summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/LICENSE133
-rw-r--r--src/lib/libssl/bio_ssl.c581
-rw-r--r--src/lib/libssl/bs_ber.c268
-rw-r--r--src/lib/libssl/bs_cbb.c436
-rw-r--r--src/lib/libssl/bs_cbs.c511
-rw-r--r--src/lib/libssl/bytestring.h511
-rw-r--r--src/lib/libssl/d1_both.c1424
-rw-r--r--src/lib/libssl/d1_clnt.c1160
-rw-r--r--src/lib/libssl/d1_enc.c210
-rw-r--r--src/lib/libssl/d1_lib.c474
-rw-r--r--src/lib/libssl/d1_meth.c112
-rw-r--r--src/lib/libssl/d1_pkt.c1484
-rw-r--r--src/lib/libssl/d1_srtp.c473
-rw-r--r--src/lib/libssl/d1_srvr.c1329
-rw-r--r--src/lib/libssl/doc/BIO_f_ssl.3478
-rw-r--r--src/lib/libssl/doc/SSL_CIPHER_get_name.3196
-rw-r--r--src/lib/libssl/doc/SSL_COMP_add_compression_method.368
-rw-r--r--src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.345
-rw-r--r--src/lib/libssl/doc/SSL_CTX_add_session.390
-rw-r--r--src/lib/libssl/doc/SSL_CTX_ctrl.349
-rw-r--r--src/lib/libssl/doc/SSL_CTX_flush_sessions.357
-rw-r--r--src/lib/libssl/doc/SSL_CTX_free.348
-rw-r--r--src/lib/libssl/doc/SSL_CTX_get_ex_new_index.370
-rw-r--r--src/lib/libssl/doc/SSL_CTX_get_verify_mode.373
-rw-r--r--src/lib/libssl/doc/SSL_CTX_load_verify_locations.3161
-rw-r--r--src/lib/libssl/doc/SSL_CTX_new.3111
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sess_number.3104
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.355
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3159
-rw-r--r--src/lib/libssl/doc/SSL_CTX_sessions.334
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_cert_store.380
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3112
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_cipher_list.382
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3132
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3143
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.395
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3196
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_info_callback.3167
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3105
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_mode.3126
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_msg_callback.3135
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_options.3395
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.368
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3115
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3143
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_session_id_context.3105
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_ssl_version.381
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_timeout.365
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3235
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3231
-rw-r--r--src/lib/libssl/doc/SSL_CTX_set_verify.3415
-rw-r--r--src/lib/libssl/doc/SSL_CTX_use_certificate.3336
-rw-r--r--src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3110
-rw-r--r--src/lib/libssl/doc/SSL_SESSION_free.379
-rw-r--r--src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.380
-rw-r--r--src/lib/libssl/doc/SSL_SESSION_get_time.394
-rw-r--r--src/lib/libssl/doc/SSL_accept.3103
-rw-r--r--src/lib/libssl/doc/SSL_alert_type_string.3193
-rw-r--r--src/lib/libssl/doc/SSL_clear.392
-rw-r--r--src/lib/libssl/doc/SSL_connect.3102
-rw-r--r--src/lib/libssl/doc/SSL_do_handshake.3101
-rw-r--r--src/lib/libssl/doc/SSL_free.362
-rw-r--r--src/lib/libssl/doc/SSL_get_SSL_CTX.328
-rw-r--r--src/lib/libssl/doc/SSL_get_ciphers.368
-rw-r--r--src/lib/libssl/doc/SSL_get_client_CA_list.361
-rw-r--r--src/lib/libssl/doc/SSL_get_current_cipher.352
-rw-r--r--src/lib/libssl/doc/SSL_get_default_timeout.336
-rw-r--r--src/lib/libssl/doc/SSL_get_error.3169
-rw-r--r--src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.365
-rw-r--r--src/lib/libssl/doc/SSL_get_ex_new_index.376
-rw-r--r--src/lib/libssl/doc/SSL_get_fd.346
-rw-r--r--src/lib/libssl/doc/SSL_get_peer_cert_chain.347
-rw-r--r--src/lib/libssl/doc/SSL_get_peer_certificate.353
-rw-r--r--src/lib/libssl/doc/SSL_get_psk_identity.344
-rw-r--r--src/lib/libssl/doc/SSL_get_rbio.345
-rw-r--r--src/lib/libssl/doc/SSL_get_session.397
-rw-r--r--src/lib/libssl/doc/SSL_get_verify_result.349
-rw-r--r--src/lib/libssl/doc/SSL_get_version.335
-rw-r--r--src/lib/libssl/doc/SSL_library_init.354
-rw-r--r--src/lib/libssl/doc/SSL_load_client_CA_file.353
-rw-r--r--src/lib/libssl/doc/SSL_new.341
-rw-r--r--src/lib/libssl/doc/SSL_pending.344
-rw-r--r--src/lib/libssl/doc/SSL_read.3193
-rw-r--r--src/lib/libssl/doc/SSL_rstate_string.355
-rw-r--r--src/lib/libssl/doc/SSL_session_reused.332
-rw-r--r--src/lib/libssl/doc/SSL_set_bio.351
-rw-r--r--src/lib/libssl/doc/SSL_set_connect_state.371
-rw-r--r--src/lib/libssl/doc/SSL_set_fd.373
-rw-r--r--src/lib/libssl/doc/SSL_set_session.368
-rw-r--r--src/lib/libssl/doc/SSL_set_shutdown.388
-rw-r--r--src/lib/libssl/doc/SSL_set_verify_result.342
-rw-r--r--src/lib/libssl/doc/SSL_shutdown.3204
-rw-r--r--src/lib/libssl/doc/SSL_state_string.357
-rw-r--r--src/lib/libssl/doc/SSL_want.3103
-rw-r--r--src/lib/libssl/doc/SSL_write.3175
-rw-r--r--src/lib/libssl/doc/d2i_SSL_SESSION.3129
-rw-r--r--src/lib/libssl/doc/openssl.cnf348
-rw-r--r--src/lib/libssl/doc/openssl.txt1254
-rw-r--r--src/lib/libssl/doc/ssl.31320
-rw-r--r--src/lib/libssl/doc/standards.txt285
-rw-r--r--src/lib/libssl/dtls1.h246
-rw-r--r--src/lib/libssl/pqueue.c201
-rw-r--r--src/lib/libssl/pqueue.h89
-rw-r--r--src/lib/libssl/s23_clnt.c610
-rw-r--r--src/lib/libssl/s23_lib.c132
-rw-r--r--src/lib/libssl/s23_pkt.c116
-rw-r--r--src/lib/libssl/s23_srvr.c635
-rw-r--r--src/lib/libssl/s3_both.c721
-rw-r--r--src/lib/libssl/s3_cbc.c686
-rw-r--r--src/lib/libssl/s3_clnt.c2669
-rw-r--r--src/lib/libssl/s3_lib.c2860
-rw-r--r--src/lib/libssl/s3_pkt.c1395
-rw-r--r--src/lib/libssl/s3_srvr.c2778
-rw-r--r--src/lib/libssl/shlib_version3
-rw-r--r--src/lib/libssl/srtp.h143
-rw-r--r--src/lib/libssl/ssl.h2389
-rw-r--r--src/lib/libssl/ssl2.h153
-rw-r--r--src/lib/libssl/ssl23.h82
-rw-r--r--src/lib/libssl/ssl3.h617
-rw-r--r--src/lib/libssl/ssl_algs.c131
-rw-r--r--src/lib/libssl/ssl_asn1.c692
-rw-r--r--src/lib/libssl/ssl_cert.c735
-rw-r--r--src/lib/libssl/ssl_ciph.c1765
-rw-r--r--src/lib/libssl/ssl_err.c615
-rw-r--r--src/lib/libssl/ssl_err2.c72
-rw-r--r--src/lib/libssl/ssl_lib.c3125
-rw-r--r--src/lib/libssl/ssl_locl.h875
-rw-r--r--src/lib/libssl/ssl_rsa.c755
-rw-r--r--src/lib/libssl/ssl_sess.c1102
-rw-r--r--src/lib/libssl/ssl_stat.c801
-rw-r--r--src/lib/libssl/ssl_txt.c187
-rw-r--r--src/lib/libssl/t1_clnt.c193
-rw-r--r--src/lib/libssl/t1_enc.c1244
-rw-r--r--src/lib/libssl/t1_lib.c2423
-rw-r--r--src/lib/libssl/t1_meth.c191
-rw-r--r--src/lib/libssl/t1_reneg.c286
-rw-r--r--src/lib/libssl/t1_srvr.c194
-rw-r--r--src/lib/libssl/test/CAss.cnf76
-rw-r--r--src/lib/libssl/test/CAssdh.cnf24
-rw-r--r--src/lib/libssl/test/CAssdsa.cnf23
-rw-r--r--src/lib/libssl/test/CAssrsa.cnf24
-rw-r--r--src/lib/libssl/test/CAtsa.cnf163
-rw-r--r--src/lib/libssl/test/P1ss.cnf37
-rw-r--r--src/lib/libssl/test/P2ss.cnf45
-rw-r--r--src/lib/libssl/test/Sssdsa.cnf27
-rw-r--r--src/lib/libssl/test/Sssrsa.cnf26
-rw-r--r--src/lib/libssl/test/Uss.cnf36
-rw-r--r--src/lib/libssl/test/VMSca-response.11
-rw-r--r--src/lib/libssl/test/VMSca-response.22
-rwxr-xr-xsrc/lib/libssl/test/asn1test.c23
-rw-r--r--src/lib/libssl/test/bctest111
-rw-r--r--src/lib/libssl/test/cms-examples.pl409
-rw-r--r--src/lib/libssl/test/cms-test.pl459
-rw-r--r--src/lib/libssl/test/methtest.c105
-rw-r--r--src/lib/libssl/test/pkcs7-1.pem15
-rw-r--r--src/lib/libssl/test/pkcs7.pem54
-rw-r--r--src/lib/libssl/test/pkits-test.pl949
-rw-r--r--src/lib/libssl/test/r160test.c57
-rw-r--r--src/lib/libssl/test/smcont.txt1
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa1.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa2.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsa3.pem34
-rw-r--r--src/lib/libssl/test/smime-certs/smdsap.pem9
-rw-r--r--src/lib/libssl/test/smime-certs/smroot.pem30
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa1.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa2.pem31
-rw-r--r--src/lib/libssl/test/smime-certs/smrsa3.pem31
-rw-r--r--src/lib/libssl/test/tcrl78
-rw-r--r--src/lib/libssl/test/test.cnf88
-rw-r--r--src/lib/libssl/test/test_aesni69
-rwxr-xr-xsrc/lib/libssl/test/test_padlock64
-rw-r--r--src/lib/libssl/test/testca51
-rw-r--r--src/lib/libssl/test/testcrl.pem16
-rw-r--r--src/lib/libssl/test/testenc54
-rw-r--r--src/lib/libssl/test/testgen44
-rw-r--r--src/lib/libssl/test/testp7.pem46
-rw-r--r--src/lib/libssl/test/testreq2.pem7
-rw-r--r--src/lib/libssl/test/testrsa.pem9
-rw-r--r--src/lib/libssl/test/testsid.pem12
-rw-r--r--src/lib/libssl/test/testss163
-rw-r--r--src/lib/libssl/test/testssl178
-rw-r--r--src/lib/libssl/test/testsslproxy10
-rw-r--r--src/lib/libssl/test/testtsa238
-rw-r--r--src/lib/libssl/test/testx509.pem10
-rw-r--r--src/lib/libssl/test/times113
-rw-r--r--src/lib/libssl/test/tpkcs748
-rw-r--r--src/lib/libssl/test/tpkcs7d41
-rw-r--r--src/lib/libssl/test/treq83
-rw-r--r--src/lib/libssl/test/trsa83
-rw-r--r--src/lib/libssl/test/tsid78
-rw-r--r--src/lib/libssl/test/tx50978
-rw-r--r--src/lib/libssl/test/v3-cert1.pem16
-rw-r--r--src/lib/libssl/test/v3-cert2.pem16
-rw-r--r--src/lib/libssl/tls1.h752
194 files changed, 0 insertions, 58450 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index 892e14a450..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,133 +0,0 @@
1
2 LibReSSL files are retained under the copyright of the authors. New
3 additions are ISC licensed as per OpenBSD's normal licensing policy,
4 or are placed in the public domain.
5
6 The OpenSSL code is distributed under the terms of the original OpenSSL
7 licenses which follow:
8
9 LICENSE ISSUES
10 ==============
11
12 The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
13 the OpenSSL License and the original SSLeay license apply to the toolkit.
14 See below for the actual license texts. In case of any license issues
15 related to OpenSSL please contact openssl-core@openssl.org.
16
17 OpenSSL License
18 ---------------
19
20/* ====================================================================
21 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 *
27 * 1. Redistributions of source code must retain the above copyright
28 * notice, this list of conditions and the following disclaimer.
29 *
30 * 2. Redistributions in binary form must reproduce the above copyright
31 * notice, this list of conditions and the following disclaimer in
32 * the documentation and/or other materials provided with the
33 * distribution.
34 *
35 * 3. All advertising materials mentioning features or use of this
36 * software must display the following acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
39 *
40 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
41 * endorse or promote products derived from this software without
42 * prior written permission. For written permission, please contact
43 * openssl-core@openssl.org.
44 *
45 * 5. Products derived from this software may not be called "OpenSSL"
46 * nor may "OpenSSL" appear in their names without prior written
47 * permission of the OpenSSL Project.
48 *
49 * 6. Redistributions of any form whatsoever must retain the following
50 * acknowledgment:
51 * "This product includes software developed by the OpenSSL Project
52 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
53 *
54 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
55 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
57 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
58 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
59 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
60 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
61 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
62 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
63 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
64 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
65 * OF THE POSSIBILITY OF SUCH DAMAGE.
66 * ====================================================================
67 *
68 * This product includes cryptographic software written by Eric Young
69 * (eay@cryptsoft.com). This product includes software written by Tim
70 * Hudson (tjh@cryptsoft.com).
71 *
72 */
73
74 Original SSLeay License
75 -----------------------
76
77/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
78 * All rights reserved.
79 *
80 * This package is an SSL implementation written
81 * by Eric Young (eay@cryptsoft.com).
82 * The implementation was written so as to conform with Netscapes SSL.
83 *
84 * This library is free for commercial and non-commercial use as long as
85 * the following conditions are aheared to. The following conditions
86 * apply to all code found in this distribution, be it the RC4, RSA,
87 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
88 * included with this distribution is covered by the same copyright terms
89 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
90 *
91 * Copyright remains Eric Young's, and as such any Copyright notices in
92 * the code are not to be removed.
93 * If this package is used in a product, Eric Young should be given attribution
94 * as the author of the parts of the library used.
95 * This can be in the form of a textual message at program startup or
96 * in documentation (online or textual) provided with the package.
97 *
98 * Redistribution and use in source and binary forms, with or without
99 * modification, are permitted provided that the following conditions
100 * are met:
101 * 1. Redistributions of source code must retain the copyright
102 * notice, this list of conditions and the following disclaimer.
103 * 2. Redistributions in binary form must reproduce the above copyright
104 * notice, this list of conditions and the following disclaimer in the
105 * documentation and/or other materials provided with the distribution.
106 * 3. All advertising materials mentioning features or use of this software
107 * must display the following acknowledgement:
108 * "This product includes cryptographic software written by
109 * Eric Young (eay@cryptsoft.com)"
110 * The word 'cryptographic' can be left out if the rouines from the library
111 * being used are not cryptographic related :-).
112 * 4. If you include any Windows specific code (or a derivative thereof) from
113 * the apps directory (application code) you must include an acknowledgement:
114 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
115 *
116 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
117 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
118 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
119 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
120 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
121 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
122 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
123 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
124 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
125 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
126 * SUCH DAMAGE.
127 *
128 * The licence and distribution terms for any publically available version or
129 * derivative of this code cannot be changed. i.e. this code cannot simply be
130 * copied and put under another distribution licence
131 * [including the GNU Public Licence.]
132 */
133
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index cfaf78a4dd..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,581 +0,0 @@
1/* $OpenBSD: bio_ssl.c,v 1.21 2014/11/16 14:12:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <errno.h>
60#include <stdio.h>
61#include <stdlib.h>
62#include <string.h>
63
64#include <openssl/bio.h>
65#include <openssl/crypto.h>
66#include <openssl/err.h>
67#include <openssl/ssl.h>
68
69static int ssl_write(BIO *h, const char *buf, int num);
70static int ssl_read(BIO *h, char *buf, int size);
71static int ssl_puts(BIO *h, const char *str);
72static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
73static int ssl_new(BIO *h);
74static int ssl_free(BIO *data);
75static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
76typedef struct bio_ssl_st {
77 SSL *ssl; /* The ssl handle :-) */
78 /* re-negotiate every time the total number of bytes is this size */
79 int num_renegotiates;
80 unsigned long renegotiate_count;
81 unsigned long byte_count;
82 unsigned long renegotiate_timeout;
83 unsigned long last_time;
84} BIO_SSL;
85
86static BIO_METHOD methods_sslp = {
87 .type = BIO_TYPE_SSL,
88 .name = "ssl",
89 .bwrite = ssl_write,
90 .bread = ssl_read,
91 .bputs = ssl_puts,
92 .ctrl = ssl_ctrl,
93 .create = ssl_new,
94 .destroy = ssl_free,
95 .callback_ctrl = ssl_callback_ctrl,
96};
97
98BIO_METHOD *
99BIO_f_ssl(void)
100{
101 return (&methods_sslp);
102}
103
104static int
105ssl_new(BIO *bi)
106{
107 BIO_SSL *bs;
108
109 bs = calloc(1, sizeof(BIO_SSL));
110 if (bs == NULL) {
111 BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
112 return (0);
113 }
114 bi->init = 0;
115 bi->ptr = (char *)bs;
116 bi->flags = 0;
117 return (1);
118}
119
120static int
121ssl_free(BIO *a)
122{
123 BIO_SSL *bs;
124
125 if (a == NULL)
126 return (0);
127 bs = (BIO_SSL *)a->ptr;
128 if (bs->ssl != NULL)
129 SSL_shutdown(bs->ssl);
130 if (a->shutdown) {
131 if (a->init && (bs->ssl != NULL))
132 SSL_free(bs->ssl);
133 a->init = 0;
134 a->flags = 0;
135 }
136 free(a->ptr);
137 return (1);
138}
139
140static int
141ssl_read(BIO *b, char *out, int outl)
142{
143 int ret = 1;
144 BIO_SSL *sb;
145 SSL *ssl;
146 int retry_reason = 0;
147 int r = 0;
148
149 if (out == NULL)
150 return (0);
151 sb = (BIO_SSL *)b->ptr;
152 ssl = sb->ssl;
153
154 BIO_clear_retry_flags(b);
155
156 ret = SSL_read(ssl, out, outl);
157
158 switch (SSL_get_error(ssl, ret)) {
159 case SSL_ERROR_NONE:
160 if (ret <= 0)
161 break;
162 if (sb->renegotiate_count > 0) {
163 sb->byte_count += ret;
164 if (sb->byte_count > sb->renegotiate_count) {
165 sb->byte_count = 0;
166 sb->num_renegotiates++;
167 SSL_renegotiate(ssl);
168 r = 1;
169 }
170 }
171 if ((sb->renegotiate_timeout > 0) && (!r)) {
172 unsigned long tm;
173
174 tm = (unsigned long)time(NULL);
175 if (tm > sb->last_time + sb->renegotiate_timeout) {
176 sb->last_time = tm;
177 sb->num_renegotiates++;
178 SSL_renegotiate(ssl);
179 }
180 }
181
182 break;
183 case SSL_ERROR_WANT_READ:
184 BIO_set_retry_read(b);
185 break;
186 case SSL_ERROR_WANT_WRITE:
187 BIO_set_retry_write(b);
188 break;
189 case SSL_ERROR_WANT_X509_LOOKUP:
190 BIO_set_retry_special(b);
191 retry_reason = BIO_RR_SSL_X509_LOOKUP;
192 break;
193 case SSL_ERROR_WANT_ACCEPT:
194 BIO_set_retry_special(b);
195 retry_reason = BIO_RR_ACCEPT;
196 break;
197 case SSL_ERROR_WANT_CONNECT:
198 BIO_set_retry_special(b);
199 retry_reason = BIO_RR_CONNECT;
200 break;
201 case SSL_ERROR_SYSCALL:
202 case SSL_ERROR_SSL:
203 case SSL_ERROR_ZERO_RETURN:
204 default:
205 break;
206 }
207
208 b->retry_reason = retry_reason;
209 return (ret);
210}
211
212static int
213ssl_write(BIO *b, const char *out, int outl)
214{
215 int ret, r = 0;
216 int retry_reason = 0;
217 SSL *ssl;
218 BIO_SSL *bs;
219
220 if (out == NULL)
221 return (0);
222 bs = (BIO_SSL *)b->ptr;
223 ssl = bs->ssl;
224
225 BIO_clear_retry_flags(b);
226
227/* ret=SSL_do_handshake(ssl);
228 if (ret > 0) */
229 ret = SSL_write(ssl, out, outl);
230
231 switch (SSL_get_error(ssl, ret)) {
232 case SSL_ERROR_NONE:
233 if (ret <= 0)
234 break;
235 if (bs->renegotiate_count > 0) {
236 bs->byte_count += ret;
237 if (bs->byte_count > bs->renegotiate_count) {
238 bs->byte_count = 0;
239 bs->num_renegotiates++;
240 SSL_renegotiate(ssl);
241 r = 1;
242 }
243 }
244 if ((bs->renegotiate_timeout > 0) && (!r)) {
245 unsigned long tm;
246
247 tm = (unsigned long)time(NULL);
248 if (tm > bs->last_time + bs->renegotiate_timeout) {
249 bs->last_time = tm;
250 bs->num_renegotiates++;
251 SSL_renegotiate(ssl);
252 }
253 }
254 break;
255 case SSL_ERROR_WANT_WRITE:
256 BIO_set_retry_write(b);
257 break;
258 case SSL_ERROR_WANT_READ:
259 BIO_set_retry_read(b);
260 break;
261 case SSL_ERROR_WANT_X509_LOOKUP:
262 BIO_set_retry_special(b);
263 retry_reason = BIO_RR_SSL_X509_LOOKUP;
264 break;
265 case SSL_ERROR_WANT_CONNECT:
266 BIO_set_retry_special(b);
267 retry_reason = BIO_RR_CONNECT;
268 case SSL_ERROR_SYSCALL:
269 case SSL_ERROR_SSL:
270 default:
271 break;
272 }
273
274 b->retry_reason = retry_reason;
275 return (ret);
276}
277
278static long
279ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
280{
281 SSL **sslp, *ssl;
282 BIO_SSL *bs;
283 BIO *dbio, *bio;
284 long ret = 1;
285
286 bs = (BIO_SSL *)b->ptr;
287 ssl = bs->ssl;
288 if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
289 return (0);
290 switch (cmd) {
291 case BIO_CTRL_RESET:
292 SSL_shutdown(ssl);
293
294 if (ssl->handshake_func == ssl->method->ssl_connect)
295 SSL_set_connect_state(ssl);
296 else if (ssl->handshake_func == ssl->method->ssl_accept)
297 SSL_set_accept_state(ssl);
298
299 SSL_clear(ssl);
300
301 if (b->next_bio != NULL)
302 ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
303 else if (ssl->rbio != NULL)
304 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
305 else
306 ret = 1;
307 break;
308 case BIO_CTRL_INFO:
309 ret = 0;
310 break;
311 case BIO_C_SSL_MODE:
312 if (num) /* client mode */
313 SSL_set_connect_state(ssl);
314 else
315 SSL_set_accept_state(ssl);
316 break;
317 case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
318 ret = bs->renegotiate_timeout;
319 if (num < 60)
320 num = 5;
321 bs->renegotiate_timeout = (unsigned long)num;
322 bs->last_time = (unsigned long)time(NULL);
323 break;
324 case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
325 ret = bs->renegotiate_count;
326 if ((long)num >=512)
327 bs->renegotiate_count = (unsigned long)num;
328 break;
329 case BIO_C_GET_SSL_NUM_RENEGOTIATES:
330 ret = bs->num_renegotiates;
331 break;
332 case BIO_C_SET_SSL:
333 if (ssl != NULL) {
334 ssl_free(b);
335 if (!ssl_new(b))
336 return 0;
337 }
338 b->shutdown = (int)num;
339 ssl = (SSL *)ptr;
340 ((BIO_SSL *)b->ptr)->ssl = ssl;
341 bio = SSL_get_rbio(ssl);
342 if (bio != NULL) {
343 if (b->next_bio != NULL)
344 BIO_push(bio, b->next_bio);
345 b->next_bio = bio;
346 CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
347 }
348 b->init = 1;
349 break;
350 case BIO_C_GET_SSL:
351 if (ptr != NULL) {
352 sslp = (SSL **)ptr;
353 *sslp = ssl;
354 } else
355 ret = 0;
356 break;
357 case BIO_CTRL_GET_CLOSE:
358 ret = b->shutdown;
359 break;
360 case BIO_CTRL_SET_CLOSE:
361 b->shutdown = (int)num;
362 break;
363 case BIO_CTRL_WPENDING:
364 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
365 break;
366 case BIO_CTRL_PENDING:
367 ret = SSL_pending(ssl);
368 if (ret == 0)
369 ret = BIO_pending(ssl->rbio);
370 break;
371 case BIO_CTRL_FLUSH:
372 BIO_clear_retry_flags(b);
373 ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
374 BIO_copy_next_retry(b);
375 break;
376 case BIO_CTRL_PUSH:
377 if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
378 SSL_set_bio(ssl, b->next_bio, b->next_bio);
379 CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
380 }
381 break;
382 case BIO_CTRL_POP:
383 /* Only detach if we are the BIO explicitly being popped */
384 if (b == ptr) {
385 /* Shouldn't happen in practice because the
386 * rbio and wbio are the same when pushed.
387 */
388 if (ssl->rbio != ssl->wbio)
389 BIO_free_all(ssl->wbio);
390 if (b->next_bio != NULL)
391 CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
392 ssl->wbio = NULL;
393 ssl->rbio = NULL;
394 }
395 break;
396 case BIO_C_DO_STATE_MACHINE:
397 BIO_clear_retry_flags(b);
398
399 b->retry_reason = 0;
400 ret = (int)SSL_do_handshake(ssl);
401
402 switch (SSL_get_error(ssl, (int)ret)) {
403 case SSL_ERROR_WANT_READ:
404 BIO_set_flags(b,
405 BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
406 break;
407 case SSL_ERROR_WANT_WRITE:
408 BIO_set_flags(b,
409 BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
410 break;
411 case SSL_ERROR_WANT_CONNECT:
412 BIO_set_flags(b,
413 BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
414 b->retry_reason = b->next_bio->retry_reason;
415 break;
416 default:
417 break;
418 }
419 break;
420 case BIO_CTRL_DUP:
421 dbio = (BIO *)ptr;
422 if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
423 SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
424 ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
425 ((BIO_SSL *)dbio->ptr)->renegotiate_count =
426 ((BIO_SSL *)b->ptr)->renegotiate_count;
427 ((BIO_SSL *)dbio->ptr)->byte_count =
428 ((BIO_SSL *)b->ptr)->byte_count;
429 ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
430 ((BIO_SSL *)b->ptr)->renegotiate_timeout;
431 ((BIO_SSL *)dbio->ptr)->last_time =
432 ((BIO_SSL *)b->ptr)->last_time;
433 ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
434 break;
435 case BIO_C_GET_FD:
436 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
437 break;
438 case BIO_CTRL_SET_CALLBACK:
439 {
440 ret = 0;
441 }
442 break;
443 case BIO_CTRL_GET_CALLBACK:
444 {
445 void (**fptr)(const SSL *xssl, int type, int val);
446
447 fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
448 *fptr = SSL_get_info_callback(ssl);
449 }
450 break;
451 default:
452 ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
453 break;
454 }
455 return (ret);
456}
457
458static long
459ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
460{
461 SSL *ssl;
462 BIO_SSL *bs;
463 long ret = 1;
464
465 bs = (BIO_SSL *)b->ptr;
466 ssl = bs->ssl;
467 switch (cmd) {
468 case BIO_CTRL_SET_CALLBACK:
469 {
470 /* FIXME: setting this via a completely different prototype
471 seems like a crap idea */
472 SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);
473 }
474 break;
475 default:
476 ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
477 break;
478 }
479 return (ret);
480}
481
482static int
483ssl_puts(BIO *bp, const char *str)
484{
485 int n, ret;
486
487 n = strlen(str);
488 ret = BIO_write(bp, str, n);
489 return (ret);
490}
491
492BIO *
493BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
494{
495 BIO *ret = NULL, *buf = NULL, *ssl = NULL;
496
497 if ((buf = BIO_new(BIO_f_buffer())) == NULL)
498 goto err;
499 if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
500 goto err;
501 if ((ret = BIO_push(buf, ssl)) == NULL)
502 goto err;
503 return (ret);
504
505err:
506 BIO_free(buf);
507 BIO_free(ssl);
508 return (NULL);
509}
510
511BIO *
512BIO_new_ssl_connect(SSL_CTX *ctx)
513{
514 BIO *ret = NULL, *con = NULL, *ssl = NULL;
515
516 if ((con = BIO_new(BIO_s_connect())) == NULL)
517 goto err;
518 if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
519 goto err;
520 if ((ret = BIO_push(ssl, con)) == NULL)
521 goto err;
522 return (ret);
523
524err:
525 BIO_free(con);
526 BIO_free(ssl);
527 return (NULL);
528}
529
530BIO *
531BIO_new_ssl(SSL_CTX *ctx, int client)
532{
533 BIO *ret;
534 SSL *ssl;
535
536 if ((ret = BIO_new(BIO_f_ssl())) == NULL)
537 goto err;
538 if ((ssl = SSL_new(ctx)) == NULL)
539 goto err;
540
541 if (client)
542 SSL_set_connect_state(ssl);
543 else
544 SSL_set_accept_state(ssl);
545
546 BIO_set_ssl(ret, ssl, BIO_CLOSE);
547 return (ret);
548
549err:
550 BIO_free(ret);
551 return (NULL);
552}
553
554int
555BIO_ssl_copy_session_id(BIO *t, BIO *f)
556{
557 t = BIO_find_type(t, BIO_TYPE_SSL);
558 f = BIO_find_type(f, BIO_TYPE_SSL);
559 if ((t == NULL) || (f == NULL))
560 return (0);
561 if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
562 (((BIO_SSL *)f->ptr)->ssl == NULL))
563 return (0);
564 SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl);
565 return (1);
566}
567
568void
569BIO_ssl_shutdown(BIO *b)
570{
571 SSL *s;
572
573 while (b != NULL) {
574 if (b->method->type == BIO_TYPE_SSL) {
575 s = ((BIO_SSL *)b->ptr)->ssl;
576 SSL_shutdown(s);
577 break;
578 }
579 b = b->next_bio;
580 }
581}
diff --git a/src/lib/libssl/bs_ber.c b/src/lib/libssl/bs_ber.c
deleted file mode 100644
index 6e945a0246..0000000000
--- a/src/lib/libssl/bs_ber.c
+++ /dev/null
@@ -1,268 +0,0 @@
1/* $OpenBSD: bs_ber.c,v 1.8 2015/06/21 16:10:45 doug Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <string.h>
18
19#include <openssl/opensslconf.h>
20
21#include "bytestring.h"
22
23/*
24 * kMaxDepth is a just a sanity limit. The code should be such that the length
25 * of the input being processes always decreases. None the less, a very large
26 * input could otherwise cause the stack to overflow.
27 */
28static const unsigned int kMaxDepth = 2048;
29
30/* Non-strict version that allows a relaxed DER with indefinite form. */
31static int
32cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
33 size_t *out_header_len)
34{
35 return cbs_get_any_asn1_element_internal(cbs, out,
36 out_tag, out_header_len, 0);
37}
38
39/*
40 * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets
41 * |*indefinite_found| depending on whether an indefinite length element was
42 * found. The value of |orig_in| is not modified.
43 *
44 * Returns one on success (i.e. |*indefinite_found| was set) and zero on error.
45 */
46static int
47cbs_find_indefinite(const CBS *orig_in, char *indefinite_found,
48 unsigned int depth)
49{
50 CBS in;
51
52 if (depth > kMaxDepth)
53 return 0;
54
55 CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in));
56
57 while (CBS_len(&in) > 0) {
58 CBS contents;
59 unsigned int tag;
60 size_t header_len;
61
62 if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag,
63 &header_len))
64 return 0;
65
66 /* Indefinite form not allowed by DER. */
67 if (CBS_len(&contents) == header_len && header_len > 0 &&
68 CBS_data(&contents)[header_len - 1] == 0x80) {
69 *indefinite_found = 1;
70 return 1;
71 }
72 if (tag & CBS_ASN1_CONSTRUCTED) {
73 if (!CBS_skip(&contents, header_len) ||
74 !cbs_find_indefinite(&contents, indefinite_found,
75 depth + 1))
76 return 0;
77 }
78 }
79
80 *indefinite_found = 0;
81 return 1;
82}
83
84/*
85 * is_primitive_type returns true if |tag| likely a primitive type. Normally
86 * one can just test the "constructed" bit in the tag but, in BER, even
87 * primitive tags can have the constructed bit if they have indefinite
88 * length.
89 */
90static char
91is_primitive_type(unsigned int tag)
92{
93 return (tag & 0xc0) == 0 &&
94 (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) &&
95 (tag & 0x1f) != (CBS_ASN1_SET & 0x1f);
96}
97
98/*
99 * is_eoc returns true if |header_len| and |contents|, as returned by
100 * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC)
101 * value.
102 */
103static char
104is_eoc(size_t header_len, CBS *contents)
105{
106 return header_len == 2 && CBS_mem_equal(contents, "\x00\x00", 2);
107}
108
109/*
110 * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow
111 * indefinite form) from |in| and writes definite form DER data to |out|. If
112 * |squash_header| is set then the top-level of elements from |in| will not
113 * have their headers written. This is used when concatenating the fragments of
114 * an indefinite length, primitive value. If |looking_for_eoc| is set then any
115 * EOC elements found will cause the function to return after consuming it.
116 * It returns one on success and zero on error.
117 */
118static int
119cbs_convert_indefinite(CBS *in, CBB *out, char squash_header,
120 char looking_for_eoc, unsigned int depth)
121{
122 if (depth > kMaxDepth)
123 return 0;
124
125 while (CBS_len(in) > 0) {
126 CBS contents;
127 unsigned int tag;
128 size_t header_len;
129 CBB *out_contents, out_contents_storage;
130
131 if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag,
132 &header_len))
133 return 0;
134
135 out_contents = out;
136
137 if (CBS_len(&contents) == header_len) {
138 if (is_eoc(header_len, &contents))
139 return looking_for_eoc;
140
141 if (header_len > 0 &&
142 CBS_data(&contents)[header_len - 1] == 0x80) {
143 /*
144 * This is an indefinite length element. If
145 * it's a SEQUENCE or SET then we just need to
146 * write the out the contents as normal, but
147 * with a concrete length prefix.
148 *
149 * If it's a something else then the contents
150 * will be a series of DER elements of the same
151 * type which need to be concatenated.
152 */
153 const char context_specific = (tag & 0xc0)
154 == 0x80;
155 char squash_child_headers =
156 is_primitive_type(tag);
157
158 /*
159 * This is a hack, but it sufficies to handle
160 * NSS's output. If we find an indefinite
161 * length, context-specific tag with a definite,
162 * primtive tag inside it, then we assume that
163 * the context-specific tag is implicit and the
164 * tags within are fragments of a primitive type
165 * that need to be concatenated.
166 */
167 if (context_specific &&
168 (tag & CBS_ASN1_CONSTRUCTED)) {
169 CBS in_copy, inner_contents;
170 unsigned int inner_tag;
171 size_t inner_header_len;
172
173 CBS_init(&in_copy, CBS_data(in),
174 CBS_len(in));
175 if (!cbs_nonstrict_get_any_asn1_element(
176 &in_copy, &inner_contents,
177 &inner_tag, &inner_header_len))
178 return 0;
179
180 if (CBS_len(&inner_contents) >
181 inner_header_len &&
182 is_primitive_type(inner_tag))
183 squash_child_headers = 1;
184 }
185
186 if (!squash_header) {
187 unsigned int out_tag = tag;
188
189 if (squash_child_headers)
190 out_tag &=
191 ~CBS_ASN1_CONSTRUCTED;
192
193 if (!CBB_add_asn1(out,
194 &out_contents_storage, out_tag))
195 return 0;
196
197 out_contents = &out_contents_storage;
198 }
199
200 if (!cbs_convert_indefinite(in, out_contents,
201 squash_child_headers,
202 1 /* looking for eoc */, depth + 1))
203 return 0;
204
205 if (out_contents != out && !CBB_flush(out))
206 return 0;
207
208 continue;
209 }
210 }
211
212 if (!squash_header) {
213 if (!CBB_add_asn1(out, &out_contents_storage, tag))
214 return 0;
215
216 out_contents = &out_contents_storage;
217 }
218
219 if (!CBS_skip(&contents, header_len))
220 return 0;
221
222 if (tag & CBS_ASN1_CONSTRUCTED) {
223 if (!cbs_convert_indefinite(&contents, out_contents,
224 0 /* don't squash header */,
225 0 /* not looking for eoc */, depth + 1))
226 return 0;
227 } else {
228 if (!CBB_add_bytes(out_contents, CBS_data(&contents),
229 CBS_len(&contents)))
230 return 0;
231 }
232
233 if (out_contents != out && !CBB_flush(out))
234 return 0;
235 }
236
237 return looking_for_eoc == 0;
238}
239
240int
241CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len)
242{
243 CBB cbb;
244
245 /*
246 * First, do a quick walk to find any indefinite-length elements. Most
247 * of the time we hope that there aren't any and thus we can quickly
248 * return.
249 */
250 char conversion_needed;
251 if (!cbs_find_indefinite(in, &conversion_needed, 0))
252 return 0;
253
254 if (!conversion_needed) {
255 *out = NULL;
256 *out_len = 0;
257 return 1;
258 }
259
260 if (!CBB_init(&cbb, CBS_len(in)))
261 return 0;
262 if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) {
263 CBB_cleanup(&cbb);
264 return 0;
265 }
266
267 return CBB_finish(&cbb, out, out_len);
268}
diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c
deleted file mode 100644
index 441141734b..0000000000
--- a/src/lib/libssl/bs_cbb.c
+++ /dev/null
@@ -1,436 +0,0 @@
1/* $OpenBSD: bs_cbb.c,v 1.12 2015/06/18 23:25:07 doug Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <assert.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <openssl/opensslconf.h>
22
23#include "bytestring.h"
24
25static int
26cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
27{
28 struct cbb_buffer_st *base;
29
30 base = malloc(sizeof(struct cbb_buffer_st));
31 if (base == NULL)
32 return 0;
33
34 base->buf = buf;
35 base->len = 0;
36 base->cap = cap;
37 base->can_resize = 1;
38
39 memset(cbb, 0, sizeof(*cbb));
40 cbb->base = base;
41 cbb->is_top_level = 1;
42 return 1;
43}
44
45int
46CBB_init(CBB *cbb, size_t initial_capacity)
47{
48 uint8_t *buf = NULL;
49
50 if (initial_capacity > 0) {
51 if ((buf = malloc(initial_capacity)) == NULL)
52 return 0;
53 }
54
55 if (!cbb_init(cbb, buf, initial_capacity)) {
56 free(buf);
57 return 0;
58 }
59 return 1;
60}
61
62int
63CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len)
64{
65 if (!cbb_init(cbb, buf, len))
66 return 0;
67
68 cbb->base->can_resize = 0;
69 return 1;
70}
71
72void
73CBB_cleanup(CBB *cbb)
74{
75 if (cbb->base) {
76 if (cbb->base->can_resize)
77 free(cbb->base->buf);
78
79 free(cbb->base);
80 }
81 cbb->base = NULL;
82}
83
84static int
85cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len)
86{
87 size_t newlen;
88
89 if (base == NULL)
90 return 0;
91
92 newlen = base->len + len;
93 if (newlen < base->len)
94 /* Overflow */
95 return 0;
96
97 if (newlen > base->cap) {
98 size_t newcap = base->cap * 2;
99 uint8_t *newbuf;
100
101 if (!base->can_resize)
102 return 0;
103
104 if (newcap < base->cap || newcap < newlen)
105 newcap = newlen;
106
107 newbuf = realloc(base->buf, newcap);
108 if (newbuf == NULL)
109 return 0;
110
111 base->buf = newbuf;
112 base->cap = newcap;
113 }
114
115 if (out)
116 *out = base->buf + base->len;
117
118 base->len = newlen;
119 return 1;
120}
121
122static int
123cbb_add_u(CBB *cbb, uint32_t v, size_t len_len)
124{
125 uint8_t *buf;
126 size_t i;
127
128 if (len_len == 0)
129 return 1;
130
131 if (len_len > 4)
132 return 0;
133
134 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len))
135 return 0;
136
137 for (i = len_len - 1; i < len_len; i--) {
138 buf[i] = v;
139 v >>= 8;
140 }
141 return 1;
142}
143
144int
145CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len)
146{
147 if (!cbb->is_top_level)
148 return 0;
149
150 if (!CBB_flush(cbb))
151 return 0;
152
153 if (cbb->base->can_resize && (out_data == NULL || out_len == NULL))
154 /*
155 * |out_data| and |out_len| can only be NULL if the CBB is
156 * fixed.
157 */
158 return 0;
159
160 if (out_data != NULL)
161 *out_data = cbb->base->buf;
162
163 if (out_len != NULL)
164 *out_len = cbb->base->len;
165
166 cbb->base->buf = NULL;
167 CBB_cleanup(cbb);
168 return 1;
169}
170
171/*
172 * CBB_flush recurses and then writes out any pending length prefix. The current
173 * length of the underlying base is taken to be the length of the
174 * length-prefixed data.
175 */
176int
177CBB_flush(CBB *cbb)
178{
179 size_t child_start, i, len;
180
181 if (cbb->base == NULL)
182 return 0;
183
184 if (cbb->child == NULL || cbb->pending_len_len == 0)
185 return 1;
186
187 child_start = cbb->offset + cbb->pending_len_len;
188
189 if (!CBB_flush(cbb->child) || child_start < cbb->offset ||
190 cbb->base->len < child_start)
191 return 0;
192
193 len = cbb->base->len - child_start;
194
195 if (cbb->pending_is_asn1) {
196 /*
197 * For ASN.1, we assumed that we were using short form which
198 * only requires a single byte for the length octet.
199 *
200 * If it turns out that we need long form, we have to move
201 * the contents along in order to make space for more length
202 * octets.
203 */
204 size_t len_len = 1; /* total number of length octets */
205 uint8_t initial_length_byte;
206
207 /* We already wrote 1 byte for the length. */
208 assert (cbb->pending_len_len == 1);
209
210 /* Check for long form */
211 if (len > 0xfffffffe)
212 return 0; /* 0xffffffff is reserved */
213 else if (len > 0xffffff)
214 len_len = 5;
215 else if (len > 0xffff)
216 len_len = 4;
217 else if (len > 0xff)
218 len_len = 3;
219 else if (len > 0x7f)
220 len_len = 2;
221
222 if (len_len == 1) {
223 /* For short form, the initial byte is the length. */
224 initial_length_byte = len;
225 len = 0;
226
227 } else {
228 /*
229 * For long form, the initial byte is the number of
230 * subsequent length octets (plus bit 8 set).
231 */
232 initial_length_byte = 0x80 | (len_len - 1);
233
234 /*
235 * We need to move the contents along in order to make
236 * space for the long form length octets.
237 */
238 size_t extra_bytes = len_len - 1;
239 if (!cbb_buffer_add(cbb->base, NULL, extra_bytes))
240 return 0;
241
242 memmove(cbb->base->buf + child_start + extra_bytes,
243 cbb->base->buf + child_start, len);
244 }
245 cbb->base->buf[cbb->offset++] = initial_length_byte;
246 cbb->pending_len_len = len_len - 1;
247 }
248
249 for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) {
250 cbb->base->buf[cbb->offset + i] = len;
251 len >>= 8;
252 }
253 if (len != 0)
254 return 0;
255
256 cbb->child->base = NULL;
257 cbb->child = NULL;
258 cbb->pending_len_len = 0;
259 cbb->pending_is_asn1 = 0;
260 cbb->offset = 0;
261
262 return 1;
263}
264
265
266static int
267cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len)
268{
269 uint8_t *prefix_bytes;
270
271 if (!CBB_flush(cbb))
272 return 0;
273
274 cbb->offset = cbb->base->len;
275 if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len))
276 return 0;
277
278 memset(prefix_bytes, 0, len_len);
279 memset(out_contents, 0, sizeof(CBB));
280 out_contents->base = cbb->base;
281 cbb->child = out_contents;
282 cbb->pending_len_len = len_len;
283 cbb->pending_is_asn1 = 0;
284
285 return 1;
286}
287
288int
289CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents)
290{
291 return cbb_add_length_prefixed(cbb, out_contents, 1);
292}
293
294int
295CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents)
296{
297 return cbb_add_length_prefixed(cbb, out_contents, 2);
298}
299
300int
301CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents)
302{
303 return cbb_add_length_prefixed(cbb, out_contents, 3);
304}
305
306int
307CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag)
308{
309 if (tag > UINT8_MAX)
310 return 0;
311
312 /* Long form identifier octets are not supported. */
313 if ((tag & 0x1f) == 0x1f)
314 return 0;
315
316 /* Short-form identifier octet only needs a single byte */
317 if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag))
318 return 0;
319
320 /*
321 * Add 1 byte to cover the short-form length octet case. If it turns
322 * out we need long-form, it will be extended later.
323 */
324 cbb->offset = cbb->base->len;
325 if (!CBB_add_u8(cbb, 0))
326 return 0;
327
328 memset(out_contents, 0, sizeof(CBB));
329 out_contents->base = cbb->base;
330 cbb->child = out_contents;
331 cbb->pending_len_len = 1;
332 cbb->pending_is_asn1 = 1;
333
334 return 1;
335}
336
337int
338CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len)
339{
340 uint8_t *dest;
341
342 if (!CBB_add_space(cbb, &dest, len))
343 return 0;
344
345 memcpy(dest, data, len);
346 return 1;
347}
348
349int
350CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
351{
352 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
353 return 0;
354
355 return 1;
356}
357
358int
359CBB_add_u8(CBB *cbb, size_t value)
360{
361 if (value > UINT8_MAX)
362 return 0;
363
364 return cbb_add_u(cbb, (uint32_t)value, 1);
365}
366
367int
368CBB_add_u16(CBB *cbb, size_t value)
369{
370 if (value > UINT16_MAX)
371 return 0;
372
373 return cbb_add_u(cbb, (uint32_t)value, 2);
374}
375
376int
377CBB_add_u24(CBB *cbb, size_t value)
378{
379 if (value > 0xffffffUL)
380 return 0;
381
382 return cbb_add_u(cbb, (uint32_t)value, 3);
383}
384
385int
386CBB_add_asn1_uint64(CBB *cbb, uint64_t value)
387{
388 CBB child;
389 size_t i;
390 int started = 0;
391
392 if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER))
393 return 0;
394
395 for (i = 0; i < 8; i++) {
396 uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
397
398 /*
399 * ASN.1 restriction: first 9 bits cannot be all zeroes or
400 * all ones. Since this function only encodes unsigned
401 * integers, the only concerns are not encoding leading
402 * zeros and adding a padding byte if necessary.
403 *
404 * In practice, this means:
405 * 1) Skip leading octets of all zero bits in the value
406 * 2) After skipping the leading zero octets, if the next 9
407 * bits are all ones, add an all zero prefix octet (and
408 * set the high bit of the prefix octet if negative).
409 *
410 * Additionally, for an unsigned value, add an all zero
411 * prefix if the high bit of the first octet would be one.
412 */
413 if (!started) {
414 if (byte == 0)
415 /* Don't encode leading zeros. */
416 continue;
417
418 /*
419 * If the high bit is set, add a padding byte to make it
420 * unsigned.
421 */
422 if ((byte & 0x80) && !CBB_add_u8(&child, 0))
423 return 0;
424
425 started = 1;
426 }
427 if (!CBB_add_u8(&child, byte))
428 return 0;
429 }
430
431 /* 0 is encoded as a single 0, not the empty string. */
432 if (!started && !CBB_add_u8(&child, 0))
433 return 0;
434
435 return CBB_flush(cbb);
436}
diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c
deleted file mode 100644
index ea1f0108f6..0000000000
--- a/src/lib/libssl/bs_cbs.c
+++ /dev/null
@@ -1,511 +0,0 @@
1/* $OpenBSD: bs_cbs.c,v 1.17 2015/06/24 09:44:18 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <assert.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <openssl/opensslconf.h>
22#include <openssl/buffer.h>
23#include <openssl/crypto.h>
24
25#include "bytestring.h"
26
27void
28CBS_init(CBS *cbs, const uint8_t *data, size_t len)
29{
30 cbs->data = data;
31 cbs->initial_len = len;
32 cbs->len = len;
33}
34
35void
36CBS_dup(const CBS *cbs, CBS *out)
37{
38 CBS_init(out, CBS_data(cbs), CBS_len(cbs));
39 out->initial_len = cbs->initial_len;
40}
41
42static int
43cbs_get(CBS *cbs, const uint8_t **p, size_t n)
44{
45 if (cbs->len < n)
46 return 0;
47
48 *p = cbs->data;
49 cbs->data += n;
50 cbs->len -= n;
51 return 1;
52}
53
54size_t
55CBS_offset(const CBS *cbs)
56{
57 return cbs->initial_len - cbs->len;
58}
59
60int
61CBS_skip(CBS *cbs, size_t len)
62{
63 const uint8_t *dummy;
64 return cbs_get(cbs, &dummy, len);
65}
66
67const uint8_t *
68CBS_data(const CBS *cbs)
69{
70 return cbs->data;
71}
72
73size_t
74CBS_len(const CBS *cbs)
75{
76 return cbs->len;
77}
78
79int
80CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len)
81{
82 free(*out_ptr);
83 *out_ptr = NULL;
84 *out_len = 0;
85
86 if (cbs->len == 0)
87 return 1;
88
89 if ((*out_ptr = malloc(cbs->len)) == NULL)
90 return 0;
91
92 memcpy(*out_ptr, cbs->data, cbs->len);
93
94 *out_len = cbs->len;
95 return 1;
96}
97
98int
99CBS_strdup(const CBS *cbs, char **out_ptr)
100{
101 free(*out_ptr);
102 *out_ptr = strndup((const char *)cbs->data, cbs->len);
103 return (*out_ptr != NULL);
104}
105
106int
107CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied)
108{
109 if (dst_len < cbs->len)
110 return 0;
111
112 memmove(dst, cbs->data, cbs->len);
113
114 if (copied != NULL)
115 *copied = cbs->len;
116
117 return 1;
118}
119
120int
121CBS_contains_zero_byte(const CBS *cbs)
122{
123 return memchr(cbs->data, 0, cbs->len) != NULL;
124}
125
126int
127CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len)
128{
129 if (len != cbs->len)
130 return 0;
131
132 return timingsafe_memcmp(cbs->data, data, len) == 0;
133}
134
135static int
136cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
137{
138 uint32_t result = 0;
139 size_t i;
140 const uint8_t *data;
141
142 if (len < 1 || len > 4)
143 return 0;
144
145 if (!cbs_get(cbs, &data, len))
146 return 0;
147
148 for (i = 0; i < len; i++) {
149 result <<= 8;
150 result |= data[i];
151 }
152 *out = result;
153 return 1;
154}
155
156int
157CBS_get_u8(CBS *cbs, uint8_t *out)
158{
159 const uint8_t *v;
160
161 if (!cbs_get(cbs, &v, 1))
162 return 0;
163
164 *out = *v;
165 return 1;
166}
167
168int
169CBS_get_u16(CBS *cbs, uint16_t *out)
170{
171 uint32_t v;
172
173 if (!cbs_get_u(cbs, &v, 2))
174 return 0;
175
176 *out = v;
177 return 1;
178}
179
180int
181CBS_get_u24(CBS *cbs, uint32_t *out)
182{
183 return cbs_get_u(cbs, out, 3);
184}
185
186int
187CBS_get_u32(CBS *cbs, uint32_t *out)
188{
189 return cbs_get_u(cbs, out, 4);
190}
191
192int
193CBS_get_bytes(CBS *cbs, CBS *out, size_t len)
194{
195 const uint8_t *v;
196
197 if (!cbs_get(cbs, &v, len))
198 return 0;
199
200 CBS_init(out, v, len);
201 return 1;
202}
203
204static int
205cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len)
206{
207 uint32_t len;
208
209 if (!cbs_get_u(cbs, &len, len_len))
210 return 0;
211
212 return CBS_get_bytes(cbs, out, len);
213}
214
215int
216CBS_get_u8_length_prefixed(CBS *cbs, CBS *out)
217{
218 return cbs_get_length_prefixed(cbs, out, 1);
219}
220
221int
222CBS_get_u16_length_prefixed(CBS *cbs, CBS *out)
223{
224 return cbs_get_length_prefixed(cbs, out, 2);
225}
226
227int
228CBS_get_u24_length_prefixed(CBS *cbs, CBS *out)
229{
230 return cbs_get_length_prefixed(cbs, out, 3);
231}
232
233int
234CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
235 size_t *out_header_len)
236{
237 return cbs_get_any_asn1_element_internal(cbs, out, out_tag,
238 out_header_len, 1);
239}
240
241/*
242 * Review X.690 for details on ASN.1 DER encoding.
243 *
244 * If non-strict mode is enabled, then DER rules are relaxed
245 * for indefinite constructs (violates DER but a little closer to BER).
246 * Non-strict mode should only be used by bs_ber.c
247 *
248 * Sections 8, 10 and 11 for DER encoding
249 */
250int
251cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
252 size_t *out_header_len, int strict)
253{
254 uint8_t tag, length_byte;
255 CBS header = *cbs;
256 CBS throwaway;
257 size_t len;
258
259 if (out == NULL)
260 out = &throwaway;
261
262 /*
263 * Get identifier octet and length octet. Only 1 octet for each
264 * is a CBS limitation.
265 */
266 if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte))
267 return 0;
268
269 /* CBS limitation: long form tags are not supported. */
270 if ((tag & 0x1f) == 0x1f)
271 return 0;
272
273 if (out_tag != NULL)
274 *out_tag = tag;
275
276 if ((length_byte & 0x80) == 0) {
277 /* Short form length. */
278 len = ((size_t) length_byte) + 2;
279 if (out_header_len != NULL)
280 *out_header_len = 2;
281
282 } else {
283 /* Long form length. */
284 const size_t num_bytes = length_byte & 0x7f;
285 uint32_t len32;
286
287 /* ASN.1 reserved value for future extensions */
288 if (num_bytes == 0x7f)
289 return 0;
290
291 /* Handle indefinite form length */
292 if (num_bytes == 0) {
293 /* DER encoding doesn't allow for indefinite form. */
294 if (strict)
295 return 0;
296
297 /* Primitive cannot use indefinite in BER or DER. */
298 if ((tag & CBS_ASN1_CONSTRUCTED) == 0)
299 return 0;
300
301 /* Constructed, indefinite length allowed in BER. */
302 if (out_header_len != NULL)
303 *out_header_len = 2;
304 return CBS_get_bytes(cbs, out, 2);
305 }
306
307 /* CBS limitation. */
308 if (num_bytes > 4)
309 return 0;
310
311 if (!cbs_get_u(&header, &len32, num_bytes))
312 return 0;
313
314 /* DER has a minimum length octet requirement. */
315 if (len32 < 128)
316 /* Should have used short form instead */
317 return 0;
318
319 if ((len32 >> ((num_bytes - 1) * 8)) == 0)
320 /* Length should have been at least one byte shorter. */
321 return 0;
322
323 len = len32;
324 if (len + 2 + num_bytes < len)
325 /* Overflow. */
326 return 0;
327
328 len += 2 + num_bytes;
329 if (out_header_len != NULL)
330 *out_header_len = 2 + num_bytes;
331 }
332
333 return CBS_get_bytes(cbs, out, len);
334}
335
336static int
337cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header)
338{
339 size_t header_len;
340 unsigned int tag;
341 CBS throwaway;
342
343 if (out == NULL)
344 out = &throwaway;
345
346 if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) ||
347 tag != tag_value)
348 return 0;
349
350 if (skip_header && !CBS_skip(out, header_len)) {
351 assert(0);
352 return 0;
353 }
354
355 return 1;
356}
357
358int
359CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value)
360{
361 return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */);
362}
363
364int
365CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value)
366{
367 return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */);
368}
369
370int
371CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value)
372{
373 if (CBS_len(cbs) < 1)
374 return 0;
375
376 /*
377 * Tag number 31 indicates the start of a long form number.
378 * This is valid in ASN.1, but CBS only supports short form.
379 */
380 if ((tag_value & 0x1f) == 0x1f)
381 return 0;
382
383 return CBS_data(cbs)[0] == tag_value;
384}
385
386/* Encoding details are in ASN.1: X.690 section 8.3 */
387int
388CBS_get_asn1_uint64(CBS *cbs, uint64_t *out)
389{
390 CBS bytes;
391 const uint8_t *data;
392 size_t i, len;
393
394 if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER))
395 return 0;
396
397 *out = 0;
398 data = CBS_data(&bytes);
399 len = CBS_len(&bytes);
400
401 if (len == 0)
402 /* An INTEGER is encoded with at least one content octet. */
403 return 0;
404
405 if ((data[0] & 0x80) != 0)
406 /* Negative number. */
407 return 0;
408
409 if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0)
410 /* Violates smallest encoding rule: excessive leading zeros. */
411 return 0;
412
413 for (i = 0; i < len; i++) {
414 if ((*out >> 56) != 0)
415 /* Too large to represent as a uint64_t. */
416 return 0;
417
418 *out <<= 8;
419 *out |= data[i];
420 }
421
422 return 1;
423}
424
425int
426CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag)
427{
428 if (CBS_peek_asn1_tag(cbs, tag)) {
429 if (!CBS_get_asn1(cbs, out, tag))
430 return 0;
431
432 *out_present = 1;
433 } else {
434 *out_present = 0;
435 }
436 return 1;
437}
438
439int
440CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
441 unsigned int tag)
442{
443 CBS child;
444 int present;
445
446 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
447 return 0;
448
449 if (present) {
450 if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
451 CBS_len(&child) != 0)
452 return 0;
453 } else {
454 CBS_init(out, NULL, 0);
455 }
456 if (out_present)
457 *out_present = present;
458
459 return 1;
460}
461
462int
463CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
464 uint64_t default_value)
465{
466 CBS child;
467 int present;
468
469 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
470 return 0;
471
472 if (present) {
473 if (!CBS_get_asn1_uint64(&child, out) ||
474 CBS_len(&child) != 0)
475 return 0;
476 } else {
477 *out = default_value;
478 }
479 return 1;
480}
481
482int
483CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
484 int default_value)
485{
486 CBS child, child2;
487 int present;
488
489 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
490 return 0;
491
492 if (present) {
493 uint8_t boolean;
494
495 if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
496 CBS_len(&child2) != 1 || CBS_len(&child) != 0)
497 return 0;
498
499 boolean = CBS_data(&child2)[0];
500 if (boolean == 0)
501 *out = 0;
502 else if (boolean == 0xff)
503 *out = 1;
504 else
505 return 0;
506
507 } else {
508 *out = default_value;
509 }
510 return 1;
511}
diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h
deleted file mode 100644
index 8ea84005b4..0000000000
--- a/src/lib/libssl/bytestring.h
+++ /dev/null
@@ -1,511 +0,0 @@
1/* $OpenBSD: bytestring.h,v 1.14 2015/06/19 00:23:36 doug Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#ifndef OPENSSL_HEADER_BYTESTRING_H
18#define OPENSSL_HEADER_BYTESTRING_H
19
20#if defined(__cplusplus)
21extern "C" {
22#endif
23
24#include <sys/types.h>
25#include <stdint.h>
26
27#include <openssl/opensslconf.h>
28
29/*
30 * Bytestrings are used for parsing and building TLS and ASN.1 messages.
31 *
32 * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
33 * provides utility functions for safely parsing length-prefixed structures
34 * like TLS and ASN.1 from it.
35 *
36 * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
37 * provides utility functions for building length-prefixed messages.
38 */
39
40/* CRYPTO ByteString */
41typedef struct cbs_st {
42 const uint8_t *data;
43 size_t initial_len;
44 size_t len;
45} CBS;
46
47/*
48 * CBS_init sets |cbs| to point to |data|. It does not take ownership of
49 * |data|.
50 */
51void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
52
53/*
54 * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
55 * otherwise.
56 */
57int CBS_skip(CBS *cbs, size_t len);
58
59/*
60 * CBS_data returns a pointer to the contents of |cbs|.
61 */
62const uint8_t *CBS_data(const CBS *cbs);
63
64/*
65 * CBS_len returns the number of bytes remaining in |cbs|.
66 */
67size_t CBS_len(const CBS *cbs);
68
69/*
70 * CBS_offset returns the current offset into the original data of |cbs|.
71 */
72size_t CBS_offset(const CBS *cbs);
73
74/*
75 * CBS_stow copies the current contents of |cbs| into |*out_ptr| and
76 * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
77 * free. It returns one on success and zero on allocation failure. On
78 * success, |*out_ptr| should be freed with free. If |cbs| is empty,
79 * |*out_ptr| will be NULL.
80 */
81int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
82
83/*
84 * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
85 * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
86 * with free. It returns one on success and zero on allocation
87 * failure. On success, |*out_ptr| should be freed with free.
88 *
89 * NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call
90 * |CBS_contains_zero_byte(cbs)| to check for NUL bytes.
91 */
92int CBS_strdup(const CBS *cbs, char **out_ptr);
93
94/*
95 * CBS_write_bytes writes all of the remaining data from |cbs| into |dst|
96 * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set
97 * to the amount copied. It returns one on success and zero otherwise.
98 */
99int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len,
100 size_t *copied);
101
102/*
103 * CBS_contains_zero_byte returns one if the current contents of |cbs| contains
104 * a NUL byte and zero otherwise.
105 */
106int CBS_contains_zero_byte(const CBS *cbs);
107
108/*
109 * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
110 * starting at |data|. If they're equal, it returns one, otherwise zero. If the
111 * lengths match, it uses a constant-time comparison.
112 */
113int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len);
114
115/*
116 * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
117 * returns one on success and zero on error.
118 */
119int CBS_get_u8(CBS *cbs, uint8_t *out);
120
121/*
122 * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
123 * advances |cbs|. It returns one on success and zero on error.
124 */
125int CBS_get_u16(CBS *cbs, uint16_t *out);
126
127/*
128 * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
129 * advances |cbs|. It returns one on success and zero on error.
130 */
131int CBS_get_u24(CBS *cbs, uint32_t *out);
132
133/*
134 * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
135 * and advances |cbs|. It returns one on success and zero on error.
136 */
137int CBS_get_u32(CBS *cbs, uint32_t *out);
138
139/*
140 * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
141 * |cbs|. It returns one on success and zero on error.
142 */
143int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
144
145/*
146 * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
147 * length-prefixed value from |cbs| and advances |cbs| over it. It returns one
148 * on success and zero on error.
149 */
150int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
151
152/*
153 * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
154 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
155 * returns one on success and zero on error.
156 */
157int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
158
159/*
160 * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
161 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
162 * returns one on success and zero on error.
163 */
164int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
165
166
167/* Parsing ASN.1 */
168
169/*
170 * While an identifier can be multiple octets, this library only handles the
171 * single octet variety currently. This limits support up to tag number 30
172 * since tag number 31 is a reserved value to indicate multiple octets.
173 */
174
175/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */
176#define CBS_ASN1_UNIVERSAL 0x00
177#define CBS_ASN1_APPLICATION 0x40
178#define CBS_ASN1_CONTEXT_SPECIFIC 0x80
179#define CBS_ASN1_PRIVATE 0xc0
180
181/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */
182#define CBS_ASN1_PRIMITIVE 0x00
183#define CBS_ASN1_CONSTRUCTED 0x20
184
185/*
186 * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of
187 * the universal class.
188 */
189
190/*
191 * Common universal identifier octets.
192 * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers.
193 *
194 * Note: These definitions are the cause of some of the strange behavior in
195 * CBS's bs_ber.c.
196 *
197 * In BER, it is the sender's option to use primitive or constructed for
198 * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1).
199 *
200 * In DER, bitstring and octetstring are required to be primitive
201 * (X.690 section 10.2).
202 */
203#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1)
204#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2)
205#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3)
206#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4)
207#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6)
208#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa)
209#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10)
210#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11)
211
212/*
213 * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
214 * including tag and length bytes) and advances |cbs| over it. The ASN.1
215 * element must match |tag_value|. It returns one on success and zero
216 * on error.
217 *
218 * Tag numbers greater than 30 are not supported (i.e. short form only).
219 */
220int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value);
221
222/*
223 * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
224 * ASN.1 header bytes too.
225 */
226int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value);
227
228/*
229 * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
230 * if the next ASN.1 element on |cbs| would have tag |tag_value|. If
231 * |cbs| is empty or the tag does not match, it returns zero. Note: if
232 * it returns one, CBS_get_asn1 may still fail if the rest of the
233 * element is malformed.
234 */
235int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value);
236
237/*
238 * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
239 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
240 * the tag number and |*out_header_len| to the length of the ASN.1 header.
241 * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore
242 * the value.
243 *
244 * Tag numbers greater than 30 are not supported (i.e. short form only).
245 */
246int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
247 size_t *out_header_len);
248
249/*
250 * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
251 * and sets |*out| to its value. It returns one on success and zero on error,
252 * where error includes the integer being negative, or too large to represent
253 * in 64 bits.
254 */
255int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
256
257/*
258 * CBS_get_optional_asn1 gets an optional explicitly-tagged element
259 * from |cbs| tagged with |tag| and sets |*out| to its contents. If
260 * present, it sets |*out_present| to one, otherwise zero. It returns
261 * one on success, whether or not the element was present, and zero on
262 * decode failure.
263 */
264int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
265 unsigned int tag);
266
267/*
268 * CBS_get_optional_asn1_octet_string gets an optional
269 * explicitly-tagged OCTET STRING from |cbs|. If present, it sets
270 * |*out| to the string and |*out_present| to one. Otherwise, it sets
271 * |*out| to empty and |*out_present| to zero. |out_present| may be
272 * NULL. It returns one on success, whether or not the element was
273 * present, and zero on decode failure.
274 */
275int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
276 unsigned int tag);
277
278/*
279 * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
280 * INTEGER from |cbs|. If present, it sets |*out| to the
281 * value. Otherwise, it sets |*out| to |default_value|. It returns one
282 * on success, whether or not the element was present, and zero on
283 * decode failure.
284 */
285int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
286 uint64_t default_value);
287
288/*
289 * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
290 * |cbs|. If present, it sets |*out| to either zero or one, based on the
291 * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
292 * success, whether or not the element was present, and zero on decode
293 * failure.
294 */
295int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
296 int default_value);
297
298
299/*
300 * CRYPTO ByteBuilder.
301 *
302 * |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
303 * object is associated with a buffer and new buffers are created with
304 * |CBB_init|. Several |CBB| objects can point at the same buffer when a
305 * length-prefix is pending, however only a single |CBB| can be 'current' at
306 * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
307 * the new |CBB| points at the same buffer as the original. But if the original
308 * |CBB| is used then the length prefix is written out and the new |CBB| must
309 * not be used again.
310 *
311 * If one needs to force a length prefix to be written out because a |CBB| is
312 * going out of scope, use |CBB_flush|.
313 */
314
315struct cbb_buffer_st {
316 uint8_t *buf;
317
318 /* The number of valid bytes. */
319 size_t len;
320
321 /* The size of buf. */
322 size_t cap;
323
324 /*
325 * One iff |buf| is owned by this object. If not then |buf| cannot be
326 * resized.
327 */
328 char can_resize;
329};
330
331typedef struct cbb_st {
332 struct cbb_buffer_st *base;
333
334 /*
335 * offset is the offset from the start of |base->buf| to the position of any
336 * pending length-prefix.
337 */
338 size_t offset;
339
340 /* child points to a child CBB if a length-prefix is pending. */
341 struct cbb_st *child;
342
343 /*
344 * pending_len_len contains the number of bytes in a pending length-prefix,
345 * or zero if no length-prefix is pending.
346 */
347 uint8_t pending_len_len;
348
349 char pending_is_asn1;
350
351 /*
352 * is_top_level is true iff this is a top-level |CBB| (as opposed to a child
353 * |CBB|). Top-level objects are valid arguments for |CBB_finish|.
354 */
355 char is_top_level;
356} CBB;
357
358/*
359 * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
360 * needed, the |initial_capacity| is just a hint. It returns one on success or
361 * zero on error.
362 */
363int CBB_init(CBB *cbb, size_t initial_capacity);
364
365/*
366 * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
367 * |buf| cannot grow, trying to write more than |len| bytes will cause CBB
368 * functions to fail. It returns one on success or zero on error.
369 */
370int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
371
372/*
373 * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
374 * writing to the same buffer. This should be used in an error case where a
375 * serialisation is abandoned.
376 */
377void CBB_cleanup(CBB *cbb);
378
379/*
380 * CBB_finish completes any pending length prefix and sets |*out_data| to a
381 * malloced buffer and |*out_len| to the length of that buffer. The caller
382 * takes ownership of the buffer and, unless the buffer was fixed with
383 * |CBB_init_fixed|, must call |free| when done.
384 *
385 * It can only be called on a "top level" |CBB|, i.e. one initialised with
386 * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
387 * error.
388 */
389int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
390
391/*
392 * CBB_flush causes any pending length prefixes to be written out and any child
393 * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero
394 * on error.
395 */
396int CBB_flush(CBB *cbb);
397
398/*
399 * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
400 * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
401 * length. It returns one on success or zero on error.
402 */
403int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
404
405/*
406 * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
407 * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
408 * big-endian length. It returns one on success or zero on error.
409 */
410int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
411
412/*
413 * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
414 * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
415 * big-endian length. It returns one on success or zero on error.
416 */
417int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
418
419/*
420 * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
421 * ASN.1 object can be written. The |tag| argument will be used as the tag for
422 * the object. Passing in |tag| number 31 will return in an error since only
423 * single octet identifiers are supported. It returns one on success or zero
424 * on error.
425 */
426int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag);
427
428/*
429 * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
430 * success and zero otherwise.
431 */
432int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
433
434/*
435 * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
436 * the beginning of that space. The caller must then write |len| bytes of
437 * actual contents to |*out_data|. It returns one on success and zero
438 * otherwise.
439 */
440int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
441
442/*
443 * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
444 * success and zero otherwise.
445 */
446int CBB_add_u8(CBB *cbb, size_t value);
447
448/*
449 * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It
450 * returns one on success and zero otherwise.
451 */
452int CBB_add_u16(CBB *cbb, size_t value);
453
454/*
455 * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
456 * returns one on success and zero otherwise.
457 */
458int CBB_add_u24(CBB *cbb, size_t value);
459
460/*
461 * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
462 * and writes |value| in its contents. It returns one on success and zero on
463 * error.
464 */
465int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
466
467#ifdef LIBRESSL_INTERNAL
468/*
469 * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two
470 * CBS that point to the same buffer.
471 */
472void CBS_dup(const CBS *cbs, CBS *out);
473
474/*
475 * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
476 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
477 * the tag number and |*out_header_len| to the length of the ASN.1 header. If
478 * strict mode is disabled and the element has indefinite length then |*out|
479 * will only contain the header. Each of |out|, |out_tag|, and
480 * |out_header_len| may be NULL to ignore the value.
481 *
482 * Tag numbers greater than 30 are not supported (i.e. short form only).
483 */
484int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
485 size_t *out_header_len, int strict);
486
487/*
488 * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it
489 * finds indefinite-length elements that otherwise appear to be valid DER, it
490 * attempts to convert the DER-like data to DER and sets |*out| and
491 * |*out_length| to describe a malloced buffer containing the DER data.
492 * Additionally, |*in| will be advanced over the ASN.1 data.
493 *
494 * If it doesn't find any indefinite-length elements then it sets |*out| to
495 * NULL and |*in| is unmodified.
496 *
497 * This is NOT a conversion from BER to DER. There are many restrictions when
498 * dealing with DER data. This is only concerned with one: indefinite vs.
499 * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output
500 * from NSS.
501 *
502 * It returns one on success and zero otherwise.
503 */
504int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len);
505#endif /* LIBRESSL_INTERNAL */
506
507#if defined(__cplusplus)
508} /* extern C */
509#endif
510
511#endif /* OPENSSL_HEADER_BYTESTRING_H */
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
deleted file mode 100644
index b479c61322..0000000000
--- a/src/lib/libssl/d1_both.c
+++ /dev/null
@@ -1,1424 +0,0 @@
1/* $OpenBSD: d1_both.c,v 1.34 2015/07/19 20:32:18 doug Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <stdio.h>
118#include <string.h>
119
120#include "ssl_locl.h"
121
122#include <openssl/buffer.h>
123#include <openssl/evp.h>
124#include <openssl/objects.h>
125#include <openssl/x509.h>
126
127#include "pqueue.h"
128#include "bytestring.h"
129
130#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
131
132#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
133 if ((end) - (start) <= 8) { \
134 long ii; \
135 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
136 } else { \
137 long ii; \
138 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
139 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
140 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
141 } }
142
143#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
144 long ii; \
145 OPENSSL_assert((msg_len) > 0); \
146 is_complete = 1; \
147 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
148 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
149 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
150
151static unsigned char bitmask_start_values[] = {
152 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80
153};
154static unsigned char bitmask_end_values[] = {
155 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f
156};
157
158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160
161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
163 unsigned long frag_len);
164static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
165static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
166 unsigned long len, unsigned short seq_num, unsigned long frag_off,
167 unsigned long frag_len);
168static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
169 int *ok);
170
171static hm_fragment *
172dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
173{
174 hm_fragment *frag = NULL;
175 unsigned char *buf = NULL;
176 unsigned char *bitmask = NULL;
177
178 frag = malloc(sizeof(hm_fragment));
179 if (frag == NULL)
180 return NULL;
181
182 if (frag_len) {
183 buf = malloc(frag_len);
184 if (buf == NULL) {
185 free(frag);
186 return NULL;
187 }
188 }
189
190 /* zero length fragment gets zero frag->fragment */
191 frag->fragment = buf;
192
193 /* Initialize reassembly bitmask if necessary */
194 if (reassembly) {
195 bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len));
196 if (bitmask == NULL) {
197 free(buf);
198 free(frag);
199 return NULL;
200 }
201 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
202 }
203
204 frag->reassembly = bitmask;
205
206 return frag;
207}
208
209static void
210dtls1_hm_fragment_free(hm_fragment *frag)
211{
212 if (frag == NULL)
213 return;
214
215 if (frag->msg_header.is_ccs) {
216 EVP_CIPHER_CTX_free(
217 frag->msg_header.saved_retransmit_state.enc_write_ctx);
218 EVP_MD_CTX_destroy(
219 frag->msg_header.saved_retransmit_state.write_hash);
220 }
221 free(frag->fragment);
222 free(frag->reassembly);
223 free(frag);
224}
225
226/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
227int
228dtls1_do_write(SSL *s, int type)
229{
230 int ret;
231 int curr_mtu;
232 unsigned int len, frag_off, mac_size, blocksize;
233
234 /* AHA! Figure out the MTU, and stick to the right size */
235 if (s->d1->mtu < dtls1_min_mtu() &&
236 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
237 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
238 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
239
240 /*
241 * I've seen the kernel return bogus numbers when it
242 * doesn't know the MTU (ie., the initial write), so just
243 * make sure we have a reasonable number
244 */
245 if (s->d1->mtu < dtls1_min_mtu()) {
246 s->d1->mtu = 0;
247 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
248 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
249 s->d1->mtu, NULL);
250 }
251 }
252
253 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
254 /* should have something reasonable now */
255
256 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
257 OPENSSL_assert(s->init_num ==
258 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
259
260 if (s->write_hash)
261 mac_size = EVP_MD_CTX_size(s->write_hash);
262 else
263 mac_size = 0;
264
265 if (s->enc_write_ctx &&
266 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
267 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
268 else
269 blocksize = 0;
270
271 frag_off = 0;
272 while (s->init_num) {
273 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
274 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
275
276 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
277 /* grr.. we could get an error if MTU picked was wrong */
278 ret = BIO_flush(SSL_get_wbio(s));
279 if (ret <= 0)
280 return ret;
281 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
282 mac_size - blocksize;
283 }
284
285 if (s->init_num > curr_mtu)
286 len = curr_mtu;
287 else
288 len = s->init_num;
289
290
291 /* XDTLS: this function is too long. split out the CCS part */
292 if (type == SSL3_RT_HANDSHAKE) {
293 if (s->init_off != 0) {
294 OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
295 s->init_off -= DTLS1_HM_HEADER_LENGTH;
296 s->init_num += DTLS1_HM_HEADER_LENGTH;
297
298 if (s->init_num > curr_mtu)
299 len = curr_mtu;
300 else
301 len = s->init_num;
302 }
303
304 dtls1_fix_message_header(s, frag_off,
305 len - DTLS1_HM_HEADER_LENGTH);
306
307 dtls1_write_message_header(s,
308 (unsigned char *)&s->init_buf->data[s->init_off]);
309
310 OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
311 }
312
313 ret = dtls1_write_bytes(s, type,
314 &s->init_buf->data[s->init_off], len);
315 if (ret < 0) {
316 /*
317 * Might need to update MTU here, but we don't know
318 * which previous packet caused the failure -- so
319 * can't really retransmit anything. continue as
320 * if everything is fine and wait for an alert to
321 * handle the retransmit
322 */
323 if (BIO_ctrl(SSL_get_wbio(s),
324 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
325 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
326 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
327 else
328 return (-1);
329 } else {
330
331 /*
332 * Bad if this assert fails, only part of the
333 * handshake message got sent. but why would
334 * this happen?
335 */
336 OPENSSL_assert(len == (unsigned int)ret);
337
338 if (type == SSL3_RT_HANDSHAKE &&
339 !s->d1->retransmitting) {
340 /*
341 * Should not be done for 'Hello Request's,
342 * but in that case we'll ignore the result
343 * anyway
344 */
345 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
346 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
347 int xlen;
348
349 if (frag_off == 0 &&
350 s->version != DTLS1_BAD_VER) {
351 /*
352 * Reconstruct message header is if it
353 * is being sent in single fragment
354 */
355 *p++ = msg_hdr->type;
356 l2n3(msg_hdr->msg_len, p);
357 s2n (msg_hdr->seq, p);
358 l2n3(0, p);
359 l2n3(msg_hdr->msg_len, p);
360 p -= DTLS1_HM_HEADER_LENGTH;
361 xlen = ret;
362 } else {
363 p += DTLS1_HM_HEADER_LENGTH;
364 xlen = ret - DTLS1_HM_HEADER_LENGTH;
365 }
366
367 ssl3_finish_mac(s, p, xlen);
368 }
369
370 if (ret == s->init_num) {
371 if (s->msg_callback)
372 s->msg_callback(1, s->version, type,
373 s->init_buf->data,
374 (size_t)(s->init_off + s->init_num),
375 s, s->msg_callback_arg);
376
377 s->init_off = 0;
378 /* done writing this message */
379 s->init_num = 0;
380
381 return (1);
382 }
383 s->init_off += ret;
384 s->init_num -= ret;
385 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
386 }
387 }
388 return (0);
389}
390
391
392/*
393 * Obtain handshake message of message type 'mt' (any if mt == -1),
394 * maximum acceptable body length 'max'.
395 * Read an entire handshake message. Handshake messages arrive in
396 * fragments.
397 */
398long
399dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
400{
401 int i, al;
402 struct hm_header_st *msg_hdr;
403 unsigned char *p;
404 unsigned long msg_len;
405
406 /*
407 * s3->tmp is used to store messages that are unexpected, caused
408 * by the absence of an optional handshake message
409 */
410 if (s->s3->tmp.reuse_message) {
411 s->s3->tmp.reuse_message = 0;
412 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
413 al = SSL_AD_UNEXPECTED_MESSAGE;
414 SSLerr(SSL_F_DTLS1_GET_MESSAGE,
415 SSL_R_UNEXPECTED_MESSAGE);
416 goto f_err;
417 }
418 *ok = 1;
419 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
420 s->init_num = (int)s->s3->tmp.message_size;
421 return s->init_num;
422 }
423
424 msg_hdr = &s->d1->r_msg_hdr;
425 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
426
427again:
428 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
429 if (i == DTLS1_HM_BAD_FRAGMENT ||
430 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
431 goto again;
432 else if (i <= 0 && !*ok)
433 return i;
434
435 p = (unsigned char *)s->init_buf->data;
436 msg_len = msg_hdr->msg_len;
437
438 /* reconstruct message header */
439 *(p++) = msg_hdr->type;
440 l2n3(msg_len, p);
441 s2n (msg_hdr->seq, p);
442 l2n3(0, p);
443 l2n3(msg_len, p);
444 if (s->version != DTLS1_BAD_VER) {
445 p -= DTLS1_HM_HEADER_LENGTH;
446 msg_len += DTLS1_HM_HEADER_LENGTH;
447 }
448
449 ssl3_finish_mac(s, p, msg_len);
450 if (s->msg_callback)
451 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
452 s, s->msg_callback_arg);
453
454 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
455
456 /* Don't change sequence numbers while listening */
457 if (!s->d1->listen)
458 s->d1->handshake_read_seq++;
459
460 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
461 return s->init_num;
462
463f_err:
464 ssl3_send_alert(s, SSL3_AL_FATAL, al);
465 *ok = 0;
466 return -1;
467}
468
469
470static int
471dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
472{
473 size_t frag_off, frag_len, msg_len;
474
475 msg_len = msg_hdr->msg_len;
476 frag_off = msg_hdr->frag_off;
477 frag_len = msg_hdr->frag_len;
478
479 /* sanity checking */
480 if ((frag_off + frag_len) > msg_len) {
481 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
482 SSL_R_EXCESSIVE_MESSAGE_SIZE);
483 return SSL_AD_ILLEGAL_PARAMETER;
484 }
485
486 if ((frag_off + frag_len) > (unsigned long)max) {
487 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
488 SSL_R_EXCESSIVE_MESSAGE_SIZE);
489 return SSL_AD_ILLEGAL_PARAMETER;
490 }
491
492 if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
493 {
494 /*
495 * msg_len is limited to 2^24, but is effectively checked
496 * against max above
497 */
498 if (!BUF_MEM_grow_clean(s->init_buf,
499 msg_len + DTLS1_HM_HEADER_LENGTH)) {
500 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
501 return SSL_AD_INTERNAL_ERROR;
502 }
503
504 s->s3->tmp.message_size = msg_len;
505 s->d1->r_msg_hdr.msg_len = msg_len;
506 s->s3->tmp.message_type = msg_hdr->type;
507 s->d1->r_msg_hdr.type = msg_hdr->type;
508 s->d1->r_msg_hdr.seq = msg_hdr->seq;
509 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
510 /*
511 * They must be playing with us! BTW, failure to enforce
512 * upper limit would open possibility for buffer overrun.
513 */
514 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
515 SSL_R_EXCESSIVE_MESSAGE_SIZE);
516 return SSL_AD_ILLEGAL_PARAMETER;
517 }
518
519 return 0; /* no error */
520}
521
522static int
523dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
524{
525 /*
526 * (0) check whether the desired fragment is available
527 * if so:
528 * (1) copy over the fragment to s->init_buf->data[]
529 * (2) update s->init_num
530 */
531 pitem *item;
532 hm_fragment *frag;
533 int al;
534
535 *ok = 0;
536 item = pqueue_peek(s->d1->buffered_messages);
537 if (item == NULL)
538 return 0;
539
540 frag = (hm_fragment *)item->data;
541
542 /* Don't return if reassembly still in progress */
543 if (frag->reassembly != NULL)
544 return 0;
545
546 if (s->d1->handshake_read_seq == frag->msg_header.seq) {
547 unsigned long frag_len = frag->msg_header.frag_len;
548 pqueue_pop(s->d1->buffered_messages);
549
550 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
551
552 if (al == 0) /* no alert */
553 {
554 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
555 memcpy(&p[frag->msg_header.frag_off],
556 frag->fragment, frag->msg_header.frag_len);
557 }
558
559 dtls1_hm_fragment_free(frag);
560 pitem_free(item);
561
562 if (al == 0) {
563 *ok = 1;
564 return frag_len;
565 }
566
567 ssl3_send_alert(s, SSL3_AL_FATAL, al);
568 s->init_num = 0;
569 *ok = 0;
570 return -1;
571 } else
572 return 0;
573}
574
575/*
576 * dtls1_max_handshake_message_len returns the maximum number of bytes
577 * permitted in a DTLS handshake message for |s|. The minimum is 16KB,
578 * but may be greater if the maximum certificate list size requires it.
579 */
580static unsigned long
581dtls1_max_handshake_message_len(const SSL *s)
582{
583 unsigned long max_len;
584
585 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
586 if (max_len < (unsigned long)s->max_cert_list)
587 return s->max_cert_list;
588 return max_len;
589}
590
591static int
592dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
593{
594 hm_fragment *frag = NULL;
595 pitem *item = NULL;
596 int i = -1, is_complete;
597 unsigned char seq64be[8];
598 unsigned long frag_len = msg_hdr->frag_len;
599
600 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
601 msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
602 goto err;
603
604 if (frag_len == 0) {
605 i = DTLS1_HM_FRAGMENT_RETRY;
606 goto err;
607 }
608
609 /* Try to find item in queue */
610 memset(seq64be, 0, sizeof(seq64be));
611 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
612 seq64be[7] = (unsigned char)msg_hdr->seq;
613 item = pqueue_find(s->d1->buffered_messages, seq64be);
614
615 if (item == NULL) {
616 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
617 if (frag == NULL)
618 goto err;
619 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
620 frag->msg_header.frag_len = frag->msg_header.msg_len;
621 frag->msg_header.frag_off = 0;
622 } else {
623 frag = (hm_fragment*)item->data;
624 if (frag->msg_header.msg_len != msg_hdr->msg_len) {
625 item = NULL;
626 frag = NULL;
627 goto err;
628 }
629 }
630
631 /*
632 * If message is already reassembled, this must be a
633 * retransmit and can be dropped.
634 */
635 if (frag->reassembly == NULL) {
636 unsigned char devnull [256];
637
638 while (frag_len) {
639 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
640 devnull, frag_len > sizeof(devnull) ?
641 sizeof(devnull) : frag_len, 0);
642 if (i <= 0)
643 goto err;
644 frag_len -= i;
645 }
646 i = DTLS1_HM_FRAGMENT_RETRY;
647 goto err;
648 }
649
650 /* read the body of the fragment (header has already been read */
651 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
652 frag->fragment + msg_hdr->frag_off, frag_len, 0);
653 if (i <= 0 || (unsigned long)i != frag_len)
654 goto err;
655
656 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
657 (long)(msg_hdr->frag_off + frag_len));
658
659 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
660 is_complete);
661
662 if (is_complete) {
663 free(frag->reassembly);
664 frag->reassembly = NULL;
665 }
666
667 if (item == NULL) {
668 memset(seq64be, 0, sizeof(seq64be));
669 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
670 seq64be[7] = (unsigned char)(msg_hdr->seq);
671
672 item = pitem_new(seq64be, frag);
673 if (item == NULL) {
674 i = -1;
675 goto err;
676 }
677
678 pqueue_insert(s->d1->buffered_messages, item);
679 }
680
681 return DTLS1_HM_FRAGMENT_RETRY;
682
683err:
684 if (item == NULL && frag != NULL)
685 dtls1_hm_fragment_free(frag);
686 *ok = 0;
687 return i;
688}
689
690
691static int
692dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
693{
694 int i = -1;
695 hm_fragment *frag = NULL;
696 pitem *item = NULL;
697 unsigned char seq64be[8];
698 unsigned long frag_len = msg_hdr->frag_len;
699
700 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
701 goto err;
702
703 /* Try to find item in queue, to prevent duplicate entries */
704 memset(seq64be, 0, sizeof(seq64be));
705 seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
706 seq64be[7] = (unsigned char) msg_hdr->seq;
707 item = pqueue_find(s->d1->buffered_messages, seq64be);
708
709 /*
710 * If we already have an entry and this one is a fragment,
711 * don't discard it and rather try to reassemble it.
712 */
713 if (item != NULL && frag_len < msg_hdr->msg_len)
714 item = NULL;
715
716 /*
717 * Discard the message if sequence number was already there, is
718 * too far in the future, already in the queue or if we received
719 * a FINISHED before the SERVER_HELLO, which then must be a stale
720 * retransmit.
721 */
722 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
723 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
724 (s->d1->handshake_read_seq == 0 &&
725 msg_hdr->type == SSL3_MT_FINISHED)) {
726 unsigned char devnull [256];
727
728 while (frag_len) {
729 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
730 devnull, frag_len > sizeof(devnull) ?
731 sizeof(devnull) : frag_len, 0);
732 if (i <= 0)
733 goto err;
734 frag_len -= i;
735 }
736 } else {
737 if (frag_len < msg_hdr->msg_len)
738 return dtls1_reassemble_fragment(s, msg_hdr, ok);
739
740 if (frag_len > dtls1_max_handshake_message_len(s))
741 goto err;
742
743 frag = dtls1_hm_fragment_new(frag_len, 0);
744 if (frag == NULL)
745 goto err;
746
747 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
748
749 if (frag_len) {
750 /* read the body of the fragment (header has already been read */
751 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
752 frag->fragment, frag_len, 0);
753 if (i <= 0 || (unsigned long)i != frag_len)
754 goto err;
755 }
756
757 memset(seq64be, 0, sizeof(seq64be));
758 seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
759 seq64be[7] = (unsigned char)(msg_hdr->seq);
760
761 item = pitem_new(seq64be, frag);
762 if (item == NULL)
763 goto err;
764
765 pqueue_insert(s->d1->buffered_messages, item);
766 }
767
768 return DTLS1_HM_FRAGMENT_RETRY;
769
770err:
771 if (item == NULL && frag != NULL)
772 dtls1_hm_fragment_free(frag);
773 *ok = 0;
774 return i;
775}
776
777
778static long
779dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
780{
781 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
782 unsigned long len, frag_off, frag_len;
783 int i, al;
784 struct hm_header_st msg_hdr;
785
786again:
787 /* see if we have the required fragment already */
788 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
789 if (*ok)
790 s->init_num = frag_len;
791 return frag_len;
792 }
793
794 /* read handshake message header */
795 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
796 DTLS1_HM_HEADER_LENGTH, 0);
797 if (i <= 0) /* nbio, or an error */
798 {
799 s->rwstate = SSL_READING;
800 *ok = 0;
801 return i;
802 }
803 /* Handshake fails if message header is incomplete */
804 if (i != DTLS1_HM_HEADER_LENGTH ||
805 /* parse the message fragment header */
806 dtls1_get_message_header(wire, &msg_hdr) == 0) {
807 al = SSL_AD_UNEXPECTED_MESSAGE;
808 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
809 SSL_R_UNEXPECTED_MESSAGE);
810 goto f_err;
811 }
812
813 /*
814 * if this is a future (or stale) message it gets buffered
815 * (or dropped)--no further processing at this time
816 * While listening, we accept seq 1 (ClientHello with cookie)
817 * although we're still expecting seq 0 (ClientHello)
818 */
819 if (msg_hdr.seq != s->d1->handshake_read_seq &&
820 !(s->d1->listen && msg_hdr.seq == 1))
821 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
822
823 len = msg_hdr.msg_len;
824 frag_off = msg_hdr.frag_off;
825 frag_len = msg_hdr.frag_len;
826
827 if (frag_len && frag_len < len)
828 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
829
830 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
831 wire[0] == SSL3_MT_HELLO_REQUEST) {
832 /*
833 * The server may always send 'Hello Request' messages --
834 * we are doing a handshake anyway now, so ignore them
835 * if their format is correct. Does not count for
836 * 'Finished' MAC.
837 */
838 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
839 if (s->msg_callback)
840 s->msg_callback(0, s->version,
841 SSL3_RT_HANDSHAKE, wire,
842 DTLS1_HM_HEADER_LENGTH, s,
843 s->msg_callback_arg);
844
845 s->init_num = 0;
846 goto again;
847 }
848 else /* Incorrectly formated Hello request */
849 {
850 al = SSL_AD_UNEXPECTED_MESSAGE;
851 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
852 SSL_R_UNEXPECTED_MESSAGE);
853 goto f_err;
854 }
855 }
856
857 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
858 goto f_err;
859
860 /* XDTLS: ressurect this when restart is in place */
861 s->state = stn;
862
863 if (frag_len > 0) {
864 unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
865
866 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
867 &p[frag_off], frag_len, 0);
868 /* XDTLS: fix this--message fragments cannot span multiple packets */
869 if (i <= 0) {
870 s->rwstate = SSL_READING;
871 *ok = 0;
872 return i;
873 }
874 } else
875 i = 0;
876
877 /*
878 * XDTLS: an incorrectly formatted fragment should cause the
879 * handshake to fail
880 */
881 if (i != (int)frag_len) {
882 al = SSL3_AD_ILLEGAL_PARAMETER;
883 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
884 SSL3_AD_ILLEGAL_PARAMETER);
885 goto f_err;
886 }
887
888 *ok = 1;
889
890 /*
891 * Note that s->init_num is *not* used as current offset in
892 * s->init_buf->data, but as a counter summing up fragments'
893 * lengths: as soon as they sum up to handshake packet
894 * length, we assume we have got all the fragments.
895 */
896 s->init_num = frag_len;
897 return frag_len;
898
899f_err:
900 ssl3_send_alert(s, SSL3_AL_FATAL, al);
901 s->init_num = 0;
902
903 *ok = 0;
904 return (-1);
905}
906
907int
908dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
909{
910 unsigned char *p, *d;
911 int i;
912 unsigned long l;
913
914 if (s->state == a) {
915 d = (unsigned char *)s->init_buf->data;
916 p = &(d[DTLS1_HM_HEADER_LENGTH]);
917
918 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
919 s->s3->tmp.finish_md);
920 s->s3->tmp.finish_md_len = i;
921 memcpy(p, s->s3->tmp.finish_md, i);
922 p += i;
923 l = i;
924
925 /*
926 * Copy the finished so we can use it for
927 * renegotiation checks
928 */
929 if (s->type == SSL_ST_CONNECT) {
930 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
931 memcpy(s->s3->previous_client_finished,
932 s->s3->tmp.finish_md, i);
933 s->s3->previous_client_finished_len = i;
934 } else {
935 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
936 memcpy(s->s3->previous_server_finished,
937 s->s3->tmp.finish_md, i);
938 s->s3->previous_server_finished_len = i;
939 }
940
941 d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
942 s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH;
943 s->init_off = 0;
944
945 /* buffer the message to handle re-xmits */
946 dtls1_buffer_message(s, 0);
947
948 s->state = b;
949 }
950
951 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
952 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
953}
954
955/*
956 * for these 2 messages, we need to
957 * ssl->enc_read_ctx re-init
958 * ssl->s3->read_sequence zero
959 * ssl->s3->read_mac_secret re-init
960 * ssl->session->read_sym_enc assign
961 * ssl->session->read_hash assign
962 */
963int
964dtls1_send_change_cipher_spec(SSL *s, int a, int b)
965{
966 unsigned char *p;
967
968 if (s->state == a) {
969 p = (unsigned char *)s->init_buf->data;
970 *p++=SSL3_MT_CCS;
971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
972 s->init_num = DTLS1_CCS_HEADER_LENGTH;
973
974 if (s->version == DTLS1_BAD_VER) {
975 s->d1->next_handshake_write_seq++;
976 s2n(s->d1->handshake_write_seq, p);
977 s->init_num += 2;
978 }
979
980 s->init_off = 0;
981
982 dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
983 s->d1->handshake_write_seq, 0, 0);
984
985 /* buffer the message to handle re-xmits */
986 dtls1_buffer_message(s, 1);
987
988 s->state = b;
989 }
990
991 /* SSL3_ST_CW_CHANGE_B */
992 return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
993}
994
995static int
996dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
997{
998 int n;
999 unsigned char *p;
1000
1001 n = i2d_X509(x, NULL);
1002 if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
1004 return 0;
1005 }
1006 p = (unsigned char *)&(buf->data[*l]);
1007 l2n3(n, p);
1008 i2d_X509(x, &p);
1009 *l += n + 3;
1010
1011 return 1;
1012}
1013
1014unsigned long
1015dtls1_output_cert_chain(SSL *s, X509 *x)
1016{
1017 unsigned char *p;
1018 int i;
1019 unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
1020 BUF_MEM *buf;
1021
1022 /* TLSv1 sends a chain with nothing in it, instead of an alert */
1023 buf = s->init_buf;
1024 if (!BUF_MEM_grow_clean(buf, 10)) {
1025 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
1026 return (0);
1027 }
1028 if (x != NULL) {
1029 X509_STORE_CTX xs_ctx;
1030
1031 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store,
1032 x, NULL)) {
1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
1034 return (0);
1035 }
1036
1037 X509_verify_cert(&xs_ctx);
1038 /* Don't leave errors in the queue */
1039 ERR_clear_error();
1040 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
1041 x = sk_X509_value(xs_ctx.chain, i);
1042
1043 if (!dtls1_add_cert_to_buf(buf, &l, x)) {
1044 X509_STORE_CTX_cleanup(&xs_ctx);
1045 return 0;
1046 }
1047 }
1048 X509_STORE_CTX_cleanup(&xs_ctx);
1049 }
1050 /* Thawte special :-) */
1051 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
1052 x = sk_X509_value(s->ctx->extra_certs, i);
1053 if (!dtls1_add_cert_to_buf(buf, &l, x))
1054 return 0;
1055 }
1056
1057 l -= (3 + DTLS1_HM_HEADER_LENGTH);
1058
1059 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1060 l2n3(l, p);
1061 l += 3;
1062 p = (unsigned char *)&(buf->data[0]);
1063 p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
1064
1065 l += DTLS1_HM_HEADER_LENGTH;
1066 return (l);
1067}
1068
1069int
1070dtls1_read_failed(SSL *s, int code)
1071{
1072 if (code > 0) {
1073 fprintf(stderr, "invalid state reached %s:%d",
1074 __FILE__, __LINE__);
1075 return 1;
1076 }
1077
1078 if (!dtls1_is_timer_expired(s)) {
1079 /*
1080 * not a timeout, none of our business, let higher layers
1081 * handle this. in fact it's probably an error
1082 */
1083 return code;
1084 }
1085
1086 if (!SSL_in_init(s)) /* done, no need to send a retransmit */
1087 {
1088 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
1089 return code;
1090 }
1091
1092 return dtls1_handle_timeout(s);
1093}
1094
1095int
1096dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1097{
1098 /*
1099 * The index of the retransmission queue actually is the message
1100 * sequence number, since the queue only contains messages of a
1101 * single handshake. However, the ChangeCipherSpec has no message
1102 * sequence number and so using only the sequence will result in
1103 * the CCS and Finished having the same index. To prevent this, the
1104 * sequence number is multiplied by 2. In case of a CCS 1 is
1105 * subtracted. This does not only differ CSS and Finished, it also
1106 * maintains the order of the index (important for priority queues)
1107 * and fits in the unsigned short variable.
1108 */
1109 return seq * 2 - is_ccs;
1110}
1111
1112int
1113dtls1_retransmit_buffered_messages(SSL *s)
1114{
1115 pqueue sent = s->d1->sent_messages;
1116 piterator iter;
1117 pitem *item;
1118 hm_fragment *frag;
1119 int found = 0;
1120
1121 iter = pqueue_iterator(sent);
1122
1123 for (item = pqueue_next(&iter); item != NULL;
1124 item = pqueue_next(&iter)) {
1125 frag = (hm_fragment *)item->data;
1126 if (dtls1_retransmit_message(s,
1127 (unsigned short)dtls1_get_queue_priority(
1128 frag->msg_header.seq, frag->msg_header.is_ccs), 0,
1129 &found) <= 0 && found) {
1130 fprintf(stderr, "dtls1_retransmit_message() failed\n");
1131 return -1;
1132 }
1133 }
1134
1135 return 1;
1136}
1137
1138int
1139dtls1_buffer_message(SSL *s, int is_ccs)
1140{
1141 pitem *item;
1142 hm_fragment *frag;
1143 unsigned char seq64be[8];
1144
1145 /* Buffer the messsage in order to handle DTLS retransmissions. */
1146
1147 /*
1148 * This function is called immediately after a message has
1149 * been serialized
1150 */
1151 OPENSSL_assert(s->init_off == 0);
1152
1153 frag = dtls1_hm_fragment_new(s->init_num, 0);
1154 if (frag == NULL)
1155 return 0;
1156
1157 memcpy(frag->fragment, s->init_buf->data, s->init_num);
1158
1159 if (is_ccs) {
1160 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1161 ((s->version == DTLS1_VERSION) ?
1162 DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num);
1163 } else {
1164 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
1165 DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
1166 }
1167
1168 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
1169 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
1170 frag->msg_header.type = s->d1->w_msg_hdr.type;
1171 frag->msg_header.frag_off = 0;
1172 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1173 frag->msg_header.is_ccs = is_ccs;
1174
1175 /* save current state*/
1176 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1177 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1178 frag->msg_header.saved_retransmit_state.session = s->session;
1179 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1180
1181 memset(seq64be, 0, sizeof(seq64be));
1182 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
1183 frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
1184 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
1185 frag->msg_header.seq, frag->msg_header.is_ccs));
1186
1187 item = pitem_new(seq64be, frag);
1188 if (item == NULL) {
1189 dtls1_hm_fragment_free(frag);
1190 return 0;
1191 }
1192
1193 pqueue_insert(s->d1->sent_messages, item);
1194 return 1;
1195}
1196
1197int
1198dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1199 int *found)
1200{
1201 int ret;
1202 /* XDTLS: for now assuming that read/writes are blocking */
1203 pitem *item;
1204 hm_fragment *frag;
1205 unsigned long header_length;
1206 unsigned char seq64be[8];
1207 struct dtls1_retransmit_state saved_state;
1208 unsigned char save_write_sequence[8];
1209
1210 /*
1211 OPENSSL_assert(s->init_num == 0);
1212 OPENSSL_assert(s->init_off == 0);
1213 */
1214
1215 /* XDTLS: the requested message ought to be found, otherwise error */
1216 memset(seq64be, 0, sizeof(seq64be));
1217 seq64be[6] = (unsigned char)(seq >> 8);
1218 seq64be[7] = (unsigned char)seq;
1219
1220 item = pqueue_find(s->d1->sent_messages, seq64be);
1221 if (item == NULL) {
1222 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1223 *found = 0;
1224 return 0;
1225 }
1226
1227 *found = 1;
1228 frag = (hm_fragment *)item->data;
1229
1230 if (frag->msg_header.is_ccs)
1231 header_length = DTLS1_CCS_HEADER_LENGTH;
1232 else
1233 header_length = DTLS1_HM_HEADER_LENGTH;
1234
1235 memcpy(s->init_buf->data, frag->fragment,
1236 frag->msg_header.msg_len + header_length);
1237 s->init_num = frag->msg_header.msg_len + header_length;
1238
1239 dtls1_set_message_header_int(s, frag->msg_header.type,
1240 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1241 frag->msg_header.frag_len);
1242
1243 /* save current state */
1244 saved_state.enc_write_ctx = s->enc_write_ctx;
1245 saved_state.write_hash = s->write_hash;
1246 saved_state.session = s->session;
1247 saved_state.epoch = s->d1->w_epoch;
1248
1249 s->d1->retransmitting = 1;
1250
1251 /* restore state in which the message was originally sent */
1252 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1253 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1254 s->session = frag->msg_header.saved_retransmit_state.session;
1255 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1256
1257 if (frag->msg_header.saved_retransmit_state.epoch ==
1258 saved_state.epoch - 1) {
1259 memcpy(save_write_sequence, s->s3->write_sequence,
1260 sizeof(s->s3->write_sequence));
1261 memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
1262 sizeof(s->s3->write_sequence));
1263 }
1264
1265 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1266 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1267
1268 /* restore current state */
1269 s->enc_write_ctx = saved_state.enc_write_ctx;
1270 s->write_hash = saved_state.write_hash;
1271 s->session = saved_state.session;
1272 s->d1->w_epoch = saved_state.epoch;
1273
1274 if (frag->msg_header.saved_retransmit_state.epoch ==
1275 saved_state.epoch - 1) {
1276 memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
1277 sizeof(s->s3->write_sequence));
1278 memcpy(s->s3->write_sequence, save_write_sequence,
1279 sizeof(s->s3->write_sequence));
1280 }
1281
1282 s->d1->retransmitting = 0;
1283
1284 (void)BIO_flush(SSL_get_wbio(s));
1285 return ret;
1286}
1287
1288/* call this function when the buffered messages are no longer needed */
1289void
1290dtls1_clear_record_buffer(SSL *s)
1291{
1292 pitem *item;
1293
1294 for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
1295 item = pqueue_pop(s->d1->sent_messages)) {
1296 dtls1_hm_fragment_free((hm_fragment *)item->data);
1297 pitem_free(item);
1298 }
1299}
1300
1301unsigned char *
1302dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
1303 unsigned long len, unsigned long frag_off, unsigned long frag_len)
1304{
1305 /* Don't change sequence numbers while listening */
1306 if (frag_off == 0 && !s->d1->listen) {
1307 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
1308 s->d1->next_handshake_write_seq++;
1309 }
1310
1311 dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
1312 frag_off, frag_len);
1313
1314 return p += DTLS1_HM_HEADER_LENGTH;
1315}
1316
1317/* don't actually do the writing, wait till the MTU has been retrieved */
1318static void
1319dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
1320 unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
1321{
1322 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1323
1324 msg_hdr->type = mt;
1325 msg_hdr->msg_len = len;
1326 msg_hdr->seq = seq_num;
1327 msg_hdr->frag_off = frag_off;
1328 msg_hdr->frag_len = frag_len;
1329}
1330
1331static void
1332dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
1333{
1334 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1335
1336 msg_hdr->frag_off = frag_off;
1337 msg_hdr->frag_len = frag_len;
1338}
1339
1340static unsigned char *
1341dtls1_write_message_header(SSL *s, unsigned char *p)
1342{
1343 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
1344
1345 *p++ = msg_hdr->type;
1346 l2n3(msg_hdr->msg_len, p);
1347
1348 s2n(msg_hdr->seq, p);
1349 l2n3(msg_hdr->frag_off, p);
1350 l2n3(msg_hdr->frag_len, p);
1351
1352 return p;
1353}
1354
1355unsigned int
1356dtls1_min_mtu(void)
1357{
1358 return (g_probable_mtu[(sizeof(g_probable_mtu) /
1359 sizeof(g_probable_mtu[0])) - 1]);
1360}
1361
1362static unsigned int
1363dtls1_guess_mtu(unsigned int curr_mtu)
1364{
1365 unsigned int i;
1366
1367 if (curr_mtu == 0)
1368 return g_probable_mtu[0];
1369
1370 for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
1371 if (curr_mtu > g_probable_mtu[i])
1372 return g_probable_mtu[i];
1373
1374 return curr_mtu;
1375}
1376
1377int
1378dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
1379{
1380 CBS header;
1381 uint32_t msg_len, frag_off, frag_len;
1382 uint16_t seq;
1383 uint8_t type;
1384
1385 CBS_init(&header, data, sizeof(*msg_hdr));
1386
1387 memset(msg_hdr, 0, sizeof(*msg_hdr));
1388
1389 if (!CBS_get_u8(&header, &type))
1390 return 0;
1391 if (!CBS_get_u24(&header, &msg_len))
1392 return 0;
1393 if (!CBS_get_u16(&header, &seq))
1394 return 0;
1395 if (!CBS_get_u24(&header, &frag_off))
1396 return 0;
1397 if (!CBS_get_u24(&header, &frag_len))
1398 return 0;
1399
1400 msg_hdr->type = type;
1401 msg_hdr->msg_len = msg_len;
1402 msg_hdr->seq = seq;
1403 msg_hdr->frag_off = frag_off;
1404 msg_hdr->frag_len = frag_len;
1405
1406 return 1;
1407}
1408
1409void
1410dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
1411{
1412 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
1413
1414 ccs_hdr->type = *(data++);
1415}
1416
1417int
1418dtls1_shutdown(SSL *s)
1419{
1420 int ret;
1421
1422 ret = ssl3_shutdown(s);
1423 return ret;
1424}
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
deleted file mode 100644
index b087535ce1..0000000000
--- a/src/lib/libssl/d1_clnt.c
+++ /dev/null
@@ -1,1160 +0,0 @@
1/* $OpenBSD: d1_clnt.c,v 1.47 2015/07/15 18:35:34 beck Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <limits.h>
117#include <stdio.h>
118
119#include "ssl_locl.h"
120
121#include <openssl/bn.h>
122#include <openssl/buffer.h>
123#include <openssl/dh.h>
124#include <openssl/evp.h>
125#include <openssl/md5.h>
126#include <openssl/objects.h>
127
128#include "bytestring.h"
129
130static const SSL_METHOD *dtls1_get_client_method(int ver);
131static int dtls1_get_hello_verify(SSL *s);
132
133const SSL_METHOD DTLSv1_client_method_data = {
134 .version = DTLS1_VERSION,
135 .ssl_new = dtls1_new,
136 .ssl_clear = dtls1_clear,
137 .ssl_free = dtls1_free,
138 .ssl_accept = ssl_undefined_function,
139 .ssl_connect = dtls1_connect,
140 .ssl_read = ssl3_read,
141 .ssl_peek = ssl3_peek,
142 .ssl_write = ssl3_write,
143 .ssl_shutdown = dtls1_shutdown,
144 .ssl_renegotiate = ssl3_renegotiate,
145 .ssl_renegotiate_check = ssl3_renegotiate_check,
146 .ssl_get_message = dtls1_get_message,
147 .ssl_read_bytes = dtls1_read_bytes,
148 .ssl_write_bytes = dtls1_write_app_data_bytes,
149 .ssl_dispatch_alert = dtls1_dispatch_alert,
150 .ssl_ctrl = dtls1_ctrl,
151 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
152 .get_cipher_by_char = ssl3_get_cipher_by_char,
153 .put_cipher_by_char = ssl3_put_cipher_by_char,
154 .ssl_pending = ssl3_pending,
155 .num_ciphers = ssl3_num_ciphers,
156 .get_cipher = dtls1_get_cipher,
157 .get_ssl_method = dtls1_get_client_method,
158 .get_timeout = dtls1_default_timeout,
159 .ssl3_enc = &DTLSv1_enc_data,
160 .ssl_version = ssl_undefined_void_function,
161 .ssl_callback_ctrl = ssl3_callback_ctrl,
162 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
163};
164
165const SSL_METHOD *
166DTLSv1_client_method(void)
167{
168 return &DTLSv1_client_method_data;
169}
170
171static const SSL_METHOD *
172dtls1_get_client_method(int ver)
173{
174 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
175 return (DTLSv1_client_method());
176 return (NULL);
177}
178
179int
180dtls1_connect(SSL *s)
181{
182 void (*cb)(const SSL *ssl, int type, int val) = NULL;
183 int ret = -1;
184 int new_state, state, skip = 0;
185
186 ERR_clear_error();
187 errno = 0;
188
189 if (s->info_callback != NULL)
190 cb = s->info_callback;
191 else if (s->ctx->info_callback != NULL)
192 cb = s->ctx->info_callback;
193
194 s->in_handshake++;
195 if (!SSL_in_init(s) || SSL_in_before(s))
196 SSL_clear(s);
197
198
199 for (;;) {
200 state = s->state;
201
202 switch (s->state) {
203 case SSL_ST_RENEGOTIATE:
204 s->renegotiate = 1;
205 s->state = SSL_ST_CONNECT;
206 s->ctx->stats.sess_connect_renegotiate++;
207 /* break */
208 case SSL_ST_BEFORE:
209 case SSL_ST_CONNECT:
210 case SSL_ST_BEFORE|SSL_ST_CONNECT:
211 case SSL_ST_OK|SSL_ST_CONNECT:
212
213 s->server = 0;
214 if (cb != NULL)
215 cb(s, SSL_CB_HANDSHAKE_START, 1);
216
217 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
218 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) {
219 SSLerr(SSL_F_DTLS1_CONNECT,
220 ERR_R_INTERNAL_ERROR);
221 ret = -1;
222 goto end;
223 }
224
225 /* s->version=SSL3_VERSION; */
226 s->type = SSL_ST_CONNECT;
227
228 if (!ssl3_setup_init_buffer(s)) {
229 ret = -1;
230 goto end;
231 }
232 if (!ssl3_setup_buffers(s)) {
233 ret = -1;
234 goto end;
235 }
236 if (!ssl_init_wbio_buffer(s, 0)) {
237 ret = -1;
238 goto end;
239 }
240
241 /* don't push the buffering BIO quite yet */
242
243 s->state = SSL3_ST_CW_CLNT_HELLO_A;
244 s->ctx->stats.sess_connect++;
245 s->init_num = 0;
246 /* mark client_random uninitialized */
247 memset(s->s3->client_random, 0,
248 sizeof(s->s3->client_random));
249 s->d1->send_cookie = 0;
250 s->hit = 0;
251 break;
252
253
254 case SSL3_ST_CW_CLNT_HELLO_A:
255 case SSL3_ST_CW_CLNT_HELLO_B:
256
257 s->shutdown = 0;
258
259 /* every DTLS ClientHello resets Finished MAC */
260 if (!ssl3_init_finished_mac(s)) {
261 ret = -1;
262 goto end;
263 }
264
265 dtls1_start_timer(s);
266 ret = dtls1_client_hello(s);
267 if (ret <= 0)
268 goto end;
269
270 if (s->d1->send_cookie) {
271 s->state = SSL3_ST_CW_FLUSH;
272 s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
273 } else
274 s->state = SSL3_ST_CR_SRVR_HELLO_A;
275
276 s->init_num = 0;
277
278 /* turn on buffering for the next lot of output */
279 if (s->bbio != s->wbio)
280 s->wbio = BIO_push(s->bbio, s->wbio);
281 break;
282
283 case SSL3_ST_CR_SRVR_HELLO_A:
284 case SSL3_ST_CR_SRVR_HELLO_B:
285 ret = ssl3_get_server_hello(s);
286 if (ret <= 0)
287 goto end;
288 else {
289 if (s->hit) {
290
291 s->state = SSL3_ST_CR_FINISHED_A;
292 } else
293 s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
294 }
295 s->init_num = 0;
296 break;
297
298 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
299 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
300
301 ret = dtls1_get_hello_verify(s);
302 if (ret <= 0)
303 goto end;
304 dtls1_stop_timer(s);
305 if ( s->d1->send_cookie) /* start again, with a cookie */
306 s->state = SSL3_ST_CW_CLNT_HELLO_A;
307 else
308 s->state = SSL3_ST_CR_CERT_A;
309 s->init_num = 0;
310 break;
311
312 case SSL3_ST_CR_CERT_A:
313 case SSL3_ST_CR_CERT_B:
314 ret = ssl3_check_finished(s);
315 if (ret <= 0)
316 goto end;
317 if (ret == 2) {
318 s->hit = 1;
319 if (s->tlsext_ticket_expected)
320 s->state = SSL3_ST_CR_SESSION_TICKET_A;
321 else
322 s->state = SSL3_ST_CR_FINISHED_A;
323 s->init_num = 0;
324 break;
325 }
326 /* Check if it is anon DH. */
327 if (!(s->s3->tmp.new_cipher->algorithm_auth &
328 SSL_aNULL)) {
329 ret = ssl3_get_server_certificate(s);
330 if (ret <= 0)
331 goto end;
332 if (s->tlsext_status_expected)
333 s->state = SSL3_ST_CR_CERT_STATUS_A;
334 else
335 s->state = SSL3_ST_CR_KEY_EXCH_A;
336 } else {
337 skip = 1;
338 s->state = SSL3_ST_CR_KEY_EXCH_A;
339 }
340 s->init_num = 0;
341 break;
342
343 case SSL3_ST_CR_KEY_EXCH_A:
344 case SSL3_ST_CR_KEY_EXCH_B:
345 ret = ssl3_get_key_exchange(s);
346 if (ret <= 0)
347 goto end;
348 s->state = SSL3_ST_CR_CERT_REQ_A;
349 s->init_num = 0;
350
351 /* at this point we check that we have the
352 * required stuff from the server */
353 if (!ssl3_check_cert_and_algorithm(s)) {
354 ret = -1;
355 goto end;
356 }
357 break;
358
359 case SSL3_ST_CR_CERT_REQ_A:
360 case SSL3_ST_CR_CERT_REQ_B:
361 ret = ssl3_get_certificate_request(s);
362 if (ret <= 0)
363 goto end;
364 s->state = SSL3_ST_CR_SRVR_DONE_A;
365 s->init_num = 0;
366 break;
367
368 case SSL3_ST_CR_SRVR_DONE_A:
369 case SSL3_ST_CR_SRVR_DONE_B:
370 ret = ssl3_get_server_done(s);
371 if (ret <= 0)
372 goto end;
373 dtls1_stop_timer(s);
374 if (s->s3->tmp.cert_req)
375 s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
376 else
377 s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
378 s->init_num = 0;
379
380 s->state = s->s3->tmp.next_state;
381 break;
382
383 case SSL3_ST_CW_CERT_A:
384 case SSL3_ST_CW_CERT_B:
385 case SSL3_ST_CW_CERT_C:
386 case SSL3_ST_CW_CERT_D:
387 dtls1_start_timer(s);
388 ret = dtls1_send_client_certificate(s);
389 if (ret <= 0)
390 goto end;
391 s->state = SSL3_ST_CW_KEY_EXCH_A;
392 s->init_num = 0;
393 break;
394
395 case SSL3_ST_CW_KEY_EXCH_A:
396 case SSL3_ST_CW_KEY_EXCH_B:
397 dtls1_start_timer(s);
398 ret = dtls1_send_client_key_exchange(s);
399 if (ret <= 0)
400 goto end;
401
402
403 /* EAY EAY EAY need to check for DH fix cert
404 * sent back */
405 /* For TLS, cert_req is set to 2, so a cert chain
406 * of nothing is sent, but no verify packet is sent */
407 if (s->s3->tmp.cert_req == 1) {
408 s->state = SSL3_ST_CW_CERT_VRFY_A;
409 } else {
410 s->state = SSL3_ST_CW_CHANGE_A;
411 s->s3->change_cipher_spec = 0;
412 }
413
414 s->init_num = 0;
415 break;
416
417 case SSL3_ST_CW_CERT_VRFY_A:
418 case SSL3_ST_CW_CERT_VRFY_B:
419 dtls1_start_timer(s);
420 ret = dtls1_send_client_verify(s);
421 if (ret <= 0)
422 goto end;
423 s->state = SSL3_ST_CW_CHANGE_A;
424 s->init_num = 0;
425 s->s3->change_cipher_spec = 0;
426 break;
427
428 case SSL3_ST_CW_CHANGE_A:
429 case SSL3_ST_CW_CHANGE_B:
430 if (!s->hit)
431 dtls1_start_timer(s);
432 ret = dtls1_send_change_cipher_spec(s,
433 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
434 if (ret <= 0)
435 goto end;
436
437 s->state = SSL3_ST_CW_FINISHED_A;
438 s->init_num = 0;
439
440 s->session->cipher = s->s3->tmp.new_cipher;
441 if (!s->method->ssl3_enc->setup_key_block(s)) {
442 ret = -1;
443 goto end;
444 }
445
446 if (!s->method->ssl3_enc->change_cipher_state(s,
447 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
448 ret = -1;
449 goto end;
450 }
451
452
453 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
454 break;
455
456 case SSL3_ST_CW_FINISHED_A:
457 case SSL3_ST_CW_FINISHED_B:
458 if (!s->hit)
459 dtls1_start_timer(s);
460 ret = dtls1_send_finished(s,
461 SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B,
462 s->method->ssl3_enc->client_finished_label,
463 s->method->ssl3_enc->client_finished_label_len);
464 if (ret <= 0)
465 goto end;
466 s->state = SSL3_ST_CW_FLUSH;
467
468 /* clear flags */
469 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
470 if (s->hit) {
471 s->s3->tmp.next_state = SSL_ST_OK;
472 if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
473 s->state = SSL_ST_OK;
474 s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
475 s->s3->delay_buf_pop_ret = 0;
476 }
477 } else {
478
479 /* Allow NewSessionTicket if ticket expected */
480 if (s->tlsext_ticket_expected)
481 s->s3->tmp.next_state =
482 SSL3_ST_CR_SESSION_TICKET_A;
483 else
484 s->s3->tmp.next_state =
485 SSL3_ST_CR_FINISHED_A;
486 }
487 s->init_num = 0;
488 break;
489
490 case SSL3_ST_CR_SESSION_TICKET_A:
491 case SSL3_ST_CR_SESSION_TICKET_B:
492 ret = ssl3_get_new_session_ticket(s);
493 if (ret <= 0)
494 goto end;
495 s->state = SSL3_ST_CR_FINISHED_A;
496 s->init_num = 0;
497 break;
498
499 case SSL3_ST_CR_CERT_STATUS_A:
500 case SSL3_ST_CR_CERT_STATUS_B:
501 ret = ssl3_get_cert_status(s);
502 if (ret <= 0)
503 goto end;
504 s->state = SSL3_ST_CR_KEY_EXCH_A;
505 s->init_num = 0;
506 break;
507
508 case SSL3_ST_CR_FINISHED_A:
509 case SSL3_ST_CR_FINISHED_B:
510 s->d1->change_cipher_spec_ok = 1;
511 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
512 SSL3_ST_CR_FINISHED_B);
513 if (ret <= 0)
514 goto end;
515 dtls1_stop_timer(s);
516
517 if (s->hit)
518 s->state = SSL3_ST_CW_CHANGE_A;
519 else
520 s->state = SSL_ST_OK;
521
522
523 s->init_num = 0;
524 break;
525
526 case SSL3_ST_CW_FLUSH:
527 s->rwstate = SSL_WRITING;
528 if (BIO_flush(s->wbio) <= 0) {
529 /* If the write error was fatal, stop trying */
530 if (!BIO_should_retry(s->wbio)) {
531 s->rwstate = SSL_NOTHING;
532 s->state = s->s3->tmp.next_state;
533 }
534
535 ret = -1;
536 goto end;
537 }
538 s->rwstate = SSL_NOTHING;
539 s->state = s->s3->tmp.next_state;
540 break;
541
542 case SSL_ST_OK:
543 /* clean a few things up */
544 ssl3_cleanup_key_block(s);
545
546 /* If we are not 'joining' the last two packets,
547 * remove the buffering now */
548 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
549 ssl_free_wbio_buffer(s);
550 /* else do it later in ssl3_write */
551
552 s->init_num = 0;
553 s->renegotiate = 0;
554 s->new_session = 0;
555
556 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
557 if (s->hit)
558 s->ctx->stats.sess_hit++;
559
560 ret = 1;
561 /* s->server=0; */
562 s->handshake_func = dtls1_connect;
563 s->ctx->stats.sess_connect_good++;
564
565 if (cb != NULL)
566 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
567
568 /* done with handshaking */
569 s->d1->handshake_read_seq = 0;
570 s->d1->next_handshake_write_seq = 0;
571 goto end;
572 /* break; */
573
574 default:
575 SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
576 ret = -1;
577 goto end;
578 /* break; */
579 }
580
581 /* did we do anything */
582 if (!s->s3->tmp.reuse_message && !skip) {
583 if (s->debug) {
584 if ((ret = BIO_flush(s->wbio)) <= 0)
585 goto end;
586 }
587
588 if ((cb != NULL) && (s->state != state)) {
589 new_state = s->state;
590 s->state = state;
591 cb(s, SSL_CB_CONNECT_LOOP, 1);
592 s->state = new_state;
593 }
594 }
595 skip = 0;
596 }
597
598end:
599 s->in_handshake--;
600 if (cb != NULL)
601 cb(s, SSL_CB_CONNECT_EXIT, ret);
602
603 return (ret);
604}
605
606int
607dtls1_client_hello(SSL *s)
608{
609 unsigned char *bufend, *d, *p;
610 unsigned int i;
611
612 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
613 SSL_SESSION *sess = s->session;
614
615 if ((s->session == NULL) ||
616 (s->session->ssl_version != s->version) ||
617 (!sess->session_id_length && !sess->tlsext_tick) ||
618 (s->session->not_resumable)) {
619 if (!ssl_get_new_session(s, 0))
620 goto err;
621 }
622 /* else use the pre-loaded session */
623
624 p = s->s3->client_random;
625
626 /* if client_random is initialized, reuse it, we are
627 * required to use same upon reply to HelloVerify */
628 for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++)
629 ;
630 if (i == sizeof(s->s3->client_random))
631 arc4random_buf(p, sizeof(s->s3->client_random));
632
633 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
634
635 *(p++) = s->version >> 8;
636 *(p++) = s->version&0xff;
637 s->client_version = s->version;
638
639 /* Random stuff */
640 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
641 p += SSL3_RANDOM_SIZE;
642
643 /* Session ID */
644 if (s->new_session)
645 i = 0;
646 else
647 i = s->session->session_id_length;
648 *(p++) = i;
649 if (i != 0) {
650 if (i > sizeof s->session->session_id) {
651 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
652 ERR_R_INTERNAL_ERROR);
653 goto err;
654 }
655 memcpy(p, s->session->session_id, i);
656 p += i;
657 }
658
659 /* cookie stuff */
660 if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
661 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
662 goto err;
663 }
664 *(p++) = s->d1->cookie_len;
665 memcpy(p, s->d1->cookie, s->d1->cookie_len);
666 p += s->d1->cookie_len;
667
668 /* Ciphers supported */
669 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
670 if (i == 0) {
671 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,
672 SSL_R_NO_CIPHERS_AVAILABLE);
673 goto err;
674 }
675 s2n(i, p);
676 p += i;
677
678 /* add in (no) COMPRESSION */
679 *(p++) = 1;
680 *(p++) = 0; /* Add the NULL method */
681
682 bufend = (unsigned char *)s->init_buf->data +
683 SSL3_RT_MAX_PLAIN_LENGTH;
684 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
685 SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
686 goto err;
687 }
688
689 ssl3_handshake_msg_finish(s, p - d);
690
691 s->state = SSL3_ST_CW_CLNT_HELLO_B;
692 }
693
694 /* SSL3_ST_CW_CLNT_HELLO_B */
695 return (ssl3_handshake_write(s));
696err:
697 return (-1);
698}
699
700static int
701dtls1_get_hello_verify(SSL *s)
702{
703 long n;
704 int al, ok = 0;
705 size_t cookie_len;
706 uint16_t ssl_version;
707 CBS hello_verify_request, cookie;
708
709 n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
710 DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok);
711
712 if (!ok)
713 return ((int)n);
714
715 if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
716 s->d1->send_cookie = 0;
717 s->s3->tmp.reuse_message = 1;
718 return (1);
719 }
720
721 if (n < 0)
722 goto truncated;
723
724 CBS_init(&hello_verify_request, s->init_msg, n);
725
726 if (!CBS_get_u16(&hello_verify_request, &ssl_version))
727 goto truncated;
728
729 if (ssl_version != s->version) {
730 SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
731 s->version = (s->version & 0xff00) | (ssl_version & 0xff);
732 al = SSL_AD_PROTOCOL_VERSION;
733 goto f_err;
734 }
735
736 if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
737 goto truncated;
738
739 if (!CBS_write_bytes(&cookie, s->d1->cookie,
740 sizeof(s->d1->cookie), &cookie_len)) {
741 s->d1->cookie_len = 0;
742 al = SSL_AD_ILLEGAL_PARAMETER;
743 goto f_err;
744 }
745 s->d1->cookie_len = cookie_len;
746 s->d1->send_cookie = 1;
747
748 return 1;
749
750truncated:
751 al = SSL_AD_DECODE_ERROR;
752f_err:
753 ssl3_send_alert(s, SSL3_AL_FATAL, al);
754 return -1;
755}
756
757int
758dtls1_send_client_key_exchange(SSL *s)
759{
760 unsigned char *p, *q;
761 int n;
762 unsigned long alg_k;
763 EVP_PKEY *pkey = NULL;
764 EC_KEY *clnt_ecdh = NULL;
765 const EC_POINT *srvr_ecpoint = NULL;
766 EVP_PKEY *srvr_pub_pkey = NULL;
767 unsigned char *encodedPoint = NULL;
768 int encoded_pt_len = 0;
769 BN_CTX * bn_ctx = NULL;
770
771 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
772 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
773
774 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
775
776 if (s->session->sess_cert == NULL) {
777 ssl3_send_alert(s, SSL3_AL_FATAL,
778 SSL_AD_HANDSHAKE_FAILURE);
779 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
780 ERR_R_INTERNAL_ERROR);
781 goto err;
782 }
783
784 if (alg_k & SSL_kRSA) {
785 RSA *rsa;
786 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
787
788 pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
789 if ((pkey == NULL) ||
790 (pkey->type != EVP_PKEY_RSA) ||
791 (pkey->pkey.rsa == NULL)) {
792 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
793 ERR_R_INTERNAL_ERROR);
794 goto err;
795 }
796 rsa = pkey->pkey.rsa;
797 EVP_PKEY_free(pkey);
798
799 tmp_buf[0] = s->client_version >> 8;
800 tmp_buf[1] = s->client_version&0xff;
801 arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2);
802
803 s->session->master_key_length = sizeof tmp_buf;
804
805 q = p;
806 /* Fix buf for TLS and [incidentally] DTLS */
807 if (s->version > SSL3_VERSION)
808 p += 2;
809 n = RSA_public_encrypt(sizeof tmp_buf,
810 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
811 if (n <= 0) {
812 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
813 SSL_R_BAD_RSA_ENCRYPT);
814 goto err;
815 }
816
817 /* Fix buf for TLS and [incidentally] DTLS */
818 if (s->version > SSL3_VERSION) {
819 s2n(n, q);
820 n += 2;
821 }
822
823 s->session->master_key_length =
824 s->method->ssl3_enc->generate_master_secret(s,
825 s->session->master_key,
826 tmp_buf, sizeof tmp_buf);
827 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
828 } else if (alg_k & SSL_kDHE) {
829 DH *dh_srvr, *dh_clnt;
830
831 if (s->session->sess_cert->peer_dh_tmp != NULL)
832 dh_srvr = s->session->sess_cert->peer_dh_tmp;
833 else {
834 /* we get them from the cert */
835 ssl3_send_alert(s, SSL3_AL_FATAL,
836 SSL_AD_HANDSHAKE_FAILURE);
837 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
838 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
839 goto err;
840 }
841
842 /* generate a new random key */
843 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
844 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
845 ERR_R_DH_LIB);
846 goto err;
847 }
848 if (!DH_generate_key(dh_clnt)) {
849 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
850 ERR_R_DH_LIB);
851 goto err;
852 }
853
854 /* use the 'p' output buffer for the DH key, but
855 * make sure to clear it out afterwards */
856
857 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
858
859 if (n <= 0) {
860 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
861 ERR_R_DH_LIB);
862 goto err;
863 }
864
865 /* generate master key from the result */
866 s->session->master_key_length =
867 s->method->ssl3_enc->generate_master_secret(
868 s, s->session->master_key, p, n);
869 /* clean up */
870 memset(p, 0, n);
871
872 /* send off the data */
873 n = BN_num_bytes(dh_clnt->pub_key);
874 s2n(n, p);
875 BN_bn2bin(dh_clnt->pub_key, p);
876 n += 2;
877
878 DH_free(dh_clnt);
879
880 /* perhaps clean things up a bit EAY EAY EAY EAY*/
881 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
882 const EC_GROUP *srvr_group = NULL;
883 EC_KEY *tkey;
884 int field_size = 0;
885
886 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
887 tkey = s->session->sess_cert->peer_ecdh_tmp;
888 } else {
889 /* Get the Server Public Key from Cert */
890 srvr_pub_pkey = X509_get_pubkey(s->session-> \
891 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
892 if ((srvr_pub_pkey == NULL) ||
893 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
894 (srvr_pub_pkey->pkey.ec == NULL)) {
895 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
896 ERR_R_INTERNAL_ERROR);
897 goto err;
898 }
899
900 tkey = srvr_pub_pkey->pkey.ec;
901 }
902
903 srvr_group = EC_KEY_get0_group(tkey);
904 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
905
906 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
907 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
908 ERR_R_INTERNAL_ERROR);
909 goto err;
910 }
911
912 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
913 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
914 ERR_R_MALLOC_FAILURE);
915 goto err;
916 }
917
918 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
919 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
920 ERR_R_EC_LIB);
921 goto err;
922 }
923
924 /* Generate a new ECDH key pair */
925 if (!(EC_KEY_generate_key(clnt_ecdh))) {
926 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
927 ERR_R_ECDH_LIB);
928 goto err;
929 }
930
931 /* use the 'p' output buffer for the ECDH key, but
932 * make sure to clear it out afterwards
933 */
934
935 field_size = EC_GROUP_get_degree(srvr_group);
936 if (field_size <= 0) {
937 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
938 ERR_R_ECDH_LIB);
939 goto err;
940 }
941 n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL);
942 if (n <= 0) {
943 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
944 ERR_R_ECDH_LIB);
945 goto err;
946 }
947
948 /* generate master key from the result */
949 s->session->master_key_length =
950 s->method->ssl3_enc->generate_master_secret(
951 s, s->session->master_key, p, n);
952 memset(p, 0, n); /* clean up */
953
954 /* First check the size of encoding and
955 * allocate memory accordingly.
956 */
957 encoded_pt_len = EC_POINT_point2oct(srvr_group,
958 EC_KEY_get0_public_key(clnt_ecdh),
959 POINT_CONVERSION_UNCOMPRESSED,
960 NULL, 0, NULL);
961
962 encodedPoint = malloc(encoded_pt_len);
963
964 bn_ctx = BN_CTX_new();
965 if ((encodedPoint == NULL) ||
966 (bn_ctx == NULL)) {
967 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
968 ERR_R_MALLOC_FAILURE);
969 goto err;
970 }
971
972 /* Encode the public key */
973 n = EC_POINT_point2oct(srvr_group,
974 EC_KEY_get0_public_key(clnt_ecdh),
975 POINT_CONVERSION_UNCOMPRESSED,
976 encodedPoint, encoded_pt_len, bn_ctx);
977
978 *p = n; /* length of encoded point */
979 /* Encoded point will be copied here */
980 p += 1;
981
982 /* copy the point */
983 memcpy((unsigned char *)p, encodedPoint, n);
984 /* increment n to account for length field */
985 n += 1;
986
987 /* Free allocated memory */
988 BN_CTX_free(bn_ctx);
989 free(encodedPoint);
990 EC_KEY_free(clnt_ecdh);
991 EVP_PKEY_free(srvr_pub_pkey);
992 }
993
994 else {
995 ssl3_send_alert(s, SSL3_AL_FATAL,
996 SSL_AD_HANDSHAKE_FAILURE);
997 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
998 ERR_R_INTERNAL_ERROR);
999 goto err;
1000 }
1001
1002 ssl3_handshake_msg_finish(s, n);
1003
1004 s->state = SSL3_ST_CW_KEY_EXCH_B;
1005 }
1006
1007 /* SSL3_ST_CW_KEY_EXCH_B */
1008 return (ssl3_handshake_write(s));
1009
1010err:
1011 BN_CTX_free(bn_ctx);
1012 free(encodedPoint);
1013 EC_KEY_free(clnt_ecdh);
1014 EVP_PKEY_free(srvr_pub_pkey);
1015 return (-1);
1016}
1017
1018int
1019dtls1_send_client_verify(SSL *s)
1020{
1021 unsigned char *p;
1022 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1023 EVP_PKEY *pkey;
1024 unsigned u = 0;
1025 unsigned long n;
1026 int j;
1027
1028 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
1029 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
1030
1031 pkey = s->cert->key->privatekey;
1032
1033 s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
1034 &(data[MD5_DIGEST_LENGTH]));
1035
1036 if (pkey->type == EVP_PKEY_RSA) {
1037 s->method->ssl3_enc->cert_verify_mac(s,
1038 NID_md5, &(data[0]));
1039 if (RSA_sign(NID_md5_sha1, data,
1040 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1041 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) {
1042 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1043 ERR_R_RSA_LIB);
1044 goto err;
1045 }
1046 s2n(u, p);
1047 n = u + 2;
1048 } else if (pkey->type == EVP_PKEY_DSA) {
1049 if (!DSA_sign(pkey->save_type,
1050 &(data[MD5_DIGEST_LENGTH]),
1051 SHA_DIGEST_LENGTH, &(p[2]),
1052 (unsigned int *)&j, pkey->pkey.dsa)) {
1053 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1054 ERR_R_DSA_LIB);
1055 goto err;
1056 }
1057 s2n(j, p);
1058 n = j + 2;
1059 } else if (pkey->type == EVP_PKEY_EC) {
1060 if (!ECDSA_sign(pkey->save_type,
1061 &(data[MD5_DIGEST_LENGTH]),
1062 SHA_DIGEST_LENGTH, &(p[2]),
1063 (unsigned int *)&j, pkey->pkey.ec)) {
1064 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1065 ERR_R_ECDSA_LIB);
1066 goto err;
1067 }
1068 s2n(j, p);
1069 n = j + 2;
1070 } else {
1071 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1072 ERR_R_INTERNAL_ERROR);
1073 goto err;
1074 }
1075
1076 ssl3_handshake_msg_finish(s, n);
1077
1078 s->state = SSL3_ST_CW_CERT_VRFY_B;
1079 }
1080
1081 /* s->state = SSL3_ST_CW_CERT_VRFY_B */
1082 return (ssl3_handshake_write(s));
1083
1084err:
1085 return (-1);
1086}
1087
1088int
1089dtls1_send_client_certificate(SSL *s)
1090{
1091 X509 *x509 = NULL;
1092 EVP_PKEY *pkey = NULL;
1093 int i;
1094 unsigned long l;
1095
1096 if (s->state == SSL3_ST_CW_CERT_A) {
1097 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
1098 (s->cert->key->privatekey == NULL))
1099 s->state = SSL3_ST_CW_CERT_B;
1100 else
1101 s->state = SSL3_ST_CW_CERT_C;
1102 }
1103
1104 /* We need to get a client cert */
1105 if (s->state == SSL3_ST_CW_CERT_B) {
1106 /* If we get an error, we need to
1107 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1108 * We then get retied later */
1109 i = 0;
1110 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1111 if (i < 0) {
1112 s->rwstate = SSL_X509_LOOKUP;
1113 return (-1);
1114 }
1115 s->rwstate = SSL_NOTHING;
1116 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
1117 s->state = SSL3_ST_CW_CERT_B;
1118 if (!SSL_use_certificate(s, x509) ||
1119 !SSL_use_PrivateKey(s, pkey))
1120 i = 0;
1121 } else if (i == 1) {
1122 i = 0;
1123 SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
1124 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
1125 }
1126
1127 if (x509 != NULL)
1128 X509_free(x509);
1129 EVP_PKEY_free(pkey);
1130 if (i == 0) {
1131 if (s->version == SSL3_VERSION) {
1132 s->s3->tmp.cert_req = 0;
1133 ssl3_send_alert(s, SSL3_AL_WARNING,
1134 SSL_AD_NO_CERTIFICATE);
1135 return (1);
1136 } else {
1137 s->s3->tmp.cert_req = 2;
1138 }
1139 }
1140
1141 /* Ok, we have a cert */
1142 s->state = SSL3_ST_CW_CERT_C;
1143 }
1144
1145 if (s->state == SSL3_ST_CW_CERT_C) {
1146 s->state = SSL3_ST_CW_CERT_D;
1147 l = dtls1_output_cert_chain(s,
1148 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
1149 s->init_num = (int)l;
1150 s->init_off = 0;
1151
1152 /* set header called by dtls1_output_cert_chain() */
1153
1154 /* buffer the message to handle re-xmits */
1155 dtls1_buffer_message(s, 0);
1156 }
1157
1158 /* SSL3_ST_CW_CERT_D */
1159 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1160}
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
deleted file mode 100644
index c58e109ae5..0000000000
--- a/src/lib/libssl/d1_enc.c
+++ /dev/null
@@ -1,210 +0,0 @@
1/* $OpenBSD: d1_enc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117
118#include "ssl_locl.h"
119
120#include <openssl/evp.h>
121#include <openssl/hmac.h>
122#include <openssl/md5.h>
123
124/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
125 *
126 * Returns:
127 * 0: (in non-constant time) if the record is publically invalid (i.e. too
128 * short etc).
129 * 1: if the record's padding is valid / the encryption was successful.
130 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
131 * an internal error occured. */
132int
133dtls1_enc(SSL *s, int send)
134{
135 SSL3_RECORD *rec;
136 EVP_CIPHER_CTX *ds;
137 unsigned long l;
138 int bs, i, j, k, mac_size = 0;
139 const EVP_CIPHER *enc;
140
141 if (send) {
142 if (EVP_MD_CTX_md(s->write_hash)) {
143 mac_size = EVP_MD_CTX_size(s->write_hash);
144 if (mac_size < 0)
145 return -1;
146 }
147 ds = s->enc_write_ctx;
148 rec = &(s->s3->wrec);
149 if (s->enc_write_ctx == NULL)
150 enc = NULL;
151 else {
152 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
153 if (rec->data != rec->input)
154 /* we can't write into the input stream */
155 fprintf(stderr, "%s:%d: rec->data != rec->input\n",
156 __FILE__, __LINE__);
157 else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
158 arc4random_buf(rec->input,
159 EVP_CIPHER_block_size(ds->cipher));
160 }
161 }
162 } else {
163 if (EVP_MD_CTX_md(s->read_hash)) {
164 mac_size = EVP_MD_CTX_size(s->read_hash);
165 OPENSSL_assert(mac_size >= 0);
166 }
167 ds = s->enc_read_ctx;
168 rec = &(s->s3->rrec);
169 if (s->enc_read_ctx == NULL)
170 enc = NULL;
171 else
172 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
173 }
174
175
176 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
177 memmove(rec->data, rec->input, rec->length);
178 rec->input = rec->data;
179 } else {
180 l = rec->length;
181 bs = EVP_CIPHER_block_size(ds->cipher);
182
183 if ((bs != 1) && send) {
184 i = bs - ((int)l % bs);
185
186 /* Add weird padding of upto 256 bytes */
187
188 /* we need to add 'i' padding bytes of value j */
189 j = i - 1;
190 for (k = (int)l; k < (int)(l + i); k++)
191 rec->input[k] = j;
192 l += i;
193 rec->length += i;
194 }
195
196
197 if (!send) {
198 if (l == 0 || l % bs != 0)
199 return 0;
200 }
201
202 EVP_Cipher(ds, rec->data, rec->input, l);
203
204
205 if ((bs != 1) && !send)
206 return tls1_cbc_remove_padding(s, rec, bs, mac_size);
207 }
208 return (1);
209}
210
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
deleted file mode 100644
index b269efe469..0000000000
--- a/src/lib/libssl/d1_lib.c
+++ /dev/null
@@ -1,474 +0,0 @@
1/* $OpenBSD: d1_lib.c,v 1.29 2015/07/19 20:32:18 doug Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <sys/types.h>
61#include <sys/socket.h>
62
63#include <netinet/in.h>
64
65#include <stdio.h>
66
67#include <openssl/objects.h>
68
69#include "pqueue.h"
70#include "ssl_locl.h"
71
72int dtls1_listen(SSL *s, struct sockaddr *client);
73
74SSL3_ENC_METHOD DTLSv1_enc_data = {
75 .enc = dtls1_enc,
76 .mac = tls1_mac,
77 .setup_key_block = tls1_setup_key_block,
78 .generate_master_secret = tls1_generate_master_secret,
79 .change_cipher_state = tls1_change_cipher_state,
80 .final_finish_mac = tls1_final_finish_mac,
81 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
82 .cert_verify_mac = tls1_cert_verify_mac,
83 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
84 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
85 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
86 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
87 .alert_value = tls1_alert_code,
88 .export_keying_material = tls1_export_keying_material,
89 .enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV,
90};
91
92long
93dtls1_default_timeout(void)
94{
95 /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
96 * is way too long for http, the cache would over fill */
97 return (60*60*2);
98}
99
100int
101dtls1_new(SSL *s)
102{
103 DTLS1_STATE *d1;
104
105 if (!ssl3_new(s))
106 return (0);
107 if ((d1 = calloc(1, sizeof *d1)) == NULL) {
108 ssl3_free(s);
109 return (0);
110 }
111
112 /* d1->handshake_epoch=0; */
113
114 d1->unprocessed_rcds.q = pqueue_new();
115 d1->processed_rcds.q = pqueue_new();
116 d1->buffered_messages = pqueue_new();
117 d1->sent_messages = pqueue_new();
118 d1->buffered_app_data.q = pqueue_new();
119
120 if (s->server) {
121 d1->cookie_len = sizeof(s->d1->cookie);
122 }
123
124 if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q ||
125 !d1->buffered_messages || !d1->sent_messages ||
126 !d1->buffered_app_data.q) {
127 if (d1->unprocessed_rcds.q)
128 pqueue_free(d1->unprocessed_rcds.q);
129 if (d1->processed_rcds.q)
130 pqueue_free(d1->processed_rcds.q);
131 if (d1->buffered_messages)
132 pqueue_free(d1->buffered_messages);
133 if (d1->sent_messages)
134 pqueue_free(d1->sent_messages);
135 if (d1->buffered_app_data.q)
136 pqueue_free(d1->buffered_app_data.q);
137 free(d1);
138 ssl3_free(s);
139 return (0);
140 }
141
142 s->d1 = d1;
143 s->method->ssl_clear(s);
144 return (1);
145}
146
147static void
148dtls1_clear_queues(SSL *s)
149{
150 pitem *item = NULL;
151 hm_fragment *frag = NULL;
152 DTLS1_RECORD_DATA *rdata;
153
154 while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
155 rdata = (DTLS1_RECORD_DATA *) item->data;
156 free(rdata->rbuf.buf);
157 free(item->data);
158 pitem_free(item);
159 }
160
161 while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
162 rdata = (DTLS1_RECORD_DATA *) item->data;
163 free(rdata->rbuf.buf);
164 free(item->data);
165 pitem_free(item);
166 }
167
168 while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
169 frag = (hm_fragment *)item->data;
170 free(frag->fragment);
171 free(frag);
172 pitem_free(item);
173 }
174
175 while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
176 frag = (hm_fragment *)item->data;
177 free(frag->fragment);
178 free(frag);
179 pitem_free(item);
180 }
181
182 while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
183 rdata = (DTLS1_RECORD_DATA *) item->data;
184 free(rdata->rbuf.buf);
185 free(item->data);
186 pitem_free(item);
187 }
188}
189
190void
191dtls1_free(SSL *s)
192{
193 if (s == NULL)
194 return;
195
196 ssl3_free(s);
197
198 dtls1_clear_queues(s);
199
200 pqueue_free(s->d1->unprocessed_rcds.q);
201 pqueue_free(s->d1->processed_rcds.q);
202 pqueue_free(s->d1->buffered_messages);
203 pqueue_free(s->d1->sent_messages);
204 pqueue_free(s->d1->buffered_app_data.q);
205
206 OPENSSL_cleanse(s->d1, sizeof *s->d1);
207 free(s->d1);
208 s->d1 = NULL;
209}
210
211void
212dtls1_clear(SSL *s)
213{
214 pqueue unprocessed_rcds;
215 pqueue processed_rcds;
216 pqueue buffered_messages;
217 pqueue sent_messages;
218 pqueue buffered_app_data;
219 unsigned int mtu;
220
221 if (s->d1) {
222 unprocessed_rcds = s->d1->unprocessed_rcds.q;
223 processed_rcds = s->d1->processed_rcds.q;
224 buffered_messages = s->d1->buffered_messages;
225 sent_messages = s->d1->sent_messages;
226 buffered_app_data = s->d1->buffered_app_data.q;
227 mtu = s->d1->mtu;
228
229 dtls1_clear_queues(s);
230
231 memset(s->d1, 0, sizeof(*(s->d1)));
232
233 if (s->server) {
234 s->d1->cookie_len = sizeof(s->d1->cookie);
235 }
236
237 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
238 s->d1->mtu = mtu;
239 }
240
241 s->d1->unprocessed_rcds.q = unprocessed_rcds;
242 s->d1->processed_rcds.q = processed_rcds;
243 s->d1->buffered_messages = buffered_messages;
244 s->d1->sent_messages = sent_messages;
245 s->d1->buffered_app_data.q = buffered_app_data;
246 }
247
248 ssl3_clear(s);
249 if (s->options & SSL_OP_CISCO_ANYCONNECT)
250 s->version = DTLS1_BAD_VER;
251 else
252 s->version = DTLS1_VERSION;
253}
254
255long
256dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
257{
258 int ret = 0;
259
260 switch (cmd) {
261 case DTLS_CTRL_GET_TIMEOUT:
262 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) {
263 ret = 1;
264 }
265 break;
266 case DTLS_CTRL_HANDLE_TIMEOUT:
267 ret = dtls1_handle_timeout(s);
268 break;
269 case DTLS_CTRL_LISTEN:
270 ret = dtls1_listen(s, parg);
271 break;
272
273 default:
274 ret = ssl3_ctrl(s, cmd, larg, parg);
275 break;
276 }
277 return (ret);
278}
279
280/*
281 * As it's impossible to use stream ciphers in "datagram" mode, this
282 * simple filter is designed to disengage them in DTLS. Unfortunately
283 * there is no universal way to identify stream SSL_CIPHER, so we have
284 * to explicitly list their SSL_* codes. Currently RC4 is the only one
285 * available, but if new ones emerge, they will have to be added...
286 */
287const SSL_CIPHER *
288dtls1_get_cipher(unsigned int u)
289{
290 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
291
292 if (ciph != NULL) {
293 if (ciph->algorithm_enc == SSL_RC4)
294 return NULL;
295 }
296
297 return ciph;
298}
299
300void
301dtls1_start_timer(SSL *s)
302{
303
304 /* If timer is not set, initialize duration with 1 second */
305 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
306 s->d1->timeout_duration = 1;
307 }
308
309 /* Set timeout to current time */
310 gettimeofday(&(s->d1->next_timeout), NULL);
311
312 /* Add duration to current time */
313 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
314 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
315 &(s->d1->next_timeout));
316}
317
318struct timeval*
319dtls1_get_timeout(SSL *s, struct timeval* timeleft)
320{
321 struct timeval timenow;
322
323 /* If no timeout is set, just return NULL */
324 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
325 return NULL;
326 }
327
328 /* Get current time */
329 gettimeofday(&timenow, NULL);
330
331 /* If timer already expired, set remaining time to 0 */
332 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
333 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
334 s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
335 memset(timeleft, 0, sizeof(struct timeval));
336 return timeleft;
337 }
338
339 /* Calculate time left until timer expires */
340 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
341 timeleft->tv_sec -= timenow.tv_sec;
342 timeleft->tv_usec -= timenow.tv_usec;
343 if (timeleft->tv_usec < 0) {
344 timeleft->tv_sec--;
345 timeleft->tv_usec += 1000000;
346 }
347
348 /* If remaining time is less than 15 ms, set it to 0
349 * to prevent issues because of small devergences with
350 * socket timeouts.
351 */
352 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
353 memset(timeleft, 0, sizeof(struct timeval));
354 }
355
356
357 return timeleft;
358}
359
360int
361dtls1_is_timer_expired(SSL *s)
362{
363 struct timeval timeleft;
364
365 /* Get time left until timeout, return false if no timer running */
366 if (dtls1_get_timeout(s, &timeleft) == NULL) {
367 return 0;
368 }
369
370 /* Return false if timer is not expired yet */
371 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
372 return 0;
373 }
374
375 /* Timer expired, so return true */
376 return 1;
377}
378
379void
380dtls1_double_timeout(SSL *s)
381{
382 s->d1->timeout_duration *= 2;
383 if (s->d1->timeout_duration > 60)
384 s->d1->timeout_duration = 60;
385 dtls1_start_timer(s);
386}
387
388void
389dtls1_stop_timer(SSL *s)
390{
391 /* Reset everything */
392 memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
393 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
394 s->d1->timeout_duration = 1;
395 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
396 &(s->d1->next_timeout));
397 /* Clear retransmission buffer */
398 dtls1_clear_record_buffer(s);
399}
400
401int
402dtls1_check_timeout_num(SSL *s)
403{
404 s->d1->timeout.num_alerts++;
405
406 /* Reduce MTU after 2 unsuccessful retransmissions */
407 if (s->d1->timeout.num_alerts > 2) {
408 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
409 BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
410
411 }
412
413 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
414 /* fail the connection, enough alerts have been sent */
415 SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
416 return -1;
417 }
418
419 return 0;
420}
421
422int
423dtls1_handle_timeout(SSL *s)
424{
425 /* if no timer is expired, don't do anything */
426 if (!dtls1_is_timer_expired(s)) {
427 return 0;
428 }
429
430 dtls1_double_timeout(s);
431
432 if (dtls1_check_timeout_num(s) < 0)
433 return -1;
434
435 s->d1->timeout.read_timeouts++;
436 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
437 s->d1->timeout.read_timeouts = 1;
438 }
439
440 dtls1_start_timer(s);
441 return dtls1_retransmit_buffered_messages(s);
442}
443
444int
445dtls1_listen(SSL *s, struct sockaddr *client)
446{
447 int ret;
448
449 /* Ensure there is no state left over from a previous invocation */
450 SSL_clear(s);
451
452 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
453 s->d1->listen = 1;
454
455 ret = SSL_accept(s);
456 if (ret <= 0)
457 return ret;
458
459 (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
460 return 1;
461}
462
463void
464dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
465 unsigned short epoch)
466{
467 unsigned char dtlsseq[SSL3_SEQUENCE_SIZE];
468 unsigned char *p;
469
470 p = dtlsseq;
471 s2n(epoch, p);
472 memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2);
473 memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE);
474}
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
deleted file mode 100644
index 7f279a4f50..0000000000
--- a/src/lib/libssl/d1_meth.c
+++ /dev/null
@@ -1,112 +0,0 @@
1/* $OpenBSD: d1_meth.c,v 1.9 2015/02/06 08:30:23 jsing Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61
62#include <openssl/objects.h>
63
64#include "ssl_locl.h"
65
66static const SSL_METHOD *dtls1_get_method(int ver);
67
68const SSL_METHOD DTLSv1_method_data = {
69 .version = DTLS1_VERSION,
70 .ssl_new = dtls1_new,
71 .ssl_clear = dtls1_clear,
72 .ssl_free = dtls1_free,
73 .ssl_accept = dtls1_accept,
74 .ssl_connect = dtls1_connect,
75 .ssl_read = ssl3_read,
76 .ssl_peek = ssl3_peek,
77 .ssl_write = ssl3_write,
78 .ssl_shutdown = dtls1_shutdown,
79 .ssl_renegotiate = ssl3_renegotiate,
80 .ssl_renegotiate_check = ssl3_renegotiate_check,
81 .ssl_get_message = dtls1_get_message,
82 .ssl_read_bytes = dtls1_read_bytes,
83 .ssl_write_bytes = dtls1_write_app_data_bytes,
84 .ssl_dispatch_alert = dtls1_dispatch_alert,
85 .ssl_ctrl = dtls1_ctrl,
86 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
87 .get_cipher_by_char = ssl3_get_cipher_by_char,
88 .put_cipher_by_char = ssl3_put_cipher_by_char,
89 .ssl_pending = ssl3_pending,
90 .num_ciphers = ssl3_num_ciphers,
91 .get_cipher = dtls1_get_cipher,
92 .get_ssl_method = dtls1_get_method,
93 .get_timeout = dtls1_default_timeout,
94 .ssl3_enc = &DTLSv1_enc_data,
95 .ssl_version = ssl_undefined_void_function,
96 .ssl_callback_ctrl = ssl3_callback_ctrl,
97 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
98};
99
100const SSL_METHOD *
101DTLSv1_method(void)
102{
103 return &DTLSv1_method_data;
104}
105
106static const SSL_METHOD *
107dtls1_get_method(int ver)
108{
109 if (ver == DTLS1_VERSION)
110 return (DTLSv1_method());
111 return (NULL);
112}
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
deleted file mode 100644
index c3574b43bd..0000000000
--- a/src/lib/libssl/d1_pkt.c
+++ /dev/null
@@ -1,1484 +0,0 @@
1/* $OpenBSD: d1_pkt.c,v 1.46 2015/07/19 01:07:40 doug Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@openssl.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <machine/endian.h>
117
118#include <errno.h>
119#include <stdio.h>
120
121#include "ssl_locl.h"
122
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125
126#include "pqueue.h"
127#include "bytestring.h"
128
129/* mod 128 saturating subtract of two 64-bit values in big-endian order */
130static int
131satsub64be(const unsigned char *v1, const unsigned char *v2)
132{
133 int ret, sat, brw, i;
134
135 if (sizeof(long) == 8)
136 do {
137 long l;
138
139 if (BYTE_ORDER == LITTLE_ENDIAN)
140 break;
141 /* not reached on little-endians */
142 /* following test is redundant, because input is
143 * always aligned, but I take no chances... */
144 if (((size_t)v1 | (size_t)v2) & 0x7)
145 break;
146
147 l = *((long *)v1);
148 l -= *((long *)v2);
149 if (l > 128)
150 return 128;
151 else if (l<-128)
152 return -128;
153 else
154 return (int)l;
155 } while (0);
156
157 ret = (int)v1[7] - (int)v2[7];
158 sat = 0;
159 brw = ret >> 8; /* brw is either 0 or -1 */
160 if (ret & 0x80) {
161 for (i = 6; i >= 0; i--) {
162 brw += (int)v1[i]-(int)v2[i];
163 sat |= ~brw;
164 brw >>= 8;
165 }
166 } else {
167 for (i = 6; i >= 0; i--) {
168 brw += (int)v1[i]-(int)v2[i];
169 sat |= brw;
170 brw >>= 8;
171 }
172 }
173 brw <<= 8; /* brw is either 0 or -256 */
174
175 if (sat & 0xff)
176 return brw | 0x80;
177 else
178 return brw + (ret & 0xFF);
179}
180
181static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
182 int len, int peek);
183static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
184static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
185static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
186 unsigned int *is_next_epoch);
187static int dtls1_buffer_record(SSL *s, record_pqueue *q,
188 unsigned char *priority);
189static int dtls1_process_record(SSL *s);
190
191/* copy buffered record into SSL structure */
192static int
193dtls1_copy_record(SSL *s, pitem *item)
194{
195 DTLS1_RECORD_DATA *rdata;
196
197 rdata = (DTLS1_RECORD_DATA *)item->data;
198
199 free(s->s3->rbuf.buf);
200
201 s->packet = rdata->packet;
202 s->packet_length = rdata->packet_length;
203 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
204 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
205
206 /* Set proper sequence number for mac calculation */
207 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
208
209 return (1);
210}
211
212
213static int
214dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
215{
216 DTLS1_RECORD_DATA *rdata;
217 pitem *item;
218
219 /* Limit the size of the queue to prevent DOS attacks */
220 if (pqueue_size(queue->q) >= 100)
221 return 0;
222
223 rdata = malloc(sizeof(DTLS1_RECORD_DATA));
224 item = pitem_new(priority, rdata);
225 if (rdata == NULL || item == NULL)
226 goto init_err;
227
228 rdata->packet = s->packet;
229 rdata->packet_length = s->packet_length;
230 memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
231 memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
232
233 item->data = rdata;
234
235
236 s->packet = NULL;
237 s->packet_length = 0;
238 memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
239 memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
240
241 if (!ssl3_setup_buffers(s))
242 goto err;
243
244 /* insert should not fail, since duplicates are dropped */
245 if (pqueue_insert(queue->q, item) == NULL)
246 goto err;
247
248 return (1);
249
250err:
251 free(rdata->rbuf.buf);
252
253init_err:
254 SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
255 free(rdata);
256 pitem_free(item);
257 return (-1);
258}
259
260
261static int
262dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
263{
264 pitem *item;
265
266 item = pqueue_pop(queue->q);
267 if (item) {
268 dtls1_copy_record(s, item);
269
270 free(item->data);
271 pitem_free(item);
272
273 return (1);
274 }
275
276 return (0);
277}
278
279
280/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
281 * yet */
282#define dtls1_get_unprocessed_record(s) \
283 dtls1_retrieve_buffered_record((s), \
284 &((s)->d1->unprocessed_rcds))
285
286/* retrieve a buffered record that belongs to the current epoch, ie, processed */
287#define dtls1_get_processed_record(s) \
288 dtls1_retrieve_buffered_record((s), \
289 &((s)->d1->processed_rcds))
290
291static int
292dtls1_process_buffered_records(SSL *s)
293{
294 pitem *item;
295
296 item = pqueue_peek(s->d1->unprocessed_rcds.q);
297 if (item) {
298 /* Check if epoch is current. */
299 if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
300 return (1);
301 /* Nothing to do. */
302
303 /* Process all the records. */
304 while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
305 dtls1_get_unprocessed_record(s);
306 if (! dtls1_process_record(s))
307 return (0);
308 if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
309 s->s3->rrec.seq_num) < 0)
310 return (-1);
311 }
312 }
313
314 /* sync epoch numbers once all the unprocessed records
315 * have been processed */
316 s->d1->processed_rcds.epoch = s->d1->r_epoch;
317 s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
318
319 return (1);
320}
321
322static int
323dtls1_process_record(SSL *s)
324{
325 int i, al;
326 int enc_err;
327 SSL_SESSION *sess;
328 SSL3_RECORD *rr;
329 unsigned int mac_size, orig_len;
330 unsigned char md[EVP_MAX_MD_SIZE];
331
332 rr = &(s->s3->rrec);
333 sess = s->session;
334
335 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
336 * and we have that many bytes in s->packet
337 */
338 rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
339
340 /* ok, we can now read from 's->packet' data into 'rr'
341 * rr->input points at rr->length bytes, which
342 * need to be copied into rr->data by either
343 * the decryption or by the decompression
344 * When the data is 'copied' into the rr->data buffer,
345 * rr->input will be pointed at the new buffer */
346
347 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
348 * rr->length bytes of encrypted compressed stuff. */
349
350 /* check is not needed I believe */
351 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
352 al = SSL_AD_RECORD_OVERFLOW;
353 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
354 goto f_err;
355 }
356
357 /* decrypt in place in 'rr->input' */
358 rr->data = rr->input;
359
360 enc_err = s->method->ssl3_enc->enc(s, 0);
361 /* enc_err is:
362 * 0: (in non-constant time) if the record is publically invalid.
363 * 1: if the padding is valid
364 * -1: if the padding is invalid */
365 if (enc_err == 0) {
366 /* For DTLS we simply ignore bad packets. */
367 rr->length = 0;
368 s->packet_length = 0;
369 goto err;
370 }
371
372
373 /* r->length is now the compressed data plus mac */
374 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
375 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
376 /* s->read_hash != NULL => mac_size != -1 */
377 unsigned char *mac = NULL;
378 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
379 mac_size = EVP_MD_CTX_size(s->read_hash);
380 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
381
382 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
383 orig_len = rr->length + ((unsigned int)rr->type >> 8);
384
385 /* orig_len is the length of the record before any padding was
386 * removed. This is public information, as is the MAC in use,
387 * therefore we can safely process the record in a different
388 * amount of time if it's too short to possibly contain a MAC.
389 */
390 if (orig_len < mac_size ||
391 /* CBC records must have a padding length byte too. */
392 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
393 orig_len < mac_size + 1)) {
394 al = SSL_AD_DECODE_ERROR;
395 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
396 goto f_err;
397 }
398
399 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
400 /* We update the length so that the TLS header bytes
401 * can be constructed correctly but we need to extract
402 * the MAC in constant time from within the record,
403 * without leaking the contents of the padding bytes.
404 * */
405 mac = mac_tmp;
406 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
407 rr->length -= mac_size;
408 } else {
409 /* In this case there's no padding, so |orig_len|
410 * equals |rec->length| and we checked that there's
411 * enough bytes for |mac_size| above. */
412 rr->length -= mac_size;
413 mac = &rr->data[rr->length];
414 }
415
416 i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
417 if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
418 enc_err = -1;
419 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
420 enc_err = -1;
421 }
422
423 if (enc_err < 0) {
424 /* decryption failed, silently discard message */
425 rr->length = 0;
426 s->packet_length = 0;
427 goto err;
428 }
429
430 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
431 al = SSL_AD_RECORD_OVERFLOW;
432 SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
433 goto f_err;
434 }
435
436 rr->off = 0;
437 /* So at this point the following is true
438 * ssl->s3->rrec.type is the type of record
439 * ssl->s3->rrec.length == number of bytes in record
440 * ssl->s3->rrec.off == offset to first valid byte
441 * ssl->s3->rrec.data == where to take bytes from, increment
442 * after use :-).
443 */
444
445 /* we have pulled in a full packet so zero things */
446 s->packet_length = 0;
447 return (1);
448
449f_err:
450 ssl3_send_alert(s, SSL3_AL_FATAL, al);
451err:
452 return (0);
453}
454
455
456/* Call this to get a new input record.
457 * It will return <= 0 if more data is needed, normally due to an error
458 * or non-blocking IO.
459 * When it finishes, one packet has been decoded and can be found in
460 * ssl->s3->rrec.type - is the type of record
461 * ssl->s3->rrec.data, - data
462 * ssl->s3->rrec.length, - number of bytes
463 */
464/* used only by dtls1_read_bytes */
465int
466dtls1_get_record(SSL *s)
467{
468 int i, n;
469 SSL3_RECORD *rr;
470 unsigned char *p = NULL;
471 DTLS1_BITMAP *bitmap;
472 unsigned int is_next_epoch;
473
474 rr = &(s->s3->rrec);
475
476 /* The epoch may have changed. If so, process all the
477 * pending records. This is a non-blocking operation. */
478 if (dtls1_process_buffered_records(s) < 0)
479 return (-1);
480
481 /* if we're renegotiating, then there may be buffered records */
482 if (dtls1_get_processed_record(s))
483 return 1;
484
485 /* get something from the wire */
486 if (0) {
487again:
488 /* dump this record on all retries */
489 rr->length = 0;
490 s->packet_length = 0;
491 }
492
493 /* check if we have the header */
494 if ((s->rstate != SSL_ST_READ_BODY) ||
495 (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
496 CBS header, seq_no;
497 uint16_t epoch, len, ssl_version;
498 uint8_t type;
499
500 n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
501 /* read timeout is handled by dtls1_read_bytes */
502 if (n <= 0)
503 return(n); /* error or non-blocking */
504
505 /* this packet contained a partial record, dump it */
506 if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
507 goto again;
508
509 s->rstate = SSL_ST_READ_BODY;
510
511 CBS_init(&header, s->packet, s->packet_length);
512
513 /* Pull apart the header into the DTLS1_RECORD */
514 if (!CBS_get_u8(&header, &type))
515 goto again;
516 if (!CBS_get_u16(&header, &ssl_version))
517 goto again;
518
519 /* sequence number is 64 bits, with top 2 bytes = epoch */
520 if (!CBS_get_u16(&header, &epoch) ||
521 !CBS_get_bytes(&header, &seq_no, 6))
522 goto again;
523
524 if (!CBS_write_bytes(&seq_no, &(s->s3->read_sequence[2]),
525 sizeof(s->s3->read_sequence) - 2, NULL))
526 goto again;
527 if (!CBS_get_u16(&header, &len))
528 goto again;
529
530 rr->type = type;
531 rr->epoch = epoch;
532 rr->length = len;
533
534 /* unexpected version, silently discard */
535 if (!s->first_packet && ssl_version != s->version)
536 goto again;
537
538 /* wrong version, silently discard record */
539 if ((ssl_version & 0xff00) != (s->version & 0xff00))
540 goto again;
541
542 /* record too long, silently discard it */
543 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
544 goto again;
545
546 /* now s->rstate == SSL_ST_READ_BODY */
547 p = (unsigned char *)CBS_data(&header);
548 }
549
550 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
551
552 if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
553 /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
554 i = rr->length;
555 n = ssl3_read_n(s, i, i, 1);
556 if (n <= 0)
557 return(n); /* error or non-blocking io */
558
559 /* this packet contained a partial record, dump it */
560 if (n != i)
561 goto again;
562
563 /* now n == rr->length,
564 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
565 }
566 s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
567
568 /* match epochs. NULL means the packet is dropped on the floor */
569 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
570 if (bitmap == NULL)
571 goto again;
572
573 /*
574 * Check whether this is a repeat, or aged record.
575 * Don't check if we're listening and this message is
576 * a ClientHello. They can look as if they're replayed,
577 * since they arrive from different connections and
578 * would be dropped unnecessarily.
579 */
580 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
581 p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
582 !dtls1_record_replay_check(s, bitmap))
583 goto again;
584
585 /* just read a 0 length packet */
586 if (rr->length == 0)
587 goto again;
588
589 /* If this record is from the next epoch (either HM or ALERT),
590 * and a handshake is currently in progress, buffer it since it
591 * cannot be processed at this time. However, do not buffer
592 * anything while listening.
593 */
594 if (is_next_epoch) {
595 if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
596 if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
597 rr->seq_num) < 0)
598 return (-1);
599 /* Mark receipt of record. */
600 dtls1_record_bitmap_update(s, bitmap);
601 }
602 goto again;
603 }
604
605 if (!dtls1_process_record(s))
606 goto again;
607
608 /* Mark receipt of record. */
609 dtls1_record_bitmap_update(s, bitmap);
610
611 return (1);
612}
613
614/* Return up to 'len' payload bytes received in 'type' records.
615 * 'type' is one of the following:
616 *
617 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
618 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
619 * - 0 (during a shutdown, no data has to be returned)
620 *
621 * If we don't have stored data to work from, read a SSL/TLS record first
622 * (possibly multiple records if we still don't have anything to return).
623 *
624 * This function must handle any surprises the peer may have for us, such as
625 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
626 * a surprise, but handled as if it were), or renegotiation requests.
627 * Also if record payloads contain fragments too small to process, we store
628 * them until there is enough for the respective protocol (the record protocol
629 * may use arbitrary fragmentation and even interleaving):
630 * Change cipher spec protocol
631 * just 1 byte needed, no need for keeping anything stored
632 * Alert protocol
633 * 2 bytes needed (AlertLevel, AlertDescription)
634 * Handshake protocol
635 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
636 * to detect unexpected Client Hello and Hello Request messages
637 * here, anything else is handled by higher layers
638 * Application data protocol
639 * none of our business
640 */
641int
642dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
643{
644 int al, i, j, ret;
645 unsigned int n;
646 SSL3_RECORD *rr;
647 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
648
649 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
650 if (!ssl3_setup_buffers(s))
651 return (-1);
652
653 if ((type &&
654 type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) ||
655 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
656 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
657 return -1;
658 }
659
660 /* check whether there's a handshake message (client hello?) waiting */
661 if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
662 return ret;
663
664 /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
665
666 if (!s->in_handshake && SSL_in_init(s))
667 {
668 /* type == SSL3_RT_APPLICATION_DATA */
669 i = s->handshake_func(s);
670 if (i < 0)
671 return (i);
672 if (i == 0) {
673 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
674 return (-1);
675 }
676 }
677
678start:
679 s->rwstate = SSL_NOTHING;
680
681 /* s->s3->rrec.type - is the type of record
682 * s->s3->rrec.data, - data
683 * s->s3->rrec.off, - offset into 'data' for next read
684 * s->s3->rrec.length, - number of bytes. */
685 rr = &(s->s3->rrec);
686
687 /* We are not handshaking and have no data yet,
688 * so process data buffered during the last handshake
689 * in advance, if any.
690 */
691 if (s->state == SSL_ST_OK && rr->length == 0) {
692 pitem *item;
693 item = pqueue_pop(s->d1->buffered_app_data.q);
694 if (item) {
695
696 dtls1_copy_record(s, item);
697
698 free(item->data);
699 pitem_free(item);
700 }
701 }
702
703 /* Check for timeout */
704 if (dtls1_handle_timeout(s) > 0)
705 goto start;
706
707 /* get new packet if necessary */
708 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
709 ret = dtls1_get_record(s);
710 if (ret <= 0) {
711 ret = dtls1_read_failed(s, ret);
712 /* anything other than a timeout is an error */
713 if (ret <= 0)
714 return (ret);
715 else
716 goto start;
717 }
718 }
719
720 if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
721 rr->length = 0;
722 goto start;
723 }
724
725 /* we now have a packet which can be read and processed */
726
727 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
728 * reset by ssl3_get_finished */
729 && (rr->type != SSL3_RT_HANDSHAKE)) {
730 /* We now have application data between CCS and Finished.
731 * Most likely the packets were reordered on their way, so
732 * buffer the application data for later processing rather
733 * than dropping the connection.
734 */
735 if (dtls1_buffer_record(s, &(s->d1->buffered_app_data),
736 rr->seq_num) < 0) {
737 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
738 return (-1);
739 }
740 rr->length = 0;
741 goto start;
742 }
743
744 /* If the other end has shut down, throw anything we read away
745 * (even in 'peek' mode) */
746 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
747 rr->length = 0;
748 s->rwstate = SSL_NOTHING;
749 return (0);
750 }
751
752
753 if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
754 {
755 /* make sure that we are not getting application data when we
756 * are doing a handshake for the first time */
757 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
758 (s->enc_read_ctx == NULL)) {
759 al = SSL_AD_UNEXPECTED_MESSAGE;
760 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
761 goto f_err;
762 }
763
764 if (len <= 0)
765 return (len);
766
767 if ((unsigned int)len > rr->length)
768 n = rr->length;
769 else
770 n = (unsigned int)len;
771
772 memcpy(buf, &(rr->data[rr->off]), n);
773 if (!peek) {
774 rr->length -= n;
775 rr->off += n;
776 if (rr->length == 0) {
777 s->rstate = SSL_ST_READ_HEADER;
778 rr->off = 0;
779 }
780 }
781
782 return (n);
783 }
784
785
786 /* If we get here, then type != rr->type; if we have a handshake
787 * message, then it was unexpected (Hello Request or Client Hello). */
788
789 /* In case of record types for which we have 'fragment' storage,
790 * fill that so that we can process the data at a fixed place.
791 */
792 {
793 unsigned int k, dest_maxlen = 0;
794 unsigned char *dest = NULL;
795 unsigned int *dest_len = NULL;
796
797 if (rr->type == SSL3_RT_HANDSHAKE) {
798 dest_maxlen = sizeof s->d1->handshake_fragment;
799 dest = s->d1->handshake_fragment;
800 dest_len = &s->d1->handshake_fragment_len;
801 } else if (rr->type == SSL3_RT_ALERT) {
802 dest_maxlen = sizeof(s->d1->alert_fragment);
803 dest = s->d1->alert_fragment;
804 dest_len = &s->d1->alert_fragment_len;
805 }
806 /* else it's a CCS message, or application data or wrong */
807 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
808 /* Application data while renegotiating
809 * is allowed. Try again reading.
810 */
811 if (rr->type == SSL3_RT_APPLICATION_DATA) {
812 BIO *bio;
813 s->s3->in_read_app_data = 2;
814 bio = SSL_get_rbio(s);
815 s->rwstate = SSL_READING;
816 BIO_clear_retry_flags(bio);
817 BIO_set_retry_read(bio);
818 return (-1);
819 }
820
821 /* Not certain if this is the right error handling */
822 al = SSL_AD_UNEXPECTED_MESSAGE;
823 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
824 goto f_err;
825 }
826
827 if (dest_maxlen > 0) {
828 /* XDTLS: In a pathalogical case, the Client Hello
829 * may be fragmented--don't always expect dest_maxlen bytes */
830 if (rr->length < dest_maxlen) {
831#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
832 /*
833 * for normal alerts rr->length is 2, while
834 * dest_maxlen is 7 if we were to handle this
835 * non-existing alert...
836 */
837 FIX ME
838#endif
839 s->rstate = SSL_ST_READ_HEADER;
840 rr->length = 0;
841 goto start;
842 }
843
844 /* now move 'n' bytes: */
845 for ( k = 0; k < dest_maxlen; k++) {
846 dest[k] = rr->data[rr->off++];
847 rr->length--;
848 }
849 *dest_len = dest_maxlen;
850 }
851 }
852
853 /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
854 * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
855 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
856
857 /* If we are a client, check for an incoming 'Hello Request': */
858 if ((!s->server) &&
859 (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
860 (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
861 (s->session != NULL) && (s->session->cipher != NULL)) {
862 s->d1->handshake_fragment_len = 0;
863
864 if ((s->d1->handshake_fragment[1] != 0) ||
865 (s->d1->handshake_fragment[2] != 0) ||
866 (s->d1->handshake_fragment[3] != 0)) {
867 al = SSL_AD_DECODE_ERROR;
868 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
869 goto err;
870 }
871
872 /* no need to check sequence number on HELLO REQUEST messages */
873
874 if (s->msg_callback)
875 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
876 s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
877
878 if (SSL_is_init_finished(s) &&
879 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
880 !s->s3->renegotiate) {
881 s->d1->handshake_read_seq++;
882 s->new_session = 1;
883 ssl3_renegotiate(s);
884 if (ssl3_renegotiate_check(s)) {
885 i = s->handshake_func(s);
886 if (i < 0)
887 return (i);
888 if (i == 0) {
889 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
890 return (-1);
891 }
892
893 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
894 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
895 {
896 BIO *bio;
897 /* In the case where we try to read application data,
898 * but we trigger an SSL handshake, we return -1 with
899 * the retry option set. Otherwise renegotiation may
900 * cause nasty problems in the blocking world */
901 s->rwstate = SSL_READING;
902 bio = SSL_get_rbio(s);
903 BIO_clear_retry_flags(bio);
904 BIO_set_retry_read(bio);
905 return (-1);
906 }
907 }
908 }
909 }
910 /* we either finished a handshake or ignored the request,
911 * now try again to obtain the (application) data we were asked for */
912 goto start;
913 }
914
915 if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
916 int alert_level = s->d1->alert_fragment[0];
917 int alert_descr = s->d1->alert_fragment[1];
918
919 s->d1->alert_fragment_len = 0;
920
921 if (s->msg_callback)
922 s->msg_callback(0, s->version, SSL3_RT_ALERT,
923 s->d1->alert_fragment, 2, s, s->msg_callback_arg);
924
925 if (s->info_callback != NULL)
926 cb = s->info_callback;
927 else if (s->ctx->info_callback != NULL)
928 cb = s->ctx->info_callback;
929
930 if (cb != NULL) {
931 j = (alert_level << 8) | alert_descr;
932 cb(s, SSL_CB_READ_ALERT, j);
933 }
934
935 if (alert_level == 1) /* warning */
936 {
937 s->s3->warn_alert = alert_descr;
938 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
939 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
940 return (0);
941 }
942 } else if (alert_level == 2) /* fatal */
943 {
944 s->rwstate = SSL_NOTHING;
945 s->s3->fatal_alert = alert_descr;
946 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
947 ERR_asprintf_error_data("SSL alert number %d",
948 alert_descr);
949 s->shutdown|=SSL_RECEIVED_SHUTDOWN;
950 SSL_CTX_remove_session(s->ctx, s->session);
951 return (0);
952 } else {
953 al = SSL_AD_ILLEGAL_PARAMETER;
954 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
955 goto f_err;
956 }
957
958 goto start;
959 }
960
961 if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
962 {
963 s->rwstate = SSL_NOTHING;
964 rr->length = 0;
965 return (0);
966 }
967
968 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
969 struct ccs_header_st ccs_hdr;
970 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
971
972 dtls1_get_ccs_header(rr->data, &ccs_hdr);
973
974 if (s->version == DTLS1_BAD_VER)
975 ccs_hdr_len = 3;
976
977 /* 'Change Cipher Spec' is just a single byte, so we know
978 * exactly what the record payload has to look like */
979 /* XDTLS: check that epoch is consistent */
980 if ((rr->length != ccs_hdr_len) ||
981 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
982 i = SSL_AD_ILLEGAL_PARAMETER;
983 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
984 goto err;
985 }
986
987 rr->length = 0;
988
989 if (s->msg_callback)
990 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
991 rr->data, 1, s, s->msg_callback_arg);
992
993 /* We can't process a CCS now, because previous handshake
994 * messages are still missing, so just drop it.
995 */
996 if (!s->d1->change_cipher_spec_ok) {
997 goto start;
998 }
999
1000 s->d1->change_cipher_spec_ok = 0;
1001
1002 s->s3->change_cipher_spec = 1;
1003 if (!ssl3_do_change_cipher_spec(s))
1004 goto err;
1005
1006 /* do this whenever CCS is processed */
1007 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1008
1009 if (s->version == DTLS1_BAD_VER)
1010 s->d1->handshake_read_seq++;
1011
1012
1013 goto start;
1014 }
1015
1016 /* Unexpected handshake message (Client Hello, or protocol violation) */
1017 if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
1018 !s->in_handshake) {
1019 struct hm_header_st msg_hdr;
1020
1021 /* this may just be a stale retransmit */
1022 if (!dtls1_get_message_header(rr->data, &msg_hdr))
1023 return -1;
1024 if (rr->epoch != s->d1->r_epoch) {
1025 rr->length = 0;
1026 goto start;
1027 }
1028
1029 /* If we are server, we may have a repeated FINISHED of the
1030 * client here, then retransmit our CCS and FINISHED.
1031 */
1032 if (msg_hdr.type == SSL3_MT_FINISHED) {
1033 if (dtls1_check_timeout_num(s) < 0)
1034 return -1;
1035
1036 dtls1_retransmit_buffered_messages(s);
1037 rr->length = 0;
1038 goto start;
1039 }
1040
1041 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1042 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1043 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1044 s->renegotiate = 1;
1045 s->new_session = 1;
1046 }
1047 i = s->handshake_func(s);
1048 if (i < 0)
1049 return (i);
1050 if (i == 0) {
1051 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1052 return (-1);
1053 }
1054
1055 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1056 if (s->s3->rbuf.left == 0) /* no read-ahead left? */
1057 {
1058 BIO *bio;
1059 /* In the case where we try to read application data,
1060 * but we trigger an SSL handshake, we return -1 with
1061 * the retry option set. Otherwise renegotiation may
1062 * cause nasty problems in the blocking world */
1063 s->rwstate = SSL_READING;
1064 bio = SSL_get_rbio(s);
1065 BIO_clear_retry_flags(bio);
1066 BIO_set_retry_read(bio);
1067 return (-1);
1068 }
1069 }
1070 goto start;
1071 }
1072
1073 switch (rr->type) {
1074 default:
1075 /* TLS just ignores unknown message types */
1076 if (s->version == TLS1_VERSION) {
1077 rr->length = 0;
1078 goto start;
1079 }
1080 al = SSL_AD_UNEXPECTED_MESSAGE;
1081 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1082 goto f_err;
1083 case SSL3_RT_CHANGE_CIPHER_SPEC:
1084 case SSL3_RT_ALERT:
1085 case SSL3_RT_HANDSHAKE:
1086 /* we already handled all of these, with the possible exception
1087 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1088 * should not happen when type != rr->type */
1089 al = SSL_AD_UNEXPECTED_MESSAGE;
1090 SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
1091 goto f_err;
1092 case SSL3_RT_APPLICATION_DATA:
1093 /* At this point, we were expecting handshake data,
1094 * but have application data. If the library was
1095 * running inside ssl3_read() (i.e. in_read_app_data
1096 * is set) and it makes sense to read application data
1097 * at this point (session renegotiation not yet started),
1098 * we will indulge it.
1099 */
1100 if (s->s3->in_read_app_data &&
1101 (s->s3->total_renegotiations != 0) &&
1102 (((s->state & SSL_ST_CONNECT) &&
1103 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1104 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
1105 (s->state & SSL_ST_ACCEPT) &&
1106 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1107 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1108 s->s3->in_read_app_data = 2;
1109 return (-1);
1110 } else {
1111 al = SSL_AD_UNEXPECTED_MESSAGE;
1112 SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1113 goto f_err;
1114 }
1115 }
1116 /* not reached */
1117
1118f_err:
1119 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1120err:
1121 return (-1);
1122}
1123
1124int
1125dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1126{
1127 int i;
1128
1129 if (SSL_in_init(s) && !s->in_handshake)
1130 {
1131 i = s->handshake_func(s);
1132 if (i < 0)
1133 return (i);
1134 if (i == 0) {
1135 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
1136 return -1;
1137 }
1138 }
1139
1140 if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
1141 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
1142 return -1;
1143 }
1144
1145 i = dtls1_write_bytes(s, type, buf_, len);
1146 return i;
1147}
1148
1149
1150 /* this only happens when a client hello is received and a handshake
1151 * is started. */
1152static int
1153have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1154 int len, int peek)
1155{
1156
1157 if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
1158 /* (partially) satisfy request from storage */
1159 {
1160 unsigned char *src = s->d1->handshake_fragment;
1161 unsigned char *dst = buf;
1162 unsigned int k, n;
1163
1164 /* peek == 0 */
1165 n = 0;
1166 while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
1167 *dst++ = *src++;
1168 len--;
1169 s->d1->handshake_fragment_len--;
1170 n++;
1171 }
1172 /* move any remaining fragment bytes: */
1173 for (k = 0; k < s->d1->handshake_fragment_len; k++)
1174 s->d1->handshake_fragment[k] = *src++;
1175 return n;
1176 }
1177
1178 return 0;
1179}
1180
1181
1182/* Call this to write data in records of type 'type'
1183 * It will return <= 0 if not all data has been sent or non-blocking IO.
1184 */
1185int
1186dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1187{
1188 int i;
1189
1190 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1191 s->rwstate = SSL_NOTHING;
1192 i = do_dtls1_write(s, type, buf, len);
1193 return i;
1194}
1195
1196int
1197do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
1198{
1199 unsigned char *p, *pseq;
1200 int i, mac_size, clear = 0;
1201 int prefix_len = 0;
1202 SSL3_RECORD *wr;
1203 SSL3_BUFFER *wb;
1204 SSL_SESSION *sess;
1205 int bs;
1206
1207 /* first check if there is a SSL3_BUFFER still being written
1208 * out. This will happen with non blocking IO */
1209 if (s->s3->wbuf.left != 0) {
1210 OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
1211 return (ssl3_write_pending(s, type, buf, len));
1212 }
1213
1214 /* If we have an alert to send, lets send it */
1215 if (s->s3->alert_dispatch) {
1216 i = s->method->ssl_dispatch_alert(s);
1217 if (i <= 0)
1218 return (i);
1219 /* if it went, fall through and send more stuff */
1220 }
1221
1222 if (len == 0)
1223 return 0;
1224
1225 wr = &(s->s3->wrec);
1226 wb = &(s->s3->wbuf);
1227 sess = s->session;
1228
1229 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
1230 (EVP_MD_CTX_md(s->write_hash) == NULL))
1231 clear = 1;
1232
1233 if (clear)
1234 mac_size = 0;
1235 else {
1236 mac_size = EVP_MD_CTX_size(s->write_hash);
1237 if (mac_size < 0)
1238 goto err;
1239 }
1240
1241 /* DTLS implements explicit IV, so no need for empty fragments. */
1242
1243 p = wb->buf + prefix_len;
1244
1245 /* write the header */
1246
1247 *(p++) = type&0xff;
1248 wr->type = type;
1249
1250 *(p++) = (s->version >> 8);
1251 *(p++) = s->version&0xff;
1252
1253 /* field where we are to write out packet epoch, seq num and len */
1254 pseq = p;
1255
1256 p += 10;
1257
1258 /* lets setup the record stuff. */
1259
1260 /* Make space for the explicit IV in case of CBC.
1261 * (this is a bit of a boundary violation, but what the heck).
1262 */
1263 if (s->enc_write_ctx &&
1264 (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
1265 bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
1266 else
1267 bs = 0;
1268
1269 wr->data = p + bs;
1270 /* make room for IV in case of CBC */
1271 wr->length = (int)len;
1272 wr->input = (unsigned char *)buf;
1273
1274 /* we now 'read' from wr->input, wr->length bytes into
1275 * wr->data */
1276
1277 memcpy(wr->data, wr->input, wr->length);
1278 wr->input = wr->data;
1279
1280 /* we should still have the output to wr->data and the input
1281 * from wr->input. Length should be wr->length.
1282 * wr->data still points in the wb->buf */
1283
1284 if (mac_size != 0) {
1285 if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
1286 goto err;
1287 wr->length += mac_size;
1288 }
1289
1290 /* this is true regardless of mac size */
1291 wr->input = p;
1292 wr->data = p;
1293
1294
1295 /* ssl3_enc can only have an error on read */
1296 if (bs) /* bs != 0 in case of CBC */
1297 {
1298 arc4random_buf(p, bs);
1299 /* master IV and last CBC residue stand for
1300 * the rest of randomness */
1301 wr->length += bs;
1302 }
1303
1304 s->method->ssl3_enc->enc(s, 1);
1305
1306 /* record length after mac and block padding */
1307/* if (type == SSL3_RT_APPLICATION_DATA ||
1308 (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
1309
1310 /* there's only one epoch between handshake and app data */
1311
1312 s2n(s->d1->w_epoch, pseq);
1313
1314 /* XDTLS: ?? */
1315/* else
1316 s2n(s->d1->handshake_epoch, pseq);
1317*/
1318
1319 memcpy(pseq, &(s->s3->write_sequence[2]), 6);
1320 pseq += 6;
1321 s2n(wr->length, pseq);
1322
1323 /* we should now have
1324 * wr->data pointing to the encrypted data, which is
1325 * wr->length long */
1326 wr->type=type; /* not needed but helps for debugging */
1327 wr->length += DTLS1_RT_HEADER_LENGTH;
1328
1329 ssl3_record_sequence_increment(s->s3->write_sequence);
1330
1331 /* now let's set up wb */
1332 wb->left = prefix_len + wr->length;
1333 wb->offset = 0;
1334
1335 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
1336 s->s3->wpend_tot = len;
1337 s->s3->wpend_buf = buf;
1338 s->s3->wpend_type = type;
1339 s->s3->wpend_ret = len;
1340
1341 /* we now just need to write the buffer */
1342 return ssl3_write_pending(s, type, buf, len);
1343err:
1344 return -1;
1345}
1346
1347
1348
1349static int
1350dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1351{
1352 int cmp;
1353 unsigned int shift;
1354 const unsigned char *seq = s->s3->read_sequence;
1355
1356 cmp = satsub64be(seq, bitmap->max_seq_num);
1357 if (cmp > 0) {
1358 memcpy (s->s3->rrec.seq_num, seq, 8);
1359 return 1; /* this record in new */
1360 }
1361 shift = -cmp;
1362 if (shift >= sizeof(bitmap->map)*8)
1363 return 0; /* stale, outside the window */
1364 else if (bitmap->map & (1UL << shift))
1365 return 0; /* record previously received */
1366
1367 memcpy(s->s3->rrec.seq_num, seq, 8);
1368 return 1;
1369}
1370
1371
1372static void
1373dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1374{
1375 int cmp;
1376 unsigned int shift;
1377 const unsigned char *seq = s->s3->read_sequence;
1378
1379 cmp = satsub64be(seq, bitmap->max_seq_num);
1380 if (cmp > 0) {
1381 shift = cmp;
1382 if (shift < sizeof(bitmap->map)*8)
1383 bitmap->map <<= shift, bitmap->map |= 1UL;
1384 else
1385 bitmap->map = 1UL;
1386 memcpy(bitmap->max_seq_num, seq, 8);
1387 } else {
1388 shift = -cmp;
1389 if (shift < sizeof(bitmap->map) * 8)
1390 bitmap->map |= 1UL << shift;
1391 }
1392}
1393
1394
1395int
1396dtls1_dispatch_alert(SSL *s)
1397{
1398 int i, j;
1399 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1400 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1401 unsigned char *ptr = &buf[0];
1402
1403 s->s3->alert_dispatch = 0;
1404
1405 memset(buf, 0x00, sizeof(buf));
1406 *ptr++ = s->s3->send_alert[0];
1407 *ptr++ = s->s3->send_alert[1];
1408
1409#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1410 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
1411 s2n(s->d1->handshake_read_seq, ptr);
1412 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1413 }
1414#endif
1415
1416 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
1417 if (i <= 0) {
1418 s->s3->alert_dispatch = 1;
1419 /* fprintf( stderr, "not done with alert\n" ); */
1420 } else {
1421 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1422#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1423 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1424#endif
1425 )
1426 (void)BIO_flush(s->wbio);
1427
1428 if (s->msg_callback)
1429 s->msg_callback(1, s->version, SSL3_RT_ALERT,
1430 s->s3->send_alert, 2, s, s->msg_callback_arg);
1431
1432 if (s->info_callback != NULL)
1433 cb = s->info_callback;
1434 else if (s->ctx->info_callback != NULL)
1435 cb = s->ctx->info_callback;
1436
1437 if (cb != NULL) {
1438 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1439 cb(s, SSL_CB_WRITE_ALERT, j);
1440 }
1441 }
1442 return (i);
1443}
1444
1445
1446static DTLS1_BITMAP *
1447dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
1448{
1449
1450 *is_next_epoch = 0;
1451
1452 /* In current epoch, accept HM, CCS, DATA, & ALERT */
1453 if (rr->epoch == s->d1->r_epoch)
1454 return &s->d1->bitmap;
1455
1456 /* Only HM and ALERT messages can be from the next epoch */
1457 else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
1458 (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
1459 *is_next_epoch = 1;
1460 return &s->d1->next_bitmap;
1461 }
1462
1463 return NULL;
1464}
1465
1466void
1467dtls1_reset_seq_numbers(SSL *s, int rw)
1468{
1469 unsigned char *seq;
1470 unsigned int seq_bytes = sizeof(s->s3->read_sequence);
1471
1472 if (rw & SSL3_CC_READ) {
1473 seq = s->s3->read_sequence;
1474 s->d1->r_epoch++;
1475 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1476 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1477 } else {
1478 seq = s->s3->write_sequence;
1479 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1480 s->d1->w_epoch++;
1481 }
1482
1483 memset(seq, 0x00, seq_bytes);
1484}
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
deleted file mode 100644
index 45ce5b8d3e..0000000000
--- a/src/lib/libssl/d1_srtp.c
+++ /dev/null
@@ -1,473 +0,0 @@
1/* $OpenBSD: d1_srtp.c,v 1.15 2015/07/31 00:35:06 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/*
112 * DTLS code by Eric Rescorla <ekr@rtfm.com>
113 *
114 * Copyright (C) 2006, Network Resonance, Inc.
115 * Copyright (C) 2011, RTFM, Inc.
116 */
117
118#include <stdio.h>
119
120#include <openssl/objects.h>
121
122#include "ssl_locl.h"
123
124#ifndef OPENSSL_NO_SRTP
125
126#include "bytestring.h"
127#include "srtp.h"
128
129static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
130 {
131 "SRTP_AES128_CM_SHA1_80",
132 SRTP_AES128_CM_SHA1_80,
133 },
134 {
135 "SRTP_AES128_CM_SHA1_32",
136 SRTP_AES128_CM_SHA1_32,
137 },
138 {0}
139};
140
141static int
142find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
143 unsigned len)
144{
145 SRTP_PROTECTION_PROFILE *p;
146
147 p = srtp_known_profiles;
148 while (p->name) {
149 if ((len == strlen(p->name)) &&
150 !strncmp(p->name, profile_name, len)) {
151 *pptr = p;
152 return 0;
153 }
154
155 p++;
156 }
157
158 return 1;
159}
160
161static int
162find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr)
163{
164 SRTP_PROTECTION_PROFILE *p;
165
166 p = srtp_known_profiles;
167 while (p->name) {
168 if (p->id == profile_num) {
169 *pptr = p;
170 return 0;
171 }
172 p++;
173 }
174
175 return 1;
176}
177
178static int
179ssl_ctx_make_profiles(const char *profiles_string,
180 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
181{
182 STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
183
184 char *col;
185 char *ptr = (char *)profiles_string;
186
187 SRTP_PROTECTION_PROFILE *p;
188
189 if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
190 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
191 SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
192 return 1;
193 }
194
195 do {
196 col = strchr(ptr, ':');
197
198 if (!find_profile_by_name(ptr, &p,
199 col ? col - ptr : (int)strlen(ptr))) {
200 sk_SRTP_PROTECTION_PROFILE_push(profiles, p);
201 } else {
202 SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
203 SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
204 sk_SRTP_PROTECTION_PROFILE_free(profiles);
205 return 1;
206 }
207
208 if (col)
209 ptr = col + 1;
210 } while (col);
211
212 *out = profiles;
213
214 return 0;
215}
216
217int
218SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
219{
220 return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
221}
222
223int
224SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
225{
226 return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
227}
228
229
230STACK_OF(SRTP_PROTECTION_PROFILE) *
231SSL_get_srtp_profiles(SSL *s)
232{
233 if (s != NULL) {
234 if (s->srtp_profiles != NULL) {
235 return s->srtp_profiles;
236 } else if ((s->ctx != NULL) &&
237 (s->ctx->srtp_profiles != NULL)) {
238 return s->ctx->srtp_profiles;
239 }
240 }
241
242 return NULL;
243}
244
245SRTP_PROTECTION_PROFILE *
246SSL_get_selected_srtp_profile(SSL *s)
247{
248 return s->srtp_profile;
249}
250
251/* Note: this function returns 0 length if there are no
252 profiles specified */
253int
254ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
255{
256 int ct = 0;
257 int i;
258 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0;
259 SRTP_PROTECTION_PROFILE *prof;
260
261 clnt = SSL_get_srtp_profiles(s);
262
263 ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
264
265 if (p) {
266 if (ct == 0) {
267 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
268 SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
269 return 1;
270 }
271
272 if ((2 + ct * 2 + 1) > maxlen) {
273 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,
274 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
275 return 1;
276 }
277
278 /* Add the length */
279 s2n(ct * 2, p);
280 for (i = 0; i < ct; i++) {
281 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
282 s2n(prof->id, p);
283 }
284
285 /* Add an empty use_mki value */
286 *p++ = 0;
287 }
288
289 *len = 2 + ct*2 + 1;
290
291 return 0;
292}
293
294
295int
296ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
297 int *al)
298{
299 SRTP_PROTECTION_PROFILE *cprof, *sprof;
300 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr;
301 int i, j;
302 int ret = 1;
303 uint16_t id;
304 CBS cbs, ciphers, mki;
305
306 if (len < 0) {
307 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
308 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
309 *al = SSL_AD_DECODE_ERROR;
310 goto done;
311 }
312
313 CBS_init(&cbs, d, len);
314 /* Pull off the cipher suite list */
315 if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
316 CBS_len(&ciphers) % 2) {
317 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
318 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
319 *al = SSL_AD_DECODE_ERROR;
320 goto done;
321 }
322
323 clnt = sk_SRTP_PROTECTION_PROFILE_new_null();
324
325 while (CBS_len(&ciphers) > 0) {
326 if (!CBS_get_u16(&ciphers, &id)) {
327 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
328 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
329 *al = SSL_AD_DECODE_ERROR;
330 goto done;
331 }
332
333 if (!find_profile_by_num(id, &cprof))
334 sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof);
335 else
336 ; /* Ignore */
337 }
338
339 /* Extract the MKI value as a sanity check, but discard it for now. */
340 if (!CBS_get_u8_length_prefixed(&cbs, &mki) ||
341 CBS_len(&cbs) != 0) {
342 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
343 SSL_R_BAD_SRTP_MKI_VALUE);
344 *al = SSL_AD_DECODE_ERROR;
345 goto done;
346 }
347
348 srvr = SSL_get_srtp_profiles(s);
349
350 /*
351 * Pick our most preferred profile. If no profiles have been
352 * configured then the outer loop doesn't run
353 * (sk_SRTP_PROTECTION_PROFILE_num() = -1)
354 * and so we just return without doing anything.
355 */
356 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
357 sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
358
359 for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
360 cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j);
361
362 if (cprof->id == sprof->id) {
363 s->srtp_profile = sprof;
364 *al = 0;
365 ret = 0;
366 goto done;
367 }
368 }
369 }
370
371 ret = 0;
372
373done:
374 if (clnt)
375 sk_SRTP_PROTECTION_PROFILE_free(clnt);
376
377 return ret;
378}
379
380int
381ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
382{
383 if (p) {
384 if (maxlen < 5) {
385 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
386 SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
387 return 1;
388 }
389
390 if (s->srtp_profile == 0) {
391 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,
392 SSL_R_USE_SRTP_NOT_NEGOTIATED);
393 return 1;
394 }
395 s2n(2, p);
396 s2n(s->srtp_profile->id, p);
397 *p++ = 0;
398 }
399 *len = 5;
400
401 return 0;
402}
403
404
405int
406ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d, int len, int *al)
407{
408 STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
409 SRTP_PROTECTION_PROFILE *prof;
410 int i;
411 uint16_t id;
412 CBS cbs, profile_ids, mki;
413
414 if (len < 0) {
415 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
416 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
417 *al = SSL_AD_DECODE_ERROR;
418 return 1;
419 }
420
421 CBS_init(&cbs, d, len);
422
423 /*
424 * As per RFC 5764 section 4.1.1, server response MUST be a single
425 * profile id.
426 */
427 if (!CBS_get_u16_length_prefixed(&cbs, &profile_ids) ||
428 !CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
429 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
430 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
431 *al = SSL_AD_DECODE_ERROR;
432 return 1;
433 }
434
435 /* Must be no MKI, since we never offer one. */
436 if (!CBS_get_u8_length_prefixed(&cbs, &mki) || CBS_len(&mki) != 0) {
437 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
438 SSL_R_BAD_SRTP_MKI_VALUE);
439 *al = SSL_AD_ILLEGAL_PARAMETER;
440 return 1;
441 }
442
443 clnt = SSL_get_srtp_profiles(s);
444
445 /* Throw an error if the server gave us an unsolicited extension. */
446 if (clnt == NULL) {
447 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
448 SSL_R_NO_SRTP_PROFILES);
449 *al = SSL_AD_DECODE_ERROR;
450 return 1;
451 }
452
453 /*
454 * Check to see if the server gave us something we support
455 * (and presumably offered).
456 */
457 for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
458 prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
459
460 if (prof->id == id) {
461 s->srtp_profile = prof;
462 *al = 0;
463 return 0;
464 }
465 }
466
467 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,
468 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
469 *al = SSL_AD_DECODE_ERROR;
470 return 1;
471}
472
473#endif
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
deleted file mode 100644
index 698292f33f..0000000000
--- a/src/lib/libssl/d1_srvr.c
+++ /dev/null
@@ -1,1329 +0,0 @@
1/* $OpenBSD: d1_srvr.c,v 1.55 2015/06/18 22:51:05 doug Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
60 * All rights reserved.
61 *
62 * This package is an SSL implementation written
63 * by Eric Young (eay@cryptsoft.com).
64 * The implementation was written so as to conform with Netscapes SSL.
65 *
66 * This library is free for commercial and non-commercial use as long as
67 * the following conditions are aheared to. The following conditions
68 * apply to all code found in this distribution, be it the RC4, RSA,
69 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
70 * included with this distribution is covered by the same copyright terms
71 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
72 *
73 * Copyright remains Eric Young's, and as such any Copyright notices in
74 * the code are not to be removed.
75 * If this package is used in a product, Eric Young should be given attribution
76 * as the author of the parts of the library used.
77 * This can be in the form of a textual message at program startup or
78 * in documentation (online or textual) provided with the package.
79 *
80 * Redistribution and use in source and binary forms, with or without
81 * modification, are permitted provided that the following conditions
82 * are met:
83 * 1. Redistributions of source code must retain the copyright
84 * notice, this list of conditions and the following disclaimer.
85 * 2. Redistributions in binary form must reproduce the above copyright
86 * notice, this list of conditions and the following disclaimer in the
87 * documentation and/or other materials provided with the distribution.
88 * 3. All advertising materials mentioning features or use of this software
89 * must display the following acknowledgement:
90 * "This product includes cryptographic software written by
91 * Eric Young (eay@cryptsoft.com)"
92 * The word 'cryptographic' can be left out if the rouines from the library
93 * being used are not cryptographic related :-).
94 * 4. If you include any Windows specific code (or a derivative thereof) from
95 * the apps directory (application code) you must include an acknowledgement:
96 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
97 *
98 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
99 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
100 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
101 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
102 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
103 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
104 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
106 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
107 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
108 * SUCH DAMAGE.
109 *
110 * The licence and distribution terms for any publically available version or
111 * derivative of this code cannot be changed. i.e. this code cannot simply be
112 * copied and put under another distribution licence
113 * [including the GNU Public Licence.]
114 */
115
116#include <stdio.h>
117
118#include "ssl_locl.h"
119
120#include <openssl/bn.h>
121#include <openssl/buffer.h>
122#include <openssl/dh.h>
123#include <openssl/evp.h>
124#include <openssl/md5.h>
125#include <openssl/objects.h>
126#include <openssl/x509.h>
127
128static const SSL_METHOD *dtls1_get_server_method(int ver);
129static int dtls1_send_hello_verify_request(SSL *s);
130
131const SSL_METHOD DTLSv1_server_method_data = {
132 .version = DTLS1_VERSION,
133 .ssl_new = dtls1_new,
134 .ssl_clear = dtls1_clear,
135 .ssl_free = dtls1_free,
136 .ssl_accept = dtls1_accept,
137 .ssl_connect = ssl_undefined_function,
138 .ssl_read = ssl3_read,
139 .ssl_peek = ssl3_peek,
140 .ssl_write = ssl3_write,
141 .ssl_shutdown = dtls1_shutdown,
142 .ssl_renegotiate = ssl3_renegotiate,
143 .ssl_renegotiate_check = ssl3_renegotiate_check,
144 .ssl_get_message = dtls1_get_message,
145 .ssl_read_bytes = dtls1_read_bytes,
146 .ssl_write_bytes = dtls1_write_app_data_bytes,
147 .ssl_dispatch_alert = dtls1_dispatch_alert,
148 .ssl_ctrl = dtls1_ctrl,
149 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
150 .get_cipher_by_char = ssl3_get_cipher_by_char,
151 .put_cipher_by_char = ssl3_put_cipher_by_char,
152 .ssl_pending = ssl3_pending,
153 .num_ciphers = ssl3_num_ciphers,
154 .get_cipher = dtls1_get_cipher,
155 .get_ssl_method = dtls1_get_server_method,
156 .get_timeout = dtls1_default_timeout,
157 .ssl3_enc = &DTLSv1_enc_data,
158 .ssl_version = ssl_undefined_void_function,
159 .ssl_callback_ctrl = ssl3_callback_ctrl,
160 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
161};
162
163const SSL_METHOD *
164DTLSv1_server_method(void)
165{
166 return &DTLSv1_server_method_data;
167}
168
169static const SSL_METHOD *
170dtls1_get_server_method(int ver)
171{
172 if (ver == DTLS1_VERSION)
173 return (DTLSv1_server_method());
174 return (NULL);
175}
176
177int
178dtls1_accept(SSL *s)
179{
180 void (*cb)(const SSL *ssl, int type, int val) = NULL;
181 unsigned long alg_k;
182 int ret = -1;
183 int new_state, state, skip = 0;
184 int listen;
185
186 ERR_clear_error();
187 errno = 0;
188
189 if (s->info_callback != NULL)
190 cb = s->info_callback;
191 else if (s->ctx->info_callback != NULL)
192 cb = s->ctx->info_callback;
193
194 listen = s->d1->listen;
195
196 /* init things to blank */
197 s->in_handshake++;
198 if (!SSL_in_init(s) || SSL_in_before(s))
199 SSL_clear(s);
200
201 s->d1->listen = listen;
202
203 if (s->cert == NULL) {
204 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
205 return (-1);
206 }
207
208 for (;;) {
209 state = s->state;
210
211 switch (s->state) {
212 case SSL_ST_RENEGOTIATE:
213 s->renegotiate = 1;
214 /* s->state=SSL_ST_ACCEPT; */
215
216 case SSL_ST_BEFORE:
217 case SSL_ST_ACCEPT:
218 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
219 case SSL_ST_OK|SSL_ST_ACCEPT:
220
221 s->server = 1;
222 if (cb != NULL)
223 cb(s, SSL_CB_HANDSHAKE_START, 1);
224
225 if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
226 SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
227 return -1;
228 }
229 s->type = SSL_ST_ACCEPT;
230
231 if (!ssl3_setup_init_buffer(s)) {
232 ret = -1;
233 goto end;
234 }
235 if (!ssl3_setup_buffers(s)) {
236 ret = -1;
237 goto end;
238 }
239
240 s->init_num = 0;
241
242 if (s->state != SSL_ST_RENEGOTIATE) {
243 /* Ok, we now need to push on a buffering BIO so that
244 * the output is sent in a way that TCP likes :-)
245 * ...but not with SCTP :-)
246 */
247 if (!ssl_init_wbio_buffer(s, 1)) {
248 ret = -1;
249 goto end;
250 }
251
252 if (!ssl3_init_finished_mac(s)) {
253 ret = -1;
254 goto end;
255 }
256
257 s->state = SSL3_ST_SR_CLNT_HELLO_A;
258 s->ctx->stats.sess_accept++;
259 } else {
260 /* s->state == SSL_ST_RENEGOTIATE,
261 * we will just send a HelloRequest */
262 s->ctx->stats.sess_accept_renegotiate++;
263 s->state = SSL3_ST_SW_HELLO_REQ_A;
264 }
265
266 break;
267
268 case SSL3_ST_SW_HELLO_REQ_A:
269 case SSL3_ST_SW_HELLO_REQ_B:
270
271 s->shutdown = 0;
272 dtls1_clear_record_buffer(s);
273 dtls1_start_timer(s);
274 ret = dtls1_send_hello_request(s);
275 if (ret <= 0)
276 goto end;
277 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
278 s->state = SSL3_ST_SW_FLUSH;
279 s->init_num = 0;
280
281 if (!ssl3_init_finished_mac(s)) {
282 ret = -1;
283 goto end;
284 }
285 break;
286
287 case SSL3_ST_SW_HELLO_REQ_C:
288 s->state = SSL_ST_OK;
289 break;
290
291 case SSL3_ST_SR_CLNT_HELLO_A:
292 case SSL3_ST_SR_CLNT_HELLO_B:
293 case SSL3_ST_SR_CLNT_HELLO_C:
294
295 s->shutdown = 0;
296 ret = ssl3_get_client_hello(s);
297 if (ret <= 0)
298 goto end;
299 dtls1_stop_timer(s);
300
301 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
302 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
303 else
304 s->state = SSL3_ST_SW_SRVR_HELLO_A;
305
306 s->init_num = 0;
307
308 /* Reflect ClientHello sequence to remain stateless while listening */
309 if (listen) {
310 memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
311 }
312
313 /* If we're just listening, stop here */
314 if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
315 ret = 2;
316 s->d1->listen = 0;
317 /* Set expected sequence numbers
318 * to continue the handshake.
319 */
320 s->d1->handshake_read_seq = 2;
321 s->d1->handshake_write_seq = 1;
322 s->d1->next_handshake_write_seq = 1;
323 goto end;
324 }
325
326 break;
327
328 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
329 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
330
331 ret = dtls1_send_hello_verify_request(s);
332 if (ret <= 0)
333 goto end;
334 s->state = SSL3_ST_SW_FLUSH;
335 s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
336
337 /* HelloVerifyRequest resets Finished MAC */
338 if (s->version != DTLS1_BAD_VER) {
339 if (!ssl3_init_finished_mac(s)) {
340 ret = -1;
341 goto end;
342 }
343 }
344 break;
345
346
347 case SSL3_ST_SW_SRVR_HELLO_A:
348 case SSL3_ST_SW_SRVR_HELLO_B:
349 s->renegotiate = 2;
350 dtls1_start_timer(s);
351 ret = dtls1_send_server_hello(s);
352 if (ret <= 0)
353 goto end;
354
355 if (s->hit) {
356 if (s->tlsext_ticket_expected)
357 s->state = SSL3_ST_SW_SESSION_TICKET_A;
358 else
359 s->state = SSL3_ST_SW_CHANGE_A;
360 } else
361 s->state = SSL3_ST_SW_CERT_A;
362 s->init_num = 0;
363 break;
364
365 case SSL3_ST_SW_CERT_A:
366 case SSL3_ST_SW_CERT_B:
367 /* Check if it is anon DH. */
368 if (!(s->s3->tmp.new_cipher->algorithm_auth &
369 SSL_aNULL)) {
370 dtls1_start_timer(s);
371 ret = dtls1_send_server_certificate(s);
372 if (ret <= 0)
373 goto end;
374 if (s->tlsext_status_expected)
375 s->state = SSL3_ST_SW_CERT_STATUS_A;
376 else
377 s->state = SSL3_ST_SW_KEY_EXCH_A;
378 } else {
379 skip = 1;
380 s->state = SSL3_ST_SW_KEY_EXCH_A;
381 }
382 s->init_num = 0;
383 break;
384
385 case SSL3_ST_SW_KEY_EXCH_A:
386 case SSL3_ST_SW_KEY_EXCH_B:
387 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
388
389 /* Only send if using a DH key exchange. */
390 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
391 dtls1_start_timer(s);
392 ret = dtls1_send_server_key_exchange(s);
393 if (ret <= 0)
394 goto end;
395 } else
396 skip = 1;
397
398 s->state = SSL3_ST_SW_CERT_REQ_A;
399 s->init_num = 0;
400 break;
401
402 case SSL3_ST_SW_CERT_REQ_A:
403 case SSL3_ST_SW_CERT_REQ_B:
404 /*
405 * Determine whether or not we need to request a
406 * certificate.
407 *
408 * Do not request a certificate if:
409 *
410 * - We did not ask for it (SSL_VERIFY_PEER is unset).
411 *
412 * - SSL_VERIFY_CLIENT_ONCE is set and we are
413 * renegotiating.
414 *
415 * - We are using an anonymous ciphersuites
416 * (see section "Certificate request" in SSL 3 drafts
417 * and in RFC 2246) ... except when the application
418 * insists on verification (against the specs, but
419 * s3_clnt.c accepts this for SSL 3).
420 */
421 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
422 ((s->session->peer != NULL) &&
423 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
424 ((s->s3->tmp.new_cipher->algorithm_auth &
425 SSL_aNULL) && !(s->verify_mode &
426 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
427 /* no cert request */
428 skip = 1;
429 s->s3->tmp.cert_request = 0;
430 s->state = SSL3_ST_SW_SRVR_DONE_A;
431 } else {
432 s->s3->tmp.cert_request = 1;
433 dtls1_start_timer(s);
434 ret = dtls1_send_certificate_request(s);
435 if (ret <= 0)
436 goto end;
437 s->state = SSL3_ST_SW_SRVR_DONE_A;
438 s->init_num = 0;
439 }
440 break;
441
442 case SSL3_ST_SW_SRVR_DONE_A:
443 case SSL3_ST_SW_SRVR_DONE_B:
444 dtls1_start_timer(s);
445 ret = dtls1_send_server_done(s);
446 if (ret <= 0)
447 goto end;
448 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
449 s->state = SSL3_ST_SW_FLUSH;
450 s->init_num = 0;
451 break;
452
453 case SSL3_ST_SW_FLUSH:
454 s->rwstate = SSL_WRITING;
455 if (BIO_flush(s->wbio) <= 0) {
456 /* If the write error was fatal, stop trying */
457 if (!BIO_should_retry(s->wbio)) {
458 s->rwstate = SSL_NOTHING;
459 s->state = s->s3->tmp.next_state;
460 }
461
462 ret = -1;
463 goto end;
464 }
465 s->rwstate = SSL_NOTHING;
466 s->state = s->s3->tmp.next_state;
467 break;
468
469 case SSL3_ST_SR_CERT_A:
470 case SSL3_ST_SR_CERT_B:
471 if (s->s3->tmp.cert_request) {
472 ret = ssl3_get_client_certificate(s);
473 if (ret <= 0)
474 goto end;
475 }
476 s->init_num = 0;
477 s->state = SSL3_ST_SR_KEY_EXCH_A;
478 break;
479
480 case SSL3_ST_SR_KEY_EXCH_A:
481 case SSL3_ST_SR_KEY_EXCH_B:
482 ret = ssl3_get_client_key_exchange(s);
483 if (ret <= 0)
484 goto end;
485
486 s->state = SSL3_ST_SR_CERT_VRFY_A;
487 s->init_num = 0;
488
489 if (ret == 2) {
490 /* For the ECDH ciphersuites when
491 * the client sends its ECDH pub key in
492 * a certificate, the CertificateVerify
493 * message is not sent.
494 */
495 s->state = SSL3_ST_SR_FINISHED_A;
496 s->init_num = 0;
497 } else {
498 s->state = SSL3_ST_SR_CERT_VRFY_A;
499 s->init_num = 0;
500
501 /* We need to get hashes here so if there is
502 * a client cert, it can be verified */
503 s->method->ssl3_enc->cert_verify_mac(s,
504 NID_md5, &(s->s3->tmp.cert_verify_md[0]));
505 s->method->ssl3_enc->cert_verify_mac(s,
506 NID_sha1,
507 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
508 }
509 break;
510
511 case SSL3_ST_SR_CERT_VRFY_A:
512 case SSL3_ST_SR_CERT_VRFY_B:
513
514 s->d1->change_cipher_spec_ok = 1;
515 /* we should decide if we expected this one */
516 ret = ssl3_get_cert_verify(s);
517 if (ret <= 0)
518 goto end;
519 s->state = SSL3_ST_SR_FINISHED_A;
520 s->init_num = 0;
521 break;
522
523 case SSL3_ST_SR_FINISHED_A:
524 case SSL3_ST_SR_FINISHED_B:
525 s->d1->change_cipher_spec_ok = 1;
526 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
527 SSL3_ST_SR_FINISHED_B);
528 if (ret <= 0)
529 goto end;
530 dtls1_stop_timer(s);
531 if (s->hit)
532 s->state = SSL_ST_OK;
533 else if (s->tlsext_ticket_expected)
534 s->state = SSL3_ST_SW_SESSION_TICKET_A;
535 else
536 s->state = SSL3_ST_SW_CHANGE_A;
537 s->init_num = 0;
538 break;
539
540 case SSL3_ST_SW_SESSION_TICKET_A:
541 case SSL3_ST_SW_SESSION_TICKET_B:
542 ret = dtls1_send_newsession_ticket(s);
543 if (ret <= 0)
544 goto end;
545 s->state = SSL3_ST_SW_CHANGE_A;
546 s->init_num = 0;
547 break;
548
549 case SSL3_ST_SW_CERT_STATUS_A:
550 case SSL3_ST_SW_CERT_STATUS_B:
551 ret = ssl3_send_cert_status(s);
552 if (ret <= 0)
553 goto end;
554 s->state = SSL3_ST_SW_KEY_EXCH_A;
555 s->init_num = 0;
556 break;
557
558
559 case SSL3_ST_SW_CHANGE_A:
560 case SSL3_ST_SW_CHANGE_B:
561
562 s->session->cipher = s->s3->tmp.new_cipher;
563 if (!s->method->ssl3_enc->setup_key_block(s)) {
564 ret = -1;
565 goto end;
566 }
567
568 ret = dtls1_send_change_cipher_spec(s,
569 SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
570
571 if (ret <= 0)
572 goto end;
573
574
575 s->state = SSL3_ST_SW_FINISHED_A;
576 s->init_num = 0;
577
578 if (!s->method->ssl3_enc->change_cipher_state(s,
579 SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
580 ret = -1;
581 goto end;
582 }
583
584 dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
585 break;
586
587 case SSL3_ST_SW_FINISHED_A:
588 case SSL3_ST_SW_FINISHED_B:
589 ret = dtls1_send_finished(s,
590 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
591 s->method->ssl3_enc->server_finished_label,
592 s->method->ssl3_enc->server_finished_label_len);
593 if (ret <= 0)
594 goto end;
595 s->state = SSL3_ST_SW_FLUSH;
596 if (s->hit) {
597 s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
598
599 } else {
600 s->s3->tmp.next_state = SSL_ST_OK;
601 }
602 s->init_num = 0;
603 break;
604
605 case SSL_ST_OK:
606 /* clean a few things up */
607 ssl3_cleanup_key_block(s);
608
609 /* remove buffering on output */
610 ssl_free_wbio_buffer(s);
611
612 s->init_num = 0;
613
614 if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
615 {
616 s->renegotiate = 0;
617 s->new_session = 0;
618
619 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
620
621 s->ctx->stats.sess_accept_good++;
622 /* s->server=1; */
623 s->handshake_func = dtls1_accept;
624
625 if (cb != NULL)
626 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
627 }
628
629 ret = 1;
630
631 /* done handshaking, next message is client hello */
632 s->d1->handshake_read_seq = 0;
633 /* next message is server hello */
634 s->d1->handshake_write_seq = 0;
635 s->d1->next_handshake_write_seq = 0;
636 goto end;
637 /* break; */
638
639 default:
640 SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
641 ret = -1;
642 goto end;
643 /* break; */
644 }
645
646 if (!s->s3->tmp.reuse_message && !skip) {
647 if (s->debug) {
648 if ((ret = BIO_flush(s->wbio)) <= 0)
649 goto end;
650 }
651
652 if ((cb != NULL) && (s->state != state)) {
653 new_state = s->state;
654 s->state = state;
655 cb(s, SSL_CB_ACCEPT_LOOP, 1);
656 s->state = new_state;
657 }
658 }
659 skip = 0;
660 }
661end:
662 /* BIO_flush(s->wbio); */
663
664 s->in_handshake--;
665
666 if (cb != NULL)
667 cb(s, SSL_CB_ACCEPT_EXIT, ret);
668 return (ret);
669}
670
671int
672dtls1_send_hello_request(SSL *s)
673{
674 if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
675 ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
676 ssl3_handshake_msg_finish(s, 0);
677
678 s->state = SSL3_ST_SW_HELLO_REQ_B;
679 }
680
681 /* SSL3_ST_SW_HELLO_REQ_B */
682 return (ssl3_handshake_write(s));
683}
684
685int
686dtls1_send_hello_verify_request(SSL *s)
687{
688 unsigned char *d, *p;
689
690 if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
691 d = p = ssl3_handshake_msg_start(s,
692 DTLS1_MT_HELLO_VERIFY_REQUEST);
693
694 *(p++) = s->version >> 8;
695 *(p++) = s->version & 0xFF;
696
697 if (s->ctx->app_gen_cookie_cb == NULL ||
698 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
699 &(s->d1->cookie_len)) == 0) {
700 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
701 ERR_R_INTERNAL_ERROR);
702 return 0;
703 }
704
705 *(p++) = (unsigned char) s->d1->cookie_len;
706 memcpy(p, s->d1->cookie, s->d1->cookie_len);
707 p += s->d1->cookie_len;
708
709 ssl3_handshake_msg_finish(s, p - d);
710
711 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
712 }
713
714 /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
715 return (ssl3_handshake_write(s));
716}
717
718int
719dtls1_send_server_hello(SSL *s)
720{
721 unsigned char *bufend;
722 unsigned char *p, *d;
723 unsigned int sl;
724
725 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
726 d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
727
728 *(p++) = s->version >> 8;
729 *(p++) = s->version & 0xff;
730
731 /* Random stuff */
732 arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
733 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
734 p += SSL3_RANDOM_SIZE;
735
736 /* now in theory we have 3 options to sending back the
737 * session id. If it is a re-use, we send back the
738 * old session-id, if it is a new session, we send
739 * back the new session-id or we send back a 0 length
740 * session-id if we want it to be single use.
741 * Currently I will not implement the '0' length session-id
742 * 12-Jan-98 - I'll now support the '0' length stuff.
743 */
744 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
745 s->session->session_id_length = 0;
746
747 sl = s->session->session_id_length;
748 if (sl > sizeof s->session->session_id) {
749 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,
750 ERR_R_INTERNAL_ERROR);
751 return -1;
752 }
753 *(p++) = sl;
754 memcpy(p, s->session->session_id, sl);
755 p += sl;
756
757 /* put the cipher */
758 if (s->s3->tmp.new_cipher == NULL)
759 return -1;
760 s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p);
761
762 /* put the compression method */
763 *(p++) = 0;
764
765 bufend = (unsigned char *)s->init_buf->data +
766 SSL3_RT_MAX_PLAIN_LENGTH;
767 if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
768 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,
769 ERR_R_INTERNAL_ERROR);
770 return -1;
771 }
772
773 ssl3_handshake_msg_finish(s, p - d);
774
775 s->state = SSL3_ST_SW_SRVR_HELLO_B;
776 }
777
778 /* SSL3_ST_SW_SRVR_HELLO_B */
779 return (ssl3_handshake_write(s));
780}
781
782int
783dtls1_send_server_done(SSL *s)
784{
785 if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
786 ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
787 ssl3_handshake_msg_finish(s, 0);
788
789 s->state = SSL3_ST_SW_SRVR_DONE_B;
790 }
791
792 /* SSL3_ST_SW_SRVR_DONE_B */
793 return (ssl3_handshake_write(s));
794}
795
796int
797dtls1_send_server_key_exchange(SSL *s)
798{
799 unsigned char *q;
800 int j, num;
801 unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
802 unsigned int u;
803 DH *dh = NULL, *dhp;
804 EC_KEY *ecdh = NULL, *ecdhp;
805 unsigned char *encodedPoint = NULL;
806 int encodedlen = 0;
807 int curve_id = 0;
808 BN_CTX *bn_ctx = NULL;
809
810 EVP_PKEY *pkey;
811 unsigned char *p, *d;
812 int al, i;
813 unsigned long type;
814 int n;
815 CERT *cert;
816 BIGNUM *r[4];
817 int nr[4], kn;
818 BUF_MEM *buf;
819 EVP_MD_CTX md_ctx;
820
821 EVP_MD_CTX_init(&md_ctx);
822 if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
823 type = s->s3->tmp.new_cipher->algorithm_mkey;
824 cert = s->cert;
825
826 buf = s->init_buf;
827
828 r[0] = r[1] = r[2] = r[3] = NULL;
829 n = 0;
830
831 if (type & SSL_kDHE) {
832 dhp = cert->dh_tmp;
833 if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
834 dhp = s->cert->dh_tmp_cb(s, 0,
835 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
836 if (dhp == NULL) {
837 al = SSL_AD_HANDSHAKE_FAILURE;
838 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY);
839 goto f_err;
840 }
841
842 if (s->s3->tmp.dh != NULL) {
843 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
844 goto err;
845 }
846
847 if ((dh = DHparams_dup(dhp)) == NULL) {
848 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
849 goto err;
850 }
851
852 s->s3->tmp.dh = dh;
853 if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
854 (s->options & SSL_OP_SINGLE_DH_USE))) {
855 if (!DH_generate_key(dh)) {
856 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
857 ERR_R_DH_LIB);
858 goto err;
859 }
860 } else {
861 dh->pub_key = BN_dup(dhp->pub_key);
862 dh->priv_key = BN_dup(dhp->priv_key);
863 if ((dh->pub_key == NULL) ||
864 (dh->priv_key == NULL)) {
865 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
866 goto err;
867 }
868 }
869 r[0] = dh->p;
870 r[1] = dh->g;
871 r[2] = dh->pub_key;
872 } else if (type & SSL_kECDHE) {
873 const EC_GROUP *group;
874
875 ecdhp = cert->ecdh_tmp;
876 if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL)
877 ecdhp = s->cert->ecdh_tmp_cb(s, 0,
878 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
879 if (ecdhp == NULL) {
880 al = SSL_AD_HANDSHAKE_FAILURE;
881 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY);
882 goto f_err;
883 }
884
885 if (s->s3->tmp.ecdh != NULL) {
886 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
887 goto err;
888 }
889
890 /* Duplicate the ECDH structure. */
891 if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
892 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
893 goto err;
894 }
895 s->s3->tmp.ecdh = ecdh;
896
897 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
898 (EC_KEY_get0_private_key(ecdh) == NULL) ||
899 (s->options & SSL_OP_SINGLE_ECDH_USE)) {
900 if (!EC_KEY_generate_key(ecdh)) {
901 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
902 goto err;
903 }
904 }
905
906 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
907 (EC_KEY_get0_public_key(ecdh) == NULL) ||
908 (EC_KEY_get0_private_key(ecdh) == NULL)) {
909 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
910 goto err;
911 }
912
913 /* XXX: For now, we only support ephemeral ECDH
914 * keys over named (not generic) curves. For
915 * supported named curves, curve_id is non-zero.
916 */
917 if ((curve_id = tls1_ec_nid2curve_id(
918 EC_GROUP_get_curve_name(group))) == 0) {
919 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
920 goto err;
921 }
922
923 /* Encode the public key.
924 * First check the size of encoding and
925 * allocate memory accordingly.
926 */
927 encodedlen = EC_POINT_point2oct(group,
928 EC_KEY_get0_public_key(ecdh),
929 POINT_CONVERSION_UNCOMPRESSED,
930 NULL, 0, NULL);
931
932 encodedPoint = malloc(encodedlen);
933
934 bn_ctx = BN_CTX_new();
935 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
936 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
937 goto err;
938 }
939
940
941 encodedlen = EC_POINT_point2oct(group,
942 EC_KEY_get0_public_key(ecdh),
943 POINT_CONVERSION_UNCOMPRESSED,
944 encodedPoint, encodedlen, bn_ctx);
945
946 if (encodedlen == 0) {
947 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
948 goto err;
949 }
950
951 BN_CTX_free(bn_ctx);
952 bn_ctx = NULL;
953
954 /* XXX: For now, we only support named (not
955 * generic) curves in ECDH ephemeral key exchanges.
956 * In this situation, we need four additional bytes
957 * to encode the entire ServerECDHParams
958 * structure.
959 */
960 n = 4 + encodedlen;
961
962 /* We'll generate the serverKeyExchange message
963 * explicitly so we can set these to NULLs
964 */
965 r[0] = NULL;
966 r[1] = NULL;
967 r[2] = NULL;
968 r[3] = NULL;
969 } else {
970 al = SSL_AD_HANDSHAKE_FAILURE;
971 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
972 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
973 goto f_err;
974 }
975 for (i = 0; r[i] != NULL; i++) {
976 nr[i] = BN_num_bytes(r[i]);
977 n += 2 + nr[i];
978 }
979
980 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
981 if ((pkey = ssl_get_sign_pkey(s,
982 s->s3->tmp.new_cipher, NULL)) == NULL) {
983 al = SSL_AD_DECODE_ERROR;
984 goto f_err;
985 }
986 kn = EVP_PKEY_size(pkey);
987 } else {
988 pkey = NULL;
989 kn = 0;
990 }
991
992 if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
993 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
994 goto err;
995 }
996 d = (unsigned char *)s->init_buf->data;
997 p = &(d[DTLS1_HM_HEADER_LENGTH]);
998
999 for (i = 0; r[i] != NULL; i++) {
1000 s2n(nr[i], p);
1001 BN_bn2bin(r[i], p);
1002 p += nr[i];
1003 }
1004
1005 if (type & SSL_kECDHE) {
1006 /* XXX: For now, we only support named (not generic) curves.
1007 * In this situation, the serverKeyExchange message has:
1008 * [1 byte CurveType], [2 byte CurveName]
1009 * [1 byte length of encoded point], followed by
1010 * the actual encoded point itself
1011 */
1012 *p = NAMED_CURVE_TYPE;
1013 p += 1;
1014 *p = 0;
1015 p += 1;
1016 *p = curve_id;
1017 p += 1;
1018 *p = encodedlen;
1019 p += 1;
1020 memcpy((unsigned char*)p,
1021 (unsigned char *)encodedPoint, encodedlen);
1022 free(encodedPoint);
1023 encodedPoint = NULL;
1024 p += encodedlen;
1025 }
1026
1027
1028 /* not anonymous */
1029 if (pkey != NULL) {
1030 /* n is the length of the params, they start at
1031 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
1032 * at the end. */
1033 if (pkey->type == EVP_PKEY_RSA) {
1034 q = md_buf;
1035 j = 0;
1036 for (num = 2; num > 0; num--) {
1037 if (!EVP_DigestInit_ex(&md_ctx, (num == 2)
1038 ? s->ctx->md5 : s->ctx->sha1, NULL))
1039 goto err;
1040 EVP_DigestUpdate(&md_ctx,
1041 &(s->s3->client_random[0]),
1042 SSL3_RANDOM_SIZE);
1043 EVP_DigestUpdate(&md_ctx,
1044 &(s->s3->server_random[0]),
1045 SSL3_RANDOM_SIZE);
1046 EVP_DigestUpdate(&md_ctx,
1047 &(d[DTLS1_HM_HEADER_LENGTH]), n);
1048 EVP_DigestFinal_ex(&md_ctx, q,
1049 (unsigned int *)&i);
1050 q += i;
1051 j += i;
1052 }
1053 if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]),
1054 &u, pkey->pkey.rsa) <= 0) {
1055 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
1056 goto err;
1057 }
1058 s2n(u, p);
1059 n += u + 2;
1060 } else
1061 if (pkey->type == EVP_PKEY_DSA) {
1062 /* lets do DSS */
1063 EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
1064 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1065 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1066 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1067 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1068 (unsigned int *)&i, pkey)) {
1069 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
1070 goto err;
1071 }
1072 s2n(i, p);
1073 n += i + 2;
1074 } else
1075 if (pkey->type == EVP_PKEY_EC) {
1076 /* let's do ECDSA */
1077 EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
1078 EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
1079 EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
1080 EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
1081 if (!EVP_SignFinal(&md_ctx, &(p[2]),
1082 (unsigned int *)&i, pkey)) {
1083 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_ECDSA);
1084 goto err;
1085 }
1086 s2n(i, p);
1087 n += i + 2;
1088 } else
1089 {
1090 /* Is this error check actually needed? */
1091 al = SSL_AD_HANDSHAKE_FAILURE;
1092 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_PKEY_TYPE);
1093 goto f_err;
1094 }
1095 }
1096
1097 d = dtls1_set_message_header(s, d,
1098 SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
1099
1100 /* we should now have things packed up, so lets send
1101 * it off */
1102 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1103 s->init_off = 0;
1104
1105 /* buffer the message to handle re-xmits */
1106 dtls1_buffer_message(s, 0);
1107 }
1108
1109 s->state = SSL3_ST_SW_KEY_EXCH_B;
1110 EVP_MD_CTX_cleanup(&md_ctx);
1111 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1112f_err:
1113 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1114err:
1115 free(encodedPoint);
1116 BN_CTX_free(bn_ctx);
1117 EVP_MD_CTX_cleanup(&md_ctx);
1118 return (-1);
1119}
1120
1121int
1122dtls1_send_certificate_request(SSL *s)
1123{
1124 unsigned char *p, *d;
1125 int i, j, nl, off, n;
1126 STACK_OF(X509_NAME) *sk = NULL;
1127 X509_NAME *name;
1128 BUF_MEM *buf;
1129 unsigned int msg_len;
1130
1131 if (s->state == SSL3_ST_SW_CERT_REQ_A) {
1132 buf = s->init_buf;
1133
1134 d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
1135
1136 /* get the list of acceptable cert types */
1137 p++;
1138 n = ssl3_get_req_cert_type(s, p);
1139 d[0] = n;
1140 p += n;
1141 n++;
1142
1143 off = n;
1144 p += 2;
1145 n += 2;
1146
1147 sk = SSL_get_client_CA_list(s);
1148 nl = 0;
1149 if (sk != NULL) {
1150 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
1151 name = sk_X509_NAME_value(sk, i);
1152 j = i2d_X509_NAME(name, NULL);
1153 if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
1154 SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
1155 goto err;
1156 }
1157 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
1158 s2n(j, p);
1159 i2d_X509_NAME(name, &p);
1160 n += 2 + j;
1161 nl += 2 + j;
1162 }
1163 }
1164 /* else no CA names */
1165 p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
1166 s2n(nl, p);
1167
1168 d = (unsigned char *)buf->data;
1169 *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
1170 l2n3(n, d);
1171 s2n(s->d1->handshake_write_seq, d);
1172 s->d1->handshake_write_seq++;
1173
1174 /* we should now have things packed up, so lets send
1175 * it off */
1176
1177 s->init_num = n + DTLS1_HM_HEADER_LENGTH;
1178 s->init_off = 0;
1179
1180 /* XDTLS: set message header ? */
1181 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1182 dtls1_set_message_header(s, (void *)s->init_buf->data,
1183 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
1184
1185 /* buffer the message to handle re-xmits */
1186 dtls1_buffer_message(s, 0);
1187
1188 s->state = SSL3_ST_SW_CERT_REQ_B;
1189 }
1190
1191 /* SSL3_ST_SW_CERT_REQ_B */
1192 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1193err:
1194 return (-1);
1195}
1196
1197int
1198dtls1_send_server_certificate(SSL *s)
1199{
1200 unsigned long l;
1201 X509 *x;
1202
1203 if (s->state == SSL3_ST_SW_CERT_A) {
1204 x = ssl_get_server_send_cert(s);
1205 if (x == NULL) {
1206 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,
1207 ERR_R_INTERNAL_ERROR);
1208 return (0);
1209 }
1210
1211 l = dtls1_output_cert_chain(s, x);
1212 s->state = SSL3_ST_SW_CERT_B;
1213 s->init_num = (int)l;
1214 s->init_off = 0;
1215
1216 /* buffer the message to handle re-xmits */
1217 dtls1_buffer_message(s, 0);
1218 }
1219
1220 /* SSL3_ST_SW_CERT_B */
1221 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1222}
1223
1224int
1225dtls1_send_newsession_ticket(SSL *s)
1226{
1227 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
1228 unsigned char *p, *senc, *macstart;
1229 int len, slen;
1230 unsigned int hlen, msg_len;
1231 EVP_CIPHER_CTX ctx;
1232 HMAC_CTX hctx;
1233 SSL_CTX *tctx = s->initial_ctx;
1234 unsigned char iv[EVP_MAX_IV_LENGTH];
1235 unsigned char key_name[16];
1236
1237 /* get session encoding length */
1238 slen = i2d_SSL_SESSION(s->session, NULL);
1239 /* Some length values are 16 bits, so forget it if session is
1240 * too long
1241 */
1242 if (slen > 0xFF00)
1243 return -1;
1244 /* Grow buffer if need be: the length calculation is as
1245 * follows 12 (DTLS handshake message header) +
1246 * 4 (ticket lifetime hint) + 2 (ticket length) +
1247 * 16 (key name) + max_iv_len (iv length) +
1248 * session_length + max_enc_block_size (max encrypted session
1249 * length) + max_md_size (HMAC).
1250 */
1251 if (!BUF_MEM_grow(s->init_buf,
1252 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1253 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1254 return -1;
1255 senc = malloc(slen);
1256 if (!senc)
1257 return -1;
1258 p = senc;
1259 i2d_SSL_SESSION(s->session, &p);
1260
1261 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1262 EVP_CIPHER_CTX_init(&ctx);
1263 HMAC_CTX_init(&hctx);
1264 /* Initialize HMAC and cipher contexts. If callback present
1265 * it does all the work otherwise use generated values
1266 * from parent ctx.
1267 */
1268 if (tctx->tlsext_ticket_key_cb) {
1269 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1270 &hctx, 1) < 0) {
1271 free(senc);
1272 EVP_CIPHER_CTX_cleanup(&ctx);
1273 return -1;
1274 }
1275 } else {
1276 arc4random_buf(iv, 16);
1277 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1278 tctx->tlsext_tick_aes_key, iv);
1279 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1280 tlsext_tick_md(), NULL);
1281 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1282 }
1283 l2n(s->session->tlsext_tick_lifetime_hint, p);
1284 /* Skip ticket length for now */
1285 p += 2;
1286 /* Output key name */
1287 macstart = p;
1288 memcpy(p, key_name, 16);
1289 p += 16;
1290 /* output IV */
1291 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
1292 p += EVP_CIPHER_CTX_iv_length(&ctx);
1293 /* Encrypt session data */
1294 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
1295 p += len;
1296 EVP_EncryptFinal(&ctx, p, &len);
1297 p += len;
1298 EVP_CIPHER_CTX_cleanup(&ctx);
1299
1300 HMAC_Update(&hctx, macstart, p - macstart);
1301 HMAC_Final(&hctx, p, &hlen);
1302 HMAC_CTX_cleanup(&hctx);
1303
1304 p += hlen;
1305 /* Now write out lengths: p points to end of data written */
1306 /* Total length */
1307 len = p - (unsigned char *)(s->init_buf->data);
1308 /* Ticket length */
1309 p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1310 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1311
1312 /* number of bytes to write */
1313 s->init_num = len;
1314 s->state = SSL3_ST_SW_SESSION_TICKET_B;
1315 s->init_off = 0;
1316 free(senc);
1317
1318 /* XDTLS: set message header ? */
1319 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1320 dtls1_set_message_header(s, (void *)s->init_buf->data,
1321 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1322
1323 /* buffer the message to handle re-xmits */
1324 dtls1_buffer_message(s, 0);
1325 }
1326
1327 /* SSL3_ST_SW_SESSION_TICKET_B */
1328 return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
1329}
diff --git a/src/lib/libssl/doc/BIO_f_ssl.3 b/src/lib/libssl/doc/BIO_f_ssl.3
deleted file mode 100644
index 876018a839..0000000000
--- a/src/lib/libssl/doc/BIO_f_ssl.3
+++ /dev/null
@@ -1,478 +0,0 @@
1.\"
2.\" $OpenBSD: BIO_f_ssl.3,v 1.3 2015/06/18 22:51:05 doug Exp $
3.\"
4.Dd $Mdocdate: June 18 2015 $
5.Dt BIO_F_SSL 3
6.Os
7.Sh NAME
8.Nm BIO_f_ssl ,
9.Nm BIO_set_ssl ,
10.Nm BIO_get_ssl ,
11.Nm BIO_set_ssl_mode ,
12.Nm BIO_set_ssl_renegotiate_bytes ,
13.Nm BIO_get_num_renegotiates ,
14.Nm BIO_set_ssl_renegotiate_timeout ,
15.Nm BIO_new_ssl ,
16.Nm BIO_new_ssl_connect ,
17.Nm BIO_new_buffer_ssl_connect ,
18.Nm BIO_ssl_copy_session_id ,
19.Nm BIO_ssl_shutdown
20.Nd SSL BIO
21.Sh SYNOPSIS
22.In openssl/bio.h
23.In openssl/ssl.h
24.Ft BIO_METHOD *
25.Fn BIO_f_ssl void
26.Fd #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
27.Fd #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
28.Fd #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
29.Fd #define BIO_set_ssl_renegotiate_bytes(b,num) \
30BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
31.Fd #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
32BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
33.Fd #define BIO_get_num_renegotiates(b) \
34BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL)
35.Ft BIO *
36.Fn BIO_new_ssl "SSL_CTX *ctx" "int client"
37.Ft BIO *
38.Fn BIO_new_ssl_connect "SSL_CTX *ctx"
39.Ft BIO *
40.Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx"
41.Ft int
42.Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from"
43.Ft void
44.Fn BIO_ssl_shutdown "BIO *bio"
45.Fd #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
46.Sh DESCRIPTION
47.Fn BIO_f_ssl
48returns the
49.Vt SSL
50.Vt BIO
51method.
52This is a filter
53.Vt BIO
54which is a wrapper around the OpenSSL
55.Vt SSL
56routines adding a
57.Vt BIO
58.Dq flavor
59to SSL I/O.
60.Pp
61I/O performed on an
62.Vt SSL
63.Vt BIO
64communicates using the SSL protocol with
65the
66.Vt SSL Ns 's
67read and write
68.Vt BIO Ns s.
69If an SSL connection is not established then an attempt is made to establish
70one on the first I/O call.
71.Pp
72If a
73.Vt BIO
74is appended to an
75.Vt SSL
76.Vt BIO
77using
78.Xr BIO_push 3
79it is automatically used as the
80.Vt SSL
81.Vt BIO Ns 's read and write
82.Vt BIO Ns s.
83.Pp
84Calling
85.Xr BIO_reset 3
86on an
87.Vt SSL
88.Vt BIO
89closes down any current SSL connection by calling
90.Xr SSL_shutdown 3 .
91.Xr BIO_reset
92is then sent to the next
93.Vt BIO
94in the chain; this will typically disconnect the underlying transport.
95The
96.Vt SSL
97.Vt BIO
98is then reset to the initial accept or connect state.
99.Pp
100If the close flag is set when an
101.Vt SSL
102.Vt BIO
103is freed then the internal
104.Vt SSL
105structure is also freed using
106.Xr SSL_free 3 .
107.Pp
108.Fn BIO_set_ssl
109sets the internal
110.Vt SSL
111pointer of
112.Vt BIO
113.Fa b
114to
115.Fa ssl
116using
117the close flag
118.Fa c .
119.Pp
120.Fn BIO_get_ssl
121retrieves the
122.Vt SSL
123pointer of
124.Vt BIO
125.Fa b ;
126it can then be manipulated using the standard SSL library functions.
127.Pp
128.Fn BIO_set_ssl_mode
129sets the
130.Vt SSL
131.Vt BIO
132mode to
133.Fa client .
134If
135.Fa client
136is 1, client mode is set.
137If
138.Fa client
139is 0, server mode is set.
140.Pp
141.Fn BIO_set_ssl_renegotiate_bytes
142sets the renegotiate byte count to
143.Fa num .
144When set after every
145.Fa num
146bytes of I/O (read and write) the SSL session is automatically renegotiated.
147.Fa num
148must be at least 512 bytes.
149.Pp
150.Fn BIO_set_ssl_renegotiate_timeout
151sets the renegotiate timeout to
152.Fa seconds .
153When the renegotiate timeout elapses the session is automatically renegotiated.
154.Pp
155.Fn BIO_get_num_renegotiates
156returns the total number of session renegotiations due to I/O or timeout.
157.Pp
158.Fn BIO_new_ssl
159allocates an
160.Vt SSL
161.Vt BIO
162using
163.Vt SSL_CTX
164.Va ctx
165and using client mode if
166.Fa client
167is nonzero.
168.Pp
169.Fn BIO_new_ssl_connect
170creates a new
171.Vt BIO
172chain consisting of an
173.Vt SSL
174.Vt BIO
175(using
176.Fa ctx )
177followed by a connect BIO.
178.Pp
179.Fn BIO_new_buffer_ssl_connect
180creates a new
181.Vt BIO
182chain consisting of a buffering
183.Vt BIO ,
184an
185.Vt SSL
186.Vt BIO
187(using
188.Fa ctx )
189and a connect
190.Vt BIO .
191.Pp
192.Fn BIO_ssl_copy_session_id
193copies an SSL session id between
194.Vt BIO
195chains
196.Fa from
197and
198.Fa to .
199It does this by locating the
200.Vt SSL
201.Vt BIO Ns s
202in each chain and calling
203.Xr SSL_copy_session_id 3
204on the internal
205.Vt SSL
206pointer.
207.Pp
208.Fn BIO_ssl_shutdown
209closes down an SSL connection on
210.Vt BIO
211chain
212.Fa bio .
213It does this by locating the
214.Vt SSL
215.Vt BIO
216in the
217chain and calling
218.Xr SSL_shutdown 3
219on its internal
220.Vt SSL
221pointer.
222.Pp
223.Fn BIO_do_handshake
224attempts to complete an SSL handshake on the supplied
225.Vt BIO
226and establish the SSL connection.
227It returns 1 if the connection was established successfully.
228A zero or negative value is returned if the connection could not be
229established; the call
230.Xr BIO_should_retry 3
231should be used for non blocking connect
232.Vt BIO Ns s
233to determine if the call should be retried.
234If an SSL connection has already been established this call has no effect.
235.Sh NOTES
236.Vt SSL
237.Vt BIO Ns s
238are exceptional in that if the underlying transport is non-blocking they can
239still request a retry in exceptional circumstances.
240Specifically this will happen if a session renegotiation takes place during a
241.Xr BIO_read 3
242operation.
243One case where this happens is when step up occurs.
244.Pp
245In OpenSSL 0.9.6 and later the SSL flag
246.Dv SSL_AUTO_RETRY
247can be set to disable this behaviour.
248In other words, when this flag is set an
249.Vt SSL
250.Vt BIO
251using a blocking transport will never request a retry.
252.Pp
253Since unknown
254.Xr BIO_ctrl 3
255operations are sent through filter
256.Vt BIO Ns s
257the server name and port can be set using
258.Xr BIO_set_host 3
259on the
260.Vt BIO
261returned by
262.Fn BIO_new_ssl_connect
263without having to locate the connect
264.Vt BIO
265first.
266.Pp
267Applications do not have to call
268.Fn BIO_do_handshake
269but may wish to do so to separate the handshake process from other I/O
270processing.
271.Sh RETURN VALUES
272.\" XXX
273This section is incomplete.
274.Sh EXAMPLES
275This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web
276server.
277The I/O routines are identical to those of the unencrypted example in
278.Xr BIO_s_connect 3 .
279.Bd -literal
280BIO *sbio, *out;
281int len;
282char tmpbuf[1024];
283SSL_CTX *ctx;
284SSL *ssl;
285
286ERR_load_crypto_strings();
287ERR_load_SSL_strings();
288OpenSSL_add_all_algorithms();
289
290/*
291 * We would seed the PRNG here if the platform didn't do it automatically
292 */
293
294ctx = SSL_CTX_new(SSLv23_client_method());
295
296/*
297 * We'd normally set some stuff like the verify paths and mode here because
298 * as things stand this will connect to any server whose certificate is
299 * signed by any CA.
300 */
301
302sbio = BIO_new_ssl_connect(ctx);
303
304BIO_get_ssl(sbio, &ssl);
305
306if (!ssl) {
307 fprintf(stderr, "Can't locate SSL pointer\en");
308 /* whatever ... */
309}
310
311/* Don't want any retries */
312SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
313
314/* We might want to do other things with ssl here */
315
316BIO_set_conn_hostname(sbio, "localhost:https");
317
318out = BIO_new_fp(stdout, BIO_NOCLOSE);
319if (BIO_do_connect(sbio) <= 0) {
320 fprintf(stderr, "Error connecting to server\en");
321 ERR_print_errors_fp(stderr);
322 /* whatever ... */
323}
324
325if (BIO_do_handshake(sbio) <= 0) {
326 fprintf(stderr, "Error establishing SSL connection\en");
327 ERR_print_errors_fp(stderr);
328 /* whatever ... */
329}
330
331/* Could examine ssl here to get connection info */
332
333BIO_puts(sbio, "GET / HTTP/1.0\en\en");
334for (;;) {
335 len = BIO_read(sbio, tmpbuf, 1024);
336 if(len <= 0) break;
337 BIO_write(out, tmpbuf, len);
338}
339BIO_free_all(sbio);
340BIO_free(out);
341.Ed
342.Pp
343Here is a simple server example.
344It makes use of a buffering
345.Vt BIO
346to allow lines to be read from the
347.Vt SSL
348.Vt BIO
349using
350.Xr BIO_gets 3 .
351It creates a pseudo web page containing the actual request from a client and
352also echoes the request to standard output.
353.Bd -literal
354BIO *sbio, *bbio, *acpt, *out;
355int len;
356char tmpbuf[1024];
357SSL_CTX *ctx;
358SSL *ssl;
359
360ERR_load_crypto_strings();
361ERR_load_SSL_strings();
362OpenSSL_add_all_algorithms();
363
364/* Might seed PRNG here */
365
366ctx = SSL_CTX_new(SSLv23_server_method());
367
368if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
369 || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
370 || !SSL_CTX_check_private_key(ctx)) {
371 fprintf(stderr, "Error setting up SSL_CTX\en");
372 ERR_print_errors_fp(stderr);
373 return 0;
374}
375
376/*
377 * Might do other things here like setting verify locations and DH and/or
378 * RSA temporary key callbacks
379 */
380
381/* New SSL BIO setup as server */
382sbio = BIO_new_ssl(ctx,0);
383
384BIO_get_ssl(sbio, &ssl);
385
386if (!ssl) {
387 fprintf(stderr, "Can't locate SSL pointer\en");
388 /* whatever ... */
389}
390
391/* Don't want any retries */
392SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
393
394/* Create the buffering BIO */
395
396bbio = BIO_new(BIO_f_buffer());
397
398/* Add to chain */
399sbio = BIO_push(bbio, sbio);
400
401acpt = BIO_new_accept("4433");
402
403/*
404 * By doing this when a new connection is established we automatically
405 * have sbio inserted into it. The BIO chain is now 'swallowed' by the
406 * accept BIO and will be freed when the accept BIO is freed.
407 */
408
409BIO_set_accept_bios(acpt,sbio);
410
411out = BIO_new_fp(stdout, BIO_NOCLOSE);
412
413/* Setup accept BIO */
414if (BIO_do_accept(acpt) <= 0) {
415 fprintf(stderr, "Error setting up accept BIO\en");
416 ERR_print_errors_fp(stderr);
417 return 0;
418}
419
420/* Now wait for incoming connection */
421if (BIO_do_accept(acpt) <= 0) {
422 fprintf(stderr, "Error in connection\en");
423 ERR_print_errors_fp(stderr);
424 return 0;
425}
426
427/* We only want one connection so remove and free accept BIO */
428
429sbio = BIO_pop(acpt);
430
431BIO_free_all(acpt);
432
433if (BIO_do_handshake(sbio) <= 0) {
434 fprintf(stderr, "Error in SSL handshake\en");
435 ERR_print_errors_fp(stderr);
436 return 0;
437}
438
439BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en");
440BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en");
441BIO_puts(sbio, "--------------------------------------------------\er\en");
442
443for (;;) {
444 len = BIO_gets(sbio, tmpbuf, 1024);
445 if (len <= 0)
446 break;
447 BIO_write(sbio, tmpbuf, len);
448 BIO_write(out, tmpbuf, len);
449 /* Look for blank line signifying end of headers */
450 if ((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en'))
451 break;
452}
453
454BIO_puts(sbio, "--------------------------------------------------\er\en");
455BIO_puts(sbio, "\er\en");
456
457/* Since there is a buffering BIO present we had better flush it */
458BIO_flush(sbio);
459
460BIO_free_all(sbio);
461.Ed
462.Sh BUGS
463In OpenSSL versions before 1.0.0 the
464.Xr BIO_pop 3
465call was handled incorrectly:
466the I/O BIO reference count was incorrectly incremented (instead of
467decremented) and dissociated with the
468.Vt SSL
469.Vt BIO
470even if the
471.Vt SSL
472.Vt BIO
473was not
474explicitly being popped (e.g., a pop higher up the chain).
475Applications which included workarounds for this bug (e.g., freeing BIOs more
476than once) should be modified to handle this fix or they may free up an already
477freed
478.Vt BIO .
diff --git a/src/lib/libssl/doc/SSL_CIPHER_get_name.3 b/src/lib/libssl/doc/SSL_CIPHER_get_name.3
deleted file mode 100644
index ebc478f9c6..0000000000
--- a/src/lib/libssl/doc/SSL_CIPHER_get_name.3
+++ /dev/null
@@ -1,196 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CIPHER_GET_NAME 3
6.Os
7.Sh NAME
8.Nm SSL_CIPHER_get_name ,
9.Nm SSL_CIPHER_get_bits ,
10.Nm SSL_CIPHER_get_version ,
11.Nm SSL_CIPHER_description
12.Nd get SSL_CIPHER properties
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft const char *
16.Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher"
17.Ft int
18.Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits"
19.Ft char *
20.Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher"
21.Ft char *
22.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size"
23.Sh DESCRIPTION
24.Fn SSL_CIPHER_get_name
25returns a pointer to the name of
26.Fa cipher .
27If the
28argument is the
29.Dv NULL
30pointer, a pointer to the constant value
31.Qq NONE
32is returned.
33.Pp
34.Fn SSL_CIPHER_get_bits
35returns the number of secret bits used for
36.Fa cipher .
37If
38.Fa alg_bits
39is not
40.Dv NULL ,
41it contains the number of bits processed by the
42chosen algorithm.
43If
44.Fa cipher
45is
46.Dv NULL ,
470 is returned.
48.Pp
49.Fn SSL_CIPHER_get_version
50returns a string which indicates the SSL/TLS protocol version that first
51defined the cipher.
52This is currently
53.Qq SSLv2
54or
55.Qq TLSv1/SSLv3 .
56In some cases it should possibly return
57.Qq TLSv1.2
58but the function does not; use
59.Xr SSL_CIPHER_description 3
60instead.
61If
62.Fa cipher
63is
64.Dv NULL ,
65.Qq (NONE)
66is returned.
67.Pp
68.Fn SSL_CIPHER_description
69returns a textual description of the cipher used into the buffer
70.Fa buf
71of length
72.Fa len
73provided.
74If
75.Fa buf
76is
77.Dv NULL ,
78a buffer is allocated using
79.Xr asprintf 3 ;
80that buffer should be freed using the
81.Xr free 3
82function.
83If
84.Fa len
85is too small, or if
86.Fa buf
87is
88.Dv NULL
89and the allocation fails, a pointer to the string
90.Qq Buffer too small
91is returned.
92.Sh NOTES
93The number of bits processed can be different from the secret bits.
94For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits.
95The algorithm does use the full 128 bits (which would be returned for
96.Fa alg_bits ) ,
97but 88 bits are fixed.
98The search space is hence only 40 bits.
99.Pp
100The string returned by
101.Fn SSL_CIPHER_description
102in case of success consists
103of cleartext information separated by one or more blanks in the following
104sequence:
105.Bl -tag -width Ds
106.It Aq Ar ciphername
107Textual representation of the cipher name.
108.It Aq Ar protocol version
109Protocol version:
110.Em SSLv2 ,
111.Em SSLv3 ,
112.Em TLSv1.2 .
113The TLSv1.0 ciphers are flagged with SSLv3.
114No new ciphers were added by TLSv1.1.
115.It Kx= Ns Aq Ar key exchange
116Key exchange method:
117.Em RSA
118(for export ciphers as
119.Em RSA(512)
120or
121.Em RSA(1024) ) ,
122.Em DH
123(for export ciphers as
124.Em DH(512)
125or
126.Em DH(1024) ) ,
127.Em DH/RSA ,
128.Em DH/DSS ,
129.Em Fortezza .
130.It Au= Ns Aq Ar authentication
131Authentication method:
132.Em RSA ,
133.Em DSS ,
134.Em DH ,
135.Em None .
136.Em None
137is the representation of anonymous ciphers.
138.It Enc= Ns Aq Ar symmetric encryption method
139Encryption method with number of secret bits:
140.Em DES(40) ,
141.Em DES(56) ,
142.Em 3DES(168) ,
143.Em RC4(40) ,
144.Em RC4(56) ,
145.Em RC4(64) ,
146.Em RC4(128) ,
147.Em RC2(40) ,
148.Em RC2(56) ,
149.Em RC2(128) ,
150.Em IDEA(128) ,
151.Em Fortezza ,
152.Em None .
153.It Mac= Ns Aq Ar message authentication code
154Message digest:
155.Em MD5 ,
156.Em SHA1 .
157.It Aq Ar export flag
158If the cipher is flagged exportable with respect to old US crypto
159regulations, the word
160.Dq export
161is printed.
162.El
163.Sh RETURN VALUES
164See
165.Sx DESCRIPTION
166.Sh EXAMPLES
167Some examples for the output of
168.Fn SSL_CIPHER_description :
169.D1 "EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1"
170.D1 "EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1"
171.D1 "RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5"
172.D1 "EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export"
173.Pp
174A complete list can be retrieved by invoking the following command:
175.Pp
176.Dl $ openssl ciphers -v ALL
177.Sh SEE ALSO
178.Xr openssl 1 ,
179.Xr ssl 3 ,
180.Xr SSL_get_ciphers 3 ,
181.Xr SSL_get_current_cipher 3
182.Sh BUGS
183If
184.Fn SSL_CIPHER_description
185is called with
186.Fa cipher
187being
188.Dv NULL ,
189the library crashes.
190.Pp
191If
192.Fn SSL_CIPHER_description
193cannot handle a built-in cipher,
194the according description of the cipher property is
195.Qq unknown .
196This case should not occur.
diff --git a/src/lib/libssl/doc/SSL_COMP_add_compression_method.3 b/src/lib/libssl/doc/SSL_COMP_add_compression_method.3
deleted file mode 100644
index d683574dd3..0000000000
--- a/src/lib/libssl/doc/SSL_COMP_add_compression_method.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_COMP_ADD_COMPRESSION_METHOD 3
6.Os
7.Sh NAME
8.Nm SSL_COMP_add_compression_method
9.Nd handle SSL/TLS integrated compression methods
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_COMP_add_compression_method "int id" "COMP_METHOD *cm"
14.Sh DESCRIPTION
15.Fn SSL_COMP_add_compression_method
16adds the compression method
17.Fa cm
18with the identifier
19.Fa id
20to the list of available compression methods.
21This list is globally maintained for all SSL operations within this application.
22It cannot be set for specific SSL_CTX or SSL objects.
23.Sh NOTES
24The TLS standard (or SSLv3) allows the integration of compression methods
25into the communication.
26The TLS RFC does however not specify compression methods or their corresponding
27identifiers, so there is currently no compatible way to integrate compression
28with unknown peers.
29It is therefore currently not recommended to integrate compression into
30applications.
31Applications for non-public use may agree on certain compression methods.
32Using different compression methods with the same identifier will lead to
33connection failure.
34.Pp
35An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
36will unconditionally send the list of all compression methods enabled with
37.Fn SSL_COMP_add_compression_method
38to the server during the handshake.
39Unlike the mechanisms to set a cipher list, there is no method available to
40restrict the list of compression method on a per connection basis.
41.Pp
42An OpenSSL server will match the identifiers listed by a client against
43its own compression methods and will unconditionally activate compression
44when a matching identifier is found.
45There is no way to restrict the list of compression methods supported on a per
46connection basis.
47.Pp
48The OpenSSL library has the compression methods
49.Fn COMP_rle
50and (when especially enabled during compilation)
51.Fn COMP_zlib
52available.
53.Sh WARNINGS
54Once the identities of the compression methods for the TLS protocol have
55been standardized, the compression API will most likely be changed.
56Using it in the current state is not recommended.
57.Sh RETURN VALUES
58.Fn SSL_COMP_add_compression_method
59may return the following values:
60.Bl -tag -width Ds
61.It 0
62The operation succeeded.
63.It 1
64The operation failed.
65Check the error queue to find out the reason.
66.El
67.Sh SEE ALSO
68.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3
deleted file mode 100644
index c18d220643..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3
+++ /dev/null
@@ -1,45 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_add_extra_chain_cert
9.Nd add certificate to chain
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft long
13.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX ctx" "X509 *x509"
14.Sh DESCRIPTION
15.Fn SSL_CTX_add_extra_chain_cert
16adds the certificate
17.Fa x509
18to the certificate chain presented together with the certificate.
19Several certificates can be added one after the other.
20.Sh NOTES
21When constructing the certificate chain, the chain will be formed from
22these certificates explicitly specified.
23If no chain is specified, the library will try to complete the chain from the
24available CA certificates in the trusted CA storage, see
25.Xr SSL_CTX_load_verify_locations 3 .
26.Pp
27The x509 certificate provided to
28.Fn SSL_CTX_add_extra_chain_cert
29will be freed by the library when the
30.Vt SSL_CTX
31is destroyed.
32An application
33.Em should not
34free the
35.Fa x509
36object.
37.Sh RETURN VALUES
38.Fn SSL_CTX_add_extra_chain_cert
39returns 1 on success.
40Check out the error stack to find out the reason for failure otherwise.
41.Sh SEE ALSO
42.Xr ssl 3 ,
43.Xr SSL_CTX_load_verify_locations 3 ,
44.Xr SSL_CTX_set_client_cert_cb 3 ,
45.Xr SSL_CTX_use_certificate 3
diff --git a/src/lib/libssl/doc/SSL_CTX_add_session.3 b/src/lib/libssl/doc/SSL_CTX_add_session.3
deleted file mode 100644
index 073b919dc1..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_add_session.3
+++ /dev/null
@@ -1,90 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_add_session.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_ADD_SESSION 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_add_session ,
9.Nm SSL_add_session ,
10.Nm SSL_CTX_remove_session ,
11.Nm SSL_remove_session
12.Nd manipulate session cache
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft int
16.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
17.Ft int
18.Fn SSL_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
19.Ft int
20.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
21.Ft int
22.Fn SSL_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
23.Sh DESCRIPTION
24.Fn SSL_CTX_add_session
25adds the session
26.Fa c
27to the context
28.Fa ctx .
29The reference count for session
30.Fa c
31is incremented by 1.
32If a session with the same session id already exists,
33the old session is removed by calling
34.Xr SSL_SESSION_free 3 .
35.Pp
36.Fn SSL_CTX_remove_session
37removes the session
38.Fa c
39from the context
40.Fa ctx .
41.Xr SSL_SESSION_free 3
42is called once for
43.Fa c .
44.Pp
45.Fn SSL_add_session
46and
47.Fn SSL_remove_session
48are synonyms for their
49.Fn SSL_CTX_*
50counterparts.
51.Sh NOTES
52When adding a new session to the internal session cache, it is examined
53whether a session with the same session id already exists.
54In this case it is assumed that both sessions are identical.
55If the same session is stored in a different
56.Vt SSL_SESSION
57object, the old session is removed and replaced by the new session.
58If the session is actually identical (the
59.Vt SSL_SESSION
60object is identical),
61.Fn SSL_CTX_add_session
62is a no-op, and the return value is 0.
63.Pp
64If a server
65.Vt SSL_CTX
66is configured with the
67.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
68flag then the internal cache will not be populated automatically by new
69sessions negotiated by the SSL/TLS implementation, even though the internal
70cache will be searched automatically for session-resume requests (the
71latter can be suppressed by
72.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ) .
73So the application can use
74.Fn SSL_CTX_add_session
75directly to have full control over the sessions that can be resumed if desired.
76.Sh RETURN VALUES
77The following values are returned by all functions:
78.Bl -tag -width Ds
79.It 0
80The operation failed.
81In case of the add operation, it was tried to add the same (identical) session
82twice.
83In case of the remove operation, the session was not found in the cache.
84.It 1
85The operation succeeded.
86.El
87.Sh SEE ALSO
88.Xr ssl 3 ,
89.Xr SSL_CTX_set_session_cache_mode 3 ,
90.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/SSL_CTX_ctrl.3 b/src/lib/libssl/doc/SSL_CTX_ctrl.3
deleted file mode 100644
index a016845585..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_ctrl.3
+++ /dev/null
@@ -1,49 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_ctrl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_CTRL 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_ctrl ,
9.Nm SSL_CTX_callback_ctrl ,
10.Nm SSL_ctrl ,
11.Nm SSL_callback_ctrl
12.Nd internal handling functions for SSL_CTX and SSL objects
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft long
16.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "void *parg"
17.Ft long
18.Fn SSL_CTX_callback_ctrl "SSL_CTX *" "int cmd" "void (*fp)()"
19.Ft long
20.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "void *parg"
21.Ft long
22.Fn SSL_callback_ctrl "SSL *" "int cmd" "void (*fp)()"
23.Sh DESCRIPTION
24The
25.Fn SSL_*_ctrl
26family of functions is used to manipulate settings of
27the
28.Vt SSL_CTX
29and
30.Vt SSL
31objects.
32Depending on the command
33.Fa cmd
34the arguments
35.Fa larg ,
36.Fa parg ,
37or
38.Fa fp
39are evaluated.
40These functions should never be called directly.
41All functionalities needed are made available via other functions or macros.
42.Sh RETURN VALUES
43The return values of the
44.Fn SSL*_ctrl
45functions depend on the command supplied via the
46.Fn cmd
47parameter.
48.Sh SEE ALSO
49.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_flush_sessions.3 b/src/lib/libssl/doc/SSL_CTX_flush_sessions.3
deleted file mode 100644
index 9d3c52cdd5..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_flush_sessions.3
+++ /dev/null
@@ -1,57 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_flush_sessions.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_FLUSH_SESSIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_flush_sessions ,
9.Nm SSL_flush_sessions
10.Nd remove expired sessions
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_CTX_flush_sessions "SSL_CTX *ctx" "long tm"
15.Ft void
16.Fn SSL_flush_sessions "SSL_CTX *ctx" "long tm"
17.Sh DESCRIPTION
18.Fn SSL_CTX_flush_sessions
19causes a run through the session cache of
20.Fa ctx
21to remove sessions expired at time
22.Fa tm .
23.Pp
24.Fn SSL_flush_sessions
25is a synonym for
26.Fn SSL_CTX_flush_sessions .
27.Sh NOTES
28If enabled, the internal session cache will collect all sessions established
29up to the specified maximum number (see
30.Fn SSL_CTX_sess_set_cache_size ) .
31As sessions will not be reused ones they are expired, they should be
32removed from the cache to save resources.
33This can either be done automatically whenever 255 new sessions were
34established (see
35.Xr SSL_CTX_set_session_cache_mode 3 )
36or manually by calling
37.Fn SSL_CTX_flush_sessions .
38.Pp
39The parameter
40.Fa tm
41specifies the time which should be used for the
42expiration test, in most cases the actual time given by
43.Fn time 0
44will be used.
45.Pp
46.Fn SSL_CTX_flush_sessions
47will only check sessions stored in the internal cache.
48When a session is found and removed, the
49.Va remove_session_cb
50is however called to synchronize with the external cache (see
51.Xr SSL_CTX_sess_set_get_cb 3 ) .
52.Sh RETURN VALUES
53.Sh SEE ALSO
54.Xr ssl 3 ,
55.Xr SSL_CTX_sess_set_get_cb 3 ,
56.Xr SSL_CTX_set_session_cache_mode 3 ,
57.Xr SSL_CTX_set_timeout 3
diff --git a/src/lib/libssl/doc/SSL_CTX_free.3 b/src/lib/libssl/doc/SSL_CTX_free.3
deleted file mode 100644
index 0b2f7a8247..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_free.3
+++ /dev/null
@@ -1,48 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_FREE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_free
9.Nd free an allocated SSL_CTX object
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_CTX_free "SSL_CTX *ctx"
14.Sh DESCRIPTION
15.Fn SSL_CTX_free
16decrements the reference count of
17.Fa ctx ,
18and removes the
19.Vt SSL_CTX
20object pointed to by
21.Fa ctx
22and frees up the allocated memory if the reference count has reached 0.
23.Pp
24It also calls the
25.Xr free 3 Ns ing
26procedures for indirectly affected items, if applicable:
27the session cache, the list of ciphers, the list of Client CAs,
28the certificates and keys.
29.Sh WARNINGS
30If a session-remove callback is set
31.Pq Xr SSL_CTX_sess_set_remove_cb 3 ,
32this callback will be called for each session being freed from
33.Fa ctx Ns 's
34session cache.
35This implies that all corresponding sessions from an external session cache are
36removed as well.
37If this is not desired, the user should explicitly unset the callback by
38calling
39.Fn SSL_CTX_sess_set_remove_cb ctx NULL
40prior to calling
41.Fn SSL_CTX_free .
42.Sh RETURN VALUES
43.Fn SSL_CTX_free
44does not provide diagnostic information.
45.Sh SEE ALSO
46.Xr ssl 3 ,
47.Xr SSL_CTX_new 3 ,
48.Xr SSL_CTX_sess_set_get_cb 3
diff --git a/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3
deleted file mode 100644
index 72bbb608fa..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3
+++ /dev/null
@@ -1,70 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_GET_EX_NEW_INDEX 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_get_ex_new_index ,
9.Nm SSL_CTX_set_ex_data ,
10.Nm SSL_CTX_get_ex_data
11.Nd internal application specific data functions
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fo SSL_CTX_get_ex_new_index
16.Fa long argl
17.Fa void *argp
18.Fa CRYPTO_EX_new *new_func
19.Fa CRYPTO_EX_dup *dup_func
20.Fa CRYPTO_EX_free *free_func
21.Fc
22.Ft int
23.Fn SSL_CTX_set_ex_data "SSL_CTX *ctx" "int idx" "void *arg"
24.Ft void *
25.Fn SSL_CTX_get_ex_data "const SSL_CTX *ctx" "int idx"
26.Bd -literal
27 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
28 int idx, long argl, void *argp);
29 typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
30 int idx, long argl, void *argp);
31 typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
32 int idx, long argl, void *argp);
33.Ed
34.Sh DESCRIPTION
35Several OpenSSL structures can have application specific data attached to them.
36These functions are used internally by OpenSSL to manipulate application
37specific data attached to a specific structure.
38.Pp
39.Fn SSL_CTX_get_ex_new_index
40is used to register a new index for application specific data.
41.Pp
42.Fn SSL_CTX_set_ex_data
43is used to store application data at
44.Fa arg
45for
46.Fa idx
47into the
48.Fa ctx
49object.
50.Pp
51.Fn SSL_CTX_get_ex_data
52is used to retrieve the information for
53.Fa idx
54from
55.Fa ctx .
56.Pp
57A detailed description for the
58.Fn *_get_ex_new_index
59functionality can be found in
60.Xr RSA_get_ex_new_index 3 .
61The
62.Fn *_get_ex_data
63and
64.Fn *_set_ex_data
65functionality is described in
66.Xr CRYPTO_set_ex_data 3 .
67.Sh SEE ALSO
68.Xr CRYPTO_set_ex_data 3 ,
69.Xr RSA_get_ex_new_index 3 ,
70.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3 b/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3
deleted file mode 100644
index 12e21db6a3..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3
+++ /dev/null
@@ -1,73 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_get_verify_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_GET_VERIFY_MODE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_get_verify_mode ,
9.Nm SSL_get_verify_mode ,
10.Nm SSL_CTX_get_verify_depth ,
11.Nm SSL_get_verify_depth ,
12.Nm SSL_get_verify_callback ,
13.Nm SSL_CTX_get_verify_callback
14.Nd get currently set verification parameters
15.Sh SYNOPSIS
16.In openssl/ssl.h
17.Ft int
18.Fn SSL_CTX_get_verify_mode "const SSL_CTX *ctx"
19.Ft int
20.Fn SSL_get_verify_mode "const SSL *ssl"
21.Ft int
22.Fn SSL_CTX_get_verify_depth "const SSL_CTX *ctx"
23.Ft int
24.Fn SSL_get_verify_depth "const SSL *ssl"
25.Ft int
26.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
27.Fa int "X509_STORE_CTX *"
28.Fc
29.Ft int
30.Fo "(*SSL_get_verify_callback(const SSL *ssl))"
31.Fa int "X509_STORE_CTX *"
32.Fc
33.Sh DESCRIPTION
34.Fn SSL_CTX_get_verify_mode
35returns the verification mode currently set in
36.Fa ctx .
37.Pp
38.Fn SSL_get_verify_mode
39returns the verification mode currently set in
40.Fa ssl .
41.Pp
42.Fn SSL_CTX_get_verify_depth
43returns the verification depth limit currently set
44in
45.Fa ctx .
46If no limit has been explicitly set,
47\(mi1 is returned and the default value will be used.
48.Pp
49.Fn SSL_get_verify_depth
50returns the verification depth limit currently set in
51.Fa ssl .
52If no limit has been explicitly set,
53\(mi1 is returned and the default value will be used.
54.Pp
55.Fn SSL_CTX_get_verify_callback
56returns a function pointer to the verification callback currently set in
57.Fa ctx .
58If no callback was explicitly set, the
59.Dv NULL
60pointer is returned and the default callback will be used.
61.Pp
62.Fn SSL_get_verify_callback
63returns a function pointer to the verification callback currently set in
64.Fa ssl .
65If no callback was explicitly set, the
66.Dv NULL
67pointer is returned and the default callback will be used.
68.Sh RETURN VALUES
69See
70.Sx DESCRIPTION
71.Sh SEE ALSO
72.Xr ssl 3 ,
73.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3 b/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3
deleted file mode 100644
index 09884db5da..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3
+++ /dev/null
@@ -1,161 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_load_verify_locations.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_load_verify_locations
9.Nd set default locations for trusted CA certificates
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fo SSL_CTX_load_verify_locations
14.Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath"
15.Fc
16.Sh DESCRIPTION
17.Fn SSL_CTX_load_verify_locations
18specifies the locations for
19.Fa ctx ,
20at which CA certificates for verification purposes are located.
21The certificates available via
22.Fa CAfile
23and
24.Fa CApath
25are trusted.
26.Sh NOTES
27If
28.Fa CAfile
29is not
30.Dv NULL ,
31it points to a file of CA certificates in PEM format.
32The file can contain several CA certificates identified by sequences of:
33.Bd -literal
34 -----BEGIN CERTIFICATE-----
35 ... (CA certificate in base64 encoding) ...
36 -----END CERTIFICATE-----
37.Ed
38Before, between, and after the certificates arbitrary text is allowed which can
39be used, e.g., for descriptions of the certificates.
40.Pp
41The
42.Fa CAfile
43is processed on execution of the
44.Fn SSL_CTX_load_verify_locations
45function.
46.Pp
47If
48.Fa CApath
49is not NULL, it points to a directory containing CA certificates in PEM format.
50The files each contain one CA certificate.
51The files are looked up by the CA subject name hash value,
52which must hence be available.
53If more than one CA certificate with the same name hash value exist,
54the extension must be different (e.g.,
55.Pa 9d66eef0.0 ,
56.Pa 9d66eef0.1 ,
57etc.).
58The search is performed in the ordering of the extension number,
59regardless of other properties of the certificates.
60.Pp
61The certificates in
62.Fa CApath
63are only looked up when required, e.g., when building the certificate chain or
64when actually performing the verification of a peer certificate.
65.Pp
66When looking up CA certificates, the OpenSSL library will first search the
67certificates in
68.Fa CAfile ,
69then those in
70.Fa CApath .
71Certificate matching is done based on the subject name, the key identifier (if
72present), and the serial number as taken from the certificate to be verified.
73If these data do not match, the next certificate will be tried.
74If a first certificate matching the parameters is found,
75the verification process will be performed;
76no other certificates for the same parameters will be searched in case of
77failure.
78.Pp
79In server mode, when requesting a client certificate, the server must send
80the list of CAs of which it will accept client certificates.
81This list is not influenced by the contents of
82.Fa CAfile
83or
84.Fa CApath
85and must explicitly be set using the
86.Xr SSL_CTX_set_client_CA_list 3
87family of functions.
88.Pp
89When building its own certificate chain, an OpenSSL client/server will try to
90fill in missing certificates from
91.Fa CAfile Ns / Fa CApath ,
92if the
93certificate chain was not explicitly specified (see
94.Xr SSL_CTX_add_extra_chain_cert 3
95and
96.Xr SSL_CTX_use_certificate 3 ) .
97.Sh WARNINGS
98If several CA certificates matching the name, key identifier, and serial
99number condition are available, only the first one will be examined.
100This may lead to unexpected results if the same CA certificate is available
101with different expiration dates.
102If a
103.Dq certificate expired
104verification error occurs, no other certificate will be searched.
105Make sure to not have expired certificates mixed with valid ones.
106.Sh RETURN VALUES
107The following return values can occur:
108.Bl -tag -width Ds
109.It 0
110The operation failed because
111.Fa CAfile
112and
113.Fa CApath
114are
115.Dv NULL
116or the processing at one of the locations specified failed.
117Check the error stack to find out the reason.
118.It 1
119The operation succeeded.
120.El
121.Sh EXAMPLES
122Generate a CA certificate file with descriptive text from the CA certificates
123.Pa ca1.pem
124.Pa ca2.pem
125.Pa ca3.pem :
126.Bd -literal
127#!/bin/sh
128rm CAfile.pem
129for i in ca1.pem ca2.pem ca3.pem; do
130 openssl x509 -in $i -text >> CAfile.pem
131done
132.Ed
133.Pp
134Prepare the directory /some/where/certs containing several CA certificates
135for use as
136.Fa CApath :
137.Bd -literal
138$ cd /some/where/certs
139$ rm -f *.[0-9]* *.r[0-9]*
140$ for c in *.pem; do
141> [ "$c" = "*.pem" ] && continue
142> hash=$(openssl x509 -noout -hash -in "$c")
143> if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then
144> suf=0
145> while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done
146> ln -s "$c" $hash.$suf
147> fi
148> if egrep -q -- '-BEGIN X509 CRL-' "$c"; then
149> suf=0
150> while [ -e $hash.r$suf ]; do suf=$(( $suf + 1 )); done
151> ln -s "$c" $hash.r$suf
152> fi
153> done
154.Ed
155.Sh SEE ALSO
156.Xr ssl 3 ,
157.Xr SSL_CTX_add_extra_chain_cert 3 ,
158.Xr SSL_CTX_set_cert_store 3 ,
159.Xr SSL_CTX_set_client_CA_list 3 ,
160.Xr SSL_CTX_use_certificate 3 ,
161.Xr SSL_get_client_CA_list 3
diff --git a/src/lib/libssl/doc/SSL_CTX_new.3 b/src/lib/libssl/doc/SSL_CTX_new.3
deleted file mode 100644
index d2c2b03452..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_new.3
+++ /dev/null
@@ -1,111 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_new.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_NEW 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_new ,
9.Nm SSLv3_method ,
10.Nm SSLv3_server_method ,
11.Nm SSLv3_client_method ,
12.Nm TLSv1_method ,
13.Nm TLSv1_server_method ,
14.Nm TLSv1_client_method ,
15.Nm TLSv1_1_method ,
16.Nm TLSv1_1_server_method ,
17.Nm TLSv1_1_client_method ,
18.Nm SSLv23_method ,
19.Nm SSLv23_server_method ,
20.Nm SSLv23_client_method
21.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions
22.Sh SYNOPSIS
23.In openssl/ssl.h
24.Ft SSL_CTX *
25.Fn SSL_CTX_new "const SSL_METHOD *method"
26.Sh DESCRIPTION
27.Fn SSL_CTX_new
28creates a new
29.Vt SSL_CTX
30object as framework to establish TLS/SSL enabled connections.
31.Sh NOTES
32The
33.Vt SSL_CTX
34object uses
35.Fa method
36as its connection method.
37The methods exist in a generic type (for client and server use),
38a server only type, and a client only type.
39.Fa method
40can be of the following types:
41.Bl -tag -width Ds
42.It Fn SSLv3_method void , Fn SSLv3_server_method void , \
43Fn SSLv3_client_method void
44A TLS/SSL connection established with these methods will only understand the
45SSLv3 protocol.
46A client will send out SSLv3 client hello messages and will indicate that it
47only understands SSLv3.
48A server will only understand SSLv3 client hello messages.
49Importantly, this means that it will not understand SSLv2 client hello messages
50which are widely used for compatibility reasons; see
51.Fn SSLv23_*_method .
52.It Fn TLSv1_method void , Fn TLSv1_server_method void , \
53Fn TLSv1_client_method void
54A TLS/SSL connection established with these methods will only understand the
55TLSv1 protocol.
56A client will send out TLSv1 client hello messages and will indicate that it
57only understands TLSv1.
58A server will only understand TLSv1 client hello messages.
59Importantly, this means that it will not understand SSLv2 client hello messages
60which are widely used for compatibility reasons; see
61.Fn SSLv23_*_method .
62It will also not understand SSLv3 client hello messages.
63.It Fn SSLv23_method void , Fn SSLv23_server_method void , \
64Fn SSLv23_client_method void
65A TLS/SSL connection established with these methods may understand the SSLv3,
66TLSv1, TLSv1.1 and TLSv1.2 protocols.
67.Pp
68A client will send out TLSv1 client hello messages including extensions and
69will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback
70to SSLv3.
71A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
72This is the best choice when compatibility is a concern.
73.El
74.Pp
75The list of protocols available can later be limited using the
76.Dv SSL_OP_NO_SSLv3 ,
77.Dv SSL_OP_NO_TLSv1 ,
78.Dv SSL_OP_NO_TLSv1_1 ,
79and
80.Dv SSL_OP_NO_TLSv1_2
81options of the
82.Fn SSL_CTX_set_options
83or
84.Fn SSL_set_options
85functions.
86Using these options it is possible to choose, for example,
87.Fn SSLv23_server_method
88and be able to negotiate with all possible clients,
89but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2.
90.Pp
91.Fn SSL_CTX_new
92initializes the list of ciphers, the session cache setting, the callbacks,
93the keys and certificates, and the options to its default values.
94.Sh RETURN VALUES
95The following return values can occur:
96.Bl -tag -width Ds
97.It Dv NULL
98The creation of a new
99.Vt SSL_CTX
100object failed.
101Check the error stack to find out the reason.
102.It Pointer to an SSL_CTX object
103The return value points to an allocated
104.Vt SSL_CTX
105object.
106.El
107.Sh SEE ALSO
108.Xr ssl 3 ,
109.Xr SSL_accept 3 ,
110.Xr SSL_CTX_free 3 ,
111.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_number.3 b/src/lib/libssl/doc/SSL_CTX_sess_number.3
deleted file mode 100644
index f3af4eab07..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sess_number.3
+++ /dev/null
@@ -1,104 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sess_number.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SESS_NUMBER 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sess_number ,
9.Nm SSL_CTX_sess_connect ,
10.Nm SSL_CTX_sess_connect_good ,
11.Nm SSL_CTX_sess_connect_renegotiate ,
12.Nm SSL_CTX_sess_accept ,
13.Nm SSL_CTX_sess_accept_good ,
14.Nm SSL_CTX_sess_accept_renegotiate ,
15.Nm SSL_CTX_sess_hits ,
16.Nm SSL_CTX_sess_cb_hits ,
17.Nm SSL_CTX_sess_misses ,
18.Nm SSL_CTX_sess_timeouts ,
19.Nm SSL_CTX_sess_cache_full
20.Nd obtain session cache statistics
21.Sh SYNOPSIS
22.In openssl/ssl.h
23.Ft long
24.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
25.Ft long
26.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
27.Ft long
28.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
29.Ft long
30.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
31.Ft long
32.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
33.Ft long
34.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
35.Ft long
36.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
37.Ft long
38.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
39.Ft long
40.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
41.Ft long
42.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
43.Ft long
44.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
45.Ft long
46.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
47.Sh DESCRIPTION
48.Fn SSL_CTX_sess_number
49returns the current number of sessions in the internal session cache.
50.Pp
51.Fn SSL_CTX_sess_connect
52returns the number of started SSL/TLS handshakes in client mode.
53.Pp
54.Fn SSL_CTX_sess_connect_good
55returns the number of successfully established SSL/TLS sessions in client mode.
56.Pp
57.Fn SSL_CTX_sess_connect_renegotiate
58returns the number of start renegotiations in client mode.
59.Pp
60.Fn SSL_CTX_sess_accept
61returns the number of started SSL/TLS handshakes in server mode.
62.Pp
63.Fn SSL_CTX_sess_accept_good
64returns the number of successfully established SSL/TLS sessions in server mode.
65.Pp
66.Fn SSL_CTX_sess_accept_renegotiate
67returns the number of start renegotiations in server mode.
68.Pp
69.Fn SSL_CTX_sess_hits
70returns the number of successfully reused sessions.
71In client mode a session set with
72.Xr SSL_set_session 3
73successfully reused is counted as a hit.
74In server mode a session successfully retrieved from internal or external cache
75is counted as a hit.
76.Pp
77.Fn SSL_CTX_sess_cb_hits
78returns the number of successfully retrieved sessions from the external session
79cache in server mode.
80.Pp
81.Fn SSL_CTX_sess_misses
82returns the number of sessions proposed by clients that were not found in the
83internal session cache in server mode.
84.Pp
85.Fn SSL_CTX_sess_timeouts
86returns the number of sessions proposed by clients and either found in the
87internal or external session cache in server mode,
88but that were invalid due to timeout.
89These sessions are not included in the
90.Fn SSL_CTX_sess_hits
91count.
92.Pp
93.Fn SSL_CTX_sess_cache_full
94returns the number of sessions that were removed because the maximum session
95cache size was exceeded.
96.Sh RETURN VALUES
97The functions return the values indicated in the
98.Sx DESCRIPTION
99section.
100.Sh SEE ALSO
101.Xr ssl 3 ,
102.Xr SSL_CTX_sess_set_cache_size 3 ,
103.Xr SSL_CTX_set_session_cache_mode 3 ,
104.Xr SSL_set_session 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3
deleted file mode 100644
index 89d02dd32b..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3
+++ /dev/null
@@ -1,55 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sess_set_cache_size.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SESS_SET_CACHE_SIZE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sess_set_cache_size ,
9.Nm SSL_CTX_sess_get_cache_size
10.Nd manipulate session cache size
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft long
14.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
15.Ft long
16.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_sess_set_cache_size
19sets the size of the internal session cache of context
20.Fa ctx
21to
22.Fa t .
23.Pp
24.Fn SSL_CTX_sess_get_cache_size
25returns the currently valid session cache size.
26.Sh NOTES
27The internal session cache size is
28.Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT ,
29currently 1024\(mu20, so that up to 20000 sessions can be held.
30This size can be modified using the
31.Fn SSL_CTX_sess_set_cache_size
32call.
33A special case is the size 0, which is used for unlimited size.
34.Pp
35When the maximum number of sessions is reached,
36no more new sessions are added to the cache.
37New space may be added by calling
38.Xr SSL_CTX_flush_sessions 3
39to remove expired sessions.
40.Pp
41If the size of the session cache is reduced and more sessions are already in
42the session cache,
43old session will be removed the next time a session shall be added.
44This removal is not synchronized with the expiration of sessions.
45.Sh RETURN VALUES
46.Fn SSL_CTX_sess_set_cache_size
47returns the previously valid size.
48.Pp
49.Fn SSL_CTX_sess_get_cache_size
50returns the currently valid size.
51.Sh SEE ALSO
52.Xr ssl 3 ,
53.Xr SSL_CTX_flush_sessions 3 ,
54.Xr SSL_CTX_sess_number 3 ,
55.Xr SSL_CTX_set_session_cache_mode 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3
deleted file mode 100644
index 7a372138c1..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3
+++ /dev/null
@@ -1,159 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SESS_SET_GET_CB 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sess_set_new_cb ,
9.Nm SSL_CTX_sess_set_remove_cb ,
10.Nm SSL_CTX_sess_set_get_cb ,
11.Nm SSL_CTX_sess_get_new_cb ,
12.Nm SSL_CTX_sess_get_remove_cb ,
13.Nm SSL_CTX_sess_get_get_cb
14.Nd provide callback functions for server side external session caching
15.Sh SYNOPSIS
16.In openssl/ssl.h
17.Ft void
18.Fo SSL_CTX_sess_set_new_cb
19.Fa "SSL_CTX *ctx"
20.Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)"
21.Fc
22.Ft void
23.Fo SSL_CTX_sess_set_remove_cb
24.Fa "SSL_CTX *ctx"
25.Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)"
26.Fc
27.Ft void
28.Fo SSL_CTX_sess_set_get_cb
29.Fa "SSL_CTX *ctx"
30.Fa "SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)"
31.Fc
32.Ft int
33.Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))"
34.Fa "struct ssl_st *ssl"
35.Fa "SSL_SESSION *sess"
36.Fc
37.Ft void
38.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
39.Fa "struct ssl_ctx_st *ctx"
40.Fa "SSL_SESSION *sess"
41.Fc
42.Ft SSL_SESSION *
43.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
44.Fa "struct ssl_st *ssl"
45.Fa "unsigned char *data"
46.Fa "int len"
47.Fa "int *copy"
48.Fc
49.Ft int
50.Fo "(*new_session_cb)"
51.Fa "struct ssl_st *ssl"
52.Fa "SSL_SESSION *sess"
53.Fc
54.Ft void
55.Fo "(*remove_session_cb)"
56.Fa "struct ssl_ctx_st *ctx"
57.Fa "SSL_SESSION *sess"
58.Fc
59.Ft SSL_SESSION *
60.Fo "(*get_session_cb)"
61.Fa "struct ssl_st *ssl"
62.Fa "unsigned char *data"
63.Fa "int len"
64.Fa "int *copy"
65.Fc
66.Sh DESCRIPTION
67.Fn SSL_CTX_sess_set_new_cb
68sets the callback function which is automatically called whenever a new session
69was negotiated.
70.Pp
71.Fn SSL_CTX_sess_set_remove_cb
72sets the callback function which is automatically called whenever a session is
73removed by the SSL engine (because it is considered faulty or the session has
74become obsolete because of exceeding the timeout value).
75.Pp
76.Fn SSL_CTX_sess_set_get_cb
77sets the callback function which is called whenever a SSL/TLS client proposes
78to resume a session but the session cannot be found in the internal session
79cache (see
80.Xr SSL_CTX_set_session_cache_mode 3 ) .
81(SSL/TLS server only.)
82.Pp
83.Fn SSL_CTX_sess_get_new_cb ,
84.Fn SSL_CTX_sess_get_remove_cb ,
85and
86.Fn SSL_CTX_sess_get_get_cb
87retrieve the function pointers of the provided callback functions.
88If a callback function has not been set, the
89.Dv NULL
90pointer is returned.
91.Sh NOTES
92In order to allow external session caching, synchronization with the internal
93session cache is realized via callback functions.
94Inside these callback functions, session can be saved to disk or put into a
95database using the
96.Xr d2i_SSL_SESSION 3
97interface.
98.Pp
99The
100.Fn new_session_cb
101function is called whenever a new session has been negotiated and session
102caching is enabled (see
103.Xr SSL_CTX_set_session_cache_mode 3 ) .
104The
105.Fn new_session_cb
106is passed the
107.Fa ssl
108connection and the ssl session
109.Fa sess .
110If the callback returns 0, the session will be immediately removed again.
111.Pp
112The
113.Fn remove_session_cb
114is called whenever the SSL engine removes a session from the internal cache.
115This happens when the session is removed because it is expired or when a
116connection was not shut down cleanly.
117It also happens for all sessions in the internal session cache when
118.Xr SSL_CTX_free 3
119is called.
120The
121.Fn remove_session_cb
122function is passed the
123.Fa ctx
124and the
125.Vt ssl
126session
127.Fa sess .
128It does not provide any feedback.
129.Pp
130The
131.Fn get_session_cb
132function is only called on SSL/TLS servers with the session id proposed by the
133client.
134The
135.Fn get_session_cb
136function is always called, also when session caching was disabled.
137The
138.Fn get_session_cb
139is passed the
140.Fa ssl
141connection, the session id of length
142.Fa length
143at the memory location
144.Fa data .
145With the parameter
146.Fa copy
147the callback can require the SSL engine to increment the reference count of the
148.Vt SSL_SESSION
149object,
150Normally the reference count is not incremented and therefore the session must
151not be explicitly freed with
152.Xr SSL_SESSION_free 3 .
153.Sh SEE ALSO
154.Xr d2i_SSL_SESSION 3 ,
155.Xr ssl 3 ,
156.Xr SSL_CTX_flush_sessions 3 ,
157.Xr SSL_CTX_free 3 ,
158.Xr SSL_CTX_set_session_cache_mode 3 ,
159.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/SSL_CTX_sessions.3 b/src/lib/libssl/doc/SSL_CTX_sessions.3
deleted file mode 100644
index 0d83711205..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_sessions.3
+++ /dev/null
@@ -1,34 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_sessions.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SESSIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_sessions
9.Nd access internal session cache
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft struct lhash_st *
13.Fn SSL_CTX_sessions "SSL_CTX *ctx"
14.Sh DESCRIPTION
15.Fn SSL_CTX_sessions
16returns a pointer to the lhash databases containing the internal session cache
17for
18.Fa ctx .
19.Sh NOTES
20The sessions in the internal session cache are kept in an
21.Xr lhash 3
22type database.
23It is possible to directly access this database, e.g., for searching.
24In parallel,
25the sessions form a linked list which is maintained separately from the
26.Xr lhash 3
27operations, so that the database must not be modified directly but by using the
28.Xr SSL_CTX_add_session 3
29family of functions.
30.Sh SEE ALSO
31.Xr lhash 3 ,
32.Xr ssl 3 ,
33.Xr SSL_CTX_add_session 3 ,
34.Xr SSL_CTX_set_session_cache_mode 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_store.3
deleted file mode 100644
index 8ef3c5561e..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3
+++ /dev/null
@@ -1,80 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CERT_STORE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_cert_store ,
9.Nm SSL_CTX_get_cert_store
10.Nd manipulate X509 certificate verification storage
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
15.Ft X509_STORE *
16.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_cert_store
19setsthe verification storage of
20.Fa ctx
21to or replaces it with
22.Fa store .
23If another
24.Vt X509_STORE
25object is currently set in
26.Fa ctx ,
27it will be
28.Xr X509_STORE_free 3 Ns ed.
29.Pp
30.Fn SSL_CTX_get_cert_store
31returns a pointer to the current certificate verification storage.
32.Sh NOTES
33In order to verify the certificates presented by the peer, trusted CA
34certificates must be accessed.
35These CA certificates are made available via lookup methods, handled inside the
36.Vt X509_STORE .
37From the
38.Vt X509_STORE
39the
40.Vt X509_STORE_CTX
41used when verifying certificates is created.
42.Pp
43Typically the trusted certificate store is handled indirectly via using
44.Xr SSL_CTX_load_verify_locations 3 .
45Using the
46.Fn SSL_CTX_set_cert_store
47and
48.Fn SSL_CTX_get_cert_store
49functions it is possible to manipulate the
50.Vt X509_STORE
51object beyond the
52.Xr SSL_CTX_load_verify_locations 3
53call.
54.Pp
55Currently no detailed documentation on how to use the
56.Vt X509_STORE
57object is available.
58Not all members of the
59.Vt X509_STORE
60are used when the verification takes place.
61So will, for example, the
62.Fn verify_callback
63be overridden with the
64.Fn verify_callback
65set via the
66.Xr SSL_CTX_set_verify 3
67family of functions.
68This document must therefore be updated when documentation about the
69.Vt X509_STORE
70object and its handling becomes available.
71.Sh RETURN VALUES
72.Fn SSL_CTX_set_cert_store
73does not return diagnostic output.
74.Pp
75.Fn SSL_CTX_get_cert_store
76returns the current setting.
77.Sh SEE ALSO
78.Xr ssl 3 ,
79.Xr SSL_CTX_load_verify_locations 3 ,
80.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3
deleted file mode 100644
index bb242d6929..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3
+++ /dev/null
@@ -1,112 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_cert_verify_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_cert_verify_callback
9.Nd set peer certificate verification procedure
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fo SSL_CTX_set_cert_verify_callback
14.Fa "SSL_CTX *ctx"
15.Fa "int (*callback)(X509_STORE_CTX *, void *)"
16.Fa "void *arg"
17.Fc
18.Sh DESCRIPTION
19.Fn SSL_CTX_set_cert_verify_callback
20sets the verification callback function for
21.Fa ctx .
22.Vt SSL
23objects that are created from
24.Fa ctx
25inherit the setting valid at the time when
26.Xr SSL_new 3
27is called.
28.Sh NOTES
29Whenever a certificate is verified during a SSL/TLS handshake,
30a verification function is called.
31If the application does not explicitly specify a verification callback
32function, the built-in verification function is used.
33If a verification callback
34.Fa callback
35is specified via
36.Fn SSL_CTX_set_cert_verify_callback ,
37the supplied callback function is called instead.
38By setting
39.Fa callback
40to
41.Dv NULL ,
42the default behaviour is restored.
43.Pp
44When the verification must be performed,
45.Fa callback
46will be called with the arguments
47.Fn callback "X509_STORE_CTX *x509_store_ctx" "void *arg" .
48The argument
49.Fa arg
50is specified by the application when setting
51.Fa callback .
52.Pp
53.Fa callback
54should return 1 to indicate verification success and 0 to indicate verification
55failure.
56If
57.Dv SSL_VERIFY_PEER
58is set and
59.Fa callback
60returns 0, the handshake will fail.
61As the verification procedure may allow the connection to continue in case of
62failure (by always returning 1) the verification result must be set in any case
63using the
64.Fa error
65member of
66.Fa x509_store_ctx
67so that the calling application will be informed about the detailed result of
68the verification procedure!
69.Pp
70Within
71.Fa x509_store_ctx ,
72.Fa callback
73has access to the
74.Fa verify_callback
75function set using
76.Xr SSL_CTX_set_verify 3 .
77.Sh WARNINGS
78Do not mix the verification callback described in this function with the
79.Fa verify_callback
80function called during the verification process.
81The latter is set using the
82.Xr SSL_CTX_set_verify 3
83family of functions.
84.Pp
85Providing a complete verification procedure including certificate purpose
86settings, etc., is a complex task.
87The built-in procedure is quite powerful and in most cases it should be
88sufficient to modify its behaviour using the
89.Fa verify_callback
90function.
91.Sh RETURN VALUES
92.Fn SSL_CTX_set_cert_verify_callback
93does not provide diagnostic information.
94.Sh SEE ALSO
95.Xr ssl 3 ,
96.Xr SSL_CTX_load_verify_locations 3 ,
97.Xr SSL_CTX_set_verify 3 ,
98.Xr SSL_get_verify_result 3
99.Sh HISTORY
100Previous to OpenSSL 0.9.7, the
101.Fa arg
102argument to
103.Fn SSL_CTX_set_cert_verify_callback
104was ignored, and
105.Fa callback
106was called
107simply as
108.Ft int
109.Fn (*callback) "X509_STORE_CTX *" .
110To compile software written for previous versions of OpenSSL,
111a dummy argument will have to be added to
112.Fa callback .
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3
deleted file mode 100644
index e7ce24fb34..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3
+++ /dev/null
@@ -1,82 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CIPHER_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_cipher_list ,
9.Nm SSL_set_cipher_list
10.Nd choose list of available SSL_CIPHERs
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft int
14.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "const char *str"
15.Ft int
16.Fn SSL_set_cipher_list "SSL *ssl" "const char *str"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_cipher_list
19sets the list of available ciphers for
20.Fa ctx
21using the control string
22.Fa str .
23The format of the string is described
24in
25.Xr openssl 1 .
26The list of ciphers is inherited by all
27.Fa ssl
28objects created from
29.Fa ctx .
30.Pp
31.Fn SSL_set_cipher_list
32sets the list of ciphers only for
33.Fa ssl .
34.Sh NOTES
35The control string
36.Fa str
37should be universally usable and not depend on details of the library
38configuration (ciphers compiled in).
39Thus no syntax checking takes place.
40Items that are not recognized, because the corresponding ciphers are not
41compiled in or because they are mistyped, are simply ignored.
42Failure is only flagged if no ciphers could be collected at all.
43.Pp
44It should be noted that inclusion of a cipher to be used into the list is a
45necessary condition.
46On the client side, the inclusion into the list is also sufficient.
47On the server side, additional restrictions apply.
48All ciphers have additional requirements.
49ADH ciphers don't need a certificate, but DH-parameters must have been set.
50All other ciphers need a corresponding certificate and key.
51.Pp
52A RSA cipher can only be chosen when a RSA certificate is available.
53RSA export ciphers with a keylength of 512 bits for the RSA key require a
54temporary 512 bit RSA key, as typically the supplied key has a length of 1024
55bits (see
56.Xr SSL_CTX_set_tmp_rsa_callback 3 ) .
57RSA ciphers using EDH need a certificate and key and additional DH-parameters
58(see
59.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
60.Pp
61A DSA cipher can only be chosen when a DSA certificate is available.
62DSA ciphers always use DH key exchange and therefore need DH-parameters (see
63.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
64.Pp
65When these conditions are not met for any cipher in the list (for example, a
66client only supports export RSA ciphers with an asymmetric key length of 512
67bits and the server is not configured to use temporary RSA keys), the
68.Dq no shared cipher
69.Pq Dv SSL_R_NO_SHARED_CIPHER
70error is generated and the handshake will fail.
71.Sh RETURN VALUES
72.Fn SSL_CTX_set_cipher_list
73and
74.Fn SSL_set_cipher_list
75return 1 if any cipher could be selected and 0 on complete failure.
76.Sh SEE ALSO
77.Xr ciphers 1 ,
78.Xr ssl 3 ,
79.Xr SSL_CTX_set_tmp_dh_callback 3 ,
80.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
81.Xr SSL_CTX_use_certificate 3 ,
82.Xr SSL_get_ciphers 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3
deleted file mode 100644
index 688c4ac023..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3
+++ /dev/null
@@ -1,132 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CLIENT_CA_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_client_CA_list ,
9.Nm SSL_set_client_CA_list ,
10.Nm SSL_CTX_add_client_CA ,
11.Nm SSL_add_client_CA
12.Nd set list of CAs sent to the client when requesting a client certificate
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK_OF(X509_NAME) *list"
17.Ft void
18.Fn SSL_set_client_CA_list "SSL *s" "STACK_OF(X509_NAME) *list"
19.Ft int
20.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *cacert"
21.Ft int
22.Fn SSL_add_client_CA "SSL *ssl" "X509 *cacert"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_client_CA_list
25sets the
26.Fa list
27of CAs sent to the client when requesting a client certificate for
28.Fa ctx .
29.Pp
30.Fn SSL_set_client_CA_list
31sets the
32.Fa list
33of CAs sent to the client when requesting a client certificate for the chosen
34.Fa ssl ,
35overriding the setting valid for
36.Fa ssl Ns 's
37.Vt SSL_CTX
38object.
39.Pp
40.Fn SSL_CTX_add_client_CA
41adds the CA name extracted from
42.Fa cacert
43to the list of CAs sent to the client when requesting a client certificate for
44.Fa ctx .
45.Pp
46.Fn SSL_add_client_CA
47adds the CA name extracted from
48.Fa cacert
49to the list of CAs sent to the client when requesting a client certificate for
50the chosen
51.Fa ssl ,
52overriding the setting valid for
53.Fa ssl Ns 's
54.Va SSL_CTX
55object.
56.Sh NOTES
57When a TLS/SSL server requests a client certificate (see
58.Fn SSL_CTX_set_verify ) ,
59it sends a list of CAs for which it will accept certificates to the client.
60.Pp
61This list must explicitly be set using
62.Fn SSL_CTX_set_client_CA_list
63for
64.Fa ctx
65and
66.Fn SSL_set_client_CA_list
67for the specific
68.Fa ssl .
69The list specified overrides the previous setting.
70The CAs listed do not become trusted
71.Po
72.Fa list
73only contains the names, not the complete certificates
74.Pc ;
75use
76.Xr SSL_CTX_load_verify_locations 3
77to additionally load them for verification.
78.Pp
79If the list of acceptable CAs is compiled in a file, the
80.Xr SSL_load_client_CA_file 3
81function can be used to help importing the necessary data.
82.Pp
83.Fn SSL_CTX_add_client_CA
84and
85.Fn SSL_add_client_CA
86can be used to add additional items the list of client CAs.
87If no list was specified before using
88.Fn SSL_CTX_set_client_CA_list
89or
90.Fn SSL_set_client_CA_list ,
91a new client CA list for
92.Fa ctx
93or
94.Fa ssl
95(as appropriate) is opened.
96.Pp
97These functions are only useful for TLS/SSL servers.
98.Sh RETURN VALUES
99.Fn SSL_CTX_set_client_CA_list
100and
101.Fn SSL_set_client_CA_list
102do not return diagnostic information.
103.Pp
104.Fn SSL_CTX_add_client_CA
105and
106.Fn SSL_add_client_CA
107have the following return values:
108.Bl -tag -width Ds
109.It 0
110A failure while manipulating the
111.Dv STACK_OF Ns
112.Pq Vt X509_NAME
113object occurred or the
114.Vt X509_NAME
115could not be extracted from
116.Fa cacert .
117Check the error stack to find out the reason.
118.It 1
119The operation succeeded.
120.El
121.Sh EXAMPLES
122Scan all certificates in
123.Fa CAfile
124and list them as acceptable CAs:
125.Bd -literal
126SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
127.Ed
128.Sh SEE ALSO
129.Xr ssl 3 ,
130.Xr SSL_CTX_load_verify_locations 3 ,
131.Xr SSL_get_client_CA_list 3 ,
132.Xr SSL_load_client_CA_file 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3
deleted file mode 100644
index 7a7d9466d2..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3
+++ /dev/null
@@ -1,143 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_CLIENT_CERT_CB 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_client_cert_cb ,
9.Nm SSL_CTX_get_client_cert_cb
10.Nd handle client certificate callback function
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fo SSL_CTX_set_client_cert_cb
15.Fa "SSL_CTX *ctx"
16.Fa "int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
17.Fc
18.Ft int
19.Fo "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
20.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
21.Fc
22.Ft int
23.Fn "(*client_cert_cb)" "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
24.Sh DESCRIPTION
25.Fn SSL_CTX_set_client_cert_cb
26sets the
27.Fa client_cert_cb()
28callback that is called when a client certificate is requested by a server and
29no certificate was yet set for the SSL object.
30.Pp
31When
32.Fa client_cert_cb
33is
34.Dv NULL ,
35no callback function is used.
36.Pp
37.Fn SSL_CTX_get_client_cert_cb
38returns a pointer to the currently set callback function.
39.Pp
40.Fn client_cert_cb
41is the application-defined callback.
42If it wants to set a certificate,
43a certificate/private key combination must be set using the
44.Fa x509
45and
46.Fa pkey
47arguments and 1 must be returned.
48The certificate will be installed into
49.Fa ssl ;
50see the
51.Sx NOTES
52and
53.Sx BUGS
54sections.
55If no certificate should be set,
560 has to be returned and no certificate will be sent.
57A negative return value will suspend the handshake and the handshake function
58will return immediately.
59.Xr SSL_get_error 3
60will return
61.Dv SSL_ERROR_WANT_X509_LOOKUP
62to indicate that the handshake was suspended.
63The next call to the handshake function will again lead to the call of
64.Fa client_cert_cb() .
65It is the job of the
66.Fa client_cert_cb()
67to store information
68about the state of the last call, if required to continue.
69.Sh NOTES
70During a handshake (or renegotiation)
71a server may request a certificate from the client.
72A client certificate must only be sent when the server did send the request.
73.Pp
74When a certificate has been set using the
75.Xr SSL_CTX_use_certificate 3
76family of functions,
77it will be sent to the server.
78The TLS standard requires that only a certificate is sent if it matches the
79list of acceptable CAs sent by the server.
80This constraint is violated by the default behavior of the OpenSSL library.
81Using the callback function it is possible to implement a proper selection
82routine or to allow a user interaction to choose the certificate to be sent.
83.Pp
84If a callback function is defined and no certificate was yet defined for the
85.Vt SSL
86object, the callback function will be called.
87If the callback function returns a certificate, the OpenSSL library
88will try to load the private key and certificate data into the
89.Vt SSL
90object using the
91.Fn SSL_use_certificate
92and
93.Fn SSL_use_private_key
94functions.
95Thus it will permanently install the certificate and key for this SSL object.
96It will not be reset by calling
97.Xr SSL_clear 3 .
98If the callback returns no certificate, the OpenSSL library will not send a
99certificate.
100.Sh SEE ALSO
101.Xr ssl 3 ,
102.Xr SSL_clear 3 ,
103.Xr SSL_CTX_add_extra_chain_cert 3 ,
104.Xr SSL_CTX_use_certificate 3 ,
105.Xr SSL_free 3 ,
106.Xr SSL_get_client_CA_list 3
107.Sh BUGS
108The
109.Fa client_cert_cb()
110cannot return a complete certificate chain;
111it can only return one client certificate.
112If the chain only has a length of 2,
113the root CA certificate may be omitted according to the TLS standard and
114thus a standard conforming answer can be sent to the server.
115For a longer chain, the client must send the complete chain
116(with the option to leave out the root CA certificate).
117This can be accomplished only by either adding the intermediate CA certificates
118into the trusted certificate store for the
119.Vt SSL_CTX
120object (resulting in having to add CA certificates that otherwise maybe would
121not be trusted), or by adding the chain certificates using the
122.Xr SSL_CTX_add_extra_chain_cert 3
123function, which is only available for the
124.Vt SSL_CTX
125object as a whole and that therefore probably can only apply for one client
126certificate, making the concept of the callback function
127(to allow the choice from several certificates) questionable.
128.Pp
129Once the
130.Vt SSL
131object has been used in conjunction with the callback function,
132the certificate will be set for the
133.Vt SSL
134object and will not be cleared even when
135.Xr SSL_clear 3
136is called.
137It is therefore
138.Em mandatory
139to destroy the
140.Vt SSL
141object using
142.Xr SSL_free 3
143and create a new one to return to the previous state.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3 b/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3
deleted file mode 100644
index ac4d55ae73..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3
+++ /dev/null
@@ -1,95 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_default_passwd_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_default_passwd_cb ,
9.Nm SSL_CTX_set_default_passwd_cb_userdata
10.Nd set passwd callback for encrypted PEM file handling
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
15.Ft void
16.Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *u"
17.Ft int
18.Fn pem_passwd_cb "char *buf" "int size" "int rwflag" "void *userdata"
19.Sh DESCRIPTION
20.Fn SSL_CTX_set_default_passwd_cb
21sets the default password callback called when loading/storing a PEM
22certificate with encryption.
23.Pp
24.Fn SSL_CTX_set_default_passwd_cb_userdata
25sets a pointer to userdata
26.Fa u
27which will be provided to the password callback on invocation.
28.Pp
29The
30.Fn pem_passwd_cb ,
31which must be provided by the application,
32hands back the password to be used during decryption.
33On invocation a pointer to
34.Fa userdata
35is provided.
36The pem_passwd_cb must write the password into the provided buffer
37.Fa buf
38which is of size
39.Fa size .
40The actual length of the password must be returned to the calling function.
41.Fa rwflag
42indicates whether the callback is used for reading/decryption
43.Pq Fa rwflag No = 0
44or writing/encryption
45.Pq Fa rwflag No = 1 .
46.Sh NOTES
47When loading or storing private keys, a password might be supplied to protect
48the private key.
49The way this password can be supplied may depend on the application.
50If only one private key is handled, it can be practical to have
51.Fn pem_passwd_cb
52handle the password dialog interactively.
53If several keys have to be handled, it can be practical to ask for the password
54once, then keep it in memory and use it several times.
55In the last case, the password could be stored into the
56.Fa userdata
57storage and the
58.Fn pem_passwd_cb
59only returns the password already stored.
60.Pp
61When asking for the password interactively,
62.Fn pem_passwd_cb
63can use
64.Fa rwflag
65to check whether an item shall be encrypted
66.Pq Fa rwflag No = 1 .
67In this case the password dialog may ask for the same password twice for
68comparison in order to catch typos which would make decryption impossible.
69.Pp
70Other items in PEM formatting (certificates) can also be encrypted; it is
71however atypical, as certificate information is considered public.
72.Sh RETURN VALUES
73.Fn SSL_CTX_set_default_passwd_cb
74and
75.Fn SSL_CTX_set_default_passwd_cb_userdata
76do not provide diagnostic information.
77.Sh EXAMPLES
78The following example returns the password provided as
79.Fa userdata
80to the calling function.
81The password is considered to be a
82.Sq \e0
83terminated string.
84If the password does not fit into the buffer, the password is truncated.
85.Bd -literal
86int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
87{
88 strncpy(buf, (char *)password, size);
89 buf[size - 1] = '\e0';
90 return strlen(buf);
91}
92.Ed
93.Sh SEE ALSO
94.Xr ssl 3 ,
95.Xr SSL_CTX_use_certificate 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3 b/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3
deleted file mode 100644
index 0bea48904e..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3
+++ /dev/null
@@ -1,196 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_generate_session_id.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_GENERATE_SESSION_ID 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_generate_session_id ,
9.Nm SSL_set_generate_session_id ,
10.Nm SSL_has_matching_session_id
11.Nd manipulate generation of SSL session IDs (server only)
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Bd -literal
15 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
16 unsigned int *id_len);
17.Ed
18.Ft int
19.Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb"
20.Ft int
21.Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB" "cb);"
22.Ft int
23.Fo SSL_has_matching_session_id
24.Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len"
25.Fc
26.Sh DESCRIPTION
27.Fn SSL_CTX_set_generate_session_id
28sets the callback function for generating new session ids for SSL/TLS sessions
29for
30.Fa ctx
31to be
32.Fa cb .
33.Pp
34.Fn SSL_set_generate_session_id
35sets the callback function for generating new session ids for SSL/TLS sessions
36for
37.Fa ssl
38to be
39.Fa cb .
40.Pp
41.Fn SSL_has_matching_session_id
42checks, whether a session with id
43.Fa id
44(of length
45.Fa id_len )
46is already contained in the internal session cache
47of the parent context of
48.Fa ssl .
49.Sh NOTES
50When a new session is established between client and server,
51the server generates a session id.
52The session id is an arbitrary sequence of bytes.
53The length of the session id is 16 bytes for SSLv2 sessions and between 1 and
5432 bytes for SSLv3/TLSv1.
55The session id is not security critical but must be unique for the server.
56Additionally, the session id is transmitted in the clear when reusing the
57session so it must not contain sensitive information.
58.Pp
59Without a callback being set, an OpenSSL server will generate a unique session
60id from pseudo random numbers of the maximum possible length.
61Using the callback function, the session id can be changed to contain
62additional information like, e.g., a host id in order to improve load balancing
63or external caching techniques.
64.Pp
65The callback function receives a pointer to the memory location to put
66.Fa id
67into and a pointer to the maximum allowed length
68.Fa id_len .
69The buffer at location
70.Fa id
71is only guaranteed to have the size
72.Fa id_len .
73The callback is only allowed to generate a shorter id and reduce
74.Fa id_len ;
75the callback
76.Em must never
77increase
78.Fa id_len
79or write to the location
80.Fa id
81exceeding the given limit.
82.Pp
83If a SSLv2 session id is generated and
84.Fa id_len
85is reduced, it will be restored after the callback has finished and the session
86id will be padded with 0x00.
87It is not recommended to change the
88.Fa id_len
89for SSLv2 sessions.
90The callback can use the
91.Xr SSL_get_version 3
92function to check whether the session is of type SSLv2.
93.Pp
94The location
95.Fa id
96is filled with 0x00 before the callback is called,
97so the callback may only fill part of the possible length and leave
98.Fa id_len
99untouched while maintaining reproducibility.
100.Pp
101Since the sessions must be distinguished, session ids must be unique.
102Without the callback a random number is used,
103so that the probability of generating the same session id is extremely small
104(2^128 possible ids for an SSLv2 session, 2^256 for SSLv3/TLSv1).
105In order to ensure the uniqueness of the generated session id,
106the callback must call
107.Fn SSL_has_matching_session_id
108and generate another id if a conflict occurs.
109If an id conflict is not resolved, the handshake will fail.
110If the application codes, e.g., a unique host id, a unique process number, and
111a unique sequence number into the session id, uniqueness could easily be
112achieved without randomness added (it should however be taken care that
113no confidential information is leaked this way).
114If the application cannot guarantee uniqueness,
115it is recommended to use the maximum
116.Fa id_len
117and fill in the bytes not used to code special information with random data to
118avoid collisions.
119.Pp
120.Fn SSL_has_matching_session_id
121will only query the internal session cache, not the external one.
122Since the session id is generated before the handshake is completed,
123it is not immediately added to the cache.
124If another thread is using the same internal session cache,
125a race condition can occur in that another thread generates the same session id.
126Collisions can also occur when using an external session cache,
127since the external cache is not tested with
128.Fn SSL_has_matching_session_id
129and the same race condition applies.
130.Pp
131When calling
132.Fn SSL_has_matching_session_id
133for an SSLv2 session with reduced
134.Fa id_len Ns ,
135the match operation will be performed using the fixed length required and with
136a 0x00 padded id.
137.Pp
138The callback must return 0 if it cannot generate a session id for whatever
139reason and return 1 on success.
140.Sh RETURN VALUES
141.Fn SSL_CTX_set_generate_session_id
142and
143.Fn SSL_set_generate_session_id
144always return 1.
145.Pp
146.Fn SSL_has_matching_session_id
147returns 1 if another session with the same id is already in the cache.
148.Sh EXAMPLES
149The callback function listed will generate a session id with the server id
150given, and will fill the rest with pseudo random bytes:
151.Bd -literal
152const char session_id_prefix = "www-18";
153
154#define MAX_SESSION_ID_ATTEMPTS 10
155static int
156generate_session_id(const SSL *ssl, unsigned char *id,
157 unsigned int *id_len)
158{
159 unsigned int count = 0;
160 const char *version;
161
162 version = SSL_get_version(ssl);
163 if (!strcmp(version, "SSLv2")) {
164 /* we must not change id_len */
165 ;
166 }
167
168 do {
169 RAND_pseudo_bytes(id, *id_len);
170 /*
171 * Prefix the session_id with the required prefix. NB: If
172 * our prefix is too long, clip it \(en but there will be
173 * worse effects anyway, e.g., the server could only
174 * possibly create one session ID (the prefix!) so all
175 * future session negotiations will fail due to conflicts.
176 */
177 memcpy(id, session_id_prefix,
178 (strlen(session_id_prefix) < *id_len) ?
179 strlen(session_id_prefix) : *id_len);
180 } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
181 (++count < MAX_SESSION_ID_ATTEMPTS));
182
183 if (count >= MAX_SESSION_ID_ATTEMPTS)
184 return 0;
185 return 1;
186}
187.Ed
188.Sh SEE ALSO
189.Xr ssl 3 ,
190.Xr SSL_get_version 3
191.Sh HISTORY
192.Fn SSL_CTX_set_generate_session_id ,
193.Fn SSL_set_generate_session_id
194and
195.Fn SSL_has_matching_session_id
196were introduced in OpenSSL 0.9.7.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_info_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_info_callback.3
deleted file mode 100644
index 24ee74dda9..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_info_callback.3
+++ /dev/null
@@ -1,167 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_info_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_INFO_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_info_callback ,
9.Nm SSL_CTX_get_info_callback ,
10.Nm SSL_set_info_callback ,
11.Nm SSL_get_info_callback
12.Nd handle information callback for SSL connections
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fn SSL_CTX_set_info_callback "SSL_CTX *ctx" "void (*callback)()"
17.Ft void
18.Fn "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
19.Ft void
20.Fn SSL_set_info_callback "SSL *ssl" "void (*callback)()"
21.Ft void
22.Fn "(*SSL_get_info_callback(const SSL *ssl))"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_info_callback
25sets the
26.Fa callback
27function that can be used to obtain state information for SSL objects created
28from
29.Fa ctx
30during connection setup and use.
31The setting for
32.Fa ctx
33is overridden from the setting for a specific SSL object, if specified.
34When
35.Fa callback
36is
37.Dv NULL ,
38no callback function is used.
39.Pp
40.Fn SSL_set_info_callback
41sets the
42.Fa callback
43function that can be used to
44obtain state information for
45.Fa ssl
46during connection setup and use.
47When
48.Fa callback
49is
50.Dv NULL ,
51the callback setting currently valid for
52.Fa ctx
53is used.
54.Pp
55.Fn SSL_CTX_get_info_callback
56returns a pointer to the currently set information callback function for
57.Fa ctx .
58.Pp
59.Fn SSL_get_info_callback
60returns a pointer to the currently set information callback function for
61.Fa ssl .
62.Sh NOTES
63When setting up a connection and during use,
64it is possible to obtain state information from the SSL/TLS engine.
65When set, an information callback function is called whenever the state changes,
66an alert appears, or an error occurs.
67.Pp
68The callback function is called as
69.Fn callback "SSL *ssl" "int where" "int ret" .
70The
71.Fa where
72argument specifies information about where (in which context)
73the callback function was called.
74If
75.Fa ret
76is 0, an error condition occurred.
77If an alert is handled,
78.Dv SSL_CB_ALERT
79is set and
80.Fa ret
81specifies the alert information.
82.Pp
83.Fa where
84is a bitmask made up of the following bits:
85.Bl -tag -width Ds
86.It Dv SSL_CB_LOOP
87Callback has been called to indicate state change inside a loop.
88.It Dv SSL_CB_EXIT
89Callback has been called to indicate error exit of a handshake function.
90(May be soft error with retry option for non-blocking setups.)
91.It Dv SSL_CB_READ
92Callback has been called during read operation.
93.It Dv SSL_CB_WRITE
94Callback has been called during write operation.
95.It Dv SSL_CB_ALERT
96Callback has been called due to an alert being sent or received.
97.It Dv SSL_CB_READ_ALERT
98.It Dv SSL_CB_WRITE_ALERT
99.It Dv SSL_CB_ACCEPT_LOOP
100.It Dv SSL_CB_ACCEPT_EXIT
101.It Dv SSL_CB_CONNECT_LOOP
102.It Dv SSL_CB_CONNECT_EXIT
103.It Dv SSL_CB_HANDSHAKE_START
104Callback has been called because a new handshake is started.
105.It Dv SSL_CB_HANDSHAKE_DONE
106Callback has been called because a handshake is finished.
107.El
108.Pp
109The current state information can be obtained using the
110.Xr SSL_state_string 3
111family of functions.
112.Pp
113The
114.Fa ret
115information can be evaluated using the
116.Xr SSL_alert_type_string 3
117family of functions.
118.Sh RETURN VALUES
119.Fn SSL_set_info_callback
120does not provide diagnostic information.
121.Pp
122.Fn SSL_get_info_callback
123returns the current setting.
124.Sh EXAMPLES
125The following example callback function prints state strings,
126information about alerts being handled and error messages to the
127.Va bio_err
128.Vt BIO .
129.Bd -literal
130void
131apps_ssl_info_callback(SSL *s, int where, int ret)
132{
133 const char *str;
134 int w;
135
136 w = where & ~SSL_ST_MASK;
137
138 if (w & SSL_ST_CONNECT)
139 str = "SSL_connect";
140 else if (w & SSL_ST_ACCEPT)
141 str = "SSL_accept";
142 else
143 str = "undefined";
144
145 if (where & SSL_CB_LOOP) {
146 BIO_printf(bio_err, "%s:%s\en", str,
147 SSL_state_string_long(s));
148 } else if (where & SSL_CB_ALERT) {
149 str = (where & SSL_CB_READ) ? "read" : "write";
150 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str,
151 SSL_alert_type_string_long(ret),
152 SSL_alert_desc_string_long(ret));
153 } else if (where & SSL_CB_EXIT) {
154 if (ret == 0)
155 BIO_printf(bio_err, "%s:failed in %s\en",
156 str, SSL_state_string_long(s));
157 else if (ret < 0) {
158 BIO_printf(bio_err, "%s:error in %s\en",
159 str, SSL_state_string_long(s));
160 }
161 }
162}
163.Ed
164.Sh SEE ALSO
165.Xr ssl 3 ,
166.Xr SSL_alert_type_string 3 ,
167.Xr SSL_state_string 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3 b/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3
deleted file mode 100644
index 771b49a0b2..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3
+++ /dev/null
@@ -1,105 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_MAX_CERT_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_max_cert_list ,
9.Nm SSL_CTX_get_max_cert_list ,
10.Nm SSL_set_max_cert_list ,
11.Nm SSL_get_max_cert_list
12.Nd manipulate allowed size for the peer's certificate chain
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft long
16.Fn SSL_CTX_set_max_cert_list "SSL_CTX *ctx" "long size"
17.Ft long
18.Fn SSL_CTX_get_max_cert_list "SSL_CTX *ctx"
19.Ft long
20.Fn SSL_set_max_cert_list "SSL *ssl" "long size"
21.Ft long
22.Fn SSL_get_max_cert_list "SSL *ctx"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_max_cert_list
25sets the maximum size allowed for the peer's certificate chain for all
26.Vt SSL
27objects created from
28.Fa ctx
29to be
30.Fa size
31bytes.
32The
33.Vt SSL
34objects inherit the setting valid for
35.Fa ctx
36at the time
37.Xr SSL_new 3
38is being called.
39.Pp
40.Fn SSL_CTX_get_max_cert_list
41returns the currently set maximum size for
42.Fa ctx .
43.Pp
44.Fn SSL_set_max_cert_list
45sets the maximum size allowed for the peer's certificate chain for
46.Fa ssl
47to be
48.Fa size
49bytes.
50This setting stays valid until a new value is set.
51.Pp
52.Fn SSL_get_max_cert_list
53returns the currently set maximum size for
54.Fa ssl .
55.Sh NOTES
56During the handshake process, the peer may send a certificate chain.
57The TLS/SSL standard does not give any maximum size of the certificate chain.
58The OpenSSL library handles incoming data by a dynamically allocated buffer.
59In order to prevent this buffer from growing without bound due to data
60received from a faulty or malicious peer, a maximum size for the certificate
61chain is set.
62.Pp
63The default value for the maximum certificate chain size is 100kB (30kB
64on the 16bit DOS platform).
65This should be sufficient for usual certificate chains
66(OpenSSL's default maximum chain length is 10, see
67.Xr SSL_CTX_set_verify 3 ,
68and certificates without special extensions have a typical size of 1-2kB).
69.Pp
70For special applications it can be necessary to extend the maximum certificate
71chain size allowed to be sent by the peer.
72See for example the work on
73.%T "Internet X.509 Public Key Infrastructure Proxy Certificate Profile"
74and
75.%T "TLS Delegation Protocol"
76at
77.Lk http://www.ietf.org/
78and
79.Lk http://www.globus.org/ .
80.Pp
81Under normal conditions it should never be necessary to set a value smaller
82than the default, as the buffer is handled dynamically and only uses the
83memory actually required by the data sent by the peer.
84.Pp
85If the maximum certificate chain size allowed is exceeded, the handshake will
86fail with a
87.Dv SSL_R_EXCESSIVE_MESSAGE_SIZE
88error.
89.Sh RETURN VALUES
90.Fn SSL_CTX_set_max_cert_list
91and
92.Fn SSL_set_max_cert_list
93return the previously set value.
94.Pp
95.Fn SSL_CTX_get_max_cert_list
96and
97.Fn SSL_get_max_cert_list
98return the currently set value.
99.Sh SEE ALSO
100.Xr ssl 3 ,
101.Xr SSL_CTX_set_verify 3 ,
102.Xr SSL_new 3
103.Sh HISTORY
104.Fn SSL*_set/get_max_cert_list
105were introduced in OpenSSL 0.9.7.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_mode.3 b/src/lib/libssl/doc/SSL_CTX_set_mode.3
deleted file mode 100644
index 2a3fcd5531..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_mode.3
+++ /dev/null
@@ -1,126 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_MODE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_mode ,
9.Nm SSL_set_mode ,
10.Nm SSL_CTX_get_mode ,
11.Nm SSL_get_mode
12.Nd manipulate SSL engine mode
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft long
16.Fn SSL_CTX_set_mode "SSL_CTX *ctx" "long mode"
17.Ft long
18.Fn SSL_set_mode "SSL *ssl" "long mode"
19.Ft long
20.Fn SSL_CTX_get_mode "SSL_CTX *ctx"
21.Ft long
22.Fn SSL_get_mode "SSL *ssl"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_mode
25adds the mode set via bitmask in
26.Fa mode
27to
28.Fa ctx .
29Options already set before are not cleared.
30.Pp
31.Fn SSL_set_mode
32adds the mode set via bitmask in
33.Fa mode
34to
35.Fa ssl .
36Options already set before are not cleared.
37.Pp
38.Fn SSL_CTX_get_mode
39returns the mode set for
40.Fa ctx .
41.Pp
42.Fn SSL_get_mode
43returns the mode set for
44.Fa ssl .
45.Sh NOTES
46The following mode changes are available:
47.Bl -tag -width Ds
48.It Dv SSL_MODE_ENABLE_PARTIAL_WRITE
49Allow
50.Fn SSL_write ... n
51to return
52.Ms r
53with
54.EQ
550 < r < n
56.EN
57(i.e., report success when just a single record has been written).
58When not set (the default),
59.Xr SSL_write 3
60will only report success once the complete chunk was written.
61Once
62.Xr SSL_write 3
63returns with
64.Ms r ,
65.Ms r
66bytes have been successfully written and the next call to
67.Xr SSL_write 3
68must only send the
69.Ms n \(mi r
70bytes left, imitating the behaviour of
71.Xr write 2 .
72.It Dv SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
73Make it possible to retry
74.Xr SSL_write 3
75with changed buffer location (the buffer contents must stay the same).
76This is not the default to avoid the misconception that non-blocking
77.Xr SSL_write 3
78behaves like non-blocking
79.Xr write 2 .
80.It Dv SSL_MODE_AUTO_RETRY
81Never bother the application with retries if the transport is blocking.
82If a renegotiation take place during normal operation, a
83.Xr SSL_read 3
84or
85.Xr SSL_write 3
86would return
87with \(mi1 and indicate the need to retry with
88.Dv SSL_ERROR_WANT_READ .
89In a non-blocking environment applications must be prepared to handle
90incomplete read/write operations.
91In a blocking environment, applications are not always prepared to deal with
92read/write operations returning without success report.
93The flag
94.Dv SSL_MODE_AUTO_RETRY
95will cause read/write operations to only return after the handshake and
96successful completion.
97.It Dv SSL_MODE_RELEASE_BUFFERS
98When we no longer need a read buffer or a write buffer for a given
99.Vt SSL ,
100then release the memory we were using to hold it.
101Released memory is either appended to a list of unused RAM chunks on the
102.Vt SSL_CTX ,
103or simply freed if the list of unused chunks would become longer than
104.Va "SSL_CTX->freelist_max_len" ,
105which defaults to 32.
106Using this flag can save around 34k per idle SSL connection.
107This flag has no effect on SSL v2 connections, or on DTLS connections.
108.El
109.Sh RETURN VALUES
110.Fn SSL_CTX_set_mode
111and
112.Fn SSL_set_mode
113return the new mode bitmask after adding
114.Fa mode .
115.Pp
116.Fn SSL_CTX_get_mode
117and
118.Fn SSL_get_mode
119return the current bitmask.
120.Sh SEE ALSO
121.Xr ssl 3 ,
122.Xr SSL_read 3 ,
123.Xr SSL_write 3
124.Sh HISTORY
125.Dv SSL_MODE_AUTO_RETRY
126was added in OpenSSL 0.9.6.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3
deleted file mode 100644
index 6589306fd4..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3
+++ /dev/null
@@ -1,135 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_msg_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_MSG_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_msg_callback ,
9.Nm SSL_CTX_set_msg_callback_arg ,
10.Nm SSL_set_msg_callback ,
11.Nm SSL_get_msg_callback_arg
12.Nd install callback for observing protocol messages
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fo SSL_CTX_set_msg_callback
17.Fa "SSL_CTX *ctx"
18.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
19.Fc
20.Ft void
21.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
22.Ft void
23.Fo SSL_set_msg_callback
24.Fa "SSL *ssl"
25.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
26.Fc
27.Ft void
28.Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg"
29.Sh DESCRIPTION
30.Fn SSL_CTX_set_msg_callback
31or
32.Fn SSL_set_msg_callback
33can be used to define a message callback function
34.Fa cb
35for observing all SSL/TLS protocol messages (such as handshake messages)
36that are received or sent.
37.Fn SSL_CTX_set_msg_callback_arg
38and
39.Fn SSL_set_msg_callback_arg
40can be used to set argument
41.Fa arg
42to the callback function, which is available for arbitrary application use.
43.Pp
44.Fn SSL_CTX_set_msg_callback
45and
46.Fn SSL_CTX_set_msg_callback_arg
47specify default settings that will be copied to new
48.Vt SSL
49objects by
50.Xr SSL_new 3 .
51.Fn SSL_set_msg_callback
52and
53.Fn SSL_set_msg_callback_arg
54modify the actual settings of an
55.Vt SSL
56object.
57Using a
58.Dv NULL
59pointer for
60.Fa cb
61disables the message callback.
62.Pp
63When
64.Fa cb
65is called by the SSL/TLS library for a protocol message,
66the function arguments have the following meaning:
67.Bl -tag -width Ds
68.It Fa write_p
69This flag is 0 when a protocol message has been received and 1 when a protocol
70message has been sent.
71.It Fa version
72The protocol version according to which the protocol message is
73interpreted by the library.
74Currently, this is one of
75.Dv SSL2_VERSION ,
76.Dv SSL3_VERSION
77and
78.Dv TLS1_VERSION
79(for SSL 2.0, SSL 3.0 and TLS 1.0, respectively).
80.It Fa content_type
81In the case of SSL 2.0, this is always 0.
82In the case of SSL 3.0 or TLS 1.0, this is one of the
83.Em ContentType
84values defined in the protocol specification
85.Po
86.Dq change_cipher_spec(20) ,
87.Dq alert(21) ,
88.Dq handshake(22) ;
89but never
90.Dq application_data(23)
91because the callback will only be called for protocol messages.
92.Pc
93.It Fa buf , Fa len
94.Fa buf
95points to a buffer containing the protocol message, which consists of
96.Fa len
97bytes.
98The buffer is no longer valid after the callback function has returned.
99.It Fa ssl
100The
101.Vt SSL
102object that received or sent the message.
103.It Fa arg
104The user-defined argument optionally defined by
105.Fn SSL_CTX_set_msg_callback_arg
106or
107.Fn SSL_set_msg_callback_arg .
108.El
109.Sh NOTES
110Protocol messages are passed to the callback function after decryption
111and fragment collection where applicable.
112(Thus record boundaries are not visible.)
113.Pp
114If processing a received protocol message results in an error,
115the callback function may not be called.
116For example, the callback function will never see messages that are considered
117too large to be processed.
118.Pp
119Due to automatic protocol version negotiation,
120.Fa version
121is not necessarily the protocol version used by the sender of the message:
122If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
123.Fa version
124will be
125.Dv SSL3_VERSION .
126.Sh SEE ALSO
127.Xr ssl 3 ,
128.Xr SSL_new 3
129.Sh HISTORY
130.Fn SSL_CTX_set_msg_callback ,
131.Fn SSL_CTX_set_msg_callback_arg ,
132.Fn SSL_set_msg_callback
133and
134.Fn SSL_get_msg_callback_arg
135were added in OpenSSL 0.9.7.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3
deleted file mode 100644
index 852553e97f..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_options.3
+++ /dev/null
@@ -1,395 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_options.3,v 1.10 2015/07/18 19:41:54 doug Exp $
3.\"
4.Dd $Mdocdate: July 18 2015 $
5.Dt SSL_CTX_SET_OPTIONS 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_options ,
9.Nm SSL_set_options ,
10.Nm SSL_CTX_clear_options ,
11.Nm SSL_clear_options ,
12.Nm SSL_CTX_get_options ,
13.Nm SSL_get_options ,
14.Nm SSL_get_secure_renegotiation_support
15.Nd manipulate SSL options
16.Sh SYNOPSIS
17.In openssl/ssl.h
18.Ft long
19.Fn SSL_CTX_set_options "SSL_CTX *ctx" "long options"
20.Ft long
21.Fn SSL_set_options "SSL *ssl" "long options"
22.Ft long
23.Fn SSL_CTX_clear_options "SSL_CTX *ctx" "long options"
24.Ft long
25.Fn SSL_clear_options "SSL *ssl" "long options"
26.Ft long
27.Fn SSL_CTX_get_options "SSL_CTX *ctx"
28.Ft long
29.Fn SSL_get_options "SSL *ssl"
30.Ft long
31.Fn SSL_get_secure_renegotiation_support "SSL *ssl"
32.Sh DESCRIPTION
33Note: all these functions are implemented using macros.
34.Pp
35.Fn SSL_CTX_set_options
36adds the options set via bitmask in
37.Fa options
38to
39.Fa ctx .
40Options already set before are not cleared!
41.Pp
42.Fn SSL_set_options
43adds the options set via bitmask in
44.Fa options
45to
46.Fa ssl .
47Options already set before are not cleared!
48.Pp
49.Fn SSL_CTX_clear_options
50clears the options set via bitmask in
51.Fa options
52to
53.Fa ctx .
54.Pp
55.Fn SSL_clear_options
56clears the options set via bitmask in
57.Fa options
58to
59.Fa ssl .
60.Pp
61.Fn SSL_CTX_get_options
62returns the options set for
63.Fa ctx .
64.Pp
65.Fn SSL_get_options
66returns the options set for
67.Fa ssl .
68.Pp
69.Fn SSL_get_secure_renegotiation_support
70indicates whether the peer supports secure renegotiation.
71.Sh NOTES
72The behaviour of the SSL library can be changed by setting several options.
73The options are coded as bitmasks and can be combined by a bitwise OR
74operation (|).
75.Pp
76.Fn SSL_CTX_set_options
77and
78.Fn SSL_set_options
79affect the (external) protocol behaviour of the SSL library.
80The (internal) behaviour of the API can be changed by using the similar
81.Xr SSL_CTX_set_mode 3
82and
83.Xr SSL_set_mode 3
84functions.
85.Pp
86During a handshake, the option settings of the SSL object are used.
87When a new SSL object is created from a context using
88.Xr SSL_new 3 ,
89the current option setting is copied.
90Changes to
91.Fa ctx
92do not affect already created
93.Vt SSL
94objects.
95.Fn SSL_clear
96does not affect the settings.
97.Pp
98The following
99.Em bug workaround
100options are available:
101.Bl -tag -width Ds
102.It Dv SSL_OP_MICROSOFT_SESS_ID_BUG
103As of
104.Ox 5.8 ,
105this option has no effect.
106.It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG
107As of
108.Ox 5.8 ,
109this option has no effect.
110.It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
111As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
112.It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
113As of
114.Ox 5.8 ,
115this option has no effect.
116.It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
117As of
118.Ox 5.8 ,
119this option has no effect.
120.It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG
121As of
122.Ox 5.8 ,
123this option has no effect.
124.It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG
125As of
126.Ox 5.8 ,
127this option has no effect.
128.It Dv SSL_OP_TLS_D5_BUG
129As of
130.Ox 5.8 ,
131this option has no effect.
132.It Dv SSL_OP_TLS_BLOCK_PADDING_BUG
133As of
134.Ox 5.8 ,
135this option has no effect.
136.It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
137Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability
138affecting CBC ciphers, which cannot be handled by some broken SSL
139implementations.
140This option has no effect for connections using other ciphers.
141.It Dv SSL_OP_TLSEXT_PADDING
142Adds a padding extension to ensure the ClientHello size is never between 256
143and 511 bytes in length.
144This is needed as a workaround for some implementations.
145.It Dv SSL_OP_ALL
146All of the above bug workarounds.
147.El
148.Pp
149It is usually safe to use
150.Dv SSL_OP_ALL
151to enable the bug workaround options if compatibility with somewhat broken
152implementations is desired.
153.Pp
154The following
155.Em modifying
156options are available:
157.Bl -tag -width Ds
158.It Dv SSL_OP_TLS_ROLLBACK_BUG
159Disable version rollback attack detection.
160.Pp
161During the client key exchange, the client must send the same information
162about acceptable SSL/TLS protocol levels as during the first hello.
163Some clients violate this rule by adapting to the server's answer.
164(Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1,
165the server only understands up to SSLv3.
166In this case the client must still use the same SSLv3.1=TLSv1 announcement.
167Some clients step down to SSLv3 with respect to the server's answer and violate
168the version rollback protection.)
169.It Dv SSL_OP_SINGLE_DH_USE
170Always create a new key when using temporary/ephemeral DH parameters
171(see
172.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
173This option must be used to prevent small subgroup attacks, when the DH
174parameters were not generated using
175.Dq strong
176primes (e.g., when using DSA-parameters, see
177.Xr openssl 1 ) .
178If
179.Dq strong
180primes were used, it is not strictly necessary to generate a new DH key during
181each handshake but it is also recommended.
182.Dv SSL_OP_SINGLE_DH_USE
183should therefore be enabled whenever temporary/ephemeral DH parameters are used.
184.It SSL_OP_EPHEMERAL_RSA
185Always use ephemeral (temporary) RSA key when doing RSA operations (see
186.Xr SSL_CTX_set_tmp_rsa_callback 3 ) .
187According to the specifications, this is only done when a RSA key can only be
188used for signature operations (namely under export ciphers with restricted RSA
189keylength).
190By setting this option, ephemeral RSA keys are always used.
191This option breaks compatibility with the SSL/TLS specifications and may lead
192to interoperability problems with clients and should therefore never be used.
193Ciphers with EDH (ephemeral Diffie-Hellman) key exchange should be used instead.
194.It Dv SSL_OP_CIPHER_SERVER_PREFERENCE
195When choosing a cipher, use the server's preferences instead of the client
196preferences.
197When not set, the SSL server will always follow the client's preferences.
198When set, the SSLv3/TLSv1 server will choose following its own preferences.
199Because of the different protocol, for SSLv2 the server will send its list of
200preferences to the client and the client chooses.
201.It Dv SSL_OP_NETSCAPE_CA_DN_BUG
202As of
203.Ox 5.8 ,
204this option has no effect.
205.It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
206As of
207.Ox 5.8 ,
208this option has no effect.
209.It Dv SSL_OP_NO_SSLv2
210As of
211.Ox 5.6 ,
212this option has no effect as SSLv2 support has been removed.
213In previous versions it disabled use of the SSLv2 protocol.
214.It Dv SSL_OP_NO_SSLv3
215Do not use the SSLv3 protocol.
216.It Dv SSL_OP_NO_TLSv1
217Do not use the TLSv1.0 protocol.
218.It Dv SSL_OP_NO_TLSv1_1
219Do not use the TLSv1.1 protocol.
220.It Dv SSL_OP_NO_TLSv1_2
221Do not use the TLSv1.2 protocol.
222.It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
223When performing renegotiation as a server, always start a new session (i.e.,
224session resumption requests are only accepted in the initial handshake).
225This option is not needed for clients.
226.It Dv SSL_OP_NO_TICKET
227Normally clients and servers will, where possible, transparently make use of
228RFC4507bis tickets for stateless session resumption.
229.Pp
230If this option is set this functionality is disabled and tickets will not be
231used by clients or servers.
232.It Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
233As of
234.Ox 5.6 ,
235this option has no effect.
236In previous versions it allowed legacy insecure renegotiation between OpenSSL
237and unpatched clients or servers.
238See the
239.Sx SECURE RENEGOTIATION
240section for more details.
241.It Dv SSL_OP_LEGACY_SERVER_CONNECT
242Allow legacy insecure renegotiation between OpenSSL and unpatched servers
243.Em only :
244this option is currently set by default.
245See the
246.Sx SECURE RENEGOTIATION
247section for more details.
248.El
249.Sh SECURE RENEGOTIATION
250OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
251described in RFC5746.
252This counters the prefix attack described in CVE-2009-3555 and elsewhere.
253.Pp
254The deprecated and highly broken SSLv2 protocol does not support renegotiation
255at all; its use is
256.Em strongly
257discouraged.
258.Pp
259This attack has far-reaching consequences which application writers should be
260aware of.
261In the description below an implementation supporting secure renegotiation is
262referred to as
263.Dq patched .
264A server not supporting secure
265renegotiation is referred to as
266.Dq unpatched .
267.Pp
268The following sections describe the operations permitted by OpenSSL's secure
269renegotiation implementation.
270.Ss Patched client and server
271Connections and renegotiation are always permitted by OpenSSL implementations.
272.Ss Unpatched client and patched OpenSSL server
273The initial connection succeeds but client renegotiation is denied by the
274server with a
275.Em no_renegotiation
276warning alert if TLS v1.0 is used or a fatal
277.Em handshake_failure
278alert in SSL v3.0.
279.Pp
280If the patched OpenSSL server attempts to renegotiate a fatal
281.Em handshake_failure
282alert is sent.
283This is because the server code may be unaware of the unpatched nature of the
284client.
285.Pp
286.Em N.B.:
287a bug in OpenSSL clients earlier than 0.9.8m (all of which are unpatched) will
288result in the connection hanging if it receives a
289.Em no_renegotiation
290alert.
291OpenSSL versions 0.9.8m and later will regard a
292.Em no_renegotiation
293alert as fatal and respond with a fatal
294.Em handshake_failure
295alert.
296This is because the OpenSSL API currently has no provision to indicate to an
297application that a renegotiation attempt was refused.
298.Ss Patched OpenSSL client and unpatched server
299If the option
300.Dv SSL_OP_LEGACY_SERVER_CONNECT
301is set then initial connections and renegotiation between patched OpenSSL
302clients and unpatched servers succeeds.
303If neither option is set then initial connections to unpatched servers will
304fail.
305.Pp
306The option
307.Dv SSL_OP_LEGACY_SERVER_CONNECT
308is currently set by default even though it has security implications:
309otherwise it would be impossible to connect to unpatched servers (i.e., all of
310them initially) and this is clearly not acceptable.
311Renegotiation is permitted because this does not add any additional security
312issues: during an attack clients do not see any renegotiations anyway.
313.Pp
314As more servers become patched the option
315.Dv SSL_OP_LEGACY_SERVER_CONNECT
316will
317.Em not
318be set by default in a future version of OpenSSL.
319.Pp
320OpenSSL client applications wishing to ensure they can connect to unpatched
321servers should always
322.Em set
323.Dv SSL_OP_LEGACY_SERVER_CONNECT
324.Pp
325OpenSSL client applications that want to ensure they can
326.Em not
327connect to unpatched servers (and thus avoid any security issues) should always
328.Em clear
329.Dv SSL_OP_LEGACY_SERVER_CONNECT
330using
331.Fn SSL_CTX_clear_options
332or
333.Fn SSL_clear_options .
334.Sh RETURN VALUES
335.Fn SSL_CTX_set_options
336and
337.Fn SSL_set_options
338return the new options bitmask after adding
339.Fa options .
340.Pp
341.Fn SSL_CTX_clear_options
342and
343.Fn SSL_clear_options
344return the new options bitmask after clearing
345.Fa options .
346.Pp
347.Fn SSL_CTX_get_options
348and
349.Fn SSL_get_options
350return the current bitmask.
351.Pp
352.Fn SSL_get_secure_renegotiation_support
353returns 1 is the peer supports secure renegotiation and 0 if it does not.
354.Sh SEE ALSO
355.Xr openssl 1 ,
356.Xr ssl 3 ,
357.Xr SSL_clear 3 ,
358.Xr SSL_CTX_set_tmp_dh_callback 3 ,
359.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
360.Xr SSL_new 3
361.Sh HISTORY
362.Dv SSL_OP_CIPHER_SERVER_PREFERENCE
363and
364.Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
365have been added in
366OpenSSL 0.9.7.
367.Pp
368.Dv SSL_OP_TLS_ROLLBACK_BUG
369has been added in OpenSSL 0.9.6 and was automatically enabled with
370.Dv SSL_OP_ALL .
371As of 0.9.7, it is no longer included in
372.Dv SSL_OP_ALL
373and must be explicitly set.
374.Pp
375.Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
376has been added in OpenSSL 0.9.6e.
377Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be
378disabled with this option (in OpenSSL 0.9.6d, it was always enabled).
379.Pp
380.Fn SSL_CTX_clear_options
381and
382.Fn SSL_clear_options
383were first added in OpenSSL 0.9.8m.
384.Pp
385.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ,
386.Dv SSL_OP_LEGACY_SERVER_CONNECT
387and the function
388.Fn SSL_get_secure_renegotiation_support
389were first added in OpenSSL 0.9.8m.
390.Pp
391.Dv SSL_OP_NO_SSLv2
392and
393.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
394were changed to have no effect in
395.Ox 5.6 .
diff --git a/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3
deleted file mode 100644
index 40504ce59a..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_psk_client_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_PSK_CLIENT_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_psk_client_callback ,
9.Nm SSL_set_psk_client_callback
10.Nd set PSK client callback
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fo SSL_CTX_set_psk_client_callback
15.Fa "SSL_CTX *ctx"
16.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
17unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
18.Fc
19.Ft void
20.Fo SSL_set_psk_client_callback
21.Fa "SSL *ssl"
22.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
23unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
24.Fc
25.Sh DESCRIPTION
26A client application must provide a callback function which is called
27when the client is sending the ClientKeyExchange message to the server.
28.Pp
29The purpose of the callback function is to select the PSK identity and
30the pre-shared key to use during the connection setup phase.
31.Pp
32The callback is set using functions
33.Fn SSL_CTX_set_psk_client_callback
34or
35.Fn SSL_set_psk_client_callback .
36The callback function is given the connection in parameter
37.Fa ssl ,
38a
39.Dv NULL Ns
40-terminated PSK identity hint sent by the server in parameter
41.Fa hint ,
42a buffer
43.Fa identity
44of length
45.Fa max_identity_len
46bytes where the resulting
47.Dv NULL Ns
48-terminated identity is to be stored, and a buffer
49.Fa psk
50of
51length
52.Fa max_psk_len
53bytes where the resulting pre-shared key is to be stored.
54.Sh NOTES
55Note that parameter
56.Fa hint
57given to the callback may be
58.Dv NULL .
59.Sh RETURN VALUES
60Return values from the client callback are interpreted as follows:
61.Pp
62On success (callback found a PSK identity and a pre-shared key to use)
63the length (> 0) of
64.Fa psk
65in bytes is returned.
66.Pp
67Otherwise or on errors callback should return 0.
68In this case the connection setup fails.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3 b/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3
deleted file mode 100644
index 5cad447318..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3
+++ /dev/null
@@ -1,115 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.3 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_QUIET_SHUTDOWN 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_quiet_shutdown ,
9.Nm SSL_CTX_get_quiet_shutdown ,
10.Nm SSL_set_quiet_shutdown ,
11.Nm SSL_get_quiet_shutdown
12.Nd manipulate shutdown behaviour
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
17.Ft int
18.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
19.Ft void
20.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
21.Ft int
22.Fn SSL_get_quiet_shutdown "const SSL *ssl"
23.Sh DESCRIPTION
24.Fn SSL_CTX_set_quiet_shutdown
25sets the
26.Dq quiet shutdown
27flag for
28.Fa ctx
29to be
30.Fa mode .
31.Vt SSL
32objects created from
33.Fa ctx
34inherit the
35.Fa mode
36valid at the time
37.Xr SSL_new 3
38is called.
39.Fa mode
40may be 0 or 1.
41.Pp
42.Fn SSL_CTX_get_quiet_shutdown
43returns the
44.Dq quiet shutdown
45setting of
46.Fa ctx .
47.Pp
48.Fn SSL_set_quiet_shutdown
49sets the
50.Dq quiet shutdown
51flag for
52.Fa ssl
53to be
54.Fa mode .
55The setting stays valid until
56.Fa ssl
57is removed with
58.Xr SSL_free 3
59or
60.Fn SSL_set_quiet_shutdown
61is called again.
62It is not changed when
63.Xr SSL_clear 3
64is called.
65.Fa mode
66may be 0 or 1.
67.Pp
68.Fn SSL_get_quiet_shutdown
69returns the
70.Dq quiet shutdown
71setting of
72.Fa ssl .
73.Sh NOTES
74Normally when a SSL connection is finished, the parties must send out
75.Dq close notify
76alert messages using
77.Xr SSL_shutdown 3
78for a clean shutdown.
79.Pp
80When setting the
81.Dq quiet shutdown
82flag to 1,
83.Xr SSL_shutdown 3
84will set the internal flags to
85.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN
86.Po
87.Xr SSL_shutdown 3
88then behaves like
89.Xr SSL_set_shutdown 3
90called with
91.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN
92.Pc .
93The session is thus considered to be shut down, but no
94.Dq close notify
95alert is sent to the peer.
96This behaviour violates the TLS standard.
97.Pp
98The default is normal shutdown behaviour as described by the TLS standard.
99.Sh RETURN VALUES
100.Fn SSL_CTX_set_quiet_shutdown
101and
102.Fn SSL_set_quiet_shutdown
103do not return diagnostic information.
104.Pp
105.Fn SSL_CTX_get_quiet_shutdown
106and
107.Fn SSL_get_quiet_shutdown
108return the current setting.
109.Sh SEE ALSO
110.Xr ssl 3 ,
111.Xr SSL_clear 3 ,
112.Xr SSL_free 3 ,
113.Xr SSL_new 3 ,
114.Xr SSL_set_shutdown 3 ,
115.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3 b/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3
deleted file mode 100644
index a4e147f05a..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3
+++ /dev/null
@@ -1,143 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_session_cache_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_SESSION_CACHE_MODE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_session_cache_mode ,
9.Nm SSL_CTX_get_session_cache_mode
10.Nd enable/disable session caching
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft long
14.Fn SSL_CTX_set_session_cache_mode "SSL_CTX ctx" "long mode"
15.Ft long
16.Fn SSL_CTX_get_session_cache_mode "SSL_CTX ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_session_cache_mode
19enables/disables session caching by setting the operational mode for
20.Ar ctx
21to
22.Ar mode .
23.Pp
24.Fn SSL_CTX_get_session_cache_mode
25returns the currently used cache mode.
26.Sh NOTES
27The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
28The sessions can be held in memory for each
29.Fa ctx ,
30if more than one
31.Vt SSL_CTX
32object is being maintained, the sessions are unique for each
33.Vt SSL_CTX
34object.
35.Pp
36In order to reuse a session, a client must send the session's id to the server.
37It can only send exactly one id.
38The server then either agrees to reuse the session or it starts a full
39handshake (to create a new session).
40.Pp
41A server will lookup up the session in its internal session storage.
42If the session is not found in internal storage or lookups for the internal
43storage have been deactivated
44.Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ,
45the server will try the external storage if available.
46.Pp
47Since a client may try to reuse a session intended for use in a different
48context, the session id context must be set by the server (see
49.Xr SSL_CTX_set_session_id_context 3 ) .
50.Pp
51The following session cache modes and modifiers are available:
52.Bl -tag -width Ds
53.It Dv SSL_SESS_CACHE_OFF
54No session caching for client or server takes place.
55.It Dv SSL_SESS_CACHE_CLIENT
56Client sessions are added to the session cache.
57As there is no reliable way for the OpenSSL library to know whether a session
58should be reused or which session to choose (due to the abstract BIO layer the
59SSL engine does not have details about the connection),
60the application must select the session to be reused by using the
61.Xr SSL_set_session 3
62function.
63This option is not activated by default.
64.It Dv SSL_SESS_CACHE_SERVER
65Server sessions are added to the session cache.
66When a client proposes a session to be reused, the server looks for the
67corresponding session in (first) the internal session cache (unless
68.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
69is set), then (second) in the external cache if available.
70If the session is found, the server will try to reuse the session.
71This is the default.
72.It Dv SSL_SESS_CACHE_BOTH
73Enable both
74.Dv SSL_SESS_CACHE_CLIENT
75and
76.Dv SSL_SESS_CACHE_SERVER
77at the same time.
78.It Dv SSL_SESS_CACHE_NO_AUTO_CLEAR
79Normally the session cache is checked for expired sessions every 255
80connections using the
81.Xr SSL_CTX_flush_sessions 3
82function.
83Since this may lead to a delay which cannot be controlled,
84the automatic flushing may be disabled and
85.Xr SSL_CTX_flush_sessions 3
86can be called explicitly by the application.
87.It Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
88By setting this flag, session-resume operations in an SSL/TLS server will not
89automatically look up sessions in the internal cache,
90even if sessions are automatically stored there.
91If external session caching callbacks are in use,
92this flag guarantees that all lookups are directed to the external cache.
93As automatic lookup only applies for SSL/TLS servers,
94the flag has no effect on clients.
95.It Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
96Depending on the presence of
97.Dv SSL_SESS_CACHE_CLIENT
98and/or
99.Dv SSL_SESS_CACHE_SERVER ,
100sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
101Normally a new session is added to the internal cache as well as any external
102session caching (callback) that is configured for the
103.Vt SSL_CTX .
104This flag will prevent sessions being stored in the internal cache
105(though the application can add them manually using
106.Xr SSL_CTX_add_session 3 ) .
107Note:
108in any SSL/TLS servers where external caching is configured, any successful
109session lookups in the external cache (e.g., for session-resume requests) would
110normally be copied into the local cache before processing continues \(en this
111flag prevents these additions to the internal cache as well.
112.It Dv SSL_SESS_CACHE_NO_INTERNAL
113Enable both
114.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
115and
116.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
117at the same time.
118.El
119.Pp
120The default mode is
121.Dv SSL_SESS_CACHE_SERVER .
122.Sh RETURN VALUES
123.Fn SSL_CTX_set_session_cache_mode
124returns the previously set cache mode.
125.Pp
126.Fn SSL_CTX_get_session_cache_mode
127returns the currently set cache mode.
128.Sh SEE ALSO
129.Xr ssl 3 ,
130.Xr SSL_CTX_add_session 3 ,
131.Xr SSL_CTX_flush_sessions 3 ,
132.Xr SSL_CTX_sess_number 3 ,
133.Xr SSL_CTX_sess_set_cache_size 3 ,
134.Xr SSL_CTX_sess_set_get_cb 3 ,
135.Xr SSL_CTX_set_session_id_context 3 ,
136.Xr SSL_CTX_set_timeout 3 ,
137.Xr SSL_session_reused 3 ,
138.Xr SSL_set_session 3
139.Sh HISTORY
140.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
141and
142.Dv SSL_SESS_CACHE_NO_INTERNAL
143were introduced in OpenSSL 0.9.6h.
diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
deleted file mode 100644
index 8f85c4e938..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3
+++ /dev/null
@@ -1,105 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_session_id_context.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_session_id_context ,
9.Nm SSL_set_session_id_context
10.Nd set context within which session can be reused (server side only)
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft int
14.Fo SSL_CTX_set_session_id_context
15.Fa "SSL_CTX *ctx"
16.Fa const unsigned char *sid_ctx"
17.Fa "unsigned int sid_ctx_len"
18.Fc
19.Ft int
20.Fo SSL_set_session_id_context
21.Fa "SSL *ssl"
22.Fa const unsigned char *sid_ctx"
23.Fa "unsigned int sid_ctx_len"
24.Fc
25.Sh DESCRIPTION
26.Fn SSL_CTX_set_session_id_context
27sets the context
28.Fa sid_ctx
29of length
30.Fa sid_ctx_len
31within which a session can be reused for the
32.Fa ctx
33object.
34.Pp
35.Fn SSL_set_session_id_context
36sets the context
37.Fa sid_ctx
38of length
39.Fa sid_ctx_len
40within which a session can be reused for the
41.Fa ssl
42object.
43.Sh NOTES
44Sessions are generated within a certain context.
45When exporting/importing sessions with
46.Xr i2d_SSL_SESSION 3
47and
48.Xr d2i_SSL_SESSION 3 ,
49it would be possible to re-import a session generated from another context
50(e.g., another application), which might lead to malfunctions.
51Therefore each application must set its own session id context
52.Fa sid_ctx
53which is used to distinguish the contexts and is stored in exported sessions.
54The
55.Fa sid_ctx
56can be any kind of binary data with a given length; it is therefore possible
57to use, for instance, the name of the application, the hostname, the service
58name...
59.Pp
60The session id context becomes part of the session.
61The session id context is set by the SSL/TLS server.
62The
63.Fn SSL_CTX_set_session_id_context
64and
65.Fn SSL_set_session_id_context
66functions are therefore only useful on the server side.
67.Pp
68OpenSSL clients will check the session id context returned by the server when
69reusing a session.
70.Pp
71The maximum length of the
72.Fa sid_ctx
73is limited to
74.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
75.Sh WARNINGS
76If the session id context is not set on an SSL/TLS server and client
77certificates are used, stored sessions will not be reused but a fatal error
78will be flagged and the handshake will fail.
79.Pp
80If a server returns a different session id context to an OpenSSL client
81when reusing a session, an error will be flagged and the handshake will
82fail.
83OpenSSL servers will always return the correct session id context,
84as an OpenSSL server checks the session id context itself before reusing
85a session as described above.
86.Sh RETURN VALUES
87.Fn SSL_CTX_set_session_id_context
88and
89.Fn SSL_set_session_id_context
90return the following values:
91.Bl -tag -width Ds
92.It 0
93The length
94.Fa sid_ctx_len
95of the session id context
96.Fa sid_ctx
97exceeded
98the maximum allowed length of
99.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
100The error is logged to the error stack.
101.It 1
102The operation succeeded.
103.El
104.Sh SEE ALSO
105.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3 b/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3
deleted file mode 100644
index f4bd74e73b..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3
+++ /dev/null
@@ -1,81 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_ssl_version.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_SSL_VERSION 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_ssl_version ,
9.Nm SSL_set_ssl_method ,
10.Nm SSL_get_ssl_method
11.Nd choose a new TLS/SSL method
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *method"
16.Ft int
17.Fn SSL_set_ssl_method "SSL *s" "const SSL_METHOD *method"
18.Ft const SSL_METHOD *
19.Fn SSL_get_ssl_method "SSL *ssl"
20.Sh DESCRIPTION
21.Fn SSL_CTX_set_ssl_version
22sets a new default TLS/SSL
23.Fa method
24for
25.Vt SSL
26objects newly created from this
27.Fa ctx .
28.Vt SSL
29objects already created with
30.Xr SSL_new 3
31are not affected, except when
32.Xr SSL_clear 3
33is called.
34.Pp
35.Fn SSL_set_ssl_method
36sets a new TLS/SSL
37.Fa method
38for a particular
39.Vt SSL
40object
41.Fa s .
42It may be reset when
43.Xr SSL_clear 3
44is called.
45.Pp
46.Fn SSL_get_ssl_method
47returns a function pointer to the TLS/SSL method set in
48.Fa ssl .
49.Sh NOTES
50The available
51.Fa method
52choices are described in
53.Xr SSL_CTX_new 3 .
54.Pp
55When
56.Xr SSL_clear 3
57is called and no session is connected to an
58.Vt SSL
59object, the method of the
60.Vt SSL
61object is reset to the method currently set in the corresponding
62.Vt SSL_CTX
63object.
64.Sh RETURN VALUES
65The following return values can occur for
66.Fn SSL_CTX_set_ssl_version
67and
68.Fn SSL_set_ssl_method :
69.Bl -tag -width Ds
70.It 0
71The new choice failed.
72Check the error stack to find out the reason.
73.It 1
74The operation succeeded.
75.El
76.Sh SEE ALSO
77.Xr ssl 3 ,
78.Xr SSL_clear 3 ,
79.Xr SSL_CTX_new 3 ,
80.Xr SSL_new 3 ,
81.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_timeout.3 b/src/lib/libssl/doc/SSL_CTX_set_timeout.3
deleted file mode 100644
index 6454c4616f..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_timeout.3
+++ /dev/null
@@ -1,65 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_timeout.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_TIMEOUT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_timeout ,
9.Nm SSL_CTX_get_timeout
10.Nd manipulate timeout values for session caching
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft long
14.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
15.Ft long
16.Fn SSL_CTX_get_timeout "SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_set_timeout
19sets the timeout for newly created sessions for
20.Fa ctx
21to
22.Fa t .
23The timeout value
24.Fa t
25must be given in seconds.
26.Pp
27.Fn SSL_CTX_get_timeout
28returns the currently set timeout value for
29.Fa ctx .
30.Sh NOTES
31Whenever a new session is created, it is assigned a maximum lifetime.
32This lifetime is specified by storing the creation time of the session and the
33timeout value valid at this time.
34If the actual time is later than creation time plus timeout,
35the session is not reused.
36.Pp
37Due to this realization, all sessions behave according to the timeout value
38valid at the time of the session negotiation.
39Changes of the timeout value do not affect already established sessions.
40.Pp
41The expiration time of a single session can be modified using the
42.Xr SSL_SESSION_get_time 3
43family of functions.
44.Pp
45Expired sessions are removed from the internal session cache, whenever
46.Xr SSL_CTX_flush_sessions 3
47is called, either directly by the application or automatically (see
48.Xr SSL_CTX_set_session_cache_mode 3 ) .
49.Pp
50The default value for session timeout is decided on a per-protocol basis; see
51.Xr SSL_get_default_timeout 3 .
52All currently supported protocols have the same default timeout value of 300
53seconds.
54.Sh RETURN VALUES
55.Fn SSL_CTX_set_timeout
56returns the previously set timeout value.
57.Pp
58.Fn SSL_CTX_get_timeout
59returns the currently set timeout value.
60.Sh SEE ALSO
61.Xr ssl 3 ,
62.Xr SSL_CTX_flush_sessions 3 ,
63.Xr SSL_CTX_set_session_cache_mode 3 ,
64.Xr SSL_get_default_timeout 3 ,
65.Xr SSL_SESSION_get_time 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3
deleted file mode 100644
index 17eed868ee..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3
+++ /dev/null
@@ -1,235 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_tmp_dh_callback ,
9.Nm SSL_CTX_set_tmp_dh ,
10.Nm SSL_set_tmp_dh_callback ,
11.Nm SSL_set_tmp_dh
12.Nd handle DH keys for ephemeral key exchange
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fo SSL_CTX_set_tmp_dh_callback
17.Fa "SSL_CTX *ctx"
18.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)"
19.Fc
20.Ft long
21.Fn SSL_CTX_set_tmp_dh "SSL_CTX *ctx" "DH *dh"
22.Ft void
23.Fo SSL_set_tmp_dh_callback
24.Fa "SSL *ssl"
25.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength"
26.Fc
27.Ft long
28.Fn SSL_set_tmp_dh "SSL *ssl" "DH *dh"
29.Sh DESCRIPTION
30.Fn SSL_CTX_set_tmp_dh_callback
31sets the callback function for
32.Fa ctx
33to be used when a DH parameters are required to
34.Fa tmp_dh_callback .
35The callback is inherited by all
36.Vt ssl
37objects created from
38.Fa ctx .
39.Pp
40.Fn SSL_CTX_set_tmp_dh
41sets DH parameters to be used to be
42.Sy dh Ns .
43The key is inherited by all
44.Fa ssl
45objects created from
46.Fa ctx .
47.Pp
48.Fn SSL_set_tmp_dh_callback
49sets the callback only for
50.Fa ssl .
51.Pp
52.Fn SSL_set_tmp_dh
53sets the parameters only for
54.Fa ssl .
55.Pp
56These functions apply to SSL/TLS servers only.
57.Sh NOTES
58When using a cipher with RSA authentication,
59an ephemeral DH key exchange can take place.
60Ciphers with DSA keys always use ephemeral DH keys as well.
61In these cases, the session data are negotiated using the ephemeral/temporary
62DH key and the key supplied and certified by the certificate chain is only used
63for signing.
64Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
65.Pp
66Using ephemeral DH key exchange yields forward secrecy,
67as the connection can only be decrypted when the DH key is known.
68By generating a temporary DH key inside the server application that is lost
69when the application is left, it becomes impossible for an attacker to decrypt
70past sessions, even if he gets hold of the normal (certified) key,
71as this key was only used for signing.
72.Pp
73In order to perform a DH key exchange the server must use a DH group
74(DH parameters) and generate a DH key.
75The server will always generate a new DH key during the negotiation,
76when the DH parameters are supplied via callback and/or when the
77.Dv SSL_OP_SINGLE_DH_USE
78option of
79.Xr SSL_CTX_set_options 3
80is set.
81It will immediately create a DH key, when DH parameters are supplied via
82.Fn SSL_CTX_set_tmp_dh
83and
84.Dv SSL_OP_SINGLE_DH_USE
85is not set.
86In this case, it may happen that a key is generated on initialization without
87later being needed, while on the other hand the computer time during the
88negotiation is being saved.
89.Pp
90If
91.Dq strong
92primes were used to generate the DH parameters, it is not strictly necessary to
93generate a new key for each handshake but it does improve forward secrecy.
94If it is not assured that
95.Dq strong
96primes were used (see especially the section about DSA parameters below),
97.Dv SSL_OP_SINGLE_DH_USE
98must be used in order to prevent small subgroup attacks.
99Always using
100.Dv SSL_OP_SINGLE_DH_USE
101has an impact on the computer time needed during negotiation,
102but it is not very large,
103so application authors/users should consider always enabling this option.
104.Pp
105As generating DH parameters is extremely time consuming, an application should
106not generate the parameters on the fly but supply the parameters.
107DH parameters can be reused,
108as the actual key is newly generated during the negotiation.
109The risk in reusing DH parameters is that an attacker may specialize on a very
110often used DH group.
111Applications should therefore generate their own DH parameters during the
112installation process using the openssl
113.Xr openssl 1
114application.
115In order to reduce the computer time needed for this generation,
116it is possible to use DSA parameters instead (see
117.Xr openssl 1 ) ,
118but in this case
119.Dv SSL_OP_SINGLE_DH_USE
120is mandatory.
121.Pp
122Application authors may compile in DH parameters.
123Files
124.Pa dh512.pem ,
125.Pa dh1024.pem ,
126.Pa dh2048.pem ,
127and
128.Pa dh4096.pem
129in the
130.Pa apps
131directory of the current version of the OpenSSL distribution contain the
132.Sq SKIP
133DH parameters,
134which use safe primes and were generated verifiably pseudo-randomly.
135These files can be converted into C code using the
136.Fl C
137option of the
138.Xr openssl 1
139application.
140Authors may also generate their own set of parameters using
141.Xr openssl 1 ,
142but a user may not be sure how the parameters were generated.
143The generation of DH parameters during installation is therefore recommended.
144.Pp
145An application may either directly specify the DH parameters or can supply the
146DH parameters via a callback function.
147The callback approach has the advantage that the callback may supply DH
148parameters for different key lengths.
149.Pp
150The
151.Fa tmp_dh_callback
152is called with the
153.Fa keylength
154needed and the
155.Fa is_export
156information.
157The
158.Fa is_export
159flag is set when the ephemeral DH key exchange is performed with an export
160cipher.
161.Sh RETURN VALUES
162.Fn SSL_CTX_set_tmp_dh_callback
163and
164.Fn SSL_set_tmp_dh_callback
165do not return diagnostic output.
166.Pp
167.Fn SSL_CTX_set_tmp_dh
168and
169.Fn SSL_set_tmp_dh
170do return 1 on success and 0 on failure.
171Check the error queue to find out the reason of failure.
172.Sh EXAMPLES
173Handle DH parameters for key lengths of 512 and 1024 bits.
174(Error handling partly left out.)
175.Bd -literal
176\&...
177/* Set up ephemeral DH stuff */
178DH *dh_512 = NULL;
179DH *dh_1024 = NULL;
180FILE *paramfile;
181
182\&...
183
184/* "openssl dhparam -out dh_param_512.pem -2 512" */
185paramfile = fopen("dh_param_512.pem", "r");
186if (paramfile) {
187 dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
188 fclose(paramfile);
189}
190/* "openssl dhparam -out dh_param_1024.pem -2 1024" */
191paramfile = fopen("dh_param_1024.pem", "r");
192if (paramfile) {
193 dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
194 fclose(paramfile);
195}
196
197\&...
198
199/* "openssl dhparam -C -2 512" etc... */
200DH *get_dh512() { ... }
201DH *get_dh1024() { ... }
202
203DH *
204tmp_dh_callback(SSL *s, int is_export, int keylength)
205{
206 DH *dh_tmp=NULL;
207
208 switch (keylength) {
209 case 512:
210 if (!dh_512)
211 dh_512 = get_dh512();
212 dh_tmp = dh_512;
213 break;
214 case 1024:
215 if (!dh_1024)
216 dh_1024 = get_dh1024();
217 dh_tmp = dh_1024;
218 break;
219 default:
220 /*
221 * Generating a key on the fly is very costly,
222 * so use what is there
223 */
224 setup_dh_parameters_like_above();
225 }
226
227 return(dh_tmp);
228}
229.Ed
230.Sh SEE ALSO
231.Xr openssl 1 ,
232.Xr ssl 3 ,
233.Xr SSL_CTX_set_cipher_list 3 ,
234.Xr SSL_CTX_set_options 3 ,
235.Xr SSL_CTX_set_tmp_rsa_callback 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3
deleted file mode 100644
index 253274d122..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3
+++ /dev/null
@@ -1,231 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_TMP_RSA_CALLBACK.POD 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_tmp_rsa_callback ,
9.Nm SSL_CTX_set_tmp_rsa ,
10.Nm SSL_CTX_need_tmp_rsa ,
11.Nm SSL_set_tmp_rsa_callback ,
12.Nm SSL_set_tmp_rsa ,
13.Nm SSL_need_tmp_rsa
14.Nd handle RSA keys for ephemeral key exchange
15.Sh SYNOPSIS
16.In openssl/ssl.h
17.Ft void
18.Fo SSL_CTX_set_tmp_rsa_callback
19.Fa "SSL_CTX *ctx"
20.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
21.Fc
22.Ft long
23.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
24.Ft long
25.Fn SSL_CTX_need_tmp_rsa "SSL_CTX *ctx"
26.Ft void
27.Fo SSL_set_tmp_rsa_callback
28.Fa "SSL_CTX *ctx"
29.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
30.Fc
31.Ft long
32.Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa"
33.Ft long
34.Fn SSL_need_tmp_rsa "SSL *ssl"
35.Ft RSA *
36.Fn "(*tmp_rsa_callback)" "SSL *ssl" "int is_export" "int keylength"
37.Sh DESCRIPTION
38.Fn SSL_CTX_set_tmp_rsa_callback
39sets the callback function for
40.Fa ctx
41to be used when a temporary/ephemeral RSA key is required to
42.Fa tmp_rsa_callback .
43The callback is inherited by all
44.Vt SSL
45objects newly created from
46.Fa ctx
47with
48.Xr SSL_new 3 .
49Already created SSL objects are not affected.
50.Pp
51.Fn SSL_CTX_set_tmp_rsa
52sets the temporary/ephemeral RSA key to be used to be
53.Fa rsa .
54The key is inherited by all
55.Vt SSL
56objects newly created from
57.Fa ctx
58with
59.Xr SSL_new 3 .
60Already created SSL objects are not affected.
61.Pp
62.Fn SSL_CTX_need_tmp_rsa
63returns 1,
64if a temporary/ephemeral RSA key is needed for RSA-based strength-limited
65.Sq exportable
66ciphersuites because a RSA key with a keysize larger than 512 bits is installed.
67.Pp
68.Fn SSL_set_tmp_rsa_callback
69sets the callback only for
70.Fa ssl .
71.Pp
72.Fn SSL_set_tmp_rsa
73sets the key only for
74.Fa ssl .
75.Pp
76.Fn SSL_need_tmp_rsa
77returns 1,
78if a temporary/ephemeral RSA key is needed for RSA-based strength-limited
79.Sq exportable
80ciphersuites because a RSA key with a keysize larger than 512 bits is installed.
81.Pp
82These functions apply to SSL/TLS servers only.
83.Sh NOTES
84When using a cipher with RSA authentication,
85an ephemeral RSA key exchange can take place.
86In this case the session data are negotiated using the ephemeral/temporary RSA
87key and the RSA key supplied and certified by the certificate chain is only
88used for signing.
89.Pp
90Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
91than the usual key length of 1024 bits were created.
92To use these ciphers with RSA keys of usual length, an ephemeral key exchange
93must be performed, as the normal (certified) key cannot be directly used.
94.Pp
95Using ephemeral RSA key exchange yields forward secrecy,
96as the connection can only be decrypted when the RSA key is known.
97By generating a temporary RSA key inside the server application that is lost
98when the application is left, it becomes impossible for an attacker to decrypt
99past sessions, even if he gets hold of the normal (certified) RSA key,
100as this key was used for signing only.
101The downside is that creating a RSA key is computationally expensive.
102.Pp
103Additionally, the use of ephemeral RSA key exchange is only allowed in the TLS
104standard when the RSA key can be used for signing only, that is,
105for export ciphers.
106Using ephemeral RSA key exchange for other purposes violates the standard and
107can break interoperability with clients.
108It is therefore strongly recommended to not use ephemeral RSA key exchange and
109use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve
110forward secrecy (see
111.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
112.Pp
113On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
114and must be explicitly enabled using the
115.Dv SSL_OP_EPHEMERAL_RSA
116option of
117.Xr SSL_CTX_set_options 3 ,
118violating the TLS/SSL
119standard.
120When ephemeral RSA key exchange is required for export ciphers,
121it will automatically be used without this option!
122.Pp
123An application may either directly specify the key or can supply the key via
124a callback function.
125The callback approach has the advantage that the callback may generate the key
126only in case it is actually needed.
127However, as the generation of a RSA key is costly,
128it will lead to a significant delay in the handshake procedure.
129Another advantage of the callback function is that it can supply keys of
130different size (e.g., for
131.Dv SSL_OP_EPHEMERAL_RSA
132usage) while the explicit setting of the key is only useful for key size of
133512 bits to satisfy the export restricted ciphers and does give away key length
134if a longer key would be allowed.
135.Pp
136The
137.Fa tmp_rsa_callback
138is called with the
139.Fa keylength
140needed and the
141.Fa is_export
142information.
143The
144.Fa is_export
145flag is set when the ephemeral RSA key exchange is performed with an export
146cipher.
147.Sh RETURN VALUES
148.Fn SSL_CTX_set_tmp_rsa_callback
149and
150.Fn SSL_set_tmp_rsa_callback
151do not return diagnostic output.
152.Pp
153.Fn SSL_CTX_set_tmp_rsa
154and
155.Fn SSL_set_tmp_rsa
156return 1 on success and 0 on failure.
157Check the error queue to find out the reason of failure.
158.Pp
159.Fn SSL_CTX_need_tmp_rsa
160and
161.Fn SSL_need_tmp_rsa
162return 1 if a temporary RSA key is needed and 0 otherwise.
163.Sh EXAMPLES
164Generate temporary RSA keys to prepare ephemeral RSA key exchange.
165As the generation of a RSA key costs a lot of computer time,
166they are saved for later reuse.
167For demonstration purposes, two keys for 512 bits and 1024 bits
168respectively are generated.
169.Bd -literal
170\&...
171
172/* Set up ephemeral RSA stuff */
173RSA *rsa_512 = NULL;
174RSA *rsa_1024 = NULL;
175
176rsa_512 = RSA_generate_key(512, RSA_F4, NULL, NULL);
177if (rsa_512 == NULL)
178 evaluate_error_queue();
179
180rsa_1024 = RSA_generate_key(1024, RSA_F4, NULL, NULL);
181if (rsa_1024 == NULL)
182 evaluate_error_queue();
183
184\&...
185
186RSA *
187tmp_rsa_callback(SSL *s, int is_export, int keylength)
188{
189 RSA *rsa_tmp = NULL;
190
191 switch (keylength) {
192 case 512:
193 if (rsa_512)
194 rsa_tmp = rsa_512;
195 else {
196 /*
197 * generate on the fly,
198 * should not happen in this example
199 */
200 rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL,
201 NULL);
202 rsa_512 = rsa_tmp; /* Remember for later reuse */
203 }
204 break;
205 case 1024:
206 if (rsa_1024)
207 rsa_tmp = rsa_1024;
208 else
209 should_not_happen_in_this_example();
210 break;
211 default:
212 /*
213 * Generating a key on the fly is very costly,
214 * so use what is there
215 */
216 if (rsa_1024)
217 rsa_tmp = rsa_1024;
218 else
219 /* Use at least a shorter key */
220 rsa_tmp = rsa_512;
221 }
222 return rsa_tmp;
223}
224.Ed
225.Sh SEE ALSO
226.Xr openssl 1 ,
227.Xr ssl 3 ,
228.Xr SSL_CTX_set_cipher_list 3 ,
229.Xr SSL_CTX_set_options 3 ,
230.Xr SSL_CTX_set_tmp_dh_callback 3 ,
231.Xr SSL_new 3
diff --git a/src/lib/libssl/doc/SSL_CTX_set_verify.3 b/src/lib/libssl/doc/SSL_CTX_set_verify.3
deleted file mode 100644
index 9292f2086b..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_set_verify.3
+++ /dev/null
@@ -1,415 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_set_verify.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_SET_VERIFY 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_set_verify ,
9.Nm SSL_set_verify ,
10.Nm SSL_CTX_set_verify_depth ,
11.Nm SSL_set_verify_depth
12.Nd set peer certificate verification parameters
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft void
16.Fo SSL_CTX_set_verify
17.Fa "SSL_CTX *ctx"
18.Fa "int mode"
19.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
20.Fc
21.Ft void
22.Fo SSL_set_verify
23.Fa "SSL *s"
24.Fa "int mode"
25.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
26.Fc
27.Ft void
28.Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth"
29.Ft void
30.Fn SSL_set_verify_depth "SSL *s" "int depth"
31.Ft int
32.Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx"
33.Sh DESCRIPTION
34.Fn SSL_CTX_set_verify
35sets the verification flags for
36.Fa ctx
37to be
38.Fa mode
39and
40specifies the
41.Fa verify_callback
42function to be used.
43If no callback function shall be specified, the
44.Dv NULL
45pointer can be used for
46.Fa verify_callback .
47.Pp
48.Fn SSL_set_verify
49sets the verification flags for
50.Fa ssl
51to be
52.Fa mode
53and specifies the
54.Fa verify_callback
55function to be used.
56If no callback function shall be specified, the
57.Dv NULL
58pointer can be used for
59.Fa verify_callback .
60In this case last
61.Fa verify_callback
62set specifically for this
63.Fa ssl
64remains.
65If no special callback was set before, the default callback for the underlying
66.Fa ctx
67is used, that was valid at the time
68.Fa ssl
69was created with
70.Xr SSL_new 3 .
71.Pp
72.Fn SSL_CTX_set_verify_depth
73sets the maximum
74.Fa depth
75for the certificate chain verification that shall be allowed for
76.Fa ctx .
77(See the
78.Sx BUGS
79section.)
80.Pp
81.Fn SSL_set_verify_depth
82sets the maximum
83.Fa depth
84for the certificate chain verification that shall be allowed for
85.Fa ssl .
86(See the
87.Sx BUGS
88section.)
89.Sh NOTES
90The verification of certificates can be controlled by a set of bitwise ORed
91.Fa mode
92flags:
93.Bl -tag -width Ds
94.It Dv SSL_VERIFY_NONE
95.Em Server mode:
96the server will not send a client certificate request to the client,
97so the client will not send a certificate.
98.Pp
99.Em Client mode:
100if not using an anonymous cipher (by default disabled),
101the server will send a certificate which will be checked.
102The result of the certificate verification process can be checked after the
103TLS/SSL handshake using the
104.Xr SSL_get_verify_result 3
105function.
106The handshake will be continued regardless of the verification result.
107.It Dv SSL_VERIFY_PEER
108.Em Server mode:
109the server sends a client certificate request to the client.
110The certificate returned (if any) is checked.
111If the verification process fails,
112the TLS/SSL handshake is immediately terminated with an alert message
113containing the reason for the verification failure.
114The behaviour can be controlled by the additional
115.Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
116and
117.Dv SSL_VERIFY_CLIENT_ONCE
118flags.
119.Pp
120.Em Client mode:
121the server certificate is verified.
122If the verification process fails,
123the TLS/SSL handshake is immediately terminated with an alert message
124containing the reason for the verification failure.
125If no server certificate is sent, because an anonymous cipher is used,
126.Dv SSL_VERIFY_PEER
127is ignored.
128.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
129.Em Server mode:
130if the client did not return a certificate, the TLS/SSL
131handshake is immediately terminated with a
132.Dq handshake failure
133alert.
134This flag must be used together with
135.Dv SSL_VERIFY_PEER.
136.Pp
137.Em Client mode:
138ignored
139.It Dv SSL_VERIFY_CLIENT_ONCE
140.Em Server mode:
141only request a client certificate on the initial TLS/SSL handshake.
142Do not ask for a client certificate again in case of a renegotiation.
143This flag must be used together with
144.Dv SSL_VERIFY_PEER .
145.Pp
146.Em Client mode:
147ignored
148.El
149.Pp
150Exactly one of the
151.Fa mode
152flags
153.Dv SSL_VERIFY_NONE
154and
155.Dv SSL_VERIFY_PEER
156must be set at any time.
157.Pp
158The actual verification procedure is performed either using the built-in
159verification procedure or using another application provided verification
160function set with
161.Xr SSL_CTX_set_cert_verify_callback 3 .
162The following descriptions apply in the case of the built-in procedure.
163An application provided procedure also has access to the verify depth
164information and the
165.Fa verify_callback Ns ()
166function, but the way this information is used may be different.
167.Pp
168.Fn SSL_CTX_set_verify_depth
169and
170.Fn SSL_set_verify_depth
171set the limit up to which depth certificates in a chain are used during the
172verification procedure.
173If the certificate chain is longer than allowed,
174the certificates above the limit are ignored.
175Error messages are generated as if these certificates would not be present,
176most likely a
177.Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
178will be issued.
179The depth count is
180.Dq level 0: peer certificate ,
181.Dq level 1: CA certificate ,
182.Dq level 2: higher level CA certificate ,
183and so on.
184Setting the maximum depth to 2 allows the levels 0, 1, and 2.
185The default depth limit is 100,
186allowing for the peer certificate and an additional 100 CA certificates.
187.Pp
188The
189.Fa verify_callback
190function is used to control the behaviour when the
191.Dv SSL_VERIFY_PEER
192flag is set.
193It must be supplied by the application and receives two arguments:
194.Fa preverify_ok
195indicates whether the verification of the certificate in question was passed
196(preverify_ok=1) or not (preverify_ok=0).
197.Fa x509_ctx
198is a pointer to the complete context used
199for the certificate chain verification.
200.Pp
201The certificate chain is checked starting with the deepest nesting level
202(the root CA certificate) and worked upward to the peer's certificate.
203At each level signatures and issuer attributes are checked.
204Whenever a verification error is found, the error number is stored in
205.Fa x509_ctx
206and
207.Fa verify_callback
208is called with
209.Fa preverify_ok
210equal to 0.
211By applying
212.Fn X509_CTX_store_*
213functions
214.Fa verify_callback
215can locate the certificate in question and perform additional steps (see
216.Sx EXAMPLES ) .
217If no error is found for a certificate,
218.Fa verify_callback
219is called with
220.Fa preverify_ok
221equal to 1 before advancing to the next level.
222.Pp
223The return value of
224.Fa verify_callback
225controls the strategy of the further verification process.
226If
227.Fa verify_callback
228returns 0, the verification process is immediately stopped with
229.Dq verification failed
230state.
231If
232.Dv SSL_VERIFY_PEER
233is set, a verification failure alert is sent to the peer and the TLS/SSL
234handshake is terminated.
235If
236.Fa verify_callback
237returns 1, the verification process is continued.
238If
239.Fa verify_callback
240always returns 1,
241the TLS/SSL handshake will not be terminated with respect to verification
242failures and the connection will be established.
243The calling process can however retrieve the error code of the last
244verification error using
245.Xr SSL_get_verify_result 3
246or by maintaining its own error storage managed by
247.Fa verify_callback .
248.Pp
249If no
250.Fa verify_callback
251is specified, the default callback will be used.
252Its return value is identical to
253.Fa preverify_ok ,
254so that any verification
255failure will lead to a termination of the TLS/SSL handshake with an
256alert message, if
257.Dv SSL_VERIFY_PEER
258is set.
259.Sh RETURN VALUES
260The
261.Fn SSL*_set_verify*
262functions do not provide diagnostic information.
263.Sh EXAMPLES
264The following code sequence realizes an example
265.Fa verify_callback
266function that will always continue the TLS/SSL handshake regardless of
267verification failure, if wished.
268The callback realizes a verification depth limit with more informational output.
269.Pp
270All verification errors are printed;
271information about the certificate chain is printed on request.
272The example is realized for a server that does allow but not require client
273certificates.
274.Pp
275The example makes use of the ex_data technique to store application data
276into/retrieve application data from the
277.Vt SSL
278structure (see
279.Xr SSL_get_ex_new_index 3 ,
280.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) .
281.Bd -literal
282\&...
283
284typedef struct {
285 int verbose_mode;
286 int verify_depth;
287 int always_continue;
288} mydata_t;
289int mydata_index;
290\&...
291static int
292verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
293{
294 char buf[256];
295 X509 *err_cert;
296 int err, depth;
297 SSL *ssl;
298 mydata_t *mydata;
299
300 err_cert = X509_STORE_CTX_get_current_cert(ctx);
301 err = X509_STORE_CTX_get_error(ctx);
302 depth = X509_STORE_CTX_get_error_depth(ctx);
303
304 /*
305 * Retrieve the pointer to the SSL of the connection currently
306 * treated * and the application specific data stored into the
307 * SSL object.
308 */
309 ssl = X509_STORE_CTX_get_ex_data(ctx,
310 SSL_get_ex_data_X509_STORE_CTX_idx());
311 mydata = SSL_get_ex_data(ssl, mydata_index);
312
313 X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
314
315 /*
316 * Catch a too long certificate chain. The depth limit set using
317 * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
318 * that whenever the "depth>verify_depth" condition is met, we
319 * have violated the limit and want to log this error condition.
320 * We must do it here, because the CHAIN_TOO_LONG error would not
321 * be found explicitly; only errors introduced by cutting off the
322 * additional certificates would be logged.
323 */
324 if (depth > mydata->verify_depth) {
325 preverify_ok = 0;
326 err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
327 X509_STORE_CTX_set_error(ctx, err);
328 }
329 if (!preverify_ok) {
330 printf("verify error:num=%d:%s:depth=%d:%s\en", err,
331 X509_verify_cert_error_string(err), depth, buf);
332 } else if (mydata->verbose_mode) {
333 printf("depth=%d:%s\en", depth, buf);
334 }
335
336 /*
337 * At this point, err contains the last verification error.
338 * We can use it for something special
339 */
340 if (!preverify_ok && (err ==
341 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
342 X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
343 buf, 256);
344 printf("issuer= %s\en", buf);
345 }
346
347 if (mydata->always_continue)
348 return 1;
349 else
350 return preverify_ok;
351}
352\&...
353
354mydata_t mydata;
355
356\&...
357
358mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
359
360\&...
361
362SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
363 verify_callback);
364
365/*
366 * Let the verify_callback catch the verify_depth error so that we get
367 * an appropriate error in the logfile.
368 */
369SSL_CTX_set_verify_depth(verify_depth + 1);
370
371/*
372 * Set up the SSL specific data into "mydata" and store it into the SSL
373 * structure.
374 */
375mydata.verify_depth = verify_depth; ...
376SSL_set_ex_data(ssl, mydata_index, &mydata);
377
378\&...
379
380SSL_accept(ssl); /* check of success left out for clarity */
381if (peer = SSL_get_peer_certificate(ssl)) {
382 if (SSL_get_verify_result(ssl) == X509_V_OK) {
383 /* The client sent a certificate which verified OK */
384 }
385}
386.Ed
387.Sh SEE ALSO
388.Xr ssl 3 ,
389.Xr SSL_CTX_get_verify_mode 3 ,
390.Xr SSL_CTX_load_verify_locations 3 ,
391.Xr SSL_CTX_set_cert_verify_callback 3 ,
392.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
393.Xr SSL_get_ex_new_index 3 ,
394.Xr SSL_get_peer_certificate 3 ,
395.Xr SSL_get_verify_result 3 ,
396.Xr SSL_new 3
397.Sh BUGS
398In client mode, it is not checked whether the
399.Dv SSL_VERIFY_PEER
400flag is set, but whether
401.Dv SSL_VERIFY_NONE
402is not set.
403This can lead to unexpected behaviour, if the
404.Dv SSL_VERIFY_PEER
405and
406.Dv SSL_VERIFY_NONE
407are not used as required (exactly one must be set at any time).
408.Pp
409The certificate verification depth set with
410.Fn SSL[_CTX]_verify_depth
411stops the verification at a certain depth.
412The error message produced will be that of an incomplete certificate chain and
413not
414.Dv X509_V_ERR_CERT_CHAIN_TOO_LONG
415as may be expected.
diff --git a/src/lib/libssl/doc/SSL_CTX_use_certificate.3 b/src/lib/libssl/doc/SSL_CTX_use_certificate.3
deleted file mode 100644
index 6282c3b0d7..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_use_certificate.3
+++ /dev/null
@@ -1,336 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.3 2015/02/06 01:37:11 reyk Exp $
3.\"
4.Dd $Mdocdate: February 6 2015 $
5.Dt SSL_CTX_USE_CERTIFICATE 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_use_certificate ,
9.Nm SSL_CTX_use_certificate_ASN1 ,
10.Nm SSL_CTX_use_certificate_file ,
11.Nm SSL_use_certificate ,
12.Nm SSL_use_certificate_ASN1 ,
13.Nm SSL_use_certificate_file ,
14.Nm SSL_CTX_use_certificate_chain_file ,
15.Nm SSL_CTX_use_certificate_chain_mem ,
16.Nm SSL_CTX_use_PrivateKey ,
17.Nm SSL_CTX_use_PrivateKey_ASN1 ,
18.Nm SSL_CTX_use_PrivateKey_file ,
19.Nm SSL_CTX_use_RSAPrivateKey ,
20.Nm SSL_CTX_use_RSAPrivateKey_ASN1 ,
21.Nm SSL_CTX_use_RSAPrivateKey_file ,
22.Nm SSL_use_PrivateKey_file ,
23.Nm SSL_use_PrivateKey_ASN1 ,
24.Nm SSL_use_PrivateKey ,
25.Nm SSL_use_RSAPrivateKey ,
26.Nm SSL_use_RSAPrivateKey_ASN1 ,
27.Nm SSL_use_RSAPrivateKey_file ,
28.Nm SSL_CTX_check_private_key ,
29.Nm SSL_check_private_key
30.Nd load certificate and key data
31.Sh SYNOPSIS
32.In openssl/ssl.h
33.Ft int
34.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
35.Ft int
36.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
37.Ft int
38.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "const char *file" "int type"
39.Ft int
40.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
41.Ft int
42.Fn SSL_use_certificate_ASN1 "SSL *ssl" "unsigned char *d" "int len"
43.Ft int
44.Fn SSL_use_certificate_file "SSL *ssl" "const char *file" "int type"
45.Ft int
46.Fn SSL_CTX_use_certificate_chain_file "SSL_CTX *ctx" "const char *file"
47.Ft int
48.Fn SSL_CTX_use_certificate_chain_mem "SSL_CTX *ctx" "void *buf" "int len"
49.Ft int
50.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
51.Ft int
52.Fo SSL_CTX_use_PrivateKey_ASN1
53.Fa "int pk" "SSL_CTX *ctx" "unsigned char *d" "long len"
54.Fc
55.Ft int
56.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "const char *file" "int type"
57.Ft int
58.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
59.Ft int
60.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
61.Ft int
62.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "const char *file" "int type"
63.Ft int
64.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
65.Ft int
66.Fn SSL_use_PrivateKey_ASN1 "int pk" "SSL *ssl" "unsigned char *d" "long len"
67.Ft int
68.Fn SSL_use_PrivateKey_file "SSL *ssl" "const char *file" "int type"
69.Ft int
70.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
71.Ft int
72.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len"
73.Ft int
74.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "const char *file" "int type"
75.Ft int
76.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
77.Ft int
78.Fn SSL_check_private_key "const SSL *ssl"
79.Sh DESCRIPTION
80These functions load the certificates and private keys into the
81.Vt SSL_CTX
82or
83.Vt SSL
84object, respectively.
85.Pp
86The
87.Fn SSL_CTX_*
88class of functions loads the certificates and keys into the
89.Vt SSL_CTX
90object
91.Fa ctx .
92The information is passed to
93.Vt SSL
94objects
95.Fa ssl
96created from
97.Fa ctx
98with
99.Xr SSL_new 3
100by copying, so that changes applied to
101.Fa ctx
102do not propagate to already existing
103.Vt SSL
104objects.
105.Pp
106The
107.Fn SSL_*
108class of functions only loads certificates and keys into a specific
109.Vt SSL
110object.
111The specific information is kept when
112.Xr SSL_clear 3
113is called for this
114.Vt SSL
115object.
116.Pp
117.Fn SSL_CTX_use_certificate
118loads the certificate
119.Fa x
120into
121.Fa ctx ;
122.Fn SSL_use_certificate
123loads
124.Fa x
125into
126.Fa ssl .
127The rest of the certificates needed to form the complete certificate chain can
128be specified using the
129.Xr SSL_CTX_add_extra_chain_cert 3
130function.
131.Pp
132.Fn SSL_CTX_use_certificate_ASN1
133loads the ASN1 encoded certificate from the memory location
134.Fa d
135(with length
136.Fa len )
137into
138.Fa ctx ;
139.Fn SSL_use_certificate_ASN1
140loads the ASN1 encoded certificate into
141.Fa ssl .
142.Pp
143.Fn SSL_CTX_use_certificate_file
144loads the first certificate stored in
145.Fa file
146into
147.Fa ctx .
148The formatting
149.Fa type
150of the certificate must be specified from the known types
151.Dv SSL_FILETYPE_PEM
152and
153.Dv SSL_FILETYPE_ASN1 .
154.Fn SSL_use_certificate_file
155loads the certificate from
156.Fa file
157into
158.Fa ssl .
159See the
160.Sx NOTES
161section on why
162.Fn SSL_CTX_use_certificate_chain_file
163should be preferred.
164.Pp
165The
166.Fn SSL_CTX_use_certificate_chain*
167functions load a certificate chain into
168.Fa ctx .
169The certificates must be in PEM format and must be sorted starting with the
170subject's certificate (actual client or server certificate),
171followed by intermediate CA certificates if applicable,
172and ending at the highest level (root) CA.
173There is no corresponding function working on a single
174.Vt SSL
175object.
176.Pp
177.Fn SSL_CTX_use_PrivateKey
178adds
179.Fa pkey
180as private key to
181.Fa ctx .
182.Fn SSL_CTX_use_RSAPrivateKey
183adds the private key
184.Fa rsa
185of type RSA to
186.Fa ctx .
187.Fn SSL_use_PrivateKey
188adds
189.Fa pkey
190as private key to
191.Fa ssl ;
192.Fn SSL_use_RSAPrivateKey
193adds
194.Fa rsa
195as private key of type RSA to
196.Fa ssl .
197If a certificate has already been set and the private does not belong to the
198certificate, an error is returned.
199To change a certificate private key pair,
200the new certificate needs to be set with
201.Fn SSL_use_certificate
202or
203.Fn SSL_CTX_use_certificate
204before setting the private key with
205.Fn SSL_CTX_use_PrivateKey
206or
207.Fn SSL_use_PrivateKey .
208.Pp
209.Fn SSL_CTX_use_PrivateKey_ASN1
210adds the private key of type
211.Fa pk
212stored at memory location
213.Fa d
214(length
215.Fa len )
216to
217.Fa ctx .
218.Fn SSL_CTX_use_RSAPrivateKey_ASN1
219adds the private key of type RSA stored at memory location
220.Fa d
221(length
222.Fa len )
223to
224.Fa ctx .
225.Fn SSL_use_PrivateKey_ASN1
226and
227.Fn SSL_use_RSAPrivateKey_ASN1
228add the private key to
229.Fa ssl .
230.Pp
231.Fn SSL_CTX_use_PrivateKey_file
232adds the first private key found in
233.Fa file
234to
235.Fa ctx .
236The formatting
237.Fa type
238of the certificate must be specified from the known types
239.Dv SSL_FILETYPE_PEM
240and
241.Dv SSL_FILETYPE_ASN1 .
242.Fn SSL_CTX_use_RSAPrivateKey_file
243adds the first private RSA key found in
244.Fa file
245to
246.Fa ctx .
247.Fn SSL_use_PrivateKey_file
248adds the first private key found in
249.Fa file
250to
251.Fa ssl ;
252.Fn SSL_use_RSAPrivateKey_file
253adds the first private RSA key found to
254.Fa ssl .
255.Pp
256.Fn SSL_CTX_check_private_key
257checks the consistency of a private key with the corresponding certificate
258loaded into
259.Fa ctx .
260If more than one key/certificate pair (RSA/DSA) is installed,
261the last item installed will be checked.
262If, e.g., the last item was a RSA certificate or key,
263the RSA key/certificate pair will be checked.
264.Fn SSL_check_private_key
265performs the same check for
266.Fa ssl .
267If no key/certificate was explicitly added for this
268.Fa ssl ,
269the last item added into
270.Fa ctx
271will be checked.
272.Sh NOTES
273The internal certificate store of OpenSSL can hold two private key/certificate
274pairs at a time:
275one key/certificate of type RSA and one key/certificate of type DSA.
276The certificate used depends on the cipher select, see also
277.Xr SSL_CTX_set_cipher_list 3 .
278.Pp
279When reading certificates and private keys from file, files of type
280.Dv SSL_FILETYPE_ASN1
281(also known as
282.Em DER ,
283binary encoding) can only contain one certificate or private key; consequently,
284.Fn SSL_CTX_use_certificate_chain_file
285is only applicable to PEM formatting.
286Files of type
287.Dv SSL_FILETYPE_PEM
288can contain more than one item.
289.Pp
290.Fn SSL_CTX_use_certificate_chain_file
291adds the first certificate found in the file to the certificate store.
292The other certificates are added to the store of chain certificates using
293.Xr SSL_CTX_add_extra_chain_cert 3 .
294There exists only one extra chain store, so that the same chain is appended
295to both types of certificates, RSA and DSA!
296If it is not intended to use both type of certificate at the same time,
297it is recommended to use the
298.Fn SSL_CTX_use_certificate_chain_file
299instead of the
300.Fn SSL_CTX_use_certificate_file
301function in order to allow the use of complete certificate chains even when no
302trusted CA storage is used or when the CA issuing the certificate shall not be
303added to the trusted CA storage.
304.Pp
305If additional certificates are needed to complete the chain during the TLS
306negotiation, CA certificates are additionally looked up in the locations of
307trusted CA certificates (see
308.Xr SSL_CTX_load_verify_locations 3 ) .
309.Pp
310The private keys loaded from file can be encrypted.
311In order to successfully load encrypted keys,
312a function returning the passphrase must have been supplied (see
313.Xr SSL_CTX_set_default_passwd_cb 3 ) .
314(Certificate files might be encrypted as well from the technical point of view,
315it however does not make sense as the data in the certificate is considered
316public anyway.)
317.Sh RETURN VALUES
318On success, the functions return 1.
319Otherwise check out the error stack to find out the reason.
320.Sh SEE ALSO
321.Xr ssl 3 ,
322.Xr SSL_clear 3 ,
323.Xr SSL_CTX_add_extra_chain_cert 3 ,
324.Xr SSL_CTX_load_verify_locations 3 ,
325.Xr SSL_CTX_set_cipher_list 3 ,
326.Xr SSL_CTX_set_client_cert_cb 3 ,
327.Xr SSL_CTX_set_default_passwd_cb 3 ,
328.Xr SSL_new 3
329.Sh HISTORY
330Support for DER encoded private keys
331.Pq Dv SSL_FILETYPE_ASN1
332in
333.Fn SSL_CTX_use_PrivateKey_file
334and
335.Fn SSL_use_PrivateKey_file
336was added in 0.9.8.
diff --git a/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3 b/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3
deleted file mode 100644
index 00c92b51ab..0000000000
--- a/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3
+++ /dev/null
@@ -1,110 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_CTX_use_psk_identity_hint.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CTX_USE_PSK_IDENTITY_HINT 3
6.Os
7.Sh NAME
8.Nm SSL_CTX_use_psk_identity_hint ,
9.Nm SSL_use_psk_identity_hint ,
10.Nm SSL_CTX_set_psk_server_callback ,
11.Nm SSL_set_psk_server_callback
12.Nd set PSK identity hint to use
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft int
16.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
17.Ft int
18.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
19.Ft void
20.Fo SSL_CTX_set_psk_server_callback
21.Fa "SSL_CTX *ctx"
22.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
23.Fc
24.Ft void
25.Fo SSL_set_psk_server_callback
26.Fa "SSL *ssl"
27.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)"
28.Fc
29.Sh DESCRIPTION
30.Fn SSL_CTX_use_psk_identity_hint
31sets the given
32.Dv NULL Ns
33-terminated PSK identity hint
34.Fa hint
35to SSL context object
36.Fa ctx .
37.Fn SSL_use_psk_identity_hint
38sets the given
39.Dv NULL Ns
40-terminated
41PSK identity hint
42.Fa hint
43to SSL connection object
44.Fa ssl .
45If
46.Fa hint
47is
48.Dv NULL
49the current hint from
50.Fa ctx
51or
52.Fa ssl
53is deleted.
54.Pp
55In the case where PSK identity hint is
56.Dv NULL ,
57the server does not send the
58.Em ServerKeyExchange
59message to the client.
60.Pp
61A server application must provide a callback function which is called when the
62server receives the
63.Em ClientKeyExchange
64message from the client.
65The purpose of the callback function is to validate the received PSK identity
66and to fetch the pre-shared key used during the connection setup phase.
67The callback is set using functions
68.Fn SSL_CTX_set_psk_server_callback
69or
70.Fn SSL_set_psk_server_callback .
71The callback function is given the connection in parameter
72.Fa ssl ,
73.Dv NULL Ns
74-terminated PSK identity sent by the client in parameter
75.Fa identity ,
76and a buffer
77.Fa psk
78of length
79.Fa max_psk_len
80bytes where the pre-shared key is to be stored.
81.Sh RETURN VALUES
82.Fn SSL_CTX_use_psk_identity_hint
83and
84.Fn SSL_use_psk_identity_hint
85return 1 on success, 0 otherwise.
86.Pp
87Return values from the server callback are interpreted as follows:
88.Bl -tag -width Ds
89.It >0
90PSK identity was found and the server callback has provided the PSK
91successfully in parameter
92.Fa psk .
93Return value is the length of
94.Fa psk
95in bytes.
96It is an error to return a value greater than
97.Fa max_psk_len .
98.Pp
99If the PSK identity was not found but the callback instructs the protocol to
100continue anyway, the callback must provide some random data to
101.Fa psk
102and return the length of the random data, so the connection will fail with
103.Dq decryption_error
104before it will be finished completely.
105.It 0
106PSK identity was not found.
107An
108.Dq unknown_psk_identity
109alert message will be sent and the connection setup fails.
110.El
diff --git a/src/lib/libssl/doc/SSL_SESSION_free.3 b/src/lib/libssl/doc/SSL_SESSION_free.3
deleted file mode 100644
index ffd5ae2b29..0000000000
--- a/src/lib/libssl/doc/SSL_SESSION_free.3
+++ /dev/null
@@ -1,79 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_SESSION_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SESSION_FREE 3
6.Os
7.Sh NAME
8.Nm SSL_SESSION_free
9.Nd free an allocated SSL_SESSION structure
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_SESSION_free "SSL_SESSION *session"
14.Sh DESCRIPTION
15.Fn SSL_SESSION_free
16decrements the reference count of
17.Fa session
18and removes the
19.Vt SSL_SESSION
20structure pointed to by
21.Fa session
22and frees up the allocated memory, if the reference count has reached 0.
23.Sh NOTES
24.Vt SSL_SESSION
25objects are allocated when a TLS/SSL handshake operation is successfully
26completed.
27Depending on the settings, see
28.Xr SSL_CTX_set_session_cache_mode 3 ,
29the
30.Vt SSL_SESSION
31objects are internally referenced by the
32.Vt SSL_CTX
33and linked into its session cache.
34.Vt SSL
35objects may be using the
36.Vt SSL_SESSION
37object; as a session may be reused, several
38.Vt SSL
39objects may be using one
40.Vt SSL_SESSION
41object at the same time.
42It is therefore crucial to keep the reference count (usage information) correct
43and not delete a
44.Vt SSL_SESSION
45object that is still used, as this may lead to program failures due to dangling
46pointers.
47These failures may also appear delayed, e.g., when an
48.Vt SSL_SESSION
49object is completely freed as the reference count incorrectly becomes 0, but it
50is still referenced in the internal session cache and the cache list is
51processed during a
52.Xr SSL_CTX_flush_sessions 3
53operation.
54.Pp
55.Fn SSL_SESSION_free
56must only be called for
57.Vt SSL_SESSION
58objects, for which the reference count was explicitly incremented (e.g., by
59calling
60.Xr SSL_get1_session 3 ;
61see
62.Xr SSL_get_session 3 )
63or when the
64.Vt SSL_SESSION
65object was generated outside a TLS handshake operation, e.g., by using
66.Xr d2i_SSL_SESSION 3 .
67It must not be called on other
68.Vt SSL_SESSION
69objects, as this would cause incorrect reference counts and therefore program
70failures.
71.Sh RETURN VALUES
72.Fn SSL_SESSION_free
73does not provide diagnostic information.
74.Sh SEE ALSO
75.Xr d2i_SSL_SESSION 3 ,
76.Xr ssl 3 ,
77.Xr SSL_CTX_flush_sessions 3 ,
78.Xr SSL_CTX_set_session_cache_mode 3 ,
79.Xr SSL_get_session 3
diff --git a/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3
deleted file mode 100644
index a31f519506..0000000000
--- a/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3
+++ /dev/null
@@ -1,80 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_SESSION_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SESSION_GET_EX_NEW_INDEX 3
6.Os
7.Sh NAME
8.Nm SSL_SESSION_get_ex_new_index ,
9.Nm SSL_SESSION_set_ex_data ,
10.Nm SSL_SESSION_get_ex_data
11.Nd internal application specific data functions
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fo SSL_SESSION_get_ex_new_index
16.Fa "long argl"
17.Fa "void *argp"
18.Fa "CRYPTO_EX_new *new_func"
19.Fa "CRYPTO_EX_dup *dup_func"
20.Fa "CRYPTO_EX_free *free_func"
21.Fc
22.Ft int
23.Fn SSL_SESSION_set_ex_data "SSL_SESSION *session" "int idx" "void *arg"
24.Ft void *
25.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *session" "int idx"
26.Bd -literal
27 typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
28 int idx, long argl, void *argp);
29 typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
30 int idx, long argl, void *argp);
31 typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
32 int idx, long argl, void *argp);
33.Ed
34.Sh DESCRIPTION
35Several OpenSSL structures can have application specific data attached to them.
36These functions are used internally by OpenSSL to manipulate
37application-specific data attached to a specific structure.
38.Pp
39.Fn SSL_SESSION_get_ex_new_index
40is used to register a new index for application-specific data.
41.Pp
42.Fn SSL_SESSION_set_ex_data
43is used to store application data at
44.Fa arg
45for
46.Fa idx
47into the
48.Fa session
49object.
50.Pp
51.Fn SSL_SESSION_get_ex_data
52is used to retrieve the information for
53.Fa idx
54from
55.Fa session .
56.Pp
57A detailed description for the
58.Fn *_get_ex_new_index
59functionality
60can be found in
61.Xr RSA_get_ex_new_index 3 .
62The
63.Fn *_get_ex_data
64and
65.Fn *_set_ex_data
66functionality is described in
67.Xr CRYPTO_set_ex_data 3 .
68.Sh WARNINGS
69The application data is only maintained for sessions held in memory.
70The application data is not included when dumping the session with
71.Xr i2d_SSL_SESSION 3
72(and all functions indirectly calling the dump functions like
73.Xr PEM_write_SSL_SESSION 3
74and
75.Xr PEM_write_bio_SSL_SESSION 3 )
76and can therefore not be restored.
77.Sh SEE ALSO
78.Xr CRYPTO_set_ex_data 3 ,
79.Xr RSA_get_ex_new_index 3 ,
80.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_SESSION_get_time.3 b/src/lib/libssl/doc/SSL_SESSION_get_time.3
deleted file mode 100644
index 5eb7e5a162..0000000000
--- a/src/lib/libssl/doc/SSL_SESSION_get_time.3
+++ /dev/null
@@ -1,94 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_SESSION_get_time.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SESSION_GET_TIME 3
6.Os
7.Sh NAME
8.Nm SSL_SESSION_get_time ,
9.Nm SSL_SESSION_set_time ,
10.Nm SSL_SESSION_get_timeout ,
11.Nm SSL_SESSION_set_timeout
12.Nd retrieve and manipulate session time and timeout settings
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft long
16.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
17.Ft long
18.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long tm"
19.Ft long
20.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
21.Ft long
22.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long tm"
23.Ft long
24.Fn SSL_get_time "const SSL_SESSION *s"
25.Ft long
26.Fn SSL_set_time "SSL_SESSION *s" "long tm"
27.Ft long
28.Fn SSL_get_timeout "const SSL_SESSION *s"
29.Ft long
30.Fn SSL_set_timeout "SSL_SESSION *s" "long tm"
31.Sh DESCRIPTION
32.Fn SSL_SESSION_get_time
33returns the time at which the session
34.Fa s
35was established.
36The time is given in seconds since the Epoch and therefore compatible to the
37time delivered by the
38.Xr time 3
39call.
40.Pp
41.Fn SSL_SESSION_set_time
42replaces the creation time of the session
43.Fa s
44with
45the chosen value
46.Fa tm .
47.Pp
48.Fn SSL_SESSION_get_timeout
49returns the timeout value set for session
50.Fa s
51in seconds.
52.Pp
53.Fn SSL_SESSION_set_timeout
54sets the timeout value for session
55.Fa s
56in seconds to
57.Fa tm .
58.Pp
59The
60.Fn SSL_get_time ,
61.Fn SSL_set_time ,
62.Fn SSL_get_timeout ,
63and
64.Fn SSL_set_timeout
65functions are synonyms for the
66.Fn SSL_SESSION_*
67counterparts.
68.Sh NOTES
69Sessions are expired by examining the creation time and the timeout value.
70Both are set at creation time of the session to the actual time and the default
71timeout value at creation, respectively, as set by
72.Xr SSL_CTX_set_timeout 3 .
73Using these functions it is possible to extend or shorten the lifetime of the
74session.
75.Sh RETURN VALUES
76.Fn SSL_SESSION_get_time
77and
78.Fn SSL_SESSION_get_timeout
79return the currently valid values.
80.Pp
81.Fn SSL_SESSION_set_time
82and
83.Fn SSL_SESSION_set_timeout
84return 1 on success.
85.Pp
86If any of the function is passed the
87.Dv NULL
88pointer for the session
89.Fa s ,
900 is returned.
91.Sh SEE ALSO
92.Xr ssl 3 ,
93.Xr SSL_CTX_set_timeout 3 ,
94.Xr SSL_get_default_timeout 3
diff --git a/src/lib/libssl/doc/SSL_accept.3 b/src/lib/libssl/doc/SSL_accept.3
deleted file mode 100644
index 8c7409d04f..0000000000
--- a/src/lib/libssl/doc/SSL_accept.3
+++ /dev/null
@@ -1,103 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_accept.3,v 1.3 2015/06/18 22:51:05 doug Exp $
3.\"
4.Dd $Mdocdate: June 18 2015 $
5.Dt SSL_ACCEPT 3
6.Os
7.Sh NAME
8.Nm SSL_accept
9.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_accept "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_accept
16waits for a TLS/SSL client to initiate the TLS/SSL handshake.
17The communication channel must already have been set and assigned to the
18.Fa ssl
19object by setting an underlying
20.Vt BIO .
21.Sh NOTES
22The behaviour of
23.Fn SSL_accept
24depends on the underlying
25.Vt BIO .
26.Pp
27If the underlying
28.Vt BIO
29is
30.Em blocking ,
31.Fn SSL_accept
32will only return once the handshake has been finished or an error occurred.
33.Pp
34If the underlying
35.Vt BIO
36is
37.Em non-blocking ,
38.Fn SSL_accept
39will also return when the underlying
40.Vt BIO
41could not satisfy the needs of
42.Fn SSL_accept
43to continue the handshake, indicating the problem by the return value \(mi1.
44In this case a call to
45.Xr SSL_get_error 3
46with the
47return value of
48.Fn SSL_accept
49will yield
50.Dv SSL_ERROR_WANT_READ
51or
52.Dv SSL_ERROR_WANT_WRITE .
53The calling process then must repeat the call after taking appropriate action
54to satisfy the needs of
55.Fn SSL_accept .
56The action depends on the underlying
57.Dv BIO .
58When using a non-blocking socket, nothing is to be done, but
59.Xr select 2
60can be used to check for the required condition.
61When using a buffering
62.Vt BIO ,
63like a
64.Vt BIO
65pair, data must be written into or retrieved out of the
66.Vt BIO
67before being able to continue.
68.Sh RETURN VALUES
69The following return values can occur:
70.Bl -tag -width Ds
71.It 0
72The TLS/SSL handshake was not successful but was shut down controlled and by
73the specifications of the TLS/SSL protocol.
74Call
75.Xr SSL_get_error 3
76with the return value
77.Fa ret
78to find out the reason.
79.It 1
80The TLS/SSL handshake was successfully completed,
81and a TLS/SSL connection has been established.
82.It <0
83The TLS/SSL handshake was not successful because a fatal error occurred either
84at the protocol level or a connection failure occurred.
85The shutdown was not clean.
86It can also occur of action is need to continue the operation for non-blocking
87.Vt BIO Ns
88s.
89Call
90.Xr SSL_get_error 3
91with the return value
92.Fa ret
93to find out the reason.
94.El
95.Sh SEE ALSO
96.Xr bio 3 ,
97.Xr ssl 3 ,
98.Xr SSL_connect 3 ,
99.Xr SSL_CTX_new 3 ,
100.Xr SSL_do_handshake 3 ,
101.Xr SSL_get_error 3 ,
102.Xr SSL_set_connect_state 3 ,
103.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_alert_type_string.3 b/src/lib/libssl/doc/SSL_alert_type_string.3
deleted file mode 100644
index 93b67fbd1d..0000000000
--- a/src/lib/libssl/doc/SSL_alert_type_string.3
+++ /dev/null
@@ -1,193 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_alert_type_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_ALERT_TYPE_STRING.POD 3
6.Os
7.Sh NAME
8.Nm SSL_alert_type_string ,
9.Nm SSL_alert_type_string_long ,
10.Nm SSL_alert_desc_string ,
11.Nm SSL_alert_desc_string_long
12.Nd get textual description of alert information
13.Sh SYNOPSIS
14.In openssl/ssl.h
15.Ft const char * Ns
16.Fn SSL_alert_type_string "int value"
17.Ft const char * Ns
18.Fn SSL_alert_type_string_long "int value"
19.Ft const char * Ns
20.Fn SSL_alert_desc_string "int value"
21.Ft const char * Ns
22.Fn SSL_alert_desc_string_long "int value"
23.Sh DESCRIPTION
24.Fn SSL_alert_type_string
25returns a one letter string indicating the type of the alert specified by
26.Fa value .
27.Pp
28.Fn SSL_alert_type_string_long
29returns a string indicating the type of the alert specified by
30.Fa value .
31.Pp
32.Fn SSL_alert_desc_string
33returns a two letter string as a short form describing the reason of the alert
34specified by
35.Fa value .
36.Pp
37.Fn SSL_alert_desc_string_long
38returns a string describing the reason of the alert specified by
39.Fa value .
40.Sh NOTES
41When one side of an SSL/TLS communication wants to inform the peer about
42a special situation, it sends an alert.
43The alert is sent as a special message and does not influence the normal data
44stream (unless its contents results in the communication being canceled).
45.Pp
46A warning alert is sent, when a non-fatal error condition occurs.
47The
48.Dq close notify
49alert is sent as a warning alert.
50Other examples for non-fatal errors are certificate errors
51.Po
52.Dq certificate expired ,
53.Dq unsupported certificate
54.Pc ,
55for which a warning alert may be sent.
56(The sending party may, however, decide to send a fatal error.)
57The receiving side may cancel the connection on reception of a warning alert at
58its discretion.
59.Pp
60Several alert messages must be sent as fatal alert messages as specified
61by the TLS RFC.
62A fatal alert always leads to a connection abort.
63.Sh RETURN VALUES
64The following strings can occur for
65.Fn SSL_alert_type_string
66or
67.Fn SSL_alert_type_string_long :
68.Bl -tag -width Ds
69.It \(dqW\(dq/\(dqwarning\(dq
70.It \(dqF\(dq/\(dqfatal\(dq
71.It \(dqU\(dq/\(dqunknown\(dq
72This indicates that no support is available for this alert type.
73Probably
74.Fa value
75does not contain a correct alert message.
76.El
77.Pp
78The following strings can occur for
79.Fn SSL_alert_desc_string
80or
81.Fn SSL_alert_desc_string_long :
82.Bl -tag -width Ds
83.It \(dqCN\(dq/\(dqclose notify\(dq
84The connection shall be closed.
85This is a warning alert.
86.It \(dqUM\(dq/\(dqunexpected message\(dq
87An inappropriate message was received.
88This alert is always fatal and should never be observed in communication
89between proper implementations.
90.It \(dqBM\(dq/\(dqbad record mac\(dq
91This alert is returned if a record is received with an incorrect MAC.
92This message is always fatal.
93.It \(dqDF\(dq/\(dqdecompression failure\(dq
94The decompression function received improper input
95(e.g., data that would expand to excessive length).
96This message is always fatal.
97.It \(dqHF\(dq/\(dqhandshake failure\(dq
98Reception of a handshake_failure alert message indicates that the sender was
99unable to negotiate an acceptable set of security parameters given the options
100available.
101This is a fatal error.
102.It \(dqNC\(dq/\(dqno certificate\(dq
103A client, that was asked to send a certificate, does not send a certificate
104(SSLv3 only).
105.It \(dqBC\(dq/\(dqbad certificate\(dq
106A certificate was corrupt, contained signatures that did not verify correctly,
107etc.
108.It \(dqUC\(dq/\(dqunsupported certificate\(dq
109A certificate was of an unsupported type.
110.It \(dqCR\(dq/\(dqcertificate revoked\(dq
111A certificate was revoked by its signer.
112.It \(dqCE\(dq/\(dqcertificate expired\(dq
113A certificate has expired or is not currently valid.
114.It \(dqCU\(dq/\(dqcertificate unknown\(dq
115Some other (unspecified) issue arose in processing the certificate,
116rendering it unacceptable.
117.It \(dqIP\(dq/\(dqillegal parameter\(dq
118A field in the handshake was out of range or inconsistent with other fields.
119This is always fatal.
120.It \(dqDC\(dq/\(dqdecryption failed\(dq
121A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple
122of the block length or its padding values, when checked, weren't correct.
123This message is always fatal.
124.It \(dqRO\(dq/\(dqrecord overflow\(dq
125A TLSCiphertext record was received which had a length more than
1262^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than
1272^14+1024 bytes.
128This message is always fatal.
129.It \(dqCA\(dq/\(dqunknown CA\(dq
130A valid certificate chain or partial chain was received,
131but the certificate was not accepted because the CA certificate could not be
132located or couldn't be matched with a known, trusted CA.
133This message is always fatal.
134.It \(dqAD\(dq/\(dqaccess denied\(dq
135A valid certificate was received, but when access control was applied,
136the sender decided not to proceed with negotiation.
137This message is always fatal.
138.It \(dqDE\(dq/\(dqdecode error\(dq
139A message could not be decoded because some field was out of the specified
140range or the length of the message was incorrect.
141This message is always fatal.
142.It \(dqCY\(dq/\(dqdecrypt error\(dq
143A handshake cryptographic operation failed, including being unable to correctly
144verify a signature, decrypt a key exchange, or validate a finished message.
145.It \(dqER\(dq/\(dqexport restriction\(dq
146A negotiation not in compliance with export restrictions was detected;
147for example, attempting to transfer a 1024 bit ephemeral RSA key for the
148RSA_EXPORT handshake method.
149This message is always fatal.
150.It \(dqPV\(dq/\(dqprotocol version\(dq
151The protocol version the client has attempted to negotiate is recognized,
152but not supported.
153(For example, old protocol versions might be avoided for security reasons.)
154This message is always fatal.
155.It \(dqIS\(dq/\(dqinsufficient security\(dq
156Returned instead of handshake_failure when a negotiation has failed
157specifically because the server requires ciphers more secure than those
158supported by the client.
159This message is always fatal.
160.It \(dqIE\(dq/\(dqinternal error\(dq
161An internal error unrelated to the peer or the correctness of the protocol
162makes it impossible to continue (such as a memory allocation failure).
163This message is always fatal.
164.It \(dqUS\(dq/\(dquser canceled\(dq
165This handshake is being canceled for some reason unrelated to a protocol
166failure.
167If the user cancels an operation after the handshake is complete,
168just closing the connection by sending a close_notify is more appropriate.
169This alert should be followed by a close_notify.
170This message is generally a warning.
171.It \(dqNR\(dq/\(dqno renegotiation\(dq
172Sent by the client in response to a hello request or by the server in response
173to a client hello after initial handshaking.
174Either of these would normally lead to renegotiation; when that is not
175appropriate, the recipient should respond with this alert; at that point,
176the original requester can decide whether to proceed with the connection.
177One case where this would be appropriate would be where a server has spawned a
178process to satisfy a request; the process might receive security parameters
179(key length, authentication, etc.) at startup and it might be difficult to
180communicate changes to these parameters after that point.
181This message is always a warning.
182.It \(dqUP\(dq/\(dqunknown PSK identity\(dq
183Sent by the server to indicate that it does not recognize a PSK identity or an
184SRP identity.
185.It \(dqUK\(dq/\(dqunknown\(dq
186This indicates that no description is available for this alert type.
187Probably
188.Fa value
189does not contain a correct alert message.
190.El
191.Sh SEE ALSO
192.Xr ssl 3 ,
193.Xr SSL_CTX_set_info_callback 3
diff --git a/src/lib/libssl/doc/SSL_clear.3 b/src/lib/libssl/doc/SSL_clear.3
deleted file mode 100644
index 8d49a840ca..0000000000
--- a/src/lib/libssl/doc/SSL_clear.3
+++ /dev/null
@@ -1,92 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_clear.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_CLEAR 3
6.Os
7.Sh NAME
8.Nm SSL_clear
9.Nd reset SSL object to allow another connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_clear "SSL *ssl"
14.Sh DESCRIPTION
15Reset
16.Fa ssl
17to allow another connection.
18All settings (method, ciphers, BIOs) are kept.
19.Sh NOTES
20.Fn SSL_clear
21is used to prepare an
22.Vt SSL
23object for a new connection.
24While all settings are kept,
25a side effect is the handling of the current SSL session.
26If a session is still
27.Em open ,
28it is considered bad and will be removed from the session cache,
29as required by RFC2246.
30A session is considered open if
31.Xr SSL_shutdown 3
32was not called for the connection or at least
33.Xr SSL_set_shutdown 3
34was used to
35set the
36.Dv SSL_SENT_SHUTDOWN
37state.
38.Pp
39If a session was closed cleanly,
40the session object will be kept and all settings corresponding.
41This explicitly means that for example the special method used during the
42session will be kept for the next handshake.
43So if the session was a TLSv1 session, a
44.Vt SSL
45client object will use a TLSv1 client method for the next handshake and a
46.Vt SSL
47server object will use a TLSv1 server method, even if
48.Fn SSLv23_*_method Ns s
49were chosen on startup.
50This might lead to connection failures (see
51.Xr SSL_new 3 )
52for a description of the method's properties.
53.Sh WARNINGS
54.Fn SSL_clear
55resets the
56.Vt SSL
57object to allow for another connection.
58The reset operation however keeps several settings of the last sessions
59(some of these settings were made automatically during the last handshake).
60It only makes sense for a new connection with the exact same peer that shares
61these settings,
62and may fail if that peer changes its settings between connections.
63Use the sequence
64.Xr SSL_get_session 3 ;
65.Xr SSL_new 3 ;
66.Xr SSL_set_session 3 ;
67.Xr SSL_free 3
68instead to avoid such failures (or simply
69.Xr SSL_free 3 ;
70.Xr SSL_new 3
71if session reuse is not desired).
72.Sh RETURN VALUES
73The following return values can occur:
74.Bl -tag -width Ds
75.It 0
76The
77.Fn SSL_clear
78operation could not be performed.
79Check the error stack to find out the reason.
80.It 1
81The
82.Fn SSL_clear
83operation was successful.
84.El
85.Sh SEE ALSO
86.Xr ssl 3 ,
87.Xr SSL_CTX_set_client_cert_cb 3 ,
88.Xr SSL_CTX_set_options 3 ,
89.Xr SSL_free 3 ,
90.Xr SSL_new 3 ,
91.Xr SSL_set_shutdown 3 ,
92.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_connect.3 b/src/lib/libssl/doc/SSL_connect.3
deleted file mode 100644
index 105e0ed923..0000000000
--- a/src/lib/libssl/doc/SSL_connect.3
+++ /dev/null
@@ -1,102 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_connect.3,v 1.3 2015/07/24 15:25:08 jmc Exp $
3.\"
4.Dd $Mdocdate: July 24 2015 $
5.Dt SSL_CONNECT 3
6.Os
7.Sh NAME
8.Nm SSL_connect
9.Nd initiate the TLS/SSL handshake with a TLS/SSL server
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_connect "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_connect
16initiates the TLS/SSL handshake with a server.
17The communication channel must already have been set and assigned to the
18.Fa ssl
19by setting an underlying
20.Vt BIO .
21.Sh NOTES
22The behaviour of
23.Fn SSL_connect
24depends on the underlying
25.Vt BIO .
26.Pp
27If the underlying
28.Vt BIO
29is
30.Em blocking ,
31.Fn SSL_connect
32will only return once the handshake has been finished or an error occurred.
33.Pp
34If the underlying
35.Vt BIO
36is
37.Em non-blocking ,
38.Fn SSL_connect
39will also return when the underlying
40.Vt BIO
41could not satisfy the needs of
42.Fn SSL_connect
43to continue the handshake, indicating the problem with the return value \(mi1.
44In this case a call to
45.Xr SSL_get_error 3
46with the return value of
47.Fn SSL_connect
48will yield
49.Dv SSL_ERROR_WANT_READ
50or
51.Dv SSL_ERROR_WANT_WRITE .
52The calling process then must repeat the call after taking appropriate action
53to satisfy the needs of
54.Fn SSL_connect .
55The action depends on the underlying
56.Vt BIO .
57When using a non-blocking socket, nothing is to be done, but
58.Xr select 2
59can be used to check for the required condition.
60When using a buffering
61.Vt BIO ,
62like a
63.Vt BIO
64pair, data must be written into or retrieved out of the
65.Vt BIO
66before being able to continue.
67.Sh RETURN VALUES
68The following return values can occur:
69.Bl -tag -width Ds
70.It 0
71The TLS/SSL handshake was not successful but was shut down controlled and
72by the specifications of the TLS/SSL protocol.
73Call
74.Xr SSL_get_error 3
75with the return value
76.Fa ret
77to find out the reason.
78.It 1
79The TLS/SSL handshake was successfully completed,
80and a TLS/SSL connection has been established.
81.It <0
82The TLS/SSL handshake was not successful, because either a fatal error occurred
83at the protocol level or a connection failure occurred.
84The shutdown was not clean.
85It can also occur if action is needed to continue the operation for
86non-blocking
87.Vt BIO Ns s.
88Call
89.Xr SSL_get_error 3
90with the return value
91.Fa ret
92to find out the reason.
93.El
94.Sh SEE ALSO
95.Xr bio 3 ,
96.Xr ssl 3 ,
97.Xr SSL_accept 3 ,
98.Xr SSL_CTX_new 3 ,
99.Xr SSL_do_handshake 3 ,
100.Xr SSL_get_error 3 ,
101.Xr SSL_set_connect_state 3 ,
102.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_do_handshake.3 b/src/lib/libssl/doc/SSL_do_handshake.3
deleted file mode 100644
index 78a37b08c9..0000000000
--- a/src/lib/libssl/doc/SSL_do_handshake.3
+++ /dev/null
@@ -1,101 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_do_handshake.3,v 1.3 2015/06/18 22:51:05 doug Exp $
3.\"
4.Dd $Mdocdate: June 18 2015 $
5.Dt SSL_DO_HANDSHAKE 3
6.Os
7.Sh NAME
8.Nm SSL_do_handshake
9.Nd perform a TLS/SSL handshake
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_do_handshake "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_do_handshake
16will wait for a SSL/TLS handshake to take place.
17If the connection is in client mode, the handshake will be started.
18The handshake routines may have to be explicitly set in advance using either
19.Xr SSL_set_connect_state 3
20or
21.Xr SSL_set_accept_state 3 .
22.Sh NOTES
23The behaviour of
24.Fn SSL_do_handshake
25depends on the underlying
26.Vt BIO .
27.Pp
28If the underlying
29.Vt BIO
30is
31.Em blocking ,
32.Fn SSL_do_handshake
33will only return once the handshake has been finished or an error occurred.
34.Pp
35If the underlying
36.Vt BIO
37is
38.Em non-blocking ,
39.Fn SSL_do_handshake
40will also return when the underlying
41.Vt BIO
42could not satisfy the needs of
43.Fn SSL_do_handshake
44to continue the handshake.
45In this case a call to
46.Xr SSL_get_error 3
47with the return value of
48.Fn SSL_do_handshake
49will yield
50.Dv SSL_ERROR_WANT_READ
51or
52.Dv SSL_ERROR_WANT_WRITE .
53The calling process then must repeat the call after taking appropriate action
54to satisfy the needs of
55.Fn SSL_do_handshake .
56The action depends on the underlying
57.Vt BIO .
58When using a non-blocking socket, nothing is to be done, but
59.Xr select 2
60can be used to check for the required condition.
61When using a buffering
62.Vt BIO ,
63like a
64.Vt BIO
65pair, data must be written into or retrieved out of the
66.Vt BIO
67before being able to continue.
68.Sh RETURN VALUES
69The following return values can occur:
70.Bl -tag -width Ds
71.It 0
72The TLS/SSL handshake was not successful but was shut down controlled and
73by the specifications of the TLS/SSL protocol.
74Call
75.Xr SSL_get_error 3
76with the return value
77.Fa ret
78to find out the reason.
79.It 1
80The TLS/SSL handshake was successfully completed,
81and a TLS/SSL connection has been established.
82.It <0
83The TLS/SSL handshake was not successful because either a fatal error occurred
84at the protocol level or a connection failure occurred.
85The shutdown was not clean.
86It can also occur if action is needed to continue the operation for
87non-blocking
88.Vt BIO Ns s.
89Call
90.Xr SSL_get_error 3
91with the return value
92.Fa ret
93to find out the reason.
94.El
95.Sh SEE ALSO
96.Xr bio 3 ,
97.Xr ssl 3 ,
98.Xr SSL_accept 3 ,
99.Xr SSL_connect 3 ,
100.Xr SSL_get_error 3 ,
101.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/SSL_free.3 b/src/lib/libssl/doc/SSL_free.3
deleted file mode 100644
index c0078d817a..0000000000
--- a/src/lib/libssl/doc/SSL_free.3
+++ /dev/null
@@ -1,62 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_FREE 3
6.Os
7.Sh NAME
8.Nm SSL_free
9.Nd free an allocated SSL structure
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_free "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_free
16decrements the reference count of
17.Fa ssl ,
18and removes the
19.Vt SSL
20structure pointed to by
21.Fa ssl
22and frees up the allocated memory if the reference count has reached 0.
23.Sh NOTES
24.Fn SSL_free
25also calls the
26.Xr free 3 Ns
27ing procedures for indirectly affected items, if applicable: the buffering
28.Vt BIO ,
29the read and write
30.Vt BIOs ,
31cipher lists specially created for this
32.Fa ssl ,
33the
34.Sy SSL_SESSION .
35Do not explicitly free these indirectly freed up items before or after calling
36.Fn SSL_free ,
37as trying to free things twice may lead to program failure.
38.Pp
39The
40.Fa ssl
41session has reference counts from two users: the
42.Vt SSL
43object, for which the reference count is removed by
44.Fn SSL_free
45and the internal session cache.
46If the session is considered bad, because
47.Xr SSL_shutdown 3
48was not called for the connection and
49.Xr SSL_set_shutdown 3
50was not used to set the
51.Vt SSL_SENT_SHUTDOWN
52state, the session will also be removed from the session cache as required by
53RFC2246.
54.Sh RETURN VALUES
55.Fn SSL_free
56does not provide diagnostic information.
57.Sh SEE ALSO
58.Xr ssl 3 ,
59.Xr SSL_clear 3 ,
60.Xr SSL_new 3 ,
61.Xr SSL_set_shutdown 3 ,
62.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_get_SSL_CTX.3 b/src/lib/libssl/doc/SSL_get_SSL_CTX.3
deleted file mode 100644
index 7ba5b0cb81..0000000000
--- a/src/lib/libssl/doc/SSL_get_SSL_CTX.3
+++ /dev/null
@@ -1,28 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_SSL_CTX.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_SSL_CTX 3
6.Os
7.Sh NAME
8.Nm SSL_get_SSL_CTX
9.Nd get the SSL_CTX from which an SSL is created
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft SSL_CTX *
13.Fn SSL_get_SSL_CTX "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_SSL_CTX
16returns a pointer to the
17.Vt SSL_CTX
18object from which
19.Fa ssl
20was created with
21.Xr SSL_new 3 .
22.Sh RETURN VALUES
23The pointer to the
24.Vt SSL_CTX
25object is returned.
26.Sh SEE ALSO
27.Xr ssl 3 ,
28.Xr SSL_new 3
diff --git a/src/lib/libssl/doc/SSL_get_ciphers.3 b/src/lib/libssl/doc/SSL_get_ciphers.3
deleted file mode 100644
index 89abc172b4..0000000000
--- a/src/lib/libssl/doc/SSL_get_ciphers.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_ciphers.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_CIPHERS 3
6.Os
7.Sh NAME
8.Nm SSL_get_ciphers ,
9.Nm SSL_get_cipher_list
10.Nd get list of available SSL_CIPHERs
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft STACK_OF(SSL_CIPHER) *
14.Fn SSL_get_ciphers "const SSL *ssl"
15.Ft const char *
16.Fn SSL_get_cipher_list "const SSL *ssl" "int priority"
17.Sh DESCRIPTION
18.Fn SSL_get_ciphers
19returns the stack of available
20.Vt SSL_CIPHER Ns s
21for
22.Fa ssl ,
23sorted by preference.
24If
25.Fa ssl
26is
27.Dv NULL
28or no ciphers are available,
29.Dv NULL
30is returned.
31.Pp
32.Fn SSL_get_cipher_list
33returns a pointer to the name of the
34.Vt SSL_CIPHER
35listed for
36.Fa ssl
37with
38.Fa priority .
39If
40.Fa ssl
41is
42.Dv NULL ,
43no ciphers are available, or there are fewer ciphers than
44.Fa priority
45available,
46.Dv NULL
47is returned.
48.Sh NOTES
49The details of the ciphers obtained by
50.Fn SSL_get_ciphers
51can be obtained using the
52.Xr SSL_CIPHER_get_name 3
53family of functions.
54.Pp
55Call
56.Fn SSL_get_cipher_list
57with
58.Fa priority
59starting from 0 to obtain the sorted list of available ciphers, until
60.Dv NULL
61is returned.
62.Sh RETURN VALUES
63See
64.Sx DESCRIPTION .
65.Sh SEE ALSO
66.Xr ssl 3 ,
67.Xr SSL_CIPHER_get_name 3 ,
68.Xr SSL_CTX_set_cipher_list 3
diff --git a/src/lib/libssl/doc/SSL_get_client_CA_list.3 b/src/lib/libssl/doc/SSL_get_client_CA_list.3
deleted file mode 100644
index 7aa5a90c9a..0000000000
--- a/src/lib/libssl/doc/SSL_get_client_CA_list.3
+++ /dev/null
@@ -1,61 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_client_CA_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_CLIENT_CA_LIST 3
6.Os
7.Sh NAME
8.Nm SSL_get_client_CA_list ,
9.Nm SSL_CTX_get_client_CA_list
10.Nd get list of client CAs
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft STACK_OF(X509_NAME) *
14.Fn SSL_get_client_CA_list "const SSL *s"
15.Ft STACK_OF(X509_NAME) *
16.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
17.Sh DESCRIPTION
18.Fn SSL_CTX_get_client_CA_list
19returns the list of client CAs explicitly set for
20.Fa ctx
21using
22.Xr SSL_CTX_set_client_CA_list 3 .
23.Pp
24.Fn SSL_get_client_CA_list
25returns the list of client CAs explicitly set for
26.Fa ssl
27using
28.Fn SSL_set_client_CA_list
29or
30.Fa ssl Ns 's
31.Vt SSL_CTX
32object with
33.Xr SSL_CTX_set_client_CA_list 3 ,
34when in server mode.
35In client mode,
36.Fn SSL_get_client_CA_list
37returns the list of client CAs sent from the server, if any.
38.Sh RETURN VALUES
39.Fn SSL_CTX_set_client_CA_list
40and
41.Fn SSL_set_client_CA_list
42do not return diagnostic information.
43.Pp
44.Fn SSL_CTX_add_client_CA
45and
46.Fn SSL_add_client_CA
47have the following return values:
48.Bl -tag -width Ds
49.It Dv STACK_OF Ns Po Vt X509_NAMES Pc
50List of CA names explicitly set (for
51.Fa ctx
52or in server mode) or sent by the server (client mode).
53.It Dv NULL
54No client CA list was explicitly set (for
55.Fa ctx
56or in server mode) or the server did not send a list of CAs (client mode).
57.El
58.Sh SEE ALSO
59.Xr ssl 3 ,
60.Xr SSL_CTX_set_client_CA_list 3 ,
61.Xr SSL_CTX_set_client_cert_cb 3
diff --git a/src/lib/libssl/doc/SSL_get_current_cipher.3 b/src/lib/libssl/doc/SSL_get_current_cipher.3
deleted file mode 100644
index d7140571b0..0000000000
--- a/src/lib/libssl/doc/SSL_get_current_cipher.3
+++ /dev/null
@@ -1,52 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_current_cipher.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_CURRENT_CIPHER 3
6.Os
7.Sh NAME
8.Nm SSL_get_current_cipher ,
9.Nm SSL_get_cipher ,
10.Nm SSL_get_cipher_name ,
11.Nm SSL_get_cipher_bits ,
12.Nm SSL_get_cipher_version
13.Nd get SSL_CIPHER of a connection
14.Sh SYNOPSIS
15.In openssl/ssl.h
16.Ft SSL_CIPHER *
17.Fn SSL_get_current_cipher "const SSL *ssl"
18.Fd #define SSL_get_cipher(s) SSL_CIPHER_get_name(SSL_get_current_cipher(s))
19.Fd #define SSL_get_cipher_name(s) \
20SSL_CIPHER_get_name(SSL_get_current_cipher(s))
21.Fd #define SSL_get_cipher_bits(s,np) \
22SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
23.Fd #define SSL_get_cipher_version(s) \
24SSL_CIPHER_get_version(SSL_get_current_cipher(s))
25.Sh DESCRIPTION
26.Fn SSL_get_current_cipher
27returns a pointer to an
28.Vt SSL_CIPHER
29object containing the description of the actually used cipher of a connection
30established with the
31.Fa ssl
32object.
33.Pp
34.Fn SSL_get_cipher
35and
36.Fn SSL_get_cipher_name
37are identical macros to obtain the name of the currently used cipher.
38.Fn SSL_get_cipher_bits
39is a macro to obtain the number of secret/algorithm bits used and
40.Fn SSL_get_cipher_version
41returns the protocol name.
42See
43.Xr SSL_CIPHER_get_name 3
44for more details.
45.Sh RETURN VALUES
46.Fn SSL_get_current_cipher
47returns the cipher actually used or
48.Dv NULL ,
49when no session has been established.
50.Sh SEE ALSO
51.Xr ssl 3 ,
52.Xr SSL_CIPHER_get_name 3
diff --git a/src/lib/libssl/doc/SSL_get_default_timeout.3 b/src/lib/libssl/doc/SSL_get_default_timeout.3
deleted file mode 100644
index 1a58e87f27..0000000000
--- a/src/lib/libssl/doc/SSL_get_default_timeout.3
+++ /dev/null
@@ -1,36 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_default_timeout.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_DEFAULT_TIMEOUT 3
6.Os
7.Sh NAME
8.Nm SSL_get_default_timeout
9.Nd get default session timeout value
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft long
13.Fn SSL_get_default_timeout "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_default_timeout
16returns the default timeout value assigned to
17.Vt SSL_SESSION
18objects negotiated for the protocol valid for
19.Fa ssl .
20.Sh NOTES
21Whenever a new session is negotiated, it is assigned a timeout value,
22after which it will not be accepted for session reuse.
23If the timeout value was not explicitly set using
24.Xr SSL_CTX_set_timeout 3 ,
25the hardcoded default timeout for the protocol will be used.
26.Pp
27.Fn SSL_get_default_timeout
28return this hardcoded value, which is 300 seconds for all currently supported
29protocols (SSLv2, SSLv3, and TLSv1).
30.Sh RETURN VALUES
31See description.
32.Sh SEE ALSO
33.Xr ssl 3 ,
34.Xr SSL_CTX_flush_sessions 3 ,
35.Xr SSL_CTX_set_session_cache_mode 3 ,
36.Xr SSL_SESSION_get_time 3
diff --git a/src/lib/libssl/doc/SSL_get_error.3 b/src/lib/libssl/doc/SSL_get_error.3
deleted file mode 100644
index f6e5045b01..0000000000
--- a/src/lib/libssl/doc/SSL_get_error.3
+++ /dev/null
@@ -1,169 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_error.3,v 1.3 2015/07/24 15:25:08 jmc Exp $
3.\"
4.Dd $Mdocdate: July 24 2015 $
5.Dt SSL_GET_ERROR 3
6.Os
7.Sh NAME
8.Nm SSL_get_error
9.Nd obtain result code for TLS/SSL I/O operation
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_get_error "const SSL *ssl" "int ret"
14.Sh DESCRIPTION
15.Fn SSL_get_error
16returns a result code (suitable for the C
17.Dq switch
18statement) for a preceding call to
19.Xr SSL_connect 3 ,
20.Xr SSL_accept 3 ,
21.Xr SSL_do_handshake 3 ,
22.Xr SSL_read 3 ,
23.Xr SSL_peek 3 ,
24or
25.Xr SSL_write 3
26on
27.Fa ssl .
28The value returned by that TLS/SSL I/O function must be passed to
29.Fn SSL_get_error
30in parameter
31.Fa ret .
32.Pp
33In addition to
34.Fa ssl
35and
36.Fa ret ,
37.Fn SSL_get_error
38inspects the current thread's OpenSSL error queue.
39Thus,
40.Fn SSL_get_error
41must be used in the same thread that performed the TLS/SSL I/O operation,
42and no other OpenSSL function calls should appear in between.
43The current thread's error queue must be empty before the TLS/SSL I/O operation
44is attempted, or
45.Fn SSL_get_error
46will not work reliably.
47.Sh RETURN VALUES
48The following return values can currently occur:
49.Bl -tag -width Ds
50.It Dv SSL_ERROR_NONE
51The TLS/SSL I/O operation completed.
52This result code is returned if and only if
53.Fa ret
54< 0.
55.It Dv SSL_ERROR_ZERO_RETURN
56The TLS/SSL connection has been closed.
57If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned
58only if a closure alert has occurred in the protocol, i.e., if the connection
59has been closed cleanly.
60Note that in this case
61.Dv SSL_ERROR_ZERO_RETURN
62does not necessarily indicate that the underlying transport has been closed.
63.It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE
64The operation did not complete;
65the same TLS/SSL I/O function should be called again later.
66If, by then, the underlying
67.Vt BIO
68has data available for reading (if the result code is
69.Dv SSL_ERROR_WANT_READ )
70or allows writing data
71.Pq Dv SSL_ERROR_WANT_WRITE ,
72then some TLS/SSL protocol progress will take place,
73i.e., at least part of a TLS/SSL record will be read or written.
74Note that the retry may again lead to a
75.Dv SSL_ERROR_WANT_READ
76or
77.Dv SSL_ERROR_WANT_WRITE
78condition.
79There is no fixed upper limit for the number of iterations that may be
80necessary until progress becomes visible at application protocol level.
81.Pp
82For socket
83.Fa BIO Ns
84s (e.g., when
85.Fn SSL_set_fd
86was used),
87.Xr select 2
88or
89.Xr poll 2
90on the underlying socket can be used to find out when the TLS/SSL I/O function
91should be retried.
92.Pp
93Caveat: Any TLS/SSL I/O function can lead to either of
94.Dv SSL_ERROR_WANT_READ
95and
96.Dv SSL_ERROR_WANT_WRITE .
97In particular,
98.Xr SSL_read 3
99or
100.Xr SSL_peek 3
101may want to write data and
102.Xr SSL_write 3
103may want
104to read data.
105This is mainly because TLS/SSL handshakes may occur at any time during the
106protocol (initiated by either the client or the server);
107.Xr SSL_read 3 ,
108.Xr SSL_peek 3 ,
109and
110.Xr SSL_write 3
111will handle any pending handshakes.
112.It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT
113The operation did not complete; the same TLS/SSL I/O function should be
114called again later.
115The underlying BIO was not connected yet to the peer and the call would block
116in
117.Xr connect 2 Ns / Ns
118.Xr accept 2 .
119The SSL function should be
120called again when the connection is established.
121These messages can only appear with a
122.Xr BIO_s_connect 3
123or
124.Xr BIO_s_accept 3
125.Vt BIO ,
126respectively.
127In order to find out when the connection has been successfully established,
128on many platforms
129.Xr select 2
130or
131.Xr poll 2
132for writing on the socket file descriptor can be used.
133.It Dv SSL_ERROR_WANT_X509_LOOKUP
134The operation did not complete because an application callback set by
135.Xr SSL_CTX_set_client_cert_cb 3
136has asked to be called again.
137The TLS/SSL I/O function should be called again later.
138Details depend on the application.
139.It Dv SSL_ERROR_SYSCALL
140Some I/O error occurred.
141The OpenSSL error queue may contain more information on the error.
142If the error queue is empty (i.e.,
143.Fn ERR_get_error
144returns 0),
145.Fa ret
146can be used to find out more about the error:
147If
148.Fa ret
149== 0, an
150.Dv EOF
151was observed that violates the protocol.
152If
153.Fa ret
154== \(mi1, the underlying
155.Vt BIO
156reported an
157I/O error (for socket I/O on Unix systems, consult
158.Dv errno
159for details).
160.It Dv SSL_ERROR_SSL
161A failure in the SSL library occurred, usually a protocol error.
162The OpenSSL error queue contains more information on the error.
163.El
164.Sh SEE ALSO
165.Xr err 3 ,
166.Xr ssl 3
167.Sh HISTORY
168.Fn SSL_get_error
169was added in SSLeay 0.8.
diff --git a/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3
deleted file mode 100644
index ac8a27c952..0000000000
--- a/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ /dev/null
@@ -1,65 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.3 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3
6.Os
7.Sh NAME
8.Nm SSL_get_ex_data_X509_STORE_CTX_idx
9.Nd get ex_data index to access SSL structure from X509_STORE_CTX
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
14.Sh DESCRIPTION
15.Fn SSL_get_ex_data_X509_STORE_CTX_idx
16returns the index number under which the pointer to the
17.Vt SSL
18object is stored into the
19.Vt X509_STORE_CTX
20object.
21.Sh NOTES
22Whenever a
23.Vt X509_STORE_CTX
24object is created for the verification of the peer's certificate during a
25handshake, a pointer to the
26.Vt SSL
27object is stored into the
28.Vt X509_STORE_CTX
29object to identify the connection affected.
30To retrieve this pointer the
31.Xr X509_STORE_CTX_get_ex_data 3
32function can be used with the correct index.
33This index is globally the same for all
34.Vt X509_STORE_CTX
35objects and can be retrieved using
36.Fn SSL_get_ex_data_X509_STORE_CTX_idx .
37The index value is set when
38.Fn SSL_get_ex_data_X509_STORE_CTX_idx
39is first called either by the application program directly or indirectly during
40other SSL setup functions or during the handshake.
41.Pp
42The value depends on other index values defined for
43.Vt X509_STORE_CTX
44objects before the SSL index is created.
45.Sh RETURN VALUES
46.Bl -tag -width Ds
47.It \(>=0
48The index value to access the pointer.
49.It <0
50An error occurred, check the error stack for a detailed error message.
51.El
52.Sh EXAMPLES
53The index returned from
54.Fn SSL_get_ex_data_X509_STORE_CTX_idx
55provides access to
56.Vt SSL
57object for the connection during the
58.Fn verify_callback
59when checking the peer's certificate.
60Please check the example in
61.Xr SSL_CTX_set_verify 3 .
62.Sh SEE ALSO
63.Xr CRYPTO_set_ex_data 3 ,
64.Xr ssl 3 ,
65.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_get_ex_new_index.3
deleted file mode 100644
index d4613a6210..0000000000
--- a/src/lib/libssl/doc/SSL_get_ex_new_index.3
+++ /dev/null
@@ -1,76 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_EX_NEW_INDEX 3
6.Os
7.Sh NAME
8.Nm SSL_get_ex_new_index ,
9.Nm SSL_set_ex_data ,
10.Nm SSL_get_ex_data
11.Nd internal application specific data functions
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fo SSL_get_ex_new_index
16.Fa "long argl"
17.Fa "void *argp"
18.Fa "CRYPTO_EX_new *new_func"
19.Fa "CRYPTO_EX_dup *dup_func"
20.Fa "CRYPTO_EX_free *free_func"
21.Fc
22.Ft int
23.Fn SSL_set_ex_data "SSL *ssl" "int idx" "void *arg"
24.Ft void *
25.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
26.Bd -literal
27typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
28 int idx, long argl, void *argp);
29typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
30 int idx, long argl, void *argp);
31typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
32 int idx, long argl, void *argp);
33.Ed
34.Sh DESCRIPTION
35Several OpenSSL structures can have application specific data attached to them.
36These functions are used internally by OpenSSL to manipulate application
37specific data attached to a specific structure.
38.Pp
39.Fn SSL_get_ex_new_index
40is used to register a new index for application specific data.
41.Pp
42.Fn SSL_set_ex_data
43is used to store application data at
44.Fa arg
45for
46.Fa idx
47into the
48.Fa ssl
49object.
50.Pp
51.Fn SSL_get_ex_data
52is used to retrieve the information for
53.Fa idx
54from
55.Fa ssl .
56.Pp
57A detailed description for the
58.Fn *_get_ex_new_index
59functionality can be found in
60.Xr RSA_get_ex_new_index 3 .
61The
62.Fn *_get_ex_data
63and
64.Fn *_set_ex_data
65functionality is described in
66.Xr CRYPTO_set_ex_data 3 .
67.Sh EXAMPLES
68An example of how to use the functionality is included in the example
69.Fn verify_callback
70in
71.Xr SSL_CTX_set_verify 3 .
72.Sh SEE ALSO
73.Xr CRYPTO_set_ex_data 3 ,
74.Xr RSA_get_ex_new_index 3 ,
75.Xr ssl 3 ,
76.Xr SSL_CTX_set_verify 3
diff --git a/src/lib/libssl/doc/SSL_get_fd.3 b/src/lib/libssl/doc/SSL_get_fd.3
deleted file mode 100644
index b66b5f1044..0000000000
--- a/src/lib/libssl/doc/SSL_get_fd.3
+++ /dev/null
@@ -1,46 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_fd.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_FD 3
6.Os
7.Sh NAME
8.Nm SSL_get_fd ,
9.Nm SSL_get_rfd ,
10.Nm SSL_get_wfd
11.Nd get file descriptor linked to an SSL object
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_get_fd "const SSL *ssl"
16.Ft int
17.Fn SSL_get_rfd "const SSL *ssl"
18.Ft int
19.Fn SSL_get_wfd "const SSL *ssl"
20.Sh DESCRIPTION
21.Fn SSL_get_fd
22returns the file descriptor which is linked to
23.Fa ssl .
24.Fn SSL_get_rfd
25and
26.Fn SSL_get_wfd
27return the file descriptors for the read or the write channel,
28which can be different.
29If the read and the write channel are different,
30.Fn SSL_get_fd
31will return the file descriptor of the read channel.
32.Sh RETURN VALUES
33The following return values can occur:
34.Bl -tag -width Ds
35.It \(mi1
36The operation failed, because the underlying
37.Vt BIO
38is not of the correct type (suitable for file descriptors).
39.It \(>=0
40The file descriptor linked to
41.Fa ssl .
42.El
43.Sh SEE ALSO
44.Xr bio 3 ,
45.Xr ssl 3 ,
46.Xr SSL_set_fd 3
diff --git a/src/lib/libssl/doc/SSL_get_peer_cert_chain.3 b/src/lib/libssl/doc/SSL_get_peer_cert_chain.3
deleted file mode 100644
index e4faece5d0..0000000000
--- a/src/lib/libssl/doc/SSL_get_peer_cert_chain.3
+++ /dev/null
@@ -1,47 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_peer_cert_chain.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_PEER_CERT_CHAIN 3
6.Os
7.Sh NAME
8.Nm SSL_get_peer_cert_chain
9.Nd get the X509 certificate chain of the peer
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft STACK_OF(X509) *
13.Fn SSL_get_peer_cert_chain "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_peer_cert_chain
16returns a pointer to
17.Dv STACK_OF Ns Po Vt X509 Pc
18certificates forming the certificate chain of the peer.
19If called on the client side, the stack also contains the peer's certificate;
20if called on the server side, the peer's certificate must be obtained
21separately using
22.Xr SSL_get_peer_certificate 3 .
23If the peer did not present a certificate,
24.Dv NULL
25is returned.
26.Sh NOTES
27The peer certificate chain is not necessarily available after reusing a
28session, in which case a
29.Dv NULL
30pointer is returned.
31.Pp
32The reference count of the
33.Dv STACK_OF Ns Po Vt X509 Pc
34object is not incremented.
35If the corresponding session is freed, the pointer must not be used any longer.
36.Sh RETURN VALUES
37The following return values can occur:
38.Bl -tag -width Ds
39.It Dv NULL
40No certificate was presented by the peer or no connection was established or
41the certificate chain is no longer available when a session is reused.
42.It Pointer to a Dv STACK_OF Ns Po X509 Pc
43The return value points to the certificate chain presented by the peer.
44.El
45.Sh SEE ALSO
46.Xr ssl 3 ,
47.Xr SSL_get_peer_certificate 3
diff --git a/src/lib/libssl/doc/SSL_get_peer_certificate.3 b/src/lib/libssl/doc/SSL_get_peer_certificate.3
deleted file mode 100644
index bb32572356..0000000000
--- a/src/lib/libssl/doc/SSL_get_peer_certificate.3
+++ /dev/null
@@ -1,53 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_peer_certificate.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_PEER_CERTIFICATE 3
6.Os
7.Sh NAME
8.Nm SSL_get_peer_certificate
9.Nd get the X509 certificate of the peer
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft X509 *
13.Fn SSL_get_peer_certificate "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_peer_certificate
16returns a pointer to the X509 certificate the peer presented.
17If the peer did not present a certificate,
18.Dv NULL
19is returned.
20.Sh NOTES
21Due to the protocol definition, a TLS/SSL server will always send a
22certificate, if present.
23A client will only send a certificate when explicitly requested to do so by the
24server (see
25.Xr SSL_CTX_set_verify 3 ) .
26If an anonymous cipher is used, no certificates are sent.
27.Pp
28That a certificate is returned does not indicate information about the
29verification state.
30Use
31.Xr SSL_get_verify_result 3
32to check the verification state.
33.Pp
34The reference count of the
35.Vt X509
36object is incremented by one, so that it will not be destroyed when the session
37containing the peer certificate is freed.
38The
39.Vt X509
40object must be explicitly freed using
41.Xr X509_free 3 .
42.Sh RETURN VALUES
43The following return values can occur:
44.Bl -tag -width Ds
45.It Dv NULL
46No certificate was presented by the peer or no connection was established.
47.It Pointer to an X509 certificate
48The return value points to the certificate presented by the peer.
49.El
50.Sh SEE ALSO
51.Xr ssl 3 ,
52.Xr SSL_CTX_set_verify 3 ,
53.Xr SSL_get_verify_result 3
diff --git a/src/lib/libssl/doc/SSL_get_psk_identity.3 b/src/lib/libssl/doc/SSL_get_psk_identity.3
deleted file mode 100644
index 408555c0ee..0000000000
--- a/src/lib/libssl/doc/SSL_get_psk_identity.3
+++ /dev/null
@@ -1,44 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_psk_identity.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_PSK_IDENTITY 3
6.Os
7.Sh NAME
8.Nm SSL_get_psk_identity ,
9.Nm SSL_get_psk_identity_hint
10.Nd get PSK client identity and hint
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft const char *
14.Fn SSL_get_psk_identity_hint "const SSL *ssl"
15.Ft const char *
16.Fn SSL_get_psk_identity "const SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_get_psk_identity_hint
19is used to retrieve the PSK identity hint used during the connection setup
20related to
21.Vt SSL
22object
23.Fa ssl .
24Similarly,
25.Fn SSL_get_psk_identity
26is used to retrieve the PSK identity used during the connection setup.
27.Sh RETURN VALUES
28If
29.Pf non- Dv NULL ,
30.Fn SSL_get_psk_identity_hint
31returns the PSK identity hint and
32.Fn SSL_get_psk_identity
33returns the PSK identity.
34Both are
35.Dv NULL Ns -terminated.
36.Fn SSL_get_psk_identity_hint
37may return
38.Dv NULL
39if no PSK identity hint was used during the connection setup.
40.Pp
41Note that the return value is valid only during the lifetime of the
42.Vt SSL
43object
44.Fa ssl .
diff --git a/src/lib/libssl/doc/SSL_get_rbio.3 b/src/lib/libssl/doc/SSL_get_rbio.3
deleted file mode 100644
index 4455692eac..0000000000
--- a/src/lib/libssl/doc/SSL_get_rbio.3
+++ /dev/null
@@ -1,45 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_rbio.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_RBIO 3
6.Os
7.Sh NAME
8.Nm SSL_get_rbio ,
9.Nm SSL_get_wbio
10.Nd get BIO linked to an SSL object
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft BIO *
14.Fn SSL_get_rbio "SSL *ssl"
15.Ft BIO *
16.Fn SSL_get_wbio "SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_get_rbio
19and
20.Fn SSL_get_wbio
21return pointers to the
22.Vt BIO Ns s
23for the read or the write channel, which can be different.
24The reference count of the
25.Vt BIO
26is not incremented.
27.Sh RETURN VALUES
28The following return values can occur:
29.Bl -tag -width Ds
30.It Dv NULL
31No
32.Vt BIO
33was connected to the
34.Vt SSL
35object.
36.It Any other pointer
37The
38.Vt BIO
39linked to
40.Fa ssl .
41.El
42.Sh SEE ALSO
43.Xr bio 3 ,
44.Xr ssl 3 ,
45.Xr SSL_set_bio 3
diff --git a/src/lib/libssl/doc/SSL_get_session.3 b/src/lib/libssl/doc/SSL_get_session.3
deleted file mode 100644
index 435fe20956..0000000000
--- a/src/lib/libssl/doc/SSL_get_session.3
+++ /dev/null
@@ -1,97 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_session.3,v 1.3 2014/12/04 18:27:10 schwarze Exp $
3.\"
4.Dd $Mdocdate: December 4 2014 $
5.Dt SSL_GET_SESSION 3
6.Os
7.Sh NAME
8.Nm SSL_get_session ,
9.Nm SSL_get0_session ,
10.Nm SSL_get1_session
11.Nd retrieve TLS/SSL session data
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft SSL_SESSION *
15.Fn SSL_get_session "const SSL *ssl"
16.Ft SSL_SESSION *
17.Fn SSL_get0_session "const SSL *ssl"
18.Ft SSL_SESSION *
19.Fn SSL_get1_session "SSL *ssl"
20.Sh DESCRIPTION
21.Fn SSL_get_session
22returns a pointer to the
23.Vt SSL_SESSION
24actually used in
25.Fa ssl .
26The reference count of the
27.Vt SSL_SESSION
28is not incremented, so that the pointer can become invalid by other operations.
29.Pp
30.Fn SSL_get0_session
31is the same as
32.Fn SSL_get_session .
33.Pp
34.Fn SSL_get1_session
35is the same as
36.Fn SSL_get_session ,
37but the reference count of the
38.Vt SSL_SESSION
39is incremented by one.
40.Sh NOTES
41The
42Fa ssl
43session contains all information required to re-establish the connection
44without a new handshake.
45.Pp
46.Fn SSL_get0_session
47returns a pointer to the actual session.
48As the reference counter is not incremented,
49the pointer is only valid while the connection is in use.
50If
51.Xr SSL_clear 3
52or
53.Xr SSL_free 3
54is called, the session may be removed completely (if considered bad),
55and the pointer obtained will become invalid.
56Even if the session is valid,
57it can be removed at any time due to timeout during
58.Xr SSL_CTX_flush_sessions 3 .
59.Pp
60If the data is to be kept,
61.Fn SSL_get1_session
62will increment the reference count, so that the session will not be implicitly
63removed by other operations but stays in memory.
64In order to remove the session
65.Xr SSL_SESSION_free 3
66must be explicitly called once to decrement the reference count again.
67.Pp
68.Vt SSL_SESSION
69objects keep internal link information about the session cache list when being
70inserted into one
71.Vt SSL_CTX
72object's session cache.
73One
74.Vt SSL_SESSION
75object, regardless of its reference count, must therefore only be used with one
76.Vt SSL_CTX
77object (and the
78.Vt SSL
79objects created from this
80.Vt SSL_CTX
81object).
82.Sh RETURN VALUES
83The following return values can occur:
84.Bl -tag -width Ds
85.It Dv NULL
86There is no session available in
87.Fa ssl .
88.It Pointer to an Vt SSL
89The return value points to the data of an
90.Vt SSL
91session.
92.El
93.Sh SEE ALSO
94.Xr ssl 3 ,
95.Xr SSL_clear 3 ,
96.Xr SSL_free 3 ,
97.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/SSL_get_verify_result.3 b/src/lib/libssl/doc/SSL_get_verify_result.3
deleted file mode 100644
index e89e3dea61..0000000000
--- a/src/lib/libssl/doc/SSL_get_verify_result.3
+++ /dev/null
@@ -1,49 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_verify_result.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_VERIFY_RESULT 3
6.Os
7.Sh NAME
8.Nm SSL_get_verify_result
9.Nd get result of peer certificate verification
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft long
13.Fn SSL_get_verify_result "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_verify_result
16returns the result of the verification of the X509 certificate presented by the
17peer, if any.
18.Sh NOTES
19.Fn SSL_get_verify_result
20can only return one error code while the verification of a certificate can fail
21because of many reasons at the same time.
22Only the last verification error that occurred during the processing is
23available from
24.Fn SSL_get_verify_result .
25.Pp
26The verification result is part of the established session and is restored when
27a session is reused.
28.Sh RETURN VALUES
29The following return values can currently occur:
30.Bl -tag -width Ds
31.It Dv X509_V_OK
32The verification succeeded or no peer certificate was presented.
33.It Any other value
34Documented in
35.Xr openssl 1 .
36.El
37.Sh SEE ALSO
38.Xr openssl 1 ,
39.Xr ssl 3 ,
40.Xr SSL_get_peer_certificate 3 ,
41.Xr SSL_set_verify_result 3
42.Sh BUGS
43If no peer certificate was presented, the returned result code is
44.Dv X509_V_OK .
45This is because no verification error occurred;
46however, it does not indicate success.
47.Fn SSL_get_verify_result
48is only useful in connection with
49.Xr SSL_get_peer_certificate 3 .
diff --git a/src/lib/libssl/doc/SSL_get_version.3 b/src/lib/libssl/doc/SSL_get_version.3
deleted file mode 100644
index ecfd005f12..0000000000
--- a/src/lib/libssl/doc/SSL_get_version.3
+++ /dev/null
@@ -1,35 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_get_version.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_GET_VERSION 3
6.Os
7.Sh NAME
8.Nm SSL_get_version
9.Nd get the protocol version of a connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft const char *
13.Fn SSL_get_version "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_get_version
16returns the name of the protocol used for the connection
17.Fa ssl .
18.Sh RETURN VALUES
19The following strings can be returned:
20.Bl -tag -width Ds
21.It Qq SSLv2
22The connection uses the SSLv2 protocol.
23.It Qq SSLv3
24The connection uses the SSLv3 protocol.
25.It Qq TLSv1
26The connection uses the TLSv1.0 protocol.
27.It Qq TLSv1.1
28The connection uses the TLSv1.1 protocol.
29.It Qq TLSv1.2
30The connection uses the TLSv1.2 protocol.
31.It Qq unknown
32This indicates that no version has been set (no connection established).
33.El
34.Sh SEE ALSO
35.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_library_init.3 b/src/lib/libssl/doc/SSL_library_init.3
deleted file mode 100644
index 0c84c5d9c9..0000000000
--- a/src/lib/libssl/doc/SSL_library_init.3
+++ /dev/null
@@ -1,54 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_library_init.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_LIBRARY_INIT 3
6.Os
7.Sh NAME
8.Nm SSL_library_init ,
9.Nm OpenSSL_add_ssl_algorithms ,
10.Nm SSLeay_add_ssl_algorithms
11.Nd initialize SSL library by registering algorithms
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_library_init void
16.Fd #define OpenSSL_add_ssl_algorithms() SSL_library_init()
17.Fd #define SSLeay_add_ssl_algorithms() SSL_library_init()
18.Sh DESCRIPTION
19.Fn SSL_library_init
20registers the available SSL/TLS ciphers and digests.
21.Pp
22.Fn OpenSSL_add_ssl_algorithms
23and
24.Fn SSLeay_add_ssl_algorithms
25are synonyms for
26.Fn SSL_library_init .
27.Sh NOTES
28.Fn SSL_library_init
29must be called before any other action takes place.
30.Fn SSL_library_init
31is not reentrant.
32.Sh WARNING
33.Fn SSL_library_init
34adds ciphers and digests used directly and indirectly by SSL/TLS.
35.Sh RETURN VALUES
36.Fn SSL_library_init
37always returns 1, so it is safe to discard the return value.
38.Sh EXAMPLES
39A typical TLS/SSL application will start with the library initialization, and
40provide readable error messages.
41.Bd -literal
42SSL_load_error_strings(); /* readable error messages */
43SSL_library_init(); /* initialize library */
44.Ed
45.Sh NOTES
46OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to
47.Fn SSL_library_init .
48Applications which need to use SHA2 in earlier versions of OpenSSL should call
49.Fn OpenSSL_add_all_algorithms
50as well.
51.Sh SEE ALSO
52.Xr RAND_add 3 ,
53.Xr ssl 3 ,
54.Xr SSL_load_error_strings 3
diff --git a/src/lib/libssl/doc/SSL_load_client_CA_file.3 b/src/lib/libssl/doc/SSL_load_client_CA_file.3
deleted file mode 100644
index d1f085583f..0000000000
--- a/src/lib/libssl/doc/SSL_load_client_CA_file.3
+++ /dev/null
@@ -1,53 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_load_client_CA_file.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_LOAD_CLIENT_CA_FILE 3
6.Os
7.Sh NAME
8.Nm SSL_load_client_CA_file
9.Nd load certificate names from file
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft STACK_OF(X509_NAME) *
13.Fn SSL_load_client_CA_file "const char *file"
14.Sh DESCRIPTION
15.Fn SSL_load_client_CA_file
16reads certificates from
17.Fa file
18and returns a
19.Dv STACK_OF Ns
20.Pq Vt X509_NAME
21with the subject names found.
22.Sh NOTES
23.Fn SSL_load_client_CA_file
24reads a file of PEM formatted certificates and extracts the
25.Vt X509_NAME Ns s
26of the certificates found.
27While the name suggests the specific usage as support function for
28.Xr SSL_CTX_set_client_CA_list 3 ,
29it is not limited to CA certificates.
30.Sh RETURN VALUES
31The following return values can occur:
32.Bl -tag -width Ds
33.It Dv NULL
34The operation failed, check out the error stack for the reason.
35.It Pointer to Dv STACK_OF Ns Po Vt X509_NAME Pc
36Pointer to the subject names of the successfully read certificates.
37.El
38.Sh EXAMPLES
39Load names of CAs from file and use it as a client CA list:
40.Bd -literal
41SSL_CTX *ctx;
42STACK_OF(X509_NAME) *cert_names;
43\&...
44cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
45if (cert_names != NULL)
46 SSL_CTX_set_client_CA_list(ctx, cert_names);
47else
48 error_handling();
49\&...
50.Ed
51.Sh SEE ALSO
52.Xr ssl 3 ,
53.Xr SSL_CTX_set_client_CA_list 3
diff --git a/src/lib/libssl/doc/SSL_new.3 b/src/lib/libssl/doc/SSL_new.3
deleted file mode 100644
index 884b51270b..0000000000
--- a/src/lib/libssl/doc/SSL_new.3
+++ /dev/null
@@ -1,41 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_new.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_NEW 3
6.Os
7.Sh NAME
8.Nm SSL_new
9.Nd create a new SSL structure for a connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft SSL *
13.Fn SSL_new "SSL_CTX *ctx"
14.Sh DESCRIPTION
15.Fn SSL_new
16creates a new
17.Vt SSL
18structure which is needed to hold the data for a TLS/SSL connection.
19The new structure inherits the settings of the underlying context
20.Fa ctx :
21connection method (SSLv2/v3/TLSv1), options, verification settings,
22timeout settings.
23.Sh RETURN VALUES
24The following return values can occur:
25.Bl -tag -width Ds
26.It Dv NULL
27The creation of a new
28.Vt SSL
29structure failed.
30Check the error stack to find out the reason.
31.It Pointer to an Vt SSL No structure
32The return value points to an allocated
33.Vt SSL
34structure.
35.El
36.Sh SEE ALSO
37.Xr ssl 3 ,
38.Xr SSL_clear 3 ,
39.Xr SSL_CTX_set_options 3 ,
40.Xr SSL_free 3 ,
41.Xr SSL_get_SSL_CTX 3
diff --git a/src/lib/libssl/doc/SSL_pending.3 b/src/lib/libssl/doc/SSL_pending.3
deleted file mode 100644
index 25ef4ea0ba..0000000000
--- a/src/lib/libssl/doc/SSL_pending.3
+++ /dev/null
@@ -1,44 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_pending.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_PENDING 3
6.Os
7.Sh NAME
8.Nm SSL_pending
9.Nd obtain number of readable bytes buffered in an SSL object
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_pending "const SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_pending
16returns the number of bytes which are available inside
17.Fa ssl
18for immediate read.
19.Sh NOTES
20Data are received in blocks from the peer.
21Therefore data can be buffered inside
22.Fa ssl
23and are ready for immediate retrieval with
24.Xr SSL_read 3 .
25.Sh RETURN VALUES
26The number of bytes pending is returned.
27.Sh SEE ALSO
28.Xr ssl 3 ,
29.Xr SSL_read 3
30.Sh BUGS
31.Fn SSL_pending
32takes into account only bytes from the TLS/SSL record that is currently being
33processed (if any).
34If the
35.Vt SSL
36object's
37.Em read_ahead
38flag is set, additional protocol bytes may have been read containing more
39TLS/SSL records; these are ignored by
40.Fn SSL_pending .
41.Pp
42Up to OpenSSL 0.9.6,
43.Fn SSL_pending
44does not check if the record type of pending data is application data.
diff --git a/src/lib/libssl/doc/SSL_read.3 b/src/lib/libssl/doc/SSL_read.3
deleted file mode 100644
index d6e5960958..0000000000
--- a/src/lib/libssl/doc/SSL_read.3
+++ /dev/null
@@ -1,193 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_read.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_READ 3
6.Os
7.Sh NAME
8.Nm SSL_read
9.Nd read bytes from a TLS/SSL connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_read "SSL *ssl" "void *buf" "int num"
14.Sh DESCRIPTION
15.Fn SSL_read
16tries to read
17.Fa num
18bytes from the specified
19.Fa ssl
20into the buffer
21.Fa buf .
22.Sh NOTES
23If necessary,
24.Fn SSL_read
25will negotiate a TLS/SSL session, if not already explicitly performed by
26.Xr SSL_connect 3
27or
28.Xr SSL_accept 3 .
29If the peer requests a re-negotiation,
30it will be performed transparently during the
31.Fn SSL_read
32operation.
33The behaviour of
34.Fn SSL_read
35depends on the underlying
36.Vt BIO .
37.Pp
38For the transparent negotiation to succeed, the
39.Fa ssl
40must have been initialized to client or server mode.
41This is being done by calling
42.Xr SSL_set_connect_state 3
43or
44.Xr SSL_set_accept_state 3
45before the first call to
46.Fn SSL_read
47or
48.Xr SSL_write 3 .
49.Pp
50.Fn SSL_read
51works based on the SSL/TLS records.
52The data are received in records (with a maximum record size of 16kB for
53SSLv3/TLSv1).
54Only after a record has been completely received can it be processed
55(decrypted and checked for integrity).
56Therefore data not retrieved at the last call of
57.Fn SSL_read
58can still be buffered inside the SSL layer and will be retrieved on the next
59call to
60.Fn SSL_read .
61If
62.Fa num
63is higher than the number of bytes buffered,
64.Fn SSL_read
65will return with the bytes buffered.
66If no more bytes are in the buffer,
67.Fn SSL_read
68will trigger the processing of the next record.
69Only when the record has been received and processed completely will
70.Fn SSL_read
71return reporting success.
72At most the contents of the record will be returned.
73As the size of an SSL/TLS record may exceed the maximum packet size of the
74underlying transport (e.g., TCP), it may be necessary to read several packets
75from the transport layer before the record is complete and
76.Fn SSL_read
77can succeed.
78.Pp
79If the underlying
80.Vt BIO
81is
82.Em blocking ,
83.Fn SSL_read
84will only return once the read operation has been finished or an error
85has occurred, except when a renegotiation take place, in which case a
86.Dv SSL_ERROR_WANT_READ
87may occur.
88This behavior can be controlled with the
89.Dv SSL_MODE_AUTO_RETRY
90flag of the
91.Xr SSL_CTX_set_mode 3
92call.
93.Pp
94If the underlying
95.Vt BIO
96is
97.Em non-blocking ,
98.Fn SSL_read
99will also return when the underlying
100.Vt BIO
101could not satisfy the needs of
102.Fn SSL_read
103to continue the operation.
104In this case a call to
105.Xr SSL_get_error 3
106with the return value of
107.Fn SSL_read
108will yield
109.Dv SSL_ERROR_WANT_READ
110or
111.Dv SSL_ERROR_WANT_WRITE .
112As at any time a re-negotiation is possible, a call to
113.Fn SSL_read
114can also cause write operations!
115The calling process then must repeat the call after taking appropriate action
116to satisfy the needs of
117.Fn SSL_read .
118The action depends on the underlying
119.Vt BIO .
120When using a non-blocking socket, nothing is to be done, but
121.Xr select 2
122can be used to check for the required condition.
123When using a buffering
124.Vt BIO ,
125like a
126.Vt BIO
127pair, data must be written into or retrieved out of the
128.Vt BIO
129before being able to continue.
130.Pp
131.Xr SSL_pending 3
132can be used to find out whether there are buffered bytes available for
133immediate retrieval.
134In this case
135.Fn SSL_read
136can be called without blocking or actually receiving new data from the
137underlying socket.
138.Sh WARNING
139When an
140.Fn SSL_read
141operation has to be repeated because of
142.Dv SSL_ERROR_WANT_READ
143or
144.Dv SSL_ERROR_WANT_WRITE ,
145it must be repeated with the same arguments.
146.Sh RETURN VALUES
147The following return values can occur:
148.Bl -tag -width Ds
149.It >0
150The read operation was successful; the return value is the number of bytes
151actually read from the TLS/SSL connection.
152.It 0
153The read operation was not successful.
154The reason may either be a clean shutdown due to a
155.Dq close notify
156alert sent by the peer (in which case the
157.Dv SSL_RECEIVED_SHUTDOWN
158flag in the ssl shutdown state is set (see
159.Xr SSL_shutdown 3
160and
161.Xr SSL_set_shutdown 3 ) .
162It is also possible that the peer simply shut down the underlying transport and
163the shutdown is incomplete.
164Call
165.Fn SSL_get_error
166with the return value to find out whether an error occurred or the connection
167was shut down cleanly
168.Pq Dv SSL_ERROR_ZERO_RETURN .
169.Pp
170SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only
171be detected whether the underlying connection was closed.
172It cannot be checked whether the closure was initiated by the peer or by
173something else.
174.It <0
175The read operation was not successful, because either an error occurred or
176action must be taken by the calling process.
177Call
178.Fn SSL_get_error
179with the return value to find out the reason.
180.El
181.Sh SEE ALSO
182.Xr bio 3 ,
183.Xr ssl 3 ,
184.Xr SSL_accept 3 ,
185.Xr SSL_connect 3 ,
186.Xr SSL_CTX_new 3 ,
187.Xr SSL_CTX_set_mode 3 ,
188.Xr SSL_get_error 3 ,
189.Xr SSL_pending 3 ,
190.Xr SSL_set_connect_state 3 ,
191.Xr SSL_set_shutdown 3 ,
192.Xr SSL_shutdown 3 ,
193.Xr SSL_write 3
diff --git a/src/lib/libssl/doc/SSL_rstate_string.3 b/src/lib/libssl/doc/SSL_rstate_string.3
deleted file mode 100644
index 81d83e52a1..0000000000
--- a/src/lib/libssl/doc/SSL_rstate_string.3
+++ /dev/null
@@ -1,55 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_rstate_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_RSTATE_STRING 3
6.Os
7.Sh NAME
8.Nm SSL_rstate_string ,
9.Nm SSL_rstate_string_long
10.Nd get textual description of state of an SSL object during read operation
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft const char *
14.Fn SSL_rstate_string "SSL *ssl"
15.Ft const char *
16.Fn SSL_rstate_string_long "SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_rstate_string
19returns a 2-letter string indicating the current read state of the
20.Vt SSL
21object
22.Fa ssl .
23.Pp
24.Fn SSL_rstate_string_long
25returns a string indicating the current read state of the
26.Vt SSL
27object
28.Fa ssl .
29.Sh NOTES
30When performing a read operation, the SSL/TLS engine must parse the record,
31consisting of header and body.
32When working in a blocking environment,
33.Fn SSL_rstate_string[_long]
34should always return
35.Qo RD Qc Ns / Ns Qo read done Qc .
36.Pp
37This function should only seldom be needed in applications.
38.Sh RETURN VALUES
39.Fn SSL_rstate_string
40and
41.Fn SSL_rstate_string_long
42can return the following values:
43.Bl -tag -width Ds
44.It Qo RH Qc Ns / Ns Qo read header Qc
45The header of the record is being evaluated.
46.It Qo RB Qc Ns / Ns Qo read body Qc
47The body of the record is being evaluated.
48.It Qo RD Qc Ns / Ns Qo read done Qc
49The record has been completely processed.
50.It Qo unknown Qc Ns / Ns Qo unknown Qc
51The read state is unknown.
52This should never happen.
53.El
54.Sh SEE ALSO
55.Xr ssl 3
diff --git a/src/lib/libssl/doc/SSL_session_reused.3 b/src/lib/libssl/doc/SSL_session_reused.3
deleted file mode 100644
index 6ea45f749b..0000000000
--- a/src/lib/libssl/doc/SSL_session_reused.3
+++ /dev/null
@@ -1,32 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_session_reused.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SESSION_REUSED 3
6.Os
7.Sh NAME
8.Nm SSL_session_reused
9.Nd query whether a reused session was negotiated during handshake
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_session_reused "SSL *ssl"
14.Sh DESCRIPTION
15Query whether a reused session was negotiated during the handshake.
16.Sh NOTES
17During the negotiation, a client can propose to reuse a session.
18The server then looks up the session in its cache.
19If both client and server agree on the session,
20it will be reused and a flag is set that can be queried by the application.
21.Sh RETURN VALUES
22The following return values can occur:
23.Bl -tag -width Ds
24.It 0
25A new session was negotiated.
26.It 1
27A session was reused.
28.El
29.Sh SEE ALSO
30.Xr ssl 3 ,
31.Xr SSL_CTX_set_session_cache_mode 3 ,
32.Xr SSL_set_session 3
diff --git a/src/lib/libssl/doc/SSL_set_bio.3 b/src/lib/libssl/doc/SSL_set_bio.3
deleted file mode 100644
index 7e2611e000..0000000000
--- a/src/lib/libssl/doc/SSL_set_bio.3
+++ /dev/null
@@ -1,51 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_bio.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_BIO 3
6.Os
7.Sh NAME
8.Nm SSL_set_bio
9.Nd connect the SSL object with a BIO
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
14.Sh DESCRIPTION
15.Fn SSL_set_bio
16connects the
17.Vt BIO Ns
18s
19.Fa rbio
20and
21.Fa wbio
22for the read and write operations of the TLS/SSL (encrypted) side of
23.Fa ssl .
24.Pp
25The SSL engine inherits the behaviour of
26.Fa rbio
27and
28.Fa wbio ,
29respectively.
30If a
31.Vt BIO
32is non-blocking, the
33.Fa ssl
34will also have non-blocking behaviour.
35.Pp
36If there was already a
37.Vt BIO
38connected to
39.Fa ssl ,
40.Xr BIO_free 3
41will be called (for both the reading and writing side, if different).
42.Sh RETURN VALUES
43.Fn SSL_set_bio
44cannot fail.
45.Sh SEE ALSO
46.Xr bio 3 ,
47.Xr ssl 3 ,
48.Xr SSL_accept 3 ,
49.Xr SSL_connect 3 ,
50.Xr SSL_get_rbio 3 ,
51.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_set_connect_state.3 b/src/lib/libssl/doc/SSL_set_connect_state.3
deleted file mode 100644
index e3f946f8ee..0000000000
--- a/src/lib/libssl/doc/SSL_set_connect_state.3
+++ /dev/null
@@ -1,71 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_connect_state.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_CONNECT_STATE 3
6.Os
7.Sh NAME
8.Nm SSL_set_connect_state ,
9.Nm SSL_get_accept_state
10.Nd prepare SSL object to work in client or server mode
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_set_connect_state "SSL *ssl"
15.Ft void
16.Fn SSL_set_accept_state "SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_set_connect_state
19sets
20.Fa ssl
21to work in client mode.
22.Pp
23.Fn SSL_set_accept_state
24sets
25.Fa ssl
26to work in server mode.
27.Sh NOTES
28When the
29.Vt SSL_CTX
30object was created with
31.Xr SSL_CTX_new 3 ,
32it was either assigned a dedicated client method, a dedicated server method, or
33a generic method, that can be used for both client and server connections.
34(The method might have been changed with
35.Xr SSL_CTX_set_ssl_version 3
36or
37.Xr SSL_set_ssl_method 3 . )
38.Pp
39When beginning a new handshake, the SSL engine must know whether it must call
40the connect (client) or accept (server) routines.
41Even though it may be clear from the method chosen whether client or server
42mode was requested, the handshake routines must be explicitly set.
43.Pp
44When using the
45.Xr SSL_connect 3
46or
47.Xr SSL_accept 3
48routines, the correct handshake routines are automatically set.
49When performing a transparent negotiation using
50.Xr SSL_write 3
51or
52.Xr SSL_read 3 ,
53the handshake routines must be explicitly set in advance using either
54.Fn SSL_set_connect_state
55or
56.Fn SSL_set_accept_state .
57.Sh RETURN VALUES
58.Fn SSL_set_connect_state
59and
60.Fn SSL_set_accept_state
61do not return diagnostic information.
62.Sh SEE ALSO
63.Xr ssl 3 ,
64.Xr SSL_accept 3 ,
65.Xr SSL_connect 3 ,
66.Xr SSL_CTX_new 3 ,
67.Xr SSL_CTX_set_ssl_version 3 ,
68.Xr SSL_do_handshake 3 ,
69.Xr SSL_new 3 ,
70.Xr SSL_read 3 ,
71.Xr SSL_write 3
diff --git a/src/lib/libssl/doc/SSL_set_fd.3 b/src/lib/libssl/doc/SSL_set_fd.3
deleted file mode 100644
index 94e0c7614a..0000000000
--- a/src/lib/libssl/doc/SSL_set_fd.3
+++ /dev/null
@@ -1,73 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_fd.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_FD 3
6.Os
7.Sh NAME
8.Nm SSL_set_fd ,
9.Nm SSL_set_rfd ,
10.Nm SSL_set_wfd
11.Nd connect the SSL object with a file descriptor
12.Sh SYNOPSIS
13.In openssl/ssl.h
14.Ft int
15.Fn SSL_set_fd "SSL *ssl" "int fd"
16.Ft int
17.Fn SSL_set_rfd "SSL *ssl" "int fd"
18.Ft int
19.Fn SSL_set_wfd "SSL *ssl" "int fd"
20.Sh DESCRIPTION
21.Fn SSL_set_fd
22sets the file descriptor
23.Fa fd
24as the input/output facility for the TLS/SSL (encrypted) side of
25.Fa ssl .
26.Fa fd
27will typically be the socket file descriptor of a network connection.
28.Pp
29When performing the operation, a socket
30.Vt BIO
31is automatically created to interface between the
32.Fa ssl
33and
34.Fa fd .
35The
36.Vt BIO
37and hence the SSL engine inherit the behaviour of
38.Fa fd .
39If
40.Fa fd
41is non-blocking, the
42.Fa ssl
43will also have non-blocking behaviour.
44.Pp
45If there was already a
46.Vt BIO
47connected to
48.Fa ssl ,
49.Xr BIO_free 3
50will be called (for both the reading and writing side, if different).
51.Pp
52.Fn SSL_set_rfd
53and
54.Fn SSL_set_wfd
55perform the respective action, but only for the read channel or the write
56channel, which can be set independently.
57.Sh RETURN VALUES
58The following return values can occur:
59.Bl -tag -width Ds
60.It 0
61The operation failed.
62Check the error stack to find out why.
63.It 1
64The operation succeeded.
65.El
66.Sh SEE ALSO
67.Xr bio 3 ,
68.Xr ssl 3 ,
69.Xr SSL_accept 3 ,
70.Xr SSL_connect 3 ,
71.Xr SSL_get_fd 3 ,
72.Xr SSL_set_bio 3 ,
73.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_set_session.3 b/src/lib/libssl/doc/SSL_set_session.3
deleted file mode 100644
index 1f2fc66cba..0000000000
--- a/src/lib/libssl/doc/SSL_set_session.3
+++ /dev/null
@@ -1,68 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_session.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_SESSION 3
6.Os
7.Sh NAME
8.Nm SSL_set_session
9.Nd set a TLS/SSL session to be used during TLS/SSL connect
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
14.Sh DESCRIPTION
15.Fn SSL_set_session
16sets
17.Fa session
18to be used when the TLS/SSL connection is to be established.
19.Fn SSL_set_session
20is only useful for TLS/SSL clients.
21When the session is set, the reference count of
22.Fa session
23is incremented
24by 1.
25If the session is not reused, the reference count is decremented again during
26.Fn SSL_connect .
27Whether the session was reused can be queried with the
28.Xr SSL_session_reused 3
29call.
30.Pp
31If there is already a session set inside
32.Fa ssl
33(because it was set with
34.Fn SSL_set_session
35before or because the same
36.Fa ssl
37was already used for a connection),
38.Xr SSL_SESSION_free 3
39will be called for that session.
40.Sh NOTES
41.Vt SSL_SESSION
42objects keep internal link information about the session cache list when being
43inserted into one
44.Vt SSL_CTX
45object's session cache.
46One
47.Vt SSL_SESSION
48object, regardless of its reference count, must therefore only be used with one
49.Vt SSL_CTX
50object (and the
51.Vt SSL
52objects created from this
53.Vt SSL_CTX
54object).
55.Sh RETURN VALUES
56The following return values can occur:
57.Bl -tag -width Ds
58.It 0
59The operation failed; check the error stack to find out the reason.
60.It 1
61The operation succeeded.
62.El
63.Sh SEE ALSO
64.Xr ssl 3 ,
65.Xr SSL_CTX_set_session_cache_mode 3 ,
66.Xr SSL_get_session 3 ,
67.Xr SSL_SESSION_free 3 ,
68.Xr SSL_session_reused 3
diff --git a/src/lib/libssl/doc/SSL_set_shutdown.3 b/src/lib/libssl/doc/SSL_set_shutdown.3
deleted file mode 100644
index 546b52dad5..0000000000
--- a/src/lib/libssl/doc/SSL_set_shutdown.3
+++ /dev/null
@@ -1,88 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_SHUTDOWN 3
6.Os
7.Sh NAME
8.Nm SSL_set_shutdown ,
9.Nm SSL_get_shutdown
10.Nd manipulate shutdown state of an SSL connection
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft void
14.Fn SSL_set_shutdown "SSL *ssl" "int mode"
15.Ft int
16.Fn SSL_get_shutdown "const SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_set_shutdown
19sets the shutdown state of
20.Fa ssl
21to
22.Fa mode .
23.Pp
24.Fn SSL_get_shutdown
25returns the shutdown mode of
26.Fa ssl .
27.Sh NOTES
28The shutdown state of an ssl connection is a bitmask of:
29.Bl -tag -width Ds
30.It 0
31No shutdown setting, yet.
32.It Dv SSL_SENT_SHUTDOWN
33A
34.Dq close notify
35shutdown alert was sent to the peer; the connection is being considered closed
36and the session is closed and correct.
37.It Dv SSL_RECEIVED_SHUTDOWN
38A shutdown alert was received form the peer, either a normal
39.Dq close notify
40or a fatal error.
41.El
42.Pp
43.Dv SSL_SENT_SHUTDOWN
44and
45.Dv SSL_RECEIVED_SHUTDOWN
46can be set at the same time.
47.Pp
48The shutdown state of the connection is used to determine the state of the
49.Fa ssl
50session.
51If the session is still open when
52.Xr SSL_clear 3
53or
54.Xr SSL_free 3
55is called, it is considered bad and removed according to RFC2246.
56The actual condition for a correctly closed session is
57.Dv SSL_SENT_SHUTDOWN
58(according to the TLS RFC, it is acceptable to only send the
59.Dq close notify
60alert but to not wait for the peer's answer when the underlying connection is
61closed).
62.Fn SSL_set_shutdown
63can be used to set this state without sending a close alert to the peer (see
64.Xr SSL_shutdown 3 ) .
65.Pp
66If a
67.Dq close notify
68was received,
69.Dv SSL_RECEIVED_SHUTDOWN
70will be set, but to set
71.Dv SSL_SENT_SHUTDOWN
72the application must still call
73.Xr SSL_shutdown 3
74or
75.Fn SSL_set_shutdown
76itself.
77.Sh RETURN VALUES
78.Fn SSL_set_shutdown
79does not return diagnostic information.
80.Pp
81.Fn SSL_get_shutdown
82returns the current setting.
83.Sh SEE ALSO
84.Xr ssl 3 ,
85.Xr SSL_clear 3 ,
86.Xr SSL_CTX_set_quiet_shutdown 3 ,
87.Xr SSL_free 3 ,
88.Xr SSL_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_set_verify_result.3 b/src/lib/libssl/doc/SSL_set_verify_result.3
deleted file mode 100644
index 9d5474d07a..0000000000
--- a/src/lib/libssl/doc/SSL_set_verify_result.3
+++ /dev/null
@@ -1,42 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_set_verify_result.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SET_VERIFY_RESULT 3
6.Os
7.Sh NAME
8.Nm SSL_set_verify_result
9.Nd override result of peer certificate verification
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft void
13.Fn SSL_set_verify_result "SSL *ssl" "long verify_result"
14.Sh DESCRIPTION
15.Fn SSL_set_verify_result
16sets
17.Fa verify_result
18of the object
19.Fa ssl
20to be the result of the verification of the X509 certificate presented by the
21peer, if any.
22.Sh NOTES
23.Fn SSL_set_verify_result
24overrides the verification result.
25It only changes the verification result of the
26.Fa ssl
27object.
28It does not become part of the established session, so if the session is to be
29reused later, the original value will reappear.
30.Pp
31The valid codes for
32.Fa verify_result
33are documented in
34.Xr openssl 1 .
35.Sh RETURN VALUES
36.Fn SSL_set_verify_result
37does not provide a return value.
38.Sh SEE ALSO
39.Xr openssl 1 ,
40.Xr ssl 3 ,
41.Xr SSL_get_peer_certificate 3 ,
42.Xr SSL_get_verify_result 3
diff --git a/src/lib/libssl/doc/SSL_shutdown.3 b/src/lib/libssl/doc/SSL_shutdown.3
deleted file mode 100644
index 187e656fe3..0000000000
--- a/src/lib/libssl/doc/SSL_shutdown.3
+++ /dev/null
@@ -1,204 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_SHUTDOWN 3
6.Os
7.Sh NAME
8.Nm SSL_shutdown
9.Nd shut down a TLS/SSL connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_shutdown "SSL *ssl"
14.Sh DESCRIPTION
15.Fn SSL_shutdown
16shuts down an active TLS/SSL connection.
17It sends the
18.Dq close notify
19shutdown alert to the peer.
20.Sh NOTES
21.Fn SSL_shutdown
22tries to send the
23.Dq close notify
24shutdown alert to the peer.
25Whether the operation succeeds or not, the
26.Dv SSL_SENT_SHUTDOWN
27flag is set and a currently open session is considered closed and good and will
28be kept in the session cache for further reuse.
29.Pp
30The shutdown procedure consists of 2 steps: the sending of the
31.Dq close notify
32shutdown alert and the reception of the peer's
33.Dq close notify
34shutdown alert.
35According to the TLS standard, it is acceptable for an application to only send
36its shutdown alert and then close the underlying connection without waiting for
37the peer's response (this way resources can be saved, as the process can
38already terminate or serve another connection).
39When the underlying connection shall be used for more communications,
40the complete shutdown procedure (bidirectional
41.Dq close notify
42alerts) must be performed, so that the peers stay synchronized.
43.Pp
44.Fn SSL_shutdown
45supports both uni- and bidirectional shutdown by its 2 step behavior.
46.Pp
47When the application is the first party to send the
48.Dq close notify
49alert,
50.Fn SSL_shutdown
51will only send the alert and then set the
52.Dv SSL_SENT_SHUTDOWN
53flag (so that the session is considered good and will be kept in cache).
54.Fn SSL_shutdown
55will then return 0.
56If a unidirectional shutdown is enough
57(the underlying connection shall be closed anyway), this first call to
58.Fn SSL_shutdown
59is sufficient.
60In order to complete the bidirectional shutdown handshake,
61.Fn SSL_shutdown
62must be called again.
63The second call will make
64.Fn SSL_shutdown
65wait for the peer's
66.Dq close notify
67shutdown alert.
68On success, the second call to
69.Fn SSL_shutdown
70will return 1.
71.Pp
72If the peer already sent the
73.Dq close notify
74alert and it was already processed implicitly inside another function
75.Pq Xr SSL_read 3 ,
76the
77.Dv SSL_RECEIVED_SHUTDOWN
78flag is set.
79.Fn SSL_shutdown
80will send the
81.Dq close notify
82alert, set the
83.Dv SSL_SENT_SHUTDOWN
84flag and will immediately return with 1.
85Whether
86.Dv SSL_RECEIVED_SHUTDOWN
87is already set can be checked using the
88.Fn SSL_get_shutdown
89(see also the
90.Xr SSL_set_shutdown 3
91call).
92.Pp
93It is therefore recommended to check the return value of
94.Fn SSL_shutdown
95and call
96.Fn SSL_shutdown
97again, if the bidirectional shutdown is not yet complete (return value of the
98first call is 0).
99As the shutdown is not specially handled in the SSLv2 protocol,
100.Fn SSL_shutdown
101will succeed on the first call.
102.Pp
103The behaviour of
104.Fn SSL_shutdown
105additionally depends on the underlying
106.Vt BIO .
107.Pp
108If the underlying
109.Vt BIO
110is
111.Em blocking ,
112.Fn SSL_shutdown
113will only return once the
114handshake step has been finished or an error occurred.
115.Pp
116If the underlying
117.Vt BIO
118is
119.Em non-blocking ,
120.Fn SSL_shutdown
121will also return when the underlying
122.Vt BIO
123could not satisfy the needs of
124.Fn SSL_shutdown
125to continue the handshake.
126In this case a call to
127.Xr SSL_get_error 3
128with the
129return value of
130.Fn SSL_shutdown
131will yield
132.Dv SSL_ERROR_WANT_READ
133or
134.Dv SSL_ERROR_WANT_WRITE .
135The calling process then must repeat the call after taking appropriate action
136to satisfy the needs of
137.Fn SSL_shutdown .
138The action depends on the underlying
139.Vt BIO .
140When using a non-blocking socket, nothing is to be done, but
141.Xr select 2
142can be used to check for the required condition.
143When using a buffering
144.Vt BIO ,
145like a
146.Vt BIO
147pair, data must be written into or retrieved out of the
148.Vt BIO
149before being able to continue.
150.Pp
151.Fn SSL_shutdown
152can be modified to only set the connection to
153.Dq shutdown
154state but not actually send the
155.Dq close notify
156alert messages; see
157.Xr SSL_CTX_set_quiet_shutdown 3 .
158When
159.Dq quiet shutdown
160is enabled,
161.Fn SSL_shutdown
162will always succeed and return 1.
163.Sh RETURN VALUES
164The following return values can occur:
165.Bl -tag -width Ds
166.It 0
167The shutdown is not yet finished.
168Call
169.Fn SSL_shutdown
170for a second time, if a bidirectional shutdown shall be performed.
171The output of
172.Xr SSL_get_error 3
173may be misleading, as an erroneous
174.Dv SSL_ERROR_SYSCALL
175may be flagged even though no error occurred.
176.It 1
177The shutdown was successfully completed.
178The
179.Dq close notify
180alert was sent and the peer's
181.Dq close notify
182alert was received.
183.It \(mi1
184The shutdown was not successful because a fatal error occurred either
185at the protocol level or a connection failure occurred.
186It can also occur if action is need to continue the operation for non-blocking
187.Vt BIO Ns
188s.
189Call
190.Xr SSL_get_error 3
191with the return value
192.Fa ret
193to find out the reason.
194.El
195.Sh SEE ALSO
196.Xr bio 3 ,
197.Xr ssl 3 ,
198.Xr SSL_accept 3 ,
199.Xr SSL_clear 3 ,
200.Xr SSL_connect 3 ,
201.Xr SSL_CTX_set_quiet_shutdown 3 ,
202.Xr SSL_free 3 ,
203.Xr SSL_get_error 3 ,
204.Xr SSL_set_shutdown 3
diff --git a/src/lib/libssl/doc/SSL_state_string.3 b/src/lib/libssl/doc/SSL_state_string.3
deleted file mode 100644
index e9a042a3ce..0000000000
--- a/src/lib/libssl/doc/SSL_state_string.3
+++ /dev/null
@@ -1,57 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_state_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_STATE_STRING 3
6.Os
7.Sh NAME
8.Nm SSL_state_string ,
9.Nm SSL_state_string_long
10.Nd get textual description of state of an SSL object
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft const char *
14.Fn SSL_state_string "const SSL *ssl"
15.Ft const char *
16.Fn SSL_state_string_long "const SSL *ssl"
17.Sh DESCRIPTION
18.Fn SSL_state_string
19returns a 6 letter string indicating the current state of the
20.Vt SSL
21object
22.Fa ssl .
23.Pp
24.Fn SSL_state_string_long
25returns a string indicating the current state of the
26.Vt SSL
27object
28.Fa ssl .
29.Sh NOTES
30During its use, an
31.Vt SSL
32object passes several states.
33The state is internally maintained.
34Querying the state information is not very informative before or when a
35connection has been established.
36It however can be of significant interest during the handshake.
37.Pp
38When using non-blocking sockets,
39the function call performing the handshake may return with
40.Dv SSL_ERROR_WANT_READ
41or
42.Dv SSL_ERROR_WANT_WRITE
43condition, so that
44.Fn SSL_state_string[_long]
45may be called.
46.Pp
47For both blocking or non-blocking sockets,
48the details state information can be used within the
49.Fn info_callback
50function set with the
51.Xr SSL_set_info_callback 3
52call.
53.Sh RETURN VALUES
54Detailed description of possible states to be included later.
55.Sh SEE ALSO
56.Xr ssl 3 ,
57.Xr SSL_CTX_set_info_callback 3
diff --git a/src/lib/libssl/doc/SSL_want.3 b/src/lib/libssl/doc/SSL_want.3
deleted file mode 100644
index e9513c8793..0000000000
--- a/src/lib/libssl/doc/SSL_want.3
+++ /dev/null
@@ -1,103 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_want.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_WANT 3
6.Os
7.Sh NAME
8.Nm SSL_want ,
9.Nm SSL_want_nothing ,
10.Nm SSL_want_read ,
11.Nm SSL_want_write ,
12.Nm SSL_want_x509_lookup
13.Nd obtain state information TLS/SSL I/O operation
14.Sh SYNOPSIS
15.In openssl/ssl.h
16.Ft int
17.Fn SSL_want "const SSL *ssl"
18.Ft int
19.Fn SSL_want_nothing "const SSL *ssl"
20.Ft int
21.Fn SSL_want_read "const SSL *ssl"
22.Ft int
23.Fn SSL_want_write "const SSL *ssl"
24.Ft int
25.Fn SSL_want_x509_lookup "const SSL *ssl"
26.Sh DESCRIPTION
27.Fn SSL_want
28returns state information for the
29.Vt SSL
30object
31.Fa ssl .
32.Pp
33The other
34.Fn SSL_want_*
35calls are shortcuts for the possible states returned by
36.Fn SSL_want .
37.Sh NOTES
38.Fn SSL_want
39examines the internal state information of the
40.Vt SSL
41object.
42Its return values are similar to those of
43.Xr SSL_get_error 3 .
44Unlike
45.Xr SSL_get_error 3 ,
46which also evaluates the error queue,
47the results are obtained by examining an internal state flag only.
48The information must therefore only be used for normal operation under
49non-blocking I/O.
50Error conditions are not handled and must be treated using
51.Xr SSL_get_error 3 .
52.Pp
53The result returned by
54.Fn SSL_want
55should always be consistent with the result of
56.Xr SSL_get_error 3 .
57.Sh RETURN VALUES
58The following return values can currently occur for
59.Fn SSL_want :
60.Bl -tag -width Ds
61.It .Dv SSL_NOTHING
62There is no data to be written or to be read.
63.It .Dv SSL_WRITING
64There are data in the SSL buffer that must be written to the underlying
65.Vt BIO
66layer in order to complete the actual
67.Fn SSL_*
68operation.
69A call to
70.Xr SSL_get_error 3
71should return
72.Dv SSL_ERROR_WANT_WRITE .
73.It Dv SSL_READING
74More data must be read from the underlying
75.Vt BIO
76layer in order to
77complete the actual
78.Fn SSL_*
79operation.
80A call to
81.Xr SSL_get_error 3
82should return
83.Dv SSL_ERROR_WANT_READ.
84.It Dv SSL_X509_LOOKUP
85The operation did not complete because an application callback set by
86.Xr SSL_CTX_set_client_cert_cb 3
87has asked to be called again.
88A call to
89.Xr SSL_get_error 3
90should return
91.Dv SSL_ERROR_WANT_X509_LOOKUP .
92.El
93.Pp
94.Fn SSL_want_nothing ,
95.Fn SSL_want_read ,
96.Fn SSL_want_write ,
97and
98.Fn SSL_want_x509_lookup
99return 1 when the corresponding condition is true or 0 otherwise.
100.Sh SEE ALSO
101.Xr err 3 ,
102.Xr ssl 3 ,
103.Xr SSL_get_error 3
diff --git a/src/lib/libssl/doc/SSL_write.3 b/src/lib/libssl/doc/SSL_write.3
deleted file mode 100644
index f020b8b59c..0000000000
--- a/src/lib/libssl/doc/SSL_write.3
+++ /dev/null
@@ -1,175 +0,0 @@
1.\"
2.\" $OpenBSD: SSL_write.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL_WRITE 3
6.Os
7.Sh NAME
8.Nm SSL_write
9.Nd write bytes to a TLS/SSL connection
10.Sh SYNOPSIS
11.In openssl/ssl.h
12.Ft int
13.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
14.Sh DESCRIPTION
15.Fn SSL_write
16writes
17.Fa num
18bytes from the buffer
19.Fa buf
20into the specified
21.Fa ssl
22connection.
23.Sh NOTES
24If necessary,
25.Fn SSL_write
26will negotiate a TLS/SSL session, if not already explicitly performed by
27.Xr SSL_connect 3
28or
29.Xr SSL_accept 3 .
30If the peer requests a re-negotiation,
31it will be performed transparently during the
32.Fn SSL_write
33operation.
34The behaviour of
35.Fn SSL_write
36depends on the underlying
37.Vt BIO .
38.Pp
39For the transparent negotiation to succeed, the
40.Fa ssl
41must have been initialized to client or server mode.
42This is being done by calling
43.Xr SSL_set_connect_state 3
44or
45.Xr SSL_set_accept_state 3
46before the first call to an
47.Xr SSL_read 3
48or
49.Fn SSL_write
50function.
51.Pp
52If the underlying
53.Vt BIO
54is
55.Em blocking ,
56.Fn SSL_write
57will only return once the write operation has been finished or an error
58occurred, except when a renegotiation take place, in which case a
59.Dv SSL_ERROR_WANT_READ
60may occur.
61This behaviour can be controlled with the
62.Dv SSL_MODE_AUTO_RETRY
63flag of the
64.Xr SSL_CTX_set_mode 3
65call.
66.Pp
67If the underlying
68.Vt BIO
69is
70.Em non-blocking ,
71.Fn SSL_write
72will also return when the underlying
73.Vt BIO
74could not satisfy the needs of
75.Fn SSL_write
76to continue the operation.
77In this case a call to
78.Xr SSL_get_error 3
79with the return value of
80.Fn SSL_write
81will yield
82.Dv SSL_ERROR_WANT_READ
83or
84.Dv SSL_ERROR_WANT_WRITE .
85As at any time a re-negotiation is possible, a call to
86.Fn SSL_write
87can also cause read operations!
88The calling process then must repeat the call after taking appropriate action
89to satisfy the needs of
90.Fn SSL_write .
91The action depends on the underlying
92.Vt BIO .
93When using a non-blocking socket, nothing is to be done, but
94.Xr select 2
95can be used to check for the required condition.
96When using a buffering
97.Vt BIO ,
98like a
99.Vt BIO
100pair, data must be written into or retrieved out of the BIO before being able
101to continue.
102.Pp
103.Fn SSL_write
104will only return with success, when the complete contents of
105.Fa buf
106of length
107.Fa num
108have been written.
109This default behaviour can be changed with the
110.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
111option of
112.Xr SSL_CTX_set_mode 3 .
113When this flag is set,
114.Fn SSL_write
115will also return with success when a partial write has been successfully
116completed.
117In this case the
118.Fn SSL_write
119operation is considered completed.
120The bytes are sent and a new
121.Fn SSL_write
122operation with a new buffer (with the already sent bytes removed) must be
123started.
124A partial write is performed with the size of a message block, which is 16kB
125for SSLv3/TLSv1.
126.Sh WARNING
127When an
128.Fn SSL_write
129operation has to be repeated because of
130.Dv SSL_ERROR_WANT_READ
131or
132.Dv SSL_ERROR_WANT_WRITE ,
133it must be repeated with the same arguments.
134.Pp
135When calling
136.Fn SSL_write
137with
138.Fa num Ns
139=0 bytes to be sent the behaviour is undefined.
140.Sh RETURN VALUES
141The following return values can occur:
142.Bl -tag -width Ds
143.It >0
144The write operation was successful.
145The return value is the number of bytes actually written to the TLS/SSL
146connection.
147.It 0
148The write operation was not successful.
149Probably the underlying connection was closed.
150Call
151.Xr SSL_get_error 3
152with the return value to find out whether an error occurred or the connection
153was shut down cleanly
154.Pq Dv SSL_ERROR_ZERO_RETURN .
155.Pp
156SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only
157be detected whether the underlying connection was closed.
158It cannot be checked why the closure happened.
159.It <0
160The write operation was not successful, because either an error occurred or
161action must be taken by the calling process.
162Call
163.Xr SSL_get_error 3
164with the return value to find out the reason.
165.El
166.Sh SEE ALSO
167.Xr bio 3 ,
168.Xr ssl 3 ,
169.Xr SSL_accept 3 ,
170.Xr SSL_connect 3 ,
171.Xr SSL_CTX_new 3 ,
172.Xr SSL_CTX_set_mode 3 ,
173.Xr SSL_get_error 3 ,
174.Xr SSL_read 3 ,
175.Xr SSL_set_connect_state 3
diff --git a/src/lib/libssl/doc/d2i_SSL_SESSION.3 b/src/lib/libssl/doc/d2i_SSL_SESSION.3
deleted file mode 100644
index ef8a36de79..0000000000
--- a/src/lib/libssl/doc/d2i_SSL_SESSION.3
+++ /dev/null
@@ -1,129 +0,0 @@
1.\"
2.\" $OpenBSD: d2i_SSL_SESSION.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt D2I_SSL_SESSION 3
6.Os
7.Sh NAME
8.Nm d2i_SSL_SESSION ,
9.Nm i2d_SSL_SESSION
10.Nd convert SSL_SESSION object from/to ASN1 representation
11.Sh SYNOPSIS
12.In openssl/ssl.h
13.Ft SSL_SESSION *
14.Fn d2i_SSL_SESSION "SSL_SESSION **a" "const unsigned char **pp" "long length"
15.Ft int
16.Fn i2d_SSL_SESSION "SSL_SESSION *in" "unsigned char **pp"
17.Sh DESCRIPTION
18.Fn d2i_SSL_SESSION
19transforms the external ASN1 representation of an SSL/TLS session,
20stored as binary data at location
21.Fa pp
22with length
23.Fa length ,
24into
25an
26.Vt SSL_SESSION
27object.
28.Pp
29.Fn i2d_SSL_SESSION
30transforms the
31.Vt SSL_SESSION
32object
33.Fa in
34into the ASN1 representation and stores it into the memory location pointed to
35by
36.Fa pp .
37The length of the resulting ASN1 representation is returned.
38If
39.Fa pp
40is the
41.Dv NULL
42pointer, only the length is calculated and returned.
43.Sh NOTES
44The
45.Vt SSL_SESSION
46object is built from several
47.Xr malloc 3 Ns
48-ed parts; it can therefore not be moved, copied or stored directly.
49In order to store session data on disk or into a database,
50it must be transformed into a binary ASN1 representation.
51.Pp
52When using
53.Fn d2i_SSL_SESSION ,
54the
55.Vt SSL_SESSION
56object is automatically allocated.
57The reference count is 1, so that the session must be explicitly removed using
58.Xr SSL_SESSION_free 3 ,
59unless the
60.Vt SSL_SESSION
61object is completely taken over, when being called inside the
62.Xr get_session_cb 3
63(see
64.Xr SSL_CTX_sess_set_get_cb 3 ) .
65.Pp
66.Vt SSL_SESSION
67objects keep internal link information about the session cache list when being
68inserted into one
69.Vt SSL_CTX
70object's session cache.
71One
72.Vt SSL_SESSION
73object, regardless of its reference count, must therefore only be used with one
74.Vt SSL_CTX
75object (and the
76.Vt SSL
77objects created from this
78.Vt SSL_CTX
79object).
80.Pp
81When using
82.Fn i2d_SSL_SESSION ,
83the memory location pointed to by
84.Fa pp
85must be large enough to hold the binary representation of the session.
86There is no known limit on the size of the created ASN1 representation,
87so the necessary amount of space should be obtained by first calling
88.Fn i2d_SSL_SESSION
89with
90.Fa pp Ns
91= Ns
92.Dv NULL ,
93and obtain the size needed, then allocate the memory and call
94.Fn i2d_SSL_SESSION
95again.
96Note that this will advance the value contained in
97.Fa *pp
98so it is necessary to save a copy of the original allocation.
99For example:
100.Bd -literal
101int i, j;
102
103char *p, *temp;
104
105 i = i2d_SSL_SESSION(sess, NULL);
106 p = temp = malloc(i);
107 if (temp != NULL) {
108 j = i2d_SSL_SESSION(sess, &temp);
109 assert(i == j);
110 assert(p + i == temp);
111 }
112.Ed
113.Sh RETURN VALUES
114.Fn d2i_SSL_SESSION
115returns a pointer to the newly allocated
116.Vt SSL_SESSION
117object.
118In case of failure a
119.Dv NULL
120pointer is returned and the error message can be retrieved from the error
121stack.
122.Pp
123.Fn i2d_SSL_SESSION
124returns the size of the ASN1 representation in bytes.
125When the session is not valid, 0 is returned and no operation is performed.
126.Sh SEE ALSO
127.Xr ssl 3 ,
128.Xr SSL_CTX_sess_set_get_cb 3 ,
129.Xr SSL_SESSION_free 3
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index ed4bde52e8..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,348 +0,0 @@
1#
2# OpenSSL example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6# This definition stops the following lines choking if HOME isn't
7# defined.
8HOME = .
9
10# Extra OBJECT IDENTIFIER info:
11#oid_file = $ENV::HOME/.oid
12oid_section = new_oids
13
14# To use this configuration file with the "-extfile" option of the
15# "openssl x509" utility, name here the section containing the
16# X.509v3 extensions to use:
17# extensions =
18# (Alternatively, use a configuration file that has only
19# X.509v3 extensions in its main [= default] section.)
20
21[ new_oids ]
22
23# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
24# Add a simple OID like this:
25# testoid1=1.2.3.4
26# Or use config file substitution like this:
27# testoid2=${testoid1}.5.6
28
29# Policies used by the TSA examples.
30tsa_policy1 = 1.2.3.4.1
31tsa_policy2 = 1.2.3.4.5.6
32tsa_policy3 = 1.2.3.4.5.7
33
34####################################################################
35[ ca ]
36default_ca = CA_default # The default ca section
37
38####################################################################
39[ CA_default ]
40
41dir = ./demoCA # Where everything is kept
42certs = $dir/certs # Where the issued certs are kept
43crl_dir = $dir/crl # Where the issued crl are kept
44database = $dir/index.txt # database index file.
45#unique_subject = no # Set to 'no' to allow creation of
46 # several ctificates with same subject.
47new_certs_dir = $dir/newcerts # default place for new certs.
48
49certificate = $dir/cacert.pem # The CA certificate
50serial = $dir/serial # The current serial number
51crlnumber = $dir/crlnumber # the current crl number
52 # must be commented out to leave a V1 CRL
53crl = $dir/crl.pem # The current CRL
54private_key = $dir/private/cakey.pem# The private key
55
56x509_extensions = usr_cert # The extentions to add to the cert
57
58# Comment out the following two lines for the "traditional"
59# (and highly broken) format.
60name_opt = ca_default # Subject Name options
61cert_opt = ca_default # Certificate field options
62
63# Extension copying option: use with caution.
64# copy_extensions = copy
65
66# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
67# so this is commented out by default to leave a V1 CRL.
68# crlnumber must also be commented out to leave a V1 CRL.
69# crl_extensions = crl_ext
70
71default_days = 365 # how long to certify for
72default_crl_days= 30 # how long before next CRL
73default_md = default # use public key default MD
74preserve = no # keep passed DN ordering
75
76# A few difference way of specifying how similar the request should look
77# For type CA, the listed attributes must be the same, and the optional
78# and supplied fields are just that :-)
79policy = policy_match
80
81# For the CA policy
82[ policy_match ]
83countryName = match
84stateOrProvinceName = match
85organizationName = match
86organizationalUnitName = optional
87commonName = supplied
88emailAddress = optional
89
90# For the 'anything' policy
91# At this point in time, you must list all acceptable 'object'
92# types.
93[ policy_anything ]
94countryName = optional
95stateOrProvinceName = optional
96localityName = optional
97organizationName = optional
98organizationalUnitName = optional
99commonName = supplied
100emailAddress = optional
101
102####################################################################
103[ req ]
104default_bits = 1024
105default_keyfile = privkey.pem
106distinguished_name = req_distinguished_name
107attributes = req_attributes
108x509_extensions = v3_ca # The extentions to add to the self signed cert
109
110# Passwords for private keys if not present they will be prompted for
111# input_password = secret
112# output_password = secret
113
114# This sets a mask for permitted string types. There are several options.
115# default: PrintableString, T61String, BMPString.
116# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
117# utf8only: only UTF8Strings (PKIX recommendation after 2004).
118# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
119# MASK:XXXX a literal mask value.
120# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
121string_mask = utf8only
122
123# req_extensions = v3_req # The extensions to add to a certificate request
124
125[ req_distinguished_name ]
126countryName = Country Name (2 letter code)
127countryName_default = AU
128countryName_min = 2
129countryName_max = 2
130
131stateOrProvinceName = State or Province Name (full name)
132stateOrProvinceName_default = Some-State
133
134localityName = Locality Name (eg, city)
135
1360.organizationName = Organization Name (eg, company)
1370.organizationName_default = Internet Widgits Pty Ltd
138
139# we can do this but it is not needed normally :-)
140#1.organizationName = Second Organization Name (eg, company)
141#1.organizationName_default = World Wide Web Pty Ltd
142
143organizationalUnitName = Organizational Unit Name (eg, section)
144#organizationalUnitName_default =
145
146commonName = Common Name (e.g. server FQDN or YOUR name)
147commonName_max = 64
148
149emailAddress = Email Address
150emailAddress_max = 64
151
152# SET-ex3 = SET extension number 3
153
154[ req_attributes ]
155challengePassword = A challenge password
156challengePassword_min = 4
157challengePassword_max = 20
158
159unstructuredName = An optional company name
160
161[ usr_cert ]
162
163# These extensions are added when 'ca' signs a request.
164
165# This goes against PKIX guidelines but some CAs do it and some software
166# requires this to avoid interpreting an end user certificate as a CA.
167
168basicConstraints=CA:FALSE
169
170# Here are some examples of the usage of nsCertType. If it is omitted
171# the certificate can be used for anything *except* object signing.
172
173# This is OK for an SSL server.
174# nsCertType = server
175
176# For an object signing certificate this would be used.
177# nsCertType = objsign
178
179# For normal client use this is typical
180# nsCertType = client, email
181
182# and for everything including object signing:
183# nsCertType = client, email, objsign
184
185# This is typical in keyUsage for a client certificate.
186# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
187
188# This will be displayed in Netscape's comment listbox.
189nsComment = "OpenSSL Generated Certificate"
190
191# PKIX recommendations harmless if included in all certificates.
192subjectKeyIdentifier=hash
193authorityKeyIdentifier=keyid,issuer
194
195# This stuff is for subjectAltName and issuerAltname.
196# Import the email address.
197# subjectAltName=email:copy
198# An alternative to produce certificates that aren't
199# deprecated according to PKIX.
200# subjectAltName=email:move
201
202# Copy subject details
203# issuerAltName=issuer:copy
204
205#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
206#nsBaseUrl
207#nsRevocationUrl
208#nsRenewalUrl
209#nsCaPolicyUrl
210#nsSslServerName
211
212# This is required for TSA certificates.
213# extendedKeyUsage = critical,timeStamping
214
215[ v3_req ]
216
217# Extensions to add to a certificate request
218
219basicConstraints = CA:FALSE
220keyUsage = nonRepudiation, digitalSignature, keyEncipherment
221
222[ v3_ca ]
223
224
225# Extensions for a typical CA
226
227
228# PKIX recommendation.
229
230subjectKeyIdentifier=hash
231
232authorityKeyIdentifier=keyid:always,issuer
233
234# This is what PKIX recommends but some broken software chokes on critical
235# extensions.
236#basicConstraints = critical,CA:true
237# So we do this instead.
238basicConstraints = CA:true
239
240# Key usage: this is typical for a CA certificate. However since it will
241# prevent it being used as an test self-signed certificate it is best
242# left out by default.
243# keyUsage = cRLSign, keyCertSign
244
245# Some might want this also
246# nsCertType = sslCA, emailCA
247
248# Include email address in subject alt name: another PKIX recommendation
249# subjectAltName=email:copy
250# Copy issuer details
251# issuerAltName=issuer:copy
252
253# DER hex encoding of an extension: beware experts only!
254# obj=DER:02:03
255# Where 'obj' is a standard or added object
256# You can even override a supported extension:
257# basicConstraints= critical, DER:30:03:01:01:FF
258
259[ crl_ext ]
260
261# CRL extensions.
262# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
263
264# issuerAltName=issuer:copy
265authorityKeyIdentifier=keyid:always
266
267[ proxy_cert_ext ]
268# These extensions should be added when creating a proxy certificate
269
270# This goes against PKIX guidelines but some CAs do it and some software
271# requires this to avoid interpreting an end user certificate as a CA.
272
273basicConstraints=CA:FALSE
274
275# Here are some examples of the usage of nsCertType. If it is omitted
276# the certificate can be used for anything *except* object signing.
277
278# This is OK for an SSL server.
279# nsCertType = server
280
281# For an object signing certificate this would be used.
282# nsCertType = objsign
283
284# For normal client use this is typical
285# nsCertType = client, email
286
287# and for everything including object signing:
288# nsCertType = client, email, objsign
289
290# This is typical in keyUsage for a client certificate.
291# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
292
293# This will be displayed in Netscape's comment listbox.
294nsComment = "OpenSSL Generated Certificate"
295
296# PKIX recommendations harmless if included in all certificates.
297subjectKeyIdentifier=hash
298authorityKeyIdentifier=keyid,issuer
299
300# This stuff is for subjectAltName and issuerAltname.
301# Import the email address.
302# subjectAltName=email:copy
303# An alternative to produce certificates that aren't
304# deprecated according to PKIX.
305# subjectAltName=email:move
306
307# Copy subject details
308# issuerAltName=issuer:copy
309
310#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
311#nsBaseUrl
312#nsRevocationUrl
313#nsRenewalUrl
314#nsCaPolicyUrl
315#nsSslServerName
316
317# This really needs to be in place for it to be a proxy certificate.
318proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
319
320####################################################################
321[ tsa ]
322
323default_tsa = tsa_config1 # the default TSA section
324
325[ tsa_config1 ]
326
327# These are used by the TSA reply generation only.
328dir = ./demoCA # TSA root directory
329serial = $dir/tsaserial # The current serial number (mandatory)
330crypto_device = builtin # OpenSSL engine to use for signing
331signer_cert = $dir/tsacert.pem # The TSA signing certificate
332 # (optional)
333certs = $dir/cacert.pem # Certificate chain to include in reply
334 # (optional)
335signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
336
337default_policy = tsa_policy1 # Policy if request did not specify it
338 # (optional)
339other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
340digests = md5, sha1 # Acceptable message digests (mandatory)
341accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
342clock_precision_digits = 0 # number of digits after dot. (optional)
343ordering = yes # Is ordering defined for timestamps?
344 # (optional, default: no)
345tsa_name = yes # Must the TSA name be included in the reply?
346 # (optional, default: no)
347ess_cert_id_chain = no # Must the ESS cert id chain be included?
348 # (optional, default: no)
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index f8817b0a71..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
1
2This is some preliminary documentation for OpenSSL.
3
4Contents:
5
6 OpenSSL X509V3 extension configuration
7 X509V3 Extension code: programmers guide
8 PKCS#12 Library
9
10
11==============================================================================
12 OpenSSL X509V3 extension configuration
13==============================================================================
14
15OpenSSL X509V3 extension configuration: preliminary documentation.
16
17INTRODUCTION.
18
19For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
20possible to add and print out common X509 V3 certificate and CRL extensions.
21
22BEGINNERS NOTE
23
24For most simple applications you don't need to know too much about extensions:
25the default openssl.cnf values will usually do sensible things.
26
27If you want to know more you can initially quickly look through the sections
28describing how the standard OpenSSL utilities display and add extensions and
29then the list of supported extensions.
30
31For more technical information about the meaning of extensions see:
32
33http://www.imc.org/ietf-pkix/
34http://home.netscape.com/eng/security/certs.html
35
36PRINTING EXTENSIONS.
37
38Extension values are automatically printed out for supported extensions.
39
40openssl x509 -in cert.pem -text
41openssl crl -in crl.pem -text
42
43will give information in the extension printout, for example:
44
45 X509v3 extensions:
46 X509v3 Basic Constraints:
47 CA:TRUE
48 X509v3 Subject Key Identifier:
49 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
50 X509v3 Authority Key Identifier:
51 keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
52 X509v3 Key Usage:
53 Certificate Sign, CRL Sign
54 X509v3 Subject Alternative Name:
55 email:email@1.address, email:email@2.address
56
57CONFIGURATION FILES.
58
59The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
60which certificate extensions to include. In each case a line:
61
62x509_extensions = extension_section
63
64indicates which section contains the extensions. In the case of 'req' the
65extension section is used when the -x509 option is present to create a
66self signed root certificate.
67
68The 'x509' utility also supports extensions when it signs a certificate.
69The -extfile option is used to set the configuration file containing the
70extensions. In this case a line with:
71
72extensions = extension_section
73
74in the nameless (default) section is used. If no such line is included then
75it uses the default section.
76
77You can also add extensions to CRLs: a line
78
79crl_extensions = crl_extension_section
80
81will include extensions when the -gencrl option is used with the 'ca' utility.
82You can add any extension to a CRL but of the supported extensions only
83issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
84CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
85CRL entry extensions can be displayed.
86
87NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
88you should not include a crl_extensions line in the configuration file.
89
90As with all configuration files you can use the inbuilt environment expansion
91to allow the values to be passed in the environment. Therefore if you have
92several extension sections used for different purposes you can have a line:
93
94x509_extensions = $ENV::ENV_EXT
95
96and set the ENV_EXT environment variable before calling the relevant utility.
97
98EXTENSION SYNTAX.
99
100Extensions have the basic form:
101
102extension_name=[critical,] extension_options
103
104the use of the critical option makes the extension critical. Extreme caution
105should be made when using the critical flag. If an extension is marked
106as critical then any client that does not understand the extension should
107reject it as invalid. Some broken software will reject certificates which
108have *any* critical extensions (these violates PKIX but we have to live
109with it).
110
111There are three main types of extension: string extensions, multi-valued
112extensions, and raw extensions.
113
114String extensions simply have a string which contains either the value itself
115or how it is obtained.
116
117For example:
118
119nsComment="This is a Comment"
120
121Multi-valued extensions have a short form and a long form. The short form
122is a list of names and values:
123
124basicConstraints=critical,CA:true,pathlen:1
125
126The long form allows the values to be placed in a separate section:
127
128basicConstraints=critical,@bs_section
129
130[bs_section]
131
132CA=true
133pathlen=1
134
135Both forms are equivalent. However it should be noted that in some cases the
136same name can appear multiple times, for example,
137
138subjectAltName=email:steve@here,email:steve@there
139
140in this case an equivalent long form is:
141
142subjectAltName=@alt_section
143
144[alt_section]
145
146email.1=steve@here
147email.2=steve@there
148
149This is because the configuration file code cannot handle the same name
150occurring twice in the same section.
151
152The syntax of raw extensions is governed by the extension code: it can
153for example contain data in multiple sections. The correct syntax to
154use is defined by the extension code itself: check out the certificate
155policies extension for an example.
156
157There are two ways to encode arbitrary extensions.
158
159The first way is to use the word ASN1 followed by the extension content
160using the same syntax as ASN1_generate_nconf(). For example:
161
1621.2.3.4=critical,ASN1:UTF8String:Some random data
163
1641.2.3.4=ASN1:SEQUENCE:seq_sect
165
166[seq_sect]
167
168field1 = UTF8:field1
169field2 = UTF8:field2
170
171It is also possible to use the word DER to include arbitrary data in any
172extension.
173
1741.2.3.4=critical,DER:01:02:03:04
1751.2.3.4=DER:01020304
176
177The value following DER is a hex dump of the DER encoding of the extension
178Any extension can be placed in this form to override the default behaviour.
179For example:
180
181basicConstraints=critical,DER:00:01:02:03
182
183WARNING: DER should be used with caution. It is possible to create totally
184invalid extensions unless care is taken.
185
186CURRENTLY SUPPORTED EXTENSIONS.
187
188If you aren't sure about extensions then they can be largely ignored: its only
189when you want to do things like restrict certificate usage when you need to
190worry about them.
191
192The only extension that a beginner might want to look at is Basic Constraints.
193If in addition you want to try Netscape object signing the you should also
194look at Netscape Certificate Type.
195
196Literal String extensions.
197
198In each case the 'value' of the extension is placed directly in the
199extension. Currently supported extensions in this category are: nsBaseUrl,
200nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
201nsSslServerName and nsComment.
202
203For example:
204
205nsComment="This is a test comment"
206
207Bit Strings.
208
209Bit string extensions just consist of a list of supported bits, currently
210two extensions are in this category: PKIX keyUsage and the Netscape specific
211nsCertType.
212
213nsCertType (netscape certificate type) takes the flags: client, server, email,
214objsign, reserved, sslCA, emailCA, objCA.
215
216keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
217keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
218encipherOnly, decipherOnly.
219
220For example:
221
222nsCertType=server
223
224keyUsage=digitalSignature, nonRepudiation
225
226Hints on Netscape Certificate Type.
227
228Other than Basic Constraints this is the only extension a beginner might
229want to use, if you want to try Netscape object signing, otherwise it can
230be ignored.
231
232If you want a certificate that can be used just for object signing then:
233
234nsCertType=objsign
235
236will do the job. If you want to use it as a normal end user and server
237certificate as well then
238
239nsCertType=objsign,email,server
240
241is more appropriate. You cannot use a self signed certificate for object
242signing (well Netscape signtool can but it cheats!) so you need to create
243a CA certificate and sign an end user certificate with it.
244
245Side note: If you want to conform to the Netscape specifications then you
246should really also set:
247
248nsCertType=objCA
249
250in the *CA* certificate for just an object signing CA and
251
252nsCertType=objCA,emailCA,sslCA
253
254for everything. Current Netscape software doesn't enforce this so it can
255be omitted.
256
257Basic Constraints.
258
259This is generally the only extension you need to worry about for simple
260applications. If you want your certificate to be usable as a CA certificate
261(in addition to an end user certificate) then you set this to:
262
263basicConstraints=CA:TRUE
264
265if you want to be certain the certificate cannot be used as a CA then do:
266
267basicConstraints=CA:FALSE
268
269The rest of this section describes more advanced usage.
270
271Basic constraints is a multi-valued extension that supports a CA and an
272optional pathlen option. The CA option takes the values true and false and
273pathlen takes an integer. Note if the CA option is false the pathlen option
274should be omitted.
275
276The pathlen parameter indicates the maximum number of CAs that can appear
277below this one in a chain. So if you have a CA with a pathlen of zero it can
278only be used to sign end user certificates and not further CAs. This all
279assumes that the software correctly interprets this extension of course.
280
281Examples:
282
283basicConstraints=CA:TRUE
284basicConstraints=critical,CA:TRUE, pathlen:0
285
286NOTE: for a CA to be considered valid it must have the CA option set to
287TRUE. An end user certificate MUST NOT have the CA value set to true.
288According to PKIX recommendations it should exclude the extension entirely,
289however some software may require CA set to FALSE for end entity certificates.
290
291Extended Key Usage.
292
293This extensions consists of a list of usages.
294
295These can either be object short names of the dotted numerical form of OIDs.
296While any OID can be used only certain values make sense. In particular the
297following PKIX, NS and MS values are meaningful:
298
299Value Meaning
300----- -------
301serverAuth SSL/TLS Web Server Authentication.
302clientAuth SSL/TLS Web Client Authentication.
303codeSigning Code signing.
304emailProtection E-mail Protection (S/MIME).
305timeStamping Trusted Timestamping
306msCodeInd Microsoft Individual Code Signing (authenticode)
307msCodeCom Microsoft Commercial Code Signing (authenticode)
308msCTLSign Microsoft Trust List Signing
309msSGC Microsoft Server Gated Crypto
310msEFS Microsoft Encrypted File System
311nsSGC Netscape Server Gated Crypto
312
313For example, under IE5 a CA can be used for any purpose: by including a list
314of the above usages the CA can be restricted to only authorised uses.
315
316Note: software packages may place additional interpretations on certificate
317use, in particular some usages may only work for selected CAs. Don't for example
318expect just including msSGC or nsSGC will automatically mean that a certificate
319can be used for SGC ("step up" encryption) otherwise anyone could use it.
320
321Examples:
322
323extendedKeyUsage=critical,codeSigning,1.2.3.4
324extendedKeyUsage=nsSGC,msSGC
325
326Subject Key Identifier.
327
328This is really a string extension and can take two possible values. Either
329a hex string giving details of the extension value to include or the word
330'hash' which then automatically follow PKIX guidelines in selecting and
331appropriate key identifier. The use of the hex string is strongly discouraged.
332
333Example: subjectKeyIdentifier=hash
334
335Authority Key Identifier.
336
337The authority key identifier extension permits two options. keyid and issuer:
338both can take the optional value "always".
339
340If the keyid option is present an attempt is made to copy the subject key
341identifier from the parent certificate. If the value "always" is present
342then an error is returned if the option fails.
343
344The issuer option copies the issuer and serial number from the issuer
345certificate. Normally this will only be done if the keyid option fails or
346is not included: the "always" flag will always include the value.
347
348Subject Alternative Name.
349
350The subject alternative name extension allows various literal values to be
351included in the configuration file. These include "email" (an email address)
352"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
353registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
354
355Also the email option include a special 'copy' value. This will automatically
356include and email addresses contained in the certificate subject name in
357the extension.
358
359otherName can include arbitrary data associated with an OID: the value
360should be the OID followed by a semicolon and the content in standard
361ASN1_generate_nconf() format.
362
363Examples:
364
365subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
366subjectAltName=email:my@other.address,RID:1.2.3.4
367subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
368
369Issuer Alternative Name.
370
371The issuer alternative name option supports all the literal options of
372subject alternative name. It does *not* support the email:copy option because
373that would not make sense. It does support an additional issuer:copy option
374that will copy all the subject alternative name values from the issuer
375certificate (if possible).
376
377Example:
378
379issuserAltName = issuer:copy
380
381Authority Info Access.
382
383The authority information access extension gives details about how to access
384certain information relating to the CA. Its syntax is accessOID;location
385where 'location' has the same syntax as subject alternative name (except
386that email:copy is not supported). accessOID can be any valid OID but only
387certain values are meaningful for example OCSP and caIssuers. OCSP gives the
388location of an OCSP responder: this is used by Netscape PSM and other software.
389
390Example:
391
392authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
393authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
394
395CRL distribution points.
396
397This is a multi-valued extension that supports all the literal options of
398subject alternative name. Of the few software packages that currently interpret
399this extension most only interpret the URI option.
400
401Currently each option will set a new DistributionPoint with the fullName
402field set to the given value.
403
404Other fields like cRLissuer and reasons cannot currently be set or displayed:
405at this time no examples were available that used these fields.
406
407If you see this extension with <UNSUPPORTED> when you attempt to print it out
408or it doesn't appear to display correctly then let me know, including the
409certificate (mail me at steve@openssl.org) .
410
411Examples:
412
413crlDistributionPoints=URI:http://www.myhost.com/myca.crl
414crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
415
416Certificate Policies.
417
418This is a RAW extension. It attempts to display the contents of this extension:
419unfortunately this extension is often improperly encoded.
420
421The certificate policies extension will rarely be used in practice: few
422software packages interpret it correctly or at all. IE5 does partially
423support this extension: but it needs the 'ia5org' option because it will
424only correctly support a broken encoding. Of the options below only the
425policy OID, explicitText and CPS options are displayed with IE5.
426
427All the fields of this extension can be set by using the appropriate syntax.
428
429If you follow the PKIX recommendations of not including any qualifiers and just
430using only one OID then you just include the value of that OID. Multiple OIDs
431can be set separated by commas, for example:
432
433certificatePolicies= 1.2.4.5, 1.1.3.4
434
435If you wish to include qualifiers then the policy OID and qualifiers need to
436be specified in a separate section: this is done by using the @section syntax
437instead of a literal OID value.
438
439The section referred to must include the policy OID using the name
440policyIdentifier, cPSuri qualifiers can be included using the syntax:
441
442CPS.nnn=value
443
444userNotice qualifiers can be set using the syntax:
445
446userNotice.nnn=@notice
447
448The value of the userNotice qualifier is specified in the relevant section.
449This section can include explicitText, organization and noticeNumbers
450options. explicitText and organization are text strings, noticeNumbers is a
451comma separated list of numbers. The organization and noticeNumbers options
452(if included) must BOTH be present. If you use the userNotice option with IE5
453then you need the 'ia5org' option at the top level to modify the encoding:
454otherwise it will not be interpreted properly.
455
456Example:
457
458certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
459
460[polsect]
461
462policyIdentifier = 1.3.5.8
463CPS.1="http://my.host.name/"
464CPS.2="http://my.your.name/"
465userNotice.1=@notice
466
467[notice]
468
469explicitText="Explicit Text Here"
470organization="Organisation Name"
471noticeNumbers=1,2,3,4
472
473TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
474according to PKIX it should be of type DisplayText but Verisign uses an
475IA5STRING and IE5 needs this too.
476
477Display only extensions.
478
479Some extensions are only partially supported and currently are only displayed
480but cannot be set. These include private key usage period, CRL number, and
481CRL reason.
482
483==============================================================================
484 X509V3 Extension code: programmers guide
485==============================================================================
486
487The purpose of the extension code is twofold. It allows an extension to be
488created from a string or structure describing its contents and it prints out an
489extension in a human or machine readable form.
490
4911. Initialisation and cleanup.
492
493No special initialisation is needed before calling the extension functions.
494You used to have to call X509V3_add_standard_extensions(); but this is no longer
495required and this function no longer does anything.
496
497void X509V3_EXT_cleanup(void);
498
499This function should be called to cleanup the extension code if any custom
500extensions have been added. If no custom extensions have been added then this
501call does nothing. After this call all custom extension code is freed up but
502you can still use the standard extensions.
503
5042. Printing and parsing extensions.
505
506The simplest way to print out extensions is via the standard X509 printing
507routines: if you use the standard X509_print() function, the supported
508extensions will be printed out automatically.
509
510The following functions allow finer control over extension display:
511
512int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
513int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
514
515These two functions print out an individual extension to a BIO or FILE pointer.
516Currently the flag argument is unused and should be set to 0. The 'indent'
517argument is the number of spaces to indent each line.
518
519void *X509V3_EXT_d2i(X509_EXTENSION *ext);
520
521This function parses an extension and returns its internal structure. The
522precise structure you get back depends on the extension being parsed. If the
523extension if basicConstraints you will get back a pointer to a
524BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
525details about the structures returned. The returned structure should be freed
526after use using the relevant free function, BASIC_CONSTRAINTS_free() for
527example.
528
529void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
530void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
531void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
532void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
533
534These functions combine the operations of searching for extensions and
535parsing them. They search a certificate, a CRL a CRL entry or a stack
536of extensions respectively for extension whose NID is 'nid' and return
537the parsed result of NULL if an error occurred. For example:
538
539BASIC_CONSTRAINTS *bs;
540bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
541
542This will search for the basicConstraints extension and either return
543it value or NULL. NULL can mean either the extension was not found, it
544occurred more than once or it could not be parsed.
545
546If 'idx' is NULL then an extension is only parsed if it occurs precisely
547once. This is standard behaviour because extensions normally cannot occur
548more than once. If however more than one extension of the same type can
549occur it can be used to parse successive extensions for example:
550
551int i;
552void *ext;
553
554i = -1;
555for(;;) {
556 ext = X509_get_ext_d2i(x, nid, crit, &idx);
557 if(ext == NULL) break;
558 /* Do something with ext */
559}
560
561If 'crit' is not NULL and the extension was found then the int it points to
562is set to 1 for critical extensions and 0 for non critical. Therefore if the
563function returns NULL but 'crit' is set to 0 or 1 then the extension was
564found but it could not be parsed.
565
566The int pointed to by crit will be set to -1 if the extension was not found
567and -2 if the extension occurred more than once (this will only happen if
568idx is NULL). In both cases the function will return NULL.
569
5703. Generating extensions.
571
572An extension will typically be generated from a configuration file, or some
573other kind of configuration database.
574
575int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
576 X509 *cert);
577int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
578 X509_CRL *crl);
579
580These functions add all the extensions in the given section to the given
581certificate or CRL. They will normally be called just before the certificate
582or CRL is due to be signed. Both return 0 on error on non zero for success.
583
584In each case 'conf' is the LHASH pointer of the configuration file to use
585and 'section' is the section containing the extension details.
586
587See the 'context functions' section for a description of the ctx parameter.
588
589
590X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
591 char *value);
592
593This function returns an extension based on a name and value pair, if the
594pair will not need to access other sections in a config file (or there is no
595config file) then the 'conf' parameter can be set to NULL.
596
597X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
598 char *value);
599
600This function creates an extension in the same way as X509V3_EXT_conf() but
601takes the NID of the extension rather than its name.
602
603For example to produce basicConstraints with the CA flag and a path length of
60410:
605
606x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
607
608
609X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
610
611This function sets up an extension from its internal structure. The ext_nid
612parameter is the NID of the extension and 'crit' is the critical flag.
613
6144. Context functions.
615
616The following functions set and manipulate an extension context structure.
617The purpose of the extension context is to allow the extension code to
618access various structures relating to the "environment" of the certificate:
619for example the issuers certificate or the certificate request.
620
621void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
622 X509_REQ *req, X509_CRL *crl, int flags);
623
624This function sets up an X509V3_CTX structure with details of the certificate
625environment: specifically the issuers certificate, the subject certificate,
626the certificate request and the CRL: if these are not relevant or not
627available then they can be set to NULL. The 'flags' parameter should be set
628to zero.
629
630X509V3_set_ctx_test(ctx)
631
632This macro is used to set the 'ctx' structure to a 'test' value: this is to
633allow the syntax of an extension (or configuration file) to be tested.
634
635X509V3_set_ctx_nodb(ctx)
636
637This macro is used when no configuration database is present.
638
639void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
640
641This function is used to set the configuration database when it is an LHASH
642structure: typically a configuration file.
643
644The following functions are used to access a configuration database: they
645should only be used in RAW extensions.
646
647char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
648
649This function returns the value of the parameter "name" in "section", or NULL
650if there has been an error.
651
652void X509V3_string_free(X509V3_CTX *ctx, char *str);
653
654This function frees up the string returned by the above function.
655
656STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
657
658This function returns a whole section as a STACK_OF(CONF_VALUE) .
659
660void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
661
662This function frees up the STACK returned by the above function.
663
664Note: it is possible to use the extension code with a custom configuration
665database. To do this the "db_meth" element of the X509V3_CTX structure should
666be set to an X509V3_CTX_METHOD structure. This structure contains the following
667function pointers:
668
669char * (*get_string)(void *db, char *section, char *value);
670STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
671void (*free_string)(void *db, char * string);
672void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
673
674these will be called and passed the 'db' element in the X509V3_CTX structure
675to access the database. If a given function is not implemented or not required
676it can be set to NULL.
677
6785. String helper functions.
679
680There are several "i2s" and "s2i" functions that convert structures to and
681from ASCII strings. In all the "i2s" cases the returned string should be
682freed using Free() after use. Since some of these are part of other extension
683code they may take a 'method' parameter. Unless otherwise stated it can be
684safely set to NULL.
685
686char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
687
688This returns a hex string from an ASN1_OCTET_STRING.
689
690char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
691char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
692
693These return a string decimal representations of an ASN1_INTEGER and an
694ASN1_ENUMERATED type, respectively.
695
696ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
697 X509V3_CTX *ctx, char *str);
698
699This converts an ASCII hex string to an ASN1_OCTET_STRING.
700
701ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
702
703This converts a decimal ASCII string into an ASN1_INTEGER.
704
7056. Multi valued extension helper functions.
706
707The following functions can be used to manipulate STACKs of CONF_VALUE
708structures, as used by multi valued extensions.
709
710int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
711
712This function expects a boolean value in 'value' and sets 'asn1_bool' to
713it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
714strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
715"false", "N", "n", "NO" or "no".
716
717int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
718
719This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
720
721int X509V3_add_value(const char *name, const char *value,
722 STACK_OF(CONF_VALUE) **extlist);
723
724This simply adds a string name and value pair.
725
726int X509V3_add_value_uchar(const char *name, const unsigned char *value,
727 STACK_OF(CONF_VALUE) **extlist);
728
729The same as above but for an unsigned character value.
730
731int X509V3_add_value_bool(const char *name, int asn1_bool,
732 STACK_OF(CONF_VALUE) **extlist);
733
734This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
735
736int X509V3_add_value_bool_nf(char *name, int asn1_bool,
737 STACK_OF(CONF_VALUE) **extlist);
738
739This is the same as above except it adds nothing if asn1_bool is FALSE.
740
741int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
742 STACK_OF(CONF_VALUE) **extlist);
743
744This function adds the value of the ASN1_INTEGER in decimal form.
745
7467. Other helper functions.
747
748<to be added>
749
750ADDING CUSTOM EXTENSIONS.
751
752Currently there are three types of supported extensions.
753
754String extensions are simple strings where the value is placed directly in the
755extensions, and the string returned is printed out.
756
757Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
758or return a STACK_OF(CONF_VALUE).
759
760Raw extensions are just passed a BIO or a value and it is the extensions
761responsibility to handle all the necessary printing.
762
763There are two ways to add an extension. One is simply as an alias to an already
764existing extension. An alias is an extension that is identical in ASN1 structure
765to an existing extension but has a different OBJECT IDENTIFIER. This can be
766done by calling:
767
768int X509V3_EXT_add_alias(int nid_to, int nid_from);
769
770'nid_to' is the new extension NID and 'nid_from' is the already existing
771extension NID.
772
773Alternatively an extension can be written from scratch. This involves writing
774the ASN1 code to encode and decode the extension and functions to print out and
775generate the extension from strings. The relevant functions are then placed in
776a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
777called.
778
779The X509V3_EXT_METHOD structure is described below.
780
781struct {
782int ext_nid;
783int ext_flags;
784X509V3_EXT_NEW ext_new;
785X509V3_EXT_FREE ext_free;
786X509V3_EXT_D2I d2i;
787X509V3_EXT_I2D i2d;
788X509V3_EXT_I2S i2s;
789X509V3_EXT_S2I s2i;
790X509V3_EXT_I2V i2v;
791X509V3_EXT_V2I v2i;
792X509V3_EXT_R2I r2i;
793X509V3_EXT_I2R i2r;
794
795void *usr_data;
796};
797
798The elements have the following meanings.
799
800ext_nid is the NID of the object identifier of the extension.
801
802ext_flags is set of flags. Currently the only external flag is
803 X509V3_EXT_MULTILINE which means a multi valued extensions
804 should be printed on separate lines.
805
806usr_data is an extension specific pointer to any relevant data. This
807 allows extensions to share identical code but have different
808 uses. An example of this is the bit string extension which uses
809 usr_data to contain a list of the bit names.
810
811All the remaining elements are function pointers.
812
813ext_new is a pointer to a function that allocates memory for the
814 extension ASN1 structure: for example ASN1_OBJECT_new().
815
816ext_free is a pointer to a function that free up memory of the extension
817 ASN1 structure: for example ASN1_OBJECT_free().
818
819d2i is the standard ASN1 function that converts a DER buffer into
820 the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
821
822i2d is the standard ASN1 function that converts the internal
823 structure into the DER representation: for example
824 i2d_ASN1_IA5STRING().
825
826The remaining functions are depend on the type of extension. One i2X and
827one X2i should be set and the rest set to NULL. The types set do not need
828to match up, for example the extension could be set using the multi valued
829v2i function and printed out using the raw i2r.
830
831All functions have the X509V3_EXT_METHOD passed to them in the 'method'
832parameter and an X509V3_CTX structure. Extension code can then access the
833parent structure via the 'method' parameter to for example make use of the value
834of usr_data. If the code needs to use detail relating to the request it can
835use the 'ctx' parameter.
836
837A note should be given here about the 'flags' member of the 'ctx' parameter.
838If it has the value CTX_TEST then the configuration syntax is being checked
839and no actual certificate or CRL exists. Therefore any attempt in the config
840file to access such information should silently succeed. If the syntax is OK
841then it should simply return a (possibly bogus) extension, otherwise it
842should return NULL.
843
844char *i2s(struct v3_ext_method *method, void *ext);
845
846This function takes the internal structure in the ext parameter and returns
847a Malloc'ed string representing its value.
848
849void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
850
851This function takes the string representation in the ext parameter and returns
852an allocated internal structure: ext_free() will be used on this internal
853structure after use.
854
855i2v and v2i handle a STACK_OF(CONF_VALUE):
856
857typedef struct
858{
859 char *section;
860 char *name;
861 char *value;
862} CONF_VALUE;
863
864Only the name and value members are currently used.
865
866STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
867
868This function is passed the internal structure in the ext parameter and
869returns a STACK of CONF_VALUE structures. The values of name, value,
870section and the structure itself will be freed up with Free after use.
871Several helper functions are available to add values to this STACK.
872
873void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
874 STACK_OF(CONF_VALUE) *values);
875
876This function takes a STACK_OF(CONF_VALUE) structures and should set the
877values of the external structure. This typically uses the name element to
878determine which structure element to set and the value element to determine
879what to set it to. Several helper functions are available for this
880purpose (see above).
881
882int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
883
884This function is passed the internal extension structure in the ext parameter
885and sends out a human readable version of the extension to out. The 'indent'
886parameter should be noted to determine the necessary amount of indentation
887needed on the output.
888
889void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
890
891This is just passed the string representation of the extension. It is intended
892to be used for more elaborate extensions where the standard single and multi
893valued options are insufficient. They can use the 'ctx' parameter to parse the
894configuration database themselves. See the context functions section for details
895of how to do this.
896
897Note: although this type takes the same parameters as the "r2s" function there
898is a subtle difference. Whereas an "r2i" function can access a configuration
899database an "s2i" function MUST NOT. This is so the internal code can safely
900assume that an "s2i" function will work without a configuration database.
901
902==============================================================================
903 PKCS#12 Library
904==============================================================================
905
906This section describes the internal PKCS#12 support. There are very few
907differences between the old external library and the new internal code at
908present. This may well change because the external library will not be updated
909much in future.
910
911This version now includes a couple of high level PKCS#12 functions which
912generally "do the right thing" and should make it much easier to handle PKCS#12
913structures.
914
915HIGH LEVEL FUNCTIONS.
916
917For most applications you only need concern yourself with the high level
918functions. They can parse and generate simple PKCS#12 files as produced by
919Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
920private key and certificate pair.
921
9221. Initialisation and cleanup.
923
924No special initialisation is needed for the internal PKCS#12 library: the
925standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
926add all algorithms (you should at least add SHA1 though) then you can manually
927initialise the PKCS#12 library with:
928
929PKCS12_PBE_add();
930
931The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
932called or it can be directly freed with:
933
934EVP_PBE_cleanup();
935
936after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
937be called.
938
9392. I/O functions.
940
941i2d_PKCS12_bio(bp, p12)
942
943This writes out a PKCS12 structure to a BIO.
944
945i2d_PKCS12_fp(fp, p12)
946
947This is the same but for a FILE pointer.
948
949d2i_PKCS12_bio(bp, p12)
950
951This reads in a PKCS12 structure from a BIO.
952
953d2i_PKCS12_fp(fp, p12)
954
955This is the same but for a FILE pointer.
956
9573. High level functions.
958
9593.1 Parsing with PKCS12_parse().
960
961int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
962 STACK **ca);
963
964This function takes a PKCS12 structure and a password (ASCII, null terminated)
965and returns the private key, the corresponding certificate and any CA
966certificates. If any of these is not required it can be passed as a NULL.
967The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
968structure. Typically to read in a PKCS#12 file you might do:
969
970p12 = d2i_PKCS12_fp(fp, NULL);
971PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
972PKCS12_free(p12);
973
9743.2 PKCS#12 creation with PKCS12_create().
975
976PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
977 STACK *ca, int nid_key, int nid_cert, int iter,
978 int mac_iter, int keytype);
979
980This function will create a PKCS12 structure from a given password, name,
981private key, certificate and optional STACK of CA certificates. The remaining
9825 parameters can be set to 0 and sensible defaults will be used.
983
984The parameters nid_key and nid_cert are the key and certificate encryption
985algorithms, iter is the encryption iteration count, mac_iter is the MAC
986iteration count and keytype is the type of private key. If you really want
987to know what these last 5 parameters do then read the low level section.
988
989Typically to create a PKCS#12 file the following could be used:
990
991p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
992i2d_PKCS12_fp(fp, p12);
993PKCS12_free(p12);
994
9953.3 Changing a PKCS#12 structure password.
996
997int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
998
999This changes the password of an already existing PKCS#12 structure. oldpass
1000is the old password and newpass is the new one. An error occurs if the old
1001password is incorrect.
1002
1003LOW LEVEL FUNCTIONS.
1004
1005In some cases the high level functions do not provide the necessary
1006functionality. For example if you want to generate or parse more complex
1007PKCS#12 files. The sample pkcs12 application uses the low level functions
1008to display details about the internal structure of a PKCS#12 file.
1009
1010Introduction.
1011
1012This is a brief description of how a PKCS#12 file is represented internally:
1013some knowledge of PKCS#12 is assumed.
1014
1015A PKCS#12 object contains several levels.
1016
1017At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
1018CRL, a private key, encrypted or unencrypted, a set of safebags (so the
1019structure can be nested) or other secrets (not documented at present).
1020A safebag can optionally have attributes, currently these are: a unicode
1021friendlyName (a Unicode string) or a localKeyID (a string of bytes).
1022
1023At the next level is an authSafe which is a set of safebags collected into
1024a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
1025
1026At the top level is the PKCS12 structure itself which contains a set of
1027authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
1028contains a MAC which is a kind of password protected digest to preserve
1029integrity (so any unencrypted stuff below can't be tampered with).
1030
1031The reason for these levels is so various objects can be encrypted in various
1032ways. For example you might want to encrypt a set of private keys with
1033triple-DES and then include the related certificates either unencrypted or
1034with lower encryption. Yes it's the dreaded crypto laws at work again which
1035allow strong encryption on private keys and only weak encryption on other
1036stuff.
1037
1038To build one of these things you turn all certificates and keys into safebags
1039(with optional attributes). You collect the safebags into (one or more) STACKS
1040and convert these into authsafes (encrypted or unencrypted). The authsafes
1041are collected into a STACK and added to a PKCS12 structure. Finally a MAC
1042inserted.
1043
1044Pulling one apart is basically the reverse process. The MAC is verified against
1045the given password. The authsafes are extracted and each authsafe split into
1046a set of safebags (possibly involving decryption). Finally the safebags are
1047decomposed into the original keys and certificates and the attributes used to
1048match up private key and certificate pairs.
1049
1050Anyway here are the functions that do the dirty work.
1051
10521. Construction functions.
1053
10541.1 Safebag functions.
1055
1056M_PKCS12_x5092certbag(x509)
1057
1058This macro takes an X509 structure and returns a certificate bag. The
1059X509 structure can be freed up after calling this function.
1060
1061M_PKCS12_x509crl2certbag(crl)
1062
1063As above but for a CRL.
1064
1065PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
1066
1067Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
1068Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
1069structure contains a private key data in plain text form it should be free'd
1070up as soon as it has been encrypted for security reasons (freeing up the
1071structure zeros out the sensitive data). This can be done with
1072PKCS8_PRIV_KEY_INFO_free().
1073
1074PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
1075
1076This sets the key type when a key is imported into MSIE or Outlook 98. Two
1077values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
1078key that can also be used for signing but its size is limited in the export
1079versions of MS software to 512 bits, it is also the default. KEY_SIG is a
1080signing only key but the keysize is unlimited (well 16K is supposed to work).
1081If you are using the domestic version of MSIE then you can ignore this because
1082KEY_EX is not limited and can be used for both.
1083
1084PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
1085
1086Convert a PKCS8 private key structure into a keybag. This routine embeds the
1087p8 structure in the keybag so p8 should not be freed up or used after it is
1088called. The p8 structure will be freed up when the safebag is freed.
1089
1090PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
1091
1092Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
1093embedded and can be freed up after use.
1094
1095int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1096int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
1097
1098Add a local key id or a friendlyname to a safebag.
1099
11001.2 Authsafe functions.
1101
1102PKCS7 *PKCS12_pack_p7data(STACK *sk)
1103Take a stack of safebags and convert them into an unencrypted authsafe. The
1104stack of safebags can be freed up after calling this function.
1105
1106PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
1107
1108As above but encrypted.
1109
11101.3 PKCS12 functions.
1111
1112PKCS12 *PKCS12_init(int mode)
1113
1114Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
1115
1116M_PKCS12_pack_authsafes(p12, safes)
1117
1118This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
1119
1120int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
1121
1122Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
1123that SHA-1 should be used.
1124
11252. Extraction Functions.
1126
11272.1 Safebags.
1128
1129M_PKCS12_bag_type(bag)
1130
1131Return the type of "bag". Returns one of the following
1132
1133NID_keyBag
1134NID_pkcs8ShroudedKeyBag 7
1135NID_certBag 8
1136NID_crlBag 9
1137NID_secretBag 10
1138NID_safeContentsBag 11
1139
1140M_PKCS12_cert_bag_type(bag)
1141
1142Returns type of certificate bag, following are understood.
1143
1144NID_x509Certificate 14
1145NID_sdsiCertificate 15
1146
1147M_PKCS12_crl_bag_type(bag)
1148
1149Returns crl bag type, currently only NID_crlBag is recognised.
1150
1151M_PKCS12_certbag2x509(bag)
1152
1153This macro extracts an X509 certificate from a certificate bag.
1154
1155M_PKCS12_certbag2x509crl(bag)
1156
1157As above but for a CRL.
1158
1159EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
1160
1161Extract a private key from a PKCS8 private key info structure.
1162
1163M_PKCS12_decrypt_skey(bag, pass, passlen)
1164
1165Decrypt a shrouded key bag and return a PKCS8 private key info structure.
1166Works with both RSA and DSA keys
1167
1168char *PKCS12_get_friendlyname(bag)
1169
1170Returns the friendlyName of a bag if present or NULL if none. The returned
1171string is a null terminated ASCII string allocated with Malloc(). It should
1172thus be freed up with Free() after use.
1173
11742.2 AuthSafe functions.
1175
1176M_PKCS12_unpack_p7data(p7)
1177
1178Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
1179
1180#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
1181
1182As above but for an encrypted content info.
1183
11842.3 PKCS12 functions.
1185
1186M_PKCS12_unpack_authsafes(p12)
1187
1188Extract a STACK of authsafes from a PKCS12 structure.
1189
1190M_PKCS12_mac_present(p12)
1191
1192Check to see if a MAC is present.
1193
1194int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
1195
1196Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
1197
1198
1199Notes.
1200
12011. All the function return 0 or NULL on error.
12022. Encryption based functions take a common set of parameters. These are
1203described below.
1204
1205pass, passlen
1206ASCII password and length. The password on the MAC is called the "integrity
1207password" the encryption password is called the "privacy password" in the
1208PKCS#12 documentation. The passwords do not have to be the same. If -1 is
1209passed for the length it is worked out by the function itself (currently
1210this is sometimes done whatever is passed as the length but that may change).
1211
1212salt, saltlen
1213A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
1214default length is used.
1215
1216iter
1217Iteration count. This is a measure of how many times an internal function is
1218called to encrypt the data. The larger this value is the longer it takes, it
1219makes dictionary attacks on passwords harder. NOTE: Some implementations do
1220not support an iteration count on the MAC. If the password for the MAC and
1221encryption is the same then there is no point in having a high iteration
1222count for encryption if the MAC has no count. The MAC could be attacked
1223and the password used for the main decryption.
1224
1225pbe_nid
1226This is the NID of the password based encryption method used. The following are
1227supported.
1228NID_pbe_WithSHA1And128BitRC4
1229NID_pbe_WithSHA1And40BitRC4
1230NID_pbe_WithSHA1And3_Key_TripleDES_CBC
1231NID_pbe_WithSHA1And2_Key_TripleDES_CBC
1232NID_pbe_WithSHA1And128BitRC2_CBC
1233NID_pbe_WithSHA1And40BitRC2_CBC
1234
1235Which you use depends on the implementation you are exporting to. "Export
1236grade" (i.e. cryptographically challenged) products cannot support all
1237algorithms. Typically you may be able to use any encryption on shrouded key
1238bags but they must then be placed in an unencrypted authsafe. Other authsafes
1239may only support 40bit encryption. Of course if you are using SSLeay
1240throughout you can strongly encrypt everything and have high iteration counts
1241on everything.
1242
12433. For decryption routines only the password and length are needed.
1244
12454. Unlike the external version the nid's of objects are the values of the
1246constants: that is NID_certBag is the real nid, therefore there is no
1247PKCS12_obj_offset() function. Note the object constants are not the same as
1248those of the external version. If you use these constants then you will need
1249to recompile your code.
1250
12515. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or
1252macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
1253reused or freed up safely.
1254
diff --git a/src/lib/libssl/doc/ssl.3 b/src/lib/libssl/doc/ssl.3
deleted file mode 100644
index d87d7583c4..0000000000
--- a/src/lib/libssl/doc/ssl.3
+++ /dev/null
@@ -1,1320 +0,0 @@
1.\"
2.\" $OpenBSD: ssl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
3.\"
4.Dd $Mdocdate: December 2 2014 $
5.Dt SSL 3
6.Os
7.Sh NAME
8.Nm SSL
9.Nd OpenSSL SSL/TLS library
10.Sh SYNOPSIS
11.Sh DESCRIPTION
12The OpenSSL
13.Nm ssl
14library implements the Secure Sockets Layer (SSL v2/v3) and
15Transport Layer Security (TLS v1) protocols.
16It provides a rich API which is documented here.
17.Pp
18At first the library must be initialized; see
19.Xr SSL_library_init 3 .
20.Pp
21Then an
22.Vt SSL_CTX
23object is created as a framework to establish TLS/SSL enabled connections (see
24.Xr SSL_CTX_new 3 ) .
25Various options regarding certificates, algorithms, etc., can be set in this
26object.
27.Pp
28When a network connection has been created, it can be assigned to an
29.Vt SSL
30object.
31After the
32.Vt SSL
33object has been created using
34.Xr SSL_new 3 ,
35.Xr SSL_set_fd 3
36or
37.Xr SSL_set_bio 3
38can be used to associate the network connection with the object.
39.Pp
40Then the TLS/SSL handshake is performed using
41.Xr SSL_accept 3
42or
43.Xr SSL_connect 3
44respectively.
45.Xr SSL_read 3
46and
47.Xr SSL_write 3
48are used to read and write data on the TLS/SSL connection.
49.Xr SSL_shutdown 3
50can be used to shut down the TLS/SSL connection.
51.Sh DATA STRUCTURES
52Currently the OpenSSL
53.Nm ssl
54library functions deals with the following data structures:
55.Bl -tag -width Ds
56.It Vt SSL_METHOD No (SSL Method)
57That's a dispatch structure describing the internal
58.Nm ssl
59library methods/functions which implement the various protocol versions
60(SSLv1, SSLv2 and TLSv1).
61It's needed to create an
62.Vt SSL_CTX .
63.It Vt SSL_CIPHER No (SSL Cipher)
64This structure holds the algorithm information for a particular cipher which
65is a core part of the SSL/TLS protocol.
66The available ciphers are configured on an
67.Vt SSL_CTX
68basis and the actually used ones are then part of the
69.Vt SSL_SESSION .
70.It Vt SSL_CTX No (SSL Context)
71That's the global context structure which is created by a server or client
72once per program lifetime and which holds mainly default values for the
73.Vt SSL
74structures which are later created for the connections.
75.It Vt SSL_SESSION No (SSL Session)
76This is a structure containing the current TLS/SSL session details for a
77connection:
78.Vt SSL_CIPHER Ns s, client and server certificates, keys, etc.
79.It Vt SSL No (SSL Connection)
80That's the main SSL/TLS structure which is created by a server or client per
81established connection.
82This actually is the core structure in the SSL API.
83Under run-time the application usually deals with this structure which has
84links to mostly all other structures.
85.El
86.Sh HEADER FILES
87Currently the OpenSSL
88.Nm ssl
89library provides the following C header files containing the prototypes for the
90data structures and functions:
91.Bl -tag -width Ds
92.It Pa ssl.h
93That's the common header file for the SSL/TLS API.
94Include it into your program to make the API of the
95.Nm ssl
96library available.
97It internally includes both more private SSL headers and headers from the
98.Em crypto
99library.
100Whenever you need hardcore details on the internals of the SSL API, look inside
101this header file.
102.It Pa ssl2.h
103That's the sub header file dealing with the SSLv2 protocol only.
104.Bf Em
105 Usually you don't have to include it explicitly because it's already included
106by
107.Pa ssl.h .
108.Ef
109.It Pa ssl3.h
110That's the sub header file dealing with the SSLv3 protocol only.
111.Bf Em
112Usually you don't have to include it explicitly because it's already included
113by
114.Pa ssl.h .
115.Ef
116.It Pa ssl23.h
117That's the sub header file dealing with the combined use of the SSLv2 and SSLv3
118protocols.
119.Bf Em
120Usually you don't have to include it explicitly because it's already included
121by
122.Pa ssl.h .
123.Ef
124.It Pa tls1.h
125That's the sub header file dealing with the TLSv1 protocol only.
126.Bf Em
127Usually you don't have to include it explicitly because it's already included
128by
129.Pa ssl.h .
130.Ef
131.El
132.Sh API FUNCTIONS
133The functions that the OpenSSL
134.Nm ssl
135library exports are documented below:
136.Ss DEALING WITH PROTOCOL METHODS
137Here we document the various API functions which deal with the SSL/TLS protocol
138methods defined in
139.Vt SSL_METHOD
140structures.
141.Bl -tag -width Ds
142.It Xo
143.Ft const SSL_METHOD *
144.Fn SSLv2_client_method void
145.Xc
146Constructor for the SSLv2
147.Vt SSL_METHOD
148structure for a dedicated client.
149.It Xo
150.Ft const SSL_METHOD *
151.Fn SSLv2_server_method void
152.Xc
153Constructor for the SSLv2
154.Vt SSL_METHOD
155structure for a dedicated server.
156.It Xo
157.Ft const SSL_METHOD *
158.Fn SSLv2_method void
159.Xc
160Constructor for the SSLv2
161.Vt SSL_METHOD
162structure for combined client and server.
163.It Xo
164.Ft const SSL_METHOD *
165.Fn SSLv3_client_method void
166.Xc
167Constructor for the SSLv3
168.Vt SSL_METHOD
169structure for a dedicated client.
170.It Xo
171.Ft const SSL_METHOD *
172.Fn SSLv3_server_method void
173.Xc
174Constructor for the SSLv3
175.Vt SSL_METHOD
176structure for a dedicated server.
177.It Xo
178.Ft const SSL_METHOD *
179.Fn SSLv3_method void
180.Xc
181Constructor for the SSLv3
182.Vt SSL_METHOD
183structure for combined client and server.
184.It Xo
185.Ft const SSL_METHOD *
186.Fn TLSv1_client_method void
187.Xc
188Constructor for the TLSv1
189.Vt SSL_METHOD
190structure for a dedicated client.
191.It Xo
192.Ft const SSL_METHOD *
193.Fn TLSv1_server_method void
194.Xc
195Constructor for the TLSv1
196.Vt SSL_METHOD
197structure for a dedicated server.
198.It Xo
199.Ft const SSL_METHOD *
200.Fn TLSv1_method void
201.Xc
202Constructor for the TLSv1
203.Vt SSL_METHOD
204structure for combined client and server.
205.El
206.Ss DEALING WITH CIPHERS
207Here we document the various API functions which deal with the SSL/TLS ciphers
208defined in
209.Vt SSL_CIPHER
210structures.
211.Bl -tag -width Ds
212.It Xo
213.Ft char *
214.Fn SSL_CIPHER_description "SSL_CIPHER *cipher" "char *buf" "int len"
215.Xc
216Write a string to
217.Fa buf
218(with a maximum size of
219.Fa len )
220containing a human readable description of
221.Fa cipher .
222Returns
223.Fa buf .
224.It Xo
225.Ft int
226.Fn SSL_CIPHER_get_bits "SSL_CIPHER *cipher" "int *alg_bits"
227.Xc
228Determine the number of bits in
229.Fa cipher .
230Because of export crippled ciphers there are two bits:
231the bits the algorithm supports in general (stored to
232.Fa alg_bits )
233and the bits which are actually used (the return value).
234.It Xo
235.Ft const char *
236.Fn SSL_CIPHER_get_name "SSL_CIPHER *cipher"
237.Xc
238Return the internal name of
239.Fa cipher
240as a string.
241These are the various strings defined by the
242.Dv SSL2_TXT_xxx ,
243.Dv SSL3_TXT_xxx
244and
245.Dv TLS1_TXT_xxx
246definitions in the header files.
247.It Xo
248.Ft char *
249.Fn SSL_CIPHER_get_version "SSL_CIPHER *cipher"
250.Xc
251Returns a string like
252Qq TLSv1/SSLv3
253or
254Qq SSLv2
255which indicates the SSL/TLS protocol version to which
256.Fa cipher
257belongs (i.e., where it was defined in the specification the first time).
258.El
259.Ss DEALING WITH PROTOCOL CONTEXTS
260Here we document the various API functions which deal with the SSL/TLS
261protocol context defined in the
262.Vt SSL_CTX
263structure.
264.Bl -tag -width Ds
265.It Xo
266.Ft int
267.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *x"
268.Xc
269.It Xo
270.Ft long
271.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
272.Xc
273.It Xo
274.Ft int
275.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
276.Xc
277.It Xo
278.Ft int
279.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
280.Xc
281.It Xo
282.Ft long
283.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "char *parg"
284.Xc
285.It Xo
286.Ft void
287.Fn SSL_CTX_flush_sessions "SSL_CTX *s" "long t"
288.Xc
289.It Xo
290.Ft void
291.Fn SSL_CTX_free "SSL_CTX *a"
292.Xc
293.It Xo
294.Ft char *
295.Fn SSL_CTX_get_app_data "SSL_CTX *ctx"
296.Xc
297.It Xo
298.Ft X509_STORE *
299.Fn SSL_CTX_get_cert_store "SSL_CTX *ctx"
300.Xc
301.It Xo
302.Ft STACK *
303.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
304.Xc
305.It Xo
306.Ft int
307.Fn "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
308.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
309.Xc
310.It Xo
311.Ft char *
312.Fn SSL_CTX_get_ex_data "const SSL_CTX *s" "int idx"
313.Xc
314.It Xo
315.Ft int
316.Fo SSL_CTX_get_ex_new_index
317.Fa "long argl"
318.Fa "void *argp"
319.Fa "CRYPTO_EX_new *new_func"
320.Fa "CRYPTO_EX_dup *dup_func"
321.Fa "CRYPTO_EX_free *free_func"
322.Fc
323.Xc
324.It Xo
325.Ft void
326.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
327.Fa "SSL *ssl"
328.Fa "int cb"
329.Fa "int ret"
330.Fc
331.Xc
332.It Xo
333.Ft int
334.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
335.Xc
336.It Xo
337.Ft int
338.Fn SSL_CTX_get_session_cache_mode "SSL_CTX *ctx"
339.Xc
340.It Xo
341.Ft long
342.Fn SSL_CTX_get_timeout "const SSL_CTX *ctx"
343.Xc
344.It Xo
345.Ft int
346.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
347.Fa "int ok"
348.Fa "X509_STORE_CTX *ctx"
349.Fc
350.Xc
351.It Xo
352.Ft int
353.Fn SSL_CTX_get_verify_mode "SSL_CTX *ctx"
354.Xc
355.It Xo
356.Ft int
357.Fn SSL_CTX_load_verify_locations "SSL_CTX *ctx" "char *CAfile" "char *CApath"
358.Xc
359.It Xo
360.Ft long
361.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx"
362.Xc
363.It Xo
364.Ft SSL_CTX *
365.Fn SSL_CTX_new "const SSL_METHOD *meth"
366.Xc
367.It Xo
368.Ft int
369.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
370.Xc
371.It Xo
372.Ft int
373.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
374.Xc
375.It Xo
376.Ft int
377.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
378.Xc
379.It Xo
380.Ft int
381.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
382.Xc
383.It Xo
384.Ft int
385.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
386.Xc
387.It Xo
388.Ft int
389.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
390.Xc
391.It Xo
392.Ft int
393.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
394.Xc
395.It Xo
396.Ft int
397.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
398.Xc
399.It Xo
400.Ft int
401.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
402.Xc
403.It Xo
404.Ft int
405.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
406.Xc
407.It Xo
408.Ft SSL_SESSION *
409.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
410.Fa "SSL *ssl"
411.Fa "unsigned char *data"
412.Fa "int len"
413.Fa "int *copy"
414.Fc
415.Xc
416.It Xo
417.Ft int
418.Fn "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" "SSL *ssl" "SSL_SESSION *sess"
419.Xc
420.It Xo
421.Ft void
422.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
423.Fa "SSL_CTX *ctx"
424.Fa "SSL_SESSION *sess"
425.Fc
426.Xc
427.It Xo
428.Ft int
429.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
430.Xc
431.It Xo
432.Ft int
433.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
434.Xc
435.It Xo
436.Ft int
437.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
438.Xc
439.It Xo
440.Ft void
441.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
442.Xc
443.It Xo
444.Ft void
445.Fo SSL_CTX_sess_set_get_cb
446.Fa "SSL_CTX *ctx"
447.Fa "SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)"
448.Fc
449.Xc
450.It Xo
451.Ft void
452.Fo SSL_CTX_sess_set_new_cb
453.Fa "SSL_CTX *ctx"
454.Fa "int (*cb)(SSL *ssl, SSL_SESSION *sess)"
455.Fc
456.Xc
457.It Xo
458.Ft void
459.Fo SSL_CTX_sess_set_remove_cb
460.Fa "SSL_CTX *ctx"
461.Fa "void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)"
462.Fc
463.Xc
464.It Xo
465.Ft int
466.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
467.Xc
468.It Xo
469.Ft LHASH *
470.Fn SSL_CTX_sessions "SSL_CTX *ctx"
471.Xc
472.It Xo
473.Ft void
474.Fn SSL_CTX_set_app_data "SSL_CTX *ctx" "void *arg"
475.Xc
476.It Xo
477.Ft void
478.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *cs"
479.Xc
480.It Xo
481.Ft void
482.Fn SSL_CTX_set_cert_verify_cb "SSL_CTX *ctx" "int (*cb)()" "char *arg"
483.Xc
484.It Xo
485.Ft int
486.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "char *str"
487.Xc
488.It Xo
489.Ft void
490.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK *list"
491.Xc
492.It Xo
493.Ft void
494.Fo SSL_CTX_set_client_cert_cb
495.Fa "SSL_CTX *ctx"
496.Fa "int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
497.Fc
498.Xc
499.It Xo
500.Ft void
501.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
502.Xc
503.It Xo
504.Ft void
505.Fn SSL_CTX_set_default_read_ahead "SSL_CTX *ctx" "int m"
506.Xc
507.It Xo
508.Ft int
509.Fn SSL_CTX_set_default_verify_paths "SSL_CTX *ctx"
510.Xc
511.It Xo
512.Ft int
513.Fn SSL_CTX_set_ex_data "SSL_CTX *s" "int idx" "char *arg"
514.Xc
515.It Xo
516.Ft void
517.Fo SSL_CTX_set_info_callback
518.Fa "SSL_CTX *ctx"
519.Fa "void (*cb)(SSL *ssl, int cb, int ret)"
520.Fc
521.Xc
522.It Xo
523.Ft void
524.Fo SSL_CTX_set_msg_callback
525.Fa "SSL_CTX *ctx"
526.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
527size_t len, SSL *ssl, void *arg)"
528.Fc
529.Xc
530.It Xo
531.Ft void
532.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
533.Xc
534.It Xo
535.Ft void
536.Fn SSL_CTX_set_options "SSL_CTX *ctx" "unsigned long op"
537.Xc
538.It Xo
539.Ft void
540.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
541.Xc
542.It Xo
543.Ft void
544.Fn SSL_CTX_set_session_cache_mode "SSL_CTX *ctx" "int mode"
545.Xc
546.It Xo
547.Ft int
548.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *meth"
549.Xc
550.It Xo
551.Ft void
552.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
553.Xc
554.It Xo
555.Ft long
556.Fn SSL_CTX_set_tmp_dh "SSL_CTX* ctx" "DH *dh"
557.Xc
558.It Xo
559.Ft long
560.Fn SSL_CTX_set_tmp_dh_callback "SSL_CTX *ctx" "DH *(*cb)(void)"
561.Xc
562.It Xo
563.Ft long
564.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
565.Xc
566.It Xo
567.Fn SSL_CTX_set_tmp_rsa_callback
568.Xc
569.Ft long
570.Fo SSL_CTX_set_tmp_rsa_callback
571.Fa "SSL_CTX *ctx"
572.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
573.Fc
574.Pp
575Sets the callback which will be called when a temporary private key is
576required.
577The
578.Fa export
579flag will be set if the reason for needing a temp key is that an export
580ciphersuite is in use, in which case,
581.Fa keylength
582will contain the required keylength in bits.
583.\" XXX using what?
584Generate a key of appropriate size (using ???) and return it.
585.It Xo
586.Fn SSL_set_tmp_rsa_callback
587.Xc
588.Ft long
589.Fo SSL_set_tmp_rsa_callback
590.Fa "SSL *ssl"
591.Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)"
592.Fc
593.Pp
594The same as
595.Fn SSL_CTX_set_tmp_rsa_callback ,
596except it operates on an
597.Vt SSL
598session instead of a context.
599.It Xo
600.Ft void
601.Fn SSL_CTX_set_verify "SSL_CTX *ctx" "int mode" "int (*cb)(void)"
602.Xc
603.It Xo
604.Ft int
605.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
606.Xc
607.It Xo
608.Ft int
609.Fo SSL_CTX_use_PrivateKey_ASN1
610.Fa "int type"
611.Fa "SSL_CTX *ctx"
612.Fa "unsigned char *d"
613.Fa "long len"
614.Fc
615.Xc
616.It Xo
617.Ft int
618.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
619.Xc
620.It Xo
621.Ft int
622.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
623.Xc
624.It Xo
625.Ft int
626.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
627.Xc
628.It Xo
629.Ft int
630.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "char *file" "int type"
631.Xc
632.It Xo
633.Ft int
634.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
635.Xc
636.It Xo
637.Ft int
638.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
639.Xc
640.It Xo
641.Ft int
642.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "char *file" "int type"
643.Xc
644.It Xo
645.Ft void
646.Fo SSL_CTX_set_psk_client_callback
647.Fa "SSL_CTX *ctx"
648.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
649unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
650.Fc
651.Xc
652.It Xo
653.Ft int
654.Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint"
655.Xc
656.It Xo
657.Ft void
658.Fo SSL_CTX_set_psk_server_callback
659.Fa "SSL_CTX *ctx"
660.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
661unsigned char *psk, int max_psk_len)"
662.Fc
663.Xc
664.El
665.Ss DEALING WITH SESSIONS
666Here we document the various API functions which deal with the SSL/TLS sessions
667defined in the
668.Vt SSL_SESSION
669structures.
670.Bl -tag -width Ds
671.It Xo
672.Ft int
673.Fn SSL_SESSION_cmp "const SSL_SESSION *a" "const SSL_SESSION *b"
674.Xc
675.It Xo
676.Ft void
677.Fn SSL_SESSION_free "SSL_SESSION *ss"
678.Xc
679.It Xo
680.Ft char *
681.Fn SSL_SESSION_get_app_data "SSL_SESSION *s"
682.Xc
683.It Xo
684.Ft char *
685.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *s" "int idx"
686.Xc
687.It Xo
688.Ft int
689.Fo SSL_SESSION_get_ex_new_index
690.Fa "long argl"
691.Fa "char *argp"
692.Fa "int (*new_func)(void)"
693.Fa "int (*dup_func)(void), void (*free_func)(void)"
694.Fc
695.Xc
696.It Xo
697.Ft long
698.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
699.Xc
700.It Xo
701.Ft long
702.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
703.Xc
704.It Xo
705.Ft unsigned long
706.Fn SSL_SESSION_hash "const SSL_SESSION *a"
707.Xc
708.It Xo
709.Ft SSL_SESSION *
710.Fn SSL_SESSION_new void
711.Xc
712.It Xo
713.Ft int
714.Fn SSL_SESSION_print "BIO *bp" "const SSL_SESSION *x"
715.Xc
716.It Xo
717.Ft int
718.Fn SSL_SESSION_print_fp "FILE *fp" "const SSL_SESSION *x"
719.Xc
720.It Xo
721.Ft void
722.Fn SSL_SESSION_set_app_data "SSL_SESSION *s" "char *a"
723.Xc
724.It Xo
725.Ft int
726.Fn SSL_SESSION_set_ex_data "SSL_SESSION *s" "int idx" "char *arg"
727.Xc
728.It Xo
729.Ft long
730.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long t"
731.Xc
732.It Xo
733.Ft long
734.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long t"
735.Xc
736.El
737.Ss DEALING WITH CONNECTIONS
738Here we document the various API functions which deal with the SSL/TLS
739connection defined in the
740.Vt SSL
741structure.
742.Bl -tag -width Ds
743.It Xo
744.Ft int
745.Fn SSL_accept "SSL *ssl"
746.Xc
747.It Xo
748.Ft int
749.Fn SSL_add_dir_cert_subjects_to_stack "STACK *stack" "const char *dir"
750.Xc
751.It Xo
752.Ft int
753.Fn SSL_add_file_cert_subjects_to_stack "STACK *stack" "const char *file"
754.Xc
755.It Xo
756.Ft int
757.Fn SSL_add_client_CA "SSL *ssl" "X509 *x"
758.Xc
759.It Xo
760.Ft char *
761.Fn SSL_alert_desc_string "int value"
762.Xc
763.It Xo
764.Ft char *
765.Fn SSL_alert_desc_string_long "int value"
766.Xc
767.It Xo
768.Ft char *
769.Fn SSL_alert_type_string "int value"
770.Xc
771.It Xo
772.Ft char *
773.Fn SSL_alert_type_string_long "int value"
774.Xc
775.It Xo
776.Ft int
777.Fn SSL_check_private_key "const SSL *ssl"
778.Xc
779.It Xo
780.Ft void
781.Fn SSL_clear "SSL *ssl"
782.Xc
783.It Xo
784.Ft long
785.Fn SSL_clear_num_renegotiations "SSL *ssl"
786.Xc
787.It Xo
788.Ft int
789.Fn SSL_connect "SSL *ssl"
790.Xc
791.It Xo
792.Ft void
793.Fn SSL_copy_session_id "SSL *t" "const SSL *f"
794.Xc
795.It Xo
796.Ft long
797.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "char *parg"
798.Xc
799.It Xo
800.Ft int
801.Fn SSL_do_handshake "SSL *ssl"
802.Xc
803.It Xo
804.Ft SSL *
805.Fn SSL_dup "SSL *ssl"
806.Xc
807.It Xo
808.Ft STACK *
809.Fn SSL_dup_CA_list "STACK *sk"
810.Xc
811.It Xo
812.Ft void
813.Fn SSL_free "SSL *ssl"
814.Xc
815.It Xo
816.Ft SSL_CTX *
817.Fn SSL_get_SSL_CTX "const SSL *ssl"
818.Xc
819.It Xo
820.Ft char *
821.Fn SSL_get_app_data "SSL *ssl"
822.Xc
823.It Xo
824.Ft X509 *
825.Fn SSL_get_certificate "const SSL *ssl"
826.Xc
827.It Xo
828.Ft const char *
829.Fn SSL_get_cipher "const SSL *ssl"
830.Xc
831.It Xo
832.Ft int
833.Fn SSL_get_cipher_bits "const SSL *ssl" "int *alg_bits"
834.Xc
835.It Xo
836.Ft char *
837.Fn SSL_get_cipher_list "const SSL *ssl" "int n"
838.Xc
839.It Xo
840.Ft char *
841.Fn SSL_get_cipher_name "const SSL *ssl"
842.Xc
843.It Xo
844.Ft char *
845.Fn SSL_get_cipher_version "const SSL *ssl"
846.Xc
847.It Xo
848.Ft STACK *
849.Fn SSL_get_ciphers "const SSL *ssl"
850.Xc
851.It Xo
852.Ft STACK *
853.Fn SSL_get_client_CA_list "const SSL *ssl"
854.Xc
855.It Xo
856.Ft SSL_CIPHER *
857.Fn SSL_get_current_cipher "SSL *ssl"
858.Xc
859.It Xo
860.Ft long
861.Fn SSL_get_default_timeout "const SSL *ssl"
862.Xc
863.It Xo
864.Ft int
865.Fn SSL_get_error "const SSL *ssl" "int i"
866.Xc
867.It Xo
868.Ft char *
869.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
870.Xc
871.It Xo
872.Ft int
873.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
874.Xc
875.It Xo
876.Ft int
877.Fo SSL_get_ex_new_index
878.Fa "long argl"
879.Fa "char *argp"
880.Fa "int (*new_func)(void)"
881.Fa "int (*dup_func)(void)"
882.Fa "void (*free_func)(void)"
883.Fc
884.Xc
885.It Xo
886.Ft int
887.Fn SSL_get_fd "const SSL *ssl"
888.Xc
889.It Xo
890.Ft void
891.Fn "(*SSL_get_info_callback(const SSL *ssl))"
892.Xc
893.It Xo
894.Ft STACK *
895.Fn SSL_get_peer_cert_chain "const SSL *ssl"
896.Xc
897.It Xo
898.Ft X509 *
899.Fn SSL_get_peer_certificate "const SSL *ssl"
900.Xc
901.It Xo
902.Ft EVP_PKEY *
903.Fn SSL_get_privatekey "SSL *ssl"
904.Xc
905.It Xo
906.Ft int
907.Fn SSL_get_quiet_shutdown "const SSL *ssl"
908.Xc
909.It Xo
910.Ft BIO *
911.Fn SSL_get_rbio "const SSL *ssl"
912.Xc
913.It Xo
914.Ft int
915.Fn SSL_get_read_ahead "const SSL *ssl"
916.Xc
917.It Xo
918.Ft SSL_SESSION *
919.Fn SSL_get_session "const SSL *ssl"
920.Xc
921.It Xo
922.Ft char *
923.Fn SSL_get_shared_ciphers "const SSL *ssl" "char *buf" "int len"
924.Xc
925.It Xo
926.Ft int
927.Fn SSL_get_shutdown "const SSL *ssl"
928.Xc
929.It Xo
930.Ft const SSL_METHOD *
931.Fn SSL_get_ssl_method "SSL *ssl"
932.Xc
933.It Xo
934.Ft int
935.Fn SSL_get_state "const SSL *ssl"
936.Xc
937.It Xo
938.Ft long
939.Fn SSL_get_time "const SSL *ssl"
940.Xc
941.It Xo
942.Ft long
943.Fn SSL_get_timeout "const SSL *ssl"
944.Xc
945.It Xo
946.Ft int
947.Fn "(*SSL_get_verify_callback(const SSL *ssl))" int "X509_STORE_CTX *"
948.Xc
949.It Xo
950.Ft int
951.Fn SSL_get_verify_mode "const SSL *ssl"
952.Xc
953.It Xo
954.Ft long
955.Fn SSL_get_verify_result "const SSL *ssl"
956.Xc
957.It Xo
958.Ft char *
959.Fn SSL_get_version "const SSL *ssl"
960.Xc
961.It Xo
962.Ft BIO *
963.Fn SSL_get_wbio "const SSL *ssl"
964.Xc
965.It Xo
966.Ft int
967.Fn SSL_in_accept_init "SSL *ssl"
968.Xc
969.It Xo
970.Ft int
971.Fn SSL_in_before "SSL *ssl"
972.Xc
973.It Xo
974.Ft int
975.Fn SSL_in_connect_init "SSL *ssl"
976.Xc
977.It Xo
978.Ft int
979.Fn SSL_in_init "SSL *ssl"
980.Xc
981.It Xo
982.Ft int
983.Fn SSL_is_init_finished "SSL *ssl"
984.Xc
985.It Xo
986.Ft STACK *
987.Fn SSL_load_client_CA_file "char *file"
988.Xc
989.It Xo
990.Ft void
991.Fn SSL_load_error_strings "void"
992.Xc
993.It Xo
994.Ft SSL *
995.Fn SSL_new "SSL_CTX *ctx"
996.Xc
997.It Xo
998.Ft long
999.Fn SSL_num_renegotiations "SSL *ssl"
1000.Xc
1001.It Xo
1002.Ft int
1003.Fn SSL_peek "SSL *ssl" "void *buf" "int num"
1004.Xc
1005.It Xo
1006.Ft int
1007.Fn SSL_pending "const SSL *ssl"
1008.Xc
1009.It Xo
1010.Ft int
1011.Fn SSL_read "SSL *ssl" "void *buf" "int num"
1012.Xc
1013.It Xo
1014.Ft int
1015.Fn SSL_renegotiate "SSL *ssl"
1016.Xc
1017.It Xo
1018.Ft char *
1019.Fn SSL_rstate_string "SSL *ssl"
1020.Xc
1021.It Xo
1022.Ft char *
1023.Fn SSL_rstate_string_long "SSL *ssl"
1024.Xc
1025.It Xo
1026.Ft long
1027.Fn SSL_session_reused "SSL *ssl"
1028.Xc
1029.It Xo
1030.Ft void
1031.Fn SSL_set_accept_state "SSL *ssl"
1032.Xc
1033.It Xo
1034.Ft void
1035.Fn SSL_set_app_data "SSL *ssl" "char *arg"
1036.Xc
1037.It Xo
1038.Ft void
1039.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
1040.Xc
1041.It Xo
1042.Ft int
1043.Fn SSL_set_cipher_list "SSL *ssl" "char *str"
1044.Xc
1045.It Xo
1046.Ft void
1047.Fn SSL_set_client_CA_list "SSL *ssl" "STACK *list"
1048.Xc
1049.It Xo
1050.Ft void
1051.Fn SSL_set_connect_state "SSL *ssl"
1052.Xc
1053.It Xo
1054.Ft int
1055.Fn SSL_set_ex_data "SSL *ssl" "int idx" "char *arg"
1056.Xc
1057.It Xo
1058.Ft int
1059.Fn SSL_set_fd "SSL *ssl" "int fd"
1060.Xc
1061.It Xo
1062.Ft void
1063.Fn SSL_set_info_callback "SSL *ssl" "void (*cb)(void)"
1064.Xc
1065.It Xo
1066.Ft void
1067.Fo SSL_set_msg_callback
1068.Fa "SSL *ctx"
1069.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \
1070size_t len, SSL *ssl, void *arg)"
1071.Fc
1072.Xc
1073.It Xo
1074.Ft void
1075.Fn SSL_set_msg_callback_arg "SSL *ctx" "void *arg"
1076.Xc
1077.It Xo
1078.Ft void
1079.Fn SSL_set_options "SSL *ssl" "unsigned long op"
1080.Xc
1081.It Xo
1082.Ft void
1083.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
1084.Xc
1085.It Xo
1086.Ft void
1087.Fn SSL_set_read_ahead "SSL *ssl" "int yes"
1088.Xc
1089.It Xo
1090.Ft int
1091.Fn SSL_set_rfd "SSL *ssl" "int fd"
1092.Xc
1093.It Xo
1094.Ft int
1095.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
1096.Xc
1097.It Xo
1098.Ft void
1099.Fn SSL_set_shutdown "SSL *ssl" "int mode"
1100.Xc
1101.It Xo
1102.Ft int
1103.Fn SSL_set_ssl_method "SSL *ssl" "const SSL_METHOD *meth"
1104.Xc
1105.It Xo
1106.Ft void
1107.Fn SSL_set_time "SSL *ssl" "long t"
1108.Xc
1109.It Xo
1110.Ft void
1111.Fn SSL_set_timeout "SSL *ssl" "long t"
1112.Xc
1113.It Xo
1114.Ft void
1115.Fn SSL_set_verify "SSL *ssl" "int mode" "int (*callback)(void)"
1116.Xc
1117.It Xo
1118.Ft void
1119.Fn SSL_set_verify_result "SSL *ssl" "long arg"
1120.Xc
1121.It Xo
1122.Ft int
1123.Fn SSL_set_wfd "SSL *ssl" "int fd"
1124.Xc
1125.It Xo
1126.Ft int
1127.Fn SSL_shutdown "SSL *ssl"
1128.Xc
1129.It Xo
1130.Ft int
1131.Fn SSL_state "const SSL *ssl"
1132.Xc
1133.It Xo
1134.Ft char *
1135.Fn SSL_state_string "const SSL *ssl"
1136.Xc
1137.It Xo
1138.Ft char *
1139.Fn SSL_state_string_long "const SSL *ssl"
1140.Xc
1141.It Xo
1142.Ft long
1143.Fn SSL_total_renegotiations "SSL *ssl"
1144.Xc
1145.It Xo
1146.Ft int
1147.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
1148.Xc
1149.It Xo
1150.Ft int
1151.Fn SSL_use_PrivateKey_ASN1 "int type" "SSL *ssl" "unsigned char *d" "long len"
1152.Xc
1153.It Xo
1154.Ft int
1155.Fn SSL_use_PrivateKey_file "SSL *ssl" "char *file" "int type"
1156.Xc
1157.It Xo
1158.Ft int
1159.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
1160.Xc
1161.It Xo
1162.Ft int
1163.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len"
1164.Xc
1165.It Xo
1166.Ft int
1167.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "char *file" "int type"
1168.Xc
1169.It Xo
1170.Ft int
1171.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
1172.Xc
1173.It Xo
1174.Ft int
1175.Fn SSL_use_certificate_ASN1 "SSL *ssl" "int len" "unsigned char *d"
1176.Xc
1177.It Xo
1178.Ft int
1179.Fn SSL_use_certificate_file "SSL *ssl" "char *file" "int type"
1180.Xc
1181.It Xo
1182.Ft int
1183.Fn SSL_version "const SSL *ssl"
1184.Xc
1185.It Xo
1186.Ft int
1187.Fn SSL_want "const SSL *ssl"
1188.Xc
1189.It Xo
1190.Ft int
1191.Fn SSL_want_nothing "const SSL *ssl"
1192.Xc
1193.It Xo
1194.Ft int
1195.Fn SSL_want_read "const SSL *ssl"
1196.Xc
1197.It Xo
1198.Ft int
1199.Fn SSL_want_write "const SSL *ssl"
1200.Xc
1201.It Xo
1202.Ft int
1203.Fn SSL_want_x509_lookup "const SSL *ssl"
1204.Xc
1205.It Xo
1206.Ft int
1207.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
1208.Xc
1209.It Xo
1210.Ft void
1211.Fo SSL_set_psk_client_callback
1212.Fa "SSL *ssl"
1213.Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \
1214unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)"
1215.Fc
1216.Xc
1217.It Xo
1218.Ft int
1219.Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint"
1220.Xc
1221.It Xo
1222.Ft void
1223.Fo SSL_set_psk_server_callback
1224.Fa "SSL *ssl"
1225.Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \
1226unsigned char *psk, int max_psk_len)"
1227.Fc
1228.Xc
1229.It Xo
1230.Ft const char *
1231.Fn SSL_get_psk_identity_hint "SSL *ssl"
1232.Xc
1233.It Xo
1234.Ft const char *
1235.Fn SSL_get_psk_identity "SSL *ssl"
1236.Xc
1237.El
1238.Sh SEE ALSO
1239.Xr openssl 1 ,
1240.Xr crypto 3 ,
1241.Xr d2i_SSL_SESSION 3 ,
1242.Xr SSL_accept 3 ,
1243.Xr SSL_alert_type_string 3 ,
1244.Xr SSL_CIPHER_get_name 3 ,
1245.Xr SSL_clear 3 ,
1246.Xr SSL_COMP_add_compression_method 3 ,
1247.Xr SSL_connect 3 ,
1248.Xr SSL_CTX_add_extra_chain_cert 3 ,
1249.Xr SSL_CTX_add_session 3 ,
1250.Xr SSL_CTX_ctrl 3 ,
1251.Xr SSL_CTX_flush_sessions 3 ,
1252.Xr SSL_CTX_get_ex_new_index 3 ,
1253.Xr SSL_CTX_get_verify_mode 3 ,
1254.Xr SSL_CTX_load_verify_locations 3 ,
1255.Xr SSL_CTX_new 3 ,
1256.Xr SSL_CTX_sess_number 3 ,
1257.Xr SSL_CTX_sess_set_cache_size 3 ,
1258.Xr SSL_CTX_sess_set_get_cb 3 ,
1259.Xr SSL_CTX_sessions 3 ,
1260.Xr SSL_CTX_set_cert_store 3 ,
1261.Xr SSL_CTX_set_cert_verify_callback 3 ,
1262.Xr SSL_CTX_set_cipher_list 3 ,
1263.Xr SSL_CTX_set_client_CA_list 3 ,
1264.Xr SSL_CTX_set_client_cert_cb 3 ,
1265.Xr SSL_CTX_set_default_passwd_cb 3 ,
1266.Xr SSL_CTX_set_generate_session_id 3 ,
1267.Xr SSL_CTX_set_info_callback 3 ,
1268.Xr SSL_CTX_set_max_cert_list 3 ,
1269.Xr SSL_CTX_set_mode 3 ,
1270.Xr SSL_CTX_set_msg_callback 3 ,
1271.Xr SSL_CTX_set_options 3 ,
1272.Xr SSL_CTX_set_psk_client_callback 3 ,
1273.Xr SSL_CTX_set_quiet_shutdown 3 ,
1274.Xr SSL_CTX_set_session_cache_mode 3 ,
1275.Xr SSL_CTX_set_session_id_context 3 ,
1276.Xr SSL_CTX_set_ssl_version 3 ,
1277.Xr SSL_CTX_set_timeout 3 ,
1278.Xr SSL_CTX_set_tmp_dh_callback 3 ,
1279.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
1280.Xr SSL_CTX_set_verify 3 ,
1281.Xr SSL_CTX_use_certificate 3 ,
1282.Xr SSL_CTX_use_psk_identity_hint 3 ,
1283.Xr SSL_do_handshake 3 ,
1284.Xr SSL_get_ciphers 3 ,
1285.Xr SSL_get_client_CA_list 3 ,
1286.Xr SSL_get_default_timeout 3 ,
1287.Xr SSL_get_error 3 ,
1288.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
1289.Xr SSL_get_ex_new_index 3 ,
1290.Xr SSL_get_fd 3 ,
1291.Xr SSL_get_peer_cert_chain 3 ,
1292.Xr SSL_get_psk_identity 3 ,
1293.Xr SSL_get_rbio 3 ,
1294.Xr SSL_get_session 3 ,
1295.Xr SSL_get_SSL_CTX 3 ,
1296.Xr SSL_get_verify_result 3 ,
1297.Xr SSL_get_version 3 ,
1298.Xr SSL_library_init 3 ,
1299.Xr SSL_load_client_CA_file 3 ,
1300.Xr SSL_new 3 ,
1301.Xr SSL_pending 3 ,
1302.Xr SSL_read 3 ,
1303.Xr SSL_rstate_string 3 ,
1304.Xr SSL_SESSION_free 3 ,
1305.Xr SSL_SESSION_get_ex_new_index 3 ,
1306.Xr SSL_SESSION_get_time 3 ,
1307.Xr SSL_session_reused 3 ,
1308.Xr SSL_set_bio 3 ,
1309.Xr SSL_set_connect_state 3 ,
1310.Xr SSL_set_fd 3 ,
1311.Xr SSL_set_session 3 ,
1312.Xr SSL_set_shutdown 3 ,
1313.Xr SSL_shutdown 3 ,
1314.Xr SSL_state_string 3 ,
1315.Xr SSL_want 3 ,
1316.Xr SSL_write 3
1317.Sh HISTORY
1318The
1319.Nm
1320document appeared in OpenSSL 0.9.2.
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index 7bada8d35f..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,285 +0,0 @@
1Standards related to OpenSSL
2============================
3
4[Please, this is currently a draft. I made a first try at finding
5 documents that describe parts of what OpenSSL implements. There are
6 big gaps, and I've most certainly done something wrong. Please
7 correct whatever is... Also, this note should be removed when this
8 file is reaching a somewhat correct state. -- Richard Levitte]
9
10
11All pointers in here will be either URL's or blobs of text borrowed
12from miscellaneous indexes, like rfc-index.txt (index of RFCs),
131id-index.txt (index of Internet drafts) and the like.
14
15To find the latest possible RFCs, it's recommended to either browse
16ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
17use the search mechanism found there.
18To find the latest possible Internet drafts, it's recommended to
19browse ftp://ftp.isi.edu/internet-drafts/.
20To find the latest possible PKCS, it's recommended to browse
21http://www.rsasecurity.com/rsalabs/pkcs/.
22
23
24Implemented:
25------------
26
27These are documents that describe things that are implemented (in
28whole or at least great parts) in OpenSSL.
29
301319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
31 (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
32
331320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
34 TXT=32407 bytes) (Status: INFORMATIONAL)
35
361321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
37 TXT=35222 bytes) (Status: INFORMATIONAL)
38
392246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
40 (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
41
422268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
43 January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
44
452315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
46 March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
47
48PKCS#8: Private-Key Information Syntax Standard
49
50PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
51
522560 X.509 Internet Public Key Infrastructure Online Certificate
53 Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
54 C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
55 STANDARD)
56
572712 Addition of Kerberos Cipher Suites to Transport Layer Security
58 (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
59 (Status: PROPOSED STANDARD)
60
612898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
62 B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
63 INFORMATIONAL)
64
652986 PKCS #10: Certification Request Syntax Specification Version 1.7.
66 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
67 (Obsoletes RFC2314) (Status: INFORMATIONAL)
68
693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
71
723161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
73 C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
74 (Status: PROPOSED STANDARD)
75
763268 Advanced Encryption Standard (AES) Ciphersuites for Transport
77 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
78 (Status: PROPOSED STANDARD)
79
803279 Algorithms and Identifiers for the Internet X.509 Public Key
81 Infrastructure Certificate and Certificate Revocation List (CRL)
82 Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
83 TXT=53833 bytes) (Status: PROPOSED STANDARD)
84
853280 Internet X.509 Public Key Infrastructure Certificate and
86 Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
87 Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
88 RFC2459) (Status: PROPOSED STANDARD)
89
903447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
91 Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
92 (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
93 INFORMATIONAL)
94
953713 A Description of the Camellia Encryption Algorithm. M. Matsui,
96 J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
97 (Status: INFORMATIONAL)
98
993820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
100 Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
101 June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
102
1034132 Addition of Camellia Cipher Suites to Transport Layer Security
104 (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
105 bytes) (Status: PROPOSED STANDARD)
106
1074162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
108 H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
109 (Status: PROPOSED STANDARD)
110
1114269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
112 D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
113 (Obsoletes RFC4009) (Status: INFORMATIONAL)
114
115
116Related:
117--------
118
119These are documents that are close to OpenSSL, for example the
120STARTTLS documents.
121
1221421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
123 Encryption and Authentication Procedures. J. Linn. February 1993.
124 (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
125 STANDARD)
126
1271422 Privacy Enhancement for Internet Electronic Mail: Part II:
128 Certificate-Based Key Management. S. Kent. February 1993. (Format:
129 TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
130
1311423 Privacy Enhancement for Internet Electronic Mail: Part III:
132 Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
133 (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
134 STANDARD)
135
1361424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
137 Certification and Related Services. B. Kaliski. February 1993.
138 (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
139
1402025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
141 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
142
1432510 Internet X.509 Public Key Infrastructure Certificate Management
144 Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
145 bytes) (Status: PROPOSED STANDARD)
146
1472511 Internet X.509 Certificate Request Message Format. M. Myers, C.
148 Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
149 (Status: PROPOSED STANDARD)
150
1512527 Internet X.509 Public Key Infrastructure Certificate Policy and
152 Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
153 (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
154
1552538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
156 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
157 PROPOSED STANDARD)
158
1592539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
160 D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
161 PROPOSED STANDARD)
162
1632559 Internet X.509 Public Key Infrastructure Operational Protocols -
164 LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
165 TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
166
1672585 Internet X.509 Public Key Infrastructure Operational Protocols:
168 FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
169 bytes) (Status: PROPOSED STANDARD)
170
1712587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
172 Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
173 (Status: PROPOSED STANDARD)
174
1752595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
176 (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
177
1782631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
179 (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
180
1812632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
182 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
183
1842716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
185 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
186
1872773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
188 February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
189 EXPERIMENTAL)
190
1912797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
192 Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
193 PROPOSED STANDARD)
194
1952817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
196 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
197 STANDARD)
198
1992818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
200 (Status: INFORMATIONAL)
201
2022876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
203 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
204
2052984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
206 October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
207
2082985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
209 M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
210 (Status: INFORMATIONAL)
211
2123029 Internet X.509 Public Key Infrastructure Data Validation and
213 Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
214 R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
215 EXPERIMENTAL)
216
2173039 Internet X.509 Public Key Infrastructure Qualified Certificates
218 Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
219 (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
220
2213058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
222 Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
223 (Status: INFORMATIONAL)
224
2253161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
226 (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
227 (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
228
2293185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
230 October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
231
2323207 SMTP Service Extension for Secure SMTP over Transport Layer
233 Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
234 (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
235
2363217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
237 (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
238
2393274 Compressed Data Content Type for Cryptographic Message Syntax
240 (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
241 PROPOSED STANDARD)
242
2433278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
244 Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
245 Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
246 INFORMATIONAL)
247
2483281 An Internet Attribute Certificate Profile for Authorization. S.
249 Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
250 PROPOSED STANDARD)
251
2523369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
253 (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
254 PROPOSED STANDARD)
255
2563370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
257 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
258 PROPOSED STANDARD)
259
2603377 Lightweight Directory Access Protocol (v3): Technical
261 Specification. J. Hodges, R. Morgan. September 2002. (Format:
262 TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
263 RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
264
2653394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
266 R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
267 INFORMATIONAL)
268
2693436 Transport Layer Security over Stream Control Transmission
270 Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
271 (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
272
2733657 Use of the Camellia Encryption Algorithm in Cryptographic
274 Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
275 (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
276
277"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
278
279
280To be implemented:
281------------------
282
283These are documents that describe things that are planed to be
284implemented in the hopefully short future.
285
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
deleted file mode 100644
index 1d65dc5821..0000000000
--- a/src/lib/libssl/dtls1.h
+++ /dev/null
@@ -1,246 +0,0 @@
1/* $OpenBSD: dtls1.h,v 1.17 2015/02/09 10:53:28 jsing Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifndef HEADER_DTLS1_H
61#define HEADER_DTLS1_H
62
63#include <sys/time.h>
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68
69#include <openssl/buffer.h>
70
71#ifdef __cplusplus
72extern "C" {
73#endif
74
75#define DTLS1_VERSION 0xFEFF
76#define DTLS1_BAD_VER 0x0100
77
78/* lengths of messages */
79#define DTLS1_COOKIE_LENGTH 256
80
81#define DTLS1_RT_HEADER_LENGTH 13
82
83#define DTLS1_HM_HEADER_LENGTH 12
84
85#define DTLS1_HM_BAD_FRAGMENT -2
86#define DTLS1_HM_FRAGMENT_RETRY -3
87
88#define DTLS1_CCS_HEADER_LENGTH 1
89
90#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
91#define DTLS1_AL_HEADER_LENGTH 7
92#else
93#define DTLS1_AL_HEADER_LENGTH 2
94#endif
95
96#ifndef OPENSSL_NO_SSL_INTERN
97
98
99typedef struct dtls1_bitmap_st {
100 unsigned long map; /* track 32 packets on 32-bit systems
101 and 64 - on 64-bit systems */
102 unsigned char max_seq_num[8]; /* max record number seen so far,
103 64-bit value in big-endian
104 encoding */
105} DTLS1_BITMAP;
106
107struct dtls1_retransmit_state {
108 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
109 EVP_MD_CTX *write_hash; /* used for mac generation */
110 SSL_SESSION *session;
111 unsigned short epoch;
112};
113
114struct hm_header_st {
115 unsigned char type;
116 unsigned long msg_len;
117 unsigned short seq;
118 unsigned long frag_off;
119 unsigned long frag_len;
120 unsigned int is_ccs;
121 struct dtls1_retransmit_state saved_retransmit_state;
122};
123
124struct ccs_header_st {
125 unsigned char type;
126 unsigned short seq;
127};
128
129struct dtls1_timeout_st {
130 /* Number of read timeouts so far */
131 unsigned int read_timeouts;
132
133 /* Number of write timeouts so far */
134 unsigned int write_timeouts;
135
136 /* Number of alerts received so far */
137 unsigned int num_alerts;
138};
139
140struct _pqueue;
141
142typedef struct record_pqueue_st {
143 unsigned short epoch;
144 struct _pqueue *q;
145} record_pqueue;
146
147typedef struct hm_fragment_st {
148 struct hm_header_st msg_header;
149 unsigned char *fragment;
150 unsigned char *reassembly;
151} hm_fragment;
152
153typedef struct dtls1_state_st {
154 unsigned int send_cookie;
155 unsigned char cookie[DTLS1_COOKIE_LENGTH];
156 unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
157 unsigned int cookie_len;
158
159 /*
160 * The current data and handshake epoch. This is initially
161 * undefined, and starts at zero once the initial handshake is
162 * completed
163 */
164 unsigned short r_epoch;
165 unsigned short w_epoch;
166
167 /* records being received in the current epoch */
168 DTLS1_BITMAP bitmap;
169
170 /* renegotiation starts a new set of sequence numbers */
171 DTLS1_BITMAP next_bitmap;
172
173 /* handshake message numbers */
174 unsigned short handshake_write_seq;
175 unsigned short next_handshake_write_seq;
176
177 unsigned short handshake_read_seq;
178
179 /* save last sequence number for retransmissions */
180 unsigned char last_write_sequence[8];
181
182 /* Received handshake records (processed and unprocessed) */
183 record_pqueue unprocessed_rcds;
184 record_pqueue processed_rcds;
185
186 /* Buffered handshake messages */
187 struct _pqueue *buffered_messages;
188
189 /* Buffered (sent) handshake records */
190 struct _pqueue *sent_messages;
191
192 /* Buffered application records.
193 * Only for records between CCS and Finished
194 * to prevent either protocol violation or
195 * unnecessary message loss.
196 */
197 record_pqueue buffered_app_data;
198
199 /* Is set when listening for new connections with dtls1_listen() */
200 unsigned int listen;
201
202 unsigned int mtu; /* max DTLS packet size */
203
204 struct hm_header_st w_msg_hdr;
205 struct hm_header_st r_msg_hdr;
206
207 struct dtls1_timeout_st timeout;
208
209 /* Indicates when the last handshake msg or heartbeat sent will timeout */
210 struct timeval next_timeout;
211
212 /* Timeout duration */
213 unsigned short timeout_duration;
214
215 /* storage for Alert/Handshake protocol data received but not
216 * yet processed by ssl3_read_bytes: */
217 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
218 unsigned int alert_fragment_len;
219 unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
220 unsigned int handshake_fragment_len;
221
222 unsigned int retransmitting;
223 unsigned int change_cipher_spec_ok;
224
225
226} DTLS1_STATE;
227
228typedef struct dtls1_record_data_st {
229 unsigned char *packet;
230 unsigned int packet_length;
231 SSL3_BUFFER rbuf;
232 SSL3_RECORD rrec;
233} DTLS1_RECORD_DATA;
234
235#endif
236
237/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
238#define DTLS1_TMO_READ_COUNT 2
239#define DTLS1_TMO_WRITE_COUNT 2
240
241#define DTLS1_TMO_ALERT_COUNT 12
242
243#ifdef __cplusplus
244}
245#endif
246#endif
diff --git a/src/lib/libssl/pqueue.c b/src/lib/libssl/pqueue.c
deleted file mode 100644
index 602969deb0..0000000000
--- a/src/lib/libssl/pqueue.c
+++ /dev/null
@@ -1,201 +0,0 @@
1/* $OpenBSD: pqueue.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdlib.h>
61#include <string.h>
62
63#include "pqueue.h"
64
65typedef struct _pqueue {
66 pitem *items;
67 int count;
68} pqueue_s;
69
70pitem *
71pitem_new(unsigned char *prio64be, void *data)
72{
73 pitem *item = malloc(sizeof(pitem));
74
75 if (item == NULL)
76 return NULL;
77
78 memcpy(item->priority, prio64be, sizeof(item->priority));
79
80 item->data = data;
81 item->next = NULL;
82
83 return item;
84}
85
86void
87pitem_free(pitem *item)
88{
89 free(item);
90}
91
92pqueue_s *
93pqueue_new(void)
94{
95 return calloc(1, sizeof(pqueue_s));
96}
97
98void
99pqueue_free(pqueue_s *pq)
100{
101 free(pq);
102}
103
104pitem *
105pqueue_insert(pqueue_s *pq, pitem *item)
106{
107 pitem *curr, *next;
108
109 if (pq->items == NULL) {
110 pq->items = item;
111 return item;
112 }
113
114 for (curr = NULL, next = pq->items; next != NULL;
115 curr = next, next = next->next) {
116 /* we can compare 64-bit value in big-endian encoding
117 * with memcmp:-) */
118 int cmp = memcmp(next->priority, item->priority,
119 sizeof(item->priority));
120 if (cmp > 0) { /* next > item */
121 item->next = next;
122
123 if (curr == NULL)
124 pq->items = item;
125 else
126 curr->next = item;
127
128 return item;
129 } else if (cmp == 0) /* duplicates not allowed */
130 return NULL;
131 }
132
133 item->next = NULL;
134 curr->next = item;
135
136 return item;
137}
138
139pitem *
140pqueue_peek(pqueue_s *pq)
141{
142 return pq->items;
143}
144
145pitem *
146pqueue_pop(pqueue_s *pq)
147{
148 pitem *item = pq->items;
149
150 if (pq->items != NULL)
151 pq->items = pq->items->next;
152
153 return item;
154}
155
156pitem *
157pqueue_find(pqueue_s *pq, unsigned char *prio64be)
158{
159 pitem *next;
160
161 for (next = pq->items; next != NULL; next = next->next)
162 if (memcmp(next->priority, prio64be,
163 sizeof(next->priority)) == 0)
164 return next;
165
166 return NULL;
167}
168
169pitem *
170pqueue_iterator(pqueue_s *pq)
171{
172 return pqueue_peek(pq);
173}
174
175pitem *
176pqueue_next(pitem **item)
177{
178 pitem *ret;
179
180 if (item == NULL || *item == NULL)
181 return NULL;
182
183 /* *item != NULL */
184 ret = *item;
185 *item = (*item)->next;
186
187 return ret;
188}
189
190int
191pqueue_size(pqueue_s *pq)
192{
193 pitem *item = pq->items;
194 int count = 0;
195
196 while (item != NULL) {
197 count++;
198 item = item->next;
199 }
200 return count;
201}
diff --git a/src/lib/libssl/pqueue.h b/src/lib/libssl/pqueue.h
deleted file mode 100644
index 0d7ddc04e2..0000000000
--- a/src/lib/libssl/pqueue.h
+++ /dev/null
@@ -1,89 +0,0 @@
1/* $OpenBSD: pqueue.h,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */
2
3/*
4 * DTLS implementation written by Nagendra Modadugu
5 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
6 */
7/* ====================================================================
8 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 *
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in
19 * the documentation and/or other materials provided with the
20 * distribution.
21 *
22 * 3. All advertising materials mentioning features or use of this
23 * software must display the following acknowledgment:
24 * "This product includes software developed by the OpenSSL Project
25 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 *
27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
28 * endorse or promote products derived from this software without
29 * prior written permission. For written permission, please contact
30 * openssl-core@OpenSSL.org.
31 *
32 * 5. Products derived from this software may not be called "OpenSSL"
33 * nor may "OpenSSL" appear in their names without prior written
34 * permission of the OpenSSL Project.
35 *
36 * 6. Redistributions of any form whatsoever must retain the following
37 * acknowledgment:
38 * "This product includes software developed by the OpenSSL Project
39 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52 * OF THE POSSIBILITY OF SUCH DAMAGE.
53 * ====================================================================
54 *
55 * This product includes cryptographic software written by Eric Young
56 * (eay@cryptsoft.com). This product includes software written by Tim
57 * Hudson (tjh@cryptsoft.com).
58 *
59 */
60
61#ifndef HEADER_PQUEUE_H
62#define HEADER_PQUEUE_H
63
64typedef struct _pqueue *pqueue;
65
66typedef struct _pitem {
67 unsigned char priority[8]; /* 64-bit value in big-endian encoding */
68 void *data;
69 struct _pitem *next;
70} pitem;
71
72typedef struct _pitem *piterator;
73
74pitem *pitem_new(unsigned char *prio64be, void *data);
75void pitem_free(pitem *item);
76
77pqueue pqueue_new(void);
78void pqueue_free(pqueue pq);
79
80pitem *pqueue_insert(pqueue pq, pitem *item);
81pitem *pqueue_peek(pqueue pq);
82pitem *pqueue_pop(pqueue pq);
83pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
84pitem *pqueue_iterator(pqueue pq);
85pitem *pqueue_next(piterator *iter);
86
87int pqueue_size(pqueue pq);
88
89#endif /* ! HEADER_PQUEUE_H */
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
deleted file mode 100644
index 458eb37d5f..0000000000
--- a/src/lib/libssl/s23_clnt.c
+++ /dev/null
@@ -1,610 +0,0 @@
1/* $OpenBSD: s23_clnt.c,v 1.40 2015/07/19 07:30:06 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include "ssl_locl.h"
115
116#include <openssl/buffer.h>
117#include <openssl/evp.h>
118#include <openssl/objects.h>
119
120static const SSL_METHOD *ssl23_get_client_method(int ver);
121static int ssl23_client_hello(SSL *s);
122static int ssl23_get_server_hello(SSL *s);
123static const SSL_METHOD *tls_any_get_client_method(int ver);
124
125const SSL_METHOD SSLv23_client_method_data = {
126 .version = TLS1_2_VERSION,
127 .ssl_new = tls1_new,
128 .ssl_clear = tls1_clear,
129 .ssl_free = tls1_free,
130 .ssl_accept = ssl_undefined_function,
131 .ssl_connect = ssl23_connect,
132 .ssl_read = ssl23_read,
133 .ssl_peek = ssl23_peek,
134 .ssl_write = ssl23_write,
135 .ssl_shutdown = ssl_undefined_function,
136 .ssl_renegotiate = ssl_undefined_function,
137 .ssl_renegotiate_check = ssl_ok,
138 .ssl_get_message = ssl3_get_message,
139 .ssl_read_bytes = ssl3_read_bytes,
140 .ssl_write_bytes = ssl3_write_bytes,
141 .ssl_dispatch_alert = ssl3_dispatch_alert,
142 .ssl_ctrl = ssl3_ctrl,
143 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
144 .get_cipher_by_char = ssl3_get_cipher_by_char,
145 .put_cipher_by_char = ssl3_put_cipher_by_char,
146 .ssl_pending = ssl_undefined_const_function,
147 .num_ciphers = ssl3_num_ciphers,
148 .get_cipher = ssl3_get_cipher,
149 .get_ssl_method = ssl23_get_client_method,
150 .get_timeout = ssl23_default_timeout,
151 .ssl3_enc = &ssl3_undef_enc_method,
152 .ssl_version = ssl_undefined_void_function,
153 .ssl_callback_ctrl = ssl3_callback_ctrl,
154 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
155};
156
157const SSL_METHOD TLS_client_method_data = {
158 .version = TLS1_2_VERSION,
159 .ssl_new = tls1_new,
160 .ssl_clear = tls1_clear,
161 .ssl_free = tls1_free,
162 .ssl_accept = ssl_undefined_function,
163 .ssl_connect = tls_any_connect,
164 .ssl_read = ssl23_read,
165 .ssl_peek = ssl23_peek,
166 .ssl_write = ssl23_write,
167 .ssl_shutdown = ssl_undefined_function,
168 .ssl_renegotiate = ssl_undefined_function,
169 .ssl_renegotiate_check = ssl_ok,
170 .ssl_get_message = ssl3_get_message,
171 .ssl_read_bytes = ssl3_read_bytes,
172 .ssl_write_bytes = ssl3_write_bytes,
173 .ssl_dispatch_alert = ssl3_dispatch_alert,
174 .ssl_ctrl = ssl3_ctrl,
175 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
176 .get_cipher_by_char = ssl3_get_cipher_by_char,
177 .put_cipher_by_char = ssl3_put_cipher_by_char,
178 .ssl_pending = ssl_undefined_const_function,
179 .num_ciphers = ssl3_num_ciphers,
180 .get_cipher = ssl3_get_cipher,
181 .get_ssl_method = tls_any_get_client_method,
182 .get_timeout = ssl23_default_timeout,
183 .ssl3_enc = &ssl3_undef_enc_method,
184 .ssl_version = ssl_undefined_void_function,
185 .ssl_callback_ctrl = ssl3_callback_ctrl,
186 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
187};
188
189
190const SSL_METHOD *
191SSLv23_client_method(void)
192{
193 return &SSLv23_client_method_data;
194}
195
196static const SSL_METHOD *
197ssl23_get_client_method(int ver)
198{
199 if (ver == SSL3_VERSION)
200 return (SSLv3_client_method());
201 if (ver == TLS1_VERSION)
202 return (TLSv1_client_method());
203 if (ver == TLS1_1_VERSION)
204 return (TLSv1_1_client_method());
205 if (ver == TLS1_2_VERSION)
206 return (TLSv1_2_client_method());
207 return (NULL);
208}
209
210int
211ssl23_connect(SSL *s)
212{
213 void (*cb)(const SSL *ssl, int type, int val) = NULL;
214 int ret = -1;
215 int new_state, state;
216
217 ERR_clear_error();
218 errno = 0;
219
220 if (s->info_callback != NULL)
221 cb = s->info_callback;
222 else if (s->ctx->info_callback != NULL)
223 cb = s->ctx->info_callback;
224
225 s->in_handshake++;
226 if (!SSL_in_init(s) || SSL_in_before(s))
227 SSL_clear(s);
228
229 for (;;) {
230 state = s->state;
231
232 switch (s->state) {
233 case SSL_ST_BEFORE:
234 case SSL_ST_CONNECT:
235 case SSL_ST_BEFORE|SSL_ST_CONNECT:
236 case SSL_ST_OK|SSL_ST_CONNECT:
237
238 if (s->session != NULL) {
239 SSLerr(SSL_F_SSL23_CONNECT, SSL_R_SSL23_DOING_SESSION_ID_REUSE);
240 ret = -1;
241 goto end;
242 }
243 s->server = 0;
244 if (cb != NULL)
245 cb(s, SSL_CB_HANDSHAKE_START, 1);
246
247 /* s->version=TLS1_VERSION; */
248 s->type = SSL_ST_CONNECT;
249
250 if (!ssl3_setup_init_buffer(s)) {
251 ret = -1;
252 goto end;
253 }
254 if (!ssl3_setup_buffers(s)) {
255 ret = -1;
256 goto end;
257 }
258 if (!ssl3_init_finished_mac(s)) {
259 ret = -1;
260 goto end;
261 }
262
263 s->state = SSL23_ST_CW_CLNT_HELLO_A;
264 s->ctx->stats.sess_connect++;
265 s->init_num = 0;
266 break;
267
268 case SSL23_ST_CW_CLNT_HELLO_A:
269 case SSL23_ST_CW_CLNT_HELLO_B:
270
271 s->shutdown = 0;
272 ret = ssl23_client_hello(s);
273 if (ret <= 0)
274 goto end;
275 s->state = SSL23_ST_CR_SRVR_HELLO_A;
276 s->init_num = 0;
277
278 break;
279
280 case SSL23_ST_CR_SRVR_HELLO_A:
281 case SSL23_ST_CR_SRVR_HELLO_B:
282 ret = ssl23_get_server_hello(s);
283 if (ret >= 0)
284 cb = NULL;
285 goto end;
286 /* break; */
287
288 default:
289 SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
290 ret = -1;
291 goto end;
292 /* break; */
293 }
294
295 if (s->debug) {
296 (void)BIO_flush(s->wbio);
297 }
298
299 if ((cb != NULL) && (s->state != state)) {
300 new_state = s->state;
301 s->state = state;
302 cb(s, SSL_CB_CONNECT_LOOP, 1);
303 s->state = new_state;
304 }
305 }
306
307end:
308 s->in_handshake--;
309 if (cb != NULL)
310 cb(s, SSL_CB_CONNECT_EXIT, ret);
311
312 return (ret);
313}
314
315static int
316ssl23_client_hello(SSL *s)
317{
318 unsigned char *buf;
319 unsigned char *p, *d;
320 int i;
321 unsigned long l;
322 int version = 0, version_major, version_minor;
323 int ret;
324 unsigned long mask, options = s->options;
325
326 /*
327 * SSL_OP_NO_X disables all protocols above X *if* there are
328 * some protocols below X enabled. This is required in order
329 * to maintain "version capability" vector contiguous. So
330 * that if application wants to disable TLS1.0 in favour of
331 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
332 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
333 */
334 mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3;
335 version = TLS1_2_VERSION;
336
337 if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
338 version = TLS1_1_VERSION;
339 mask &= ~SSL_OP_NO_TLSv1_1;
340 if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
341 version = TLS1_VERSION;
342 mask &= ~SSL_OP_NO_TLSv1;
343 if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
344 version = SSL3_VERSION;
345 mask &= ~SSL_OP_NO_SSLv3;
346
347 buf = (unsigned char *)s->init_buf->data;
348 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
349 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
350
351 if (version == TLS1_2_VERSION) {
352 version_major = TLS1_2_VERSION_MAJOR;
353 version_minor = TLS1_2_VERSION_MINOR;
354 } else if (version == TLS1_1_VERSION) {
355 version_major = TLS1_1_VERSION_MAJOR;
356 version_minor = TLS1_1_VERSION_MINOR;
357 } else if (version == TLS1_VERSION) {
358 version_major = TLS1_VERSION_MAJOR;
359 version_minor = TLS1_VERSION_MINOR;
360 } else if (version == SSL3_VERSION) {
361 version_major = SSL3_VERSION_MAJOR;
362 version_minor = SSL3_VERSION_MINOR;
363 } else {
364 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
365 return (-1);
366 }
367
368 s->client_version = version;
369
370 /* create Client Hello in SSL 3.0/TLS 1.0 format */
371
372 /*
373 * Do the record header (5 bytes) and handshake
374 * message header (4 bytes) last
375 */
376 d = p = &(buf[9]);
377
378 *(p++) = version_major;
379 *(p++) = version_minor;
380
381 /* Random stuff */
382 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
383 p += SSL3_RANDOM_SIZE;
384
385 /* Session ID (zero since there is no reuse) */
386 *(p++) = 0;
387
388 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
389 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
390 if (i == 0) {
391 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
392 SSL_R_NO_CIPHERS_AVAILABLE);
393 return -1;
394 }
395 s2n(i, p);
396 p += i;
397
398 /* add in (no) COMPRESSION */
399 *(p++) = 1;
400 /* Add the NULL method */
401 *(p++) = 0;
402
403 /* TLS extensions*/
404 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
405 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
406 SSL_R_CLIENTHELLO_TLSEXT);
407 return -1;
408 }
409 if ((p = ssl_add_clienthello_tlsext(s, p,
410 buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) {
411 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
412 return -1;
413 }
414
415 l = p - d;
416
417 /* fill in 4-byte handshake header */
418 d = &(buf[5]);
419 *(d++) = SSL3_MT_CLIENT_HELLO;
420 l2n3(l, d);
421
422 l += 4;
423
424 if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
425 SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
426 return -1;
427 }
428
429 /* fill in 5-byte record header */
430 d = buf;
431 *(d++) = SSL3_RT_HANDSHAKE;
432 *(d++) = version_major;
433
434 /*
435 * Some servers hang if we use long client hellos
436 * and a record number > TLS 1.0.
437 */
438 if (TLS1_get_client_version(s) > TLS1_VERSION)
439 *(d++) = 1;
440 else
441 *(d++) = version_minor;
442 s2n((int)l, d);
443
444 /* number of bytes to write */
445 s->init_num = p - buf;
446 s->init_off = 0;
447
448 ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
449
450 s->state = SSL23_ST_CW_CLNT_HELLO_B;
451 s->init_off = 0;
452 }
453
454 /* SSL3_ST_CW_CLNT_HELLO_B */
455 ret = ssl23_write_bytes(s);
456
457 if ((ret >= 2) && s->msg_callback) {
458 /* Client Hello has been sent; tell msg_callback */
459
460 s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
461 s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg);
462 }
463
464 return ret;
465}
466
467static int
468ssl23_get_server_hello(SSL *s)
469{
470 char buf[8];
471 unsigned char *p;
472 int i;
473 int n;
474
475 n = ssl23_read_bytes(s, 7);
476
477 if (n != 7)
478 return (n);
479 p = s->packet;
480
481 memcpy(buf, p, n);
482
483 /* Old unsupported sslv2 handshake */
484 if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
485 (p[5] == 0x00) && (p[6] == 0x02)) {
486 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
487 SSL_R_UNSUPPORTED_PROTOCOL);
488 goto err;
489 }
490
491 if (p[1] == SSL3_VERSION_MAJOR &&
492 p[2] <= TLS1_2_VERSION_MINOR &&
493 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
494 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
495 /* we have sslv3 or tls1 (server hello or alert) */
496
497 if ((p[2] == SSL3_VERSION_MINOR) &&
498 !(s->options & SSL_OP_NO_SSLv3)) {
499 s->version = SSL3_VERSION;
500 s->method = SSLv3_client_method();
501 } else if ((p[2] == TLS1_VERSION_MINOR) &&
502 !(s->options & SSL_OP_NO_TLSv1)) {
503 s->version = TLS1_VERSION;
504 s->method = TLSv1_client_method();
505 } else if ((p[2] == TLS1_1_VERSION_MINOR) &&
506 !(s->options & SSL_OP_NO_TLSv1_1)) {
507 s->version = TLS1_1_VERSION;
508 s->method = TLSv1_1_client_method();
509 } else if ((p[2] == TLS1_2_VERSION_MINOR) &&
510 !(s->options & SSL_OP_NO_TLSv1_2)) {
511 s->version = TLS1_2_VERSION;
512 s->method = TLSv1_2_client_method();
513 } else {
514 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
515 SSL_R_UNSUPPORTED_PROTOCOL);
516 goto err;
517 }
518
519 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
520 /* fatal alert */
521 void (*cb)(const SSL *ssl, int type, int val) = NULL;
522 int j;
523
524 if (s->info_callback != NULL)
525 cb = s->info_callback;
526 else if (s->ctx->info_callback != NULL)
527 cb = s->ctx->info_callback;
528
529 i = p[5];
530 if (cb != NULL) {
531 j = (i << 8) | p[6];
532 cb(s, SSL_CB_READ_ALERT, j);
533 }
534
535 if (s->msg_callback)
536 s->msg_callback(0, s->version, SSL3_RT_ALERT,
537 p + 5, 2, s, s->msg_callback_arg);
538
539 s->rwstate = SSL_NOTHING;
540 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
541 SSL_AD_REASON_OFFSET + p[6]);
542 goto err;
543 }
544
545 if (!ssl_init_wbio_buffer(s, 1))
546 goto err;
547
548 /* we are in this state */
549 s->state = SSL3_ST_CR_SRVR_HELLO_A;
550
551 /* put the 7 bytes we have read into the input buffer
552 * for SSLv3 */
553 s->rstate = SSL_ST_READ_HEADER;
554 s->packet_length = n;
555 if (s->s3->rbuf.buf == NULL)
556 if (!ssl3_setup_read_buffer(s))
557 goto err;
558 s->packet = &(s->s3->rbuf.buf[0]);
559 memcpy(s->packet, buf, n);
560 s->s3->rbuf.left = n;
561 s->s3->rbuf.offset = 0;
562
563 s->handshake_func = s->method->ssl_connect;
564 } else {
565 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
566 goto err;
567 }
568 s->init_num = 0;
569
570 /*
571 * Since, if we are sending a ssl23 client hello, we are not
572 * reusing a session-id
573 */
574 if (!ssl_get_new_session(s, 0))
575 goto err;
576
577 return (SSL_connect(s));
578err:
579 return (-1);
580}
581
582const SSL_METHOD *
583TLS_client_method(void)
584{
585 return &TLS_client_method_data;
586}
587
588static const SSL_METHOD *
589tls_any_get_client_method(int ver)
590{
591 if (ver == SSL3_VERSION)
592 return (NULL);
593 else
594 return ssl23_get_client_method(ver);
595}
596
597int
598tls_any_connect(SSL *s)
599{
600 int ret;
601 unsigned long old_options;
602
603 old_options = s->options;
604
605 s->options |= SSL_OP_NO_SSLv3;
606 ret = ssl23_connect(s);
607 s->options = old_options;
608
609 return ret;
610}
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
deleted file mode 100644
index cd594aa3c9..0000000000
--- a/src/lib/libssl/s23_lib.c
+++ /dev/null
@@ -1,132 +0,0 @@
1/* $OpenBSD: s23_lib.c,v 1.18 2014/11/16 14:12:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/objects.h>
62
63#include "ssl_locl.h"
64
65long
66ssl23_default_timeout(void)
67{
68 return (300);
69}
70
71int
72ssl23_read(SSL *s, void *buf, int len)
73{
74 int n;
75
76 errno = 0;
77 if (SSL_in_init(s) && (!s->in_handshake)) {
78 n = s->handshake_func(s);
79 if (n < 0)
80 return (n);
81 if (n == 0) {
82 SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
83 return (-1);
84 }
85 return (SSL_read(s, buf, len));
86 } else {
87 ssl_undefined_function(s);
88 return (-1);
89 }
90}
91
92int
93ssl23_peek(SSL *s, void *buf, int len)
94{
95 int n;
96
97 errno = 0;
98 if (SSL_in_init(s) && (!s->in_handshake)) {
99 n = s->handshake_func(s);
100 if (n < 0)
101 return (n);
102 if (n == 0) {
103 SSLerr(SSL_F_SSL23_PEEK, SSL_R_SSL_HANDSHAKE_FAILURE);
104 return (-1);
105 }
106 return (SSL_peek(s, buf, len));
107 } else {
108 ssl_undefined_function(s);
109 return (-1);
110 }
111}
112
113int
114ssl23_write(SSL *s, const void *buf, int len)
115{
116 int n;
117
118 errno = 0;
119 if (SSL_in_init(s) && (!s->in_handshake)) {
120 n = s->handshake_func(s);
121 if (n < 0)
122 return (n);
123 if (n == 0) {
124 SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
125 return (-1);
126 }
127 return (SSL_write(s, buf, len));
128 } else {
129 ssl_undefined_function(s);
130 return (-1);
131 }
132}
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c
deleted file mode 100644
index 2081f48f08..0000000000
--- a/src/lib/libssl/s23_pkt.c
+++ /dev/null
@@ -1,116 +0,0 @@
1/* $OpenBSD: s23_pkt.c,v 1.9 2014/11/16 14:12:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <errno.h>
60#include <stdio.h>
61
62#include "ssl_locl.h"
63
64#include <openssl/buffer.h>
65#include <openssl/evp.h>
66
67int
68ssl23_write_bytes(SSL *s)
69{
70 int i, num, tot;
71 char *buf;
72
73 buf = s->init_buf->data;
74 tot = s->init_off;
75 num = s->init_num;
76 for (;;) {
77 s->rwstate = SSL_WRITING;
78 i = BIO_write(s->wbio, &(buf[tot]), num);
79 if (i <= 0) {
80 s->init_off = tot;
81 s->init_num = num;
82 return (i);
83 }
84 s->rwstate = SSL_NOTHING;
85 if (i == num)
86 return (tot + i);
87
88 num -= i;
89 tot += i;
90 }
91}
92
93/* return regularly only when we have read (at least) 'n' bytes */
94int
95ssl23_read_bytes(SSL *s, int n)
96{
97 unsigned char *p;
98 int j;
99
100 if (s->packet_length < (unsigned int)n) {
101 p = s->packet;
102
103 for (;;) {
104 s->rwstate = SSL_READING;
105 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
106 n - s->packet_length);
107 if (j <= 0)
108 return (j);
109 s->rwstate = SSL_NOTHING;
110 s->packet_length += j;
111 if (s->packet_length >= (unsigned int)n)
112 return (s->packet_length);
113 }
114 }
115 return (n);
116}
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
deleted file mode 100644
index b524124681..0000000000
--- a/src/lib/libssl/s23_srvr.c
+++ /dev/null
@@ -1,635 +0,0 @@
1/* $OpenBSD: s23_srvr.c,v 1.41 2015/07/19 07:30:06 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include "ssl_locl.h"
115
116#include <openssl/buffer.h>
117#include <openssl/evp.h>
118#include <openssl/objects.h>
119
120static const SSL_METHOD *ssl23_get_server_method(int ver);
121int ssl23_get_client_hello(SSL *s);
122static const SSL_METHOD *tls_any_get_server_method(int ver);
123
124const SSL_METHOD SSLv23_server_method_data = {
125 .version = TLS1_2_VERSION,
126 .ssl_new = tls1_new,
127 .ssl_clear = tls1_clear,
128 .ssl_free = tls1_free,
129 .ssl_accept = ssl23_accept,
130 .ssl_connect = ssl_undefined_function,
131 .ssl_read = ssl23_read,
132 .ssl_peek = ssl23_peek,
133 .ssl_write = ssl23_write,
134 .ssl_shutdown = ssl_undefined_function,
135 .ssl_renegotiate = ssl_undefined_function,
136 .ssl_renegotiate_check = ssl_ok,
137 .ssl_get_message = ssl3_get_message,
138 .ssl_read_bytes = ssl3_read_bytes,
139 .ssl_write_bytes = ssl3_write_bytes,
140 .ssl_dispatch_alert = ssl3_dispatch_alert,
141 .ssl_ctrl = ssl3_ctrl,
142 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
143 .get_cipher_by_char = ssl3_get_cipher_by_char,
144 .put_cipher_by_char = ssl3_put_cipher_by_char,
145 .ssl_pending = ssl_undefined_const_function,
146 .num_ciphers = ssl3_num_ciphers,
147 .get_cipher = ssl3_get_cipher,
148 .get_ssl_method = ssl23_get_server_method,
149 .get_timeout = ssl23_default_timeout,
150 .ssl3_enc = &ssl3_undef_enc_method,
151 .ssl_version = ssl_undefined_void_function,
152 .ssl_callback_ctrl = ssl3_callback_ctrl,
153 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
154};
155
156const SSL_METHOD TLS_server_method_data = {
157 .version = TLS1_2_VERSION,
158 .ssl_new = tls1_new,
159 .ssl_clear = tls1_clear,
160 .ssl_free = tls1_free,
161 .ssl_accept = tls_any_accept,
162 .ssl_connect = ssl_undefined_function,
163 .ssl_read = ssl23_read,
164 .ssl_peek = ssl23_peek,
165 .ssl_write = ssl23_write,
166 .ssl_shutdown = ssl_undefined_function,
167 .ssl_renegotiate = ssl_undefined_function,
168 .ssl_renegotiate_check = ssl_ok,
169 .ssl_get_message = ssl3_get_message,
170 .ssl_read_bytes = ssl3_read_bytes,
171 .ssl_write_bytes = ssl3_write_bytes,
172 .ssl_dispatch_alert = ssl3_dispatch_alert,
173 .ssl_ctrl = ssl3_ctrl,
174 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
175 .get_cipher_by_char = ssl3_get_cipher_by_char,
176 .put_cipher_by_char = ssl3_put_cipher_by_char,
177 .ssl_pending = ssl_undefined_const_function,
178 .num_ciphers = ssl3_num_ciphers,
179 .get_cipher = ssl3_get_cipher,
180 .get_ssl_method = tls_any_get_server_method,
181 .get_timeout = ssl23_default_timeout,
182 .ssl3_enc = &ssl3_undef_enc_method,
183 .ssl_version = ssl_undefined_void_function,
184 .ssl_callback_ctrl = ssl3_callback_ctrl,
185 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
186};
187
188const SSL_METHOD *
189SSLv23_server_method(void)
190{
191 return &SSLv23_server_method_data;
192}
193
194static const SSL_METHOD *
195ssl23_get_server_method(int ver)
196{
197 if (ver == SSL3_VERSION)
198 return (SSLv3_server_method());
199 if (ver == TLS1_VERSION)
200 return (TLSv1_server_method());
201 if (ver == TLS1_1_VERSION)
202 return (TLSv1_1_server_method());
203 if (ver == TLS1_2_VERSION)
204 return (TLSv1_2_server_method());
205 return (NULL);
206}
207
208int
209ssl23_accept(SSL *s)
210{
211 void (*cb)(const SSL *ssl, int type, int val) = NULL;
212 int ret = -1;
213 int new_state, state;
214
215 ERR_clear_error();
216 errno = 0;
217
218 if (s->info_callback != NULL)
219 cb = s->info_callback;
220 else if (s->ctx->info_callback != NULL)
221 cb = s->ctx->info_callback;
222
223 s->in_handshake++;
224 if (!SSL_in_init(s) || SSL_in_before(s))
225 SSL_clear(s);
226
227 for (;;) {
228 state = s->state;
229
230 switch (s->state) {
231 case SSL_ST_BEFORE:
232 case SSL_ST_ACCEPT:
233 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
234 case SSL_ST_OK|SSL_ST_ACCEPT:
235
236 s->server = 1;
237 if (cb != NULL)
238 cb(s, SSL_CB_HANDSHAKE_START, 1);
239
240 /* s->version=SSL3_VERSION; */
241 s->type = SSL_ST_ACCEPT;
242
243 if (!ssl3_setup_init_buffer(s)) {
244 ret = -1;
245 goto end;
246 }
247 if (!ssl3_init_finished_mac(s)) {
248 ret = -1;
249 goto end;
250 }
251
252 s->state = SSL23_ST_SR_CLNT_HELLO_A;
253 s->ctx->stats.sess_accept++;
254 s->init_num = 0;
255 break;
256
257 case SSL23_ST_SR_CLNT_HELLO_A:
258 case SSL23_ST_SR_CLNT_HELLO_B:
259
260 s->shutdown = 0;
261 ret = ssl23_get_client_hello(s);
262 if (ret >= 0)
263 cb = NULL;
264 goto end;
265 /* break; */
266
267 default:
268 SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
269 ret = -1;
270 goto end;
271 /* break; */
272 }
273
274 if ((cb != NULL) && (s->state != state)) {
275 new_state = s->state;
276 s->state = state;
277 cb(s, SSL_CB_ACCEPT_LOOP, 1);
278 s->state = new_state;
279 }
280 }
281
282end:
283 s->in_handshake--;
284 if (cb != NULL)
285 cb(s, SSL_CB_ACCEPT_EXIT, ret);
286
287 return (ret);
288}
289
290
291int
292ssl23_get_client_hello(SSL *s)
293{
294 char buf[11];
295 /*
296 * sizeof(buf) == 11, because we'll need to request this many bytes in
297 * the initial read.
298 * We can detect SSL 3.0/TLS 1.0 Client Hellos ('type == 3') correctly
299 * only when the following is in a single record, which is not
300 * guaranteed by the protocol specification:
301 * Byte Content
302 * 0 type \
303 * 1/2 version > record header
304 * 3/4 length /
305 * 5 msg_type \
306 * 6-8 length > Client Hello message
307 * 9/10 client_version /
308 */
309 unsigned char *p, *d, *d_len, *dd;
310 unsigned int i;
311 unsigned int csl, sil, cl;
312 int n = 0, j;
313 int type = 0;
314 int v[2];
315
316 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
317 /* read the initial header */
318 v[0] = v[1] = 0;
319
320 if (!ssl3_setup_buffers(s))
321 return -1;
322
323 n = ssl23_read_bytes(s, sizeof buf);
324 if (n != sizeof buf)
325 return(n);
326
327 p = s->packet;
328
329 memcpy(buf, p, n);
330
331 if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
332 /*
333 * SSLv2 header
334 */
335 if ((p[3] == 0x00) && (p[4] == 0x02)) {
336 v[0] = p[3];
337 v[1] = p[4];
338 /* SSLv2 */
339 if (!(s->options & SSL_OP_NO_SSLv2))
340 type = 1;
341 } else if (p[3] == SSL3_VERSION_MAJOR) {
342 v[0] = p[3];
343 v[1] = p[4];
344 /* SSLv3/TLSv1 */
345 if (p[4] >= TLS1_VERSION_MINOR) {
346 if (p[4] >= TLS1_2_VERSION_MINOR &&
347 !(s->options & SSL_OP_NO_TLSv1_2)) {
348 s->version = TLS1_2_VERSION;
349 s->state = SSL23_ST_SR_CLNT_HELLO_B;
350 } else if (p[4] >= TLS1_1_VERSION_MINOR &&
351 !(s->options & SSL_OP_NO_TLSv1_1)) {
352 s->version = TLS1_1_VERSION;
353 /* type=2; */ /* done later to survive restarts */
354 s->state = SSL23_ST_SR_CLNT_HELLO_B;
355 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
356 s->version = TLS1_VERSION;
357 /* type=2; */ /* done later to survive restarts */
358 s->state = SSL23_ST_SR_CLNT_HELLO_B;
359 } else if (!(s->options & SSL_OP_NO_SSLv3)) {
360 s->version = SSL3_VERSION;
361 /* type=2; */
362 s->state = SSL23_ST_SR_CLNT_HELLO_B;
363 } else if (!(s->options & SSL_OP_NO_SSLv2)) {
364 type = 1;
365 }
366 } else if (!(s->options & SSL_OP_NO_SSLv3)) {
367 s->version = SSL3_VERSION;
368 /* type=2; */
369 s->state = SSL23_ST_SR_CLNT_HELLO_B;
370 } else if (!(s->options & SSL_OP_NO_SSLv2))
371 type = 1;
372
373 }
374 } else if ((p[0] == SSL3_RT_HANDSHAKE) &&
375 (p[1] == SSL3_VERSION_MAJOR) &&
376 (p[5] == SSL3_MT_CLIENT_HELLO) &&
377 ((p[3] == 0 && p[4] < 5 /* silly record length? */) ||
378 (p[9] >= p[1]))) {
379 /*
380 * SSLv3 or tls1 header
381 */
382
383 v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
384 /* We must look at client_version inside the Client Hello message
385 * to get the correct minor version.
386 * However if we have only a pathologically small fragment of the
387 * Client Hello message, this would be difficult, and we'd have
388 * to read more records to find out.
389 * No known SSL 3.0 client fragments ClientHello like this,
390 * so we simply reject such connections to avoid
391 * protocol version downgrade attacks. */
392 if (p[3] == 0 && p[4] < 6) {
393 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
394 SSL_R_RECORD_TOO_SMALL);
395 return -1;
396 }
397 /* if major version number > 3 set minor to a value
398 * which will use the highest version 3 we support.
399 * If TLS 2.0 ever appears we will need to revise
400 * this....
401 */
402 if (p[9] > SSL3_VERSION_MAJOR)
403 v[1] = 0xff;
404 else
405 v[1] = p[10]; /* minor version according to client_version */
406 if (v[1] >= TLS1_VERSION_MINOR) {
407 if (v[1] >= TLS1_2_VERSION_MINOR &&
408 !(s->options & SSL_OP_NO_TLSv1_2)) {
409 s->version = TLS1_2_VERSION;
410 type = 3;
411 } else if (v[1] >= TLS1_1_VERSION_MINOR &&
412 !(s->options & SSL_OP_NO_TLSv1_1)) {
413 s->version = TLS1_1_VERSION;
414 type = 3;
415 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
416 s->version = TLS1_VERSION;
417 type = 3;
418 } else if (!(s->options & SSL_OP_NO_SSLv3)) {
419 s->version = SSL3_VERSION;
420 type = 3;
421 }
422 } else {
423 /* client requests SSL 3.0 */
424 if (!(s->options & SSL_OP_NO_SSLv3)) {
425 s->version = SSL3_VERSION;
426 type = 3;
427 } else if (!(s->options & SSL_OP_NO_TLSv1)) {
428 /* we won't be able to use TLS of course,
429 * but this will send an appropriate alert */
430 s->version = TLS1_VERSION;
431 type = 3;
432 }
433 }
434 }
435 else if ((strncmp("GET ", (char *)p, 4) == 0) ||
436 (strncmp("POST ",(char *)p, 5) == 0) ||
437 (strncmp("HEAD ",(char *)p, 5) == 0) ||
438 (strncmp("PUT ", (char *)p, 4) == 0)) {
439 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
440 return -1;
441 } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
442 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
443 return -1;
444 }
445 }
446
447 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
448 /* we have SSLv3/TLSv1 in an SSLv2 header
449 * (other cases skip this state) */
450
451 type = 2;
452 p = s->packet;
453 v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
454 v[1] = p[4];
455
456 /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
457 * header is sent directly on the wire, not wrapped as a TLS
458 * record. It's format is:
459 * Byte Content
460 * 0-1 msg_length
461 * 2 msg_type
462 * 3-4 version
463 * 5-6 cipher_spec_length
464 * 7-8 session_id_length
465 * 9-10 challenge_length
466 * ... ...
467 */
468 n = ((p[0] & 0x7f) << 8) | p[1];
469 if (n > (1024 * 4)) {
470 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
471 return -1;
472 }
473 if (n < 9) {
474 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
475 SSL_R_RECORD_LENGTH_MISMATCH);
476 return -1;
477 }
478
479 j = ssl23_read_bytes(s, n + 2);
480 if (j != n + 2)
481 return -1;
482
483 ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
484 if (s->msg_callback)
485 s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
486 s->packet_length - 2, s, s->msg_callback_arg);
487
488 p = s->packet;
489 p += 5;
490 n2s(p, csl);
491 n2s(p, sil);
492 n2s(p, cl);
493 d = (unsigned char *)s->init_buf->data;
494 if ((csl + sil + cl + 11) != s->packet_length) {
495 /*
496 * We can't have TLS extensions in SSL 2.0 format
497 * Client Hello, can we ? Error condition should be
498 * '>' otherwise
499 */
500 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
501 SSL_R_RECORD_LENGTH_MISMATCH);
502 return -1;
503 }
504
505 /* record header: msg_type ... */
506 *(d++) = SSL3_MT_CLIENT_HELLO;
507 /* ... and length (actual value will be written later) */
508 d_len = d;
509 d += 3;
510
511 /* client_version */
512 *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
513 *(d++) = v[1];
514
515 /* lets populate the random area */
516 /* get the challenge_length */
517 i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
518 memset(d, 0, SSL3_RANDOM_SIZE);
519 memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
520 d += SSL3_RANDOM_SIZE;
521
522 /* no session-id reuse */
523 *(d++) = 0;
524
525 /* ciphers */
526 j = 0;
527 dd = d;
528 d += 2;
529 for (i = 0; i < csl; i += 3) {
530 if (p[i] != 0)
531 continue;
532 *(d++) = p[i + 1];
533 *(d++) = p[i + 2];
534 j += 2;
535 }
536 s2n(j, dd);
537
538 /* add in (no) COMPRESSION */
539 *(d++) = 1;
540 *(d++) = 0;
541
542 i = (d - (unsigned char *)s->init_buf->data) - 4;
543 l2n3((long)i, d_len);
544
545 /* get the data reused from the init_buf */
546 s->s3->tmp.reuse_message = 1;
547 s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
548 s->s3->tmp.message_size = i;
549 }
550
551 /* imaginary new state (for program structure): */
552 /* s->state = SSL23_SR_CLNT_HELLO_C */
553
554 if (type == 1) {
555 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
556 return -1;
557 }
558
559 if ((type == 2) || (type == 3)) {
560 /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
561
562 if (!ssl_init_wbio_buffer(s, 1))
563 return -1;
564
565 /* we are in this state */
566 s->state = SSL3_ST_SR_CLNT_HELLO_A;
567
568 if (type == 3) {
569 /* put the 'n' bytes we have read into the input buffer
570 * for SSLv3 */
571 s->rstate = SSL_ST_READ_HEADER;
572 s->packet_length = n;
573 if (s->s3->rbuf.buf == NULL)
574 if (!ssl3_setup_read_buffer(s))
575 return -1;
576
577 s->packet = &(s->s3->rbuf.buf[0]);
578 memcpy(s->packet, buf, n);
579 s->s3->rbuf.left = n;
580 s->s3->rbuf.offset = 0;
581 } else {
582 s->packet_length = 0;
583 s->s3->rbuf.left = 0;
584 s->s3->rbuf.offset = 0;
585 }
586 if (s->version == TLS1_2_VERSION)
587 s->method = TLSv1_2_server_method();
588 else if (s->version == TLS1_1_VERSION)
589 s->method = TLSv1_1_server_method();
590 else if (s->version == TLS1_VERSION)
591 s->method = TLSv1_server_method();
592 else
593 s->method = SSLv3_server_method();
594 s->handshake_func = s->method->ssl_accept;
595 }
596
597 if ((type < 1) || (type > 3)) {
598 /* bad, very bad */
599 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
600 return -1;
601 }
602 s->init_num = 0;
603
604 return (SSL_accept(s));
605}
606
607const SSL_METHOD *
608TLS_server_method(void)
609{
610 return &TLS_server_method_data;
611}
612
613static const SSL_METHOD *
614tls_any_get_server_method(int ver)
615{
616 if (ver == SSL3_VERSION)
617 return (NULL);
618 else
619 return ssl23_get_server_method(ver);
620}
621
622int
623tls_any_accept(SSL *s)
624{
625 int ret;
626 unsigned long old_options;
627
628 old_options = s->options;
629
630 s->options |= SSL_OP_NO_SSLv3;
631 ret = ssl23_accept(s);
632 s->options = old_options;
633
634 return ret;
635}
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
deleted file mode 100644
index 5a1d1e7443..0000000000
--- a/src/lib/libssl/s3_both.c
+++ /dev/null
@@ -1,721 +0,0 @@
1/* $OpenBSD: s3_both.c,v 1.43 2015/07/18 19:41:54 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <limits.h>
118#include <stdio.h>
119#include <string.h>
120
121#include "ssl_locl.h"
122
123#include <openssl/buffer.h>
124#include <openssl/evp.h>
125#include <openssl/objects.h>
126#include <openssl/x509.h>
127
128#include "bytestring.h"
129
130/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
131int
132ssl3_do_write(SSL *s, int type)
133{
134 int ret;
135
136 ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
137 s->init_num);
138 if (ret < 0)
139 return (-1);
140 if (type == SSL3_RT_HANDSHAKE)
141 /* should not be done for 'Hello Request's, but in that case
142 * we'll ignore the result anyway */
143 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret);
144
145 if (ret == s->init_num) {
146 if (s->msg_callback)
147 s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
148 return (1);
149 }
150 s->init_off += ret;
151 s->init_num -= ret;
152 return (0);
153}
154
155int
156ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
157{
158 unsigned char *p, *d;
159 unsigned long l;
160 int md_len;
161
162 if (s->state == a) {
163 d = (unsigned char *)s->init_buf->data;
164 p = &(d[4]);
165
166 md_len = s->method->ssl3_enc->finish_mac_length;
167 if (s->method->ssl3_enc->final_finish_mac(s, sender, slen,
168 s->s3->tmp.finish_md) != md_len)
169 return (0);
170 s->s3->tmp.finish_md_len = md_len;
171 memcpy(p, s->s3->tmp.finish_md, md_len);
172 p += md_len;
173 l = md_len;
174
175 /* Copy finished so we can use it for renegotiation checks. */
176 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
177 if (s->type == SSL_ST_CONNECT) {
178 memcpy(s->s3->previous_client_finished,
179 s->s3->tmp.finish_md, md_len);
180 s->s3->previous_client_finished_len = md_len;
181 } else {
182 memcpy(s->s3->previous_server_finished,
183 s->s3->tmp.finish_md, md_len);
184 s->s3->previous_server_finished_len = md_len;
185 }
186
187 *(d++) = SSL3_MT_FINISHED;
188 l2n3(l, d);
189 s->init_num = (int)l + 4;
190 s->init_off = 0;
191
192 s->state = b;
193 }
194
195 /* SSL3_ST_SEND_xxxxxx_HELLO_B */
196 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
197}
198
199/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
200static void
201ssl3_take_mac(SSL *s)
202{
203 const char *sender;
204 int slen;
205 /* If no new cipher setup return immediately: other functions will
206 * set the appropriate error.
207 */
208 if (s->s3->tmp.new_cipher == NULL)
209 return;
210 if (s->state & SSL_ST_CONNECT) {
211 sender = s->method->ssl3_enc->server_finished_label;
212 slen = s->method->ssl3_enc->server_finished_label_len;
213 } else {
214 sender = s->method->ssl3_enc->client_finished_label;
215 slen = s->method->ssl3_enc->client_finished_label_len;
216 }
217
218 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
219 sender, slen, s->s3->tmp.peer_finish_md);
220}
221
222int
223ssl3_get_finished(SSL *s, int a, int b)
224{
225 int al, ok, md_len;
226 long n;
227 CBS cbs;
228
229 n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED,
230 64, /* should actually be 36+4 :-) */ &ok);
231
232 if (!ok)
233 return ((int)n);
234
235 /* If this occurs, we have missed a message */
236 if (!s->s3->change_cipher_spec) {
237 al = SSL_AD_UNEXPECTED_MESSAGE;
238 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
239 goto f_err;
240 }
241 s->s3->change_cipher_spec = 0;
242
243 md_len = s->method->ssl3_enc->finish_mac_length;
244
245 if (n < 0) {
246 al = SSL_AD_DECODE_ERROR;
247 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
248 goto f_err;
249 }
250
251 CBS_init(&cbs, s->init_msg, n);
252
253 if (s->s3->tmp.peer_finish_md_len != md_len ||
254 CBS_len(&cbs) != md_len) {
255 al = SSL_AD_DECODE_ERROR;
256 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
257 goto f_err;
258 }
259
260 if (!CBS_mem_equal(&cbs, s->s3->tmp.peer_finish_md, CBS_len(&cbs))) {
261 al = SSL_AD_DECRYPT_ERROR;
262 SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
263 goto f_err;
264 }
265
266 /* Copy finished so we can use it for renegotiation checks. */
267 OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
268 if (s->type == SSL_ST_ACCEPT) {
269 memcpy(s->s3->previous_client_finished,
270 s->s3->tmp.peer_finish_md, md_len);
271 s->s3->previous_client_finished_len = md_len;
272 } else {
273 memcpy(s->s3->previous_server_finished,
274 s->s3->tmp.peer_finish_md, md_len);
275 s->s3->previous_server_finished_len = md_len;
276 }
277
278 return (1);
279f_err:
280 ssl3_send_alert(s, SSL3_AL_FATAL, al);
281 return (0);
282}
283
284/* for these 2 messages, we need to
285 * ssl->enc_read_ctx re-init
286 * ssl->s3->read_sequence zero
287 * ssl->s3->read_mac_secret re-init
288 * ssl->session->read_sym_enc assign
289 * ssl->session->read_hash assign
290 */
291int
292ssl3_send_change_cipher_spec(SSL *s, int a, int b)
293{
294 unsigned char *p;
295
296 if (s->state == a) {
297 p = (unsigned char *)s->init_buf->data;
298 *p = SSL3_MT_CCS;
299 s->init_num = 1;
300 s->init_off = 0;
301
302 s->state = b;
303 }
304
305 /* SSL3_ST_CW_CHANGE_B */
306 return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
307}
308
309static int
310ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
311{
312 int n;
313 unsigned char *p;
314
315 n = i2d_X509(x, NULL);
316 if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) {
317 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
318 return (-1);
319 }
320 p = (unsigned char *)&(buf->data[*l]);
321 l2n3(n, p);
322 i2d_X509(x, &p);
323 *l += n + 3;
324
325 return (0);
326}
327
328unsigned long
329ssl3_output_cert_chain(SSL *s, X509 *x)
330{
331 unsigned char *p;
332 int i;
333 unsigned long l = 7;
334 BUF_MEM *buf;
335 int no_chain;
336
337 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
338 no_chain = 1;
339 else
340 no_chain = 0;
341
342 /* TLSv1 sends a chain with nothing in it, instead of an alert */
343 buf = s->init_buf;
344 if (!BUF_MEM_grow_clean(buf, 10)) {
345 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
346 return (0);
347 }
348 if (x != NULL) {
349 if (no_chain) {
350 if (ssl3_add_cert_to_buf(buf, &l, x))
351 return (0);
352 } else {
353 X509_STORE_CTX xs_ctx;
354
355 if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
356 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
357 return (0);
358 }
359 X509_verify_cert(&xs_ctx);
360 /* Don't leave errors in the queue */
361 ERR_clear_error();
362 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
363 x = sk_X509_value(xs_ctx.chain, i);
364
365 if (ssl3_add_cert_to_buf(buf, &l, x)) {
366 X509_STORE_CTX_cleanup(&xs_ctx);
367 return 0;
368 }
369 }
370 X509_STORE_CTX_cleanup(&xs_ctx);
371 }
372 }
373 /* Thawte special :-) */
374 for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
375 x = sk_X509_value(s->ctx->extra_certs, i);
376 if (ssl3_add_cert_to_buf(buf, &l, x))
377 return (0);
378 }
379
380 l -= 7;
381 p = (unsigned char *)&(buf->data[4]);
382 l2n3(l, p);
383 l += 3;
384 p = (unsigned char *)&(buf->data[0]);
385 *(p++) = SSL3_MT_CERTIFICATE;
386 l2n3(l, p);
387 l += 4;
388 return (l);
389}
390
391/* Obtain handshake message of message type 'mt' (any if mt == -1),
392 * maximum acceptable body length 'max'.
393 * The first four bytes (msg_type and length) are read in state 'st1',
394 * the body is read in state 'stn'.
395 */
396long
397ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
398{
399 unsigned char *p;
400 uint32_t l;
401 long n;
402 int i, al;
403 CBS cbs;
404 uint8_t u8;
405
406 if (s->s3->tmp.reuse_message) {
407 s->s3->tmp.reuse_message = 0;
408 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
409 al = SSL_AD_UNEXPECTED_MESSAGE;
410 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
411 goto f_err;
412 }
413 *ok = 1;
414 s->init_msg = s->init_buf->data + 4;
415 s->init_num = (int)s->s3->tmp.message_size;
416 return s->init_num;
417 }
418
419 p = (unsigned char *)s->init_buf->data;
420
421 if (s->state == st1) /* s->init_num < 4 */
422 {
423 int skip_message;
424
425 do {
426 while (s->init_num < 4) {
427 i = s->method->ssl_read_bytes(s,
428 SSL3_RT_HANDSHAKE, &p[s->init_num],
429 4 - s->init_num, 0);
430 if (i <= 0) {
431 s->rwstate = SSL_READING;
432 *ok = 0;
433 return i;
434 }
435 s->init_num += i;
436 }
437
438 skip_message = 0;
439 if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) {
440 /*
441 * The server may always send 'Hello Request'
442 * messages -- we are doing a handshake anyway
443 * now, so ignore them if their format is
444 * correct. Does not count for 'Finished' MAC.
445 */
446 if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
447 s->init_num = 0;
448 skip_message = 1;
449
450 if (s->msg_callback)
451 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
452 }
453 }
454
455 } while (skip_message);
456
457 /* s->init_num == 4 */
458
459 if ((mt >= 0) && (*p != mt)) {
460 al = SSL_AD_UNEXPECTED_MESSAGE;
461 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
462 goto f_err;
463 }
464
465 /* XXX remove call to n2l3 */
466 CBS_init(&cbs, p, 4);
467 if (!CBS_get_u8(&cbs, &u8) ||
468 !CBS_get_u24(&cbs, &l)) {
469 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
470 goto err;
471 }
472 s->s3->tmp.message_type = u8;
473
474 if (l > (unsigned long)max) {
475 al = SSL_AD_ILLEGAL_PARAMETER;
476 SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
477 goto f_err;
478 }
479 if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) {
480 SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
481 goto err;
482 }
483 s->s3->tmp.message_size = l;
484 s->state = stn;
485
486 s->init_msg = s->init_buf->data + 4;
487 s->init_num = 0;
488 }
489
490 /* next state (stn) */
491 p = s->init_msg;
492 n = s->s3->tmp.message_size - s->init_num;
493 while (n > 0) {
494 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
495 &p[s->init_num], n, 0);
496 if (i <= 0) {
497 s->rwstate = SSL_READING;
498 *ok = 0;
499 return i;
500 }
501 s->init_num += i;
502 n -= i;
503 }
504
505 /* If receiving Finished, record MAC of prior handshake messages for
506 * Finished verification. */
507 if (*s->init_buf->data == SSL3_MT_FINISHED)
508 ssl3_take_mac(s);
509
510 /* Feed this message into MAC computation. */
511 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
512 if (s->msg_callback)
513 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
514 *ok = 1;
515 return s->init_num;
516f_err:
517 ssl3_send_alert(s, SSL3_AL_FATAL, al);
518err:
519 *ok = 0;
520 return (-1);
521}
522
523int
524ssl_cert_type(X509 *x, EVP_PKEY *pkey)
525{
526 EVP_PKEY *pk;
527 int ret = -1, i;
528
529 if (pkey == NULL)
530 pk = X509_get_pubkey(x);
531 else
532 pk = pkey;
533 if (pk == NULL)
534 goto err;
535
536 i = pk->type;
537 if (i == EVP_PKEY_RSA) {
538 ret = SSL_PKEY_RSA_ENC;
539 } else if (i == EVP_PKEY_DSA) {
540 ret = SSL_PKEY_DSA_SIGN;
541 }
542 else if (i == EVP_PKEY_EC) {
543 ret = SSL_PKEY_ECC;
544 } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
545 ret = SSL_PKEY_GOST01;
546 }
547err:
548 if (!pkey)
549 EVP_PKEY_free(pk);
550 return (ret);
551}
552
553int
554ssl_verify_alarm_type(long type)
555{
556 int al;
557
558 switch (type) {
559 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
560 case X509_V_ERR_UNABLE_TO_GET_CRL:
561 case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
562 al = SSL_AD_UNKNOWN_CA;
563 break;
564 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
565 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
566 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
567 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
568 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
569 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
570 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
571 case X509_V_ERR_CERT_NOT_YET_VALID:
572 case X509_V_ERR_CRL_NOT_YET_VALID:
573 case X509_V_ERR_CERT_UNTRUSTED:
574 case X509_V_ERR_CERT_REJECTED:
575 al = SSL_AD_BAD_CERTIFICATE;
576 break;
577 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
578 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
579 al = SSL_AD_DECRYPT_ERROR;
580 break;
581 case X509_V_ERR_CERT_HAS_EXPIRED:
582 case X509_V_ERR_CRL_HAS_EXPIRED:
583 al = SSL_AD_CERTIFICATE_EXPIRED;
584 break;
585 case X509_V_ERR_CERT_REVOKED:
586 al = SSL_AD_CERTIFICATE_REVOKED;
587 break;
588 case X509_V_ERR_OUT_OF_MEM:
589 al = SSL_AD_INTERNAL_ERROR;
590 break;
591 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
592 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
593 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
594 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
595 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
596 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
597 case X509_V_ERR_INVALID_CA:
598 al = SSL_AD_UNKNOWN_CA;
599 break;
600 case X509_V_ERR_APPLICATION_VERIFICATION:
601 al = SSL_AD_HANDSHAKE_FAILURE;
602 break;
603 case X509_V_ERR_INVALID_PURPOSE:
604 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
605 break;
606 default:
607 al = SSL_AD_CERTIFICATE_UNKNOWN;
608 break;
609 }
610 return (al);
611}
612
613int
614ssl3_setup_init_buffer(SSL *s)
615{
616 BUF_MEM *buf = NULL;
617
618 if (s->init_buf != NULL)
619 return (1);
620
621 if ((buf = BUF_MEM_new()) == NULL)
622 goto err;
623 if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH))
624 goto err;
625
626 s->init_buf = buf;
627 return (1);
628
629err:
630 BUF_MEM_free(buf);
631 return (0);
632}
633
634int
635ssl3_setup_read_buffer(SSL *s)
636{
637 unsigned char *p;
638 size_t len, align, headerlen;
639
640 if (SSL_IS_DTLS(s))
641 headerlen = DTLS1_RT_HEADER_LENGTH;
642 else
643 headerlen = SSL3_RT_HEADER_LENGTH;
644
645 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
646
647 if (s->s3->rbuf.buf == NULL) {
648 len = SSL3_RT_MAX_PLAIN_LENGTH +
649 SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
650 if ((p = malloc(len)) == NULL)
651 goto err;
652 s->s3->rbuf.buf = p;
653 s->s3->rbuf.len = len;
654 }
655
656 s->packet = &(s->s3->rbuf.buf[0]);
657 return 1;
658
659err:
660 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
661 return 0;
662}
663
664int
665ssl3_setup_write_buffer(SSL *s)
666{
667 unsigned char *p;
668 size_t len, align, headerlen;
669
670 if (SSL_IS_DTLS(s))
671 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
672 else
673 headerlen = SSL3_RT_HEADER_LENGTH;
674
675 align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
676
677 if (s->s3->wbuf.buf == NULL) {
678 len = s->max_send_fragment +
679 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
680 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
681 len += headerlen + align +
682 SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
683
684 if ((p = malloc(len)) == NULL)
685 goto err;
686 s->s3->wbuf.buf = p;
687 s->s3->wbuf.len = len;
688 }
689
690 return 1;
691
692err:
693 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
694 return 0;
695}
696
697int
698ssl3_setup_buffers(SSL *s)
699{
700 if (!ssl3_setup_read_buffer(s))
701 return 0;
702 if (!ssl3_setup_write_buffer(s))
703 return 0;
704 return 1;
705}
706
707int
708ssl3_release_write_buffer(SSL *s)
709{
710 free(s->s3->wbuf.buf);
711 s->s3->wbuf.buf = NULL;
712 return 1;
713}
714
715int
716ssl3_release_read_buffer(SSL *s)
717{
718 free(s->s3->rbuf.buf);
719 s->s3->rbuf.buf = NULL;
720 return 1;
721}
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
deleted file mode 100644
index 57485caacf..0000000000
--- a/src/lib/libssl/s3_cbc.c
+++ /dev/null
@@ -1,686 +0,0 @@
1/* $OpenBSD: s3_cbc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */
2/* ====================================================================
3 * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "ssl_locl.h"
57
58#include <openssl/md5.h>
59#include <openssl/sha.h>
60
61/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
62 * field. (SHA-384/512 have 128-bit length.) */
63#define MAX_HASH_BIT_COUNT_BYTES 16
64
65/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
66 * Currently SHA-384/512 has a 128-byte block size and that's the largest
67 * supported by TLS.) */
68#define MAX_HASH_BLOCK_SIZE 128
69
70/* Some utility functions are needed:
71 *
72 * These macros return the given value with the MSB copied to all the other
73 * bits. They use the fact that arithmetic shift shifts-in the sign bit.
74 * However, this is not ensured by the C standard so you may need to replace
75 * them with something else on odd CPUs. */
76#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1)))
77#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
78
79/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
80static unsigned
81constant_time_lt(unsigned a, unsigned b)
82{
83 a -= b;
84 return DUPLICATE_MSB_TO_ALL(a);
85}
86
87/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
88static unsigned
89constant_time_ge(unsigned a, unsigned b)
90{
91 a -= b;
92 return DUPLICATE_MSB_TO_ALL(~a);
93}
94
95/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
96static unsigned char
97constant_time_eq_8(unsigned a, unsigned b)
98{
99 unsigned c = a ^ b;
100 c--;
101 return DUPLICATE_MSB_TO_ALL_8(c);
102}
103
104/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
105 * record in |rec| by updating |rec->length| in constant time.
106 *
107 * block_size: the block size of the cipher used to encrypt the record.
108 * returns:
109 * 0: (in non-constant time) if the record is publicly invalid.
110 * 1: if the padding was valid
111 * -1: otherwise. */
112int
113ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
114 unsigned mac_size)
115{
116 unsigned padding_length, good;
117 const unsigned overhead = 1 /* padding length byte */ + mac_size;
118
119 /* These lengths are all public so we can test them in non-constant
120 * time. */
121 if (overhead > rec->length)
122 return 0;
123
124 padding_length = rec->data[rec->length - 1];
125 good = constant_time_ge(rec->length, padding_length + overhead);
126 /* SSLv3 requires that the padding is minimal. */
127 good &= constant_time_ge(block_size, padding_length + 1);
128 padding_length = good & (padding_length + 1);
129 rec->length -= padding_length;
130 rec->type |= padding_length << 8; /* kludge: pass padding length */
131 return (int)((good & 1) | (~good & -1));
132}
133
134/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
135 * record in |rec| in constant time and returns 1 if the padding is valid and
136 * -1 otherwise. It also removes any explicit IV from the start of the record
137 * without leaking any timing about whether there was enough space after the
138 * padding was removed.
139 *
140 * block_size: the block size of the cipher used to encrypt the record.
141 * returns:
142 * 0: (in non-constant time) if the record is publicly invalid.
143 * 1: if the padding was valid
144 * -1: otherwise. */
145int
146tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size,
147 unsigned mac_size)
148{
149 unsigned padding_length, good, to_check, i;
150 const unsigned overhead = 1 /* padding length byte */ + mac_size;
151
152 /* Check if version requires explicit IV */
153 if (SSL_USE_EXPLICIT_IV(s)) {
154 /* These lengths are all public so we can test them in
155 * non-constant time.
156 */
157 if (overhead + block_size > rec->length)
158 return 0;
159 /* We can now safely skip explicit IV */
160 rec->data += block_size;
161 rec->input += block_size;
162 rec->length -= block_size;
163 } else if (overhead > rec->length)
164 return 0;
165
166 padding_length = rec->data[rec->length - 1];
167
168 if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
169 /* padding is already verified */
170 rec->length -= padding_length + 1;
171 return 1;
172 }
173
174 good = constant_time_ge(rec->length, overhead + padding_length);
175 /* The padding consists of a length byte at the end of the record and
176 * then that many bytes of padding, all with the same value as the
177 * length byte. Thus, with the length byte included, there are i+1
178 * bytes of padding.
179 *
180 * We can't check just |padding_length+1| bytes because that leaks
181 * decrypted information. Therefore we always have to check the maximum
182 * amount of padding possible. (Again, the length of the record is
183 * public information so we can use it.) */
184 to_check = 255; /* maximum amount of padding. */
185 if (to_check > rec->length - 1)
186 to_check = rec->length - 1;
187
188 for (i = 0; i < to_check; i++) {
189 unsigned char mask = constant_time_ge(padding_length, i);
190 unsigned char b = rec->data[rec->length - 1 - i];
191 /* The final |padding_length+1| bytes should all have the value
192 * |padding_length|. Therefore the XOR should be zero. */
193 good &= ~(mask&(padding_length ^ b));
194 }
195
196 /* If any of the final |padding_length+1| bytes had the wrong value,
197 * one or more of the lower eight bits of |good| will be cleared. We
198 * AND the bottom 8 bits together and duplicate the result to all the
199 * bits. */
200 good &= good >> 4;
201 good &= good >> 2;
202 good &= good >> 1;
203 good <<= sizeof(good)*8 - 1;
204 good = DUPLICATE_MSB_TO_ALL(good);
205
206 padding_length = good & (padding_length + 1);
207 rec->length -= padding_length;
208 rec->type |= padding_length<<8; /* kludge: pass padding length */
209
210 return (int)((good & 1) | (~good & -1));
211}
212
213/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
214 * constant time (independent of the concrete value of rec->length, which may
215 * vary within a 256-byte window).
216 *
217 * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
218 * this function.
219 *
220 * On entry:
221 * rec->orig_len >= md_size
222 * md_size <= EVP_MAX_MD_SIZE
223 *
224 * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
225 * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
226 * a single or pair of cache-lines, then the variable memory accesses don't
227 * actually affect the timing. CPUs with smaller cache-lines [if any] are
228 * not multi-core and are not considered vulnerable to cache-timing attacks.
229 */
230#define CBC_MAC_ROTATE_IN_PLACE
231
232void
233ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec,
234 unsigned md_size, unsigned orig_len)
235{
236#if defined(CBC_MAC_ROTATE_IN_PLACE)
237 unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
238 unsigned char *rotated_mac;
239#else
240 unsigned char rotated_mac[EVP_MAX_MD_SIZE];
241#endif
242
243 /* mac_end is the index of |rec->data| just after the end of the MAC. */
244 unsigned mac_end = rec->length;
245 unsigned mac_start = mac_end - md_size;
246 /* scan_start contains the number of bytes that we can ignore because
247 * the MAC's position can only vary by 255 bytes. */
248 unsigned scan_start = 0;
249 unsigned i, j;
250 unsigned div_spoiler;
251 unsigned rotate_offset;
252
253 OPENSSL_assert(orig_len >= md_size);
254 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
255
256#if defined(CBC_MAC_ROTATE_IN_PLACE)
257 rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63);
258#endif
259
260 /* This information is public so it's safe to branch based on it. */
261 if (orig_len > md_size + 255 + 1)
262 scan_start = orig_len - (md_size + 255 + 1);
263 /* div_spoiler contains a multiple of md_size that is used to cause the
264 * modulo operation to be constant time. Without this, the time varies
265 * based on the amount of padding when running on Intel chips at least.
266 *
267 * The aim of right-shifting md_size is so that the compiler doesn't
268 * figure out that it can remove div_spoiler as that would require it
269 * to prove that md_size is always even, which I hope is beyond it. */
270 div_spoiler = md_size >> 1;
271 div_spoiler <<= (sizeof(div_spoiler) - 1) * 8;
272 rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
273
274 memset(rotated_mac, 0, md_size);
275 for (i = scan_start, j = 0; i < orig_len; i++) {
276 unsigned char mac_started = constant_time_ge(i, mac_start);
277 unsigned char mac_ended = constant_time_ge(i, mac_end);
278 unsigned char b = rec->data[i];
279 rotated_mac[j++] |= b & mac_started & ~mac_ended;
280 j &= constant_time_lt(j, md_size);
281 }
282
283 /* Now rotate the MAC */
284#if defined(CBC_MAC_ROTATE_IN_PLACE)
285 j = 0;
286 for (i = 0; i < md_size; i++) {
287 /* in case cache-line is 32 bytes, touch second line */
288 ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
289 out[j++] = rotated_mac[rotate_offset++];
290 rotate_offset &= constant_time_lt(rotate_offset, md_size);
291 }
292#else
293 memset(out, 0, md_size);
294 rotate_offset = md_size - rotate_offset;
295 rotate_offset &= constant_time_lt(rotate_offset, md_size);
296 for (i = 0; i < md_size; i++) {
297 for (j = 0; j < md_size; j++)
298 out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
299 rotate_offset++;
300 rotate_offset &= constant_time_lt(rotate_offset, md_size);
301 }
302#endif
303}
304
305/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
306 * little-endian order. The value of p is advanced by four. */
307#define u32toLE(n, p) \
308 (*((p)++)=(unsigned char)(n), \
309 *((p)++)=(unsigned char)(n>>8), \
310 *((p)++)=(unsigned char)(n>>16), \
311 *((p)++)=(unsigned char)(n>>24))
312
313/* These functions serialize the state of a hash and thus perform the standard
314 * "final" operation without adding the padding and length that such a function
315 * typically does. */
316static void
317tls1_md5_final_raw(void* ctx, unsigned char *md_out)
318{
319 MD5_CTX *md5 = ctx;
320 u32toLE(md5->A, md_out);
321 u32toLE(md5->B, md_out);
322 u32toLE(md5->C, md_out);
323 u32toLE(md5->D, md_out);
324}
325
326static void
327tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
328{
329 SHA_CTX *sha1 = ctx;
330 l2n(sha1->h0, md_out);
331 l2n(sha1->h1, md_out);
332 l2n(sha1->h2, md_out);
333 l2n(sha1->h3, md_out);
334 l2n(sha1->h4, md_out);
335}
336#define LARGEST_DIGEST_CTX SHA_CTX
337
338static void
339tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
340{
341 SHA256_CTX *sha256 = ctx;
342 unsigned i;
343
344 for (i = 0; i < 8; i++) {
345 l2n(sha256->h[i], md_out);
346 }
347}
348#undef LARGEST_DIGEST_CTX
349#define LARGEST_DIGEST_CTX SHA256_CTX
350
351static void
352tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
353{
354 SHA512_CTX *sha512 = ctx;
355 unsigned i;
356
357 for (i = 0; i < 8; i++) {
358 l2n8(sha512->h[i], md_out);
359 }
360}
361#undef LARGEST_DIGEST_CTX
362#define LARGEST_DIGEST_CTX SHA512_CTX
363
364/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
365 * which ssl3_cbc_digest_record supports. */
366char
367ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
368{
369 switch (EVP_MD_CTX_type(ctx)) {
370 case NID_md5:
371 case NID_sha1:
372 case NID_sha224:
373 case NID_sha256:
374 case NID_sha384:
375 case NID_sha512:
376 return 1;
377 default:
378 return 0;
379 }
380}
381
382/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
383 * record.
384 *
385 * ctx: the EVP_MD_CTX from which we take the hash function.
386 * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
387 * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
388 * md_out_size: if non-NULL, the number of output bytes is written here.
389 * header: the 13-byte, TLS record header.
390 * data: the record data itself, less any preceeding explicit IV.
391 * data_plus_mac_size: the secret, reported length of the data and MAC
392 * once the padding has been removed.
393 * data_plus_mac_plus_padding_size: the public length of the whole
394 * record, including padding.
395 * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
396 *
397 * On entry: by virtue of having been through one of the remove_padding
398 * functions, above, we know that data_plus_mac_size is large enough to contain
399 * a padding byte and MAC. (If the padding was invalid, it might contain the
400 * padding too. ) */
401int
402ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
403 size_t* md_out_size, const unsigned char header[13],
404 const unsigned char *data, size_t data_plus_mac_size,
405 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
406 unsigned mac_secret_length, char is_sslv3)
407{
408 union { double align;
409 unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
410 } md_state;
411 void (*md_final_raw)(void *ctx, unsigned char *md_out);
412 void (*md_transform)(void *ctx, const unsigned char *block);
413 unsigned md_size, md_block_size = 64;
414 unsigned sslv3_pad_length = 40, header_length, variance_blocks,
415 len, max_mac_bytes, num_blocks,
416 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
417 unsigned int bits; /* at most 18 bits */
418 unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
419 /* hmac_pad is the masked HMAC key. */
420 unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
421 unsigned char first_block[MAX_HASH_BLOCK_SIZE];
422 unsigned char mac_out[EVP_MAX_MD_SIZE];
423 unsigned i, j, md_out_size_u;
424 EVP_MD_CTX md_ctx;
425 /* mdLengthSize is the number of bytes in the length field that terminates
426 * the hash. */
427 unsigned md_length_size = 8;
428 char length_is_big_endian = 1;
429
430 /* This is a, hopefully redundant, check that allows us to forget about
431 * many possible overflows later in this function. */
432 OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
433
434 switch (EVP_MD_CTX_type(ctx)) {
435 case NID_md5:
436 MD5_Init((MD5_CTX*)md_state.c);
437 md_final_raw = tls1_md5_final_raw;
438 md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
439 md_size = 16;
440 sslv3_pad_length = 48;
441 length_is_big_endian = 0;
442 break;
443 case NID_sha1:
444 SHA1_Init((SHA_CTX*)md_state.c);
445 md_final_raw = tls1_sha1_final_raw;
446 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
447 md_size = 20;
448 break;
449 case NID_sha224:
450 SHA224_Init((SHA256_CTX*)md_state.c);
451 md_final_raw = tls1_sha256_final_raw;
452 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
453 md_size = 224/8;
454 break;
455 case NID_sha256:
456 SHA256_Init((SHA256_CTX*)md_state.c);
457 md_final_raw = tls1_sha256_final_raw;
458 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
459 md_size = 32;
460 break;
461 case NID_sha384:
462 SHA384_Init((SHA512_CTX*)md_state.c);
463 md_final_raw = tls1_sha512_final_raw;
464 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
465 md_size = 384/8;
466 md_block_size = 128;
467 md_length_size = 16;
468 break;
469 case NID_sha512:
470 SHA512_Init((SHA512_CTX*)md_state.c);
471 md_final_raw = tls1_sha512_final_raw;
472 md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
473 md_size = 64;
474 md_block_size = 128;
475 md_length_size = 16;
476 break;
477 default:
478 /* ssl3_cbc_record_digest_supported should have been
479 * called first to check that the hash function is
480 * supported. */
481 OPENSSL_assert(0);
482 if (md_out_size)
483 *md_out_size = 0;
484 return 0;
485 }
486
487 OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
488 OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
489 OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
490
491 header_length = 13;
492 if (is_sslv3) {
493 header_length = mac_secret_length + sslv3_pad_length +
494 8 /* sequence number */ +
495 1 /* record type */ +
496 2 /* record length */;
497 }
498
499 /* variance_blocks is the number of blocks of the hash that we have to
500 * calculate in constant time because they could be altered by the
501 * padding value.
502 *
503 * In SSLv3, the padding must be minimal so the end of the plaintext
504 * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
505 * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
506 * termination (0x80 + 64-bit length) don't fit in the final block, we
507 * say that the final two blocks can vary based on the padding.
508 *
509 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
510 * required to be minimal. Therefore we say that the final six blocks
511 * can vary based on the padding.
512 *
513 * Later in the function, if the message is short and there obviously
514 * cannot be this many blocks then variance_blocks can be reduced. */
515 variance_blocks = is_sslv3 ? 2 : 6;
516 /* From now on we're dealing with the MAC, which conceptually has 13
517 * bytes of `header' before the start of the data (TLS) or 71/75 bytes
518 * (SSLv3) */
519 len = data_plus_mac_plus_padding_size + header_length;
520 /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
521 * |header|, assuming that there's no padding. */
522 max_mac_bytes = len - md_size - 1;
523 /* num_blocks is the maximum number of hash blocks. */
524 num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
525 /* In order to calculate the MAC in constant time we have to handle
526 * the final blocks specially because the padding value could cause the
527 * end to appear somewhere in the final |variance_blocks| blocks and we
528 * can't leak where. However, |num_starting_blocks| worth of data can
529 * be hashed right away because no padding value can affect whether
530 * they are plaintext. */
531 num_starting_blocks = 0;
532 /* k is the starting byte offset into the conceptual header||data where
533 * we start processing. */
534 k = 0;
535 /* mac_end_offset is the index just past the end of the data to be
536 * MACed. */
537 mac_end_offset = data_plus_mac_size + header_length - md_size;
538 /* c is the index of the 0x80 byte in the final hash block that
539 * contains application data. */
540 c = mac_end_offset % md_block_size;
541 /* index_a is the hash block number that contains the 0x80 terminating
542 * value. */
543 index_a = mac_end_offset / md_block_size;
544 /* index_b is the hash block number that contains the 64-bit hash
545 * length, in bits. */
546 index_b = (mac_end_offset + md_length_size) / md_block_size;
547 /* bits is the hash-length in bits. It includes the additional hash
548 * block for the masked HMAC key, or whole of |header| in the case of
549 * SSLv3. */
550
551 /* For SSLv3, if we're going to have any starting blocks then we need
552 * at least two because the header is larger than a single block. */
553 if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
554 num_starting_blocks = num_blocks - variance_blocks;
555 k = md_block_size*num_starting_blocks;
556 }
557
558 bits = 8*mac_end_offset;
559 if (!is_sslv3) {
560 /* Compute the initial HMAC block. For SSLv3, the padding and
561 * secret bytes are included in |header| because they take more
562 * than a single block. */
563 bits += 8*md_block_size;
564 memset(hmac_pad, 0, md_block_size);
565 OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
566 memcpy(hmac_pad, mac_secret, mac_secret_length);
567 for (i = 0; i < md_block_size; i++)
568 hmac_pad[i] ^= 0x36;
569
570 md_transform(md_state.c, hmac_pad);
571 }
572
573 if (length_is_big_endian) {
574 memset(length_bytes, 0, md_length_size - 4);
575 length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
576 length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
577 length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
578 length_bytes[md_length_size - 1] = (unsigned char)bits;
579 } else {
580 memset(length_bytes, 0, md_length_size);
581 length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
582 length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
583 length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
584 length_bytes[md_length_size - 8] = (unsigned char)bits;
585 }
586
587 if (k > 0) {
588 if (is_sslv3) {
589 /* The SSLv3 header is larger than a single block.
590 * overhang is the number of bytes beyond a single
591 * block that the header consumes: either 7 bytes
592 * (SHA1) or 11 bytes (MD5). */
593 unsigned overhang = header_length - md_block_size;
594 md_transform(md_state.c, header);
595 memcpy(first_block, header + md_block_size, overhang);
596 memcpy(first_block + overhang, data, md_block_size - overhang);
597 md_transform(md_state.c, first_block);
598 for (i = 1; i < k/md_block_size - 1; i++)
599 md_transform(md_state.c, data + md_block_size*i - overhang);
600 } else {
601 /* k is a multiple of md_block_size. */
602 memcpy(first_block, header, 13);
603 memcpy(first_block + 13, data, md_block_size - 13);
604 md_transform(md_state.c, first_block);
605 for (i = 1; i < k/md_block_size; i++)
606 md_transform(md_state.c, data + md_block_size*i - 13);
607 }
608 }
609
610 memset(mac_out, 0, sizeof(mac_out));
611
612 /* We now process the final hash blocks. For each block, we construct
613 * it in constant time. If the |i==index_a| then we'll include the 0x80
614 * bytes and zero pad etc. For each block we selectively copy it, in
615 * constant time, to |mac_out|. */
616 for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) {
617 unsigned char block[MAX_HASH_BLOCK_SIZE];
618 unsigned char is_block_a = constant_time_eq_8(i, index_a);
619 unsigned char is_block_b = constant_time_eq_8(i, index_b);
620 for (j = 0; j < md_block_size; j++) {
621 unsigned char b = 0, is_past_c, is_past_cp1;
622 if (k < header_length)
623 b = header[k];
624 else if (k < data_plus_mac_plus_padding_size + header_length)
625 b = data[k - header_length];
626 k++;
627
628 is_past_c = is_block_a & constant_time_ge(j, c);
629 is_past_cp1 = is_block_a & constant_time_ge(j, c + 1);
630 /* If this is the block containing the end of the
631 * application data, and we are at the offset for the
632 * 0x80 value, then overwrite b with 0x80. */
633 b = (b&~is_past_c) | (0x80&is_past_c);
634 /* If this the the block containing the end of the
635 * application data and we're past the 0x80 value then
636 * just write zero. */
637 b = b&~is_past_cp1;
638 /* If this is index_b (the final block), but not
639 * index_a (the end of the data), then the 64-bit
640 * length didn't fit into index_a and we're having to
641 * add an extra block of zeros. */
642 b &= ~is_block_b | is_block_a;
643
644 /* The final bytes of one of the blocks contains the
645 * length. */
646 if (j >= md_block_size - md_length_size) {
647 /* If this is index_b, write a length byte. */
648 b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]);
649 }
650 block[j] = b;
651 }
652
653 md_transform(md_state.c, block);
654 md_final_raw(md_state.c, block);
655 /* If this is index_b, copy the hash value to |mac_out|. */
656 for (j = 0; j < md_size; j++)
657 mac_out[j] |= block[j]&is_block_b;
658 }
659
660 EVP_MD_CTX_init(&md_ctx);
661 if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) {
662 EVP_MD_CTX_cleanup(&md_ctx);
663 return 0;
664 }
665 if (is_sslv3) {
666 /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
667 memset(hmac_pad, 0x5c, sslv3_pad_length);
668
669 EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
670 EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
671 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
672 } else {
673 /* Complete the HMAC in the standard manner. */
674 for (i = 0; i < md_block_size; i++)
675 hmac_pad[i] ^= 0x6a;
676
677 EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
678 EVP_DigestUpdate(&md_ctx, mac_out, md_size);
679 }
680 EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
681 if (md_out_size)
682 *md_out_size = md_out_size_u;
683 EVP_MD_CTX_cleanup(&md_ctx);
684
685 return 1;
686}
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
deleted file mode 100644
index b739711732..0000000000
--- a/src/lib/libssl/s3_clnt.c
+++ /dev/null
@@ -1,2669 +0,0 @@
1/* $OpenBSD: s3_clnt.c,v 1.121 2015/07/29 19:16:09 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <limits.h>
152#include <stdint.h>
153#include <stdio.h>
154
155#include "ssl_locl.h"
156
157#include <openssl/bn.h>
158#include <openssl/buffer.h>
159#include <openssl/dh.h>
160#include <openssl/evp.h>
161#include <openssl/md5.h>
162#include <openssl/objects.h>
163
164#ifndef OPENSSL_NO_ENGINE
165#include <openssl/engine.h>
166#endif
167#ifndef OPENSSL_NO_GOST
168#include <openssl/gost.h>
169#endif
170
171#include "bytestring.h"
172
173#ifdef __OpenBSD__
174#include <sys/cdefs.h>
175__warn_references(SSLv3_client_method,
176 "SSLv3_client_method() enables the use of insecure protocols");
177#endif
178
179static const SSL_METHOD *ssl3_get_client_method(int ver);
180static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
181
182const SSL_METHOD SSLv3_client_method_data = {
183 .version = SSL3_VERSION,
184 .ssl_new = ssl3_new,
185 .ssl_clear = ssl3_clear,
186 .ssl_free = ssl3_free,
187 .ssl_accept = ssl_undefined_function,
188 .ssl_connect = ssl3_connect,
189 .ssl_read = ssl3_read,
190 .ssl_peek = ssl3_peek,
191 .ssl_write = ssl3_write,
192 .ssl_shutdown = ssl3_shutdown,
193 .ssl_renegotiate = ssl3_renegotiate,
194 .ssl_renegotiate_check = ssl3_renegotiate_check,
195 .ssl_get_message = ssl3_get_message,
196 .ssl_read_bytes = ssl3_read_bytes,
197 .ssl_write_bytes = ssl3_write_bytes,
198 .ssl_dispatch_alert = ssl3_dispatch_alert,
199 .ssl_ctrl = ssl3_ctrl,
200 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
201 .get_cipher_by_char = ssl3_get_cipher_by_char,
202 .put_cipher_by_char = ssl3_put_cipher_by_char,
203 .ssl_pending = ssl3_pending,
204 .num_ciphers = ssl3_num_ciphers,
205 .get_cipher = ssl3_get_cipher,
206 .get_ssl_method = ssl3_get_client_method,
207 .get_timeout = ssl3_default_timeout,
208 .ssl3_enc = &SSLv3_enc_data,
209 .ssl_version = ssl_undefined_void_function,
210 .ssl_callback_ctrl = ssl3_callback_ctrl,
211 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
212};
213
214const SSL_METHOD *
215SSLv3_client_method(void)
216{
217 return &SSLv3_client_method_data;
218}
219
220static const SSL_METHOD *
221ssl3_get_client_method(int ver)
222{
223 if (ver == SSL3_VERSION)
224 return (SSLv3_client_method());
225 return (NULL);
226}
227
228int
229ssl3_connect(SSL *s)
230{
231 void (*cb)(const SSL *ssl, int type, int val) = NULL;
232 int ret = -1;
233 int new_state, state, skip = 0;
234
235 ERR_clear_error();
236 errno = 0;
237
238 if (s->info_callback != NULL)
239 cb = s->info_callback;
240 else if (s->ctx->info_callback != NULL)
241 cb = s->ctx->info_callback;
242
243 s->in_handshake++;
244 if (!SSL_in_init(s) || SSL_in_before(s))
245 SSL_clear(s);
246
247 for (;;) {
248 state = s->state;
249
250 switch (s->state) {
251 case SSL_ST_RENEGOTIATE:
252 s->renegotiate = 1;
253 s->state = SSL_ST_CONNECT;
254 s->ctx->stats.sess_connect_renegotiate++;
255 /* break */
256 case SSL_ST_BEFORE:
257 case SSL_ST_CONNECT:
258 case SSL_ST_BEFORE|SSL_ST_CONNECT:
259 case SSL_ST_OK|SSL_ST_CONNECT:
260
261 s->server = 0;
262 if (cb != NULL)
263 cb(s, SSL_CB_HANDSHAKE_START, 1);
264
265 if ((s->version & 0xff00 ) != 0x0300) {
266 SSLerr(SSL_F_SSL3_CONNECT,
267 ERR_R_INTERNAL_ERROR);
268 ret = -1;
269 goto end;
270 }
271
272 /* s->version=SSL3_VERSION; */
273 s->type = SSL_ST_CONNECT;
274
275 if (!ssl3_setup_init_buffer(s)) {
276 ret = -1;
277 goto end;
278 }
279 if (!ssl3_setup_buffers(s)) {
280 ret = -1;
281 goto end;
282 }
283 if (!ssl_init_wbio_buffer(s, 0)) {
284 ret = -1;
285 goto end;
286 }
287
288 /* don't push the buffering BIO quite yet */
289
290 if (!ssl3_init_finished_mac(s)) {
291 ret = -1;
292 goto end;
293 }
294
295 s->state = SSL3_ST_CW_CLNT_HELLO_A;
296 s->ctx->stats.sess_connect++;
297 s->init_num = 0;
298 break;
299
300 case SSL3_ST_CW_CLNT_HELLO_A:
301 case SSL3_ST_CW_CLNT_HELLO_B:
302
303 s->shutdown = 0;
304 ret = ssl3_client_hello(s);
305 if (ret <= 0)
306 goto end;
307 s->state = SSL3_ST_CR_SRVR_HELLO_A;
308 s->init_num = 0;
309
310 /* turn on buffering for the next lot of output */
311 if (s->bbio != s->wbio)
312 s->wbio = BIO_push(s->bbio, s->wbio);
313
314 break;
315
316 case SSL3_ST_CR_SRVR_HELLO_A:
317 case SSL3_ST_CR_SRVR_HELLO_B:
318 ret = ssl3_get_server_hello(s);
319 if (ret <= 0)
320 goto end;
321
322 if (s->hit) {
323 s->state = SSL3_ST_CR_FINISHED_A;
324 if (s->tlsext_ticket_expected) {
325 /* receive renewed session ticket */
326 s->state = SSL3_ST_CR_SESSION_TICKET_A;
327 }
328 } else
329 s->state = SSL3_ST_CR_CERT_A;
330 s->init_num = 0;
331 break;
332
333 case SSL3_ST_CR_CERT_A:
334 case SSL3_ST_CR_CERT_B:
335 ret = ssl3_check_finished(s);
336 if (ret <= 0)
337 goto end;
338 if (ret == 2) {
339 s->hit = 1;
340 if (s->tlsext_ticket_expected)
341 s->state = SSL3_ST_CR_SESSION_TICKET_A;
342 else
343 s->state = SSL3_ST_CR_FINISHED_A;
344 s->init_num = 0;
345 break;
346 }
347 /* Check if it is anon DH/ECDH. */
348 if (!(s->s3->tmp.new_cipher->algorithm_auth &
349 SSL_aNULL)) {
350 ret = ssl3_get_server_certificate(s);
351 if (ret <= 0)
352 goto end;
353 if (s->tlsext_status_expected)
354 s->state = SSL3_ST_CR_CERT_STATUS_A;
355 else
356 s->state = SSL3_ST_CR_KEY_EXCH_A;
357 } else {
358 skip = 1;
359 s->state = SSL3_ST_CR_KEY_EXCH_A;
360 }
361 s->init_num = 0;
362 break;
363
364 case SSL3_ST_CR_KEY_EXCH_A:
365 case SSL3_ST_CR_KEY_EXCH_B:
366 ret = ssl3_get_key_exchange(s);
367 if (ret <= 0)
368 goto end;
369 s->state = SSL3_ST_CR_CERT_REQ_A;
370 s->init_num = 0;
371
372 /*
373 * At this point we check that we have the
374 * required stuff from the server.
375 */
376 if (!ssl3_check_cert_and_algorithm(s)) {
377 ret = -1;
378 goto end;
379 }
380 break;
381
382 case SSL3_ST_CR_CERT_REQ_A:
383 case SSL3_ST_CR_CERT_REQ_B:
384 ret = ssl3_get_certificate_request(s);
385 if (ret <= 0)
386 goto end;
387 s->state = SSL3_ST_CR_SRVR_DONE_A;
388 s->init_num = 0;
389 break;
390
391 case SSL3_ST_CR_SRVR_DONE_A:
392 case SSL3_ST_CR_SRVR_DONE_B:
393 ret = ssl3_get_server_done(s);
394 if (ret <= 0)
395 goto end;
396 if (s->s3->tmp.cert_req)
397 s->state = SSL3_ST_CW_CERT_A;
398 else
399 s->state = SSL3_ST_CW_KEY_EXCH_A;
400 s->init_num = 0;
401
402 break;
403
404 case SSL3_ST_CW_CERT_A:
405 case SSL3_ST_CW_CERT_B:
406 case SSL3_ST_CW_CERT_C:
407 case SSL3_ST_CW_CERT_D:
408 ret = ssl3_send_client_certificate(s);
409 if (ret <= 0)
410 goto end;
411 s->state = SSL3_ST_CW_KEY_EXCH_A;
412 s->init_num = 0;
413 break;
414
415 case SSL3_ST_CW_KEY_EXCH_A:
416 case SSL3_ST_CW_KEY_EXCH_B:
417 ret = ssl3_send_client_key_exchange(s);
418 if (ret <= 0)
419 goto end;
420 /*
421 * EAY EAY EAY need to check for DH fix cert
422 * sent back
423 */
424 /*
425 * For TLS, cert_req is set to 2, so a cert chain
426 * of nothing is sent, but no verify packet is sent
427 */
428 /*
429 * XXX: For now, we do not support client
430 * authentication in ECDH cipher suites with
431 * ECDH (rather than ECDSA) certificates.
432 * We need to skip the certificate verify
433 * message when client's ECDH public key is sent
434 * inside the client certificate.
435 */
436 if (s->s3->tmp.cert_req == 1) {
437 s->state = SSL3_ST_CW_CERT_VRFY_A;
438 } else {
439 s->state = SSL3_ST_CW_CHANGE_A;
440 s->s3->change_cipher_spec = 0;
441 }
442 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
443 s->state = SSL3_ST_CW_CHANGE_A;
444 s->s3->change_cipher_spec = 0;
445 }
446
447 s->init_num = 0;
448 break;
449
450 case SSL3_ST_CW_CERT_VRFY_A:
451 case SSL3_ST_CW_CERT_VRFY_B:
452 ret = ssl3_send_client_verify(s);
453 if (ret <= 0)
454 goto end;
455 s->state = SSL3_ST_CW_CHANGE_A;
456 s->init_num = 0;
457 s->s3->change_cipher_spec = 0;
458 break;
459
460 case SSL3_ST_CW_CHANGE_A:
461 case SSL3_ST_CW_CHANGE_B:
462 ret = ssl3_send_change_cipher_spec(s,
463 SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B);
464 if (ret <= 0)
465 goto end;
466
467 if (s->s3->next_proto_neg_seen)
468 s->state = SSL3_ST_CW_NEXT_PROTO_A;
469 else
470 s->state = SSL3_ST_CW_FINISHED_A;
471 s->init_num = 0;
472
473 s->session->cipher = s->s3->tmp.new_cipher;
474 if (!s->method->ssl3_enc->setup_key_block(s)) {
475 ret = -1;
476 goto end;
477 }
478
479 if (!s->method->ssl3_enc->change_cipher_state(s,
480 SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
481 ret = -1;
482 goto end;
483 }
484
485 break;
486
487 case SSL3_ST_CW_NEXT_PROTO_A:
488 case SSL3_ST_CW_NEXT_PROTO_B:
489 ret = ssl3_send_next_proto(s);
490 if (ret <= 0)
491 goto end;
492 s->state = SSL3_ST_CW_FINISHED_A;
493 break;
494
495 case SSL3_ST_CW_FINISHED_A:
496 case SSL3_ST_CW_FINISHED_B:
497 ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A,
498 SSL3_ST_CW_FINISHED_B,
499 s->method->ssl3_enc->client_finished_label,
500 s->method->ssl3_enc->client_finished_label_len);
501 if (ret <= 0)
502 goto end;
503 s->s3->flags |= SSL3_FLAGS_CCS_OK;
504 s->state = SSL3_ST_CW_FLUSH;
505
506 /* clear flags */
507 s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
508 if (s->hit) {
509 s->s3->tmp.next_state = SSL_ST_OK;
510 if (s->s3->flags &
511 SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
512 s->state = SSL_ST_OK;
513 s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
514 s->s3->delay_buf_pop_ret = 0;
515 }
516 } else {
517 /* Allow NewSessionTicket if ticket expected */
518 if (s->tlsext_ticket_expected)
519 s->s3->tmp.next_state =
520 SSL3_ST_CR_SESSION_TICKET_A;
521 else
522
523 s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
524 }
525 s->init_num = 0;
526 break;
527
528 case SSL3_ST_CR_SESSION_TICKET_A:
529 case SSL3_ST_CR_SESSION_TICKET_B:
530 ret = ssl3_get_new_session_ticket(s);
531 if (ret <= 0)
532 goto end;
533 s->state = SSL3_ST_CR_FINISHED_A;
534 s->init_num = 0;
535 break;
536
537 case SSL3_ST_CR_CERT_STATUS_A:
538 case SSL3_ST_CR_CERT_STATUS_B:
539 ret = ssl3_get_cert_status(s);
540 if (ret <= 0)
541 goto end;
542 s->state = SSL3_ST_CR_KEY_EXCH_A;
543 s->init_num = 0;
544 break;
545
546 case SSL3_ST_CR_FINISHED_A:
547 case SSL3_ST_CR_FINISHED_B:
548 s->s3->flags |= SSL3_FLAGS_CCS_OK;
549 ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
550 SSL3_ST_CR_FINISHED_B);
551 if (ret <= 0)
552 goto end;
553
554 if (s->hit)
555 s->state = SSL3_ST_CW_CHANGE_A;
556 else
557 s->state = SSL_ST_OK;
558 s->init_num = 0;
559 break;
560
561 case SSL3_ST_CW_FLUSH:
562 s->rwstate = SSL_WRITING;
563 if (BIO_flush(s->wbio) <= 0) {
564 ret = -1;
565 goto end;
566 }
567 s->rwstate = SSL_NOTHING;
568 s->state = s->s3->tmp.next_state;
569 break;
570
571 case SSL_ST_OK:
572 /* clean a few things up */
573 ssl3_cleanup_key_block(s);
574
575 if (s->init_buf != NULL) {
576 BUF_MEM_free(s->init_buf);
577 s->init_buf = NULL;
578 }
579
580 /*
581 * If we are not 'joining' the last two packets,
582 * remove the buffering now
583 */
584 if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
585 ssl_free_wbio_buffer(s);
586 /* else do it later in ssl3_write */
587
588 s->init_num = 0;
589 s->renegotiate = 0;
590 s->new_session = 0;
591
592 ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
593 if (s->hit)
594 s->ctx->stats.sess_hit++;
595
596 ret = 1;
597 /* s->server=0; */
598 s->handshake_func = ssl3_connect;
599 s->ctx->stats.sess_connect_good++;
600
601 if (cb != NULL)
602 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
603
604 goto end;
605 /* break; */
606
607 default:
608 SSLerr(SSL_F_SSL3_CONNECT,
609 SSL_R_UNKNOWN_STATE);
610 ret = -1;
611 goto end;
612 /* break; */
613 }
614
615 /* did we do anything */
616 if (!s->s3->tmp.reuse_message && !skip) {
617 if (s->debug) {
618 if ((ret = BIO_flush(s->wbio)) <= 0)
619 goto end;
620 }
621
622 if ((cb != NULL) && (s->state != state)) {
623 new_state = s->state;
624 s->state = state;
625 cb(s, SSL_CB_CONNECT_LOOP, 1);
626 s->state = new_state;
627 }
628 }
629 skip = 0;
630 }
631
632end:
633 s->in_handshake--;
634 if (cb != NULL)
635 cb(s, SSL_CB_CONNECT_EXIT, ret);
636
637 return (ret);
638}
639
640
641int
642ssl3_client_hello(SSL *s)
643{
644 unsigned char *bufend, *p, *d;
645 int i;
646
647 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
648 SSL_SESSION *sess = s->session;
649
650 if ((sess == NULL) ||
651 (sess->ssl_version != s->version) ||
652 (!sess->session_id_length && !sess->tlsext_tick) ||
653 (sess->not_resumable)) {
654 if (!ssl_get_new_session(s, 0))
655 goto err;
656 }
657 /* else use the pre-loaded session */
658
659 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
660
661 d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO);
662
663 /*
664 * Version indicates the negotiated version: for example from
665 * an SSLv2/v3 compatible client hello). The client_version
666 * field is the maximum version we permit and it is also
667 * used in RSA encrypted premaster secrets. Some servers can
668 * choke if we initially report a higher version then
669 * renegotiate to a lower one in the premaster secret. This
670 * didn't happen with TLS 1.0 as most servers supported it
671 * but it can with TLS 1.1 or later if the server only supports
672 * 1.0.
673 *
674 * Possible scenario with previous logic:
675 * 1. Client hello indicates TLS 1.2
676 * 2. Server hello says TLS 1.0
677 * 3. RSA encrypted premaster secret uses 1.2.
678 * 4. Handhaked proceeds using TLS 1.0.
679 * 5. Server sends hello request to renegotiate.
680 * 6. Client hello indicates TLS v1.0 as we now
681 * know that is maximum server supports.
682 * 7. Server chokes on RSA encrypted premaster secret
683 * containing version 1.0.
684 *
685 * For interoperability it should be OK to always use the
686 * maximum version we support in client hello and then rely
687 * on the checking of version to ensure the servers isn't
688 * being inconsistent: for example initially negotiating with
689 * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
690 * client_version in client hello and not resetting it to
691 * the negotiated version.
692 */
693 *(p++) = s->client_version >> 8;
694 *(p++) = s->client_version & 0xff;
695
696 /* Random stuff */
697 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
698 p += SSL3_RANDOM_SIZE;
699
700 /* Session ID */
701 if (s->new_session)
702 i = 0;
703 else
704 i = s->session->session_id_length;
705 *(p++) = i;
706 if (i != 0) {
707 if (i > (int)sizeof(s->session->session_id)) {
708 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
709 ERR_R_INTERNAL_ERROR);
710 goto err;
711 }
712 memcpy(p, s->session->session_id, i);
713 p += i;
714 }
715
716 /* Ciphers supported */
717 i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]);
718 if (i == 0) {
719 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
720 SSL_R_NO_CIPHERS_AVAILABLE);
721 goto err;
722 }
723 s2n(i, p);
724 p += i;
725
726 /* add in (no) COMPRESSION */
727 *(p++) = 1;
728 *(p++) = 0; /* Add the NULL method */
729
730 /* TLS extensions*/
731 if (ssl_prepare_clienthello_tlsext(s) <= 0) {
732 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
733 SSL_R_CLIENTHELLO_TLSEXT);
734 goto err;
735 }
736 bufend = (unsigned char *)s->init_buf->data +
737 SSL3_RT_MAX_PLAIN_LENGTH;
738 if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) {
739 SSLerr(SSL_F_SSL3_CLIENT_HELLO,
740 ERR_R_INTERNAL_ERROR);
741 goto err;
742 }
743
744 s->state = SSL3_ST_CW_CLNT_HELLO_B;
745
746 ssl3_handshake_msg_finish(s, p - d);
747 }
748
749 /* SSL3_ST_CW_CLNT_HELLO_B */
750 return (ssl3_handshake_write(s));
751
752err:
753 return (-1);
754}
755
756int
757ssl3_get_server_hello(SSL *s)
758{
759 STACK_OF(SSL_CIPHER) *sk;
760 const SSL_CIPHER *c;
761 unsigned char *p, *q, *d;
762 int i, al, ok;
763 unsigned int j;
764 uint16_t cipher_value;
765 long n;
766 unsigned long alg_k;
767
768 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
769 SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok);
770
771 if (!ok)
772 return ((int)n);
773
774 if (SSL_IS_DTLS(s)) {
775 if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
776 if (s->d1->send_cookie == 0) {
777 s->s3->tmp.reuse_message = 1;
778 return (1);
779 } else {
780 /* Already sent a cookie. */
781 al = SSL_AD_UNEXPECTED_MESSAGE;
782 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
783 SSL_R_BAD_MESSAGE_TYPE);
784 goto f_err;
785 }
786 }
787 }
788
789 if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
790 al = SSL_AD_UNEXPECTED_MESSAGE;
791 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
792 SSL_R_BAD_MESSAGE_TYPE);
793 goto f_err;
794 }
795
796 d = p = (unsigned char *)s->init_msg;
797
798 if (2 > n)
799 goto truncated;
800 if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
801 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
802 s->version = (s->version&0xff00) | p[1];
803 al = SSL_AD_PROTOCOL_VERSION;
804 goto f_err;
805 }
806 p += 2;
807
808 /* load the server hello data */
809
810 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
811 goto truncated;
812
813 /* load the server random */
814 memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
815 p += SSL3_RANDOM_SIZE;
816
817 /* get the session-id */
818 j = *(p++);
819
820 if ((j > sizeof s->session->session_id) ||
821 (j > SSL3_SESSION_ID_SIZE)) {
822 al = SSL_AD_ILLEGAL_PARAMETER;
823 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
824 SSL_R_SSL3_SESSION_ID_TOO_LONG);
825 goto f_err;
826 }
827
828 if (p + j + 2 - d > n)
829 goto truncated;
830
831 /* Get the cipher value. */
832 q = p + j;
833 n2s(q, cipher_value);
834
835 /*
836 * Check if we want to resume the session based on external
837 * pre-shared secret
838 */
839 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
840 SSL_CIPHER *pref_cipher = NULL;
841 s->session->master_key_length = sizeof(s->session->master_key);
842 if (s->tls_session_secret_cb(s, s->session->master_key,
843 &s->session->master_key_length, NULL, &pref_cipher,
844 s->tls_session_secret_cb_arg)) {
845 s->session->cipher = pref_cipher ? pref_cipher :
846 ssl3_get_cipher_by_value(cipher_value);
847 s->s3->flags |= SSL3_FLAGS_CCS_OK;
848 }
849 }
850
851 if (j != 0 && j == s->session->session_id_length &&
852 timingsafe_memcmp(p, s->session->session_id, j) == 0) {
853 if (s->sid_ctx_length != s->session->sid_ctx_length ||
854 timingsafe_memcmp(s->session->sid_ctx,
855 s->sid_ctx, s->sid_ctx_length) != 0) {
856 /* actually a client application bug */
857 al = SSL_AD_ILLEGAL_PARAMETER;
858 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
859 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
860 goto f_err;
861 }
862 s->s3->flags |= SSL3_FLAGS_CCS_OK;
863 s->hit = 1;
864 } else {
865 /* a miss or crap from the other end */
866
867 /* If we were trying for session-id reuse, make a new
868 * SSL_SESSION so we don't stuff up other people */
869 s->hit = 0;
870 if (s->session->session_id_length > 0) {
871 if (!ssl_get_new_session(s, 0)) {
872 al = SSL_AD_INTERNAL_ERROR;
873 goto f_err;
874 }
875 }
876 s->session->session_id_length = j;
877 memcpy(s->session->session_id, p, j); /* j could be 0 */
878 }
879 p += j;
880
881 if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) {
882 /* unknown cipher */
883 al = SSL_AD_ILLEGAL_PARAMETER;
884 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
885 SSL_R_UNKNOWN_CIPHER_RETURNED);
886 goto f_err;
887 }
888
889 /* TLS v1.2 only ciphersuites require v1.2 or later */
890 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
891 (TLS1_get_version(s) < TLS1_2_VERSION)) {
892 al = SSL_AD_ILLEGAL_PARAMETER;
893 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
894 SSL_R_WRONG_CIPHER_RETURNED);
895 goto f_err;
896 }
897 p += SSL3_CIPHER_VALUE_SIZE;
898
899 sk = ssl_get_ciphers_by_id(s);
900 i = sk_SSL_CIPHER_find(sk, c);
901 if (i < 0) {
902 /* we did not say we would use this cipher */
903 al = SSL_AD_ILLEGAL_PARAMETER;
904 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
905 SSL_R_WRONG_CIPHER_RETURNED);
906 goto f_err;
907 }
908
909 /*
910 * Depending on the session caching (internal/external), the cipher
911 * and/or cipher_id values may not be set. Make sure that
912 * cipher_id is set and use it for comparison.
913 */
914 if (s->session->cipher)
915 s->session->cipher_id = s->session->cipher->id;
916 if (s->hit && (s->session->cipher_id != c->id)) {
917 al = SSL_AD_ILLEGAL_PARAMETER;
918 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
919 SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
920 goto f_err;
921 }
922 s->s3->tmp.new_cipher = c;
923 /*
924 * Don't digest cached records if no sigalgs: we may need them for
925 * client authentication.
926 */
927 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
928 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) &&
929 !ssl3_digest_cached_records(s)) {
930 al = SSL_AD_INTERNAL_ERROR;
931 goto f_err;
932 }
933 /* lets get the compression algorithm */
934 /* COMPRESSION */
935 if (p + 1 - d > n)
936 goto truncated;
937 if (*(p++) != 0) {
938 al = SSL_AD_ILLEGAL_PARAMETER;
939 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
940 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
941 goto f_err;
942 }
943
944 /* TLS extensions*/
945 if (s->version >= SSL3_VERSION) {
946 if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
947 /* 'al' set by ssl_parse_serverhello_tlsext */
948 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
949 SSL_R_PARSE_TLSEXT);
950 goto f_err;
951
952 }
953 if (ssl_check_serverhello_tlsext(s) <= 0) {
954 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
955 SSL_R_SERVERHELLO_TLSEXT);
956 goto err;
957 }
958 }
959
960 if (p != d + n)
961 goto truncated;
962
963 return (1);
964
965truncated:
966 /* wrong packet length */
967 al = SSL_AD_DECODE_ERROR;
968 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
969f_err:
970 ssl3_send_alert(s, SSL3_AL_FATAL, al);
971err:
972 return (-1);
973}
974
975int
976ssl3_get_server_certificate(SSL *s)
977{
978 int al, i, ok, ret = -1;
979 long n;
980 CBS cbs, cert_list;
981 X509 *x = NULL;
982 const unsigned char *q;
983 STACK_OF(X509) *sk = NULL;
984 SESS_CERT *sc;
985 EVP_PKEY *pkey = NULL;
986
987 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
988 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
989
990 if (!ok)
991 return ((int)n);
992
993 if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
994 s->s3->tmp.reuse_message = 1;
995 return (1);
996 }
997
998 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
999 al = SSL_AD_UNEXPECTED_MESSAGE;
1000 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1001 SSL_R_BAD_MESSAGE_TYPE);
1002 goto f_err;
1003 }
1004
1005
1006 if ((sk = sk_X509_new_null()) == NULL) {
1007 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1008 ERR_R_MALLOC_FAILURE);
1009 goto err;
1010 }
1011
1012 if (n < 0)
1013 goto truncated;
1014
1015 CBS_init(&cbs, s->init_msg, n);
1016 if (CBS_len(&cbs) < 3)
1017 goto truncated;
1018
1019 if (!CBS_get_u24_length_prefixed(&cbs, &cert_list) ||
1020 CBS_len(&cbs) != 0) {
1021 al = SSL_AD_DECODE_ERROR;
1022 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1023 SSL_R_LENGTH_MISMATCH);
1024 goto f_err;
1025 }
1026
1027 while (CBS_len(&cert_list) > 0) {
1028 CBS cert;
1029
1030 if (CBS_len(&cert_list) < 3)
1031 goto truncated;
1032 if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {
1033 al = SSL_AD_DECODE_ERROR;
1034 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1035 SSL_R_CERT_LENGTH_MISMATCH);
1036 goto f_err;
1037 }
1038
1039 q = CBS_data(&cert);
1040 x = d2i_X509(NULL, &q, CBS_len(&cert));
1041 if (x == NULL) {
1042 al = SSL_AD_BAD_CERTIFICATE;
1043 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1044 ERR_R_ASN1_LIB);
1045 goto f_err;
1046 }
1047 if (q != CBS_data(&cert) + CBS_len(&cert)) {
1048 al = SSL_AD_DECODE_ERROR;
1049 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1050 SSL_R_CERT_LENGTH_MISMATCH);
1051 goto f_err;
1052 }
1053 if (!sk_X509_push(sk, x)) {
1054 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1055 ERR_R_MALLOC_FAILURE);
1056 goto err;
1057 }
1058 x = NULL;
1059 }
1060
1061 i = ssl_verify_cert_chain(s, sk);
1062 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
1063 al = ssl_verify_alarm_type(s->verify_result);
1064 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1065 SSL_R_CERTIFICATE_VERIFY_FAILED);
1066 goto f_err;
1067
1068 }
1069 ERR_clear_error(); /* but we keep s->verify_result */
1070
1071 sc = ssl_sess_cert_new();
1072 if (sc == NULL)
1073 goto err;
1074 if (s->session->sess_cert)
1075 ssl_sess_cert_free(s->session->sess_cert);
1076 s->session->sess_cert = sc;
1077
1078 sc->cert_chain = sk;
1079 /*
1080 * Inconsistency alert: cert_chain does include the peer's
1081 * certificate, which we don't include in s3_srvr.c
1082 */
1083 x = sk_X509_value(sk, 0);
1084 sk = NULL;
1085 /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
1086
1087 pkey = X509_get_pubkey(x);
1088
1089 if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
1090 x = NULL;
1091 al = SSL3_AL_FATAL;
1092 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1093 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
1094 goto f_err;
1095 }
1096
1097 i = ssl_cert_type(x, pkey);
1098 if (i < 0) {
1099 x = NULL;
1100 al = SSL3_AL_FATAL;
1101 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1102 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
1103 goto f_err;
1104 }
1105
1106 sc->peer_cert_type = i;
1107 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1108 /*
1109 * Why would the following ever happen?
1110 * We just created sc a couple of lines ago.
1111 */
1112 if (sc->peer_pkeys[i].x509 != NULL)
1113 X509_free(sc->peer_pkeys[i].x509);
1114 sc->peer_pkeys[i].x509 = x;
1115 sc->peer_key = &(sc->peer_pkeys[i]);
1116
1117 if (s->session->peer != NULL)
1118 X509_free(s->session->peer);
1119 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1120 s->session->peer = x;
1121 s->session->verify_result = s->verify_result;
1122
1123 x = NULL;
1124 ret = 1;
1125
1126 if (0) {
1127truncated:
1128 /* wrong packet length */
1129 al = SSL_AD_DECODE_ERROR;
1130 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
1131 SSL_R_BAD_PACKET_LENGTH);
1132f_err:
1133 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1134 }
1135err:
1136 EVP_PKEY_free(pkey);
1137 X509_free(x);
1138 sk_X509_pop_free(sk, X509_free);
1139 return (ret);
1140}
1141
1142int
1143ssl3_get_key_exchange(SSL *s)
1144{
1145 unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2];
1146 EVP_MD_CTX md_ctx;
1147 unsigned char *param, *p;
1148 int al, i, j, param_len, ok;
1149 long n, alg_k, alg_a;
1150 EVP_PKEY *pkey = NULL;
1151 const EVP_MD *md = NULL;
1152 RSA *rsa = NULL;
1153 DH *dh = NULL;
1154 EC_KEY *ecdh = NULL;
1155 BN_CTX *bn_ctx = NULL;
1156 EC_POINT *srvr_ecpoint = NULL;
1157 int curve_nid = 0;
1158 int encoded_pt_len = 0;
1159
1160 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1161 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1162
1163 /*
1164 * Use same message size as in ssl3_get_certificate_request()
1165 * as ServerKeyExchange message may be skipped.
1166 */
1167 n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
1168 SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok);
1169 if (!ok)
1170 return ((int)n);
1171
1172 EVP_MD_CTX_init(&md_ctx);
1173
1174 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
1175 /*
1176 * Do not skip server key exchange if this cipher suite uses
1177 * ephemeral keys.
1178 */
1179 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
1180 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1181 SSL_R_UNEXPECTED_MESSAGE);
1182 al = SSL_AD_UNEXPECTED_MESSAGE;
1183 goto f_err;
1184 }
1185
1186 s->s3->tmp.reuse_message = 1;
1187 EVP_MD_CTX_cleanup(&md_ctx);
1188 return (1);
1189 }
1190
1191 if (s->session->sess_cert != NULL) {
1192 DH_free(s->session->sess_cert->peer_dh_tmp);
1193 s->session->sess_cert->peer_dh_tmp = NULL;
1194
1195 EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1196 s->session->sess_cert->peer_ecdh_tmp = NULL;
1197 } else {
1198 s->session->sess_cert = ssl_sess_cert_new();
1199 if (s->session->sess_cert == NULL)
1200 goto err;
1201 }
1202
1203 param = p = (unsigned char *)s->init_msg;
1204 param_len = 0;
1205
1206 if (alg_k & SSL_kDHE) {
1207 if ((dh = DH_new()) == NULL) {
1208 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1209 ERR_R_DH_LIB);
1210 goto err;
1211 }
1212 if (2 > n)
1213 goto truncated;
1214 n2s(p, i);
1215 param_len = i + 2;
1216 if (param_len > n) {
1217 al = SSL_AD_DECODE_ERROR;
1218 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1219 SSL_R_BAD_DH_P_LENGTH);
1220 goto f_err;
1221 }
1222 if (!(dh->p = BN_bin2bn(p, i, NULL))) {
1223 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1224 ERR_R_BN_LIB);
1225 goto err;
1226 }
1227 p += i;
1228
1229 if (param_len + 2 > n)
1230 goto truncated;
1231 n2s(p, i);
1232 param_len += i + 2;
1233 if (param_len > n) {
1234 al = SSL_AD_DECODE_ERROR;
1235 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1236 SSL_R_BAD_DH_G_LENGTH);
1237 goto f_err;
1238 }
1239 if (!(dh->g = BN_bin2bn(p, i, NULL))) {
1240 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1241 ERR_R_BN_LIB);
1242 goto err;
1243 }
1244 p += i;
1245
1246 if (param_len + 2 > n)
1247 goto truncated;
1248 n2s(p, i);
1249 param_len += i + 2;
1250 if (param_len > n) {
1251 al = SSL_AD_DECODE_ERROR;
1252 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1253 SSL_R_BAD_DH_PUB_KEY_LENGTH);
1254 goto f_err;
1255 }
1256 if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
1257 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1258 ERR_R_BN_LIB);
1259 goto err;
1260 }
1261 p += i;
1262 n -= param_len;
1263
1264 /*
1265 * Check the strength of the DH key just constructed.
1266 * Discard keys weaker than 1024 bits.
1267 */
1268
1269 if (DH_size(dh) < 1024 / 8) {
1270 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1271 SSL_R_BAD_DH_P_LENGTH);
1272 goto err;
1273 }
1274
1275 if (alg_a & SSL_aRSA)
1276 pkey = X509_get_pubkey(
1277 s->session->sess_cert->peer_pkeys[
1278 SSL_PKEY_RSA_ENC].x509);
1279 else if (alg_a & SSL_aDSS)
1280 pkey = X509_get_pubkey(
1281 s->session->sess_cert->peer_pkeys[
1282 SSL_PKEY_DSA_SIGN].x509);
1283 /* else anonymous DH, so no certificate or pkey. */
1284
1285 s->session->sess_cert->peer_dh_tmp = dh;
1286 dh = NULL;
1287 } else if (alg_k & SSL_kECDHE) {
1288 const EC_GROUP *group;
1289 EC_GROUP *ngroup;
1290
1291 if ((ecdh = EC_KEY_new()) == NULL) {
1292 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1293 ERR_R_MALLOC_FAILURE);
1294 goto err;
1295 }
1296
1297 /*
1298 * Extract elliptic curve parameters and the
1299 * server's ephemeral ECDH public key.
1300 * Keep accumulating lengths of various components in
1301 * param_len and make sure it never exceeds n.
1302 */
1303
1304 /*
1305 * XXX: For now we only support named (not generic) curves
1306 * and the ECParameters in this case is just three bytes.
1307 */
1308 param_len = 3;
1309 if (param_len > n) {
1310 al = SSL_AD_DECODE_ERROR;
1311 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1312 SSL_R_LENGTH_TOO_SHORT);
1313 goto f_err;
1314 }
1315
1316 /*
1317 * Check curve is one of our preferences, if not server has
1318 * sent an invalid curve.
1319 */
1320 if (tls1_check_curve(s, p, param_len) != 1) {
1321 al = SSL_AD_DECODE_ERROR;
1322 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE);
1323 goto f_err;
1324 }
1325
1326 if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) {
1327 al = SSL_AD_INTERNAL_ERROR;
1328 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1329 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
1330 goto f_err;
1331 }
1332
1333 ngroup = EC_GROUP_new_by_curve_name(curve_nid);
1334 if (ngroup == NULL) {
1335 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1336 ERR_R_EC_LIB);
1337 goto err;
1338 }
1339 if (EC_KEY_set_group(ecdh, ngroup) == 0) {
1340 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1341 ERR_R_EC_LIB);
1342 goto err;
1343 }
1344 EC_GROUP_free(ngroup);
1345
1346 group = EC_KEY_get0_group(ecdh);
1347
1348 p += 3;
1349
1350 /* Next, get the encoded ECPoint */
1351 if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
1352 ((bn_ctx = BN_CTX_new()) == NULL)) {
1353 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1354 ERR_R_MALLOC_FAILURE);
1355 goto err;
1356 }
1357
1358 if (param_len + 1 > n)
1359 goto truncated;
1360 encoded_pt_len = *p;
1361 /* length of encoded point */
1362 p += 1;
1363 param_len += (1 + encoded_pt_len);
1364 if ((param_len > n) || (EC_POINT_oct2point(group, srvr_ecpoint,
1365 p, encoded_pt_len, bn_ctx) == 0)) {
1366 al = SSL_AD_DECODE_ERROR;
1367 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1368 SSL_R_BAD_ECPOINT);
1369 goto f_err;
1370 }
1371
1372 n -= param_len;
1373 p += encoded_pt_len;
1374
1375 /*
1376 * The ECC/TLS specification does not mention the use
1377 * of DSA to sign ECParameters in the server key
1378 * exchange message. We do support RSA and ECDSA.
1379 */
1380 if (alg_a & SSL_aRSA)
1381 pkey = X509_get_pubkey(
1382 s->session->sess_cert->peer_pkeys[
1383 SSL_PKEY_RSA_ENC].x509);
1384 else if (alg_a & SSL_aECDSA)
1385 pkey = X509_get_pubkey(
1386 s->session->sess_cert->peer_pkeys[
1387 SSL_PKEY_ECC].x509);
1388 /* Else anonymous ECDH, so no certificate or pkey. */
1389 EC_KEY_set_public_key(ecdh, srvr_ecpoint);
1390 s->session->sess_cert->peer_ecdh_tmp = ecdh;
1391 ecdh = NULL;
1392 BN_CTX_free(bn_ctx);
1393 bn_ctx = NULL;
1394 EC_POINT_free(srvr_ecpoint);
1395 srvr_ecpoint = NULL;
1396 } else if (alg_k) {
1397 al = SSL_AD_UNEXPECTED_MESSAGE;
1398 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1399 SSL_R_UNEXPECTED_MESSAGE);
1400 goto f_err;
1401 }
1402
1403 /* p points to the next byte, there are 'n' bytes left */
1404
1405 /* if it was signed, check the signature */
1406 if (pkey != NULL) {
1407 if (SSL_USE_SIGALGS(s)) {
1408 int sigalg = tls12_get_sigid(pkey);
1409 /* Should never happen */
1410 if (sigalg == -1) {
1411 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1412 ERR_R_INTERNAL_ERROR);
1413 goto err;
1414 }
1415 /*
1416 * Check key type is consistent
1417 * with signature
1418 */
1419 if (2 > n)
1420 goto truncated;
1421 if (sigalg != (int)p[1]) {
1422 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1423 SSL_R_WRONG_SIGNATURE_TYPE);
1424 al = SSL_AD_DECODE_ERROR;
1425 goto f_err;
1426 }
1427 md = tls12_get_hash(p[0]);
1428 if (md == NULL) {
1429 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1430 SSL_R_UNKNOWN_DIGEST);
1431 al = SSL_AD_DECODE_ERROR;
1432 goto f_err;
1433 }
1434 p += 2;
1435 n -= 2;
1436 } else
1437 md = EVP_sha1();
1438
1439 if (2 > n)
1440 goto truncated;
1441 n2s(p, i);
1442 n -= 2;
1443 j = EVP_PKEY_size(pkey);
1444
1445 if (i != n || n > j) {
1446 /* wrong packet length */
1447 al = SSL_AD_DECODE_ERROR;
1448 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1449 SSL_R_WRONG_SIGNATURE_LENGTH);
1450 goto f_err;
1451 }
1452
1453 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1454 int num;
1455
1456 j = 0;
1457 q = md_buf;
1458 for (num = 2; num > 0; num--) {
1459 if (!EVP_DigestInit_ex(&md_ctx,
1460 (num == 2) ? s->ctx->md5 : s->ctx->sha1,
1461 NULL)) {
1462 al = SSL_AD_INTERNAL_ERROR;
1463 goto f_err;
1464 }
1465 EVP_DigestUpdate(&md_ctx,
1466 s->s3->client_random,
1467 SSL3_RANDOM_SIZE);
1468 EVP_DigestUpdate(&md_ctx,
1469 s->s3->server_random,
1470 SSL3_RANDOM_SIZE);
1471 EVP_DigestUpdate(&md_ctx, param, param_len);
1472 EVP_DigestFinal_ex(&md_ctx, q,
1473 (unsigned int *)&i);
1474 q += i;
1475 j += i;
1476 }
1477 i = RSA_verify(NID_md5_sha1, md_buf, j,
1478 p, n, pkey->pkey.rsa);
1479 if (i < 0) {
1480 al = SSL_AD_DECRYPT_ERROR;
1481 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1482 SSL_R_BAD_RSA_DECRYPT);
1483 goto f_err;
1484 }
1485 if (i == 0) {
1486 /* bad signature */
1487 al = SSL_AD_DECRYPT_ERROR;
1488 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1489 SSL_R_BAD_SIGNATURE);
1490 goto f_err;
1491 }
1492 } else {
1493 EVP_VerifyInit_ex(&md_ctx, md, NULL);
1494 EVP_VerifyUpdate(&md_ctx, s->s3->client_random,
1495 SSL3_RANDOM_SIZE);
1496 EVP_VerifyUpdate(&md_ctx, s->s3->server_random,
1497 SSL3_RANDOM_SIZE);
1498 EVP_VerifyUpdate(&md_ctx, param, param_len);
1499 if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) {
1500 /* bad signature */
1501 al = SSL_AD_DECRYPT_ERROR;
1502 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1503 SSL_R_BAD_SIGNATURE);
1504 goto f_err;
1505 }
1506 }
1507 } else {
1508 /* aNULL does not need public keys. */
1509 if (!(alg_a & SSL_aNULL)) {
1510 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1511 ERR_R_INTERNAL_ERROR);
1512 goto err;
1513 }
1514 /* still data left over */
1515 if (n != 0) {
1516 al = SSL_AD_DECODE_ERROR;
1517 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1518 SSL_R_EXTRA_DATA_IN_MESSAGE);
1519 goto f_err;
1520 }
1521 }
1522 EVP_PKEY_free(pkey);
1523 EVP_MD_CTX_cleanup(&md_ctx);
1524 return (1);
1525truncated:
1526 /* wrong packet length */
1527 al = SSL_AD_DECODE_ERROR;
1528 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
1529f_err:
1530 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1531err:
1532 EVP_PKEY_free(pkey);
1533 RSA_free(rsa);
1534 DH_free(dh);
1535 BN_CTX_free(bn_ctx);
1536 EC_POINT_free(srvr_ecpoint);
1537 EC_KEY_free(ecdh);
1538 EVP_MD_CTX_cleanup(&md_ctx);
1539 return (-1);
1540}
1541
1542int
1543ssl3_get_certificate_request(SSL *s)
1544{
1545 int ok, ret = 0;
1546 long n;
1547 uint8_t ctype_num;
1548 CBS cert_request, ctypes, rdn_list;
1549 X509_NAME *xn = NULL;
1550 const unsigned char *q;
1551 STACK_OF(X509_NAME) *ca_sk = NULL;
1552
1553 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A,
1554 SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok);
1555
1556 if (!ok)
1557 return ((int)n);
1558
1559 s->s3->tmp.cert_req = 0;
1560
1561 if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
1562 s->s3->tmp.reuse_message = 1;
1563 /*
1564 * If we get here we don't need any cached handshake records
1565 * as we wont be doing client auth.
1566 */
1567 if (s->s3->handshake_buffer) {
1568 if (!ssl3_digest_cached_records(s))
1569 goto err;
1570 }
1571 return (1);
1572 }
1573
1574 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
1575 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1576 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1577 SSL_R_WRONG_MESSAGE_TYPE);
1578 goto err;
1579 }
1580
1581 /* TLS does not like anon-DH with client cert */
1582 if (s->version > SSL3_VERSION) {
1583 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
1584 ssl3_send_alert(s, SSL3_AL_FATAL,
1585 SSL_AD_UNEXPECTED_MESSAGE);
1586 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1587 SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1588 goto err;
1589 }
1590 }
1591
1592 if (n < 0)
1593 goto truncated;
1594 CBS_init(&cert_request, s->init_msg, n);
1595
1596 if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
1597 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1598 ERR_R_MALLOC_FAILURE);
1599 goto err;
1600 }
1601
1602 /* get the certificate types */
1603 if (!CBS_get_u8(&cert_request, &ctype_num))
1604 goto truncated;
1605
1606 if (ctype_num > SSL3_CT_NUMBER)
1607 ctype_num = SSL3_CT_NUMBER;
1608 if (!CBS_get_bytes(&cert_request, &ctypes, ctype_num) ||
1609 !CBS_write_bytes(&ctypes, s->s3->tmp.ctype,
1610 sizeof(s->s3->tmp.ctype), NULL)) {
1611 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1612 SSL_R_DATA_LENGTH_TOO_LONG);
1613 goto err;
1614 }
1615
1616 if (SSL_USE_SIGALGS(s)) {
1617 CBS sigalgs;
1618
1619 if (CBS_len(&cert_request) < 2) {
1620 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1621 SSL_R_DATA_LENGTH_TOO_LONG);
1622 goto err;
1623 }
1624
1625 /* Check we have enough room for signature algorithms and
1626 * following length value.
1627 */
1628 if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
1629 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1630 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1631 SSL_R_DATA_LENGTH_TOO_LONG);
1632 goto err;
1633 }
1634 if ((CBS_len(&sigalgs) & 1) ||
1635 !tls1_process_sigalgs(s, CBS_data(&sigalgs),
1636 CBS_len(&sigalgs))) {
1637 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1638 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1639 SSL_R_SIGNATURE_ALGORITHMS_ERROR);
1640 goto err;
1641 }
1642 }
1643
1644 /* get the CA RDNs */
1645 if (CBS_len(&cert_request) < 2) {
1646 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1647 SSL_R_DATA_LENGTH_TOO_LONG);
1648 goto err;
1649 }
1650
1651 if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
1652 CBS_len(&cert_request) != 0) {
1653 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1654 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1655 SSL_R_LENGTH_MISMATCH);
1656 goto err;
1657 }
1658
1659 while (CBS_len(&rdn_list) > 0) {
1660 CBS rdn;
1661
1662 if (CBS_len(&rdn_list) < 2) {
1663 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1664 SSL_R_DATA_LENGTH_TOO_LONG);
1665 goto err;
1666 }
1667
1668 if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
1669 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1670 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1671 SSL_R_CA_DN_TOO_LONG);
1672 goto err;
1673 }
1674
1675 q = CBS_data(&rdn);
1676 if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
1677 ssl3_send_alert(s, SSL3_AL_FATAL,
1678 SSL_AD_DECODE_ERROR);
1679 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1680 ERR_R_ASN1_LIB);
1681 goto err;
1682 }
1683
1684 if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
1685 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1686 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1687 SSL_R_CA_DN_LENGTH_MISMATCH);
1688 goto err;
1689 }
1690 if (!sk_X509_NAME_push(ca_sk, xn)) {
1691 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1692 ERR_R_MALLOC_FAILURE);
1693 goto err;
1694 }
1695 }
1696
1697 /* we should setup a certificate to return.... */
1698 s->s3->tmp.cert_req = 1;
1699 s->s3->tmp.ctype_num = ctype_num;
1700 if (s->s3->tmp.ca_names != NULL)
1701 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
1702 s->s3->tmp.ca_names = ca_sk;
1703 ca_sk = NULL;
1704
1705 ret = 1;
1706 if (0) {
1707truncated:
1708 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
1709 SSL_R_BAD_PACKET_LENGTH);
1710 }
1711err:
1712 if (ca_sk != NULL)
1713 sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
1714 return (ret);
1715}
1716
1717static int
1718ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
1719{
1720 return (X509_NAME_cmp(*a, *b));
1721}
1722
1723int
1724ssl3_get_new_session_ticket(SSL *s)
1725{
1726 int ok, al, ret = 0;
1727 uint32_t lifetime_hint;
1728 long n;
1729 CBS cbs, session_ticket;
1730
1731 n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
1732 SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
1733 if (!ok)
1734 return ((int)n);
1735
1736 if (s->s3->tmp.message_type == SSL3_MT_FINISHED) {
1737 s->s3->tmp.reuse_message = 1;
1738 return (1);
1739 }
1740 if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
1741 al = SSL_AD_UNEXPECTED_MESSAGE;
1742 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1743 SSL_R_BAD_MESSAGE_TYPE);
1744 goto f_err;
1745 }
1746
1747 if (n < 0) {
1748 al = SSL_AD_DECODE_ERROR;
1749 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1750 SSL_R_LENGTH_MISMATCH);
1751 goto f_err;
1752 }
1753
1754 CBS_init(&cbs, s->init_msg, n);
1755 if (!CBS_get_u32(&cbs, &lifetime_hint) ||
1756#if UINT32_MAX > LONG_MAX
1757 lifetime_hint > LONG_MAX ||
1758#endif
1759 !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
1760 CBS_len(&cbs) != 0) {
1761 al = SSL_AD_DECODE_ERROR;
1762 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1763 SSL_R_LENGTH_MISMATCH);
1764 goto f_err;
1765 }
1766 s->session->tlsext_tick_lifetime_hint = (long)lifetime_hint;
1767
1768 if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
1769 &s->session->tlsext_ticklen)) {
1770 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,
1771 ERR_R_MALLOC_FAILURE);
1772 goto err;
1773 }
1774
1775 /*
1776 * There are two ways to detect a resumed ticket sesion.
1777 * One is to set an appropriate session ID and then the server
1778 * must return a match in ServerHello. This allows the normal
1779 * client session ID matching to work and we know much
1780 * earlier that the ticket has been accepted.
1781 *
1782 * The other way is to set zero length session ID when the
1783 * ticket is presented and rely on the handshake to determine
1784 * session resumption.
1785 *
1786 * We choose the former approach because this fits in with
1787 * assumptions elsewhere in OpenSSL. The session ID is set
1788 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1789 * ticket.
1790 */
1791 EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket),
1792 s->session->session_id, &s->session->session_id_length,
1793 EVP_sha256(), NULL);
1794 ret = 1;
1795 return (ret);
1796f_err:
1797 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1798err:
1799 return (-1);
1800}
1801
1802int
1803ssl3_get_cert_status(SSL *s)
1804{
1805 CBS cert_status, response;
1806 size_t stow_len;
1807 int ok, al;
1808 long n;
1809 uint8_t status_type;
1810
1811 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
1812 SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
1813 16384, &ok);
1814
1815 if (!ok)
1816 return ((int)n);
1817
1818 if (n < 0) {
1819 /* need at least status type + length */
1820 al = SSL_AD_DECODE_ERROR;
1821 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1822 SSL_R_LENGTH_MISMATCH);
1823 goto f_err;
1824 }
1825
1826 CBS_init(&cert_status, s->init_msg, n);
1827 if (!CBS_get_u8(&cert_status, &status_type) ||
1828 CBS_len(&cert_status) < 3) {
1829 /* need at least status type + length */
1830 al = SSL_AD_DECODE_ERROR;
1831 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1832 SSL_R_LENGTH_MISMATCH);
1833 goto f_err;
1834 }
1835
1836 if (status_type != TLSEXT_STATUSTYPE_ocsp) {
1837 al = SSL_AD_DECODE_ERROR;
1838 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1839 SSL_R_UNSUPPORTED_STATUS_TYPE);
1840 goto f_err;
1841 }
1842
1843 if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
1844 CBS_len(&cert_status) != 0) {
1845 al = SSL_AD_DECODE_ERROR;
1846 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1847 SSL_R_LENGTH_MISMATCH);
1848 goto f_err;
1849 }
1850
1851 if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
1852 &stow_len) || stow_len > INT_MAX) {
1853 s->tlsext_ocsp_resplen = 0;
1854 al = SSL_AD_INTERNAL_ERROR;
1855 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1856 ERR_R_MALLOC_FAILURE);
1857 goto f_err;
1858 }
1859 s->tlsext_ocsp_resplen = (int)stow_len;
1860
1861 if (s->ctx->tlsext_status_cb) {
1862 int ret;
1863 ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1864 if (ret == 0) {
1865 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1866 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1867 SSL_R_INVALID_STATUS_RESPONSE);
1868 goto f_err;
1869 }
1870 if (ret < 0) {
1871 al = SSL_AD_INTERNAL_ERROR;
1872 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,
1873 ERR_R_MALLOC_FAILURE);
1874 goto f_err;
1875 }
1876 }
1877 return (1);
1878f_err:
1879 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1880 return (-1);
1881}
1882
1883int
1884ssl3_get_server_done(SSL *s)
1885{
1886 int ok, ret = 0;
1887 long n;
1888
1889 n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
1890 SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
1891 30, /* should be very small, like 0 :-) */ &ok);
1892
1893 if (!ok)
1894 return ((int)n);
1895 if (n > 0) {
1896 /* should contain no data */
1897 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1898 SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
1899 return (-1);
1900 }
1901 ret = 1;
1902 return (ret);
1903}
1904
1905int
1906ssl3_send_client_key_exchange(SSL *s)
1907{
1908 unsigned char *p, *q;
1909 int n;
1910 unsigned long alg_k;
1911 EVP_PKEY *pkey = NULL;
1912 EC_KEY *clnt_ecdh = NULL;
1913 const EC_POINT *srvr_ecpoint = NULL;
1914 EVP_PKEY *srvr_pub_pkey = NULL;
1915 unsigned char *encodedPoint = NULL;
1916 int encoded_pt_len = 0;
1917 BN_CTX *bn_ctx = NULL;
1918
1919 if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
1920 p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE);
1921
1922 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1923
1924 if (s->session->sess_cert == NULL) {
1925 ssl3_send_alert(s, SSL3_AL_FATAL,
1926 SSL_AD_UNEXPECTED_MESSAGE);
1927 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1928 ERR_R_INTERNAL_ERROR);
1929 goto err;
1930 }
1931
1932 if (alg_k & SSL_kRSA) {
1933 RSA *rsa;
1934 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1935
1936 pkey = X509_get_pubkey(
1937 s->session->sess_cert->peer_pkeys[
1938 SSL_PKEY_RSA_ENC].x509);
1939 if ((pkey == NULL) ||
1940 (pkey->type != EVP_PKEY_RSA) ||
1941 (pkey->pkey.rsa == NULL)) {
1942 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1943 ERR_R_INTERNAL_ERROR);
1944 EVP_PKEY_free(pkey);
1945 goto err;
1946 }
1947 rsa = pkey->pkey.rsa;
1948 EVP_PKEY_free(pkey);
1949
1950 tmp_buf[0] = s->client_version >> 8;
1951 tmp_buf[1] = s->client_version & 0xff;
1952 arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2);
1953
1954 s->session->master_key_length = sizeof tmp_buf;
1955
1956 q = p;
1957 /* Fix buf for TLS and beyond */
1958 if (s->version > SSL3_VERSION)
1959 p += 2;
1960 n = RSA_public_encrypt(sizeof tmp_buf,
1961 tmp_buf, p, rsa, RSA_PKCS1_PADDING);
1962 if (n <= 0) {
1963 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1964 SSL_R_BAD_RSA_ENCRYPT);
1965 goto err;
1966 }
1967
1968 /* Fix buf for TLS and beyond */
1969 if (s->version > SSL3_VERSION) {
1970 s2n(n, q);
1971 n += 2;
1972 }
1973
1974 s->session->master_key_length =
1975 s->method->ssl3_enc->generate_master_secret(
1976 s, s->session->master_key, tmp_buf, sizeof tmp_buf);
1977 OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1978 } else if (alg_k & SSL_kDHE) {
1979 DH *dh_srvr, *dh_clnt;
1980
1981 /* Ensure that we have an ephemeral key for DHE. */
1982 if (s->session->sess_cert->peer_dh_tmp == NULL) {
1983 ssl3_send_alert(s, SSL3_AL_FATAL,
1984 SSL_AD_HANDSHAKE_FAILURE);
1985 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1986 SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
1987 goto err;
1988 }
1989 dh_srvr = s->session->sess_cert->peer_dh_tmp;
1990
1991 /* Generate a new random key. */
1992 if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
1993 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1994 ERR_R_DH_LIB);
1995 goto err;
1996 }
1997 if (!DH_generate_key(dh_clnt)) {
1998 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
1999 ERR_R_DH_LIB);
2000 DH_free(dh_clnt);
2001 goto err;
2002 }
2003
2004 /*
2005 * Use the 'p' output buffer for the DH key, but
2006 * make sure to clear it out afterwards.
2007 */
2008 n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
2009
2010 if (n <= 0) {
2011 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2012 ERR_R_DH_LIB);
2013 DH_free(dh_clnt);
2014 goto err;
2015 }
2016
2017 /* Generate master key from the result. */
2018 s->session->master_key_length =
2019 s->method->ssl3_enc->generate_master_secret(s,
2020 s->session->master_key, p, n);
2021
2022 /* Clean up. */
2023 memset(p, 0, n);
2024
2025 /* Send off the data. */
2026 n = BN_num_bytes(dh_clnt->pub_key);
2027 s2n(n, p);
2028 BN_bn2bin(dh_clnt->pub_key, p);
2029 n += 2;
2030
2031 DH_free(dh_clnt);
2032
2033 /* perhaps clean things up a bit EAY EAY EAY EAY*/
2034 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2035 const EC_GROUP *srvr_group = NULL;
2036 EC_KEY *tkey;
2037 int field_size = 0;
2038
2039
2040 /* Ensure that we have an ephemeral key for ECDHE. */
2041 if ((alg_k & SSL_kECDHE) &&
2042 s->session->sess_cert->peer_ecdh_tmp == NULL) {
2043 ssl3_send_alert(s, SSL3_AL_FATAL,
2044 SSL_AD_HANDSHAKE_FAILURE);
2045 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2046 ERR_R_INTERNAL_ERROR);
2047 goto err;
2048 }
2049 tkey = s->session->sess_cert->peer_ecdh_tmp;
2050
2051 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2052 /* Get the Server Public Key from Cert */
2053 srvr_pub_pkey = X509_get_pubkey(s->session-> \
2054 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
2055 if (srvr_pub_pkey != NULL &&
2056 srvr_pub_pkey->type == EVP_PKEY_EC)
2057 tkey = srvr_pub_pkey->pkey.ec;
2058 }
2059
2060 if (tkey == NULL) {
2061 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2062 ERR_R_INTERNAL_ERROR);
2063 goto err;
2064 }
2065
2066 srvr_group = EC_KEY_get0_group(tkey);
2067 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
2068
2069 if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
2070 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2071 ERR_R_INTERNAL_ERROR);
2072 goto err;
2073 }
2074
2075 if ((clnt_ecdh = EC_KEY_new()) == NULL) {
2076 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2077 ERR_R_MALLOC_FAILURE);
2078 goto err;
2079 }
2080
2081 if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
2082 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2083 ERR_R_EC_LIB);
2084 goto err;
2085 }
2086
2087 /* Generate a new ECDH key pair */
2088 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2089 SSLerr(
2090 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2091 ERR_R_ECDH_LIB);
2092 goto err;
2093 }
2094
2095 /*
2096 * Use the 'p' output buffer for the ECDH key, but
2097 * make sure to clear it out afterwards.
2098 */
2099 field_size = EC_GROUP_get_degree(srvr_group);
2100 if (field_size <= 0) {
2101 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2102 ERR_R_ECDH_LIB);
2103 goto err;
2104 }
2105 n = ECDH_compute_key(p, (field_size + 7)/8,
2106 srvr_ecpoint, clnt_ecdh, NULL);
2107 if (n <= 0) {
2108 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2109 ERR_R_ECDH_LIB);
2110 goto err;
2111 }
2112
2113 /* generate master key from the result */
2114 s->session->master_key_length = s->method->ssl3_enc \
2115 -> generate_master_secret(s,
2116 s->session->master_key, p, n);
2117
2118 memset(p, 0, n); /* clean up */
2119
2120 /*
2121 * First check the size of encoding and
2122 * allocate memory accordingly.
2123 */
2124 encoded_pt_len = EC_POINT_point2oct(
2125 srvr_group,
2126 EC_KEY_get0_public_key(clnt_ecdh),
2127 POINT_CONVERSION_UNCOMPRESSED,
2128 NULL, 0, NULL);
2129
2130 encodedPoint = malloc(encoded_pt_len);
2131
2132 bn_ctx = BN_CTX_new();
2133 if ((encodedPoint == NULL) ||
2134 (bn_ctx == NULL)) {
2135 SSLerr(
2136 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2137 ERR_R_MALLOC_FAILURE);
2138 goto err;
2139 }
2140
2141 /* Encode the public key */
2142 n = EC_POINT_point2oct(srvr_group,
2143 EC_KEY_get0_public_key(clnt_ecdh),
2144 POINT_CONVERSION_UNCOMPRESSED,
2145 encodedPoint, encoded_pt_len, bn_ctx);
2146
2147 *p = n; /* length of encoded point */
2148 /* Encoded point will be copied here */
2149 p += 1;
2150
2151 /* copy the point */
2152 memcpy((unsigned char *)p, encodedPoint, n);
2153 /* increment n to account for length field */
2154 n += 1;
2155
2156 /* Free allocated memory */
2157 BN_CTX_free(bn_ctx);
2158 free(encodedPoint);
2159 EC_KEY_free(clnt_ecdh);
2160 EVP_PKEY_free(srvr_pub_pkey);
2161 } else if (alg_k & SSL_kGOST) {
2162 /* GOST key exchange message creation */
2163 EVP_PKEY_CTX *pkey_ctx;
2164 X509 *peer_cert;
2165
2166 size_t msglen;
2167 unsigned int md_len;
2168 unsigned char premaster_secret[32], shared_ukm[32],
2169 tmp[256];
2170 EVP_MD_CTX *ukm_hash;
2171 EVP_PKEY *pub_key;
2172 int nid;
2173
2174 /* Get server sertificate PKEY and create ctx from it */
2175 peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509;
2176 if (!peer_cert) {
2177 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2178 SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2179 goto err;
2180 }
2181
2182 pkey_ctx = EVP_PKEY_CTX_new(
2183 pub_key = X509_get_pubkey(peer_cert),
2184 NULL);
2185 /*
2186 * If we have send a certificate, and certificate key
2187 * parameters match those of server certificate, use
2188 * certificate key for key exchange.
2189 * Otherwise, generate ephemeral key pair.
2190 */
2191
2192 EVP_PKEY_encrypt_init(pkey_ctx);
2193 /* Generate session key. */
2194 arc4random_buf(premaster_secret, 32);
2195 /*
2196 * If we have client certificate, use its secret
2197 * as peer key.
2198 */
2199 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2200 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2201 s->cert->key->privatekey) <=0) {
2202 /*
2203 * If there was an error -
2204 * just ignore it. Ephemeral key
2205 * would be used
2206 */
2207 ERR_clear_error();
2208 }
2209 }
2210 /*
2211 * Compute shared IV and store it in algorithm-specific
2212 * context data
2213 */
2214 ukm_hash = EVP_MD_CTX_create();
2215 if (ukm_hash == NULL) {
2216 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2217 ERR_R_MALLOC_FAILURE);
2218 goto err;
2219 }
2220
2221 if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94)
2222 nid = NID_id_GostR3411_94;
2223 else
2224 nid = NID_id_tc26_gost3411_2012_256;
2225 if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid)))
2226 goto err;
2227 EVP_DigestUpdate(ukm_hash,
2228 s->s3->client_random, SSL3_RANDOM_SIZE);
2229 EVP_DigestUpdate(ukm_hash,
2230 s->s3->server_random, SSL3_RANDOM_SIZE);
2231 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2232 EVP_MD_CTX_destroy(ukm_hash);
2233 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
2234 EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
2235 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2236 SSL_R_LIBRARY_BUG);
2237 goto err;
2238 }
2239 /*
2240 * Make GOST keytransport blob message,
2241 * encapsulate it into sequence.
2242 */
2243 *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2244 msglen = 255;
2245 if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen,
2246 premaster_secret, 32) < 0) {
2247 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2248 SSL_R_LIBRARY_BUG);
2249 goto err;
2250 }
2251 if (msglen >= 0x80) {
2252 *(p++) = 0x81;
2253 *(p++) = msglen & 0xff;
2254 n = msglen + 3;
2255 } else {
2256 *(p++) = msglen & 0xff;
2257 n = msglen + 2;
2258 }
2259 memcpy(p, tmp, msglen);
2260 /* Check if pubkey from client certificate was used. */
2261 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
2262 EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
2263 /* Set flag "skip certificate verify". */
2264 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2265 }
2266 EVP_PKEY_CTX_free(pkey_ctx);
2267 s->session->master_key_length =
2268 s->method->ssl3_enc->generate_master_secret(s,
2269 s->session->master_key, premaster_secret, 32);
2270 EVP_PKEY_free(pub_key);
2271
2272 } else {
2273 ssl3_send_alert(s, SSL3_AL_FATAL,
2274 SSL_AD_HANDSHAKE_FAILURE);
2275 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2276 ERR_R_INTERNAL_ERROR);
2277 goto err;
2278 }
2279
2280 s->state = SSL3_ST_CW_KEY_EXCH_B;
2281
2282 ssl3_handshake_msg_finish(s, n);
2283 }
2284
2285 /* SSL3_ST_CW_KEY_EXCH_B */
2286 return (ssl3_handshake_write(s));
2287
2288err:
2289 BN_CTX_free(bn_ctx);
2290 free(encodedPoint);
2291 EC_KEY_free(clnt_ecdh);
2292 EVP_PKEY_free(srvr_pub_pkey);
2293 return (-1);
2294}
2295
2296int
2297ssl3_send_client_verify(SSL *s)
2298{
2299 unsigned char *p;
2300 unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
2301 EVP_PKEY *pkey;
2302 EVP_PKEY_CTX *pctx = NULL;
2303 EVP_MD_CTX mctx;
2304 unsigned u = 0;
2305 unsigned long n;
2306 int j;
2307
2308 EVP_MD_CTX_init(&mctx);
2309
2310 if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
2311 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY);
2312
2313 /*
2314 * Create context from key and test if sha1 is allowed as
2315 * digest.
2316 */
2317 pkey = s->cert->key->privatekey;
2318 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2319 EVP_PKEY_sign_init(pctx);
2320 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
2321 if (!SSL_USE_SIGALGS(s))
2322 s->method->ssl3_enc->cert_verify_mac(s,
2323 NID_sha1, &(data[MD5_DIGEST_LENGTH]));
2324 } else {
2325 ERR_clear_error();
2326 }
2327 /*
2328 * For TLS v1.2 send signature algorithm and signature
2329 * using agreed digest and cached handshake records.
2330 */
2331 if (SSL_USE_SIGALGS(s)) {
2332 long hdatalen = 0;
2333 void *hdata;
2334 const EVP_MD *md = s->cert->key->digest;
2335 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
2336 &hdata);
2337 if (hdatalen <= 0 ||
2338 !tls12_get_sigandhash(p, pkey, md)) {
2339 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2340 ERR_R_INTERNAL_ERROR);
2341 goto err;
2342 }
2343 p += 2;
2344 if (!EVP_SignInit_ex(&mctx, md, NULL) ||
2345 !EVP_SignUpdate(&mctx, hdata, hdatalen) ||
2346 !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
2347 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2348 ERR_R_EVP_LIB);
2349 goto err;
2350 }
2351 s2n(u, p);
2352 n = u + 4;
2353 if (!ssl3_digest_cached_records(s))
2354 goto err;
2355 } else if (pkey->type == EVP_PKEY_RSA) {
2356 s->method->ssl3_enc->cert_verify_mac(
2357 s, NID_md5, &(data[0]));
2358 if (RSA_sign(NID_md5_sha1, data,
2359 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]),
2360 &u, pkey->pkey.rsa) <= 0 ) {
2361 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2362 ERR_R_RSA_LIB);
2363 goto err;
2364 }
2365 s2n(u, p);
2366 n = u + 2;
2367 } else if (pkey->type == EVP_PKEY_DSA) {
2368 if (!DSA_sign(pkey->save_type,
2369 &(data[MD5_DIGEST_LENGTH]),
2370 SHA_DIGEST_LENGTH, &(p[2]),
2371 (unsigned int *)&j, pkey->pkey.dsa)) {
2372 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2373 ERR_R_DSA_LIB);
2374 goto err;
2375 }
2376 s2n(j, p);
2377 n = j + 2;
2378 } else if (pkey->type == EVP_PKEY_EC) {
2379 if (!ECDSA_sign(pkey->save_type,
2380 &(data[MD5_DIGEST_LENGTH]),
2381 SHA_DIGEST_LENGTH, &(p[2]),
2382 (unsigned int *)&j, pkey->pkey.ec)) {
2383 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2384 ERR_R_ECDSA_LIB);
2385 goto err;
2386 }
2387 s2n(j, p);
2388 n = j + 2;
2389#ifndef OPENSSL_NO_GOST
2390 } else if (pkey->type == NID_id_GostR3410_94 ||
2391 pkey->type == NID_id_GostR3410_2001) {
2392 unsigned char signbuf[128];
2393 long hdatalen = 0;
2394 void *hdata;
2395 const EVP_MD *md;
2396 int nid;
2397 size_t sigsize;
2398
2399 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
2400 if (hdatalen <= 0) {
2401 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2402 ERR_R_INTERNAL_ERROR);
2403 goto err;
2404 }
2405 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2406 !(md = EVP_get_digestbynid(nid))) {
2407 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2408 ERR_R_EVP_LIB);
2409 goto err;
2410 }
2411 if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
2412 !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
2413 !EVP_DigestFinal(&mctx, signbuf, &u) ||
2414 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
2415 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
2416 EVP_PKEY_CTRL_GOST_SIG_FORMAT,
2417 GOST_SIG_FORMAT_RS_LE,
2418 NULL) <= 0) ||
2419 (EVP_PKEY_sign(pctx, &(p[2]), &sigsize,
2420 signbuf, u) <= 0)) {
2421 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2422 ERR_R_EVP_LIB);
2423 goto err;
2424 }
2425 if (!ssl3_digest_cached_records(s))
2426 goto err;
2427 j = sigsize;
2428 s2n(j, p);
2429 n = j + 2;
2430#endif
2431 } else {
2432 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2433 ERR_R_INTERNAL_ERROR);
2434 goto err;
2435 }
2436
2437 s->state = SSL3_ST_CW_CERT_VRFY_B;
2438
2439 ssl3_handshake_msg_finish(s, n);
2440 }
2441
2442 EVP_MD_CTX_cleanup(&mctx);
2443 EVP_PKEY_CTX_free(pctx);
2444
2445 return (ssl3_handshake_write(s));
2446
2447err:
2448 EVP_MD_CTX_cleanup(&mctx);
2449 EVP_PKEY_CTX_free(pctx);
2450 return (-1);
2451}
2452
2453int
2454ssl3_send_client_certificate(SSL *s)
2455{
2456 X509 *x509 = NULL;
2457 EVP_PKEY *pkey = NULL;
2458 int i;
2459 unsigned long l;
2460
2461 if (s->state == SSL3_ST_CW_CERT_A) {
2462 if ((s->cert == NULL) || (s->cert->key->x509 == NULL) ||
2463 (s->cert->key->privatekey == NULL))
2464 s->state = SSL3_ST_CW_CERT_B;
2465 else
2466 s->state = SSL3_ST_CW_CERT_C;
2467 }
2468
2469 /* We need to get a client cert */
2470 if (s->state == SSL3_ST_CW_CERT_B) {
2471 /*
2472 * If we get an error, we need to
2473 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2474 * We then get retied later
2475 */
2476 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2477 if (i < 0) {
2478 s->rwstate = SSL_X509_LOOKUP;
2479 return (-1);
2480 }
2481 s->rwstate = SSL_NOTHING;
2482 if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
2483 s->state = SSL3_ST_CW_CERT_B;
2484 if (!SSL_use_certificate(s, x509) ||
2485 !SSL_use_PrivateKey(s, pkey))
2486 i = 0;
2487 } else if (i == 1) {
2488 i = 0;
2489 SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
2490 SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
2491 }
2492
2493 if (x509 != NULL)
2494 X509_free(x509);
2495 EVP_PKEY_free(pkey);
2496 if (i == 0) {
2497 if (s->version == SSL3_VERSION) {
2498 s->s3->tmp.cert_req = 0;
2499 ssl3_send_alert(s, SSL3_AL_WARNING,
2500 SSL_AD_NO_CERTIFICATE);
2501 return (1);
2502 } else {
2503 s->s3->tmp.cert_req = 2;
2504 }
2505 }
2506
2507 /* Ok, we have a cert */
2508 s->state = SSL3_ST_CW_CERT_C;
2509 }
2510
2511 if (s->state == SSL3_ST_CW_CERT_C) {
2512 s->state = SSL3_ST_CW_CERT_D;
2513 l = ssl3_output_cert_chain(s,
2514 (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509);
2515 s->init_num = (int)l;
2516 s->init_off = 0;
2517 }
2518 /* SSL3_ST_CW_CERT_D */
2519 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2520}
2521
2522#define has_bits(i,m) (((i)&(m)) == (m))
2523
2524int
2525ssl3_check_cert_and_algorithm(SSL *s)
2526{
2527 int i, idx;
2528 long alg_k, alg_a;
2529 EVP_PKEY *pkey = NULL;
2530 SESS_CERT *sc;
2531 DH *dh;
2532
2533 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2534 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2535
2536 /* We don't have a certificate. */
2537 if (alg_a & SSL_aNULL)
2538 return (1);
2539
2540 sc = s->session->sess_cert;
2541 if (sc == NULL) {
2542 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2543 ERR_R_INTERNAL_ERROR);
2544 goto err;
2545 }
2546 dh = s->session->sess_cert->peer_dh_tmp;
2547
2548 /* This is the passed certificate. */
2549
2550 idx = sc->peer_cert_type;
2551 if (idx == SSL_PKEY_ECC) {
2552 if (ssl_check_srvr_ecc_cert_and_alg(
2553 sc->peer_pkeys[idx].x509, s) == 0) {
2554 /* check failed */
2555 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2556 SSL_R_BAD_ECC_CERT);
2557 goto f_err;
2558 } else {
2559 return (1);
2560 }
2561 }
2562 pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
2563 i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
2564 EVP_PKEY_free(pkey);
2565
2566 /* Check that we have a certificate if we require one. */
2567 if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
2568 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2569 SSL_R_MISSING_RSA_SIGNING_CERT);
2570 goto f_err;
2571 } else if ((alg_a & SSL_aDSS) &&
2572 !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) {
2573 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2574 SSL_R_MISSING_DSA_SIGNING_CERT);
2575 goto f_err;
2576 }
2577 if ((alg_k & SSL_kRSA) &&
2578 !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
2579 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2580 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2581 goto f_err;
2582 }
2583 if ((alg_k & SSL_kDHE) &&
2584 !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
2585 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2586 SSL_R_MISSING_DH_KEY);
2587 goto f_err;
2588 }
2589
2590 return (1);
2591f_err:
2592 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2593err:
2594 return (0);
2595}
2596
2597int
2598ssl3_send_next_proto(SSL *s)
2599{
2600 unsigned int len, padding_len;
2601 unsigned char *d, *p;
2602
2603 if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
2604 d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO);
2605
2606 len = s->next_proto_negotiated_len;
2607 padding_len = 32 - ((len + 2) % 32);
2608 *(p++) = len;
2609 memcpy(p, s->next_proto_negotiated, len);
2610 p += len;
2611 *(p++) = padding_len;
2612 memset(p, 0, padding_len);
2613 p += padding_len;
2614
2615 ssl3_handshake_msg_finish(s, p - d);
2616
2617 s->state = SSL3_ST_CW_NEXT_PROTO_B;
2618 }
2619
2620 return (ssl3_handshake_write(s));
2621}
2622
2623/*
2624 * Check to see if handshake is full or resumed. Usually this is just a
2625 * case of checking to see if a cache hit has occurred. In the case of
2626 * session tickets we have to check the next message to be sure.
2627 */
2628
2629int
2630ssl3_check_finished(SSL *s)
2631{
2632 int ok;
2633 long n;
2634
2635 /* If we have no ticket it cannot be a resumed session. */
2636 if (!s->session->tlsext_tick)
2637 return (1);
2638 /* this function is called when we really expect a Certificate
2639 * message, so permit appropriate message length */
2640 n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A,
2641 SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok);
2642 if (!ok)
2643 return ((int)n);
2644 s->s3->tmp.reuse_message = 1;
2645 if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) ||
2646 (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
2647 return (2);
2648
2649 return (1);
2650}
2651
2652int
2653ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
2654{
2655 int i = 0;
2656
2657#ifndef OPENSSL_NO_ENGINE
2658 if (s->ctx->client_cert_engine) {
2659 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
2660 SSL_get_client_CA_list(s),
2661 px509, ppkey, NULL, NULL, NULL);
2662 if (i != 0)
2663 return (i);
2664 }
2665#endif
2666 if (s->ctx->client_cert_cb)
2667 i = s->ctx->client_cert_cb(s, px509, ppkey);
2668 return (i);
2669}
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index c8bdac0214..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,2860 +0,0 @@
1/* $OpenBSD: s3_lib.c,v 1.99 2015/07/19 06:23:51 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152
153#include <openssl/dh.h>
154#include <openssl/md5.h>
155#include <openssl/objects.h>
156
157#include "ssl_locl.h"
158#include "bytestring.h"
159
160#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
161
162/*
163 * FIXED_NONCE_LEN is a macro that provides in the correct value to set the
164 * fixed nonce length in algorithms2. It is the inverse of the
165 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro.
166 */
167#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24)
168
169/* list of available SSLv3 ciphers (sorted by id) */
170SSL_CIPHER ssl3_ciphers[] = {
171
172 /* The RSA ciphers */
173 /* Cipher 01 */
174 {
175 .valid = 1,
176 .name = SSL3_TXT_RSA_NULL_MD5,
177 .id = SSL3_CK_RSA_NULL_MD5,
178 .algorithm_mkey = SSL_kRSA,
179 .algorithm_auth = SSL_aRSA,
180 .algorithm_enc = SSL_eNULL,
181 .algorithm_mac = SSL_MD5,
182 .algorithm_ssl = SSL_SSLV3,
183 .algo_strength = SSL_STRONG_NONE,
184 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
185 .strength_bits = 0,
186 .alg_bits = 0,
187 },
188
189 /* Cipher 02 */
190 {
191 .valid = 1,
192 .name = SSL3_TXT_RSA_NULL_SHA,
193 .id = SSL3_CK_RSA_NULL_SHA,
194 .algorithm_mkey = SSL_kRSA,
195 .algorithm_auth = SSL_aRSA,
196 .algorithm_enc = SSL_eNULL,
197 .algorithm_mac = SSL_SHA1,
198 .algorithm_ssl = SSL_SSLV3,
199 .algo_strength = SSL_STRONG_NONE,
200 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
201 .strength_bits = 0,
202 .alg_bits = 0,
203 },
204
205 /* Cipher 04 */
206 {
207 .valid = 1,
208 .name = SSL3_TXT_RSA_RC4_128_MD5,
209 .id = SSL3_CK_RSA_RC4_128_MD5,
210 .algorithm_mkey = SSL_kRSA,
211 .algorithm_auth = SSL_aRSA,
212 .algorithm_enc = SSL_RC4,
213 .algorithm_mac = SSL_MD5,
214 .algorithm_ssl = SSL_SSLV3,
215 .algo_strength = SSL_MEDIUM,
216 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
217 .strength_bits = 128,
218 .alg_bits = 128,
219 },
220
221 /* Cipher 05 */
222 {
223 .valid = 1,
224 .name = SSL3_TXT_RSA_RC4_128_SHA,
225 .id = SSL3_CK_RSA_RC4_128_SHA,
226 .algorithm_mkey = SSL_kRSA,
227 .algorithm_auth = SSL_aRSA,
228 .algorithm_enc = SSL_RC4,
229 .algorithm_mac = SSL_SHA1,
230 .algorithm_ssl = SSL_SSLV3,
231 .algo_strength = SSL_MEDIUM,
232 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
233 .strength_bits = 128,
234 .alg_bits = 128,
235 },
236
237 /* Cipher 07 */
238#ifndef OPENSSL_NO_IDEA
239 {
240 .valid = 1,
241 .name = SSL3_TXT_RSA_IDEA_128_SHA,
242 .id = SSL3_CK_RSA_IDEA_128_SHA,
243 .algorithm_mkey = SSL_kRSA,
244 .algorithm_auth = SSL_aRSA,
245 .algorithm_enc = SSL_IDEA,
246 .algorithm_mac = SSL_SHA1,
247 .algorithm_ssl = SSL_SSLV3,
248 .algo_strength = SSL_MEDIUM,
249 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
250 .strength_bits = 128,
251 .alg_bits = 128,
252 },
253#endif
254
255 /* Cipher 09 */
256 {
257 .valid = 1,
258 .name = SSL3_TXT_RSA_DES_64_CBC_SHA,
259 .id = SSL3_CK_RSA_DES_64_CBC_SHA,
260 .algorithm_mkey = SSL_kRSA,
261 .algorithm_auth = SSL_aRSA,
262 .algorithm_enc = SSL_DES,
263 .algorithm_mac = SSL_SHA1,
264 .algorithm_ssl = SSL_SSLV3,
265 .algo_strength = SSL_LOW,
266 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
267 .strength_bits = 56,
268 .alg_bits = 56,
269 },
270
271 /* Cipher 0A */
272 {
273 .valid = 1,
274 .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
275 .id = SSL3_CK_RSA_DES_192_CBC3_SHA,
276 .algorithm_mkey = SSL_kRSA,
277 .algorithm_auth = SSL_aRSA,
278 .algorithm_enc = SSL_3DES,
279 .algorithm_mac = SSL_SHA1,
280 .algorithm_ssl = SSL_SSLV3,
281 .algo_strength = SSL_HIGH,
282 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
283 .strength_bits = 112,
284 .alg_bits = 168,
285 },
286
287 /*
288 * Ephemeral DH (DHE) ciphers.
289 */
290
291 /* Cipher 12 */
292 {
293 .valid = 1,
294 .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
295 .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
296 .algorithm_mkey = SSL_kDHE,
297 .algorithm_auth = SSL_aDSS,
298 .algorithm_enc = SSL_DES,
299 .algorithm_mac = SSL_SHA1,
300 .algorithm_ssl = SSL_SSLV3,
301 .algo_strength = SSL_LOW,
302 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
303 .strength_bits = 56,
304 .alg_bits = 56,
305 },
306
307 /* Cipher 13 */
308 {
309 .valid = 1,
310 .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
311 .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
312 .algorithm_mkey = SSL_kDHE,
313 .algorithm_auth = SSL_aDSS,
314 .algorithm_enc = SSL_3DES,
315 .algorithm_mac = SSL_SHA1,
316 .algorithm_ssl = SSL_SSLV3,
317 .algo_strength = SSL_HIGH,
318 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
319 .strength_bits = 112,
320 .alg_bits = 168,
321 },
322
323 /* Cipher 15 */
324 {
325 .valid = 1,
326 .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
327 .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
328 .algorithm_mkey = SSL_kDHE,
329 .algorithm_auth = SSL_aRSA,
330 .algorithm_enc = SSL_DES,
331 .algorithm_mac = SSL_SHA1,
332 .algorithm_ssl = SSL_SSLV3,
333 .algo_strength = SSL_LOW,
334 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
335 .strength_bits = 56,
336 .alg_bits = 56,
337 },
338
339 /* Cipher 16 */
340 {
341 .valid = 1,
342 .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
343 .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
344 .algorithm_mkey = SSL_kDHE,
345 .algorithm_auth = SSL_aRSA,
346 .algorithm_enc = SSL_3DES,
347 .algorithm_mac = SSL_SHA1,
348 .algorithm_ssl = SSL_SSLV3,
349 .algo_strength = SSL_HIGH,
350 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
351 .strength_bits = 112,
352 .alg_bits = 168,
353 },
354
355 /* Cipher 18 */
356 {
357 .valid = 1,
358 .name = SSL3_TXT_ADH_RC4_128_MD5,
359 .id = SSL3_CK_ADH_RC4_128_MD5,
360 .algorithm_mkey = SSL_kDHE,
361 .algorithm_auth = SSL_aNULL,
362 .algorithm_enc = SSL_RC4,
363 .algorithm_mac = SSL_MD5,
364 .algorithm_ssl = SSL_SSLV3,
365 .algo_strength = SSL_MEDIUM,
366 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
367 .strength_bits = 128,
368 .alg_bits = 128,
369 },
370
371 /* Cipher 1A */
372 {
373 .valid = 1,
374 .name = SSL3_TXT_ADH_DES_64_CBC_SHA,
375 .id = SSL3_CK_ADH_DES_64_CBC_SHA,
376 .algorithm_mkey = SSL_kDHE,
377 .algorithm_auth = SSL_aNULL,
378 .algorithm_enc = SSL_DES,
379 .algorithm_mac = SSL_SHA1,
380 .algorithm_ssl = SSL_SSLV3,
381 .algo_strength = SSL_LOW,
382 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
383 .strength_bits = 56,
384 .alg_bits = 56,
385 },
386
387 /* Cipher 1B */
388 {
389 .valid = 1,
390 .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
391 .id = SSL3_CK_ADH_DES_192_CBC_SHA,
392 .algorithm_mkey = SSL_kDHE,
393 .algorithm_auth = SSL_aNULL,
394 .algorithm_enc = SSL_3DES,
395 .algorithm_mac = SSL_SHA1,
396 .algorithm_ssl = SSL_SSLV3,
397 .algo_strength = SSL_HIGH,
398 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
399 .strength_bits = 112,
400 .alg_bits = 168,
401 },
402
403 /*
404 * AES ciphersuites.
405 */
406
407 /* Cipher 2F */
408 {
409 .valid = 1,
410 .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
411 .id = TLS1_CK_RSA_WITH_AES_128_SHA,
412 .algorithm_mkey = SSL_kRSA,
413 .algorithm_auth = SSL_aRSA,
414 .algorithm_enc = SSL_AES128,
415 .algorithm_mac = SSL_SHA1,
416 .algorithm_ssl = SSL_TLSV1,
417 .algo_strength = SSL_HIGH,
418 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
419 .strength_bits = 128,
420 .alg_bits = 128,
421 },
422
423 /* Cipher 32 */
424 {
425 .valid = 1,
426 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
427 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
428 .algorithm_mkey = SSL_kDHE,
429 .algorithm_auth = SSL_aDSS,
430 .algorithm_enc = SSL_AES128,
431 .algorithm_mac = SSL_SHA1,
432 .algorithm_ssl = SSL_TLSV1,
433 .algo_strength = SSL_HIGH,
434 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
435 .strength_bits = 128,
436 .alg_bits = 128,
437 },
438
439 /* Cipher 33 */
440 {
441 .valid = 1,
442 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
443 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
444 .algorithm_mkey = SSL_kDHE,
445 .algorithm_auth = SSL_aRSA,
446 .algorithm_enc = SSL_AES128,
447 .algorithm_mac = SSL_SHA1,
448 .algorithm_ssl = SSL_TLSV1,
449 .algo_strength = SSL_HIGH,
450 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
451 .strength_bits = 128,
452 .alg_bits = 128,
453 },
454
455 /* Cipher 34 */
456 {
457 .valid = 1,
458 .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
459 .id = TLS1_CK_ADH_WITH_AES_128_SHA,
460 .algorithm_mkey = SSL_kDHE,
461 .algorithm_auth = SSL_aNULL,
462 .algorithm_enc = SSL_AES128,
463 .algorithm_mac = SSL_SHA1,
464 .algorithm_ssl = SSL_TLSV1,
465 .algo_strength = SSL_HIGH,
466 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
467 .strength_bits = 128,
468 .alg_bits = 128,
469 },
470
471 /* Cipher 35 */
472 {
473 .valid = 1,
474 .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
475 .id = TLS1_CK_RSA_WITH_AES_256_SHA,
476 .algorithm_mkey = SSL_kRSA,
477 .algorithm_auth = SSL_aRSA,
478 .algorithm_enc = SSL_AES256,
479 .algorithm_mac = SSL_SHA1,
480 .algorithm_ssl = SSL_TLSV1,
481 .algo_strength = SSL_HIGH,
482 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
483 .strength_bits = 256,
484 .alg_bits = 256,
485 },
486
487 /* Cipher 38 */
488 {
489 .valid = 1,
490 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
491 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
492 .algorithm_mkey = SSL_kDHE,
493 .algorithm_auth = SSL_aDSS,
494 .algorithm_enc = SSL_AES256,
495 .algorithm_mac = SSL_SHA1,
496 .algorithm_ssl = SSL_TLSV1,
497 .algo_strength = SSL_HIGH,
498 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
499 .strength_bits = 256,
500 .alg_bits = 256,
501 },
502
503 /* Cipher 39 */
504 {
505 .valid = 1,
506 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
507 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
508 .algorithm_mkey = SSL_kDHE,
509 .algorithm_auth = SSL_aRSA,
510 .algorithm_enc = SSL_AES256,
511 .algorithm_mac = SSL_SHA1,
512 .algorithm_ssl = SSL_TLSV1,
513 .algo_strength = SSL_HIGH,
514 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
515 .strength_bits = 256,
516 .alg_bits = 256,
517 },
518
519 /* Cipher 3A */
520 {
521 .valid = 1,
522 .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
523 .id = TLS1_CK_ADH_WITH_AES_256_SHA,
524 .algorithm_mkey = SSL_kDHE,
525 .algorithm_auth = SSL_aNULL,
526 .algorithm_enc = SSL_AES256,
527 .algorithm_mac = SSL_SHA1,
528 .algorithm_ssl = SSL_TLSV1,
529 .algo_strength = SSL_HIGH,
530 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
531 .strength_bits = 256,
532 .alg_bits = 256,
533 },
534
535 /* TLS v1.2 ciphersuites */
536 /* Cipher 3B */
537 {
538 .valid = 1,
539 .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
540 .id = TLS1_CK_RSA_WITH_NULL_SHA256,
541 .algorithm_mkey = SSL_kRSA,
542 .algorithm_auth = SSL_aRSA,
543 .algorithm_enc = SSL_eNULL,
544 .algorithm_mac = SSL_SHA256,
545 .algorithm_ssl = SSL_TLSV1_2,
546 .algo_strength = SSL_STRONG_NONE,
547 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
548 .strength_bits = 0,
549 .alg_bits = 0,
550 },
551
552 /* Cipher 3C */
553 {
554 .valid = 1,
555 .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
556 .id = TLS1_CK_RSA_WITH_AES_128_SHA256,
557 .algorithm_mkey = SSL_kRSA,
558 .algorithm_auth = SSL_aRSA,
559 .algorithm_enc = SSL_AES128,
560 .algorithm_mac = SSL_SHA256,
561 .algorithm_ssl = SSL_TLSV1_2,
562 .algo_strength = SSL_HIGH,
563 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
564 .strength_bits = 128,
565 .alg_bits = 128,
566 },
567
568 /* Cipher 3D */
569 {
570 .valid = 1,
571 .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
572 .id = TLS1_CK_RSA_WITH_AES_256_SHA256,
573 .algorithm_mkey = SSL_kRSA,
574 .algorithm_auth = SSL_aRSA,
575 .algorithm_enc = SSL_AES256,
576 .algorithm_mac = SSL_SHA256,
577 .algorithm_ssl = SSL_TLSV1_2,
578 .algo_strength = SSL_HIGH,
579 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
580 .strength_bits = 256,
581 .alg_bits = 256,
582 },
583
584 /* Cipher 40 */
585 {
586 .valid = 1,
587 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
588 .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
589 .algorithm_mkey = SSL_kDHE,
590 .algorithm_auth = SSL_aDSS,
591 .algorithm_enc = SSL_AES128,
592 .algorithm_mac = SSL_SHA256,
593 .algorithm_ssl = SSL_TLSV1_2,
594 .algo_strength = SSL_HIGH,
595 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
596 .strength_bits = 128,
597 .alg_bits = 128,
598 },
599
600#ifndef OPENSSL_NO_CAMELLIA
601 /* Camellia ciphersuites from RFC4132 (128-bit portion) */
602
603 /* Cipher 41 */
604 {
605 .valid = 1,
606 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
607 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
608 .algorithm_mkey = SSL_kRSA,
609 .algorithm_auth = SSL_aRSA,
610 .algorithm_enc = SSL_CAMELLIA128,
611 .algorithm_mac = SSL_SHA1,
612 .algorithm_ssl = SSL_TLSV1,
613 .algo_strength = SSL_HIGH,
614 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
615 .strength_bits = 128,
616 .alg_bits = 128,
617 },
618
619 /* Cipher 44 */
620 {
621 .valid = 1,
622 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
623 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
624 .algorithm_mkey = SSL_kDHE,
625 .algorithm_auth = SSL_aDSS,
626 .algorithm_enc = SSL_CAMELLIA128,
627 .algorithm_mac = SSL_SHA1,
628 .algorithm_ssl = SSL_TLSV1,
629 .algo_strength = SSL_HIGH,
630 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
631 .strength_bits = 128,
632 .alg_bits = 128,
633 },
634
635 /* Cipher 45 */
636 {
637 .valid = 1,
638 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
639 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
640 .algorithm_mkey = SSL_kDHE,
641 .algorithm_auth = SSL_aRSA,
642 .algorithm_enc = SSL_CAMELLIA128,
643 .algorithm_mac = SSL_SHA1,
644 .algorithm_ssl = SSL_TLSV1,
645 .algo_strength = SSL_HIGH,
646 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
647 .strength_bits = 128,
648 .alg_bits = 128,
649 },
650
651 /* Cipher 46 */
652 {
653 .valid = 1,
654 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
655 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
656 .algorithm_mkey = SSL_kDHE,
657 .algorithm_auth = SSL_aNULL,
658 .algorithm_enc = SSL_CAMELLIA128,
659 .algorithm_mac = SSL_SHA1,
660 .algorithm_ssl = SSL_TLSV1,
661 .algo_strength = SSL_HIGH,
662 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
663 .strength_bits = 128,
664 .alg_bits = 128,
665 },
666#endif /* OPENSSL_NO_CAMELLIA */
667
668 /* TLS v1.2 ciphersuites */
669 /* Cipher 67 */
670 {
671 .valid = 1,
672 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
673 .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
674 .algorithm_mkey = SSL_kDHE,
675 .algorithm_auth = SSL_aRSA,
676 .algorithm_enc = SSL_AES128,
677 .algorithm_mac = SSL_SHA256,
678 .algorithm_ssl = SSL_TLSV1_2,
679 .algo_strength = SSL_HIGH,
680 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
681 .strength_bits = 128,
682 .alg_bits = 128,
683 },
684
685 /* Cipher 6A */
686 {
687 .valid = 1,
688 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
689 .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
690 .algorithm_mkey = SSL_kDHE,
691 .algorithm_auth = SSL_aDSS,
692 .algorithm_enc = SSL_AES256,
693 .algorithm_mac = SSL_SHA256,
694 .algorithm_ssl = SSL_TLSV1_2,
695 .algo_strength = SSL_HIGH,
696 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
697 .strength_bits = 256,
698 .alg_bits = 256,
699 },
700
701 /* Cipher 6B */
702 {
703 .valid = 1,
704 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
705 .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
706 .algorithm_mkey = SSL_kDHE,
707 .algorithm_auth = SSL_aRSA,
708 .algorithm_enc = SSL_AES256,
709 .algorithm_mac = SSL_SHA256,
710 .algorithm_ssl = SSL_TLSV1_2,
711 .algo_strength = SSL_HIGH,
712 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
713 .strength_bits = 256,
714 .alg_bits = 256,
715 },
716
717 /* Cipher 6C */
718 {
719 .valid = 1,
720 .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
721 .id = TLS1_CK_ADH_WITH_AES_128_SHA256,
722 .algorithm_mkey = SSL_kDHE,
723 .algorithm_auth = SSL_aNULL,
724 .algorithm_enc = SSL_AES128,
725 .algorithm_mac = SSL_SHA256,
726 .algorithm_ssl = SSL_TLSV1_2,
727 .algo_strength = SSL_HIGH,
728 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
729 .strength_bits = 128,
730 .alg_bits = 128,
731 },
732
733 /* Cipher 6D */
734 {
735 .valid = 1,
736 .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
737 .id = TLS1_CK_ADH_WITH_AES_256_SHA256,
738 .algorithm_mkey = SSL_kDHE,
739 .algorithm_auth = SSL_aNULL,
740 .algorithm_enc = SSL_AES256,
741 .algorithm_mac = SSL_SHA256,
742 .algorithm_ssl = SSL_TLSV1_2,
743 .algo_strength = SSL_HIGH,
744 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
745 .strength_bits = 256,
746 .alg_bits = 256,
747 },
748
749 /* GOST Ciphersuites */
750
751 /* Cipher 81 */
752 {
753 .valid = 1,
754 .name = "GOST2001-GOST89-GOST89",
755 .id = 0x3000081,
756 .algorithm_mkey = SSL_kGOST,
757 .algorithm_auth = SSL_aGOST01,
758 .algorithm_enc = SSL_eGOST2814789CNT,
759 .algorithm_mac = SSL_GOST89MAC,
760 .algorithm_ssl = SSL_TLSV1,
761 .algo_strength = SSL_HIGH,
762 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|
763 TLS1_STREAM_MAC,
764 .strength_bits = 256,
765 .alg_bits = 256
766 },
767
768 /* Cipher 83 */
769 {
770 .valid = 1,
771 .name = "GOST2001-NULL-GOST94",
772 .id = 0x3000083,
773 .algorithm_mkey = SSL_kGOST,
774 .algorithm_auth = SSL_aGOST01,
775 .algorithm_enc = SSL_eNULL,
776 .algorithm_mac = SSL_GOST94,
777 .algorithm_ssl = SSL_TLSV1,
778 .algo_strength = SSL_STRONG_NONE,
779 .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
780 .strength_bits = 0,
781 .alg_bits = 0
782 },
783
784#ifndef OPENSSL_NO_CAMELLIA
785 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
786
787 /* Cipher 84 */
788 {
789 .valid = 1,
790 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
791 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
792 .algorithm_mkey = SSL_kRSA,
793 .algorithm_auth = SSL_aRSA,
794 .algorithm_enc = SSL_CAMELLIA256,
795 .algorithm_mac = SSL_SHA1,
796 .algorithm_ssl = SSL_TLSV1,
797 .algo_strength = SSL_HIGH,
798 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
799 .strength_bits = 256,
800 .alg_bits = 256,
801 },
802
803 /* Cipher 87 */
804 {
805 .valid = 1,
806 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
807 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
808 .algorithm_mkey = SSL_kDHE,
809 .algorithm_auth = SSL_aDSS,
810 .algorithm_enc = SSL_CAMELLIA256,
811 .algorithm_mac = SSL_SHA1,
812 .algorithm_ssl = SSL_TLSV1,
813 .algo_strength = SSL_HIGH,
814 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
815 .strength_bits = 256,
816 .alg_bits = 256,
817 },
818
819 /* Cipher 88 */
820 {
821 .valid = 1,
822 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
823 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
824 .algorithm_mkey = SSL_kDHE,
825 .algorithm_auth = SSL_aRSA,
826 .algorithm_enc = SSL_CAMELLIA256,
827 .algorithm_mac = SSL_SHA1,
828 .algorithm_ssl = SSL_TLSV1,
829 .algo_strength = SSL_HIGH,
830 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
831 .strength_bits = 256,
832 .alg_bits = 256,
833 },
834
835 /* Cipher 89 */
836 {
837 .valid = 1,
838 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
839 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
840 .algorithm_mkey = SSL_kDHE,
841 .algorithm_auth = SSL_aNULL,
842 .algorithm_enc = SSL_CAMELLIA256,
843 .algorithm_mac = SSL_SHA1,
844 .algorithm_ssl = SSL_TLSV1,
845 .algo_strength = SSL_HIGH,
846 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
847 .strength_bits = 256,
848 .alg_bits = 256,
849 },
850#endif /* OPENSSL_NO_CAMELLIA */
851
852 /*
853 * GCM ciphersuites from RFC5288.
854 */
855
856 /* Cipher 9C */
857 {
858 .valid = 1,
859 .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
860 .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
861 .algorithm_mkey = SSL_kRSA,
862 .algorithm_auth = SSL_aRSA,
863 .algorithm_enc = SSL_AES128GCM,
864 .algorithm_mac = SSL_AEAD,
865 .algorithm_ssl = SSL_TLSV1_2,
866 .algo_strength = SSL_HIGH,
867 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
868 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
869 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
870 .strength_bits = 128,
871 .alg_bits = 128,
872 },
873
874 /* Cipher 9D */
875 {
876 .valid = 1,
877 .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
878 .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
879 .algorithm_mkey = SSL_kRSA,
880 .algorithm_auth = SSL_aRSA,
881 .algorithm_enc = SSL_AES256GCM,
882 .algorithm_mac = SSL_AEAD,
883 .algorithm_ssl = SSL_TLSV1_2,
884 .algo_strength = SSL_HIGH,
885 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
886 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
887 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
888 .strength_bits = 256,
889 .alg_bits = 256,
890 },
891
892 /* Cipher 9E */
893 {
894 .valid = 1,
895 .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
896 .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
897 .algorithm_mkey = SSL_kDHE,
898 .algorithm_auth = SSL_aRSA,
899 .algorithm_enc = SSL_AES128GCM,
900 .algorithm_mac = SSL_AEAD,
901 .algorithm_ssl = SSL_TLSV1_2,
902 .algo_strength = SSL_HIGH,
903 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
904 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
905 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
906 .strength_bits = 128,
907 .alg_bits = 128,
908 },
909
910 /* Cipher 9F */
911 {
912 .valid = 1,
913 .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
914 .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
915 .algorithm_mkey = SSL_kDHE,
916 .algorithm_auth = SSL_aRSA,
917 .algorithm_enc = SSL_AES256GCM,
918 .algorithm_mac = SSL_AEAD,
919 .algorithm_ssl = SSL_TLSV1_2,
920 .algo_strength = SSL_HIGH,
921 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
922 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
923 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
924 .strength_bits = 256,
925 .alg_bits = 256,
926 },
927
928 /* Cipher A2 */
929 {
930 .valid = 1,
931 .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
932 .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
933 .algorithm_mkey = SSL_kDHE,
934 .algorithm_auth = SSL_aDSS,
935 .algorithm_enc = SSL_AES128GCM,
936 .algorithm_mac = SSL_AEAD,
937 .algorithm_ssl = SSL_TLSV1_2,
938 .algo_strength = SSL_HIGH,
939 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
940 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
941 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
942 .strength_bits = 128,
943 .alg_bits = 128,
944 },
945
946 /* Cipher A3 */
947 {
948 .valid = 1,
949 .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
950 .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
951 .algorithm_mkey = SSL_kDHE,
952 .algorithm_auth = SSL_aDSS,
953 .algorithm_enc = SSL_AES256GCM,
954 .algorithm_mac = SSL_AEAD,
955 .algorithm_ssl = SSL_TLSV1_2,
956 .algo_strength = SSL_HIGH,
957 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
958 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
959 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
960 .strength_bits = 256,
961 .alg_bits = 256,
962 },
963
964 /* Cipher A6 */
965 {
966 .valid = 1,
967 .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
968 .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
969 .algorithm_mkey = SSL_kDHE,
970 .algorithm_auth = SSL_aNULL,
971 .algorithm_enc = SSL_AES128GCM,
972 .algorithm_mac = SSL_AEAD,
973 .algorithm_ssl = SSL_TLSV1_2,
974 .algo_strength = SSL_HIGH,
975 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
976 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
977 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
978 .strength_bits = 128,
979 .alg_bits = 128,
980 },
981
982 /* Cipher A7 */
983 {
984 .valid = 1,
985 .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
986 .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
987 .algorithm_mkey = SSL_kDHE,
988 .algorithm_auth = SSL_aNULL,
989 .algorithm_enc = SSL_AES256GCM,
990 .algorithm_mac = SSL_AEAD,
991 .algorithm_ssl = SSL_TLSV1_2,
992 .algo_strength = SSL_HIGH,
993 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
994 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
995 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
996 .strength_bits = 256,
997 .alg_bits = 256,
998 },
999
1000#ifndef OPENSSL_NO_CAMELLIA
1001 /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
1002
1003 /* Cipher BA */
1004 {
1005 .valid = 1,
1006 .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1007 .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1008 .algorithm_mkey = SSL_kRSA,
1009 .algorithm_auth = SSL_aRSA,
1010 .algorithm_enc = SSL_CAMELLIA128,
1011 .algorithm_mac = SSL_SHA256,
1012 .algorithm_ssl = SSL_TLSV1_2,
1013 .algo_strength = SSL_HIGH,
1014 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1015 .strength_bits = 128,
1016 .alg_bits = 128,
1017 },
1018
1019 /* Cipher BD */
1020 {
1021 .valid = 1,
1022 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1023 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
1024 .algorithm_mkey = SSL_kDHE,
1025 .algorithm_auth = SSL_aDSS,
1026 .algorithm_enc = SSL_CAMELLIA128,
1027 .algorithm_mac = SSL_SHA256,
1028 .algorithm_ssl = SSL_TLSV1_2,
1029 .algo_strength = SSL_HIGH,
1030 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1031 .strength_bits = 128,
1032 .alg_bits = 128,
1033 },
1034
1035 /* Cipher BE */
1036 {
1037 .valid = 1,
1038 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1039 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
1040 .algorithm_mkey = SSL_kDHE,
1041 .algorithm_auth = SSL_aRSA,
1042 .algorithm_enc = SSL_CAMELLIA128,
1043 .algorithm_mac = SSL_SHA256,
1044 .algorithm_ssl = SSL_TLSV1_2,
1045 .algo_strength = SSL_HIGH,
1046 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1047 .strength_bits = 128,
1048 .alg_bits = 128,
1049 },
1050
1051 /* Cipher BF */
1052 {
1053 .valid = 1,
1054 .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1055 .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
1056 .algorithm_mkey = SSL_kDHE,
1057 .algorithm_auth = SSL_aNULL,
1058 .algorithm_enc = SSL_CAMELLIA128,
1059 .algorithm_mac = SSL_SHA256,
1060 .algorithm_ssl = SSL_TLSV1_2,
1061 .algo_strength = SSL_HIGH,
1062 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1063 .strength_bits = 128,
1064 .alg_bits = 128,
1065 },
1066
1067 /* Cipher C0 */
1068 {
1069 .valid = 1,
1070 .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1071 .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1072 .algorithm_mkey = SSL_kRSA,
1073 .algorithm_auth = SSL_aRSA,
1074 .algorithm_enc = SSL_CAMELLIA256,
1075 .algorithm_mac = SSL_SHA256,
1076 .algorithm_ssl = SSL_TLSV1_2,
1077 .algo_strength = SSL_HIGH,
1078 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1079 .strength_bits = 256,
1080 .alg_bits = 256,
1081 },
1082
1083 /* Cipher C3 */
1084 {
1085 .valid = 1,
1086 .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1087 .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
1088 .algorithm_mkey = SSL_kDHE,
1089 .algorithm_auth = SSL_aDSS,
1090 .algorithm_enc = SSL_CAMELLIA256,
1091 .algorithm_mac = SSL_SHA256,
1092 .algorithm_ssl = SSL_TLSV1_2,
1093 .algo_strength = SSL_HIGH,
1094 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1095 .strength_bits = 256,
1096 .alg_bits = 256,
1097 },
1098
1099 /* Cipher C4 */
1100 {
1101 .valid = 1,
1102 .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1103 .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
1104 .algorithm_mkey = SSL_kDHE,
1105 .algorithm_auth = SSL_aRSA,
1106 .algorithm_enc = SSL_CAMELLIA256,
1107 .algorithm_mac = SSL_SHA256,
1108 .algorithm_ssl = SSL_TLSV1_2,
1109 .algo_strength = SSL_HIGH,
1110 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1111 .strength_bits = 256,
1112 .alg_bits = 256,
1113 },
1114
1115 /* Cipher C5 */
1116 {
1117 .valid = 1,
1118 .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1119 .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
1120 .algorithm_mkey = SSL_kDHE,
1121 .algorithm_auth = SSL_aNULL,
1122 .algorithm_enc = SSL_CAMELLIA256,
1123 .algorithm_mac = SSL_SHA256,
1124 .algorithm_ssl = SSL_TLSV1_2,
1125 .algo_strength = SSL_HIGH,
1126 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1127 .strength_bits = 256,
1128 .alg_bits = 256,
1129 },
1130#endif /* OPENSSL_NO_CAMELLIA */
1131
1132 /* Cipher C001 */
1133 {
1134 .valid = 1,
1135 .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1136 .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1137 .algorithm_mkey = SSL_kECDHe,
1138 .algorithm_auth = SSL_aECDH,
1139 .algorithm_enc = SSL_eNULL,
1140 .algorithm_mac = SSL_SHA1,
1141 .algorithm_ssl = SSL_TLSV1,
1142 .algo_strength = SSL_STRONG_NONE,
1143 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1144 .strength_bits = 0,
1145 .alg_bits = 0,
1146 },
1147
1148 /* Cipher C002 */
1149 {
1150 .valid = 1,
1151 .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1152 .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1153 .algorithm_mkey = SSL_kECDHe,
1154 .algorithm_auth = SSL_aECDH,
1155 .algorithm_enc = SSL_RC4,
1156 .algorithm_mac = SSL_SHA1,
1157 .algorithm_ssl = SSL_TLSV1,
1158 .algo_strength = SSL_MEDIUM,
1159 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1160 .strength_bits = 128,
1161 .alg_bits = 128,
1162 },
1163
1164 /* Cipher C003 */
1165 {
1166 .valid = 1,
1167 .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1168 .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1169 .algorithm_mkey = SSL_kECDHe,
1170 .algorithm_auth = SSL_aECDH,
1171 .algorithm_enc = SSL_3DES,
1172 .algorithm_mac = SSL_SHA1,
1173 .algorithm_ssl = SSL_TLSV1,
1174 .algo_strength = SSL_HIGH,
1175 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1176 .strength_bits = 112,
1177 .alg_bits = 168,
1178 },
1179
1180 /* Cipher C004 */
1181 {
1182 .valid = 1,
1183 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1184 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1185 .algorithm_mkey = SSL_kECDHe,
1186 .algorithm_auth = SSL_aECDH,
1187 .algorithm_enc = SSL_AES128,
1188 .algorithm_mac = SSL_SHA1,
1189 .algorithm_ssl = SSL_TLSV1,
1190 .algo_strength = SSL_HIGH,
1191 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1192 .strength_bits = 128,
1193 .alg_bits = 128,
1194 },
1195
1196 /* Cipher C005 */
1197 {
1198 .valid = 1,
1199 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1200 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1201 .algorithm_mkey = SSL_kECDHe,
1202 .algorithm_auth = SSL_aECDH,
1203 .algorithm_enc = SSL_AES256,
1204 .algorithm_mac = SSL_SHA1,
1205 .algorithm_ssl = SSL_TLSV1,
1206 .algo_strength = SSL_HIGH,
1207 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1208 .strength_bits = 256,
1209 .alg_bits = 256,
1210 },
1211
1212 /* Cipher C006 */
1213 {
1214 .valid = 1,
1215 .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1216 .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1217 .algorithm_mkey = SSL_kECDHE,
1218 .algorithm_auth = SSL_aECDSA,
1219 .algorithm_enc = SSL_eNULL,
1220 .algorithm_mac = SSL_SHA1,
1221 .algorithm_ssl = SSL_TLSV1,
1222 .algo_strength = SSL_STRONG_NONE,
1223 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1224 .strength_bits = 0,
1225 .alg_bits = 0,
1226 },
1227
1228 /* Cipher C007 */
1229 {
1230 .valid = 1,
1231 .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1232 .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1233 .algorithm_mkey = SSL_kECDHE,
1234 .algorithm_auth = SSL_aECDSA,
1235 .algorithm_enc = SSL_RC4,
1236 .algorithm_mac = SSL_SHA1,
1237 .algorithm_ssl = SSL_TLSV1,
1238 .algo_strength = SSL_MEDIUM,
1239 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1240 .strength_bits = 128,
1241 .alg_bits = 128,
1242 },
1243
1244 /* Cipher C008 */
1245 {
1246 .valid = 1,
1247 .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1248 .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1249 .algorithm_mkey = SSL_kECDHE,
1250 .algorithm_auth = SSL_aECDSA,
1251 .algorithm_enc = SSL_3DES,
1252 .algorithm_mac = SSL_SHA1,
1253 .algorithm_ssl = SSL_TLSV1,
1254 .algo_strength = SSL_HIGH,
1255 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1256 .strength_bits = 112,
1257 .alg_bits = 168,
1258 },
1259
1260 /* Cipher C009 */
1261 {
1262 .valid = 1,
1263 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1264 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1265 .algorithm_mkey = SSL_kECDHE,
1266 .algorithm_auth = SSL_aECDSA,
1267 .algorithm_enc = SSL_AES128,
1268 .algorithm_mac = SSL_SHA1,
1269 .algorithm_ssl = SSL_TLSV1,
1270 .algo_strength = SSL_HIGH,
1271 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1272 .strength_bits = 128,
1273 .alg_bits = 128,
1274 },
1275
1276 /* Cipher C00A */
1277 {
1278 .valid = 1,
1279 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1280 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1281 .algorithm_mkey = SSL_kECDHE,
1282 .algorithm_auth = SSL_aECDSA,
1283 .algorithm_enc = SSL_AES256,
1284 .algorithm_mac = SSL_SHA1,
1285 .algorithm_ssl = SSL_TLSV1,
1286 .algo_strength = SSL_HIGH,
1287 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1288 .strength_bits = 256,
1289 .alg_bits = 256,
1290 },
1291
1292 /* Cipher C00B */
1293 {
1294 .valid = 1,
1295 .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1296 .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1297 .algorithm_mkey = SSL_kECDHr,
1298 .algorithm_auth = SSL_aECDH,
1299 .algorithm_enc = SSL_eNULL,
1300 .algorithm_mac = SSL_SHA1,
1301 .algorithm_ssl = SSL_TLSV1,
1302 .algo_strength = SSL_STRONG_NONE,
1303 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1304 .strength_bits = 0,
1305 .alg_bits = 0,
1306 },
1307
1308 /* Cipher C00C */
1309 {
1310 .valid = 1,
1311 .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1312 .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1313 .algorithm_mkey = SSL_kECDHr,
1314 .algorithm_auth = SSL_aECDH,
1315 .algorithm_enc = SSL_RC4,
1316 .algorithm_mac = SSL_SHA1,
1317 .algorithm_ssl = SSL_TLSV1,
1318 .algo_strength = SSL_MEDIUM,
1319 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1320 .strength_bits = 128,
1321 .alg_bits = 128,
1322 },
1323
1324 /* Cipher C00D */
1325 {
1326 .valid = 1,
1327 .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1328 .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1329 .algorithm_mkey = SSL_kECDHr,
1330 .algorithm_auth = SSL_aECDH,
1331 .algorithm_enc = SSL_3DES,
1332 .algorithm_mac = SSL_SHA1,
1333 .algorithm_ssl = SSL_TLSV1,
1334 .algo_strength = SSL_HIGH,
1335 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1336 .strength_bits = 112,
1337 .alg_bits = 168,
1338 },
1339
1340 /* Cipher C00E */
1341 {
1342 .valid = 1,
1343 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1344 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1345 .algorithm_mkey = SSL_kECDHr,
1346 .algorithm_auth = SSL_aECDH,
1347 .algorithm_enc = SSL_AES128,
1348 .algorithm_mac = SSL_SHA1,
1349 .algorithm_ssl = SSL_TLSV1,
1350 .algo_strength = SSL_HIGH,
1351 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1352 .strength_bits = 128,
1353 .alg_bits = 128,
1354 },
1355
1356 /* Cipher C00F */
1357 {
1358 .valid = 1,
1359 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1360 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1361 .algorithm_mkey = SSL_kECDHr,
1362 .algorithm_auth = SSL_aECDH,
1363 .algorithm_enc = SSL_AES256,
1364 .algorithm_mac = SSL_SHA1,
1365 .algorithm_ssl = SSL_TLSV1,
1366 .algo_strength = SSL_HIGH,
1367 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1368 .strength_bits = 256,
1369 .alg_bits = 256,
1370 },
1371
1372 /* Cipher C010 */
1373 {
1374 .valid = 1,
1375 .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1376 .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1377 .algorithm_mkey = SSL_kECDHE,
1378 .algorithm_auth = SSL_aRSA,
1379 .algorithm_enc = SSL_eNULL,
1380 .algorithm_mac = SSL_SHA1,
1381 .algorithm_ssl = SSL_TLSV1,
1382 .algo_strength = SSL_STRONG_NONE,
1383 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1384 .strength_bits = 0,
1385 .alg_bits = 0,
1386 },
1387
1388 /* Cipher C011 */
1389 {
1390 .valid = 1,
1391 .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1392 .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1393 .algorithm_mkey = SSL_kECDHE,
1394 .algorithm_auth = SSL_aRSA,
1395 .algorithm_enc = SSL_RC4,
1396 .algorithm_mac = SSL_SHA1,
1397 .algorithm_ssl = SSL_TLSV1,
1398 .algo_strength = SSL_MEDIUM,
1399 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1400 .strength_bits = 128,
1401 .alg_bits = 128,
1402 },
1403
1404 /* Cipher C012 */
1405 {
1406 .valid = 1,
1407 .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1408 .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1409 .algorithm_mkey = SSL_kECDHE,
1410 .algorithm_auth = SSL_aRSA,
1411 .algorithm_enc = SSL_3DES,
1412 .algorithm_mac = SSL_SHA1,
1413 .algorithm_ssl = SSL_TLSV1,
1414 .algo_strength = SSL_HIGH,
1415 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1416 .strength_bits = 112,
1417 .alg_bits = 168,
1418 },
1419
1420 /* Cipher C013 */
1421 {
1422 .valid = 1,
1423 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1424 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1425 .algorithm_mkey = SSL_kECDHE,
1426 .algorithm_auth = SSL_aRSA,
1427 .algorithm_enc = SSL_AES128,
1428 .algorithm_mac = SSL_SHA1,
1429 .algorithm_ssl = SSL_TLSV1,
1430 .algo_strength = SSL_HIGH,
1431 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1432 .strength_bits = 128,
1433 .alg_bits = 128,
1434 },
1435
1436 /* Cipher C014 */
1437 {
1438 .valid = 1,
1439 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1440 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1441 .algorithm_mkey = SSL_kECDHE,
1442 .algorithm_auth = SSL_aRSA,
1443 .algorithm_enc = SSL_AES256,
1444 .algorithm_mac = SSL_SHA1,
1445 .algorithm_ssl = SSL_TLSV1,
1446 .algo_strength = SSL_HIGH,
1447 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1448 .strength_bits = 256,
1449 .alg_bits = 256,
1450 },
1451
1452 /* Cipher C015 */
1453 {
1454 .valid = 1,
1455 .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1456 .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1457 .algorithm_mkey = SSL_kECDHE,
1458 .algorithm_auth = SSL_aNULL,
1459 .algorithm_enc = SSL_eNULL,
1460 .algorithm_mac = SSL_SHA1,
1461 .algorithm_ssl = SSL_TLSV1,
1462 .algo_strength = SSL_STRONG_NONE,
1463 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1464 .strength_bits = 0,
1465 .alg_bits = 0,
1466 },
1467
1468 /* Cipher C016 */
1469 {
1470 .valid = 1,
1471 .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1472 .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1473 .algorithm_mkey = SSL_kECDHE,
1474 .algorithm_auth = SSL_aNULL,
1475 .algorithm_enc = SSL_RC4,
1476 .algorithm_mac = SSL_SHA1,
1477 .algorithm_ssl = SSL_TLSV1,
1478 .algo_strength = SSL_MEDIUM,
1479 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1480 .strength_bits = 128,
1481 .alg_bits = 128,
1482 },
1483
1484 /* Cipher C017 */
1485 {
1486 .valid = 1,
1487 .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1488 .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1489 .algorithm_mkey = SSL_kECDHE,
1490 .algorithm_auth = SSL_aNULL,
1491 .algorithm_enc = SSL_3DES,
1492 .algorithm_mac = SSL_SHA1,
1493 .algorithm_ssl = SSL_TLSV1,
1494 .algo_strength = SSL_HIGH,
1495 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1496 .strength_bits = 112,
1497 .alg_bits = 168,
1498 },
1499
1500 /* Cipher C018 */
1501 {
1502 .valid = 1,
1503 .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1504 .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1505 .algorithm_mkey = SSL_kECDHE,
1506 .algorithm_auth = SSL_aNULL,
1507 .algorithm_enc = SSL_AES128,
1508 .algorithm_mac = SSL_SHA1,
1509 .algorithm_ssl = SSL_TLSV1,
1510 .algo_strength = SSL_HIGH,
1511 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1512 .strength_bits = 128,
1513 .alg_bits = 128,
1514 },
1515
1516 /* Cipher C019 */
1517 {
1518 .valid = 1,
1519 .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1520 .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1521 .algorithm_mkey = SSL_kECDHE,
1522 .algorithm_auth = SSL_aNULL,
1523 .algorithm_enc = SSL_AES256,
1524 .algorithm_mac = SSL_SHA1,
1525 .algorithm_ssl = SSL_TLSV1,
1526 .algo_strength = SSL_HIGH,
1527 .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1528 .strength_bits = 256,
1529 .alg_bits = 256,
1530 },
1531
1532
1533 /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
1534
1535 /* Cipher C023 */
1536 {
1537 .valid = 1,
1538 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
1539 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
1540 .algorithm_mkey = SSL_kECDHE,
1541 .algorithm_auth = SSL_aECDSA,
1542 .algorithm_enc = SSL_AES128,
1543 .algorithm_mac = SSL_SHA256,
1544 .algorithm_ssl = SSL_TLSV1_2,
1545 .algo_strength = SSL_HIGH,
1546 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1547 .strength_bits = 128,
1548 .alg_bits = 128,
1549 },
1550
1551 /* Cipher C024 */
1552 {
1553 .valid = 1,
1554 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
1555 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
1556 .algorithm_mkey = SSL_kECDHE,
1557 .algorithm_auth = SSL_aECDSA,
1558 .algorithm_enc = SSL_AES256,
1559 .algorithm_mac = SSL_SHA384,
1560 .algorithm_ssl = SSL_TLSV1_2,
1561 .algo_strength = SSL_HIGH,
1562 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1563 .strength_bits = 256,
1564 .alg_bits = 256,
1565 },
1566
1567 /* Cipher C025 */
1568 {
1569 .valid = 1,
1570 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
1571 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
1572 .algorithm_mkey = SSL_kECDHe,
1573 .algorithm_auth = SSL_aECDH,
1574 .algorithm_enc = SSL_AES128,
1575 .algorithm_mac = SSL_SHA256,
1576 .algorithm_ssl = SSL_TLSV1_2,
1577 .algo_strength = SSL_HIGH,
1578 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1579 .strength_bits = 128,
1580 .alg_bits = 128,
1581 },
1582
1583 /* Cipher C026 */
1584 {
1585 .valid = 1,
1586 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
1587 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
1588 .algorithm_mkey = SSL_kECDHe,
1589 .algorithm_auth = SSL_aECDH,
1590 .algorithm_enc = SSL_AES256,
1591 .algorithm_mac = SSL_SHA384,
1592 .algorithm_ssl = SSL_TLSV1_2,
1593 .algo_strength = SSL_HIGH,
1594 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1595 .strength_bits = 256,
1596 .alg_bits = 256,
1597 },
1598
1599 /* Cipher C027 */
1600 {
1601 .valid = 1,
1602 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
1603 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
1604 .algorithm_mkey = SSL_kECDHE,
1605 .algorithm_auth = SSL_aRSA,
1606 .algorithm_enc = SSL_AES128,
1607 .algorithm_mac = SSL_SHA256,
1608 .algorithm_ssl = SSL_TLSV1_2,
1609 .algo_strength = SSL_HIGH,
1610 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1611 .strength_bits = 128,
1612 .alg_bits = 128,
1613 },
1614
1615 /* Cipher C028 */
1616 {
1617 .valid = 1,
1618 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
1619 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
1620 .algorithm_mkey = SSL_kECDHE,
1621 .algorithm_auth = SSL_aRSA,
1622 .algorithm_enc = SSL_AES256,
1623 .algorithm_mac = SSL_SHA384,
1624 .algorithm_ssl = SSL_TLSV1_2,
1625 .algo_strength = SSL_HIGH,
1626 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1627 .strength_bits = 256,
1628 .alg_bits = 256,
1629 },
1630
1631 /* Cipher C029 */
1632 {
1633 .valid = 1,
1634 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
1635 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
1636 .algorithm_mkey = SSL_kECDHr,
1637 .algorithm_auth = SSL_aECDH,
1638 .algorithm_enc = SSL_AES128,
1639 .algorithm_mac = SSL_SHA256,
1640 .algorithm_ssl = SSL_TLSV1_2,
1641 .algo_strength = SSL_HIGH,
1642 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
1643 .strength_bits = 128,
1644 .alg_bits = 128,
1645 },
1646
1647 /* Cipher C02A */
1648 {
1649 .valid = 1,
1650 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
1651 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
1652 .algorithm_mkey = SSL_kECDHr,
1653 .algorithm_auth = SSL_aECDH,
1654 .algorithm_enc = SSL_AES256,
1655 .algorithm_mac = SSL_SHA384,
1656 .algorithm_ssl = SSL_TLSV1_2,
1657 .algo_strength = SSL_HIGH,
1658 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
1659 .strength_bits = 256,
1660 .alg_bits = 256,
1661 },
1662
1663 /* GCM based TLS v1.2 ciphersuites from RFC5289 */
1664
1665 /* Cipher C02B */
1666 {
1667 .valid = 1,
1668 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1669 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1670 .algorithm_mkey = SSL_kECDHE,
1671 .algorithm_auth = SSL_aECDSA,
1672 .algorithm_enc = SSL_AES128GCM,
1673 .algorithm_mac = SSL_AEAD,
1674 .algorithm_ssl = SSL_TLSV1_2,
1675 .algo_strength = SSL_HIGH,
1676 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1677 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1678 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1679 .strength_bits = 128,
1680 .alg_bits = 128,
1681 },
1682
1683 /* Cipher C02C */
1684 {
1685 .valid = 1,
1686 .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1687 .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1688 .algorithm_mkey = SSL_kECDHE,
1689 .algorithm_auth = SSL_aECDSA,
1690 .algorithm_enc = SSL_AES256GCM,
1691 .algorithm_mac = SSL_AEAD,
1692 .algorithm_ssl = SSL_TLSV1_2,
1693 .algo_strength = SSL_HIGH,
1694 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1695 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1696 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1697 .strength_bits = 256,
1698 .alg_bits = 256,
1699 },
1700
1701 /* Cipher C02D */
1702 {
1703 .valid = 1,
1704 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1705 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
1706 .algorithm_mkey = SSL_kECDHe,
1707 .algorithm_auth = SSL_aECDH,
1708 .algorithm_enc = SSL_AES128GCM,
1709 .algorithm_mac = SSL_AEAD,
1710 .algorithm_ssl = SSL_TLSV1_2,
1711 .algo_strength = SSL_HIGH,
1712 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1713 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1714 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1715 .strength_bits = 128,
1716 .alg_bits = 128,
1717 },
1718
1719 /* Cipher C02E */
1720 {
1721 .valid = 1,
1722 .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1723 .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
1724 .algorithm_mkey = SSL_kECDHe,
1725 .algorithm_auth = SSL_aECDH,
1726 .algorithm_enc = SSL_AES256GCM,
1727 .algorithm_mac = SSL_AEAD,
1728 .algorithm_ssl = SSL_TLSV1_2,
1729 .algo_strength = SSL_HIGH,
1730 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1731 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1732 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1733 .strength_bits = 256,
1734 .alg_bits = 256,
1735 },
1736
1737 /* Cipher C02F */
1738 {
1739 .valid = 1,
1740 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1741 .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1742 .algorithm_mkey = SSL_kECDHE,
1743 .algorithm_auth = SSL_aRSA,
1744 .algorithm_enc = SSL_AES128GCM,
1745 .algorithm_mac = SSL_AEAD,
1746 .algorithm_ssl = SSL_TLSV1_2,
1747 .algo_strength = SSL_HIGH,
1748 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1749 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1750 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1751 .strength_bits = 128,
1752 .alg_bits = 128,
1753 },
1754
1755 /* Cipher C030 */
1756 {
1757 .valid = 1,
1758 .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1759 .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1760 .algorithm_mkey = SSL_kECDHE,
1761 .algorithm_auth = SSL_aRSA,
1762 .algorithm_enc = SSL_AES256GCM,
1763 .algorithm_mac = SSL_AEAD,
1764 .algorithm_ssl = SSL_TLSV1_2,
1765 .algo_strength = SSL_HIGH,
1766 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1767 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1768 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1769 .strength_bits = 256,
1770 .alg_bits = 256,
1771 },
1772
1773 /* Cipher C031 */
1774 {
1775 .valid = 1,
1776 .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1777 .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
1778 .algorithm_mkey = SSL_kECDHr,
1779 .algorithm_auth = SSL_aECDH,
1780 .algorithm_enc = SSL_AES128GCM,
1781 .algorithm_mac = SSL_AEAD,
1782 .algorithm_ssl = SSL_TLSV1_2,
1783 .algo_strength = SSL_HIGH,
1784 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1785 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1786 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1787 .strength_bits = 128,
1788 .alg_bits = 128,
1789 },
1790
1791 /* Cipher C032 */
1792 {
1793 .valid = 1,
1794 .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1795 .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
1796 .algorithm_mkey = SSL_kECDHr,
1797 .algorithm_auth = SSL_aECDH,
1798 .algorithm_enc = SSL_AES256GCM,
1799 .algorithm_mac = SSL_AEAD,
1800 .algorithm_ssl = SSL_TLSV1_2,
1801 .algo_strength = SSL_HIGH,
1802 .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|
1803 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)|
1804 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD,
1805 .strength_bits = 256,
1806 .alg_bits = 256,
1807 },
1808
1809#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1810 /* Cipher CC13 */
1811 {
1812 .valid = 1,
1813 .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
1814 .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
1815 .algorithm_mkey = SSL_kECDHE,
1816 .algorithm_auth = SSL_aRSA,
1817 .algorithm_enc = SSL_CHACHA20POLY1305,
1818 .algorithm_mac = SSL_AEAD,
1819 .algorithm_ssl = SSL_TLSV1_2,
1820 .algo_strength = SSL_HIGH,
1821 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1822 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1823 .strength_bits = 256,
1824 .alg_bits = 256,
1825 },
1826
1827 /* Cipher CC14 */
1828 {
1829 .valid = 1,
1830 .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
1831 .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
1832 .algorithm_mkey = SSL_kECDHE,
1833 .algorithm_auth = SSL_aECDSA,
1834 .algorithm_enc = SSL_CHACHA20POLY1305,
1835 .algorithm_mac = SSL_AEAD,
1836 .algorithm_ssl = SSL_TLSV1_2,
1837 .algo_strength = SSL_HIGH,
1838 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1839 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1840 .strength_bits = 256,
1841 .alg_bits = 256,
1842 },
1843
1844 /* Cipher CC15 */
1845 {
1846 .valid = 1,
1847 .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
1848 .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
1849 .algorithm_mkey = SSL_kDHE,
1850 .algorithm_auth = SSL_aRSA,
1851 .algorithm_enc = SSL_CHACHA20POLY1305,
1852 .algorithm_mac = SSL_AEAD,
1853 .algorithm_ssl = SSL_TLSV1_2,
1854 .algo_strength = SSL_HIGH,
1855 .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|
1856 SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0),
1857 .strength_bits = 256,
1858 .alg_bits = 256,
1859 },
1860#endif
1861
1862 /* Cipher FF85 FIXME IANA */
1863 {
1864 .valid = 1,
1865 .name = "GOST2012256-GOST89-GOST89",
1866 .id = 0x300ff85, /* FIXME IANA */
1867 .algorithm_mkey = SSL_kGOST,
1868 .algorithm_auth = SSL_aGOST01,
1869 .algorithm_enc = SSL_eGOST2814789CNT,
1870 .algorithm_mac = SSL_GOST89MAC,
1871 .algorithm_ssl = SSL_TLSV1,
1872 .algo_strength = SSL_HIGH,
1873 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256|
1874 TLS1_STREAM_MAC,
1875 .strength_bits = 256,
1876 .alg_bits = 256
1877 },
1878
1879 /* Cipher FF87 FIXME IANA */
1880 {
1881 .valid = 1,
1882 .name = "GOST2012256-NULL-STREEBOG256",
1883 .id = 0x300ff87, /* FIXME IANA */
1884 .algorithm_mkey = SSL_kGOST,
1885 .algorithm_auth = SSL_aGOST01,
1886 .algorithm_enc = SSL_eNULL,
1887 .algorithm_mac = SSL_STREEBOG256,
1888 .algorithm_ssl = SSL_TLSV1,
1889 .algo_strength = SSL_STRONG_NONE,
1890 .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256,
1891 .strength_bits = 0,
1892 .alg_bits = 0
1893 },
1894
1895
1896 /* end of list */
1897};
1898
1899SSL3_ENC_METHOD SSLv3_enc_data = {
1900 .enc = ssl3_enc,
1901 .mac = n_ssl3_mac,
1902 .setup_key_block = ssl3_setup_key_block,
1903 .generate_master_secret = ssl3_generate_master_secret,
1904 .change_cipher_state = ssl3_change_cipher_state,
1905 .final_finish_mac = ssl3_final_finish_mac,
1906 .finish_mac_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
1907 .cert_verify_mac = ssl3_cert_verify_mac,
1908 .client_finished_label = SSL3_MD_CLIENT_FINISHED_CONST,
1909 .client_finished_label_len = 4,
1910 .server_finished_label = SSL3_MD_SERVER_FINISHED_CONST,
1911 .server_finished_label_len = 4,
1912 .alert_value = ssl3_alert_code,
1913 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t,
1914 const char *, size_t, const unsigned char *, size_t,
1915 int use_context))ssl_undefined_function,
1916 .enc_flags = 0,
1917};
1918
1919long
1920ssl3_default_timeout(void)
1921{
1922 /*
1923 * 2 hours, the 24 hours mentioned in the SSLv3 spec
1924 * is way too long for http, the cache would over fill
1925 */
1926 return (60 * 60 * 2);
1927}
1928
1929int
1930ssl3_num_ciphers(void)
1931{
1932 return (SSL3_NUM_CIPHERS);
1933}
1934
1935const SSL_CIPHER *
1936ssl3_get_cipher(unsigned int u)
1937{
1938 if (u < SSL3_NUM_CIPHERS)
1939 return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
1940 else
1941 return (NULL);
1942}
1943
1944const SSL_CIPHER *
1945ssl3_get_cipher_by_id(unsigned int id)
1946{
1947 const SSL_CIPHER *cp;
1948 SSL_CIPHER c;
1949
1950 c.id = id;
1951 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
1952 if (cp != NULL && cp->valid == 1)
1953 return (cp);
1954
1955 return (NULL);
1956}
1957
1958const SSL_CIPHER *
1959ssl3_get_cipher_by_value(uint16_t value)
1960{
1961 return ssl3_get_cipher_by_id(SSL3_CK_ID | value);
1962}
1963
1964uint16_t
1965ssl3_cipher_get_value(const SSL_CIPHER *c)
1966{
1967 return (c->id & SSL3_CK_VALUE_MASK);
1968}
1969
1970int
1971ssl3_pending(const SSL *s)
1972{
1973 if (s->rstate == SSL_ST_READ_BODY)
1974 return 0;
1975
1976 return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ?
1977 s->s3->rrec.length : 0;
1978}
1979
1980unsigned char *
1981ssl3_handshake_msg_start(SSL *s, uint8_t msg_type)
1982{
1983 unsigned char *d, *p;
1984 int hdr_len;
1985
1986 d = p = (unsigned char *)s->init_buf->data;
1987
1988 hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
1989 SSL3_HM_HEADER_LENGTH;
1990
1991 /* Handshake message type and length. */
1992 *(p++) = msg_type;
1993 l2n3(0, p);
1994
1995 return (d + hdr_len);
1996}
1997
1998void
1999ssl3_handshake_msg_finish(SSL *s, unsigned int len)
2000{
2001 unsigned char *d, *p;
2002 uint8_t msg_type;
2003 int hdr_len;
2004
2005 d = p = (unsigned char *)s->init_buf->data;
2006
2007 hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH :
2008 SSL3_HM_HEADER_LENGTH;
2009
2010 /* Handshake message length. */
2011 msg_type = *(p++);
2012 l2n3(len, p);
2013
2014 s->init_num = hdr_len + (int)len;
2015 s->init_off = 0;
2016
2017 if (SSL_IS_DTLS(s)) {
2018 dtls1_set_message_header(s, d, msg_type, len, 0, len);
2019 dtls1_buffer_message(s, 0);
2020 }
2021}
2022
2023int
2024ssl3_handshake_write(SSL *s)
2025{
2026 if (SSL_IS_DTLS(s))
2027 return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
2028
2029 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
2030}
2031
2032int
2033ssl3_new(SSL *s)
2034{
2035 SSL3_STATE *s3;
2036
2037 if ((s3 = calloc(1, sizeof *s3)) == NULL)
2038 goto err;
2039 memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
2040 memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
2041
2042 s->s3 = s3;
2043
2044 s->method->ssl_clear(s);
2045 return (1);
2046err:
2047 return (0);
2048}
2049
2050void
2051ssl3_free(SSL *s)
2052{
2053 if (s == NULL)
2054 return;
2055
2056 ssl3_cleanup_key_block(s);
2057 ssl3_release_read_buffer(s);
2058 ssl3_release_write_buffer(s);
2059
2060 DH_free(s->s3->tmp.dh);
2061 EC_KEY_free(s->s3->tmp.ecdh);
2062
2063 if (s->s3->tmp.ca_names != NULL)
2064 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2065 BIO_free(s->s3->handshake_buffer);
2066 ssl3_free_digest_list(s);
2067 free(s->s3->alpn_selected);
2068
2069 OPENSSL_cleanse(s->s3, sizeof *s->s3);
2070 free(s->s3);
2071 s->s3 = NULL;
2072}
2073
2074void
2075ssl3_clear(SSL *s)
2076{
2077 unsigned char *rp, *wp;
2078 size_t rlen, wlen;
2079
2080 ssl3_cleanup_key_block(s);
2081 if (s->s3->tmp.ca_names != NULL)
2082 sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
2083
2084 DH_free(s->s3->tmp.dh);
2085 s->s3->tmp.dh = NULL;
2086 EC_KEY_free(s->s3->tmp.ecdh);
2087 s->s3->tmp.ecdh = NULL;
2088
2089 rp = s->s3->rbuf.buf;
2090 wp = s->s3->wbuf.buf;
2091 rlen = s->s3->rbuf.len;
2092 wlen = s->s3->wbuf.len;
2093
2094 BIO_free(s->s3->handshake_buffer);
2095 s->s3->handshake_buffer = NULL;
2096
2097 ssl3_free_digest_list(s);
2098
2099 free(s->s3->alpn_selected);
2100 s->s3->alpn_selected = NULL;
2101
2102 memset(s->s3, 0, sizeof *s->s3);
2103 s->s3->rbuf.buf = rp;
2104 s->s3->wbuf.buf = wp;
2105 s->s3->rbuf.len = rlen;
2106 s->s3->wbuf.len = wlen;
2107
2108 ssl_free_wbio_buffer(s);
2109
2110 s->packet_length = 0;
2111 s->s3->renegotiate = 0;
2112 s->s3->total_renegotiations = 0;
2113 s->s3->num_renegotiations = 0;
2114 s->s3->in_read_app_data = 0;
2115 s->version = SSL3_VERSION;
2116
2117 free(s->next_proto_negotiated);
2118 s->next_proto_negotiated = NULL;
2119 s->next_proto_negotiated_len = 0;
2120}
2121
2122
2123long
2124ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
2125{
2126 int ret = 0;
2127
2128 if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) {
2129 if (!ssl_cert_inst(&s->cert)) {
2130 SSLerr(SSL_F_SSL3_CTRL,
2131 ERR_R_MALLOC_FAILURE);
2132 return (0);
2133 }
2134 }
2135
2136 switch (cmd) {
2137 case SSL_CTRL_GET_SESSION_REUSED:
2138 ret = s->hit;
2139 break;
2140 case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
2141 break;
2142 case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
2143 ret = s->s3->num_renegotiations;
2144 break;
2145 case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
2146 ret = s->s3->num_renegotiations;
2147 s->s3->num_renegotiations = 0;
2148 break;
2149 case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
2150 ret = s->s3->total_renegotiations;
2151 break;
2152 case SSL_CTRL_GET_FLAGS:
2153 ret = (int)(s->s3->flags);
2154 break;
2155 case SSL_CTRL_NEED_TMP_RSA:
2156 ret = 0;
2157 break;
2158 case SSL_CTRL_SET_TMP_RSA:
2159 case SSL_CTRL_SET_TMP_RSA_CB:
2160 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2161 break;
2162 case SSL_CTRL_SET_TMP_DH:
2163 {
2164 DH *dh = (DH *)parg;
2165 if (dh == NULL) {
2166 SSLerr(SSL_F_SSL3_CTRL,
2167 ERR_R_PASSED_NULL_PARAMETER);
2168 return (ret);
2169 }
2170 if ((dh = DHparams_dup(dh)) == NULL) {
2171 SSLerr(SSL_F_SSL3_CTRL,
2172 ERR_R_DH_LIB);
2173 return (ret);
2174 }
2175 if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
2176 if (!DH_generate_key(dh)) {
2177 DH_free(dh);
2178 SSLerr(SSL_F_SSL3_CTRL,
2179 ERR_R_DH_LIB);
2180 return (ret);
2181 }
2182 }
2183 DH_free(s->cert->dh_tmp);
2184 s->cert->dh_tmp = dh;
2185 ret = 1;
2186 }
2187 break;
2188
2189 case SSL_CTRL_SET_TMP_DH_CB:
2190 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2191 return (ret);
2192
2193 case SSL_CTRL_SET_DH_AUTO:
2194 s->cert->dh_tmp_auto = larg;
2195 return 1;
2196
2197 case SSL_CTRL_SET_TMP_ECDH:
2198 {
2199 EC_KEY *ecdh = NULL;
2200
2201 if (parg == NULL) {
2202 SSLerr(SSL_F_SSL3_CTRL,
2203 ERR_R_PASSED_NULL_PARAMETER);
2204 return (ret);
2205 }
2206 if (!EC_KEY_up_ref((EC_KEY *)parg)) {
2207 SSLerr(SSL_F_SSL3_CTRL,
2208 ERR_R_ECDH_LIB);
2209 return (ret);
2210 }
2211 ecdh = (EC_KEY *)parg;
2212 if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
2213 if (!EC_KEY_generate_key(ecdh)) {
2214 EC_KEY_free(ecdh);
2215 SSLerr(SSL_F_SSL3_CTRL,
2216 ERR_R_ECDH_LIB);
2217 return (ret);
2218 }
2219 }
2220 EC_KEY_free(s->cert->ecdh_tmp);
2221 s->cert->ecdh_tmp = ecdh;
2222 ret = 1;
2223 }
2224 break;
2225 case SSL_CTRL_SET_TMP_ECDH_CB:
2226 {
2227 SSLerr(SSL_F_SSL3_CTRL,
2228 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2229 return (ret);
2230 }
2231 break;
2232 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
2233 if (larg == TLSEXT_NAMETYPE_host_name) {
2234 free(s->tlsext_hostname);
2235 s->tlsext_hostname = NULL;
2236
2237 ret = 1;
2238 if (parg == NULL)
2239 break;
2240 if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
2241 SSLerr(SSL_F_SSL3_CTRL,
2242 SSL_R_SSL3_EXT_INVALID_SERVERNAME);
2243 return 0;
2244 }
2245 if ((s->tlsext_hostname = strdup((char *)parg))
2246 == NULL) {
2247 SSLerr(SSL_F_SSL3_CTRL,
2248 ERR_R_INTERNAL_ERROR);
2249 return 0;
2250 }
2251 } else {
2252 SSLerr(SSL_F_SSL3_CTRL,
2253 SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
2254 return 0;
2255 }
2256 break;
2257 case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
2258 s->tlsext_debug_arg = parg;
2259 ret = 1;
2260 break;
2261
2262 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
2263 s->tlsext_status_type = larg;
2264 ret = 1;
2265 break;
2266
2267 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
2268 *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
2269 ret = 1;
2270 break;
2271
2272 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
2273 s->tlsext_ocsp_exts = parg;
2274 ret = 1;
2275 break;
2276
2277 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
2278 *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
2279 ret = 1;
2280 break;
2281
2282 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
2283 s->tlsext_ocsp_ids = parg;
2284 ret = 1;
2285 break;
2286
2287 case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
2288 *(unsigned char **)parg = s->tlsext_ocsp_resp;
2289 return s->tlsext_ocsp_resplen;
2290
2291 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
2292 free(s->tlsext_ocsp_resp);
2293 s->tlsext_ocsp_resp = parg;
2294 s->tlsext_ocsp_resplen = larg;
2295 ret = 1;
2296 break;
2297
2298 case SSL_CTRL_SET_ECDH_AUTO:
2299 s->cert->ecdh_tmp_auto = larg;
2300 ret = 1;
2301 break;
2302
2303 default:
2304 break;
2305 }
2306 return (ret);
2307}
2308
2309long
2310ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
2311{
2312 int ret = 0;
2313
2314 if (cmd == SSL_CTRL_SET_TMP_DH_CB) {
2315 if (!ssl_cert_inst(&s->cert)) {
2316 SSLerr(SSL_F_SSL3_CALLBACK_CTRL,
2317 ERR_R_MALLOC_FAILURE);
2318 return (0);
2319 }
2320 }
2321
2322 switch (cmd) {
2323 case SSL_CTRL_SET_TMP_RSA_CB:
2324 SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2325 break;
2326 case SSL_CTRL_SET_TMP_DH_CB:
2327 s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2328 break;
2329 case SSL_CTRL_SET_TMP_ECDH_CB:
2330 s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2331 break;
2332 case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
2333 s->tlsext_debug_cb = (void (*)(SSL *, int , int,
2334 unsigned char *, int, void *))fp;
2335 break;
2336 default:
2337 break;
2338 }
2339 return (ret);
2340}
2341
2342long
2343ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2344{
2345 CERT *cert;
2346
2347 cert = ctx->cert;
2348
2349 switch (cmd) {
2350 case SSL_CTRL_NEED_TMP_RSA:
2351 return (0);
2352 case SSL_CTRL_SET_TMP_RSA:
2353 case SSL_CTRL_SET_TMP_RSA_CB:
2354 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2355 return (0);
2356 case SSL_CTRL_SET_TMP_DH:
2357 {
2358 DH *new = NULL, *dh;
2359
2360 dh = (DH *)parg;
2361 if ((new = DHparams_dup(dh)) == NULL) {
2362 SSLerr(SSL_F_SSL3_CTX_CTRL,
2363 ERR_R_DH_LIB);
2364 return 0;
2365 }
2366 if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
2367 if (!DH_generate_key(new)) {
2368 SSLerr(SSL_F_SSL3_CTX_CTRL,
2369 ERR_R_DH_LIB);
2370 DH_free(new);
2371 return 0;
2372 }
2373 }
2374 DH_free(cert->dh_tmp);
2375 cert->dh_tmp = new;
2376 return 1;
2377 }
2378 /*break; */
2379
2380 case SSL_CTRL_SET_TMP_DH_CB:
2381 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2382 return (0);
2383
2384 case SSL_CTRL_SET_DH_AUTO:
2385 ctx->cert->dh_tmp_auto = larg;
2386 return (1);
2387
2388 case SSL_CTRL_SET_TMP_ECDH:
2389 {
2390 EC_KEY *ecdh = NULL;
2391
2392 if (parg == NULL) {
2393 SSLerr(SSL_F_SSL3_CTX_CTRL,
2394 ERR_R_ECDH_LIB);
2395 return 0;
2396 }
2397 ecdh = EC_KEY_dup((EC_KEY *)parg);
2398 if (ecdh == NULL) {
2399 SSLerr(SSL_F_SSL3_CTX_CTRL,
2400 ERR_R_EC_LIB);
2401 return 0;
2402 }
2403 if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
2404 if (!EC_KEY_generate_key(ecdh)) {
2405 EC_KEY_free(ecdh);
2406 SSLerr(SSL_F_SSL3_CTX_CTRL,
2407 ERR_R_ECDH_LIB);
2408 return 0;
2409 }
2410 }
2411
2412 EC_KEY_free(cert->ecdh_tmp);
2413 cert->ecdh_tmp = ecdh;
2414 return 1;
2415 }
2416 /* break; */
2417 case SSL_CTRL_SET_TMP_ECDH_CB:
2418 {
2419 SSLerr(SSL_F_SSL3_CTX_CTRL,
2420 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2421 return (0);
2422 }
2423 break;
2424 case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
2425 ctx->tlsext_servername_arg = parg;
2426 break;
2427 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
2428 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
2429 {
2430 unsigned char *keys = parg;
2431 if (!keys)
2432 return 48;
2433 if (larg != 48) {
2434 SSLerr(SSL_F_SSL3_CTX_CTRL,
2435 SSL_R_INVALID_TICKET_KEYS_LENGTH);
2436 return 0;
2437 }
2438 if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
2439 memcpy(ctx->tlsext_tick_key_name, keys, 16);
2440 memcpy(ctx->tlsext_tick_hmac_key,
2441 keys + 16, 16);
2442 memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
2443 } else {
2444 memcpy(keys, ctx->tlsext_tick_key_name, 16);
2445 memcpy(keys + 16,
2446 ctx->tlsext_tick_hmac_key, 16);
2447 memcpy(keys + 32,
2448 ctx->tlsext_tick_aes_key, 16);
2449 }
2450 return 1;
2451 }
2452
2453 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2454 ctx->tlsext_status_arg = parg;
2455 return 1;
2456 break;
2457
2458 case SSL_CTRL_SET_ECDH_AUTO:
2459 ctx->cert->ecdh_tmp_auto = larg;
2460 return 1;
2461
2462 /* A Thawte special :-) */
2463 case SSL_CTRL_EXTRA_CHAIN_CERT:
2464 if (ctx->extra_certs == NULL) {
2465 if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
2466 return (0);
2467 }
2468 sk_X509_push(ctx->extra_certs,(X509 *)parg);
2469 break;
2470
2471 case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
2472 *(STACK_OF(X509) **)parg = ctx->extra_certs;
2473 break;
2474
2475 case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
2476 if (ctx->extra_certs) {
2477 sk_X509_pop_free(ctx->extra_certs, X509_free);
2478 ctx->extra_certs = NULL;
2479 }
2480 break;
2481
2482 default:
2483 return (0);
2484 }
2485 return (1);
2486}
2487
2488long
2489ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2490{
2491 CERT *cert;
2492
2493 cert = ctx->cert;
2494
2495 switch (cmd) {
2496 case SSL_CTRL_SET_TMP_RSA_CB:
2497 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2498 return (0);
2499 case SSL_CTRL_SET_TMP_DH_CB:
2500 cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
2501 break;
2502 case SSL_CTRL_SET_TMP_ECDH_CB:
2503 cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
2504 break;
2505 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2506 ctx->tlsext_servername_callback =
2507 (int (*)(SSL *, int *, void *))fp;
2508 break;
2509
2510 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2511 ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
2512 break;
2513
2514 case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
2515 ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
2516 unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
2517 break;
2518
2519 default:
2520 return (0);
2521 }
2522 return (1);
2523}
2524
2525/*
2526 * This function needs to check if the ciphers required are actually available.
2527 */
2528const SSL_CIPHER *
2529ssl3_get_cipher_by_char(const unsigned char *p)
2530{
2531 CBS cipher;
2532 uint16_t cipher_value;
2533
2534 /* We have to assume it is at least 2 bytes due to existing API. */
2535 CBS_init(&cipher, p, 2);
2536 if (!CBS_get_u16(&cipher, &cipher_value))
2537 return NULL;
2538
2539 return ssl3_get_cipher_by_value(cipher_value);
2540}
2541
2542int
2543ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
2544{
2545 if (p != NULL) {
2546 if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID)
2547 return (0);
2548 s2n(ssl3_cipher_get_value(c), p);
2549 }
2550 return (2);
2551}
2552
2553SSL_CIPHER *
2554ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2555 STACK_OF(SSL_CIPHER) *srvr)
2556{
2557 unsigned long alg_k, alg_a, mask_k, mask_a;
2558 STACK_OF(SSL_CIPHER) *prio, *allow;
2559 SSL_CIPHER *c, *ret = NULL;
2560 int i, ii, ok;
2561 CERT *cert;
2562
2563 /* Let's see which ciphers we can support */
2564 cert = s->cert;
2565
2566 /*
2567 * Do not set the compare functions, because this may lead to a
2568 * reordering by "id". We want to keep the original ordering.
2569 * We may pay a price in performance during sk_SSL_CIPHER_find(),
2570 * but would have to pay with the price of sk_SSL_CIPHER_dup().
2571 */
2572
2573 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
2574 prio = srvr;
2575 allow = clnt;
2576 } else {
2577 prio = clnt;
2578 allow = srvr;
2579 }
2580
2581 for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
2582 c = sk_SSL_CIPHER_value(prio, i);
2583
2584 /* Skip TLS v1.2 only ciphersuites if not supported. */
2585 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
2586 !SSL_USE_TLS1_2_CIPHERS(s))
2587 continue;
2588
2589 ssl_set_cert_masks(cert, c);
2590 mask_k = cert->mask_k;
2591 mask_a = cert->mask_a;
2592
2593 alg_k = c->algorithm_mkey;
2594 alg_a = c->algorithm_auth;
2595
2596
2597 ok = (alg_k & mask_k) && (alg_a & mask_a);
2598
2599 /*
2600 * If we are considering an ECC cipher suite that uses our
2601 * certificate check it.
2602 */
2603 if (alg_a & (SSL_aECDSA|SSL_aECDH))
2604 ok = ok && tls1_check_ec_server_key(s);
2605 /*
2606 * If we are considering an ECC cipher suite that uses
2607 * an ephemeral EC key check it.
2608 */
2609 if (alg_k & SSL_kECDHE)
2610 ok = ok && tls1_check_ec_tmp_key(s);
2611
2612 if (!ok)
2613 continue;
2614 ii = sk_SSL_CIPHER_find(allow, c);
2615 if (ii >= 0) {
2616 ret = sk_SSL_CIPHER_value(allow, ii);
2617 break;
2618 }
2619 }
2620 return (ret);
2621}
2622
2623int
2624ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2625{
2626 int ret = 0;
2627 unsigned long alg_k;
2628
2629 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2630
2631#ifndef OPENSSL_NO_GOST
2632 if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) {
2633 p[ret++] = TLS_CT_GOST94_SIGN;
2634 p[ret++] = TLS_CT_GOST01_SIGN;
2635 p[ret++] = TLS_CT_GOST12_256_SIGN;
2636 p[ret++] = TLS_CT_GOST12_512_SIGN;
2637 }
2638#endif
2639
2640 if (alg_k & SSL_kDHE) {
2641 p[ret++] = SSL3_CT_RSA_FIXED_DH;
2642 p[ret++] = SSL3_CT_DSS_FIXED_DH;
2643 }
2644 if (s->version == SSL3_VERSION && (alg_k & SSL_kDHE)) {
2645 p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
2646 p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
2647 }
2648 p[ret++] = SSL3_CT_RSA_SIGN;
2649 p[ret++] = SSL3_CT_DSS_SIGN;
2650 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
2651 p[ret++] = TLS_CT_RSA_FIXED_ECDH;
2652 p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
2653 }
2654
2655 /*
2656 * ECDSA certs can be used with RSA cipher suites as well
2657 * so we don't need to check for SSL_kECDH or SSL_kECDHE
2658 */
2659 if (s->version >= TLS1_VERSION) {
2660 p[ret++] = TLS_CT_ECDSA_SIGN;
2661 }
2662 return (ret);
2663}
2664
2665int
2666ssl3_shutdown(SSL *s)
2667{
2668 int ret;
2669
2670 /*
2671 * Don't do anything much if we have not done the handshake or
2672 * we don't want to send messages :-)
2673 */
2674 if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
2675 s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
2676 return (1);
2677 }
2678
2679 if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
2680 s->shutdown|=SSL_SENT_SHUTDOWN;
2681 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
2682 /*
2683 * Our shutdown alert has been sent now, and if it still needs
2684 * to be written, s->s3->alert_dispatch will be true
2685 */
2686 if (s->s3->alert_dispatch)
2687 return(-1); /* return WANT_WRITE */
2688 } else if (s->s3->alert_dispatch) {
2689 /* resend it if not sent */
2690 ret = s->method->ssl_dispatch_alert(s);
2691 if (ret == -1) {
2692 /*
2693 * We only get to return -1 here the 2nd/Nth
2694 * invocation, we must have already signalled
2695 * return 0 upon a previous invoation,
2696 * return WANT_WRITE
2697 */
2698 return (ret);
2699 }
2700 } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2701 /* If we are waiting for a close from our peer, we are closed */
2702 s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
2703 if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
2704 return(-1); /* return WANT_READ */
2705 }
2706 }
2707
2708 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
2709 !s->s3->alert_dispatch)
2710 return (1);
2711 else
2712 return (0);
2713}
2714
2715int
2716ssl3_write(SSL *s, const void *buf, int len)
2717{
2718 int ret, n;
2719
2720#if 0
2721 if (s->shutdown & SSL_SEND_SHUTDOWN) {
2722 s->rwstate = SSL_NOTHING;
2723 return (0);
2724 }
2725#endif
2726 errno = 0;
2727 if (s->s3->renegotiate)
2728 ssl3_renegotiate_check(s);
2729
2730 /*
2731 * This is an experimental flag that sends the
2732 * last handshake message in the same packet as the first
2733 * use data - used to see if it helps the TCP protocol during
2734 * session-id reuse
2735 */
2736 /* The second test is because the buffer may have been removed */
2737 if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
2738 /* First time through, we write into the buffer */
2739 if (s->s3->delay_buf_pop_ret == 0) {
2740 ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2741 buf, len);
2742 if (ret <= 0)
2743 return (ret);
2744
2745 s->s3->delay_buf_pop_ret = ret;
2746 }
2747
2748 s->rwstate = SSL_WRITING;
2749 n = BIO_flush(s->wbio);
2750 if (n <= 0)
2751 return (n);
2752 s->rwstate = SSL_NOTHING;
2753
2754 /* We have flushed the buffer, so remove it */
2755 ssl_free_wbio_buffer(s);
2756 s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
2757
2758 ret = s->s3->delay_buf_pop_ret;
2759 s->s3->delay_buf_pop_ret = 0;
2760 } else {
2761 ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
2762 buf, len);
2763 if (ret <= 0)
2764 return (ret);
2765 }
2766
2767 return (ret);
2768}
2769
2770static int
2771ssl3_read_internal(SSL *s, void *buf, int len, int peek)
2772{
2773 int ret;
2774
2775 errno = 0;
2776 if (s->s3->renegotiate)
2777 ssl3_renegotiate_check(s);
2778 s->s3->in_read_app_data = 1;
2779 ret = s->method->ssl_read_bytes(s,
2780 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2781 if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
2782 /*
2783 * ssl3_read_bytes decided to call s->handshake_func, which
2784 * called ssl3_read_bytes to read handshake data.
2785 * However, ssl3_read_bytes actually found application data
2786 * and thinks that application data makes sense here; so disable
2787 * handshake processing and try to read application data again.
2788 */
2789 s->in_handshake++;
2790 ret = s->method->ssl_read_bytes(s,
2791 SSL3_RT_APPLICATION_DATA, buf, len, peek);
2792 s->in_handshake--;
2793 } else
2794 s->s3->in_read_app_data = 0;
2795
2796 return (ret);
2797}
2798
2799int
2800ssl3_read(SSL *s, void *buf, int len)
2801{
2802 return ssl3_read_internal(s, buf, len, 0);
2803}
2804
2805int
2806ssl3_peek(SSL *s, void *buf, int len)
2807{
2808 return ssl3_read_internal(s, buf, len, 1);
2809}
2810
2811int
2812ssl3_renegotiate(SSL *s)
2813{
2814 if (s->handshake_func == NULL)
2815 return (1);
2816
2817 if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
2818 return (0);
2819
2820 s->s3->renegotiate = 1;
2821 return (1);
2822}
2823
2824int
2825ssl3_renegotiate_check(SSL *s)
2826{
2827 int ret = 0;
2828
2829 if (s->s3->renegotiate) {
2830 if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) &&
2831 !SSL_in_init(s)) {
2832 /*
2833 * If we are the server, and we have sent
2834 * a 'RENEGOTIATE' message, we need to go
2835 * to SSL_ST_ACCEPT.
2836 */
2837 /* SSL_ST_ACCEPT */
2838 s->state = SSL_ST_RENEGOTIATE;
2839 s->s3->renegotiate = 0;
2840 s->s3->num_renegotiations++;
2841 s->s3->total_renegotiations++;
2842 ret = 1;
2843 }
2844 }
2845 return (ret);
2846}
2847/*
2848 * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF
2849 * and handshake macs if required.
2850 */
2851long
2852ssl_get_algorithm2(SSL *s)
2853{
2854 long alg2 = s->s3->tmp.new_cipher->algorithm2;
2855
2856 if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF &&
2857 alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
2858 return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
2859 return alg2;
2860}
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
deleted file mode 100644
index 33fee732d1..0000000000
--- a/src/lib/libssl/s3_pkt.c
+++ /dev/null
@@ -1,1395 +0,0 @@
1/* $OpenBSD: s3_pkt.c,v 1.56 2015/07/24 02:39:43 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <errno.h>
113#include <stdio.h>
114
115#include "ssl_locl.h"
116
117#include <openssl/buffer.h>
118#include <openssl/evp.h>
119
120#include "bytestring.h"
121
122static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
123 unsigned int len, int create_empty_fragment);
124static int ssl3_get_record(SSL *s);
125
126/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
127 * packet by another n bytes.
128 * The packet will be in the sub-array of s->s3->rbuf.buf specified
129 * by s->packet and s->packet_length.
130 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
131 * [plus s->packet_length bytes if extend == 1].)
132 */
133int
134ssl3_read_n(SSL *s, int n, int max, int extend)
135{
136 int i, len, left;
137 size_t align;
138 unsigned char *pkt;
139 SSL3_BUFFER *rb;
140
141 if (n <= 0)
142 return n;
143
144 rb = &(s->s3->rbuf);
145 if (rb->buf == NULL)
146 if (!ssl3_setup_read_buffer(s))
147 return -1;
148
149 left = rb->left;
150 align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
151 align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
152
153 if (!extend) {
154 /* start with empty packet ... */
155 if (left == 0)
156 rb->offset = align;
157 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
158 /* check if next packet length is large
159 * enough to justify payload alignment... */
160 pkt = rb->buf + rb->offset;
161 if (pkt[0] == SSL3_RT_APPLICATION_DATA &&
162 (pkt[3]<<8|pkt[4]) >= 128) {
163 /* Note that even if packet is corrupted
164 * and its length field is insane, we can
165 * only be led to wrong decision about
166 * whether memmove will occur or not.
167 * Header values has no effect on memmove
168 * arguments and therefore no buffer
169 * overrun can be triggered. */
170 memmove(rb->buf + align, pkt, left);
171 rb->offset = align;
172 }
173 }
174 s->packet = rb->buf + rb->offset;
175 s->packet_length = 0;
176 /* ... now we can act as if 'extend' was set */
177 }
178
179 /* For DTLS/UDP reads should not span multiple packets
180 * because the read operation returns the whole packet
181 * at once (as long as it fits into the buffer). */
182 if (SSL_IS_DTLS(s)) {
183 if (left > 0 && n > left)
184 n = left;
185 }
186
187 /* if there is enough in the buffer from a previous read, take some */
188 if (left >= n) {
189 s->packet_length += n;
190 rb->left = left - n;
191 rb->offset += n;
192 return (n);
193 }
194
195 /* else we need to read more data */
196
197 len = s->packet_length;
198 pkt = rb->buf + align;
199 /* Move any available bytes to front of buffer:
200 * 'len' bytes already pointed to by 'packet',
201 * 'left' extra ones at the end */
202 if (s->packet != pkt) {
203 /* len > 0 */
204 memmove(pkt, s->packet, len + left);
205 s->packet = pkt;
206 rb->offset = len + align;
207 }
208
209 if (n > (int)(rb->len - rb->offset)) {
210 /* does not happen */
211 SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
212 return -1;
213 }
214
215 if (!s->read_ahead) {
216 /* ignore max parameter */
217 max = n;
218 } else {
219 if (max < n)
220 max = n;
221 if (max > (int)(rb->len - rb->offset))
222 max = rb->len - rb->offset;
223 }
224
225 while (left < n) {
226 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
227 * and need to read in more until we have len+n (up to
228 * len+max if possible) */
229
230 errno = 0;
231 if (s->rbio != NULL) {
232 s->rwstate = SSL_READING;
233 i = BIO_read(s->rbio, pkt + len + left, max - left);
234 } else {
235 SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
236 i = -1;
237 }
238
239 if (i <= 0) {
240 rb->left = left;
241 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
242 !SSL_IS_DTLS(s)) {
243 if (len + left == 0)
244 ssl3_release_read_buffer(s);
245 }
246 return (i);
247 }
248 left += i;
249
250 /*
251 * reads should *never* span multiple packets for DTLS because
252 * the underlying transport protocol is message oriented as
253 * opposed to byte oriented as in the TLS case.
254 */
255 if (SSL_IS_DTLS(s)) {
256 if (n > left)
257 n = left; /* makes the while condition false */
258 }
259 }
260
261 /* done reading, now the book-keeping */
262 rb->offset += n;
263 rb->left = left - n;
264 s->packet_length += n;
265 s->rwstate = SSL_NOTHING;
266 return (n);
267}
268
269/* Call this to get a new input record.
270 * It will return <= 0 if more data is needed, normally due to an error
271 * or non-blocking IO.
272 * When it finishes, one packet has been decoded and can be found in
273 * ssl->s3->rrec.type - is the type of record
274 * ssl->s3->rrec.data, - data
275 * ssl->s3->rrec.length, - number of bytes
276 */
277/* used only by ssl3_read_bytes */
278static int
279ssl3_get_record(SSL *s)
280{
281 int al;
282 int enc_err, n, i, ret = -1;
283 SSL3_RECORD *rr;
284 SSL_SESSION *sess;
285 unsigned char md[EVP_MAX_MD_SIZE];
286 unsigned mac_size, orig_len;
287
288 rr = &(s->s3->rrec);
289 sess = s->session;
290
291again:
292 /* check if we have the header */
293 if ((s->rstate != SSL_ST_READ_BODY) ||
294 (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
295 CBS header;
296 uint16_t len, ssl_version;
297 uint8_t type;
298
299 n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
300 if (n <= 0)
301 return(n); /* error or non-blocking */
302 s->rstate = SSL_ST_READ_BODY;
303
304 CBS_init(&header, s->packet, n);
305
306 /* Pull apart the header into the SSL3_RECORD */
307 if (!CBS_get_u8(&header, &type) ||
308 !CBS_get_u16(&header, &ssl_version) ||
309 !CBS_get_u16(&header, &len)) {
310 SSLerr(SSL_F_SSL3_GET_RECORD,
311 SSL_R_BAD_PACKET_LENGTH);
312 goto err;
313 }
314
315 rr->type = type;
316 rr->length = len;
317
318 /* Lets check version */
319 if (!s->first_packet && ssl_version != s->version) {
320 SSLerr(SSL_F_SSL3_GET_RECORD,
321 SSL_R_WRONG_VERSION_NUMBER);
322 if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
323 !s->enc_write_ctx && !s->write_hash)
324 /* Send back error using their minor version number :-) */
325 s->version = ssl_version;
326 al = SSL_AD_PROTOCOL_VERSION;
327 goto f_err;
328 }
329
330 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
331 SSLerr(SSL_F_SSL3_GET_RECORD,
332 SSL_R_WRONG_VERSION_NUMBER);
333 goto err;
334 }
335
336 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) {
337 al = SSL_AD_RECORD_OVERFLOW;
338 SSLerr(SSL_F_SSL3_GET_RECORD,
339 SSL_R_PACKET_LENGTH_TOO_LONG);
340 goto f_err;
341 }
342
343 /* now s->rstate == SSL_ST_READ_BODY */
344 }
345
346 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
347
348 if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
349 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
350 i = rr->length;
351 n = ssl3_read_n(s, i, i, 1);
352 if (n <= 0)
353 return(n); /* error or non-blocking io */
354 /* now n == rr->length,
355 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
356 }
357
358 s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
359
360 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
361 * and we have that many bytes in s->packet
362 */
363 rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);
364
365 /* ok, we can now read from 's->packet' data into 'rr'
366 * rr->input points at rr->length bytes, which
367 * need to be copied into rr->data by either
368 * the decryption or by the decompression
369 * When the data is 'copied' into the rr->data buffer,
370 * rr->input will be pointed at the new buffer */
371
372 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
373 * rr->length bytes of encrypted compressed stuff. */
374
375 /* check is not needed I believe */
376 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
377 al = SSL_AD_RECORD_OVERFLOW;
378 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
379 goto f_err;
380 }
381
382 /* decrypt in place in 'rr->input' */
383 rr->data = rr->input;
384
385 enc_err = s->method->ssl3_enc->enc(s, 0);
386 /* enc_err is:
387 * 0: (in non-constant time) if the record is publically invalid.
388 * 1: if the padding is valid
389 * -1: if the padding is invalid */
390 if (enc_err == 0) {
391 al = SSL_AD_DECRYPTION_FAILED;
392 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
393 goto f_err;
394 }
395
396
397 /* r->length is now the compressed data plus mac */
398 if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
399 (EVP_MD_CTX_md(s->read_hash) != NULL)) {
400 /* s->read_hash != NULL => mac_size != -1 */
401 unsigned char *mac = NULL;
402 unsigned char mac_tmp[EVP_MAX_MD_SIZE];
403
404 mac_size = EVP_MD_CTX_size(s->read_hash);
405 OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
406
407 /* kludge: *_cbc_remove_padding passes padding length in rr->type */
408 orig_len = rr->length + ((unsigned int)rr->type >> 8);
409
410 /* orig_len is the length of the record before any padding was
411 * removed. This is public information, as is the MAC in use,
412 * therefore we can safely process the record in a different
413 * amount of time if it's too short to possibly contain a MAC.
414 */
415 if (orig_len < mac_size ||
416 /* CBC records must have a padding length byte too. */
417 (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
418 orig_len < mac_size + 1)) {
419 al = SSL_AD_DECODE_ERROR;
420 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
421 goto f_err;
422 }
423
424 if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
425 /* We update the length so that the TLS header bytes
426 * can be constructed correctly but we need to extract
427 * the MAC in constant time from within the record,
428 * without leaking the contents of the padding bytes.
429 * */
430 mac = mac_tmp;
431 ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
432 rr->length -= mac_size;
433 } else {
434 /* In this case there's no padding, so |orig_len|
435 * equals |rec->length| and we checked that there's
436 * enough bytes for |mac_size| above. */
437 rr->length -= mac_size;
438 mac = &rr->data[rr->length];
439 }
440
441 i = s->method->ssl3_enc->mac(s,md,0 /* not send */);
442 if (i < 0 || mac == NULL ||
443 timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
444 enc_err = -1;
445 if (rr->length >
446 SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
447 enc_err = -1;
448 }
449
450 if (enc_err < 0) {
451 /*
452 * A separate 'decryption_failed' alert was introduced with
453 * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a
454 * decryption failure is directly visible from the ciphertext
455 * anyway, we should not reveal which kind of error
456 * occurred -- this might become visible to an attacker
457 * (e.g. via a logfile)
458 */
459 al = SSL_AD_BAD_RECORD_MAC;
460 SSLerr(SSL_F_SSL3_GET_RECORD,
461 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
462 goto f_err;
463 }
464
465 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
466 al = SSL_AD_RECORD_OVERFLOW;
467 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
468 goto f_err;
469 }
470
471 rr->off = 0;
472 /*
473 * So at this point the following is true
474 *
475 * ssl->s3->rrec.type is the type of record
476 * ssl->s3->rrec.length == number of bytes in record
477 * ssl->s3->rrec.off == offset to first valid byte
478 * ssl->s3->rrec.data == where to take bytes from, increment
479 * after use :-).
480 */
481
482 /* we have pulled in a full packet so zero things */
483 s->packet_length = 0;
484
485 /* just read a 0 length packet */
486 if (rr->length == 0)
487 goto again;
488
489 return (1);
490
491f_err:
492 ssl3_send_alert(s, SSL3_AL_FATAL, al);
493err:
494 return (ret);
495}
496
497/* Call this to write data in records of type 'type'
498 * It will return <= 0 if not all data has been sent or non-blocking IO.
499 */
500int
501ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
502{
503 const unsigned char *buf = buf_;
504 unsigned int tot, n, nw;
505 int i;
506
507 if (len < 0) {
508 SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR);
509 return -1;
510 }
511
512 s->rwstate = SSL_NOTHING;
513 tot = s->s3->wnum;
514 s->s3->wnum = 0;
515
516 if (SSL_in_init(s) && !s->in_handshake) {
517 i = s->handshake_func(s);
518 if (i < 0)
519 return (i);
520 if (i == 0) {
521 SSLerr(SSL_F_SSL3_WRITE_BYTES,
522 SSL_R_SSL_HANDSHAKE_FAILURE);
523 return -1;
524 }
525 }
526
527 if (len < tot)
528 len = tot;
529 n = (len - tot);
530 for (;;) {
531 if (n > s->max_send_fragment)
532 nw = s->max_send_fragment;
533 else
534 nw = n;
535
536 i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
537 if (i <= 0) {
538 s->s3->wnum = tot;
539 return i;
540 }
541
542 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
543 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
544 /*
545 * Next chunk of data should get another prepended
546 * empty fragment in ciphersuites with known-IV
547 * weakness.
548 */
549 s->s3->empty_fragment_done = 0;
550
551 return tot + i;
552 }
553
554 n -= i;
555 tot += i;
556 }
557}
558
559static int
560do_ssl3_write(SSL *s, int type, const unsigned char *buf,
561 unsigned int len, int create_empty_fragment)
562{
563 unsigned char *p, *plen;
564 int i, mac_size, clear = 0;
565 int prefix_len = 0;
566 int eivlen;
567 size_t align;
568 SSL3_RECORD *wr;
569 SSL3_BUFFER *wb = &(s->s3->wbuf);
570 SSL_SESSION *sess;
571
572 if (wb->buf == NULL)
573 if (!ssl3_setup_write_buffer(s))
574 return -1;
575
576 /* first check if there is a SSL3_BUFFER still being written
577 * out. This will happen with non blocking IO */
578 if (wb->left != 0)
579 return (ssl3_write_pending(s, type, buf, len));
580
581 /* If we have an alert to send, lets send it */
582 if (s->s3->alert_dispatch) {
583 i = s->method->ssl_dispatch_alert(s);
584 if (i <= 0)
585 return (i);
586 /* if it went, fall through and send more stuff */
587 /* we may have released our buffer, so get it again */
588 if (wb->buf == NULL)
589 if (!ssl3_setup_write_buffer(s))
590 return -1;
591 }
592
593 if (len == 0 && !create_empty_fragment)
594 return 0;
595
596 wr = &(s->s3->wrec);
597 sess = s->session;
598
599 if ((sess == NULL) || (s->enc_write_ctx == NULL) ||
600 (EVP_MD_CTX_md(s->write_hash) == NULL)) {
601 clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
602 mac_size = 0;
603 } else {
604 mac_size = EVP_MD_CTX_size(s->write_hash);
605 if (mac_size < 0)
606 goto err;
607 }
608
609 /*
610 * 'create_empty_fragment' is true only when this function calls
611 * itself.
612 */
613 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
614 /*
615 * Countermeasure against known-IV weakness in CBC ciphersuites
616 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
617 */
618 if (s->s3->need_empty_fragments &&
619 type == SSL3_RT_APPLICATION_DATA) {
620 /* recursive function call with 'create_empty_fragment' set;
621 * this prepares and buffers the data for an empty fragment
622 * (these 'prefix_len' bytes are sent out later
623 * together with the actual payload) */
624 prefix_len = do_ssl3_write(s, type, buf, 0, 1);
625 if (prefix_len <= 0)
626 goto err;
627
628 if (prefix_len >
629 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
630 /* insufficient space */
631 SSLerr(SSL_F_DO_SSL3_WRITE,
632 ERR_R_INTERNAL_ERROR);
633 goto err;
634 }
635 }
636
637 s->s3->empty_fragment_done = 1;
638 }
639
640 if (create_empty_fragment) {
641 /* extra fragment would be couple of cipher blocks,
642 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
643 * if we want to align the real payload, then we can
644 * just pretent we simply have two headers. */
645 align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
646 align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
647
648 p = wb->buf + align;
649 wb->offset = align;
650 } else if (prefix_len) {
651 p = wb->buf + wb->offset + prefix_len;
652 } else {
653 align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
654 align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
655
656 p = wb->buf + align;
657 wb->offset = align;
658 }
659
660 /* write the header */
661
662 *(p++) = type&0xff;
663 wr->type = type;
664
665 *(p++) = (s->version >> 8);
666 /* Some servers hang if iniatial client hello is larger than 256
667 * bytes and record version number > TLS 1.0
668 */
669 if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate &&
670 TLS1_get_version(s) > TLS1_VERSION)
671 *(p++) = 0x1;
672 else
673 *(p++) = s->version&0xff;
674
675 /* field where we are to write out packet length */
676 plen = p;
677 p += 2;
678
679 /* Explicit IV length. */
680 if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
681 int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
682 if (mode == EVP_CIPH_CBC_MODE) {
683 eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
684 if (eivlen <= 1)
685 eivlen = 0;
686 }
687 /* Need explicit part of IV for GCM mode */
688 else if (mode == EVP_CIPH_GCM_MODE)
689 eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
690 else
691 eivlen = 0;
692 } else if (s->aead_write_ctx != NULL &&
693 s->aead_write_ctx->variable_nonce_in_record) {
694 eivlen = s->aead_write_ctx->variable_nonce_len;
695 } else
696 eivlen = 0;
697
698 /* lets setup the record stuff. */
699 wr->data = p + eivlen;
700 wr->length = (int)len;
701 wr->input = (unsigned char *)buf;
702
703 /* we now 'read' from wr->input, wr->length bytes into wr->data */
704
705 memcpy(wr->data, wr->input, wr->length);
706 wr->input = wr->data;
707
708 /* we should still have the output to wr->data and the input
709 * from wr->input. Length should be wr->length.
710 * wr->data still points in the wb->buf */
711
712 if (mac_size != 0) {
713 if (s->method->ssl3_enc->mac(s,
714 &(p[wr->length + eivlen]), 1) < 0)
715 goto err;
716 wr->length += mac_size;
717 }
718
719 wr->input = p;
720 wr->data = p;
721
722 if (eivlen) {
723 /* if (RAND_pseudo_bytes(p, eivlen) <= 0)
724 goto err;
725 */
726 wr->length += eivlen;
727 }
728
729 /* ssl3_enc can only have an error on read */
730 s->method->ssl3_enc->enc(s, 1);
731
732 /* record length after mac and block padding */
733 s2n(wr->length, plen);
734
735 /* we should now have
736 * wr->data pointing to the encrypted data, which is
737 * wr->length long */
738 wr->type=type; /* not needed but helps for debugging */
739 wr->length += SSL3_RT_HEADER_LENGTH;
740
741 if (create_empty_fragment) {
742 /* we are in a recursive call;
743 * just return the length, don't write out anything here
744 */
745 return wr->length;
746 }
747
748 /* now let's set up wb */
749 wb->left = prefix_len + wr->length;
750
751 /* memorize arguments so that ssl3_write_pending can detect
752 * bad write retries later */
753 s->s3->wpend_tot = len;
754 s->s3->wpend_buf = buf;
755 s->s3->wpend_type = type;
756 s->s3->wpend_ret = len;
757
758 /* we now just need to write the buffer */
759 return ssl3_write_pending(s, type, buf, len);
760err:
761 return -1;
762}
763
764/* if s->s3->wbuf.left != 0, we need to call this */
765int
766ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
767{
768 int i;
769 SSL3_BUFFER *wb = &(s->s3->wbuf);
770
771 /* XXXX */
772 if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
773 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
774 (s->s3->wpend_type != type)) {
775 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
776 return (-1);
777 }
778
779 for (;;) {
780 errno = 0;
781 if (s->wbio != NULL) {
782 s->rwstate = SSL_WRITING;
783 i = BIO_write(s->wbio,
784 (char *)&(wb->buf[wb->offset]),
785 (unsigned int)wb->left);
786 } else {
787 SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
788 i = -1;
789 }
790 if (i == wb->left) {
791 wb->left = 0;
792 wb->offset += i;
793 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
794 !SSL_IS_DTLS(s))
795 ssl3_release_write_buffer(s);
796 s->rwstate = SSL_NOTHING;
797 return (s->s3->wpend_ret);
798 } else if (i <= 0) {
799 /*
800 * For DTLS, just drop it. That's kind of the
801 * whole point in using a datagram service.
802 */
803 if (SSL_IS_DTLS(s))
804 wb->left = 0;
805 return (i);
806 }
807 wb->offset += i;
808 wb->left -= i;
809 }
810}
811
812/* Return up to 'len' payload bytes received in 'type' records.
813 * 'type' is one of the following:
814 *
815 * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
816 * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
817 * - 0 (during a shutdown, no data has to be returned)
818 *
819 * If we don't have stored data to work from, read a SSL/TLS record first
820 * (possibly multiple records if we still don't have anything to return).
821 *
822 * This function must handle any surprises the peer may have for us, such as
823 * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
824 * a surprise, but handled as if it were), or renegotiation requests.
825 * Also if record payloads contain fragments too small to process, we store
826 * them until there is enough for the respective protocol (the record protocol
827 * may use arbitrary fragmentation and even interleaving):
828 * Change cipher spec protocol
829 * just 1 byte needed, no need for keeping anything stored
830 * Alert protocol
831 * 2 bytes needed (AlertLevel, AlertDescription)
832 * Handshake protocol
833 * 4 bytes needed (HandshakeType, uint24 length) -- we just have
834 * to detect unexpected Client Hello and Hello Request messages
835 * here, anything else is handled by higher layers
836 * Application data protocol
837 * none of our business
838 */
839int
840ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
841{
842 int al, i, j, ret;
843 unsigned int n;
844 SSL3_RECORD *rr;
845 void (*cb)(const SSL *ssl, int type2, int val) = NULL;
846
847 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
848 if (!ssl3_setup_read_buffer(s))
849 return (-1);
850
851 if (len < 0) {
852 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
853 return -1;
854 }
855
856 if ((type && type != SSL3_RT_APPLICATION_DATA &&
857 type != SSL3_RT_HANDSHAKE) ||
858 (peek && (type != SSL3_RT_APPLICATION_DATA))) {
859 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
860 return -1;
861 }
862
863 if ((type == SSL3_RT_HANDSHAKE) &&
864 (s->s3->handshake_fragment_len > 0)) {
865 /* (partially) satisfy request from storage */
866 unsigned char *src = s->s3->handshake_fragment;
867 unsigned char *dst = buf;
868 unsigned int k;
869
870 /* peek == 0 */
871 n = 0;
872 while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
873 *dst++ = *src++;
874 len--;
875 s->s3->handshake_fragment_len--;
876 n++;
877 }
878 /* move any remaining fragment bytes: */
879 for (k = 0; k < s->s3->handshake_fragment_len; k++)
880 s->s3->handshake_fragment[k] = *src++;
881 return n;
882 }
883
884 /*
885 * Now s->s3->handshake_fragment_len == 0 if
886 * type == SSL3_RT_HANDSHAKE.
887 */
888 if (!s->in_handshake && SSL_in_init(s)) {
889 /* type == SSL3_RT_APPLICATION_DATA */
890 i = s->handshake_func(s);
891 if (i < 0)
892 return (i);
893 if (i == 0) {
894 SSLerr(SSL_F_SSL3_READ_BYTES,
895 SSL_R_SSL_HANDSHAKE_FAILURE);
896 return (-1);
897 }
898 }
899start:
900 s->rwstate = SSL_NOTHING;
901
902 /*
903 * s->s3->rrec.type - is the type of record
904 * s->s3->rrec.data, - data
905 * s->s3->rrec.off, - offset into 'data' for next read
906 * s->s3->rrec.length, - number of bytes.
907 */
908 rr = &(s->s3->rrec);
909
910 /* get new packet if necessary */
911 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
912 ret = ssl3_get_record(s);
913 if (ret <= 0)
914 return (ret);
915 }
916
917 /* we now have a packet which can be read and processed */
918
919 if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
920 * reset by ssl3_get_finished */
921 && (rr->type != SSL3_RT_HANDSHAKE)) {
922 al = SSL_AD_UNEXPECTED_MESSAGE;
923 SSLerr(SSL_F_SSL3_READ_BYTES,
924 SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
925 goto f_err;
926 }
927
928 /* If the other end has shut down, throw anything we read away
929 * (even in 'peek' mode) */
930 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
931 rr->length = 0;
932 s->rwstate = SSL_NOTHING;
933 return (0);
934 }
935
936
937 /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
938 if (type == rr->type) {
939 /* make sure that we are not getting application data when we
940 * are doing a handshake for the first time */
941 if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
942 (s->enc_read_ctx == NULL)) {
943 al = SSL_AD_UNEXPECTED_MESSAGE;
944 SSLerr(SSL_F_SSL3_READ_BYTES,
945 SSL_R_APP_DATA_IN_HANDSHAKE);
946 goto f_err;
947 }
948
949 if (len <= 0)
950 return (len);
951
952 if ((unsigned int)len > rr->length)
953 n = rr->length;
954 else
955 n = (unsigned int)len;
956
957 memcpy(buf, &(rr->data[rr->off]), n);
958 if (!peek) {
959 rr->length -= n;
960 rr->off += n;
961 if (rr->length == 0) {
962 s->rstate = SSL_ST_READ_HEADER;
963 rr->off = 0;
964 if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
965 s->s3->rbuf.left == 0)
966 ssl3_release_read_buffer(s);
967 }
968 }
969 return (n);
970 }
971
972
973 /* If we get here, then type != rr->type; if we have a handshake
974 * message, then it was unexpected (Hello Request or Client Hello). */
975
976 {
977 /*
978 * In case of record types for which we have 'fragment'
979 * storage, * fill that so that we can process the data
980 * at a fixed place.
981 */
982 unsigned int dest_maxlen = 0;
983 unsigned char *dest = NULL;
984 unsigned int *dest_len = NULL;
985
986 if (rr->type == SSL3_RT_HANDSHAKE) {
987 dest_maxlen = sizeof s->s3->handshake_fragment;
988 dest = s->s3->handshake_fragment;
989 dest_len = &s->s3->handshake_fragment_len;
990 } else if (rr->type == SSL3_RT_ALERT) {
991 dest_maxlen = sizeof s->s3->alert_fragment;
992 dest = s->s3->alert_fragment;
993 dest_len = &s->s3->alert_fragment_len;
994 }
995 if (dest_maxlen > 0) {
996 /* available space in 'dest' */
997 n = dest_maxlen - *dest_len;
998 if (rr->length < n)
999 n = rr->length; /* available bytes */
1000
1001 /* now move 'n' bytes: */
1002 while (n-- > 0) {
1003 dest[(*dest_len)++] = rr->data[rr->off++];
1004 rr->length--;
1005 }
1006
1007 if (*dest_len < dest_maxlen)
1008 goto start; /* fragment was too small */
1009 }
1010 }
1011
1012 /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
1013 * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
1014 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
1015
1016 /* If we are a client, check for an incoming 'Hello Request': */
1017 if ((!s->server) && (s->s3->handshake_fragment_len >= 4) &&
1018 (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
1019 (s->session != NULL) && (s->session->cipher != NULL)) {
1020 s->s3->handshake_fragment_len = 0;
1021
1022 if ((s->s3->handshake_fragment[1] != 0) ||
1023 (s->s3->handshake_fragment[2] != 0) ||
1024 (s->s3->handshake_fragment[3] != 0)) {
1025 al = SSL_AD_DECODE_ERROR;
1026 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
1027 goto f_err;
1028 }
1029
1030 if (s->msg_callback)
1031 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
1032 s->s3->handshake_fragment, 4, s,
1033 s->msg_callback_arg);
1034
1035 if (SSL_is_init_finished(s) &&
1036 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
1037 !s->s3->renegotiate) {
1038 ssl3_renegotiate(s);
1039 if (ssl3_renegotiate_check(s)) {
1040 i = s->handshake_func(s);
1041 if (i < 0)
1042 return (i);
1043 if (i == 0) {
1044 SSLerr(SSL_F_SSL3_READ_BYTES,
1045 SSL_R_SSL_HANDSHAKE_FAILURE);
1046 return (-1);
1047 }
1048
1049 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1050 if (s->s3->rbuf.left == 0) {
1051 /* no read-ahead left? */
1052 BIO *bio;
1053 /* In the case where we try to read application data,
1054 * but we trigger an SSL handshake, we return -1 with
1055 * the retry option set. Otherwise renegotiation may
1056 * cause nasty problems in the blocking world */
1057 s->rwstate = SSL_READING;
1058 bio = SSL_get_rbio(s);
1059 BIO_clear_retry_flags(bio);
1060 BIO_set_retry_read(bio);
1061 return (-1);
1062 }
1063 }
1064 }
1065 }
1066 /* we either finished a handshake or ignored the request,
1067 * now try again to obtain the (application) data we were asked for */
1068 goto start;
1069 }
1070 /* If we are a server and get a client hello when renegotiation isn't
1071 * allowed send back a no renegotiation alert and carry on.
1072 * WARNING: experimental code, needs reviewing (steve)
1073 */
1074 if (s->server &&
1075 SSL_is_init_finished(s) &&
1076 !s->s3->send_connection_binding &&
1077 (s->version > SSL3_VERSION) &&
1078 (s->s3->handshake_fragment_len >= 4) &&
1079 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1080 (s->session != NULL) && (s->session->cipher != NULL)) {
1081 /*s->s3->handshake_fragment_len = 0;*/
1082 rr->length = 0;
1083 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1084 goto start;
1085 }
1086 if (s->s3->alert_fragment_len >= 2) {
1087 int alert_level = s->s3->alert_fragment[0];
1088 int alert_descr = s->s3->alert_fragment[1];
1089
1090 s->s3->alert_fragment_len = 0;
1091
1092 if (s->msg_callback)
1093 s->msg_callback(0, s->version, SSL3_RT_ALERT,
1094 s->s3->alert_fragment, 2, s, s->msg_callback_arg);
1095
1096 if (s->info_callback != NULL)
1097 cb = s->info_callback;
1098 else if (s->ctx->info_callback != NULL)
1099 cb = s->ctx->info_callback;
1100
1101 if (cb != NULL) {
1102 j = (alert_level << 8) | alert_descr;
1103 cb(s, SSL_CB_READ_ALERT, j);
1104 }
1105
1106 if (alert_level == 1) {
1107 /* warning */
1108 s->s3->warn_alert = alert_descr;
1109 if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
1110 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1111 return (0);
1112 }
1113 /* This is a warning but we receive it if we requested
1114 * renegotiation and the peer denied it. Terminate with
1115 * a fatal alert because if application tried to
1116 * renegotiatie it presumably had a good reason and
1117 * expects it to succeed.
1118 *
1119 * In future we might have a renegotiation where we
1120 * don't care if the peer refused it where we carry on.
1121 */
1122 else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
1123 al = SSL_AD_HANDSHAKE_FAILURE;
1124 SSLerr(SSL_F_SSL3_READ_BYTES,
1125 SSL_R_NO_RENEGOTIATION);
1126 goto f_err;
1127 }
1128 } else if (alert_level == 2) {
1129 /* fatal */
1130 s->rwstate = SSL_NOTHING;
1131 s->s3->fatal_alert = alert_descr;
1132 SSLerr(SSL_F_SSL3_READ_BYTES,
1133 SSL_AD_REASON_OFFSET + alert_descr);
1134 ERR_asprintf_error_data("SSL alert number %d",
1135 alert_descr);
1136 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1137 SSL_CTX_remove_session(s->ctx, s->session);
1138 return (0);
1139 } else {
1140 al = SSL_AD_ILLEGAL_PARAMETER;
1141 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
1142 goto f_err;
1143 }
1144
1145 goto start;
1146 }
1147
1148 if (s->shutdown & SSL_SENT_SHUTDOWN) {
1149 /* but we have not received a shutdown */
1150 s->rwstate = SSL_NOTHING;
1151 rr->length = 0;
1152 return (0);
1153 }
1154
1155 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
1156 /* 'Change Cipher Spec' is just a single byte, so we know
1157 * exactly what the record payload has to look like */
1158 if ((rr->length != 1) || (rr->off != 0) ||
1159 (rr->data[0] != SSL3_MT_CCS)) {
1160 al = SSL_AD_ILLEGAL_PARAMETER;
1161 SSLerr(SSL_F_SSL3_READ_BYTES,
1162 SSL_R_BAD_CHANGE_CIPHER_SPEC);
1163 goto f_err;
1164 }
1165
1166 /* Check we have a cipher to change to */
1167 if (s->s3->tmp.new_cipher == NULL) {
1168 al = SSL_AD_UNEXPECTED_MESSAGE;
1169 SSLerr(SSL_F_SSL3_READ_BYTES,
1170 SSL_R_CCS_RECEIVED_EARLY);
1171 goto f_err;
1172 }
1173
1174 /* Check that we should be receiving a Change Cipher Spec. */
1175 if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
1176 al = SSL_AD_UNEXPECTED_MESSAGE;
1177 SSLerr(SSL_F_SSL3_READ_BYTES,
1178 SSL_R_CCS_RECEIVED_EARLY);
1179 goto f_err;
1180 }
1181 s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
1182
1183 rr->length = 0;
1184
1185 if (s->msg_callback) {
1186 s->msg_callback(0, s->version,
1187 SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s,
1188 s->msg_callback_arg);
1189 }
1190
1191 s->s3->change_cipher_spec = 1;
1192 if (!ssl3_do_change_cipher_spec(s))
1193 goto err;
1194 else
1195 goto start;
1196 }
1197
1198 /* Unexpected handshake message (Client Hello, or protocol violation) */
1199 if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
1200 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1201 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
1202 s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
1203 s->renegotiate = 1;
1204 s->new_session = 1;
1205 }
1206 i = s->handshake_func(s);
1207 if (i < 0)
1208 return (i);
1209 if (i == 0) {
1210 SSLerr(SSL_F_SSL3_READ_BYTES,
1211 SSL_R_SSL_HANDSHAKE_FAILURE);
1212 return (-1);
1213 }
1214
1215 if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
1216 if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
1217 BIO *bio;
1218 /* In the case where we try to read application data,
1219 * but we trigger an SSL handshake, we return -1 with
1220 * the retry option set. Otherwise renegotiation may
1221 * cause nasty problems in the blocking world */
1222 s->rwstate = SSL_READING;
1223 bio = SSL_get_rbio(s);
1224 BIO_clear_retry_flags(bio);
1225 BIO_set_retry_read(bio);
1226 return (-1);
1227 }
1228 }
1229 goto start;
1230 }
1231
1232 switch (rr->type) {
1233 default:
1234 /*
1235 * TLS up to v1.1 just ignores unknown message types:
1236 * TLS v1.2 give an unexpected message alert.
1237 */
1238 if (s->version >= TLS1_VERSION &&
1239 s->version <= TLS1_1_VERSION) {
1240 rr->length = 0;
1241 goto start;
1242 }
1243 al = SSL_AD_UNEXPECTED_MESSAGE;
1244 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1245 goto f_err;
1246 case SSL3_RT_CHANGE_CIPHER_SPEC:
1247 case SSL3_RT_ALERT:
1248 case SSL3_RT_HANDSHAKE:
1249 /* we already handled all of these, with the possible exception
1250 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
1251 * should not happen when type != rr->type */
1252 al = SSL_AD_UNEXPECTED_MESSAGE;
1253 SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
1254 goto f_err;
1255 case SSL3_RT_APPLICATION_DATA:
1256 /* At this point, we were expecting handshake data,
1257 * but have application data. If the library was
1258 * running inside ssl3_read() (i.e. in_read_app_data
1259 * is set) and it makes sense to read application data
1260 * at this point (session renegotiation not yet started),
1261 * we will indulge it.
1262 */
1263 if (s->s3->in_read_app_data &&
1264 (s->s3->total_renegotiations != 0) &&
1265 (((s->state & SSL_ST_CONNECT) &&
1266 (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
1267 (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) ||
1268 ((s->state & SSL_ST_ACCEPT) &&
1269 (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
1270 (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
1271 s->s3->in_read_app_data = 2;
1272 return (-1);
1273 } else {
1274 al = SSL_AD_UNEXPECTED_MESSAGE;
1275 SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
1276 goto f_err;
1277 }
1278 }
1279 /* not reached */
1280
1281f_err:
1282 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1283err:
1284 return (-1);
1285}
1286
1287int
1288ssl3_do_change_cipher_spec(SSL *s)
1289{
1290 int i;
1291 const char *sender;
1292 int slen;
1293
1294 if (s->state & SSL_ST_ACCEPT)
1295 i = SSL3_CHANGE_CIPHER_SERVER_READ;
1296 else
1297 i = SSL3_CHANGE_CIPHER_CLIENT_READ;
1298
1299 if (s->s3->tmp.key_block == NULL) {
1300 if (s->session == NULL || s->session->master_key_length == 0) {
1301 /* might happen if dtls1_read_bytes() calls this */
1302 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
1303 SSL_R_CCS_RECEIVED_EARLY);
1304 return (0);
1305 }
1306
1307 s->session->cipher = s->s3->tmp.new_cipher;
1308 if (!s->method->ssl3_enc->setup_key_block(s))
1309 return (0);
1310 }
1311
1312 if (!s->method->ssl3_enc->change_cipher_state(s, i))
1313 return (0);
1314
1315 /* we have to record the message digest at
1316 * this point so we can get it before we read
1317 * the finished message */
1318 if (s->state & SSL_ST_CONNECT) {
1319 sender = s->method->ssl3_enc->server_finished_label;
1320 slen = s->method->ssl3_enc->server_finished_label_len;
1321 } else {
1322 sender = s->method->ssl3_enc->client_finished_label;
1323 slen = s->method->ssl3_enc->client_finished_label_len;
1324 }
1325
1326 i = s->method->ssl3_enc->final_finish_mac(s, sender, slen,
1327 s->s3->tmp.peer_finish_md);
1328 if (i == 0) {
1329 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
1330 return 0;
1331 }
1332 s->s3->tmp.peer_finish_md_len = i;
1333
1334 return (1);
1335}
1336
1337int
1338ssl3_send_alert(SSL *s, int level, int desc)
1339{
1340 /* Map tls/ssl alert value to correct one */
1341 desc = s->method->ssl3_enc->alert_value(desc);
1342 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) {
1343 /* SSL 3.0 does not have protocol_version alerts */
1344 desc = SSL_AD_HANDSHAKE_FAILURE;
1345 }
1346 if (desc < 0)
1347 return -1;
1348 /* If a fatal one, remove from cache */
1349 if ((level == 2) && (s->session != NULL))
1350 SSL_CTX_remove_session(s->ctx, s->session);
1351
1352 s->s3->alert_dispatch = 1;
1353 s->s3->send_alert[0] = level;
1354 s->s3->send_alert[1] = desc;
1355 if (s->s3->wbuf.left == 0) /* data still being written out? */
1356 return s->method->ssl_dispatch_alert(s);
1357
1358 /* else data is still being written out, we will get written
1359 * some time in the future */
1360 return -1;
1361}
1362
1363int
1364ssl3_dispatch_alert(SSL *s)
1365{
1366 int i, j;
1367 void (*cb)(const SSL *ssl, int type, int val) = NULL;
1368
1369 s->s3->alert_dispatch = 0;
1370 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
1371 if (i <= 0) {
1372 s->s3->alert_dispatch = 1;
1373 } else {
1374 /* Alert sent to BIO. If it is important, flush it now.
1375 * If the message does not get sent due to non-blocking IO,
1376 * we will not worry too much. */
1377 if (s->s3->send_alert[0] == SSL3_AL_FATAL)
1378 (void)BIO_flush(s->wbio);
1379
1380 if (s->msg_callback)
1381 s->msg_callback(1, s->version, SSL3_RT_ALERT,
1382 s->s3->send_alert, 2, s, s->msg_callback_arg);
1383
1384 if (s->info_callback != NULL)
1385 cb = s->info_callback;
1386 else if (s->ctx->info_callback != NULL)
1387 cb = s->ctx->info_callback;
1388
1389 if (cb != NULL) {
1390 j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
1391 cb(s, SSL_CB_WRITE_ALERT, j);
1392 }
1393 }
1394 return (i);
1395}
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
deleted file mode 100644
index 7d2ec4d132..0000000000
--- a/src/lib/libssl/s3_srvr.c
+++ /dev/null
@@ -1,2778 +0,0 @@
1/* $OpenBSD: s3_srvr.c,v 1.112 2015/07/29 19:16:09 miod Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#include <stdio.h>
152
153#include "ssl_locl.h"
154
155#include <openssl/bn.h>
156#include <openssl/buffer.h>
157#include <openssl/evp.h>
158#include <openssl/dh.h>
159#ifndef OPENSSL_NO_GOST
160#include <openssl/gost.h>
161#endif
162#include <openssl/hmac.h>
163#include <openssl/md5.h>
164#include <openssl/objects.h>
165#include <openssl/x509.h>
166
167#include "bytestring.h"
168
169#ifdef __OpenBSD__
170#include <sys/cdefs.h>
171__warn_references(SSLv3_server_method,
172 "SSLv3_server_method() enables the use of insecure protocols");
173#endif
174
175static const SSL_METHOD *ssl3_get_server_method(int ver);
176
177const SSL_METHOD SSLv3_server_method_data = {
178 .version = SSL3_VERSION,
179 .ssl_new = ssl3_new,
180 .ssl_clear = ssl3_clear,
181 .ssl_free = ssl3_free,
182 .ssl_accept = ssl3_accept,
183 .ssl_connect = ssl_undefined_function,
184 .ssl_read = ssl3_read,
185 .ssl_peek = ssl3_peek,
186 .ssl_write = ssl3_write,
187 .ssl_shutdown = ssl3_shutdown,
188 .ssl_renegotiate = ssl3_renegotiate,
189 .ssl_renegotiate_check = ssl3_renegotiate_check,
190 .ssl_get_message = ssl3_get_message,
191 .ssl_read_bytes = ssl3_read_bytes,
192 .ssl_write_bytes = ssl3_write_bytes,
193 .ssl_dispatch_alert = ssl3_dispatch_alert,
194 .ssl_ctrl = ssl3_ctrl,
195 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
196 .get_cipher_by_char = ssl3_get_cipher_by_char,
197 .put_cipher_by_char = ssl3_put_cipher_by_char,
198 .ssl_pending = ssl3_pending,
199 .num_ciphers = ssl3_num_ciphers,
200 .get_cipher = ssl3_get_cipher,
201 .get_ssl_method = ssl3_get_server_method,
202 .get_timeout = ssl3_default_timeout,
203 .ssl3_enc = &SSLv3_enc_data,
204 .ssl_version = ssl_undefined_void_function,
205 .ssl_callback_ctrl = ssl3_callback_ctrl,
206 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
207};
208
209const SSL_METHOD *
210SSLv3_server_method(void)
211{
212 return &SSLv3_server_method_data;
213}
214
215static const SSL_METHOD *
216ssl3_get_server_method(int ver)
217{
218 if (ver == SSL3_VERSION)
219 return (SSLv3_server_method());
220 return (NULL);
221}
222
223int
224ssl3_accept(SSL *s)
225{
226 unsigned long alg_k;
227 void (*cb)(const SSL *ssl, int type, int val) = NULL;
228 int ret = -1;
229 int new_state, state, skip = 0;
230
231 ERR_clear_error();
232 errno = 0;
233
234 if (s->info_callback != NULL)
235 cb = s->info_callback;
236 else if (s->ctx->info_callback != NULL)
237 cb = s->ctx->info_callback;
238
239 /* init things to blank */
240 s->in_handshake++;
241 if (!SSL_in_init(s) || SSL_in_before(s))
242 SSL_clear(s);
243
244 if (s->cert == NULL) {
245 SSLerr(SSL_F_SSL3_ACCEPT,
246 SSL_R_NO_CERTIFICATE_SET);
247 return (-1);
248 }
249
250 for (;;) {
251 state = s->state;
252
253 switch (s->state) {
254 case SSL_ST_RENEGOTIATE:
255 s->renegotiate = 1;
256 /* s->state=SSL_ST_ACCEPT; */
257
258 case SSL_ST_BEFORE:
259 case SSL_ST_ACCEPT:
260 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
261 case SSL_ST_OK|SSL_ST_ACCEPT:
262
263 s->server = 1;
264 if (cb != NULL)
265 cb(s, SSL_CB_HANDSHAKE_START, 1);
266
267 if ((s->version >> 8) != 3) {
268 SSLerr(SSL_F_SSL3_ACCEPT,
269 ERR_R_INTERNAL_ERROR);
270 return (-1);
271 }
272 s->type = SSL_ST_ACCEPT;
273
274 if (!ssl3_setup_init_buffer(s)) {
275 ret = -1;
276 goto end;
277 }
278 if (!ssl3_setup_buffers(s)) {
279 ret = -1;
280 goto end;
281 }
282
283 s->init_num = 0;
284
285 if (s->state != SSL_ST_RENEGOTIATE) {
286 /*
287 * Ok, we now need to push on a buffering BIO
288 * so that the output is sent in a way that
289 * TCP likes :-)
290 */
291 if (!ssl_init_wbio_buffer(s, 1)) {
292 ret = -1;
293 goto end;
294 }
295
296 if (!ssl3_init_finished_mac(s)) {
297 ret = -1;
298 goto end;
299 }
300
301 s->state = SSL3_ST_SR_CLNT_HELLO_A;
302 s->ctx->stats.sess_accept++;
303 } else if (!s->s3->send_connection_binding) {
304 /*
305 * Server attempting to renegotiate with
306 * client that doesn't support secure
307 * renegotiation.
308 */
309 SSLerr(SSL_F_SSL3_ACCEPT,
310 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
311 ssl3_send_alert(s, SSL3_AL_FATAL,
312 SSL_AD_HANDSHAKE_FAILURE);
313 ret = -1;
314 goto end;
315 } else {
316 /*
317 * s->state == SSL_ST_RENEGOTIATE,
318 * we will just send a HelloRequest
319 */
320 s->ctx->stats.sess_accept_renegotiate++;
321 s->state = SSL3_ST_SW_HELLO_REQ_A;
322 }
323 break;
324
325 case SSL3_ST_SW_HELLO_REQ_A:
326 case SSL3_ST_SW_HELLO_REQ_B:
327
328 s->shutdown = 0;
329 ret = ssl3_send_hello_request(s);
330 if (ret <= 0)
331 goto end;
332 s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
333 s->state = SSL3_ST_SW_FLUSH;
334 s->init_num = 0;
335
336 if (!ssl3_init_finished_mac(s)) {
337 ret = -1;
338 goto end;
339 }
340 break;
341
342 case SSL3_ST_SW_HELLO_REQ_C:
343 s->state = SSL_ST_OK;
344 break;
345
346 case SSL3_ST_SR_CLNT_HELLO_A:
347 case SSL3_ST_SR_CLNT_HELLO_B:
348 case SSL3_ST_SR_CLNT_HELLO_C:
349
350 s->shutdown = 0;
351 if (s->rwstate != SSL_X509_LOOKUP) {
352 ret = ssl3_get_client_hello(s);
353 if (ret <= 0)
354 goto end;
355 }
356
357 s->renegotiate = 2;
358 s->state = SSL3_ST_SW_SRVR_HELLO_A;
359 s->init_num = 0;
360 break;
361
362 case SSL3_ST_SW_SRVR_HELLO_A:
363 case SSL3_ST_SW_SRVR_HELLO_B:
364 ret = ssl3_send_server_hello(s);
365 if (ret <= 0)
366 goto end;
367 if (s->hit) {
368 if (s->tlsext_ticket_expected)
369 s->state = SSL3_ST_SW_SESSION_TICKET_A;
370 else
371 s->state = SSL3_ST_SW_CHANGE_A;
372 }
373 else
374 s->state = SSL3_ST_SW_CERT_A;
375 s->init_num = 0;
376 break;
377
378 case SSL3_ST_SW_CERT_A:
379 case SSL3_ST_SW_CERT_B:
380 /* Check if it is anon DH or anon ECDH. */
381 if (!(s->s3->tmp.new_cipher->algorithm_auth &
382 SSL_aNULL)) {
383 ret = ssl3_send_server_certificate(s);
384 if (ret <= 0)
385 goto end;
386 if (s->tlsext_status_expected)
387 s->state = SSL3_ST_SW_CERT_STATUS_A;
388 else
389 s->state = SSL3_ST_SW_KEY_EXCH_A;
390 } else {
391 skip = 1;
392 s->state = SSL3_ST_SW_KEY_EXCH_A;
393 }
394 s->init_num = 0;
395 break;
396
397 case SSL3_ST_SW_KEY_EXCH_A:
398 case SSL3_ST_SW_KEY_EXCH_B:
399 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
400
401 /*
402 * Only send if using a DH key exchange.
403 *
404 * For ECC ciphersuites, we send a ServerKeyExchange
405 * message only if the cipher suite is ECDHE. In other
406 * cases, the server certificate contains the server's
407 * public key for key exchange.
408 */
409 if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
410 ret = ssl3_send_server_key_exchange(s);
411 if (ret <= 0)
412 goto end;
413 } else
414 skip = 1;
415
416 s->state = SSL3_ST_SW_CERT_REQ_A;
417 s->init_num = 0;
418 break;
419
420 case SSL3_ST_SW_CERT_REQ_A:
421 case SSL3_ST_SW_CERT_REQ_B:
422 /*
423 * Determine whether or not we need to request a
424 * certificate.
425 *
426 * Do not request a certificate if:
427 *
428 * - We did not ask for it (SSL_VERIFY_PEER is unset).
429 *
430 * - SSL_VERIFY_CLIENT_ONCE is set and we are
431 * renegotiating.
432 *
433 * - We are using an anonymous ciphersuites
434 * (see section "Certificate request" in SSL 3 drafts
435 * and in RFC 2246) ... except when the application
436 * insists on verification (against the specs, but
437 * s3_clnt.c accepts this for SSL 3).
438 */
439 if (!(s->verify_mode & SSL_VERIFY_PEER) ||
440 ((s->session->peer != NULL) &&
441 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
442 ((s->s3->tmp.new_cipher->algorithm_auth &
443 SSL_aNULL) && !(s->verify_mode &
444 SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
445 /* No cert request */
446 skip = 1;
447 s->s3->tmp.cert_request = 0;
448 s->state = SSL3_ST_SW_SRVR_DONE_A;
449 if (s->s3->handshake_buffer)
450 if (!ssl3_digest_cached_records(s))
451 return (-1);
452 } else {
453 s->s3->tmp.cert_request = 1;
454 ret = ssl3_send_certificate_request(s);
455 if (ret <= 0)
456 goto end;
457 s->state = SSL3_ST_SW_SRVR_DONE_A;
458 s->init_num = 0;
459 }
460 break;
461
462 case SSL3_ST_SW_SRVR_DONE_A:
463 case SSL3_ST_SW_SRVR_DONE_B:
464 ret = ssl3_send_server_done(s);
465 if (ret <= 0)
466 goto end;
467 s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
468 s->state = SSL3_ST_SW_FLUSH;
469 s->init_num = 0;
470 break;
471
472 case SSL3_ST_SW_FLUSH:
473
474 /*
475 * This code originally checked to see if
476 * any data was pending using BIO_CTRL_INFO
477 * and then flushed. This caused problems
478 * as documented in PR#1939. The proposed
479 * fix doesn't completely resolve this issue
480 * as buggy implementations of BIO_CTRL_PENDING
481 * still exist. So instead we just flush
482 * unconditionally.
483 */
484
485 s->rwstate = SSL_WRITING;
486 if (BIO_flush(s->wbio) <= 0) {
487 ret = -1;
488 goto end;
489 }
490 s->rwstate = SSL_NOTHING;
491
492 s->state = s->s3->tmp.next_state;
493 break;
494
495 case SSL3_ST_SR_CERT_A:
496 case SSL3_ST_SR_CERT_B:
497 if (s->s3->tmp.cert_request) {
498 ret = ssl3_get_client_certificate(s);
499 if (ret <= 0)
500 goto end;
501 }
502 s->init_num = 0;
503 s->state = SSL3_ST_SR_KEY_EXCH_A;
504 break;
505
506 case SSL3_ST_SR_KEY_EXCH_A:
507 case SSL3_ST_SR_KEY_EXCH_B:
508 ret = ssl3_get_client_key_exchange(s);
509 if (ret <= 0)
510 goto end;
511 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
512 if (ret == 2) {
513 /*
514 * For the ECDH ciphersuites when
515 * the client sends its ECDH pub key in
516 * a certificate, the CertificateVerify
517 * message is not sent.
518 * Also for GOST ciphersuites when
519 * the client uses its key from the certificate
520 * for key exchange.
521 */
522 if (s->s3->next_proto_neg_seen)
523 s->state = SSL3_ST_SR_NEXT_PROTO_A;
524 else
525 s->state = SSL3_ST_SR_FINISHED_A;
526 s->init_num = 0;
527 } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) {
528 s->state = SSL3_ST_SR_CERT_VRFY_A;
529 s->init_num = 0;
530 if (!s->session->peer)
531 break;
532 /*
533 * For sigalgs freeze the handshake buffer
534 * at this point and digest cached records.
535 */
536 if (!s->s3->handshake_buffer) {
537 SSLerr(SSL_F_SSL3_ACCEPT,
538 ERR_R_INTERNAL_ERROR);
539 return (-1);
540 }
541 s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
542 if (!ssl3_digest_cached_records(s))
543 return (-1);
544 } else {
545 int offset = 0;
546 int dgst_num;
547
548 s->state = SSL3_ST_SR_CERT_VRFY_A;
549 s->init_num = 0;
550
551 /*
552 * We need to get hashes here so if there is
553 * a client cert, it can be verified
554 * FIXME - digest processing for
555 * CertificateVerify should be generalized.
556 * But it is next step
557 */
558 if (s->s3->handshake_buffer)
559 if (!ssl3_digest_cached_records(s))
560 return (-1);
561 for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST;
562 dgst_num++)
563 if (s->s3->handshake_dgst[dgst_num]) {
564 int dgst_size;
565
566 s->method->ssl3_enc->cert_verify_mac(s,
567 EVP_MD_CTX_type(
568 s->s3->handshake_dgst[dgst_num]),
569 &(s->s3->tmp.cert_verify_md[offset]));
570 dgst_size = EVP_MD_CTX_size(
571 s->s3->handshake_dgst[dgst_num]);
572 if (dgst_size < 0) {
573 ret = -1;
574 goto end;
575 }
576 offset += dgst_size;
577 }
578 }
579 break;
580
581 case SSL3_ST_SR_CERT_VRFY_A:
582 case SSL3_ST_SR_CERT_VRFY_B:
583 s->s3->flags |= SSL3_FLAGS_CCS_OK;
584
585 /* we should decide if we expected this one */
586 ret = ssl3_get_cert_verify(s);
587 if (ret <= 0)
588 goto end;
589
590 if (s->s3->next_proto_neg_seen)
591 s->state = SSL3_ST_SR_NEXT_PROTO_A;
592 else
593 s->state = SSL3_ST_SR_FINISHED_A;
594 s->init_num = 0;
595 break;
596
597 case SSL3_ST_SR_NEXT_PROTO_A:
598 case SSL3_ST_SR_NEXT_PROTO_B:
599 ret = ssl3_get_next_proto(s);
600 if (ret <= 0)
601 goto end;
602 s->init_num = 0;
603 s->state = SSL3_ST_SR_FINISHED_A;
604 break;
605
606 case SSL3_ST_SR_FINISHED_A:
607 case SSL3_ST_SR_FINISHED_B:
608 s->s3->flags |= SSL3_FLAGS_CCS_OK;
609 ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
610 SSL3_ST_SR_FINISHED_B);
611 if (ret <= 0)
612 goto end;
613 if (s->hit)
614 s->state = SSL_ST_OK;
615 else if (s->tlsext_ticket_expected)
616 s->state = SSL3_ST_SW_SESSION_TICKET_A;
617 else
618 s->state = SSL3_ST_SW_CHANGE_A;
619 s->init_num = 0;
620 break;
621
622 case SSL3_ST_SW_SESSION_TICKET_A:
623 case SSL3_ST_SW_SESSION_TICKET_B:
624 ret = ssl3_send_newsession_ticket(s);
625 if (ret <= 0)
626 goto end;
627 s->state = SSL3_ST_SW_CHANGE_A;
628 s->init_num = 0;
629 break;
630
631 case SSL3_ST_SW_CERT_STATUS_A:
632 case SSL3_ST_SW_CERT_STATUS_B:
633 ret = ssl3_send_cert_status(s);
634 if (ret <= 0)
635 goto end;
636 s->state = SSL3_ST_SW_KEY_EXCH_A;
637 s->init_num = 0;
638 break;
639
640
641 case SSL3_ST_SW_CHANGE_A:
642 case SSL3_ST_SW_CHANGE_B:
643
644 s->session->cipher = s->s3->tmp.new_cipher;
645 if (!s->method->ssl3_enc->setup_key_block(s)) {
646 ret = -1;
647 goto end;
648 }
649
650 ret = ssl3_send_change_cipher_spec(s,
651 SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B);
652
653 if (ret <= 0)
654 goto end;
655 s->state = SSL3_ST_SW_FINISHED_A;
656 s->init_num = 0;
657
658 if (!s->method->ssl3_enc->change_cipher_state(
659 s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
660 ret = -1;
661 goto end;
662 }
663
664 break;
665
666 case SSL3_ST_SW_FINISHED_A:
667 case SSL3_ST_SW_FINISHED_B:
668 ret = ssl3_send_finished(s,
669 SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B,
670 s->method->ssl3_enc->server_finished_label,
671 s->method->ssl3_enc->server_finished_label_len);
672 if (ret <= 0)
673 goto end;
674 s->state = SSL3_ST_SW_FLUSH;
675 if (s->hit) {
676 if (s->s3->next_proto_neg_seen) {
677 s->s3->flags |= SSL3_FLAGS_CCS_OK;
678 s->s3->tmp.next_state =
679 SSL3_ST_SR_NEXT_PROTO_A;
680 } else
681 s->s3->tmp.next_state =
682 SSL3_ST_SR_FINISHED_A;
683 } else
684 s->s3->tmp.next_state = SSL_ST_OK;
685 s->init_num = 0;
686 break;
687
688 case SSL_ST_OK:
689 /* clean a few things up */
690 ssl3_cleanup_key_block(s);
691
692 BUF_MEM_free(s->init_buf);
693 s->init_buf = NULL;
694
695 /* remove buffering on output */
696 ssl_free_wbio_buffer(s);
697
698 s->init_num = 0;
699
700 /* skipped if we just sent a HelloRequest */
701 if (s->renegotiate == 2) {
702 s->renegotiate = 0;
703 s->new_session = 0;
704
705 ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
706
707 s->ctx->stats.sess_accept_good++;
708 /* s->server=1; */
709 s->handshake_func = ssl3_accept;
710
711 if (cb != NULL)
712 cb(s, SSL_CB_HANDSHAKE_DONE, 1);
713 }
714
715 ret = 1;
716 goto end;
717 /* break; */
718
719 default:
720 SSLerr(SSL_F_SSL3_ACCEPT,
721 SSL_R_UNKNOWN_STATE);
722 ret = -1;
723 goto end;
724 /* break; */
725 }
726
727 if (!s->s3->tmp.reuse_message && !skip) {
728 if (s->debug) {
729 if ((ret = BIO_flush(s->wbio)) <= 0)
730 goto end;
731 }
732
733
734 if ((cb != NULL) && (s->state != state)) {
735 new_state = s->state;
736 s->state = state;
737 cb(s, SSL_CB_ACCEPT_LOOP, 1);
738 s->state = new_state;
739 }
740 }
741 skip = 0;
742 }
743end:
744 /* BIO_flush(s->wbio); */
745
746 s->in_handshake--;
747 if (cb != NULL)
748 cb(s, SSL_CB_ACCEPT_EXIT, ret);
749 return (ret);
750}
751
752int
753ssl3_send_hello_request(SSL *s)
754{
755 if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
756 ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST);
757 ssl3_handshake_msg_finish(s, 0);
758
759 s->state = SSL3_ST_SW_HELLO_REQ_B;
760 }
761
762 /* SSL3_ST_SW_HELLO_REQ_B */
763 return (ssl3_handshake_write(s));
764}
765
766int
767ssl3_get_client_hello(SSL *s)
768{
769 int i, j, ok, al, ret = -1;
770 unsigned int cookie_len;
771 long n;
772 unsigned long id;
773 unsigned char *p, *d;
774 SSL_CIPHER *c;
775 STACK_OF(SSL_CIPHER) *ciphers = NULL;
776 unsigned long alg_k;
777
778 /*
779 * We do this so that we will respond with our native type.
780 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
781 * This down switching should be handled by a different method.
782 * If we are SSLv3, we will respond with SSLv3, even if prompted with
783 * TLSv1.
784 */
785 if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
786 s->state = SSL3_ST_SR_CLNT_HELLO_B;
787 }
788 s->first_packet = 1;
789 n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
790 SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
791 SSL3_RT_MAX_PLAIN_LENGTH, &ok);
792
793 if (!ok)
794 return ((int)n);
795 s->first_packet = 0;
796 d = p = (unsigned char *)s->init_msg;
797
798 if (2 > n)
799 goto truncated;
800 /*
801 * Use version from inside client hello, not from record header.
802 * (may differ: see RFC 2246, Appendix E, second paragraph)
803 */
804 s->client_version = (((int)p[0]) << 8)|(int)p[1];
805 p += 2;
806
807 if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
808 (s->version != DTLS1_VERSION && s->client_version < s->version)) {
809 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
810 SSL_R_WRONG_VERSION_NUMBER);
811 if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
812 !s->enc_write_ctx && !s->write_hash) {
813 /*
814 * Similar to ssl3_get_record, send alert using remote
815 * version number
816 */
817 s->version = s->client_version;
818 }
819 al = SSL_AD_PROTOCOL_VERSION;
820 goto f_err;
821 }
822
823 /*
824 * If we require cookies and this ClientHello doesn't
825 * contain one, just return since we do not want to
826 * allocate any memory yet. So check cookie length...
827 */
828 if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
829 unsigned int session_length, cookie_length;
830
831 session_length = *(p + SSL3_RANDOM_SIZE);
832 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
833
834 if (cookie_length == 0)
835 return (1);
836 }
837
838 if (p + SSL3_RANDOM_SIZE + 1 - d > n)
839 goto truncated;
840
841 /* load the client random */
842 memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
843 p += SSL3_RANDOM_SIZE;
844
845 /* get the session-id */
846 j= *(p++);
847 if (p + j - d > n)
848 goto truncated;
849
850 s->hit = 0;
851 /*
852 * Versions before 0.9.7 always allow clients to resume sessions in
853 * renegotiation. 0.9.7 and later allow this by default, but optionally
854 * ignore resumption requests with flag
855 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
856 * rather than a change to default behavior so that applications
857 * relying on this for security won't even compile against older
858 * library versions).
859 *
860 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
861 * to request renegotiation but not a new session (s->new_session
862 * remains unset): for servers, this essentially just means that the
863 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
864 * ignored.
865 */
866 if ((s->new_session && (s->options &
867 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
868 if (!ssl_get_new_session(s, 1))
869 goto err;
870 } else {
871 i = ssl_get_prev_session(s, p, j, d + n);
872 if (i == 1) { /* previous session */
873 s->hit = 1;
874 } else if (i == -1)
875 goto err;
876 else {
877 /* i == 0 */
878 if (!ssl_get_new_session(s, 1))
879 goto err;
880 }
881 }
882
883 p += j;
884
885 if (SSL_IS_DTLS(s)) {
886 /* cookie stuff */
887 if (p + 1 - d > n)
888 goto truncated;
889 cookie_len = *(p++);
890
891 /*
892 * The ClientHello may contain a cookie even if the
893 * HelloVerify message has not been sent--make sure that it
894 * does not cause an overflow.
895 */
896 if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
897 /* too much data */
898 al = SSL_AD_DECODE_ERROR;
899 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
900 SSL_R_COOKIE_MISMATCH);
901 goto f_err;
902 }
903
904 if (p + cookie_len - d > n)
905 goto truncated;
906
907 /* verify the cookie if appropriate option is set. */
908 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
909 cookie_len > 0) {
910 memcpy(s->d1->rcvd_cookie, p, cookie_len);
911
912 if (s->ctx->app_verify_cookie_cb != NULL) {
913 if (s->ctx->app_verify_cookie_cb(s,
914 s->d1->rcvd_cookie, cookie_len) == 0) {
915 al = SSL_AD_HANDSHAKE_FAILURE;
916 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
917 SSL_R_COOKIE_MISMATCH);
918 goto f_err;
919 }
920 /* else cookie verification succeeded */
921 } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
922 s->d1->cookie_len) != 0) {
923 /* default verification */
924 al = SSL_AD_HANDSHAKE_FAILURE;
925 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
926 SSL_R_COOKIE_MISMATCH);
927 goto f_err;
928 }
929
930 ret = 2;
931 }
932
933 p += cookie_len;
934 }
935
936 if (p + 2 - d > n)
937 goto truncated;
938 n2s(p, i);
939 if ((i == 0) && (j != 0)) {
940 /* we need a cipher if we are not resuming a session */
941 al = SSL_AD_ILLEGAL_PARAMETER;
942 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
943 SSL_R_NO_CIPHERS_SPECIFIED);
944 goto f_err;
945 }
946 if (p + i - d > n)
947 goto truncated;
948 if (i > 0) {
949 if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
950 goto err;
951 }
952 p += i;
953
954 /* If it is a hit, check that the cipher is in the list */
955 if ((s->hit) && (i > 0)) {
956 j = 0;
957 id = s->session->cipher->id;
958
959 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
960 c = sk_SSL_CIPHER_value(ciphers, i);
961 if (c->id == id) {
962 j = 1;
963 break;
964 }
965 }
966 if (j == 0) {
967 /*
968 * We need to have the cipher in the cipher
969 * list if we are asked to reuse it
970 */
971 al = SSL_AD_ILLEGAL_PARAMETER;
972 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
973 SSL_R_REQUIRED_CIPHER_MISSING);
974 goto f_err;
975 }
976 }
977
978 /* compression */
979 if (p + 1 - d > n)
980 goto truncated;
981 i= *(p++);
982 if (p + i - d > n)
983 goto truncated;
984 for (j = 0; j < i; j++) {
985 if (p[j] == 0)
986 break;
987 }
988
989 p += i;
990 if (j >= i) {
991 /* no compress */
992 al = SSL_AD_DECODE_ERROR;
993 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
994 SSL_R_NO_COMPRESSION_SPECIFIED);
995 goto f_err;
996 }
997
998 /* TLS extensions*/
999 if (s->version >= SSL3_VERSION) {
1000 if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
1001 /* 'al' set by ssl_parse_clienthello_tlsext */
1002 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1003 SSL_R_PARSE_TLSEXT);
1004 goto f_err;
1005 }
1006 }
1007 if (ssl_check_clienthello_tlsext_early(s) <= 0) {
1008 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1009 SSL_R_CLIENTHELLO_TLSEXT);
1010 goto err;
1011 }
1012
1013 /*
1014 * Check if we want to use external pre-shared secret for this
1015 * handshake for not reused session only. We need to generate
1016 * server_random before calling tls_session_secret_cb in order to allow
1017 * SessionTicket processing to use it in key derivation.
1018 */
1019 arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
1020
1021 if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
1022 SSL_CIPHER *pref_cipher = NULL;
1023
1024 s->session->master_key_length = sizeof(s->session->master_key);
1025 if (s->tls_session_secret_cb(s, s->session->master_key,
1026 &s->session->master_key_length, ciphers, &pref_cipher,
1027 s->tls_session_secret_cb_arg)) {
1028 s->hit = 1;
1029 s->session->ciphers = ciphers;
1030 s->session->verify_result = X509_V_OK;
1031
1032 ciphers = NULL;
1033
1034 /* check if some cipher was preferred by call back */
1035 pref_cipher = pref_cipher ? pref_cipher :
1036 ssl3_choose_cipher(s, s->session->ciphers,
1037 SSL_get_ciphers(s));
1038 if (pref_cipher == NULL) {
1039 al = SSL_AD_HANDSHAKE_FAILURE;
1040 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1041 SSL_R_NO_SHARED_CIPHER);
1042 goto f_err;
1043 }
1044
1045 s->session->cipher = pref_cipher;
1046
1047 if (s->cipher_list)
1048 sk_SSL_CIPHER_free(s->cipher_list);
1049
1050 if (s->cipher_list_by_id)
1051 sk_SSL_CIPHER_free(s->cipher_list_by_id);
1052
1053 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1054 s->cipher_list_by_id =
1055 sk_SSL_CIPHER_dup(s->session->ciphers);
1056 }
1057 }
1058
1059 /*
1060 * Given s->session->ciphers and SSL_get_ciphers, we must
1061 * pick a cipher
1062 */
1063
1064 if (!s->hit) {
1065 if (s->session->ciphers != NULL)
1066 sk_SSL_CIPHER_free(s->session->ciphers);
1067 s->session->ciphers = ciphers;
1068 if (ciphers == NULL) {
1069 al = SSL_AD_ILLEGAL_PARAMETER;
1070 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1071 SSL_R_NO_CIPHERS_PASSED);
1072 goto f_err;
1073 }
1074 ciphers = NULL;
1075 c = ssl3_choose_cipher(s, s->session->ciphers,
1076 SSL_get_ciphers(s));
1077
1078 if (c == NULL) {
1079 al = SSL_AD_HANDSHAKE_FAILURE;
1080 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1081 SSL_R_NO_SHARED_CIPHER);
1082 goto f_err;
1083 }
1084 s->s3->tmp.new_cipher = c;
1085 } else {
1086 s->s3->tmp.new_cipher = s->session->cipher;
1087 }
1088
1089 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1090 if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) ||
1091 !(s->verify_mode & SSL_VERIFY_PEER)) {
1092 if (!ssl3_digest_cached_records(s)) {
1093 al = SSL_AD_INTERNAL_ERROR;
1094 goto f_err;
1095 }
1096 }
1097
1098 /*
1099 * We now have the following setup.
1100 * client_random
1101 * cipher_list - our prefered list of ciphers
1102 * ciphers - the clients prefered list of ciphers
1103 * compression - basically ignored right now
1104 * ssl version is set - sslv3
1105 * s->session - The ssl session has been setup.
1106 * s->hit - session reuse flag
1107 * s->tmp.new_cipher - the new cipher to use.
1108 */
1109
1110 /* Handles TLS extensions that we couldn't check earlier */
1111 if (s->version >= SSL3_VERSION) {
1112 if (ssl_check_clienthello_tlsext_late(s) <= 0) {
1113 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
1114 SSL_R_CLIENTHELLO_TLSEXT);
1115 goto err;
1116 }
1117 }
1118
1119 if (ret < 0)
1120 ret = 1;
1121 if (0) {
1122truncated:
1123 al = SSL_AD_DECODE_ERROR;
1124 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH);
1125f_err:
1126 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1127 }
1128err:
1129 if (ciphers != NULL)
1130 sk_SSL_CIPHER_free(ciphers);
1131 return (ret);
1132}
1133
1134int
1135ssl3_send_server_hello(SSL *s)
1136{
1137 unsigned char *bufend;
1138 unsigned char *p, *d;
1139 int sl;
1140
1141 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
1142 d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO);
1143
1144 *(p++) = s->version >> 8;
1145 *(p++) = s->version & 0xff;
1146
1147 /* Random stuff */
1148 memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
1149 p += SSL3_RANDOM_SIZE;
1150
1151 /*
1152 * There are several cases for the session ID to send
1153 * back in the server hello:
1154 *
1155 * - For session reuse from the session cache,
1156 * we send back the old session ID.
1157 * - If stateless session reuse (using a session ticket)
1158 * is successful, we send back the client's "session ID"
1159 * (which doesn't actually identify the session).
1160 * - If it is a new session, we send back the new
1161 * session ID.
1162 * - However, if we want the new session to be single-use,
1163 * we send back a 0-length session ID.
1164 *
1165 * s->hit is non-zero in either case of session reuse,
1166 * so the following won't overwrite an ID that we're supposed
1167 * to send back.
1168 */
1169 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
1170 && !s->hit)
1171 s->session->session_id_length = 0;
1172
1173 sl = s->session->session_id_length;
1174 if (sl > (int)sizeof(s->session->session_id)) {
1175 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1176 ERR_R_INTERNAL_ERROR);
1177 return (-1);
1178 }
1179 *(p++) = sl;
1180 memcpy(p, s->session->session_id, sl);
1181 p += sl;
1182
1183 /* put the cipher */
1184 s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p);
1185
1186 /* put the compression method */
1187 *(p++) = 0;
1188
1189 if (ssl_prepare_serverhello_tlsext(s) <= 0) {
1190 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1191 SSL_R_SERVERHELLO_TLSEXT);
1192 return (-1);
1193 }
1194 bufend = (unsigned char *)s->init_buf->data +
1195 SSL3_RT_MAX_PLAIN_LENGTH;
1196 if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) {
1197 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,
1198 ERR_R_INTERNAL_ERROR);
1199 return (-1);
1200 }
1201
1202 ssl3_handshake_msg_finish(s, p - d);
1203 }
1204
1205 /* SSL3_ST_SW_SRVR_HELLO_B */
1206 return (ssl3_handshake_write(s));
1207}
1208
1209int
1210ssl3_send_server_done(SSL *s)
1211{
1212 if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
1213 ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE);
1214 ssl3_handshake_msg_finish(s, 0);
1215
1216 s->state = SSL3_ST_SW_SRVR_DONE_B;
1217 }
1218
1219 /* SSL3_ST_SW_SRVR_DONE_B */
1220 return (ssl3_handshake_write(s));
1221}
1222
1223int
1224ssl3_send_server_key_exchange(SSL *s)
1225{
1226 unsigned char *q;
1227 int j, num;
1228 unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
1229 unsigned int u;
1230 DH *dh = NULL, *dhp;
1231 EC_KEY *ecdh = NULL, *ecdhp;
1232 unsigned char *encodedPoint = NULL;
1233 int encodedlen = 0;
1234 int curve_id = 0;
1235 BN_CTX *bn_ctx = NULL;
1236
1237 EVP_PKEY *pkey;
1238 const EVP_MD *md = NULL;
1239 unsigned char *p, *d;
1240 int al, i;
1241 unsigned long type;
1242 int n;
1243 CERT *cert;
1244 BIGNUM *r[4];
1245 int nr[4], kn;
1246 BUF_MEM *buf;
1247 EVP_MD_CTX md_ctx;
1248
1249 EVP_MD_CTX_init(&md_ctx);
1250 if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
1251 type = s->s3->tmp.new_cipher->algorithm_mkey;
1252 cert = s->cert;
1253
1254 buf = s->init_buf;
1255
1256 r[0] = r[1] = r[2] = r[3] = NULL;
1257 n = 0;
1258 if (type & SSL_kDHE) {
1259 if (s->cert->dh_tmp_auto != 0) {
1260 if ((dhp = ssl_get_auto_dh(s)) == NULL) {
1261 al = SSL_AD_INTERNAL_ERROR;
1262 SSLerr(
1263 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1264 ERR_R_INTERNAL_ERROR);
1265 goto f_err;
1266 }
1267 } else
1268 dhp = cert->dh_tmp;
1269
1270 if (dhp == NULL && s->cert->dh_tmp_cb != NULL)
1271 dhp = s->cert->dh_tmp_cb(s, 0,
1272 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
1273
1274 if (dhp == NULL) {
1275 al = SSL_AD_HANDSHAKE_FAILURE;
1276 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1277 SSL_R_MISSING_TMP_DH_KEY);
1278 goto f_err;
1279 }
1280
1281 if (s->s3->tmp.dh != NULL) {
1282 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1283 ERR_R_INTERNAL_ERROR);
1284 goto err;
1285 }
1286
1287 if (s->cert->dh_tmp_auto != 0) {
1288 dh = dhp;
1289 } else if ((dh = DHparams_dup(dhp)) == NULL) {
1290 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1291 ERR_R_DH_LIB);
1292 goto err;
1293 }
1294 s->s3->tmp.dh = dh;
1295
1296 if ((dhp->pub_key == NULL || dhp->priv_key == NULL ||
1297 (s->options & SSL_OP_SINGLE_DH_USE))) {
1298 if (!DH_generate_key(dh)) {
1299 SSLerr(
1300 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1301 ERR_R_DH_LIB);
1302 goto err;
1303 }
1304 } else {
1305 dh->pub_key = BN_dup(dhp->pub_key);
1306 dh->priv_key = BN_dup(dhp->priv_key);
1307 if ((dh->pub_key == NULL) ||
1308 (dh->priv_key == NULL)) {
1309 SSLerr(
1310 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1311 ERR_R_DH_LIB);
1312 goto err;
1313 }
1314 }
1315 r[0] = dh->p;
1316 r[1] = dh->g;
1317 r[2] = dh->pub_key;
1318 } else
1319 if (type & SSL_kECDHE) {
1320 const EC_GROUP *group;
1321
1322 ecdhp = cert->ecdh_tmp;
1323 if (s->cert->ecdh_tmp_auto != 0) {
1324 int nid = tls1_get_shared_curve(s);
1325 if (nid != NID_undef)
1326 ecdhp = EC_KEY_new_by_curve_name(nid);
1327 } else if (ecdhp == NULL &&
1328 s->cert->ecdh_tmp_cb != NULL) {
1329 ecdhp = s->cert->ecdh_tmp_cb(s, 0,
1330 SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher));
1331 }
1332 if (ecdhp == NULL) {
1333 al = SSL_AD_HANDSHAKE_FAILURE;
1334 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1335 SSL_R_MISSING_TMP_ECDH_KEY);
1336 goto f_err;
1337 }
1338
1339 if (s->s3->tmp.ecdh != NULL) {
1340 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1341 ERR_R_INTERNAL_ERROR);
1342 goto err;
1343 }
1344
1345 /* Duplicate the ECDH structure. */
1346 if (s->cert->ecdh_tmp_auto != 0) {
1347 ecdh = ecdhp;
1348 } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
1349 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1350 ERR_R_ECDH_LIB);
1351 goto err;
1352 }
1353 s->s3->tmp.ecdh = ecdh;
1354
1355 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1356 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1357 (s->options & SSL_OP_SINGLE_ECDH_USE)) {
1358 if (!EC_KEY_generate_key(ecdh)) {
1359 SSLerr(
1360 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1361 ERR_R_ECDH_LIB);
1362 goto err;
1363 }
1364 }
1365
1366 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1367 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1368 (EC_KEY_get0_private_key(ecdh) == NULL)) {
1369 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1370 ERR_R_ECDH_LIB);
1371 goto err;
1372 }
1373
1374 /*
1375 * XXX: For now, we only support ephemeral ECDH
1376 * keys over named (not generic) curves. For
1377 * supported named curves, curve_id is non-zero.
1378 */
1379 if ((curve_id = tls1_ec_nid2curve_id(
1380 EC_GROUP_get_curve_name(group))) == 0) {
1381 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1382 SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1383 goto err;
1384 }
1385
1386 /*
1387 * Encode the public key.
1388 * First check the size of encoding and
1389 * allocate memory accordingly.
1390 */
1391 encodedlen = EC_POINT_point2oct(group,
1392 EC_KEY_get0_public_key(ecdh),
1393 POINT_CONVERSION_UNCOMPRESSED,
1394 NULL, 0, NULL);
1395
1396 encodedPoint = malloc(encodedlen);
1397
1398 bn_ctx = BN_CTX_new();
1399 if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
1400 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1401 ERR_R_MALLOC_FAILURE);
1402 goto err;
1403 }
1404
1405
1406 encodedlen = EC_POINT_point2oct(group,
1407 EC_KEY_get0_public_key(ecdh),
1408 POINT_CONVERSION_UNCOMPRESSED,
1409 encodedPoint, encodedlen, bn_ctx);
1410
1411 if (encodedlen == 0) {
1412 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1413 ERR_R_ECDH_LIB);
1414 goto err;
1415 }
1416
1417 BN_CTX_free(bn_ctx);
1418 bn_ctx = NULL;
1419
1420 /*
1421 * XXX: For now, we only support named (not
1422 * generic) curves in ECDH ephemeral key exchanges.
1423 * In this situation, we need four additional bytes
1424 * to encode the entire ServerECDHParams
1425 * structure.
1426 */
1427 n = 4 + encodedlen;
1428
1429 /*
1430 * We'll generate the serverKeyExchange message
1431 * explicitly so we can set these to NULLs
1432 */
1433 r[0] = NULL;
1434 r[1] = NULL;
1435 r[2] = NULL;
1436 r[3] = NULL;
1437 } else
1438 {
1439 al = SSL_AD_HANDSHAKE_FAILURE;
1440 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1441 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
1442 goto f_err;
1443 }
1444 for (i = 0; i < 4 && r[i] != NULL; i++) {
1445 nr[i] = BN_num_bytes(r[i]);
1446 n += 2 + nr[i];
1447 }
1448
1449 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) {
1450 if ((pkey = ssl_get_sign_pkey(
1451 s, s->s3->tmp.new_cipher, &md)) == NULL) {
1452 al = SSL_AD_DECODE_ERROR;
1453 goto f_err;
1454 }
1455 kn = EVP_PKEY_size(pkey);
1456 } else {
1457 pkey = NULL;
1458 kn = 0;
1459 }
1460
1461 if (!BUF_MEM_grow_clean(buf, n + 4 + kn)) {
1462 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1463 ERR_LIB_BUF);
1464 goto err;
1465 }
1466 d = (unsigned char *)s->init_buf->data;
1467 p = &d[4];
1468
1469 for (i = 0; i < 4 && r[i] != NULL; i++) {
1470 s2n(nr[i], p);
1471 BN_bn2bin(r[i], p);
1472 p += nr[i];
1473 }
1474
1475 if (type & SSL_kECDHE) {
1476 /*
1477 * XXX: For now, we only support named (not generic)
1478 * curves.
1479 * In this situation, the serverKeyExchange message has:
1480 * [1 byte CurveType], [2 byte CurveName]
1481 * [1 byte length of encoded point], followed by
1482 * the actual encoded point itself
1483 */
1484 *p = NAMED_CURVE_TYPE;
1485 p += 1;
1486 *p = 0;
1487 p += 1;
1488 *p = curve_id;
1489 p += 1;
1490 *p = encodedlen;
1491 p += 1;
1492 memcpy((unsigned char*)p,
1493 (unsigned char *)encodedPoint, encodedlen);
1494 free(encodedPoint);
1495 encodedPoint = NULL;
1496 p += encodedlen;
1497 }
1498
1499
1500 /* not anonymous */
1501 if (pkey != NULL) {
1502 /*
1503 * n is the length of the params, they start at &(d[4])
1504 * and p points to the space at the end.
1505 */
1506 if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
1507 q = md_buf;
1508 j = 0;
1509 for (num = 2; num > 0; num--) {
1510 if (!EVP_DigestInit_ex(&md_ctx,
1511 (num == 2) ? s->ctx->md5 :
1512 s->ctx->sha1, NULL))
1513 goto err;
1514 EVP_DigestUpdate(&md_ctx,
1515 s->s3->client_random,
1516 SSL3_RANDOM_SIZE);
1517 EVP_DigestUpdate(&md_ctx,
1518 s->s3->server_random,
1519 SSL3_RANDOM_SIZE);
1520 EVP_DigestUpdate(&md_ctx, &d[4], n);
1521 EVP_DigestFinal_ex(&md_ctx, q,
1522 (unsigned int *)&i);
1523 q += i;
1524 j += i;
1525 }
1526 if (RSA_sign(NID_md5_sha1, md_buf, j,
1527 &(p[2]), &u, pkey->pkey.rsa) <= 0) {
1528 SSLerr(
1529 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1530 ERR_LIB_RSA);
1531 goto err;
1532 }
1533 s2n(u, p);
1534 n += u + 2;
1535 } else if (md) {
1536 /* Send signature algorithm. */
1537 if (SSL_USE_SIGALGS(s)) {
1538 if (!tls12_get_sigandhash(p, pkey, md)) {
1539 /* Should never happen */
1540 al = SSL_AD_INTERNAL_ERROR;
1541 SSLerr(
1542 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1543 ERR_R_INTERNAL_ERROR);
1544 goto f_err;
1545 }
1546 p += 2;
1547 }
1548 EVP_SignInit_ex(&md_ctx, md, NULL);
1549 EVP_SignUpdate(&md_ctx,
1550 s->s3->client_random,
1551 SSL3_RANDOM_SIZE);
1552 EVP_SignUpdate(&md_ctx,
1553 s->s3->server_random,
1554 SSL3_RANDOM_SIZE);
1555 EVP_SignUpdate(&md_ctx, &d[4], n);
1556 if (!EVP_SignFinal(&md_ctx, &p[2],
1557 (unsigned int *)&i, pkey)) {
1558 SSLerr(
1559 SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1560 ERR_LIB_EVP);
1561 goto err;
1562 }
1563 s2n(i, p);
1564 n += i + 2;
1565 if (SSL_USE_SIGALGS(s))
1566 n += 2;
1567 } else {
1568 /* Is this error check actually needed? */
1569 al = SSL_AD_HANDSHAKE_FAILURE;
1570 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
1571 SSL_R_UNKNOWN_PKEY_TYPE);
1572 goto f_err;
1573 }
1574 }
1575
1576 *(d++) = SSL3_MT_SERVER_KEY_EXCHANGE;
1577 l2n3(n, d);
1578
1579 /* we should now have things packed up, so lets send it off */
1580 s->init_num = n + 4;
1581 s->init_off = 0;
1582 }
1583
1584 s->state = SSL3_ST_SW_KEY_EXCH_B;
1585 EVP_MD_CTX_cleanup(&md_ctx);
1586 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
1587f_err:
1588 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1589err:
1590 free(encodedPoint);
1591 BN_CTX_free(bn_ctx);
1592 EVP_MD_CTX_cleanup(&md_ctx);
1593 return (-1);
1594}
1595
1596int
1597ssl3_send_certificate_request(SSL *s)
1598{
1599 unsigned char *p, *d;
1600 int i, j, nl, off, n;
1601 STACK_OF(X509_NAME) *sk = NULL;
1602 X509_NAME *name;
1603 BUF_MEM *buf;
1604
1605 if (s->state == SSL3_ST_SW_CERT_REQ_A) {
1606 buf = s->init_buf;
1607
1608 d = p = (unsigned char *)&(buf->data[4]);
1609
1610 /* get the list of acceptable cert types */
1611 p++;
1612 n = ssl3_get_req_cert_type(s, p);
1613 d[0] = n;
1614 p += n;
1615 n++;
1616
1617 if (SSL_USE_SIGALGS(s)) {
1618 nl = tls12_get_req_sig_algs(s, p + 2);
1619 s2n(nl, p);
1620 p += nl + 2;
1621 n += nl + 2;
1622 }
1623
1624 off = n;
1625 p += 2;
1626 n += 2;
1627
1628 sk = SSL_get_client_CA_list(s);
1629 nl = 0;
1630 if (sk != NULL) {
1631 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
1632 name = sk_X509_NAME_value(sk, i);
1633 j = i2d_X509_NAME(name, NULL);
1634 if (!BUF_MEM_grow_clean(buf, 4 + n + j + 2)) {
1635 SSLerr(
1636 SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
1637 ERR_R_BUF_LIB);
1638 goto err;
1639 }
1640 p = (unsigned char *)&(buf->data[4 + n]);
1641 s2n(j, p);
1642 i2d_X509_NAME(name, &p);
1643 n += 2 + j;
1644 nl += 2 + j;
1645 }
1646 }
1647 /* else no CA names */
1648 p = (unsigned char *)&(buf->data[4 + off]);
1649 s2n(nl, p);
1650
1651 d = (unsigned char *)buf->data;
1652 *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
1653 l2n3(n, d);
1654
1655 /* we should now have things packed up, so lets send it off */
1656 s->init_num = n + 4;
1657 s->init_off = 0;
1658
1659 s->state = SSL3_ST_SW_CERT_REQ_B;
1660 }
1661
1662 /* SSL3_ST_SW_CERT_REQ_B */
1663 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
1664err:
1665 return (-1);
1666}
1667
1668int
1669ssl3_get_client_key_exchange(SSL *s)
1670{
1671 int i, al, ok;
1672 long n;
1673 unsigned long alg_k;
1674 unsigned char *d, *p;
1675 RSA *rsa = NULL;
1676 EVP_PKEY *pkey = NULL;
1677 BIGNUM *pub = NULL;
1678 DH *dh_srvr;
1679
1680 EC_KEY *srvr_ecdh = NULL;
1681 EVP_PKEY *clnt_pub_pkey = NULL;
1682 EC_POINT *clnt_ecpoint = NULL;
1683 BN_CTX *bn_ctx = NULL;
1684
1685 /* 2048 maxlen is a guess. How long a key does that permit? */
1686 n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
1687 SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
1688 if (!ok)
1689 return ((int)n);
1690 d = p = (unsigned char *)s->init_msg;
1691
1692 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1693
1694 if (alg_k & SSL_kRSA) {
1695 char fakekey[SSL_MAX_MASTER_KEY_LENGTH];
1696
1697 arc4random_buf(fakekey, sizeof(fakekey));
1698 fakekey[0] = s->client_version >> 8;
1699 fakekey[1] = s->client_version & 0xff;
1700
1701 pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
1702 if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) ||
1703 (pkey->pkey.rsa == NULL)) {
1704 al = SSL_AD_HANDSHAKE_FAILURE;
1705 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1706 SSL_R_MISSING_RSA_CERTIFICATE);
1707 goto f_err;
1708 }
1709 rsa = pkey->pkey.rsa;
1710
1711 /* TLS and [incidentally] DTLS{0xFEFF} */
1712 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
1713 if (2 > n)
1714 goto truncated;
1715 n2s(p, i);
1716 if (n != i + 2) {
1717 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1718 SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
1719 goto err;
1720 } else
1721 n = i;
1722 }
1723
1724 i = RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
1725
1726 ERR_clear_error();
1727
1728 al = -1;
1729
1730 if (i != SSL_MAX_MASTER_KEY_LENGTH) {
1731 al = SSL_AD_DECODE_ERROR;
1732 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
1733 }
1734
1735 if (p + 2 - d > n) /* needed in the SSL3 case */
1736 goto truncated;
1737 if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
1738 (p[1] == (s->client_version & 0xff)))) {
1739 /*
1740 * The premaster secret must contain the same version
1741 * number as the ClientHello to detect version rollback
1742 * attacks (strangely, the protocol does not offer such
1743 * protection for DH ciphersuites).
1744 * However, buggy clients exist that send the negotiated
1745 * protocol version instead if the server does not
1746 * support the requested protocol version.
1747 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
1748 * clients.
1749 */
1750 if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
1751 (p[0] == (s->version >> 8)) &&
1752 (p[1] == (s->version & 0xff)))) {
1753 al = SSL_AD_DECODE_ERROR;
1754 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
1755
1756 /*
1757 * The Klima-Pokorny-Rosa extension of
1758 * Bleichenbacher's attack
1759 * (http://eprint.iacr.org/2003/052/) exploits
1760 * the version number check as a "bad version
1761 * oracle" -- an alert would reveal that the
1762 * plaintext corresponding to some ciphertext
1763 * made up by the adversary is properly
1764 * formatted except that the version number is
1765 * wrong.
1766 * To avoid such attacks, we should treat this
1767 * just like any other decryption error.
1768 */
1769 }
1770 }
1771
1772 if (al != -1) {
1773 /*
1774 * Some decryption failure -- use random value instead
1775 * as countermeasure against Bleichenbacher's attack
1776 * on PKCS #1 v1.5 RSA padding (see RFC 2246,
1777 * section 7.4.7.1).
1778 */
1779 i = SSL_MAX_MASTER_KEY_LENGTH;
1780 p = fakekey;
1781 }
1782
1783 s->session->master_key_length =
1784 s->method->ssl3_enc->generate_master_secret(s,
1785 s->session->master_key,
1786 p, i);
1787 OPENSSL_cleanse(p, i);
1788 } else if (alg_k & SSL_kDHE) {
1789 if (2 > n)
1790 goto truncated;
1791 n2s(p, i);
1792 if (n != i + 2) {
1793 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1794 SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
1795 goto err;
1796 }
1797
1798 if (n == 0L) {
1799 /* the parameters are in the cert */
1800 al = SSL_AD_HANDSHAKE_FAILURE;
1801 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1802 SSL_R_UNABLE_TO_DECODE_DH_CERTS);
1803 goto f_err;
1804 } else {
1805 if (s->s3->tmp.dh == NULL) {
1806 al = SSL_AD_HANDSHAKE_FAILURE;
1807 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1808 SSL_R_MISSING_TMP_DH_KEY);
1809 goto f_err;
1810 } else
1811 dh_srvr = s->s3->tmp.dh;
1812 }
1813
1814 pub = BN_bin2bn(p, i, NULL);
1815 if (pub == NULL) {
1816 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1817 SSL_R_BN_LIB);
1818 goto err;
1819 }
1820
1821 i = DH_compute_key(p, pub, dh_srvr);
1822
1823 if (i <= 0) {
1824 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1825 ERR_R_DH_LIB);
1826 BN_clear_free(pub);
1827 goto err;
1828 }
1829
1830 DH_free(s->s3->tmp.dh);
1831 s->s3->tmp.dh = NULL;
1832
1833 BN_clear_free(pub);
1834 pub = NULL;
1835 s->session->master_key_length =
1836 s->method->ssl3_enc->generate_master_secret(
1837 s, s->session->master_key, p, i);
1838 OPENSSL_cleanse(p, i);
1839 } else
1840
1841 if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
1842 int ret = 1;
1843 int field_size = 0;
1844 const EC_KEY *tkey;
1845 const EC_GROUP *group;
1846 const BIGNUM *priv_key;
1847
1848 /* Initialize structures for server's ECDH key pair. */
1849 if ((srvr_ecdh = EC_KEY_new()) == NULL) {
1850 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1851 ERR_R_MALLOC_FAILURE);
1852 goto err;
1853 }
1854
1855 /* Let's get server private key and group information. */
1856 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
1857 /* Use the certificate */
1858 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
1859 } else {
1860 /*
1861 * Use the ephermeral values we saved when
1862 * generating the ServerKeyExchange msg.
1863 */
1864 tkey = s->s3->tmp.ecdh;
1865 }
1866
1867 group = EC_KEY_get0_group(tkey);
1868 priv_key = EC_KEY_get0_private_key(tkey);
1869
1870 if (!EC_KEY_set_group(srvr_ecdh, group) ||
1871 !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
1872 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1873 ERR_R_EC_LIB);
1874 goto err;
1875 }
1876
1877 /* Let's get client's public key */
1878 if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
1879 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1880 ERR_R_MALLOC_FAILURE);
1881 goto err;
1882 }
1883
1884 if (n == 0L) {
1885 /* Client Publickey was in Client Certificate */
1886
1887 if (alg_k & SSL_kECDHE) {
1888 al = SSL_AD_HANDSHAKE_FAILURE;
1889 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1890 SSL_R_MISSING_TMP_ECDH_KEY);
1891 goto f_err;
1892 }
1893 if (((clnt_pub_pkey = X509_get_pubkey(
1894 s->session->peer)) == NULL) ||
1895 (clnt_pub_pkey->type != EVP_PKEY_EC)) {
1896 /*
1897 * XXX: For now, we do not support client
1898 * authentication using ECDH certificates
1899 * so this branch (n == 0L) of the code is
1900 * never executed. When that support is
1901 * added, we ought to ensure the key
1902 * received in the certificate is
1903 * authorized for key agreement.
1904 * ECDH_compute_key implicitly checks that
1905 * the two ECDH shares are for the same
1906 * group.
1907 */
1908 al = SSL_AD_HANDSHAKE_FAILURE;
1909 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1910 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
1911 goto f_err;
1912 }
1913
1914 if (EC_POINT_copy(clnt_ecpoint,
1915 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec))
1916 == 0) {
1917 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1918 ERR_R_EC_LIB);
1919 goto err;
1920 }
1921 ret = 2; /* Skip certificate verify processing */
1922 } else {
1923 /*
1924 * Get client's public key from encoded point
1925 * in the ClientKeyExchange message.
1926 */
1927 if ((bn_ctx = BN_CTX_new()) == NULL) {
1928 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1929 ERR_R_MALLOC_FAILURE);
1930 goto err;
1931 }
1932
1933 /* Get encoded point length */
1934 i = *p;
1935
1936 p += 1;
1937 if (n != 1 + i) {
1938 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1939 ERR_R_EC_LIB);
1940 goto err;
1941 }
1942 if (EC_POINT_oct2point(group,
1943 clnt_ecpoint, p, i, bn_ctx) == 0) {
1944 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1945 ERR_R_EC_LIB);
1946 goto err;
1947 }
1948 /*
1949 * p is pointing to somewhere in the buffer
1950 * currently, so set it to the start.
1951 */
1952 p = (unsigned char *)s->init_buf->data;
1953 }
1954
1955 /* Compute the shared pre-master secret */
1956 field_size = EC_GROUP_get_degree(group);
1957 if (field_size <= 0) {
1958 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1959 ERR_R_ECDH_LIB);
1960 goto err;
1961 }
1962 i = ECDH_compute_key(p, (field_size + 7)/8, clnt_ecpoint,
1963 srvr_ecdh, NULL);
1964 if (i <= 0) {
1965 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1966 ERR_R_ECDH_LIB);
1967 goto err;
1968 }
1969
1970 EVP_PKEY_free(clnt_pub_pkey);
1971 EC_POINT_free(clnt_ecpoint);
1972 EC_KEY_free(srvr_ecdh);
1973 BN_CTX_free(bn_ctx);
1974 EC_KEY_free(s->s3->tmp.ecdh);
1975 s->s3->tmp.ecdh = NULL;
1976
1977
1978 /* Compute the master secret */
1979 s->session->master_key_length = s->method->ssl3_enc-> \
1980 generate_master_secret(s, s->session->master_key, p, i);
1981
1982 OPENSSL_cleanse(p, i);
1983 return (ret);
1984 } else
1985 if (alg_k & SSL_kGOST) {
1986 int ret = 0;
1987 EVP_PKEY_CTX *pkey_ctx;
1988 EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
1989 unsigned char premaster_secret[32], *start;
1990 size_t outlen = 32, inlen;
1991 unsigned long alg_a;
1992 int Ttag, Tclass;
1993 long Tlen;
1994
1995 /* Get our certificate private key*/
1996 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1997 if (alg_a & SSL_aGOST01)
1998 pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
1999
2000 pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
2001 EVP_PKEY_decrypt_init(pkey_ctx);
2002 /*
2003 * If client certificate is present and is of the same type,
2004 * maybe use it for key exchange.
2005 * Don't mind errors from EVP_PKEY_derive_set_peer, because
2006 * it is completely valid to use a client certificate for
2007 * authorization only.
2008 */
2009 client_pub_pkey = X509_get_pubkey(s->session->peer);
2010 if (client_pub_pkey) {
2011 if (EVP_PKEY_derive_set_peer(pkey_ctx,
2012 client_pub_pkey) <= 0)
2013 ERR_clear_error();
2014 }
2015 if (2 > n)
2016 goto truncated;
2017 /* Decrypt session key */
2018 if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag,
2019 &Tclass, n) != V_ASN1_CONSTRUCTED ||
2020 Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) {
2021 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2022 SSL_R_DECRYPTION_FAILED);
2023 goto gerr;
2024 }
2025 start = p;
2026 inlen = Tlen;
2027 if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen,
2028 start, inlen) <=0) {
2029 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2030 SSL_R_DECRYPTION_FAILED);
2031 goto gerr;
2032 }
2033 /* Generate master secret */
2034 s->session->master_key_length =
2035 s->method->ssl3_enc->generate_master_secret(
2036 s, s->session->master_key, premaster_secret, 32);
2037 /* Check if pubkey from client certificate was used */
2038 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1,
2039 EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2040 ret = 2;
2041 else
2042 ret = 1;
2043gerr:
2044 EVP_PKEY_free(client_pub_pkey);
2045 EVP_PKEY_CTX_free(pkey_ctx);
2046 if (ret)
2047 return (ret);
2048 else
2049 goto err;
2050 } else {
2051 al = SSL_AD_HANDSHAKE_FAILURE;
2052 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2053 SSL_R_UNKNOWN_CIPHER_TYPE);
2054 goto f_err;
2055 }
2056
2057 return (1);
2058truncated:
2059 al = SSL_AD_DECODE_ERROR;
2060 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH);
2061f_err:
2062 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2063err:
2064 EVP_PKEY_free(clnt_pub_pkey);
2065 EC_POINT_free(clnt_ecpoint);
2066 EC_KEY_free(srvr_ecdh);
2067 BN_CTX_free(bn_ctx);
2068 return (-1);
2069}
2070
2071int
2072ssl3_get_cert_verify(SSL *s)
2073{
2074 EVP_PKEY *pkey = NULL;
2075 unsigned char *p;
2076 int al, ok, ret = 0;
2077 long n;
2078 int type = 0, i, j;
2079 X509 *peer;
2080 const EVP_MD *md = NULL;
2081 EVP_MD_CTX mctx;
2082 EVP_MD_CTX_init(&mctx);
2083
2084 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
2085 SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
2086 if (!ok)
2087 return ((int)n);
2088
2089 if (s->session->peer != NULL) {
2090 peer = s->session->peer;
2091 pkey = X509_get_pubkey(peer);
2092 type = X509_certificate_type(peer, pkey);
2093 } else {
2094 peer = NULL;
2095 pkey = NULL;
2096 }
2097
2098 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
2099 s->s3->tmp.reuse_message = 1;
2100 if (peer != NULL) {
2101 al = SSL_AD_UNEXPECTED_MESSAGE;
2102 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2103 SSL_R_MISSING_VERIFY_MESSAGE);
2104 goto f_err;
2105 }
2106 ret = 1;
2107 goto end;
2108 }
2109
2110 if (peer == NULL) {
2111 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2112 SSL_R_NO_CLIENT_CERT_RECEIVED);
2113 al = SSL_AD_UNEXPECTED_MESSAGE;
2114 goto f_err;
2115 }
2116
2117 if (!(type & EVP_PKT_SIGN)) {
2118 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2119 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
2120 al = SSL_AD_ILLEGAL_PARAMETER;
2121 goto f_err;
2122 }
2123
2124 if (s->s3->change_cipher_spec) {
2125 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2126 SSL_R_CCS_RECEIVED_EARLY);
2127 al = SSL_AD_UNEXPECTED_MESSAGE;
2128 goto f_err;
2129 }
2130
2131 /* we now have a signature that we need to verify */
2132 p = (unsigned char *)s->init_msg;
2133 /*
2134 * Check for broken implementations of GOST ciphersuites.
2135 *
2136 * If key is GOST and n is exactly 64, it is a bare
2137 * signature without length field.
2138 */
2139 if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
2140 pkey->type == NID_id_GostR3410_2001) ) {
2141 i = 64;
2142 } else {
2143 if (SSL_USE_SIGALGS(s)) {
2144 int sigalg = tls12_get_sigid(pkey);
2145 /* Should never happen */
2146 if (sigalg == -1) {
2147 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2148 ERR_R_INTERNAL_ERROR);
2149 al = SSL_AD_INTERNAL_ERROR;
2150 goto f_err;
2151 }
2152 if (2 > n)
2153 goto truncated;
2154 /* Check key type is consistent with signature */
2155 if (sigalg != (int)p[1]) {
2156 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2157 SSL_R_WRONG_SIGNATURE_TYPE);
2158 al = SSL_AD_DECODE_ERROR;
2159 goto f_err;
2160 }
2161 md = tls12_get_hash(p[0]);
2162 if (md == NULL) {
2163 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2164 SSL_R_UNKNOWN_DIGEST);
2165 al = SSL_AD_DECODE_ERROR;
2166 goto f_err;
2167 }
2168 p += 2;
2169 n -= 2;
2170 }
2171 if (2 > n)
2172 goto truncated;
2173 n2s(p, i);
2174 n -= 2;
2175 if (i > n)
2176 goto truncated;
2177 }
2178 j = EVP_PKEY_size(pkey);
2179 if ((i > j) || (n > j) || (n <= 0)) {
2180 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2181 SSL_R_WRONG_SIGNATURE_SIZE);
2182 al = SSL_AD_DECODE_ERROR;
2183 goto f_err;
2184 }
2185
2186 if (SSL_USE_SIGALGS(s)) {
2187 long hdatalen = 0;
2188 void *hdata;
2189 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
2190 if (hdatalen <= 0) {
2191 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2192 ERR_R_INTERNAL_ERROR);
2193 al = SSL_AD_INTERNAL_ERROR;
2194 goto f_err;
2195 }
2196 if (!EVP_VerifyInit_ex(&mctx, md, NULL) ||
2197 !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
2198 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2199 ERR_R_EVP_LIB);
2200 al = SSL_AD_INTERNAL_ERROR;
2201 goto f_err;
2202 }
2203
2204 if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
2205 al = SSL_AD_DECRYPT_ERROR;
2206 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2207 SSL_R_BAD_SIGNATURE);
2208 goto f_err;
2209 }
2210 } else
2211 if (pkey->type == EVP_PKEY_RSA) {
2212 i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
2213 MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
2214 pkey->pkey.rsa);
2215 if (i < 0) {
2216 al = SSL_AD_DECRYPT_ERROR;
2217 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2218 SSL_R_BAD_RSA_DECRYPT);
2219 goto f_err;
2220 }
2221 if (i == 0) {
2222 al = SSL_AD_DECRYPT_ERROR;
2223 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2224 SSL_R_BAD_RSA_SIGNATURE);
2225 goto f_err;
2226 }
2227 } else
2228 if (pkey->type == EVP_PKEY_DSA) {
2229 j = DSA_verify(pkey->save_type,
2230 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2231 SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
2232 if (j <= 0) {
2233 /* bad signature */
2234 al = SSL_AD_DECRYPT_ERROR;
2235 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2236 SSL_R_BAD_DSA_SIGNATURE);
2237 goto f_err;
2238 }
2239 } else
2240 if (pkey->type == EVP_PKEY_EC) {
2241 j = ECDSA_verify(pkey->save_type,
2242 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
2243 SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
2244 if (j <= 0) {
2245 /* bad signature */
2246 al = SSL_AD_DECRYPT_ERROR;
2247 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2248 SSL_R_BAD_ECDSA_SIGNATURE);
2249 goto f_err;
2250 }
2251 } else
2252#ifndef OPENSSL_NO_GOST
2253 if (pkey->type == NID_id_GostR3410_94 ||
2254 pkey->type == NID_id_GostR3410_2001) {
2255 long hdatalen = 0;
2256 void *hdata;
2257 unsigned char signature[128];
2258 unsigned int siglen = sizeof(signature);
2259 int nid;
2260 EVP_PKEY_CTX *pctx;
2261
2262 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
2263 if (hdatalen <= 0) {
2264 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2265 ERR_R_INTERNAL_ERROR);
2266 al = SSL_AD_INTERNAL_ERROR;
2267 goto f_err;
2268 }
2269 if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) ||
2270 !(md = EVP_get_digestbynid(nid))) {
2271 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2272 ERR_R_EVP_LIB);
2273 al = SSL_AD_INTERNAL_ERROR;
2274 goto f_err;
2275 }
2276 pctx = EVP_PKEY_CTX_new(pkey, NULL);
2277 if (!pctx) {
2278 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2279 ERR_R_EVP_LIB);
2280 al = SSL_AD_INTERNAL_ERROR;
2281 goto f_err;
2282 }
2283 if (!EVP_DigestInit_ex(&mctx, md, NULL) ||
2284 !EVP_DigestUpdate(&mctx, hdata, hdatalen) ||
2285 !EVP_DigestFinal(&mctx, signature, &siglen) ||
2286 (EVP_PKEY_verify_init(pctx) <= 0) ||
2287 (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) ||
2288 (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY,
2289 EVP_PKEY_CTRL_GOST_SIG_FORMAT,
2290 GOST_SIG_FORMAT_RS_LE,
2291 NULL) <= 0)) {
2292 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2293 ERR_R_EVP_LIB);
2294 al = SSL_AD_INTERNAL_ERROR;
2295 EVP_PKEY_CTX_free(pctx);
2296 goto f_err;
2297 }
2298
2299 if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) {
2300 al = SSL_AD_DECRYPT_ERROR;
2301 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2302 SSL_R_BAD_SIGNATURE);
2303 EVP_PKEY_CTX_free(pctx);
2304 goto f_err;
2305 }
2306
2307 EVP_PKEY_CTX_free(pctx);
2308 } else
2309#endif
2310 {
2311 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2312 ERR_R_INTERNAL_ERROR);
2313 al = SSL_AD_UNSUPPORTED_CERTIFICATE;
2314 goto f_err;
2315 }
2316
2317
2318 ret = 1;
2319 if (0) {
2320truncated:
2321 al = SSL_AD_DECODE_ERROR;
2322 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH);
2323f_err:
2324 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2325 }
2326end:
2327 if (s->s3->handshake_buffer) {
2328 BIO_free(s->s3->handshake_buffer);
2329 s->s3->handshake_buffer = NULL;
2330 s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
2331 }
2332 EVP_MD_CTX_cleanup(&mctx);
2333 EVP_PKEY_free(pkey);
2334 return (ret);
2335}
2336
2337int
2338ssl3_get_client_certificate(SSL *s)
2339{
2340 CBS cbs, client_certs;
2341 int i, ok, al, ret = -1;
2342 X509 *x = NULL;
2343 long n;
2344 const unsigned char *q;
2345 STACK_OF(X509) *sk = NULL;
2346
2347 n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
2348 -1, s->max_cert_list, &ok);
2349
2350 if (!ok)
2351 return ((int)n);
2352
2353 if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
2354 if ((s->verify_mode & SSL_VERIFY_PEER) &&
2355 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2356 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2357 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2358 al = SSL_AD_HANDSHAKE_FAILURE;
2359 goto f_err;
2360 }
2361 /*
2362 * If tls asked for a client cert,
2363 * the client must return a 0 list.
2364 */
2365 if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) {
2366 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2367 SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
2368 );
2369 al = SSL_AD_UNEXPECTED_MESSAGE;
2370 goto f_err;
2371 }
2372 s->s3->tmp.reuse_message = 1;
2373 return (1);
2374 }
2375
2376 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
2377 al = SSL_AD_UNEXPECTED_MESSAGE;
2378 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2379 SSL_R_WRONG_MESSAGE_TYPE);
2380 goto f_err;
2381 }
2382
2383 if (n < 0)
2384 goto truncated;
2385
2386 CBS_init(&cbs, s->init_msg, n);
2387
2388 if ((sk = sk_X509_new_null()) == NULL) {
2389 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2390 ERR_R_MALLOC_FAILURE);
2391 goto err;
2392 }
2393
2394 if (!CBS_get_u24_length_prefixed(&cbs, &client_certs) ||
2395 CBS_len(&cbs) != 0)
2396 goto truncated;
2397
2398 while (CBS_len(&client_certs) > 0) {
2399 CBS cert;
2400
2401 if (!CBS_get_u24_length_prefixed(&client_certs, &cert)) {
2402 al = SSL_AD_DECODE_ERROR;
2403 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2404 SSL_R_CERT_LENGTH_MISMATCH);
2405 goto f_err;
2406 }
2407
2408 q = CBS_data(&cert);
2409 x = d2i_X509(NULL, &q, CBS_len(&cert));
2410 if (x == NULL) {
2411 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2412 ERR_R_ASN1_LIB);
2413 goto err;
2414 }
2415 if (q != CBS_data(&cert) + CBS_len(&cert)) {
2416 al = SSL_AD_DECODE_ERROR;
2417 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2418 SSL_R_CERT_LENGTH_MISMATCH);
2419 goto f_err;
2420 }
2421 if (!sk_X509_push(sk, x)) {
2422 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2423 ERR_R_MALLOC_FAILURE);
2424 goto err;
2425 }
2426 x = NULL;
2427 }
2428
2429 if (sk_X509_num(sk) <= 0) {
2430 /* TLS does not mind 0 certs returned */
2431 if (s->version == SSL3_VERSION) {
2432 al = SSL_AD_HANDSHAKE_FAILURE;
2433 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2434 SSL_R_NO_CERTIFICATES_RETURNED);
2435 goto f_err;
2436 }
2437 /* Fail for TLS only if we required a certificate */
2438 else if ((s->verify_mode & SSL_VERIFY_PEER) &&
2439 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
2440 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2441 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
2442 al = SSL_AD_HANDSHAKE_FAILURE;
2443 goto f_err;
2444 }
2445 /* No client certificate so digest cached records */
2446 if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
2447 al = SSL_AD_INTERNAL_ERROR;
2448 goto f_err;
2449 }
2450 } else {
2451 i = ssl_verify_cert_chain(s, sk);
2452 if (i <= 0) {
2453 al = ssl_verify_alarm_type(s->verify_result);
2454 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2455 SSL_R_NO_CERTIFICATE_RETURNED);
2456 goto f_err;
2457 }
2458 }
2459
2460 if (s->session->peer != NULL) /* This should not be needed */
2461 X509_free(s->session->peer);
2462 s->session->peer = sk_X509_shift(sk);
2463 s->session->verify_result = s->verify_result;
2464
2465 /*
2466 * With the current implementation, sess_cert will always be NULL
2467 * when we arrive here
2468 */
2469 if (s->session->sess_cert == NULL) {
2470 s->session->sess_cert = ssl_sess_cert_new();
2471 if (s->session->sess_cert == NULL) {
2472 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2473 ERR_R_MALLOC_FAILURE);
2474 goto err;
2475 }
2476 }
2477 if (s->session->sess_cert->cert_chain != NULL)
2478 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
2479 s->session->sess_cert->cert_chain = sk;
2480
2481 /*
2482 * Inconsistency alert: cert_chain does *not* include the
2483 * peer's own certificate, while we do include it in s3_clnt.c
2484 */
2485
2486 sk = NULL;
2487
2488 ret = 1;
2489 if (0) {
2490truncated:
2491 al = SSL_AD_DECODE_ERROR;
2492 SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
2493 SSL_R_BAD_PACKET_LENGTH);
2494f_err:
2495 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2496 }
2497err:
2498 if (x != NULL)
2499 X509_free(x);
2500 if (sk != NULL)
2501 sk_X509_pop_free(sk, X509_free);
2502 return (ret);
2503}
2504
2505int
2506ssl3_send_server_certificate(SSL *s)
2507{
2508 unsigned long l;
2509 X509 *x;
2510
2511 if (s->state == SSL3_ST_SW_CERT_A) {
2512 x = ssl_get_server_send_cert(s);
2513 if (x == NULL) {
2514 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
2515 ERR_R_INTERNAL_ERROR);
2516 return (0);
2517 }
2518
2519 l = ssl3_output_cert_chain(s, x);
2520 s->state = SSL3_ST_SW_CERT_B;
2521 s->init_num = (int)l;
2522 s->init_off = 0;
2523 }
2524
2525 /* SSL3_ST_SW_CERT_B */
2526 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2527}
2528
2529/* send a new session ticket (not necessarily for a new session) */
2530int
2531ssl3_send_newsession_ticket(SSL *s)
2532{
2533 if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
2534 unsigned char *p, *senc, *macstart;
2535 const unsigned char *const_p;
2536 int len, slen_full, slen;
2537 SSL_SESSION *sess;
2538 unsigned int hlen;
2539 EVP_CIPHER_CTX ctx;
2540 HMAC_CTX hctx;
2541 SSL_CTX *tctx = s->initial_ctx;
2542 unsigned char iv[EVP_MAX_IV_LENGTH];
2543 unsigned char key_name[16];
2544
2545 /* get session encoding length */
2546 slen_full = i2d_SSL_SESSION(s->session, NULL);
2547 /*
2548 * Some length values are 16 bits, so forget it if session is
2549 * too long
2550 */
2551 if (slen_full > 0xFF00)
2552 return (-1);
2553 senc = malloc(slen_full);
2554 if (!senc)
2555 return (-1);
2556 p = senc;
2557 i2d_SSL_SESSION(s->session, &p);
2558
2559 /*
2560 * Create a fresh copy (not shared with other threads) to
2561 * clean up
2562 */
2563 const_p = senc;
2564 sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
2565 if (sess == NULL) {
2566 free(senc);
2567 return (-1);
2568 }
2569
2570 /* ID is irrelevant for the ticket */
2571 sess->session_id_length = 0;
2572
2573 slen = i2d_SSL_SESSION(sess, NULL);
2574 if (slen > slen_full) {
2575 /* shouldn't ever happen */
2576 free(senc);
2577 return (-1);
2578 }
2579 p = senc;
2580 i2d_SSL_SESSION(sess, &p);
2581 SSL_SESSION_free(sess);
2582
2583 /*
2584 * Grow buffer if need be: the length calculation is as
2585 * follows 1 (size of message name) + 3 (message length
2586 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
2587 * 16 (key name) + max_iv_len (iv length) +
2588 * session_length + max_enc_block_size (max encrypted session
2589 * length) + max_md_size (HMAC).
2590 */
2591 if (!BUF_MEM_grow(s->init_buf,
2592 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
2593 EVP_MAX_MD_SIZE + slen)) {
2594 free(senc);
2595 return (-1);
2596 }
2597
2598 p = (unsigned char *)s->init_buf->data;
2599 /* do the header */
2600 *(p++) = SSL3_MT_NEWSESSION_TICKET;
2601 /* Skip message length for now */
2602 p += 3;
2603 EVP_CIPHER_CTX_init(&ctx);
2604 HMAC_CTX_init(&hctx);
2605 /*
2606 * Initialize HMAC and cipher contexts. If callback present
2607 * it does all the work otherwise use generated values
2608 * from parent ctx.
2609 */
2610 if (tctx->tlsext_ticket_key_cb) {
2611 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
2612 &hctx, 1) < 0) {
2613 free(senc);
2614 EVP_CIPHER_CTX_cleanup(&ctx);
2615 return (-1);
2616 }
2617 } else {
2618 arc4random_buf(iv, 16);
2619 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2620 tctx->tlsext_tick_aes_key, iv);
2621 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2622 tlsext_tick_md(), NULL);
2623 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
2624 }
2625
2626 /*
2627 * Ticket lifetime hint (advisory only):
2628 * We leave this unspecified for resumed session
2629 * (for simplicity), and guess that tickets for new
2630 * sessions will live as long as their sessions.
2631 */
2632 l2n(s->hit ? 0 : s->session->timeout, p);
2633
2634 /* Skip ticket length for now */
2635 p += 2;
2636 /* Output key name */
2637 macstart = p;
2638 memcpy(p, key_name, 16);
2639 p += 16;
2640 /* output IV */
2641 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
2642 p += EVP_CIPHER_CTX_iv_length(&ctx);
2643 /* Encrypt session data */
2644 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
2645 p += len;
2646 EVP_EncryptFinal(&ctx, p, &len);
2647 p += len;
2648 EVP_CIPHER_CTX_cleanup(&ctx);
2649
2650 HMAC_Update(&hctx, macstart, p - macstart);
2651 HMAC_Final(&hctx, p, &hlen);
2652 HMAC_CTX_cleanup(&hctx);
2653
2654 p += hlen;
2655 /* Now write out lengths: p points to end of data written */
2656 /* Total length */
2657 len = p - (unsigned char *)s->init_buf->data;
2658 p = (unsigned char *)s->init_buf->data + 1;
2659 l2n3(len - 4, p); /* Message length */
2660 p += 4;
2661 s2n(len - 10, p);
2662 /* Ticket length */
2663
2664 /* number of bytes to write */
2665 s->init_num = len;
2666 s->state = SSL3_ST_SW_SESSION_TICKET_B;
2667 s->init_off = 0;
2668 free(senc);
2669 }
2670
2671 /* SSL3_ST_SW_SESSION_TICKET_B */
2672 return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
2673}
2674
2675int
2676ssl3_send_cert_status(SSL *s)
2677{
2678 unsigned char *p;
2679
2680 if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
2681 /*
2682 * Grow buffer if need be: the length calculation is as
2683 * follows 1 (message type) + 3 (message length) +
2684 * 1 (ocsp response type) + 3 (ocsp response length)
2685 * + (ocsp response)
2686 */
2687 if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 +
2688 s->tlsext_ocsp_resplen))
2689 return (-1);
2690
2691 p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS);
2692
2693 *(p++) = s->tlsext_status_type;
2694 l2n3(s->tlsext_ocsp_resplen, p);
2695 memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
2696
2697 ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4);
2698
2699 s->state = SSL3_ST_SW_CERT_STATUS_B;
2700 }
2701
2702 /* SSL3_ST_SW_CERT_STATUS_B */
2703 return (ssl3_handshake_write(s));
2704}
2705
2706/*
2707 * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
2708 * It sets the next_proto member in s if found
2709 */
2710int
2711ssl3_get_next_proto(SSL *s)
2712{
2713 CBS cbs, proto, padding;
2714 int ok;
2715 long n;
2716 size_t len;
2717
2718 /*
2719 * Clients cannot send a NextProtocol message if we didn't see the
2720 * extension in their ClientHello
2721 */
2722 if (!s->s3->next_proto_neg_seen) {
2723 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2724 SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
2725 return (-1);
2726 }
2727
2728 /* 514 maxlen is enough for the payload format below */
2729 n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
2730 SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
2731 if (!ok)
2732 return ((int)n);
2733
2734 /*
2735 * s->state doesn't reflect whether ChangeCipherSpec has been received
2736 * in this handshake, but s->s3->change_cipher_spec does (will be reset
2737 * by ssl3_get_finished).
2738 */
2739 if (!s->s3->change_cipher_spec) {
2740 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2741 SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
2742 return (-1);
2743 }
2744
2745 if (n < 2)
2746 return (0);
2747 /* The body must be > 1 bytes long */
2748
2749 CBS_init(&cbs, s->init_msg, s->init_num);
2750
2751 /*
2752 * The payload looks like:
2753 * uint8 proto_len;
2754 * uint8 proto[proto_len];
2755 * uint8 padding_len;
2756 * uint8 padding[padding_len];
2757 */
2758 if (!CBS_get_u8_length_prefixed(&cbs, &proto) ||
2759 !CBS_get_u8_length_prefixed(&cbs, &padding) ||
2760 CBS_len(&cbs) != 0)
2761 return 0;
2762
2763 /*
2764 * XXX We should not NULL it, but this matches old behavior of not
2765 * freeing before malloc.
2766 */
2767 s->next_proto_negotiated = NULL;
2768 s->next_proto_negotiated_len = 0;
2769
2770 if (!CBS_stow(&proto, &s->next_proto_negotiated, &len)) {
2771 SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
2772 ERR_R_MALLOC_FAILURE);
2773 return (0);
2774 }
2775 s->next_proto_negotiated_len = (uint8_t)len;
2776
2777 return (1);
2778}
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index ca85d7e741..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,3 +0,0 @@
1# Don't forget to give libtls the same type of bump!
2major=35
3minor=0
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h
deleted file mode 100644
index 051a254034..0000000000
--- a/src/lib/libssl/srtp.h
+++ /dev/null
@@ -1,143 +0,0 @@
1/* $OpenBSD: srtp.h,v 1.5 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/*
112 * DTLS code by Eric Rescorla <ekr@rtfm.com>
113 *
114 * Copyright (C) 2006, Network Resonance, Inc.
115 * Copyright (C) 2011, RTFM, Inc.
116 */
117
118#ifndef HEADER_D1_SRTP_H
119#define HEADER_D1_SRTP_H
120
121#ifdef __cplusplus
122extern "C" {
123#endif
124
125#define SRTP_AES128_CM_SHA1_80 0x0001
126#define SRTP_AES128_CM_SHA1_32 0x0002
127#define SRTP_AES128_F8_SHA1_80 0x0003
128#define SRTP_AES128_F8_SHA1_32 0x0004
129#define SRTP_NULL_SHA1_80 0x0005
130#define SRTP_NULL_SHA1_32 0x0006
131
132int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
133int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
134SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
135
136STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
137SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
138
139#ifdef __cplusplus
140}
141#endif
142
143#endif
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index 0cd220778b..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,2389 +0,0 @@
1/* $OpenBSD: ssl.h,v 1.92 2015/07/19 06:31:32 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_H
144#define HEADER_SSL_H
145
146#include <stdint.h>
147
148#include <openssl/opensslconf.h>
149#include <openssl/hmac.h>
150#include <openssl/pem.h>
151#include <openssl/safestack.h>
152
153#ifndef OPENSSL_NO_BIO
154#include <openssl/bio.h>
155#endif
156
157#ifndef OPENSSL_NO_DEPRECATED
158#include <openssl/buffer.h>
159#include <openssl/crypto.h>
160#include <openssl/lhash.h>
161
162#ifndef OPENSSL_NO_X509
163#include <openssl/x509.h>
164#endif
165#endif
166
167#ifdef __cplusplus
168extern "C" {
169#endif
170
171/* SSLeay version number for ASN.1 encoding of the session information */
172/* Version 0 - initial version
173 * Version 1 - added the optional peer certificate
174 */
175#define SSL_SESSION_ASN1_VERSION 0x0001
176
177/* text strings for the ciphers */
178#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
179#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
180#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
181#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
182#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
183#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
184#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
185#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
186#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
187#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
188
189/* VRS Additional Kerberos5 entries
190 */
191#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
192#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
193#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
194#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
195#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
196#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
197#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
198#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
199
200#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
201#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
202#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
203#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
204#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
205#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
206
207#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
208#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
209#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
210#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
211#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
212#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
213#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
214
215#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
216#define SSL_MAX_SID_CTX_LENGTH 32
217
218#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
219#define SSL_MAX_KEY_ARG_LENGTH 8
220#define SSL_MAX_MASTER_KEY_LENGTH 48
221
222
223/* These are used to specify which ciphers to use and not to use */
224
225#define SSL_TXT_LOW "LOW"
226#define SSL_TXT_MEDIUM "MEDIUM"
227#define SSL_TXT_HIGH "HIGH"
228
229#define SSL_TXT_kFZA "kFZA" /* unused! */
230#define SSL_TXT_aFZA "aFZA" /* unused! */
231#define SSL_TXT_eFZA "eFZA" /* unused! */
232#define SSL_TXT_FZA "FZA" /* unused! */
233
234#define SSL_TXT_aNULL "aNULL"
235#define SSL_TXT_eNULL "eNULL"
236#define SSL_TXT_NULL "NULL"
237
238#define SSL_TXT_kRSA "kRSA"
239#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
240#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
241#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
242#define SSL_TXT_kEDH "kEDH"
243#define SSL_TXT_kKRB5 "kKRB5"
244#define SSL_TXT_kECDHr "kECDHr"
245#define SSL_TXT_kECDHe "kECDHe"
246#define SSL_TXT_kECDH "kECDH"
247#define SSL_TXT_kEECDH "kEECDH"
248#define SSL_TXT_kPSK "kPSK"
249#define SSL_TXT_kGOST "kGOST"
250#define SSL_TXT_kSRP "kSRP"
251
252#define SSL_TXT_aRSA "aRSA"
253#define SSL_TXT_aDSS "aDSS"
254#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
255#define SSL_TXT_aECDH "aECDH"
256#define SSL_TXT_aKRB5 "aKRB5"
257#define SSL_TXT_aECDSA "aECDSA"
258#define SSL_TXT_aPSK "aPSK"
259#define SSL_TXT_aGOST94 "aGOST94"
260#define SSL_TXT_aGOST01 "aGOST01"
261#define SSL_TXT_aGOST "aGOST"
262
263#define SSL_TXT_DSS "DSS"
264#define SSL_TXT_DH "DH"
265#define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */
266#define SSL_TXT_EDH "EDH" /* previous name for DHE */
267#define SSL_TXT_ADH "ADH"
268#define SSL_TXT_RSA "RSA"
269#define SSL_TXT_ECDH "ECDH"
270#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */
271#define SSL_TXT_EECDH "EECDH" /* previous name for ECDHE */
272#define SSL_TXT_AECDH "AECDH"
273#define SSL_TXT_ECDSA "ECDSA"
274#define SSL_TXT_KRB5 "KRB5"
275#define SSL_TXT_PSK "PSK"
276#define SSL_TXT_SRP "SRP"
277
278#define SSL_TXT_DES "DES"
279#define SSL_TXT_3DES "3DES"
280#define SSL_TXT_RC4 "RC4"
281#define SSL_TXT_RC2 "RC2"
282#define SSL_TXT_IDEA "IDEA"
283#define SSL_TXT_SEED "SEED"
284#define SSL_TXT_AES128 "AES128"
285#define SSL_TXT_AES256 "AES256"
286#define SSL_TXT_AES "AES"
287#define SSL_TXT_AES_GCM "AESGCM"
288#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
289#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
290#define SSL_TXT_CAMELLIA "CAMELLIA"
291#define SSL_TXT_CHACHA20 "CHACHA20"
292
293#define SSL_TXT_AEAD "AEAD"
294#define SSL_TXT_MD5 "MD5"
295#define SSL_TXT_SHA1 "SHA1"
296#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
297#define SSL_TXT_GOST94 "GOST94"
298#define SSL_TXT_GOST89MAC "GOST89MAC"
299#define SSL_TXT_SHA256 "SHA256"
300#define SSL_TXT_SHA384 "SHA384"
301#define SSL_TXT_STREEBOG256 "STREEBOG256"
302#define SSL_TXT_STREEBOG512 "STREEBOG512"
303
304#define SSL_TXT_DTLS1 "DTLSv1"
305#define SSL_TXT_DTLS1_BAD "DTLSv1-bad"
306#define SSL_TXT_SSLV2 "SSLv2"
307#define SSL_TXT_SSLV3 "SSLv3"
308#define SSL_TXT_TLSV1 "TLSv1"
309#define SSL_TXT_TLSV1_1 "TLSv1.1"
310#define SSL_TXT_TLSV1_2 "TLSv1.2"
311
312#define SSL_TXT_EXP "EXP"
313#define SSL_TXT_EXPORT "EXPORT"
314
315#define SSL_TXT_ALL "ALL"
316
317/*
318 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
319 * ciphers normally not being used.
320 * Example: "RC4" will activate all ciphers using RC4 including ciphers
321 * without authentication, which would normally disabled by DEFAULT (due
322 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
323 * will make sure that it is also disabled in the specific selection.
324 * COMPLEMENTOF* identifiers are portable between version, as adjustments
325 * to the default cipher setup will also be included here.
326 *
327 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
328 * DEFAULT gets, as only selection is being done and no sorting as needed
329 * for DEFAULT.
330 */
331#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
332#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
333
334/* The following cipher list is used by default.
335 * It also is substituted when an application-defined cipher list string
336 * starts with 'DEFAULT'. */
337#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
338/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
339 * starts with a reasonable order, and all we have to do for DEFAULT is
340 * throwing out anonymous and unencrypted ciphersuites!
341 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
342 * some of them.)
343 */
344
345/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
346#define SSL_SENT_SHUTDOWN 1
347#define SSL_RECEIVED_SHUTDOWN 2
348
349
350#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
351#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
352
353/* This is needed to stop compilers complaining about the
354 * 'struct ssl_st *' function parameters used to prototype callbacks
355 * in SSL_CTX. */
356typedef struct ssl_st *ssl_crock_st;
357typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
358typedef struct ssl_method_st SSL_METHOD;
359typedef struct ssl_cipher_st SSL_CIPHER;
360typedef struct ssl_session_st SSL_SESSION;
361
362DECLARE_STACK_OF(SSL_CIPHER)
363
364/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
365typedef struct srtp_protection_profile_st {
366 const char *name;
367 unsigned long id;
368} SRTP_PROTECTION_PROFILE;
369
370DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
371
372typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
373 int len, void *arg);
374typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
375 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
376
377#ifndef OPENSSL_NO_SSL_INTERN
378
379/* used to hold info on the particular ciphers used */
380struct ssl_cipher_st {
381 int valid;
382 const char *name; /* text name */
383 unsigned long id; /* id, 4 bytes, first is version */
384
385 unsigned long algorithm_mkey; /* key exchange algorithm */
386 unsigned long algorithm_auth; /* server authentication */
387 unsigned long algorithm_enc; /* symmetric encryption */
388 unsigned long algorithm_mac; /* symmetric authentication */
389 unsigned long algorithm_ssl; /* (major) protocol version */
390
391 unsigned long algo_strength; /* strength and export flags */
392 unsigned long algorithm2; /* Extra flags */
393 int strength_bits; /* Number of bits really used */
394 int alg_bits; /* Number of bits for algorithm */
395};
396
397
398/* Used to hold functions for SSLv3/TLSv1 functions */
399struct ssl_method_st {
400 int version;
401 int (*ssl_new)(SSL *s);
402 void (*ssl_clear)(SSL *s);
403 void (*ssl_free)(SSL *s);
404 int (*ssl_accept)(SSL *s);
405 int (*ssl_connect)(SSL *s);
406 int (*ssl_read)(SSL *s, void *buf, int len);
407 int (*ssl_peek)(SSL *s, void *buf, int len);
408 int (*ssl_write)(SSL *s, const void *buf, int len);
409 int (*ssl_shutdown)(SSL *s);
410 int (*ssl_renegotiate)(SSL *s);
411 int (*ssl_renegotiate_check)(SSL *s);
412 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
413 long max, int *ok);
414 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
415 int len, int peek);
416 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
417 int (*ssl_dispatch_alert)(SSL *s);
418 long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
419 long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
420 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
421 int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
422 int (*ssl_pending)(const SSL *s);
423 int (*num_ciphers)(void);
424 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
425 const struct ssl_method_st *(*get_ssl_method)(int version);
426 long (*get_timeout)(void);
427 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
428 int (*ssl_version)(void);
429 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
430 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
431};
432
433/* Lets make this into an ASN.1 type structure as follows
434 * SSL_SESSION_ID ::= SEQUENCE {
435 * version INTEGER, -- structure version number
436 * SSLversion INTEGER, -- SSL version number
437 * Cipher OCTET STRING, -- the 3 byte cipher ID
438 * Session_ID OCTET STRING, -- the Session ID
439 * Master_key OCTET STRING, -- the master key
440 * KRB5_principal OCTET STRING -- optional Kerberos principal
441 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
442 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
443 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
444 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
445 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
446 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
447 * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
448 * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
449 * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
450 * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
451 * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
452 * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
453 * }
454 * Look in ssl/ssl_asn1.c for more details
455 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
456 */
457struct ssl_session_st {
458 int ssl_version; /* what ssl version session info is
459 * being kept in here? */
460
461 int master_key_length;
462 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
463 /* session_id - valid? */
464 unsigned int session_id_length;
465 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
466 /* this is used to determine whether the session is being reused in
467 * the appropriate context. It is up to the application to set this,
468 * via SSL_new */
469 unsigned int sid_ctx_length;
470 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
471
472 /* Used to indicate that session resumption is not allowed.
473 * Applications can also set this bit for a new session via
474 * not_resumable_session_cb to disable session caching and tickets. */
475 int not_resumable;
476
477 /* The cert is the certificate used to establish this connection */
478 struct sess_cert_st /* SESS_CERT */ *sess_cert;
479
480 /* This is the cert for the other end.
481 * On clients, it will be the same as sess_cert->peer_key->x509
482 * (the latter is not enough as sess_cert is not retained
483 * in the external representation of sessions, see ssl_asn1.c). */
484 X509 *peer;
485 /* when app_verify_callback accepts a session where the peer's certificate
486 * is not ok, we must remember the error for session reuse: */
487 long verify_result; /* only for servers */
488
489 long timeout;
490 time_t time;
491 int references;
492
493 const SSL_CIPHER *cipher;
494 unsigned long cipher_id; /* when ASN.1 loaded, this
495 * needs to be used to load
496 * the 'cipher' structure */
497
498 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
499
500 CRYPTO_EX_DATA ex_data; /* application specific data */
501
502 /* These are used to make removal of session-ids more
503 * efficient and to implement a maximum cache size. */
504 struct ssl_session_st *prev, *next;
505 char *tlsext_hostname;
506 size_t tlsext_ecpointformatlist_length;
507 uint8_t *tlsext_ecpointformatlist; /* peer's list */
508 size_t tlsext_ellipticcurvelist_length;
509 uint16_t *tlsext_ellipticcurvelist; /* peer's list */
510
511 /* RFC4507 info */
512 unsigned char *tlsext_tick; /* Session ticket */
513 size_t tlsext_ticklen; /* Session ticket length */
514 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
515};
516
517#endif
518
519/* Allow initial connection to servers that don't support RI */
520#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
521#define SSL_OP_TLSEXT_PADDING 0x00000010L
522
523/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
524 * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
525 * the workaround is not needed.
526 * Unfortunately some broken SSL/TLS implementations cannot handle it
527 * at all, which is why it was previously included in SSL_OP_ALL.
528 * Now it's not.
529 */
530#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
531
532/* DTLS options */
533#define SSL_OP_NO_QUERY_MTU 0x00001000L
534/* Turn on Cookie Exchange (on relevant for servers) */
535#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
536/* Don't use RFC4507 ticket extension */
537#define SSL_OP_NO_TICKET 0x00004000L
538/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
539#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
540
541/* As server, disallow session resumption on renegotiation */
542#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
543/* Don't use compression even if supported */
544#define SSL_OP_NO_COMPRESSION 0x00020000L
545/* If set, always create a new key when using tmp_ecdh parameters */
546#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
547/* If set, always create a new key when using tmp_dh parameters */
548#define SSL_OP_SINGLE_DH_USE 0x00100000L
549/* Set on servers to choose the cipher according to the server's
550 * preferences */
551#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
552/* If set, a server will allow a client to issue a SSLv3.0 version number
553 * as latest version supported in the premaster secret, even when TLSv1.0
554 * (version 3.1) was announced in the client hello. Normally this is
555 * forbidden to prevent version rollback attacks. */
556#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
557
558#define SSL_OP_NO_SSLv2 0x01000000L
559#define SSL_OP_NO_SSLv3 0x02000000L
560#define SSL_OP_NO_TLSv1 0x04000000L
561#define SSL_OP_NO_TLSv1_2 0x08000000L
562#define SSL_OP_NO_TLSv1_1 0x10000000L
563
564/* Make server add server-hello extension from early version of
565 * cryptopro draft, when GOST ciphersuite is negotiated.
566 * Required for interoperability with CryptoPro CSP 3.x
567 */
568#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
569
570/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
571#define SSL_OP_ALL \
572 (SSL_OP_LEGACY_SERVER_CONNECT | \
573 SSL_OP_TLSEXT_PADDING | \
574 SSL_OP_CRYPTOPRO_TLSEXT_BUG)
575
576/* Obsolete flags kept for compatibility. No sane code should use them. */
577#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0
578#define SSL_OP_EPHEMERAL_RSA 0x0
579#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0
580#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
581#define SSL_OP_NETSCAPE_CA_DN_BUG 0x0
582#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0
583#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0
584#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0
585#define SSL_OP_PKCS1_CHECK_1 0x0
586#define SSL_OP_PKCS1_CHECK_2 0x0
587#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0
588#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
589#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
590#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
591#define SSL_OP_TLS_D5_BUG 0x0
592#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0
593
594/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
595 * when just a single record has been written): */
596#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
597/* Make it possible to retry SSL_write() with changed buffer location
598 * (buffer contents must stay the same!); this is not the default to avoid
599 * the misconception that non-blocking SSL_write() behaves like
600 * non-blocking write(): */
601#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
602/* Never bother the application with retries if the transport
603 * is blocking: */
604#define SSL_MODE_AUTO_RETRY 0x00000004L
605/* Don't attempt to automatically build certificate chain */
606#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
607/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
608 * TLS only.) "Released" buffers are put onto a free-list in the context
609 * or just freed (depending on the context's setting for freelist_max_len). */
610#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
611
612/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
613 * they cannot be used to clear bits. */
614
615#define SSL_CTX_set_options(ctx,op) \
616 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
617#define SSL_CTX_clear_options(ctx,op) \
618 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
619#define SSL_CTX_get_options(ctx) \
620 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
621#define SSL_set_options(ssl,op) \
622 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
623#define SSL_clear_options(ssl,op) \
624 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
625#define SSL_get_options(ssl) \
626 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
627
628#define SSL_CTX_set_mode(ctx,op) \
629 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
630#define SSL_CTX_clear_mode(ctx,op) \
631 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
632#define SSL_CTX_get_mode(ctx) \
633 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
634#define SSL_clear_mode(ssl,op) \
635 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
636#define SSL_set_mode(ssl,op) \
637 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
638#define SSL_get_mode(ssl) \
639 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
640#define SSL_set_mtu(ssl, mtu) \
641 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
642
643#define SSL_get_secure_renegotiation_support(ssl) \
644 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
645
646void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
647 int version, int content_type, const void *buf, size_t len, SSL *ssl,
648 void *arg));
649void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
650 int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
651#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
652#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
653
654struct ssl_aead_ctx_st;
655typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
656
657#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
658
659#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
660
661/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
662 * them. It is used to override the generation of SSL/TLS session IDs in a
663 * server. Return value should be zero on an error, non-zero to proceed. Also,
664 * callbacks should themselves check if the id they generate is unique otherwise
665 * the SSL handshake will fail with an error - callbacks can do this using the
666 * 'ssl' value they're passed by;
667 * SSL_has_matching_session_id(ssl, id, *id_len)
668 * The length value passed in is set at the maximum size the session ID can be.
669 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
670 * can alter this length to be less if desired, but under SSLv2 session IDs are
671 * supposed to be fixed at 16 bytes so the id will be padded after the callback
672 * returns in this case. It is also an error for the callback to set the size to
673 * zero. */
674typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
675 unsigned int *id_len);
676
677typedef struct ssl_comp_st SSL_COMP;
678
679#ifndef OPENSSL_NO_SSL_INTERN
680
681struct ssl_comp_st {
682 int id;
683 const char *name;
684};
685
686DECLARE_STACK_OF(SSL_COMP)
687DECLARE_LHASH_OF(SSL_SESSION);
688
689struct ssl_ctx_st {
690 const SSL_METHOD *method;
691
692 STACK_OF(SSL_CIPHER) *cipher_list;
693 /* same as above but sorted for lookup */
694 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
695
696 struct x509_store_st /* X509_STORE */ *cert_store;
697 LHASH_OF(SSL_SESSION) *sessions;
698 /* Most session-ids that will be cached, default is
699 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
700 unsigned long session_cache_size;
701 struct ssl_session_st *session_cache_head;
702 struct ssl_session_st *session_cache_tail;
703
704 /* This can have one of 2 values, ored together,
705 * SSL_SESS_CACHE_CLIENT,
706 * SSL_SESS_CACHE_SERVER,
707 * Default is SSL_SESSION_CACHE_SERVER, which means only
708 * SSL_accept which cache SSL_SESSIONS. */
709 int session_cache_mode;
710
711 /* If timeout is not 0, it is the default timeout value set
712 * when SSL_new() is called. This has been put in to make
713 * life easier to set things up */
714 long session_timeout;
715
716 /* If this callback is not null, it will be called each
717 * time a session id is added to the cache. If this function
718 * returns 1, it means that the callback will do a
719 * SSL_SESSION_free() when it has finished using it. Otherwise,
720 * on 0, it means the callback has finished with it.
721 * If remove_session_cb is not null, it will be called when
722 * a session-id is removed from the cache. After the call,
723 * OpenSSL will SSL_SESSION_free() it. */
724 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
725 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
726 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
727 unsigned char *data, int len, int *copy);
728
729 struct {
730 int sess_connect; /* SSL new conn - started */
731 int sess_connect_renegotiate;/* SSL reneg - requested */
732 int sess_connect_good; /* SSL new conne/reneg - finished */
733 int sess_accept; /* SSL new accept - started */
734 int sess_accept_renegotiate;/* SSL reneg - requested */
735 int sess_accept_good; /* SSL accept/reneg - finished */
736 int sess_miss; /* session lookup misses */
737 int sess_timeout; /* reuse attempt on timeouted session */
738 int sess_cache_full; /* session removed due to full cache */
739 int sess_hit; /* session reuse actually done */
740 int sess_cb_hit; /* session-id that was not
741 * in the cache was
742 * passed back via the callback. This
743 * indicates that the application is
744 * supplying session-id's from other
745 * processes - spooky :-) */
746 } stats;
747
748 int references;
749
750 /* if defined, these override the X509_verify_cert() calls */
751 int (*app_verify_callback)(X509_STORE_CTX *, void *);
752 void *app_verify_arg;
753
754 /* Default password callback. */
755 pem_password_cb *default_passwd_callback;
756
757 /* Default password callback user data. */
758 void *default_passwd_callback_userdata;
759
760 /* get client cert callback */
761 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
762
763 /* cookie generate callback */
764 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
765 unsigned int *cookie_len);
766
767 /* verify cookie callback */
768 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
769 unsigned int cookie_len);
770
771 CRYPTO_EX_DATA ex_data;
772
773 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
774 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */
775
776 STACK_OF(X509) *extra_certs;
777
778 /* Default values used when no per-SSL value is defined follow */
779
780 void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
781
782 /* what we put in client cert requests */
783 STACK_OF(X509_NAME) *client_CA;
784
785
786 /* Default values to use in SSL structures follow (these are copied by SSL_new) */
787
788 unsigned long options;
789 unsigned long mode;
790 long max_cert_list;
791
792 struct cert_st /* CERT */ *cert;
793 int read_ahead;
794
795 /* callback that allows applications to peek at protocol messages */
796 void (*msg_callback)(int write_p, int version, int content_type,
797 const void *buf, size_t len, SSL *ssl, void *arg);
798 void *msg_callback_arg;
799
800 int verify_mode;
801 unsigned int sid_ctx_length;
802 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
803 int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
804
805 /* Default generate session ID callback. */
806 GEN_SESSION_CB generate_session_id;
807
808 X509_VERIFY_PARAM *param;
809
810 int quiet_shutdown;
811
812 /* Maximum amount of data to send in one fragment.
813 * actual record size can be more than this due to
814 * padding and MAC overheads.
815 */
816 unsigned int max_send_fragment;
817
818#ifndef OPENSSL_NO_ENGINE
819 /* Engine to pass requests for client certs to
820 */
821 ENGINE *client_cert_engine;
822#endif
823
824 /* TLS extensions servername callback */
825 int (*tlsext_servername_callback)(SSL*, int *, void *);
826 void *tlsext_servername_arg;
827 /* RFC 4507 session ticket keys */
828 unsigned char tlsext_tick_key_name[16];
829 unsigned char tlsext_tick_hmac_key[16];
830 unsigned char tlsext_tick_aes_key[16];
831 /* Callback to support customisation of ticket key setting */
832 int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
833 unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
834
835 /* certificate status request info */
836 /* Callback for status request */
837 int (*tlsext_status_cb)(SSL *ssl, void *arg);
838 void *tlsext_status_arg;
839
840
841
842
843 /* Next protocol negotiation information */
844 /* (for experimental NPN extension). */
845
846 /* For a server, this contains a callback function by which the set of
847 * advertised protocols can be provided. */
848 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
849 unsigned int *len, void *arg);
850 void *next_protos_advertised_cb_arg;
851 /* For a client, this contains a callback function that selects the
852 * next protocol from the list provided by the server. */
853 int (*next_proto_select_cb)(SSL *s, unsigned char **out,
854 unsigned char *outlen, const unsigned char *in,
855 unsigned int inlen, void *arg);
856 void *next_proto_select_cb_arg;
857
858 /*
859 * ALPN information
860 * (we are in the process of transitioning from NPN to ALPN).
861 */
862
863 /*
864 * Server callback function that allows the server to select the
865 * protocol for the connection.
866 * out: on successful return, this must point to the raw protocol
867 * name (without the length prefix).
868 * outlen: on successful return, this contains the length of out.
869 * in: points to the client's list of supported protocols in
870 * wire-format.
871 * inlen: the length of in.
872 */
873 int (*alpn_select_cb)(SSL *s, const unsigned char **out,
874 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
875 void *arg);
876 void *alpn_select_cb_arg;
877
878 /* Client list of supported protocols in wire format. */
879 unsigned char *alpn_client_proto_list;
880 unsigned int alpn_client_proto_list_len;
881
882 /* SRTP profiles we are willing to do from RFC 5764 */
883 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
884};
885
886#endif
887
888#define SSL_SESS_CACHE_OFF 0x0000
889#define SSL_SESS_CACHE_CLIENT 0x0001
890#define SSL_SESS_CACHE_SERVER 0x0002
891#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
892#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
893/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
894#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
895#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
896#define SSL_SESS_CACHE_NO_INTERNAL \
897 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
898
899LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
900#define SSL_CTX_sess_number(ctx) \
901 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
902#define SSL_CTX_sess_connect(ctx) \
903 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
904#define SSL_CTX_sess_connect_good(ctx) \
905 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
906#define SSL_CTX_sess_connect_renegotiate(ctx) \
907 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
908#define SSL_CTX_sess_accept(ctx) \
909 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
910#define SSL_CTX_sess_accept_renegotiate(ctx) \
911 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
912#define SSL_CTX_sess_accept_good(ctx) \
913 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
914#define SSL_CTX_sess_hits(ctx) \
915 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
916#define SSL_CTX_sess_cb_hits(ctx) \
917 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
918#define SSL_CTX_sess_misses(ctx) \
919 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
920#define SSL_CTX_sess_timeouts(ctx) \
921 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
922#define SSL_CTX_sess_cache_full(ctx) \
923 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
924
925void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
926 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
927int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
928 SSL_SESSION *sess);
929void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
930 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
931void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
932 SSL_SESSION *sess);
933void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
934 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
935 int len, int *copy));
936SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
937 unsigned char *Data, int len, int *copy);
938void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
939 int type, int val));
940void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
941 int val);
942void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
943 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
944int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
945 EVP_PKEY **pkey);
946#ifndef OPENSSL_NO_ENGINE
947int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
948#endif
949void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
950 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
951 unsigned int *cookie_len));
952void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
953 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
954 unsigned int cookie_len));
955void
956SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
957 const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
958void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
959 unsigned char **out, unsigned char *outlen, const unsigned char *in,
960 unsigned int inlen, void *arg), void *arg);
961
962int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
963 const unsigned char *in, unsigned int inlen, const unsigned char *client,
964 unsigned int client_len);
965void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
966 unsigned *len);
967
968#define OPENSSL_NPN_UNSUPPORTED 0
969#define OPENSSL_NPN_NEGOTIATED 1
970#define OPENSSL_NPN_NO_OVERLAP 2
971
972int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
973 unsigned int protos_len);
974int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
975 unsigned int protos_len);
976void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
977 int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen,
978 const unsigned char *in, unsigned int inlen, void *arg), void *arg);
979void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
980 unsigned int *len);
981
982#define SSL_NOTHING 1
983#define SSL_WRITING 2
984#define SSL_READING 3
985#define SSL_X509_LOOKUP 4
986
987/* These will only be used when doing non-blocking IO */
988#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
989#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
990#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
991#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
992
993#define SSL_MAC_FLAG_READ_MAC_STREAM 1
994#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
995
996#ifndef OPENSSL_NO_SSL_INTERN
997
998struct ssl_st {
999 /* protocol version
1000 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1001 */
1002 int version;
1003 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
1004
1005 const SSL_METHOD *method; /* SSLv3 */
1006
1007 /* There are 2 BIO's even though they are normally both the
1008 * same. This is so data can be read and written to different
1009 * handlers */
1010
1011#ifndef OPENSSL_NO_BIO
1012 BIO *rbio; /* used by SSL_read */
1013 BIO *wbio; /* used by SSL_write */
1014 BIO *bbio; /* used during session-id reuse to concatenate
1015 * messages */
1016#else
1017 char *rbio; /* used by SSL_read */
1018 char *wbio; /* used by SSL_write */
1019 char *bbio;
1020#endif
1021 /* This holds a variable that indicates what we were doing
1022 * when a 0 or -1 is returned. This is needed for
1023 * non-blocking IO so we know what request needs re-doing when
1024 * in SSL_accept or SSL_connect */
1025 int rwstate;
1026
1027 /* true when we are actually in SSL_accept() or SSL_connect() */
1028 int in_handshake;
1029 int (*handshake_func)(SSL *);
1030
1031 /* Imagine that here's a boolean member "init" that is
1032 * switched as soon as SSL_set_{accept/connect}_state
1033 * is called for the first time, so that "state" and
1034 * "handshake_func" are properly initialized. But as
1035 * handshake_func is == 0 until then, we use this
1036 * test instead of an "init" member.
1037 */
1038
1039 int server; /* are we the server side? - mostly used by SSL_clear*/
1040
1041 int new_session;/* Generate a new session or reuse an old one.
1042 * NB: For servers, the 'new' session may actually be a previously
1043 * cached session or even the previous session unless
1044 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1045 int quiet_shutdown;/* don't send shutdown packets */
1046 int shutdown; /* we have shut things down, 0x01 sent, 0x02
1047 * for received */
1048 int state; /* where we are */
1049 int rstate; /* where we are when reading */
1050
1051 BUF_MEM *init_buf; /* buffer used during init */
1052 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
1053 int init_num; /* amount read/written */
1054 int init_off; /* amount read/written */
1055
1056 /* used internally to point at a raw packet */
1057 unsigned char *packet;
1058 unsigned int packet_length;
1059
1060 struct ssl3_state_st *s3; /* SSLv3 variables */
1061 struct dtls1_state_st *d1; /* DTLSv1 variables */
1062
1063 int read_ahead; /* Read as many input bytes as possible
1064 * (for non-blocking reads) */
1065
1066 /* callback that allows applications to peek at protocol messages */
1067 void (*msg_callback)(int write_p, int version, int content_type,
1068 const void *buf, size_t len, SSL *ssl, void *arg);
1069 void *msg_callback_arg;
1070
1071 int hit; /* reusing a previous session */
1072
1073 X509_VERIFY_PARAM *param;
1074
1075 /* crypto */
1076 STACK_OF(SSL_CIPHER) *cipher_list;
1077 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1078
1079 /* These are the ones being used, the ones in SSL_SESSION are
1080 * the ones to be 'copied' into these ones */
1081 int mac_flags;
1082
1083 SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then
1084 enc_read_ctx and read_hash are
1085 ignored. */
1086
1087 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1088 EVP_MD_CTX *read_hash; /* used for mac generation */
1089
1090 SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then
1091 enc_write_ctx and write_hash are
1092 ignored. */
1093
1094 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1095 EVP_MD_CTX *write_hash; /* used for mac generation */
1096
1097 /* session info */
1098
1099 /* client cert? */
1100 /* This is used to hold the server certificate used */
1101 struct cert_st /* CERT */ *cert;
1102
1103 /* the session_id_context is used to ensure sessions are only reused
1104 * in the appropriate context */
1105 unsigned int sid_ctx_length;
1106 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
1107
1108 /* This can also be in the session once a session is established */
1109 SSL_SESSION *session;
1110
1111 /* Default generate session ID callback. */
1112 GEN_SESSION_CB generate_session_id;
1113
1114 /* Used in SSL2 and SSL3 */
1115 int verify_mode; /* 0 don't care about verify failure.
1116 * 1 fail if verify fails */
1117 int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
1118
1119 void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
1120
1121 int error; /* error bytes to be written */
1122 int error_code; /* actual code */
1123
1124
1125
1126 SSL_CTX *ctx;
1127 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
1128 * and SSL_write() calls, good for nbio debuging :-) */
1129 int debug;
1130
1131
1132 /* extra application data */
1133 long verify_result;
1134 CRYPTO_EX_DATA ex_data;
1135
1136 /* for server side, keep the list of CA_dn we can use */
1137 STACK_OF(X509_NAME) *client_CA;
1138
1139 int references;
1140 unsigned long options; /* protocol behaviour */
1141 unsigned long mode; /* API behaviour */
1142 long max_cert_list;
1143 int first_packet;
1144 int client_version; /* what was passed, used for
1145 * SSLv3/TLS rollback check */
1146 unsigned int max_send_fragment;
1147 /* TLS extension debug callback */
1148 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1149 unsigned char *data, int len, void *arg);
1150 void *tlsext_debug_arg;
1151 char *tlsext_hostname;
1152 int servername_done; /* no further mod of servername
1153 0 : call the servername extension callback.
1154 1 : prepare 2, allow last ack just after in server callback.
1155 2 : don't call servername callback, no ack in server hello
1156 */
1157 /* certificate status request info */
1158 /* Status type or -1 if no status type */
1159 int tlsext_status_type;
1160 /* Expect OCSP CertificateStatus message */
1161 int tlsext_status_expected;
1162 /* OCSP status request only */
1163 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
1164 X509_EXTENSIONS *tlsext_ocsp_exts;
1165 /* OCSP response received or to be sent */
1166 unsigned char *tlsext_ocsp_resp;
1167 int tlsext_ocsp_resplen;
1168
1169 /* RFC4507 session ticket expected to be received or sent */
1170 int tlsext_ticket_expected;
1171 size_t tlsext_ecpointformatlist_length;
1172 uint8_t *tlsext_ecpointformatlist; /* our list */
1173 size_t tlsext_ellipticcurvelist_length;
1174 uint16_t *tlsext_ellipticcurvelist; /* our list */
1175
1176 /* TLS Session Ticket extension override */
1177 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1178
1179 /* TLS Session Ticket extension callback */
1180 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
1181 void *tls_session_ticket_ext_cb_arg;
1182
1183 /* TLS pre-shared secret session resumption */
1184 tls_session_secret_cb_fn tls_session_secret_cb;
1185 void *tls_session_secret_cb_arg;
1186
1187 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1188
1189 /* Next protocol negotiation. For the client, this is the protocol that
1190 * we sent in NextProtocol and is set when handling ServerHello
1191 * extensions.
1192 *
1193 * For a server, this is the client's selected_protocol from
1194 * NextProtocol and is set when handling the NextProtocol message,
1195 * before the Finished message. */
1196 unsigned char *next_proto_negotiated;
1197 unsigned char next_proto_negotiated_len;
1198
1199#define session_ctx initial_ctx
1200
1201 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
1202 SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
1203
1204 unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated?
1205 0: disabled
1206 1: enabled
1207 2: enabled, but not allowed to send Requests
1208 */
1209 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1210 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1211
1212 /* Client list of supported protocols in wire format. */
1213 unsigned char *alpn_client_proto_list;
1214 unsigned int alpn_client_proto_list_len;
1215
1216 int renegotiate;/* 1 if we are renegotiating.
1217 * 2 if we are a server and are inside a handshake
1218 * (i.e. not just sending a HelloRequest) */
1219
1220};
1221
1222#endif
1223
1224#ifdef __cplusplus
1225}
1226#endif
1227
1228#include <openssl/ssl2.h>
1229#include <openssl/ssl3.h>
1230#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1231#include <openssl/dtls1.h> /* Datagram TLS */
1232#include <openssl/ssl23.h>
1233#include <openssl/srtp.h> /* Support for the use_srtp extension */
1234
1235#ifdef __cplusplus
1236extern "C" {
1237#endif
1238
1239/* compatibility */
1240#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
1241#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
1242#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
1243#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
1244#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
1245#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1246
1247/* The following are the possible values for ssl->state are are
1248 * used to indicate where we are up to in the SSL connection establishment.
1249 * The macros that follow are about the only things you should need to use
1250 * and even then, only when using non-blocking IO.
1251 * It can also be useful to work out where you were when the connection
1252 * failed */
1253
1254#define SSL_ST_CONNECT 0x1000
1255#define SSL_ST_ACCEPT 0x2000
1256#define SSL_ST_MASK 0x0FFF
1257#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
1258#define SSL_ST_BEFORE 0x4000
1259#define SSL_ST_OK 0x03
1260#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
1261
1262#define SSL_CB_LOOP 0x01
1263#define SSL_CB_EXIT 0x02
1264#define SSL_CB_READ 0x04
1265#define SSL_CB_WRITE 0x08
1266#define SSL_CB_ALERT 0x4000 /* used in callback */
1267#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
1268#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
1269#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
1270#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
1271#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
1272#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
1273#define SSL_CB_HANDSHAKE_START 0x10
1274#define SSL_CB_HANDSHAKE_DONE 0x20
1275
1276/* Is the SSL_connection established? */
1277#define SSL_get_state(a) SSL_state(a)
1278#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
1279#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
1280#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
1281#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
1282#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
1283
1284/* The following 2 states are kept in ssl->rstate when reads fail,
1285 * you should not need these */
1286#define SSL_ST_READ_HEADER 0xF0
1287#define SSL_ST_READ_BODY 0xF1
1288#define SSL_ST_READ_DONE 0xF2
1289
1290/* Obtain latest Finished message
1291 * -- that we sent (SSL_get_finished)
1292 * -- that we expected from peer (SSL_get_peer_finished).
1293 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
1294size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
1295size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1296
1297/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
1298 * are 'ored' with SSL_VERIFY_PEER if they are desired */
1299#define SSL_VERIFY_NONE 0x00
1300#define SSL_VERIFY_PEER 0x01
1301#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
1302#define SSL_VERIFY_CLIENT_ONCE 0x04
1303
1304#define OpenSSL_add_ssl_algorithms() SSL_library_init()
1305#define SSLeay_add_ssl_algorithms() SSL_library_init()
1306
1307/* More backward compatibility */
1308#define SSL_get_cipher(s) \
1309 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1310#define SSL_get_cipher_bits(s,np) \
1311 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
1312#define SSL_get_cipher_version(s) \
1313 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
1314#define SSL_get_cipher_name(s) \
1315 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1316#define SSL_get_time(a) SSL_SESSION_get_time(a)
1317#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
1318#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1319#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1320
1321#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1322#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1323
1324DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1325
1326#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
1327
1328/* These alert types are for SSLv3 and TLSv1 */
1329#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1330#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
1331#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
1332#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
1333#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
1334#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
1335#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
1336#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
1337#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
1338#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
1339#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
1340#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
1341#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
1342#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
1343#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
1344#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
1345#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
1346#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
1347#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
1348#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
1349#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
1350#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
1351#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
1352#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
1353#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
1354#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
1355#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1356#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1357#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1358#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1359#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1360
1361#define SSL_ERROR_NONE 0
1362#define SSL_ERROR_SSL 1
1363#define SSL_ERROR_WANT_READ 2
1364#define SSL_ERROR_WANT_WRITE 3
1365#define SSL_ERROR_WANT_X509_LOOKUP 4
1366#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
1367#define SSL_ERROR_ZERO_RETURN 6
1368#define SSL_ERROR_WANT_CONNECT 7
1369#define SSL_ERROR_WANT_ACCEPT 8
1370
1371#define SSL_CTRL_NEED_TMP_RSA 1
1372#define SSL_CTRL_SET_TMP_RSA 2
1373#define SSL_CTRL_SET_TMP_DH 3
1374#define SSL_CTRL_SET_TMP_ECDH 4
1375#define SSL_CTRL_SET_TMP_RSA_CB 5
1376#define SSL_CTRL_SET_TMP_DH_CB 6
1377#define SSL_CTRL_SET_TMP_ECDH_CB 7
1378
1379#define SSL_CTRL_GET_SESSION_REUSED 8
1380#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
1381#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
1382#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
1383#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
1384#define SSL_CTRL_GET_FLAGS 13
1385#define SSL_CTRL_EXTRA_CHAIN_CERT 14
1386
1387#define SSL_CTRL_SET_MSG_CALLBACK 15
1388#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
1389
1390/* only applies to datagram connections */
1391#define SSL_CTRL_SET_MTU 17
1392/* Stats */
1393#define SSL_CTRL_SESS_NUMBER 20
1394#define SSL_CTRL_SESS_CONNECT 21
1395#define SSL_CTRL_SESS_CONNECT_GOOD 22
1396#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
1397#define SSL_CTRL_SESS_ACCEPT 24
1398#define SSL_CTRL_SESS_ACCEPT_GOOD 25
1399#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
1400#define SSL_CTRL_SESS_HIT 27
1401#define SSL_CTRL_SESS_CB_HIT 28
1402#define SSL_CTRL_SESS_MISSES 29
1403#define SSL_CTRL_SESS_TIMEOUTS 30
1404#define SSL_CTRL_SESS_CACHE_FULL 31
1405#define SSL_CTRL_OPTIONS 32
1406#define SSL_CTRL_MODE 33
1407
1408#define SSL_CTRL_GET_READ_AHEAD 40
1409#define SSL_CTRL_SET_READ_AHEAD 41
1410#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
1411#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
1412#define SSL_CTRL_SET_SESS_CACHE_MODE 44
1413#define SSL_CTRL_GET_SESS_CACHE_MODE 45
1414
1415#define SSL_CTRL_GET_MAX_CERT_LIST 50
1416#define SSL_CTRL_SET_MAX_CERT_LIST 51
1417
1418#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1419
1420/* see tls1.h for macros based on these */
1421#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
1422#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
1423#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
1424#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
1425#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1426#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1427#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1428#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1429#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1430#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
1431#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
1432#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
1433#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
1434#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
1435#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
1436#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
1437
1438#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1439
1440#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
1441#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
1442#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
1443
1444#define SSL_CTRL_SET_SRP_ARG 78
1445#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
1446#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
1447#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
1448
1449#define DTLS_CTRL_GET_TIMEOUT 73
1450#define DTLS_CTRL_HANDLE_TIMEOUT 74
1451#define DTLS_CTRL_LISTEN 75
1452
1453#define SSL_CTRL_GET_RI_SUPPORT 76
1454#define SSL_CTRL_CLEAR_OPTIONS 77
1455#define SSL_CTRL_CLEAR_MODE 78
1456
1457#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
1458#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
1459
1460#define SSL_CTRL_SET_ECDH_AUTO 94
1461
1462#define SSL_CTRL_SET_DH_AUTO 118
1463
1464#define DTLSv1_get_timeout(ssl, arg) \
1465 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1466#define DTLSv1_handle_timeout(ssl) \
1467 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1468#define DTLSv1_listen(ssl, peer) \
1469 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
1470
1471#define SSL_session_reused(ssl) \
1472 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1473#define SSL_num_renegotiations(ssl) \
1474 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
1475#define SSL_clear_num_renegotiations(ssl) \
1476 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
1477#define SSL_total_renegotiations(ssl) \
1478 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1479
1480#define SSL_CTX_need_tmp_RSA(ctx) \
1481 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1482#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
1483 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1484#define SSL_CTX_set_tmp_dh(ctx,dh) \
1485 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1486#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
1487 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1488#define SSL_CTX_set_dh_auto(ctx, onoff) \
1489 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
1490#define SSL_CTX_set_ecdh_auto(ctx, onoff) \
1491 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
1492
1493#define SSL_need_tmp_RSA(ssl) \
1494 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
1495#define SSL_set_tmp_rsa(ssl,rsa) \
1496 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
1497#define SSL_set_tmp_dh(ssl,dh) \
1498 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
1499#define SSL_set_tmp_ecdh(ssl,ecdh) \
1500 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1501#define SSL_set_dh_auto(s, onoff) \
1502 SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
1503#define SSL_set_ecdh_auto(s, onoff) \
1504 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
1505
1506#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
1507 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
1508#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
1509 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
1510#define SSL_CTX_clear_extra_chain_certs(ctx) \
1511 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
1512
1513#ifndef OPENSSL_NO_BIO
1514BIO_METHOD *BIO_f_ssl(void);
1515BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
1516BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
1517BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1518int BIO_ssl_copy_session_id(BIO *to, BIO *from);
1519void BIO_ssl_shutdown(BIO *ssl_bio);
1520#endif
1521
1522int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
1523SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1524void SSL_CTX_free(SSL_CTX *);
1525long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
1526long SSL_CTX_get_timeout(const SSL_CTX *ctx);
1527X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1528void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
1529int SSL_want(const SSL *s);
1530int SSL_clear(SSL *s);
1531
1532void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
1533
1534const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1535const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id);
1536const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value);
1537int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
1538char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1539const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1540unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
1541uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
1542
1543int SSL_get_fd(const SSL *s);
1544int SSL_get_rfd(const SSL *s);
1545int SSL_get_wfd(const SSL *s);
1546const char * SSL_get_cipher_list(const SSL *s, int n);
1547char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
1548int SSL_get_read_ahead(const SSL * s);
1549int SSL_pending(const SSL *s);
1550int SSL_set_fd(SSL *s, int fd);
1551int SSL_set_rfd(SSL *s, int fd);
1552int SSL_set_wfd(SSL *s, int fd);
1553#ifndef OPENSSL_NO_BIO
1554void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
1555BIO * SSL_get_rbio(const SSL *s);
1556BIO * SSL_get_wbio(const SSL *s);
1557#endif
1558int SSL_set_cipher_list(SSL *s, const char *str);
1559void SSL_set_read_ahead(SSL *s, int yes);
1560int SSL_get_verify_mode(const SSL *s);
1561int SSL_get_verify_depth(const SSL *s);
1562int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
1563void SSL_set_verify(SSL *s, int mode,
1564 int (*callback)(int ok, X509_STORE_CTX *ctx));
1565void SSL_set_verify_depth(SSL *s, int depth);
1566int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1567int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
1568int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1569int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
1570int SSL_use_certificate(SSL *ssl, X509 *x);
1571int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1572
1573int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
1574int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
1575int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
1576int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1577int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
1578int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1579int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
1580int SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len);
1581STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
1582int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1583 const char *file);
1584int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1585 const char *dir);
1586
1587void SSL_load_error_strings(void );
1588const char *SSL_state_string(const SSL *s);
1589const char *SSL_rstate_string(const SSL *s);
1590const char *SSL_state_string_long(const SSL *s);
1591const char *SSL_rstate_string_long(const SSL *s);
1592long SSL_SESSION_get_time(const SSL_SESSION *s);
1593long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1594long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1595long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1596void SSL_copy_session_id(SSL *to, const SSL *from);
1597X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
1598int
1599SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1600unsigned int sid_ctx_len);
1601
1602SSL_SESSION *SSL_SESSION_new(void);
1603const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1604 unsigned int *len);
1605unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1606int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
1607#ifndef OPENSSL_NO_BIO
1608int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
1609#endif
1610void SSL_SESSION_free(SSL_SESSION *ses);
1611int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
1612int SSL_set_session(SSL *to, SSL_SESSION *session);
1613int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1614int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
1615int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
1616int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1617int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1618 unsigned int id_len);
1619SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1620 long length);
1621
1622#ifdef HEADER_X509_H
1623X509 * SSL_get_peer_certificate(const SSL *s);
1624#endif
1625
1626STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1627
1628int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
1629int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
1630int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
1631void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
1632 int (*callback)(int, X509_STORE_CTX *));
1633void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
1634void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
1635int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1636int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1637int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1638int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
1639int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1640int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1641
1642void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
1643void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1644
1645int SSL_CTX_check_private_key(const SSL_CTX *ctx);
1646int SSL_check_private_key(const SSL *ctx);
1647
1648int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
1649
1650SSL *SSL_new(SSL_CTX *ctx);
1651int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
1652
1653int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1654int SSL_set_purpose(SSL *s, int purpose);
1655int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1656int SSL_set_trust(SSL *s, int trust);
1657
1658int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1659int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1660
1661
1662void SSL_free(SSL *ssl);
1663int SSL_accept(SSL *ssl);
1664int SSL_connect(SSL *ssl);
1665int SSL_read(SSL *ssl, void *buf, int num);
1666int SSL_peek(SSL *ssl, void *buf, int num);
1667int SSL_write(SSL *ssl, const void *buf, int num);
1668long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
1669long SSL_callback_ctrl(SSL *, int, void (*)(void));
1670long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
1671long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1672
1673int SSL_get_error(const SSL *s, int ret_code);
1674const char *SSL_get_version(const SSL *s);
1675
1676/* This sets the 'default' SSL version that SSL_new() will create */
1677int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1678
1679const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1680const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1681const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1682
1683const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */
1684const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */
1685const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */
1686
1687const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1688const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1689const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1690
1691const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
1692const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
1693const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
1694
1695const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
1696const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
1697const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
1698
1699const SSL_METHOD *TLS_method(void); /* TLS v1.0 or later */
1700const SSL_METHOD *TLS_server_method(void); /* TLS v1.0 or later */
1701const SSL_METHOD *TLS_client_method(void); /* TLS v1.0 or later */
1702
1703const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1704const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1705const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1706
1707STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1708
1709int SSL_do_handshake(SSL *s);
1710int SSL_renegotiate(SSL *s);
1711int SSL_renegotiate_abbreviated(SSL *s);
1712int SSL_renegotiate_pending(SSL *s);
1713int SSL_shutdown(SSL *s);
1714
1715const SSL_METHOD *SSL_get_ssl_method(SSL *s);
1716int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
1717const char *SSL_alert_type_string_long(int value);
1718const char *SSL_alert_type_string(int value);
1719const char *SSL_alert_desc_string_long(int value);
1720const char *SSL_alert_desc_string(int value);
1721
1722void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1723void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1724STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
1725STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1726int SSL_add_client_CA(SSL *ssl, X509 *x);
1727int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
1728
1729void SSL_set_connect_state(SSL *s);
1730void SSL_set_accept_state(SSL *s);
1731
1732long SSL_get_default_timeout(const SSL *s);
1733
1734int SSL_library_init(void );
1735
1736char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
1737STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1738
1739SSL *SSL_dup(SSL *ssl);
1740
1741X509 *SSL_get_certificate(const SSL *ssl);
1742/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
1743
1744void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
1745int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1746void SSL_set_quiet_shutdown(SSL *ssl,int mode);
1747int SSL_get_quiet_shutdown(const SSL *ssl);
1748void SSL_set_shutdown(SSL *ssl,int mode);
1749int SSL_get_shutdown(const SSL *ssl);
1750int SSL_version(const SSL *ssl);
1751int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1752int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1753 const char *CApath);
1754int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len);
1755#define SSL_get0_session SSL_get_session /* just peek at pointer */
1756SSL_SESSION *SSL_get_session(const SSL *ssl);
1757SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1758SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1759SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
1760void SSL_set_info_callback(SSL *ssl,
1761 void (*cb)(const SSL *ssl, int type, int val));
1762void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
1763int SSL_state(const SSL *ssl);
1764void SSL_set_state(SSL *ssl, int state);
1765
1766void SSL_set_verify_result(SSL *ssl, long v);
1767long SSL_get_verify_result(const SSL *ssl);
1768
1769int SSL_set_ex_data(SSL *ssl, int idx, void *data);
1770void *SSL_get_ex_data(const SSL *ssl, int idx);
1771int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1772 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1773
1774int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
1775void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
1776int SSL_SESSION_get_ex_new_index(long argl, void *argp,
1777 CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
1778 CRYPTO_EX_free *free_func);
1779
1780int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
1781void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
1782int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1783 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1784
1785int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1786
1787#define SSL_CTX_sess_set_cache_size(ctx,t) \
1788 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
1789#define SSL_CTX_sess_get_cache_size(ctx) \
1790 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
1791#define SSL_CTX_set_session_cache_mode(ctx,m) \
1792 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
1793#define SSL_CTX_get_session_cache_mode(ctx) \
1794 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
1795
1796#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
1797#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
1798#define SSL_CTX_get_read_ahead(ctx) \
1799 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
1800#define SSL_CTX_set_read_ahead(ctx,m) \
1801 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
1802#define SSL_CTX_get_max_cert_list(ctx) \
1803 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1804#define SSL_CTX_set_max_cert_list(ctx,m) \
1805 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1806#define SSL_get_max_cert_list(ssl) \
1807 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
1808#define SSL_set_max_cert_list(ssl,m) \
1809 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1810
1811#define SSL_CTX_set_max_send_fragment(ctx,m) \
1812 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1813#define SSL_set_max_send_fragment(ssl,m) \
1814 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1815
1816/* NB: the keylength is only applicable when is_export is true */
1817void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1818 RSA *(*cb)(SSL *ssl, int is_export, int keylength));
1819
1820void SSL_set_tmp_rsa_callback(SSL *ssl,
1821 RSA *(*cb)(SSL *ssl, int is_export, int keylength));
1822void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1823 DH *(*dh)(SSL *ssl, int is_export, int keylength));
1824void SSL_set_tmp_dh_callback(SSL *ssl,
1825 DH *(*dh)(SSL *ssl, int is_export, int keylength));
1826void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
1827 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
1828void SSL_set_tmp_ecdh_callback(SSL *ssl,
1829 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
1830
1831const void *SSL_get_current_compression(SSL *s);
1832const void *SSL_get_current_expansion(SSL *s);
1833
1834const char *SSL_COMP_get_name(const void *comp);
1835void *SSL_COMP_get_compression_methods(void);
1836int SSL_COMP_add_compression_method(int id, void *cm);
1837
1838/* TLS extensions functions */
1839int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1840
1841int SSL_set_session_ticket_ext_cb(SSL *s,
1842 tls_session_ticket_ext_cb_fn cb, void *arg);
1843
1844/* Pre-shared secret session resumption functions */
1845int SSL_set_session_secret_cb(SSL *s,
1846 tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
1847
1848void SSL_set_debug(SSL *s, int debug);
1849int SSL_cache_hit(SSL *s);
1850
1851/* BEGIN ERROR CODES */
1852/* The following lines are auto generated by the script mkerr.pl. Any changes
1853 * made after this point may be overwritten when the script is next run.
1854 */
1855void ERR_load_SSL_strings(void);
1856
1857/* Error codes for the SSL functions. */
1858
1859/* Function codes. */
1860#define SSL_F_CLIENT_CERTIFICATE 100
1861#define SSL_F_CLIENT_FINISHED 167
1862#define SSL_F_CLIENT_HELLO 101
1863#define SSL_F_CLIENT_MASTER_KEY 102
1864#define SSL_F_D2I_SSL_SESSION 103
1865#define SSL_F_DO_DTLS1_WRITE 245
1866#define SSL_F_DO_SSL3_WRITE 104
1867#define SSL_F_DTLS1_ACCEPT 246
1868#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
1869#define SSL_F_DTLS1_BUFFER_RECORD 247
1870#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316
1871#define SSL_F_DTLS1_CLIENT_HELLO 248
1872#define SSL_F_DTLS1_CONNECT 249
1873#define SSL_F_DTLS1_ENC 250
1874#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
1875#define SSL_F_DTLS1_GET_MESSAGE 252
1876#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1877#define SSL_F_DTLS1_GET_RECORD 254
1878#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
1879#define SSL_F_DTLS1_HEARTBEAT 305
1880#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1881#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
1882#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
1883#define SSL_F_DTLS1_PROCESS_RECORD 257
1884#define SSL_F_DTLS1_READ_BYTES 258
1885#define SSL_F_DTLS1_READ_FAILED 259
1886#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
1887#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
1888#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
1889#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
1890#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
1891#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
1892#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
1893#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
1894#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
1895#define SSL_F_GET_CLIENT_FINISHED 105
1896#define SSL_F_GET_CLIENT_HELLO 106
1897#define SSL_F_GET_CLIENT_MASTER_KEY 107
1898#define SSL_F_GET_SERVER_FINISHED 108
1899#define SSL_F_GET_SERVER_HELLO 109
1900#define SSL_F_GET_SERVER_VERIFY 110
1901#define SSL_F_I2D_SSL_SESSION 111
1902#define SSL_F_READ_N 112
1903#define SSL_F_REQUEST_CERTIFICATE 113
1904#define SSL_F_SERVER_FINISH 239
1905#define SSL_F_SERVER_HELLO 114
1906#define SSL_F_SERVER_VERIFY 240
1907#define SSL_F_SSL23_ACCEPT 115
1908#define SSL_F_SSL23_CLIENT_HELLO 116
1909#define SSL_F_SSL23_CONNECT 117
1910#define SSL_F_SSL23_GET_CLIENT_HELLO 118
1911#define SSL_F_SSL23_GET_SERVER_HELLO 119
1912#define SSL_F_SSL23_PEEK 237
1913#define SSL_F_SSL23_READ 120
1914#define SSL_F_SSL23_WRITE 121
1915#define SSL_F_SSL2_ACCEPT 122
1916#define SSL_F_SSL2_CONNECT 123
1917#define SSL_F_SSL2_ENC_INIT 124
1918#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
1919#define SSL_F_SSL2_PEEK 234
1920#define SSL_F_SSL2_READ 125
1921#define SSL_F_SSL2_READ_INTERNAL 236
1922#define SSL_F_SSL2_SET_CERTIFICATE 126
1923#define SSL_F_SSL2_WRITE 127
1924#define SSL_F_SSL3_ACCEPT 128
1925#define SSL_F_SSL3_ADD_CERT_TO_BUF 296
1926#define SSL_F_SSL3_CALLBACK_CTRL 233
1927#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1928#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
1929#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304
1930#define SSL_F_SSL3_CLIENT_HELLO 131
1931#define SSL_F_SSL3_CONNECT 132
1932#define SSL_F_SSL3_CTRL 213
1933#define SSL_F_SSL3_CTX_CTRL 133
1934#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
1935#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
1936#define SSL_F_SSL3_ENC 134
1937#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1938#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1939#define SSL_F_SSL3_GET_CERT_STATUS 289
1940#define SSL_F_SSL3_GET_CERT_VERIFY 136
1941#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1942#define SSL_F_SSL3_GET_CLIENT_HELLO 138
1943#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
1944#define SSL_F_SSL3_GET_FINISHED 140
1945#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
1946#define SSL_F_SSL3_GET_MESSAGE 142
1947#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
1948#define SSL_F_SSL3_GET_NEXT_PROTO 306
1949#define SSL_F_SSL3_GET_RECORD 143
1950#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1951#define SSL_F_SSL3_GET_SERVER_DONE 145
1952#define SSL_F_SSL3_GET_SERVER_HELLO 146
1953#define SSL_F_SSL3_HANDSHAKE_MAC 285
1954#define SSL_F_SSL3_NEW_SESSION_TICKET 287
1955#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1956#define SSL_F_SSL3_PEEK 235
1957#define SSL_F_SSL3_READ_BYTES 148
1958#define SSL_F_SSL3_READ_N 149
1959#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
1960#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
1961#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
1962#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
1963#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1964#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1965#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1966#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1967#define SSL_F_SSL3_SETUP_READ_BUFFER 156
1968#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
1969#define SSL_F_SSL3_WRITE_BYTES 158
1970#define SSL_F_SSL3_WRITE_PENDING 159
1971#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
1972#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
1973#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307
1974#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1975#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1976#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
1977#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
1978#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308
1979#define SSL_F_SSL_BAD_METHOD 160
1980#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1981#define SSL_F_SSL_CERT_DUP 221
1982#define SSL_F_SSL_CERT_INST 222
1983#define SSL_F_SSL_CERT_INSTANTIATE 214
1984#define SSL_F_SSL_CERT_NEW 162
1985#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1986#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
1987#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
1988#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1989#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1990#define SSL_F_SSL_CLEAR 164
1991#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1992#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1993#define SSL_F_SSL_CTRL 232
1994#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1995#define SSL_F_SSL_CTX_MAKE_PROFILES 309
1996#define SSL_F_SSL_CTX_NEW 169
1997#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1998#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
1999#define SSL_F_SSL_CTX_SET_PURPOSE 226
2000#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
2001#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
2002#define SSL_F_SSL_CTX_SET_TRUST 229
2003#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
2004#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
2005#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
2006#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
2007#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
2008#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
2009#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
2010#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
2011#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
2012#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
2013#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
2014#define SSL_F_SSL_DO_HANDSHAKE 180
2015#define SSL_F_SSL_GET_NEW_SESSION 181
2016#define SSL_F_SSL_GET_PREV_SESSION 217
2017#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
2018#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
2019#define SSL_F_SSL_GET_SIGN_PKEY 183
2020#define SSL_F_SSL_INIT_WBIO_BUFFER 184
2021#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
2022#define SSL_F_SSL_NEW 186
2023#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
2024#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
2025#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310
2026#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
2027#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
2028#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311
2029#define SSL_F_SSL_PEEK 270
2030#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
2031#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
2032#define SSL_F_SSL_READ 223
2033#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
2034#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
2035#define SSL_F_SSL_SESSION_NEW 189
2036#define SSL_F_SSL_SESSION_PRINT_FP 190
2037#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
2038#define SSL_F_SSL_SESS_CERT_NEW 225
2039#define SSL_F_SSL_SET_CERT 191
2040#define SSL_F_SSL_SET_CIPHER_LIST 271
2041#define SSL_F_SSL_SET_FD 192
2042#define SSL_F_SSL_SET_PKEY 193
2043#define SSL_F_SSL_SET_PURPOSE 227
2044#define SSL_F_SSL_SET_RFD 194
2045#define SSL_F_SSL_SET_SESSION 195
2046#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
2047#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
2048#define SSL_F_SSL_SET_TRUST 228
2049#define SSL_F_SSL_SET_WFD 196
2050#define SSL_F_SSL_SHUTDOWN 224
2051#define SSL_F_SSL_SRP_CTX_INIT 313
2052#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
2053#define SSL_F_SSL_UNDEFINED_FUNCTION 197
2054#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
2055#define SSL_F_SSL_USE_CERTIFICATE 198
2056#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
2057#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
2058#define SSL_F_SSL_USE_PRIVATEKEY 201
2059#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
2060#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
2061#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
2062#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
2063#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
2064#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
2065#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
2066#define SSL_F_SSL_WRITE 208
2067#define SSL_F_TLS1_AEAD_CTX_INIT 339
2068#define SSL_F_TLS1_CERT_VERIFY_MAC 286
2069#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2070#define SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD 340
2071#define SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER 338
2072#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
2073#define SSL_F_TLS1_ENC 210
2074#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314
2075#define SSL_F_TLS1_HEARTBEAT 315
2076#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2077#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2078#define SSL_F_TLS1_PRF 284
2079#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
2080#define SSL_F_WRITE_PENDING 212
2081
2082/* Reason codes. */
2083#define SSL_R_APP_DATA_IN_HANDSHAKE 100
2084#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2085#define SSL_R_BAD_ALERT_RECORD 101
2086#define SSL_R_BAD_AUTHENTICATION_TYPE 102
2087#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
2088#define SSL_R_BAD_CHECKSUM 104
2089#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
2090#define SSL_R_BAD_DECOMPRESSION 107
2091#define SSL_R_BAD_DH_G_LENGTH 108
2092#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
2093#define SSL_R_BAD_DH_P_LENGTH 110
2094#define SSL_R_BAD_DIGEST_LENGTH 111
2095#define SSL_R_BAD_DSA_SIGNATURE 112
2096#define SSL_R_BAD_ECC_CERT 304
2097#define SSL_R_BAD_ECDSA_SIGNATURE 305
2098#define SSL_R_BAD_ECPOINT 306
2099#define SSL_R_BAD_HANDSHAKE_LENGTH 332
2100#define SSL_R_BAD_HELLO_REQUEST 105
2101#define SSL_R_BAD_LENGTH 271
2102#define SSL_R_BAD_MAC_DECODE 113
2103#define SSL_R_BAD_MAC_LENGTH 333
2104#define SSL_R_BAD_MESSAGE_TYPE 114
2105#define SSL_R_BAD_PACKET_LENGTH 115
2106#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
2107#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
2108#define SSL_R_BAD_RESPONSE_ARGUMENT 117
2109#define SSL_R_BAD_RSA_DECRYPT 118
2110#define SSL_R_BAD_RSA_ENCRYPT 119
2111#define SSL_R_BAD_RSA_E_LENGTH 120
2112#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
2113#define SSL_R_BAD_RSA_SIGNATURE 122
2114#define SSL_R_BAD_SIGNATURE 123
2115#define SSL_R_BAD_SRP_A_LENGTH 347
2116#define SSL_R_BAD_SRP_B_LENGTH 348
2117#define SSL_R_BAD_SRP_G_LENGTH 349
2118#define SSL_R_BAD_SRP_N_LENGTH 350
2119#define SSL_R_BAD_SRP_S_LENGTH 351
2120#define SSL_R_BAD_SRTP_MKI_VALUE 352
2121#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
2122#define SSL_R_BAD_SSL_FILETYPE 124
2123#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
2124#define SSL_R_BAD_STATE 126
2125#define SSL_R_BAD_WRITE_RETRY 127
2126#define SSL_R_BIO_NOT_SET 128
2127#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
2128#define SSL_R_BN_LIB 130
2129#define SSL_R_CA_DN_LENGTH_MISMATCH 131
2130#define SSL_R_CA_DN_TOO_LONG 132
2131#define SSL_R_CCS_RECEIVED_EARLY 133
2132#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
2133#define SSL_R_CERT_LENGTH_MISMATCH 135
2134#define SSL_R_CHALLENGE_IS_DIFFERENT 136
2135#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
2136#define SSL_R_CIPHER_COMPRESSION_UNAVAILABLE 371
2137#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
2138#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
2139#define SSL_R_CLIENTHELLO_TLSEXT 226
2140#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
2141#define SSL_R_COMPRESSION_DISABLED 343
2142#define SSL_R_COMPRESSION_FAILURE 141
2143#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
2144#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
2145#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
2146#define SSL_R_CONNECTION_TYPE_NOT_SET 144
2147#define SSL_R_COOKIE_MISMATCH 308
2148#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
2149#define SSL_R_DATA_LENGTH_TOO_LONG 146
2150#define SSL_R_DECRYPTION_FAILED 147
2151#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
2152#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
2153#define SSL_R_DIGEST_CHECK_FAILED 149
2154#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
2155#define SSL_R_DUPLICATE_COMPRESSION_ID 309
2156#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
2157#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
2158#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2159#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
2160#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
2161#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
2162#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
2163#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
2164#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
2165#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
2166#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
2167#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
2168#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
2169#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
2170#define SSL_R_HTTPS_PROXY_REQUEST 155
2171#define SSL_R_HTTP_REQUEST 156
2172#define SSL_R_ILLEGAL_PADDING 283
2173#define SSL_R_INAPPROPRIATE_FALLBACK 373
2174#define SSL_R_INCONSISTENT_COMPRESSION 340
2175#define SSL_R_INVALID_CHALLENGE_LENGTH 158
2176#define SSL_R_INVALID_COMMAND 280
2177#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
2178#define SSL_R_INVALID_PURPOSE 278
2179#define SSL_R_INVALID_SRP_USERNAME 357
2180#define SSL_R_INVALID_STATUS_RESPONSE 328
2181#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
2182#define SSL_R_INVALID_TRUST 279
2183#define SSL_R_KEY_ARG_TOO_LONG 284
2184#define SSL_R_KRB5 285
2185#define SSL_R_KRB5_C_CC_PRINC 286
2186#define SSL_R_KRB5_C_GET_CRED 287
2187#define SSL_R_KRB5_C_INIT 288
2188#define SSL_R_KRB5_C_MK_REQ 289
2189#define SSL_R_KRB5_S_BAD_TICKET 290
2190#define SSL_R_KRB5_S_INIT 291
2191#define SSL_R_KRB5_S_RD_REQ 292
2192#define SSL_R_KRB5_S_TKT_EXPIRED 293
2193#define SSL_R_KRB5_S_TKT_NYV 294
2194#define SSL_R_KRB5_S_TKT_SKEW 295
2195#define SSL_R_LENGTH_MISMATCH 159
2196#define SSL_R_LENGTH_TOO_SHORT 160
2197#define SSL_R_LIBRARY_BUG 274
2198#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
2199#define SSL_R_MESSAGE_TOO_LONG 296
2200#define SSL_R_MISSING_DH_DSA_CERT 162
2201#define SSL_R_MISSING_DH_KEY 163
2202#define SSL_R_MISSING_DH_RSA_CERT 164
2203#define SSL_R_MISSING_DSA_SIGNING_CERT 165
2204#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
2205#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
2206#define SSL_R_MISSING_RSA_CERTIFICATE 168
2207#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
2208#define SSL_R_MISSING_RSA_SIGNING_CERT 170
2209#define SSL_R_MISSING_SRP_PARAM 358
2210#define SSL_R_MISSING_TMP_DH_KEY 171
2211#define SSL_R_MISSING_TMP_ECDH_KEY 311
2212#define SSL_R_MISSING_TMP_RSA_KEY 172
2213#define SSL_R_MISSING_TMP_RSA_PKEY 173
2214#define SSL_R_MISSING_VERIFY_MESSAGE 174
2215#define SSL_R_MULTIPLE_SGC_RESTARTS 346
2216#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
2217#define SSL_R_NO_CERTIFICATES_RETURNED 176
2218#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
2219#define SSL_R_NO_CERTIFICATE_RETURNED 178
2220#define SSL_R_NO_CERTIFICATE_SET 179
2221#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
2222#define SSL_R_NO_CIPHERS_AVAILABLE 181
2223#define SSL_R_NO_CIPHERS_PASSED 182
2224#define SSL_R_NO_CIPHERS_SPECIFIED 183
2225#define SSL_R_NO_CIPHER_LIST 184
2226#define SSL_R_NO_CIPHER_MATCH 185
2227#define SSL_R_NO_CLIENT_CERT_METHOD 331
2228#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
2229#define SSL_R_NO_COMPRESSION_SPECIFIED 187
2230#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
2231#define SSL_R_NO_METHOD_SPECIFIED 188
2232#define SSL_R_NO_PRIVATEKEY 189
2233#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
2234#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
2235#define SSL_R_NO_PUBLICKEY 192
2236#define SSL_R_NO_RENEGOTIATION 339
2237#define SSL_R_NO_REQUIRED_DIGEST 324
2238#define SSL_R_NO_SHARED_CIPHER 193
2239#define SSL_R_NO_SRTP_PROFILES 359
2240#define SSL_R_NO_VERIFY_CALLBACK 194
2241#define SSL_R_NULL_SSL_CTX 195
2242#define SSL_R_NULL_SSL_METHOD_PASSED 196
2243#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2244#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2245#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2246#define SSL_R_PACKET_LENGTH_TOO_LONG 198
2247#define SSL_R_PARSE_TLSEXT 227
2248#define SSL_R_PATH_TOO_LONG 270
2249#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
2250#define SSL_R_PEER_ERROR 200
2251#define SSL_R_PEER_ERROR_CERTIFICATE 201
2252#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
2253#define SSL_R_PEER_ERROR_NO_CIPHER 203
2254#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
2255#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
2256#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
2257#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
2258#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
2259#define SSL_R_PSK_NO_CLIENT_CB 224
2260#define SSL_R_PSK_NO_SERVER_CB 225
2261#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
2262#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
2263#define SSL_R_PUBLIC_KEY_NOT_RSA 210
2264#define SSL_R_READ_BIO_NOT_SET 211
2265#define SSL_R_READ_TIMEOUT_EXPIRED 312
2266#define SSL_R_READ_WRONG_PACKET_TYPE 212
2267#define SSL_R_RECORD_LENGTH_MISMATCH 213
2268#define SSL_R_RECORD_TOO_LARGE 214
2269#define SSL_R_RECORD_TOO_SMALL 298
2270#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
2271#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
2272#define SSL_R_RENEGOTIATION_MISMATCH 337
2273#define SSL_R_REQUIRED_CIPHER_MISSING 215
2274#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
2275#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
2276#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
2277#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
2278#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
2279#define SSL_R_SERVERHELLO_TLSEXT 275
2280#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
2281#define SSL_R_SHORT_READ 219
2282#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360
2283#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
2284#define SSL_R_SRP_A_CALC 361
2285#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
2286#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
2287#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
2288#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
2289#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
2290#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
2291#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
2292#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
2293#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
2294#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
2295#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
2296#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
2297#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
2298#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
2299#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
2300#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
2301#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
2302#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
2303#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
2304#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
2305#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
2306#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
2307#define SSL_R_SSL_HANDSHAKE_FAILURE 229
2308#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
2309#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
2310#define SSL_R_SSL_SESSION_ID_CONFLICT 302
2311#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
2312#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
2313#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
2314#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
2315#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
2316#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
2317#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
2318#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
2319#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
2320#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
2321#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
2322#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
2323#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
2324#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2325#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2326#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2327#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
2328#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
2329#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
2330#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2331#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2332#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2333#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365
2334#define SSL_R_TLS_HEARTBEAT_PENDING 366
2335#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367
2336#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2337#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2338#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2339#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
2340#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
2341#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
2342#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
2343#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
2344#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
2345#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
2346#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
2347#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
2348#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
2349#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
2350#define SSL_R_UNEXPECTED_MESSAGE 244
2351#define SSL_R_UNEXPECTED_RECORD 245
2352#define SSL_R_UNINITIALIZED 276
2353#define SSL_R_UNKNOWN_ALERT_TYPE 246
2354#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
2355#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
2356#define SSL_R_UNKNOWN_CIPHER_TYPE 249
2357#define SSL_R_UNKNOWN_DIGEST 368
2358#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
2359#define SSL_R_UNKNOWN_PKEY_TYPE 251
2360#define SSL_R_UNKNOWN_PROTOCOL 252
2361#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2362#define SSL_R_UNKNOWN_SSL_VERSION 254
2363#define SSL_R_UNKNOWN_STATE 255
2364#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
2365#define SSL_R_UNSUPPORTED_CIPHER 256
2366#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2367#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
2368#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2369#define SSL_R_UNSUPPORTED_PROTOCOL 258
2370#define SSL_R_UNSUPPORTED_SSL_VERSION 259
2371#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
2372#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369
2373#define SSL_R_WRITE_BIO_NOT_SET 260
2374#define SSL_R_WRONG_CIPHER_RETURNED 261
2375#define SSL_R_WRONG_CURVE 378
2376#define SSL_R_WRONG_MESSAGE_TYPE 262
2377#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
2378#define SSL_R_WRONG_SIGNATURE_LENGTH 264
2379#define SSL_R_WRONG_SIGNATURE_SIZE 265
2380#define SSL_R_WRONG_SIGNATURE_TYPE 370
2381#define SSL_R_WRONG_SSL_VERSION 266
2382#define SSL_R_WRONG_VERSION_NUMBER 267
2383#define SSL_R_X509_LIB 268
2384#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
2385
2386#ifdef __cplusplus
2387}
2388#endif
2389#endif
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
deleted file mode 100644
index 3a8d300729..0000000000
--- a/src/lib/libssl/ssl2.h
+++ /dev/null
@@ -1,153 +0,0 @@
1/* $OpenBSD: ssl2.h,v 1.12 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL2_H
60#define HEADER_SSL2_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/* Protocol Version Codes */
67#define SSL2_VERSION 0x0002
68#define SSL2_VERSION_MAJOR 0x00
69#define SSL2_VERSION_MINOR 0x02
70/* #define SSL2_CLIENT_VERSION 0x0002 */
71/* #define SSL2_SERVER_VERSION 0x0002 */
72
73/* Protocol Message Codes */
74#define SSL2_MT_ERROR 0
75#define SSL2_MT_CLIENT_HELLO 1
76#define SSL2_MT_CLIENT_MASTER_KEY 2
77#define SSL2_MT_CLIENT_FINISHED 3
78#define SSL2_MT_SERVER_HELLO 4
79#define SSL2_MT_SERVER_VERIFY 5
80#define SSL2_MT_SERVER_FINISHED 6
81#define SSL2_MT_REQUEST_CERTIFICATE 7
82#define SSL2_MT_CLIENT_CERTIFICATE 8
83
84/* Error Message Codes */
85#define SSL2_PE_UNDEFINED_ERROR 0x0000
86#define SSL2_PE_NO_CIPHER 0x0001
87#define SSL2_PE_NO_CERTIFICATE 0x0002
88#define SSL2_PE_BAD_CERTIFICATE 0x0004
89#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
90
91/* Cipher Kind Values */
92#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
93#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
94#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
95#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
96#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
97#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
98#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
99#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
100#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
101#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
102#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
103
104#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
105#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
106
107#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
108#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
109#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
110#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
111#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
112#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
113#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
114#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
115#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
116#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
117#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
118#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
119
120#define SSL2_TXT_NULL "NULL"
121
122/* Flags for the SSL_CIPHER.algorithm2 field */
123#define SSL2_CF_5_BYTE_ENC 0x01
124#define SSL2_CF_8_BYTE_ENC 0x02
125
126/* Certificate Type Codes */
127#define SSL2_CT_X509_CERTIFICATE 0x01
128
129/* Authentication Type Code */
130#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
131
132#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
133
134/* Upper/Lower Bounds */
135#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
136#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
137#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
138
139#define SSL2_CHALLENGE_LENGTH 16
140/*#define SSL2_CHALLENGE_LENGTH 32 */
141#define SSL2_MIN_CHALLENGE_LENGTH 16
142#define SSL2_MAX_CHALLENGE_LENGTH 32
143#define SSL2_CONNECTION_ID_LENGTH 16
144#define SSL2_MAX_CONNECTION_ID_LENGTH 16
145#define SSL2_SSL_SESSION_ID_LENGTH 16
146#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
147#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
148#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
149
150#ifdef __cplusplus
151}
152#endif
153#endif
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
deleted file mode 100644
index 570e4b0171..0000000000
--- a/src/lib/libssl/ssl23.h
+++ /dev/null
@@ -1,82 +0,0 @@
1/* $OpenBSD: ssl23.h,v 1.4 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SSL23_H
60#define HEADER_SSL23_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66/*client */
67/* write to server */
68#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
69#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
70/* read from server */
71#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
72#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
73
74/* server */
75/* read from client */
76#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
77#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
78
79#ifdef __cplusplus
80}
81#endif
82#endif
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 5ec2fe6f88..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,617 +0,0 @@
1/* $OpenBSD: ssl3.h,v 1.41 2015/07/19 06:23:51 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#ifndef HEADER_SSL3_H
118#define HEADER_SSL3_H
119
120#include <openssl/buffer.h>
121#include <openssl/evp.h>
122#include <openssl/ssl.h>
123
124#ifdef __cplusplus
125extern "C" {
126#endif
127
128/* TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. */
129#define SSL3_CK_SCSV 0x030000FF
130
131/* TLS_FALLBACK_SCSV from draft-ietf-tls-downgrade-scsv-03. */
132#define SSL3_CK_FALLBACK_SCSV 0x03005600
133
134#define SSL3_CK_RSA_NULL_MD5 0x03000001
135#define SSL3_CK_RSA_NULL_SHA 0x03000002
136#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
137#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
138#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
139#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
140#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
141#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
142#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
143#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
144
145#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
146#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
147#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
148#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
149#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
150#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
151
152#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
153#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
154#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
155#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
156#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
157#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
158
159#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
160#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
161#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
162#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
163#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
164
165/* VRS Additional Kerberos5 entries
166 */
167#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
168#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
169#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
170#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
171#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
172#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
173#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
174#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
175
176#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
177#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
178#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
179#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
180#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
181#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
182
183#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
184#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
185#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
186#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
187#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
188#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
189#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
190#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
191#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
192#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
193
194#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
195#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
196#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
197#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
198#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
199#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
200
201#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
202#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
203#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
204#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
205#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
206#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
207
208#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
209#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
210#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
211#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
212#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
213
214#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
215#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
216#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
217#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
218#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
219#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
220#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
221#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
222
223#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
224#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
225#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
226#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
227#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
228#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
229
230#define SSL3_SSL_SESSION_ID_LENGTH 32
231#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
232
233#define SSL3_MASTER_SECRET_SIZE 48
234#define SSL3_RANDOM_SIZE 32
235#define SSL3_SEQUENCE_SIZE 8
236#define SSL3_SESSION_ID_SIZE 32
237#define SSL3_CIPHER_VALUE_SIZE 2
238
239#define SSL3_RT_HEADER_LENGTH 5
240#define SSL3_HM_HEADER_LENGTH 4
241
242#define SSL3_ALIGN_PAYLOAD 8
243
244/* This is the maximum MAC (digest) size used by the SSL library.
245 * Currently maximum of 20 is used by SHA1, but we reserve for
246 * future extension for 512-bit hashes.
247 */
248
249#define SSL3_RT_MAX_MD_SIZE 64
250
251/* Maximum block size used in all ciphersuites. Currently 16 for AES.
252 */
253
254#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
255
256#define SSL3_RT_MAX_EXTRA (16384)
257
258/* Maximum plaintext length: defined by SSL/TLS standards */
259#define SSL3_RT_MAX_PLAIN_LENGTH 16384
260/* Maximum compression overhead: defined by SSL/TLS standards */
261#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
262
263/* The standards give a maximum encryption overhead of 1024 bytes.
264 * In practice the value is lower than this. The overhead is the maximum
265 * number of padding bytes (256) plus the mac size.
266 */
267#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
268
269/* OpenSSL currently only uses a padding length of at most one block so
270 * the send overhead is smaller.
271 */
272
273#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
274 (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
275
276/* If compression isn't used don't include the compression overhead */
277#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
278#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
279 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
280#define SSL3_RT_MAX_PACKET_SIZE \
281 (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
282
283#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
284#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
285
286#define SSL3_VERSION 0x0300
287#define SSL3_VERSION_MAJOR 0x03
288#define SSL3_VERSION_MINOR 0x00
289
290#define SSL3_RT_CHANGE_CIPHER_SPEC 20
291#define SSL3_RT_ALERT 21
292#define SSL3_RT_HANDSHAKE 22
293#define SSL3_RT_APPLICATION_DATA 23
294#define TLS1_RT_HEARTBEAT 24
295
296#define SSL3_AL_WARNING 1
297#define SSL3_AL_FATAL 2
298
299#define SSL3_AD_CLOSE_NOTIFY 0
300#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
301#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
302#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
303#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
304#define SSL3_AD_NO_CERTIFICATE 41
305#define SSL3_AD_BAD_CERTIFICATE 42
306#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
307#define SSL3_AD_CERTIFICATE_REVOKED 44
308#define SSL3_AD_CERTIFICATE_EXPIRED 45
309#define SSL3_AD_CERTIFICATE_UNKNOWN 46
310#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
311
312#define TLS1_HB_REQUEST 1
313#define TLS1_HB_RESPONSE 2
314
315#ifndef OPENSSL_NO_SSL_INTERN
316
317typedef struct ssl3_record_st {
318/*r */ int type; /* type of record */
319/*rw*/ unsigned int length; /* How many bytes available */
320/*r */ unsigned int off; /* read/write offset into 'buf' */
321/*rw*/ unsigned char *data; /* pointer to the record data */
322/*rw*/ unsigned char *input; /* where the decode bytes are */
323/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
324/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
325} SSL3_RECORD;
326
327typedef struct ssl3_buffer_st {
328 unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
329 * see ssl3_setup_buffers() */
330 size_t len; /* buffer size */
331 int offset; /* where to 'copy from' */
332 int left; /* how many bytes left */
333} SSL3_BUFFER;
334
335#endif
336
337#define SSL3_CT_RSA_SIGN 1
338#define SSL3_CT_DSS_SIGN 2
339#define SSL3_CT_RSA_FIXED_DH 3
340#define SSL3_CT_DSS_FIXED_DH 4
341#define SSL3_CT_RSA_EPHEMERAL_DH 5
342#define SSL3_CT_DSS_EPHEMERAL_DH 6
343#define SSL3_CT_FORTEZZA_DMS 20
344/* SSL3_CT_NUMBER is used to size arrays and it must be large
345 * enough to contain all of the cert types defined either for
346 * SSLv3 and TLSv1.
347 */
348#define SSL3_CT_NUMBER 11
349
350
351#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
352#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
353#define SSL3_FLAGS_POP_BUFFER 0x0004
354#define TLS1_FLAGS_TLS_PADDING_BUG 0x0
355#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
356#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
357#define SSL3_FLAGS_CCS_OK 0x0080
358
359#ifndef OPENSSL_NO_SSL_INTERN
360
361typedef struct ssl3_state_st {
362 long flags;
363 int delay_buf_pop_ret;
364
365 unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
366 int read_mac_secret_size;
367 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
368 unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
369 int write_mac_secret_size;
370 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
371
372 unsigned char server_random[SSL3_RANDOM_SIZE];
373 unsigned char client_random[SSL3_RANDOM_SIZE];
374
375 /* flags for countermeasure against known-IV weakness */
376 int need_empty_fragments;
377 int empty_fragment_done;
378
379 SSL3_BUFFER rbuf; /* read IO goes into here */
380 SSL3_BUFFER wbuf; /* write IO goes into here */
381
382 SSL3_RECORD rrec; /* each decoded record goes in here */
383 SSL3_RECORD wrec; /* goes out from here */
384
385 /* storage for Alert/Handshake protocol data received but not
386 * yet processed by ssl3_read_bytes: */
387 unsigned char alert_fragment[2];
388 unsigned int alert_fragment_len;
389 unsigned char handshake_fragment[4];
390 unsigned int handshake_fragment_len;
391
392 /* partial write - check the numbers match */
393 unsigned int wnum; /* number of bytes sent so far */
394 int wpend_tot; /* number bytes written */
395 int wpend_type;
396 int wpend_ret; /* number of bytes submitted */
397 const unsigned char *wpend_buf;
398
399 /* used during startup, digest all incoming/outgoing packets */
400 BIO *handshake_buffer;
401 /* When set of handshake digests is determined, buffer is hashed
402 * and freed and MD_CTX-es for all required digests are stored in
403 * this array */
404 EVP_MD_CTX **handshake_dgst;
405 /* this is set whenerver we see a change_cipher_spec message
406 * come in when we are not looking for one */
407 int change_cipher_spec;
408
409 int warn_alert;
410 int fatal_alert;
411 /* we allow one fatal and one warning alert to be outstanding,
412 * send close alert via the warning alert */
413 int alert_dispatch;
414 unsigned char send_alert[2];
415
416 /* This flag is set when we should renegotiate ASAP, basically when
417 * there is no more data in the read or write buffers */
418 int renegotiate;
419 int total_renegotiations;
420 int num_renegotiations;
421
422 int in_read_app_data;
423
424 struct {
425 /* actually only needs to be 16+20 */
426 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
427
428 /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
429 unsigned char finish_md[EVP_MAX_MD_SIZE*2];
430 int finish_md_len;
431 unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
432 int peer_finish_md_len;
433
434 unsigned long message_size;
435 int message_type;
436
437 /* used to hold the new cipher we are going to use */
438 const SSL_CIPHER *new_cipher;
439 DH *dh;
440
441 EC_KEY *ecdh; /* holds short lived ECDH key */
442
443 /* used when SSL_ST_FLUSH_DATA is entered */
444 int next_state;
445
446 int reuse_message;
447
448 /* used for certificate requests */
449 int cert_req;
450 int ctype_num;
451 char ctype[SSL3_CT_NUMBER];
452 STACK_OF(X509_NAME) *ca_names;
453
454 int key_block_length;
455 unsigned char *key_block;
456
457 const EVP_CIPHER *new_sym_enc;
458 const EVP_AEAD *new_aead;
459 const EVP_MD *new_hash;
460 int new_mac_pkey_type;
461 int new_mac_secret_size;
462 int cert_request;
463 } tmp;
464
465 /* Connection binding to prevent renegotiation attacks */
466 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
467 unsigned char previous_client_finished_len;
468 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
469 unsigned char previous_server_finished_len;
470 int send_connection_binding; /* TODOEKR */
471
472 /* Set if we saw the Next Protocol Negotiation extension from our peer.
473 */
474 int next_proto_neg_seen;
475
476 /*
477 * ALPN information
478 * (we are in the process of transitioning from NPN to ALPN).
479 */
480
481 /*
482 * In a server these point to the selected ALPN protocol after the
483 * ClientHello has been processed. In a client these contain the
484 * protocol that the server selected once the ServerHello has been
485 * processed.
486 */
487 unsigned char *alpn_selected;
488 unsigned int alpn_selected_len;
489} SSL3_STATE;
490
491#endif
492
493/* SSLv3 */
494/*client */
495/* extra state */
496#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
497/* write to server */
498#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
499#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
500/* read from server */
501#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
502#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
503#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
504#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
505#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
506#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
507#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
508#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
509#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
510#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
511#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
512#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
513/* write to server */
514#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
515#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
516#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
517#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
518#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
519#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
520#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
521#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
522#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
523#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
524#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
525#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
526#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
527#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
528/* read from server */
529#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
530#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
531#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
532#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
533#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
534#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
535#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
536#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
537
538/* server */
539/* extra state */
540#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
541/* read from client */
542/* Do not change the number values, they do matter */
543#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
544#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
545#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
546/* write to client */
547#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
548#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
549#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
550#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
551#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
552#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
553#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
554#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
555#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
556#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
557#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
558#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
559#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
560#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
561#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
562/* read from client */
563#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
564#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
565#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
566#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
567#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
568#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
569#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
570#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
571#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
572#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
573#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
574#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
575/* write to client */
576#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
577#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
578#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
579#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
580#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
581#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
582#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
583#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
584
585#define SSL3_MT_HELLO_REQUEST 0
586#define SSL3_MT_CLIENT_HELLO 1
587#define SSL3_MT_SERVER_HELLO 2
588#define SSL3_MT_NEWSESSION_TICKET 4
589#define SSL3_MT_CERTIFICATE 11
590#define SSL3_MT_SERVER_KEY_EXCHANGE 12
591#define SSL3_MT_CERTIFICATE_REQUEST 13
592#define SSL3_MT_SERVER_DONE 14
593#define SSL3_MT_CERTIFICATE_VERIFY 15
594#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
595#define SSL3_MT_FINISHED 20
596#define SSL3_MT_CERTIFICATE_STATUS 22
597
598#define SSL3_MT_NEXT_PROTO 67
599
600#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
601
602#define SSL3_MT_CCS 1
603
604/* These are used when changing over to a new cipher */
605#define SSL3_CC_READ 0x01
606#define SSL3_CC_WRITE 0x02
607#define SSL3_CC_CLIENT 0x10
608#define SSL3_CC_SERVER 0x20
609#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
610#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
611#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
612#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
613
614#ifdef __cplusplus
615}
616#endif
617#endif
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
deleted file mode 100644
index 3010a735c9..0000000000
--- a/src/lib/libssl/ssl_algs.c
+++ /dev/null
@@ -1,131 +0,0 @@
1/* $OpenBSD: ssl_algs.c,v 1.22 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/lhash.h>
62#include <openssl/objects.h>
63
64#include "ssl_locl.h"
65
66int
67SSL_library_init(void)
68{
69
70#ifndef OPENSSL_NO_DES
71 EVP_add_cipher(EVP_des_cbc());
72 EVP_add_cipher(EVP_des_ede3_cbc());
73#endif
74#ifndef OPENSSL_NO_IDEA
75 EVP_add_cipher(EVP_idea_cbc());
76#endif
77#ifndef OPENSSL_NO_RC4
78 EVP_add_cipher(EVP_rc4());
79#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
80 EVP_add_cipher(EVP_rc4_hmac_md5());
81#endif
82#endif
83#ifndef OPENSSL_NO_RC2
84 EVP_add_cipher(EVP_rc2_cbc());
85 /* Not actually used for SSL/TLS but this makes PKCS#12 work
86 * if an application only calls SSL_library_init().
87 */
88 EVP_add_cipher(EVP_rc2_40_cbc());
89#endif
90 EVP_add_cipher(EVP_aes_128_cbc());
91 EVP_add_cipher(EVP_aes_192_cbc());
92 EVP_add_cipher(EVP_aes_256_cbc());
93 EVP_add_cipher(EVP_aes_128_gcm());
94 EVP_add_cipher(EVP_aes_256_gcm());
95 EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
96 EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
97#ifndef OPENSSL_NO_CAMELLIA
98 EVP_add_cipher(EVP_camellia_128_cbc());
99 EVP_add_cipher(EVP_camellia_256_cbc());
100#endif
101#ifndef OPENSSL_NO_GOST
102 EVP_add_cipher(EVP_gost2814789_cfb64());
103 EVP_add_cipher(EVP_gost2814789_cnt());
104#endif
105
106 EVP_add_digest(EVP_md5());
107 EVP_add_digest_alias(SN_md5, "ssl2-md5");
108 EVP_add_digest_alias(SN_md5, "ssl3-md5");
109 EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
110 EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
111 EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
112 EVP_add_digest(EVP_sha224());
113 EVP_add_digest(EVP_sha256());
114 EVP_add_digest(EVP_sha384());
115 EVP_add_digest(EVP_sha512());
116 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
117 EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
118 EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
119 EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
120 EVP_add_digest(EVP_ecdsa());
121#ifndef OPENSSL_NO_GOST
122 EVP_add_digest(EVP_gostr341194());
123 EVP_add_digest(EVP_gost2814789imit());
124 EVP_add_digest(EVP_streebog256());
125 EVP_add_digest(EVP_streebog512());
126#endif
127 /* initialize cipher/digest methods table */
128 ssl_load_ciphers();
129 return (1);
130}
131
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index b60b3ea3f8..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,692 +0,0 @@
1/* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include "ssl_locl.h"
63
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67/* XXX - these are here to avoid including asn1_mac.h */
68int asn1_GetSequence(ASN1_const_CTX *c, long *length);
69void asn1_add_error(const unsigned char *address, int offset);
70
71typedef struct ssl_session_asn1_st {
72 ASN1_INTEGER version;
73 ASN1_INTEGER ssl_version;
74 ASN1_OCTET_STRING cipher;
75 ASN1_OCTET_STRING master_key;
76 ASN1_OCTET_STRING session_id;
77 ASN1_OCTET_STRING session_id_context;
78 ASN1_INTEGER time;
79 ASN1_INTEGER timeout;
80 ASN1_INTEGER verify_result;
81 ASN1_OCTET_STRING tlsext_hostname;
82 ASN1_INTEGER tlsext_tick_lifetime;
83 ASN1_OCTET_STRING tlsext_tick;
84} SSL_SESSION_ASN1;
85
86int
87i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
88{
89#define LSIZE2 (sizeof(long)*2)
90 int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0;
91 unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
92 unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
93 unsigned char ibuf6[LSIZE2];
94 SSL_SESSION_ASN1 a;
95 unsigned char *p;
96 int len = 0, ret;
97 long l;
98
99 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
100 return (0);
101
102 /*
103 * Note that I cheat in the following 2 assignments.
104 * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set
105 * is > sizeof(long)+1, the buffer will not be re-malloc()ed.
106 * This is a bit evil but makes things simple, no dynamic allocation
107 * to clean up :-)
108 */
109 a.version.length = LSIZE2;
110 a.version.type = V_ASN1_INTEGER;
111 a.version.data = ibuf1;
112 ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
113 len += i2d_ASN1_INTEGER(&(a.version), NULL);
114
115 a.ssl_version.length = LSIZE2;
116 a.ssl_version.type = V_ASN1_INTEGER;
117 a.ssl_version.data = ibuf2;
118 ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
119 len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL);
120
121 a.cipher.length = 2;
122 a.cipher.type = V_ASN1_OCTET_STRING;
123 l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id;
124 buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
125 buf[1] = ((unsigned char)(l)) & 0xff;
126 a.cipher.data = buf;
127 len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL);
128
129 a.master_key.length = in->master_key_length;
130 a.master_key.type = V_ASN1_OCTET_STRING;
131 a.master_key.data = in->master_key;
132 len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL);
133
134 a.session_id.length = in->session_id_length;
135 a.session_id.type = V_ASN1_OCTET_STRING;
136 a.session_id.data = in->session_id;
137 len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL);
138
139 if (in->time != 0L) {
140 a.time.length = LSIZE2;
141 a.time.type = V_ASN1_INTEGER;
142 a.time.data = ibuf3;
143 ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */
144 v1 = i2d_ASN1_INTEGER(&(a.time), NULL);
145 len += ASN1_object_size(1, v1, 1);
146 }
147
148 if (in->timeout != 0L) {
149 a.timeout.length = LSIZE2;
150 a.timeout.type = V_ASN1_INTEGER;
151 a.timeout.data = ibuf4;
152 ASN1_INTEGER_set(&(a.timeout), in->timeout);
153 v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL);
154 len += ASN1_object_size(1, v2, 2);
155 }
156
157 if (in->peer != NULL) {
158 v3 = i2d_X509(in->peer, NULL);
159 len += ASN1_object_size(1, v3, 3);
160 }
161
162 a.session_id_context.length = in->sid_ctx_length;
163 a.session_id_context.type = V_ASN1_OCTET_STRING;
164 a.session_id_context.data = in->sid_ctx;
165 v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL);
166 len += ASN1_object_size(1, v4, 4);
167
168 if (in->verify_result != X509_V_OK) {
169 a.verify_result.length = LSIZE2;
170 a.verify_result.type = V_ASN1_INTEGER;
171 a.verify_result.data = ibuf5;
172 ASN1_INTEGER_set(&a.verify_result, in->verify_result);
173 v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL);
174 len += ASN1_object_size(1, v5, 5);
175 }
176
177 if (in->tlsext_hostname) {
178 a.tlsext_hostname.length = strlen(in->tlsext_hostname);
179 a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
180 a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
181 v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL);
182 len += ASN1_object_size(1, v6, 6);
183 }
184
185 /* 7 - PSK identity hint. */
186 /* 8 - PSK identity. */
187
188 if (in->tlsext_tick_lifetime_hint > 0) {
189 a.tlsext_tick_lifetime.length = LSIZE2;
190 a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
191 a.tlsext_tick_lifetime.data = ibuf6;
192 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
193 in->tlsext_tick_lifetime_hint);
194 v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL);
195 len += ASN1_object_size(1, v9, 9);
196 }
197
198 if (in->tlsext_tick) {
199 a.tlsext_tick.length = in->tlsext_ticklen;
200 a.tlsext_tick.type = V_ASN1_OCTET_STRING;
201 a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
202 v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL);
203 len += ASN1_object_size(1, v10, 10);
204 }
205
206 /* 11 - Compression method. */
207 /* 12 - SRP username. */
208
209 /* If given a NULL pointer, return the length only. */
210 ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE));
211 if (pp == NULL)
212 return (ret);
213
214 /* Burp out the ASN1. */
215 p = *pp;
216 ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
217 i2d_ASN1_INTEGER(&(a.version), &p);
218 i2d_ASN1_INTEGER(&(a.ssl_version), &p);
219 i2d_ASN1_OCTET_STRING(&(a.cipher), &p);
220 i2d_ASN1_OCTET_STRING(&(a.session_id), &p);
221 i2d_ASN1_OCTET_STRING(&(a.master_key), &p);
222 if (in->time != 0L) {
223 ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC);
224 i2d_ASN1_INTEGER(&(a.time), &p);
225 }
226 if (in->timeout != 0L) {
227 ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC);
228 i2d_ASN1_INTEGER(&(a.timeout), &p);
229 }
230 if (in->peer != NULL) {
231 ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC);
232 i2d_X509(in->peer, &p);
233 }
234 ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC);
235 i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p);
236 if (in->verify_result != X509_V_OK) {
237 ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC);
238 i2d_ASN1_INTEGER(&(a.verify_result), &p);
239 }
240 if (in->tlsext_hostname) {
241 ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC);
242 i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p);
243 }
244 /* 7 - PSK identity hint. */
245 /* 8 - PSK identity. */
246 if (in->tlsext_tick_lifetime_hint > 0) {
247 ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC);
248 i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p);
249 }
250 if (in->tlsext_tick) {
251 ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC);
252 i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p);
253 }
254 /* 11 - Compression method. */
255 /* 12 - SRP username. */
256
257 *pp = p;
258 return (ret);
259}
260
261SSL_SESSION *
262d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
263{
264 SSL_SESSION *ret = NULL;
265 ASN1_const_CTX c;
266 ASN1_INTEGER ai, *aip;
267 ASN1_OCTET_STRING os, *osp;
268 int ssl_version = 0, i;
269 int Tinf, Ttag, Tclass;
270 long Tlen;
271 long id;
272
273 c.pp = pp;
274 c.p = *pp;
275 c.q = *pp;
276 c.max = (length == 0) ? 0 : (c.p + length);
277 c.slen = length;
278
279 if (a == NULL || *a == NULL) {
280 if ((ret = SSL_SESSION_new()) == NULL) {
281 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
282 goto err;
283 }
284 } else
285 ret = *a;
286
287 aip = &ai;
288 osp = &os;
289
290 if (!asn1_GetSequence(&c, &length)) {
291 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
292 goto err;
293 }
294
295 ai.data = NULL;
296 ai.length = 0;
297 c.q = c.p;
298 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
299 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
300 goto err;
301 }
302 c.slen -= (c.p - c.q);
303
304 if (ai.data != NULL) {
305 free(ai.data);
306 ai.data = NULL;
307 ai.length = 0;
308 }
309
310 /* we don't care about the version right now :-) */
311 c.q = c.p;
312 if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) {
313 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
314 goto err;
315 }
316 c.slen -= (c.p - c.q);
317 ssl_version = (int)ASN1_INTEGER_get(aip);
318 ret->ssl_version = ssl_version;
319 if (ai.data != NULL) {
320 free(ai.data);
321 ai.data = NULL;
322 ai.length = 0;
323 }
324
325 os.data = NULL;
326 os.length = 0;
327 c.q = c.p;
328 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
329 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
330 goto err;
331 }
332 c.slen -= (c.p - c.q);
333 if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
334 if (os.length != 2) {
335 SSLerr(SSL_F_D2I_SSL_SESSION,
336 SSL_R_CIPHER_CODE_WRONG_LENGTH);
337 goto err;
338 }
339 id = 0x03000000L | ((unsigned long)os.data[0]<<8L) |
340 (unsigned long)os.data[1];
341 } else {
342 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
343 goto err;
344 }
345
346 ret->cipher = NULL;
347 ret->cipher_id = id;
348
349 c.q = c.p;
350 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
351 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
352 goto err;
353 }
354 c.slen -= (c.p - c.q);
355
356 i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
357 if (os.length > i)
358 os.length = i;
359 if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
360 os.length = sizeof(ret->session_id);
361
362 ret->session_id_length = os.length;
363 OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
364 memcpy(ret->session_id, os.data, os.length);
365
366 c.q = c.p;
367 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) {
368 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
369 goto err;
370 }
371 c.slen -= (c.p - c.q);
372 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
373 ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
374 else
375 ret->master_key_length = os.length;
376 memcpy(ret->master_key, os.data, ret->master_key_length);
377
378 os.length = 0;
379
380 /* 1 - Time (INTEGER). */
381 /* XXX 2038 */
382 ai.length = 0;
383 if (c.slen != 0L &&
384 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 1)) {
385 c.q = c.p;
386 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
387 if (Tinf & 0x80) {
388 SSLerr(SSL_F_D2I_SSL_SESSION,
389 ERR_R_BAD_ASN1_OBJECT_HEADER);
390 goto err;
391 }
392 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
393 Tlen = c.slen - (c.p - c.q) - 2;
394 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
395 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
396 goto err;
397 }
398 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
399 Tlen = c.slen - (c.p - c.q);
400 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
401 SSLerr(SSL_F_D2I_SSL_SESSION,
402 ERR_R_MISSING_ASN1_EOS);
403 goto err;
404 }
405 }
406 c.slen -= (c.p - c.q);
407 }
408 if (ai.data != NULL) {
409 ret->time = ASN1_INTEGER_get(aip);
410 free(ai.data);
411 ai.data = NULL;
412 ai.length = 0;
413 } else
414 ret->time = time(NULL);
415
416 /* 2 - Timeout (INTEGER). */
417 ai.length = 0;
418 if (c.slen != 0L &&
419 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 2)) {
420 c.q = c.p;
421 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
422 if (Tinf & 0x80) {
423 SSLerr(SSL_F_D2I_SSL_SESSION,
424 ERR_R_BAD_ASN1_OBJECT_HEADER);
425 goto err;
426 }
427 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
428 Tlen = c.slen - (c.p - c.q) - 2;
429 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
430 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
431 goto err;
432 }
433 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
434 Tlen = c.slen - (c.p - c.q);
435 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
436 SSLerr(SSL_F_D2I_SSL_SESSION,
437 ERR_R_MISSING_ASN1_EOS);
438 goto err;
439 }
440 }
441 c.slen -= (c.p - c.q);
442 }
443 if (ai.data != NULL) {
444 ret->timeout = ASN1_INTEGER_get(aip);
445 free(ai.data);
446 ai.data = NULL;
447 ai.length = 0;
448 } else
449 ret->timeout = 3;
450
451 /* 3 - Peer (X509). */
452 if (ret->peer != NULL) {
453 X509_free(ret->peer);
454 ret->peer = NULL;
455 }
456 if (c.slen != 0L &&
457 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) {
458 c.q = c.p;
459 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
460 if (Tinf & 0x80) {
461 SSLerr(SSL_F_D2I_SSL_SESSION,
462 ERR_R_BAD_ASN1_OBJECT_HEADER);
463 goto err;
464 }
465 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
466 Tlen = c.slen - (c.p - c.q) - 2;
467 if (d2i_X509(&ret->peer, &c.p, Tlen) == NULL) {
468 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
469 goto err;
470 }
471 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
472 Tlen = c.slen - (c.p - c.q);
473 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
474 SSLerr(SSL_F_D2I_SSL_SESSION,
475 ERR_R_MISSING_ASN1_EOS);
476 goto err;
477 }
478 }
479 c.slen -= (c.p - c.q);
480 }
481
482 /* 4 - Session ID (OCTET STRING). */
483 os.length = 0;
484 free(os.data);
485 os.data = NULL;
486 if (c.slen != 0L &&
487 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 4)) {
488 c.q = c.p;
489 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
490 if (Tinf & 0x80) {
491 SSLerr(SSL_F_D2I_SSL_SESSION,
492 ERR_R_BAD_ASN1_OBJECT_HEADER);
493 goto err;
494 }
495 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
496 Tlen = c.slen - (c.p - c.q) - 2;
497 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
498 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
499 goto err;
500 }
501 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
502 Tlen = c.slen - (c.p - c.q);
503 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
504 SSLerr(SSL_F_D2I_SSL_SESSION,
505 ERR_R_MISSING_ASN1_EOS);
506 goto err;
507 }
508 }
509 c.slen -= (c.p - c.q);
510 }
511 if (os.data != NULL) {
512 if (os.length > SSL_MAX_SID_CTX_LENGTH) {
513 SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
514 goto err;
515 } else {
516 ret->sid_ctx_length = os.length;
517 memcpy(ret->sid_ctx, os.data, os.length);
518 }
519 free(os.data);
520 os.data = NULL;
521 os.length = 0;
522 } else
523 ret->sid_ctx_length = 0;
524
525 /* 5 - Verify_result. */
526 ai.length = 0;
527 if (c.slen != 0L &&
528 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 5)) {
529 c.q = c.p;
530 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
531 if (Tinf & 0x80) {
532 SSLerr(SSL_F_D2I_SSL_SESSION,
533 ERR_R_BAD_ASN1_OBJECT_HEADER);
534 goto err;
535 }
536 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
537 Tlen = c.slen - (c.p - c.q) - 2;
538 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
539 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
540 goto err;
541 }
542 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
543 Tlen = c.slen - (c.p - c.q);
544 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
545 SSLerr(SSL_F_D2I_SSL_SESSION,
546 ERR_R_MISSING_ASN1_EOS);
547 goto err;
548 }
549 }
550 c.slen -= (c.p - c.q);
551 }
552 if (ai.data != NULL) {
553 ret->verify_result = ASN1_INTEGER_get(aip);
554 free(ai.data);
555 ai.data = NULL;
556 ai.length = 0;
557 } else
558 ret->verify_result = X509_V_OK;
559
560 /* 6 - HostName (OCTET STRING). */
561 os.length = 0;
562 os.data = NULL;
563 if (c.slen != 0L &&
564 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 6)) {
565 c.q = c.p;
566 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
567 if (Tinf & 0x80) {
568 SSLerr(SSL_F_D2I_SSL_SESSION,
569 ERR_R_BAD_ASN1_OBJECT_HEADER);
570 goto err;
571 }
572 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
573 Tlen = c.slen - (c.p - c.q) - 2;
574 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
575 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
576 goto err;
577 }
578 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
579 Tlen = c.slen - (c.p - c.q);
580 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
581 SSLerr(SSL_F_D2I_SSL_SESSION,
582 ERR_R_MISSING_ASN1_EOS);
583 goto err;
584 }
585 }
586 c.slen -= (c.p - c.q);
587 }
588 if (os.data) {
589 ret->tlsext_hostname = strndup((char *)os.data, os.length);
590 free(os.data);
591 os.data = NULL;
592 os.length = 0;
593 } else
594 ret->tlsext_hostname = NULL;
595
596 /* 7 - PSK identity hint (OCTET STRING). */
597 /* 8 - PSK identity (OCTET STRING). */
598
599 /* 9 - Ticket lifetime. */
600 ai.length = 0;
601 if (c.slen != 0L &&
602 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 9)) {
603 c.q = c.p;
604 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
605 if (Tinf & 0x80) {
606 SSLerr(SSL_F_D2I_SSL_SESSION,
607 ERR_R_BAD_ASN1_OBJECT_HEADER);
608 goto err;
609 }
610 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
611 Tlen = c.slen - (c.p - c.q) - 2;
612 if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) {
613 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
614 goto err;
615 }
616 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
617 Tlen = c.slen - (c.p - c.q);
618 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
619 SSLerr(SSL_F_D2I_SSL_SESSION,
620 ERR_R_MISSING_ASN1_EOS);
621 goto err;
622 }
623 }
624 c.slen -= (c.p - c.q);
625 }
626 if (ai.data != NULL) {
627 ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip);
628 free(ai.data);
629 ai.data = NULL;
630 ai.length = 0;
631 } else if (ret->tlsext_ticklen && ret->session_id_length)
632 ret->tlsext_tick_lifetime_hint = -1;
633 else
634 ret->tlsext_tick_lifetime_hint = 0;
635 os.length = 0;
636 os.data = NULL;
637
638 /* 10 - Ticket (OCTET STRING). */
639 if (c.slen != 0L &&
640 *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 10)) {
641 c.q = c.p;
642 Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen);
643 if (Tinf & 0x80) {
644 SSLerr(SSL_F_D2I_SSL_SESSION,
645 ERR_R_BAD_ASN1_OBJECT_HEADER);
646 goto err;
647 }
648 if (Tinf == (V_ASN1_CONSTRUCTED + 1))
649 Tlen = c.slen - (c.p - c.q) - 2;
650 if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) {
651 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
652 goto err;
653 }
654 if (Tinf == (V_ASN1_CONSTRUCTED + 1)) {
655 Tlen = c.slen - (c.p - c.q);
656 if(!ASN1_const_check_infinite_end(&c.p, Tlen)) {
657 SSLerr(SSL_F_D2I_SSL_SESSION,
658 ERR_R_MISSING_ASN1_EOS);
659 goto err;
660 }
661 }
662 c.slen -= (c.p - c.q);
663 }
664 if (os.data) {
665 ret->tlsext_tick = os.data;
666 ret->tlsext_ticklen = os.length;
667 os.data = NULL;
668 os.length = 0;
669 } else
670 ret->tlsext_tick = NULL;
671
672 /* 11 - Compression method (OCTET STRING). */
673 /* 12 - SRP username (OCTET STRING). */
674
675 if (!asn1_const_Finish(&c)) {
676 SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR);
677 goto err;
678 }
679
680 *pp = c.p;
681 if (a != NULL)
682 *a = ret;
683
684 return (ret);
685
686err:
687 ERR_asprintf_error_data("offset=%d", (int)(c.q - *pp));
688 if (ret != NULL && (a == NULL || *a != ret))
689 SSL_SESSION_free(ret);
690
691 return (NULL);
692}
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index bc864883c8..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,735 +0,0 @@
1/* $OpenBSD: ssl_cert.c,v 1.50 2015/04/06 04:09:59 guenther Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116
117#include <sys/types.h>
118
119#include <dirent.h>
120#include <stdio.h>
121#include <unistd.h>
122
123#include <openssl/bio.h>
124#include <openssl/bn.h>
125#include <openssl/dh.h>
126#include <openssl/objects.h>
127#include <openssl/opensslconf.h>
128#include <openssl/pem.h>
129#include <openssl/x509v3.h>
130
131#include "ssl_locl.h"
132
133int
134SSL_get_ex_data_X509_STORE_CTX_idx(void)
135{
136 static volatile int ssl_x509_store_ctx_idx = -1;
137 int got_write_lock = 0;
138
139 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
140
141 if (ssl_x509_store_ctx_idx < 0) {
142 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
143 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
144 got_write_lock = 1;
145
146 if (ssl_x509_store_ctx_idx < 0) {
147 ssl_x509_store_ctx_idx =
148 X509_STORE_CTX_get_ex_new_index(
149 0, "SSL for verify callback", NULL, NULL, NULL);
150 }
151 }
152
153 if (got_write_lock)
154 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
155 else
156 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
157
158 return ssl_x509_store_ctx_idx;
159}
160
161static void
162ssl_cert_set_default_md(CERT *cert)
163{
164 /* Set digest values to defaults */
165 cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
166 cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
167 cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
168 cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
169#ifndef OPENSSL_NO_GOST
170 cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
171#endif
172}
173
174CERT *
175ssl_cert_new(void)
176{
177 CERT *ret;
178
179 ret = calloc(1, sizeof(CERT));
180 if (ret == NULL) {
181 SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
182 return (NULL);
183 }
184 ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
185 ret->references = 1;
186 ssl_cert_set_default_md(ret);
187 return (ret);
188}
189
190CERT *
191ssl_cert_dup(CERT *cert)
192{
193 CERT *ret;
194 int i;
195
196 ret = calloc(1, sizeof(CERT));
197 if (ret == NULL) {
198 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
199 return (NULL);
200 }
201
202 /*
203 * same as ret->key = ret->pkeys + (cert->key - cert->pkeys),
204 * if you find that more readable
205 */
206 ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
207
208 ret->valid = cert->valid;
209 ret->mask_k = cert->mask_k;
210 ret->mask_a = cert->mask_a;
211
212 if (cert->dh_tmp != NULL) {
213 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
214 if (ret->dh_tmp == NULL) {
215 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
216 goto err;
217 }
218 if (cert->dh_tmp->priv_key) {
219 BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
220 if (!b) {
221 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
222 goto err;
223 }
224 ret->dh_tmp->priv_key = b;
225 }
226 if (cert->dh_tmp->pub_key) {
227 BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
228 if (!b) {
229 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
230 goto err;
231 }
232 ret->dh_tmp->pub_key = b;
233 }
234 }
235 ret->dh_tmp_cb = cert->dh_tmp_cb;
236 ret->dh_tmp_auto = cert->dh_tmp_auto;
237
238 if (cert->ecdh_tmp) {
239 ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
240 if (ret->ecdh_tmp == NULL) {
241 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
242 goto err;
243 }
244 }
245 ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
246 ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
247
248 for (i = 0; i < SSL_PKEY_NUM; i++) {
249 if (cert->pkeys[i].x509 != NULL) {
250 ret->pkeys[i].x509 = cert->pkeys[i].x509;
251 CRYPTO_add(&ret->pkeys[i].x509->references, 1,
252 CRYPTO_LOCK_X509);
253 }
254
255 if (cert->pkeys[i].privatekey != NULL) {
256 ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
257 CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
258 CRYPTO_LOCK_EVP_PKEY);
259
260 switch (i) {
261 /*
262 * If there was anything special to do for
263 * certain types of keys, we'd do it here.
264 * (Nothing at the moment, I think.)
265 */
266
267 case SSL_PKEY_RSA_ENC:
268 case SSL_PKEY_RSA_SIGN:
269 /* We have an RSA key. */
270 break;
271
272 case SSL_PKEY_DSA_SIGN:
273 /* We have a DSA key. */
274 break;
275
276 case SSL_PKEY_DH_RSA:
277 case SSL_PKEY_DH_DSA:
278 /* We have a DH key. */
279 break;
280
281 case SSL_PKEY_ECC:
282 /* We have an ECC key */
283 break;
284
285 default:
286 /* Can't happen. */
287 SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
288 }
289 }
290 }
291
292 /*
293 * ret->extra_certs *should* exist, but currently the own certificate
294 * chain is held inside SSL_CTX
295 */
296
297 ret->references = 1;
298 /*
299 * Set digests to defaults. NB: we don't copy existing values
300 * as they will be set during handshake.
301 */
302 ssl_cert_set_default_md(ret);
303
304 return (ret);
305
306err:
307 DH_free(ret->dh_tmp);
308 EC_KEY_free(ret->ecdh_tmp);
309
310 for (i = 0; i < SSL_PKEY_NUM; i++) {
311 if (ret->pkeys[i].x509 != NULL)
312 X509_free(ret->pkeys[i].x509);
313 EVP_PKEY_free(ret->pkeys[i].privatekey);
314 }
315 free (ret);
316 return NULL;
317}
318
319
320void
321ssl_cert_free(CERT *c)
322{
323 int i;
324
325 if (c == NULL)
326 return;
327
328 i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT);
329 if (i > 0)
330 return;
331
332 DH_free(c->dh_tmp);
333 EC_KEY_free(c->ecdh_tmp);
334
335 for (i = 0; i < SSL_PKEY_NUM; i++) {
336 if (c->pkeys[i].x509 != NULL)
337 X509_free(c->pkeys[i].x509);
338 EVP_PKEY_free(c->pkeys[i].privatekey);
339 }
340
341 free(c);
342}
343
344int
345ssl_cert_inst(CERT **o)
346{
347 /*
348 * Create a CERT if there isn't already one
349 * (which cannot really happen, as it is initially created in
350 * SSL_CTX_new; but the earlier code usually allows for that one
351 * being non-existant, so we follow that behaviour, as it might
352 * turn out that there actually is a reason for it -- but I'm
353 * not sure that *all* of the existing code could cope with
354 * s->cert being NULL, otherwise we could do without the
355 * initialization in SSL_CTX_new).
356 */
357
358 if (o == NULL) {
359 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
360 return (0);
361 }
362 if (*o == NULL) {
363 if ((*o = ssl_cert_new()) == NULL) {
364 SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
365 return (0);
366 }
367 }
368 return (1);
369}
370
371
372SESS_CERT *
373ssl_sess_cert_new(void)
374{
375 SESS_CERT *ret;
376
377 ret = calloc(1, sizeof *ret);
378 if (ret == NULL) {
379 SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
380 return NULL;
381 }
382 ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
383 ret->references = 1;
384
385 return ret;
386}
387
388void
389ssl_sess_cert_free(SESS_CERT *sc)
390{
391 int i;
392
393 if (sc == NULL)
394 return;
395
396 i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
397 if (i > 0)
398 return;
399
400 /* i == 0 */
401 if (sc->cert_chain != NULL)
402 sk_X509_pop_free(sc->cert_chain, X509_free);
403 for (i = 0; i < SSL_PKEY_NUM; i++) {
404 if (sc->peer_pkeys[i].x509 != NULL)
405 X509_free(sc->peer_pkeys[i].x509);
406 }
407
408 DH_free(sc->peer_dh_tmp);
409 EC_KEY_free(sc->peer_ecdh_tmp);
410
411 free(sc);
412}
413
414int
415ssl_set_peer_cert_type(SESS_CERT *sc, int type)
416{
417 sc->peer_cert_type = type;
418 return (1);
419}
420
421int
422ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
423{
424 X509_STORE_CTX ctx;
425 X509 *x;
426 int ret;
427
428 if ((sk == NULL) || (sk_X509_num(sk) == 0))
429 return (0);
430
431 x = sk_X509_value(sk, 0);
432 if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) {
433 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
434 return (0);
435 }
436 X509_STORE_CTX_set_ex_data(&ctx,
437 SSL_get_ex_data_X509_STORE_CTX_idx(), s);
438
439 /*
440 * We need to inherit the verify parameters. These can be
441 * determined by the context: if its a server it will verify
442 * SSL client certificates or vice versa.
443 */
444 X509_STORE_CTX_set_default(&ctx,
445 s->server ? "ssl_client" : "ssl_server");
446
447 /*
448 * Anything non-default in "param" should overwrite anything
449 * in the ctx.
450 */
451 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
452
453 if (s->verify_callback)
454 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
455
456 if (s->ctx->app_verify_callback != NULL)
457 ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
458 else
459 ret = X509_verify_cert(&ctx);
460
461 s->verify_result = ctx.error;
462 X509_STORE_CTX_cleanup(&ctx);
463
464 return (ret);
465}
466
467static void
468set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
469 STACK_OF(X509_NAME) *name_list)
470{
471 if (*ca_list != NULL)
472 sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
473
474 *ca_list = name_list;
475}
476
477STACK_OF(X509_NAME) *
478SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
479{
480 int i;
481 STACK_OF(X509_NAME) *ret;
482 X509_NAME *name;
483
484 ret = sk_X509_NAME_new_null();
485 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
486 name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
487 if ((name == NULL) || !sk_X509_NAME_push(ret, name)) {
488 sk_X509_NAME_pop_free(ret, X509_NAME_free);
489 return (NULL);
490 }
491 }
492 return (ret);
493}
494
495void
496SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
497{
498 set_client_CA_list(&(s->client_CA), name_list);
499}
500
501void
502SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
503{
504 set_client_CA_list(&(ctx->client_CA), name_list);
505}
506
507STACK_OF(X509_NAME) *
508SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
509{
510 return (ctx->client_CA);
511}
512
513STACK_OF(X509_NAME) *
514SSL_get_client_CA_list(const SSL *s)
515{
516 if (s->type == SSL_ST_CONNECT) {
517 /* We are in the client. */
518 if (((s->version >> 8) == SSL3_VERSION_MAJOR) &&
519 (s->s3 != NULL))
520 return (s->s3->tmp.ca_names);
521 else
522 return (NULL);
523 } else {
524 if (s->client_CA != NULL)
525 return (s->client_CA);
526 else
527 return (s->ctx->client_CA);
528 }
529}
530
531static int
532add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
533{
534 X509_NAME *name;
535
536 if (x == NULL)
537 return (0);
538 if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))
539 return (0);
540
541 if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
542 return (0);
543
544 if (!sk_X509_NAME_push(*sk, name)) {
545 X509_NAME_free(name);
546 return (0);
547 }
548 return (1);
549}
550
551int
552SSL_add_client_CA(SSL *ssl, X509 *x)
553{
554 return (add_client_CA(&(ssl->client_CA), x));
555}
556
557int
558SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
559{
560 return (add_client_CA(&(ctx->client_CA), x));
561}
562
563static int
564xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
565{
566 return (X509_NAME_cmp(*a, *b));
567}
568
569/*!
570 * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
571 * it doesn't really have anything to do with clients (except that a common use
572 * for a stack of CAs is to send it to the client). Actually, it doesn't have
573 * much to do with CAs, either, since it will load any old cert.
574 * \param file the file containing one or more certs.
575 * \return a ::STACK containing the certs.
576 */
577STACK_OF(X509_NAME) *
578SSL_load_client_CA_file(const char *file)
579{
580 BIO *in;
581 X509 *x = NULL;
582 X509_NAME *xn = NULL;
583 STACK_OF(X509_NAME) *ret = NULL, *sk;
584
585 sk = sk_X509_NAME_new(xname_cmp);
586
587 in = BIO_new(BIO_s_file_internal());
588
589 if ((sk == NULL) || (in == NULL)) {
590 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
591 goto err;
592 }
593
594 if (!BIO_read_filename(in, file))
595 goto err;
596
597 for (;;) {
598 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
599 break;
600 if (ret == NULL) {
601 ret = sk_X509_NAME_new_null();
602 if (ret == NULL) {
603 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,
604 ERR_R_MALLOC_FAILURE);
605 goto err;
606 }
607 }
608 if ((xn = X509_get_subject_name(x)) == NULL) goto err;
609 /* check for duplicates */
610 xn = X509_NAME_dup(xn);
611 if (xn == NULL)
612 goto err;
613 if (sk_X509_NAME_find(sk, xn) >= 0)
614 X509_NAME_free(xn);
615 else {
616 sk_X509_NAME_push(sk, xn);
617 sk_X509_NAME_push(ret, xn);
618 }
619 }
620
621 if (0) {
622err:
623 if (ret != NULL)
624 sk_X509_NAME_pop_free(ret, X509_NAME_free);
625 ret = NULL;
626 }
627 if (sk != NULL)
628 sk_X509_NAME_free(sk);
629 BIO_free(in);
630 if (x != NULL)
631 X509_free(x);
632 if (ret != NULL)
633 ERR_clear_error();
634 return (ret);
635}
636
637/*!
638 * Add a file of certs to a stack.
639 * \param stack the stack to add to.
640 * \param file the file to add from. All certs in this file that are not
641 * already in the stack will be added.
642 * \return 1 for success, 0 for failure. Note that in the case of failure some
643 * certs may have been added to \c stack.
644 */
645
646int
647SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
648 const char *file)
649{
650 BIO *in;
651 X509 *x = NULL;
652 X509_NAME *xn = NULL;
653 int ret = 1;
654 int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
655
656 oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
657
658 in = BIO_new(BIO_s_file_internal());
659
660 if (in == NULL) {
661 SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,
662 ERR_R_MALLOC_FAILURE);
663 goto err;
664 }
665
666 if (!BIO_read_filename(in, file))
667 goto err;
668
669 for (;;) {
670 if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
671 break;
672 if ((xn = X509_get_subject_name(x)) == NULL) goto err;
673 xn = X509_NAME_dup(xn);
674 if (xn == NULL)
675 goto err;
676 if (sk_X509_NAME_find(stack, xn) >= 0)
677 X509_NAME_free(xn);
678 else
679 sk_X509_NAME_push(stack, xn);
680 }
681
682 ERR_clear_error();
683
684 if (0) {
685err:
686 ret = 0;
687 }
688 BIO_free(in);
689 if (x != NULL)
690 X509_free(x);
691
692 (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
693
694 return ret;
695}
696
697/*!
698 * Add a directory of certs to a stack.
699 * \param stack the stack to append to.
700 * \param dir the directory to append from. All files in this directory will be
701 * examined as potential certs. Any that are acceptable to
702 * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will
703 * be included.
704 * \return 1 for success, 0 for failure. Note that in the case of failure some
705 * certs may have been added to \c stack.
706 */
707
708int
709SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir)
710{
711 DIR *dirp = NULL;
712 char *path = NULL;
713 int ret = 0;
714
715 dirp = opendir(dir);
716 if (dirp) {
717 struct dirent *dp;
718 while ((dp = readdir(dirp)) != NULL) {
719 if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) {
720 ret = SSL_add_file_cert_subjects_to_stack(
721 stack, path);
722 free(path);
723 }
724 if (!ret)
725 break;
726 }
727 (void) closedir(dirp);
728 }
729 if (!ret) {
730 SYSerr(SYS_F_OPENDIR, errno);
731 ERR_asprintf_error_data("opendir ('%s')", dir);
732 SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
733 }
734 return ret;
735}
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index 96b4099d19..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1765 +0,0 @@
1/* $OpenBSD: ssl_ciph.c,v 1.81 2015/02/07 04:17:11 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144
145#include <openssl/objects.h>
146
147#ifndef OPENSSL_NO_ENGINE
148#include <openssl/engine.h>
149#endif
150
151#include "ssl_locl.h"
152
153#define SSL_ENC_DES_IDX 0
154#define SSL_ENC_3DES_IDX 1
155#define SSL_ENC_RC4_IDX 2
156#define SSL_ENC_IDEA_IDX 3
157#define SSL_ENC_NULL_IDX 4
158#define SSL_ENC_AES128_IDX 5
159#define SSL_ENC_AES256_IDX 6
160#define SSL_ENC_CAMELLIA128_IDX 7
161#define SSL_ENC_CAMELLIA256_IDX 8
162#define SSL_ENC_GOST89_IDX 9
163#define SSL_ENC_AES128GCM_IDX 10
164#define SSL_ENC_AES256GCM_IDX 11
165#define SSL_ENC_NUM_IDX 12
166
167
168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
169 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
170};
171
172#define SSL_MD_MD5_IDX 0
173#define SSL_MD_SHA1_IDX 1
174#define SSL_MD_GOST94_IDX 2
175#define SSL_MD_GOST89MAC_IDX 3
176#define SSL_MD_SHA256_IDX 4
177#define SSL_MD_SHA384_IDX 5
178#define SSL_MD_STREEBOG256_IDX 6
179#define SSL_MD_STREEBOG512_IDX 7
180/*Constant SSL_MAX_DIGEST equal to size of digests array should be
181 * defined in the
182 * ssl_locl.h */
183#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
184static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
185 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
186};
187
188static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
189 EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT,
190 EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC,
191};
192
193static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
194 0, 0, 0, 0, 0, 0, 0, 0
195};
196
197static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
198 SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
199 SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
200 SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256,
201 SSL_HANDSHAKE_MAC_STREEBOG512
202};
203
204#define CIPHER_ADD 1
205#define CIPHER_KILL 2
206#define CIPHER_DEL 3
207#define CIPHER_ORD 4
208#define CIPHER_SPECIAL 5
209
210typedef struct cipher_order_st {
211 const SSL_CIPHER *cipher;
212 int active;
213 int dead;
214 struct cipher_order_st *next, *prev;
215} CIPHER_ORDER;
216
217static const SSL_CIPHER cipher_aliases[] = {
218
219 /* "ALL" doesn't include eNULL (must be specifically enabled) */
220 {
221 .name = SSL_TXT_ALL,
222 .algorithm_enc = ~SSL_eNULL,
223 },
224
225 /* "COMPLEMENTOFALL" */
226 {
227 .name = SSL_TXT_CMPALL,
228 .algorithm_enc = SSL_eNULL,
229 },
230
231 /*
232 * "COMPLEMENTOFDEFAULT"
233 * (does *not* include ciphersuites not found in ALL!)
234 */
235 {
236 .name = SSL_TXT_CMPDEF,
237 .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
238 .algorithm_auth = SSL_aNULL,
239 .algorithm_enc = ~SSL_eNULL,
240 },
241
242 /*
243 * key exchange aliases
244 * (some of those using only a single bit here combine multiple key
245 * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
246 * and DHE_RSA)
247 */
248 {
249 .name = SSL_TXT_kRSA,
250 .algorithm_mkey = SSL_kRSA,
251 },
252 {
253 .name = SSL_TXT_kEDH,
254 .algorithm_mkey = SSL_kDHE,
255 },
256 {
257 .name = SSL_TXT_DH,
258 .algorithm_mkey = SSL_kDHE,
259 },
260
261 {
262 .name = SSL_TXT_kECDHr,
263 .algorithm_mkey = SSL_kECDHr,
264 },
265 {
266 .name = SSL_TXT_kECDHe,
267 .algorithm_mkey = SSL_kECDHe,
268 },
269 {
270 .name = SSL_TXT_kECDH,
271 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe,
272 },
273 {
274 .name = SSL_TXT_kEECDH,
275 .algorithm_mkey = SSL_kECDHE,
276 },
277 {
278 .name = SSL_TXT_ECDH,
279 .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
280 },
281
282 {
283 .name = SSL_TXT_kGOST,
284 .algorithm_mkey = SSL_kGOST,
285 },
286
287 /* server authentication aliases */
288 {
289 .name = SSL_TXT_aRSA,
290 .algorithm_auth = SSL_aRSA,
291 },
292 {
293 .name = SSL_TXT_aDSS,
294 .algorithm_auth = SSL_aDSS,
295 },
296 {
297 .name = SSL_TXT_DSS,
298 .algorithm_auth = SSL_aDSS,
299 },
300 {
301 .name = SSL_TXT_aNULL,
302 .algorithm_auth = SSL_aNULL,
303 },
304 {
305 .name = SSL_TXT_aECDH,
306 .algorithm_auth = SSL_aECDH,
307 },
308 {
309 .name = SSL_TXT_aECDSA,
310 .algorithm_auth = SSL_aECDSA,
311 },
312 {
313 .name = SSL_TXT_ECDSA,
314 .algorithm_auth = SSL_aECDSA,
315 },
316 {
317 .name = SSL_TXT_aGOST01,
318 .algorithm_auth = SSL_aGOST01,
319 },
320 {
321 .name = SSL_TXT_aGOST,
322 .algorithm_auth = SSL_aGOST01,
323 },
324
325 /* aliases combining key exchange and server authentication */
326 {
327 .name = SSL_TXT_DHE,
328 .algorithm_mkey = SSL_kDHE,
329 .algorithm_auth = ~SSL_aNULL,
330 },
331 {
332 .name = SSL_TXT_EDH,
333 .algorithm_mkey = SSL_kDHE,
334 .algorithm_auth = ~SSL_aNULL,
335 },
336 {
337 .name = SSL_TXT_ECDHE,
338 .algorithm_mkey = SSL_kECDHE,
339 .algorithm_auth = ~SSL_aNULL,
340 },
341 {
342 .name = SSL_TXT_EECDH,
343 .algorithm_mkey = SSL_kECDHE,
344 .algorithm_auth = ~SSL_aNULL,
345 },
346 {
347 .name = SSL_TXT_NULL,
348 .algorithm_enc = SSL_eNULL,
349 },
350 {
351 .name = SSL_TXT_RSA,
352 .algorithm_mkey = SSL_kRSA,
353 .algorithm_auth = SSL_aRSA,
354 },
355 {
356 .name = SSL_TXT_ADH,
357 .algorithm_mkey = SSL_kDHE,
358 .algorithm_auth = SSL_aNULL,
359 },
360 {
361 .name = SSL_TXT_AECDH,
362 .algorithm_mkey = SSL_kECDHE,
363 .algorithm_auth = SSL_aNULL,
364 },
365
366 /* symmetric encryption aliases */
367 {
368 .name = SSL_TXT_DES,
369 .algorithm_enc = SSL_DES,
370 },
371 {
372 .name = SSL_TXT_3DES,
373 .algorithm_enc = SSL_3DES,
374 },
375 {
376 .name = SSL_TXT_RC4,
377 .algorithm_enc = SSL_RC4,
378 },
379 {
380 .name = SSL_TXT_IDEA,
381 .algorithm_enc = SSL_IDEA,
382 },
383 {
384 .name = SSL_TXT_eNULL,
385 .algorithm_enc = SSL_eNULL,
386 },
387 {
388 .name = SSL_TXT_AES128,
389 .algorithm_enc = SSL_AES128|SSL_AES128GCM,
390 },
391 {
392 .name = SSL_TXT_AES256,
393 .algorithm_enc = SSL_AES256|SSL_AES256GCM,
394 },
395 {
396 .name = SSL_TXT_AES,
397 .algorithm_enc = SSL_AES,
398 },
399 {
400 .name = SSL_TXT_AES_GCM,
401 .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
402 },
403 {
404 .name = SSL_TXT_CAMELLIA128,
405 .algorithm_enc = SSL_CAMELLIA128,
406 },
407 {
408 .name = SSL_TXT_CAMELLIA256,
409 .algorithm_enc = SSL_CAMELLIA256,
410 },
411 {
412 .name = SSL_TXT_CAMELLIA,
413 .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
414 },
415 {
416 .name = SSL_TXT_CHACHA20,
417 .algorithm_enc = SSL_CHACHA20POLY1305,
418 },
419
420 /* MAC aliases */
421 {
422 .name = SSL_TXT_AEAD,
423 .algorithm_mac = SSL_AEAD,
424 },
425 {
426 .name = SSL_TXT_MD5,
427 .algorithm_mac = SSL_MD5,
428 },
429 {
430 .name = SSL_TXT_SHA1,
431 .algorithm_mac = SSL_SHA1,
432 },
433 {
434 .name = SSL_TXT_SHA,
435 .algorithm_mac = SSL_SHA1,
436 },
437 {
438 .name = SSL_TXT_GOST94,
439 .algorithm_mac = SSL_GOST94,
440 },
441 {
442 .name = SSL_TXT_GOST89MAC,
443 .algorithm_mac = SSL_GOST89MAC,
444 },
445 {
446 .name = SSL_TXT_SHA256,
447 .algorithm_mac = SSL_SHA256,
448 },
449 {
450 .name = SSL_TXT_SHA384,
451 .algorithm_mac = SSL_SHA384,
452 },
453 {
454 .name = SSL_TXT_STREEBOG256,
455 .algorithm_mac = SSL_STREEBOG256,
456 },
457 {
458 .name = SSL_TXT_STREEBOG512,
459 .algorithm_mac = SSL_STREEBOG512,
460 },
461
462 /* protocol version aliases */
463 {
464 .name = SSL_TXT_SSLV3,
465 .algorithm_ssl = SSL_SSLV3,
466 },
467 {
468 .name = SSL_TXT_TLSV1,
469 .algorithm_ssl = SSL_TLSV1,
470 },
471 {
472 .name = SSL_TXT_TLSV1_2,
473 .algorithm_ssl = SSL_TLSV1_2,
474 },
475
476 /* strength classes */
477 {
478 .name = SSL_TXT_LOW,
479 .algo_strength = SSL_LOW,
480 },
481 {
482 .name = SSL_TXT_MEDIUM,
483 .algo_strength = SSL_MEDIUM,
484 },
485 {
486 .name = SSL_TXT_HIGH,
487 .algo_strength = SSL_HIGH,
488 },
489};
490
491void
492ssl_load_ciphers(void)
493{
494 ssl_cipher_methods[SSL_ENC_DES_IDX] =
495 EVP_get_cipherbyname(SN_des_cbc);
496 ssl_cipher_methods[SSL_ENC_3DES_IDX] =
497 EVP_get_cipherbyname(SN_des_ede3_cbc);
498 ssl_cipher_methods[SSL_ENC_RC4_IDX] =
499 EVP_get_cipherbyname(SN_rc4);
500#ifndef OPENSSL_NO_IDEA
501 ssl_cipher_methods[SSL_ENC_IDEA_IDX] =
502 EVP_get_cipherbyname(SN_idea_cbc);
503#else
504 ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
505#endif
506 ssl_cipher_methods[SSL_ENC_AES128_IDX] =
507 EVP_get_cipherbyname(SN_aes_128_cbc);
508 ssl_cipher_methods[SSL_ENC_AES256_IDX] =
509 EVP_get_cipherbyname(SN_aes_256_cbc);
510 ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
511 EVP_get_cipherbyname(SN_camellia_128_cbc);
512 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =
513 EVP_get_cipherbyname(SN_camellia_256_cbc);
514 ssl_cipher_methods[SSL_ENC_GOST89_IDX] =
515 EVP_get_cipherbyname(SN_gost89_cnt);
516
517 ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] =
518 EVP_get_cipherbyname(SN_aes_128_gcm);
519 ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] =
520 EVP_get_cipherbyname(SN_aes_256_gcm);
521
522 ssl_digest_methods[SSL_MD_MD5_IDX] =
523 EVP_get_digestbyname(SN_md5);
524 ssl_mac_secret_size[SSL_MD_MD5_IDX] =
525 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
526 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
527 ssl_digest_methods[SSL_MD_SHA1_IDX] =
528 EVP_get_digestbyname(SN_sha1);
529 ssl_mac_secret_size[SSL_MD_SHA1_IDX] =
530 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
531 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
532 ssl_digest_methods[SSL_MD_GOST94_IDX] =
533 EVP_get_digestbyname(SN_id_GostR3411_94);
534 if (ssl_digest_methods[SSL_MD_GOST94_IDX]) {
535 ssl_mac_secret_size[SSL_MD_GOST94_IDX] =
536 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
537 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
538 }
539 ssl_digest_methods[SSL_MD_GOST89MAC_IDX] =
540 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
541 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
542 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
543 }
544
545 ssl_digest_methods[SSL_MD_SHA256_IDX] =
546 EVP_get_digestbyname(SN_sha256);
547 ssl_mac_secret_size[SSL_MD_SHA256_IDX] =
548 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
549 ssl_digest_methods[SSL_MD_SHA384_IDX] =
550 EVP_get_digestbyname(SN_sha384);
551 ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
552 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
553 ssl_digest_methods[SSL_MD_STREEBOG256_IDX] =
554 EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256);
555 ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] =
556 EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]);
557 ssl_digest_methods[SSL_MD_STREEBOG512_IDX] =
558 EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512);
559 ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX] =
560 EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]);
561}
562
563int
564ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
565 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size)
566{
567 const SSL_CIPHER *c;
568 int i;
569
570 c = s->cipher;
571 if (c == NULL)
572 return (0);
573
574 /*
575 * This function does not handle EVP_AEAD.
576 * See ssl_cipher_get_aead_evp instead.
577 */
578 if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)
579 return(0);
580
581 if ((enc == NULL) || (md == NULL))
582 return (0);
583
584 switch (c->algorithm_enc) {
585 case SSL_DES:
586 i = SSL_ENC_DES_IDX;
587 break;
588 case SSL_3DES:
589 i = SSL_ENC_3DES_IDX;
590 break;
591 case SSL_RC4:
592 i = SSL_ENC_RC4_IDX;
593 break;
594 case SSL_IDEA:
595 i = SSL_ENC_IDEA_IDX;
596 break;
597 case SSL_eNULL:
598 i = SSL_ENC_NULL_IDX;
599 break;
600 case SSL_AES128:
601 i = SSL_ENC_AES128_IDX;
602 break;
603 case SSL_AES256:
604 i = SSL_ENC_AES256_IDX;
605 break;
606 case SSL_CAMELLIA128:
607 i = SSL_ENC_CAMELLIA128_IDX;
608 break;
609 case SSL_CAMELLIA256:
610 i = SSL_ENC_CAMELLIA256_IDX;
611 break;
612 case SSL_eGOST2814789CNT:
613 i = SSL_ENC_GOST89_IDX;
614 break;
615 case SSL_AES128GCM:
616 i = SSL_ENC_AES128GCM_IDX;
617 break;
618 case SSL_AES256GCM:
619 i = SSL_ENC_AES256GCM_IDX;
620 break;
621 default:
622 i = -1;
623 break;
624 }
625
626 if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
627 *enc = NULL;
628 else {
629 if (i == SSL_ENC_NULL_IDX)
630 *enc = EVP_enc_null();
631 else
632 *enc = ssl_cipher_methods[i];
633 }
634
635 switch (c->algorithm_mac) {
636 case SSL_MD5:
637 i = SSL_MD_MD5_IDX;
638 break;
639 case SSL_SHA1:
640 i = SSL_MD_SHA1_IDX;
641 break;
642 case SSL_SHA256:
643 i = SSL_MD_SHA256_IDX;
644 break;
645 case SSL_SHA384:
646 i = SSL_MD_SHA384_IDX;
647 break;
648 case SSL_GOST94:
649 i = SSL_MD_GOST94_IDX;
650 break;
651 case SSL_GOST89MAC:
652 i = SSL_MD_GOST89MAC_IDX;
653 break;
654 case SSL_STREEBOG256:
655 i = SSL_MD_STREEBOG256_IDX;
656 break;
657 case SSL_STREEBOG512:
658 i = SSL_MD_STREEBOG512_IDX;
659 break;
660 default:
661 i = -1;
662 break;
663 }
664 if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
665 *md = NULL;
666
667 if (mac_pkey_type != NULL)
668 *mac_pkey_type = NID_undef;
669 if (mac_secret_size != NULL)
670 *mac_secret_size = 0;
671 if (c->algorithm_mac == SSL_AEAD)
672 mac_pkey_type = NULL;
673 } else {
674 *md = ssl_digest_methods[i];
675 if (mac_pkey_type != NULL)
676 *mac_pkey_type = ssl_mac_pkey_id[i];
677 if (mac_secret_size != NULL)
678 *mac_secret_size = ssl_mac_secret_size[i];
679 }
680
681 if ((*enc != NULL) &&
682 (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
683 (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
684 const EVP_CIPHER *evp;
685
686 if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
687 s->ssl_version < TLS1_VERSION)
688 return 1;
689
690 if (c->algorithm_enc == SSL_RC4 &&
691 c->algorithm_mac == SSL_MD5 &&
692 (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
693 *enc = evp, *md = NULL;
694 else if (c->algorithm_enc == SSL_AES128 &&
695 c->algorithm_mac == SSL_SHA1 &&
696 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
697 *enc = evp, *md = NULL;
698 else if (c->algorithm_enc == SSL_AES256 &&
699 c->algorithm_mac == SSL_SHA1 &&
700 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
701 *enc = evp, *md = NULL;
702 return (1);
703 } else
704 return (0);
705}
706
707/*
708 * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object
709 * for s->cipher. It returns 1 on success and 0 on error.
710 */
711int
712ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead)
713{
714 const SSL_CIPHER *c = s->cipher;
715
716 *aead = NULL;
717
718 if (c == NULL)
719 return 0;
720 if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0)
721 return 0;
722
723 switch (c->algorithm_enc) {
724#ifndef OPENSSL_NO_AES
725 case SSL_AES128GCM:
726 *aead = EVP_aead_aes_128_gcm();
727 return 1;
728 case SSL_AES256GCM:
729 *aead = EVP_aead_aes_256_gcm();
730 return 1;
731#endif
732#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
733 case SSL_CHACHA20POLY1305:
734 *aead = EVP_aead_chacha20_poly1305();
735 return 1;
736#endif
737 default:
738 break;
739 }
740 return 0;
741}
742
743int
744ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
745{
746 if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
747 return 0;
748 }
749 *mask = ssl_handshake_digest_flag[idx];
750 if (*mask)
751 *md = ssl_digest_methods[idx];
752 else
753 *md = NULL;
754 return 1;
755}
756
757#define ITEM_SEP(a) \
758 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
759
760static void
761ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
762 CIPHER_ORDER **tail)
763{
764 if (curr == *tail)
765 return;
766 if (curr == *head)
767 *head = curr->next;
768 if (curr->prev != NULL)
769 curr->prev->next = curr->next;
770 if (curr->next != NULL)
771 curr->next->prev = curr->prev;
772 (*tail)->next = curr;
773 curr->prev= *tail;
774 curr->next = NULL;
775 *tail = curr;
776}
777
778static void
779ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
780 CIPHER_ORDER **tail)
781{
782 if (curr == *head)
783 return;
784 if (curr == *tail)
785 *tail = curr->prev;
786 if (curr->next != NULL)
787 curr->next->prev = curr->prev;
788 if (curr->prev != NULL)
789 curr->prev->next = curr->next;
790 (*head)->prev = curr;
791 curr->next= *head;
792 curr->prev = NULL;
793 *head = curr;
794}
795
796static void
797ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
798 unsigned long *enc, unsigned long *mac, unsigned long *ssl)
799{
800 *mkey = 0;
801 *auth = 0;
802 *enc = 0;
803 *mac = 0;
804 *ssl = 0;
805
806 /*
807 * Check for the availability of GOST 34.10 public/private key
808 * algorithms. If they are not available disable the associated
809 * authentication and key exchange algorithms.
810 */
811 if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) {
812 *auth |= SSL_aGOST01;
813 *mkey |= SSL_kGOST;
814 }
815
816#ifdef SSL_FORBID_ENULL
817 *enc |= SSL_eNULL;
818#endif
819
820 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0;
821 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
822 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0;
823 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0;
824 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0;
825 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0;
826 *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0;
827 *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0;
828 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0;
829 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0;
830 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0;
831
832 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0;
833 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
834 *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
835 *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
836 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
837 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0;
838 *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0;
839 *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0;
840
841}
842
843static void
844ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
845 unsigned long disabled_mkey, unsigned long disabled_auth,
846 unsigned long disabled_enc, unsigned long disabled_mac,
847 unsigned long disabled_ssl, CIPHER_ORDER *co_list,
848 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
849{
850 int i, co_list_num;
851 const SSL_CIPHER *c;
852
853 /*
854 * We have num_of_ciphers descriptions compiled in, depending on the
855 * method selected (SSLv3, TLSv1, etc). These will later be sorted in
856 * a linked list with at most num entries.
857 */
858
859 /* Get the initial list of ciphers */
860 co_list_num = 0; /* actual count of ciphers */
861 for (i = 0; i < num_of_ciphers; i++) {
862 c = ssl_method->get_cipher(i);
863 /* drop those that use any of that is not available */
864 if ((c != NULL) && c->valid &&
865 !(c->algorithm_mkey & disabled_mkey) &&
866 !(c->algorithm_auth & disabled_auth) &&
867 !(c->algorithm_enc & disabled_enc) &&
868 !(c->algorithm_mac & disabled_mac) &&
869 !(c->algorithm_ssl & disabled_ssl)) {
870 co_list[co_list_num].cipher = c;
871 co_list[co_list_num].next = NULL;
872 co_list[co_list_num].prev = NULL;
873 co_list[co_list_num].active = 0;
874 co_list_num++;
875 /*
876 if (!sk_push(ca_list,(char *)c)) goto err;
877 */
878 }
879 }
880
881 /*
882 * Prepare linked list from list entries
883 */
884 if (co_list_num > 0) {
885 co_list[0].prev = NULL;
886
887 if (co_list_num > 1) {
888 co_list[0].next = &co_list[1];
889
890 for (i = 1; i < co_list_num - 1; i++) {
891 co_list[i].prev = &co_list[i - 1];
892 co_list[i].next = &co_list[i + 1];
893 }
894
895 co_list[co_list_num - 1].prev =
896 &co_list[co_list_num - 2];
897 }
898
899 co_list[co_list_num - 1].next = NULL;
900
901 *head_p = &co_list[0];
902 *tail_p = &co_list[co_list_num - 1];
903 }
904}
905
906static void
907ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases,
908 unsigned long disabled_mkey, unsigned long disabled_auth,
909 unsigned long disabled_enc, unsigned long disabled_mac,
910 unsigned long disabled_ssl, CIPHER_ORDER *head)
911{
912 CIPHER_ORDER *ciph_curr;
913 const SSL_CIPHER **ca_curr;
914 int i;
915 unsigned long mask_mkey = ~disabled_mkey;
916 unsigned long mask_auth = ~disabled_auth;
917 unsigned long mask_enc = ~disabled_enc;
918 unsigned long mask_mac = ~disabled_mac;
919 unsigned long mask_ssl = ~disabled_ssl;
920
921 /*
922 * First, add the real ciphers as already collected
923 */
924 ciph_curr = head;
925 ca_curr = ca_list;
926 while (ciph_curr != NULL) {
927 *ca_curr = ciph_curr->cipher;
928 ca_curr++;
929 ciph_curr = ciph_curr->next;
930 }
931
932 /*
933 * Now we add the available ones from the cipher_aliases[] table.
934 * They represent either one or more algorithms, some of which
935 * in any affected category must be supported (set in enabled_mask),
936 * or represent a cipher strength value (will be added in any case because algorithms=0).
937 */
938 for (i = 0; i < num_of_group_aliases; i++) {
939 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
940 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
941 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
942 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
943 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
944
945 if (algorithm_mkey)
946 if ((algorithm_mkey & mask_mkey) == 0)
947 continue;
948
949 if (algorithm_auth)
950 if ((algorithm_auth & mask_auth) == 0)
951 continue;
952
953 if (algorithm_enc)
954 if ((algorithm_enc & mask_enc) == 0)
955 continue;
956
957 if (algorithm_mac)
958 if ((algorithm_mac & mask_mac) == 0)
959 continue;
960
961 if (algorithm_ssl)
962 if ((algorithm_ssl & mask_ssl) == 0)
963 continue;
964
965 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
966 ca_curr++;
967 }
968
969 *ca_curr = NULL; /* end of list */
970}
971
972static void
973ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
974 unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac,
975 unsigned long alg_ssl, unsigned long algo_strength,
976 int rule, int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
977{
978 CIPHER_ORDER *head, *tail, *curr, *next, *last;
979 const SSL_CIPHER *cp;
980 int reverse = 0;
981
982
983 if (rule == CIPHER_DEL)
984 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
985
986 head = *head_p;
987 tail = *tail_p;
988
989 if (reverse) {
990 next = tail;
991 last = head;
992 } else {
993 next = head;
994 last = tail;
995 }
996
997 curr = NULL;
998 for (;;) {
999 if (curr == last)
1000 break;
1001 curr = next;
1002 next = reverse ? curr->prev : curr->next;
1003
1004 cp = curr->cipher;
1005
1006 /*
1007 * Selection criteria is either the value of strength_bits
1008 * or the algorithms used.
1009 */
1010 if (strength_bits >= 0) {
1011 if (strength_bits != cp->strength_bits)
1012 continue;
1013 } else {
1014
1015 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
1016 continue;
1017 if (alg_auth && !(alg_auth & cp->algorithm_auth))
1018 continue;
1019 if (alg_enc && !(alg_enc & cp->algorithm_enc))
1020 continue;
1021 if (alg_mac && !(alg_mac & cp->algorithm_mac))
1022 continue;
1023 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
1024 continue;
1025 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
1026 continue;
1027 }
1028
1029
1030 /* add the cipher if it has not been added yet. */
1031 if (rule == CIPHER_ADD) {
1032 /* reverse == 0 */
1033 if (!curr->active) {
1034 ll_append_tail(&head, curr, &tail);
1035 curr->active = 1;
1036 }
1037 }
1038 /* Move the added cipher to this location */
1039 else if (rule == CIPHER_ORD) {
1040 /* reverse == 0 */
1041 if (curr->active) {
1042 ll_append_tail(&head, curr, &tail);
1043 }
1044 } else if (rule == CIPHER_DEL) {
1045 /* reverse == 1 */
1046 if (curr->active) {
1047 /* most recently deleted ciphersuites get best positions
1048 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
1049 * works in reverse to maintain the order) */
1050 ll_append_head(&head, curr, &tail);
1051 curr->active = 0;
1052 }
1053 } else if (rule == CIPHER_KILL) {
1054 /* reverse == 0 */
1055 if (head == curr)
1056 head = curr->next;
1057 else
1058 curr->prev->next = curr->next;
1059 if (tail == curr)
1060 tail = curr->prev;
1061 curr->active = 0;
1062 if (curr->next != NULL)
1063 curr->next->prev = curr->prev;
1064 if (curr->prev != NULL)
1065 curr->prev->next = curr->next;
1066 curr->next = NULL;
1067 curr->prev = NULL;
1068 }
1069 }
1070
1071 *head_p = head;
1072 *tail_p = tail;
1073}
1074
1075static int
1076ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
1077{
1078 int max_strength_bits, i, *number_uses;
1079 CIPHER_ORDER *curr;
1080
1081 /*
1082 * This routine sorts the ciphers with descending strength. The sorting
1083 * must keep the pre-sorted sequence, so we apply the normal sorting
1084 * routine as '+' movement to the end of the list.
1085 */
1086 max_strength_bits = 0;
1087 curr = *head_p;
1088 while (curr != NULL) {
1089 if (curr->active &&
1090 (curr->cipher->strength_bits > max_strength_bits))
1091 max_strength_bits = curr->cipher->strength_bits;
1092 curr = curr->next;
1093 }
1094
1095 number_uses = calloc((max_strength_bits + 1), sizeof(int));
1096 if (!number_uses) {
1097 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
1098 return (0);
1099 }
1100
1101 /*
1102 * Now find the strength_bits values actually used
1103 */
1104 curr = *head_p;
1105 while (curr != NULL) {
1106 if (curr->active)
1107 number_uses[curr->cipher->strength_bits]++;
1108 curr = curr->next;
1109 }
1110 /*
1111 * Go through the list of used strength_bits values in descending
1112 * order.
1113 */
1114 for (i = max_strength_bits; i >= 0; i--)
1115 if (number_uses[i] > 0)
1116 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
1117
1118 free(number_uses);
1119 return (1);
1120}
1121
1122static int
1123ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
1124 CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list)
1125{
1126 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
1127 unsigned long algo_strength;
1128 int j, multi, found, rule, retval, ok, buflen;
1129 unsigned long cipher_id = 0;
1130 const char *l, *buf;
1131 char ch;
1132
1133 retval = 1;
1134 l = rule_str;
1135 for (;;) {
1136 ch = *l;
1137
1138 if (ch == '\0')
1139 break;
1140
1141 if (ch == '-') {
1142 rule = CIPHER_DEL;
1143 l++;
1144 } else if (ch == '+') {
1145 rule = CIPHER_ORD;
1146 l++;
1147 } else if (ch == '!') {
1148 rule = CIPHER_KILL;
1149 l++;
1150 } else if (ch == '@') {
1151 rule = CIPHER_SPECIAL;
1152 l++;
1153 } else {
1154 rule = CIPHER_ADD;
1155 }
1156
1157 if (ITEM_SEP(ch)) {
1158 l++;
1159 continue;
1160 }
1161
1162 alg_mkey = 0;
1163 alg_auth = 0;
1164 alg_enc = 0;
1165 alg_mac = 0;
1166 alg_ssl = 0;
1167 algo_strength = 0;
1168
1169 for (;;) {
1170 ch = *l;
1171 buf = l;
1172 buflen = 0;
1173 while (((ch >= 'A') && (ch <= 'Z')) ||
1174 ((ch >= '0') && (ch <= '9')) ||
1175 ((ch >= 'a') && (ch <= 'z')) ||
1176 (ch == '-') || (ch == '.')) {
1177 ch = *(++l);
1178 buflen++;
1179 }
1180
1181 if (buflen == 0) {
1182 /*
1183 * We hit something we cannot deal with,
1184 * it is no command or separator nor
1185 * alphanumeric, so we call this an error.
1186 */
1187 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1188 SSL_R_INVALID_COMMAND);
1189 retval = found = 0;
1190 l++;
1191 break;
1192 }
1193
1194 if (rule == CIPHER_SPECIAL) {
1195 /* unused -- avoid compiler warning */
1196 found = 0;
1197 /* special treatment */
1198 break;
1199 }
1200
1201 /* check for multi-part specification */
1202 if (ch == '+') {
1203 multi = 1;
1204 l++;
1205 } else
1206 multi = 0;
1207
1208 /*
1209 * Now search for the cipher alias in the ca_list.
1210 * Be careful with the strncmp, because the "buflen"
1211 * limitation will make the rule "ADH:SOME" and the
1212 * cipher "ADH-MY-CIPHER" look like a match for
1213 * buflen=3. So additionally check whether the cipher
1214 * name found has the correct length. We can save a
1215 * strlen() call: just checking for the '\0' at the
1216 * right place is sufficient, we have to strncmp()
1217 * anyway (we cannot use strcmp(), because buf is not
1218 * '\0' terminated.)
1219 */
1220 j = found = 0;
1221 cipher_id = 0;
1222 while (ca_list[j]) {
1223 if (!strncmp(buf, ca_list[j]->name, buflen) &&
1224 (ca_list[j]->name[buflen] == '\0')) {
1225 found = 1;
1226 break;
1227 } else
1228 j++;
1229 }
1230
1231 if (!found)
1232 break; /* ignore this entry */
1233
1234 if (ca_list[j]->algorithm_mkey) {
1235 if (alg_mkey) {
1236 alg_mkey &= ca_list[j]->algorithm_mkey;
1237 if (!alg_mkey) {
1238 found = 0;
1239 break;
1240 }
1241 } else
1242 alg_mkey = ca_list[j]->algorithm_mkey;
1243 }
1244
1245 if (ca_list[j]->algorithm_auth) {
1246 if (alg_auth) {
1247 alg_auth &= ca_list[j]->algorithm_auth;
1248 if (!alg_auth) {
1249 found = 0;
1250 break;
1251 }
1252 } else
1253 alg_auth = ca_list[j]->algorithm_auth;
1254 }
1255
1256 if (ca_list[j]->algorithm_enc) {
1257 if (alg_enc) {
1258 alg_enc &= ca_list[j]->algorithm_enc;
1259 if (!alg_enc) {
1260 found = 0;
1261 break;
1262 }
1263 } else
1264 alg_enc = ca_list[j]->algorithm_enc;
1265 }
1266
1267 if (ca_list[j]->algorithm_mac) {
1268 if (alg_mac) {
1269 alg_mac &= ca_list[j]->algorithm_mac;
1270 if (!alg_mac) {
1271 found = 0;
1272 break;
1273 }
1274 } else
1275 alg_mac = ca_list[j]->algorithm_mac;
1276 }
1277
1278 if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
1279 if (algo_strength & SSL_STRONG_MASK) {
1280 algo_strength &=
1281 (ca_list[j]->algo_strength &
1282 SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1283 if (!(algo_strength &
1284 SSL_STRONG_MASK)) {
1285 found = 0;
1286 break;
1287 }
1288 } else
1289 algo_strength |=
1290 ca_list[j]->algo_strength &
1291 SSL_STRONG_MASK;
1292 }
1293
1294 if (ca_list[j]->valid) {
1295 /*
1296 * explicit ciphersuite found; its protocol
1297 * version does not become part of the search
1298 * pattern!
1299 */
1300 cipher_id = ca_list[j]->id;
1301 } else {
1302 /*
1303 * not an explicit ciphersuite; only in this
1304 * case, the protocol version is considered
1305 * part of the search pattern
1306 */
1307 if (ca_list[j]->algorithm_ssl) {
1308 if (alg_ssl) {
1309 alg_ssl &=
1310 ca_list[j]->algorithm_ssl;
1311 if (!alg_ssl) {
1312 found = 0;
1313 break;
1314 }
1315 } else
1316 alg_ssl =
1317 ca_list[j]->algorithm_ssl;
1318 }
1319 }
1320
1321 if (!multi)
1322 break;
1323 }
1324
1325 /*
1326 * Ok, we have the rule, now apply it
1327 */
1328 if (rule == CIPHER_SPECIAL) {
1329 /* special command */
1330 ok = 0;
1331 if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
1332 ok = ssl_cipher_strength_sort(head_p, tail_p);
1333 else
1334 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
1335 SSL_R_INVALID_COMMAND);
1336 if (ok == 0)
1337 retval = 0;
1338 /*
1339 * We do not support any "multi" options
1340 * together with "@", so throw away the
1341 * rest of the command, if any left, until
1342 * end or ':' is found.
1343 */
1344 while ((*l != '\0') && !ITEM_SEP(*l))
1345 l++;
1346 } else if (found) {
1347 ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth,
1348 alg_enc, alg_mac, alg_ssl, algo_strength, rule,
1349 -1, head_p, tail_p);
1350 } else {
1351 while ((*l != '\0') && !ITEM_SEP(*l))
1352 l++;
1353 }
1354 if (*l == '\0')
1355 break; /* done */
1356 }
1357
1358 return (retval);
1359}
1360
1361STACK_OF(SSL_CIPHER) *
1362ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1363 STACK_OF(SSL_CIPHER) **cipher_list,
1364 STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1365 const char *rule_str)
1366{
1367 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
1368 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
1369 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
1370 const char *rule_p;
1371 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
1372 const SSL_CIPHER **ca_list = NULL;
1373
1374 /*
1375 * Return with error if nothing to do.
1376 */
1377 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
1378 return NULL;
1379
1380 /*
1381 * To reduce the work to do we only want to process the compiled
1382 * in algorithms, so we first get the mask of disabled ciphers.
1383 */
1384 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
1385
1386 /*
1387 * Now we have to collect the available ciphers from the compiled
1388 * in ciphers. We cannot get more than the number compiled in, so
1389 * it is used for allocation.
1390 */
1391 num_of_ciphers = ssl_method->num_ciphers();
1392 co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
1393 if (co_list == NULL) {
1394 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1395 return(NULL); /* Failure */
1396 }
1397
1398 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1399 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1400 co_list, &head, &tail);
1401
1402
1403 /* Now arrange all ciphers by preference: */
1404
1405 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1406 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1407 ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1408
1409 /*
1410 * CHACHA20 is fast and safe on all hardware and is thus our preferred
1411 * symmetric cipher, with AES second.
1412 */
1413 ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1414 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1415
1416 /* Temporarily enable everything else for sorting */
1417 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1418
1419 /* Low priority for MD5 */
1420 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1421
1422 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1423 * (For applications that allow them, they aren't too bad, but we prefer
1424 * authenticated ciphers.) */
1425 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1426
1427 /* Move ciphers without forward secrecy to the end */
1428 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1429 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1430
1431 /* RC4 is sort-of broken -- move the the end */
1432 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1433
1434 /* Now sort by symmetric encryption strength. The above ordering remains
1435 * in force within each class */
1436 if (!ssl_cipher_strength_sort(&head, &tail)) {
1437 free(co_list);
1438 return NULL;
1439 }
1440
1441 /* Now disable everything (maintaining the ordering!) */
1442 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1443
1444
1445 /*
1446 * We also need cipher aliases for selecting based on the rule_str.
1447 * There might be two types of entries in the rule_str: 1) names
1448 * of ciphers themselves 2) aliases for groups of ciphers.
1449 * For 1) we need the available ciphers and for 2) the cipher
1450 * groups of cipher_aliases added together in one list (otherwise
1451 * we would be happy with just the cipher_aliases table).
1452 */
1453 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1454 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1455 ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
1456 if (ca_list == NULL) {
1457 free(co_list);
1458 SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1459 return(NULL); /* Failure */
1460 }
1461 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1462 disabled_mkey, disabled_auth, disabled_enc,
1463 disabled_mac, disabled_ssl, head);
1464
1465 /*
1466 * If the rule_string begins with DEFAULT, apply the default rule
1467 * before using the (possibly available) additional rules.
1468 */
1469 ok = 1;
1470 rule_p = rule_str;
1471 if (strncmp(rule_str, "DEFAULT", 7) == 0) {
1472 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1473 &head, &tail, ca_list);
1474 rule_p += 7;
1475 if (*rule_p == ':')
1476 rule_p++;
1477 }
1478
1479 if (ok && (strlen(rule_p) > 0))
1480 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1481
1482 free((void *)ca_list); /* Not needed anymore */
1483
1484 if (!ok) {
1485 /* Rule processing failure */
1486 free(co_list);
1487 return (NULL);
1488 }
1489
1490 /*
1491 * Allocate new "cipherstack" for the result, return with error
1492 * if we cannot get one.
1493 */
1494 if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
1495 free(co_list);
1496 return (NULL);
1497 }
1498
1499 /*
1500 * The cipher selection for the list is done. The ciphers are added
1501 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
1502 */
1503 for (curr = head; curr != NULL; curr = curr->next) {
1504 if (curr->active) {
1505 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1506 }
1507 }
1508 free(co_list); /* Not needed any longer */
1509
1510 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
1511 if (tmp_cipher_list == NULL) {
1512 sk_SSL_CIPHER_free(cipherstack);
1513 return NULL;
1514 }
1515 if (*cipher_list != NULL)
1516 sk_SSL_CIPHER_free(*cipher_list);
1517 *cipher_list = cipherstack;
1518 if (*cipher_list_by_id != NULL)
1519 sk_SSL_CIPHER_free(*cipher_list_by_id);
1520 *cipher_list_by_id = tmp_cipher_list;
1521 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
1522 ssl_cipher_ptr_id_cmp);
1523
1524 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1525 return (cipherstack);
1526}
1527
1528const SSL_CIPHER *
1529SSL_CIPHER_get_by_id(unsigned int id)
1530{
1531 return ssl3_get_cipher_by_id(id);
1532}
1533
1534const SSL_CIPHER *
1535SSL_CIPHER_get_by_value(uint16_t value)
1536{
1537 return ssl3_get_cipher_by_value(value);
1538}
1539
1540char *
1541SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1542{
1543 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
1544 const char *ver, *kx, *au, *enc, *mac;
1545 char *ret;
1546 int l;
1547
1548 alg_mkey = cipher->algorithm_mkey;
1549 alg_auth = cipher->algorithm_auth;
1550 alg_enc = cipher->algorithm_enc;
1551 alg_mac = cipher->algorithm_mac;
1552 alg_ssl = cipher->algorithm_ssl;
1553
1554 alg2 = cipher->algorithm2;
1555
1556 if (alg_ssl & SSL_SSLV3)
1557 ver = "SSLv3";
1558 else if (alg_ssl & SSL_TLSV1_2)
1559 ver = "TLSv1.2";
1560 else
1561 ver = "unknown";
1562
1563 switch (alg_mkey) {
1564 case SSL_kRSA:
1565 kx = "RSA";
1566 break;
1567 case SSL_kDHE:
1568 kx = "DH";
1569 break;
1570 case SSL_kECDHr:
1571 kx = "ECDH/RSA";
1572 break;
1573 case SSL_kECDHe:
1574 kx = "ECDH/ECDSA";
1575 break;
1576 case SSL_kECDHE:
1577 kx = "ECDH";
1578 break;
1579 case SSL_kGOST:
1580 kx = "GOST";
1581 break;
1582 default:
1583 kx = "unknown";
1584 }
1585
1586 switch (alg_auth) {
1587 case SSL_aRSA:
1588 au = "RSA";
1589 break;
1590 case SSL_aDSS:
1591 au = "DSS";
1592 break;
1593 case SSL_aECDH:
1594 au = "ECDH";
1595 break;
1596 case SSL_aNULL:
1597 au = "None";
1598 break;
1599 case SSL_aECDSA:
1600 au = "ECDSA";
1601 break;
1602 case SSL_aGOST01:
1603 au = "GOST01";
1604 break;
1605 default:
1606 au = "unknown";
1607 break;
1608 }
1609
1610 switch (alg_enc) {
1611 case SSL_DES:
1612 enc = "DES(56)";
1613 break;
1614 case SSL_3DES:
1615 enc = "3DES(168)";
1616 break;
1617 case SSL_RC4:
1618 enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)";
1619 break;
1620 case SSL_IDEA:
1621 enc = "IDEA(128)";
1622 break;
1623 case SSL_eNULL:
1624 enc = "None";
1625 break;
1626 case SSL_AES128:
1627 enc = "AES(128)";
1628 break;
1629 case SSL_AES256:
1630 enc = "AES(256)";
1631 break;
1632 case SSL_AES128GCM:
1633 enc = "AESGCM(128)";
1634 break;
1635 case SSL_AES256GCM:
1636 enc = "AESGCM(256)";
1637 break;
1638 case SSL_CAMELLIA128:
1639 enc = "Camellia(128)";
1640 break;
1641 case SSL_CAMELLIA256:
1642 enc = "Camellia(256)";
1643 break;
1644 case SSL_CHACHA20POLY1305:
1645 enc = "ChaCha20-Poly1305";
1646 break;
1647 case SSL_eGOST2814789CNT:
1648 enc = "GOST-28178-89-CNT";
1649 break;
1650 default:
1651 enc = "unknown";
1652 break;
1653 }
1654
1655 switch (alg_mac) {
1656 case SSL_MD5:
1657 mac = "MD5";
1658 break;
1659 case SSL_SHA1:
1660 mac = "SHA1";
1661 break;
1662 case SSL_SHA256:
1663 mac = "SHA256";
1664 break;
1665 case SSL_SHA384:
1666 mac = "SHA384";
1667 break;
1668 case SSL_AEAD:
1669 mac = "AEAD";
1670 break;
1671 case SSL_GOST94:
1672 mac = "GOST94";
1673 break;
1674 case SSL_GOST89MAC:
1675 mac = "GOST89IMIT";
1676 break;
1677 case SSL_STREEBOG256:
1678 mac = "STREEBOG256";
1679 break;
1680 case SSL_STREEBOG512:
1681 mac = "STREEBOG512";
1682 break;
1683 default:
1684 mac = "unknown";
1685 break;
1686 }
1687
1688 if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n",
1689 cipher->name, ver, kx, au, enc, mac) == -1)
1690 return "OPENSSL_malloc Error";
1691
1692 if (buf != NULL) {
1693 l = strlcpy(buf, ret, len);
1694 free(ret);
1695 ret = buf;
1696 if (l >= len)
1697 ret = "Buffer too small";
1698 }
1699
1700 return (ret);
1701}
1702
1703char *
1704SSL_CIPHER_get_version(const SSL_CIPHER *c)
1705{
1706 if (c == NULL)
1707 return("(NONE)");
1708 if ((c->id >> 24) == 3)
1709 return("TLSv1/SSLv3");
1710 else
1711 return("unknown");
1712}
1713
1714/* return the actual cipher being used */
1715const char *
1716SSL_CIPHER_get_name(const SSL_CIPHER *c)
1717{
1718 if (c != NULL)
1719 return (c->name);
1720 return("(NONE)");
1721}
1722
1723/* number of bits for symmetric cipher */
1724int
1725SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
1726{
1727 int ret = 0;
1728
1729 if (c != NULL) {
1730 if (alg_bits != NULL)
1731 *alg_bits = c->alg_bits;
1732 ret = c->strength_bits;
1733 }
1734 return (ret);
1735}
1736
1737unsigned long
1738SSL_CIPHER_get_id(const SSL_CIPHER *c)
1739{
1740 return c->id;
1741}
1742
1743uint16_t
1744SSL_CIPHER_get_value(const SSL_CIPHER *c)
1745{
1746 return ssl3_cipher_get_value(c);
1747}
1748
1749void *
1750SSL_COMP_get_compression_methods(void)
1751{
1752 return NULL;
1753}
1754
1755int
1756SSL_COMP_add_compression_method(int id, void *cm)
1757{
1758 return 1;
1759}
1760
1761const char *
1762SSL_COMP_get_name(const void *comp)
1763{
1764 return NULL;
1765}
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index 04742b60ca..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,615 +0,0 @@
1/* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62
63#include <openssl/err.h>
64#include <openssl/ssl.h>
65
66/* BEGIN ERROR CODES */
67#ifndef OPENSSL_NO_ERR
68
69#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
70#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
71
72static ERR_STRING_DATA SSL_str_functs[]= {
73 {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
74 {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
75 {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
76 {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
77 {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
78 {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
79 {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
80 {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
81 {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
82 {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
83 {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
84 {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
85 {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
86 {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
87 {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
88 {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
89 {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
90 {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
91 {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
92 {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"},
93 {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
94 {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
95 {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
96 {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
97 {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
98 {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
99 {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
100 {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
101 {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
102 {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
103 {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
104 {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
105 {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
106 {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
107 {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
108 {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
109 {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
110 {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
111 {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
112 {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
113 {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
114 {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
115 {ERR_FUNC(SSL_F_READ_N), "READ_N"},
116 {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
117 {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
118 {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
119 {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
120 {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
121 {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
122 {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
123 {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
124 {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
125 {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
126 {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
127 {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
128 {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
129 {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
130 {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
131 {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
132 {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
133 {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
134 {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
135 {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
136 {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
137 {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
138 {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
139 {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
140 {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
141 {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
142 {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
143 {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
144 {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
145 {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
146 {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
147 {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"},
148 {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
149 {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
150 {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
151 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
152 {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
153 {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
154 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
155 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
156 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
157 {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
158 {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
159 {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
160 {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
161 {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
162 {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
163 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
164 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
165 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
166 {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
167 {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
168 {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
169 {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
170 {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
171 {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
172 {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
173 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
174 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
175 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
176 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
177 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
178 {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
179 {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
180 {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
181 {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
182 {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
183 {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
184 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
185 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
186 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
187 {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
188 {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
189 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
190 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
191 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
192 {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
193 {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
194 {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
195 {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
196 {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
197 {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
198 {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
199 {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
200 {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
201 {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
202 {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
203 {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
204 {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
205 {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
206 {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
207 {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
208 {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"},
209 {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
210 {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
211 {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
212 {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
213 {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
214 {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
215 {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
216 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
217 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
218 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
219 {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
220 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
221 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
222 {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
223 {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
224 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
225 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
226 {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
227 {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
228 {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
229 {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
230 {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
231 {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
232 {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
233 {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
234 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
235 {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
236 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
237 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
238 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
239 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
240 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
241 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
242 {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
243 {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
244 {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
245 {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
246 {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
247 {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
248 {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
249 {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
250 {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"},
251 {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
252 {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
253 {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
254 {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
255 {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
256 {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
257 {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
258 {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
259 {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
260 {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
261 {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
262 {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
263 {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
264 {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
265 {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
266 {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
267 {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
268 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
269 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
270 {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
271 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
272 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
273 {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
274 {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
275 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
276 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
277 {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
278 {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
279 {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
280 {ERR_FUNC(SSL_F_TLS1_AEAD_CTX_INIT), "TLS1_AEAD_CTX_INIT"},
281 {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
282 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
283 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD), "TLS1_CHANGE_CIPHER_STATE_AEAD"},
284 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER), "TLS1_CHANGE_CIPHER_STATE_CIPHER"},
285 {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"},
286 {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
287 {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"},
288 {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"},
289 {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
290 {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
291 {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
292 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
293 {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
294 {0, NULL}
295};
296
297static ERR_STRING_DATA SSL_str_reasons[]= {
298 {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"},
299 {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"},
300 {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"},
301 {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"},
302 {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
303 {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"},
304 {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"},
305 {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"},
306 {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"},
307 {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"},
308 {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"},
309 {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"},
310 {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"},
311 {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"},
312 {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"},
313 {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"},
314 {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"},
315 {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"},
316 {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"},
317 {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"},
318 {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"},
319 {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"},
320 {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"},
321 {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"},
322 {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"},
323 {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"},
324 {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"},
325 {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"},
326 {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"},
327 {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
328 {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"},
329 {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"},
330 {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"},
331 {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"},
332 {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"},
333 {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"},
334 {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"},
335 {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"},
336 {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"},
337 {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"},
338 {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"},
339 {ERR_REASON(SSL_R_BAD_STATE) , "bad state"},
340 {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"},
341 {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"},
342 {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"},
343 {ERR_REASON(SSL_R_BN_LIB) , "bn lib"},
344 {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"},
345 {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"},
346 {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"},
347 {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
348 {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"},
349 {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"},
350 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
351 {ERR_REASON(SSL_R_CIPHER_COMPRESSION_UNAVAILABLE), "cipher compression unavailable"},
352 {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"},
353 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"},
354 {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"},
355 {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"},
356 {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"},
357 {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"},
358 {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"},
359 {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"},
360 {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"},
361 {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
362 {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"},
363 {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"},
364 {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"},
365 {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"},
366 {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"},
367 {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"},
368 {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"},
369 {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"},
370 {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
371 {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"},
372 {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
373 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"},
374 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"},
375 {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"},
376 {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"},
377 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
378 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"},
379 {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"},
380 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
381 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"},
382 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
383 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"},
384 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"},
385 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"},
386 {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"},
387 {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"},
388 {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
389 {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
390 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"},
391 {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"},
392 {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"},
393 {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"},
394 {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"},
395 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
396 {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"},
397 {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"},
398 {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"},
399 {ERR_REASON(SSL_R_KRB5) , "krb5"},
400 {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"},
401 {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"},
402 {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"},
403 {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"},
404 {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"},
405 {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"},
406 {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"},
407 {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"},
408 {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"},
409 {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"},
410 {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"},
411 {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"},
412 {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"},
413 {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
414 {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"},
415 {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"},
416 {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"},
417 {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"},
418 {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
419 {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"},
420 {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"},
421 {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
422 {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"},
423 {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
424 {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"},
425 {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"},
426 {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"},
427 {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"},
428 {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"},
429 {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
430 {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"},
431 {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"},
432 {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
433 {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
434 {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
435 {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"},
436 {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"},
437 {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"},
438 {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"},
439 {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"},
440 {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"},
441 {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"},
442 {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
443 {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
444 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
445 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"},
446 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"},
447 {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"},
448 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
449 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
450 {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"},
451 {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"},
452 {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"},
453 {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"},
454 {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"},
455 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"},
456 {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"},
457 {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
458 {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"},
459 {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"},
460 {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"},
461 {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
462 {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"},
463 {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"},
464 {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"},
465 {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"},
466 {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"},
467 {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"},
468 {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"},
469 {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"},
470 {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
471 {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"},
472 {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"},
473 {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
474 {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"},
475 {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"},
476 {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
477 {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"},
478 {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"},
479 {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"},
480 {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"},
481 {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
482 {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
483 {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"},
484 {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"},
485 {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
486 {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"},
487 {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
488 {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
489 {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"},
490 {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"},
491 {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"},
492 {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"},
493 {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"},
494 {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"},
495 {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"},
496 {ERR_REASON(SSL_R_SHORT_READ) , "short read"},
497 {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"},
498 {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"},
499 {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"},
500 {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"},
501 {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"},
502 {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"},
503 {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"},
504 {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"},
505 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"},
506 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"},
507 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"},
508 {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
509 {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"},
510 {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"},
511 {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"},
512 {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"},
513 {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"},
514 {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"},
515 {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"},
516 {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"},
517 {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"},
518 {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"},
519 {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"},
520 {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"},
521 {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"},
522 {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"},
523 {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"},
524 {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"},
525 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
526 {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"},
527 {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"},
528 {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"},
529 {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"},
530 {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
531 {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"},
532 {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"},
533 {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"},
534 {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"},
535 {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"},
536 {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"},
537 {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"},
538 {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"},
539 {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"},
540 {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
541 {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"},
542 {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"},
543 {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"},
544 {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"},
545 {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
546 {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"},
547 {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"},
548 {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbeats"},
549 {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"},
550 {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"},
551 {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"},
552 {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"},
553 {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"},
554 {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"},
555 {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
556 {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"},
557 {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"},
558 {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"},
559 {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"},
560 {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"},
561 {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"},
562 {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"},
563 {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"},
564 {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"},
565 {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"},
566 {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"},
567 {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"},
568 {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"},
569 {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
570 {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
571 {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"},
572 {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"},
573 {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"},
574 {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"},
575 {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"},
576 {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"},
577 {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"},
578 {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"},
579 {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"},
580 {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"},
581 {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"},
582 {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"},
583 {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"},
584 {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"},
585 {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
586 {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
587 {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
588 {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"},
589 {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
590 {ERR_REASON(SSL_R_WRONG_CURVE) , "wrong curve"},
591 {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"},
592 {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
593 {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
594 {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"},
595 {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"},
596 {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"},
597 {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"},
598 {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"},
599 {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
600 {0, NULL}
601};
602
603#endif
604
605void
606ERR_load_SSL_strings(void)
607{
608#ifndef OPENSSL_NO_ERR
609
610 if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
611 ERR_load_strings(0, SSL_str_functs);
612 ERR_load_strings(0, SSL_str_reasons);
613 }
614#endif
615}
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c
deleted file mode 100644
index 9aad13cdc5..0000000000
--- a/src/lib/libssl/ssl_err2.c
+++ /dev/null
@@ -1,72 +0,0 @@
1/* $OpenBSD: ssl_err2.c,v 1.7 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/err.h>
62#include <openssl/ssl.h>
63
64void
65SSL_load_error_strings(void)
66{
67#ifndef OPENSSL_NO_ERR
68 ERR_load_crypto_strings();
69 ERR_load_SSL_strings();
70#endif
71}
72
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index 629ad03554..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3125 +0,0 @@
1/* $OpenBSD: ssl_lib.c,v 1.105 2015/07/19 20:32:18 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#include <stdio.h>
144
145#include "ssl_locl.h"
146
147#include <openssl/bn.h>
148#include <openssl/dh.h>
149#include <openssl/lhash.h>
150#include <openssl/objects.h>
151#include <openssl/ocsp.h>
152#include <openssl/x509v3.h>
153
154#ifndef OPENSSL_NO_ENGINE
155#include <openssl/engine.h>
156#endif
157
158#include "bytestring.h"
159
160const char *SSL_version_str = OPENSSL_VERSION_TEXT;
161
162SSL3_ENC_METHOD ssl3_undef_enc_method = {
163 /*
164 * Evil casts, but these functions are only called if there's a
165 * library bug.
166 */
167 .enc = (int (*)(SSL *, int))ssl_undefined_function,
168 .mac = (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
169 .setup_key_block = ssl_undefined_function,
170 .generate_master_secret = (int (*)(SSL *, unsigned char *,
171 unsigned char *, int))ssl_undefined_function,
172 .change_cipher_state = (int (*)(SSL*, int))ssl_undefined_function,
173 .final_finish_mac = (int (*)(SSL *, const char*, int,
174 unsigned char *))ssl_undefined_function,
175 .finish_mac_length = 0,
176 .cert_verify_mac = (int (*)(SSL *, int,
177 unsigned char *))ssl_undefined_function,
178 .client_finished_label = NULL,
179 .client_finished_label_len = 0,
180 .server_finished_label = NULL,
181 .server_finished_label_len = 0,
182 .alert_value = (int (*)(int))ssl_undefined_function,
183 .export_keying_material = (int (*)(SSL *, unsigned char *, size_t,
184 const char *, size_t, const unsigned char *, size_t,
185 int use_context))ssl_undefined_function,
186 .enc_flags = 0,
187};
188
189int
190SSL_clear(SSL *s)
191{
192 if (s->method == NULL) {
193 SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
194 return (0);
195 }
196
197 if (ssl_clear_bad_session(s)) {
198 SSL_SESSION_free(s->session);
199 s->session = NULL;
200 }
201
202 s->error = 0;
203 s->hit = 0;
204 s->shutdown = 0;
205
206 if (s->renegotiate) {
207 SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
208 return (0);
209 }
210
211 s->type = 0;
212
213 s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
214
215 s->version = s->method->version;
216 s->client_version = s->version;
217 s->rwstate = SSL_NOTHING;
218 s->rstate = SSL_ST_READ_HEADER;
219
220 BUF_MEM_free(s->init_buf);
221 s->init_buf = NULL;
222
223 ssl_clear_cipher_ctx(s);
224 ssl_clear_hash_ctx(&s->read_hash);
225 ssl_clear_hash_ctx(&s->write_hash);
226
227 s->first_packet = 0;
228
229 /*
230 * Check to see if we were changed into a different method, if
231 * so, revert back if we are not doing session-id reuse.
232 */
233 if (!s->in_handshake && (s->session == NULL) &&
234 (s->method != s->ctx->method)) {
235 s->method->ssl_free(s);
236 s->method = s->ctx->method;
237 if (!s->method->ssl_new(s))
238 return (0);
239 } else
240 s->method->ssl_clear(s);
241
242 return (1);
243}
244
245/* Used to change an SSL_CTXs default SSL method type */
246int
247SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
248{
249 STACK_OF(SSL_CIPHER) *sk;
250
251 ctx->method = meth;
252
253 sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
254 &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST);
255 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
256 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
257 SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
258 return (0);
259 }
260 return (1);
261}
262
263SSL *
264SSL_new(SSL_CTX *ctx)
265{
266 SSL *s;
267
268 if (ctx == NULL) {
269 SSLerr(SSL_F_SSL_NEW,
270 SSL_R_NULL_SSL_CTX);
271 return (NULL);
272 }
273 if (ctx->method == NULL) {
274 SSLerr(SSL_F_SSL_NEW,
275 SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
276 return (NULL);
277 }
278
279 s = calloc(1, sizeof(SSL));
280 if (s == NULL)
281 goto err;
282
283
284 s->options = ctx->options;
285 s->mode = ctx->mode;
286 s->max_cert_list = ctx->max_cert_list;
287
288 if (ctx->cert != NULL) {
289 /*
290 * Earlier library versions used to copy the pointer to
291 * the CERT, not its contents; only when setting new
292 * parameters for the per-SSL copy, ssl_cert_new would be
293 * called (and the direct reference to the per-SSL_CTX
294 * settings would be lost, but those still were indirectly
295 * accessed for various purposes, and for that reason they
296 * used to be known as s->ctx->default_cert).
297 * Now we don't look at the SSL_CTX's CERT after having
298 * duplicated it once.
299 */
300 s->cert = ssl_cert_dup(ctx->cert);
301 if (s->cert == NULL)
302 goto err;
303 } else
304 s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
305
306 s->read_ahead = ctx->read_ahead;
307 s->msg_callback = ctx->msg_callback;
308 s->msg_callback_arg = ctx->msg_callback_arg;
309 s->verify_mode = ctx->verify_mode;
310 s->sid_ctx_length = ctx->sid_ctx_length;
311 OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
312 memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
313 s->verify_callback = ctx->default_verify_callback;
314 s->generate_session_id = ctx->generate_session_id;
315
316 s->param = X509_VERIFY_PARAM_new();
317 if (!s->param)
318 goto err;
319 X509_VERIFY_PARAM_inherit(s->param, ctx->param);
320 s->quiet_shutdown = ctx->quiet_shutdown;
321 s->max_send_fragment = ctx->max_send_fragment;
322
323 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
324 s->ctx = ctx;
325 s->tlsext_debug_cb = 0;
326 s->tlsext_debug_arg = NULL;
327 s->tlsext_ticket_expected = 0;
328 s->tlsext_status_type = -1;
329 s->tlsext_status_expected = 0;
330 s->tlsext_ocsp_ids = NULL;
331 s->tlsext_ocsp_exts = NULL;
332 s->tlsext_ocsp_resp = NULL;
333 s->tlsext_ocsp_resplen = -1;
334 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
335 s->initial_ctx = ctx;
336 s->next_proto_negotiated = NULL;
337
338 if (s->ctx->alpn_client_proto_list != NULL) {
339 s->alpn_client_proto_list =
340 malloc(s->ctx->alpn_client_proto_list_len);
341 if (s->alpn_client_proto_list == NULL)
342 goto err;
343 memcpy(s->alpn_client_proto_list,
344 s->ctx->alpn_client_proto_list,
345 s->ctx->alpn_client_proto_list_len);
346 s->alpn_client_proto_list_len =
347 s->ctx->alpn_client_proto_list_len;
348 }
349
350 s->verify_result = X509_V_OK;
351
352 s->method = ctx->method;
353
354 if (!s->method->ssl_new(s))
355 goto err;
356
357 s->references = 1;
358 s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
359
360 SSL_clear(s);
361
362 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
363
364
365 return (s);
366err:
367 if (s != NULL) {
368 if (s->cert != NULL)
369 ssl_cert_free(s->cert);
370 SSL_CTX_free(s->ctx); /* decrement reference count */
371 free(s);
372 }
373 SSLerr(SSL_F_SSL_NEW,
374 ERR_R_MALLOC_FAILURE);
375 return (NULL);
376}
377
378int
379SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
380 unsigned int sid_ctx_len)
381{
382 if (sid_ctx_len > sizeof ctx->sid_ctx) {
383 SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
384 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
385 return (0);
386 }
387 ctx->sid_ctx_length = sid_ctx_len;
388 memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
389
390 return (1);
391}
392
393int
394SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
395 unsigned int sid_ctx_len)
396{
397 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
398 SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
399 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
400 return (0);
401 }
402 ssl->sid_ctx_length = sid_ctx_len;
403 memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
404
405 return (1);
406}
407
408int
409SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
410{
411 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
412 ctx->generate_session_id = cb;
413 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
414 return (1);
415}
416
417int
418SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
419{
420 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
421 ssl->generate_session_id = cb;
422 CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
423 return (1);
424}
425
426int
427SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
428 unsigned int id_len)
429{
430 /*
431 * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
432 * shows how we can "construct" a session to give us the desired
433 * check - ie. to find if there's a session in the hash table
434 * that would conflict with any new session built out of this
435 * id/id_len and the ssl_version in use by this SSL.
436 */
437 SSL_SESSION r, *p;
438
439 if (id_len > sizeof r.session_id)
440 return (0);
441
442 r.ssl_version = ssl->version;
443 r.session_id_length = id_len;
444 memcpy(r.session_id, id, id_len);
445
446 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
447 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
448 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
449 return (p != NULL);
450}
451
452int
453SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
454{
455 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
456}
457
458int
459SSL_set_purpose(SSL *s, int purpose)
460{
461 return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
462}
463
464int
465SSL_CTX_set_trust(SSL_CTX *s, int trust)
466{
467 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
468}
469
470int
471SSL_set_trust(SSL *s, int trust)
472{
473 return (X509_VERIFY_PARAM_set_trust(s->param, trust));
474}
475
476int
477SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
478{
479 return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
480}
481
482int
483SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
484{
485 return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
486}
487
488void
489SSL_free(SSL *s)
490{
491 int i;
492
493 if (s == NULL)
494 return;
495
496 i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
497 if (i > 0)
498 return;
499
500 if (s->param)
501 X509_VERIFY_PARAM_free(s->param);
502
503 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
504
505 if (s->bbio != NULL) {
506 /* If the buffering BIO is in place, pop it off */
507 if (s->bbio == s->wbio) {
508 s->wbio = BIO_pop(s->wbio);
509 }
510 BIO_free(s->bbio);
511 s->bbio = NULL;
512 }
513 if (s->rbio != NULL)
514 BIO_free_all(s->rbio);
515 if ((s->wbio != NULL) && (s->wbio != s->rbio))
516 BIO_free_all(s->wbio);
517
518 if (s->init_buf != NULL)
519 BUF_MEM_free(s->init_buf);
520
521 /* add extra stuff */
522 if (s->cipher_list != NULL)
523 sk_SSL_CIPHER_free(s->cipher_list);
524 if (s->cipher_list_by_id != NULL)
525 sk_SSL_CIPHER_free(s->cipher_list_by_id);
526
527 /* Make the next call work :-) */
528 if (s->session != NULL) {
529 ssl_clear_bad_session(s);
530 SSL_SESSION_free(s->session);
531 }
532
533 ssl_clear_cipher_ctx(s);
534 ssl_clear_hash_ctx(&s->read_hash);
535 ssl_clear_hash_ctx(&s->write_hash);
536
537 if (s->cert != NULL)
538 ssl_cert_free(s->cert);
539 /* Free up if allocated */
540
541 free(s->tlsext_hostname);
542 SSL_CTX_free(s->initial_ctx);
543 free(s->tlsext_ecpointformatlist);
544 free(s->tlsext_ellipticcurvelist);
545 if (s->tlsext_ocsp_exts)
546 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
547 X509_EXTENSION_free);
548 if (s->tlsext_ocsp_ids)
549 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
550 free(s->tlsext_ocsp_resp);
551
552 if (s->client_CA != NULL)
553 sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
554
555 if (s->method != NULL)
556 s->method->ssl_free(s);
557
558 SSL_CTX_free(s->ctx);
559
560
561 free(s->next_proto_negotiated);
562 free(s->alpn_client_proto_list);
563
564#ifndef OPENSSL_NO_SRTP
565 if (s->srtp_profiles)
566 sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
567#endif
568
569 free(s);
570}
571
572void
573SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
574{
575 /* If the output buffering BIO is still in place, remove it */
576 if (s->bbio != NULL) {
577 if (s->wbio == s->bbio) {
578 s->wbio = s->wbio->next_bio;
579 s->bbio->next_bio = NULL;
580 }
581 }
582 if ((s->rbio != NULL) && (s->rbio != rbio))
583 BIO_free_all(s->rbio);
584 if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
585 BIO_free_all(s->wbio);
586 s->rbio = rbio;
587 s->wbio = wbio;
588}
589
590BIO *
591SSL_get_rbio(const SSL *s)
592{
593 return (s->rbio);
594}
595
596BIO *
597SSL_get_wbio(const SSL *s)
598{
599 return (s->wbio);
600}
601
602int
603SSL_get_fd(const SSL *s)
604{
605 return (SSL_get_rfd(s));
606}
607
608int
609SSL_get_rfd(const SSL *s)
610{
611 int ret = -1;
612 BIO *b, *r;
613
614 b = SSL_get_rbio(s);
615 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
616 if (r != NULL)
617 BIO_get_fd(r, &ret);
618 return (ret);
619}
620
621int
622SSL_get_wfd(const SSL *s)
623{
624 int ret = -1;
625 BIO *b, *r;
626
627 b = SSL_get_wbio(s);
628 r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
629 if (r != NULL)
630 BIO_get_fd(r, &ret);
631 return (ret);
632}
633
634int
635SSL_set_fd(SSL *s, int fd)
636{
637 int ret = 0;
638 BIO *bio = NULL;
639
640 bio = BIO_new(BIO_s_socket());
641
642 if (bio == NULL) {
643 SSLerr(SSL_F_SSL_SET_FD,
644 ERR_R_BUF_LIB);
645 goto err;
646 }
647 BIO_set_fd(bio, fd, BIO_NOCLOSE);
648 SSL_set_bio(s, bio, bio);
649 ret = 1;
650err:
651 return (ret);
652}
653
654int
655SSL_set_wfd(SSL *s, int fd)
656{
657 int ret = 0;
658 BIO *bio = NULL;
659
660 if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
661 || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
662 bio = BIO_new(BIO_s_socket());
663
664 if (bio == NULL) {
665 SSLerr(SSL_F_SSL_SET_WFD,
666 ERR_R_BUF_LIB);
667 goto err;
668 }
669 BIO_set_fd(bio, fd, BIO_NOCLOSE);
670 SSL_set_bio(s, SSL_get_rbio(s), bio);
671 } else
672 SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
673 ret = 1;
674err:
675 return (ret);
676}
677
678int
679SSL_set_rfd(SSL *s, int fd)
680{
681 int ret = 0;
682 BIO *bio = NULL;
683
684 if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
685 || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
686 bio = BIO_new(BIO_s_socket());
687
688 if (bio == NULL) {
689 SSLerr(SSL_F_SSL_SET_RFD,
690 ERR_R_BUF_LIB);
691 goto err;
692 }
693 BIO_set_fd(bio, fd, BIO_NOCLOSE);
694 SSL_set_bio(s, bio, SSL_get_wbio(s));
695 } else
696 SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
697 ret = 1;
698err:
699 return (ret);
700}
701
702
703/* return length of latest Finished message we sent, copy to 'buf' */
704size_t
705SSL_get_finished(const SSL *s, void *buf, size_t count)
706{
707 size_t ret = 0;
708
709 if (s->s3 != NULL) {
710 ret = s->s3->tmp.finish_md_len;
711 if (count > ret)
712 count = ret;
713 memcpy(buf, s->s3->tmp.finish_md, count);
714 }
715 return (ret);
716}
717
718/* return length of latest Finished message we expected, copy to 'buf' */
719size_t
720SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
721{
722 size_t ret = 0;
723
724 if (s->s3 != NULL) {
725 ret = s->s3->tmp.peer_finish_md_len;
726 if (count > ret)
727 count = ret;
728 memcpy(buf, s->s3->tmp.peer_finish_md, count);
729 }
730 return (ret);
731}
732
733
734int
735SSL_get_verify_mode(const SSL *s)
736{
737 return (s->verify_mode);
738}
739
740int
741SSL_get_verify_depth(const SSL *s)
742{
743 return (X509_VERIFY_PARAM_get_depth(s->param));
744}
745
746int
747(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
748{
749 return (s->verify_callback);
750}
751
752int
753SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
754{
755 return (ctx->verify_mode);
756}
757
758int
759SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
760{
761 return (X509_VERIFY_PARAM_get_depth(ctx->param));
762}
763
764int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
765{
766 return (ctx->default_verify_callback);
767}
768
769void
770SSL_set_verify(SSL *s, int mode,
771 int (*callback)(int ok, X509_STORE_CTX *ctx))
772{
773 s->verify_mode = mode;
774 if (callback != NULL)
775 s->verify_callback = callback;
776}
777
778void
779SSL_set_verify_depth(SSL *s, int depth)
780{
781 X509_VERIFY_PARAM_set_depth(s->param, depth);
782}
783
784void
785SSL_set_read_ahead(SSL *s, int yes)
786{
787 s->read_ahead = yes;
788}
789
790int
791SSL_get_read_ahead(const SSL *s)
792{
793 return (s->read_ahead);
794}
795
796int
797SSL_pending(const SSL *s)
798{
799 /*
800 * SSL_pending cannot work properly if read-ahead is enabled
801 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
802 * and it is impossible to fix since SSL_pending cannot report
803 * errors that may be observed while scanning the new data.
804 * (Note that SSL_pending() is often used as a boolean value,
805 * so we'd better not return -1.)
806 */
807 return (s->method->ssl_pending(s));
808}
809
810X509 *
811SSL_get_peer_certificate(const SSL *s)
812{
813 X509 *r;
814
815 if ((s == NULL) || (s->session == NULL))
816 r = NULL;
817 else
818 r = s->session->peer;
819
820 if (r == NULL)
821 return (r);
822
823 CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
824
825 return (r);
826}
827
828STACK_OF(X509) *
829SSL_get_peer_cert_chain(const SSL *s)
830{
831 STACK_OF(X509) *r;
832
833 if ((s == NULL) || (s->session == NULL) ||
834 (s->session->sess_cert == NULL))
835 r = NULL;
836 else
837 r = s->session->sess_cert->cert_chain;
838
839 /*
840 * If we are a client, cert_chain includes the peer's own
841 * certificate;
842 * if we are a server, it does not.
843 */
844 return (r);
845}
846
847/*
848 * Now in theory, since the calling process own 't' it should be safe to
849 * modify. We need to be able to read f without being hassled
850 */
851void
852SSL_copy_session_id(SSL *t, const SSL *f)
853{
854 CERT *tmp;
855
856 /* Do we need to to SSL locking? */
857 SSL_set_session(t, SSL_get_session(f));
858
859 /*
860 * What if we are setup as SSLv2 but want to talk SSLv3 or
861 * vice-versa.
862 */
863 if (t->method != f->method) {
864 t->method->ssl_free(t); /* cleanup current */
865 t->method=f->method; /* change method */
866 t->method->ssl_new(t); /* setup new */
867 }
868
869 tmp = t->cert;
870 if (f->cert != NULL) {
871 CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
872 t->cert = f->cert;
873 } else
874 t->cert = NULL;
875 if (tmp != NULL)
876 ssl_cert_free(tmp);
877 SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
878}
879
880/* Fix this so it checks all the valid key/cert options */
881int
882SSL_CTX_check_private_key(const SSL_CTX *ctx)
883{
884 if ((ctx == NULL) || (ctx->cert == NULL) ||
885 (ctx->cert->key->x509 == NULL)) {
886 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
887 SSL_R_NO_CERTIFICATE_ASSIGNED);
888 return (0);
889 }
890 if (ctx->cert->key->privatekey == NULL) {
891 SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
892 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
893 return (0);
894 }
895 return (X509_check_private_key(ctx->cert->key->x509,
896 ctx->cert->key->privatekey));
897}
898
899/* Fix this function so that it takes an optional type parameter */
900int
901SSL_check_private_key(const SSL *ssl)
902{
903 if (ssl == NULL) {
904 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
905 ERR_R_PASSED_NULL_PARAMETER);
906 return (0);
907 }
908 if (ssl->cert == NULL) {
909 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
910 SSL_R_NO_CERTIFICATE_ASSIGNED);
911 return (0);
912 }
913 if (ssl->cert->key->x509 == NULL) {
914 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
915 SSL_R_NO_CERTIFICATE_ASSIGNED);
916 return (0);
917 }
918 if (ssl->cert->key->privatekey == NULL) {
919 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,
920 SSL_R_NO_PRIVATE_KEY_ASSIGNED);
921 return (0);
922 }
923 return (X509_check_private_key(ssl->cert->key->x509,
924 ssl->cert->key->privatekey));
925}
926
927int
928SSL_accept(SSL *s)
929{
930 if (s->handshake_func == 0)
931 SSL_set_accept_state(s); /* Not properly initialized yet */
932
933 return (s->method->ssl_accept(s));
934}
935
936int
937SSL_connect(SSL *s)
938{
939 if (s->handshake_func == 0)
940 SSL_set_connect_state(s); /* Not properly initialized yet */
941
942 return (s->method->ssl_connect(s));
943}
944
945long
946SSL_get_default_timeout(const SSL *s)
947{
948 return (s->method->get_timeout());
949}
950
951int
952SSL_read(SSL *s, void *buf, int num)
953{
954 if (s->handshake_func == 0) {
955 SSLerr(SSL_F_SSL_READ,
956 SSL_R_UNINITIALIZED);
957 return (-1);
958 }
959
960 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
961 s->rwstate = SSL_NOTHING;
962 return (0);
963 }
964 return (s->method->ssl_read(s, buf, num));
965}
966
967int
968SSL_peek(SSL *s, void *buf, int num)
969{
970 if (s->handshake_func == 0) {
971 SSLerr(SSL_F_SSL_PEEK,
972 SSL_R_UNINITIALIZED);
973 return (-1);
974 }
975
976 if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
977 return (0);
978 }
979 return (s->method->ssl_peek(s, buf, num));
980}
981
982int
983SSL_write(SSL *s, const void *buf, int num)
984{
985 if (s->handshake_func == 0) {
986 SSLerr(SSL_F_SSL_WRITE,
987 SSL_R_UNINITIALIZED);
988 return (-1);
989 }
990
991 if (s->shutdown & SSL_SENT_SHUTDOWN) {
992 s->rwstate = SSL_NOTHING;
993 SSLerr(SSL_F_SSL_WRITE,
994 SSL_R_PROTOCOL_IS_SHUTDOWN);
995 return (-1);
996 }
997 return (s->method->ssl_write(s, buf, num));
998}
999
1000int
1001SSL_shutdown(SSL *s)
1002{
1003 /*
1004 * Note that this function behaves differently from what one might
1005 * expect. Return values are 0 for no success (yet),
1006 * 1 for success; but calling it once is usually not enough,
1007 * even if blocking I/O is used (see ssl3_shutdown).
1008 */
1009
1010 if (s->handshake_func == 0) {
1011 SSLerr(SSL_F_SSL_SHUTDOWN,
1012 SSL_R_UNINITIALIZED);
1013 return (-1);
1014 }
1015
1016 if ((s != NULL) && !SSL_in_init(s))
1017 return (s->method->ssl_shutdown(s));
1018 else
1019 return (1);
1020}
1021
1022int
1023SSL_renegotiate(SSL *s)
1024{
1025 if (s->renegotiate == 0)
1026 s->renegotiate = 1;
1027
1028 s->new_session = 1;
1029
1030 return (s->method->ssl_renegotiate(s));
1031}
1032
1033int
1034SSL_renegotiate_abbreviated(SSL *s)
1035{
1036 if (s->renegotiate == 0)
1037 s->renegotiate = 1;
1038
1039 s->new_session = 0;
1040
1041 return (s->method->ssl_renegotiate(s));
1042}
1043
1044int
1045SSL_renegotiate_pending(SSL *s)
1046{
1047 /*
1048 * Becomes true when negotiation is requested;
1049 * false again once a handshake has finished.
1050 */
1051 return (s->renegotiate != 0);
1052}
1053
1054long
1055SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
1056{
1057 long l;
1058
1059 switch (cmd) {
1060 case SSL_CTRL_GET_READ_AHEAD:
1061 return (s->read_ahead);
1062 case SSL_CTRL_SET_READ_AHEAD:
1063 l = s->read_ahead;
1064 s->read_ahead = larg;
1065 return (l);
1066
1067 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1068 s->msg_callback_arg = parg;
1069 return (1);
1070
1071 case SSL_CTRL_OPTIONS:
1072 return (s->options|=larg);
1073 case SSL_CTRL_CLEAR_OPTIONS:
1074 return (s->options&=~larg);
1075 case SSL_CTRL_MODE:
1076 return (s->mode|=larg);
1077 case SSL_CTRL_CLEAR_MODE:
1078 return (s->mode &=~larg);
1079 case SSL_CTRL_GET_MAX_CERT_LIST:
1080 return (s->max_cert_list);
1081 case SSL_CTRL_SET_MAX_CERT_LIST:
1082 l = s->max_cert_list;
1083 s->max_cert_list = larg;
1084 return (l);
1085 case SSL_CTRL_SET_MTU:
1086#ifndef OPENSSL_NO_DTLS1
1087 if (larg < (long)dtls1_min_mtu())
1088 return (0);
1089#endif
1090 if (SSL_IS_DTLS(s)) {
1091 s->d1->mtu = larg;
1092 return (larg);
1093 }
1094 return (0);
1095 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1096 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1097 return (0);
1098 s->max_send_fragment = larg;
1099 return (1);
1100 case SSL_CTRL_GET_RI_SUPPORT:
1101 if (s->s3)
1102 return (s->s3->send_connection_binding);
1103 else return (0);
1104 default:
1105 return (s->method->ssl_ctrl(s, cmd, larg, parg));
1106 }
1107}
1108
1109long
1110SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1111{
1112 switch (cmd) {
1113 case SSL_CTRL_SET_MSG_CALLBACK:
1114 s->msg_callback = (void (*)(int write_p, int version,
1115 int content_type, const void *buf, size_t len,
1116 SSL *ssl, void *arg))(fp);
1117 return (1);
1118
1119 default:
1120 return (s->method->ssl_callback_ctrl(s, cmd, fp));
1121 }
1122}
1123
1124LHASH_OF(SSL_SESSION) *
1125SSL_CTX_sessions(SSL_CTX *ctx)
1126{
1127 return (ctx->sessions);
1128}
1129
1130long
1131SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
1132{
1133 long l;
1134
1135 switch (cmd) {
1136 case SSL_CTRL_GET_READ_AHEAD:
1137 return (ctx->read_ahead);
1138 case SSL_CTRL_SET_READ_AHEAD:
1139 l = ctx->read_ahead;
1140 ctx->read_ahead = larg;
1141 return (l);
1142
1143 case SSL_CTRL_SET_MSG_CALLBACK_ARG:
1144 ctx->msg_callback_arg = parg;
1145 return (1);
1146
1147 case SSL_CTRL_GET_MAX_CERT_LIST:
1148 return (ctx->max_cert_list);
1149 case SSL_CTRL_SET_MAX_CERT_LIST:
1150 l = ctx->max_cert_list;
1151 ctx->max_cert_list = larg;
1152 return (l);
1153
1154 case SSL_CTRL_SET_SESS_CACHE_SIZE:
1155 l = ctx->session_cache_size;
1156 ctx->session_cache_size = larg;
1157 return (l);
1158 case SSL_CTRL_GET_SESS_CACHE_SIZE:
1159 return (ctx->session_cache_size);
1160 case SSL_CTRL_SET_SESS_CACHE_MODE:
1161 l = ctx->session_cache_mode;
1162 ctx->session_cache_mode = larg;
1163 return (l);
1164 case SSL_CTRL_GET_SESS_CACHE_MODE:
1165 return (ctx->session_cache_mode);
1166
1167 case SSL_CTRL_SESS_NUMBER:
1168 return (lh_SSL_SESSION_num_items(ctx->sessions));
1169 case SSL_CTRL_SESS_CONNECT:
1170 return (ctx->stats.sess_connect);
1171 case SSL_CTRL_SESS_CONNECT_GOOD:
1172 return (ctx->stats.sess_connect_good);
1173 case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
1174 return (ctx->stats.sess_connect_renegotiate);
1175 case SSL_CTRL_SESS_ACCEPT:
1176 return (ctx->stats.sess_accept);
1177 case SSL_CTRL_SESS_ACCEPT_GOOD:
1178 return (ctx->stats.sess_accept_good);
1179 case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
1180 return (ctx->stats.sess_accept_renegotiate);
1181 case SSL_CTRL_SESS_HIT:
1182 return (ctx->stats.sess_hit);
1183 case SSL_CTRL_SESS_CB_HIT:
1184 return (ctx->stats.sess_cb_hit);
1185 case SSL_CTRL_SESS_MISSES:
1186 return (ctx->stats.sess_miss);
1187 case SSL_CTRL_SESS_TIMEOUTS:
1188 return (ctx->stats.sess_timeout);
1189 case SSL_CTRL_SESS_CACHE_FULL:
1190 return (ctx->stats.sess_cache_full);
1191 case SSL_CTRL_OPTIONS:
1192 return (ctx->options|=larg);
1193 case SSL_CTRL_CLEAR_OPTIONS:
1194 return (ctx->options&=~larg);
1195 case SSL_CTRL_MODE:
1196 return (ctx->mode|=larg);
1197 case SSL_CTRL_CLEAR_MODE:
1198 return (ctx->mode&=~larg);
1199 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1200 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1201 return (0);
1202 ctx->max_send_fragment = larg;
1203 return (1);
1204 default:
1205 return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
1206 }
1207}
1208
1209long
1210SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
1211{
1212 switch (cmd) {
1213 case SSL_CTRL_SET_MSG_CALLBACK:
1214 ctx->msg_callback = (void (*)(int write_p, int version,
1215 int content_type, const void *buf, size_t len, SSL *ssl,
1216 void *arg))(fp);
1217 return (1);
1218
1219 default:
1220 return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
1221 }
1222}
1223
1224int
1225ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
1226{
1227 long l;
1228
1229 l = a->id - b->id;
1230 if (l == 0L)
1231 return (0);
1232 else
1233 return ((l > 0) ? 1:-1);
1234}
1235
1236int
1237ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
1238 const SSL_CIPHER * const *bp)
1239{
1240 long l;
1241
1242 l = (*ap)->id - (*bp)->id;
1243 if (l == 0L)
1244 return (0);
1245 else
1246 return ((l > 0) ? 1:-1);
1247}
1248
1249/*
1250 * Return a STACK of the ciphers available for the SSL and in order of
1251 * preference.
1252 */
1253STACK_OF(SSL_CIPHER) *
1254SSL_get_ciphers(const SSL *s)
1255{
1256 if (s != NULL) {
1257 if (s->cipher_list != NULL) {
1258 return (s->cipher_list);
1259 } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
1260 return (s->ctx->cipher_list);
1261 }
1262 }
1263 return (NULL);
1264}
1265
1266/*
1267 * Return a STACK of the ciphers available for the SSL and in order of
1268 * algorithm id.
1269 */
1270STACK_OF(SSL_CIPHER) *
1271ssl_get_ciphers_by_id(SSL *s)
1272{
1273 if (s != NULL) {
1274 if (s->cipher_list_by_id != NULL) {
1275 return (s->cipher_list_by_id);
1276 } else if ((s->ctx != NULL) &&
1277 (s->ctx->cipher_list_by_id != NULL)) {
1278 return (s->ctx->cipher_list_by_id);
1279 }
1280 }
1281 return (NULL);
1282}
1283
1284/* The old interface to get the same thing as SSL_get_ciphers(). */
1285const char *
1286SSL_get_cipher_list(const SSL *s, int n)
1287{
1288 SSL_CIPHER *c;
1289 STACK_OF(SSL_CIPHER) *sk;
1290
1291 if (s == NULL)
1292 return (NULL);
1293 sk = SSL_get_ciphers(s);
1294 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
1295 return (NULL);
1296 c = sk_SSL_CIPHER_value(sk, n);
1297 if (c == NULL)
1298 return (NULL);
1299 return (c->name);
1300}
1301
1302/* Specify the ciphers to be used by default by the SSL_CTX. */
1303int
1304SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1305{
1306 STACK_OF(SSL_CIPHER) *sk;
1307
1308 sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
1309 &ctx->cipher_list_by_id, str);
1310 /*
1311 * ssl_create_cipher_list may return an empty stack if it
1312 * was unable to find a cipher matching the given rule string
1313 * (for example if the rule string specifies a cipher which
1314 * has been disabled). This is not an error as far as
1315 * ssl_create_cipher_list is concerned, and hence
1316 * ctx->cipher_list and ctx->cipher_list_by_id has been
1317 * updated.
1318 */
1319 if (sk == NULL)
1320 return (0);
1321 else if (sk_SSL_CIPHER_num(sk) == 0) {
1322 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST,
1323 SSL_R_NO_CIPHER_MATCH);
1324 return (0);
1325 }
1326 return (1);
1327}
1328
1329/* Specify the ciphers to be used by the SSL. */
1330int
1331SSL_set_cipher_list(SSL *s, const char *str)
1332{
1333 STACK_OF(SSL_CIPHER) *sk;
1334
1335 sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
1336 &s->cipher_list_by_id, str);
1337 /* see comment in SSL_CTX_set_cipher_list */
1338 if (sk == NULL)
1339 return (0);
1340 else if (sk_SSL_CIPHER_num(sk) == 0) {
1341 SSLerr(SSL_F_SSL_SET_CIPHER_LIST,
1342 SSL_R_NO_CIPHER_MATCH);
1343 return (0);
1344 }
1345 return (1);
1346}
1347
1348/* works well for SSLv2, not so good for SSLv3 */
1349char *
1350SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
1351{
1352 char *end;
1353 STACK_OF(SSL_CIPHER) *sk;
1354 SSL_CIPHER *c;
1355 size_t curlen = 0;
1356 int i;
1357
1358 if (s->session == NULL || s->session->ciphers == NULL || len < 2)
1359 return (NULL);
1360
1361 sk = s->session->ciphers;
1362 if (sk_SSL_CIPHER_num(sk) == 0)
1363 return (NULL);
1364
1365 buf[0] = '\0';
1366 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1367 c = sk_SSL_CIPHER_value(sk, i);
1368 end = buf + curlen;
1369 if (strlcat(buf, c->name, len) >= len ||
1370 (curlen = strlcat(buf, ":", len)) >= len) {
1371 /* remove truncated cipher from list */
1372 *end = '\0';
1373 break;
1374 }
1375 }
1376 /* remove trailing colon */
1377 if ((end = strrchr(buf, ':')) != NULL)
1378 *end = '\0';
1379 return (buf);
1380}
1381
1382int
1383ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p)
1384{
1385 int i;
1386 SSL_CIPHER *c;
1387 unsigned char *q;
1388
1389 if (sk == NULL)
1390 return (0);
1391 q = p;
1392
1393 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
1394 c = sk_SSL_CIPHER_value(sk, i);
1395
1396 /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
1397 if ((c->algorithm_ssl & SSL_TLSV1_2) &&
1398 (TLS1_get_client_version(s) < TLS1_2_VERSION))
1399 continue;
1400
1401 s2n(ssl3_cipher_get_value(c), p);
1402 }
1403
1404 /*
1405 * If p == q, no ciphers and caller indicates an error. Otherwise
1406 * add SCSV if not renegotiating.
1407 */
1408 if (p != q && !s->renegotiate)
1409 s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p);
1410
1411 return (p - q);
1412}
1413
1414STACK_OF(SSL_CIPHER) *
1415ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num)
1416{
1417 CBS cbs;
1418 const SSL_CIPHER *c;
1419 STACK_OF(SSL_CIPHER) *sk = NULL;
1420 unsigned long cipher_id;
1421 uint16_t cipher_value, max_version;
1422
1423 if (s->s3)
1424 s->s3->send_connection_binding = 0;
1425
1426 /*
1427 * RFC 5246 section 7.4.1.2 defines the interval as [2,2^16-2].
1428 */
1429 if (num < 2 || num > 0x10000 - 2) {
1430 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1431 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1432 return (NULL);
1433 }
1434
1435 if ((sk = sk_SSL_CIPHER_new_null()) == NULL) {
1436 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
1437 goto err;
1438 }
1439
1440 CBS_init(&cbs, p, num);
1441 while (CBS_len(&cbs) > 0) {
1442 if (!CBS_get_u16(&cbs, &cipher_value)) {
1443 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1444 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
1445 goto err;
1446 }
1447
1448 cipher_id = SSL3_CK_ID | cipher_value;
1449
1450 if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) {
1451 /*
1452 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
1453 * renegotiating.
1454 */
1455 if (s->renegotiate) {
1456 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1457 SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1458 ssl3_send_alert(s, SSL3_AL_FATAL,
1459 SSL_AD_HANDSHAKE_FAILURE);
1460
1461 goto err;
1462 }
1463 s->s3->send_connection_binding = 1;
1464 continue;
1465 }
1466
1467 if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
1468 /*
1469 * TLS_FALLBACK_SCSV indicates that the client
1470 * previously tried a higher protocol version.
1471 * Fail if the current version is an unexpected
1472 * downgrade.
1473 */
1474 max_version = ssl_max_server_version(s);
1475 if (max_version == 0 || s->version < max_version) {
1476 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1477 SSL_R_INAPPROPRIATE_FALLBACK);
1478 if (s->s3 != NULL)
1479 ssl3_send_alert(s, SSL3_AL_FATAL,
1480 SSL_AD_INAPPROPRIATE_FALLBACK);
1481 goto err;
1482 }
1483 continue;
1484 }
1485
1486 if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
1487 if (!sk_SSL_CIPHER_push(sk, c)) {
1488 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
1489 ERR_R_MALLOC_FAILURE);
1490 goto err;
1491 }
1492 }
1493 }
1494
1495 return (sk);
1496
1497err:
1498 sk_SSL_CIPHER_free(sk);
1499
1500 return (NULL);
1501}
1502
1503
1504/*
1505 * Return a servername extension value if provided in Client Hello, or NULL.
1506 * So far, only host_name types are defined (RFC 3546).
1507 */
1508const char *
1509SSL_get_servername(const SSL *s, const int type)
1510{
1511 if (type != TLSEXT_NAMETYPE_host_name)
1512 return (NULL);
1513
1514 return (s->session && !s->tlsext_hostname ?
1515 s->session->tlsext_hostname :
1516 s->tlsext_hostname);
1517}
1518
1519int
1520SSL_get_servername_type(const SSL *s)
1521{
1522 if (s->session &&
1523 (!s->tlsext_hostname ?
1524 s->session->tlsext_hostname : s->tlsext_hostname))
1525 return (TLSEXT_NAMETYPE_host_name);
1526 return (-1);
1527}
1528
1529/*
1530 * SSL_select_next_proto implements the standard protocol selection. It is
1531 * expected that this function is called from the callback set by
1532 * SSL_CTX_set_next_proto_select_cb.
1533 *
1534 * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
1535 * strings. The length byte itself is not included in the length. A byte
1536 * string of length 0 is invalid. No byte string may be truncated.
1537 *
1538 * The current, but experimental algorithm for selecting the protocol is:
1539 *
1540 * 1) If the server doesn't support NPN then this is indicated to the
1541 * callback. In this case, the client application has to abort the connection
1542 * or have a default application level protocol.
1543 *
1544 * 2) If the server supports NPN, but advertises an empty list then the
1545 * client selects the first protcol in its list, but indicates via the
1546 * API that this fallback case was enacted.
1547 *
1548 * 3) Otherwise, the client finds the first protocol in the server's list
1549 * that it supports and selects this protocol. This is because it's
1550 * assumed that the server has better information about which protocol
1551 * a client should use.
1552 *
1553 * 4) If the client doesn't support any of the server's advertised
1554 * protocols, then this is treated the same as case 2.
1555 *
1556 * It returns either
1557 * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1558 * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1559 */
1560int
1561SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1562 const unsigned char *server, unsigned int server_len,
1563 const unsigned char *client, unsigned int client_len)
1564{
1565 unsigned int i, j;
1566 const unsigned char *result;
1567 int status = OPENSSL_NPN_UNSUPPORTED;
1568
1569 /*
1570 * For each protocol in server preference order,
1571 * see if we support it.
1572 */
1573 for (i = 0; i < server_len; ) {
1574 for (j = 0; j < client_len; ) {
1575 if (server[i] == client[j] &&
1576 memcmp(&server[i + 1],
1577 &client[j + 1], server[i]) == 0) {
1578 /* We found a match */
1579 result = &server[i];
1580 status = OPENSSL_NPN_NEGOTIATED;
1581 goto found;
1582 }
1583 j += client[j];
1584 j++;
1585 }
1586 i += server[i];
1587 i++;
1588 }
1589
1590 /* There's no overlap between our protocols and the server's list. */
1591 result = client;
1592 status = OPENSSL_NPN_NO_OVERLAP;
1593
1594found:
1595 *out = (unsigned char *) result + 1;
1596 *outlen = result[0];
1597 return (status);
1598}
1599
1600/*
1601 * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1602 * requested protocol for this connection and returns 0. If the client didn't
1603 * request any protocol, then *data is set to NULL.
1604 *
1605 * Note that the client can request any protocol it chooses. The value returned
1606 * from this function need not be a member of the list of supported protocols
1607 * provided by the callback.
1608 */
1609void
1610SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1611 unsigned *len)
1612{
1613 *data = s->next_proto_negotiated;
1614 if (!*data) {
1615 *len = 0;
1616 } else {
1617 *len = s->next_proto_negotiated_len;
1618 }
1619}
1620
1621/*
1622 * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1623 * TLS server needs a list of supported protocols for Next Protocol
1624 * Negotiation. The returned list must be in wire format. The list is returned
1625 * by setting |out| to point to it and |outlen| to its length. This memory will
1626 * not be modified, but one should assume that the SSL* keeps a reference to
1627 * it.
1628 *
1629 * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise.
1630 * Otherwise, no such extension will be included in the ServerHello.
1631 */
1632void
1633SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
1634 const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1635{
1636 ctx->next_protos_advertised_cb = cb;
1637 ctx->next_protos_advertised_cb_arg = arg;
1638}
1639
1640/*
1641 * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1642 * client needs to select a protocol from the server's provided list. |out|
1643 * must be set to point to the selected protocol (which may be within |in|).
1644 * The length of the protocol name must be written into |outlen|. The server's
1645 * advertised protocols are provided in |in| and |inlen|. The callback can
1646 * assume that |in| is syntactically valid.
1647 *
1648 * The client must select a protocol. It is fatal to the connection if this
1649 * callback returns a value other than SSL_TLSEXT_ERR_OK.
1650 */
1651void
1652SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
1653 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1654 unsigned int inlen, void *arg), void *arg)
1655{
1656 ctx->next_proto_select_cb = cb;
1657 ctx->next_proto_select_cb_arg = arg;
1658}
1659
1660/*
1661 * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
1662 * protocols, which must be in wire-format (i.e. a series of non-empty,
1663 * 8-bit length-prefixed strings). Returns 0 on success.
1664 */
1665int
1666SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
1667 unsigned int protos_len)
1668{
1669 free(ctx->alpn_client_proto_list);
1670 if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
1671 return (1);
1672 memcpy(ctx->alpn_client_proto_list, protos, protos_len);
1673 ctx->alpn_client_proto_list_len = protos_len;
1674
1675 return (0);
1676}
1677
1678/*
1679 * SSL_set_alpn_protos sets the ALPN protocol list to the specified
1680 * protocols, which must be in wire-format (i.e. a series of non-empty,
1681 * 8-bit length-prefixed strings). Returns 0 on success.
1682 */
1683int
1684SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
1685 unsigned int protos_len)
1686{
1687 free(ssl->alpn_client_proto_list);
1688 if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
1689 return (1);
1690 memcpy(ssl->alpn_client_proto_list, protos, protos_len);
1691 ssl->alpn_client_proto_list_len = protos_len;
1692
1693 return (0);
1694}
1695
1696/*
1697 * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
1698 * ClientHello processing in order to select an ALPN protocol from the
1699 * client's list of offered protocols.
1700 */
1701void
1702SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
1703 int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
1704 const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1705{
1706 ctx->alpn_select_cb = cb;
1707 ctx->alpn_select_cb_arg = arg;
1708}
1709
1710/*
1711 * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
1712 * it sets data to point to len bytes of protocol name (not including the
1713 * leading length-prefix byte). If the server didn't respond with* a negotiated
1714 * protocol then len will be zero.
1715 */
1716void
1717SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
1718 unsigned *len)
1719{
1720 *data = NULL;
1721 *len = 0;
1722
1723 if (ssl->s3 != NULL) {
1724 *data = ssl->s3->alpn_selected;
1725 *len = ssl->s3->alpn_selected_len;
1726 }
1727}
1728
1729int
1730SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1731 const char *label, size_t llen, const unsigned char *p, size_t plen,
1732 int use_context)
1733{
1734 if (s->version < TLS1_VERSION)
1735 return (-1);
1736
1737 return (s->method->ssl3_enc->export_keying_material(s, out, olen,
1738 label, llen, p, plen, use_context));
1739}
1740
1741static unsigned long
1742ssl_session_hash(const SSL_SESSION *a)
1743{
1744 unsigned long l;
1745
1746 l = (unsigned long)
1747 ((unsigned int) a->session_id[0] )|
1748 ((unsigned int) a->session_id[1]<< 8L)|
1749 ((unsigned long)a->session_id[2]<<16L)|
1750 ((unsigned long)a->session_id[3]<<24L);
1751 return (l);
1752}
1753
1754/*
1755 * NB: If this function (or indeed the hash function which uses a sort of
1756 * coarser function than this one) is changed, ensure
1757 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1758 * able to construct an SSL_SESSION that will collide with any existing session
1759 * with a matching session ID.
1760 */
1761static int
1762ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
1763{
1764 if (a->ssl_version != b->ssl_version)
1765 return (1);
1766 if (a->session_id_length != b->session_id_length)
1767 return (1);
1768 if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
1769 return (1);
1770 return (0);
1771}
1772
1773/*
1774 * These wrapper functions should remain rather than redeclaring
1775 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1776 * variable. The reason is that the functions aren't static, they're exposed via
1777 * ssl.h.
1778 */
1779static
1780IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1781static
1782IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1783
1784SSL_CTX *
1785SSL_CTX_new(const SSL_METHOD *meth)
1786{
1787 SSL_CTX *ret = NULL;
1788
1789 if (meth == NULL) {
1790 SSLerr(SSL_F_SSL_CTX_NEW,
1791 SSL_R_NULL_SSL_METHOD_PASSED);
1792 return (NULL);
1793 }
1794
1795 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
1796 SSLerr(SSL_F_SSL_CTX_NEW,
1797 SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
1798 goto err;
1799 }
1800 ret = calloc(1, sizeof(SSL_CTX));
1801 if (ret == NULL)
1802 goto err;
1803
1804 ret->method = meth;
1805
1806 ret->cert_store = NULL;
1807 ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
1808 ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
1809 ret->session_cache_head = NULL;
1810 ret->session_cache_tail = NULL;
1811
1812 /* We take the system default */
1813 ret->session_timeout = meth->get_timeout();
1814
1815 ret->new_session_cb = 0;
1816 ret->remove_session_cb = 0;
1817 ret->get_session_cb = 0;
1818 ret->generate_session_id = 0;
1819
1820 memset((char *)&ret->stats, 0, sizeof(ret->stats));
1821
1822 ret->references = 1;
1823 ret->quiet_shutdown = 0;
1824
1825 ret->info_callback = NULL;
1826
1827 ret->app_verify_callback = 0;
1828 ret->app_verify_arg = NULL;
1829
1830 ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
1831 ret->read_ahead = 0;
1832 ret->msg_callback = 0;
1833 ret->msg_callback_arg = NULL;
1834 ret->verify_mode = SSL_VERIFY_NONE;
1835 ret->sid_ctx_length = 0;
1836 ret->default_verify_callback = NULL;
1837 if ((ret->cert = ssl_cert_new()) == NULL)
1838 goto err;
1839
1840 ret->default_passwd_callback = 0;
1841 ret->default_passwd_callback_userdata = NULL;
1842 ret->client_cert_cb = 0;
1843 ret->app_gen_cookie_cb = 0;
1844 ret->app_verify_cookie_cb = 0;
1845
1846 ret->sessions = lh_SSL_SESSION_new();
1847 if (ret->sessions == NULL)
1848 goto err;
1849 ret->cert_store = X509_STORE_new();
1850 if (ret->cert_store == NULL)
1851 goto err;
1852
1853 ssl_create_cipher_list(ret->method, &ret->cipher_list,
1854 &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST);
1855 if (ret->cipher_list == NULL ||
1856 sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
1857 SSLerr(SSL_F_SSL_CTX_NEW,
1858 SSL_R_LIBRARY_HAS_NO_CIPHERS);
1859 goto err2;
1860 }
1861
1862 ret->param = X509_VERIFY_PARAM_new();
1863 if (!ret->param)
1864 goto err;
1865
1866 if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
1867 SSLerr(SSL_F_SSL_CTX_NEW,
1868 SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
1869 goto err2;
1870 }
1871 if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
1872 SSLerr(SSL_F_SSL_CTX_NEW,
1873 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
1874 goto err2;
1875 }
1876
1877 if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
1878 goto err;
1879
1880 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
1881
1882 ret->extra_certs = NULL;
1883
1884 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1885
1886 ret->tlsext_servername_callback = 0;
1887 ret->tlsext_servername_arg = NULL;
1888
1889 /* Setup RFC4507 ticket keys */
1890 arc4random_buf(ret->tlsext_tick_key_name, 16);
1891 arc4random_buf(ret->tlsext_tick_hmac_key, 16);
1892 arc4random_buf(ret->tlsext_tick_aes_key, 16);
1893
1894 ret->tlsext_status_cb = 0;
1895 ret->tlsext_status_arg = NULL;
1896
1897 ret->next_protos_advertised_cb = 0;
1898 ret->next_proto_select_cb = 0;
1899#ifndef OPENSSL_NO_ENGINE
1900 ret->client_cert_engine = NULL;
1901#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1902#define eng_strx(x) #x
1903#define eng_str(x) eng_strx(x)
1904 /* Use specific client engine automatically... ignore errors */
1905 {
1906 ENGINE *eng;
1907 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1908 if (!eng) {
1909 ERR_clear_error();
1910 ENGINE_load_builtin_engines();
1911 eng = ENGINE_by_id(eng_str(
1912 OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1913 }
1914 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1915 ERR_clear_error();
1916 }
1917#endif
1918#endif
1919 /*
1920 * Default is to connect to non-RI servers. When RI is more widely
1921 * deployed might change this.
1922 */
1923 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1924
1925 /* Disable SSLv3 by default. */
1926 ret->options |= SSL_OP_NO_SSLv3;
1927
1928 return (ret);
1929err:
1930 SSLerr(SSL_F_SSL_CTX_NEW,
1931 ERR_R_MALLOC_FAILURE);
1932err2:
1933 SSL_CTX_free(ret);
1934 return (NULL);
1935}
1936
1937void
1938SSL_CTX_free(SSL_CTX *a)
1939{
1940 int i;
1941
1942 if (a == NULL)
1943 return;
1944
1945 i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
1946 if (i > 0)
1947 return;
1948
1949 if (a->param)
1950 X509_VERIFY_PARAM_free(a->param);
1951
1952 /*
1953 * Free internal session cache. However: the remove_cb() may reference
1954 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
1955 * after the sessions were flushed.
1956 * As the ex_data handling routines might also touch the session cache,
1957 * the most secure solution seems to be: empty (flush) the cache, then
1958 * free ex_data, then finally free the cache.
1959 * (See ticket [openssl.org #212].)
1960 */
1961 if (a->sessions != NULL)
1962 SSL_CTX_flush_sessions(a, 0);
1963
1964 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1965
1966 if (a->sessions != NULL)
1967 lh_SSL_SESSION_free(a->sessions);
1968
1969 if (a->cert_store != NULL)
1970 X509_STORE_free(a->cert_store);
1971 if (a->cipher_list != NULL)
1972 sk_SSL_CIPHER_free(a->cipher_list);
1973 if (a->cipher_list_by_id != NULL)
1974 sk_SSL_CIPHER_free(a->cipher_list_by_id);
1975 if (a->cert != NULL)
1976 ssl_cert_free(a->cert);
1977 if (a->client_CA != NULL)
1978 sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
1979 if (a->extra_certs != NULL)
1980 sk_X509_pop_free(a->extra_certs, X509_free);
1981
1982#ifndef OPENSSL_NO_SRTP
1983 if (a->srtp_profiles)
1984 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
1985#endif
1986
1987#ifndef OPENSSL_NO_ENGINE
1988 if (a->client_cert_engine)
1989 ENGINE_finish(a->client_cert_engine);
1990#endif
1991
1992 free(a->alpn_client_proto_list);
1993
1994 free(a);
1995}
1996
1997void
1998SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
1999{
2000 ctx->default_passwd_callback = cb;
2001}
2002
2003void
2004SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
2005{
2006 ctx->default_passwd_callback_userdata = u;
2007}
2008
2009void
2010SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,
2011 void *), void *arg)
2012{
2013 ctx->app_verify_callback = cb;
2014 ctx->app_verify_arg = arg;
2015}
2016
2017void
2018SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
2019{
2020 ctx->verify_mode = mode;
2021 ctx->default_verify_callback = cb;
2022}
2023
2024void
2025SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
2026{
2027 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2028}
2029
2030void
2031ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
2032{
2033 CERT_PKEY *cpk;
2034 int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
2035 unsigned long mask_k, mask_a;
2036 int have_ecc_cert, ecdh_ok, ecdsa_ok;
2037 int have_ecdh_tmp;
2038 X509 *x = NULL;
2039 EVP_PKEY *ecc_pkey = NULL;
2040 int signature_nid = 0, pk_nid = 0, md_nid = 0;
2041
2042 if (c == NULL)
2043 return;
2044
2045 dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL ||
2046 c->dh_tmp_auto != 0);
2047
2048 have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL ||
2049 c->ecdh_tmp_auto != 0);
2050 cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
2051 rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
2052 cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
2053 rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2054 cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
2055 dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
2056/* FIX THIS EAY EAY EAY */
2057 cpk = &(c->pkeys[SSL_PKEY_ECC]);
2058 have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
2059 mask_k = 0;
2060 mask_a = 0;
2061
2062 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
2063 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
2064 mask_k |= SSL_kGOST;
2065 mask_a |= SSL_aGOST01;
2066 }
2067
2068 if (rsa_enc)
2069 mask_k|=SSL_kRSA;
2070
2071 if (dh_tmp)
2072 mask_k|=SSL_kDHE;
2073
2074 if (rsa_enc || rsa_sign)
2075 mask_a|=SSL_aRSA;
2076
2077 if (dsa_sign)
2078 mask_a|=SSL_aDSS;
2079
2080 mask_a|=SSL_aNULL;
2081
2082 /*
2083 * An ECC certificate may be usable for ECDH and/or
2084 * ECDSA cipher suites depending on the key usage extension.
2085 */
2086 if (have_ecc_cert) {
2087 /* This call populates extension flags (ex_flags) */
2088 x = (c->pkeys[SSL_PKEY_ECC]).x509;
2089 X509_check_purpose(x, -1, 0);
2090 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2091 (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
2092 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
2093 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
2094 ecc_pkey = X509_get_pubkey(x);
2095 EVP_PKEY_free(ecc_pkey);
2096 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2097 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2098 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2099 }
2100 if (ecdh_ok) {
2101 if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
2102 mask_k|=SSL_kECDHr;
2103 mask_a|=SSL_aECDH;
2104 }
2105 if (pk_nid == NID_X9_62_id_ecPublicKey) {
2106 mask_k|=SSL_kECDHe;
2107 mask_a|=SSL_aECDH;
2108 }
2109 }
2110 if (ecdsa_ok)
2111 mask_a|=SSL_aECDSA;
2112 }
2113
2114 if (have_ecdh_tmp) {
2115 mask_k|=SSL_kECDHE;
2116 }
2117
2118
2119 c->mask_k = mask_k;
2120 c->mask_a = mask_a;
2121 c->valid = 1;
2122}
2123
2124/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
2125#define ku_reject(x, usage) \
2126 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
2127
2128
2129int
2130ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
2131{
2132 unsigned long alg_k, alg_a;
2133 int signature_nid = 0, md_nid = 0, pk_nid = 0;
2134 const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
2135
2136 alg_k = cs->algorithm_mkey;
2137 alg_a = cs->algorithm_auth;
2138
2139 /* This call populates the ex_flags field correctly */
2140 X509_check_purpose(x, -1, 0);
2141 if ((x->sig_alg) && (x->sig_alg->algorithm)) {
2142 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
2143 OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
2144 }
2145 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
2146 /* key usage, if present, must allow key agreement */
2147 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
2148 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2149 SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
2150 return (0);
2151 }
2152 if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) <
2153 TLS1_2_VERSION) {
2154 /* signature alg must be ECDSA */
2155 if (pk_nid != NID_X9_62_id_ecPublicKey) {
2156 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2157 SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
2158 return (0);
2159 }
2160 }
2161 if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) <
2162 TLS1_2_VERSION) {
2163 /* signature alg must be RSA */
2164 if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
2165 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2166 SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
2167 return (0);
2168 }
2169 }
2170 }
2171 if (alg_a & SSL_aECDSA) {
2172 /* key usage, if present, must allow signing */
2173 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
2174 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
2175 SSL_R_ECC_CERT_NOT_FOR_SIGNING);
2176 return (0);
2177 }
2178 }
2179
2180 return (1);
2181 /* all checks are ok */
2182}
2183
2184
2185/* THIS NEEDS CLEANING UP */
2186CERT_PKEY *
2187ssl_get_server_send_pkey(const SSL *s)
2188{
2189 unsigned long alg_k, alg_a;
2190 CERT *c;
2191 int i;
2192
2193 c = s->cert;
2194 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
2195
2196 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2197 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
2198
2199 if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
2200 /*
2201 * We don't need to look at SSL_kECDHE
2202 * since no certificate is needed for
2203 * anon ECDH and for authenticated
2204 * ECDHE, the check for the auth
2205 * algorithm will set i correctly
2206 * NOTE: For ECDH-RSA, we need an ECC
2207 * not an RSA cert but for EECDH-RSA
2208 * we need an RSA cert. Placing the
2209 * checks for SSL_kECDH before RSA
2210 * checks ensures the correct cert is chosen.
2211 */
2212 i = SSL_PKEY_ECC;
2213 } else if (alg_a & SSL_aECDSA) {
2214 i = SSL_PKEY_ECC;
2215 } else if (alg_a & SSL_aDSS) {
2216 i = SSL_PKEY_DSA_SIGN;
2217 } else if (alg_a & SSL_aRSA) {
2218 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
2219 i = SSL_PKEY_RSA_SIGN;
2220 else
2221 i = SSL_PKEY_RSA_ENC;
2222 } else if (alg_a & SSL_aGOST01) {
2223 i = SSL_PKEY_GOST01;
2224 } else { /* if (alg_a & SSL_aNULL) */
2225 SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
2226 return (NULL);
2227 }
2228
2229 return (c->pkeys + i);
2230}
2231
2232X509 *
2233ssl_get_server_send_cert(const SSL *s)
2234{
2235 CERT_PKEY *cpk;
2236
2237 cpk = ssl_get_server_send_pkey(s);
2238 if (!cpk)
2239 return (NULL);
2240 return (cpk->x509);
2241}
2242
2243EVP_PKEY *
2244ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd)
2245{
2246 unsigned long alg_a;
2247 CERT *c;
2248 int idx = -1;
2249
2250 alg_a = cipher->algorithm_auth;
2251 c = s->cert;
2252
2253 if ((alg_a & SSL_aDSS) &&
2254 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
2255 idx = SSL_PKEY_DSA_SIGN;
2256 else if (alg_a & SSL_aRSA) {
2257 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
2258 idx = SSL_PKEY_RSA_SIGN;
2259 else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
2260 idx = SSL_PKEY_RSA_ENC;
2261 } else if ((alg_a & SSL_aECDSA) &&
2262 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
2263 idx = SSL_PKEY_ECC;
2264 if (idx == -1) {
2265 SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
2266 return (NULL);
2267 }
2268 if (pmd)
2269 *pmd = c->pkeys[idx].digest;
2270 return (c->pkeys[idx].privatekey);
2271}
2272
2273DH *
2274ssl_get_auto_dh(SSL *s)
2275{
2276 CERT_PKEY *cpk;
2277 int keylen;
2278 DH *dhp;
2279
2280 if (s->cert->dh_tmp_auto == 2) {
2281 keylen = 1024;
2282 } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
2283 keylen = 1024;
2284 if (s->s3->tmp.new_cipher->strength_bits == 256)
2285 keylen = 3072;
2286 } else {
2287 if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
2288 return (NULL);
2289 if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL)
2290 return (NULL);
2291 keylen = EVP_PKEY_bits(cpk->privatekey);
2292 }
2293
2294 if ((dhp = DH_new()) == NULL)
2295 return (NULL);
2296
2297 dhp->g = BN_new();
2298 if (dhp->g != NULL)
2299 BN_set_word(dhp->g, 2);
2300
2301 if (keylen >= 8192)
2302 dhp->p = get_rfc3526_prime_8192(NULL);
2303 else if (keylen >= 4096)
2304 dhp->p = get_rfc3526_prime_4096(NULL);
2305 else if (keylen >= 3072)
2306 dhp->p = get_rfc3526_prime_3072(NULL);
2307 else if (keylen >= 2048)
2308 dhp->p = get_rfc3526_prime_2048(NULL);
2309 else if (keylen >= 1536)
2310 dhp->p = get_rfc3526_prime_1536(NULL);
2311 else
2312 dhp->p = get_rfc2409_prime_1024(NULL);
2313
2314 if (dhp->p == NULL || dhp->g == NULL) {
2315 DH_free(dhp);
2316 return (NULL);
2317 }
2318 return (dhp);
2319}
2320
2321void
2322ssl_update_cache(SSL *s, int mode)
2323{
2324 int i;
2325
2326 /*
2327 * If the session_id_length is 0, we are not supposed to cache it,
2328 * and it would be rather hard to do anyway :-)
2329 */
2330 if (s->session->session_id_length == 0)
2331 return;
2332
2333 i = s->session_ctx->session_cache_mode;
2334 if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
2335 || SSL_CTX_add_session(s->session_ctx, s->session))
2336 && (s->session_ctx->new_session_cb != NULL)) {
2337 CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
2338 if (!s->session_ctx->new_session_cb(s, s->session))
2339 SSL_SESSION_free(s->session);
2340 }
2341
2342 /* auto flush every 255 connections */
2343 if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
2344 ((i & mode) == mode)) {
2345 if ((((mode & SSL_SESS_CACHE_CLIENT) ?
2346 s->session_ctx->stats.sess_connect_good :
2347 s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
2348 SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
2349 }
2350 }
2351}
2352
2353const SSL_METHOD *
2354SSL_get_ssl_method(SSL *s)
2355{
2356 return (s->method);
2357}
2358
2359int
2360SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2361{
2362 int conn = -1;
2363 int ret = 1;
2364
2365 if (s->method != meth) {
2366 if (s->handshake_func != NULL)
2367 conn = (s->handshake_func == s->method->ssl_connect);
2368
2369 if (s->method->version == meth->version)
2370 s->method = meth;
2371 else {
2372 s->method->ssl_free(s);
2373 s->method = meth;
2374 ret = s->method->ssl_new(s);
2375 }
2376
2377 if (conn == 1)
2378 s->handshake_func = meth->ssl_connect;
2379 else if (conn == 0)
2380 s->handshake_func = meth->ssl_accept;
2381 }
2382 return (ret);
2383}
2384
2385int
2386SSL_get_error(const SSL *s, int i)
2387{
2388 int reason;
2389 unsigned long l;
2390 BIO *bio;
2391
2392 if (i > 0)
2393 return (SSL_ERROR_NONE);
2394
2395 /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
2396 * etc, where we do encode the error */
2397 if ((l = ERR_peek_error()) != 0) {
2398 if (ERR_GET_LIB(l) == ERR_LIB_SYS)
2399 return (SSL_ERROR_SYSCALL);
2400 else
2401 return (SSL_ERROR_SSL);
2402 }
2403
2404 if ((i < 0) && SSL_want_read(s)) {
2405 bio = SSL_get_rbio(s);
2406 if (BIO_should_read(bio)) {
2407 return (SSL_ERROR_WANT_READ);
2408 } else if (BIO_should_write(bio)) {
2409 /*
2410 * This one doesn't make too much sense... We never
2411 * try to write to the rbio, and an application
2412 * program where rbio and wbio are separate couldn't
2413 * even know what it should wait for. However if we
2414 * ever set s->rwstate incorrectly (so that we have
2415 * SSL_want_read(s) instead of SSL_want_write(s))
2416 * and rbio and wbio *are* the same, this test works
2417 * around that bug; so it might be safer to keep it.
2418 */
2419 return (SSL_ERROR_WANT_WRITE);
2420 } else if (BIO_should_io_special(bio)) {
2421 reason = BIO_get_retry_reason(bio);
2422 if (reason == BIO_RR_CONNECT)
2423 return (SSL_ERROR_WANT_CONNECT);
2424 else if (reason == BIO_RR_ACCEPT)
2425 return (SSL_ERROR_WANT_ACCEPT);
2426 else
2427 return (SSL_ERROR_SYSCALL); /* unknown */
2428 }
2429 }
2430
2431 if ((i < 0) && SSL_want_write(s)) {
2432 bio = SSL_get_wbio(s);
2433 if (BIO_should_write(bio)) {
2434 return (SSL_ERROR_WANT_WRITE);
2435 } else if (BIO_should_read(bio)) {
2436 /*
2437 * See above (SSL_want_read(s) with
2438 * BIO_should_write(bio))
2439 */
2440 return (SSL_ERROR_WANT_READ);
2441 } else if (BIO_should_io_special(bio)) {
2442 reason = BIO_get_retry_reason(bio);
2443 if (reason == BIO_RR_CONNECT)
2444 return (SSL_ERROR_WANT_CONNECT);
2445 else if (reason == BIO_RR_ACCEPT)
2446 return (SSL_ERROR_WANT_ACCEPT);
2447 else
2448 return (SSL_ERROR_SYSCALL);
2449 }
2450 }
2451 if ((i < 0) && SSL_want_x509_lookup(s)) {
2452 return (SSL_ERROR_WANT_X509_LOOKUP);
2453 }
2454
2455 if (i == 0) {
2456 if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
2457 (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
2458 return (SSL_ERROR_ZERO_RETURN);
2459 }
2460 return (SSL_ERROR_SYSCALL);
2461}
2462
2463int
2464SSL_do_handshake(SSL *s)
2465{
2466 int ret = 1;
2467
2468 if (s->handshake_func == NULL) {
2469 SSLerr(SSL_F_SSL_DO_HANDSHAKE,
2470 SSL_R_CONNECTION_TYPE_NOT_SET);
2471 return (-1);
2472 }
2473
2474 s->method->ssl_renegotiate_check(s);
2475
2476 if (SSL_in_init(s) || SSL_in_before(s)) {
2477 ret = s->handshake_func(s);
2478 }
2479 return (ret);
2480}
2481
2482/*
2483 * For the next 2 functions, SSL_clear() sets shutdown and so
2484 * one of these calls will reset it
2485 */
2486void
2487SSL_set_accept_state(SSL *s)
2488{
2489 s->server = 1;
2490 s->shutdown = 0;
2491 s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
2492 s->handshake_func = s->method->ssl_accept;
2493 /* clear the current cipher */
2494 ssl_clear_cipher_ctx(s);
2495 ssl_clear_hash_ctx(&s->read_hash);
2496 ssl_clear_hash_ctx(&s->write_hash);
2497}
2498
2499void
2500SSL_set_connect_state(SSL *s)
2501{
2502 s->server = 0;
2503 s->shutdown = 0;
2504 s->state = SSL_ST_CONNECT|SSL_ST_BEFORE;
2505 s->handshake_func = s->method->ssl_connect;
2506 /* clear the current cipher */
2507 ssl_clear_cipher_ctx(s);
2508 ssl_clear_hash_ctx(&s->read_hash);
2509 ssl_clear_hash_ctx(&s->write_hash);
2510}
2511
2512int
2513ssl_undefined_function(SSL *s)
2514{
2515 SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,
2516 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2517 return (0);
2518}
2519
2520int
2521ssl_undefined_void_function(void)
2522{
2523 SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
2524 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2525 return (0);
2526}
2527
2528int
2529ssl_undefined_const_function(const SSL *s)
2530{
2531 SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
2532 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2533 return (0);
2534}
2535
2536SSL_METHOD *
2537ssl_bad_method(int ver)
2538{
2539 SSLerr(SSL_F_SSL_BAD_METHOD,
2540 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
2541 return (NULL);
2542}
2543
2544const char *
2545ssl_version_string(int ver)
2546{
2547 switch (ver) {
2548 case DTLS1_BAD_VER:
2549 return (SSL_TXT_DTLS1_BAD);
2550 case DTLS1_VERSION:
2551 return (SSL_TXT_DTLS1);
2552 case SSL3_VERSION:
2553 return (SSL_TXT_SSLV3);
2554 case TLS1_VERSION:
2555 return (SSL_TXT_TLSV1);
2556 case TLS1_1_VERSION:
2557 return (SSL_TXT_TLSV1_1);
2558 case TLS1_2_VERSION:
2559 return (SSL_TXT_TLSV1_2);
2560 default:
2561 return ("unknown");
2562 }
2563}
2564
2565const char *
2566SSL_get_version(const SSL *s)
2567{
2568 return ssl_version_string(s->version);
2569}
2570
2571uint16_t
2572ssl_max_server_version(SSL *s)
2573{
2574 uint16_t max_version;
2575
2576 /*
2577 * The SSL method will be changed during version negotiation, as such
2578 * we want to use the SSL method from the context.
2579 */
2580 max_version = s->ctx->method->version;
2581
2582 if (SSL_IS_DTLS(s))
2583 return (DTLS1_VERSION);
2584
2585 if ((s->options & SSL_OP_NO_TLSv1_2) == 0 &&
2586 max_version >= TLS1_2_VERSION)
2587 return (TLS1_2_VERSION);
2588 if ((s->options & SSL_OP_NO_TLSv1_1) == 0 &&
2589 max_version >= TLS1_1_VERSION)
2590 return (TLS1_1_VERSION);
2591 if ((s->options & SSL_OP_NO_TLSv1) == 0 &&
2592 max_version >= TLS1_VERSION)
2593 return (TLS1_VERSION);
2594 if ((s->options & SSL_OP_NO_SSLv3) == 0 &&
2595 max_version >= SSL3_VERSION)
2596 return (SSL3_VERSION);
2597
2598 return (0);
2599}
2600
2601SSL *
2602SSL_dup(SSL *s)
2603{
2604 STACK_OF(X509_NAME) *sk;
2605 X509_NAME *xn;
2606 SSL *ret;
2607 int i;
2608
2609 if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2610 return (NULL);
2611
2612 ret->version = s->version;
2613 ret->type = s->type;
2614 ret->method = s->method;
2615
2616 if (s->session != NULL) {
2617 /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
2618 SSL_copy_session_id(ret, s);
2619 } else {
2620 /*
2621 * No session has been established yet, so we have to expect
2622 * that s->cert or ret->cert will be changed later --
2623 * they should not both point to the same object,
2624 * and thus we can't use SSL_copy_session_id.
2625 */
2626
2627 ret->method->ssl_free(ret);
2628 ret->method = s->method;
2629 ret->method->ssl_new(ret);
2630
2631 if (s->cert != NULL) {
2632 if (ret->cert != NULL) {
2633 ssl_cert_free(ret->cert);
2634 }
2635 ret->cert = ssl_cert_dup(s->cert);
2636 if (ret->cert == NULL)
2637 goto err;
2638 }
2639
2640 SSL_set_session_id_context(ret,
2641 s->sid_ctx, s->sid_ctx_length);
2642 }
2643
2644 ret->options = s->options;
2645 ret->mode = s->mode;
2646 SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
2647 SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
2648 ret->msg_callback = s->msg_callback;
2649 ret->msg_callback_arg = s->msg_callback_arg;
2650 SSL_set_verify(ret, SSL_get_verify_mode(s),
2651 SSL_get_verify_callback(s));
2652 SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
2653 ret->generate_session_id = s->generate_session_id;
2654
2655 SSL_set_info_callback(ret, SSL_get_info_callback(s));
2656
2657 ret->debug = s->debug;
2658
2659 /* copy app data, a little dangerous perhaps */
2660 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
2661 &ret->ex_data, &s->ex_data))
2662 goto err;
2663
2664 /* setup rbio, and wbio */
2665 if (s->rbio != NULL) {
2666 if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
2667 goto err;
2668 }
2669 if (s->wbio != NULL) {
2670 if (s->wbio != s->rbio) {
2671 if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
2672 goto err;
2673 } else
2674 ret->wbio = ret->rbio;
2675 }
2676 ret->rwstate = s->rwstate;
2677 ret->in_handshake = s->in_handshake;
2678 ret->handshake_func = s->handshake_func;
2679 ret->server = s->server;
2680 ret->renegotiate = s->renegotiate;
2681 ret->new_session = s->new_session;
2682 ret->quiet_shutdown = s->quiet_shutdown;
2683 ret->shutdown = s->shutdown;
2684 /* SSL_dup does not really work at any state, though */
2685 ret->state=s->state;
2686 ret->rstate = s->rstate;
2687
2688 /*
2689 * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
2690 * ret->init_off
2691 */
2692 ret->init_num = 0;
2693
2694 ret->hit = s->hit;
2695
2696 X509_VERIFY_PARAM_inherit(ret->param, s->param);
2697
2698 /* dup the cipher_list and cipher_list_by_id stacks */
2699 if (s->cipher_list != NULL) {
2700 if ((ret->cipher_list =
2701 sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
2702 goto err;
2703 }
2704 if (s->cipher_list_by_id != NULL) {
2705 if ((ret->cipher_list_by_id =
2706 sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL)
2707 goto err;
2708 }
2709
2710 /* Dup the client_CA list */
2711 if (s->client_CA != NULL) {
2712 if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
2713 ret->client_CA = sk;
2714 for (i = 0; i < sk_X509_NAME_num(sk); i++) {
2715 xn = sk_X509_NAME_value(sk, i);
2716 if (sk_X509_NAME_set(sk, i,
2717 X509_NAME_dup(xn)) == NULL) {
2718 X509_NAME_free(xn);
2719 goto err;
2720 }
2721 }
2722 }
2723
2724 if (0) {
2725err:
2726 if (ret != NULL)
2727 SSL_free(ret);
2728 ret = NULL;
2729 }
2730 return (ret);
2731}
2732
2733void
2734ssl_clear_cipher_ctx(SSL *s)
2735{
2736 EVP_CIPHER_CTX_free(s->enc_read_ctx);
2737 s->enc_read_ctx = NULL;
2738 EVP_CIPHER_CTX_free(s->enc_write_ctx);
2739 s->enc_write_ctx = NULL;
2740
2741 if (s->aead_read_ctx != NULL) {
2742 EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx);
2743 free(s->aead_read_ctx);
2744 s->aead_read_ctx = NULL;
2745 }
2746 if (s->aead_write_ctx != NULL) {
2747 EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx);
2748 free(s->aead_write_ctx);
2749 s->aead_write_ctx = NULL;
2750 }
2751
2752}
2753
2754/* Fix this function so that it takes an optional type parameter */
2755X509 *
2756SSL_get_certificate(const SSL *s)
2757{
2758 if (s->cert != NULL)
2759 return (s->cert->key->x509);
2760 else
2761 return (NULL);
2762}
2763
2764/* Fix this function so that it takes an optional type parameter */
2765EVP_PKEY *
2766SSL_get_privatekey(SSL *s)
2767{
2768 if (s->cert != NULL)
2769 return (s->cert->key->privatekey);
2770 else
2771 return (NULL);
2772}
2773
2774const SSL_CIPHER *
2775SSL_get_current_cipher(const SSL *s)
2776{
2777 if ((s->session != NULL) && (s->session->cipher != NULL))
2778 return (s->session->cipher);
2779 return (NULL);
2780}
2781const void *
2782SSL_get_current_compression(SSL *s)
2783{
2784 return (NULL);
2785}
2786
2787const void *
2788SSL_get_current_expansion(SSL *s)
2789{
2790 return (NULL);
2791}
2792
2793int
2794ssl_init_wbio_buffer(SSL *s, int push)
2795{
2796 BIO *bbio;
2797
2798 if (s->bbio == NULL) {
2799 bbio = BIO_new(BIO_f_buffer());
2800 if (bbio == NULL)
2801 return (0);
2802 s->bbio = bbio;
2803 } else {
2804 bbio = s->bbio;
2805 if (s->bbio == s->wbio)
2806 s->wbio = BIO_pop(s->wbio);
2807 }
2808 (void)BIO_reset(bbio);
2809/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
2810 if (!BIO_set_read_buffer_size(bbio, 1)) {
2811 SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,
2812 ERR_R_BUF_LIB);
2813 return (0);
2814 }
2815 if (push) {
2816 if (s->wbio != bbio)
2817 s->wbio = BIO_push(bbio, s->wbio);
2818 } else {
2819 if (s->wbio == bbio)
2820 s->wbio = BIO_pop(bbio);
2821 }
2822 return (1);
2823}
2824
2825void
2826ssl_free_wbio_buffer(SSL *s)
2827{
2828 if (s == NULL)
2829 return;
2830
2831 if (s->bbio == NULL)
2832 return;
2833
2834 if (s->bbio == s->wbio) {
2835 /* remove buffering */
2836 s->wbio = BIO_pop(s->wbio);
2837 }
2838 BIO_free(s->bbio);
2839 s->bbio = NULL;
2840}
2841
2842void
2843SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
2844{
2845 ctx->quiet_shutdown = mode;
2846}
2847
2848int
2849SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
2850{
2851 return (ctx->quiet_shutdown);
2852}
2853
2854void
2855SSL_set_quiet_shutdown(SSL *s, int mode)
2856{
2857 s->quiet_shutdown = mode;
2858}
2859
2860int
2861SSL_get_quiet_shutdown(const SSL *s)
2862{
2863 return (s->quiet_shutdown);
2864}
2865
2866void
2867SSL_set_shutdown(SSL *s, int mode)
2868{
2869 s->shutdown = mode;
2870}
2871
2872int
2873SSL_get_shutdown(const SSL *s)
2874{
2875 return (s->shutdown);
2876}
2877
2878int
2879SSL_version(const SSL *s)
2880{
2881 return (s->version);
2882}
2883
2884SSL_CTX *
2885SSL_get_SSL_CTX(const SSL *ssl)
2886{
2887 return (ssl->ctx);
2888}
2889
2890SSL_CTX *
2891SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
2892{
2893 if (ssl->ctx == ctx)
2894 return (ssl->ctx);
2895 if (ctx == NULL)
2896 ctx = ssl->initial_ctx;
2897 if (ssl->cert != NULL)
2898 ssl_cert_free(ssl->cert);
2899 ssl->cert = ssl_cert_dup(ctx->cert);
2900 CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
2901 SSL_CTX_free(ssl->ctx); /* decrement reference count */
2902 ssl->ctx = ctx;
2903 return (ssl->ctx);
2904}
2905
2906int
2907SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
2908{
2909 return (X509_STORE_set_default_paths(ctx->cert_store));
2910}
2911
2912int
2913SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
2914 const char *CApath)
2915{
2916 return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
2917}
2918
2919int
2920SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
2921{
2922 return (X509_STORE_load_mem(ctx->cert_store, buf, len));
2923}
2924
2925void
2926SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
2927{
2928 ssl->info_callback = cb;
2929}
2930
2931void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
2932{
2933 return (ssl->info_callback);
2934}
2935
2936int
2937SSL_state(const SSL *ssl)
2938{
2939 return (ssl->state);
2940}
2941
2942void
2943SSL_set_state(SSL *ssl, int state)
2944{
2945 ssl->state = state;
2946}
2947
2948void
2949SSL_set_verify_result(SSL *ssl, long arg)
2950{
2951 ssl->verify_result = arg;
2952}
2953
2954long
2955SSL_get_verify_result(const SSL *ssl)
2956{
2957 return (ssl->verify_result);
2958}
2959
2960int
2961SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2962 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2963{
2964 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
2965 new_func, dup_func, free_func));
2966}
2967
2968int
2969SSL_set_ex_data(SSL *s, int idx, void *arg)
2970{
2971 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2972}
2973
2974void *
2975SSL_get_ex_data(const SSL *s, int idx)
2976{
2977 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2978}
2979
2980int
2981SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
2982 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
2983{
2984 return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
2985 new_func, dup_func, free_func));
2986}
2987
2988int
2989SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
2990{
2991 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
2992}
2993
2994void *
2995SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
2996{
2997 return (CRYPTO_get_ex_data(&s->ex_data, idx));
2998}
2999
3000int
3001ssl_ok(SSL *s)
3002{
3003 return (1);
3004}
3005
3006X509_STORE *
3007SSL_CTX_get_cert_store(const SSL_CTX *ctx)
3008{
3009 return (ctx->cert_store);
3010}
3011
3012void
3013SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
3014{
3015 if (ctx->cert_store != NULL)
3016 X509_STORE_free(ctx->cert_store);
3017 ctx->cert_store = store;
3018}
3019
3020int
3021SSL_want(const SSL *s)
3022{
3023 return (s->rwstate);
3024}
3025
3026void
3027SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
3028 int keylength))
3029{
3030 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3031}
3032
3033void
3034SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
3035 int keylength))
3036{
3037 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
3038}
3039
3040void
3041SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
3042 int keylength))
3043{
3044 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3045}
3046
3047void
3048SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
3049 int keylength))
3050{
3051 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
3052}
3053
3054void
3055SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
3056 int is_export, int keylength))
3057{
3058 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
3059 (void (*)(void))ecdh);
3060}
3061
3062void
3063SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
3064 int keylength))
3065{
3066 SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
3067}
3068
3069
3070void
3071SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
3072 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3073{
3074 SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
3075 (void (*)(void))cb);
3076}
3077
3078void
3079SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
3080 int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
3081{
3082 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
3083}
3084
3085/*
3086 * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3087 * variable, freeing EVP_MD_CTX previously stored in that variable, if
3088 * any. If EVP_MD pointer is passed, initializes ctx with this md
3089 * Returns newly allocated ctx;
3090 */
3091EVP_MD_CTX *
3092ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
3093{
3094 ssl_clear_hash_ctx(hash);
3095 *hash = EVP_MD_CTX_create();
3096 if (*hash != NULL && md != NULL) {
3097 if (!EVP_DigestInit_ex(*hash, md, NULL)) {
3098 ssl_clear_hash_ctx(hash);
3099 return (NULL);
3100 }
3101 }
3102 return (*hash);
3103}
3104
3105void
3106ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3107{
3108 if (*hash)
3109 EVP_MD_CTX_destroy(*hash);
3110 *hash = NULL;
3111}
3112
3113void
3114SSL_set_debug(SSL *s, int debug)
3115{
3116 s->debug = debug;
3117}
3118
3119int
3120SSL_cache_hit(SSL *s)
3121{
3122 return (s->hit);
3123}
3124
3125IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
deleted file mode 100644
index 74b699a48c..0000000000
--- a/src/lib/libssl/ssl_locl.h
+++ /dev/null
@@ -1,875 +0,0 @@
1/* $OpenBSD: ssl_locl.h,v 1.100 2015/07/24 07:57:48 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#ifndef HEADER_SSL_LOCL_H
144#define HEADER_SSL_LOCL_H
145
146#include <sys/types.h>
147
148#include <errno.h>
149#include <stdlib.h>
150#include <string.h>
151#include <time.h>
152#include <unistd.h>
153
154#include <openssl/opensslconf.h>
155#include <openssl/bio.h>
156#include <openssl/buffer.h>
157#include <openssl/dsa.h>
158#include <openssl/err.h>
159#include <openssl/rsa.h>
160#include <openssl/ssl.h>
161#include <openssl/stack.h>
162
163#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
164 l|=(((unsigned long)(*((c)++)))<< 8), \
165 l|=(((unsigned long)(*((c)++)))<<16), \
166 l|=(((unsigned long)(*((c)++)))<<24))
167
168/* NOTE - c is not incremented as per c2l */
169#define c2ln(c,l1,l2,n) { \
170 c+=n; \
171 l1=l2=0; \
172 switch (n) { \
173 case 8: l2 =((unsigned long)(*(--(c))))<<24; \
174 case 7: l2|=((unsigned long)(*(--(c))))<<16; \
175 case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
176 case 5: l2|=((unsigned long)(*(--(c)))); \
177 case 4: l1 =((unsigned long)(*(--(c))))<<24; \
178 case 3: l1|=((unsigned long)(*(--(c))))<<16; \
179 case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
180 case 1: l1|=((unsigned long)(*(--(c)))); \
181 } \
182 }
183
184#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
185 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
186 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
187 *((c)++)=(unsigned char)(((l)>>24)&0xff))
188
189#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
190 l|=((unsigned long)(*((c)++)))<<16, \
191 l|=((unsigned long)(*((c)++)))<< 8, \
192 l|=((unsigned long)(*((c)++))))
193
194#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
195 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
196 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
197 *((c)++)=(unsigned char)(((l) )&0xff))
198
199#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
200 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
201 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
202 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
203 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
204 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
205 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
206 *((c)++)=(unsigned char)(((l) )&0xff))
207
208/* NOTE - c is not incremented as per l2c */
209#define l2cn(l1,l2,c,n) { \
210 c+=n; \
211 switch (n) { \
212 case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
213 case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
214 case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
215 case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
216 case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
217 case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
218 case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
219 case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
220 } \
221 }
222
223#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
224 (((unsigned int)(c[1])) )),c+=2)
225#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
226 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
227
228#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
229 (((unsigned long)(c[1]))<< 8)| \
230 (((unsigned long)(c[2])) )),c+=3)
231
232#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
233 c[1]=(unsigned char)(((l)>> 8)&0xff), \
234 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
235
236/* LOCAL STUFF */
237
238#define SSL_DECRYPT 0
239#define SSL_ENCRYPT 1
240
241/*
242 * Define the Bitmasks for SSL_CIPHER.algorithms.
243 * This bits are used packed as dense as possible. If new methods/ciphers
244 * etc will be added, the bits a likely to change, so this information
245 * is for internal library use only, even though SSL_CIPHER.algorithms
246 * can be publicly accessed.
247 * Use the according functions for cipher management instead.
248 *
249 * The bit mask handling in the selection and sorting scheme in
250 * ssl_create_cipher_list() has only limited capabilities, reflecting
251 * that the different entities within are mutually exclusive:
252 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
253 */
254
255/* Bits for algorithm_mkey (key exchange algorithm) */
256#define SSL_kRSA 0x00000001L /* RSA key exchange */
257#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
258#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
259#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
260#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
261#define SSL_kGOST 0x00000200L /* GOST key exchange */
262
263/* Bits for algorithm_auth (server authentication) */
264#define SSL_aRSA 0x00000001L /* RSA auth */
265#define SSL_aDSS 0x00000002L /* DSS auth */
266#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
267#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
268#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
269#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
270
271
272/* Bits for algorithm_enc (symmetric encryption) */
273#define SSL_DES 0x00000001L
274#define SSL_3DES 0x00000002L
275#define SSL_RC4 0x00000004L
276#define SSL_IDEA 0x00000008L
277#define SSL_eNULL 0x00000010L
278#define SSL_AES128 0x00000020L
279#define SSL_AES256 0x00000040L
280#define SSL_CAMELLIA128 0x00000080L
281#define SSL_CAMELLIA256 0x00000100L
282#define SSL_eGOST2814789CNT 0x00000200L
283#define SSL_AES128GCM 0x00000400L
284#define SSL_AES256GCM 0x00000800L
285#define SSL_CHACHA20POLY1305 0x00001000L
286
287#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
288#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
289
290
291/* Bits for algorithm_mac (symmetric authentication) */
292
293#define SSL_MD5 0x00000001L
294#define SSL_SHA1 0x00000002L
295#define SSL_GOST94 0x00000004L
296#define SSL_GOST89MAC 0x00000008L
297#define SSL_SHA256 0x00000010L
298#define SSL_SHA384 0x00000020L
299/* Not a real MAC, just an indication it is part of cipher */
300#define SSL_AEAD 0x00000040L
301#define SSL_STREEBOG256 0x00000080L
302#define SSL_STREEBOG512 0x00000100L
303
304/* Bits for algorithm_ssl (protocol version) */
305#define SSL_SSLV3 0x00000002L
306#define SSL_TLSV1 SSL_SSLV3 /* for now */
307#define SSL_TLSV1_2 0x00000004L
308
309
310/* Bits for algorithm2 (handshake digests and other extra flags) */
311
312#define SSL_HANDSHAKE_MAC_MD5 0x10
313#define SSL_HANDSHAKE_MAC_SHA 0x20
314#define SSL_HANDSHAKE_MAC_GOST94 0x40
315#define SSL_HANDSHAKE_MAC_SHA256 0x80
316#define SSL_HANDSHAKE_MAC_SHA384 0x100
317#define SSL_HANDSHAKE_MAC_STREEBOG256 0x200
318#define SSL_HANDSHAKE_MAC_STREEBOG512 0x400
319#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
320
321/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
322 * make sure to update this constant too */
323#define SSL_MAX_DIGEST 8
324
325#define SSL3_CK_ID 0x03000000
326#define SSL3_CK_VALUE_MASK 0x0000ffff
327
328#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT)
329
330#define TLS1_PRF_DGST_SHIFT 10
331#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
332#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
333#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
334#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
335#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
336#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT)
337#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
338
339/* Stream MAC for GOST ciphersuites from cryptopro draft
340 * (currently this also goes into algorithm2) */
341#define TLS1_STREAM_MAC 0x04
342
343/*
344 * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that
345 * indicates that the variable part of the nonce is included as a prefix of
346 * the record (AES-GCM, for example, does this with an 8-byte variable nonce.)
347 */
348#define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD (1 << 22)
349
350/*
351 * SSL_CIPHER_ALGORITHM2_AEAD is an algorithm2 flag that indicates the cipher
352 * is implemented via an EVP_AEAD.
353 */
354#define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23)
355
356/*
357 * SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce
358 * for an SSL_CIPHER with the SSL_CIPHER_ALGORITHM2_AEAD flag.
359 */
360#define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \
361 (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2)
362
363/*
364 * Cipher strength information.
365 */
366#define SSL_STRONG_MASK 0x000001fcL
367#define SSL_STRONG_NONE 0x00000004L
368#define SSL_LOW 0x00000020L
369#define SSL_MEDIUM 0x00000040L
370#define SSL_HIGH 0x00000080L
371
372/*
373 * The keylength (measured in RSA key bits, I guess) for temporary keys.
374 * Cipher argument is so that this can be variable in the future.
375 */
376#define SSL_C_PKEYLENGTH(c) 1024
377
378/* Check if an SSL structure is using DTLS. */
379#define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
380
381/* See if we need explicit IV. */
382#define SSL_USE_EXPLICIT_IV(s) \
383 (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
384
385/* See if we use signature algorithms extension. */
386#define SSL_USE_SIGALGS(s) \
387 (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
388
389/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
390#define SSL_USE_TLS1_2_CIPHERS(s) \
391 (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
392
393/* Mostly for SSLv3 */
394#define SSL_PKEY_RSA_ENC 0
395#define SSL_PKEY_RSA_SIGN 1
396#define SSL_PKEY_DSA_SIGN 2
397#define SSL_PKEY_DH_RSA 3
398#define SSL_PKEY_DH_DSA 4
399#define SSL_PKEY_ECC 5
400#define SSL_PKEY_GOST01 6
401#define SSL_PKEY_NUM 7
402
403/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
404 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
405 * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
406 * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
407 * SSL_aRSA <- RSA_ENC | RSA_SIGN
408 * SSL_aDSS <- DSA_SIGN
409 */
410
411/*
412#define CERT_INVALID 0
413#define CERT_PUBLIC_KEY 1
414#define CERT_PRIVATE_KEY 2
415*/
416
417/* From ECC-TLS draft, used in encoding the curve type in
418 * ECParameters
419 */
420#define EXPLICIT_PRIME_CURVE_TYPE 1
421#define EXPLICIT_CHAR2_CURVE_TYPE 2
422#define NAMED_CURVE_TYPE 3
423
424typedef struct cert_pkey_st {
425 X509 *x509;
426 EVP_PKEY *privatekey;
427 /* Digest to use when signing */
428 const EVP_MD *digest;
429} CERT_PKEY;
430
431typedef struct cert_st {
432 /* Current active set */
433 CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
434 * Probably it would make more sense to store
435 * an index, not a pointer. */
436
437 /* The following masks are for the key and auth
438 * algorithms that are supported by the certs below */
439 int valid;
440 unsigned long mask_k;
441 unsigned long mask_a;
442
443 DH *dh_tmp;
444 DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
445 int dh_tmp_auto;
446
447 EC_KEY *ecdh_tmp;
448 EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
449 int ecdh_tmp_auto;
450
451 CERT_PKEY pkeys[SSL_PKEY_NUM];
452
453 int references; /* >1 only if SSL_copy_session_id is used */
454} CERT;
455
456
457typedef struct sess_cert_st {
458 STACK_OF(X509) *cert_chain; /* as received from peer */
459
460 /* The 'peer_...' members are used only by clients. */
461 int peer_cert_type;
462
463 CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
464 CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
465 /* Obviously we don't have the private keys of these,
466 * so maybe we shouldn't even use the CERT_PKEY type here. */
467
468 DH *peer_dh_tmp;
469 EC_KEY *peer_ecdh_tmp;
470
471 int references; /* actually always 1 at the moment */
472} SESS_CERT;
473
474
475/*#define SSL_DEBUG */
476/*#define RSA_DEBUG */
477
478/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
479 * It is a bit of a mess of functions, but hell, think of it as
480 * an opaque structure :-) */
481typedef struct ssl3_enc_method {
482 int (*enc)(SSL *, int);
483 int (*mac)(SSL *, unsigned char *, int);
484 int (*setup_key_block)(SSL *);
485 int (*generate_master_secret)(SSL *, unsigned char *,
486 unsigned char *, int);
487 int (*change_cipher_state)(SSL *, int);
488 int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
489 int finish_mac_length;
490 int (*cert_verify_mac)(SSL *, int, unsigned char *);
491 const char *client_finished_label;
492 int client_finished_label_len;
493 const char *server_finished_label;
494 int server_finished_label_len;
495 int (*alert_value)(int);
496 int (*export_keying_material)(SSL *, unsigned char *, size_t,
497 const char *, size_t, const unsigned char *, size_t,
498 int use_context);
499 /* Flags indicating protocol version requirements. */
500 unsigned int enc_flags;
501} SSL3_ENC_METHOD;
502
503/*
504 * Flag values for enc_flags.
505 */
506
507/* Uses explicit IV. */
508#define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0)
509
510/* Uses signature algorithms extension. */
511#define SSL_ENC_FLAG_SIGALGS (1 << 1)
512
513/* Uses SHA256 default PRF. */
514#define SSL_ENC_FLAG_SHA256_PRF (1 << 2)
515
516/* Is DTLS. */
517#define SSL_ENC_FLAG_DTLS (1 << 3)
518
519/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
520#define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4)
521
522/*
523 * ssl_aead_ctx_st contains information about an AEAD that is being used to
524 * encrypt an SSL connection.
525 */
526struct ssl_aead_ctx_st {
527 EVP_AEAD_CTX ctx;
528 /*
529 * fixed_nonce contains any bytes of the nonce that are fixed for all
530 * records.
531 */
532 unsigned char fixed_nonce[8];
533 unsigned char fixed_nonce_len;
534 unsigned char variable_nonce_len;
535 unsigned char tag_len;
536 /*
537 * variable_nonce_in_record is non-zero if the variable nonce
538 * for a record is included as a prefix before the ciphertext.
539 */
540 char variable_nonce_in_record;
541};
542
543extern SSL3_ENC_METHOD ssl3_undef_enc_method;
544extern SSL_CIPHER ssl3_ciphers[];
545
546SSL_METHOD *ssl_bad_method(int ver);
547const char *ssl_version_string(int ver);
548uint16_t ssl_max_server_version(SSL *s);
549
550extern SSL3_ENC_METHOD TLSv1_enc_data;
551extern SSL3_ENC_METHOD TLSv1_1_enc_data;
552extern SSL3_ENC_METHOD TLSv1_2_enc_data;
553extern SSL3_ENC_METHOD SSLv3_enc_data;
554extern SSL3_ENC_METHOD DTLSv1_enc_data;
555
556void ssl_clear_cipher_ctx(SSL *s);
557int ssl_clear_bad_session(SSL *s);
558CERT *ssl_cert_new(void);
559CERT *ssl_cert_dup(CERT *cert);
560int ssl_cert_inst(CERT **o);
561void ssl_cert_free(CERT *c);
562SESS_CERT *ssl_sess_cert_new(void);
563void ssl_sess_cert_free(SESS_CERT *sc);
564int ssl_set_peer_cert_type(SESS_CERT *c, int type);
565int ssl_get_new_session(SSL *s, int session);
566int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
567 const unsigned char *limit);
568int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
569DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
570int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
571 const SSL_CIPHER * const *bp);
572STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p,
573 int num);
574int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
575 unsigned char *p);
576STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
577 STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
578 const char *rule_str);
579void ssl_update_cache(SSL *s, int mode);
580int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
581 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
582int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead);
583int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
584
585int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
586int ssl_undefined_function(SSL *s);
587int ssl_undefined_void_function(void);
588int ssl_undefined_const_function(const SSL *s);
589CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
590X509 *ssl_get_server_send_cert(const SSL *);
591EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
592DH *ssl_get_auto_dh(SSL *s);
593int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
594void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
595STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
596int ssl_verify_alarm_type(long type);
597void ssl_load_ciphers(void);
598
599const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
600int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
601int ssl3_init_finished_mac(SSL *s);
602int ssl3_send_server_certificate(SSL *s);
603int ssl3_send_newsession_ticket(SSL *s);
604int ssl3_send_cert_status(SSL *s);
605int ssl3_get_finished(SSL *s, int state_a, int state_b);
606int ssl3_setup_key_block(SSL *s);
607int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
608int ssl3_change_cipher_state(SSL *s, int which);
609void ssl3_cleanup_key_block(SSL *s);
610int ssl3_do_write(SSL *s, int type);
611int ssl3_send_alert(SSL *s, int level, int desc);
612int ssl3_generate_master_secret(SSL *s, unsigned char *out,
613 unsigned char *p, int len);
614int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
615long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
616int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
617int ssl3_num_ciphers(void);
618const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
619const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
620const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
621uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c);
622int ssl3_renegotiate(SSL *ssl);
623
624int ssl3_renegotiate_check(SSL *ssl);
625
626int ssl3_dispatch_alert(SSL *s);
627int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
628int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
629int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
630 unsigned char *p);
631int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
632void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
633int ssl3_enc(SSL *s, int send_data);
634int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
635void ssl3_free_digest_list(SSL *s);
636unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
637SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
638 STACK_OF(SSL_CIPHER) *srvr);
639int ssl3_setup_buffers(SSL *s);
640int ssl3_setup_init_buffer(SSL *s);
641int ssl3_setup_read_buffer(SSL *s);
642int ssl3_setup_write_buffer(SSL *s);
643int ssl3_release_read_buffer(SSL *s);
644int ssl3_release_write_buffer(SSL *s);
645int ssl3_digest_cached_records(SSL *s);
646int ssl3_new(SSL *s);
647void ssl3_free(SSL *s);
648int ssl3_accept(SSL *s);
649int ssl3_connect(SSL *s);
650int ssl3_read(SSL *s, void *buf, int len);
651int ssl3_peek(SSL *s, void *buf, int len);
652int ssl3_write(SSL *s, const void *buf, int len);
653int ssl3_shutdown(SSL *s);
654void ssl3_clear(SSL *s);
655long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
656long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
657long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
658long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
659int ssl3_pending(const SSL *s);
660
661unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype);
662void ssl3_handshake_msg_finish(SSL *s, unsigned int len);
663int ssl3_handshake_write(SSL *s);
664
665void ssl3_record_sequence_increment(unsigned char *seq);
666int ssl3_do_change_cipher_spec(SSL *ssl);
667long ssl3_default_timeout(void);
668
669int ssl23_read(SSL *s, void *buf, int len);
670int ssl23_peek(SSL *s, void *buf, int len);
671int ssl23_write(SSL *s, const void *buf, int len);
672long ssl23_default_timeout(void);
673
674long tls1_default_timeout(void);
675int dtls1_do_write(SSL *s, int type);
676int ssl3_read_n(SSL *s, int n, int max, int extend);
677int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
678int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
679 unsigned int len);
680unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
681 unsigned char mt, unsigned long len, unsigned long frag_off,
682 unsigned long frag_len);
683
684int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
685int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
686
687int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
688int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
689unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
690int dtls1_read_failed(SSL *s, int code);
691int dtls1_buffer_message(SSL *s, int ccs);
692int dtls1_retransmit_message(SSL *s, unsigned short seq,
693 unsigned long frag_off, int *found);
694int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
695int dtls1_retransmit_buffered_messages(SSL *s);
696void dtls1_clear_record_buffer(SSL *s);
697int dtls1_get_message_header(unsigned char *data,
698 struct hm_header_st *msg_hdr);
699void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
700void dtls1_reset_seq_numbers(SSL *s, int rw);
701void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
702 unsigned short epoch);
703long dtls1_default_timeout(void);
704struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
705int dtls1_check_timeout_num(SSL *s);
706int dtls1_handle_timeout(SSL *s);
707const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
708void dtls1_start_timer(SSL *s);
709void dtls1_stop_timer(SSL *s);
710int dtls1_is_timer_expired(SSL *s);
711void dtls1_double_timeout(SSL *s);
712int dtls1_send_newsession_ticket(SSL *s);
713unsigned int dtls1_min_mtu(void);
714
715/* some client-only functions */
716int ssl3_client_hello(SSL *s);
717int ssl3_get_server_hello(SSL *s);
718int ssl3_get_certificate_request(SSL *s);
719int ssl3_get_new_session_ticket(SSL *s);
720int ssl3_get_cert_status(SSL *s);
721int ssl3_get_server_done(SSL *s);
722int ssl3_send_client_verify(SSL *s);
723int ssl3_send_client_certificate(SSL *s);
724int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
725int ssl3_send_client_key_exchange(SSL *s);
726int ssl3_get_key_exchange(SSL *s);
727int ssl3_get_server_certificate(SSL *s);
728int ssl3_check_cert_and_algorithm(SSL *s);
729int ssl3_check_finished(SSL *s);
730int ssl3_send_next_proto(SSL *s);
731
732int dtls1_client_hello(SSL *s);
733int dtls1_send_client_certificate(SSL *s);
734int dtls1_send_client_key_exchange(SSL *s);
735int dtls1_send_client_verify(SSL *s);
736
737/* some server-only functions */
738int ssl3_get_client_hello(SSL *s);
739int ssl3_send_server_hello(SSL *s);
740int ssl3_send_hello_request(SSL *s);
741int ssl3_send_server_key_exchange(SSL *s);
742int ssl3_send_certificate_request(SSL *s);
743int ssl3_send_server_done(SSL *s);
744int ssl3_get_client_certificate(SSL *s);
745int ssl3_get_client_key_exchange(SSL *s);
746int ssl3_get_cert_verify(SSL *s);
747int ssl3_get_next_proto(SSL *s);
748
749int dtls1_send_hello_request(SSL *s);
750int dtls1_send_server_hello(SSL *s);
751int dtls1_send_server_certificate(SSL *s);
752int dtls1_send_server_key_exchange(SSL *s);
753int dtls1_send_certificate_request(SSL *s);
754int dtls1_send_server_done(SSL *s);
755
756int ssl23_accept(SSL *s);
757int ssl23_connect(SSL *s);
758int ssl23_read_bytes(SSL *s, int n);
759int ssl23_write_bytes(SSL *s);
760int tls_any_accept(SSL *s);
761int tls_any_connect(SSL *s);
762
763int tls1_new(SSL *s);
764void tls1_free(SSL *s);
765void tls1_clear(SSL *s);
766long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
767long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
768
769int dtls1_new(SSL *s);
770int dtls1_accept(SSL *s);
771int dtls1_connect(SSL *s);
772void dtls1_free(SSL *s);
773void dtls1_clear(SSL *s);
774long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
775int dtls1_shutdown(SSL *s);
776
777long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
778int dtls1_get_record(SSL *s);
779int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
780 unsigned int len);
781int dtls1_dispatch_alert(SSL *s);
782int dtls1_enc(SSL *s, int snd);
783
784int ssl_init_wbio_buffer(SSL *s, int push);
785void ssl_free_wbio_buffer(SSL *s);
786
787int tls1_change_cipher_state(SSL *s, int which);
788int tls1_setup_key_block(SSL *s);
789int tls1_enc(SSL *s, int snd);
790int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
791int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
792int tls1_mac(SSL *ssl, unsigned char *md, int snd);
793int tls1_generate_master_secret(SSL *s, unsigned char *out,
794 unsigned char *p, int len);
795int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
796 const char *label, size_t llen, const unsigned char *p, size_t plen,
797 int use_context);
798int tls1_alert_code(int code);
799int ssl3_alert_code(int code);
800int ssl_ok(SSL *s);
801
802int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
803
804SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
805
806int tls1_ec_curve_id2nid(uint16_t curve_id);
807uint16_t tls1_ec_nid2curve_id(int nid);
808int tls1_check_curve(SSL *s, const unsigned char *p, size_t len);
809int tls1_get_shared_curve(SSL *s);
810
811unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
812 unsigned char *limit);
813
814unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
815 unsigned char *limit);
816
817int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
818 unsigned char *d, int n, int *al);
819int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
820 unsigned char *d, int n, int *al);
821int ssl_prepare_clienthello_tlsext(SSL *s);
822int ssl_prepare_serverhello_tlsext(SSL *s);
823int ssl_check_clienthello_tlsext_early(SSL *s);
824int ssl_check_clienthello_tlsext_late(SSL *s);
825int ssl_check_serverhello_tlsext(SSL *s);
826
827#define tlsext_tick_md EVP_sha256
828int tls1_process_ticket(SSL *s, const unsigned char *session_id, int len,
829 const unsigned char *limit, SSL_SESSION **ret);
830int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
831 const EVP_MD *md);
832int tls12_get_sigid(const EVP_PKEY *pk);
833const EVP_MD *tls12_get_hash(unsigned char hash_alg);
834
835EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
836void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
837int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
838 int *len, int maxlen);
839int ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d,
840 int len, int *al);
841int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
842 int *len, int maxlen);
843int ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d,
844 int len, int *al);
845long ssl_get_algorithm2(SSL *s);
846int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
847int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
848
849int tls1_check_ec_server_key(SSL *s);
850int tls1_check_ec_tmp_key(SSL *s);
851
852int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
853 int *len, int maxlen);
854int ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d,
855 int len, int *al);
856int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
857 int *len, int maxlen);
858int ssl_parse_serverhello_use_srtp_ext(SSL *s, const unsigned char *d,
859 int len, int *al);
860
861/* s3_cbc.c */
862void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
863 unsigned md_size, unsigned orig_len);
864int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
865 unsigned block_size, unsigned mac_size);
866int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
867 unsigned block_size, unsigned mac_size);
868char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
869int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
870 size_t *md_out_size, const unsigned char header[13],
871 const unsigned char *data, size_t data_plus_mac_size,
872 size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
873 unsigned mac_secret_length, char is_sslv3);
874
875#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 039bee7952..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,755 +0,0 @@
1/* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include "ssl_locl.h"
62
63#include <openssl/bio.h>
64#include <openssl/evp.h>
65#include <openssl/objects.h>
66#include <openssl/pem.h>
67#include <openssl/x509.h>
68
69static int ssl_set_cert(CERT *c, X509 *x509);
70static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
71static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *);
72
73int
74SSL_use_certificate(SSL *ssl, X509 *x)
75{
76 if (x == NULL) {
77 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
78 return (0);
79 }
80 if (!ssl_cert_inst(&ssl->cert)) {
81 SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
82 return (0);
83 }
84 return (ssl_set_cert(ssl->cert, x));
85}
86
87int
88SSL_use_certificate_file(SSL *ssl, const char *file, int type)
89{
90 int j;
91 BIO *in;
92 int ret = 0;
93 X509 *x = NULL;
94
95 in = BIO_new(BIO_s_file_internal());
96 if (in == NULL) {
97 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
98 goto end;
99 }
100
101 if (BIO_read_filename(in, file) <= 0) {
102 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
103 goto end;
104 }
105 if (type == SSL_FILETYPE_ASN1) {
106 j = ERR_R_ASN1_LIB;
107 x = d2i_X509_bio(in, NULL);
108 } else if (type == SSL_FILETYPE_PEM) {
109 j = ERR_R_PEM_LIB;
110 x = PEM_read_bio_X509(in, NULL,
111 ssl->ctx->default_passwd_callback,
112 ssl->ctx->default_passwd_callback_userdata);
113 } else {
114 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
115 goto end;
116 }
117
118 if (x == NULL) {
119 SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
120 goto end;
121 }
122
123 ret = SSL_use_certificate(ssl, x);
124end:
125 if (x != NULL)
126 X509_free(x);
127 BIO_free(in);
128 return (ret);
129}
130
131int
132SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
133{
134 X509 *x;
135 int ret;
136
137 x = d2i_X509(NULL, &d,(long)len);
138 if (x == NULL) {
139 SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
140 return (0);
141 }
142
143 ret = SSL_use_certificate(ssl, x);
144 X509_free(x);
145 return (ret);
146}
147
148int
149SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
150{
151 EVP_PKEY *pkey;
152 int ret;
153
154 if (rsa == NULL) {
155 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
156 return (0);
157 }
158 if (!ssl_cert_inst(&ssl->cert)) {
159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
160 return (0);
161 }
162 if ((pkey = EVP_PKEY_new()) == NULL) {
163 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
164 return (0);
165 }
166
167 RSA_up_ref(rsa);
168 EVP_PKEY_assign_RSA(pkey, rsa);
169
170 ret = ssl_set_pkey(ssl->cert, pkey);
171 EVP_PKEY_free(pkey);
172 return (ret);
173}
174
175static int
176ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
177{
178 int i;
179
180 i = ssl_cert_type(NULL, pkey);
181 if (i < 0) {
182 SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
183 return (0);
184 }
185
186 if (c->pkeys[i].x509 != NULL) {
187 EVP_PKEY *pktmp;
188 pktmp = X509_get_pubkey(c->pkeys[i].x509);
189 EVP_PKEY_copy_parameters(pktmp, pkey);
190 EVP_PKEY_free(pktmp);
191 ERR_clear_error();
192
193 /*
194 * Don't check the public/private key, this is mostly
195 * for smart cards.
196 */
197 if ((pkey->type == EVP_PKEY_RSA) &&
198 (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
199;
200 else
201 if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
202 X509_free(c->pkeys[i].x509);
203 c->pkeys[i].x509 = NULL;
204 return 0;
205 }
206 }
207
208 EVP_PKEY_free(c->pkeys[i].privatekey);
209 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
210 c->pkeys[i].privatekey = pkey;
211 c->key = &(c->pkeys[i]);
212
213 c->valid = 0;
214 return (1);
215}
216
217int
218SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
219{
220 int j, ret = 0;
221 BIO *in;
222 RSA *rsa = NULL;
223
224 in = BIO_new(BIO_s_file_internal());
225 if (in == NULL) {
226 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
227 goto end;
228 }
229
230 if (BIO_read_filename(in, file) <= 0) {
231 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
232 goto end;
233 }
234 if (type == SSL_FILETYPE_ASN1) {
235 j = ERR_R_ASN1_LIB;
236 rsa = d2i_RSAPrivateKey_bio(in, NULL);
237 } else if (type == SSL_FILETYPE_PEM) {
238 j = ERR_R_PEM_LIB;
239 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
240 ssl->ctx->default_passwd_callback,
241 ssl->ctx->default_passwd_callback_userdata);
242 } else {
243 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
244 goto end;
245 }
246 if (rsa == NULL) {
247 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
248 goto end;
249 }
250 ret = SSL_use_RSAPrivateKey(ssl, rsa);
251 RSA_free(rsa);
252end:
253 BIO_free(in);
254 return (ret);
255}
256
257int
258SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
259{
260 int ret;
261 const unsigned char *p;
262 RSA *rsa;
263
264 p = d;
265 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
266 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
267 return (0);
268 }
269
270 ret = SSL_use_RSAPrivateKey(ssl, rsa);
271 RSA_free(rsa);
272 return (ret);
273}
274
275int
276SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
277{
278 int ret;
279
280 if (pkey == NULL) {
281 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
282 return (0);
283 }
284 if (!ssl_cert_inst(&ssl->cert)) {
285 SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
286 return (0);
287 }
288 ret = ssl_set_pkey(ssl->cert, pkey);
289 return (ret);
290}
291
292int
293SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
294{
295 int j, ret = 0;
296 BIO *in;
297 EVP_PKEY *pkey = NULL;
298
299 in = BIO_new(BIO_s_file_internal());
300 if (in == NULL) {
301 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
302 goto end;
303 }
304
305 if (BIO_read_filename(in, file) <= 0) {
306 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
307 goto end;
308 }
309 if (type == SSL_FILETYPE_PEM) {
310 j = ERR_R_PEM_LIB;
311 pkey = PEM_read_bio_PrivateKey(in, NULL,
312 ssl->ctx->default_passwd_callback,
313 ssl->ctx->default_passwd_callback_userdata);
314 } else if (type == SSL_FILETYPE_ASN1) {
315 j = ERR_R_ASN1_LIB;
316 pkey = d2i_PrivateKey_bio(in, NULL);
317 } else {
318 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
319 goto end;
320 }
321 if (pkey == NULL) {
322 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
323 goto end;
324 }
325 ret = SSL_use_PrivateKey(ssl, pkey);
326 EVP_PKEY_free(pkey);
327end:
328 BIO_free(in);
329 return (ret);
330}
331
332int
333SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
334{
335 int ret;
336 const unsigned char *p;
337 EVP_PKEY *pkey;
338
339 p = d;
340 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
341 SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
342 return (0);
343 }
344
345 ret = SSL_use_PrivateKey(ssl, pkey);
346 EVP_PKEY_free(pkey);
347 return (ret);
348}
349
350int
351SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
352{
353 if (x == NULL) {
354 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
355 return (0);
356 }
357 if (!ssl_cert_inst(&ctx->cert)) {
358 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
359 return (0);
360 }
361 return (ssl_set_cert(ctx->cert, x));
362}
363
364static int
365ssl_set_cert(CERT *c, X509 *x)
366{
367 EVP_PKEY *pkey;
368 int i;
369
370 pkey = X509_get_pubkey(x);
371 if (pkey == NULL) {
372 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
373 return (0);
374 }
375
376 i = ssl_cert_type(x, pkey);
377 if (i < 0) {
378 SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
379 EVP_PKEY_free(pkey);
380 return (0);
381 }
382
383 if (c->pkeys[i].privatekey != NULL) {
384 EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
385 ERR_clear_error();
386
387 /*
388 * Don't check the public/private key, this is mostly
389 * for smart cards.
390 */
391 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
392 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
393 RSA_METHOD_FLAG_NO_CHECK))
394;
395 else
396 if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
397 /*
398 * don't fail for a cert/key mismatch, just free
399 * current private key (when switching to a different
400 * cert & key, first this function should be used,
401 * then ssl_set_pkey
402 */
403 EVP_PKEY_free(c->pkeys[i].privatekey);
404 c->pkeys[i].privatekey = NULL;
405 /* clear error queue */
406 ERR_clear_error();
407 }
408 }
409
410 EVP_PKEY_free(pkey);
411
412 if (c->pkeys[i].x509 != NULL)
413 X509_free(c->pkeys[i].x509);
414 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
415 c->pkeys[i].x509 = x;
416 c->key = &(c->pkeys[i]);
417
418 c->valid = 0;
419 return (1);
420}
421
422int
423SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
424{
425 int j;
426 BIO *in;
427 int ret = 0;
428 X509 *x = NULL;
429
430 in = BIO_new(BIO_s_file_internal());
431 if (in == NULL) {
432 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
433 goto end;
434 }
435
436 if (BIO_read_filename(in, file) <= 0) {
437 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
438 goto end;
439 }
440 if (type == SSL_FILETYPE_ASN1) {
441 j = ERR_R_ASN1_LIB;
442 x = d2i_X509_bio(in, NULL);
443 } else if (type == SSL_FILETYPE_PEM) {
444 j = ERR_R_PEM_LIB;
445 x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
446 ctx->default_passwd_callback_userdata);
447 } else {
448 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
449 goto end;
450 }
451
452 if (x == NULL) {
453 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
454 goto end;
455 }
456
457 ret = SSL_CTX_use_certificate(ctx, x);
458end:
459 if (x != NULL)
460 X509_free(x);
461 BIO_free(in);
462 return (ret);
463}
464
465int
466SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
467{
468 X509 *x;
469 int ret;
470
471 x = d2i_X509(NULL, &d,(long)len);
472 if (x == NULL) {
473 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
474 return (0);
475 }
476
477 ret = SSL_CTX_use_certificate(ctx, x);
478 X509_free(x);
479 return (ret);
480}
481
482int
483SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
484{
485 int ret;
486 EVP_PKEY *pkey;
487
488 if (rsa == NULL) {
489 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
490 return (0);
491 }
492 if (!ssl_cert_inst(&ctx->cert)) {
493 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
494 return (0);
495 }
496 if ((pkey = EVP_PKEY_new()) == NULL) {
497 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
498 return (0);
499 }
500
501 RSA_up_ref(rsa);
502 EVP_PKEY_assign_RSA(pkey, rsa);
503
504 ret = ssl_set_pkey(ctx->cert, pkey);
505 EVP_PKEY_free(pkey);
506 return (ret);
507}
508
509int
510SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
511{
512 int j, ret = 0;
513 BIO *in;
514 RSA *rsa = NULL;
515
516 in = BIO_new(BIO_s_file_internal());
517 if (in == NULL) {
518 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
519 goto end;
520 }
521
522 if (BIO_read_filename(in, file) <= 0) {
523 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
524 goto end;
525 }
526 if (type == SSL_FILETYPE_ASN1) {
527 j = ERR_R_ASN1_LIB;
528 rsa = d2i_RSAPrivateKey_bio(in, NULL);
529 } else if (type == SSL_FILETYPE_PEM) {
530 j = ERR_R_PEM_LIB;
531 rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
532 ctx->default_passwd_callback,
533 ctx->default_passwd_callback_userdata);
534 } else {
535 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
536 goto end;
537 }
538 if (rsa == NULL) {
539 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
540 goto end;
541 }
542 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
543 RSA_free(rsa);
544end:
545 BIO_free(in);
546 return (ret);
547}
548
549int
550SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
551{
552 int ret;
553 const unsigned char *p;
554 RSA *rsa;
555
556 p = d;
557 if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) {
558 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
559 return (0);
560 }
561
562 ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
563 RSA_free(rsa);
564 return (ret);
565}
566
567int
568SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
569{
570 if (pkey == NULL) {
571 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,
572 ERR_R_PASSED_NULL_PARAMETER);
573 return (0);
574 }
575 if (!ssl_cert_inst(&ctx->cert)) {
576 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
577 return (0);
578 }
579 return (ssl_set_pkey(ctx->cert, pkey));
580}
581
582int
583SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
584{
585 int j, ret = 0;
586 BIO *in;
587 EVP_PKEY *pkey = NULL;
588
589 in = BIO_new(BIO_s_file_internal());
590 if (in == NULL) {
591 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
592 goto end;
593 }
594
595 if (BIO_read_filename(in, file) <= 0) {
596 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
597 goto end;
598 }
599 if (type == SSL_FILETYPE_PEM) {
600 j = ERR_R_PEM_LIB;
601 pkey = PEM_read_bio_PrivateKey(in, NULL,
602 ctx->default_passwd_callback,
603 ctx->default_passwd_callback_userdata);
604 } else if (type == SSL_FILETYPE_ASN1) {
605 j = ERR_R_ASN1_LIB;
606 pkey = d2i_PrivateKey_bio(in, NULL);
607 } else {
608 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,
609 SSL_R_BAD_SSL_FILETYPE);
610 goto end;
611 }
612 if (pkey == NULL) {
613 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
614 goto end;
615 }
616 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
617 EVP_PKEY_free(pkey);
618end:
619 BIO_free(in);
620 return (ret);
621}
622
623int
624SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
625 long len)
626{
627 int ret;
628 const unsigned char *p;
629 EVP_PKEY *pkey;
630
631 p = d;
632 if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) {
633 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
634 return (0);
635 }
636
637 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
638 EVP_PKEY_free(pkey);
639 return (ret);
640}
641
642
643/*
644 * Read a bio that contains our certificate in "PEM" format,
645 * possibly followed by a sequence of CA certificates that should be
646 * sent to the peer in the Certificate message.
647 */
648static int
649ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
650{
651 int ret = 0;
652 X509 *x = NULL;
653
654 ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
655
656 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
657 ctx->default_passwd_callback_userdata);
658 if (x == NULL) {
659 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
660 goto end;
661 }
662
663 ret = SSL_CTX_use_certificate(ctx, x);
664
665 if (ERR_peek_error() != 0)
666 ret = 0;
667 /* Key/certificate mismatch doesn't imply ret==0 ... */
668 if (ret) {
669 /*
670 * If we could set up our certificate, now proceed to
671 * the CA certificates.
672 */
673 X509 *ca;
674 int r;
675 unsigned long err;
676
677 if (ctx->extra_certs != NULL) {
678 sk_X509_pop_free(ctx->extra_certs, X509_free);
679 ctx->extra_certs = NULL;
680 }
681
682 while ((ca = PEM_read_bio_X509(in, NULL,
683 ctx->default_passwd_callback,
684 ctx->default_passwd_callback_userdata)) != NULL) {
685 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
686 if (!r) {
687 X509_free(ca);
688 ret = 0;
689 goto end;
690 }
691 /*
692 * Note that we must not free r if it was successfully
693 * added to the chain (while we must free the main
694 * certificate, since its reference count is increased
695 * by SSL_CTX_use_certificate).
696 */
697 }
698
699 /* When the while loop ends, it's usually just EOF. */
700 err = ERR_peek_last_error();
701 if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
702 ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
703 ERR_clear_error();
704 else
705 ret = 0; /* some real error */
706 }
707
708end:
709 if (x != NULL)
710 X509_free(x);
711 return (ret);
712}
713
714int
715SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
716{
717 BIO *in;
718 int ret = 0;
719
720 in = BIO_new(BIO_s_file_internal());
721 if (in == NULL) {
722 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
723 goto end;
724 }
725
726 if (BIO_read_filename(in, file) <= 0) {
727 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
728 goto end;
729 }
730
731 ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
732
733end:
734 BIO_free(in);
735 return (ret);
736}
737
738int
739SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
740{
741 BIO *in;
742 int ret = 0;
743
744 in = BIO_new_mem_buf(buf, len);
745 if (in == NULL) {
746 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
747 goto end;
748 }
749
750 ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
751
752end:
753 BIO_free(in);
754 return (ret);
755}
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index ef5b9be56d..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,1102 +0,0 @@
1/* $OpenBSD: ssl_sess.c,v 1.45 2015/07/21 03:34:38 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <openssl/lhash.h>
139
140#ifndef OPENSSL_NO_ENGINE
141#include <openssl/engine.h>
142#endif
143
144#include "ssl_locl.h"
145
146static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
147static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
148static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
149
150/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
151SSL_SESSION *
152SSL_get_session(const SSL *ssl)
153{
154 return (ssl->session);
155}
156
157/* variant of SSL_get_session: caller really gets something */
158SSL_SESSION *
159SSL_get1_session(SSL *ssl)
160{
161 SSL_SESSION *sess;
162
163 /*
164 * Need to lock this all up rather than just use CRYPTO_add so that
165 * somebody doesn't free ssl->session between when we check it's
166 * non-null and when we up the reference count.
167 */
168 CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
169 sess = ssl->session;
170 if (sess)
171 sess->references++;
172 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
173
174 return (sess);
175}
176
177int
178SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
179 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
180{
181 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
182 argl, argp, new_func, dup_func, free_func);
183}
184
185int
186SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
187{
188 return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
189}
190
191void *
192SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
193{
194 return (CRYPTO_get_ex_data(&s->ex_data, idx));
195}
196
197SSL_SESSION *
198SSL_SESSION_new(void)
199{
200 SSL_SESSION *ss;
201
202 ss = calloc(1, sizeof(SSL_SESSION));
203 if (ss == NULL) {
204 SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
205 return (0);
206 }
207
208 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
209 ss->references = 1;
210 ss->timeout=60*5+4; /* 5 minute timeout by default */
211 ss->time = time(NULL);
212 ss->prev = NULL;
213 ss->next = NULL;
214 ss->tlsext_hostname = NULL;
215
216 ss->tlsext_ecpointformatlist_length = 0;
217 ss->tlsext_ecpointformatlist = NULL;
218 ss->tlsext_ellipticcurvelist_length = 0;
219 ss->tlsext_ellipticcurvelist = NULL;
220
221 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
222
223 return (ss);
224}
225
226const unsigned char *
227SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
228{
229 if (len)
230 *len = s->session_id_length;
231 return s->session_id;
232}
233
234unsigned int
235SSL_SESSION_get_compress_id(const SSL_SESSION *s)
236{
237 return 0;
238}
239
240/*
241 * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
242 * the ID with random gunk repeatedly until we have no conflict is going to
243 * complete in one iteration pretty much "most" of the time (btw:
244 * understatement). So, if it takes us 10 iterations and we still can't avoid
245 * a conflict - well that's a reasonable point to call it quits. Either the
246 * arc4random code is broken or someone is trying to open roughly very close to
247 * 2^128 (or 2^256) SSL sessions to our server. How you might store that many
248 * sessions is perhaps a more interesting question...
249 */
250
251#define MAX_SESS_ID_ATTEMPTS 10
252
253static int
254def_generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)
255{
256 unsigned int retry = 0;
257
258 do {
259 arc4random_buf(id, *id_len);
260 } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
261 (++retry < MAX_SESS_ID_ATTEMPTS));
262
263 if (retry < MAX_SESS_ID_ATTEMPTS)
264 return 1;
265
266 /* else - woops a session_id match */
267 /* XXX We should also check the external cache --
268 * but the probability of a collision is negligible, and
269 * we could not prevent the concurrent creation of sessions
270 * with identical IDs since we currently don't have means
271 * to atomically check whether a session ID already exists
272 * and make a reservation for it if it does not
273 * (this problem applies to the internal cache as well).
274 */
275 return 0;
276}
277
278int
279ssl_get_new_session(SSL *s, int session)
280{
281 unsigned int tmp;
282 SSL_SESSION *ss = NULL;
283 GEN_SESSION_CB cb = def_generate_session_id;
284
285 /* This gets used by clients and servers. */
286
287 if ((ss = SSL_SESSION_new()) == NULL)
288 return (0);
289
290 /* If the context has a default timeout, use it */
291 if (s->session_ctx->session_timeout == 0)
292 ss->timeout = SSL_get_default_timeout(s);
293 else
294 ss->timeout = s->session_ctx->session_timeout;
295
296 if (s->session != NULL) {
297 SSL_SESSION_free(s->session);
298 s->session = NULL;
299 }
300
301 if (session) {
302 switch (s->version) {
303 case SSL3_VERSION:
304 case TLS1_VERSION:
305 case TLS1_1_VERSION:
306 case TLS1_2_VERSION:
307 case DTLS1_BAD_VER:
308 case DTLS1_VERSION:
309 ss->ssl_version = s->version;
310 ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
311 break;
312 default:
313 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
314 SSL_R_UNSUPPORTED_SSL_VERSION);
315 SSL_SESSION_free(ss);
316 return (0);
317 }
318
319 /* If RFC4507 ticket use empty session ID. */
320 if (s->tlsext_ticket_expected) {
321 ss->session_id_length = 0;
322 goto sess_id_done;
323 }
324
325 /* Choose which callback will set the session ID. */
326 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
327 if (s->generate_session_id)
328 cb = s->generate_session_id;
329 else if (s->session_ctx->generate_session_id)
330 cb = s->session_ctx->generate_session_id;
331 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
332
333 /* Choose a session ID. */
334 tmp = ss->session_id_length;
335 if (!cb(s, ss->session_id, &tmp)) {
336 /* The callback failed */
337 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
338 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
339 SSL_SESSION_free(ss);
340 return (0);
341 }
342
343 /*
344 * Don't allow the callback to set the session length to zero.
345 * nor set it higher than it was.
346 */
347 if (!tmp || (tmp > ss->session_id_length)) {
348 /* The callback set an illegal length */
349 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
350 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
351 SSL_SESSION_free(ss);
352 return (0);
353 }
354 ss->session_id_length = tmp;
355
356 /* Finally, check for a conflict. */
357 if (SSL_has_matching_session_id(s, ss->session_id,
358 ss->session_id_length)) {
359 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
360 SSL_R_SSL_SESSION_ID_CONFLICT);
361 SSL_SESSION_free(ss);
362 return (0);
363 }
364
365sess_id_done:
366 if (s->tlsext_hostname) {
367 ss->tlsext_hostname = strdup(s->tlsext_hostname);
368 if (ss->tlsext_hostname == NULL) {
369 SSLerr(SSL_F_SSL_GET_NEW_SESSION,
370 ERR_R_INTERNAL_ERROR);
371 SSL_SESSION_free(ss);
372 return 0;
373 }
374 }
375 } else {
376 ss->session_id_length = 0;
377 }
378
379 if (s->sid_ctx_length > sizeof ss->sid_ctx) {
380 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
381 SSL_SESSION_free(ss);
382 return 0;
383 }
384
385 memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
386 ss->sid_ctx_length = s->sid_ctx_length;
387 s->session = ss;
388 ss->ssl_version = s->version;
389 ss->verify_result = X509_V_OK;
390
391 return (1);
392}
393
394/*
395 * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
396 * connection. It is only called by servers.
397 *
398 * session_id: points at the session ID in the ClientHello. This code will
399 * read past the end of this in order to parse out the session ticket
400 * extension, if any.
401 * len: the length of the session ID.
402 * limit: a pointer to the first byte after the ClientHello.
403 *
404 * Returns:
405 * -1: error
406 * 0: a session may have been found.
407 *
408 * Side effects:
409 * - If a session is found then s->session is pointed at it (after freeing
410 * an existing session if need be) and s->verify_result is set from the
411 * session.
412 * - Both for new and resumed sessions, s->tlsext_ticket_expected is set
413 * to 1 if the server should issue a new session ticket (to 0 otherwise).
414 */
415int
416ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
417 const unsigned char *limit)
418{
419 SSL_SESSION *ret = NULL;
420 int fatal = 0;
421 int try_session_cache = 1;
422 int r;
423
424 /* This is used only by servers. */
425
426 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
427 goto err;
428
429 if (len == 0)
430 try_session_cache = 0;
431
432 /* Sets s->tlsext_ticket_expected. */
433 r = tls1_process_ticket(s, session_id, len, limit, &ret);
434 switch (r) {
435 case -1: /* Error during processing */
436 fatal = 1;
437 goto err;
438 case 0: /* No ticket found */
439 case 1: /* Zero length ticket found */
440 break; /* Ok to carry on processing session id. */
441 case 2: /* Ticket found but not decrypted. */
442 case 3: /* Ticket decrypted, *ret has been set. */
443 try_session_cache = 0;
444 break;
445 default:
446 abort();
447 }
448
449 if (try_session_cache && ret == NULL &&
450 !(s->session_ctx->session_cache_mode &
451 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
452 SSL_SESSION data;
453 data.ssl_version = s->version;
454 data.session_id_length = len;
455 memcpy(data.session_id, session_id, len);
456
457 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
458 ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
459 if (ret != NULL) {
460 /* Don't allow other threads to steal it. */
461 CRYPTO_add(&ret->references, 1,
462 CRYPTO_LOCK_SSL_SESSION);
463 }
464 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
465
466 if (ret == NULL)
467 s->session_ctx->stats.sess_miss++;
468 }
469
470 if (try_session_cache && ret == NULL &&
471 s->session_ctx->get_session_cb != NULL) {
472 int copy = 1;
473
474 if ((ret = s->session_ctx->get_session_cb(s, session_id,
475 len, &copy))) {
476 s->session_ctx->stats.sess_cb_hit++;
477
478 /*
479 * Increment reference count now if the session
480 * callback asks us to do so (note that if the session
481 * structures returned by the callback are shared
482 * between threads, it must handle the reference count
483 * itself [i.e. copy == 0], or things won't be
484 * thread-safe).
485 */
486 if (copy)
487 CRYPTO_add(&ret->references, 1,
488 CRYPTO_LOCK_SSL_SESSION);
489
490 /*
491 * Add the externally cached session to the internal
492 * cache as well if and only if we are supposed to.
493 */
494 if (!(s->session_ctx->session_cache_mode &
495 SSL_SESS_CACHE_NO_INTERNAL_STORE))
496 /*
497 * The following should not return 1,
498 * otherwise, things are very strange.
499 */
500 SSL_CTX_add_session(s->session_ctx, ret);
501 }
502 }
503
504 if (ret == NULL)
505 goto err;
506
507 /* Now ret is non-NULL and we own one of its reference counts. */
508
509 if (ret->sid_ctx_length != s->sid_ctx_length ||
510 timingsafe_memcmp(ret->sid_ctx,
511 s->sid_ctx, ret->sid_ctx_length) != 0) {
512 /* We have the session requested by the client, but we don't
513 * want to use it in this context. */
514 goto err; /* treat like cache miss */
515 }
516
517 if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
518 /*
519 * We can't be sure if this session is being used out of
520 * context, which is especially important for SSL_VERIFY_PEER.
521 * The application should have used
522 * SSL[_CTX]_set_session_id_context.
523 *
524 * For this error case, we generate an error instead of treating
525 * the event like a cache miss (otherwise it would be easy for
526 * applications to effectively disable the session cache by
527 * accident without anyone noticing).
528 */
529 SSLerr(SSL_F_SSL_GET_PREV_SESSION,
530 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
531 fatal = 1;
532 goto err;
533 }
534
535 if (ret->cipher == NULL) {
536 ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id);
537 if (ret->cipher == NULL)
538 goto err;
539 }
540
541 if (ret->timeout < (time(NULL) - ret->time)) {
542 /* timeout */
543 s->session_ctx->stats.sess_timeout++;
544 if (try_session_cache) {
545 /* session was from the cache, so remove it */
546 SSL_CTX_remove_session(s->session_ctx, ret);
547 }
548 goto err;
549 }
550
551 s->session_ctx->stats.sess_hit++;
552
553 if (s->session != NULL)
554 SSL_SESSION_free(s->session);
555 s->session = ret;
556 s->verify_result = s->session->verify_result;
557 return 1;
558
559err:
560 if (ret != NULL) {
561 SSL_SESSION_free(ret);
562 if (!try_session_cache) {
563 /*
564 * The session was from a ticket, so we should
565 * issue a ticket for the new session.
566 */
567 s->tlsext_ticket_expected = 1;
568 }
569 }
570 if (fatal)
571 return -1;
572 else
573 return 0;
574}
575
576int
577SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
578{
579 int ret = 0;
580 SSL_SESSION *s;
581
582 /*
583 * Add just 1 reference count for the SSL_CTX's session cache
584 * even though it has two ways of access: each session is in a
585 * doubly linked list and an lhash.
586 */
587 CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
588
589 /*
590 * If session c is in already in cache, we take back the increment
591 * later.
592 */
593 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
594 s = lh_SSL_SESSION_insert(ctx->sessions, c);
595
596 /*
597 * s != NULL iff we already had a session with the given PID.
598 * In this case, s == c should hold (then we did not really modify
599 * ctx->sessions), or we're in trouble.
600 */
601 if (s != NULL && s != c) {
602 /* We *are* in trouble ... */
603 SSL_SESSION_list_remove(ctx, s);
604 SSL_SESSION_free(s);
605 /*
606 * ... so pretend the other session did not exist in cache
607 * (we cannot handle two SSL_SESSION structures with identical
608 * session ID in the same cache, which could happen e.g. when
609 * two threads concurrently obtain the same session from an
610 * external cache).
611 */
612 s = NULL;
613 }
614
615 /* Put at the head of the queue unless it is already in the cache */
616 if (s == NULL)
617 SSL_SESSION_list_add(ctx, c);
618
619 if (s != NULL) {
620 /*
621 * existing cache entry -- decrement previously incremented
622 * reference count because it already takes into account the
623 * cache.
624 */
625 SSL_SESSION_free(s); /* s == c */
626 ret = 0;
627 } else {
628 /*
629 * New cache entry -- remove old ones if cache has become
630 * too large.
631 */
632
633 ret = 1;
634
635 if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
636 while (SSL_CTX_sess_number(ctx) >
637 SSL_CTX_sess_get_cache_size(ctx)) {
638 if (!remove_session_lock(ctx,
639 ctx->session_cache_tail, 0))
640 break;
641 else
642 ctx->stats.sess_cache_full++;
643 }
644 }
645 }
646 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
647 return (ret);
648}
649
650int
651SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
652{
653 return remove_session_lock(ctx, c, 1);
654}
655
656static int
657remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
658{
659 SSL_SESSION *r;
660 int ret = 0;
661
662 if ((c != NULL) && (c->session_id_length != 0)) {
663 if (lck)
664 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
665 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
666 ret = 1;
667 r = lh_SSL_SESSION_delete(ctx->sessions, c);
668 SSL_SESSION_list_remove(ctx, c);
669 }
670 if (lck)
671 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
672
673 if (ret) {
674 r->not_resumable = 1;
675 if (ctx->remove_session_cb != NULL)
676 ctx->remove_session_cb(ctx, r);
677 SSL_SESSION_free(r);
678 }
679 } else
680 ret = 0;
681 return (ret);
682}
683
684void
685SSL_SESSION_free(SSL_SESSION *ss)
686{
687 int i;
688
689 if (ss == NULL)
690 return;
691
692 i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
693 if (i > 0)
694 return;
695
696 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
697
698 OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
699 OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
700 if (ss->sess_cert != NULL)
701 ssl_sess_cert_free(ss->sess_cert);
702 if (ss->peer != NULL)
703 X509_free(ss->peer);
704 if (ss->ciphers != NULL)
705 sk_SSL_CIPHER_free(ss->ciphers);
706 free(ss->tlsext_hostname);
707 free(ss->tlsext_tick);
708 ss->tlsext_ecpointformatlist_length = 0;
709 free(ss->tlsext_ecpointformatlist);
710 ss->tlsext_ellipticcurvelist_length = 0;
711 free(ss->tlsext_ellipticcurvelist);
712 OPENSSL_cleanse(ss, sizeof(*ss));
713 free(ss);
714}
715
716int
717SSL_set_session(SSL *s, SSL_SESSION *session)
718{
719 int ret = 0;
720 const SSL_METHOD *meth;
721
722 if (session != NULL) {
723 meth = s->ctx->method->get_ssl_method(session->ssl_version);
724 if (meth == NULL)
725 meth = s->method->get_ssl_method(session->ssl_version);
726 if (meth == NULL) {
727 SSLerr(SSL_F_SSL_SET_SESSION,
728 SSL_R_UNABLE_TO_FIND_SSL_METHOD);
729 return (0);
730 }
731
732 if (meth != s->method) {
733 if (!SSL_set_ssl_method(s, meth))
734 return (0);
735 }
736
737
738 /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
739 CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
740 if (s->session != NULL)
741 SSL_SESSION_free(s->session);
742 s->session = session;
743 s->verify_result = s->session->verify_result;
744 /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
745 ret = 1;
746 } else {
747 if (s->session != NULL) {
748 SSL_SESSION_free(s->session);
749 s->session = NULL;
750 }
751
752 meth = s->ctx->method;
753 if (meth != s->method) {
754 if (!SSL_set_ssl_method(s, meth))
755 return (0);
756 }
757 ret = 1;
758 }
759 return (ret);
760}
761
762long
763SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
764{
765 if (s == NULL)
766 return (0);
767 s->timeout = t;
768 return (1);
769}
770
771long
772SSL_SESSION_get_timeout(const SSL_SESSION *s)
773{
774 if (s == NULL)
775 return (0);
776 return (s->timeout);
777}
778
779/* XXX 2038 */
780long
781SSL_SESSION_get_time(const SSL_SESSION *s)
782{
783 if (s == NULL)
784 return (0);
785 return (s->time);
786}
787
788/* XXX 2038 */
789long
790SSL_SESSION_set_time(SSL_SESSION *s, long t)
791{
792 if (s == NULL)
793 return (0);
794 s->time = t;
795 return (t);
796}
797
798X509 *
799SSL_SESSION_get0_peer(SSL_SESSION *s)
800{
801 return s->peer;
802}
803
804int
805SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
806 unsigned int sid_ctx_len)
807{
808 if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
809 SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
810 SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
811 return 0;
812 }
813 s->sid_ctx_length = sid_ctx_len;
814 memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
815
816 return 1;
817}
818
819long
820SSL_CTX_set_timeout(SSL_CTX *s, long t)
821{
822 long l;
823
824 if (s == NULL)
825 return (0);
826 l = s->session_timeout;
827 s->session_timeout = t;
828
829 return (l);
830}
831
832long
833SSL_CTX_get_timeout(const SSL_CTX *s)
834{
835 if (s == NULL)
836 return (0);
837 return (s->session_timeout);
838}
839
840int
841SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
842 void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
843 SSL_CIPHER **cipher, void *arg), void *arg)
844{
845 if (s == NULL)
846 return (0);
847 s->tls_session_secret_cb = tls_session_secret_cb;
848 s->tls_session_secret_cb_arg = arg;
849 return (1);
850}
851
852int
853SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
854 void *arg)
855{
856 if (s == NULL)
857 return (0);
858 s->tls_session_ticket_ext_cb = cb;
859 s->tls_session_ticket_ext_cb_arg = arg;
860 return (1);
861}
862
863int
864SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
865{
866 if (s->version >= TLS1_VERSION) {
867 free(s->tlsext_session_ticket);
868 s->tlsext_session_ticket =
869 malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
870 if (!s->tlsext_session_ticket) {
871 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT,
872 ERR_R_MALLOC_FAILURE);
873 return 0;
874 }
875
876 if (ext_data) {
877 s->tlsext_session_ticket->length = ext_len;
878 s->tlsext_session_ticket->data =
879 s->tlsext_session_ticket + 1;
880 memcpy(s->tlsext_session_ticket->data,
881 ext_data, ext_len);
882 } else {
883 s->tlsext_session_ticket->length = 0;
884 s->tlsext_session_ticket->data = NULL;
885 }
886
887 return 1;
888 }
889
890 return 0;
891}
892
893typedef struct timeout_param_st {
894 SSL_CTX *ctx;
895 long time;
896 LHASH_OF(SSL_SESSION) *cache;
897} TIMEOUT_PARAM;
898
899static void
900timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
901{
902 if ((p->time == 0) || (p->time > (s->time + s->timeout))) {
903 /* timeout */
904 /* The reason we don't call SSL_CTX_remove_session() is to
905 * save on locking overhead */
906 (void)lh_SSL_SESSION_delete(p->cache, s);
907 SSL_SESSION_list_remove(p->ctx, s);
908 s->not_resumable = 1;
909 if (p->ctx->remove_session_cb != NULL)
910 p->ctx->remove_session_cb(p->ctx, s);
911 SSL_SESSION_free(s);
912 }
913}
914
915static
916IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
917
918/* XXX 2038 */
919void
920SSL_CTX_flush_sessions(SSL_CTX *s, long t)
921{
922 unsigned long i;
923 TIMEOUT_PARAM tp;
924
925 tp.ctx = s;
926 tp.cache = s->sessions;
927 if (tp.cache == NULL)
928 return;
929 tp.time = t;
930 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
931 i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
932 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
933 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
934 TIMEOUT_PARAM, &tp);
935 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
936 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
937}
938
939int
940ssl_clear_bad_session(SSL *s)
941{
942 if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
943 !(SSL_in_init(s) || SSL_in_before(s))) {
944 SSL_CTX_remove_session(s->ctx, s->session);
945 return (1);
946 } else
947 return (0);
948}
949
950/* locked by SSL_CTX in the calling function */
951static void
952SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
953{
954 if ((s->next == NULL) || (s->prev == NULL))
955 return;
956
957 if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
958 /* last element in list */
959 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
960 /* only one element in list */
961 ctx->session_cache_head = NULL;
962 ctx->session_cache_tail = NULL;
963 } else {
964 ctx->session_cache_tail = s->prev;
965 s->prev->next =
966 (SSL_SESSION *)&(ctx->session_cache_tail);
967 }
968 } else {
969 if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
970 /* first element in list */
971 ctx->session_cache_head = s->next;
972 s->next->prev =
973 (SSL_SESSION *)&(ctx->session_cache_head);
974 } else {
975 /* middle of list */
976 s->next->prev = s->prev;
977 s->prev->next = s->next;
978 }
979 }
980 s->prev = s->next = NULL;
981}
982
983static void
984SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
985{
986 if ((s->next != NULL) && (s->prev != NULL))
987 SSL_SESSION_list_remove(ctx, s);
988
989 if (ctx->session_cache_head == NULL) {
990 ctx->session_cache_head = s;
991 ctx->session_cache_tail = s;
992 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
993 s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
994 } else {
995 s->next = ctx->session_cache_head;
996 s->next->prev = s;
997 s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
998 ctx->session_cache_head = s;
999 }
1000}
1001
1002void
1003SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1004 int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
1005 ctx->new_session_cb = cb;
1006}
1007
1008int
1009(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
1010{
1011 return ctx->new_session_cb;
1012}
1013
1014void
1015SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1016 void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
1017{
1018 ctx->remove_session_cb = cb;
1019}
1020
1021void
1022(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
1023{
1024 return ctx->remove_session_cb;
1025}
1026
1027void
1028SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
1029 unsigned char *data, int len, int *copy))
1030{
1031 ctx->get_session_cb = cb;
1032}
1033
1034SSL_SESSION *
1035(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data,
1036 int len, int *copy)
1037{
1038 return ctx->get_session_cb;
1039}
1040
1041void
1042SSL_CTX_set_info_callback(SSL_CTX *ctx,
1043 void (*cb)(const SSL *ssl, int type, int val))
1044{
1045 ctx->info_callback = cb;
1046}
1047
1048void
1049(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
1050{
1051 return ctx->info_callback;
1052}
1053
1054void
1055SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1056 int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
1057{
1058 ctx->client_cert_cb = cb;
1059}
1060
1061int
1062(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509,
1063 EVP_PKEY **pkey)
1064{
1065 return ctx->client_cert_cb;
1066}
1067
1068#ifndef OPENSSL_NO_ENGINE
1069int
1070SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
1071{
1072 if (!ENGINE_init(e)) {
1073 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
1074 ERR_R_ENGINE_LIB);
1075 return 0;
1076 }
1077 if (!ENGINE_get_ssl_client_cert_function(e)) {
1078 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
1079 SSL_R_NO_CLIENT_CERT_METHOD);
1080 ENGINE_finish(e);
1081 return 0;
1082 }
1083 ctx->client_cert_engine = e;
1084 return 1;
1085}
1086#endif
1087
1088void
1089SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1090 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
1091{
1092 ctx->app_gen_cookie_cb = cb;
1093}
1094
1095void
1096SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1097 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
1098{
1099 ctx->app_verify_cookie_cb = cb;
1100}
1101
1102IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index 6d67d19c25..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,801 +0,0 @@
1/* $OpenBSD: ssl_stat.c,v 1.12 2014/11/16 14:12:47 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86
87#include "ssl_locl.h"
88
89const char *
90SSL_state_string_long(const SSL *s)
91{
92 const char *str;
93
94 switch (s->state) {
95 case SSL_ST_BEFORE:
96 str = "before SSL initialization";
97 break;
98 case SSL_ST_ACCEPT:
99 str = "before accept initialization";
100 break;
101 case SSL_ST_CONNECT:
102 str = "before connect initialization";
103 break;
104 case SSL_ST_OK:
105 str = "SSL negotiation finished successfully";
106 break;
107 case SSL_ST_RENEGOTIATE:
108 str = "SSL renegotiate ciphers";
109 break;
110 case SSL_ST_BEFORE|SSL_ST_CONNECT:
111 str = "before/connect initialization";
112 break;
113 case SSL_ST_OK|SSL_ST_CONNECT:
114 str = "ok/connect SSL initialization";
115 break;
116 case SSL_ST_BEFORE|SSL_ST_ACCEPT:
117 str = "before/accept initialization";
118 break;
119 case SSL_ST_OK|SSL_ST_ACCEPT:
120 str = "ok/accept SSL initialization";
121 break;
122
123 /* SSLv3 additions */
124 case SSL3_ST_CW_CLNT_HELLO_A:
125 str = "SSLv3 write client hello A";
126 break;
127 case SSL3_ST_CW_CLNT_HELLO_B:
128 str = "SSLv3 write client hello B";
129 break;
130 case SSL3_ST_CR_SRVR_HELLO_A:
131 str = "SSLv3 read server hello A";
132 break;
133 case SSL3_ST_CR_SRVR_HELLO_B:
134 str = "SSLv3 read server hello B";
135 break;
136 case SSL3_ST_CR_CERT_A:
137 str = "SSLv3 read server certificate A";
138 break;
139 case SSL3_ST_CR_CERT_B:
140 str = "SSLv3 read server certificate B";
141 break;
142 case SSL3_ST_CR_KEY_EXCH_A:
143 str = "SSLv3 read server key exchange A";
144 break;
145 case SSL3_ST_CR_KEY_EXCH_B:
146 str = "SSLv3 read server key exchange B";
147 break;
148 case SSL3_ST_CR_CERT_REQ_A:
149 str = "SSLv3 read server certificate request A";
150 break;
151 case SSL3_ST_CR_CERT_REQ_B:
152 str = "SSLv3 read server certificate request B";
153 break;
154 case SSL3_ST_CR_SESSION_TICKET_A:
155 str = "SSLv3 read server session ticket A";
156 break;
157 case SSL3_ST_CR_SESSION_TICKET_B:
158 str = "SSLv3 read server session ticket B";
159 break;
160 case SSL3_ST_CR_SRVR_DONE_A:
161 str = "SSLv3 read server done A";
162 break;
163 case SSL3_ST_CR_SRVR_DONE_B:
164 str = "SSLv3 read server done B";
165 break;
166 case SSL3_ST_CW_CERT_A:
167 str = "SSLv3 write client certificate A";
168 break;
169 case SSL3_ST_CW_CERT_B:
170 str = "SSLv3 write client certificate B";
171 break;
172 case SSL3_ST_CW_CERT_C:
173 str = "SSLv3 write client certificate C";
174 break;
175 case SSL3_ST_CW_CERT_D:
176 str = "SSLv3 write client certificate D";
177 break;
178 case SSL3_ST_CW_KEY_EXCH_A:
179 str = "SSLv3 write client key exchange A";
180 break;
181 case SSL3_ST_CW_KEY_EXCH_B:
182 str = "SSLv3 write client key exchange B";
183 break;
184 case SSL3_ST_CW_CERT_VRFY_A:
185 str = "SSLv3 write certificate verify A";
186 break;
187 case SSL3_ST_CW_CERT_VRFY_B:
188 str = "SSLv3 write certificate verify B";
189 break;
190
191 case SSL3_ST_CW_CHANGE_A:
192 case SSL3_ST_SW_CHANGE_A:
193 str = "SSLv3 write change cipher spec A";
194 break;
195 case SSL3_ST_CW_CHANGE_B:
196 case SSL3_ST_SW_CHANGE_B:
197 str = "SSLv3 write change cipher spec B";
198 break;
199 case SSL3_ST_CW_FINISHED_A:
200 case SSL3_ST_SW_FINISHED_A:
201 str = "SSLv3 write finished A";
202 break;
203 case SSL3_ST_CW_FINISHED_B:
204 case SSL3_ST_SW_FINISHED_B:
205 str = "SSLv3 write finished B";
206 break;
207 case SSL3_ST_CR_CHANGE_A:
208 case SSL3_ST_SR_CHANGE_A:
209 str = "SSLv3 read change cipher spec A";
210 break;
211 case SSL3_ST_CR_CHANGE_B:
212 case SSL3_ST_SR_CHANGE_B:
213 str = "SSLv3 read change cipher spec B";
214 break;
215 case SSL3_ST_CR_FINISHED_A:
216 case SSL3_ST_SR_FINISHED_A:
217 str = "SSLv3 read finished A";
218 break;
219 case SSL3_ST_CR_FINISHED_B:
220 case SSL3_ST_SR_FINISHED_B:
221 str = "SSLv3 read finished B";
222 break;
223
224 case SSL3_ST_CW_FLUSH:
225 case SSL3_ST_SW_FLUSH:
226 str = "SSLv3 flush data";
227 break;
228
229 case SSL3_ST_SR_CLNT_HELLO_A:
230 str = "SSLv3 read client hello A";
231 break;
232 case SSL3_ST_SR_CLNT_HELLO_B:
233 str = "SSLv3 read client hello B";
234 break;
235 case SSL3_ST_SR_CLNT_HELLO_C:
236 str = "SSLv3 read client hello C";
237 break;
238 case SSL3_ST_SW_HELLO_REQ_A:
239 str = "SSLv3 write hello request A";
240 break;
241 case SSL3_ST_SW_HELLO_REQ_B:
242 str = "SSLv3 write hello request B";
243 break;
244 case SSL3_ST_SW_HELLO_REQ_C:
245 str = "SSLv3 write hello request C";
246 break;
247 case SSL3_ST_SW_SRVR_HELLO_A:
248 str = "SSLv3 write server hello A";
249 break;
250 case SSL3_ST_SW_SRVR_HELLO_B:
251 str = "SSLv3 write server hello B";
252 break;
253 case SSL3_ST_SW_CERT_A:
254 str = "SSLv3 write certificate A";
255 break;
256 case SSL3_ST_SW_CERT_B:
257 str = "SSLv3 write certificate B";
258 break;
259 case SSL3_ST_SW_KEY_EXCH_A:
260 str = "SSLv3 write key exchange A";
261 break;
262 case SSL3_ST_SW_KEY_EXCH_B:
263 str = "SSLv3 write key exchange B";
264 break;
265 case SSL3_ST_SW_CERT_REQ_A:
266 str = "SSLv3 write certificate request A";
267 break;
268 case SSL3_ST_SW_CERT_REQ_B:
269 str = "SSLv3 write certificate request B";
270 break;
271 case SSL3_ST_SW_SESSION_TICKET_A:
272 str = "SSLv3 write session ticket A";
273 break;
274 case SSL3_ST_SW_SESSION_TICKET_B:
275 str = "SSLv3 write session ticket B";
276 break;
277 case SSL3_ST_SW_SRVR_DONE_A:
278 str = "SSLv3 write server done A";
279 break;
280 case SSL3_ST_SW_SRVR_DONE_B:
281 str = "SSLv3 write server done B";
282 break;
283 case SSL3_ST_SR_CERT_A:
284 str = "SSLv3 read client certificate A";
285 break;
286 case SSL3_ST_SR_CERT_B:
287 str = "SSLv3 read client certificate B";
288 break;
289 case SSL3_ST_SR_KEY_EXCH_A:
290 str = "SSLv3 read client key exchange A";
291 break;
292 case SSL3_ST_SR_KEY_EXCH_B:
293 str = "SSLv3 read client key exchange B";
294 break;
295 case SSL3_ST_SR_CERT_VRFY_A:
296 str = "SSLv3 read certificate verify A";
297 break;
298 case SSL3_ST_SR_CERT_VRFY_B:
299 str = "SSLv3 read certificate verify B";
300 break;
301
302 /* DTLS */
303 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
304 str = "DTLS1 read hello verify request A";
305 break;
306 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
307 str = "DTLS1 read hello verify request B";
308 break;
309 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
310 str = "DTLS1 write hello verify request A";
311 break;
312 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
313 str = "DTLS1 write hello verify request B";
314 break;
315
316 default:
317 str = "unknown state";
318 break;
319 }
320 return (str);
321}
322
323const char *
324SSL_rstate_string_long(const SSL *s)
325{
326 const char *str;
327
328 switch (s->rstate) {
329 case SSL_ST_READ_HEADER:
330 str = "read header";
331 break;
332 case SSL_ST_READ_BODY:
333 str = "read body";
334 break;
335 case SSL_ST_READ_DONE:
336 str = "read done";
337 break;
338 default:
339 str = "unknown";
340 break;
341 }
342 return (str);
343}
344
345const char *
346SSL_state_string(const SSL *s)
347{
348 const char *str;
349
350 switch (s->state) {
351 case SSL_ST_BEFORE:
352 str = "PINIT ";
353 break;
354 case SSL_ST_ACCEPT:
355 str = "AINIT ";
356 break;
357 case SSL_ST_CONNECT:
358 str = "CINIT ";
359 break;
360 case SSL_ST_OK:
361 str = "SSLOK ";
362 break;
363
364 /* SSLv3 additions */
365 case SSL3_ST_SW_FLUSH:
366 case SSL3_ST_CW_FLUSH:
367 str = "3FLUSH";
368 break;
369 case SSL3_ST_CW_CLNT_HELLO_A:
370 str = "3WCH_A";
371 break;
372 case SSL3_ST_CW_CLNT_HELLO_B:
373 str = "3WCH_B";
374 break;
375 case SSL3_ST_CR_SRVR_HELLO_A:
376 str = "3RSH_A";
377 break;
378 case SSL3_ST_CR_SRVR_HELLO_B:
379 str = "3RSH_B";
380 break;
381 case SSL3_ST_CR_CERT_A:
382 str = "3RSC_A";
383 break;
384 case SSL3_ST_CR_CERT_B:
385 str = "3RSC_B";
386 break;
387 case SSL3_ST_CR_KEY_EXCH_A:
388 str = "3RSKEA";
389 break;
390 case SSL3_ST_CR_KEY_EXCH_B:
391 str = "3RSKEB";
392 break;
393 case SSL3_ST_CR_CERT_REQ_A:
394 str = "3RCR_A";
395 break;
396 case SSL3_ST_CR_CERT_REQ_B:
397 str = "3RCR_B";
398 break;
399 case SSL3_ST_CR_SRVR_DONE_A:
400 str = "3RSD_A";
401 break;
402 case SSL3_ST_CR_SRVR_DONE_B:
403 str = "3RSD_B";
404 break;
405 case SSL3_ST_CW_CERT_A:
406 str = "3WCC_A";
407 break;
408 case SSL3_ST_CW_CERT_B:
409 str = "3WCC_B";
410 break;
411 case SSL3_ST_CW_CERT_C:
412 str = "3WCC_C";
413 break;
414 case SSL3_ST_CW_CERT_D:
415 str = "3WCC_D";
416 break;
417 case SSL3_ST_CW_KEY_EXCH_A:
418 str = "3WCKEA";
419 break;
420 case SSL3_ST_CW_KEY_EXCH_B:
421 str = "3WCKEB";
422 break;
423 case SSL3_ST_CW_CERT_VRFY_A:
424 str = "3WCV_A";
425 break;
426 case SSL3_ST_CW_CERT_VRFY_B:
427 str = "3WCV_B";
428 break;
429
430 case SSL3_ST_SW_CHANGE_A:
431 case SSL3_ST_CW_CHANGE_A:
432 str = "3WCCSA";
433 break;
434 case SSL3_ST_SW_CHANGE_B:
435 case SSL3_ST_CW_CHANGE_B:
436 str = "3WCCSB";
437 break;
438 case SSL3_ST_SW_FINISHED_A:
439 case SSL3_ST_CW_FINISHED_A:
440 str = "3WFINA";
441 break;
442 case SSL3_ST_SW_FINISHED_B:
443 case SSL3_ST_CW_FINISHED_B:
444 str = "3WFINB";
445 break;
446 case SSL3_ST_SR_CHANGE_A:
447 case SSL3_ST_CR_CHANGE_A:
448 str = "3RCCSA";
449 break;
450 case SSL3_ST_SR_CHANGE_B:
451 case SSL3_ST_CR_CHANGE_B:
452 str = "3RCCSB";
453 break;
454 case SSL3_ST_SR_FINISHED_A:
455 case SSL3_ST_CR_FINISHED_A:
456 str = "3RFINA";
457 break;
458 case SSL3_ST_SR_FINISHED_B:
459 case SSL3_ST_CR_FINISHED_B:
460 str = "3RFINB";
461 break;
462
463 case SSL3_ST_SW_HELLO_REQ_A:
464 str = "3WHR_A";
465 break;
466 case SSL3_ST_SW_HELLO_REQ_B:
467 str = "3WHR_B";
468 break;
469 case SSL3_ST_SW_HELLO_REQ_C:
470 str = "3WHR_C";
471 break;
472 case SSL3_ST_SR_CLNT_HELLO_A:
473 str = "3RCH_A";
474 break;
475 case SSL3_ST_SR_CLNT_HELLO_B:
476 str = "3RCH_B";
477 break;
478 case SSL3_ST_SR_CLNT_HELLO_C:
479 str = "3RCH_C";
480 break;
481 case SSL3_ST_SW_SRVR_HELLO_A:
482 str = "3WSH_A";
483 break;
484 case SSL3_ST_SW_SRVR_HELLO_B:
485 str = "3WSH_B";
486 break;
487 case SSL3_ST_SW_CERT_A:
488 str = "3WSC_A";
489 break;
490 case SSL3_ST_SW_CERT_B:
491 str = "3WSC_B";
492 break;
493 case SSL3_ST_SW_KEY_EXCH_A:
494 str = "3WSKEA";
495 break;
496 case SSL3_ST_SW_KEY_EXCH_B:
497 str = "3WSKEB";
498 break;
499 case SSL3_ST_SW_CERT_REQ_A:
500 str = "3WCR_A";
501 break;
502 case SSL3_ST_SW_CERT_REQ_B:
503 str = "3WCR_B";
504 break;
505 case SSL3_ST_SW_SRVR_DONE_A:
506 str = "3WSD_A";
507 break;
508 case SSL3_ST_SW_SRVR_DONE_B:
509 str = "3WSD_B";
510 break;
511 case SSL3_ST_SR_CERT_A:
512 str = "3RCC_A";
513 break;
514 case SSL3_ST_SR_CERT_B:
515 str = "3RCC_B";
516 break;
517 case SSL3_ST_SR_KEY_EXCH_A:
518 str = "3RCKEA";
519 break;
520 case SSL3_ST_SR_KEY_EXCH_B:
521 str = "3RCKEB";
522 break;
523 case SSL3_ST_SR_CERT_VRFY_A:
524 str = "3RCV_A";
525 break;
526 case SSL3_ST_SR_CERT_VRFY_B:
527 str = "3RCV_B";
528 break;
529
530 /* DTLS */
531 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
532 str = "DRCHVA";
533 break;
534 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
535 str = "DRCHVB";
536 break;
537 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
538 str = "DWCHVA";
539 break;
540 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
541 str = "DWCHVB";
542 break;
543
544 default:
545 str = "UNKWN ";
546 break;
547 }
548 return (str);
549}
550
551const char *
552SSL_alert_type_string_long(int value)
553{
554 value >>= 8;
555 if (value == SSL3_AL_WARNING)
556 return ("warning");
557 else if (value == SSL3_AL_FATAL)
558 return ("fatal");
559 else
560 return ("unknown");
561}
562
563const char *
564SSL_alert_type_string(int value)
565{
566 value >>= 8;
567 if (value == SSL3_AL_WARNING)
568 return ("W");
569 else if (value == SSL3_AL_FATAL)
570 return ("F");
571 else
572 return ("U");
573}
574
575const char *
576SSL_alert_desc_string(int value)
577{
578 const char *str;
579
580 switch (value & 0xff) {
581 case SSL3_AD_CLOSE_NOTIFY:
582 str = "CN";
583 break;
584 case SSL3_AD_UNEXPECTED_MESSAGE:
585 str = "UM";
586 break;
587 case SSL3_AD_BAD_RECORD_MAC:
588 str = "BM";
589 break;
590 case SSL3_AD_DECOMPRESSION_FAILURE:
591 str = "DF";
592 break;
593 case SSL3_AD_HANDSHAKE_FAILURE:
594 str = "HF";
595 break;
596 case SSL3_AD_NO_CERTIFICATE:
597 str = "NC";
598 break;
599 case SSL3_AD_BAD_CERTIFICATE:
600 str = "BC";
601 break;
602 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
603 str = "UC";
604 break;
605 case SSL3_AD_CERTIFICATE_REVOKED:
606 str = "CR";
607 break;
608 case SSL3_AD_CERTIFICATE_EXPIRED:
609 str = "CE";
610 break;
611 case SSL3_AD_CERTIFICATE_UNKNOWN:
612 str = "CU";
613 break;
614 case SSL3_AD_ILLEGAL_PARAMETER:
615 str = "IP";
616 break;
617 case TLS1_AD_DECRYPTION_FAILED:
618 str = "DC";
619 break;
620 case TLS1_AD_RECORD_OVERFLOW:
621 str = "RO";
622 break;
623 case TLS1_AD_UNKNOWN_CA:
624 str = "CA";
625 break;
626 case TLS1_AD_ACCESS_DENIED:
627 str = "AD";
628 break;
629 case TLS1_AD_DECODE_ERROR:
630 str = "DE";
631 break;
632 case TLS1_AD_DECRYPT_ERROR:
633 str = "CY";
634 break;
635 case TLS1_AD_EXPORT_RESTRICTION:
636 str = "ER";
637 break;
638 case TLS1_AD_PROTOCOL_VERSION:
639 str = "PV";
640 break;
641 case TLS1_AD_INSUFFICIENT_SECURITY:
642 str = "IS";
643 break;
644 case TLS1_AD_INTERNAL_ERROR:
645 str = "IE";
646 break;
647 case TLS1_AD_USER_CANCELLED:
648 str = "US";
649 break;
650 case TLS1_AD_NO_RENEGOTIATION:
651 str = "NR";
652 break;
653 case TLS1_AD_UNSUPPORTED_EXTENSION:
654 str = "UE";
655 break;
656 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
657 str = "CO";
658 break;
659 case TLS1_AD_UNRECOGNIZED_NAME:
660 str = "UN";
661 break;
662 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
663 str = "BR";
664 break;
665 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
666 str = "BH";
667 break;
668 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
669 str = "UP";
670 break;
671 default:
672 str = "UK";
673 break;
674 }
675 return (str);
676}
677
678const char *
679SSL_alert_desc_string_long(int value)
680{
681 const char *str;
682
683 switch (value & 0xff) {
684 case SSL3_AD_CLOSE_NOTIFY:
685 str = "close notify";
686 break;
687 case SSL3_AD_UNEXPECTED_MESSAGE:
688 str = "unexpected_message";
689 break;
690 case SSL3_AD_BAD_RECORD_MAC:
691 str = "bad record mac";
692 break;
693 case SSL3_AD_DECOMPRESSION_FAILURE:
694 str = "decompression failure";
695 break;
696 case SSL3_AD_HANDSHAKE_FAILURE:
697 str = "handshake failure";
698 break;
699 case SSL3_AD_NO_CERTIFICATE:
700 str = "no certificate";
701 break;
702 case SSL3_AD_BAD_CERTIFICATE:
703 str = "bad certificate";
704 break;
705 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
706 str = "unsupported certificate";
707 break;
708 case SSL3_AD_CERTIFICATE_REVOKED:
709 str = "certificate revoked";
710 break;
711 case SSL3_AD_CERTIFICATE_EXPIRED:
712 str = "certificate expired";
713 break;
714 case SSL3_AD_CERTIFICATE_UNKNOWN:
715 str = "certificate unknown";
716 break;
717 case SSL3_AD_ILLEGAL_PARAMETER:
718 str = "illegal parameter";
719 break;
720 case TLS1_AD_DECRYPTION_FAILED:
721 str = "decryption failed";
722 break;
723 case TLS1_AD_RECORD_OVERFLOW:
724 str = "record overflow";
725 break;
726 case TLS1_AD_UNKNOWN_CA:
727 str = "unknown CA";
728 break;
729 case TLS1_AD_ACCESS_DENIED:
730 str = "access denied";
731 break;
732 case TLS1_AD_DECODE_ERROR:
733 str = "decode error";
734 break;
735 case TLS1_AD_DECRYPT_ERROR:
736 str = "decrypt error";
737 break;
738 case TLS1_AD_EXPORT_RESTRICTION:
739 str = "export restriction";
740 break;
741 case TLS1_AD_PROTOCOL_VERSION:
742 str = "protocol version";
743 break;
744 case TLS1_AD_INSUFFICIENT_SECURITY:
745 str = "insufficient security";
746 break;
747 case TLS1_AD_INTERNAL_ERROR:
748 str = "internal error";
749 break;
750 case TLS1_AD_USER_CANCELLED:
751 str = "user canceled";
752 break;
753 case TLS1_AD_NO_RENEGOTIATION:
754 str = "no renegotiation";
755 break;
756 case TLS1_AD_UNSUPPORTED_EXTENSION:
757 str = "unsupported extension";
758 break;
759 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
760 str = "certificate unobtainable";
761 break;
762 case TLS1_AD_UNRECOGNIZED_NAME:
763 str = "unrecognized name";
764 break;
765 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
766 str = "bad certificate status response";
767 break;
768 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
769 str = "bad certificate hash value";
770 break;
771 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
772 str = "unknown PSK identity";
773 break;
774 default:
775 str = "unknown";
776 break;
777 }
778 return (str);
779}
780
781const char *
782SSL_rstate_string(const SSL *s)
783{
784 const char *str;
785
786 switch (s->rstate) {
787 case SSL_ST_READ_HEADER:
788 str = "RH";
789 break;
790 case SSL_ST_READ_BODY:
791 str = "RB";
792 break;
793 case SSL_ST_READ_DONE:
794 str = "RD";
795 break;
796 default:
797 str = "unknown";
798 break;
799 }
800 return (str);
801}
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index c3626dc03a..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,187 +0,0 @@
1/* $OpenBSD: ssl_txt.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
84
85#include <stdio.h>
86
87#include <openssl/buffer.h>
88
89#include "ssl_locl.h"
90
91int
92SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
93{
94 BIO *b;
95 int ret;
96
97 if ((b = BIO_new(BIO_s_file_internal())) == NULL) {
98 SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
99 return (0);
100 }
101 BIO_set_fp(b, fp, BIO_NOCLOSE);
102 ret = SSL_SESSION_print(b, x);
103 BIO_free(b);
104 return (ret);
105}
106
107int
108SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
109{
110 unsigned int i;
111 const char *s;
112
113 if (x == NULL)
114 goto err;
115 if (BIO_puts(bp, "SSL-Session:\n") <= 0)
116 goto err;
117
118 s = ssl_version_string(x->ssl_version);
119 if (BIO_printf(bp, " Protocol : %s\n", s) <= 0)
120 goto err;
121
122 if (x->cipher == NULL) {
123 if (((x->cipher_id) & 0xff000000) == 0x02000000) {
124 if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0)
125 goto err;
126 } else {
127 if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0)
128 goto err;
129 }
130 } else {
131 if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
132 goto err;
133 }
134 if (BIO_puts(bp, " Session-ID: ") <= 0)
135 goto err;
136 for (i = 0; i < x->session_id_length; i++) {
137 if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
138 goto err;
139 }
140 if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0)
141 goto err;
142 for (i = 0; i < x->sid_ctx_length; i++) {
143 if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
144 goto err;
145 }
146 if (BIO_puts(bp, "\n Master-Key: ") <= 0)
147 goto err;
148 for (i = 0; i < (unsigned int)x->master_key_length; i++) {
149 if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
150 goto err;
151 }
152 if (x->tlsext_tick_lifetime_hint) {
153 if (BIO_printf(bp,
154 "\n TLS session ticket lifetime hint: %ld (seconds)",
155 x->tlsext_tick_lifetime_hint) <= 0)
156 goto err;
157 }
158 if (x->tlsext_tick) {
159 if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
160 goto err;
161 if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
162 goto err;
163 }
164
165 if (x->time != 0) {
166 if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
167 goto err;
168 }
169 if (x->timeout != 0L) {
170 if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0)
171 goto err;
172 }
173 if (BIO_puts(bp, "\n") <= 0)
174 goto err;
175
176 if (BIO_puts(bp, " Verify return code: ") <= 0)
177 goto err;
178
179 if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
180 X509_verify_cert_error_string(x->verify_result)) <= 0)
181 goto err;
182
183 return (1);
184err:
185 return (0);
186}
187
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
deleted file mode 100644
index 0dc41af5b3..0000000000
--- a/src/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,193 +0,0 @@
1/* $OpenBSD: t1_clnt.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include "ssl_locl.h"
62
63#include <openssl/buffer.h>
64#include <openssl/evp.h>
65#include <openssl/objects.h>
66
67static const SSL_METHOD *tls1_get_client_method(int ver);
68
69const SSL_METHOD TLSv1_client_method_data = {
70 .version = TLS1_VERSION,
71 .ssl_new = tls1_new,
72 .ssl_clear = tls1_clear,
73 .ssl_free = tls1_free,
74 .ssl_accept = ssl_undefined_function,
75 .ssl_connect = ssl3_connect,
76 .ssl_read = ssl3_read,
77 .ssl_peek = ssl3_peek,
78 .ssl_write = ssl3_write,
79 .ssl_shutdown = ssl3_shutdown,
80 .ssl_renegotiate = ssl3_renegotiate,
81 .ssl_renegotiate_check = ssl3_renegotiate_check,
82 .ssl_get_message = ssl3_get_message,
83 .ssl_read_bytes = ssl3_read_bytes,
84 .ssl_write_bytes = ssl3_write_bytes,
85 .ssl_dispatch_alert = ssl3_dispatch_alert,
86 .ssl_ctrl = ssl3_ctrl,
87 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
88 .get_cipher_by_char = ssl3_get_cipher_by_char,
89 .put_cipher_by_char = ssl3_put_cipher_by_char,
90 .ssl_pending = ssl3_pending,
91 .num_ciphers = ssl3_num_ciphers,
92 .get_cipher = ssl3_get_cipher,
93 .get_ssl_method = tls1_get_client_method,
94 .get_timeout = tls1_default_timeout,
95 .ssl3_enc = &TLSv1_enc_data,
96 .ssl_version = ssl_undefined_void_function,
97 .ssl_callback_ctrl = ssl3_callback_ctrl,
98 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
99};
100
101const SSL_METHOD TLSv1_1_client_method_data = {
102 .version = TLS1_1_VERSION,
103 .ssl_new = tls1_new,
104 .ssl_clear = tls1_clear,
105 .ssl_free = tls1_free,
106 .ssl_accept = ssl_undefined_function,
107 .ssl_connect = ssl3_connect,
108 .ssl_read = ssl3_read,
109 .ssl_peek = ssl3_peek,
110 .ssl_write = ssl3_write,
111 .ssl_shutdown = ssl3_shutdown,
112 .ssl_renegotiate = ssl3_renegotiate,
113 .ssl_renegotiate_check = ssl3_renegotiate_check,
114 .ssl_get_message = ssl3_get_message,
115 .ssl_read_bytes = ssl3_read_bytes,
116 .ssl_write_bytes = ssl3_write_bytes,
117 .ssl_dispatch_alert = ssl3_dispatch_alert,
118 .ssl_ctrl = ssl3_ctrl,
119 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
120 .get_cipher_by_char = ssl3_get_cipher_by_char,
121 .put_cipher_by_char = ssl3_put_cipher_by_char,
122 .ssl_pending = ssl3_pending,
123 .num_ciphers = ssl3_num_ciphers,
124 .get_cipher = ssl3_get_cipher,
125 .get_ssl_method = tls1_get_client_method,
126 .get_timeout = tls1_default_timeout,
127 .ssl3_enc = &TLSv1_1_enc_data,
128 .ssl_version = ssl_undefined_void_function,
129 .ssl_callback_ctrl = ssl3_callback_ctrl,
130 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
131};
132
133const SSL_METHOD TLSv1_2_client_method_data = {
134 .version = TLS1_2_VERSION,
135 .ssl_new = tls1_new,
136 .ssl_clear = tls1_clear,
137 .ssl_free = tls1_free,
138 .ssl_accept = ssl_undefined_function,
139 .ssl_connect = ssl3_connect,
140 .ssl_read = ssl3_read,
141 .ssl_peek = ssl3_peek,
142 .ssl_write = ssl3_write,
143 .ssl_shutdown = ssl3_shutdown,
144 .ssl_renegotiate = ssl3_renegotiate,
145 .ssl_renegotiate_check = ssl3_renegotiate_check,
146 .ssl_get_message = ssl3_get_message,
147 .ssl_read_bytes = ssl3_read_bytes,
148 .ssl_write_bytes = ssl3_write_bytes,
149 .ssl_dispatch_alert = ssl3_dispatch_alert,
150 .ssl_ctrl = ssl3_ctrl,
151 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
152 .get_cipher_by_char = ssl3_get_cipher_by_char,
153 .put_cipher_by_char = ssl3_put_cipher_by_char,
154 .ssl_pending = ssl3_pending,
155 .num_ciphers = ssl3_num_ciphers,
156 .get_cipher = ssl3_get_cipher,
157 .get_ssl_method = tls1_get_client_method,
158 .get_timeout = tls1_default_timeout,
159 .ssl3_enc = &TLSv1_2_enc_data,
160 .ssl_version = ssl_undefined_void_function,
161 .ssl_callback_ctrl = ssl3_callback_ctrl,
162 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
163};
164
165const SSL_METHOD *
166TLSv1_client_method(void)
167{
168 return &TLSv1_client_method_data;
169}
170
171const SSL_METHOD *
172TLSv1_1_client_method(void)
173{
174 return &TLSv1_1_client_method_data;
175}
176
177const SSL_METHOD *
178TLSv1_2_client_method(void)
179{
180 return &TLSv1_2_client_method_data;
181}
182
183static const SSL_METHOD *
184tls1_get_client_method(int ver)
185{
186 if (ver == TLS1_2_VERSION)
187 return (TLSv1_2_client_method());
188 if (ver == TLS1_1_VERSION)
189 return (TLSv1_1_client_method());
190 if (ver == TLS1_VERSION)
191 return (TLSv1_client_method());
192 return (NULL);
193}
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 5cd1688a37..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,1244 +0,0 @@
1/* $OpenBSD: t1_enc.c,v 1.79 2015/07/17 07:04:41 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
137
138#include <stdio.h>
139
140#include "ssl_locl.h"
141
142#include <openssl/evp.h>
143#include <openssl/hmac.h>
144#include <openssl/md5.h>
145
146/* seed1 through seed5 are virtually concatenated */
147static int
148tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
149 const void *seed1, int seed1_len, const void *seed2, int seed2_len,
150 const void *seed3, int seed3_len, const void *seed4, int seed4_len,
151 const void *seed5, int seed5_len, unsigned char *out, int olen)
152{
153 int chunk;
154 size_t j;
155 EVP_MD_CTX ctx, ctx_tmp;
156 EVP_PKEY *mac_key;
157 unsigned char A1[EVP_MAX_MD_SIZE];
158 size_t A1_len;
159 int ret = 0;
160
161 chunk = EVP_MD_size(md);
162 OPENSSL_assert(chunk >= 0);
163
164 EVP_MD_CTX_init(&ctx);
165 EVP_MD_CTX_init(&ctx_tmp);
166 mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
167 if (!mac_key)
168 goto err;
169 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
170 goto err;
171 if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
172 goto err;
173 if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
174 goto err;
175 if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
176 goto err;
177 if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
178 goto err;
179 if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
180 goto err;
181 if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
182 goto err;
183 if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
184 goto err;
185
186 for (;;) {
187 /* Reinit mac contexts */
188 if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
189 goto err;
190 if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
191 goto err;
192 if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
193 goto err;
194 if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len))
195 goto err;
196 if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
197 goto err;
198 if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
199 goto err;
200 if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
201 goto err;
202 if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
203 goto err;
204 if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
205 goto err;
206
207 if (olen > chunk) {
208 if (!EVP_DigestSignFinal(&ctx, out, &j))
209 goto err;
210 out += j;
211 olen -= j;
212 /* calc the next A1 value */
213 if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
214 goto err;
215 } else {
216 /* last one */
217 if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
218 goto err;
219 memcpy(out, A1, olen);
220 break;
221 }
222 }
223 ret = 1;
224
225err:
226 EVP_PKEY_free(mac_key);
227 EVP_MD_CTX_cleanup(&ctx);
228 EVP_MD_CTX_cleanup(&ctx_tmp);
229 OPENSSL_cleanse(A1, sizeof(A1));
230 return ret;
231}
232
233/* seed1 through seed5 are virtually concatenated */
234static int
235tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2,
236 int seed2_len, const void *seed3, int seed3_len, const void *seed4,
237 int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec,
238 int slen, unsigned char *out1, unsigned char *out2, int olen)
239{
240 int len, i, idx, count;
241 const unsigned char *S1;
242 long m;
243 const EVP_MD *md;
244 int ret = 0;
245
246 /* Count number of digests and partition sec evenly */
247 count = 0;
248 for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
249 if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
250 count++;
251 }
252 if (count == 0) {
253 SSLerr(SSL_F_TLS1_PRF,
254 SSL_R_SSL_HANDSHAKE_FAILURE);
255 goto err;
256 }
257 len = slen / count;
258 if (count == 1)
259 slen = 0;
260 S1 = sec;
261 memset(out1, 0, olen);
262 for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
263 if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
264 if (!md) {
265 SSLerr(SSL_F_TLS1_PRF,
266 SSL_R_UNSUPPORTED_DIGEST_TYPE);
267 goto err;
268 }
269 if (!tls1_P_hash(md , S1, len + (slen&1), seed1,
270 seed1_len, seed2, seed2_len, seed3, seed3_len,
271 seed4, seed4_len, seed5, seed5_len, out2, olen))
272 goto err;
273 S1 += len;
274 for (i = 0; i < olen; i++) {
275 out1[i] ^= out2[i];
276 }
277 }
278 }
279 ret = 1;
280
281err:
282 return ret;
283}
284
285static int
286tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num)
287{
288 int ret;
289
290 ret = tls1_PRF(ssl_get_algorithm2(s),
291 TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
292 s->s3->server_random, SSL3_RANDOM_SIZE,
293 s->s3->client_random, SSL3_RANDOM_SIZE,
294 NULL, 0, NULL, 0,
295 s->session->master_key, s->session->master_key_length,
296 km, tmp, num);
297 return ret;
298}
299
300/*
301 * tls1_aead_ctx_init allocates aead_ctx, if needed. It returns 1 on success
302 * and 0 on failure.
303 */
304static int
305tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx)
306{
307 if (*aead_ctx != NULL) {
308 EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx);
309 return (1);
310 }
311
312 *aead_ctx = malloc(sizeof(SSL_AEAD_CTX));
313 if (*aead_ctx == NULL) {
314 SSLerr(SSL_F_TLS1_AEAD_CTX_INIT, ERR_R_MALLOC_FAILURE);
315 return (0);
316 }
317
318 return (1);
319}
320
321static int
322tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
323 unsigned key_len, const unsigned char *iv, unsigned iv_len)
324{
325 const EVP_AEAD *aead = s->s3->tmp.new_aead;
326 SSL_AEAD_CTX *aead_ctx;
327
328 if (is_read) {
329 if (!tls1_aead_ctx_init(&s->aead_read_ctx))
330 return 0;
331 aead_ctx = s->aead_read_ctx;
332 } else {
333 if (!tls1_aead_ctx_init(&s->aead_write_ctx))
334 return 0;
335 aead_ctx = s->aead_write_ctx;
336 }
337
338 if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,
339 EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
340 return (0);
341 if (iv_len > sizeof(aead_ctx->fixed_nonce)) {
342 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
343 ERR_R_INTERNAL_ERROR);
344 return (0);
345 }
346 memcpy(aead_ctx->fixed_nonce, iv, iv_len);
347 aead_ctx->fixed_nonce_len = iv_len;
348 aead_ctx->variable_nonce_len = 8; /* always the case, currently. */
349 aead_ctx->variable_nonce_in_record =
350 (s->s3->tmp.new_cipher->algorithm2 &
351 SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0;
352 if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len !=
353 EVP_AEAD_nonce_length(aead)) {
354 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD,
355 ERR_R_INTERNAL_ERROR);
356 return (0);
357 }
358 aead_ctx->tag_len = EVP_AEAD_max_overhead(aead);
359
360 return (1);
361}
362
363/*
364 * tls1_change_cipher_state_cipher performs the work needed to switch cipher
365 * states when using EVP_CIPHER. The argument is_read is true iff this function
366 * is being called due to reading, as opposed to writing, a ChangeCipherSpec
367 * message. In order to support export ciphersuites, use_client_keys indicates
368 * whether the key material provided is in the "client write" direction.
369 */
370static int
371tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys,
372 const unsigned char *mac_secret, unsigned int mac_secret_size,
373 const unsigned char *key, unsigned int key_len, const unsigned char *iv,
374 unsigned int iv_len)
375{
376 EVP_CIPHER_CTX *cipher_ctx;
377 const EVP_CIPHER *cipher;
378 EVP_MD_CTX *mac_ctx;
379 const EVP_MD *mac;
380 int mac_type;
381
382 cipher = s->s3->tmp.new_sym_enc;
383 mac = s->s3->tmp.new_hash;
384 mac_type = s->s3->tmp.new_mac_pkey_type;
385
386 if (is_read) {
387 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
388 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
389 else
390 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
391
392 EVP_CIPHER_CTX_free(s->enc_read_ctx);
393 s->enc_read_ctx = NULL;
394 EVP_MD_CTX_destroy(s->read_hash);
395 s->read_hash = NULL;
396
397 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
398 goto err;
399 s->enc_read_ctx = cipher_ctx;
400 if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
401 goto err;
402 s->read_hash = mac_ctx;
403 } else {
404 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
405 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
406 else
407 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
408
409 /*
410 * DTLS fragments retain a pointer to the compression, cipher
411 * and hash contexts, so that it can restore state in order
412 * to perform retransmissions. As such, we cannot free write
413 * contexts that are used for DTLS - these are instead freed
414 * by DTLS when its frees a ChangeCipherSpec fragment.
415 */
416 if (!SSL_IS_DTLS(s)) {
417 EVP_CIPHER_CTX_free(s->enc_write_ctx);
418 s->enc_write_ctx = NULL;
419 EVP_MD_CTX_destroy(s->write_hash);
420 s->write_hash = NULL;
421 }
422 if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
423 goto err;
424 s->enc_write_ctx = cipher_ctx;
425 if ((mac_ctx = EVP_MD_CTX_create()) == NULL)
426 goto err;
427 s->write_hash = mac_ctx;
428 }
429
430 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
431 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL,
432 !is_read);
433 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GCM_SET_IV_FIXED,
434 iv_len, (unsigned char *)iv);
435 } else
436 EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read);
437
438 if (!(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
439 EVP_PKEY *mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
440 mac_secret, mac_secret_size);
441 if (mac_key == NULL)
442 goto err;
443 EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key);
444 EVP_PKEY_free(mac_key);
445 } else if (mac_secret_size > 0) {
446 /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
447 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
448 mac_secret_size, (unsigned char *)mac_secret);
449 }
450
451 if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) {
452 int nid;
453 if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
454 nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet;
455 else
456 nid = NID_id_tc26_gost_28147_param_Z;
457
458 EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0);
459 if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC)
460 EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0);
461 }
462
463 return (1);
464
465err:
466 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE);
467 return (0);
468}
469
470int
471tls1_change_cipher_state(SSL *s, int which)
472{
473 const unsigned char *client_write_mac_secret, *server_write_mac_secret;
474 const unsigned char *client_write_key, *server_write_key;
475 const unsigned char *client_write_iv, *server_write_iv;
476 const unsigned char *mac_secret, *key, *iv;
477 int mac_secret_size, key_len, iv_len;
478 unsigned char *key_block, *seq;
479 const EVP_CIPHER *cipher;
480 const EVP_AEAD *aead;
481 char is_read, use_client_keys;
482
483
484 cipher = s->s3->tmp.new_sym_enc;
485 aead = s->s3->tmp.new_aead;
486
487 /*
488 * is_read is true if we have just read a ChangeCipherSpec message,
489 * that is we need to update the read cipherspec. Otherwise we have
490 * just written one.
491 */
492 is_read = (which & SSL3_CC_READ) != 0;
493
494 /*
495 * use_client_keys is true if we wish to use the keys for the "client
496 * write" direction. This is the case if we're a client sending a
497 * ChangeCipherSpec, or a server reading a client's ChangeCipherSpec.
498 */
499 use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
500 (which == SSL3_CHANGE_CIPHER_SERVER_READ));
501
502
503 /*
504 * Reset sequence number to zero - for DTLS this is handled in
505 * dtls1_reset_seq_numbers().
506 */
507 if (!SSL_IS_DTLS(s)) {
508 seq = is_read ? s->s3->read_sequence : s->s3->write_sequence;
509 memset(seq, 0, SSL3_SEQUENCE_SIZE);
510 }
511
512 if (aead != NULL) {
513 key_len = EVP_AEAD_key_length(aead);
514 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher);
515 } else {
516 key_len = EVP_CIPHER_key_length(cipher);
517 iv_len = EVP_CIPHER_iv_length(cipher);
518
519 /* If GCM mode only part of IV comes from PRF. */
520 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
521 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
522 }
523
524 mac_secret_size = s->s3->tmp.new_mac_secret_size;
525
526 key_block = s->s3->tmp.key_block;
527 client_write_mac_secret = key_block;
528 key_block += mac_secret_size;
529 server_write_mac_secret = key_block;
530 key_block += mac_secret_size;
531 client_write_key = key_block;
532 key_block += key_len;
533 server_write_key = key_block;
534 key_block += key_len;
535 client_write_iv = key_block;
536 key_block += iv_len;
537 server_write_iv = key_block;
538 key_block += iv_len;
539
540 if (use_client_keys) {
541 mac_secret = client_write_mac_secret;
542 key = client_write_key;
543 iv = client_write_iv;
544 } else {
545 mac_secret = server_write_mac_secret;
546 key = server_write_key;
547 iv = server_write_iv;
548 }
549
550 if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) {
551 SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
552 goto err2;
553 }
554
555 if (is_read) {
556 memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size);
557 s->s3->read_mac_secret_size = mac_secret_size;
558 } else {
559 memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size);
560 s->s3->write_mac_secret_size = mac_secret_size;
561 }
562
563 if (aead != NULL) {
564 return tls1_change_cipher_state_aead(s, is_read, key, key_len,
565 iv, iv_len);
566 }
567
568 return tls1_change_cipher_state_cipher(s, is_read, use_client_keys,
569 mac_secret, mac_secret_size, key, key_len, iv, iv_len);
570
571err2:
572 return (0);
573}
574
575int
576tls1_setup_key_block(SSL *s)
577{
578 unsigned char *key_block, *tmp_block = NULL;
579 int mac_type = NID_undef, mac_secret_size = 0;
580 int key_block_len, key_len, iv_len;
581 const EVP_CIPHER *cipher = NULL;
582 const EVP_AEAD *aead = NULL;
583 const EVP_MD *mac = NULL;
584 int ret = 0;
585
586 if (s->s3->tmp.key_block_length != 0)
587 return (1);
588
589 if (s->session->cipher &&
590 (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) {
591 if (!ssl_cipher_get_evp_aead(s->session, &aead)) {
592 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
593 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
594 return (0);
595 }
596 key_len = EVP_AEAD_key_length(aead);
597 iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher);
598 } else {
599 if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type,
600 &mac_secret_size)) {
601 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,
602 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
603 return (0);
604 }
605 key_len = EVP_CIPHER_key_length(cipher);
606 iv_len = EVP_CIPHER_iv_length(cipher);
607
608 /* If GCM mode only part of IV comes from PRF. */
609 if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE)
610 iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
611 }
612
613 s->s3->tmp.new_aead = aead;
614 s->s3->tmp.new_sym_enc = cipher;
615 s->s3->tmp.new_hash = mac;
616 s->s3->tmp.new_mac_pkey_type = mac_type;
617 s->s3->tmp.new_mac_secret_size = mac_secret_size;
618
619 ssl3_cleanup_key_block(s);
620
621 if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
622 2)) == NULL) {
623 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
624 goto err;
625 }
626 key_block_len = (mac_secret_size + key_len + iv_len) * 2;
627
628 s->s3->tmp.key_block_length = key_block_len;
629 s->s3->tmp.key_block = key_block;
630
631 if ((tmp_block = malloc(key_block_len)) == NULL) {
632 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
633 goto err;
634 }
635
636 if (!tls1_generate_key_block(s, key_block, tmp_block, key_block_len))
637 goto err;
638
639 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
640 s->method->version <= TLS1_VERSION) {
641 /*
642 * Enable vulnerability countermeasure for CBC ciphers with
643 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
644 */
645 s->s3->need_empty_fragments = 1;
646
647 if (s->session->cipher != NULL) {
648 if (s->session->cipher->algorithm_enc == SSL_eNULL)
649 s->s3->need_empty_fragments = 0;
650
651#ifndef OPENSSL_NO_RC4
652 if (s->session->cipher->algorithm_enc == SSL_RC4)
653 s->s3->need_empty_fragments = 0;
654#endif
655 }
656 }
657
658 ret = 1;
659
660err:
661 if (tmp_block) {
662 OPENSSL_cleanse(tmp_block, key_block_len);
663 free(tmp_block);
664 }
665 return (ret);
666}
667
668/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
669 *
670 * Returns:
671 * 0: (in non-constant time) if the record is publically invalid (i.e. too
672 * short etc).
673 * 1: if the record's padding is valid / the encryption was successful.
674 * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
675 * an internal error occured.
676 */
677int
678tls1_enc(SSL *s, int send)
679{
680 const SSL_AEAD_CTX *aead;
681 const EVP_CIPHER *enc;
682 EVP_CIPHER_CTX *ds;
683 SSL3_RECORD *rec;
684 unsigned char *seq;
685 unsigned long l;
686 int bs, i, j, k, pad = 0, ret, mac_size = 0;
687
688 if (send) {
689 aead = s->aead_write_ctx;
690 rec = &s->s3->wrec;
691 seq = s->s3->write_sequence;
692 } else {
693 aead = s->aead_read_ctx;
694 rec = &s->s3->rrec;
695 seq = s->s3->read_sequence;
696 }
697
698 if (aead) {
699 unsigned char ad[13], *in, *out, nonce[16];
700 unsigned nonce_used;
701 ssize_t n;
702
703 if (SSL_IS_DTLS(s)) {
704 dtls1_build_sequence_number(ad, seq,
705 send ? s->d1->w_epoch : s->d1->r_epoch);
706 } else {
707 memcpy(ad, seq, SSL3_SEQUENCE_SIZE);
708 ssl3_record_sequence_increment(seq);
709 }
710
711 ad[8] = rec->type;
712 ad[9] = (unsigned char)(s->version >> 8);
713 ad[10] = (unsigned char)(s->version);
714
715 if (aead->fixed_nonce_len +
716 aead->variable_nonce_len > sizeof(nonce) ||
717 aead->variable_nonce_len > 8)
718 return -1; /* internal error - should never happen. */
719
720 memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len);
721 nonce_used = aead->fixed_nonce_len;
722
723 if (send) {
724 size_t len = rec->length;
725 size_t eivlen = 0;
726 in = rec->input;
727 out = rec->data;
728
729 /*
730 * When sending we use the sequence number as the
731 * variable part of the nonce.
732 */
733 if (aead->variable_nonce_len > 8)
734 return -1;
735 memcpy(nonce + nonce_used, ad,
736 aead->variable_nonce_len);
737 nonce_used += aead->variable_nonce_len;
738
739 /*
740 * In do_ssl3_write, rec->input is moved forward by
741 * variable_nonce_len in order to leave space for the
742 * variable nonce. Thus we can copy the sequence number
743 * bytes into place without overwriting any of the
744 * plaintext.
745 */
746 if (aead->variable_nonce_in_record) {
747 memcpy(out, ad, aead->variable_nonce_len);
748 len -= aead->variable_nonce_len;
749 eivlen = aead->variable_nonce_len;
750 }
751
752 ad[11] = len >> 8;
753 ad[12] = len & 0xff;
754
755 if (!EVP_AEAD_CTX_seal(&aead->ctx,
756 out + eivlen, &n, len + aead->tag_len, nonce,
757 nonce_used, in + eivlen, len, ad, sizeof(ad)))
758 return -1;
759 if (n >= 0 && aead->variable_nonce_in_record)
760 n += aead->variable_nonce_len;
761 } else {
762 /* receive */
763 size_t len = rec->length;
764
765 if (rec->data != rec->input)
766 return -1; /* internal error - should never happen. */
767 out = in = rec->input;
768
769 if (len < aead->variable_nonce_len)
770 return 0;
771 memcpy(nonce + nonce_used,
772 aead->variable_nonce_in_record ? in : ad,
773 aead->variable_nonce_len);
774 nonce_used += aead->variable_nonce_len;
775
776 if (aead->variable_nonce_in_record) {
777 in += aead->variable_nonce_len;
778 len -= aead->variable_nonce_len;
779 out += aead->variable_nonce_len;
780 }
781
782 if (len < aead->tag_len)
783 return 0;
784 len -= aead->tag_len;
785
786 ad[11] = len >> 8;
787 ad[12] = len & 0xff;
788
789 if (!EVP_AEAD_CTX_open(&aead->ctx, out, &n, len, nonce,
790 nonce_used, in, len + aead->tag_len, ad,
791 sizeof(ad)))
792 return -1;
793
794 rec->data = rec->input = out;
795 }
796
797 if (n == -1)
798 return -1;
799 rec->length = n;
800
801 return 1;
802 }
803
804 if (send) {
805 if (EVP_MD_CTX_md(s->write_hash)) {
806 int n = EVP_MD_CTX_size(s->write_hash);
807 OPENSSL_assert(n >= 0);
808 }
809 ds = s->enc_write_ctx;
810 if (s->enc_write_ctx == NULL)
811 enc = NULL;
812 else {
813 int ivlen = 0;
814 enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
815 if (SSL_USE_EXPLICIT_IV(s) &&
816 EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
817 ivlen = EVP_CIPHER_iv_length(enc);
818 if (ivlen > 1) {
819 if (rec->data != rec->input)
820 /* we can't write into the input stream:
821 * Can this ever happen?? (steve)
822 */
823 fprintf(stderr,
824 "%s:%d: rec->data != rec->input\n",
825 __FILE__, __LINE__);
826 else
827 arc4random_buf(rec->input, ivlen);
828 }
829 }
830 } else {
831 if (EVP_MD_CTX_md(s->read_hash)) {
832 int n = EVP_MD_CTX_size(s->read_hash);
833 OPENSSL_assert(n >= 0);
834 }
835 ds = s->enc_read_ctx;
836 if (s->enc_read_ctx == NULL)
837 enc = NULL;
838 else
839 enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
840 }
841
842 if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
843 memmove(rec->data, rec->input, rec->length);
844 rec->input = rec->data;
845 ret = 1;
846 } else {
847 l = rec->length;
848 bs = EVP_CIPHER_block_size(ds->cipher);
849
850 if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
851 unsigned char buf[13];
852
853 if (SSL_IS_DTLS(s)) {
854 dtls1_build_sequence_number(buf, seq,
855 send ? s->d1->w_epoch : s->d1->r_epoch);
856 } else {
857 memcpy(buf, seq, SSL3_SEQUENCE_SIZE);
858 ssl3_record_sequence_increment(seq);
859 }
860
861 buf[8] = rec->type;
862 buf[9] = (unsigned char)(s->version >> 8);
863 buf[10] = (unsigned char)(s->version);
864 buf[11] = rec->length >> 8;
865 buf[12] = rec->length & 0xff;
866 pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf);
867 if (send) {
868 l += pad;
869 rec->length += pad;
870 }
871 } else if ((bs != 1) && send) {
872 i = bs - ((int)l % bs);
873
874 /* Add weird padding of upto 256 bytes */
875
876 /* we need to add 'i' padding bytes of value j */
877 j = i - 1;
878 for (k = (int)l; k < (int)(l + i); k++)
879 rec->input[k] = j;
880 l += i;
881 rec->length += i;
882 }
883
884 if (!send) {
885 if (l == 0 || l % bs != 0)
886 return 0;
887 }
888
889 i = EVP_Cipher(ds, rec->data, rec->input, l);
890 if ((EVP_CIPHER_flags(ds->cipher) &
891 EVP_CIPH_FLAG_CUSTOM_CIPHER) ? (i < 0) : (i == 0))
892 return -1; /* AEAD can fail to verify MAC */
893 if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
894 rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
895 rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
896 rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
897 }
898
899 ret = 1;
900 if (EVP_MD_CTX_md(s->read_hash) != NULL)
901 mac_size = EVP_MD_CTX_size(s->read_hash);
902 if ((bs != 1) && !send)
903 ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
904 if (pad && !send)
905 rec->length -= pad;
906 }
907 return ret;
908}
909
910int
911tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
912{
913 EVP_MD_CTX ctx, *d = NULL;
914 unsigned int ret;
915 int i;
916
917 if (s->s3->handshake_buffer)
918 if (!ssl3_digest_cached_records(s))
919 return 0;
920
921 for (i = 0; i < SSL_MAX_DIGEST; i++) {
922 if (s->s3->handshake_dgst[i] &&
923 EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
924 d = s->s3->handshake_dgst[i];
925 break;
926 }
927 }
928 if (d == NULL) {
929 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
930 return 0;
931 }
932
933 EVP_MD_CTX_init(&ctx);
934 if (!EVP_MD_CTX_copy_ex(&ctx, d))
935 return 0;
936 EVP_DigestFinal_ex(&ctx, out, &ret);
937 EVP_MD_CTX_cleanup(&ctx);
938
939 return ((int)ret);
940}
941
942int
943tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out)
944{
945 unsigned int i;
946 EVP_MD_CTX ctx;
947 unsigned char buf[2*EVP_MAX_MD_SIZE];
948 unsigned char *q, buf2[12];
949 int idx;
950 long mask;
951 int err = 0;
952 const EVP_MD *md;
953
954 q = buf;
955
956 if (s->s3->handshake_buffer)
957 if (!ssl3_digest_cached_records(s))
958 return 0;
959
960 EVP_MD_CTX_init(&ctx);
961
962 for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
963 if (ssl_get_algorithm2(s) & mask) {
964 int hashsize = EVP_MD_size(md);
965 EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
966 if (!hdgst || hashsize < 0 ||
967 hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
968 /* internal error: 'buf' is too small for this cipersuite! */
969 err = 1;
970 } else {
971 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
972 !EVP_DigestFinal_ex(&ctx, q, &i) ||
973 (i != (unsigned int)hashsize))
974 err = 1;
975 q += hashsize;
976 }
977 }
978 }
979
980 if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf),
981 NULL, 0, NULL, 0, NULL, 0,
982 s->session->master_key, s->session->master_key_length,
983 out, buf2, sizeof buf2))
984 err = 1;
985 EVP_MD_CTX_cleanup(&ctx);
986
987 if (err)
988 return 0;
989 else
990 return sizeof buf2;
991}
992
993int
994tls1_mac(SSL *ssl, unsigned char *md, int send)
995{
996 SSL3_RECORD *rec;
997 unsigned char *seq;
998 EVP_MD_CTX *hash;
999 size_t md_size, orig_len;
1000 EVP_MD_CTX hmac, *mac_ctx;
1001 unsigned char header[13];
1002 int stream_mac = (send ?
1003 (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
1004 (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
1005 int t;
1006
1007 if (send) {
1008 rec = &(ssl->s3->wrec);
1009 seq = &(ssl->s3->write_sequence[0]);
1010 hash = ssl->write_hash;
1011 } else {
1012 rec = &(ssl->s3->rrec);
1013 seq = &(ssl->s3->read_sequence[0]);
1014 hash = ssl->read_hash;
1015 }
1016
1017 t = EVP_MD_CTX_size(hash);
1018 OPENSSL_assert(t >= 0);
1019 md_size = t;
1020
1021 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
1022 if (stream_mac) {
1023 mac_ctx = hash;
1024 } else {
1025 if (!EVP_MD_CTX_copy(&hmac, hash))
1026 return -1;
1027 mac_ctx = &hmac;
1028 }
1029
1030 if (SSL_IS_DTLS(ssl))
1031 dtls1_build_sequence_number(header, seq,
1032 send ? ssl->d1->w_epoch : ssl->d1->r_epoch);
1033 else
1034 memcpy(header, seq, SSL3_SEQUENCE_SIZE);
1035
1036 /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
1037 orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
1038 rec->type &= 0xff;
1039
1040 header[8] = rec->type;
1041 header[9] = (unsigned char)(ssl->version >> 8);
1042 header[10] = (unsigned char)(ssl->version);
1043 header[11] = (rec->length) >> 8;
1044 header[12] = (rec->length) & 0xff;
1045
1046 if (!send &&
1047 EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
1048 ssl3_cbc_record_digest_supported(mac_ctx)) {
1049 /* This is a CBC-encrypted record. We must avoid leaking any
1050 * timing-side channel information about how many blocks of
1051 * data we are hashing because that gives an attacker a
1052 * timing-oracle. */
1053 if (!ssl3_cbc_digest_record(mac_ctx,
1054 md, &md_size, header, rec->input,
1055 rec->length + md_size, orig_len,
1056 ssl->s3->read_mac_secret,
1057 ssl->s3->read_mac_secret_size,
1058 0 /* not SSLv3 */))
1059 return -1;
1060 } else {
1061 EVP_DigestSignUpdate(mac_ctx, header, sizeof(header));
1062 EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length);
1063 t = EVP_DigestSignFinal(mac_ctx, md, &md_size);
1064 OPENSSL_assert(t > 0);
1065 }
1066
1067 if (!stream_mac)
1068 EVP_MD_CTX_cleanup(&hmac);
1069
1070 if (!SSL_IS_DTLS(ssl))
1071 ssl3_record_sequence_increment(seq);
1072
1073 return (md_size);
1074}
1075
1076int
1077tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
1078 int len)
1079{
1080 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
1081
1082 tls1_PRF(ssl_get_algorithm2(s),
1083 TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
1084 s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
1085 s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
1086 p, len, s->session->master_key, buff, sizeof buff);
1087
1088 return (SSL3_MASTER_SECRET_SIZE);
1089}
1090
1091int
1092tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
1093 const char *label, size_t llen, const unsigned char *context,
1094 size_t contextlen, int use_context)
1095{
1096 unsigned char *buff;
1097 unsigned char *val = NULL;
1098 size_t vallen, currentvalpos;
1099 int rv;
1100
1101 buff = malloc(olen);
1102 if (buff == NULL)
1103 goto err2;
1104
1105 /* construct PRF arguments
1106 * we construct the PRF argument ourself rather than passing separate
1107 * values into the TLS PRF to ensure that the concatenation of values
1108 * does not create a prohibited label.
1109 */
1110 vallen = llen + SSL3_RANDOM_SIZE * 2;
1111 if (use_context) {
1112 vallen += 2 + contextlen;
1113 }
1114
1115 val = malloc(vallen);
1116 if (val == NULL)
1117 goto err2;
1118 currentvalpos = 0;
1119 memcpy(val + currentvalpos, (unsigned char *) label, llen);
1120 currentvalpos += llen;
1121 memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
1122 currentvalpos += SSL3_RANDOM_SIZE;
1123 memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
1124 currentvalpos += SSL3_RANDOM_SIZE;
1125
1126 if (use_context) {
1127 val[currentvalpos] = (contextlen >> 8) & 0xff;
1128 currentvalpos++;
1129 val[currentvalpos] = contextlen & 0xff;
1130 currentvalpos++;
1131 if ((contextlen > 0) || (context != NULL)) {
1132 memcpy(val + currentvalpos, context, contextlen);
1133 }
1134 }
1135
1136 /* disallow prohibited labels
1137 * note that SSL3_RANDOM_SIZE > max(prohibited label len) =
1138 * 15, so size of val > max(prohibited label len) = 15 and the
1139 * comparisons won't have buffer overflow
1140 */
1141 if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
1142 TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
1143 goto err1;
1144 if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
1145 TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
1146 goto err1;
1147 if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
1148 TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
1149 goto err1;
1150 if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
1151 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
1152 goto err1;
1153
1154 rv = tls1_PRF(ssl_get_algorithm2(s),
1155 val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0,
1156 s->session->master_key, s->session->master_key_length,
1157 out, buff, olen);
1158
1159 goto ret;
1160err1:
1161 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,
1162 SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
1163 rv = 0;
1164 goto ret;
1165err2:
1166 SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
1167 rv = 0;
1168ret:
1169 free(buff);
1170 free(val);
1171
1172 return (rv);
1173}
1174
1175int
1176tls1_alert_code(int code)
1177{
1178 switch (code) {
1179 case SSL_AD_CLOSE_NOTIFY:
1180 return (SSL3_AD_CLOSE_NOTIFY);
1181 case SSL_AD_UNEXPECTED_MESSAGE:
1182 return (SSL3_AD_UNEXPECTED_MESSAGE);
1183 case SSL_AD_BAD_RECORD_MAC:
1184 return (SSL3_AD_BAD_RECORD_MAC);
1185 case SSL_AD_DECRYPTION_FAILED:
1186 return (TLS1_AD_DECRYPTION_FAILED);
1187 case SSL_AD_RECORD_OVERFLOW:
1188 return (TLS1_AD_RECORD_OVERFLOW);
1189 case SSL_AD_DECOMPRESSION_FAILURE:
1190 return (SSL3_AD_DECOMPRESSION_FAILURE);
1191 case SSL_AD_HANDSHAKE_FAILURE:
1192 return (SSL3_AD_HANDSHAKE_FAILURE);
1193 case SSL_AD_NO_CERTIFICATE:
1194 return (-1);
1195 case SSL_AD_BAD_CERTIFICATE:
1196 return (SSL3_AD_BAD_CERTIFICATE);
1197 case SSL_AD_UNSUPPORTED_CERTIFICATE:
1198 return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
1199 case SSL_AD_CERTIFICATE_REVOKED:
1200 return (SSL3_AD_CERTIFICATE_REVOKED);
1201 case SSL_AD_CERTIFICATE_EXPIRED:
1202 return (SSL3_AD_CERTIFICATE_EXPIRED);
1203 case SSL_AD_CERTIFICATE_UNKNOWN:
1204 return (SSL3_AD_CERTIFICATE_UNKNOWN);
1205 case SSL_AD_ILLEGAL_PARAMETER:
1206 return (SSL3_AD_ILLEGAL_PARAMETER);
1207 case SSL_AD_UNKNOWN_CA:
1208 return (TLS1_AD_UNKNOWN_CA);
1209 case SSL_AD_ACCESS_DENIED:
1210 return (TLS1_AD_ACCESS_DENIED);
1211 case SSL_AD_DECODE_ERROR:
1212 return (TLS1_AD_DECODE_ERROR);
1213 case SSL_AD_DECRYPT_ERROR:
1214 return (TLS1_AD_DECRYPT_ERROR);
1215 case SSL_AD_EXPORT_RESTRICTION:
1216 return (TLS1_AD_EXPORT_RESTRICTION);
1217 case SSL_AD_PROTOCOL_VERSION:
1218 return (TLS1_AD_PROTOCOL_VERSION);
1219 case SSL_AD_INSUFFICIENT_SECURITY:
1220 return (TLS1_AD_INSUFFICIENT_SECURITY);
1221 case SSL_AD_INTERNAL_ERROR:
1222 return (TLS1_AD_INTERNAL_ERROR);
1223 case SSL_AD_INAPPROPRIATE_FALLBACK:
1224 return(TLS1_AD_INAPPROPRIATE_FALLBACK);
1225 case SSL_AD_USER_CANCELLED:
1226 return (TLS1_AD_USER_CANCELLED);
1227 case SSL_AD_NO_RENEGOTIATION:
1228 return (TLS1_AD_NO_RENEGOTIATION);
1229 case SSL_AD_UNSUPPORTED_EXTENSION:
1230 return (TLS1_AD_UNSUPPORTED_EXTENSION);
1231 case SSL_AD_CERTIFICATE_UNOBTAINABLE:
1232 return (TLS1_AD_CERTIFICATE_UNOBTAINABLE);
1233 case SSL_AD_UNRECOGNIZED_NAME:
1234 return (TLS1_AD_UNRECOGNIZED_NAME);
1235 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
1236 return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
1237 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
1238 return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
1239 case SSL_AD_UNKNOWN_PSK_IDENTITY:
1240 return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
1241 default:
1242 return (-1);
1243 }
1244}
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index 9ee495c790..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,2423 +0,0 @@
1/* $OpenBSD: t1_lib.c,v 1.82 2015/07/24 07:57:48 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include <openssl/evp.h>
115#include <openssl/hmac.h>
116#include <openssl/objects.h>
117#include <openssl/ocsp.h>
118
119#include "ssl_locl.h"
120#include "bytestring.h"
121
122static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
123 const unsigned char *sess_id, int sesslen,
124 SSL_SESSION **psess);
125
126SSL3_ENC_METHOD TLSv1_enc_data = {
127 .enc = tls1_enc,
128 .mac = tls1_mac,
129 .setup_key_block = tls1_setup_key_block,
130 .generate_master_secret = tls1_generate_master_secret,
131 .change_cipher_state = tls1_change_cipher_state,
132 .final_finish_mac = tls1_final_finish_mac,
133 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
134 .cert_verify_mac = tls1_cert_verify_mac,
135 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
136 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
137 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
138 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
139 .alert_value = tls1_alert_code,
140 .export_keying_material = tls1_export_keying_material,
141 .enc_flags = 0,
142};
143
144SSL3_ENC_METHOD TLSv1_1_enc_data = {
145 .enc = tls1_enc,
146 .mac = tls1_mac,
147 .setup_key_block = tls1_setup_key_block,
148 .generate_master_secret = tls1_generate_master_secret,
149 .change_cipher_state = tls1_change_cipher_state,
150 .final_finish_mac = tls1_final_finish_mac,
151 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
152 .cert_verify_mac = tls1_cert_verify_mac,
153 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
154 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
155 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
156 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
157 .alert_value = tls1_alert_code,
158 .export_keying_material = tls1_export_keying_material,
159 .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
160};
161
162SSL3_ENC_METHOD TLSv1_2_enc_data = {
163 .enc = tls1_enc,
164 .mac = tls1_mac,
165 .setup_key_block = tls1_setup_key_block,
166 .generate_master_secret = tls1_generate_master_secret,
167 .change_cipher_state = tls1_change_cipher_state,
168 .final_finish_mac = tls1_final_finish_mac,
169 .finish_mac_length = TLS1_FINISH_MAC_LENGTH,
170 .cert_verify_mac = tls1_cert_verify_mac,
171 .client_finished_label = TLS_MD_CLIENT_FINISH_CONST,
172 .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
173 .server_finished_label = TLS_MD_SERVER_FINISH_CONST,
174 .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
175 .alert_value = tls1_alert_code,
176 .export_keying_material = tls1_export_keying_material,
177 .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|
178 SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
179};
180
181long
182tls1_default_timeout(void)
183{
184 /* 2 hours, the 24 hours mentioned in the TLSv1 spec
185 * is way too long for http, the cache would over fill */
186 return (60 * 60 * 2);
187}
188
189int
190tls1_new(SSL *s)
191{
192 if (!ssl3_new(s))
193 return (0);
194 s->method->ssl_clear(s);
195 return (1);
196}
197
198void
199tls1_free(SSL *s)
200{
201 if (s == NULL)
202 return;
203
204 free(s->tlsext_session_ticket);
205 ssl3_free(s);
206}
207
208void
209tls1_clear(SSL *s)
210{
211 ssl3_clear(s);
212 s->version = s->method->version;
213}
214
215
216static int nid_list[] = {
217 NID_sect163k1, /* sect163k1 (1) */
218 NID_sect163r1, /* sect163r1 (2) */
219 NID_sect163r2, /* sect163r2 (3) */
220 NID_sect193r1, /* sect193r1 (4) */
221 NID_sect193r2, /* sect193r2 (5) */
222 NID_sect233k1, /* sect233k1 (6) */
223 NID_sect233r1, /* sect233r1 (7) */
224 NID_sect239k1, /* sect239k1 (8) */
225 NID_sect283k1, /* sect283k1 (9) */
226 NID_sect283r1, /* sect283r1 (10) */
227 NID_sect409k1, /* sect409k1 (11) */
228 NID_sect409r1, /* sect409r1 (12) */
229 NID_sect571k1, /* sect571k1 (13) */
230 NID_sect571r1, /* sect571r1 (14) */
231 NID_secp160k1, /* secp160k1 (15) */
232 NID_secp160r1, /* secp160r1 (16) */
233 NID_secp160r2, /* secp160r2 (17) */
234 NID_secp192k1, /* secp192k1 (18) */
235 NID_X9_62_prime192v1, /* secp192r1 (19) */
236 NID_secp224k1, /* secp224k1 (20) */
237 NID_secp224r1, /* secp224r1 (21) */
238 NID_secp256k1, /* secp256k1 (22) */
239 NID_X9_62_prime256v1, /* secp256r1 (23) */
240 NID_secp384r1, /* secp384r1 (24) */
241 NID_secp521r1, /* secp521r1 (25) */
242 NID_brainpoolP256r1, /* brainpoolP256r1 (26) */
243 NID_brainpoolP384r1, /* brainpoolP384r1 (27) */
244 NID_brainpoolP512r1 /* brainpoolP512r1 (28) */
245};
246
247static const uint8_t ecformats_default[] = {
248 TLSEXT_ECPOINTFORMAT_uncompressed,
249 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
250 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
251};
252
253static const uint16_t eccurves_default[] = {
254 14, /* sect571r1 (14) */
255 13, /* sect571k1 (13) */
256 25, /* secp521r1 (25) */
257 28, /* brainpool512r1 (28) */
258 11, /* sect409k1 (11) */
259 12, /* sect409r1 (12) */
260 27, /* brainpoolP384r1 (27) */
261 24, /* secp384r1 (24) */
262 9, /* sect283k1 (9) */
263 10, /* sect283r1 (10) */
264 26, /* brainpoolP256r1 (26) */
265 22, /* secp256k1 (22) */
266 23, /* secp256r1 (23) */
267 8, /* sect239k1 (8) */
268 6, /* sect233k1 (6) */
269 7, /* sect233r1 (7) */
270 20, /* secp224k1 (20) */
271 21, /* secp224r1 (21) */
272 4, /* sect193r1 (4) */
273 5, /* sect193r2 (5) */
274 18, /* secp192k1 (18) */
275 19, /* secp192r1 (19) */
276 1, /* sect163k1 (1) */
277 2, /* sect163r1 (2) */
278 3, /* sect163r2 (3) */
279 15, /* secp160k1 (15) */
280 16, /* secp160r1 (16) */
281 17, /* secp160r2 (17) */
282};
283
284int
285tls1_ec_curve_id2nid(uint16_t curve_id)
286{
287 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
288 if ((curve_id < 1) ||
289 ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0])))
290 return 0;
291 return nid_list[curve_id - 1];
292}
293
294uint16_t
295tls1_ec_nid2curve_id(int nid)
296{
297 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
298 switch (nid) {
299 case NID_sect163k1: /* sect163k1 (1) */
300 return 1;
301 case NID_sect163r1: /* sect163r1 (2) */
302 return 2;
303 case NID_sect163r2: /* sect163r2 (3) */
304 return 3;
305 case NID_sect193r1: /* sect193r1 (4) */
306 return 4;
307 case NID_sect193r2: /* sect193r2 (5) */
308 return 5;
309 case NID_sect233k1: /* sect233k1 (6) */
310 return 6;
311 case NID_sect233r1: /* sect233r1 (7) */
312 return 7;
313 case NID_sect239k1: /* sect239k1 (8) */
314 return 8;
315 case NID_sect283k1: /* sect283k1 (9) */
316 return 9;
317 case NID_sect283r1: /* sect283r1 (10) */
318 return 10;
319 case NID_sect409k1: /* sect409k1 (11) */
320 return 11;
321 case NID_sect409r1: /* sect409r1 (12) */
322 return 12;
323 case NID_sect571k1: /* sect571k1 (13) */
324 return 13;
325 case NID_sect571r1: /* sect571r1 (14) */
326 return 14;
327 case NID_secp160k1: /* secp160k1 (15) */
328 return 15;
329 case NID_secp160r1: /* secp160r1 (16) */
330 return 16;
331 case NID_secp160r2: /* secp160r2 (17) */
332 return 17;
333 case NID_secp192k1: /* secp192k1 (18) */
334 return 18;
335 case NID_X9_62_prime192v1: /* secp192r1 (19) */
336 return 19;
337 case NID_secp224k1: /* secp224k1 (20) */
338 return 20;
339 case NID_secp224r1: /* secp224r1 (21) */
340 return 21;
341 case NID_secp256k1: /* secp256k1 (22) */
342 return 22;
343 case NID_X9_62_prime256v1: /* secp256r1 (23) */
344 return 23;
345 case NID_secp384r1: /* secp384r1 (24) */
346 return 24;
347 case NID_secp521r1: /* secp521r1 (25) */
348 return 25;
349 case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */
350 return 26;
351 case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */
352 return 27;
353 case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */
354 return 28;
355 default:
356 return 0;
357 }
358}
359
360/*
361 * Return the appropriate format list. If client_formats is non-zero, return
362 * the client/session formats. Otherwise return the custom format list if one
363 * exists, or the default formats if a custom list has not been specified.
364 */
365static void
366tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats,
367 size_t *pformatslen)
368{
369 if (client_formats != 0) {
370 *pformats = s->session->tlsext_ecpointformatlist;
371 *pformatslen = s->session->tlsext_ecpointformatlist_length;
372 return;
373 }
374
375 *pformats = s->tlsext_ecpointformatlist;
376 *pformatslen = s->tlsext_ecpointformatlist_length;
377 if (*pformats == NULL) {
378 *pformats = ecformats_default;
379 *pformatslen = sizeof(ecformats_default);
380 }
381}
382
383/*
384 * Return the appropriate curve list. If client_curves is non-zero, return
385 * the client/session curves. Otherwise return the custom curve list if one
386 * exists, or the default curves if a custom list has not been specified.
387 */
388static void
389tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves,
390 size_t *pcurveslen)
391{
392 if (client_curves != 0) {
393 *pcurves = s->session->tlsext_ellipticcurvelist;
394 *pcurveslen = s->session->tlsext_ellipticcurvelist_length;
395 return;
396 }
397
398 *pcurves = s->tlsext_ellipticcurvelist;
399 *pcurveslen = s->tlsext_ellipticcurvelist_length;
400 if (*pcurves == NULL) {
401 *pcurves = eccurves_default;
402 *pcurveslen = sizeof(eccurves_default) / 2;
403 }
404}
405
406/* Check that a curve is one of our preferences. */
407int
408tls1_check_curve(SSL *s, const unsigned char *p, size_t len)
409{
410 CBS cbs;
411 const uint16_t *curves;
412 size_t curveslen, i;
413 uint8_t type;
414 uint16_t cid;
415
416 CBS_init(&cbs, p, len);
417
418 /* Only named curves are supported. */
419 if (CBS_len(&cbs) != 3 ||
420 !CBS_get_u8(&cbs, &type) ||
421 type != NAMED_CURVE_TYPE ||
422 !CBS_get_u16(&cbs, &cid))
423 return (0);
424
425 tls1_get_curvelist(s, 0, &curves, &curveslen);
426
427 for (i = 0; i < curveslen; i++) {
428 if (curves[i] == cid)
429 return (1);
430 }
431 return (0);
432}
433
434int
435tls1_get_shared_curve(SSL *s)
436{
437 size_t preflen, supplen, i, j;
438 const uint16_t *pref, *supp;
439 unsigned long server_pref;
440
441 /* Cannot do anything on the client side. */
442 if (s->server == 0)
443 return (NID_undef);
444
445 /* Return first preference shared curve. */
446 server_pref = (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
447 tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen);
448 tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen);
449
450 for (i = 0; i < preflen; i++) {
451 for (j = 0; j < supplen; j++) {
452 if (pref[i] == supp[j])
453 return (tls1_ec_curve_id2nid(pref[i]));
454 }
455 }
456 return (NID_undef);
457}
458
459/* For an EC key set TLS ID and required compression based on parameters. */
460static int
461tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
462{
463 const EC_GROUP *grp;
464 const EC_METHOD *meth;
465 int is_prime = 0;
466 int nid, id;
467
468 if (ec == NULL)
469 return (0);
470
471 /* Determine if it is a prime field. */
472 if ((grp = EC_KEY_get0_group(ec)) == NULL)
473 return (0);
474 if ((meth = EC_GROUP_method_of(grp)) == NULL)
475 return (0);
476 if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
477 is_prime = 1;
478
479 /* Determine curve ID. */
480 nid = EC_GROUP_get_curve_name(grp);
481 id = tls1_ec_nid2curve_id(nid);
482
483 /* If we have an ID set it, otherwise set arbitrary explicit curve. */
484 if (id != 0)
485 *curve_id = id;
486 else
487 *curve_id = is_prime ? 0xff01 : 0xff02;
488
489 /* Specify the compression identifier. */
490 if (comp_id != NULL) {
491 if (EC_KEY_get0_public_key(ec) == NULL)
492 return (0);
493
494 if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
495 *comp_id = is_prime ?
496 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime :
497 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
498 } else {
499 *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
500 }
501 }
502 return (1);
503}
504
505/* Check that an EC key is compatible with extensions. */
506static int
507tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id)
508{
509 size_t curveslen, formatslen, i;
510 const uint16_t *curves;
511 const uint8_t *formats;
512
513 /*
514 * Check point formats extension if present, otherwise everything
515 * is supported (see RFC4492).
516 */
517 tls1_get_formatlist(s, 1, &formats, &formatslen);
518 if (comp_id != NULL && formats != NULL) {
519 for (i = 0; i < formatslen; i++) {
520 if (formats[i] == *comp_id)
521 break;
522 }
523 if (i == formatslen)
524 return (0);
525 }
526
527 /*
528 * Check curve list if present, otherwise everything is supported.
529 */
530 tls1_get_curvelist(s, 1, &curves, &curveslen);
531 if (curve_id != NULL && curves != NULL) {
532 for (i = 0; i < curveslen; i++) {
533 if (curves[i] == *curve_id)
534 break;
535 }
536 if (i == curveslen)
537 return (0);
538 }
539
540 return (1);
541}
542
543/* Check EC server key is compatible with client extensions. */
544int
545tls1_check_ec_server_key(SSL *s)
546{
547 CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
548 uint16_t curve_id;
549 uint8_t comp_id;
550 EVP_PKEY *pkey;
551 int rv;
552
553 if (cpk->x509 == NULL || cpk->privatekey == NULL)
554 return (0);
555 if ((pkey = X509_get_pubkey(cpk->x509)) == NULL)
556 return (0);
557 rv = tls1_set_ec_id(&curve_id, &comp_id, pkey->pkey.ec);
558 EVP_PKEY_free(pkey);
559 if (rv != 1)
560 return (0);
561
562 return tls1_check_ec_key(s, &curve_id, &comp_id);
563}
564
565/* Check EC temporary key is compatible with client extensions. */
566int
567tls1_check_ec_tmp_key(SSL *s)
568{
569 EC_KEY *ec = s->cert->ecdh_tmp;
570 uint16_t curve_id;
571
572 if (s->cert->ecdh_tmp_auto != 0) {
573 /* Need a shared curve. */
574 if (tls1_get_shared_curve(s) != NID_undef)
575 return (1);
576 return (0);
577 }
578
579 if (ec == NULL) {
580 if (s->cert->ecdh_tmp_cb != NULL)
581 return (1);
582 return (0);
583 }
584 if (tls1_set_ec_id(&curve_id, NULL, ec) != 1)
585 return (0);
586
587 return tls1_check_ec_key(s, &curve_id, NULL);
588}
589
590/*
591 * List of supported signature algorithms and hashes. Should make this
592 * customisable at some point, for now include everything we support.
593 */
594
595static unsigned char tls12_sigalgs[] = {
596 TLSEXT_hash_sha512, TLSEXT_signature_rsa,
597 TLSEXT_hash_sha512, TLSEXT_signature_dsa,
598 TLSEXT_hash_sha512, TLSEXT_signature_ecdsa,
599#ifndef OPENSSL_NO_GOST
600 TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512,
601#endif
602
603 TLSEXT_hash_sha384, TLSEXT_signature_rsa,
604 TLSEXT_hash_sha384, TLSEXT_signature_dsa,
605 TLSEXT_hash_sha384, TLSEXT_signature_ecdsa,
606
607 TLSEXT_hash_sha256, TLSEXT_signature_rsa,
608 TLSEXT_hash_sha256, TLSEXT_signature_dsa,
609 TLSEXT_hash_sha256, TLSEXT_signature_ecdsa,
610
611#ifndef OPENSSL_NO_GOST
612 TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256,
613 TLSEXT_hash_gost94, TLSEXT_signature_gostr01,
614#endif
615
616 TLSEXT_hash_sha224, TLSEXT_signature_rsa,
617 TLSEXT_hash_sha224, TLSEXT_signature_dsa,
618 TLSEXT_hash_sha224, TLSEXT_signature_ecdsa,
619
620 TLSEXT_hash_sha1, TLSEXT_signature_rsa,
621 TLSEXT_hash_sha1, TLSEXT_signature_dsa,
622 TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
623};
624
625int
626tls12_get_req_sig_algs(SSL *s, unsigned char *p)
627{
628 size_t slen = sizeof(tls12_sigalgs);
629
630 if (p)
631 memcpy(p, tls12_sigalgs, slen);
632 return (int)slen;
633}
634
635unsigned char *
636ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
637{
638 int extdatalen = 0;
639 unsigned char *ret = p;
640 int using_ecc = 0;
641
642 /* See if we support any ECC ciphersuites. */
643 if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION) {
644 STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
645 unsigned long alg_k, alg_a;
646 int i;
647
648 for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
649 SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
650
651 alg_k = c->algorithm_mkey;
652 alg_a = c->algorithm_auth;
653
654 if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
655 (alg_a & SSL_aECDSA))) {
656 using_ecc = 1;
657 break;
658 }
659 }
660 }
661
662 /* don't add extensions for SSLv3 unless doing secure renegotiation */
663 if (s->client_version == SSL3_VERSION &&
664 !s->s3->send_connection_binding)
665 return p;
666
667 ret += 2;
668
669 if (ret >= limit)
670 return NULL; /* this really never occurs, but ... */
671
672 if (s->tlsext_hostname != NULL) {
673 /* Add TLS extension servername to the Client Hello message */
674 size_t size_str, lenmax;
675
676 /* check for enough space.
677 4 for the servername type and extension length
678 2 for servernamelist length
679 1 for the hostname type
680 2 for hostname length
681 + hostname length
682 */
683
684 if ((size_t)(limit - ret) < 9)
685 return NULL;
686
687 lenmax = limit - ret - 9;
688 if ((size_str = strlen(s->tlsext_hostname)) > lenmax)
689 return NULL;
690
691 /* extension type and length */
692 s2n(TLSEXT_TYPE_server_name, ret);
693
694 s2n(size_str + 5, ret);
695
696 /* length of servername list */
697 s2n(size_str + 3, ret);
698
699 /* hostname type, length and hostname */
700 *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
701 s2n(size_str, ret);
702 memcpy(ret, s->tlsext_hostname, size_str);
703 ret += size_str;
704 }
705
706 /* Add RI if renegotiating */
707 if (s->renegotiate) {
708 int el;
709
710 if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
711 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
712 ERR_R_INTERNAL_ERROR);
713 return NULL;
714 }
715
716 if ((size_t)(limit - ret) < 4 + el)
717 return NULL;
718
719 s2n(TLSEXT_TYPE_renegotiate, ret);
720 s2n(el, ret);
721
722 if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
723 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
724 ERR_R_INTERNAL_ERROR);
725 return NULL;
726 }
727
728 ret += el;
729 }
730
731 if (using_ecc) {
732 size_t curveslen, formatslen, lenmax;
733 const uint16_t *curves;
734 const uint8_t *formats;
735 int i;
736
737 /*
738 * Add TLS extension ECPointFormats to the ClientHello message.
739 */
740 tls1_get_formatlist(s, 0, &formats, &formatslen);
741
742 if ((size_t)(limit - ret) < 5)
743 return NULL;
744
745 lenmax = limit - ret - 5;
746 if (formatslen > lenmax)
747 return NULL;
748 if (formatslen > 255) {
749 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
750 ERR_R_INTERNAL_ERROR);
751 return NULL;
752 }
753
754 s2n(TLSEXT_TYPE_ec_point_formats, ret);
755 s2n(formatslen + 1, ret);
756 *(ret++) = (unsigned char)formatslen;
757 memcpy(ret, formats, formatslen);
758 ret += formatslen;
759
760 /*
761 * Add TLS extension EllipticCurves to the ClientHello message.
762 */
763 tls1_get_curvelist(s, 0, &curves, &curveslen);
764
765 if ((size_t)(limit - ret) < 6)
766 return NULL;
767
768 lenmax = limit - ret - 6;
769 if (curveslen > lenmax)
770 return NULL;
771 if (curveslen > 65532) {
772 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
773 ERR_R_INTERNAL_ERROR);
774 return NULL;
775 }
776
777 s2n(TLSEXT_TYPE_elliptic_curves, ret);
778 s2n((curveslen * 2) + 2, ret);
779
780 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
781 * elliptic_curve_list, but the examples use two bytes.
782 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
783 * resolves this to two bytes.
784 */
785 s2n(curveslen * 2, ret);
786 for (i = 0; i < curveslen; i++)
787 s2n(curves[i], ret);
788 }
789
790 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
791 int ticklen;
792 if (!s->new_session && s->session && s->session->tlsext_tick)
793 ticklen = s->session->tlsext_ticklen;
794 else if (s->session && s->tlsext_session_ticket &&
795 s->tlsext_session_ticket->data) {
796 ticklen = s->tlsext_session_ticket->length;
797 s->session->tlsext_tick = malloc(ticklen);
798 if (!s->session->tlsext_tick)
799 return NULL;
800 memcpy(s->session->tlsext_tick,
801 s->tlsext_session_ticket->data, ticklen);
802 s->session->tlsext_ticklen = ticklen;
803 } else
804 ticklen = 0;
805 if (ticklen == 0 && s->tlsext_session_ticket &&
806 s->tlsext_session_ticket->data == NULL)
807 goto skip_ext;
808 /* Check for enough room 2 for extension type, 2 for len
809 * rest for ticket
810 */
811 if ((size_t)(limit - ret) < 4 + ticklen)
812 return NULL;
813 s2n(TLSEXT_TYPE_session_ticket, ret);
814
815 s2n(ticklen, ret);
816 if (ticklen) {
817 memcpy(ret, s->session->tlsext_tick, ticklen);
818 ret += ticklen;
819 }
820 }
821skip_ext:
822
823 if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
824 if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
825 return NULL;
826
827 s2n(TLSEXT_TYPE_signature_algorithms, ret);
828 s2n(sizeof(tls12_sigalgs) + 2, ret);
829 s2n(sizeof(tls12_sigalgs), ret);
830 memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
831 ret += sizeof(tls12_sigalgs);
832 }
833
834 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
835 s->version != DTLS1_VERSION) {
836 int i;
837 long extlen, idlen, itmp;
838 OCSP_RESPID *id;
839
840 idlen = 0;
841 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
842 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
843 itmp = i2d_OCSP_RESPID(id, NULL);
844 if (itmp <= 0)
845 return NULL;
846 idlen += itmp + 2;
847 }
848
849 if (s->tlsext_ocsp_exts) {
850 extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
851 if (extlen < 0)
852 return NULL;
853 } else
854 extlen = 0;
855
856 if ((size_t)(limit - ret) < 7 + extlen + idlen)
857 return NULL;
858 s2n(TLSEXT_TYPE_status_request, ret);
859 if (extlen + idlen > 0xFFF0)
860 return NULL;
861 s2n(extlen + idlen + 5, ret);
862 *(ret++) = TLSEXT_STATUSTYPE_ocsp;
863 s2n(idlen, ret);
864 for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
865 /* save position of id len */
866 unsigned char *q = ret;
867 id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
868 /* skip over id len */
869 ret += 2;
870 itmp = i2d_OCSP_RESPID(id, &ret);
871 /* write id len */
872 s2n(itmp, q);
873 }
874 s2n(extlen, ret);
875 if (extlen > 0)
876 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
877 }
878
879 if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
880 /* The client advertises an emtpy extension to indicate its
881 * support for Next Protocol Negotiation */
882 if ((size_t)(limit - ret) < 4)
883 return NULL;
884 s2n(TLSEXT_TYPE_next_proto_neg, ret);
885 s2n(0, ret);
886 }
887
888 if (s->alpn_client_proto_list != NULL &&
889 s->s3->tmp.finish_md_len == 0) {
890 if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
891 return (NULL);
892 s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
893 s2n(2 + s->alpn_client_proto_list_len, ret);
894 s2n(s->alpn_client_proto_list_len, ret);
895 memcpy(ret, s->alpn_client_proto_list,
896 s->alpn_client_proto_list_len);
897 ret += s->alpn_client_proto_list_len;
898 }
899
900#ifndef OPENSSL_NO_SRTP
901 if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
902 int el;
903
904 ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
905
906 if ((size_t)(limit - ret) < 4 + el)
907 return NULL;
908
909 s2n(TLSEXT_TYPE_use_srtp, ret);
910 s2n(el, ret);
911
912 if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
913 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
914 ERR_R_INTERNAL_ERROR);
915 return NULL;
916 }
917 ret += el;
918 }
919#endif
920
921 /*
922 * Add padding to workaround bugs in F5 terminators.
923 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
924 *
925 * Note that this seems to trigger issues with IronPort SMTP
926 * appliances.
927 *
928 * NB: because this code works out the length of all existing
929 * extensions it MUST always appear last.
930 */
931 if (s->options & SSL_OP_TLSEXT_PADDING) {
932 int hlen = ret - (unsigned char *)s->init_buf->data;
933
934 /*
935 * The code in s23_clnt.c to build ClientHello messages
936 * includes the 5-byte record header in the buffer, while the
937 * code in s3_clnt.c does not.
938 */
939 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
940 hlen -= 5;
941 if (hlen > 0xff && hlen < 0x200) {
942 hlen = 0x200 - hlen;
943 if (hlen >= 4)
944 hlen -= 4;
945 else
946 hlen = 0;
947
948 s2n(TLSEXT_TYPE_padding, ret);
949 s2n(hlen, ret);
950 memset(ret, 0, hlen);
951 ret += hlen;
952 }
953 }
954
955 if ((extdatalen = ret - p - 2) == 0)
956 return p;
957
958 s2n(extdatalen, p);
959 return ret;
960}
961
962unsigned char *
963ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
964{
965 int using_ecc, extdatalen = 0;
966 unsigned long alg_a, alg_k;
967 unsigned char *ret = p;
968 int next_proto_neg_seen;
969
970 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
971 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
972 using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
973 alg_a & SSL_aECDSA) &&
974 s->session->tlsext_ecpointformatlist != NULL;
975
976 /* don't add extensions for SSLv3, unless doing secure renegotiation */
977 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
978 return p;
979
980 ret += 2;
981 if (ret >= limit)
982 return NULL; /* this really never occurs, but ... */
983
984 if (!s->hit && s->servername_done == 1 &&
985 s->session->tlsext_hostname != NULL) {
986 if ((size_t)(limit - ret) < 4)
987 return NULL;
988
989 s2n(TLSEXT_TYPE_server_name, ret);
990 s2n(0, ret);
991 }
992
993 if (s->s3->send_connection_binding) {
994 int el;
995
996 if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
997 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
998 ERR_R_INTERNAL_ERROR);
999 return NULL;
1000 }
1001
1002 if ((size_t)(limit - ret) < 4 + el)
1003 return NULL;
1004
1005 s2n(TLSEXT_TYPE_renegotiate, ret);
1006 s2n(el, ret);
1007
1008 if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
1009 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
1010 ERR_R_INTERNAL_ERROR);
1011 return NULL;
1012 }
1013
1014 ret += el;
1015 }
1016
1017 if (using_ecc && s->version != DTLS1_VERSION) {
1018 const unsigned char *formats;
1019 size_t formatslen, lenmax;
1020
1021 /*
1022 * Add TLS extension ECPointFormats to the ServerHello message.
1023 */
1024 tls1_get_formatlist(s, 0, &formats, &formatslen);
1025
1026 if ((size_t)(limit - ret) < 5)
1027 return NULL;
1028
1029 lenmax = limit - ret - 5;
1030 if (formatslen > lenmax)
1031 return NULL;
1032 if (formatslen > 255) {
1033 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
1034 ERR_R_INTERNAL_ERROR);
1035 return NULL;
1036 }
1037
1038 s2n(TLSEXT_TYPE_ec_point_formats, ret);
1039 s2n(formatslen + 1, ret);
1040 *(ret++) = (unsigned char)formatslen;
1041 memcpy(ret, formats, formatslen);
1042 ret += formatslen;
1043 }
1044
1045 /*
1046 * Currently the server should not respond with a SupportedCurves
1047 * extension.
1048 */
1049
1050 if (s->tlsext_ticket_expected &&
1051 !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
1052 if ((size_t)(limit - ret) < 4)
1053 return NULL;
1054
1055 s2n(TLSEXT_TYPE_session_ticket, ret);
1056 s2n(0, ret);
1057 }
1058
1059 if (s->tlsext_status_expected) {
1060 if ((size_t)(limit - ret) < 4)
1061 return NULL;
1062
1063 s2n(TLSEXT_TYPE_status_request, ret);
1064 s2n(0, ret);
1065 }
1066
1067#ifndef OPENSSL_NO_SRTP
1068 if (SSL_IS_DTLS(s) && s->srtp_profile) {
1069 int el;
1070
1071 ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
1072
1073 if ((size_t)(limit - ret) < 4 + el)
1074 return NULL;
1075
1076 s2n(TLSEXT_TYPE_use_srtp, ret);
1077 s2n(el, ret);
1078
1079 if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
1080 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT,
1081 ERR_R_INTERNAL_ERROR);
1082 return NULL;
1083 }
1084 ret += el;
1085 }
1086#endif
1087
1088 if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 ||
1089 (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) &&
1090 (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
1091 static const unsigned char cryptopro_ext[36] = {
1092 0xfd, 0xe8, /*65000*/
1093 0x00, 0x20, /*32 bytes length*/
1094 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
1095 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
1096 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
1097 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
1098 };
1099 if ((size_t)(limit - ret) < sizeof(cryptopro_ext))
1100 return NULL;
1101 memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext));
1102 ret += sizeof(cryptopro_ext);
1103 }
1104
1105 next_proto_neg_seen = s->s3->next_proto_neg_seen;
1106 s->s3->next_proto_neg_seen = 0;
1107 if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
1108 const unsigned char *npa;
1109 unsigned int npalen;
1110 int r;
1111
1112 r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
1113 s->ctx->next_protos_advertised_cb_arg);
1114 if (r == SSL_TLSEXT_ERR_OK) {
1115 if ((size_t)(limit - ret) < 4 + npalen)
1116 return NULL;
1117 s2n(TLSEXT_TYPE_next_proto_neg, ret);
1118 s2n(npalen, ret);
1119 memcpy(ret, npa, npalen);
1120 ret += npalen;
1121 s->s3->next_proto_neg_seen = 1;
1122 }
1123 }
1124
1125 if (s->s3->alpn_selected != NULL) {
1126 const unsigned char *selected = s->s3->alpn_selected;
1127 unsigned int len = s->s3->alpn_selected_len;
1128
1129 if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
1130 return (NULL);
1131 s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret);
1132 s2n(3 + len, ret);
1133 s2n(1 + len, ret);
1134 *ret++ = len;
1135 memcpy(ret, selected, len);
1136 ret += len;
1137 }
1138
1139 if ((extdatalen = ret - p - 2) == 0)
1140 return p;
1141
1142 s2n(extdatalen, p);
1143 return ret;
1144}
1145
1146/*
1147 * tls1_alpn_handle_client_hello is called to process the ALPN extension in a
1148 * ClientHello.
1149 * data: the contents of the extension, not including the type and length.
1150 * data_len: the number of bytes in data.
1151 * al: a pointer to the alert value to send in the event of a non-zero
1152 * return.
1153 * returns: 1 on success.
1154 */
1155static int
1156tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
1157 unsigned int data_len, int *al)
1158{
1159 CBS cbs, proto_name_list, alpn;
1160 const unsigned char *selected;
1161 unsigned char selected_len;
1162 int r;
1163
1164 if (s->ctx->alpn_select_cb == NULL)
1165 return (1);
1166
1167 if (data_len < 2)
1168 goto parse_error;
1169
1170 CBS_init(&cbs, data, data_len);
1171
1172 /*
1173 * data should contain a uint16 length followed by a series of 8-bit,
1174 * length-prefixed strings.
1175 */
1176 if (!CBS_get_u16_length_prefixed(&cbs, &alpn) ||
1177 CBS_len(&alpn) < 2 ||
1178 CBS_len(&cbs) != 0)
1179 goto parse_error;
1180
1181 /* Validate data before sending to callback. */
1182 CBS_dup(&alpn, &proto_name_list);
1183 while (CBS_len(&proto_name_list) > 0) {
1184 CBS proto_name;
1185
1186 if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name) ||
1187 CBS_len(&proto_name) == 0)
1188 goto parse_error;
1189 }
1190
1191 r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
1192 CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg);
1193 if (r == SSL_TLSEXT_ERR_OK) {
1194 free(s->s3->alpn_selected);
1195 if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) {
1196 *al = SSL_AD_INTERNAL_ERROR;
1197 return (-1);
1198 }
1199 memcpy(s->s3->alpn_selected, selected, selected_len);
1200 s->s3->alpn_selected_len = selected_len;
1201 }
1202
1203 return (1);
1204
1205parse_error:
1206 *al = SSL_AD_DECODE_ERROR;
1207 return (0);
1208}
1209
1210int
1211ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1212 int n, int *al)
1213{
1214 unsigned short type;
1215 unsigned short size;
1216 unsigned short len;
1217 unsigned char *data = *p;
1218 int renegotiate_seen = 0;
1219 int sigalg_seen = 0;
1220
1221 s->servername_done = 0;
1222 s->tlsext_status_type = -1;
1223 s->s3->next_proto_neg_seen = 0;
1224 free(s->s3->alpn_selected);
1225 s->s3->alpn_selected = NULL;
1226
1227 if (data >= (d + n - 2))
1228 goto ri_check;
1229 n2s(data, len);
1230
1231 if (data > (d + n - len))
1232 goto ri_check;
1233
1234 while (data <= (d + n - 4)) {
1235 n2s(data, type);
1236 n2s(data, size);
1237
1238 if (data + size > (d + n))
1239 goto ri_check;
1240 if (s->tlsext_debug_cb)
1241 s->tlsext_debug_cb(s, 0, type, data, size,
1242 s->tlsext_debug_arg);
1243/* The servername extension is treated as follows:
1244
1245 - Only the hostname type is supported with a maximum length of 255.
1246 - The servername is rejected if too long or if it contains zeros,
1247 in which case an fatal alert is generated.
1248 - The servername field is maintained together with the session cache.
1249 - When a session is resumed, the servername call back invoked in order
1250 to allow the application to position itself to the right context.
1251 - The servername is acknowledged if it is new for a session or when
1252 it is identical to a previously used for the same session.
1253 Applications can control the behaviour. They can at any time
1254 set a 'desirable' servername for a new SSL object. This can be the
1255 case for example with HTTPS when a Host: header field is received and
1256 a renegotiation is requested. In this case, a possible servername
1257 presented in the new client hello is only acknowledged if it matches
1258 the value of the Host: field.
1259 - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
1260 if they provide for changing an explicit servername context for the session,
1261 i.e. when the session has been established with a servername extension.
1262 - On session reconnect, the servername extension may be absent.
1263
1264*/
1265
1266 if (type == TLSEXT_TYPE_server_name) {
1267 unsigned char *sdata;
1268 int servname_type;
1269 int dsize;
1270
1271 if (size < 2) {
1272 *al = SSL_AD_DECODE_ERROR;
1273 return 0;
1274 }
1275 n2s(data, dsize);
1276
1277 size -= 2;
1278 if (dsize > size) {
1279 *al = SSL_AD_DECODE_ERROR;
1280 return 0;
1281 }
1282
1283 sdata = data;
1284 while (dsize > 3) {
1285 servname_type = *(sdata++);
1286
1287 n2s(sdata, len);
1288 dsize -= 3;
1289
1290 if (len > dsize) {
1291 *al = SSL_AD_DECODE_ERROR;
1292 return 0;
1293 }
1294 if (s->servername_done == 0)
1295 switch (servname_type) {
1296 case TLSEXT_NAMETYPE_host_name:
1297 if (!s->hit) {
1298 if (s->session->tlsext_hostname) {
1299 *al = SSL_AD_DECODE_ERROR;
1300 return 0;
1301 }
1302 if (len > TLSEXT_MAXLEN_host_name) {
1303 *al = TLS1_AD_UNRECOGNIZED_NAME;
1304 return 0;
1305 }
1306 if ((s->session->tlsext_hostname =
1307 malloc(len + 1)) == NULL) {
1308 *al = TLS1_AD_INTERNAL_ERROR;
1309 return 0;
1310 }
1311 memcpy(s->session->tlsext_hostname, sdata, len);
1312 s->session->tlsext_hostname[len] = '\0';
1313 if (strlen(s->session->tlsext_hostname) != len) {
1314 free(s->session->tlsext_hostname);
1315 s->session->tlsext_hostname = NULL;
1316 *al = TLS1_AD_UNRECOGNIZED_NAME;
1317 return 0;
1318 }
1319 s->servername_done = 1;
1320
1321
1322 } else {
1323 s->servername_done = s->session->tlsext_hostname &&
1324 strlen(s->session->tlsext_hostname) == len &&
1325 strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
1326 }
1327 break;
1328
1329 default:
1330 break;
1331 }
1332
1333 dsize -= len;
1334 }
1335 if (dsize != 0) {
1336 *al = SSL_AD_DECODE_ERROR;
1337 return 0;
1338 }
1339
1340 }
1341
1342 else if (type == TLSEXT_TYPE_ec_point_formats &&
1343 s->version != DTLS1_VERSION) {
1344 unsigned char *sdata = data;
1345 size_t formatslen;
1346 uint8_t *formats;
1347
1348 if (size < 1) {
1349 *al = TLS1_AD_DECODE_ERROR;
1350 return 0;
1351 }
1352 formatslen = *(sdata++);
1353 if (formatslen != size - 1) {
1354 *al = TLS1_AD_DECODE_ERROR;
1355 return 0;
1356 }
1357
1358 if (!s->hit) {
1359 free(s->session->tlsext_ecpointformatlist);
1360 s->session->tlsext_ecpointformatlist = NULL;
1361 s->session->tlsext_ecpointformatlist_length = 0;
1362
1363 if ((formats = reallocarray(NULL, formatslen,
1364 sizeof(uint8_t))) == NULL) {
1365 *al = TLS1_AD_INTERNAL_ERROR;
1366 return 0;
1367 }
1368 memcpy(formats, sdata, formatslen);
1369 s->session->tlsext_ecpointformatlist = formats;
1370 s->session->tlsext_ecpointformatlist_length =
1371 formatslen;
1372 }
1373 } else if (type == TLSEXT_TYPE_elliptic_curves &&
1374 s->version != DTLS1_VERSION) {
1375 unsigned char *sdata = data;
1376 size_t curveslen, i;
1377 uint16_t *curves;
1378
1379 if (size < 2) {
1380 *al = TLS1_AD_DECODE_ERROR;
1381 return 0;
1382 }
1383 n2s(sdata, curveslen);
1384 if (curveslen != size - 2 || curveslen % 2 != 0) {
1385 *al = TLS1_AD_DECODE_ERROR;
1386 return 0;
1387 }
1388 curveslen /= 2;
1389
1390 if (!s->hit) {
1391 if (s->session->tlsext_ellipticcurvelist) {
1392 *al = TLS1_AD_DECODE_ERROR;
1393 return 0;
1394 }
1395 s->session->tlsext_ellipticcurvelist_length = 0;
1396 if ((curves = reallocarray(NULL, curveslen,
1397 sizeof(uint16_t))) == NULL) {
1398 *al = TLS1_AD_INTERNAL_ERROR;
1399 return 0;
1400 }
1401 for (i = 0; i < curveslen; i++)
1402 n2s(sdata, curves[i]);
1403 s->session->tlsext_ellipticcurvelist = curves;
1404 s->session->tlsext_ellipticcurvelist_length = curveslen;
1405 }
1406 }
1407 else if (type == TLSEXT_TYPE_session_ticket) {
1408 if (s->tls_session_ticket_ext_cb &&
1409 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
1410 *al = TLS1_AD_INTERNAL_ERROR;
1411 return 0;
1412 }
1413 } else if (type == TLSEXT_TYPE_renegotiate) {
1414 if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
1415 return 0;
1416 renegotiate_seen = 1;
1417 } else if (type == TLSEXT_TYPE_signature_algorithms) {
1418 int dsize;
1419 if (sigalg_seen || size < 2) {
1420 *al = SSL_AD_DECODE_ERROR;
1421 return 0;
1422 }
1423 sigalg_seen = 1;
1424 n2s(data, dsize);
1425 size -= 2;
1426 if (dsize != size || dsize & 1) {
1427 *al = SSL_AD_DECODE_ERROR;
1428 return 0;
1429 }
1430 if (!tls1_process_sigalgs(s, data, dsize)) {
1431 *al = SSL_AD_DECODE_ERROR;
1432 return 0;
1433 }
1434 } else if (type == TLSEXT_TYPE_status_request &&
1435 s->version != DTLS1_VERSION) {
1436
1437 if (size < 5) {
1438 *al = SSL_AD_DECODE_ERROR;
1439 return 0;
1440 }
1441
1442 s->tlsext_status_type = *data++;
1443 size--;
1444 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
1445 const unsigned char *sdata;
1446 int dsize;
1447 /* Read in responder_id_list */
1448 n2s(data, dsize);
1449 size -= 2;
1450 if (dsize > size ) {
1451 *al = SSL_AD_DECODE_ERROR;
1452 return 0;
1453 }
1454 while (dsize > 0) {
1455 OCSP_RESPID *id;
1456 int idsize;
1457 if (dsize < 4) {
1458 *al = SSL_AD_DECODE_ERROR;
1459 return 0;
1460 }
1461 n2s(data, idsize);
1462 dsize -= 2 + idsize;
1463 size -= 2 + idsize;
1464 if (dsize < 0) {
1465 *al = SSL_AD_DECODE_ERROR;
1466 return 0;
1467 }
1468 sdata = data;
1469 data += idsize;
1470 id = d2i_OCSP_RESPID(NULL,
1471 &sdata, idsize);
1472 if (!id) {
1473 *al = SSL_AD_DECODE_ERROR;
1474 return 0;
1475 }
1476 if (data != sdata) {
1477 OCSP_RESPID_free(id);
1478 *al = SSL_AD_DECODE_ERROR;
1479 return 0;
1480 }
1481 if (!s->tlsext_ocsp_ids &&
1482 !(s->tlsext_ocsp_ids =
1483 sk_OCSP_RESPID_new_null())) {
1484 OCSP_RESPID_free(id);
1485 *al = SSL_AD_INTERNAL_ERROR;
1486 return 0;
1487 }
1488 if (!sk_OCSP_RESPID_push(
1489 s->tlsext_ocsp_ids, id)) {
1490 OCSP_RESPID_free(id);
1491 *al = SSL_AD_INTERNAL_ERROR;
1492 return 0;
1493 }
1494 }
1495
1496 /* Read in request_extensions */
1497 if (size < 2) {
1498 *al = SSL_AD_DECODE_ERROR;
1499 return 0;
1500 }
1501 n2s(data, dsize);
1502 size -= 2;
1503 if (dsize != size) {
1504 *al = SSL_AD_DECODE_ERROR;
1505 return 0;
1506 }
1507 sdata = data;
1508 if (dsize > 0) {
1509 if (s->tlsext_ocsp_exts) {
1510 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
1511 X509_EXTENSION_free);
1512 }
1513
1514 s->tlsext_ocsp_exts =
1515 d2i_X509_EXTENSIONS(NULL,
1516 &sdata, dsize);
1517 if (!s->tlsext_ocsp_exts ||
1518 (data + dsize != sdata)) {
1519 *al = SSL_AD_DECODE_ERROR;
1520 return 0;
1521 }
1522 }
1523 } else {
1524 /* We don't know what to do with any other type
1525 * so ignore it.
1526 */
1527 s->tlsext_status_type = -1;
1528 }
1529 }
1530 else if (type == TLSEXT_TYPE_next_proto_neg &&
1531 s->s3->tmp.finish_md_len == 0 &&
1532 s->s3->alpn_selected == NULL) {
1533 /* We shouldn't accept this extension on a
1534 * renegotiation.
1535 *
1536 * s->new_session will be set on renegotiation, but we
1537 * probably shouldn't rely that it couldn't be set on
1538 * the initial renegotation too in certain cases (when
1539 * there's some other reason to disallow resuming an
1540 * earlier session -- the current code won't be doing
1541 * anything like that, but this might change).
1542
1543 * A valid sign that there's been a previous handshake
1544 * in this connection is if s->s3->tmp.finish_md_len >
1545 * 0. (We are talking about a check that will happen
1546 * in the Hello protocol round, well before a new
1547 * Finished message could have been computed.) */
1548 s->s3->next_proto_neg_seen = 1;
1549 }
1550 else if (type ==
1551 TLSEXT_TYPE_application_layer_protocol_negotiation &&
1552 s->ctx->alpn_select_cb != NULL &&
1553 s->s3->tmp.finish_md_len == 0) {
1554 if (tls1_alpn_handle_client_hello(s, data,
1555 size, al) != 1)
1556 return (0);
1557 /* ALPN takes precedence over NPN. */
1558 s->s3->next_proto_neg_seen = 0;
1559 }
1560
1561 /* session ticket processed earlier */
1562#ifndef OPENSSL_NO_SRTP
1563 else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
1564 if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
1565 return 0;
1566 }
1567#endif
1568
1569 data += size;
1570 }
1571
1572 *p = data;
1573
1574ri_check:
1575
1576 /* Need RI if renegotiating */
1577
1578 if (!renegotiate_seen && s->renegotiate) {
1579 *al = SSL_AD_HANDSHAKE_FAILURE;
1580 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
1581 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1582 return 0;
1583 }
1584
1585 return 1;
1586}
1587
1588/*
1589 * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
1590 * elements of zero length are allowed and the set of elements must exactly fill
1591 * the length of the block.
1592 */
1593static char
1594ssl_next_proto_validate(const unsigned char *d, unsigned int len)
1595{
1596 CBS npn, value;
1597
1598 CBS_init(&npn, d, len);
1599 while (CBS_len(&npn) > 0) {
1600 if (!CBS_get_u8_length_prefixed(&npn, &value) ||
1601 CBS_len(&value) == 0)
1602 return 0;
1603 }
1604 return 1;
1605}
1606
1607int
1608ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
1609 int n, int *al)
1610{
1611 unsigned short length;
1612 unsigned short type;
1613 unsigned short size;
1614 unsigned char *data = *p;
1615 int tlsext_servername = 0;
1616 int renegotiate_seen = 0;
1617
1618 s->s3->next_proto_neg_seen = 0;
1619 free(s->s3->alpn_selected);
1620 s->s3->alpn_selected = NULL;
1621
1622 if (data >= (d + n - 2))
1623 goto ri_check;
1624
1625 n2s(data, length);
1626 if (data + length != d + n) {
1627 *al = SSL_AD_DECODE_ERROR;
1628 return 0;
1629 }
1630
1631 while (data <= (d + n - 4)) {
1632 n2s(data, type);
1633 n2s(data, size);
1634
1635 if (data + size > (d + n))
1636 goto ri_check;
1637
1638 if (s->tlsext_debug_cb)
1639 s->tlsext_debug_cb(s, 1, type, data, size,
1640 s->tlsext_debug_arg);
1641
1642 if (type == TLSEXT_TYPE_server_name) {
1643 if (s->tlsext_hostname == NULL || size > 0) {
1644 *al = TLS1_AD_UNRECOGNIZED_NAME;
1645 return 0;
1646 }
1647 tlsext_servername = 1;
1648
1649 }
1650 else if (type == TLSEXT_TYPE_ec_point_formats &&
1651 s->version != DTLS1_VERSION) {
1652 unsigned char *sdata = data;
1653 size_t formatslen;
1654 uint8_t *formats;
1655
1656 if (size < 1) {
1657 *al = TLS1_AD_DECODE_ERROR;
1658 return 0;
1659 }
1660 formatslen = *(sdata++);
1661 if (formatslen != size - 1) {
1662 *al = TLS1_AD_DECODE_ERROR;
1663 return 0;
1664 }
1665
1666 if (!s->hit) {
1667 free(s->session->tlsext_ecpointformatlist);
1668 s->session->tlsext_ecpointformatlist = NULL;
1669 s->session->tlsext_ecpointformatlist_length = 0;
1670
1671 if ((formats = reallocarray(NULL, formatslen,
1672 sizeof(uint8_t))) == NULL) {
1673 *al = TLS1_AD_INTERNAL_ERROR;
1674 return 0;
1675 }
1676 memcpy(formats, sdata, formatslen);
1677 s->session->tlsext_ecpointformatlist = formats;
1678 s->session->tlsext_ecpointformatlist_length =
1679 formatslen;
1680 }
1681 }
1682 else if (type == TLSEXT_TYPE_session_ticket) {
1683 if (s->tls_session_ticket_ext_cb &&
1684 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) {
1685 *al = TLS1_AD_INTERNAL_ERROR;
1686 return 0;
1687 }
1688 if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) {
1689 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1690 return 0;
1691 }
1692 s->tlsext_ticket_expected = 1;
1693 }
1694 else if (type == TLSEXT_TYPE_status_request &&
1695 s->version != DTLS1_VERSION) {
1696 /* MUST be empty and only sent if we've requested
1697 * a status request message.
1698 */
1699 if ((s->tlsext_status_type == -1) || (size > 0)) {
1700 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1701 return 0;
1702 }
1703 /* Set flag to expect CertificateStatus message */
1704 s->tlsext_status_expected = 1;
1705 }
1706 else if (type == TLSEXT_TYPE_next_proto_neg &&
1707 s->s3->tmp.finish_md_len == 0) {
1708 unsigned char *selected;
1709 unsigned char selected_len;
1710
1711 /* We must have requested it. */
1712 if (s->ctx->next_proto_select_cb == NULL) {
1713 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1714 return 0;
1715 }
1716 /* The data must be valid */
1717 if (!ssl_next_proto_validate(data, size)) {
1718 *al = TLS1_AD_DECODE_ERROR;
1719 return 0;
1720 }
1721 if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) {
1722 *al = TLS1_AD_INTERNAL_ERROR;
1723 return 0;
1724 }
1725 s->next_proto_negotiated = malloc(selected_len);
1726 if (!s->next_proto_negotiated) {
1727 *al = TLS1_AD_INTERNAL_ERROR;
1728 return 0;
1729 }
1730 memcpy(s->next_proto_negotiated, selected, selected_len);
1731 s->next_proto_negotiated_len = selected_len;
1732 s->s3->next_proto_neg_seen = 1;
1733 }
1734 else if (type ==
1735 TLSEXT_TYPE_application_layer_protocol_negotiation) {
1736 unsigned int len;
1737
1738 /* We must have requested it. */
1739 if (s->alpn_client_proto_list == NULL) {
1740 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1741 return 0;
1742 }
1743 if (size < 4) {
1744 *al = TLS1_AD_DECODE_ERROR;
1745 return (0);
1746 }
1747
1748 /* The extension data consists of:
1749 * uint16 list_length
1750 * uint8 proto_length;
1751 * uint8 proto[proto_length]; */
1752 len = ((unsigned int)data[0]) << 8 |
1753 ((unsigned int)data[1]);
1754 if (len != (unsigned int)size - 2) {
1755 *al = TLS1_AD_DECODE_ERROR;
1756 return (0);
1757 }
1758 len = data[2];
1759 if (len != (unsigned int)size - 3) {
1760 *al = TLS1_AD_DECODE_ERROR;
1761 return (0);
1762 }
1763 free(s->s3->alpn_selected);
1764 s->s3->alpn_selected = malloc(len);
1765 if (s->s3->alpn_selected == NULL) {
1766 *al = TLS1_AD_INTERNAL_ERROR;
1767 return (0);
1768 }
1769 memcpy(s->s3->alpn_selected, data + 3, len);
1770 s->s3->alpn_selected_len = len;
1771
1772 } else if (type == TLSEXT_TYPE_renegotiate) {
1773 if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1774 return 0;
1775 renegotiate_seen = 1;
1776 }
1777#ifndef OPENSSL_NO_SRTP
1778 else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
1779 if (ssl_parse_serverhello_use_srtp_ext(s, data,
1780 size, al))
1781 return 0;
1782 }
1783#endif
1784
1785 data += size;
1786
1787 }
1788
1789 if (data != d + n) {
1790 *al = SSL_AD_DECODE_ERROR;
1791 return 0;
1792 }
1793
1794 if (!s->hit && tlsext_servername == 1) {
1795 if (s->tlsext_hostname) {
1796 if (s->session->tlsext_hostname == NULL) {
1797 s->session->tlsext_hostname =
1798 strdup(s->tlsext_hostname);
1799
1800 if (!s->session->tlsext_hostname) {
1801 *al = SSL_AD_UNRECOGNIZED_NAME;
1802 return 0;
1803 }
1804 } else {
1805 *al = SSL_AD_DECODE_ERROR;
1806 return 0;
1807 }
1808 }
1809 }
1810
1811 *p = data;
1812
1813ri_check:
1814
1815 /* Determine if we need to see RI. Strictly speaking if we want to
1816 * avoid an attack we should *always* see RI even on initial server
1817 * hello because the client doesn't see any renegotiation during an
1818 * attack. However this would mean we could not connect to any server
1819 * which doesn't support RI so for the immediate future tolerate RI
1820 * absence on initial connect only.
1821 */
1822 if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
1823 *al = SSL_AD_HANDSHAKE_FAILURE;
1824 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
1825 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1826 return 0;
1827 }
1828
1829 return 1;
1830}
1831
1832int
1833ssl_prepare_clienthello_tlsext(SSL *s)
1834{
1835 return 1;
1836}
1837
1838int
1839ssl_prepare_serverhello_tlsext(SSL *s)
1840{
1841 return 1;
1842}
1843
1844int
1845ssl_check_clienthello_tlsext_early(SSL *s)
1846{
1847 int ret = SSL_TLSEXT_ERR_NOACK;
1848 int al = SSL_AD_UNRECOGNIZED_NAME;
1849
1850 /* The handling of the ECPointFormats extension is done elsewhere, namely in
1851 * ssl3_choose_cipher in s3_lib.c.
1852 */
1853 /* The handling of the EllipticCurves extension is done elsewhere, namely in
1854 * ssl3_choose_cipher in s3_lib.c.
1855 */
1856
1857 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1858 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1859 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1860 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1861
1862 switch (ret) {
1863 case SSL_TLSEXT_ERR_ALERT_FATAL:
1864 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1865 return -1;
1866 case SSL_TLSEXT_ERR_ALERT_WARNING:
1867 ssl3_send_alert(s, SSL3_AL_WARNING, al);
1868 return 1;
1869 case SSL_TLSEXT_ERR_NOACK:
1870 s->servername_done = 0;
1871 default:
1872 return 1;
1873 }
1874}
1875
1876int
1877ssl_check_clienthello_tlsext_late(SSL *s)
1878{
1879 int ret = SSL_TLSEXT_ERR_OK;
1880 int al = 0; /* XXX gcc3 */
1881
1882 /* If status request then ask callback what to do.
1883 * Note: this must be called after servername callbacks in case
1884 * the certificate has changed, and must be called after the cipher
1885 * has been chosen because this may influence which certificate is sent
1886 */
1887 if ((s->tlsext_status_type != -1) &&
1888 s->ctx && s->ctx->tlsext_status_cb) {
1889 int r;
1890 CERT_PKEY *certpkey;
1891 certpkey = ssl_get_server_send_pkey(s);
1892 /* If no certificate can't return certificate status */
1893 if (certpkey == NULL) {
1894 s->tlsext_status_expected = 0;
1895 return 1;
1896 }
1897 /* Set current certificate to one we will use so
1898 * SSL_get_certificate et al can pick it up.
1899 */
1900 s->cert->key = certpkey;
1901 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1902 switch (r) {
1903 /* We don't want to send a status request response */
1904 case SSL_TLSEXT_ERR_NOACK:
1905 s->tlsext_status_expected = 0;
1906 break;
1907 /* status request response should be sent */
1908 case SSL_TLSEXT_ERR_OK:
1909 if (s->tlsext_ocsp_resp)
1910 s->tlsext_status_expected = 1;
1911 else
1912 s->tlsext_status_expected = 0;
1913 break;
1914 /* something bad happened */
1915 case SSL_TLSEXT_ERR_ALERT_FATAL:
1916 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1917 al = SSL_AD_INTERNAL_ERROR;
1918 goto err;
1919 }
1920 } else
1921 s->tlsext_status_expected = 0;
1922
1923err:
1924 switch (ret) {
1925 case SSL_TLSEXT_ERR_ALERT_FATAL:
1926 ssl3_send_alert(s, SSL3_AL_FATAL, al);
1927 return -1;
1928 case SSL_TLSEXT_ERR_ALERT_WARNING:
1929 ssl3_send_alert(s, SSL3_AL_WARNING, al);
1930 return 1;
1931 default:
1932 return 1;
1933 }
1934}
1935
1936int
1937ssl_check_serverhello_tlsext(SSL *s)
1938{
1939 int ret = SSL_TLSEXT_ERR_NOACK;
1940 int al = SSL_AD_UNRECOGNIZED_NAME;
1941
1942 /* If we are client and using an elliptic curve cryptography cipher
1943 * suite, then if server returns an EC point formats lists extension
1944 * it must contain uncompressed.
1945 */
1946 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1947 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1948 if ((s->tlsext_ecpointformatlist != NULL) &&
1949 (s->tlsext_ecpointformatlist_length > 0) &&
1950 (s->session->tlsext_ecpointformatlist != NULL) &&
1951 (s->session->tlsext_ecpointformatlist_length > 0) &&
1952 ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
1953 /* we are using an ECC cipher */
1954 size_t i;
1955 unsigned char *list;
1956 int found_uncompressed = 0;
1957 list = s->session->tlsext_ecpointformatlist;
1958 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
1959 if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
1960 found_uncompressed = 1;
1961 break;
1962 }
1963 }
1964 if (!found_uncompressed) {
1965 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1966 return -1;
1967 }
1968 }
1969 ret = SSL_TLSEXT_ERR_OK;
1970
1971 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
1972 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
1973 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
1974 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
1975
1976 /* If we've requested certificate status and we wont get one
1977 * tell the callback
1978 */
1979 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
1980 s->ctx && s->ctx->tlsext_status_cb) {
1981 int r;
1982 /* Set resp to NULL, resplen to -1 so callback knows
1983 * there is no response.
1984 */
1985 free(s->tlsext_ocsp_resp);
1986 s->tlsext_ocsp_resp = NULL;
1987 s->tlsext_ocsp_resplen = -1;
1988 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1989 if (r == 0) {
1990 al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
1991 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1992 }
1993 if (r < 0) {
1994 al = SSL_AD_INTERNAL_ERROR;
1995 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1996 }
1997 }
1998
1999 switch (ret) {
2000 case SSL_TLSEXT_ERR_ALERT_FATAL:
2001 ssl3_send_alert(s, SSL3_AL_FATAL, al);
2002
2003 return -1;
2004 case SSL_TLSEXT_ERR_ALERT_WARNING:
2005 ssl3_send_alert(s, SSL3_AL_WARNING, al);
2006
2007 return 1;
2008 case SSL_TLSEXT_ERR_NOACK:
2009 s->servername_done = 0;
2010 default:
2011 return 1;
2012 }
2013}
2014
2015/* Since the server cache lookup is done early on in the processing of the
2016 * ClientHello, and other operations depend on the result, we need to handle
2017 * any TLS session ticket extension at the same time.
2018 *
2019 * session_id: points at the session ID in the ClientHello. This code will
2020 * read past the end of this in order to parse out the session ticket
2021 * extension, if any.
2022 * len: the length of the session ID.
2023 * limit: a pointer to the first byte after the ClientHello.
2024 * ret: (output) on return, if a ticket was decrypted, then this is set to
2025 * point to the resulting session.
2026 *
2027 * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
2028 * ciphersuite, in which case we have no use for session tickets and one will
2029 * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
2030 *
2031 * Returns:
2032 * -1: fatal error, either from parsing or decrypting the ticket.
2033 * 0: no ticket was found (or was ignored, based on settings).
2034 * 1: a zero length extension was found, indicating that the client supports
2035 * session tickets but doesn't currently have one to offer.
2036 * 2: either s->tls_session_secret_cb was set, or a ticket was offered but
2037 * couldn't be decrypted because of a non-fatal error.
2038 * 3: a ticket was successfully decrypted and *ret was set.
2039 *
2040 * Side effects:
2041 * Sets s->tlsext_ticket_expected to 1 if the server will have to issue
2042 * a new session ticket to the client because the client indicated support
2043 * (and s->tls_session_secret_cb is NULL) but the client either doesn't have
2044 * a session ticket or we couldn't use the one it gave us, or if
2045 * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
2046 * Otherwise, s->tlsext_ticket_expected is set to 0.
2047 */
2048int
2049tls1_process_ticket(SSL *s, const unsigned char *session, int session_len,
2050 const unsigned char *limit, SSL_SESSION **ret)
2051{
2052 /* Point after session ID in client hello */
2053 CBS session_id, cookie, cipher_list, compress_algo, extensions;
2054
2055 *ret = NULL;
2056 s->tlsext_ticket_expected = 0;
2057
2058 /* If tickets disabled behave as if no ticket present
2059 * to permit stateful resumption.
2060 */
2061 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
2062 return 0;
2063 if (s->version <= SSL3_VERSION || !limit)
2064 return 0;
2065
2066 if (limit < session)
2067 return -1;
2068
2069 CBS_init(&session_id, session, limit - session);
2070
2071 /* Skip past the session id */
2072 if (!CBS_skip(&session_id, session_len))
2073 return -1;
2074
2075 /* Skip past DTLS cookie */
2076 if (SSL_IS_DTLS(s)) {
2077 if (!CBS_get_u8_length_prefixed(&session_id, &cookie))
2078 return -1;
2079 }
2080
2081 /* Skip past cipher list */
2082 if (!CBS_get_u16_length_prefixed(&session_id, &cipher_list))
2083 return -1;
2084
2085 /* Skip past compression algorithm list */
2086 if (!CBS_get_u8_length_prefixed(&session_id, &compress_algo))
2087 return -1;
2088
2089 /* Now at start of extensions */
2090 if (!CBS_get_u16_length_prefixed(&session_id, &extensions))
2091 return -1;
2092
2093 while (CBS_len(&extensions) > 0) {
2094 CBS ext_data;
2095 uint16_t ext_type;
2096
2097 if (!CBS_get_u16(&extensions, &ext_type) ||
2098 !CBS_get_u16_length_prefixed(&extensions, &ext_data))
2099 return -1;
2100
2101 if (ext_type == TLSEXT_TYPE_session_ticket) {
2102 int r;
2103 if (CBS_len(&ext_data) == 0) {
2104 /* The client will accept a ticket but doesn't
2105 * currently have one. */
2106 s->tlsext_ticket_expected = 1;
2107 return 1;
2108 }
2109 if (s->tls_session_secret_cb) {
2110 /* Indicate that the ticket couldn't be
2111 * decrypted rather than generating the session
2112 * from ticket now, trigger abbreviated
2113 * handshake based on external mechanism to
2114 * calculate the master secret later. */
2115 return 2;
2116 }
2117
2118 r = tls_decrypt_ticket(s, CBS_data(&ext_data),
2119 CBS_len(&ext_data), session, session_len, ret);
2120
2121 switch (r) {
2122 case 2: /* ticket couldn't be decrypted */
2123 s->tlsext_ticket_expected = 1;
2124 return 2;
2125 case 3: /* ticket was decrypted */
2126 return r;
2127 case 4: /* ticket decrypted but need to renew */
2128 s->tlsext_ticket_expected = 1;
2129 return 3;
2130 default: /* fatal error */
2131 return -1;
2132 }
2133 }
2134 }
2135 return 0;
2136}
2137
2138/* tls_decrypt_ticket attempts to decrypt a session ticket.
2139 *
2140 * etick: points to the body of the session ticket extension.
2141 * eticklen: the length of the session tickets extenion.
2142 * sess_id: points at the session ID.
2143 * sesslen: the length of the session ID.
2144 * psess: (output) on return, if a ticket was decrypted, then this is set to
2145 * point to the resulting session.
2146 *
2147 * Returns:
2148 * -1: fatal error, either from parsing or decrypting the ticket.
2149 * 2: the ticket couldn't be decrypted.
2150 * 3: a ticket was successfully decrypted and *psess was set.
2151 * 4: same as 3, but the ticket needs to be renewed.
2152 */
2153static int
2154tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
2155 const unsigned char *sess_id, int sesslen, SSL_SESSION **psess)
2156{
2157 SSL_SESSION *sess;
2158 unsigned char *sdec;
2159 const unsigned char *p;
2160 int slen, mlen, renew_ticket = 0;
2161 unsigned char tick_hmac[EVP_MAX_MD_SIZE];
2162 HMAC_CTX hctx;
2163 EVP_CIPHER_CTX ctx;
2164 SSL_CTX *tctx = s->initial_ctx;
2165 /* Need at least keyname + iv + some encrypted data */
2166 if (eticklen < 48)
2167 return 2;
2168 /* Initialize session ticket encryption and HMAC contexts */
2169 HMAC_CTX_init(&hctx);
2170 EVP_CIPHER_CTX_init(&ctx);
2171 if (tctx->tlsext_ticket_key_cb) {
2172 unsigned char *nctick = (unsigned char *)etick;
2173 int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
2174 &ctx, &hctx, 0);
2175 if (rv < 0) {
2176 EVP_CIPHER_CTX_cleanup(&ctx);
2177 return -1;
2178 }
2179 if (rv == 0) {
2180 EVP_CIPHER_CTX_cleanup(&ctx);
2181 return 2;
2182 }
2183 if (rv == 2)
2184 renew_ticket = 1;
2185 } else {
2186 /* Check key name matches */
2187 if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16))
2188 return 2;
2189 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2190 tlsext_tick_md(), NULL);
2191 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2192 tctx->tlsext_tick_aes_key, etick + 16);
2193 }
2194 /* Attempt to process session ticket, first conduct sanity and
2195 * integrity checks on ticket.
2196 */
2197 mlen = HMAC_size(&hctx);
2198 if (mlen < 0) {
2199 EVP_CIPHER_CTX_cleanup(&ctx);
2200 return -1;
2201 }
2202 eticklen -= mlen;
2203 /* Check HMAC of encrypted ticket */
2204 HMAC_Update(&hctx, etick, eticklen);
2205 HMAC_Final(&hctx, tick_hmac, NULL);
2206 HMAC_CTX_cleanup(&hctx);
2207 if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) {
2208 EVP_CIPHER_CTX_cleanup(&ctx);
2209 return 2;
2210 }
2211 /* Attempt to decrypt session data */
2212 /* Move p after IV to start of encrypted ticket, update length */
2213 p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2214 eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
2215 sdec = malloc(eticklen);
2216 if (!sdec) {
2217 EVP_CIPHER_CTX_cleanup(&ctx);
2218 return -1;
2219 }
2220 EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
2221 if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
2222 free(sdec);
2223 EVP_CIPHER_CTX_cleanup(&ctx);
2224 return 2;
2225 }
2226 slen += mlen;
2227 EVP_CIPHER_CTX_cleanup(&ctx);
2228 p = sdec;
2229
2230 sess = d2i_SSL_SESSION(NULL, &p, slen);
2231 free(sdec);
2232 if (sess) {
2233 /* The session ID, if non-empty, is used by some clients to
2234 * detect that the ticket has been accepted. So we copy it to
2235 * the session structure. If it is empty set length to zero
2236 * as required by standard.
2237 */
2238 if (sesslen)
2239 memcpy(sess->session_id, sess_id, sesslen);
2240 sess->session_id_length = sesslen;
2241 *psess = sess;
2242 if (renew_ticket)
2243 return 4;
2244 else
2245 return 3;
2246 }
2247 ERR_clear_error();
2248 /* For session parse failure, indicate that we need to send a new
2249 * ticket. */
2250 return 2;
2251}
2252
2253/* Tables to translate from NIDs to TLS v1.2 ids */
2254
2255typedef struct {
2256 int nid;
2257 int id;
2258} tls12_lookup;
2259
2260static tls12_lookup tls12_md[] = {
2261 {NID_md5, TLSEXT_hash_md5},
2262 {NID_sha1, TLSEXT_hash_sha1},
2263 {NID_sha224, TLSEXT_hash_sha224},
2264 {NID_sha256, TLSEXT_hash_sha256},
2265 {NID_sha384, TLSEXT_hash_sha384},
2266 {NID_sha512, TLSEXT_hash_sha512},
2267 {NID_id_GostR3411_94, TLSEXT_hash_gost94},
2268 {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256},
2269 {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512}
2270};
2271
2272static tls12_lookup tls12_sig[] = {
2273 {EVP_PKEY_RSA, TLSEXT_signature_rsa},
2274 {EVP_PKEY_DSA, TLSEXT_signature_dsa},
2275 {EVP_PKEY_EC, TLSEXT_signature_ecdsa},
2276 {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01},
2277};
2278
2279static int
2280tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
2281{
2282 size_t i;
2283 for (i = 0; i < tlen; i++) {
2284 if (table[i].nid == nid)
2285 return table[i].id;
2286 }
2287 return -1;
2288}
2289
2290int
2291tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
2292{
2293 int sig_id, md_id;
2294 if (!md)
2295 return 0;
2296 md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
2297 sizeof(tls12_md) / sizeof(tls12_lookup));
2298 if (md_id == -1)
2299 return 0;
2300 sig_id = tls12_get_sigid(pk);
2301 if (sig_id == -1)
2302 return 0;
2303 p[0] = (unsigned char)md_id;
2304 p[1] = (unsigned char)sig_id;
2305 return 1;
2306}
2307
2308int
2309tls12_get_sigid(const EVP_PKEY *pk)
2310{
2311 return tls12_find_id(pk->type, tls12_sig,
2312 sizeof(tls12_sig) / sizeof(tls12_lookup));
2313}
2314
2315const EVP_MD *
2316tls12_get_hash(unsigned char hash_alg)
2317{
2318 switch (hash_alg) {
2319 case TLSEXT_hash_sha1:
2320 return EVP_sha1();
2321 case TLSEXT_hash_sha224:
2322 return EVP_sha224();
2323 case TLSEXT_hash_sha256:
2324 return EVP_sha256();
2325 case TLSEXT_hash_sha384:
2326 return EVP_sha384();
2327 case TLSEXT_hash_sha512:
2328 return EVP_sha512();
2329#ifndef OPENSSL_NO_GOST
2330 case TLSEXT_hash_gost94:
2331 return EVP_gostr341194();
2332 case TLSEXT_hash_streebog_256:
2333 return EVP_streebog256();
2334 case TLSEXT_hash_streebog_512:
2335 return EVP_streebog512();
2336#endif
2337 default:
2338 return NULL;
2339 }
2340}
2341
2342/* Set preferred digest for each key type */
2343
2344int
2345tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
2346{
2347 int idx;
2348 const EVP_MD *md;
2349 CERT *c = s->cert;
2350 CBS cbs;
2351
2352 /* Extension ignored for inappropriate versions */
2353 if (!SSL_USE_SIGALGS(s))
2354 return 1;
2355
2356 /* Should never happen */
2357 if (!c || dsize < 0)
2358 return 0;
2359
2360 CBS_init(&cbs, data, dsize);
2361
2362 c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
2363 c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
2364 c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
2365 c->pkeys[SSL_PKEY_ECC].digest = NULL;
2366 c->pkeys[SSL_PKEY_GOST01].digest = NULL;
2367
2368 while (CBS_len(&cbs) > 0) {
2369 uint8_t hash_alg, sig_alg;
2370
2371 if (!CBS_get_u8(&cbs, &hash_alg) ||
2372 !CBS_get_u8(&cbs, &sig_alg)) {
2373 /* Should never happen */
2374 return 0;
2375 }
2376
2377 switch (sig_alg) {
2378 case TLSEXT_signature_rsa:
2379 idx = SSL_PKEY_RSA_SIGN;
2380 break;
2381 case TLSEXT_signature_dsa:
2382 idx = SSL_PKEY_DSA_SIGN;
2383 break;
2384 case TLSEXT_signature_ecdsa:
2385 idx = SSL_PKEY_ECC;
2386 break;
2387 case TLSEXT_signature_gostr01:
2388 case TLSEXT_signature_gostr12_256:
2389 case TLSEXT_signature_gostr12_512:
2390 idx = SSL_PKEY_GOST01;
2391 break;
2392 default:
2393 continue;
2394 }
2395
2396 if (c->pkeys[idx].digest == NULL) {
2397 md = tls12_get_hash(hash_alg);
2398 if (md) {
2399 c->pkeys[idx].digest = md;
2400 if (idx == SSL_PKEY_RSA_SIGN)
2401 c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
2402 }
2403 }
2404
2405 }
2406
2407 /* Set any remaining keys to default values. NOTE: if alg is not
2408 * supported it stays as NULL.
2409 */
2410 if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
2411 c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
2412 if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
2413 c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
2414 c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
2415 }
2416 if (!c->pkeys[SSL_PKEY_ECC].digest)
2417 c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
2418#ifndef OPENSSL_NO_GOST
2419 if (!c->pkeys[SSL_PKEY_GOST01].digest)
2420 c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
2421#endif
2422 return 1;
2423}
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
deleted file mode 100644
index 48341525d8..0000000000
--- a/src/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,191 +0,0 @@
1/* $OpenBSD: t1_meth.c,v 1.16 2015/02/06 08:30:23 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/objects.h>
62
63#include "ssl_locl.h"
64
65static const SSL_METHOD *tls1_get_method(int ver);
66
67const SSL_METHOD TLSv1_method_data = {
68 .version = TLS1_VERSION,
69 .ssl_new = tls1_new,
70 .ssl_clear = tls1_clear,
71 .ssl_free = tls1_free,
72 .ssl_accept = ssl3_accept,
73 .ssl_connect = ssl3_connect,
74 .ssl_read = ssl3_read,
75 .ssl_peek = ssl3_peek,
76 .ssl_write = ssl3_write,
77 .ssl_shutdown = ssl3_shutdown,
78 .ssl_renegotiate = ssl3_renegotiate,
79 .ssl_renegotiate_check = ssl3_renegotiate_check,
80 .ssl_get_message = ssl3_get_message,
81 .ssl_read_bytes = ssl3_read_bytes,
82 .ssl_write_bytes = ssl3_write_bytes,
83 .ssl_dispatch_alert = ssl3_dispatch_alert,
84 .ssl_ctrl = ssl3_ctrl,
85 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
86 .get_cipher_by_char = ssl3_get_cipher_by_char,
87 .put_cipher_by_char = ssl3_put_cipher_by_char,
88 .ssl_pending = ssl3_pending,
89 .num_ciphers = ssl3_num_ciphers,
90 .get_cipher = ssl3_get_cipher,
91 .get_ssl_method = tls1_get_method,
92 .get_timeout = tls1_default_timeout,
93 .ssl3_enc = &TLSv1_enc_data,
94 .ssl_version = ssl_undefined_void_function,
95 .ssl_callback_ctrl = ssl3_callback_ctrl,
96 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
97};
98
99const SSL_METHOD TLSv1_1_method_data = {
100 .version = TLS1_1_VERSION,
101 .ssl_new = tls1_new,
102 .ssl_clear = tls1_clear,
103 .ssl_free = tls1_free,
104 .ssl_accept = ssl3_accept,
105 .ssl_connect = ssl3_connect,
106 .ssl_read = ssl3_read,
107 .ssl_peek = ssl3_peek,
108 .ssl_write = ssl3_write,
109 .ssl_shutdown = ssl3_shutdown,
110 .ssl_renegotiate = ssl3_renegotiate,
111 .ssl_renegotiate_check = ssl3_renegotiate_check,
112 .ssl_get_message = ssl3_get_message,
113 .ssl_read_bytes = ssl3_read_bytes,
114 .ssl_write_bytes = ssl3_write_bytes,
115 .ssl_dispatch_alert = ssl3_dispatch_alert,
116 .ssl_ctrl = ssl3_ctrl,
117 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
118 .get_cipher_by_char = ssl3_get_cipher_by_char,
119 .put_cipher_by_char = ssl3_put_cipher_by_char,
120 .ssl_pending = ssl3_pending,
121 .num_ciphers = ssl3_num_ciphers,
122 .get_cipher = ssl3_get_cipher,
123 .get_ssl_method = tls1_get_method,
124 .get_timeout = tls1_default_timeout,
125 .ssl3_enc = &TLSv1_1_enc_data,
126 .ssl_version = ssl_undefined_void_function,
127 .ssl_callback_ctrl = ssl3_callback_ctrl,
128 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
129};
130
131const SSL_METHOD TLSv1_2_method_data = {
132 .version = TLS1_2_VERSION,
133 .ssl_new = tls1_new,
134 .ssl_clear = tls1_clear,
135 .ssl_free = tls1_free,
136 .ssl_accept = ssl3_accept,
137 .ssl_connect = ssl3_connect,
138 .ssl_read = ssl3_read,
139 .ssl_peek = ssl3_peek,
140 .ssl_write = ssl3_write,
141 .ssl_shutdown = ssl3_shutdown,
142 .ssl_renegotiate = ssl3_renegotiate,
143 .ssl_renegotiate_check = ssl3_renegotiate_check,
144 .ssl_get_message = ssl3_get_message,
145 .ssl_read_bytes = ssl3_read_bytes,
146 .ssl_write_bytes = ssl3_write_bytes,
147 .ssl_dispatch_alert = ssl3_dispatch_alert,
148 .ssl_ctrl = ssl3_ctrl,
149 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
150 .get_cipher_by_char = ssl3_get_cipher_by_char,
151 .put_cipher_by_char = ssl3_put_cipher_by_char,
152 .ssl_pending = ssl3_pending,
153 .num_ciphers = ssl3_num_ciphers,
154 .get_cipher = ssl3_get_cipher,
155 .get_ssl_method = tls1_get_method,
156 .get_timeout = tls1_default_timeout,
157 .ssl3_enc = &TLSv1_2_enc_data,
158 .ssl_version = ssl_undefined_void_function,
159 .ssl_callback_ctrl = ssl3_callback_ctrl,
160 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
161};
162
163const SSL_METHOD *
164TLSv1_method(void)
165{
166 return &TLSv1_method_data;
167}
168
169const SSL_METHOD *
170TLSv1_1_method(void)
171{
172 return &TLSv1_1_method_data;
173}
174
175const SSL_METHOD *
176TLSv1_2_method(void)
177{
178 return &TLSv1_2_method_data;
179}
180
181static const SSL_METHOD *
182tls1_get_method(int ver)
183{
184 if (ver == TLS1_2_VERSION)
185 return (TLSv1_2_method());
186 if (ver == TLS1_1_VERSION)
187 return (TLSv1_1_method());
188 if (ver == TLS1_VERSION)
189 return (TLSv1_method());
190 return (NULL);
191}
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
deleted file mode 100644
index 294a632b8f..0000000000
--- a/src/lib/libssl/t1_reneg.c
+++ /dev/null
@@ -1,286 +0,0 @@
1/* $OpenBSD: t1_reneg.c,v 1.11 2015/06/20 16:42:48 doug Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113
114#include <openssl/objects.h>
115
116#include "ssl_locl.h"
117#include "bytestring.h"
118
119/* Add the client's renegotiation binding */
120int
121ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
122 int maxlen)
123{
124 if (p) {
125 if ((s->s3->previous_client_finished_len + 1) > maxlen) {
126 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
127 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
128 return 0;
129 }
130
131 /* Length byte */
132 *p = s->s3->previous_client_finished_len;
133 p++;
134
135 memcpy(p, s->s3->previous_client_finished,
136 s->s3->previous_client_finished_len);
137
138 }
139
140 *len = s->s3->previous_client_finished_len + 1;
141
142 return 1;
143}
144
145/* Parse the client's renegotiation binding and abort if it's not
146 right */
147int
148ssl_parse_clienthello_renegotiate_ext(SSL *s, const unsigned char *d, int len,
149 int *al)
150{
151 CBS cbs, reneg;
152
153 if (len < 0) {
154 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
155 SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al = SSL_AD_ILLEGAL_PARAMETER;
157 return 0;
158 }
159
160 CBS_init(&cbs, d, len);
161 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
162 /* Consistency check */
163 CBS_len(&cbs) != 0) {
164 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
165 SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al = SSL_AD_ILLEGAL_PARAMETER;
167 return 0;
168 }
169
170 /* Check that the extension matches */
171 if (CBS_len(&reneg) != s->s3->previous_client_finished_len) {
172 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
173 SSL_R_RENEGOTIATION_MISMATCH);
174 *al = SSL_AD_HANDSHAKE_FAILURE;
175 return 0;
176 }
177
178 if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,
179 s->s3->previous_client_finished_len)) {
180 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
181 SSL_R_RENEGOTIATION_MISMATCH);
182 *al = SSL_AD_HANDSHAKE_FAILURE;
183 return 0;
184 }
185
186 s->s3->send_connection_binding = 1;
187
188 return 1;
189}
190
191/* Add the server's renegotiation binding */
192int
193ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
194 int maxlen)
195{
196 if (p) {
197 if ((s->s3->previous_client_finished_len +
198 s->s3->previous_server_finished_len + 1) > maxlen) {
199 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
200 SSL_R_RENEGOTIATE_EXT_TOO_LONG);
201 return 0;
202 }
203
204 /* Length byte */
205 *p = s->s3->previous_client_finished_len +
206 s->s3->previous_server_finished_len;
207 p++;
208
209 memcpy(p, s->s3->previous_client_finished,
210 s->s3->previous_client_finished_len);
211 p += s->s3->previous_client_finished_len;
212
213 memcpy(p, s->s3->previous_server_finished,
214 s->s3->previous_server_finished_len);
215
216 }
217
218 *len = s->s3->previous_client_finished_len +
219 s->s3->previous_server_finished_len + 1;
220
221 return 1;
222}
223
224/* Parse the server's renegotiation binding and abort if it's not
225 right */
226int
227ssl_parse_serverhello_renegotiate_ext(SSL *s, const unsigned char *d, int len, int *al)
228{
229 CBS cbs, reneg, previous_client, previous_server;
230 int expected_len = s->s3->previous_client_finished_len +
231 s->s3->previous_server_finished_len;
232
233 /* Check for logic errors */
234 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
235 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
236
237 if (len < 0) {
238 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
239 SSL_R_RENEGOTIATION_ENCODING_ERR);
240 *al = SSL_AD_ILLEGAL_PARAMETER;
241 return 0;
242 }
243
244 CBS_init(&cbs, d, len);
245
246 if (!CBS_get_u8_length_prefixed(&cbs, &reneg) ||
247 /* Consistency check */
248 CBS_len(&cbs) != 0) {
249 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
250 SSL_R_RENEGOTIATION_ENCODING_ERR);
251 *al = SSL_AD_ILLEGAL_PARAMETER;
252 return 0;
253 }
254
255 /* Check that the extension matches */
256 if (CBS_len(&reneg) != expected_len ||
257 !CBS_get_bytes(&reneg, &previous_client,
258 s->s3->previous_client_finished_len) ||
259 !CBS_get_bytes(&reneg, &previous_server,
260 s->s3->previous_server_finished_len) ||
261 CBS_len(&reneg) != 0) {
262 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
263 SSL_R_RENEGOTIATION_MISMATCH);
264 *al = SSL_AD_HANDSHAKE_FAILURE;
265 return 0;
266 }
267
268 if (!CBS_mem_equal(&previous_client, s->s3->previous_client_finished,
269 CBS_len(&previous_client))) {
270 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
271 SSL_R_RENEGOTIATION_MISMATCH);
272 *al = SSL_AD_HANDSHAKE_FAILURE;
273 return 0;
274 }
275 if (!CBS_mem_equal(&previous_server, s->s3->previous_server_finished,
276 CBS_len(&previous_server))) {
277 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
278 SSL_R_RENEGOTIATION_MISMATCH);
279 *al = SSL_AD_ILLEGAL_PARAMETER;
280 return 0;
281 }
282
283 s->s3->send_connection_binding = 1;
284
285 return 1;
286}
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
deleted file mode 100644
index 3c6ac541f8..0000000000
--- a/src/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,194 +0,0 @@
1/* $OpenBSD: t1_srvr.c,v 1.18 2015/02/06 08:30:23 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include "ssl_locl.h"
62
63#include <openssl/buffer.h>
64#include <openssl/evp.h>
65#include <openssl/objects.h>
66#include <openssl/x509.h>
67
68static const SSL_METHOD *tls1_get_server_method(int ver);
69
70const SSL_METHOD TLSv1_server_method_data = {
71 .version = TLS1_VERSION,
72 .ssl_new = tls1_new,
73 .ssl_clear = tls1_clear,
74 .ssl_free = tls1_free,
75 .ssl_accept = ssl3_accept,
76 .ssl_connect = ssl_undefined_function,
77 .ssl_read = ssl3_read,
78 .ssl_peek = ssl3_peek,
79 .ssl_write = ssl3_write,
80 .ssl_shutdown = ssl3_shutdown,
81 .ssl_renegotiate = ssl3_renegotiate,
82 .ssl_renegotiate_check = ssl3_renegotiate_check,
83 .ssl_get_message = ssl3_get_message,
84 .ssl_read_bytes = ssl3_read_bytes,
85 .ssl_write_bytes = ssl3_write_bytes,
86 .ssl_dispatch_alert = ssl3_dispatch_alert,
87 .ssl_ctrl = ssl3_ctrl,
88 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
89 .get_cipher_by_char = ssl3_get_cipher_by_char,
90 .put_cipher_by_char = ssl3_put_cipher_by_char,
91 .ssl_pending = ssl3_pending,
92 .num_ciphers = ssl3_num_ciphers,
93 .get_cipher = ssl3_get_cipher,
94 .get_ssl_method = tls1_get_server_method,
95 .get_timeout = tls1_default_timeout,
96 .ssl3_enc = &TLSv1_enc_data,
97 .ssl_version = ssl_undefined_void_function,
98 .ssl_callback_ctrl = ssl3_callback_ctrl,
99 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
100};
101
102const SSL_METHOD TLSv1_1_server_method_data = {
103 .version = TLS1_1_VERSION,
104 .ssl_new = tls1_new,
105 .ssl_clear = tls1_clear,
106 .ssl_free = tls1_free,
107 .ssl_accept = ssl3_accept,
108 .ssl_connect = ssl_undefined_function,
109 .ssl_read = ssl3_read,
110 .ssl_peek = ssl3_peek,
111 .ssl_write = ssl3_write,
112 .ssl_shutdown = ssl3_shutdown,
113 .ssl_renegotiate = ssl3_renegotiate,
114 .ssl_renegotiate_check = ssl3_renegotiate_check,
115 .ssl_get_message = ssl3_get_message,
116 .ssl_read_bytes = ssl3_read_bytes,
117 .ssl_write_bytes = ssl3_write_bytes,
118 .ssl_dispatch_alert = ssl3_dispatch_alert,
119 .ssl_ctrl = ssl3_ctrl,
120 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
121 .get_cipher_by_char = ssl3_get_cipher_by_char,
122 .put_cipher_by_char = ssl3_put_cipher_by_char,
123 .ssl_pending = ssl3_pending,
124 .num_ciphers = ssl3_num_ciphers,
125 .get_cipher = ssl3_get_cipher,
126 .get_ssl_method = tls1_get_server_method,
127 .get_timeout = tls1_default_timeout,
128 .ssl3_enc = &TLSv1_1_enc_data,
129 .ssl_version = ssl_undefined_void_function,
130 .ssl_callback_ctrl = ssl3_callback_ctrl,
131 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
132};
133
134const SSL_METHOD TLSv1_2_server_method_data = {
135 .version = TLS1_2_VERSION,
136 .ssl_new = tls1_new,
137 .ssl_clear = tls1_clear,
138 .ssl_free = tls1_free,
139 .ssl_accept = ssl3_accept,
140 .ssl_connect = ssl_undefined_function,
141 .ssl_read = ssl3_read,
142 .ssl_peek = ssl3_peek,
143 .ssl_write = ssl3_write,
144 .ssl_shutdown = ssl3_shutdown,
145 .ssl_renegotiate = ssl3_renegotiate,
146 .ssl_renegotiate_check = ssl3_renegotiate_check,
147 .ssl_get_message = ssl3_get_message,
148 .ssl_read_bytes = ssl3_read_bytes,
149 .ssl_write_bytes = ssl3_write_bytes,
150 .ssl_dispatch_alert = ssl3_dispatch_alert,
151 .ssl_ctrl = ssl3_ctrl,
152 .ssl_ctx_ctrl = ssl3_ctx_ctrl,
153 .get_cipher_by_char = ssl3_get_cipher_by_char,
154 .put_cipher_by_char = ssl3_put_cipher_by_char,
155 .ssl_pending = ssl3_pending,
156 .num_ciphers = ssl3_num_ciphers,
157 .get_cipher = ssl3_get_cipher,
158 .get_ssl_method = tls1_get_server_method,
159 .get_timeout = tls1_default_timeout,
160 .ssl3_enc = &TLSv1_2_enc_data,
161 .ssl_version = ssl_undefined_void_function,
162 .ssl_callback_ctrl = ssl3_callback_ctrl,
163 .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl,
164};
165
166const SSL_METHOD *
167TLSv1_server_method(void)
168{
169 return &TLSv1_server_method_data;
170}
171
172const SSL_METHOD *
173TLSv1_1_server_method(void)
174{
175 return &TLSv1_1_server_method_data;
176}
177
178const SSL_METHOD *
179TLSv1_2_server_method(void)
180{
181 return &TLSv1_2_server_method_data;
182}
183
184static const SSL_METHOD *
185tls1_get_server_method(int ver)
186{
187 if (ver == TLS1_2_VERSION)
188 return (TLSv1_2_server_method());
189 if (ver == TLS1_1_VERSION)
190 return (TLSv1_1_server_method());
191 if (ver == TLS1_VERSION)
192 return (TLSv1_server_method());
193 return (NULL);
194}
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 109bc8c10b..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 2048
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha1
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
24commonName = Common Name (eg, YOUR name)
25commonName_value = Dodgy CA
26
27####################################################################
28[ ca ]
29default_ca = CA_default # The default ca section
30
31####################################################################
32[ CA_default ]
33
34dir = ./demoCA # Where everything is kept
35certs = $dir/certs # Where the issued certs are kept
36crl_dir = $dir/crl # Where the issued crl are kept
37database = $dir/index.txt # database index file.
38#unique_subject = no # Set to 'no' to allow creation of
39 # several ctificates with same subject.
40new_certs_dir = $dir/newcerts # default place for new certs.
41
42certificate = $dir/cacert.pem # The CA certificate
43serial = $dir/serial # The current serial number
44crl = $dir/crl.pem # The current CRL
45private_key = $dir/private/cakey.pem# The private key
46RANDFILE = $dir/private/.rand # private random number file
47
48x509_extensions = v3_ca # The extentions to add to the cert
49
50name_opt = ca_default # Subject Name options
51cert_opt = ca_default # Certificate field options
52
53default_days = 365 # how long to certify for
54default_crl_days= 30 # how long before next CRL
55default_md = md5 # which md to use.
56preserve = no # keep passed DN ordering
57
58policy = policy_anything
59
60[ policy_anything ]
61countryName = optional
62stateOrProvinceName = optional
63localityName = optional
64organizationName = optional
65organizationalUnitName = optional
66commonName = supplied
67emailAddress = optional
68
69
70
71[ v3_ca ]
72subjectKeyIdentifier=hash
73authorityKeyIdentifier=keyid:always,issuer:always
74basicConstraints = CA:true,pathlen:1
75keyUsage = cRLSign, keyCertSign
76issuerAltName=issuer:copy
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DH certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = CU
17countryName_value = CU
18
19organizationName = Organization Name (eg, company)
20organizationName_value = La Junta de la Revolucion
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Junta
24
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - CA
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Hermanos Locos
21
22commonName = Common Name (eg, YOUR name)
23commonName_value = Hermanos Locos CA
24
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
deleted file mode 100644
index f5a275bfc2..0000000000
--- a/src/lib/libssl/test/CAtsa.cnf
+++ /dev/null
@@ -1,163 +0,0 @@
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha1 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 1024
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extentions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = md5, sha1 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147
148[ tsa_config2 ]
149
150# This configuration uses a certificate which doesn't have timeStamping usage.
151# These are used by the TSA reply generation only.
152dir = . # TSA root directory
153serial = $dir/tsa_serial # The current serial number (mandatory)
154signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
155 # (optional)
156certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
157 # (optional)
158signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
159
160default_policy = tsa_policy1 # Policy if request did not specify it
161 # (optional)
162other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163digests = md5, sha1 # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 326cce2ba8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
33[ v3_proxy ]
34basicConstraints=CA:FALSE
35subjectKeyIdentifier=hash
36authorityKeyIdentifier=keyid,issuer:always
37proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 8b502321b8..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 1024
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = md2
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
302.commonName = Common Name (eg, YOUR name)
312.commonName_value = Proxy 1
32
333.commonName = Common Name (eg, YOUR name)
343.commonName_value = Proxy 2
35
36[ v3_proxy ]
37basicConstraints=CA:FALSE
38subjectKeyIdentifier=hash
39authorityKeyIdentifier=keyid,issuer:always
40proxyCertInfo=critical,@proxy_ext
41
42[ proxy_ext ]
43language=id-ppl-anyLanguage
44pathlen=0
45policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# hacked by iang to do DSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_rsa_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
27
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5# create RSA certs - Server
6
7RANDFILE = ./.rnd
8
9####################################################################
10[ req ]
11distinguished_name = req_distinguished_name
12encrypt_key = no
13
14[ req_distinguished_name ]
15countryName = Country Name (2 letter code)
16countryName_default = ES
17countryName_value = ES
18
19organizationName = Organization Name (eg, company)
20organizationName_value = Tortilleras S.A.
21
220.commonName = Common Name (eg, YOUR name)
230.commonName_value = Torti
24
251.commonName = Common Name (eg, YOUR name)
261.commonName_value = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 58ac0ca54d..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ req ]
10default_bits = 2048
11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no
14default_md = sha256
15
16[ req_distinguished_name ]
17countryName = Country Name (2 letter code)
18countryName_default = AU
19countryName_value = AU
20
21organizationName = Organization Name (eg, company)
22organizationName_value = Dodgy Brothers
23
240.commonName = Common Name (eg, YOUR name)
250.commonName_value = Brother 1
26
271.commonName = Common Name (eg, YOUR name)
281.commonName_value = Brother 2
29
30[ v3_ee ]
31subjectKeyIdentifier=hash
32authorityKeyIdentifier=keyid,issuer:always
33basicConstraints = CA:false
34keyUsage = nonRepudiation, digitalSignature, keyEncipherment
35issuerAltName=issuer:copy
36
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
1
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
1y
2y
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
deleted file mode 100755
index 6e6f91f81b..0000000000
--- a/src/lib/libssl/test/asn1test.c
+++ /dev/null
@@ -1,23 +0,0 @@
1/* $OpenBSD: asn1test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */
2#include <openssl/x509.h>
3#include <openssl/asn1_mac.h>
4
5typedef struct X
6 {
7 STACK_OF(X509_EXTENSION) *ext;
8 } X;
9
10/* This isn't meant to run particularly, it's just to test type checking */
11int main(int argc, char **argv)
12 {
13 X *x = NULL;
14 unsigned char **pp = NULL;
15
16 M_ASN1_I2D_vars(x);
17 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
18 i2d_X509_EXTENSION);
19 M_ASN1_I2D_seq_total();
20 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
21 i2d_X509_EXTENSION);
22 M_ASN1_I2D_finish();
23 }
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index bdb3218f7a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
deleted file mode 100644
index 2e95b48ba4..0000000000
--- a/src/lib/libssl/test/cms-examples.pl
+++ /dev/null
@@ -1,409 +0,0 @@
1# test/cms-examples.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl script to run tests against S/MIME examples in RFC4134
54# Assumes RFC is in current directory and called "rfc4134.txt"
55
56use MIME::Base64;
57
58my $badttest = 0;
59my $verbose = 1;
60
61my $cmscmd;
62my $exdir = "./";
63my $exfile = "./rfc4134.txt";
64
65if (-f "../apps/openssl")
66 {
67 $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
68 }
69elsif (-f "..\\out32dll\\openssl.exe")
70 {
71 $cmscmd = "..\\out32dll\\openssl.exe cms";
72 }
73elsif (-f "..\\out32\\openssl.exe")
74 {
75 $cmscmd = "..\\out32\\openssl.exe cms";
76 }
77
78my @test_list = (
79 [ "3.1.bin" => "dataout" ],
80 [ "3.2.bin" => "encode, dataout" ],
81 [ "4.1.bin" => "encode, verifyder, cont, dss" ],
82 [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
83 [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
84 [ "4.4.bin" => "encode, verifyder, cont, dss" ],
85 [ "4.5.bin" => "verifyder, cont, rsa" ],
86 [ "4.6.bin" => "encode, verifyder, cont, dss" ],
87 [ "4.7.bin" => "encode, verifyder, cont, dss" ],
88 [ "4.8.eml" => "verifymime, dss" ],
89 [ "4.9.eml" => "verifymime, dss" ],
90 [ "4.10.bin" => "encode, verifyder, cont, dss" ],
91 [ "4.11.bin" => "encode, certsout" ],
92 [ "5.1.bin" => "encode, envelopeder, cont" ],
93 [ "5.2.bin" => "encode, envelopeder, cont" ],
94 [ "5.3.eml" => "envelopemime, cont" ],
95 [ "6.0.bin" => "encode, digest, cont" ],
96 [ "7.1.bin" => "encode, encrypted, cont" ],
97 [ "7.2.bin" => "encode, encrypted, cont" ]
98);
99
100# Extract examples from RFC4134 text.
101# Base64 decode all examples, certificates and
102# private keys are converted to PEM format.
103
104my ( $filename, $data );
105
106my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
107
108$data = "";
109
110open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
111
112while (<IN>) {
113 next unless (/^\|/);
114 s/^\|//;
115 next if (/^\*/);
116 if (/^>(.*)$/) {
117 $filename = $1;
118 next;
119 }
120 if (/^</) {
121 $filename = "$exdir/$filename";
122 if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
123 $data = decode_base64($data);
124 open OUT, ">$filename";
125 binmode OUT;
126 print OUT $data;
127 close OUT;
128 push @cleanup, $filename;
129 }
130 elsif ( $filename =~ /\.cer$/ ) {
131 write_pem( $filename, "CERTIFICATE", $data );
132 }
133 elsif ( $filename =~ /\.pri$/ ) {
134 write_pem( $filename, "PRIVATE KEY", $data );
135 }
136 $data = "";
137 $filename = "";
138 }
139 else {
140 $data .= $_;
141 }
142
143}
144
145my $secretkey =
146 "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
147
148foreach (@test_list) {
149 my ( $file, $tlist ) = @$_;
150 print "Example file $file:\n";
151 if ( $tlist =~ /encode/ ) {
152 run_reencode_test( $exdir, $file );
153 }
154 if ( $tlist =~ /certsout/ ) {
155 run_certsout_test( $exdir, $file );
156 }
157 if ( $tlist =~ /dataout/ ) {
158 run_dataout_test( $exdir, $file );
159 }
160 if ( $tlist =~ /verify/ ) {
161 run_verify_test( $exdir, $tlist, $file );
162 }
163 if ( $tlist =~ /digest/ ) {
164 run_digest_test( $exdir, $tlist, $file );
165 }
166 if ( $tlist =~ /encrypted/ ) {
167 run_encrypted_test( $exdir, $tlist, $file, $secretkey );
168 }
169 if ( $tlist =~ /envelope/ ) {
170 run_envelope_test( $exdir, $tlist, $file );
171 }
172
173}
174
175foreach (@cleanup) {
176 unlink $_;
177}
178
179if ($badtest) {
180 print "\n$badtest TESTS FAILED!!\n";
181}
182else {
183 print "\n***All tests successful***\n";
184}
185
186sub write_pem {
187 my ( $filename, $str, $data ) = @_;
188
189 $filename =~ s/\.[^.]*$/.pem/;
190
191 push @cleanup, $filename;
192
193 open OUT, ">$filename";
194
195 print OUT "-----BEGIN $str-----\n";
196 print OUT $data;
197 print OUT "-----END $str-----\n";
198
199 close OUT;
200}
201
202sub run_reencode_test {
203 my ( $cmsdir, $tfile ) = @_;
204 unlink "tmp.der";
205
206 system( "$cmscmd -cmsout -inform DER -outform DER"
207 . " -in $cmsdir/$tfile -out tmp.der" );
208
209 if ($?) {
210 print "\tReencode command FAILED!!\n";
211 $badtest++;
212 }
213 elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
214 print "\tReencode FAILED!!\n";
215 $badtest++;
216 }
217 else {
218 print "\tReencode passed\n" if $verbose;
219 }
220}
221
222sub run_certsout_test {
223 my ( $cmsdir, $tfile ) = @_;
224 unlink "tmp.der";
225 unlink "tmp.pem";
226
227 system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
228 . " -in $cmsdir/$tfile -out tmp.der" );
229
230 if ($?) {
231 print "\tCertificate output command FAILED!!\n";
232 $badtest++;
233 }
234 else {
235 print "\tCertificate output passed\n" if $verbose;
236 }
237}
238
239sub run_dataout_test {
240 my ( $cmsdir, $tfile ) = @_;
241 unlink "tmp.txt";
242
243 system(
244 "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
245
246 if ($?) {
247 print "\tDataout command FAILED!!\n";
248 $badtest++;
249 }
250 elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
251 print "\tDataout compare FAILED!!\n";
252 $badtest++;
253 }
254 else {
255 print "\tDataout passed\n" if $verbose;
256 }
257}
258
259sub run_verify_test {
260 my ( $cmsdir, $tlist, $tfile ) = @_;
261 unlink "tmp.txt";
262
263 $form = "DER" if $tlist =~ /verifyder/;
264 $form = "SMIME" if $tlist =~ /verifymime/;
265 $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
266 $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
267
268 $cmd =
269 "$cmscmd -verify -inform $form"
270 . " -CAfile $cafile"
271 . " -in $cmsdir/$tfile -out tmp.txt";
272
273 $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
274
275 system("$cmd 2>cms.err 1>cms.out");
276
277 if ($?) {
278 print "\tVerify command FAILED!!\n";
279 $badtest++;
280 }
281 elsif ( $tlist =~ /cont/
282 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
283 {
284 print "\tVerify content compare FAILED!!\n";
285 $badtest++;
286 }
287 else {
288 print "\tVerify passed\n" if $verbose;
289 }
290}
291
292sub run_envelope_test {
293 my ( $cmsdir, $tlist, $tfile ) = @_;
294 unlink "tmp.txt";
295
296 $form = "DER" if $tlist =~ /envelopeder/;
297 $form = "SMIME" if $tlist =~ /envelopemime/;
298
299 $cmd =
300 "$cmscmd -decrypt -inform $form"
301 . " -recip $cmsdir/BobRSASignByCarl.pem"
302 . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
303 . " -in $cmsdir/$tfile -out tmp.txt";
304
305 system("$cmd 2>cms.err 1>cms.out");
306
307 if ($?) {
308 print "\tDecrypt command FAILED!!\n";
309 $badtest++;
310 }
311 elsif ( $tlist =~ /cont/
312 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
313 {
314 print "\tDecrypt content compare FAILED!!\n";
315 $badtest++;
316 }
317 else {
318 print "\tDecrypt passed\n" if $verbose;
319 }
320}
321
322sub run_digest_test {
323 my ( $cmsdir, $tlist, $tfile ) = @_;
324 unlink "tmp.txt";
325
326 my $cmd =
327 "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
328
329 system("$cmd 2>cms.err 1>cms.out");
330
331 if ($?) {
332 print "\tDigest verify command FAILED!!\n";
333 $badtest++;
334 }
335 elsif ( $tlist =~ /cont/
336 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
337 {
338 print "\tDigest verify content compare FAILED!!\n";
339 $badtest++;
340 }
341 else {
342 print "\tDigest verify passed\n" if $verbose;
343 }
344}
345
346sub run_encrypted_test {
347 my ( $cmsdir, $tlist, $tfile, $key ) = @_;
348 unlink "tmp.txt";
349
350 system( "$cmscmd -EncryptedData_decrypt -inform DER"
351 . " -secretkey $key"
352 . " -in $cmsdir/$tfile -out tmp.txt" );
353
354 if ($?) {
355 print "\tEncrypted Data command FAILED!!\n";
356 $badtest++;
357 }
358 elsif ( $tlist =~ /cont/
359 && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
360 {
361 print "\tEncrypted Data content compare FAILED!!\n";
362 $badtest++;
363 }
364 else {
365 print "\tEncryptedData verify passed\n" if $verbose;
366 }
367}
368
369sub cmp_files {
370 my ( $f1, $f2 ) = @_;
371 my ( $fp1, $fp2 );
372
373 my ( $rd1, $rd2 );
374
375 if ( !open( $fp1, "<$f1" ) ) {
376 print STDERR "Can't Open file $f1\n";
377 return 0;
378 }
379
380 if ( !open( $fp2, "<$f2" ) ) {
381 print STDERR "Can't Open file $f2\n";
382 return 0;
383 }
384
385 binmode $fp1;
386 binmode $fp2;
387
388 my $ret = 0;
389
390 for ( ; ; ) {
391 $n1 = sysread $fp1, $rd1, 4096;
392 $n2 = sysread $fp2, $rd2, 4096;
393 last if ( $n1 != $n2 );
394 last if ( $rd1 ne $rd2 );
395
396 if ( $n1 == 0 ) {
397 $ret = 1;
398 last;
399 }
400
401 }
402
403 close $fp1;
404 close $fp2;
405
406 return $ret;
407
408}
409
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
deleted file mode 100644
index dfef799be2..0000000000
--- a/src/lib/libssl/test/cms-test.pl
+++ /dev/null
@@ -1,459 +0,0 @@
1# test/cms-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# CMS, PKCS7 consistency test script. Run extensive tests on
54# OpenSSL PKCS#7 and CMS implementations.
55
56my $ossl_path;
57my $redir = " 2> cms.err > cms.out";
58# Make VMS work
59if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
60 $ossl_path = "pipe mcr OSSLX:openssl";
61}
62# Make MSYS work
63elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
64 $ossl_path = "cmd /c ..\\apps\\openssl";
65}
66elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
67 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
68}
69elsif ( -f "..\\out32dll\\openssl.exe" ) {
70 $ossl_path = "..\\out32dll\\openssl.exe";
71}
72elsif ( -f "..\\out32\\openssl.exe" ) {
73 $ossl_path = "..\\out32\\openssl.exe";
74}
75else {
76 die "Can't find OpenSSL executable";
77}
78
79my $pk7cmd = "$ossl_path smime ";
80my $cmscmd = "$ossl_path cms ";
81my $smdir = "smime-certs";
82my $halt_err = 1;
83
84my $badcmd = 0;
85my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
86
87my @smime_pkcs7_tests = (
88
89 [
90 "signed content DER format, RSA key",
91 "-sign -in smcont.txt -outform \"DER\" -nodetach"
92 . " -certfile $smdir/smroot.pem"
93 . " -signer $smdir/smrsa1.pem -out test.cms",
94 "-verify -in test.cms -inform \"DER\" "
95 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
96 ],
97
98 [
99 "signed detached content DER format, RSA key",
100 "-sign -in smcont.txt -outform \"DER\""
101 . " -signer $smdir/smrsa1.pem -out test.cms",
102 "-verify -in test.cms -inform \"DER\" "
103 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
104 ],
105
106 [
107 "signed content test streaming BER format, RSA",
108 "-sign -in smcont.txt -outform \"DER\" -nodetach"
109 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
110 "-verify -in test.cms -inform \"DER\" "
111 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
112 ],
113
114 [
115 "signed content DER format, DSA key",
116 "-sign -in smcont.txt -outform \"DER\" -nodetach"
117 . " -signer $smdir/smdsa1.pem -out test.cms",
118 "-verify -in test.cms -inform \"DER\" "
119 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
120 ],
121
122 [
123 "signed detached content DER format, DSA key",
124 "-sign -in smcont.txt -outform \"DER\""
125 . " -signer $smdir/smdsa1.pem -out test.cms",
126 "-verify -in test.cms -inform \"DER\" "
127 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
128 ],
129
130 [
131 "signed detached content DER format, add RSA signer",
132 "-resign -inform \"DER\" -in test.cms -outform \"DER\""
133 . " -signer $smdir/smrsa1.pem -out test2.cms",
134 "-verify -in test2.cms -inform \"DER\" "
135 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
136 ],
137
138 [
139 "signed content test streaming BER format, DSA key",
140 "-sign -in smcont.txt -outform \"DER\" -nodetach"
141 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
142 "-verify -in test.cms -inform \"DER\" "
143 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
144 ],
145
146 [
147 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
148 "-sign -in smcont.txt -outform \"DER\" -nodetach"
149 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
150 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
151 . " -stream -out test.cms",
152 "-verify -in test.cms -inform \"DER\" "
153 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
154 ],
155
156 [
157"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
158 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
159 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
160 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
161 . " -stream -out test.cms",
162 "-verify -in test.cms -inform \"DER\" "
163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
164 ],
165
166 [
167 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
168 "-sign -in smcont.txt -nodetach"
169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
171 . " -stream -out test.cms",
172 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
173 ],
174
175 [
176"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
177 "-sign -in smcont.txt"
178 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
179 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
180 . " -stream -out test.cms",
181 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
182 ],
183
184 [
185 "enveloped content test streaming S/MIME format, 3 recipients",
186 "-encrypt -in smcont.txt"
187 . " -stream -out test.cms"
188 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
189 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
190 ],
191
192 [
193"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
194 "-encrypt -in smcont.txt"
195 . " -stream -out test.cms"
196 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
197 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
198 ],
199
200 [
201"enveloped content test streaming S/MIME format, 3 recipients, key only used",
202 "-encrypt -in smcont.txt"
203 . " -stream -out test.cms"
204 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
205 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
206 ],
207
208 [
209"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
210 "-encrypt -in smcont.txt"
211 . " -aes256 -stream -out test.cms"
212 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
213 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
214 ],
215
216);
217
218my @smime_cms_tests = (
219
220 [
221 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
222 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
223 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
224 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
225 . " -stream -out test.cms",
226 "-verify -in test.cms -inform \"DER\" "
227 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
228 ],
229
230 [
231 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
232 "-sign -in smcont.txt -outform PEM -nodetach"
233 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
234 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
235 . " -stream -out test.cms",
236 "-verify -in test.cms -inform PEM "
237 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
238 ],
239
240 [
241 "signed content MIME format, RSA key, signed receipt request",
242 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
243 . " -receipt_request_to test\@openssl.org -receipt_request_all"
244 . " -out test.cms",
245 "-verify -in test.cms "
246 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
247 ],
248
249 [
250 "signed receipt MIME format, RSA key",
251 "-sign_receipt -in test.cms"
252 . " -signer $smdir/smrsa2.pem"
253 . " -out test2.cms",
254 "-verify_receipt test2.cms -in test.cms"
255 . " \"-CAfile\" $smdir/smroot.pem"
256 ],
257
258 [
259 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
260 "-encrypt -in smcont.txt"
261 . " -stream -out test.cms -keyid"
262 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
263 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
264 ],
265
266 [
267 "enveloped content test streaming PEM format, KEK",
268 "-encrypt -in smcont.txt -outform PEM -aes128"
269 . " -stream -out test.cms "
270 . " -secretkey 000102030405060708090A0B0C0D0E0F "
271 . " -secretkeyid C0FEE0",
272 "-decrypt -in test.cms -out smtst.txt -inform PEM"
273 . " -secretkey 000102030405060708090A0B0C0D0E0F "
274 . " -secretkeyid C0FEE0"
275 ],
276
277 [
278 "enveloped content test streaming PEM format, KEK, key only",
279 "-encrypt -in smcont.txt -outform PEM -aes128"
280 . " -stream -out test.cms "
281 . " -secretkey 000102030405060708090A0B0C0D0E0F "
282 . " -secretkeyid C0FEE0",
283 "-decrypt -in test.cms -out smtst.txt -inform PEM"
284 . " -secretkey 000102030405060708090A0B0C0D0E0F "
285 ],
286
287 [
288 "data content test streaming PEM format",
289 "-data_create -in smcont.txt -outform PEM -nodetach"
290 . " -stream -out test.cms",
291 "-data_out -in test.cms -inform PEM -out smtst.txt"
292 ],
293
294 [
295 "encrypted content test streaming PEM format, 128 bit RC2 key",
296 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
297 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
298 . " -stream -out test.cms",
299 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
300 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
301 ],
302
303 [
304 "encrypted content test streaming PEM format, 40 bit RC2 key",
305 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
306 . " -rc2 -secretkey 0001020304"
307 . " -stream -out test.cms",
308 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
309 . " -secretkey 0001020304 -out smtst.txt"
310 ],
311
312 [
313 "encrypted content test streaming PEM format, triple DES key",
314 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
315 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
316 . " -stream -out test.cms",
317 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
318 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
319 . " -out smtst.txt"
320 ],
321
322 [
323 "encrypted content test streaming PEM format, 128 bit AES key",
324 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
325 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
326 . " -stream -out test.cms",
327 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
328 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
329 ],
330
331);
332
333my @smime_cms_comp_tests = (
334
335 [
336 "compressed content test streaming PEM format",
337 "-compress -in smcont.txt -outform PEM -nodetach"
338 . " -stream -out test.cms",
339 "-uncompress -in test.cms -inform PEM -out smtst.txt"
340 ]
341
342);
343
344print "CMS => PKCS#7 compatibility tests\n";
345
346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
347
348print "CMS <= PKCS#7 compatibility tests\n";
349
350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
351
352print "CMS <=> CMS consistency tests\n";
353
354run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
355run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
356
357if ( `$ossl_path version -f` =~ /ZLIB/ ) {
358 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
359}
360else {
361 print "Zlib not supported: compression tests skipped\n";
362}
363
364print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
365
366if ($badcmd) {
367 print "$badcmd TESTS FAILED!!\n";
368}
369else {
370 print "ALL TESTS SUCCESSFUL.\n";
371}
372
373unlink "test.cms";
374unlink "test2.cms";
375unlink "smtst.txt";
376unlink "cms.out";
377unlink "cms.err";
378
379sub run_smime_tests {
380 my ( $rv, $aref, $scmd, $vcmd ) = @_;
381
382 foreach $smtst (@$aref) {
383 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
384 if ($ossl8)
385 {
386 # Skip smime resign: 0.9.8 smime doesn't support -resign
387 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
388 # Disable streaming: option not supported in 0.9.8
389 $tnam =~ s/streaming//;
390 $rscmd =~ s/-stream//;
391 $rvcmd =~ s/-stream//;
392 }
393 system("$scmd$rscmd$redir");
394 if ($?) {
395 print "$tnam: generation error\n";
396 $$rv++;
397 exit 1 if $halt_err;
398 next;
399 }
400 system("$vcmd$rvcmd$redir");
401 if ($?) {
402 print "$tnam: verify error\n";
403 $$rv++;
404 exit 1 if $halt_err;
405 next;
406 }
407 if (!cmp_files("smtst.txt", "smcont.txt")) {
408 print "$tnam: content verify error\n";
409 $$rv++;
410 exit 1 if $halt_err;
411 next;
412 }
413 print "$tnam: OK\n";
414 }
415}
416
417sub cmp_files {
418 use FileHandle;
419 my ( $f1, $f2 ) = @_;
420 my $fp1 = FileHandle->new();
421 my $fp2 = FileHandle->new();
422
423 my ( $rd1, $rd2 );
424
425 if ( !open( $fp1, "<$f1" ) ) {
426 print STDERR "Can't Open file $f1\n";
427 return 0;
428 }
429
430 if ( !open( $fp2, "<$f2" ) ) {
431 print STDERR "Can't Open file $f2\n";
432 return 0;
433 }
434
435 binmode $fp1;
436 binmode $fp2;
437
438 my $ret = 0;
439
440 for ( ; ; ) {
441 $n1 = sysread $fp1, $rd1, 4096;
442 $n2 = sysread $fp2, $rd2, 4096;
443 last if ( $n1 != $n2 );
444 last if ( $rd1 ne $rd2 );
445
446 if ( $n1 == 0 ) {
447 $ret = 1;
448 last;
449 }
450
451 }
452
453 close $fp1;
454 close $fp2;
455
456 return $ret;
457
458}
459
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c
deleted file mode 100644
index 1e65ccf99c..0000000000
--- a/src/lib/libssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
1/* $OpenBSD: methtest.c,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/rsa.h>
62#include <openssl/x509.h>
63#include "meth.h"
64#include <openssl/err.h>
65
66int main(argc,argv)
67int argc;
68char *argv[];
69 {
70 METHOD_CTX *top,*tmp1,*tmp2;
71
72 top=METH_new(x509_lookup()); /* get a top level context */
73 if (top == NULL) goto err;
74
75 tmp1=METH_new(x509_by_file());
76 if (top == NULL) goto err;
77 METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
78 METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
79 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
80
81 tmp2=METH_new(x509_by_dir());
82 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
83 METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
84 METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
85 METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
86
87/* tmp=METH_new(x509_by_issuer_dir);
88 METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
89 METH_push(top,METH_X509_BY_ISSUER,tmp);
90
91 tmp=METH_new(x509_by_issuer_primary);
92 METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
93 METH_push(top,METH_X509_BY_ISSUER,tmp);
94*/
95
96 METH_init(top);
97 METH_control(tmp1,METH_CONTROL_DUMP,stdout);
98 METH_control(tmp2,METH_CONTROL_DUMP,stdout);
99 EXIT(0);
100err:
101 ERR_load_crypto_strings();
102 ERR_print_errors_fp(stderr);
103 EXIT(1);
104 return(0);
105 }
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
1-----BEGIN PKCS7-----
2MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
3SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
4AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
5eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
6MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
7bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
8ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
9FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
109XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
11BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
12bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
13BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
14j7Kie1x339mxW/w9VZNTUDQQweHh
15-----END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
1 MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
2 AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
3 EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
4 cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
5 ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
6 MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
7 c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
8 bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
9 CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
10 Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
11 CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
12 ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
13 l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
14 HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
15 Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
16 c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
17 YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
18 dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
19 dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
20 LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
21 ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
22 biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
23 IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
24 AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
25 L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
26 HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
27 slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
28 ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
29 /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
30 aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
31 ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
32 OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
33 MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
34 Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
35 qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
36 sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
37 P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
38 A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
39 KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
40 Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
41 Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
42 hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
43 Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
44 dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
45 KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
46 dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
47 I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
48 ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
49 ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
50 ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
51 MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
52 /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
53 DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
54 b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
deleted file mode 100644
index 5c6b89fcdb..0000000000
--- a/src/lib/libssl/test/pkits-test.pl
+++ /dev/null
@@ -1,949 +0,0 @@
1# test/pkits-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl utility to run PKITS tests for RFC3280 compliance.
54
55my $ossl_path;
56
57if ( -f "../apps/openssl" ) {
58 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
59}
60elsif ( -f "..\\out32dll\\openssl.exe" ) {
61 $ossl_path = "..\\out32dll\\openssl.exe";
62}
63elsif ( -f "..\\out32\\openssl.exe" ) {
64 $ossl_path = "..\\out32\\openssl.exe";
65}
66else {
67 die "Can't find OpenSSL executable";
68}
69
70my $pkitsdir = "pkits/smime";
71my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
72
73die "Can't find PKITS test data" if !-d $pkitsdir;
74
75my $nist1 = "2.16.840.1.101.3.2.1.48.1";
76my $nist2 = "2.16.840.1.101.3.2.1.48.2";
77my $nist3 = "2.16.840.1.101.3.2.1.48.3";
78my $nist4 = "2.16.840.1.101.3.2.1.48.4";
79my $nist5 = "2.16.840.1.101.3.2.1.48.5";
80my $nist6 = "2.16.840.1.101.3.2.1.48.6";
81
82my $apolicy = "X509v3 Any Policy";
83
84# This table contains the chapter headings of the accompanying PKITS
85# document. They provide useful informational output and their names
86# can be converted into the filename to test.
87
88my @testlists = (
89 [ "4.1", "Signature Verification" ],
90 [ "4.1.1", "Valid Signatures Test1", 0 ],
91 [ "4.1.2", "Invalid CA Signature Test2", 7 ],
92 [ "4.1.3", "Invalid EE Signature Test3", 7 ],
93 [ "4.1.4", "Valid DSA Signatures Test4", 0 ],
94 [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ],
95 [ "4.1.6", "Invalid DSA Signature Test6", 7 ],
96 [ "4.2", "Validity Periods" ],
97 [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ],
98 [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ],
99 [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ],
100 [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ],
101 [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ],
102 [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ],
103 [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ],
104 [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ],
105 [ "4.3", "Verifying Name Chaining" ],
106 [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ],
107 [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ],
108 [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ],
109 [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ],
110 [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ],
111 [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ],
112 [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
113 [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ],
114 [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ],
115 [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
116 [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ],
117 [ "4.4", "Basic Certificate Revocation Tests" ],
118 [ "4.4.1", "Missing CRL Test1", 3 ],
119 [ "4.4.2", "Invalid Revoked CA Test2", 23 ],
120 [ "4.4.3", "Invalid Revoked EE Test3", 23 ],
121 [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ],
122 [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
123 [ "4.4.6", "Invalid Wrong CRL Test6", 3 ],
124 [ "4.4.7", "Valid Two CRLs Test7", 0 ],
125
126 # The test document suggests these should return certificate revoked...
127 # Subsquent discussion has concluded they should not due to unhandle
128 # critical CRL extensions.
129 [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
130 [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ],
131
132 [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ],
133 [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ],
134 [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ],
135 [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ],
136 [ "4.4.14", "Valid Negative Serial Number Test14", 0 ],
137 [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ],
138 [ "4.4.16", "Valid Long Serial Number Test16", 0 ],
139 [ "4.4.17", "Valid Long Serial Number Test17", 0 ],
140 [ "4.4.18", "Invalid Long Serial Number Test18", 23 ],
141 [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ],
142 [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
143
144 # CRL path is revoked so get a CRL path validation error
145 [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ],
146 [ "4.5", "Verifying Paths with Self-Issued Certificates" ],
147 [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ],
148 [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ],
149 [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ],
150 [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ],
151 [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ],
152 [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ],
153 [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ],
154 [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ],
155 [ "4.6", "Verifying Basic Constraints" ],
156 [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ],
157 [ "4.6.2", "Invalid cA False Test2", 24 ],
158 [ "4.6.3", "Invalid cA False Test3", 24 ],
159 [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ],
160 [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ],
161 [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ],
162 [ "4.6.7", "Valid pathLenConstraint Test7", 0 ],
163 [ "4.6.8", "Valid pathLenConstraint Test8", 0 ],
164 [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ],
165 [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ],
166 [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ],
167 [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ],
168 [ "4.6.13", "Valid pathLenConstraint Test13", 0 ],
169 [ "4.6.14", "Valid pathLenConstraint Test14", 0 ],
170 [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ],
171 [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ],
172 [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ],
173 [ "4.7", "Key Usage" ],
174 [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ],
175 [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
176 [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ],
177 [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ],
178 [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ],
179
180 # Certificate policy tests need special handling. They can have several
181 # sub tests and we need to check the outputs are correct.
182
183 [ "4.8", "Certificate Policies" ],
184 [
185 "4.8.1.1",
186 "All Certificates Same Policy Test1",
187 "-policy anyPolicy -explicit_policy",
188 "True", $nist1, $nist1, 0
189 ],
190 [
191 "4.8.1.2",
192 "All Certificates Same Policy Test1",
193 "-policy $nist1 -explicit_policy",
194 "True", $nist1, $nist1, 0
195 ],
196 [
197 "4.8.1.3",
198 "All Certificates Same Policy Test1",
199 "-policy $nist2 -explicit_policy",
200 "True", $nist1, "<empty>", 43
201 ],
202 [
203 "4.8.1.4",
204 "All Certificates Same Policy Test1",
205 "-policy $nist1 -policy $nist2 -explicit_policy",
206 "True", $nist1, $nist1, 0
207 ],
208 [
209 "4.8.2.1",
210 "All Certificates No Policies Test2",
211 "-policy anyPolicy",
212 "False", "<empty>", "<empty>", 0
213 ],
214 [
215 "4.8.2.2",
216 "All Certificates No Policies Test2",
217 "-policy anyPolicy -explicit_policy",
218 "True", "<empty>", "<empty>", 43
219 ],
220 [
221 "4.8.3.1",
222 "Different Policies Test3",
223 "-policy anyPolicy",
224 "False", "<empty>", "<empty>", 0
225 ],
226 [
227 "4.8.3.2",
228 "Different Policies Test3",
229 "-policy anyPolicy -explicit_policy",
230 "True", "<empty>", "<empty>", 43
231 ],
232 [
233 "4.8.3.3",
234 "Different Policies Test3",
235 "-policy $nist1 -policy $nist2 -explicit_policy",
236 "True", "<empty>", "<empty>", 43
237 ],
238
239 [
240 "4.8.4",
241 "Different Policies Test4",
242 "-policy anyPolicy",
243 "True", "<empty>", "<empty>", 43
244 ],
245 [
246 "4.8.5",
247 "Different Policies Test5",
248 "-policy anyPolicy",
249 "True", "<empty>", "<empty>", 43
250 ],
251 [
252 "4.8.6.1",
253 "Overlapping Policies Test6",
254 "-policy anyPolicy",
255 "True", $nist1, $nist1, 0
256 ],
257 [
258 "4.8.6.2",
259 "Overlapping Policies Test6",
260 "-policy $nist1",
261 "True", $nist1, $nist1, 0
262 ],
263 [
264 "4.8.6.3",
265 "Overlapping Policies Test6",
266 "-policy $nist2",
267 "True", $nist1, "<empty>", 43
268 ],
269 [
270 "4.8.7",
271 "Different Policies Test7",
272 "-policy anyPolicy",
273 "True", "<empty>", "<empty>", 43
274 ],
275 [
276 "4.8.8",
277 "Different Policies Test8",
278 "-policy anyPolicy",
279 "True", "<empty>", "<empty>", 43
280 ],
281 [
282 "4.8.9",
283 "Different Policies Test9",
284 "-policy anyPolicy",
285 "True", "<empty>", "<empty>", 43
286 ],
287 [
288 "4.8.10.1",
289 "All Certificates Same Policies Test10",
290 "-policy $nist1",
291 "True", "$nist1:$nist2", "$nist1", 0
292 ],
293 [
294 "4.8.10.2",
295 "All Certificates Same Policies Test10",
296 "-policy $nist2",
297 "True", "$nist1:$nist2", "$nist2", 0
298 ],
299 [
300 "4.8.10.3",
301 "All Certificates Same Policies Test10",
302 "-policy anyPolicy",
303 "True", "$nist1:$nist2", "$nist1:$nist2", 0
304 ],
305 [
306 "4.8.11.1",
307 "All Certificates AnyPolicy Test11",
308 "-policy anyPolicy",
309 "True", "$apolicy", "$apolicy", 0
310 ],
311 [
312 "4.8.11.2",
313 "All Certificates AnyPolicy Test11",
314 "-policy $nist1",
315 "True", "$apolicy", "$nist1", 0
316 ],
317 [
318 "4.8.12",
319 "Different Policies Test12",
320 "-policy anyPolicy",
321 "True", "<empty>", "<empty>", 43
322 ],
323 [
324 "4.8.13.1",
325 "All Certificates Same Policies Test13",
326 "-policy $nist1",
327 "True", "$nist1:$nist2:$nist3", "$nist1", 0
328 ],
329 [
330 "4.8.13.2",
331 "All Certificates Same Policies Test13",
332 "-policy $nist2",
333 "True", "$nist1:$nist2:$nist3", "$nist2", 0
334 ],
335 [
336 "4.8.13.3",
337 "All Certificates Same Policies Test13",
338 "-policy $nist3",
339 "True", "$nist1:$nist2:$nist3", "$nist3", 0
340 ],
341 [
342 "4.8.14.1", "AnyPolicy Test14",
343 "-policy $nist1", "True",
344 "$nist1", "$nist1",
345 0
346 ],
347 [
348 "4.8.14.2", "AnyPolicy Test14",
349 "-policy $nist2", "True",
350 "$nist1", "<empty>",
351 43
352 ],
353 [
354 "4.8.15",
355 "User Notice Qualifier Test15",
356 "-policy anyPolicy",
357 "False", "$nist1", "$nist1", 0
358 ],
359 [
360 "4.8.16",
361 "User Notice Qualifier Test16",
362 "-policy anyPolicy",
363 "False", "$nist1", "$nist1", 0
364 ],
365 [
366 "4.8.17",
367 "User Notice Qualifier Test17",
368 "-policy anyPolicy",
369 "False", "$nist1", "$nist1", 0
370 ],
371 [
372 "4.8.18.1",
373 "User Notice Qualifier Test18",
374 "-policy $nist1",
375 "True", "$nist1:$nist2", "$nist1", 0
376 ],
377 [
378 "4.8.18.2",
379 "User Notice Qualifier Test18",
380 "-policy $nist2",
381 "True", "$nist1:$nist2", "$nist2", 0
382 ],
383 [
384 "4.8.19",
385 "User Notice Qualifier Test19",
386 "-policy anyPolicy",
387 "False", "$nist1", "$nist1", 0
388 ],
389 [
390 "4.8.20",
391 "CPS Pointer Qualifier Test20",
392 "-policy anyPolicy -explicit_policy",
393 "True", "$nist1", "$nist1", 0
394 ],
395 [ "4.9", "Require Explicit Policy" ],
396 [
397 "4.9.1",
398 "Valid RequireExplicitPolicy Test1",
399 "-policy anyPolicy",
400 "False", "<empty>", "<empty>", 0
401 ],
402 [
403 "4.9.2",
404 "Valid RequireExplicitPolicy Test2",
405 "-policy anyPolicy",
406 "False", "<empty>", "<empty>", 0
407 ],
408 [
409 "4.9.3",
410 "Invalid RequireExplicitPolicy Test3",
411 "-policy anyPolicy",
412 "True", "<empty>", "<empty>", 43
413 ],
414 [
415 "4.9.4",
416 "Valid RequireExplicitPolicy Test4",
417 "-policy anyPolicy",
418 "True", "$nist1", "$nist1", 0
419 ],
420 [
421 "4.9.5",
422 "Invalid RequireExplicitPolicy Test5",
423 "-policy anyPolicy",
424 "True", "<empty>", "<empty>", 43
425 ],
426 [
427 "4.9.6",
428 "Valid Self-Issued requireExplicitPolicy Test6",
429 "-policy anyPolicy",
430 "False", "<empty>", "<empty>", 0
431 ],
432 [
433 "4.9.7",
434 "Invalid Self-Issued requireExplicitPolicy Test7",
435 "-policy anyPolicy",
436 "True", "<empty>", "<empty>", 43
437 ],
438 [
439 "4.9.8",
440 "Invalid Self-Issued requireExplicitPolicy Test8",
441 "-policy anyPolicy",
442 "True", "<empty>", "<empty>", 43
443 ],
444 [ "4.10", "Policy Mappings" ],
445 [
446 "4.10.1.1",
447 "Valid Policy Mapping Test1",
448 "-policy $nist1",
449 "True", "$nist1", "$nist1", 0
450 ],
451 [
452 "4.10.1.2",
453 "Valid Policy Mapping Test1",
454 "-policy $nist2",
455 "True", "$nist1", "<empty>", 43
456 ],
457 [
458 "4.10.1.3",
459 "Valid Policy Mapping Test1",
460 "-policy anyPolicy -inhibit_map",
461 "True", "<empty>", "<empty>", 43
462 ],
463 [
464 "4.10.2.1",
465 "Invalid Policy Mapping Test2",
466 "-policy anyPolicy",
467 "True", "<empty>", "<empty>", 43
468 ],
469 [
470 "4.10.2.2",
471 "Invalid Policy Mapping Test2",
472 "-policy anyPolicy -inhibit_map",
473 "True", "<empty>", "<empty>", 43
474 ],
475 [
476 "4.10.3.1",
477 "Valid Policy Mapping Test3",
478 "-policy $nist1",
479 "True", "$nist2", "<empty>", 43
480 ],
481 [
482 "4.10.3.2",
483 "Valid Policy Mapping Test3",
484 "-policy $nist2",
485 "True", "$nist2", "$nist2", 0
486 ],
487 [
488 "4.10.4",
489 "Invalid Policy Mapping Test4",
490 "-policy anyPolicy",
491 "True", "<empty>", "<empty>", 43
492 ],
493 [
494 "4.10.5.1",
495 "Valid Policy Mapping Test5",
496 "-policy $nist1",
497 "True", "$nist1", "$nist1", 0
498 ],
499 [
500 "4.10.5.2",
501 "Valid Policy Mapping Test5",
502 "-policy $nist6",
503 "True", "$nist1", "<empty>", 43
504 ],
505 [
506 "4.10.6.1",
507 "Valid Policy Mapping Test6",
508 "-policy $nist1",
509 "True", "$nist1", "$nist1", 0
510 ],
511 [
512 "4.10.6.2",
513 "Valid Policy Mapping Test6",
514 "-policy $nist6",
515 "True", "$nist1", "<empty>", 43
516 ],
517 [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
518 [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ],
519 [
520 "4.10.9",
521 "Valid Policy Mapping Test9",
522 "-policy anyPolicy",
523 "True", "$nist1", "$nist1", 0
524 ],
525 [
526 "4.10.10",
527 "Invalid Policy Mapping Test10",
528 "-policy anyPolicy",
529 "True", "<empty>", "<empty>", 43
530 ],
531 [
532 "4.10.11",
533 "Valid Policy Mapping Test11",
534 "-policy anyPolicy",
535 "True", "$nist1", "$nist1", 0
536 ],
537
538 # TODO: check notice display
539 [
540 "4.10.12.1",
541 "Valid Policy Mapping Test12",
542 "-policy $nist1",
543 "True", "$nist1:$nist2", "$nist1", 0
544 ],
545
546 # TODO: check notice display
547 [
548 "4.10.12.2",
549 "Valid Policy Mapping Test12",
550 "-policy $nist2",
551 "True", "$nist1:$nist2", "$nist2", 0
552 ],
553 [
554 "4.10.13",
555 "Valid Policy Mapping Test13",
556 "-policy anyPolicy",
557 "True", "$nist1", "$nist1", 0
558 ],
559
560 # TODO: check notice display
561 [
562 "4.10.14",
563 "Valid Policy Mapping Test14",
564 "-policy anyPolicy",
565 "True", "$nist1", "$nist1", 0
566 ],
567 [ "4.11", "Inhibit Policy Mapping" ],
568 [
569 "4.11.1",
570 "Invalid inhibitPolicyMapping Test1",
571 "-policy anyPolicy",
572 "True", "<empty>", "<empty>", 43
573 ],
574 [
575 "4.11.2",
576 "Valid inhibitPolicyMapping Test2",
577 "-policy anyPolicy",
578 "True", "$nist1", "$nist1", 0
579 ],
580 [
581 "4.11.3",
582 "Invalid inhibitPolicyMapping Test3",
583 "-policy anyPolicy",
584 "True", "<empty>", "<empty>", 43
585 ],
586 [
587 "4.11.4",
588 "Valid inhibitPolicyMapping Test4",
589 "-policy anyPolicy",
590 "True", "$nist2", "$nist2", 0
591 ],
592 [
593 "4.11.5",
594 "Invalid inhibitPolicyMapping Test5",
595 "-policy anyPolicy",
596 "True", "<empty>", "<empty>", 43
597 ],
598 [
599 "4.11.6",
600 "Invalid inhibitPolicyMapping Test6",
601 "-policy anyPolicy",
602 "True", "<empty>", "<empty>", 43
603 ],
604 [
605 "4.11.7",
606 "Valid Self-Issued inhibitPolicyMapping Test7",
607 "-policy anyPolicy",
608 "True", "$nist1", "$nist1", 0
609 ],
610 [
611 "4.11.8",
612 "Invalid Self-Issued inhibitPolicyMapping Test8",
613 "-policy anyPolicy",
614 "True", "<empty>", "<empty>", 43
615 ],
616 [
617 "4.11.9",
618 "Invalid Self-Issued inhibitPolicyMapping Test9",
619 "-policy anyPolicy",
620 "True", "<empty>", "<empty>", 43
621 ],
622 [
623 "4.11.10",
624 "Invalid Self-Issued inhibitPolicyMapping Test10",
625 "-policy anyPolicy",
626 "True", "<empty>", "<empty>", 43
627 ],
628 [
629 "4.11.11",
630 "Invalid Self-Issued inhibitPolicyMapping Test11",
631 "-policy anyPolicy",
632 "True", "<empty>", "<empty>", 43
633 ],
634 [ "4.12", "Inhibit Any Policy" ],
635 [
636 "4.12.1",
637 "Invalid inhibitAnyPolicy Test1",
638 "-policy anyPolicy",
639 "True", "<empty>", "<empty>", 43
640 ],
641 [
642 "4.12.2",
643 "Valid inhibitAnyPolicy Test2",
644 "-policy anyPolicy",
645 "True", "$nist1", "$nist1", 0
646 ],
647 [
648 "4.12.3.1",
649 "inhibitAnyPolicy Test3",
650 "-policy anyPolicy",
651 "True", "$nist1", "$nist1", 0
652 ],
653 [
654 "4.12.3.2",
655 "inhibitAnyPolicy Test3",
656 "-policy anyPolicy -inhibit_any",
657 "True", "<empty>", "<empty>", 43
658 ],
659 [
660 "4.12.4",
661 "Invalid inhibitAnyPolicy Test4",
662 "-policy anyPolicy",
663 "True", "<empty>", "<empty>", 43
664 ],
665 [
666 "4.12.5",
667 "Invalid inhibitAnyPolicy Test5",
668 "-policy anyPolicy",
669 "True", "<empty>", "<empty>", 43
670 ],
671 [
672 "4.12.6",
673 "Invalid inhibitAnyPolicy Test6",
674 "-policy anyPolicy",
675 "True", "<empty>", "<empty>", 43
676 ],
677 [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ],
678 [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ],
679 [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ],
680 [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ],
681 [ "4.13", "Name Constraints" ],
682 [ "4.13.1", "Valid DN nameConstraints Test1", 0 ],
683 [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ],
684 [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ],
685 [ "4.13.4", "Valid DN nameConstraints Test4", 0 ],
686 [ "4.13.5", "Valid DN nameConstraints Test5", 0 ],
687 [ "4.13.6", "Valid DN nameConstraints Test6", 0 ],
688 [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ],
689 [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ],
690 [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ],
691 [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ],
692 [ "4.13.11", "Valid DN nameConstraints Test11", 0 ],
693 [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ],
694 [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ],
695 [ "4.13.14", "Valid DN nameConstraints Test14", 0 ],
696 [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ],
697 [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ],
698 [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ],
699 [ "4.13.18", "Valid DN nameConstraints Test18", 0 ],
700 [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ],
701 [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
702 [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ],
703 [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ],
704 [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ],
705 [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ],
706 [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ],
707 [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ],
708 [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ],
709 [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ],
710 [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ],
711 [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ],
712 [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ],
713 [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ],
714 [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ],
715 [ "4.13.34", "Valid URI nameConstraints Test34", 0 ],
716 [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ],
717 [ "4.13.36", "Valid URI nameConstraints Test36", 0 ],
718 [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ],
719 [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ],
720 [ "4.14", "Distribution Points" ],
721 [ "4.14.1", "Valid distributionPoint Test1", 0 ],
722 [ "4.14.2", "Invalid distributionPoint Test2", 23 ],
723 [ "4.14.3", "Invalid distributionPoint Test3", 44 ],
724 [ "4.14.4", "Valid distributionPoint Test4", 0 ],
725 [ "4.14.5", "Valid distributionPoint Test5", 0 ],
726 [ "4.14.6", "Invalid distributionPoint Test6", 23 ],
727 [ "4.14.7", "Valid distributionPoint Test7", 0 ],
728 [ "4.14.8", "Invalid distributionPoint Test8", 44 ],
729 [ "4.14.9", "Invalid distributionPoint Test9", 44 ],
730 [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ],
731 [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ],
732 [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ],
733 [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ],
734 [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ],
735 [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ],
736 [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ],
737 [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ],
738 [ "4.14.18", "Valid onlySomeReasons Test18", 0 ],
739 [ "4.14.19", "Valid onlySomeReasons Test19", 0 ],
740 [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ],
741 [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ],
742 [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ],
743 [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ],
744 [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ],
745 [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ],
746 [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ],
747 [ "4.14.27", "Invalid cRLIssuer Test27", 3 ],
748 [ "4.14.28", "Valid cRLIssuer Test28", 0 ],
749 [ "4.14.29", "Valid cRLIssuer Test29", 0 ],
750
751 # Although this test is valid it has a circular dependency. As a result
752 # an attempt is made to reursively checks a CRL path and rejected due to
753 # a CRL path validation error. PKITS notes suggest this test does not
754 # need to be run due to this issue.
755 [ "4.14.30", "Valid cRLIssuer Test30", 54 ],
756 [ "4.14.31", "Invalid cRLIssuer Test31", 23 ],
757 [ "4.14.32", "Invalid cRLIssuer Test32", 23 ],
758 [ "4.14.33", "Valid cRLIssuer Test33", 0 ],
759 [ "4.14.34", "Invalid cRLIssuer Test34", 23 ],
760 [ "4.14.35", "Invalid cRLIssuer Test35", 44 ],
761 [ "4.15", "Delta-CRLs" ],
762 [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ],
763 [ "4.15.2", "Valid delta-CRL Test2", 0 ],
764 [ "4.15.3", "Invalid delta-CRL Test3", 23 ],
765 [ "4.15.4", "Invalid delta-CRL Test4", 23 ],
766 [ "4.15.5", "Valid delta-CRL Test5", 0 ],
767 [ "4.15.6", "Invalid delta-CRL Test6", 23 ],
768 [ "4.15.7", "Valid delta-CRL Test7", 0 ],
769 [ "4.15.8", "Valid delta-CRL Test8", 0 ],
770 [ "4.15.9", "Invalid delta-CRL Test9", 23 ],
771 [ "4.15.10", "Invalid delta-CRL Test10", 12 ],
772 [ "4.16", "Private Certificate Extensions" ],
773 [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
774 [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ],
775);
776
777
778my $verbose = 1;
779
780my $numtest = 0;
781my $numfail = 0;
782
783my $ossl = "ossl/apps/openssl";
784
785my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
786$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
787
788# Check for expiry of trust anchor
789system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0";
790if ($? == 256)
791 {
792 print STDERR "WARNING: using older expired data\n";
793 $ossl_cmd .= "-attime 1291940972 ";
794 }
795
796$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
797
798system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
799
800die "Can't create trust anchor file" if $?;
801
802print "Running PKITS tests:\n" if $verbose;
803
804foreach (@testlists) {
805 my $argnum = @$_;
806 if ( $argnum == 2 ) {
807 my ( $tnum, $title ) = @$_;
808 print "$tnum $title\n" if $verbose;
809 }
810 elsif ( $argnum == 3 ) {
811 my ( $tnum, $title, $exp_ret ) = @$_;
812 my $filename = $title;
813 $exp_ret += 32 if $exp_ret;
814 $filename =~ tr/ -//d;
815 $filename = "Signed${filename}.eml";
816 if ( !-f "$pkitsdir/$filename" ) {
817 print "\"$filename\" not found\n";
818 }
819 else {
820 my $ret;
821 my $test_fail = 0;
822 my $errmsg = "";
823 my $cmd = $ossl_cmd;
824 $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
825 my $cmdout = `$cmd`;
826 $ret = $? >> 8;
827 if ( $? & 0xff ) {
828 $errmsg .= "Abnormal OpenSSL termination\n";
829 $test_fail = 1;
830 }
831 if ( $exp_ret != $ret ) {
832 $errmsg .= "Return code:$ret, ";
833 $errmsg .= "expected $exp_ret\n";
834 $test_fail = 1;
835 }
836 if ($test_fail) {
837 print "$tnum $title : Failed!\n";
838 print "Filename: $pkitsdir/$filename\n";
839 print $errmsg;
840 print "Command output:\n$cmdout\n";
841 $numfail++;
842 }
843 $numtest++;
844 }
845 }
846 elsif ( $argnum == 7 ) {
847 my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
848 = @$_;
849 my $filename = $title;
850 $exp_ret += 32 if $exp_ret;
851 $filename =~ tr/ -//d;
852 $filename = "Signed${filename}.eml";
853 if ( !-f "$pkitsdir/$filename" ) {
854 print "\"$filename\" not found\n";
855 }
856 else {
857 my $ret;
858 my $cmdout = "";
859 my $errmsg = "";
860 my $epol = "";
861 my $aset = "";
862 my $uset = "";
863 my $pol = -1;
864 my $test_fail = 0;
865 my $cmd = $ossl_cmd;
866 $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
867 @oparr = `$cmd`;
868 $ret = $? >> 8;
869
870 if ( $? & 0xff ) {
871 $errmsg .= "Abnormal OpenSSL termination\n";
872 $test_fail = 1;
873 }
874 foreach (@oparr) {
875 my $test_failed = 0;
876 $cmdout .= $_;
877 if (/^Require explicit Policy: (.*)$/) {
878 $epol = $1;
879 }
880 if (/^Authority Policies/) {
881 if (/empty/) {
882 $aset = "<empty>";
883 }
884 else {
885 $pol = 1;
886 }
887 }
888 $test_fail = 1 if (/leak/i);
889 if (/^User Policies/) {
890 if (/empty/) {
891 $uset = "<empty>";
892 }
893 else {
894 $pol = 2;
895 }
896 }
897 if (/\s+Policy: (.*)$/) {
898 if ( $pol == 1 ) {
899 $aset .= ":" if $aset ne "";
900 $aset .= $1;
901 }
902 elsif ( $pol == 2 ) {
903 $uset .= ":" if $uset ne "";
904 $uset .= $1;
905 }
906 }
907 }
908
909 if ( $epol ne $exp_epol ) {
910 $errmsg .= "Explicit policy:$epol, ";
911 $errmsg .= "expected $exp_epol\n";
912 $test_fail = 1;
913 }
914 if ( $aset ne $exp_aset ) {
915 $errmsg .= "Authority policy set :$aset, ";
916 $errmsg .= "expected $exp_aset\n";
917 $test_fail = 1;
918 }
919 if ( $uset ne $exp_uset ) {
920 $errmsg .= "User policy set :$uset, ";
921 $errmsg .= "expected $exp_uset\n";
922 $test_fail = 1;
923 }
924
925 if ( $exp_ret != $ret ) {
926 print "Return code:$ret, expected $exp_ret\n";
927 $test_fail = 1;
928 }
929
930 if ($test_fail) {
931 print "$tnum $title : Failed!\n";
932 print "Filename: $pkitsdir/$filename\n";
933 print "Command output:\n$cmdout\n";
934 $numfail++;
935 }
936 $numtest++;
937 }
938 }
939}
940
941if ($numfail) {
942 print "$numfail tests failed out of $numtest\n";
943}
944else {
945 print "All Tests Successful.\n";
946}
947
948unlink "pkitsta.pem";
949
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c
deleted file mode 100644
index 0aadcdac16..0000000000
--- a/src/lib/libssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* $OpenBSD: r160test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
deleted file mode 100644
index e837c0b75b..0000000000
--- a/src/lib/libssl/test/smcont.txt
+++ /dev/null
@@ -1 +0,0 @@
1Some test content for OpenSSL CMS \ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
deleted file mode 100644
index d5677dbfbe..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa1.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
9YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
10C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
119fMUZq1v0ePD4Wo0Xkxo
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
25CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
267WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
27h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
284Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
31kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
32phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
33hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
deleted file mode 100644
index ef86c115d7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
9It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
10VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
11Nf8SimTZYB0/CKje6M5ufA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
25g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
266WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
27j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
28FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
29rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
30FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
31FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
326Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
33jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
deleted file mode 100644
index eeb848dabc..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
1-----BEGIN DSA PRIVATE KEY-----
2MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
3OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
4GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
5jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
6wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
7+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
8SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
9GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
10TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
11Y+XZd0Sv69CatDIRYWvaIA==
12-----END DSA PRIVATE KEY-----
13-----BEGIN CERTIFICATE-----
14MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
15BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
16TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
17CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
18ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
19CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
20mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
21jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
22CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
23kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
24xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
25M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
26aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
27pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
28VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
29aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
30c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
31k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
32rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
33OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
34-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
deleted file mode 100644
index 249706c8c7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsap.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN DSA PARAMETERS-----
2MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
3Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
4gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
5qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
6Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
7GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
8Qw5z
9-----END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
deleted file mode 100644
index a59eb2684c..0000000000
--- a/src/lib/libssl/test/smime-certs/smroot.pem
+++ /dev/null
@@ -1,30 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
39Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
4speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
5AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
6JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
7xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
8U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
9Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
101tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
113Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
123ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
13U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
140J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
21ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
22wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
239HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
2481XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
25BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
26dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
27SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
28l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
29r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
30-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
deleted file mode 100644
index 2cf3148e33..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa1.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
3ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
4JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
5AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
6KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
7JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
8xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
9KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
10Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
11h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
12oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
13QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
14SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
23ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
24yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
28O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
299cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
30I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
deleted file mode 100644
index d41f69c82f..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa2.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
359i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
4WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
5AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
6+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
7dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
8bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
9QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
10M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
11iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
12A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
13jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
146rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
23eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
2400obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
28rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
29ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
30YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
deleted file mode 100644
index c8cbe55151..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa3.pem
+++ /dev/null
@@ -1,31 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
3ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
4h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
5AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
6iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
7/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
8ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
9hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
10OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
11RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
129XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
13GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
14VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
15-----END RSA PRIVATE KEY-----
16-----BEGIN CERTIFICATE-----
17MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
18BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
19TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
20CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
21ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
22ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
23Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
24Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
25VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
26OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
27EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
28tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
29jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
30PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
31-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 055269eab8..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl crl'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testcrl.pem
9fi
10
11echo testing crl conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index 10834442a1..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE = ./.rnd
7
8####################################################################
9[ ca ]
10default_ca = CA_default # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir = ./demoCA # Where everything is kept
16certs = $dir/certs # Where the issued certs are kept
17crl_dir = $dir/crl # Where the issued crl are kept
18database = $dir/index.txt # database index file.
19new_certs_dir = $dir/new_certs # default place for new certs.
20
21certificate = $dir/CAcert.pem # The CA certificate
22serial = $dir/serial # The current serial number
23crl = $dir/crl.pem # The current CRL
24private_key = $dir/private/CAkey.pem# The private key
25RANDFILE = $dir/private/.rand # private random number file
26
27default_days = 365 # how long to certify for
28default_crl_days= 30 # how long before next CRL
29default_md = md5 # which md to use.
30
31# A few difference way of specifying how similar the request should look
32# For type CA, the listed attributes must be the same, and the optional
33# and supplied fields are just that :-)
34policy = policy_match
35
36# For the CA policy
37[ policy_match ]
38countryName = match
39stateOrProvinceName = match
40organizationName = match
41organizationalUnitName = optional
42commonName = supplied
43emailAddress = optional
44
45# For the 'anything' policy
46# At this point in time, you must list all acceptable 'object'
47# types.
48[ policy_anything ]
49countryName = optional
50stateOrProvinceName = optional
51localityName = optional
52organizationName = optional
53organizationalUnitName = optional
54commonName = supplied
55emailAddress = optional
56
57####################################################################
58[ req ]
59default_bits = 1024
60default_keyfile = testkey.pem
61distinguished_name = req_distinguished_name
62encrypt_rsa_key = no
63
64[ req_distinguished_name ]
65countryName = Country Name (2 letter code)
66countryName_default = AU
67countryName_value = AU
68
69stateOrProvinceName = State or Province Name (full name)
70stateOrProvinceName_default = Queensland
71stateOrProvinceName_value =
72
73localityName = Locality Name (eg, city)
74localityName_value = Brisbane
75
76organizationName = Organization Name (eg, company)
77organizationName_default =
78organizationName_value = CryptSoft Pty Ltd
79
80organizationalUnitName = Organizational Unit Name (eg, section)
81organizationalUnitName_default =
82organizationalUnitName_value = .
83
84commonName = Common Name (eg, YOUR name)
85commonName_value = Eric Young
86
87emailAddress = Email Address
88emailAddress_value = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni
deleted file mode 100644
index e8fb63ee2b..0000000000
--- a/src/lib/libssl/test/test_aesni
+++ /dev/null
@@ -1,69 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine aesni | grep -v no-aesni; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25 BUFSIZE="16 32 48 64 80 96 128 144 999"
26
27 nerr=0
28
29 for alg in $AES_ALGS; do
30 echo $alg
31 for bufsize in $BUFSIZE; do
32 TEST=`( cat $PROG | \
33 $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
34 $PROG enc -d -k "$HASH" -$alg | \
35 $PROG dgst -hex ) 2>/dev/null`
36 if [ "$TEST" != "$HASH" ]; then
37 echo "-$alg/$bufsize encrypt test failed"
38 nerr=`expr $nerr + 1`
39 fi
40 done
41 for bufsize in $BUFSIZE; do
42 TEST=`( cat $PROG | \
43 $PROG enc -e -k "$HASH" -$alg | \
44 $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
45 $PROG dgst -hex ) 2>/dev/null`
46 if [ "$TEST" != "$HASH" ]; then
47 echo "-$alg/$bufsize decrypt test failed"
48 nerr=`expr $nerr + 1`
49 fi
50 done
51 TEST=`( cat $PROG | \
52 $PROG enc -e -k "$HASH" -$alg -engine aesni | \
53 $PROG enc -d -k "$HASH" -$alg -engine aesni | \
54 $PROG dgst -hex ) 2>/dev/null`
55 if [ "$TEST" != "$HASH" ]; then
56 echo "-$alg en/decrypt test failed"
57 nerr=`expr $nerr + 1`
58 fi
59 done
60
61 if [ $nerr -gt 0 ]; then
62 echo "AESNI engine test failed."
63 exit 1;
64 fi
65else
66 echo "AESNI engine is not available"
67fi
68
69exit 0
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
deleted file mode 100755
index 5c0f21043c..0000000000
--- a/src/lib/libssl/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine padlock | grep -v no-ACE; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25
26 nerr=0
27
28 for alg in $ACE_ALGS; do
29 echo $alg
30 TEST=`( cat $PROG | \
31 $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
32 $PROG enc -d -k "$HASH" -$alg | \
33 $PROG dgst -hex ) 2>/dev/null`
34 if [ "$TEST" != "$HASH" ]; then
35 echo "-$alg encrypt test failed"
36 nerr=`expr $nerr + 1`
37 fi
38 TEST=`( cat $PROG | \
39 $PROG enc -e -k "$HASH" -$alg | \
40 $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
41 $PROG dgst -hex ) 2>/dev/null`
42 if [ "$TEST" != "$HASH" ]; then
43 echo "-$alg decrypt test failed"
44 nerr=`expr $nerr + 1`
45 fi
46 TEST=`( cat $PROG | \
47 $PROG enc -e -k "$HASH" -$alg -engine padlock | \
48 $PROG enc -d -k "$HASH" -$alg -engine padlock | \
49 $PROG dgst -hex ) 2>/dev/null`
50 if [ "$TEST" != "$HASH" ]; then
51 echo "-$alg en/decrypt test failed"
52 nerr=`expr $nerr + 1`
53 fi
54 done
55
56 if [ $nerr -gt 0 ]; then
57 echo "PadLock ACE test failed."
58 exit 1;
59 fi
60else
61 echo "PadLock ACE is not available"
62fi
63
64exit 0
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index b109cfe271..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
1#!/bin/sh
2
3SH="/bin/sh"
4if test "$OSTYPE" = msdosdjgpp; then
5 PATH="../apps\;$PATH"
6else
7 PATH="../apps:$PATH"
8fi
9export SH PATH
10
11SSLEAY_CONFIG="-config CAss.cnf"
12export SSLEAY_CONFIG
13
14OPENSSL="`pwd`/../util/opensslwrap.sh"
15export OPENSSL
16
17/bin/rm -fr demoCA
18$SH ../apps/CA.sh -newca <<EOF
19EOF
20
21if [ $? != 0 ]; then
22 exit 1;
23fi
24
25SSLEAY_CONFIG="-config Uss.cnf"
26export SSLEAY_CONFIG
27$SH ../apps/CA.sh -newreq
28if [ $? != 0 ]; then
29 exit 1;
30fi
31
32
33SSLEAY_CONFIG="-config ../apps/openssl.cnf"
34export SSLEAY_CONFIG
35$SH ../apps/CA.sh -sign <<EOF
36y
37y
38EOF
39if [ $? != 0 ]; then
40 exit 1;
41fi
42
43
44$SH ../apps/CA.sh -verify newcert.pem
45if [ $? != 0 ]; then
46 exit 1;
47fi
48
49/bin/rm -fr demoCA newcert.pem newreq.pem
50#usage: CA -newcert|-newreq|-newca|-sign|-verify
51
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN X509 CRL-----
2MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
3F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
4IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
5MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
6MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
7MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
8MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
9MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
10MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
11NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
12NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
13AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
14wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
15JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
16-----END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index f5ce7c0c45..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
1#!/bin/sh
2
3testsrc=Makefile
4test=./p
5cmd="../util/shlib_wrap.sh ../apps/openssl"
6
7cat $testsrc >$test;
8
9echo cat
10$cmd enc < $test > $test.cipher
11$cmd enc < $test.cipher >$test.clear
12cmp $test $test.clear
13if [ $? != 0 ]
14then
15 exit 1
16else
17 /bin/rm $test.cipher $test.clear
18fi
19echo base64
20$cmd enc -a -e < $test > $test.cipher
21$cmd enc -a -d < $test.cipher >$test.clear
22cmp $test $test.clear
23if [ $? != 0 ]
24then
25 exit 1
26else
27 /bin/rm $test.cipher $test.clear
28fi
29
30for i in `$cmd list-cipher-commands`
31do
32 echo $i
33 $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
34 $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
35 cmp $test $test.$i.clear
36 if [ $? != 0 ]
37 then
38 exit 1
39 else
40 /bin/rm $test.$i.cipher $test.$i.clear
41 fi
42
43 echo $i base64
44 $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
45 $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
46 cmp $test $test.$i.clear
47 if [ $? != 0 ]
48 then
49 exit 1
50 else
51 /bin/rm $test.$i.cipher $test.$i.clear
52 fi
53done
54rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
1#!/bin/sh
2
3T=testcert
4KEY=512
5CA=../certs/testca.pem
6
7/bin/rm -f $T.1 $T.2 $T.key
8
9if test "$OSTYPE" = msdosdjgpp; then
10 PATH=../apps\;$PATH;
11else
12 PATH=../apps:$PATH;
13fi
14export PATH
15
16echo "generating certificate request"
17
18echo "string to make the random number generator think it has entropy" >> ./.rnd
19
20if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
21 req_new='-newkey dsa:../apps/dsa512.pem'
22else
23 req_new='-new'
24 echo "There should be a 2 sequences of .'s and some +'s."
25 echo "There should not be more that at most 80 per line"
26fi
27
28echo "This could take some time."
29
30rm -f testkey.pem testreq.pem
31
32../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
33if [ $? != 0 ]; then
34echo problems creating request
35exit 1
36fi
37
38../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
39if [ $? != 0 ]; then
40echo signature on req is wrong
41exit 1
42fi
43
44exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
1-----BEGIN PKCS7-----
2MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
3cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
4DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
5BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
6HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
7ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
8biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
9aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
10aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
11VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
12UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
13AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
14BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
15ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
16IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
17bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
18L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
19OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
20IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
21ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
22cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
23QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
24MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
25AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
26cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
27AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
28MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
29QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
30dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
31Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
32DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
33TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
34AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
352d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
3647ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
37MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
38QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
39AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
40ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
41BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
42ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
43MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
44sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
45XfZsaiiIgotQHjEA
46-----END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
3QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
4DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
5hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
6gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
7-----END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
3Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
4rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
5oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
6mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
7rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
8mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
1-----BEGIN SSL SESSION PARAMETERS-----
2MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
3bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
4ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
5YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
6A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
7LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
8CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
9TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
10hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
11CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
12-----END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
1#!/bin/sh
2
3digest='-sha1'
4reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
5x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
6verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
7dummycnf="../apps/openssl.cnf"
8
9CAkey="keyCA.ss"
10CAcert="certCA.ss"
11CAreq="reqCA.ss"
12CAconf="CAss.cnf"
13CAreq2="req2CA.ss" # temp
14
15Uconf="Uss.cnf"
16Ukey="keyU.ss"
17Ureq="reqU.ss"
18Ucert="certU.ss"
19
20P1conf="P1ss.cnf"
21P1key="keyP1.ss"
22P1req="reqP1.ss"
23P1cert="certP1.ss"
24P1intermediate="tmp_intP1.ss"
25
26P2conf="P2ss.cnf"
27P2key="keyP2.ss"
28P2req="reqP2.ss"
29P2cert="certP2.ss"
30P2intermediate="tmp_intP2.ss"
31
32echo
33echo "make a certificate request using 'req'"
34
35echo "string to make the random number generator think it has entropy" >> ./.rnd
36
37if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
38 req_new='-newkey dsa:../apps/dsa512.pem'
39else
40 req_new='-new'
41fi
42
43$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
44if [ $? != 0 ]; then
45 echo "error using 'req' to generate a certificate request"
46 exit 1
47fi
48echo
49echo "convert the certificate request into a self signed certificate using 'x509'"
50$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
51if [ $? != 0 ]; then
52 echo "error using 'x509' to self sign a certificate request"
53 exit 1
54fi
55
56echo
57echo "convert a certificate into a certificate request using 'x509'"
58$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
59if [ $? != 0 ]; then
60 echo "error using 'x509' convert a certificate to a certificate request"
61 exit 1
62fi
63
64$reqcmd -config $dummycnf -verify -in $CAreq -noout
65if [ $? != 0 ]; then
66 echo first generated request is invalid
67 exit 1
68fi
69
70$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
71if [ $? != 0 ]; then
72 echo second generated request is invalid
73 exit 1
74fi
75
76$verifycmd -CAfile $CAcert $CAcert
77if [ $? != 0 ]; then
78 echo first generated cert is invalid
79 exit 1
80fi
81
82echo
83echo "make a user certificate request using 'req'"
84$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
85if [ $? != 0 ]; then
86 echo "error using 'req' to generate a user certificate request"
87 exit 1
88fi
89
90echo
91echo "sign user certificate request with the just created CA via 'x509'"
92$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
93if [ $? != 0 ]; then
94 echo "error using 'x509' to sign a user certificate request"
95 exit 1
96fi
97
98$verifycmd -CAfile $CAcert $Ucert
99echo
100echo "Certificate details"
101$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
102
103echo
104echo "make a proxy certificate request using 'req'"
105$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
106if [ $? != 0 ]; then
107 echo "error using 'req' to generate a proxy certificate request"
108 exit 1
109fi
110
111echo
112echo "sign proxy certificate request with the just created user certificate via 'x509'"
113$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
114if [ $? != 0 ]; then
115 echo "error using 'x509' to sign a proxy certificate request"
116 exit 1
117fi
118
119cat $Ucert > $P1intermediate
120$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
121echo
122echo "Certificate details"
123$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
124
125echo
126echo "make another proxy certificate request using 'req'"
127$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
128if [ $? != 0 ]; then
129 echo "error using 'req' to generate another proxy certificate request"
130 exit 1
131fi
132
133echo
134echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
135$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
136if [ $? != 0 ]; then
137 echo "error using 'x509' to sign a second proxy certificate request"
138 exit 1
139fi
140
141cat $Ucert $P1cert > $P2intermediate
142$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
143echo
144echo "Certificate details"
145$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
146
147echo
148echo The generated CA certificate is $CAcert
149echo The generated CA private key is $CAkey
150
151echo The generated user certificate is $Ucert
152echo The generated user private key is $Ukey
153
154echo The first generated proxy certificate is $P1cert
155echo The first generated proxy private key is $P1key
156
157echo The second generated proxy certificate is $P2cert
158echo The second generated proxy private key is $P2key
159
160/bin/rm err.ss
161#/bin/rm $P1intermediate
162#/bin/rm $P2intermediate
163exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index 4e8542b556..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,178 +0,0 @@
1#!/bin/sh
2
3if [ "$1" = "" ]; then
4 key=../apps/server.pem
5else
6 key="$1"
7fi
8if [ "$2" = "" ]; then
9 cert=../apps/server.pem
10else
11 cert="$2"
12fi
13ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
14
15if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
16 dsa_cert=YES
17else
18 dsa_cert=NO
19fi
20
21if [ "$3" = "" ]; then
22 CA="-CApath ../certs"
23else
24 CA="-CAfile $3"
25fi
26
27if [ "$4" = "" ]; then
28 extra=""
29else
30 extra="$4"
31fi
32
33#############################################################################
34
35echo test sslv2
36$ssltest -ssl2 $extra || exit 1
37
38echo test sslv2 with server authentication
39$ssltest -ssl2 -server_auth $CA $extra || exit 1
40
41if [ $dsa_cert = NO ]; then
42 echo test sslv2 with client authentication
43 $ssltest -ssl2 -client_auth $CA $extra || exit 1
44
45 echo test sslv2 with both client and server authentication
46 $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
47fi
48
49echo test sslv3
50$ssltest -ssl3 $extra || exit 1
51
52echo test sslv3 with server authentication
53$ssltest -ssl3 -server_auth $CA $extra || exit 1
54
55echo test sslv3 with client authentication
56$ssltest -ssl3 -client_auth $CA $extra || exit 1
57
58echo test sslv3 with both client and server authentication
59$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
60
61echo test sslv2/sslv3
62$ssltest $extra || exit 1
63
64echo test sslv2/sslv3 with server authentication
65$ssltest -server_auth $CA $extra || exit 1
66
67echo test sslv2/sslv3 with client authentication
68$ssltest -client_auth $CA $extra || exit 1
69
70echo test sslv2/sslv3 with both client and server authentication
71$ssltest -server_auth -client_auth $CA $extra || exit 1
72
73echo test sslv2 via BIO pair
74$ssltest -bio_pair -ssl2 $extra || exit 1
75
76echo test sslv2 with server authentication via BIO pair
77$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
78
79if [ $dsa_cert = NO ]; then
80 echo test sslv2 with client authentication via BIO pair
81 $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
82
83 echo test sslv2 with both client and server authentication via BIO pair
84 $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
85fi
86
87echo test sslv3 via BIO pair
88$ssltest -bio_pair -ssl3 $extra || exit 1
89
90echo test sslv3 with server authentication via BIO pair
91$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
92
93echo test sslv3 with client authentication via BIO pair
94$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
95
96echo test sslv3 with both client and server authentication via BIO pair
97$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
98
99echo test sslv2/sslv3 via BIO pair
100$ssltest $extra || exit 1
101
102if [ $dsa_cert = NO ]; then
103 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
104 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
105fi
106
107echo test sslv2/sslv3 with 1024bit DHE via BIO pair
108$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
109
110echo test sslv2/sslv3 with server authentication
111$ssltest -bio_pair -server_auth $CA $extra || exit 1
112
113echo test sslv2/sslv3 with client authentication via BIO pair
114$ssltest -bio_pair -client_auth $CA $extra || exit 1
115
116echo test sslv2/sslv3 with both client and server authentication via BIO pair
117$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
118
119echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
120$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
121
122echo "Testing ciphersuites"
123for protocol in TLSv1.2 SSLv3; do
124 echo "Testing ciphersuites for $protocol"
125 for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
126 echo "Testing $cipher"
127 prot=""
128 if [ $protocol = "SSLv3" ] ; then
129 prot="-ssl3"
130 fi
131 $ssltest -cipher $cipher $prot
132 if [ $? -ne 0 ] ; then
133 echo "Failed $cipher"
134 exit 1
135 fi
136 done
137done
138
139#############################################################################
140
141if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
142 echo skipping anonymous DH tests
143else
144 echo test tls1 with 1024bit anonymous DH, multiple handshakes
145 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
146fi
147
148if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
149 echo skipping RSA tests
150else
151 echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
152 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
153
154 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
155 echo skipping RSA+DHE tests
156 else
157 echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
158 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
159 fi
160fi
161
162echo test tls1 with PSK
163$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
164
165echo test tls1 with PSK via BIO pair
166$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
167
168if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
169 echo skipping SRP tests
170else
171 echo test tls1 with SRP
172 $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
173
174 echo test tls1 with SRP via BIO pair
175 $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
176fi
177
178exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
1#! /bin/sh
2
3echo 'Testing a lot of proxy conditions.'
4echo 'Some of them may turn out being invalid, which is fine.'
5for auth in A B C BC; do
6 for cond in A B C 'A|B&!C'; do
7 sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
8 if [ $? = 3 ]; then exit 1; fi
9 done
10done
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
deleted file mode 100644
index bb653b5f73..0000000000
--- a/src/lib/libssl/test/testtsa
+++ /dev/null
@@ -1,238 +0,0 @@
1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
17# Because that's what ../apps/CA.sh really looks at
18SSLEAY_CONFIG="-config $OPENSSL_CONF"
19export SSLEAY_CONFIG
20
21OPENSSL="`pwd`/../util/opensslwrap.sh"
22export OPENSSL
23
24error () {
25
26 echo "TSA test failed!" >&2
27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
56 export INDEX
57 EXT=$2
58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
60
61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
69 test $? != 0 && error
70}
71
72print_request () {
73
74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75}
76
77create_time_stamp_request1 () {
78
79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93 test $? != 0 && error
94}
95
96print_response () {
97
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113 test $? != 0 && error
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119 test $? != 0 && error
120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121 test $? != 0 && error
122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140 test $? != 0 && error
141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
143 test $? != 0 && error
144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
154 test $? = 0 && error
155 echo Ok
156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
3BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
4MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
5RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
6AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
7/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
8Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
9zl9HYIMxATFyqSiD9jsx
10-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 6b66eb342e..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
1
2More number for the questions about SSL overheads....
3
4The following numbers were generated on a Pentium pro 200, running Linux.
5They give an indication of the SSL protocol and encryption overheads.
6
7The program that generated them is an unreleased version of ssl/ssltest.c
8which is the SSLeay ssl protocol testing program. It is a single process that
9talks both sides of the SSL protocol via a non-blocking memory buffer
10interface.
11
12How do I read this? The protocol and cipher are reasonable obvious.
13The next number is the number of connections being made. The next is the
14number of bytes exchanged between the client and server side of the protocol.
15This is the number of bytes that the client sends to the server, and then
16the server sends back. Because this is all happening in one process,
17the data is being encrypted, decrypted, encrypted and then decrypted again.
18It is a round trip of that many bytes. Because the one process performs
19both the client and server sides of the protocol and it sends this many bytes
20each direction, multiply this number by 4 to generate the number
21of bytes encrypted/decrypted/MACed. The first time value is how many seconds
22elapsed doing a full SSL handshake, the second is the cost of one
23full handshake and the rest being session-id reuse.
24
25SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
26SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
27SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
28SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
29SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
30SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
31SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
32
33SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
34SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
35SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
36SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
37SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
38SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
39
40SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
41SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
42SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
43SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
44SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
45SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
46SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
47
48SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
49SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
50SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
51SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
52SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
53SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
54SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
55
56What does this all mean? Well for a server, with no session-id reuse, with
57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
58a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
59about 49 connections a second. Reality will be quite different :-).
60
61Remember the first number is 1000 full ssl handshakes, the second is
621 full and 999 with session-id reuse. The RSA overheads for each exchange
63would be one public and one private operation, but the protocol/MAC/cipher
64cost would be quite similar in both the client and server.
65
66eric (adding numbers to speculation)
67
68--- Appendix ---
69- The time measured is user time but these number a very rough.
70- Remember this is the cost of both client and server sides of the protocol.
71- The TCP/kernel overhead of connection establishment is normally the
72 killer in SSL. Often delays in the TCP protocol will make session-id
73 reuse look slower that new sessions, but this would not be the case on
74 a loaded server.
75- The TCP round trip latencies, while slowing individual connections,
76 would have minimal impact on throughput.
77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
78- the required number of bytes are processed.
79- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
80- A 512bit server key was being used except where noted.
81- No server key verification was being performed on the client side of the
82 protocol. This would slow things down very little.
83- The library being used is SSLeay 0.8.x.
84- The normal measuring system was commands of the form
85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
86 This modified version of ssltest should be in the next public release of
87 SSLeay.
88
89The general cipher performance number for this platform are
90
91SSLeay 0.8.2a 04-Sep-1997
92built on Fri Sep 5 17:37:05 EST 1997
93options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
94C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
95The 'numbers' are in 1000s of bytes per second processed.
96type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
97md2 131.02k 368.41k 500.57k 549.21k 566.09k
98mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
99md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
100sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
101sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
102rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
103des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
104des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
105idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
106rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
107blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
108 sign verify
109rsa 512 bits 0.0100s 0.0011s
110rsa 1024 bits 0.0451s 0.0012s
111rsa 2048 bits 0.2605s 0.0086s
112rsa 4096 bits 1.6883s 0.0302s
113
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 3e435ffbf9..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testp7.pem
9fi
10
11echo testing pkcs7 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp fff.p f.p
36if [ $? != 0 ]; then exit 1; fi
37cmp fff.p ff.p1
38if [ $? != 0 ]; then exit 1; fi
39cmp fff.p ff.p3
40if [ $? != 0 ]; then exit 1; fi
41
42cmp f.p ff.p1
43if [ $? != 0 ]; then exit 1; fi
44cmp f.p ff.p3
45if [ $? != 0 ]; then exit 1; fi
46
47/bin/rm -f f.* ff.* fff.*
48exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e88f..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=pkcs7-1.pem
9fi
10
11echo "testing pkcs7 conversions (2)"
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> p"
18$cmd -in fff.p -inform p -outform p >f.p
19if [ $? != 0 ]; then exit 1; fi
20
21echo "d -> d"
22$cmd -in f.d -inform d -outform d >ff.d1
23if [ $? != 0 ]; then exit 1; fi
24echo "p -> d"
25$cmd -in f.p -inform p -outform d >ff.d3
26if [ $? != 0 ]; then exit 1; fi
27
28echo "d -> p"
29$cmd -in f.d -inform d -outform p >ff.p1
30if [ $? != 0 ]; then exit 1; fi
31echo "p -> p"
32$cmd -in f.p -inform p -outform p >ff.p3
33if [ $? != 0 ]; then exit 1; fi
34
35cmp f.p ff.p1
36if [ $? != 0 ]; then exit 1; fi
37cmp f.p ff.p3
38if [ $? != 0 ]; then exit 1; fi
39
40/bin/rm -f f.* ff.* fff.*
41exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 77f37dcf3a..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testreq.pem
9fi
10
11if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
12 echo "skipping req conversion test for $t"
13 exit 0
14fi
15
16echo testing req conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -verify -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -verify -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 249ac1ddcc..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
1#!/bin/sh
2
3if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
4 echo skipping rsa conversion test
5 exit 0
6fi
7
8cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
9
10if [ "$1"x != "x" ]; then
11 t=$1
12else
13 t=testrsa.pem
14fi
15
16echo testing rsa conversions
17cp $t fff.p
18
19echo "p -> d"
20$cmd -in fff.p -inform p -outform d >f.d
21if [ $? != 0 ]; then exit 1; fi
22#echo "p -> t"
23#$cmd -in fff.p -inform p -outform t >f.t
24#if [ $? != 0 ]; then exit 1; fi
25echo "p -> p"
26$cmd -in fff.p -inform p -outform p >f.p
27if [ $? != 0 ]; then exit 1; fi
28
29echo "d -> d"
30$cmd -in f.d -inform d -outform d >ff.d1
31if [ $? != 0 ]; then exit 1; fi
32#echo "t -> d"
33#$cmd -in f.t -inform t -outform d >ff.d2
34#if [ $? != 0 ]; then exit 1; fi
35echo "p -> d"
36$cmd -in f.p -inform p -outform d >ff.d3
37if [ $? != 0 ]; then exit 1; fi
38
39#echo "d -> t"
40#$cmd -in f.d -inform d -outform t >ff.t1
41#if [ $? != 0 ]; then exit 1; fi
42#echo "t -> t"
43#$cmd -in f.t -inform t -outform t >ff.t2
44#if [ $? != 0 ]; then exit 1; fi
45#echo "p -> t"
46#$cmd -in f.p -inform p -outform t >ff.t3
47#if [ $? != 0 ]; then exit 1; fi
48
49echo "d -> p"
50$cmd -in f.d -inform d -outform p >ff.p1
51if [ $? != 0 ]; then exit 1; fi
52#echo "t -> p"
53#$cmd -in f.t -inform t -outform p >ff.p2
54#if [ $? != 0 ]; then exit 1; fi
55echo "p -> p"
56$cmd -in f.p -inform p -outform p >ff.p3
57if [ $? != 0 ]; then exit 1; fi
58
59cmp fff.p f.p
60if [ $? != 0 ]; then exit 1; fi
61cmp fff.p ff.p1
62if [ $? != 0 ]; then exit 1; fi
63#cmp fff.p ff.p2
64#if [ $? != 0 ]; then exit 1; fi
65cmp fff.p ff.p3
66if [ $? != 0 ]; then exit 1; fi
67
68#cmp f.t ff.t1
69#if [ $? != 0 ]; then exit 1; fi
70#cmp f.t ff.t2
71#if [ $? != 0 ]; then exit 1; fi
72#cmp f.t ff.t3
73#if [ $? != 0 ]; then exit 1; fi
74
75cmp f.p ff.p1
76if [ $? != 0 ]; then exit 1; fi
77#cmp f.p ff.p2
78#if [ $? != 0 ]; then exit 1; fi
79cmp f.p ff.p3
80if [ $? != 0 ]; then exit 1; fi
81
82/bin/rm -f f.* ff.* fff.*
83exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index 6adbd531ce..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testsid.pem
9fi
10
11echo testing session-id conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17#echo "p -> t"
18#$cmd -in fff.p -inform p -outform t >f.t
19#if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27#echo "t -> d"
28#$cmd -in f.t -inform t -outform d >ff.d2
29#if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34#echo "d -> t"
35#$cmd -in f.d -inform d -outform t >ff.t1
36#if [ $? != 0 ]; then exit 1; fi
37#echo "t -> t"
38#$cmd -in f.t -inform t -outform t >ff.t2
39#if [ $? != 0 ]; then exit 1; fi
40#echo "p -> t"
41#$cmd -in f.p -inform p -outform t >ff.t3
42#if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47#echo "t -> p"
48#$cmd -in f.t -inform t -outform p >ff.p2
49#if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58#cmp fff.p ff.p2
59#if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63#cmp f.t ff.t1
64#if [ $? != 0 ]; then exit 1; fi
65#cmp f.t ff.t2
66#if [ $? != 0 ]; then exit 1; fi
67#cmp f.t ff.t3
68#if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72#cmp f.p ff.p2
73#if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 4a15b98d17..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
1#!/bin/sh
2
3cmd='../util/shlib_wrap.sh ../apps/openssl x509'
4
5if [ "$1"x != "x" ]; then
6 t=$1
7else
8 t=testx509.pem
9fi
10
11echo testing X509 conversions
12cp $t fff.p
13
14echo "p -> d"
15$cmd -in fff.p -inform p -outform d >f.d
16if [ $? != 0 ]; then exit 1; fi
17echo "p -> n"
18$cmd -in fff.p -inform p -outform n >f.n
19if [ $? != 0 ]; then exit 1; fi
20echo "p -> p"
21$cmd -in fff.p -inform p -outform p >f.p
22if [ $? != 0 ]; then exit 1; fi
23
24echo "d -> d"
25$cmd -in f.d -inform d -outform d >ff.d1
26if [ $? != 0 ]; then exit 1; fi
27echo "n -> d"
28$cmd -in f.n -inform n -outform d >ff.d2
29if [ $? != 0 ]; then exit 1; fi
30echo "p -> d"
31$cmd -in f.p -inform p -outform d >ff.d3
32if [ $? != 0 ]; then exit 1; fi
33
34echo "d -> n"
35$cmd -in f.d -inform d -outform n >ff.n1
36if [ $? != 0 ]; then exit 1; fi
37echo "n -> n"
38$cmd -in f.n -inform n -outform n >ff.n2
39if [ $? != 0 ]; then exit 1; fi
40echo "p -> n"
41$cmd -in f.p -inform p -outform n >ff.n3
42if [ $? != 0 ]; then exit 1; fi
43
44echo "d -> p"
45$cmd -in f.d -inform d -outform p >ff.p1
46if [ $? != 0 ]; then exit 1; fi
47echo "n -> p"
48$cmd -in f.n -inform n -outform p >ff.p2
49if [ $? != 0 ]; then exit 1; fi
50echo "p -> p"
51$cmd -in f.p -inform p -outform p >ff.p3
52if [ $? != 0 ]; then exit 1; fi
53
54cmp fff.p f.p
55if [ $? != 0 ]; then exit 1; fi
56cmp fff.p ff.p1
57if [ $? != 0 ]; then exit 1; fi
58cmp fff.p ff.p2
59if [ $? != 0 ]; then exit 1; fi
60cmp fff.p ff.p3
61if [ $? != 0 ]; then exit 1; fi
62
63cmp f.n ff.n1
64if [ $? != 0 ]; then exit 1; fi
65cmp f.n ff.n2
66if [ $? != 0 ]; then exit 1; fi
67cmp f.n ff.n3
68if [ $? != 0 ]; then exit 1; fi
69
70cmp f.p ff.p1
71if [ $? != 0 ]; then exit 1; fi
72cmp f.p ff.p2
73if [ $? != 0 ]; then exit 1; fi
74cmp f.p ff.p3
75if [ $? != 0 ]; then exit 1; fi
76
77/bin/rm -f f.* ff.* fff.*
78exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
3NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
4dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
5ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
6ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
7ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
8miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
9AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
10Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
11DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
12MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
13AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
14X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
15WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
3YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
4ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
5dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
6WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
7BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
8FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
96ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
10G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
11YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
12b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
13F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
14lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
15jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
16-----END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index 082a4396ba..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,752 +0,0 @@
1/* $OpenBSD: tls1.h,v 1.26 2015/06/17 14:30:39 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 *
114 * Portions of the attached software ("Contribution") are developed by
115 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
116 *
117 * The Contribution is licensed pursuant to the OpenSSL open source
118 * license provided above.
119 *
120 * ECC cipher suite support in OpenSSL originally written by
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 *
123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
150
151#ifndef HEADER_TLS1_H
152#define HEADER_TLS1_H
153
154#include <openssl/buffer.h>
155
156#ifdef __cplusplus
157extern "C" {
158#endif
159
160#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
161
162#define TLS1_2_VERSION 0x0303
163#define TLS1_2_VERSION_MAJOR 0x03
164#define TLS1_2_VERSION_MINOR 0x03
165
166#define TLS1_1_VERSION 0x0302
167#define TLS1_1_VERSION_MAJOR 0x03
168#define TLS1_1_VERSION_MINOR 0x02
169
170#define TLS1_VERSION 0x0301
171#define TLS1_VERSION_MAJOR 0x03
172#define TLS1_VERSION_MINOR 0x01
173
174#define TLS1_get_version(s) \
175 ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
176
177#define TLS1_get_client_version(s) \
178 ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
179
180/*
181 * TLS Alert codes.
182 *
183 * http://www.iana.org/assignments/tls-parameters/#tls-parameters-6
184 */
185
186#define TLS1_AD_DECRYPTION_FAILED 21
187#define TLS1_AD_RECORD_OVERFLOW 22
188#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
189#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
190#define TLS1_AD_DECODE_ERROR 50 /* fatal */
191#define TLS1_AD_DECRYPT_ERROR 51
192#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
193#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
194#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
195#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
196/* Code 86 from RFC 7507. */
197#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */
198#define TLS1_AD_USER_CANCELLED 90
199#define TLS1_AD_NO_RENEGOTIATION 100
200/* Codes 110-114 from RFC 3546. */
201#define TLS1_AD_UNSUPPORTED_EXTENSION 110
202#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
203#define TLS1_AD_UNRECOGNIZED_NAME 112
204#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
205#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
206/* Code 115 from RFC 4279. */
207#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
208
209/*
210 * TLS ExtensionType values.
211 *
212 * http://www.iana.org/assignments/tls-extensiontype-values/
213 */
214
215/* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */
216#define TLSEXT_TYPE_server_name 0
217#define TLSEXT_TYPE_max_fragment_length 1
218#define TLSEXT_TYPE_client_certificate_url 2
219#define TLSEXT_TYPE_trusted_ca_keys 3
220#define TLSEXT_TYPE_truncated_hmac 4
221#define TLSEXT_TYPE_status_request 5
222
223/* ExtensionType values from RFC 4681. */
224#define TLSEXT_TYPE_user_mapping 6
225
226/* ExtensionType values from RFC 5878. */
227#define TLSEXT_TYPE_client_authz 7
228#define TLSEXT_TYPE_server_authz 8
229
230/* ExtensionType values from RFC 6091. */
231#define TLSEXT_TYPE_cert_type 9
232
233/* ExtensionType values from RFC 4492. */
234#define TLSEXT_TYPE_elliptic_curves 10
235#define TLSEXT_TYPE_ec_point_formats 11
236
237/* ExtensionType value from RFC 5054. */
238#define TLSEXT_TYPE_srp 12
239
240/* ExtensionType values from RFC 5246. */
241#define TLSEXT_TYPE_signature_algorithms 13
242
243/* ExtensionType value from RFC 5764. */
244#define TLSEXT_TYPE_use_srtp 14
245
246/* ExtensionType value from RFC 5620. */
247#define TLSEXT_TYPE_heartbeat 15
248
249/* ExtensionType value from RFC 7301. */
250#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
251
252/* ExtensionType value for TLS padding extension.
253 * (TEMPORARY - registered 2014-03-12, expires 2015-03-12)
254 * http://tools.ietf.org/html/draft-agl-tls-padding-03
255 */
256#define TLSEXT_TYPE_padding 21
257
258/* ExtensionType value from RFC 4507. */
259#define TLSEXT_TYPE_session_ticket 35
260
261/* Temporary extension type */
262#define TLSEXT_TYPE_renegotiate 0xff01
263
264/* This is not an IANA defined extension number */
265#define TLSEXT_TYPE_next_proto_neg 13172
266
267/* NameType value from RFC 3546. */
268#define TLSEXT_NAMETYPE_host_name 0
269/* status request value from RFC 3546 */
270#define TLSEXT_STATUSTYPE_ocsp 1
271
272/* ECPointFormat values from RFC 4492. */
273#define TLSEXT_ECPOINTFORMAT_first 0
274#define TLSEXT_ECPOINTFORMAT_uncompressed 0
275#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
276#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
277#define TLSEXT_ECPOINTFORMAT_last 2
278
279/* Signature and hash algorithms from RFC 5246. */
280
281#define TLSEXT_signature_anonymous 0
282#define TLSEXT_signature_rsa 1
283#define TLSEXT_signature_dsa 2
284#define TLSEXT_signature_ecdsa 3
285/* FIXME IANA */
286#define TLSEXT_signature_gostr01 237
287#define TLSEXT_signature_gostr12_256 238
288#define TLSEXT_signature_gostr12_512 239
289
290#define TLSEXT_hash_none 0
291#define TLSEXT_hash_md5 1
292#define TLSEXT_hash_sha1 2
293#define TLSEXT_hash_sha224 3
294#define TLSEXT_hash_sha256 4
295#define TLSEXT_hash_sha384 5
296#define TLSEXT_hash_sha512 6
297/* FIXME IANA */
298#define TLSEXT_hash_gost94 237
299#define TLSEXT_hash_streebog_256 238
300#define TLSEXT_hash_streebog_512 239
301
302#define TLSEXT_MAXLEN_host_name 255
303
304const char *SSL_get_servername(const SSL *s, const int type);
305int SSL_get_servername_type(const SSL *s);
306/* SSL_export_keying_material exports a value derived from the master secret,
307 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
308 * optional context. (Since a zero length context is allowed, the |use_context|
309 * flag controls whether a context is included.)
310 *
311 * It returns 1 on success and zero otherwise.
312 */
313int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
314 const char *label, size_t llen, const unsigned char *p, size_t plen,
315 int use_context);
316
317#define SSL_set_tlsext_host_name(s,name) \
318SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
319
320#define SSL_set_tlsext_debug_callback(ssl, cb) \
321SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
322
323#define SSL_set_tlsext_debug_arg(ssl, arg) \
324SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
325
326#define SSL_set_tlsext_status_type(ssl, type) \
327SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
328
329#define SSL_get_tlsext_status_exts(ssl, arg) \
330SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
331
332#define SSL_set_tlsext_status_exts(ssl, arg) \
333SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
334
335#define SSL_get_tlsext_status_ids(ssl, arg) \
336SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
337
338#define SSL_set_tlsext_status_ids(ssl, arg) \
339SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
340
341#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
342SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
343
344#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
345SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
346
347#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
348SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
349
350#define SSL_TLSEXT_ERR_OK 0
351#define SSL_TLSEXT_ERR_ALERT_WARNING 1
352#define SSL_TLSEXT_ERR_ALERT_FATAL 2
353#define SSL_TLSEXT_ERR_NOACK 3
354
355#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
356SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
357
358#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
359 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
360#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
361 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
362
363#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
364SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
365
366#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
367SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
368
369#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
370SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
371
372/* PSK ciphersuites from RFC 4279. */
373#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
374#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
375#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
376#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
377
378/* Additional TLS ciphersuites from expired Internet Draft
379 * draft-ietf-tls-56-bit-ciphersuites-01.txt
380 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
381 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
382 * shouldn't. Note that the first two are actually not in the IDs. */
383#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */
384#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
385#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
386#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
387#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
388#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
389#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
390
391/* AES ciphersuites from RFC 3268. */
392
393#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
394#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
395#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
396#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
397#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
398#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
399
400#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
401#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
402#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
403#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
404#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
405#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
406
407/* TLS v1.2 ciphersuites */
408#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B
409#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C
410#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D
411#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E
412#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
413#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
414
415/* Camellia ciphersuites from RFC 4132. */
416#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
417#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
418#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
419#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
420#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
421#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
422
423/* TLS v1.2 ciphersuites */
424#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067
425#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068
426#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069
427#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A
428#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B
429#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
430#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
431
432/* Camellia ciphersuites from RFC 4132. */
433#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
434#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
435#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
436#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
437#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
438#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
439
440/* SEED ciphersuites from RFC 4162. */
441#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
442#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
443#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
444#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
445#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
446#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
447
448/* TLS v1.2 GCM ciphersuites from RFC 5288. */
449#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
450#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
451#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
452#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F
453#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0
454#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1
455#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2
456#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3
457#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4
458#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5
459#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
460#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
461
462/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
463#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA
464#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB
465#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC
466#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD
467#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE
468#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF
469
470#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0
471#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1
472#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2
473#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3
474#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4
475#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5
476
477/* ECC ciphersuites from RFC 4492. */
478#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
479#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
480#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
481#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
482#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
483
484#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
485#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
486#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
487#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
488#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
489
490#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
491#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
492#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
493#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
494#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
495
496#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
497#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
498#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
499#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
500#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
501
502#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
503#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
504#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
505#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
506#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
507
508/* SRP ciphersuites from RFC 5054. */
509#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A
510#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B
511#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C
512#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D
513#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E
514#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F
515#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020
516#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
517#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
518
519/* ECDH HMAC based ciphersuites from RFC 5289. */
520#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
521#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
522#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025
523#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026
524#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027
525#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028
526#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
527#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
528
529/* ECDH GCM based ciphersuites from RFC 5289. */
530#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
531#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
532#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
533#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E
534#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F
535#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030
536#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
537#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
538
539/* ChaCha20-Poly1305 based ciphersuites. */
540#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13
541#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14
542#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15
543
544#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
545#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
546#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
547#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
548#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
549#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
550#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
551
552/* AES ciphersuites from RFC 3268. */
553#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
554#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
555#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
556#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
557#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
558#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
559
560#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
561#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
562#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
563#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
564#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
565#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
566
567/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
568#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
569#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
570#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
571#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
572#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
573
574#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
575#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
576#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
577#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
578#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
579
580#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
581#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
582#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
583#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
584#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
585
586#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
587#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
588#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
589#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
590#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
591
592#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
593#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
594#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
595#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
596#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
597
598/* PSK ciphersuites from RFC 4279. */
599#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
600#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
601#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
602#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
603
604/* SRP ciphersuite from RFC 5054. */
605#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
606#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
607#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA"
608#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA"
609#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA"
610#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA"
611#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA"
612#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
613#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
614
615/* Camellia ciphersuites from RFC 4132. */
616#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
617#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
618#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
619#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
620#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
621#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
622
623#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
624#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
625#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
626#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
627#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
628#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
629
630/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
631#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256"
632#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256"
633#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256"
634#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256"
635#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256"
636#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256"
637
638#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256"
639#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256"
640#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256"
641#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256"
642#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256"
643#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256"
644
645/* SEED ciphersuites from RFC 4162. */
646#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
647#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
648#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
649#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
650#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
651#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
652
653/* TLS v1.2 ciphersuites. */
654#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256"
655#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256"
656#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256"
657#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256"
658#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256"
659#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256"
660#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256"
661#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256"
662#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256"
663#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256"
664#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256"
665#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
666#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
667
668/* TLS v1.2 GCM ciphersuites from RFC 5288. */
669#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
670#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
671#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
672#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384"
673#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256"
674#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384"
675#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256"
676#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384"
677#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256"
678#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384"
679#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
680#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
681
682/* ECDH HMAC based ciphersuites from RFC 5289. */
683
684#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
685#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
686#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256"
687#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384"
688#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256"
689#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384"
690#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
691#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
692
693/* ECDH GCM based ciphersuites from RFC 5289. */
694#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256"
695#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384"
696#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256"
697#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384"
698#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256"
699#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384"
700#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
701#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
702
703/* ChaCha20-Poly1305 based ciphersuites. */
704#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
705#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
706#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
707
708#define TLS_CT_RSA_SIGN 1
709#define TLS_CT_DSS_SIGN 2
710#define TLS_CT_RSA_FIXED_DH 3
711#define TLS_CT_DSS_FIXED_DH 4
712#define TLS_CT_ECDSA_SIGN 64
713#define TLS_CT_RSA_FIXED_ECDH 65
714#define TLS_CT_ECDSA_FIXED_ECDH 66
715#define TLS_CT_GOST94_SIGN 21
716#define TLS_CT_GOST01_SIGN 22
717#define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */
718#define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */
719/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
720 * comment there) */
721#define TLS_CT_NUMBER 11
722
723#define TLS1_FINISH_MAC_LENGTH 12
724
725#define TLS_MD_MAX_CONST_SIZE 20
726#define TLS_MD_CLIENT_FINISH_CONST "client finished"
727#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
728#define TLS_MD_SERVER_FINISH_CONST "server finished"
729#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
730#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
731#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
732#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
733#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
734#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
735#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
736#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
737#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
738#define TLS_MD_IV_BLOCK_CONST "IV block"
739#define TLS_MD_IV_BLOCK_CONST_SIZE 8
740#define TLS_MD_MASTER_SECRET_CONST "master secret"
741#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
742
743/* TLS Session Ticket extension struct. */
744struct tls_session_ticket_ext_st {
745 unsigned short length;
746 void *data;
747};
748
749#ifdef __cplusplus
750}
751#endif
752#endif