370 c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
2371 c->pkeys[SSL_PKEY_ECC].digest = NULL;
2372
2373 for (i = 0; i < dsize; i += 2)
2374 {
2375 unsigned char hash_alg = data[i], sig_alg = data[i+1];
2376
2377 switch(sig_alg)
2378 {
2379#ifndef OPENSSL_NO_RSA
2380 case TLSEXT_signature_rsa:
2381 idx = SSL_PKEY_RSA_SIGN;
2382 break;
2383#endif
2384#ifndef OPENSSL_NO_DSA
2385 case TLSEXT_signature_dsa:
2386 idx = SSL_PKEY_DSA_SIGN;
2387 break;
2388#endif
2389#ifndef OPENSSL_NO_ECDSA
2390 case TLSEXT_signature_ecdsa:
2391 idx = SSL_PKEY_ECC;
2392 break;
2393#endif
2394 default:
2395 continue;
2396 }
2397
2398 if (c->pkeys[idx].digest == NULL)
2399 {
2400 md = tls12_get_hash(hash_alg);
2401 if (md)
2402 {
2403 c->pkeys[idx].digest = md;
2404 if (idx == SSL_PKEY_RSA_SIGN)
2405 c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
2406 }
2407 }
2408
2409 }
2410
2411
2412 /* Set any remaining keys to default values. NOTE: if alg is not
2413 * supported it stays as NULL.
2414 */
2415#ifndef OPENSSL_NO_DSA
2416 if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
2417 c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
2418#endif
2419#ifndef OPENSSL_NO_RSA
2420 if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
2421 {
2422 c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
2423 c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
2424 }
2425#endif
2426#ifndef OPENSSL_NO_ECDSA
2427 if (!c->pkeys[SSL_PKEY_ECC].digest)
2428 c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
2429#endif
2430 return 1;
2431 }
2432
2433#endif
2434
2435#ifndef OPENSSL_NO_HEARTBEATS
2436int
2437tls1_process_heartbeat(SSL *s)
2438 {
2439 unsigned char *p = &s->s3->rrec.data[0], *pl;
2440 unsigned short hbtype;
2441 unsigned int payload;
2442 unsigned int padding = 16; /* Use minimum padding */
2443
2444 /* Read type and payload length first */
2445 hbtype = *p++;
2446 n2s(p, payload);
2447 pl = p;
2448
2449 if (s->msg_callback)
2450 s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
2451 &s->s3->rrec.data[0], s->s3->rrec.length,
2452 s, s->msg_callback_arg);
2453
2454 if (hbtype == TLS1_HB_REQUEST)
2455 {
2456 unsigned char *buffer, *bp;
2457 int r;
2458
2459 /* Allocate memory for the response, size is 1 bytes
2460 * message type, plus 2 bytes payload length, plus
2461 * payload, plus padding
2462 */
2463 buffer = OPENSSL_malloc(1 + 2 + payload + padding);
2464 bp = buffer;
2465
2466 /* Enter response type, length and copy payload */
2467 *bp++ = TLS1_HB_RESPONSE;
2468 s2n(payload, bp);
2469 memcpy(bp, pl, payload);
2470 bp += payload;
2471 /* Random padding */
2472 RAND_pseudo_bytes(bp, padding);
2473
2474 r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
2475
2476 if (r >= 0 && s->msg_callback)
2477 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
2478 buffer, 3 + payload + padding,
2479 s, s->msg_callback_arg);
2480
2481 OPENSSL_free(buffer);
2482
2483 if (r < 0)
2484 return r;
2485 }
2486 else if (hbtype == TLS1_HB_RESPONSE)
2487 {
2488 unsigned int seq;
2489
2490 /* We only send sequence numbers (2 bytes unsigned int),
2491 * and 16 random bytes, so we just try to read the
2492 * sequence number */
2493 n2s(pl, seq);
2494
2495 if (payload == 18 && seq == s->tlsext_hb_seq)
2496 {
2497 s->tlsext_hb_seq++;
2498 s->tlsext_hb_pending = 0;
2499 }
2500 }
2501
2502 return 0;
2503 }
2504
2505int
2506tls1_heartbeat(SSL *s)
2507 {
2508 unsigned char *buf, *p;
2509 int ret;
2510 unsigned int payload = 18; /* Sequence number + random bytes */
2511 unsigned int padding = 16; /* Use minimum padding */
2512
2513 /* Only send if peer supports and accepts HB requests... */
2514 if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
2515 s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS)
2516 {
2517 SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
2518 return -1;
2519 }
2520
2521 /* ...and there is none in flight yet... */
2522 if (s->tlsext_hb_pending)
2523 {
2524 SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
2525 return -1;
2526 }
2527
2528 /* ...and no handshake in progress. */
2529 if (SSL_in_init(s) || s->in_handshake)
2530 {
2531 SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
2532 return -1;
2533 }
2534
2535 /* Check if padding is too long, payload and padding
2536 * must not exceed 2^14 - 3 = 16381 bytes in total.
2537 */
2538 OPENSSL_assert(payload + padding <= 16381);
2539
2540 /* Create HeartBeat message, we just use a sequence number
2541 * as payload to distuingish different messages and add
2542 * some random stuff.
2543 * - Message Type, 1 byte
2544 * - Payload Length, 2 bytes (unsigned int)
2545 * - Payload, the sequence number (2 bytes uint)
2546 * - Payload, random bytes (16 bytes uint)
2547 * - Padding
2548 */
2549 buf = OPENSSL_malloc(1 + 2 + payload + padding);
2550 p = buf;
2551 /* Message Type */
2552 *p++ = TLS1_HB_REQUEST;
2553 /* Payload length (18 bytes here) */
2554 s2n(payload, p);
2555 /* Sequence number */
2556 s2n(s->tlsext_hb_seq, p);
2557 /* 16 random bytes */
2558 RAND_pseudo_bytes(p, 16);
2559 p += 16;
2560 /* Random padding */
2561 RAND_pseudo_bytes(p, padding);
2562
2563 ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
2564 if (ret >= 0)
2565 {
2566 if (s->msg_callback)
2567 s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
2568 buf, 3 + payload + padding,
2569 s, s->msg_callback_arg);
2570
2571 s->tlsext_hb_pending = 1;
2572 }
2573
2574 OPENSSL_free(buf);
2575
2576 return ret;
2577 }
2578#endif
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
deleted file mode 100644
index 53c807de28..0000000000
--- a/src/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,88 +0,0 @@
1/* ssl/t1_meth.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/objects.h>
61#include "ssl_locl.h"
62
63static const SSL_METHOD *tls1_get_method(int ver)
64 {
65 if (ver == TLS1_2_VERSION)
66 return TLSv1_2_method();
67 if (ver == TLS1_1_VERSION)
68 return TLSv1_1_method();
69 if (ver == TLS1_VERSION)
70 return TLSv1_method();
71 return NULL;
72 }
73
74IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method,
75 ssl3_accept,
76 ssl3_connect,
77 tls1_get_method)
78
79IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method,
80 ssl3_accept,
81 ssl3_connect,
82 tls1_get_method)
83
84IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method,
85 ssl3_accept,
86 ssl3_connect,
87 tls1_get_method)
88
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
deleted file mode 100644
index 9c2cc3c712..0000000000
--- a/src/lib/libssl/t1_reneg.c
+++ /dev/null
@@ -1,292 +0,0 @@
1/* ssl/t1_reneg.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111#include <stdio.h>
112#include <openssl/objects.h>
113#include "ssl_locl.h"
114
115/* Add the client's renegotiation binding */
116int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
117 int maxlen)
118 {
119 if(p)
120 {
121 if((s->s3->previous_client_finished_len+1) > maxlen)
122 {
123 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
124 return 0;
125 }
126
127 /* Length byte */
128 *p = s->s3->previous_client_finished_len;
129 p++;
130
131 memcpy(p, s->s3->previous_client_finished,
132 s->s3->previous_client_finished_len);
133#ifdef OPENSSL_RI_DEBUG
134 fprintf(stderr, "%s RI extension sent by client\n",
135 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
136#endif
137 }
138
139 *len=s->s3->previous_client_finished_len + 1;
140
141
142 return 1;
143 }
144
145/* Parse the client's renegotiation binding and abort if it's not
146 right */
147int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
148 int *al)
149 {
150 int ilen;
151
152 /* Parse the length byte */
153 if(len < 1)
154 {
155 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al=SSL_AD_ILLEGAL_PARAMETER;
157 return 0;
158 }
159 ilen = *d;
160 d++;
161
162 /* Consistency check */
163 if((ilen+1) != len)
164 {
165 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al=SSL_AD_ILLEGAL_PARAMETER;
167 return 0;
168 }
169
170 /* Check that the extension matches */
171 if(ilen != s->s3->previous_client_finished_len)
172 {
173 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
174 *al=SSL_AD_HANDSHAKE_FAILURE;
175 return 0;
176 }
177
178 if(memcmp(d, s->s3->previous_client_finished,
179 s->s3->previous_client_finished_len))
180 {
181 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
182 *al=SSL_AD_HANDSHAKE_FAILURE;
183 return 0;
184 }
185#ifdef OPENSSL_RI_DEBUG
186 fprintf(stderr, "%s RI extension received by server\n",
187 ilen ? "Non-empty" : "Empty");
188#endif
189
190 s->s3->send_connection_binding=1;
191
192 return 1;
193 }
194
195/* Add the server's renegotiation binding */
196int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
197 int maxlen)
198 {
199 if(p)
200 {
201 if((s->s3->previous_client_finished_len +
202 s->s3->previous_server_finished_len + 1) > maxlen)
203 {
204 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
205 return 0;
206 }
207
208 /* Length byte */
209 *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
210 p++;
211
212 memcpy(p, s->s3->previous_client_finished,
213 s->s3->previous_client_finished_len);
214 p += s->s3->previous_client_finished_len;
215
216 memcpy(p, s->s3->previous_server_finished,
217 s->s3->previous_server_finished_len);
218#ifdef OPENSSL_RI_DEBUG
219 fprintf(stderr, "%s RI extension sent by server\n",
220 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
221#endif
222 }
223
224 *len=s->s3->previous_client_finished_len
225 + s->s3->previous_server_finished_len + 1;
226
227 return 1;
228 }
229
230/* Parse the server's renegotiation binding and abort if it's not
231 right */
232int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
233 int *al)
234 {
235 int expected_len=s->s3->previous_client_finished_len
236 + s->s3->previous_server_finished_len;
237 int ilen;
238
239 /* Check for logic errors */
240 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
241 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
242
243 /* Parse the length byte */
244 if(len < 1)
245 {
246 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
247 *al=SSL_AD_ILLEGAL_PARAMETER;
248 return 0;
249 }
250 ilen = *d;
251 d++;
252
253 /* Consistency check */
254 if(ilen+1 != len)
255 {
256 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
257 *al=SSL_AD_ILLEGAL_PARAMETER;
258 return 0;
259 }
260
261 /* Check that the extension matches */
262 if(ilen != expected_len)
263 {
264 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
265 *al=SSL_AD_HANDSHAKE_FAILURE;
266 return 0;
267 }
268
269 if(memcmp(d, s->s3->previous_client_finished,
270 s->s3->previous_client_finished_len))
271 {
272 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
273 *al=SSL_AD_HANDSHAKE_FAILURE;
274 return 0;
275 }
276 d += s->s3->previous_client_finished_len;
277
278 if(memcmp(d, s->s3->previous_server_finished,
279 s->s3->previous_server_finished_len))
280 {
281 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
282 *al=SSL_AD_ILLEGAL_PARAMETER;
283 return 0;
284 }
285#ifdef OPENSSL_RI_DEBUG
286 fprintf(stderr, "%s RI extension received by client\n",
287 ilen ? "Non-empty" : "Empty");
288#endif
289 s->s3->send_connection_binding=1;
290
291 return 1;
292 }
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
deleted file mode 100644
index f1d1565769..0000000000
--- a/src/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,93 +0,0 @@
1/* ssl/t1_srvr.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "ssl_locl.h"
61#include <openssl/buffer.h>
62#include <openssl/rand.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67static const SSL_METHOD *tls1_get_server_method(int ver);
68static const SSL_METHOD *tls1_get_server_method(int ver)
69 {
70 if (ver == TLS1_2_VERSION)
71 return TLSv1_2_server_method();
72 if (ver == TLS1_1_VERSION)
73 return TLSv1_1_server_method();
74 if (ver == TLS1_VERSION)
75 return TLSv1_server_method();
76 return NULL;
77 }
78
79IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method,
80 ssl3_accept,
81 ssl_undefined_function,
82 tls1_get_server_method)
83
84IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method,
85 ssl3_accept,
86 ssl_undefined_function,
87 tls1_get_server_method)
88
89IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method,
90 ssl3_accept,
91 ssl_undefined_function,
92 tls1_get_server_method)
93
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 109bc8c10b..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 2048
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha1
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
24commonName = Common Name (eg, YOUR name)
25commonName_value = Dodgy CA
26
27####################################################################
28[ ca ]
29default_ca = CA_default # The default ca section
30
31####################################################################
32[ CA_default ]
33
34dir = ./demoCA # Where everything is kept
35certs = $dir/certs # Where the issued certs are kept
36crl_dir = $dir/crl # Where the issued crl are kept
37database = $dir/index.txt # database index file.
38#unique_subject = no # Set to 'no' to allow creation of
39 # several ctificates with same subject.
40new_certs_dir = $dir/newcerts # default place for new certs.
41
42certificate = $dir/cacert.pem # The CA certificate
43serial = $dir/serial # The current serial number
44crl = $dir/crl.pem # The current CRL
45private_key = $dir/private/cakey.pem# The private key
46RANDFILE = $dir/private/.rand # private random number file
47
48x509_extensions = v3_ca # The extentions to add to the cert
49
50name_opt = ca_default # Subject Name options
51cert_opt = ca_default # Certificate field options
52
53default_days = 365 # how long to certify for
54default_crl_days= 30 # how long before next CRL
55default_md = md5 # which md to use.
56preserve = no # keep passed DN ordering
57
58policy = policy_anything
59
60[ policy_anything ]
61countryName = optional
62stateOrProvinceName = optional
63localityName = optional
64organizationName = optional
65organizationalUnitName = optional
66commonName = supplied
67emailAddress = optional
68
69
70
71[ v3_ca ]
72subjectKeyIdentifier=hash
73authorityKeyIdentifier=keyid:always,issuer:always
74basicConstraints = CA:true,pathlen:1
75keyUsage = cRLSign, keyCertSign
76issuerAltName=issuer:copy
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DH certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CU
17countryName_value = CU
18
19organizationName = Organization Name (eg, company)
20organizationName_value = La Junta de la Revolucion
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Junta
24
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
24
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
deleted file mode 100644
index f5a275bfc2..0000000000
--- a/src/lib/libssl/test/CAtsa.cnf
+++ /dev/null
@@ -1,163 +0,0 @@
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha1 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 1024
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extentions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = md5, sha1 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147
148[ tsa_config2 ]
149
150# This configuration uses a certificate which doesn't have timeStamping usage.
151# These are used by the TSA reply generation only.
152dir = . # TSA root directory
153serial = $dir/tsa_serial # The current serial number (mandatory)
154signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
155 # (optional)
156certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
157 # (optional)
158signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
159
160default_policy = tsa_policy1 # Policy if request did not specify it
161 # (optional)
162other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163digests = md5, sha1 # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 326cce2ba8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
33[ v3_proxy ]
34basicConstraints=CA:FALSE
35subjectKeyIdentifier=hash
36authorityKeyIdentifier=keyid,issuer:always
37proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 8b502321b8..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
333.commonName = Common Name (eg, YOUR name)
343.commonName_value = Proxy 2
35
36[ v3_proxy ]
37basicConstraints=CA:FALSE
38subjectKeyIdentifier=hash
39authorityKeyIdentifier=keyid,issuer:always
40proxyCertInfo=critical,@proxy_ext
41
42[ proxy_ext ]
43language=id-ppl-anyLanguage
44pathlen=0
45policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
27
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 58ac0ca54d..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 2048
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha256
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
30[ v3_ee ]
31subjectKeyIdentifier=hash
32authorityKeyIdentifier=keyid,issuer:always
33basicConstraints = CA:false
34keyUsage = nonRepudiation, digitalSignature, keyEncipherment
35issuerAltName=issuer:copy
36
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
1
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
1y
2y
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
deleted file mode 100755
index 9f53d80344..0000000000
--- a/src/lib/libssl/test/asn1test.c
+++ /dev/null
@@ -1,22 +0,0 @@
1#include <openssl/x509.h>
2#include <openssl/asn1_mac.h>
3
4typedef struct X
5 {
6 STACK_OF(X509_EXTENSION) *ext;
7 } X;
8
9/* This isn't meant to run particularly, it's just to test type checking */
10int main(int argc, char **argv)
11 {
12 X *x = NULL;
13 unsigned char **pp = NULL;
14
15 M_ASN1_I2D_vars(x);
16 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
17 i2d_X509_EXTENSION);
18 M_ASN1_I2D_seq_total();
19 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
20 i2d_X509_EXTENSION);
21 M_ASN1_I2D_finish();
22 }
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index bdb3218f7a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
deleted file mode 100644
index 2e95b48ba4..0000000000
--- a/src/lib/libssl/test/cms-examples.pl
+++ /dev/null
@@ -1,409 +0,0 @@
1# test/cms-examples.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl script to run tests against S/MIME examples in RFC4134
54# Assumes RFC is in current directory and called "rfc4134.txt"
55
56use MIME::Base64;
57
58my $badttest = 0;
59my $verbose = 1;
60
61my $cmscmd;
62my $exdir = "./";
63my $exfile = "./rfc4134.txt";
64
65if (-f "../apps/openssl")
66 {
67 $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
68 }
69elsif (-f "..\\out32dll\\openssl.exe")
70 {
71 $cmscmd = "..\\out32dll\\openssl.exe cms";
72 }
73elsif (-f "..\\out32\\openssl.exe")
74 {
75 $cmscmd = "..\\out32\\openssl.exe cms";
76 }
77
78my @test_list = (
79 [ "3.1.bin" => "dataout" ],
80 [ "3.2.bin" => "encode, dataout" ],
81 [ "4.1.bin" => "encode, verifyder, cont, dss" ],
82 [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
83 [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
84 [ "4.4.bin" => "encode, verifyder, cont, dss" ],
85 [ "4.5.bin" => "verifyder, cont, rsa" ],
86 [ "4.6.bin" => "encode, verifyder, cont, dss" ],
87 [ "4.7.bin" => "encode, verifyder, cont, dss" ],
88 [ "4.8.eml" => "verifymime, dss" ],
89 [ "4.9.eml" => "verifymime, dss" ],
90 [ "4.10.bin" => "encode, verifyder, cont, dss" ],
91 [ "4.11.bin" => "encode, certsout" ],
92 [ "5.1.bin" => "encode, envelopeder, cont" ],
93 [ "5.2.bin" => "encode, envelopeder, cont" ],
94 [ "5.3.eml" => "envelopemime, cont" ],
95 [ "6.0.bin" => "encode, digest, cont" ],
96 [ "7.1.bin" => "encode, encrypted, cont" ],
97 [ "7.2.bin" => "encode, encrypted, cont" ]
98);
99
100# Extract examples from RFC4134 text.
101# Base64 decode all examples, certificates and
102# private keys are converted to PEM format.
103
104my ( $filename, $data );
105
106my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
107
108$data = "";
109
110open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
111
112while (<IN>) {
113 next unless (/^\|/);
114 s/^\|//;
115 next if (/^\*/);
116 if (/^>(.*)$/) {
117 $filename = $1;
118 next;
119 }
120 if (/^</) {
121 $filename = "$exdir/$filename";
122 if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
123 $data = decode_base64($data);
124 open OUT, ">$filename";
125 binmode OUT;
126 print OUT $data;
127 close OUT;
128 push @cleanup, $filename;
129 }
130 elsif ( $filename =~ /\.cer$/ ) {
131 write_pem( $filename, "CERTIFICATE", $data );
132 }
133 elsif ( $filename =~ /\.pri$/ ) {
134 write_pem( $filename, "PRIVATE KEY", $data );
135 }
136 $data = "";
137 $filename = "";
138 }
139 else {
140 $data .= $_;
141 }
142
143}
144
145my $secretkey =
146 "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
147
148foreach (@test_list) {
149 my ( $file, $tlist ) = @$_;
150 print "Example file $file:\n";
151 if ( $tlist =~ /encode/ ) {
152 run_reencode_test( $exdir, $file );
153 }
154 if ( $tlist =~ /certsout/ ) {
155 run_certsout_test( $exdir, $file );
156 }
157 if ( $tlist =~ /dataout/ ) {
158 run_dataout_test( $exdir, $file );
159 }
160 if ( $tlist =~ /verify/ ) {
161 run_verify_test( $exdir, $tlist, $file );
162 }
163 if ( $tlist =~ /digest/ ) {
164 run_digest_test( $exdir, $tlist, $file );
165 }
166 if ( $tlist =~ /encrypted/ ) {
167 run_encrypted_test( $exdir, $tlist, $file, $secretkey );
168 }
169 if ( $tlist =~ /envelope/ ) {
170 run_envelope_test( $exdir, $tlist, $file );
171 }
172
173}
174
175foreach (@cleanup) {
176 unlink $_;
177}
178
179if ($badtest) {
180 print "\n$badtest TESTS FAILED!!\n";
181}
182else {
183 print "\n***All tests successful***\n";
184}
185
186sub write_pem {
187 my ( $filename, $str, $data ) = @_;
188
189 $filename =~ s/\.[^.]*$/.pem/;
190
191 push @cleanup, $filename;
192
193 open OUT, ">$filename";
194
195 print OUT "-----BEGIN $str-----\n";
196 print OUT $data;
197 print OUT "-----END $str-----\n";
198
199 close OUT;
200}
201
202sub run_reencode_test {
203 my ( $cmsdir, $tfile ) = @_;
204 unlink "tmp.der";
205
206 system( "$cmscmd -cmsout -inform DER -outform DER"
207 . " -in $cmsdir/$tfile -out tmp.der" );
208
209 if ($?) {
210 print "\tReencode command FAILED!!\n";
211 $badtest++;
212 }
213 elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
214 print "\tReencode FAILED!!\n";
215 $badtest++;
216 }
217 else {
218 print "\tReencode passed\n" if $verbose;
219 }
220}
221
222sub run_certsout_test {
223 my ( $cmsdir, $tfile ) = @_;
224 unlink "tmp.der";
225 unlink "tmp.pem";
226
227 system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
228 . " -in $cmsdir/$tfile -out tmp.der" );
229
230 if ($?) {
231 print "\tCertificate output command FAILED!!\n";
232 $badtest++;
233 }
234 else {
235 print "\tCertificate output passed\n" if $verbose;
236 }
237}
238
239sub run_dataout_test {
240 my ( $cmsdir, $tfile ) = @_;
241 unlink "tmp.txt";
242
243 system(
244 "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
245
246 if ($?) {
247 print "\tDataout command FAILED!!\n";
248 $badtest++;
249 }
250 elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
251 print "\tDataout compare FAILED!!\n";
252 $badtest++;
253 }
254 else {
255 print "\tDataout passed\n" if $verbose;
256 }
257}
258
259sub run_verify_test {
260 my ( $cmsdir, $tlist, $tfile ) = @_;
261 unlink "tmp.txt";
262
263 $form = "DER" if $tlist =~ /verifyder/;
264 $form = "SMIME" if $tlist =~ /verifymime/;
265 $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
266 $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
267
268 $cmd =
269 "$cmscmd -verify -inform $form"
270 . " -CAfile $cafile"
271 . " -in $cmsdir/$tfile -out tmp.txt";
272
273 $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
274
275 system("$cmd 2>cms.err 1>cms.out");
276
277 if ($?) {
278 print "\tVerify command FAILED!!\n";
279 $badtest++;
280 }
281 elsif ( $tlist =~ /cont/
282 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
283 {
284 print "\tVerify content compare FAILED!!\n";
285 $badtest++;
286 }
287 else {
288 print "\tVerify passed\n" if $verbose;
289 }
290}
291
292sub run_envelope_test {
293 my ( $cmsdir, $tlist, $tfile ) = @_;
294 unlink "tmp.txt";
295
296 $form = "DER" if $tlist =~ /envelopeder/;
297 $form = "SMIME" if $tlist =~ /envelopemime/;
298
299 $cmd =
300 "$cmscmd -decrypt -inform $form"
301 . " -recip $cmsdir/BobRSASignByCarl.pem"
302 . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
303 . " -in $cmsdir/$tfile -out tmp.txt";
304
305 system("$cmd 2>cms.err 1>cms.out");
306
307 if ($?) {
308 print "\tDecrypt command FAILED!!\n";
309 $badtest++;
310 }
311 elsif ( $tlist =~ /cont/
312 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
313 {
314 print "\tDecrypt content compare FAILED!!\n";
315 $badtest++;
316 }
317 else {
318 print "\tDecrypt passed\n" if $verbose;
319 }
320}
321
322sub run_digest_test {
323 my ( $cmsdir, $tlist, $tfile ) = @_;
324 unlink "tmp.txt";
325
326 my $cmd =
327 "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
328
329 system("$cmd 2>cms.err 1>cms.out");
330
331 if ($?) {
332 print "\tDigest verify command FAILED!!\n";
333 $badtest++;
334 }
335 elsif ( $tlist =~ /cont/
336 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
337 {
338 print "\tDigest verify content compare FAILED!!\n";
339 $badtest++;
340 }
341 else {
342 print "\tDigest verify passed\n" if $verbose;
343 }
344}
345
346sub run_encrypted_test {
347 my ( $cmsdir, $tlist, $tfile, $key ) = @_;
348 unlink "tmp.txt";
349
350 system( "$cmscmd -EncryptedData_decrypt -inform DER"
351 . " -secretkey $key"
352 . " -in $cmsdir/$tfile -out tmp.txt" );
353
354 if ($?) {
355 print "\tEncrypted Data command FAILED!!\n";
356 $badtest++;
357 }
358 elsif ( $tlist =~ /cont/
359 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
360 {
361 print "\tEncrypted Data content compare FAILED!!\n";
362 $badtest++;
363 }
364 else {
365 print "\tEncryptedData verify passed\n" if $verbose;
366 }
367}
368
369sub cmp_files {
370 my ( $f1, $f2 ) = @_;
371 my ( $fp1, $fp2 );
372
373 my ( $rd1, $rd2 );
374
375 if ( !open( $fp1, "<$f1" ) ) {
376 print STDERR "Can't Open file $f1\n";
377 return 0;
378 }
379
380 if ( !open( $fp2, "<$f2" ) ) {
381 print STDERR "Can't Open file $f2\n";
382 return 0;
383 }
384
385 binmode $fp1;
386 binmode $fp2;
387
388 my $ret = 0;
389
390 for ( ; ; ) {
391 $n1 = sysread $fp1, $rd1, 4096;
392 $n2 = sysread $fp2, $rd2, 4096;
393 last if ( $n1 != $n2 );
394 last if ( $rd1 ne $rd2 );
395
396 if ( $n1 == 0 ) {
397 $ret = 1;
398 last;
399 }
400
401 }
402
403 close $fp1;
404 close $fp2;
405
406 return $ret;
407
408}
409
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
deleted file mode 100644
index c938bcf00d..0000000000
--- a/src/lib/libssl/test/cms-test.pl
+++ /dev/null
@@ -1,457 +0,0 @@
1# test/cms-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# CMS, PKCS7 consistency test script. Run extensive tests on
54# OpenSSL PKCS#7 and CMS implementations.
55
56my $ossl_path;
57my $redir = " 2> cms.err > cms.out";
58# Make VMS work
59if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
60 $ossl_path = "pipe mcr OSSLX:openssl";
61}
62# Make MSYS work
63elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
64 $ossl_path = "cmd /c ..\\apps\\openssl";
65}
66elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
67 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
68}
69elsif ( -f "..\\out32dll\\openssl.exe" ) {
70 $ossl_path = "..\\out32dll\\openssl.exe";
71}
72elsif ( -f "..\\out32\\openssl.exe" ) {
73 $ossl_path = "..\\out32\\openssl.exe";
74}
75else {
76 die "Can't find OpenSSL executable";
77}
78
79my $pk7cmd = "$ossl_path smime ";
80my $cmscmd = "$ossl_path cms ";
81my $smdir = "smime-certs";
82my $halt_err = 1;
83
84my $badcmd = 0;
85my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
86
87my @smime_pkcs7_tests = (
88
89 [
90 "signed content DER format, RSA key",
91 "-sign -in smcont.txt -outform \"DER\" -nodetach"
92 . " -certfile $smdir/smroot.pem"
93 . " -signer $smdir/smrsa1.pem -out test.cms",
94 "-verify -in test.cms -inform \"DER\" "
95 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
96 ],
97
98 [
99 "signed detached content DER format, RSA key",
100 "-sign -in smcont.txt -outform \"DER\""
101 . " -signer $smdir/smrsa1.pem -out test.cms",
102 "-verify -in test.cms -inform \"DER\" "
103 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
104 ],
105
106 [
107 "signed content test streaming BER format, RSA",
108 "-sign -in smcont.txt -outform \"DER\" -nodetach"
109 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
110 "-verify -in test.cms -inform \"DER\" "
111 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
112 ],
113
114 [
115 "signed content DER format, DSA key",
116 "-sign -in smcont.txt -outform \"DER\" -nodetach"
117 . " -signer $smdir/smdsa1.pem -out test.cms",
118 "-verify -in test.cms -inform \"DER\" "
119 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
120 ],
121
122 [
123 "signed detached content DER format, DSA key",
124 "-sign -in smcont.txt -outform \"DER\""
125 . " -signer $smdir/smdsa1.pem -out test.cms",
126 "-verify -in test.cms -inform \"DER\" "
127 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
128 ],
129
130 [
131 "signed detached content DER format, add RSA signer",
132 "-resign -inform \"DER\" -in test.cms -outform \"DER\""
133 . " -signer $smdir/smrsa1.pem -out test2.cms",
134 "-verify -in test2.cms -inform \"DER\" "
135 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
136 ],
137
138 [
139 "signed content test streaming BER format, DSA key",
140 "-sign -in smcont.txt -outform \"DER\" -nodetach"
141 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
142 "-verify -in test.cms -inform \"DER\" "
143 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
144 ],
145
146 [
147 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
148 "-sign -in smcont.txt -outform \"DER\" -nodetach"
149 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
150 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
151 . " -stream -out test.cms",
152 "-verify -in test.cms -inform \"DER\" "
153 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
154 ],
155
156 [
157"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
158 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
159 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
160 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
161 . " -stream -out test.cms",
162 "-verify -in test.cms -inform \"DER\" "
163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
164 ],
165
166 [
167 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
168 "-sign -in smcont.txt -nodetach"
169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
171 . " -stream -out test.cms",
172 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
173 ],
174
175 [
176"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
177 "-sign -in smcont.txt"
178 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
179 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
180 . " -stream -out test.cms",
181 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
182 ],
183
184 [
185 "enveloped content test streaming S/MIME format, 3 recipients",
186 "-encrypt -in smcont.txt"
187 . " -stream -out test.cms"
188 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
189 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
190 ],
191
192 [
193"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
194 "-encrypt -in smcont.txt"
195 . " -stream -out test.cms"
196 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
197 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
198 ],
199
200 [
201"enveloped content test streaming S/MIME format, 3 recipients, key only used",
202 "-encrypt -in smcont.txt"
203 . " -stream -out test.cms"
204 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
205 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
206 ],
207
208 [
209"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
210 "-encrypt -in smcont.txt"
211 . " -aes256 -stream -out test.cms"
212 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
213 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
214 ],
215
216);
217
218my @smime_cms_tests = (
219
220 [
221 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
222 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
223 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
224 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
225 . " -stream -out test.cms",
226 "-verify -in test.cms -inform \"DER\" "
227 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
228 ],
229
230 [
231 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
232 "-sign -in smcont.txt -outform PEM -nodetach"
233 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
234 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
235 . " -stream -out test.cms",
236 "-verify -in test.cms -inform PEM "
237 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
238 ],
239
240 [
241 "signed content MIME format, RSA key, signed receipt request",
242 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
243 . " -receipt_request_to test\@openssl.org -receipt_request_all"
244 . " -out test.cms",
245 "-verify -in test.cms "
246 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
247 ],
248
249 [
250 "signed receipt MIME format, RSA key",
251 "-sign_receipt -in test.cms"
252 . " -signer $smdir/smrsa2.pem"
253 . " -out test2.cms",
254 "-verify_receipt test2.cms -in test.cms"
255 . " \"-CAfile\" $smdir/smroot.pem"
256 ],
257
258 [
259 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
260 "-encrypt -in smcont.txt"
261 . " -stream -out test.cms -keyid"
262 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
263 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
264 ],
265
266 [
267 "enveloped content test streaming PEM format, KEK",
268 "-encrypt -in smcont.txt -outform PEM -aes128"
269 . " -stream -out test.cms "
270 . " -secretkey 000102030405060708090A0B0C0D0E0F "
271 . " -secretkeyid C0FEE0",
272 "-decrypt -in test.cms -out smtst.txt -inform PEM"
273 . " -secretkey 000102030405060708090A0B0C0D0E0F "
274 . " -secretkeyid C0FEE0"
275 ],
276
277 [
278 "enveloped content test streaming PEM format, KEK, key only",
279 "-encrypt -in smcont.txt -outform PEM -aes128"
280 . " -stream -out test.cms "
281 . " -secretkey 000102030405060708090A0B0C0D0E0F "
282 . " -secretkeyid C0FEE0",
283 "-decrypt -in test.cms -out smtst.txt -inform PEM"
284 . " -secretkey 000102030405060708090A0B0C0D0E0F "
285 ],
286
287 [
288 "data content test streaming PEM format",
289 "-data_create -in smcont.txt -outform PEM -nodetach"
290 . " -stream -out test.cms",
291 "-data_out -in test.cms -inform PEM -out smtst.txt"
292 ],
293
294 [
295 "encrypted content test streaming PEM format, 128 bit RC2 key",
296 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
297 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
298 . " -stream -out test.cms",
299 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
300 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
301 ],
302
303 [
304 "encrypted content test streaming PEM format, 40 bit RC2 key",
305 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
306 . " -rc2 -secretkey 0001020304"
307 . " -stream -out test.cms",
308 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
309 . " -secretkey 0001020304 -out smtst.txt"
310 ],
311
312 [
313 "encrypted content test streaming PEM format, triple DES key",
314 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
315 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
316 . " -stream -out test.cms",
317 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
318 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
319 . " -out smtst.txt"
320 ],
321
322 [
323 "encrypted content test streaming PEM format, 128 bit AES key",
324 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
325 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
326 . " -stream -out test.cms",
327 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
328 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
329 ],
330
331);
332
333my @smime_cms_comp_tests = (
334
335 [
336 "compressed content test streaming PEM format",
337 "-compress -in smcont.txt -outform PEM -nodetach"
338 . " -stream -out test.cms",
339 "-uncompress -in test.cms -inform PEM -out smtst.txt"
340 ]
341
342);
343
344print "CMS => PKCS#7 compatibility tests\n";
345
346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
347
348print "CMS <= PKCS#7 compatibility tests\n";
349
350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
351
352print "CMS <=> CMS consistency tests\n";
353
354run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
355run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
356
357if ( `$ossl_path version -f` =~ /ZLIB/ ) {
358 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
359}
360else {
361 print "Zlib not supported: compression tests skipped\n";
362}
363
364print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
365
366if ($badcmd) {
367 print "$badcmd TESTS FAILED!!\n";
368}
369else {
370 print "ALL TESTS SUCCESSFUL.\n";
371}
372
373unlink "test.cms";
374unlink "test2.cms";
375unlink "smtst.txt";
376unlink "cms.out";
377unlink "cms.err";
378
379sub run_smime_tests {
380 my ( $rv, $aref, $scmd, $vcmd ) = @_;
381
382 foreach $smtst (@$aref) {
383 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
384 if ($ossl8)
385 {
386 # Skip smime resign: 0.9.8 smime doesn't support -resign
387 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
388 # Disable streaming: option not supported in 0.9.8
389 $tnam =~ s/streaming//;
390 $rscmd =~ s/-stream//;
391 $rvcmd =~ s/-stream//;
392 }
393 system("$scmd$rscmd$redir");
394 if ($?) {
395 print "$tnam: generation error\n";
396 $$rv++;
397 exit 1 if $halt_err;
398 next;
399 }
400 system("$vcmd$rvcmd$redir");
401 if ($?) {
402 print "$tnam: verify error\n";
403 $$rv++;
404 exit 1 if $halt_err;
405 next;
406 }
407 if (!cmp_files("smtst.txt", "smcont.txt")) {
408 print "$tnam: content verify error\n";
409 $$rv++;
410 exit 1 if $halt_err;
411 next;
412 }
413 print "$tnam: OK\n";
414 }
415}
416
417sub cmp_files {
418 my ( $f1, $f2 ) = @_;
419 my ( $fp1, $fp2 );
420
421 my ( $rd1, $rd2 );
422
423 if ( !open( $fp1, "<$f1" ) ) {
424 print STDERR "Can't Open file $f1\n";
425 return 0;
426 }
427
428 if ( !open( $fp2, "<$f2" ) ) {
429 print STDERR "Can't Open file $f2\n";
430 return 0;
431 }
432
433 binmode $fp1;
434 binmode $fp2;
435
436 my $ret = 0;
437
438 for ( ; ; ) {
439 $n1 = sysread $fp1, $rd1, 4096;
440 $n2 = sysread $fp2, $rd2, 4096;
441 last if ( $n1 != $n2 );
442 last if ( $rd1 ne $rd2 );
443
444 if ( $n1 == 0 ) {
445 $ret = 1;
446 last;
447 }
448
449 }
450
451 close $fp1;
452 close $fp2;
453
454 return $ret;
455
456}
457
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
deleted file mode 100644
index 005c2f4822..0000000000
--- a/src/lib/libssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
1/* test/methtest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include "meth.h"
64#include <openssl/err.h>
65
66int main(argc,argv)
67int argc;
68char *argv[];
69 {
70 METHOD_CTX *top,*tmp1,*tmp2;
71
72 top=METH_new(x509_lookup()); /* get a top level context */
73 if (top == NULL) goto err;
74
75 tmp1=METH_new(x509_by_file());
76 if (top == NULL) goto err;
77 METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
78 METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
79 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
80
81 tmp2=METH_new(x509_by_dir());
82 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
83 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
84 METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
85 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
86
87/* tmp=METH_new(x509_by_issuer_dir);
88 METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
89 METH_push(top,METH_X509_BY_ISSUER,tmp);
90
91 tmp=METH_new(x509_by_issuer_primary);
92 METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
93 METH_push(top,METH_X509_BY_ISSUER,tmp);
94*/
95
96 METH_init(top);
97 METH_control(tmp1,METH_CONTROL_DUMP,stdout);
98 METH_control(tmp2,METH_CONTROL_DUMP,stdout);
99 EXIT(0);
100err:
101 ERR_load_crypto_strings();
102 ERR_print_errors_fp(stderr);
103 EXIT(1);
104 return(0);
105 }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN PKCS7-----
2MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
3SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
4AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
5eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
6MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
7bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
8ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
9FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
109XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
11BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
12bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
13BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
14j7Kie1x339mxW/w9VZNTUDQQweHh
15-----END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
1 MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
2 AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
3 EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
4 cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
5 ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
6 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
7 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
8 bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
9 CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
10 Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
11 CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
12 ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
13 l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
14 HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
15 Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
16 c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
17 YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
18 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
19 dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
20 LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
21 ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
22 biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
23 IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
24 AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
25 L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
26 HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
27 slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
28 ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
29 /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
30 aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
31 ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
32 OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
33 MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
34 Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
35 qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
36 sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
37 P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
38 A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
39 KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
40 Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
41 Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
42 hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
43 Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
44 dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
45 KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
46 dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
47 I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
48 ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
49 ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
50 ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
51 MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
52 /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
53 DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
54 b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
deleted file mode 100644
index 5c6b89fcdb..0000000000
--- a/src/lib/libssl/test/pkits-test.pl
+++ /dev/null
@@ -1,949 +0,0 @@
1# test/pkits-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl utility to run PKITS tests for RFC3280 compliance.
54
55my $ossl_path;
56
57if ( -f "../apps/openssl" ) {
58 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
59}
60elsif ( -f "..\\out32dll\\openssl.exe" ) {
61 $ossl_path = "..\\out32dll\\openssl.exe";
62}
63elsif ( -f "..\\out32\\openssl.exe" ) {
64 $ossl_path = "..\\out32\\openssl.exe";
65}
66else {
67 die "Can't find OpenSSL executable";
68}
69
70my $pkitsdir = "pkits/smime";
71my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
72
73die "Can't find PKITS test data" if !-d $pkitsdir;
74
75my $nist1 = "2.16.840.1.101.3.2.1.48.1";
76my $nist2 = "2.16.840.1.101.3.2.1.48.2";
77my $nist3 = "2.16.840.1.101.3.2.1.48.3";
78my $nist4 = "2.16.840.1.101.3.2.1.48.4";
79my $nist5 = "2.16.840.1.101.3.2.1.48.5";
80my $nist6 = "2.16.840.1.101.3.2.1.48.6";
81
82my $apolicy = "X509v3 Any Policy";
83
84# This table contains the chapter headings of the accompanying PKITS
85# document. They provide useful informational output and their names
86# can be converted into the filename to test.
87
88my @testlists = (
89 [ "4.1", "Signature Verification" ],
90 [ "4.1.1", "Valid Signatures Test1", 0 ],
91 [ "4.1.2", "Invalid CA Signature Test2", 7 ],
92 [ "4.1.3", "Invalid EE Signature Test3", 7 ],
93 [ "4.1.4", "Valid DSA Signatures Test4", 0 ],
94 [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ],
95 [ "4.1.6", "Invalid DSA Signature Test6", 7 ],
96 [ "4.2", "Validity Periods" ],
97 [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ],
98 [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ],
99 [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ],
100 [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ],
101 [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ],
102 [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ],
103 [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ],
104 [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ],
105 [ "4.3", "Verifying Name Chaining" ],
106 [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ],
107 [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ],
108 [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ],
109 [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ],
110 [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ],
111 [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ],
112 [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
113 [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ],
114 [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ],
115 [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
116 [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ],
117 [ "4.4", "Basic Certificate Revocation Tests" ],
118 [ "4.4.1", "Missing CRL Test1", 3 ],
119 [ "4.4.2", "Invalid Revoked CA Test2", 23 ],
120 [ "4.4.3", "Invalid Revoked EE Test3", 23 ],
121 [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ],
122 [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
123 [ "4.4.6", "Invalid Wrong CRL Test6", 3 ],
124 [ "4.4.7", "Valid Two CRLs Test7", 0 ],
125
126 # The test document suggests these should return certificate revoked...
127 # Subsquent discussion has concluded they should not due to unhandle
128 # critical CRL extensions.
129 [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
130 [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ],
131
132 [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ],
133 [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ],
134 [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ],
135 [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ],
136 [ "4.4.14", "Valid Negative Serial Number Test14", 0 ],
137 [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ],
138 [ "4.4.16", "Valid Long Serial Number Test16", 0 ],
139 [ "4.4.17", "Valid Long Serial Number Test17", 0 ],
140 [ "4.4.18", "Invalid Long Serial Number Test18", 23 ],
141 [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ],
142 [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
143
144 # CRL path is revoked so get a CRL path validation error
145 [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ],
146 [ "4.5", "Verifying Paths with Self-Issued Certificates" ],
147 [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ],
148 [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ],
149 [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ],
150 [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ],
151 [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ],
152 [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ],
153 [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ],
154 [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ],
155 [ "4.6", "Verifying Basic Constraints" ],
156 [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ],
157 [ "4.6.2", "Invalid cA False Test2", 24 ],
158 [ "4.6.3", "Invalid cA False Test3", 24 ],
159 [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ],
160 [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ],
161 [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ],
162 [ "4.6.7", "Valid pathLenConstraint Test7", 0 ],
163 [ "4.6.8", "Valid pathLenConstraint Test8", 0 ],
164 [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ],
165 [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ],
166 [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ],
167 [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ],
168 [ "4.6.13", "Valid pathLenConstraint Test13", 0 ],
169 [ "4.6.14", "Valid pathLenConstraint Test14", 0 ],
170 [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ],
171 [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ],
172 [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ],
173 [ "4.7", "Key Usage" ],
174 [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ],
175 [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
176 [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ],
177 [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ],
178 [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ],
179
180 # Certificate policy tests need special handling. They can have several
181 # sub tests and we need to check the outputs are correct.
182
183 [ "4.8", "Certificate Policies" ],
184 [
185 "4.8.1.1",
186 "All Certificates Same Policy Test1",
187 "-policy anyPolicy -explicit_policy",
188 "True", $nist1, $nist1, 0
189 ],
190 [
191 "4.8.1.2",
192 "All Certificates Same Policy Test1",
193 "-policy $nist1 -explicit_policy",
194 "True", $nist1, $nist1, 0
195 ],
196 [
197 "4.8.1.3",
198 "All Certificates Same Policy Test1",
199 "-policy $nist2 -explicit_policy",
200 "True", $nist1, "<empty>", 43
201 ],
202 [
203 "4.8.1.4",
204 "All Certificates Same Policy Test1",
205 "-policy $nist1 -policy $nist2 -explicit_policy",
206 "True", $nist1, $nist1, 0
207 ],
208 [
209 "4.8.2.1",
210 "All Certificates No Policies Test2",
211 "-policy anyPolicy",
212 "False", "<empty>", "<empty>", 0
213 ],
214 [
215 "4.8.2.2",
216 "All Certificates No Policies Test2",
217 "-policy anyPolicy -explicit_policy",
218 "True", "<empty>", "<empty>", 43
219 ],
220 [
221 "4.8.3.1",
222 "Different Policies Test3",
223 "-policy anyPolicy",
224 "False", "<empty>", "<empty>", 0
225 ],
226 [
227 "4.8.3.2",
228 "Different Policies Test3",
229 "-policy anyPolicy -explicit_policy",
230 "True", "<empty>", "<empty>", 43
231 ],
232 [
233 "4.8.3.3",
234 "Different Policies Test3",
235 "-policy $nist1 -policy $nist2 -explicit_policy",
236 "True", "<empty>", "<empty>", 43
237 ],
238
239 [
240 "4.8.4",
241 "Different Policies Test4",
242 "-policy anyPolicy",
243 "True", "<empty>", "<empty>", 43
244 ],
245 [
246 "4.8.5",
247 "Different Policies Test5",
248 "-policy anyPolicy",
249 "True", "<empty>", "<empty>", 43
250 ],
251 [
252 "4.8.6.1",
253 "Overlapping Policies Test6",
254 "-policy anyPolicy",
255 "True", $nist1, $nist1, 0
256 ],
257 [
258 "4.8.6.2",
259 "Overlapping Policies Test6",
260 "-policy $nist1",
261 "True", $nist1, $nist1, 0
262 ],
263 [
264 "4.8.6.3",
265 "Overlapping Policies Test6",
266 "-policy $nist2",
267 "True", $nist1, "<empty>", 43
268 ],
269 [
270 "4.8.7",
271 "Different Policies Test7",
272 "-policy anyPolicy",
273 "True", "<empty>", "<empty>", 43
274 ],
275 [
276 "4.8.8",
277 "Different Policies Test8",
278 "-policy anyPolicy",
279 "True", "<empty>", "<empty>", 43
280 ],
281 [
282 "4.8.9",
283 "Different Policies Test9",
284 "-policy anyPolicy",
285 "True", "<empty>", "<empty>", 43
286 ],
287 [
288 "4.8.10.1",
289 "All Certificates Same Policies Test10",
290 "-policy $nist1",
291 "True", "$nist1:$nist2", "$nist1", 0
292 ],
293 [
294 "4.8.10.2",
295 "All Certificates Same Policies Test10",
296 "-policy $nist2",
297 "True", "$nist1:$nist2", "$nist2", 0
298 ],
299 [
300 "4.8.10.3",
301 "All Certificates Same Policies Test10",
302 "-policy anyPolicy",
303 "True", "$nist1:$nist2", "$nist1:$nist2", 0
304 ],
305 [
306 "4.8.11.1",
307 "All Certificates AnyPolicy Test11",
308 "-policy anyPolicy",
309 "True", "$apolicy", "$apolicy", 0
310 ],
311 [
312 "4.8.11.2",
313 "All Certificates AnyPolicy Test11",
314 "-policy $nist1",
315 "True", "$apolicy", "$nist1", 0
316 ],
317 [
318 "4.8.12",
319 "Different Policies Test12",
320 "-policy anyPolicy",
321 "True", "<empty>", "<empty>", 43
322 ],
323 [
324 "4.8.13.1",
325 "All Certificates Same Policies Test13",
326 "-policy $nist1",
327 "True", "$nist1:$nist2:$nist3", "$nist1", 0
328 ],
329 [
330 "4.8.13.2",
331 "All Certificates Same Policies Test13",
332 "-policy $nist2",
333 "True", "$nist1:$nist2:$nist3", "$nist2", 0
334 ],
335 [
336 "4.8.13.3",
337 "All Certificates Same Policies Test13",
338 "-policy $nist3",
339 "True", "$nist1:$nist2:$nist3", "$nist3", 0
340 ],
341 [
342 "4.8.14.1", "AnyPolicy Test14",
343 "-policy $nist1", "True",
344 "$nist1", "$nist1",
345 0
346 ],
347 [
348 "4.8.14.2", "AnyPolicy Test14",
349 "-policy $nist2", "True",
350 "$nist1", "<empty>",
351 43
352 ],
353 [
354 "4.8.15",
355 "User Notice Qualifier Test15",
356 "-policy anyPolicy",
357 "False", "$nist1", "$nist1", 0
358 ],
359 [
360 "4.8.16",
361 "User Notice Qualifier Test16",
362 "-policy anyPolicy",
363 "False", "$nist1", "$nist1", 0
364 ],
365 [
366 "4.8.17",
367 "User Notice Qualifier Test17",
368 "-policy anyPolicy",
369 "False", "$nist1", "$nist1", 0
370 ],
371 [
372 "4.8.18.1",
373 "User Notice Qualifier Test18",
374 "-policy $nist1",
375 "True", "$nist1:$nist2", "$nist1", 0
376 ],
377 [
378 "4.8.18.2",
379 "User Notice Qualifier Test18",
380 "-policy $nist2",
381 "True", "$nist1:$nist2", "$nist2", 0
382 ],
383 [
384 "4.8.19",
385 "User Notice Qualifier Test19",
386 "-policy anyPolicy",
387 "False", "$nist1", "$nist1", 0
388 ],
389 [
390 "4.8.20",
391 "CPS Pointer Qualifier Test20",
392 "-policy anyPolicy -explicit_policy",
393 "True", "$nist1", "$nist1", 0
394 ],
395 [ "4.9", "Require Explicit Policy" ],
396 [
397 "4.9.1",
398 "Valid RequireExplicitPolicy Test1",
399 "-policy anyPolicy",
400 "False", "<empty>", "<empty>", 0
401 ],
402 [
403 "4.9.2",
404 "Valid RequireExplicitPolicy Test2",
405 "-policy anyPolicy",
406 "False", "<empty>", "<empty>", 0
407 ],
408 [
409 "4.9.3",
410 "Invalid RequireExplicitPolicy Test3",
411 "-policy anyPolicy",
412 "True", "<empty>", "<empty>", 43
413 ],
414 [
415 "4.9.4",
416 "Valid RequireExplicitPolicy Test4",
417 "-policy anyPolicy",
418 "True", "$nist1", "$nist1", 0
419 ],
420 [
421 "4.9.5",
422 "Invalid RequireExplicitPolicy Test5",
423 "-policy anyPolicy",
424 "True", "<empty>", "<empty>", 43
425 ],
426 [
427 "4.9.6",
428 "Valid Self-Issued requireExplicitPolicy Test6",
429 "-policy anyPolicy",
430 "False", "<empty>", "<empty>", 0
431 ],
432 [
433 "4.9.7",
434 "Invalid Self-Issued requireExplicitPolicy Test7",
435 "-policy anyPolicy",
436 "True", "<empty>", "<empty>", 43
437 ],
438 [
439 "4.9.8",
440 "Invalid Self-Issued requireExplicitPolicy Test8",
441 "-policy anyPolicy",
442 "True", "<empty>", "<empty>", 43
443 ],
444 [ "4.10", "Policy Mappings" ],
445 [
446 "4.10.1.1",
447 "Valid Policy Mapping Test1",
448 "-policy $nist1",
449 "True", "$nist1", "$nist1", 0
450 ],
451 [
452 "4.10.1.2",
453 "Valid Policy Mapping Test1",
454 "-policy $nist2",
455 "True", "$nist1", "<empty>", 43
456 ],
457 [
458 "4.10.1.3",
459 "Valid Policy Mapping Test1",
460 "-policy anyPolicy -inhibit_map",
461 "True", "<empty>", "<empty>", 43
462 ],
463 [
464 "4.10.2.1",
465 "Invalid Policy Mapping Test2",
466 "-policy anyPolicy",
467 "True", "<empty>", "<empty>", 43
468 ],
469 [
470 "4.10.2.2",
471 "Invalid Policy Mapping Test2",
472 "-policy anyPolicy -inhibit_map",
473 "True", "<empty>", "<empty>", 43
474 ],
475 [
476 "4.10.3.1",
477 "Valid Policy Mapping Test3",
478 "-policy $nist1",
479 "True", "$nist2", "<empty>", 43
480 ],
481 [
482 "4.10.3.2",
483 "Valid Policy Mapping Test3",
484 "-policy $nist2",
485 "True", "$nist2", "$nist2", 0
486 ],
487 [
488 "4.10.4",
489 "Invalid Policy Mapping Test4",
490 "-policy anyPolicy",
491 "True", "<empty>", "<empty>", 43
492 ],
493 [
494 "4.10.5.1",
495 "Valid Policy Mapping Test5",
496 "-policy $nist1",
497 "True", "$nist1", "$nist1", 0
498 ],
499 [
500 "4.10.5.2",
501 "Valid Policy Mapping Test5",
502 "-policy $nist6",
503 "True", "$nist1", "<empty>", 43
504 ],
505 [
506 "4.10.6.1",
507 "Valid Policy Mapping Test6",
508 "-policy $nist1",
509 "True", "$nist1", "$nist1", 0
510 ],
511 [
512 "4.10.6.2",
513 "Valid Policy Mapping Test6",
514 "-policy $nist6",
515 "True", "$nist1", "<empty>", 43
516 ],
517 [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
518 [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ],
519 [
520 "4.10.9",
521 "Valid Policy Mapping Test9",
522 "-policy anyPolicy",
523 "True", "$nist1", "$nist1", 0
524 ],
525 [
526 "4.10.10",
527 "Invalid Policy Mapping Test10",
528 "-policy anyPolicy",
529 "True", "<empty>", "<empty>", 43
530 ],
531 [
532 "4.10.11",
533 "Valid Policy Mapping Test11",
534 "-policy anyPolicy",
535 "True", "$nist1", "$nist1", 0
536 ],
537
538 # TODO: check notice display
539 [
540 "4.10.12.1",
541 "Valid Policy Mapping Test12",
542 "-policy $nist1",
543 "True", "$nist1:$nist2", "$nist1", 0
544 ],
545
546 # TODO: check notice display
547 [
548 "4.10.12.2",
549 "Valid Policy Mapping Test12",
550 "-policy $nist2",
551 "True", "$nist1:$nist2", "$nist2", 0
552 ],
553 [
554 "4.10.13",
555 "Valid Policy Mapping Test13",
556 "-policy anyPolicy",
557 "True", "$nist1", "$nist1", 0
558 ],
559
560 # TODO: check notice display
561 [
562 "4.10.14",
563 "Valid Policy Mapping Test14",
564 "-policy anyPolicy",
565 "True", "$nist1", "$nist1", 0
566 ],
567 [ "4.11", "Inhibit Policy Mapping" ],
568 [
569 "4.11.1",
570 "Invalid inhibitPolicyMapping Test1",
571 "-policy anyPolicy",
572 "True", "<empty>", "<empty>", 43
573 ],
574 [
575 "4.11.2",
576 "Valid inhibitPolicyMapping Test2",
577 "-policy anyPolicy",
578 "True", "$nist1", "$nist1", 0
579 ],
580 [
581 "4.11.3",
582 "Invalid inhibitPolicyMapping Test3",
583 "-policy anyPolicy",
584 "True", "<empty>", "<empty>", 43
585 ],
586 [
587 "4.11.4",
588 "Valid inhibitPolicyMapping Test4",
589 "-policy anyPolicy",
590 "True", "$nist2", "$nist2", 0
591 ],
592 [
593 "4.11.5",
594 "Invalid inhibitPolicyMapping Test5",
595 "-policy anyPolicy",
596 "True", "<empty>", "<empty>", 43
597 ],
598 [
599 "4.11.6",
600 "Invalid inhibitPolicyMapping Test6",
601 "-policy anyPolicy",
602 "True", "<empty>", "<empty>", 43
603 ],
604 [
605 "4.11.7",
606 "Valid Self-Issued inhibitPolicyMapping Test7",
607 "-policy anyPolicy",
608 "True", "$nist1", "$nist1", 0
609 ],
610 [
611 "4.11.8",
612 "Invalid Self-Issued inhibitPolicyMapping Test8",
613 "-policy anyPolicy",
614 "True", "<empty>", "<empty>", 43
615 ],
616 [
617 "4.11.9",
618 "Invalid Self-Issued inhibitPolicyMapping Test9",
619 "-policy anyPolicy",
620 "True", "<empty>", "<empty>", 43
621 ],
622 [
623 "4.11.10",
624 "Invalid Self-Issued inhibitPolicyMapping Test10",
625 "-policy anyPolicy",
626 "True", "<empty>", "<empty>", 43
627 ],
628 [
629 "4.11.11",
630 "Invalid Self-Issued inhibitPolicyMapping Test11",
631 "-policy anyPolicy",
632 "True", "<empty>", "<empty>", 43
633 ],
634 [ "4.12", "Inhibit Any Policy" ],
635 [
636 "4.12.1",
637 "Invalid inhibitAnyPolicy Test1",
638 "-policy anyPolicy",
639 "True", "<empty>", "<empty>", 43
640 ],
641 [
642 "4.12.2",
643 "Valid inhibitAnyPolicy Test2",
644 "-policy anyPolicy",
645 "True", "$nist1", "$nist1", 0
646 ],
647 [
648 "4.12.3.1",
649 "inhibitAnyPolicy Test3",
650 "-policy anyPolicy",
651 "True", "$nist1", "$nist1", 0
652 ],
653 [
654 "4.12.3.2",
655 "inhibitAnyPolicy Test3",
656 "-policy anyPolicy -inhibit_any",
657 "True", "<empty>", "<empty>", 43
658 ],
659 [
660 "4.12.4",
661 "Invalid inhibitAnyPolicy Test4",
662 "-policy anyPolicy",
663 "True", "<empty>", "<empty>", 43
664 ],
665 [
666 "4.12.5",
667 "Invalid inhibitAnyPolicy Test5",
668 "-policy anyPolicy",
669 "True", "<empty>", "<empty>", 43
670 ],
671 [
672 "4.12.6",
673 "Invalid inhibitAnyPolicy Test6",
674 "-policy anyPolicy",
675 "True", "<empty>", "<empty>", 43
676 ],
677 [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ],
678 [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ],
679 [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ],
680 [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ],
681 [ "4.13", "Name Constraints" ],
682 [ "4.13.1", "Valid DN nameConstraints Test1", 0 ],
683 [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ],
684 [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ],
685 [ "4.13.4", "Valid DN nameConstraints Test4", 0 ],
686 [ "4.13.5", "Valid DN nameConstraints Test5", 0 ],
687 [ "4.13.6", "Valid DN nameConstraints Test6", 0 ],
688 [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ],
689 [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ],
690 [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ],
691 [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ],
692 [ "4.13.11", "Valid DN nameConstraints Test11", 0 ],
693 [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ],
694 [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ],
695 [ "4.13.14", "Valid DN nameConstraints Test14", 0 ],
696 [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ],
697 [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ],
698 [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ],
699 [ "4.13.18", "Valid DN nameConstraints Test18", 0 ],
700 [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ],
701 [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
702 [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ],
703 [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ],
704 [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ],
705 [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ],
706 [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ],
707 [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ],
708 [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ],
709 [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ],
710 [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ],
711 [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ],
712 [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ],
713 [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ],
714 [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ],
715 [ "4.13.34", "Valid URI nameConstraints Test34", 0 ],
716 [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ],
717 [ "4.13.36", "Valid URI nameConstraints Test36", 0 ],
718 [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ],
719 [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ],
720 [ "4.14", "Distribution Points" ],
721 [ "4.14.1", "Valid distributionPoint Test1", 0 ],
722 [ "4.14.2", "Invalid distributionPoint Test2", 23 ],
723 [ "4.14.3", "Invalid distributionPoint Test3", 44 ],
724 [ "4.14.4", "Valid distributionPoint Test4", 0 ],
725 [ "4.14.5", "Valid distributionPoint Test5", 0 ],
726 [ "4.14.6", "Invalid distributionPoint Test6", 23 ],
727 [ "4.14.7", "Valid distributionPoint Test7", 0 ],
728 [ "4.14.8", "Invalid distributionPoint Test8", 44 ],
729 [ "4.14.9", "Invalid distributionPoint Test9", 44 ],
730 [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ],
731 [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ],
732 [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ],
733 [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ],
734 [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ],
735 [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ],
736 [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ],
737 [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ],
738 [ "4.14.18", "Valid onlySomeReasons Test18", 0 ],
739 [ "4.14.19", "Valid onlySomeReasons Test19", 0 ],
740 [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ],
741 [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ],
742 [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ],
743 [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ],
744 [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ],
745 [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ],
746 [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ],
747 [ "4.14.27", "Invalid cRLIssuer Test27", 3 ],
748 [ "4.14.28", "Valid cRLIssuer Test28", 0 ],
749 [ "4.14.29", "Valid cRLIssuer Test29", 0 ],
750
751 # Although this test is valid it has a circular dependency. As a result
752 # an attempt is made to reursively checks a CRL path and rejected due to
753 # a CRL path validation error. PKITS notes suggest this test does not
754 # need to be run due to this issue.
755 [ "4.14.30", "Valid cRLIssuer Test30", 54 ],
756 [ "4.14.31", "Invalid cRLIssuer Test31", 23 ],
757 [ "4.14.32", "Invalid cRLIssuer Test32", 23 ],
758 [ "4.14.33", "Valid cRLIssuer Test33", 0 ],
759 [ "4.14.34", "Invalid cRLIssuer Test34", 23 ],
760 [ "4.14.35", "Invalid cRLIssuer Test35", 44 ],
761 [ "4.15", "Delta-CRLs" ],
762 [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ],
763 [ "4.15.2", "Valid delta-CRL Test2", 0 ],
764 [ "4.15.3", "Invalid delta-CRL Test3", 23 ],
765 [ "4.15.4", "Invalid delta-CRL Test4", 23 ],
766 [ "4.15.5", "Valid delta-CRL Test5", 0 ],
767 [ "4.15.6", "Invalid delta-CRL Test6", 23 ],
768 [ "4.15.7", "Valid delta-CRL Test7", 0 ],
769 [ "4.15.8", "Valid delta-CRL Test8", 0 ],
770 [ "4.15.9", "Invalid delta-CRL Test9", 23 ],
771 [ "4.15.10", "Invalid delta-CRL Test10", 12 ],
772 [ "4.16", "Private Certificate Extensions" ],
773 [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
774 [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ],
775);
776
777
778my $verbose = 1;
779
780my $numtest = 0;
781my $numfail = 0;
782
783my $ossl = "ossl/apps/openssl";
784
785my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
786$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
787
788# Check for expiry of trust anchor
789system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0";
790if ($? == 256)
791 {
792 print STDERR "WARNING: using older expired data\n";
793 $ossl_cmd .= "-attime 1291940972 ";
794 }
795
796$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
797
798system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
799
800die "Can't create trust anchor file" if $?;
801
802print "Running PKITS tests:\n" if $verbose;
803
804foreach (@testlists) {
805 my $argnum = @$_;
806 if ( $argnum == 2 ) {
807 my ( $tnum, $title ) = @$_;
808 print "$tnum $title\n" if $verbose;
809 }
810 elsif ( $argnum == 3 ) {
811 my ( $tnum, $title, $exp_ret ) = @$_;
812 my $filename = $title;
813 $exp_ret += 32 if $exp_ret;
814 $filename =~ tr/ -//d;
815 $filename = "Signed${filename}.eml";
816 if ( !-f "$pkitsdir/$filename" ) {
817 print "\"$filename\" not found\n";
818 }
819 else {
820 my $ret;
821 my $test_fail = 0;
822 my $errmsg = "";
823 my $cmd = $ossl_cmd;
824 $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
825 my $cmdout = `$cmd`;
826 $ret = $? >> 8;
827 if ( $? & 0xff ) {
828 $errmsg .= "Abnormal OpenSSL termination\n";
829 $test_fail = 1;
830 }
831 if ( $exp_ret != $ret ) {
832 $errmsg .= "Return code:$ret, ";
833 $errmsg .= "expected $exp_ret\n";
834 $test_fail = 1;
835 }
836 if ($test_fail) {
837 print "$tnum $title : Failed!\n";
838 print "Filename: $pkitsdir/$filename\n";
839 print $errmsg;
840 print "Command output:\n$cmdout\n";
841 $numfail++;
842 }
843 $numtest++;
844 }
845 }
846 elsif ( $argnum == 7 ) {
847 my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
848 = @$_;
849 my $filename = $title;
850 $exp_ret += 32 if $exp_ret;
851 $filename =~ tr/ -//d;
852 $filename = "Signed${filename}.eml";
853 if ( !-f "$pkitsdir/$filename" ) {
854 print "\"$filename\" not found\n";
855 }
856 else {
857 my $ret;
858 my $cmdout = "";
859 my $errmsg = "";
860 my $epol = "";
861 my $aset = "";
862 my $uset = "";
863 my $pol = -1;
864 my $test_fail = 0;
865 my $cmd = $ossl_cmd;
866 $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
867 @oparr = `$cmd`;
868 $ret = $? >> 8;
869
870 if ( $? & 0xff ) {
871 $errmsg .= "Abnormal OpenSSL termination\n";
872 $test_fail = 1;
873 }
874 foreach (@oparr) {
875 my $test_failed = 0;
876 $cmdout .= $_;
877 if (/^Require explicit Policy: (.*)$/) {
878 $epol = $1;
879 }
880 if (/^Authority Policies/) {
881 if (/empty/) {
882 $aset = "<empty>";
883 }
884 else {
885 $pol = 1;
886 }
887 }
888 $test_fail = 1 if (/leak/i);
889 if (/^User Policies/) {
890 if (/empty/) {
891 $uset = "<empty>";
892 }
893 else {
894 $pol = 2;
895 }
896 }
897 if (/\s+Policy: (.*)$/) {
898 if ( $pol == 1 ) {
899 $aset .= ":" if $aset ne "";
900 $aset .= $1;
901 }
902 elsif ( $pol == 2 ) {
903 $uset .= ":" if $uset ne "";
904 $uset .= $1;
905 }
906 }
907 }
908
909 if ( $epol ne $exp_epol ) {
910 $errmsg .= "Explicit policy:$epol, ";
911 $errmsg .= "expected $exp_epol\n";
912 $test_fail = 1;
913 }
914 if ( $aset ne $exp_aset ) {
915 $errmsg .= "Authority policy set :$aset, ";
916 $errmsg .= "expected $exp_aset\n";
917 $test_fail = 1;
918 }
919 if ( $uset ne $exp_uset ) {
920 $errmsg .= "User policy set :$uset, ";
921 $errmsg .= "expected $exp_uset\n";
922 $test_fail = 1;
923 }
924
925 if ( $exp_ret != $ret ) {
926 print "Return code:$ret, expected $exp_ret\n";
927 $test_fail = 1;
928 }
929
930 if ($test_fail) {
931 print "$tnum $title : Failed!\n";
932 print "Filename: $pkitsdir/$filename\n";
933 print "Command output:\n$cmdout\n";
934 $numfail++;
935 }
936 $numtest++;
937 }
938 }
939}
940
941if ($numfail) {
942 print "$numfail tests failed out of $numtest\n";
943}
944else {
945 print "All Tests Successful.\n";
946}
947
948unlink "pkitsta.pem";
949
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
deleted file mode 100644
index a172e393ca..0000000000
--- a/src/lib/libssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* test/r160test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
deleted file mode 100644
index e837c0b75b..0000000000
--- a/src/lib/libssl/test/smcont.txt
+++ /dev/null
@@ -1 +0,0 @@
1Some test content for OpenSSL CMS \ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
deleted file mode 100644
index d5677dbfbe..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa1.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
9YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
10C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
119fMUZq1v0ePD4Wo0Xkxo
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
25CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
267WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
27h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
284Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
31kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
32phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
33hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
deleted file mode 100644
index ef86c115d7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
9It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
10VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
11Nf8SimTZYB0/CKje6M5ufA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
25g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
266WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
27j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
28FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
29rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
30FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
31FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
326Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
33jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
deleted file mode 100644
index eeb848dabc..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
9GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
10TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
11Y+XZd0Sv69CatDIRYWvaIA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
25M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
26aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
27pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
28VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
31k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
32rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
33OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
deleted file mode 100644
index 249706c8c7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsap.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN DSA PARAMETERS-----
2MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
3Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
4gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
5qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
6Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
7GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
8Qw5z
9-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
deleted file mode 100644
index a59eb2684c..0000000000
--- a/src/lib/libssl/test/smime-certs/smroot.pem
+++ /dev/null
@@ -1,30 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
39Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
4speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
5AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
6JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
7xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
8U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
9Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
101tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
113Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
123ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
13U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
140J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
21ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
22wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
239HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
2481XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
25BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
26dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
27SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
28l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
29r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
30-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
deleted file mode 100644
index 2cf3148e33..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa1.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
3ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
4JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
5AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
6KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
7JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
8xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
9KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
10Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
11h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
12oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
13QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
14SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
23ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
24yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
28O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
299cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
30I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
deleted file mode 100644
index d41f69c82f..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa2.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
359i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
4WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
5AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
6+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
7dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
8bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
9QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
10M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
11iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
12A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
13jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
146rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
23eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
2400obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
28rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
29ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
30YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
deleted file mode 100644
index c8cbe55151..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa3.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
3ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
4h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
5AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
6iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
7/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
8ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
9hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
10OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
11RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
129XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
13GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
14VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
23Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
24Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
28tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
29jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
30PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 055269eab8..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl crl'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testcrl.pem
9fi
10
11echo testing crl conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index 10834442a1..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ ca ]
10default_ca = CA_default # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir = ./demoCA # Where everything is kept
16certs = $dir/certs # Where the issued certs are kept
17crl_dir = $dir/crl # Where the issued crl are kept
18database = $dir/index.txt # database index file.
19new_certs_dir = $dir/new_certs # default place for new certs.
20
21certificate = $dir/CAcert.pem # The CA certificate
22serial = $dir/serial # The current serial number
23crl = $dir/crl.pem # The current CRL
24private_key = $dir/private/CAkey.pem# The private key
25RANDFILE = $dir/private/.rand # private random number file
26
27default_days = 365 # how long to certify for
28default_crl_days= 30 # how long before next CRL
29default_md = md5 # which md to use.
30
31# A few difference way of specifying how similar the request should look
32# For type CA, the listed attributes must be the same, and the optional
33# and supplied fields are just that :-)
34policy = policy_match
35
36# For the CA policy
37[ policy_match ]
38countryName = match
39stateOrProvinceName = match
40organizationName = match
41organizationalUnitName = optional
42commonName = supplied
43emailAddress = optional
44
45# For the 'anything' policy
46# At this point in time, you must list all acceptable 'object'
47# types.
48[ policy_anything ]
49countryName = optional
50stateOrProvinceName = optional
51localityName = optional
52organizationName = optional
53organizationalUnitName = optional
54commonName = supplied
55emailAddress = optional
56
57####################################################################
58[ req ]
59default_bits = 1024
60default_keyfile = testkey.pem
61distinguished_name = req_distinguished_name
62encrypt_rsa_key = no
63
64[ req_distinguished_name ]
65countryName = Country Name (2 letter code)
66countryName_default = AU
67countryName_value = AU
68
69stateOrProvinceName = State or Province Name (full name)
70stateOrProvinceName_default = Queensland
71stateOrProvinceName_value =
72
73localityName = Locality Name (eg, city)
74localityName_value = Brisbane
75
76organizationName = Organization Name (eg, company)
77organizationName_default =
78organizationName_value = CryptSoft Pty Ltd
79
80organizationalUnitName = Organizational Unit Name (eg, section)
81organizationalUnitName_default =
82organizationalUnitName_value = .
83
84commonName = Common Name (eg, YOUR name)
85commonName_value = Eric Young
86
87emailAddress = Email Address
88emailAddress_value = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni
deleted file mode 100644
index e8fb63ee2b..0000000000
--- a/src/lib/libssl/test/test_aesni
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine aesni | grep -v no-aesni; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25 BUFSIZE="16 32 48 64 80 96 128 144 999"
26
27 nerr=0
28
29 for alg in $AES_ALGS; do
30 echo $alg
31 for bufsize in $BUFSIZE; do
32 TEST=`( cat $PROG | \
33 $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
34 $PROG enc -d -k "$HASH" -$alg | \
35 $PROG dgst -hex ) 2>/dev/null`
36 if [ "$TEST" != "$HASH" ]; then
37 echo "-$alg/$bufsize encrypt test failed"
38 nerr=`expr $nerr + 1`
39 fi
40 done
41 for bufsize in $BUFSIZE; do
42 TEST=`( cat $PROG | \
43 $PROG enc -e -k "$HASH" -$alg | \
44 $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
45 $PROG dgst -hex ) 2>/dev/null`
46 if [ "$TEST" != "$HASH" ]; then
47 echo "-$alg/$bufsize decrypt test failed"
48 nerr=`expr $nerr + 1`
49 fi
50 done
51 TEST=`( cat $PROG | \
52 $PROG enc -e -k "$HASH" -$alg -engine aesni | \
53 $PROG enc -d -k "$HASH" -$alg -engine aesni | \
54 $PROG dgst -hex ) 2>/dev/null`
55 if [ "$TEST" != "$HASH" ]; then
56 echo "-$alg en/decrypt test failed"
57 nerr=`expr $nerr + 1`
58 fi
59 done
60
61 if [ $nerr -gt 0 ]; then
62 echo "AESNI engine test failed."
63 exit 1;
64 fi
65else
66 echo "AESNI engine is not available"
67fi
68
69exit 0
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
deleted file mode 100755
index 5c0f21043c..0000000000
--- a/src/lib/libssl/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine padlock | grep -v no-ACE; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25
26 nerr=0
27
28 for alg in $ACE_ALGS; do
29 echo $alg
30 TEST=`( cat $PROG | \
31 $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
32 $PROG enc -d -k "$HASH" -$alg | \
33 $PROG dgst -hex ) 2>/dev/null`
34 if [ "$TEST" != "$HASH" ]; then
35 echo "-$alg encrypt test failed"
36 nerr=`expr $nerr + 1`
37 fi
38 TEST=`( cat $PROG | \
39 $PROG enc -e -k "$HASH" -$alg | \
40 $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
41 $PROG dgst -hex ) 2>/dev/null`
42 if [ "$TEST" != "$HASH" ]; then
43 echo "-$alg decrypt test failed"
44 nerr=`expr $nerr + 1`
45 fi
46 TEST=`( cat $PROG | \
47 $PROG enc -e -k "$HASH" -$alg -engine padlock | \
48 $PROG enc -d -k "$HASH" -$alg -engine padlock | \
49 $PROG dgst -hex ) 2>/dev/null`
50 if [ "$TEST" != "$HASH" ]; then
51 echo "-$alg en/decrypt test failed"
52 nerr=`expr $nerr + 1`
53 fi
54 done
55
56 if [ $nerr -gt 0 ]; then
57 echo "PadLock ACE test failed."
58 exit 1;
59 fi
60else
61 echo "PadLock ACE is not available"
62fi
63
64exit 0
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index b109cfe271..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
1#!/bin/sh
2
3SH="/bin/sh"
4if test "$OSTYPE" = msdosdjgpp; then
5 PATH="../apps\;$PATH"
6else
7 PATH="../apps:$PATH"
8fi
9export SH PATH
10
11SSLEAY_CONFIG="-config CAss.cnf"
12export SSLEAY_CONFIG
13
14OPENSSL="`pwd`/../util/opensslwrap.sh"
15export OPENSSL
16
17/bin/rm -fr demoCA
18$SH ../apps/CA.sh -newca <<EOF
19EOF
20
21if [ $? != 0 ]; then
22 exit 1;
23fi
24
25SSLEAY_CONFIG="-config Uss.cnf"
26export SSLEAY_CONFIG
27$SH ../apps/CA.sh -newreq
28if [ $? != 0 ]; then
29 exit 1;
30fi
31
32
33SSLEAY_CONFIG="-config ../apps/openssl.cnf"
34export SSLEAY_CONFIG
35$SH ../apps/CA.sh -sign <<EOF
36y
37y
38EOF
39if [ $? != 0 ]; then
40 exit 1;
41fi
42
43
44$SH ../apps/CA.sh -verify newcert.pem
45if [ $? != 0 ]; then
46 exit 1;
47fi
48
49/bin/rm -fr demoCA newcert.pem newreq.pem
50#usage: CA -newcert|-newreq|-newca|-sign|-verify
51
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN X509 CRL-----
2MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
3F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
4IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
5MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
6MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
7MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
8MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
9MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
10MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
11NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
12NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
13AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
14wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
15JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
16-----END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index f5ce7c0c45..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
1#!/bin/sh
2
3testsrc=Makefile
4test=./p
5cmd="../util/shlib_wrap.sh ../apps/openssl"
6
7cat $testsrc >$test;
8
9echo cat
10$cmd enc < $test > $test.cipher
11$cmd enc < $test.cipher >$test.clear
12cmp $test $test.clear
13if [ $? != 0 ]
14then
15 exit 1
16else
17 /bin/rm $test.cipher $test.clear
18fi
19echo base64
20$cmd enc -a -e < $test > $test.cipher
21$cmd enc -a -d < $test.cipher >$test.clear
22cmp $test $test.clear
23if [ $? != 0 ]
24then
25 exit 1
26else
27 /bin/rm $test.cipher $test.clear
28fi
29
30for i in `$cmd list-cipher-commands`
31do
32 echo $i
33 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
34 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
35 cmp $test $test.$i.clear
36 if [ $? != 0 ]
37 then
38 exit 1
39 else
40 /bin/rm $test.$i.cipher $test.$i.clear
41 fi
42
43 echo $i base64
44 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
45 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
46 cmp $test $test.$i.clear
47 if [ $? != 0 ]
48 then
49 exit 1
50 else
51 /bin/rm $test.$i.cipher $test.$i.clear
52 fi
53done
54rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/sh
2
3T=testcert
4KEY=512
5CA=../certs/testca.pem
6
7/bin/rm -f $T.1 $T.2 $T.key
8
9if test "$OSTYPE" = msdosdjgpp; then
10 PATH=../apps\;$PATH;
11else
12 PATH=../apps:$PATH;
13fi
14export PATH
15
16echo "generating certificate request"
17
18echo "string to make the random number generator think it has entropy" >> ./.rnd
19
20if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
21 req_new='-newkey dsa:../apps/dsa512.pem'
22else
23 req_new='-new'
24 echo "There should be a 2 sequences of .'s and some +'s."
25 echo "There should not be more that at most 80 per line"
26fi
27
28echo "This could take some time."
29
30rm -f testkey.pem testreq.pem
31
32../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
33if [ $? != 0 ]; then
34echo problems creating request
35exit 1
36fi
37
38../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
39if [ $? != 0 ]; then
40echo signature on req is wrong
41exit 1
42fi
43
44exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
1-----BEGIN PKCS7-----
2MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
3cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
4DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
5BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
6HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
7ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
8biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
9aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
10aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
11VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
12UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
13AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
14BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
15ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
16IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
17bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
18L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
19OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
20IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
21ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
22cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
23QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
24MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
25AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
26cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
27AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
28MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
29QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
30dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
31Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
32DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
33TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
34AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
352d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
3647ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
37MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
38QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
39AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
40ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
41BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
42ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
43MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
44sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
45XfZsaiiIgotQHjEA
46-----END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
3QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
4DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
5hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
6gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
7-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
3Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
4rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
5oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
6mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
7rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
8mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
1-----BEGIN SSL SESSION PARAMETERS-----
2MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
3bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
4ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
5YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
6A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
7LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
8CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
9TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
10hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
11CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
12-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
1#!/bin/sh
2
3digest='-sha1'
4reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
5x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
6verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
7dummycnf="../apps/openssl.cnf"
8
9CAkey="keyCA.ss"
10CAcert="certCA.ss"
11CAreq="reqCA.ss"
12CAconf="CAss.cnf"
13CAreq2="req2CA.ss" # temp
14
15Uconf="Uss.cnf"
16Ukey="keyU.ss"
17Ureq="reqU.ss"
18Ucert="certU.ss"
19
20P1conf="P1ss.cnf"
21P1key="keyP1.ss"
22P1req="reqP1.ss"
23P1cert="certP1.ss"
24P1intermediate="tmp_intP1.ss"
25
26P2conf="P2ss.cnf"
27P2key="keyP2.ss"
28P2req="reqP2.ss"
29P2cert="certP2.ss"
30P2intermediate="tmp_intP2.ss"
31
32echo
33echo "make a certificate request using 'req'"
34
35echo "string to make the random number generator think it has entropy" >> ./.rnd
36
37if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
38 req_new='-newkey dsa:../apps/dsa512.pem'
39else
40 req_new='-new'
41fi
42
43$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
44if [ $? != 0 ]; then
45 echo "error using 'req' to generate a certificate request"
46 exit 1
47fi
48echo
49echo "convert the certificate request into a self signed certificate using 'x509'"
50$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
51if [ $? != 0 ]; then
52 echo "error using 'x509' to self sign a certificate request"
53 exit 1
54fi
55
56echo
57echo "convert a certificate into a certificate request using 'x509'"
58$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
59if [ $? != 0 ]; then
60 echo "error using 'x509' convert a certificate to a certificate request"
61 exit 1
62fi
63
64$reqcmd -config $dummycnf -verify -in $CAreq -noout
65if [ $? != 0 ]; then
66 echo first generated request is invalid
67 exit 1
68fi
69
70$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
71if [ $? != 0 ]; then
72 echo second generated request is invalid
73 exit 1
74fi
75
76$verifycmd -CAfile $CAcert $CAcert
77if [ $? != 0 ]; then
78 echo first generated cert is invalid
79 exit 1
80fi
81
82echo
83echo "make a user certificate request using 'req'"
84$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
85if [ $? != 0 ]; then
86 echo "error using 'req' to generate a user certificate request"
87 exit 1
88fi
89
90echo
91echo "sign user certificate request with the just created CA via 'x509'"
92$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
93if [ $? != 0 ]; then
94 echo "error using 'x509' to sign a user certificate request"
95 exit 1
96fi
97
98$verifycmd -CAfile $CAcert $Ucert
99echo
100echo "Certificate details"
101$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
102
103echo
104echo "make a proxy certificate request using 'req'"
105$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
106if [ $? != 0 ]; then
107 echo "error using 'req' to generate a proxy certificate request"
108 exit 1
109fi
110
111echo
112echo "sign proxy certificate request with the just created user certificate via 'x509'"
113$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
114if [ $? != 0 ]; then
115 echo "error using 'x509' to sign a proxy certificate request"
116 exit 1
117fi
118
119cat $Ucert > $P1intermediate
120$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
121echo
122echo "Certificate details"
123$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
124
125echo
126echo "make another proxy certificate request using 'req'"
127$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
128if [ $? != 0 ]; then
129 echo "error using 'req' to generate another proxy certificate request"
130 exit 1
131fi
132
133echo
134echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
135$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
136if [ $? != 0 ]; then
137 echo "error using 'x509' to sign a second proxy certificate request"
138 exit 1
139fi
140
141cat $Ucert $P1cert > $P2intermediate
142$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
143echo
144echo "Certificate details"
145$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
146
147echo
148echo The generated CA certificate is $CAcert
149echo The generated CA private key is $CAkey
150
151echo The generated user certificate is $Ucert
152echo The generated user private key is $Ukey
153
154echo The first generated proxy certificate is $P1cert
155echo The first generated proxy private key is $P1key
156
157echo The second generated proxy certificate is $P2cert
158echo The second generated proxy private key is $P2key
159
160/bin/rm err.ss
161#/bin/rm $P1intermediate
162#/bin/rm $P2intermediate
163exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index 5ae4dc8720..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,161 +0,0 @@
1#!/bin/sh
2
3if [ "$1" = "" ]; then
4 key=../apps/server.pem
5else
6 key="$1"
7fi
8if [ "$2" = "" ]; then
9 cert=../apps/server.pem
10else
11 cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16 dsa_cert=YES
17else
18 dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22 CA="-CApath ../certs"
23else
24 CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28 extra=""
29else
30 extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42 echo test sslv2 with client authentication
43 $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45 echo test sslv2 with both client and server authentication
46 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2 via BIO pair
74$ssltest -bio_pair -ssl2 $extra || exit 1
75
76echo test sslv2 with server authentication via BIO pair
77$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78
79if [ $dsa_cert = NO ]; then
80 echo test sslv2 with client authentication via BIO pair
81 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82
83 echo test sslv2 with both client and server authentication via BIO pair
84 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85fi
86
87echo test sslv3 via BIO pair
88$ssltest -bio_pair -ssl3 $extra || exit 1
89
90echo test sslv3 with server authentication via BIO pair
91$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92
93echo test sslv3 with client authentication via BIO pair
94$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95
96echo test sslv3 with both client and server authentication via BIO pair
97$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 via BIO pair
100$ssltest $extra || exit 1
101
102if [ $dsa_cert = NO ]; then
103 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
104 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
105fi
106
107echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109
110echo test sslv2/sslv3 with server authentication
111$ssltest -bio_pair -server_auth $CA $extra || exit 1
112
113echo test sslv2/sslv3 with client authentication via BIO pair
114$ssltest -bio_pair -client_auth $CA $extra || exit 1
115
116echo test sslv2/sslv3 with both client and server authentication via BIO pair
117$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118
119echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121
122#############################################################################
123
124if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
125 echo skipping anonymous DH tests
126else
127 echo test tls1 with 1024bit anonymous DH, multiple handshakes
128 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
129fi
130
131if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
132 echo skipping RSA tests
133else
134 echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
135 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
136
137 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
138 echo skipping RSA+DHE tests
139 else
140 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
141 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
142 fi
143fi
144
145echo test tls1 with PSK
146$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
147
148echo test tls1 with PSK via BIO pair
149$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
150
151if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
152 echo skipping SRP tests
153else
154 echo test tls1 with SRP
155 $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
156
157 echo test tls1 with SRP via BIO pair
158 $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
159fi
160
161exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
1#! /bin/sh
2
3echo 'Testing a lot of proxy conditions.'
4echo 'Some of them may turn out being invalid, which is fine.'
5for auth in A B C BC; do
6 for cond in A B C 'A|B&!C'; do
7 sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
8 if [ $? = 3 ]; then exit 1; fi
9 done
10done
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
deleted file mode 100644
index bb653b5f73..0000000000
--- a/src/lib/libssl/test/testtsa
+++ /dev/null
@@ -1,238 +0,0 @@
1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
17# Because that's what ../apps/CA.sh really looks at
18SSLEAY_CONFIG="-config $OPENSSL_CONF"
19export SSLEAY_CONFIG
20
21OPENSSL="`pwd`/../util/opensslwrap.sh"
22export OPENSSL
23
24error () {
25
26 echo "TSA test failed!" >&2
27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
56 export INDEX
57 EXT=$2
58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
60
61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
69 test $? != 0 && error
70}
71
72print_request () {
73
74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75}
76
77create_time_stamp_request1 () {
78
79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93 test $? != 0 && error
94}
95
96print_response () {
97
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113 test $? != 0 && error
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119 test $? != 0 && error
120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121 test $? != 0 && error
122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140 test $? != 0 && error
141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
143 test $? != 0 && error
144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
154 test $? = 0 && error
155 echo Ok
156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
3BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
4MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
5RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
6AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
7/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
8Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
9zl9HYIMxATFyqSiD9jsx
10-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 6b66eb342e..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
1
2More number for the questions about SSL overheads....
3
4The following numbers were generated on a Pentium pro 200, running Linux.
5They give an indication of the SSL protocol and encryption overheads.
6
7The program that generated them is an unreleased version of ssl/ssltest.c
8which is the SSLeay ssl protocol testing program. It is a single process that
9talks both sides of the SSL protocol via a non-blocking memory buffer
10interface.
11
12How do I read this? The protocol and cipher are reasonable obvious.
13The next number is the number of connections being made. The next is the
14number of bytes exchanged between the client and server side of the protocol.
15This is the number of bytes that the client sends to the server, and then
16the server sends back. Because this is all happening in one process,
17the data is being encrypted, decrypted, encrypted and then decrypted again.
18It is a round trip of that many bytes. Because the one process performs
19both the client and server sides of the protocol and it sends this many bytes
20each direction, multiply this number by 4 to generate the number
21of bytes encrypted/decrypted/MACed. The first time value is how many seconds
22elapsed doing a full SSL handshake, the second is the cost of one
23full handshake and the rest being session-id reuse.
24
25SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
26SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
27SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
28SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
29SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
30SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
31SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
32
33SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
34SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
35SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
36SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
37SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
38SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
39
40SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
41SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
42SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
43SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
44SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
45SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
46SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
47
48SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
49SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
50SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
51SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
52SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
53SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
54SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
55
56What does this all mean? Well for a server, with no session-id reuse, with
57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
58a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
59about 49 connections a second. Reality will be quite different :-).
60
61Remember the first number is 1000 full ssl handshakes, the second is
621 full and 999 with session-id reuse. The RSA overheads for each exchange
63would be one public and one private operation, but the protocol/MAC/cipher
64cost would be quite similar in both the client and server.
65
66eric (adding numbers to speculation)
67
68--- Appendix ---
69- The time measured is user time but these number a very rough.
70- Remember this is the cost of both client and server sides of the protocol.
71- The TCP/kernel overhead of connection establishment is normally the
72 killer in SSL. Often delays in the TCP protocol will make session-id
73 reuse look slower that new sessions, but this would not be the case on
74 a loaded server.
75- The TCP round trip latencies, while slowing individual connections,
76 would have minimal impact on throughput.
77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
78- the required number of bytes are processed.
79- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
80- A 512bit server key was being used except where noted.
81- No server key verification was being performed on the client side of the
82 protocol. This would slow things down very little.
83- The library being used is SSLeay 0.8.x.
84- The normal measuring system was commands of the form
85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
86 This modified version of ssltest should be in the next public release of
87 SSLeay.
88
89The general cipher performance number for this platform are
90
91SSLeay 0.8.2a 04-Sep-1997
92built on Fri Sep 5 17:37:05 EST 1997
93options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
94C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
95The 'numbers' are in 1000s of bytes per second processed.
96type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
97md2 131.02k 368.41k 500.57k 549.21k 566.09k
98mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
99md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
100sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
101sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
102rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
103des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
104des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
105idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
106rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
107blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
108 sign verify
109rsa 512 bits 0.0100s 0.0011s
110rsa 1024 bits 0.0451s 0.0012s
111rsa 2048 bits 0.2605s 0.0086s
112rsa 4096 bits 1.6883s 0.0302s
113
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 3e435ffbf9..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testp7.pem
9fi
10
11echo testing pkcs7 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp fff.p f.p
36if [ $? != 0 ]; then exit 1; fi
37cmp fff.p ff.p1
38if [ $? != 0 ]; then exit 1; fi
39cmp fff.p ff.p3
40if [ $? != 0 ]; then exit 1; fi
41
42cmp f.p ff.p1
43if [ $? != 0 ]; then exit 1; fi
44cmp f.p ff.p3
45if [ $? != 0 ]; then exit 1; fi
46
47/bin/rm -f f.* ff.* fff.*
48exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e88f..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=pkcs7-1.pem
9fi
10
11echo "testing pkcs7 conversions (2)"
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp f.p ff.p1
36if [ $? != 0 ]; then exit 1; fi
37cmp f.p ff.p3
38if [ $? != 0 ]; then exit 1; fi
39
40/bin/rm -f f.* ff.* fff.*
41exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 77f37dcf3a..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testreq.pem
9fi
10
11if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
12 echo "skipping req conversion test for $t"
13 exit 0
14fi
15
16echo testing req conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -verify -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -verify -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 249ac1ddcc..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
4 echo skipping rsa conversion test
5 exit 0
6fi
7
8cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
9
10if [ "$1"x != "x" ]; then
11 t=$1
12else
13 t=testrsa.pem
14fi
15
16echo testing rsa conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index 6adbd531ce..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testsid.pem
9fi
10
11echo testing session-id conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 4a15b98d17..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl x509'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testx509.pem
9fi
10
11echo testing X509 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> n"
18$cmd -in fff.p -inform p -outform n >f.n
19if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27echo "n -> d"
28$cmd -in f.n -inform n -outform d >ff.d2
29if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34echo "d -> n"
35$cmd -in f.d -inform d -outform n >ff.n1
36if [ $? != 0 ]; then exit 1; fi
37echo "n -> n"
38$cmd -in f.n -inform n -outform n >ff.n2
39if [ $? != 0 ]; then exit 1; fi
40echo "p -> n"
41$cmd -in f.p -inform p -outform n >ff.n3
42if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47echo "n -> p"
48$cmd -in f.n -inform n -outform p >ff.p2
49if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58cmp fff.p ff.p2
59if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63cmp f.n ff.n1
64if [ $? != 0 ]; then exit 1; fi
65cmp f.n ff.n2
66if [ $? != 0 ]; then exit 1; fi
67cmp f.n ff.n3
68if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72cmp f.p ff.p2
73if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
3NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
4dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
5ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
6ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
7ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
8miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
9AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
10Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
11DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
12MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
13AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
14X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
15WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
3YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
4ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
5dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
6WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
7BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
8FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
96ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
10G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
11YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
12b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
13F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
14lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
15jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index c39c267f0b..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,735 +0,0 @@
1/* ssl/tls1.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#ifndef HEADER_TLS1_H
152#define HEADER_TLS1_H
153
154#include <openssl/buffer.h>
155
156#ifdef __cplusplus
157extern "C" {
158#endif
159
160#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
161
162#define TLS1_2_VERSION 0x0303
163#define TLS1_2_VERSION_MAJOR 0x03
164#define TLS1_2_VERSION_MINOR 0x03
165
166#define TLS1_1_VERSION 0x0302
167#define TLS1_1_VERSION_MAJOR 0x03
168#define TLS1_1_VERSION_MINOR 0x02
169
170#define TLS1_VERSION 0x0301
171#define TLS1_VERSION_MAJOR 0x03
172#define TLS1_VERSION_MINOR 0x01
173
174#define TLS1_get_version(s) \
175 ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
176
177#define TLS1_get_client_version(s) \
178 ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
179
180#define TLS1_AD_DECRYPTION_FAILED 21
181#define TLS1_AD_RECORD_OVERFLOW 22
182#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
183#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
184#define TLS1_AD_DECODE_ERROR 50 /* fatal */
185#define TLS1_AD_DECRYPT_ERROR 51
186#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
187#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
188#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
189#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
190#define TLS1_AD_USER_CANCELLED 90
191#define TLS1_AD_NO_RENEGOTIATION 100
192/* codes 110-114 are from RFC3546 */
193#define TLS1_AD_UNSUPPORTED_EXTENSION 110
194#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
195#define TLS1_AD_UNRECOGNIZED_NAME 112
196#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
197#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
198#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
199
200/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
201#define TLSEXT_TYPE_server_name 0
202#define TLSEXT_TYPE_max_fragment_length 1
203#define TLSEXT_TYPE_client_certificate_url 2
204#define TLSEXT_TYPE_trusted_ca_keys 3
205#define TLSEXT_TYPE_truncated_hmac 4
206#define TLSEXT_TYPE_status_request 5
207/* ExtensionType values from RFC4681 */
208#define TLSEXT_TYPE_user_mapping 6
209
210/* ExtensionType values from RFC5878 */
211#define TLSEXT_TYPE_client_authz 7
212#define TLSEXT_TYPE_server_authz 8
213
214/* ExtensionType values from RFC6091 */
215#define TLSEXT_TYPE_cert_type 9
216
217/* ExtensionType values from RFC4492 */
218#define TLSEXT_TYPE_elliptic_curves 10
219#define TLSEXT_TYPE_ec_point_formats 11
220
221/* ExtensionType value from RFC5054 */
222#define TLSEXT_TYPE_srp 12
223
224/* ExtensionType values from RFC5246 */
225#define TLSEXT_TYPE_signature_algorithms 13
226
227/* ExtensionType value from RFC5764 */
228#define TLSEXT_TYPE_use_srtp 14
229
230/* ExtensionType value from RFC5620 */
231#define TLSEXT_TYPE_heartbeat 15
232
233/* ExtensionType value from RFC4507 */
234#define TLSEXT_TYPE_session_ticket 35
235
236/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
237#if 0 /* will have to be provided externally for now ,
238 * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
239 * using whatever extension number you'd like to try */
240# define TLSEXT_TYPE_opaque_prf_input ?? */
241#endif
242
243/* Temporary extension type */
244#define TLSEXT_TYPE_renegotiate 0xff01
245
246#ifndef OPENSSL_NO_NEXTPROTONEG
247/* This is not an IANA defined extension number */
248#define TLSEXT_TYPE_next_proto_neg 13172
249#endif
250
251/* NameType value from RFC 3546 */
252#define TLSEXT_NAMETYPE_host_name 0
253/* status request value from RFC 3546 */
254#define TLSEXT_STATUSTYPE_ocsp 1
255
256/* ECPointFormat values from draft-ietf-tls-ecc-12 */
257#define TLSEXT_ECPOINTFORMAT_first 0
258#define TLSEXT_ECPOINTFORMAT_uncompressed 0
259#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
260#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
261#define TLSEXT_ECPOINTFORMAT_last 2
262
263/* Signature and hash algorithms from RFC 5246 */
264
265#define TLSEXT_signature_anonymous 0
266#define TLSEXT_signature_rsa 1
267#define TLSEXT_signature_dsa 2
268#define TLSEXT_signature_ecdsa 3
269
270#define TLSEXT_hash_none 0
271#define TLSEXT_hash_md5 1
272#define TLSEXT_hash_sha1 2
273#define TLSEXT_hash_sha224 3
274#define TLSEXT_hash_sha256 4
275#define TLSEXT_hash_sha384 5
276#define TLSEXT_hash_sha512 6
277
278#ifndef OPENSSL_NO_TLSEXT
279
280#define TLSEXT_MAXLEN_host_name 255
281
282const char *SSL_get_servername(const SSL *s, const int type);
283int SSL_get_servername_type(const SSL *s);
284/* SSL_export_keying_material exports a value derived from the master secret,
285 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
286 * optional context. (Since a zero length context is allowed, the |use_context|
287 * flag controls whether a context is included.)
288 *
289 * It returns 1 on success and zero otherwise.
290 */
291int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
292 const char *label, size_t llen, const unsigned char *p, size_t plen,
293 int use_context);
294
295#define SSL_set_tlsext_host_name(s,name) \
296SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
297
298#define SSL_set_tlsext_debug_callback(ssl, cb) \
299SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
300
301#define SSL_set_tlsext_debug_arg(ssl, arg) \
302SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
303
304#define SSL_set_tlsext_status_type(ssl, type) \
305SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
306
307#define SSL_get_tlsext_status_exts(ssl, arg) \
308SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
309
310#define SSL_set_tlsext_status_exts(ssl, arg) \
311SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
312
313#define SSL_get_tlsext_status_ids(ssl, arg) \
314SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
315
316#define SSL_set_tlsext_status_ids(ssl, arg) \
317SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
318
319#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
320SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
321
322#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
323SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
324
325#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
326SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
327
328#define SSL_TLSEXT_ERR_OK 0
329#define SSL_TLSEXT_ERR_ALERT_WARNING 1
330#define SSL_TLSEXT_ERR_ALERT_FATAL 2
331#define SSL_TLSEXT_ERR_NOACK 3
332
333#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
334SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
335
336#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
337 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
338#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
339 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
340
341#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
342SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
343
344#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
345SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
346
347#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
348SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
349#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
350SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
351#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
352SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
353
354#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
355SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
356
357#ifndef OPENSSL_NO_HEARTBEATS
358#define SSL_TLSEXT_HB_ENABLED 0x01
359#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02
360#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04
361
362#define SSL_get_tlsext_heartbeat_pending(ssl) \
363 SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
364#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
365 SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
366#endif
367#endif
368
369/* PSK ciphersuites from 4279 */
370#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
371#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
372#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
373#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
374
375/* Additional TLS ciphersuites from expired Internet Draft
376 * draft-ietf-tls-56-bit-ciphersuites-01.txt
377 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
378 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
379 * shouldn't. Note that the first two are actually not in the IDs. */
380#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */
381#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
382#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
383#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
384#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
385#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
386#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
387
388/* AES ciphersuites from RFC3268 */
389
390#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
391#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
392#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
393#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
394#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
395#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
396
397#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
398#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
399#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
400#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
401#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
402#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
403
404/* TLS v1.2 ciphersuites */
405#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
406#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
407#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
408#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
409#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
410#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
411
412/* Camellia ciphersuites from RFC4132 */
413#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
414#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
415#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
416#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
417#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
418#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
419
420/* TLS v1.2 ciphersuites */
421#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
422#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
423#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
424#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
425#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
426#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
427#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
428
429/* Camellia ciphersuites from RFC4132 */
430#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
431#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
432#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
433#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
434#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
435#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
436
437/* SEED ciphersuites from RFC4162 */
438#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
439#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
440#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
441#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
442#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
443#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
444
445/* TLS v1.2 GCM ciphersuites from RFC5288 */
446#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
447#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
448#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
449#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
450#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
451#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
452#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
453#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
454#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
455#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
456#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
457#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
458
459/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
460#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
461#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
462#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
463#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
464#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
465
466#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
467#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
468#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
469#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
470#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
471
472#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
473#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
474#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
475#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
476#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
477
478#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
479#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
480#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
481#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
482#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
483
484#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
485#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
486#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
487#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
488#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
489
490/* SRP ciphersuites from RFC 5054 */
491#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
492#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
493#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
494#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
495#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
496#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
497#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
498#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
499#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
500
501/* ECDH HMAC based ciphersuites from RFC5289 */
502
503#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
504#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
505#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
506#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
507#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
508#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
509#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
510#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
511
512/* ECDH GCM based ciphersuites from RFC5289 */
513#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
514#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
515#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
516#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
517#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
518#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
519#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
520#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
521
522/* XXX
523 * Inconsistency alert:
524 * The OpenSSL names of ciphers with ephemeral DH here include the string
525 * "DHE", while elsewhere it has always been "EDH".
526 * (The alias for the list of all such ciphers also is "EDH".)
527 * The specifications speak of "EDH"; maybe we should allow both forms
528 * for everything. */
529#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
530#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
531#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
532#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
533#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
534#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
535#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
536
537/* AES ciphersuites from RFC3268 */
538#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
539#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
540#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
541#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
542#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
543#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
544
545#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
546#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
547#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
548#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
549#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
550#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
551
552/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
553#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
554#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
555#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
556#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
557#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
558
559#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
560#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
561#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
562#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
563#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
564
565#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
566#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
567#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
568#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
569#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
570
571#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
572#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
573#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
574#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
575#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
576
577#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
578#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
579#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
580#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
581#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
582
583/* PSK ciphersuites from RFC 4279 */
584#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
585#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
586#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
587#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
588
589/* SRP ciphersuite from RFC 5054 */
590#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
591#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
592#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
593#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
594#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
595#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
596#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
597#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
598#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
599
600/* Camellia ciphersuites from RFC4132 */
601#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
602#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
603#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
604#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
605#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
606#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
607
608#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
609#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
610#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
611#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
612#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
613#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
614
615/* SEED ciphersuites from RFC4162 */
616#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
617#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
618#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
619#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
620#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
621#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
622
623/* TLS v1.2 ciphersuites */
624#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
625#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
626#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
627#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
628#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
629#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
630#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
631#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
632#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
633#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
634#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
635#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
636#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
637
638/* TLS v1.2 GCM ciphersuites from RFC5288 */
639#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
640#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
641#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
642#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
643#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
644#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
645#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
646#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
647#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
648#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
649#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
650#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
651
652/* ECDH HMAC based ciphersuites from RFC5289 */
653
654#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
655#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
656#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
657#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
658#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
659#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
660#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
661#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
662
663/* ECDH GCM based ciphersuites from RFC5289 */
664#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
665#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
666#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256"
667#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384"
668#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
669#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
670#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
671#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
672
673#define TLS_CT_RSA_SIGN 1
674#define TLS_CT_DSS_SIGN 2
675#define TLS_CT_RSA_FIXED_DH 3
676#define TLS_CT_DSS_FIXED_DH 4
677#define TLS_CT_ECDSA_SIGN 64
678#define TLS_CT_RSA_FIXED_ECDH 65
679#define TLS_CT_ECDSA_FIXED_ECDH 66
680#define TLS_CT_GOST94_SIGN 21
681#define TLS_CT_GOST01_SIGN 22
682/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
683 * comment there) */
684#define TLS_CT_NUMBER 9
685
686#define TLS1_FINISH_MAC_LENGTH 12
687
688#define TLS_MD_MAX_CONST_SIZE 20
689#define TLS_MD_CLIENT_FINISH_CONST "client finished"
690#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
691#define TLS_MD_SERVER_FINISH_CONST "server finished"
692#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
693#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
694#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
695#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
696#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
697#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
698#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
699#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
700#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
701#define TLS_MD_IV_BLOCK_CONST "IV block"
702#define TLS_MD_IV_BLOCK_CONST_SIZE 8
703#define TLS_MD_MASTER_SECRET_CONST "master secret"
704#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
705
706#ifdef CHARSET_EBCDIC
707#undef TLS_MD_CLIENT_FINISH_CONST
708#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/
709#undef TLS_MD_SERVER_FINISH_CONST
710#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/
711#undef TLS_MD_SERVER_WRITE_KEY_CONST
712#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
713#undef TLS_MD_KEY_EXPANSION_CONST
714#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/
715#undef TLS_MD_CLIENT_WRITE_KEY_CONST
716#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/
717#undef TLS_MD_SERVER_WRITE_KEY_CONST
718#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
719#undef TLS_MD_IV_BLOCK_CONST
720#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/
721#undef TLS_MD_MASTER_SECRET_CONST
722#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
723#endif
724
725/* TLS Session Ticket extension struct */
726struct tls_session_ticket_ext_st
727 {
728 unsigned short length;
729 void *data;
730 };
731
732#ifdef __cplusplus
733}
734#endif
735#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-09 09:39:31 +0000