diff options
Diffstat (limited to 'src/lib/libssl')
194 files changed, 0 insertions, 58499 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE deleted file mode 100644 index 892e14a450..0000000000 --- a/src/lib/libssl/LICENSE +++ /dev/null | |||
| @@ -1,133 +0,0 @@ | |||
| 1 | |||
| 2 | LibReSSL files are retained under the copyright of the authors. New | ||
| 3 | additions are ISC licensed as per OpenBSD's normal licensing policy, | ||
| 4 | or are placed in the public domain. | ||
| 5 | |||
| 6 | The OpenSSL code is distributed under the terms of the original OpenSSL | ||
| 7 | licenses which follow: | ||
| 8 | |||
| 9 | LICENSE ISSUES | ||
| 10 | ============== | ||
| 11 | |||
| 12 | The OpenSSL toolkit stays under a dual license, i.e. both the conditions of | ||
| 13 | the OpenSSL License and the original SSLeay license apply to the toolkit. | ||
| 14 | See below for the actual license texts. In case of any license issues | ||
| 15 | related to OpenSSL please contact openssl-core@openssl.org. | ||
| 16 | |||
| 17 | OpenSSL License | ||
| 18 | --------------- | ||
| 19 | |||
| 20 | /* ==================================================================== | ||
| 21 | * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * | ||
| 27 | * 1. Redistributions of source code must retain the above copyright | ||
| 28 | * notice, this list of conditions and the following disclaimer. | ||
| 29 | * | ||
| 30 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 31 | * notice, this list of conditions and the following disclaimer in | ||
| 32 | * the documentation and/or other materials provided with the | ||
| 33 | * distribution. | ||
| 34 | * | ||
| 35 | * 3. All advertising materials mentioning features or use of this | ||
| 36 | * software must display the following acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 39 | * | ||
| 40 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 41 | * endorse or promote products derived from this software without | ||
| 42 | * prior written permission. For written permission, please contact | ||
| 43 | * openssl-core@openssl.org. | ||
| 44 | * | ||
| 45 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 46 | * nor may "OpenSSL" appear in their names without prior written | ||
| 47 | * permission of the OpenSSL Project. | ||
| 48 | * | ||
| 49 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 50 | * acknowledgment: | ||
| 51 | * "This product includes software developed by the OpenSSL Project | ||
| 52 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 53 | * | ||
| 54 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 55 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 56 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 57 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 58 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 59 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 60 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 61 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 62 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 63 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 64 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 65 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 66 | * ==================================================================== | ||
| 67 | * | ||
| 68 | * This product includes cryptographic software written by Eric Young | ||
| 69 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 70 | * Hudson (tjh@cryptsoft.com). | ||
| 71 | * | ||
| 72 | */ | ||
| 73 | |||
| 74 | Original SSLeay License | ||
| 75 | ----------------------- | ||
| 76 | |||
| 77 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 78 | * All rights reserved. | ||
| 79 | * | ||
| 80 | * This package is an SSL implementation written | ||
| 81 | * by Eric Young (eay@cryptsoft.com). | ||
| 82 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 83 | * | ||
| 84 | * This library is free for commercial and non-commercial use as long as | ||
| 85 | * the following conditions are aheared to. The following conditions | ||
| 86 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 87 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 88 | * included with this distribution is covered by the same copyright terms | ||
| 89 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 90 | * | ||
| 91 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 92 | * the code are not to be removed. | ||
| 93 | * If this package is used in a product, Eric Young should be given attribution | ||
| 94 | * as the author of the parts of the library used. | ||
| 95 | * This can be in the form of a textual message at program startup or | ||
| 96 | * in documentation (online or textual) provided with the package. | ||
| 97 | * | ||
| 98 | * Redistribution and use in source and binary forms, with or without | ||
| 99 | * modification, are permitted provided that the following conditions | ||
| 100 | * are met: | ||
| 101 | * 1. Redistributions of source code must retain the copyright | ||
| 102 | * notice, this list of conditions and the following disclaimer. | ||
| 103 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 104 | * notice, this list of conditions and the following disclaimer in the | ||
| 105 | * documentation and/or other materials provided with the distribution. | ||
| 106 | * 3. All advertising materials mentioning features or use of this software | ||
| 107 | * must display the following acknowledgement: | ||
| 108 | * "This product includes cryptographic software written by | ||
| 109 | * Eric Young (eay@cryptsoft.com)" | ||
| 110 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 111 | * being used are not cryptographic related :-). | ||
| 112 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 113 | * the apps directory (application code) you must include an acknowledgement: | ||
| 114 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 115 | * | ||
| 116 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 117 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 118 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 119 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 120 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 121 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 122 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 123 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 124 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 125 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 126 | * SUCH DAMAGE. | ||
| 127 | * | ||
| 128 | * The licence and distribution terms for any publically available version or | ||
| 129 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 130 | * copied and put under another distribution licence | ||
| 131 | * [including the GNU Public Licence.] | ||
| 132 | */ | ||
| 133 | |||
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c deleted file mode 100644 index cfaf78a4dd..0000000000 --- a/src/lib/libssl/bio_ssl.c +++ /dev/null | |||
| @@ -1,581 +0,0 @@ | |||
| 1 | /* $OpenBSD: bio_ssl.c,v 1.21 2014/11/16 14:12:47 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <errno.h> | ||
| 60 | #include <stdio.h> | ||
| 61 | #include <stdlib.h> | ||
| 62 | #include <string.h> | ||
| 63 | |||
| 64 | #include <openssl/bio.h> | ||
| 65 | #include <openssl/crypto.h> | ||
| 66 | #include <openssl/err.h> | ||
| 67 | #include <openssl/ssl.h> | ||
| 68 | |||
| 69 | static int ssl_write(BIO *h, const char *buf, int num); | ||
| 70 | static int ssl_read(BIO *h, char *buf, int size); | ||
| 71 | static int ssl_puts(BIO *h, const char *str); | ||
| 72 | static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); | ||
| 73 | static int ssl_new(BIO *h); | ||
| 74 | static int ssl_free(BIO *data); | ||
| 75 | static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); | ||
| 76 | typedef struct bio_ssl_st { | ||
| 77 | SSL *ssl; /* The ssl handle :-) */ | ||
| 78 | /* re-negotiate every time the total number of bytes is this size */ | ||
| 79 | int num_renegotiates; | ||
| 80 | unsigned long renegotiate_count; | ||
| 81 | unsigned long byte_count; | ||
| 82 | unsigned long renegotiate_timeout; | ||
| 83 | unsigned long last_time; | ||
| 84 | } BIO_SSL; | ||
| 85 | |||
| 86 | static BIO_METHOD methods_sslp = { | ||
| 87 | .type = BIO_TYPE_SSL, | ||
| 88 | .name = "ssl", | ||
| 89 | .bwrite = ssl_write, | ||
| 90 | .bread = ssl_read, | ||
| 91 | .bputs = ssl_puts, | ||
| 92 | .ctrl = ssl_ctrl, | ||
| 93 | .create = ssl_new, | ||
| 94 | .destroy = ssl_free, | ||
| 95 | .callback_ctrl = ssl_callback_ctrl, | ||
| 96 | }; | ||
| 97 | |||
| 98 | BIO_METHOD * | ||
| 99 | BIO_f_ssl(void) | ||
| 100 | { | ||
| 101 | return (&methods_sslp); | ||
| 102 | } | ||
| 103 | |||
| 104 | static int | ||
| 105 | ssl_new(BIO *bi) | ||
| 106 | { | ||
| 107 | BIO_SSL *bs; | ||
| 108 | |||
| 109 | bs = calloc(1, sizeof(BIO_SSL)); | ||
| 110 | if (bs == NULL) { | ||
| 111 | BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); | ||
| 112 | return (0); | ||
| 113 | } | ||
| 114 | bi->init = 0; | ||
| 115 | bi->ptr = (char *)bs; | ||
| 116 | bi->flags = 0; | ||
| 117 | return (1); | ||
| 118 | } | ||
| 119 | |||
| 120 | static int | ||
| 121 | ssl_free(BIO *a) | ||
| 122 | { | ||
| 123 | BIO_SSL *bs; | ||
| 124 | |||
| 125 | if (a == NULL) | ||
| 126 | return (0); | ||
| 127 | bs = (BIO_SSL *)a->ptr; | ||
| 128 | if (bs->ssl != NULL) | ||
| 129 | SSL_shutdown(bs->ssl); | ||
| 130 | if (a->shutdown) { | ||
| 131 | if (a->init && (bs->ssl != NULL)) | ||
| 132 | SSL_free(bs->ssl); | ||
| 133 | a->init = 0; | ||
| 134 | a->flags = 0; | ||
| 135 | } | ||
| 136 | free(a->ptr); | ||
| 137 | return (1); | ||
| 138 | } | ||
| 139 | |||
| 140 | static int | ||
| 141 | ssl_read(BIO *b, char *out, int outl) | ||
| 142 | { | ||
| 143 | int ret = 1; | ||
| 144 | BIO_SSL *sb; | ||
| 145 | SSL *ssl; | ||
| 146 | int retry_reason = 0; | ||
| 147 | int r = 0; | ||
| 148 | |||
| 149 | if (out == NULL) | ||
| 150 | return (0); | ||
| 151 | sb = (BIO_SSL *)b->ptr; | ||
| 152 | ssl = sb->ssl; | ||
| 153 | |||
| 154 | BIO_clear_retry_flags(b); | ||
| 155 | |||
| 156 | ret = SSL_read(ssl, out, outl); | ||
| 157 | |||
| 158 | switch (SSL_get_error(ssl, ret)) { | ||
| 159 | case SSL_ERROR_NONE: | ||
| 160 | if (ret <= 0) | ||
| 161 | break; | ||
| 162 | if (sb->renegotiate_count > 0) { | ||
| 163 | sb->byte_count += ret; | ||
| 164 | if (sb->byte_count > sb->renegotiate_count) { | ||
| 165 | sb->byte_count = 0; | ||
| 166 | sb->num_renegotiates++; | ||
| 167 | SSL_renegotiate(ssl); | ||
| 168 | r = 1; | ||
| 169 | } | ||
| 170 | } | ||
| 171 | if ((sb->renegotiate_timeout > 0) && (!r)) { | ||
| 172 | unsigned long tm; | ||
| 173 | |||
| 174 | tm = (unsigned long)time(NULL); | ||
| 175 | if (tm > sb->last_time + sb->renegotiate_timeout) { | ||
| 176 | sb->last_time = tm; | ||
| 177 | sb->num_renegotiates++; | ||
| 178 | SSL_renegotiate(ssl); | ||
| 179 | } | ||
| 180 | } | ||
| 181 | |||
| 182 | break; | ||
| 183 | case SSL_ERROR_WANT_READ: | ||
| 184 | BIO_set_retry_read(b); | ||
| 185 | break; | ||
| 186 | case SSL_ERROR_WANT_WRITE: | ||
| 187 | BIO_set_retry_write(b); | ||
| 188 | break; | ||
| 189 | case SSL_ERROR_WANT_X509_LOOKUP: | ||
| 190 | BIO_set_retry_special(b); | ||
| 191 | retry_reason = BIO_RR_SSL_X509_LOOKUP; | ||
| 192 | break; | ||
| 193 | case SSL_ERROR_WANT_ACCEPT: | ||
| 194 | BIO_set_retry_special(b); | ||
| 195 | retry_reason = BIO_RR_ACCEPT; | ||
| 196 | break; | ||
| 197 | case SSL_ERROR_WANT_CONNECT: | ||
| 198 | BIO_set_retry_special(b); | ||
| 199 | retry_reason = BIO_RR_CONNECT; | ||
| 200 | break; | ||
| 201 | case SSL_ERROR_SYSCALL: | ||
| 202 | case SSL_ERROR_SSL: | ||
| 203 | case SSL_ERROR_ZERO_RETURN: | ||
| 204 | default: | ||
| 205 | break; | ||
| 206 | } | ||
| 207 | |||
| 208 | b->retry_reason = retry_reason; | ||
| 209 | return (ret); | ||
| 210 | } | ||
| 211 | |||
| 212 | static int | ||
| 213 | ssl_write(BIO *b, const char *out, int outl) | ||
| 214 | { | ||
| 215 | int ret, r = 0; | ||
| 216 | int retry_reason = 0; | ||
| 217 | SSL *ssl; | ||
| 218 | BIO_SSL *bs; | ||
| 219 | |||
| 220 | if (out == NULL) | ||
| 221 | return (0); | ||
| 222 | bs = (BIO_SSL *)b->ptr; | ||
| 223 | ssl = bs->ssl; | ||
| 224 | |||
| 225 | BIO_clear_retry_flags(b); | ||
| 226 | |||
| 227 | /* ret=SSL_do_handshake(ssl); | ||
| 228 | if (ret > 0) */ | ||
| 229 | ret = SSL_write(ssl, out, outl); | ||
| 230 | |||
| 231 | switch (SSL_get_error(ssl, ret)) { | ||
| 232 | case SSL_ERROR_NONE: | ||
| 233 | if (ret <= 0) | ||
| 234 | break; | ||
| 235 | if (bs->renegotiate_count > 0) { | ||
| 236 | bs->byte_count += ret; | ||
| 237 | if (bs->byte_count > bs->renegotiate_count) { | ||
| 238 | bs->byte_count = 0; | ||
| 239 | bs->num_renegotiates++; | ||
| 240 | SSL_renegotiate(ssl); | ||
| 241 | r = 1; | ||
| 242 | } | ||
| 243 | } | ||
| 244 | if ((bs->renegotiate_timeout > 0) && (!r)) { | ||
| 245 | unsigned long tm; | ||
| 246 | |||
| 247 | tm = (unsigned long)time(NULL); | ||
| 248 | if (tm > bs->last_time + bs->renegotiate_timeout) { | ||
| 249 | bs->last_time = tm; | ||
| 250 | bs->num_renegotiates++; | ||
| 251 | SSL_renegotiate(ssl); | ||
| 252 | } | ||
| 253 | } | ||
| 254 | break; | ||
| 255 | case SSL_ERROR_WANT_WRITE: | ||
| 256 | BIO_set_retry_write(b); | ||
| 257 | break; | ||
| 258 | case SSL_ERROR_WANT_READ: | ||
| 259 | BIO_set_retry_read(b); | ||
| 260 | break; | ||
| 261 | case SSL_ERROR_WANT_X509_LOOKUP: | ||
| 262 | BIO_set_retry_special(b); | ||
| 263 | retry_reason = BIO_RR_SSL_X509_LOOKUP; | ||
| 264 | break; | ||
| 265 | case SSL_ERROR_WANT_CONNECT: | ||
| 266 | BIO_set_retry_special(b); | ||
| 267 | retry_reason = BIO_RR_CONNECT; | ||
| 268 | case SSL_ERROR_SYSCALL: | ||
| 269 | case SSL_ERROR_SSL: | ||
| 270 | default: | ||
| 271 | break; | ||
| 272 | } | ||
| 273 | |||
| 274 | b->retry_reason = retry_reason; | ||
| 275 | return (ret); | ||
| 276 | } | ||
| 277 | |||
| 278 | static long | ||
| 279 | ssl_ctrl(BIO *b, int cmd, long num, void *ptr) | ||
| 280 | { | ||
| 281 | SSL **sslp, *ssl; | ||
| 282 | BIO_SSL *bs; | ||
| 283 | BIO *dbio, *bio; | ||
| 284 | long ret = 1; | ||
| 285 | |||
| 286 | bs = (BIO_SSL *)b->ptr; | ||
| 287 | ssl = bs->ssl; | ||
| 288 | if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) | ||
| 289 | return (0); | ||
| 290 | switch (cmd) { | ||
| 291 | case BIO_CTRL_RESET: | ||
| 292 | SSL_shutdown(ssl); | ||
| 293 | |||
| 294 | if (ssl->handshake_func == ssl->method->ssl_connect) | ||
| 295 | SSL_set_connect_state(ssl); | ||
| 296 | else if (ssl->handshake_func == ssl->method->ssl_accept) | ||
| 297 | SSL_set_accept_state(ssl); | ||
| 298 | |||
| 299 | SSL_clear(ssl); | ||
| 300 | |||
| 301 | if (b->next_bio != NULL) | ||
| 302 | ret = BIO_ctrl(b->next_bio, cmd, num, ptr); | ||
| 303 | else if (ssl->rbio != NULL) | ||
| 304 | ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); | ||
| 305 | else | ||
| 306 | ret = 1; | ||
| 307 | break; | ||
| 308 | case BIO_CTRL_INFO: | ||
| 309 | ret = 0; | ||
| 310 | break; | ||
| 311 | case BIO_C_SSL_MODE: | ||
| 312 | if (num) /* client mode */ | ||
| 313 | SSL_set_connect_state(ssl); | ||
| 314 | else | ||
| 315 | SSL_set_accept_state(ssl); | ||
| 316 | break; | ||
| 317 | case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: | ||
| 318 | ret = bs->renegotiate_timeout; | ||
| 319 | if (num < 60) | ||
| 320 | num = 5; | ||
| 321 | bs->renegotiate_timeout = (unsigned long)num; | ||
| 322 | bs->last_time = (unsigned long)time(NULL); | ||
| 323 | break; | ||
| 324 | case BIO_C_SET_SSL_RENEGOTIATE_BYTES: | ||
| 325 | ret = bs->renegotiate_count; | ||
| 326 | if ((long)num >=512) | ||
| 327 | bs->renegotiate_count = (unsigned long)num; | ||
| 328 | break; | ||
| 329 | case BIO_C_GET_SSL_NUM_RENEGOTIATES: | ||
| 330 | ret = bs->num_renegotiates; | ||
| 331 | break; | ||
| 332 | case BIO_C_SET_SSL: | ||
| 333 | if (ssl != NULL) { | ||
| 334 | ssl_free(b); | ||
| 335 | if (!ssl_new(b)) | ||
| 336 | return 0; | ||
| 337 | } | ||
| 338 | b->shutdown = (int)num; | ||
| 339 | ssl = (SSL *)ptr; | ||
| 340 | ((BIO_SSL *)b->ptr)->ssl = ssl; | ||
| 341 | bio = SSL_get_rbio(ssl); | ||
| 342 | if (bio != NULL) { | ||
| 343 | if (b->next_bio != NULL) | ||
| 344 | BIO_push(bio, b->next_bio); | ||
| 345 | b->next_bio = bio; | ||
| 346 | CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); | ||
| 347 | } | ||
| 348 | b->init = 1; | ||
| 349 | break; | ||
| 350 | case BIO_C_GET_SSL: | ||
| 351 | if (ptr != NULL) { | ||
| 352 | sslp = (SSL **)ptr; | ||
| 353 | *sslp = ssl; | ||
| 354 | } else | ||
| 355 | ret = 0; | ||
| 356 | break; | ||
| 357 | case BIO_CTRL_GET_CLOSE: | ||
| 358 | ret = b->shutdown; | ||
| 359 | break; | ||
| 360 | case BIO_CTRL_SET_CLOSE: | ||
| 361 | b->shutdown = (int)num; | ||
| 362 | break; | ||
| 363 | case BIO_CTRL_WPENDING: | ||
| 364 | ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); | ||
| 365 | break; | ||
| 366 | case BIO_CTRL_PENDING: | ||
| 367 | ret = SSL_pending(ssl); | ||
| 368 | if (ret == 0) | ||
| 369 | ret = BIO_pending(ssl->rbio); | ||
| 370 | break; | ||
| 371 | case BIO_CTRL_FLUSH: | ||
| 372 | BIO_clear_retry_flags(b); | ||
| 373 | ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); | ||
| 374 | BIO_copy_next_retry(b); | ||
| 375 | break; | ||
| 376 | case BIO_CTRL_PUSH: | ||
| 377 | if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) { | ||
| 378 | SSL_set_bio(ssl, b->next_bio, b->next_bio); | ||
| 379 | CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO); | ||
| 380 | } | ||
| 381 | break; | ||
| 382 | case BIO_CTRL_POP: | ||
| 383 | /* Only detach if we are the BIO explicitly being popped */ | ||
| 384 | if (b == ptr) { | ||
| 385 | /* Shouldn't happen in practice because the | ||
| 386 | * rbio and wbio are the same when pushed. | ||
| 387 | */ | ||
| 388 | if (ssl->rbio != ssl->wbio) | ||
| 389 | BIO_free_all(ssl->wbio); | ||
| 390 | if (b->next_bio != NULL) | ||
| 391 | CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO); | ||
| 392 | ssl->wbio = NULL; | ||
| 393 | ssl->rbio = NULL; | ||
| 394 | } | ||
| 395 | break; | ||
| 396 | case BIO_C_DO_STATE_MACHINE: | ||
| 397 | BIO_clear_retry_flags(b); | ||
| 398 | |||
| 399 | b->retry_reason = 0; | ||
| 400 | ret = (int)SSL_do_handshake(ssl); | ||
| 401 | |||
| 402 | switch (SSL_get_error(ssl, (int)ret)) { | ||
| 403 | case SSL_ERROR_WANT_READ: | ||
| 404 | BIO_set_flags(b, | ||
| 405 | BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); | ||
| 406 | break; | ||
| 407 | case SSL_ERROR_WANT_WRITE: | ||
| 408 | BIO_set_flags(b, | ||
| 409 | BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); | ||
| 410 | break; | ||
| 411 | case SSL_ERROR_WANT_CONNECT: | ||
| 412 | BIO_set_flags(b, | ||
| 413 | BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); | ||
| 414 | b->retry_reason = b->next_bio->retry_reason; | ||
| 415 | break; | ||
| 416 | default: | ||
| 417 | break; | ||
| 418 | } | ||
| 419 | break; | ||
| 420 | case BIO_CTRL_DUP: | ||
| 421 | dbio = (BIO *)ptr; | ||
| 422 | if (((BIO_SSL *)dbio->ptr)->ssl != NULL) | ||
| 423 | SSL_free(((BIO_SSL *)dbio->ptr)->ssl); | ||
| 424 | ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl); | ||
| 425 | ((BIO_SSL *)dbio->ptr)->renegotiate_count = | ||
| 426 | ((BIO_SSL *)b->ptr)->renegotiate_count; | ||
| 427 | ((BIO_SSL *)dbio->ptr)->byte_count = | ||
| 428 | ((BIO_SSL *)b->ptr)->byte_count; | ||
| 429 | ((BIO_SSL *)dbio->ptr)->renegotiate_timeout = | ||
| 430 | ((BIO_SSL *)b->ptr)->renegotiate_timeout; | ||
| 431 | ((BIO_SSL *)dbio->ptr)->last_time = | ||
| 432 | ((BIO_SSL *)b->ptr)->last_time; | ||
| 433 | ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL); | ||
| 434 | break; | ||
| 435 | case BIO_C_GET_FD: | ||
| 436 | ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); | ||
| 437 | break; | ||
| 438 | case BIO_CTRL_SET_CALLBACK: | ||
| 439 | { | ||
| 440 | ret = 0; | ||
| 441 | } | ||
| 442 | break; | ||
| 443 | case BIO_CTRL_GET_CALLBACK: | ||
| 444 | { | ||
| 445 | void (**fptr)(const SSL *xssl, int type, int val); | ||
| 446 | |||
| 447 | fptr = (void (**)(const SSL *xssl, int type, int val))ptr; | ||
| 448 | *fptr = SSL_get_info_callback(ssl); | ||
| 449 | } | ||
| 450 | break; | ||
| 451 | default: | ||
| 452 | ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); | ||
| 453 | break; | ||
| 454 | } | ||
| 455 | return (ret); | ||
| 456 | } | ||
| 457 | |||
| 458 | static long | ||
| 459 | ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) | ||
| 460 | { | ||
| 461 | SSL *ssl; | ||
| 462 | BIO_SSL *bs; | ||
| 463 | long ret = 1; | ||
| 464 | |||
| 465 | bs = (BIO_SSL *)b->ptr; | ||
| 466 | ssl = bs->ssl; | ||
| 467 | switch (cmd) { | ||
| 468 | case BIO_CTRL_SET_CALLBACK: | ||
| 469 | { | ||
| 470 | /* FIXME: setting this via a completely different prototype | ||
| 471 | seems like a crap idea */ | ||
| 472 | SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp); | ||
| 473 | } | ||
| 474 | break; | ||
| 475 | default: | ||
| 476 | ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); | ||
| 477 | break; | ||
| 478 | } | ||
| 479 | return (ret); | ||
| 480 | } | ||
| 481 | |||
| 482 | static int | ||
| 483 | ssl_puts(BIO *bp, const char *str) | ||
| 484 | { | ||
| 485 | int n, ret; | ||
| 486 | |||
| 487 | n = strlen(str); | ||
| 488 | ret = BIO_write(bp, str, n); | ||
| 489 | return (ret); | ||
| 490 | } | ||
| 491 | |||
| 492 | BIO * | ||
| 493 | BIO_new_buffer_ssl_connect(SSL_CTX *ctx) | ||
| 494 | { | ||
| 495 | BIO *ret = NULL, *buf = NULL, *ssl = NULL; | ||
| 496 | |||
| 497 | if ((buf = BIO_new(BIO_f_buffer())) == NULL) | ||
| 498 | goto err; | ||
| 499 | if ((ssl = BIO_new_ssl_connect(ctx)) == NULL) | ||
| 500 | goto err; | ||
| 501 | if ((ret = BIO_push(buf, ssl)) == NULL) | ||
| 502 | goto err; | ||
| 503 | return (ret); | ||
| 504 | |||
| 505 | err: | ||
| 506 | BIO_free(buf); | ||
| 507 | BIO_free(ssl); | ||
| 508 | return (NULL); | ||
| 509 | } | ||
| 510 | |||
| 511 | BIO * | ||
| 512 | BIO_new_ssl_connect(SSL_CTX *ctx) | ||
| 513 | { | ||
| 514 | BIO *ret = NULL, *con = NULL, *ssl = NULL; | ||
| 515 | |||
| 516 | if ((con = BIO_new(BIO_s_connect())) == NULL) | ||
| 517 | goto err; | ||
| 518 | if ((ssl = BIO_new_ssl(ctx, 1)) == NULL) | ||
| 519 | goto err; | ||
| 520 | if ((ret = BIO_push(ssl, con)) == NULL) | ||
| 521 | goto err; | ||
| 522 | return (ret); | ||
| 523 | |||
| 524 | err: | ||
| 525 | BIO_free(con); | ||
| 526 | BIO_free(ssl); | ||
| 527 | return (NULL); | ||
| 528 | } | ||
| 529 | |||
| 530 | BIO * | ||
| 531 | BIO_new_ssl(SSL_CTX *ctx, int client) | ||
| 532 | { | ||
| 533 | BIO *ret; | ||
| 534 | SSL *ssl; | ||
| 535 | |||
| 536 | if ((ret = BIO_new(BIO_f_ssl())) == NULL) | ||
| 537 | goto err; | ||
| 538 | if ((ssl = SSL_new(ctx)) == NULL) | ||
| 539 | goto err; | ||
| 540 | |||
| 541 | if (client) | ||
| 542 | SSL_set_connect_state(ssl); | ||
| 543 | else | ||
| 544 | SSL_set_accept_state(ssl); | ||
| 545 | |||
| 546 | BIO_set_ssl(ret, ssl, BIO_CLOSE); | ||
| 547 | return (ret); | ||
| 548 | |||
| 549 | err: | ||
| 550 | BIO_free(ret); | ||
| 551 | return (NULL); | ||
| 552 | } | ||
| 553 | |||
| 554 | int | ||
| 555 | BIO_ssl_copy_session_id(BIO *t, BIO *f) | ||
| 556 | { | ||
| 557 | t = BIO_find_type(t, BIO_TYPE_SSL); | ||
| 558 | f = BIO_find_type(f, BIO_TYPE_SSL); | ||
| 559 | if ((t == NULL) || (f == NULL)) | ||
| 560 | return (0); | ||
| 561 | if ((((BIO_SSL *)t->ptr)->ssl == NULL) || | ||
| 562 | (((BIO_SSL *)f->ptr)->ssl == NULL)) | ||
| 563 | return (0); | ||
| 564 | SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl); | ||
| 565 | return (1); | ||
| 566 | } | ||
| 567 | |||
| 568 | void | ||
| 569 | BIO_ssl_shutdown(BIO *b) | ||
| 570 | { | ||
| 571 | SSL *s; | ||
| 572 | |||
| 573 | while (b != NULL) { | ||
| 574 | if (b->method->type == BIO_TYPE_SSL) { | ||
| 575 | s = ((BIO_SSL *)b->ptr)->ssl; | ||
| 576 | SSL_shutdown(s); | ||
| 577 | break; | ||
| 578 | } | ||
| 579 | b = b->next_bio; | ||
| 580 | } | ||
| 581 | } | ||
diff --git a/src/lib/libssl/bs_ber.c b/src/lib/libssl/bs_ber.c deleted file mode 100644 index cfc9475f9a..0000000000 --- a/src/lib/libssl/bs_ber.c +++ /dev/null | |||
| @@ -1,252 +0,0 @@ | |||
| 1 | /* $OpenBSD: bs_ber.c,v 1.2 2015/02/06 22:22:33 doug Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2014, Google Inc. | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | ||
| 12 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | ||
| 14 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||
| 15 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | ||
| 16 | |||
| 17 | #include <string.h> | ||
| 18 | |||
| 19 | #include <openssl/opensslconf.h> | ||
| 20 | |||
| 21 | #include "bytestring.h" | ||
| 22 | |||
| 23 | /* | ||
| 24 | * kMaxDepth is a just a sanity limit. The code should be such that the length | ||
| 25 | * of the input being processes always decreases. None the less, a very large | ||
| 26 | * input could otherwise cause the stack to overflow. | ||
| 27 | */ | ||
| 28 | static const unsigned kMaxDepth = 2048; | ||
| 29 | |||
| 30 | /* | ||
| 31 | * cbs_find_ber walks an ASN.1 structure in |orig_in| and sets |*ber_found| | ||
| 32 | * depending on whether an indefinite length element was found. The value of | ||
| 33 | * |in| is not changed. It returns one on success (i.e. |*ber_found| was set) | ||
| 34 | * and zero on error. | ||
| 35 | */ | ||
| 36 | static int | ||
| 37 | cbs_find_ber(CBS *orig_in, char *ber_found, unsigned depth) | ||
| 38 | { | ||
| 39 | CBS in; | ||
| 40 | |||
| 41 | if (depth > kMaxDepth) | ||
| 42 | return 0; | ||
| 43 | |||
| 44 | CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in)); | ||
| 45 | *ber_found = 0; | ||
| 46 | |||
| 47 | while (CBS_len(&in) > 0) { | ||
| 48 | CBS contents; | ||
| 49 | unsigned tag; | ||
| 50 | size_t header_len; | ||
| 51 | |||
| 52 | if (!CBS_get_any_asn1_element(&in, &contents, &tag, | ||
| 53 | &header_len)) | ||
| 54 | return 0; | ||
| 55 | |||
| 56 | if (CBS_len(&contents) == header_len && header_len > 0 && | ||
| 57 | CBS_data(&contents)[header_len-1] == 0x80) { | ||
| 58 | *ber_found = 1; | ||
| 59 | return 1; | ||
| 60 | } | ||
| 61 | if (tag & CBS_ASN1_CONSTRUCTED) { | ||
| 62 | if (!CBS_skip(&contents, header_len) || | ||
| 63 | !cbs_find_ber(&contents, ber_found, depth + 1)) | ||
| 64 | return 0; | ||
| 65 | } | ||
| 66 | } | ||
| 67 | |||
| 68 | return 1; | ||
| 69 | } | ||
| 70 | |||
| 71 | /* | ||
| 72 | * is_primitive_type returns true if |tag| likely a primitive type. Normally | ||
| 73 | * one can just test the "constructed" bit in the tag but, in BER, even | ||
| 74 | * primitive tags can have the constructed bit if they have indefinite | ||
| 75 | * length. | ||
| 76 | */ | ||
| 77 | static char | ||
| 78 | is_primitive_type(unsigned tag) | ||
| 79 | { | ||
| 80 | return (tag & 0xc0) == 0 && | ||
| 81 | (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) && | ||
| 82 | (tag & 0x1f) != (CBS_ASN1_SET & 0x1f); | ||
| 83 | } | ||
| 84 | |||
| 85 | /* | ||
| 86 | * is_eoc returns true if |header_len| and |contents|, as returned by | ||
| 87 | * |CBS_get_any_asn1_element|, indicate an "end of contents" (EOC) value. | ||
| 88 | */ | ||
| 89 | static char | ||
| 90 | is_eoc(size_t header_len, CBS *contents) | ||
| 91 | { | ||
| 92 | return header_len == 2 && CBS_len(contents) == 2 && | ||
| 93 | memcmp(CBS_data(contents), "\x00\x00", 2) == 0; | ||
| 94 | } | ||
| 95 | |||
| 96 | /* | ||
| 97 | * cbs_convert_ber reads BER data from |in| and writes DER data to |out|. If | ||
| 98 | * |squash_header| is set then the top-level of elements from |in| will not | ||
| 99 | * have their headers written. This is used when concatenating the fragments of | ||
| 100 | * an indefinite length, primitive value. If |looking_for_eoc| is set then any | ||
| 101 | * EOC elements found will cause the function to return after consuming it. | ||
| 102 | * It returns one on success and zero on error. | ||
| 103 | */ | ||
| 104 | static int | ||
| 105 | cbs_convert_ber(CBS *in, CBB *out, char squash_header, char looking_for_eoc, | ||
| 106 | unsigned depth) | ||
| 107 | { | ||
| 108 | if (depth > kMaxDepth) | ||
| 109 | return 0; | ||
| 110 | |||
| 111 | while (CBS_len(in) > 0) { | ||
| 112 | CBS contents; | ||
| 113 | unsigned tag; | ||
| 114 | size_t header_len; | ||
| 115 | CBB *out_contents, out_contents_storage; | ||
| 116 | |||
| 117 | if (!CBS_get_any_asn1_element(in, &contents, &tag, &header_len)) | ||
| 118 | return 0; | ||
| 119 | |||
| 120 | out_contents = out; | ||
| 121 | |||
| 122 | if (CBS_len(&contents) == header_len) { | ||
| 123 | if (is_eoc(header_len, &contents)) | ||
| 124 | return looking_for_eoc; | ||
| 125 | |||
| 126 | if (header_len > 0 && | ||
| 127 | CBS_data(&contents)[header_len - 1] == 0x80) { | ||
| 128 | /* | ||
| 129 | * This is an indefinite length element. If | ||
| 130 | * it's a SEQUENCE or SET then we just need to | ||
| 131 | * write the out the contents as normal, but | ||
| 132 | * with a concrete length prefix. | ||
| 133 | * | ||
| 134 | * If it's a something else then the contents | ||
| 135 | * will be a series of BER elements of the same | ||
| 136 | * type which need to be concatenated. | ||
| 137 | */ | ||
| 138 | const char context_specific = (tag & 0xc0) | ||
| 139 | == 0x80; | ||
| 140 | char squash_child_headers = | ||
| 141 | is_primitive_type(tag); | ||
| 142 | |||
| 143 | /* | ||
| 144 | * This is a hack, but it sufficies to handle | ||
| 145 | * NSS's output. If we find an indefinite | ||
| 146 | * length, context-specific tag with a definite, | ||
| 147 | * primtive tag inside it, then we assume that | ||
| 148 | * the context-specific tag is implicit and the | ||
| 149 | * tags within are fragments of a primitive type | ||
| 150 | * that need to be concatenated. | ||
| 151 | */ | ||
| 152 | if (context_specific && | ||
| 153 | (tag & CBS_ASN1_CONSTRUCTED)) { | ||
| 154 | CBS in_copy, inner_contents; | ||
| 155 | unsigned inner_tag; | ||
| 156 | size_t inner_header_len; | ||
| 157 | |||
| 158 | CBS_init(&in_copy, CBS_data(in), | ||
| 159 | CBS_len(in)); | ||
| 160 | if (!CBS_get_any_asn1_element(&in_copy, | ||
| 161 | &inner_contents, &inner_tag, | ||
| 162 | &inner_header_len)) | ||
| 163 | return 0; | ||
| 164 | |||
| 165 | if (CBS_len(&inner_contents) > | ||
| 166 | inner_header_len && | ||
| 167 | is_primitive_type(inner_tag)) | ||
| 168 | squash_child_headers = 1; | ||
| 169 | } | ||
| 170 | |||
| 171 | if (!squash_header) { | ||
| 172 | unsigned out_tag = tag; | ||
| 173 | |||
| 174 | if (squash_child_headers) | ||
| 175 | out_tag &= | ||
| 176 | ~CBS_ASN1_CONSTRUCTED; | ||
| 177 | |||
| 178 | if (!CBB_add_asn1(out, | ||
| 179 | &out_contents_storage, out_tag)) | ||
| 180 | return 0; | ||
| 181 | |||
| 182 | out_contents = &out_contents_storage; | ||
| 183 | } | ||
| 184 | |||
| 185 | if (!cbs_convert_ber(in, out_contents, | ||
| 186 | squash_child_headers, | ||
| 187 | 1 /* looking for eoc */, depth + 1)) | ||
| 188 | return 0; | ||
| 189 | |||
| 190 | if (out_contents != out && !CBB_flush(out)) | ||
| 191 | return 0; | ||
| 192 | |||
| 193 | continue; | ||
| 194 | } | ||
| 195 | } | ||
| 196 | |||
| 197 | if (!squash_header) { | ||
| 198 | if (!CBB_add_asn1(out, &out_contents_storage, tag)) | ||
| 199 | return 0; | ||
| 200 | |||
| 201 | out_contents = &out_contents_storage; | ||
| 202 | } | ||
| 203 | |||
| 204 | if (!CBS_skip(&contents, header_len)) | ||
| 205 | return 0; | ||
| 206 | |||
| 207 | if (tag & CBS_ASN1_CONSTRUCTED) { | ||
| 208 | if (!cbs_convert_ber(&contents, out_contents, | ||
| 209 | 0 /* don't squash header */, | ||
| 210 | 0 /* not looking for eoc */, depth + 1)) | ||
| 211 | return 0; | ||
| 212 | } else { | ||
| 213 | if (!CBB_add_bytes(out_contents, CBS_data(&contents), | ||
| 214 | CBS_len(&contents))) | ||
| 215 | return 0; | ||
| 216 | } | ||
| 217 | |||
| 218 | if (out_contents != out && !CBB_flush(out)) | ||
| 219 | return 0; | ||
| 220 | } | ||
| 221 | |||
| 222 | return looking_for_eoc == 0; | ||
| 223 | } | ||
| 224 | |||
| 225 | int | ||
| 226 | CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len) | ||
| 227 | { | ||
| 228 | CBB cbb; | ||
| 229 | |||
| 230 | /* | ||
| 231 | * First, do a quick walk to find any indefinite-length elements. Most | ||
| 232 | * of the time we hope that there aren't any and thus we can quickly | ||
| 233 | * return. | ||
| 234 | */ | ||
| 235 | char conversion_needed; | ||
| 236 | if (!cbs_find_ber(in, &conversion_needed, 0)) | ||
| 237 | return 0; | ||
| 238 | |||
| 239 | if (!conversion_needed) { | ||
| 240 | *out = NULL; | ||
| 241 | *out_len = 0; | ||
| 242 | return 1; | ||
| 243 | } | ||
| 244 | |||
| 245 | CBB_init(&cbb, CBS_len(in)); | ||
| 246 | if (!cbs_convert_ber(in, &cbb, 0, 0, 0)) { | ||
| 247 | CBB_cleanup(&cbb); | ||
| 248 | return 0; | ||
| 249 | } | ||
| 250 | |||
| 251 | return CBB_finish(&cbb, out, out_len); | ||
| 252 | } | ||
diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c deleted file mode 100644 index 5546fac97f..0000000000 --- a/src/lib/libssl/bs_cbb.c +++ /dev/null | |||
| @@ -1,402 +0,0 @@ | |||
| 1 | /* $OpenBSD: bs_cbb.c,v 1.5 2015/02/07 06:10:32 doug Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2014, Google Inc. | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | ||
| 12 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | ||
| 14 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||
| 15 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | ||
| 16 | |||
| 17 | #include <assert.h> | ||
| 18 | #include <stdlib.h> | ||
| 19 | #include <string.h> | ||
| 20 | |||
| 21 | #include <openssl/opensslconf.h> | ||
| 22 | |||
| 23 | #include "bytestring.h" | ||
| 24 | |||
| 25 | static int | ||
| 26 | cbb_init(CBB *cbb, uint8_t *buf, size_t cap) | ||
| 27 | { | ||
| 28 | struct cbb_buffer_st *base; | ||
| 29 | |||
| 30 | base = malloc(sizeof(struct cbb_buffer_st)); | ||
| 31 | if (base == NULL) | ||
| 32 | return 0; | ||
| 33 | |||
| 34 | base->buf = buf; | ||
| 35 | base->len = 0; | ||
| 36 | base->cap = cap; | ||
| 37 | base->can_resize = 1; | ||
| 38 | |||
| 39 | memset(cbb, 0, sizeof(CBB)); | ||
| 40 | cbb->base = base; | ||
| 41 | cbb->is_top_level = 1; | ||
| 42 | return 1; | ||
| 43 | } | ||
| 44 | |||
| 45 | int | ||
| 46 | CBB_init(CBB *cbb, size_t initial_capacity) | ||
| 47 | { | ||
| 48 | uint8_t *buf; | ||
| 49 | |||
| 50 | buf = malloc(initial_capacity); | ||
| 51 | if (initial_capacity > 0 && buf == NULL) | ||
| 52 | return 0; | ||
| 53 | |||
| 54 | if (!cbb_init(cbb, buf, initial_capacity)) { | ||
| 55 | free(buf); | ||
| 56 | return 0; | ||
| 57 | } | ||
| 58 | return 1; | ||
| 59 | } | ||
| 60 | |||
| 61 | int | ||
| 62 | CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) | ||
| 63 | { | ||
| 64 | if (!cbb_init(cbb, buf, len)) | ||
| 65 | return 0; | ||
| 66 | |||
| 67 | cbb->base->can_resize = 0; | ||
| 68 | return 1; | ||
| 69 | } | ||
| 70 | |||
| 71 | void | ||
| 72 | CBB_cleanup(CBB *cbb) | ||
| 73 | { | ||
| 74 | if (cbb->base) { | ||
| 75 | if (cbb->base->buf && cbb->base->can_resize) | ||
| 76 | free(cbb->base->buf); | ||
| 77 | |||
| 78 | free(cbb->base); | ||
| 79 | } | ||
| 80 | cbb->base = NULL; | ||
| 81 | } | ||
| 82 | |||
| 83 | static int | ||
| 84 | cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len) | ||
| 85 | { | ||
| 86 | size_t newlen; | ||
| 87 | |||
| 88 | if (base == NULL) | ||
| 89 | return 0; | ||
| 90 | |||
| 91 | newlen = base->len + len; | ||
| 92 | if (newlen < base->len) | ||
| 93 | /* Overflow */ | ||
| 94 | return 0; | ||
| 95 | |||
| 96 | if (newlen > base->cap) { | ||
| 97 | size_t newcap = base->cap * 2; | ||
| 98 | uint8_t *newbuf; | ||
| 99 | |||
| 100 | if (!base->can_resize) | ||
| 101 | return 0; | ||
| 102 | |||
| 103 | if (newcap < base->cap || newcap < newlen) | ||
| 104 | newcap = newlen; | ||
| 105 | |||
| 106 | newbuf = realloc(base->buf, newcap); | ||
| 107 | if (newbuf == NULL) | ||
| 108 | return 0; | ||
| 109 | |||
| 110 | base->buf = newbuf; | ||
| 111 | base->cap = newcap; | ||
| 112 | } | ||
| 113 | |||
| 114 | if (out) | ||
| 115 | *out = base->buf + base->len; | ||
| 116 | |||
| 117 | base->len = newlen; | ||
| 118 | return 1; | ||
| 119 | } | ||
| 120 | |||
| 121 | static int | ||
| 122 | cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v, size_t len_len) | ||
| 123 | { | ||
| 124 | uint8_t *buf; | ||
| 125 | size_t i; | ||
| 126 | |||
| 127 | if (len_len == 0) | ||
| 128 | return 1; | ||
| 129 | |||
| 130 | if (!cbb_buffer_add(base, &buf, len_len)) | ||
| 131 | return 0; | ||
| 132 | |||
| 133 | for (i = len_len - 1; i < len_len; i--) { | ||
| 134 | buf[i] = v; | ||
| 135 | v >>= 8; | ||
| 136 | } | ||
| 137 | return 1; | ||
| 138 | } | ||
| 139 | |||
| 140 | int | ||
| 141 | CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) | ||
| 142 | { | ||
| 143 | if (!cbb->is_top_level) | ||
| 144 | return 0; | ||
| 145 | |||
| 146 | if (!CBB_flush(cbb)) | ||
| 147 | return 0; | ||
| 148 | |||
| 149 | if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) | ||
| 150 | /* | ||
| 151 | * |out_data| and |out_len| can only be NULL if the CBB is | ||
| 152 | * fixed. | ||
| 153 | */ | ||
| 154 | return 0; | ||
| 155 | |||
| 156 | if (out_data != NULL) | ||
| 157 | *out_data = cbb->base->buf; | ||
| 158 | |||
| 159 | if (out_len != NULL) | ||
| 160 | *out_len = cbb->base->len; | ||
| 161 | |||
| 162 | cbb->base->buf = NULL; | ||
| 163 | CBB_cleanup(cbb); | ||
| 164 | return 1; | ||
| 165 | } | ||
| 166 | |||
| 167 | /* | ||
| 168 | * CBB_flush recurses and then writes out any pending length prefix. The current | ||
| 169 | * length of the underlying base is taken to be the length of the | ||
| 170 | * length-prefixed data. | ||
| 171 | */ | ||
| 172 | int | ||
| 173 | CBB_flush(CBB *cbb) | ||
| 174 | { | ||
| 175 | size_t child_start, i, len; | ||
| 176 | |||
| 177 | if (cbb->base == NULL) | ||
| 178 | return 0; | ||
| 179 | |||
| 180 | if (cbb->child == NULL || cbb->pending_len_len == 0) | ||
| 181 | return 1; | ||
| 182 | |||
| 183 | child_start = cbb->offset + cbb->pending_len_len; | ||
| 184 | |||
| 185 | if (!CBB_flush(cbb->child) || child_start < cbb->offset || | ||
| 186 | cbb->base->len < child_start) | ||
| 187 | return 0; | ||
| 188 | |||
| 189 | len = cbb->base->len - child_start; | ||
| 190 | |||
| 191 | if (cbb->pending_is_asn1) { | ||
| 192 | /* | ||
| 193 | * For ASN.1 we assume that we'll only need a single byte for | ||
| 194 | * the length. If that turned out to be incorrect, we have to | ||
| 195 | * move the contents along in order to make space. | ||
| 196 | */ | ||
| 197 | size_t len_len; | ||
| 198 | uint8_t initial_length_byte; | ||
| 199 | |||
| 200 | assert (cbb->pending_len_len == 1); | ||
| 201 | |||
| 202 | if (len > 0xfffffffe) { | ||
| 203 | /* Too large. */ | ||
| 204 | return 0; | ||
| 205 | } else if (len > 0xffffff) { | ||
| 206 | len_len = 5; | ||
| 207 | initial_length_byte = 0x80 | 4; | ||
| 208 | } else if (len > 0xffff) { | ||
| 209 | len_len = 4; | ||
| 210 | initial_length_byte = 0x80 | 3; | ||
| 211 | } else if (len > 0xff) { | ||
| 212 | len_len = 3; | ||
| 213 | initial_length_byte = 0x80 | 2; | ||
| 214 | } else if (len > 0x7f) { | ||
| 215 | len_len = 2; | ||
| 216 | initial_length_byte = 0x80 | 1; | ||
| 217 | } else { | ||
| 218 | len_len = 1; | ||
| 219 | initial_length_byte = len; | ||
| 220 | len = 0; | ||
| 221 | } | ||
| 222 | |||
| 223 | if (len_len != 1) { | ||
| 224 | /* | ||
| 225 | * We need to move the contents along in order to make | ||
| 226 | * space. | ||
| 227 | */ | ||
| 228 | size_t extra_bytes = len_len - 1; | ||
| 229 | if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) | ||
| 230 | return 0; | ||
| 231 | |||
| 232 | memmove(cbb->base->buf + child_start + extra_bytes, | ||
| 233 | cbb->base->buf + child_start, len); | ||
| 234 | } | ||
| 235 | cbb->base->buf[cbb->offset++] = initial_length_byte; | ||
| 236 | cbb->pending_len_len = len_len - 1; | ||
| 237 | } | ||
| 238 | |||
| 239 | for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) { | ||
| 240 | cbb->base->buf[cbb->offset + i] = len; | ||
| 241 | len >>= 8; | ||
| 242 | } | ||
| 243 | if (len != 0) | ||
| 244 | return 0; | ||
| 245 | |||
| 246 | cbb->child->base = NULL; | ||
| 247 | cbb->child = NULL; | ||
| 248 | cbb->pending_len_len = 0; | ||
| 249 | cbb->pending_is_asn1 = 0; | ||
| 250 | cbb->offset = 0; | ||
| 251 | |||
| 252 | return 1; | ||
| 253 | } | ||
| 254 | |||
| 255 | |||
| 256 | static int | ||
| 257 | cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) | ||
| 258 | { | ||
| 259 | uint8_t *prefix_bytes; | ||
| 260 | |||
| 261 | if (!CBB_flush(cbb)) | ||
| 262 | return 0; | ||
| 263 | |||
| 264 | cbb->offset = cbb->base->len; | ||
| 265 | if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len)) | ||
| 266 | return 0; | ||
| 267 | |||
| 268 | memset(prefix_bytes, 0, len_len); | ||
| 269 | memset(out_contents, 0, sizeof(CBB)); | ||
| 270 | out_contents->base = cbb->base; | ||
| 271 | cbb->child = out_contents; | ||
| 272 | cbb->pending_len_len = len_len; | ||
| 273 | cbb->pending_is_asn1 = 0; | ||
| 274 | |||
| 275 | return 1; | ||
| 276 | } | ||
| 277 | |||
| 278 | int | ||
| 279 | CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) | ||
| 280 | { | ||
| 281 | return cbb_add_length_prefixed(cbb, out_contents, 1); | ||
| 282 | } | ||
| 283 | |||
| 284 | int | ||
| 285 | CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) | ||
| 286 | { | ||
| 287 | return cbb_add_length_prefixed(cbb, out_contents, 2); | ||
| 288 | } | ||
| 289 | |||
| 290 | int | ||
| 291 | CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) | ||
| 292 | { | ||
| 293 | return cbb_add_length_prefixed(cbb, out_contents, 3); | ||
| 294 | } | ||
| 295 | |||
| 296 | int | ||
| 297 | CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag) | ||
| 298 | { | ||
| 299 | /* Long form identifier octets are not supported. */ | ||
| 300 | if ((tag & 0x1f) == 0x1f) | ||
| 301 | return 0; | ||
| 302 | |||
| 303 | if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag)) | ||
| 304 | return 0; | ||
| 305 | |||
| 306 | cbb->offset = cbb->base->len; | ||
| 307 | if (!CBB_add_u8(cbb, 0)) | ||
| 308 | return 0; | ||
| 309 | |||
| 310 | memset(out_contents, 0, sizeof(CBB)); | ||
| 311 | out_contents->base = cbb->base; | ||
| 312 | cbb->child = out_contents; | ||
| 313 | cbb->pending_len_len = 1; | ||
| 314 | cbb->pending_is_asn1 = 1; | ||
| 315 | |||
| 316 | return 1; | ||
| 317 | } | ||
| 318 | |||
| 319 | int | ||
| 320 | CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) | ||
| 321 | { | ||
| 322 | uint8_t *dest; | ||
| 323 | |||
| 324 | if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &dest, len)) | ||
| 325 | return 0; | ||
| 326 | |||
| 327 | memcpy(dest, data, len); | ||
| 328 | return 1; | ||
| 329 | } | ||
| 330 | |||
| 331 | int | ||
| 332 | CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) | ||
| 333 | { | ||
| 334 | if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len)) | ||
| 335 | return 0; | ||
| 336 | |||
| 337 | return 1; | ||
| 338 | } | ||
| 339 | |||
| 340 | int | ||
| 341 | CBB_add_u8(CBB *cbb, uint8_t value) | ||
| 342 | { | ||
| 343 | if (!CBB_flush(cbb)) | ||
| 344 | return 0; | ||
| 345 | |||
| 346 | return cbb_buffer_add_u(cbb->base, value, 1); | ||
| 347 | } | ||
| 348 | |||
| 349 | int | ||
| 350 | CBB_add_u16(CBB *cbb, uint16_t value) | ||
| 351 | { | ||
| 352 | if (!CBB_flush(cbb)) | ||
| 353 | return 0; | ||
| 354 | |||
| 355 | return cbb_buffer_add_u(cbb->base, value, 2); | ||
| 356 | } | ||
| 357 | |||
| 358 | int | ||
| 359 | CBB_add_u24(CBB *cbb, uint32_t value) | ||
| 360 | { | ||
| 361 | if (!CBB_flush(cbb)) | ||
| 362 | return 0; | ||
| 363 | |||
| 364 | return cbb_buffer_add_u(cbb->base, value, 3); | ||
| 365 | } | ||
| 366 | |||
| 367 | int | ||
| 368 | CBB_add_asn1_uint64(CBB *cbb, uint64_t value) | ||
| 369 | { | ||
| 370 | CBB child; | ||
| 371 | size_t i; | ||
| 372 | int started = 0; | ||
| 373 | |||
| 374 | if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) | ||
| 375 | return 0; | ||
| 376 | |||
| 377 | for (i = 0; i < 8; i++) { | ||
| 378 | uint8_t byte = (value >> 8*(7-i)) & 0xff; | ||
| 379 | if (!started) { | ||
| 380 | if (byte == 0) | ||
| 381 | /* Don't encode leading zeros. */ | ||
| 382 | continue; | ||
| 383 | |||
| 384 | /* | ||
| 385 | * If the high bit is set, add a padding byte to make it | ||
| 386 | * unsigned. | ||
| 387 | */ | ||
| 388 | if ((byte & 0x80) && !CBB_add_u8(&child, 0)) | ||
| 389 | return 0; | ||
| 390 | |||
| 391 | started = 1; | ||
| 392 | } | ||
| 393 | if (!CBB_add_u8(&child, byte)) | ||
| 394 | return 0; | ||
| 395 | } | ||
| 396 | |||
| 397 | /* 0 is encoded as a single 0, not the empty string. */ | ||
| 398 | if (!started && !CBB_add_u8(&child, 0)) | ||
| 399 | return 0; | ||
| 400 | |||
| 401 | return CBB_flush(cbb); | ||
| 402 | } | ||
diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c deleted file mode 100644 index c3d3a8abf2..0000000000 --- a/src/lib/libssl/bs_cbs.c +++ /dev/null | |||
| @@ -1,439 +0,0 @@ | |||
| 1 | /* $OpenBSD: bs_cbs.c,v 1.2 2015/02/06 22:22:33 doug Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2014, Google Inc. | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | ||
| 12 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | ||
| 14 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||
| 15 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | ||
| 16 | |||
| 17 | #include <assert.h> | ||
| 18 | #include <stdlib.h> | ||
| 19 | #include <string.h> | ||
| 20 | |||
| 21 | #include <openssl/opensslconf.h> | ||
| 22 | #include <openssl/buffer.h> | ||
| 23 | #include <openssl/crypto.h> | ||
| 24 | |||
| 25 | #include "bytestring.h" | ||
| 26 | |||
| 27 | void | ||
| 28 | CBS_init(CBS *cbs, const uint8_t *data, size_t len) | ||
| 29 | { | ||
| 30 | cbs->data = data; | ||
| 31 | cbs->len = len; | ||
| 32 | } | ||
| 33 | |||
| 34 | static int | ||
| 35 | cbs_get(CBS *cbs, const uint8_t **p, size_t n) | ||
| 36 | { | ||
| 37 | if (cbs->len < n) | ||
| 38 | return 0; | ||
| 39 | |||
| 40 | *p = cbs->data; | ||
| 41 | cbs->data += n; | ||
| 42 | cbs->len -= n; | ||
| 43 | return 1; | ||
| 44 | } | ||
| 45 | |||
| 46 | int | ||
| 47 | CBS_skip(CBS *cbs, size_t len) | ||
| 48 | { | ||
| 49 | const uint8_t *dummy; | ||
| 50 | return cbs_get(cbs, &dummy, len); | ||
| 51 | } | ||
| 52 | |||
| 53 | const uint8_t * | ||
| 54 | CBS_data(const CBS *cbs) | ||
| 55 | { | ||
| 56 | return cbs->data; | ||
| 57 | } | ||
| 58 | |||
| 59 | size_t | ||
| 60 | CBS_len(const CBS *cbs) | ||
| 61 | { | ||
| 62 | return cbs->len; | ||
| 63 | } | ||
| 64 | |||
| 65 | int | ||
| 66 | CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) | ||
| 67 | { | ||
| 68 | if (*out_ptr != NULL) { | ||
| 69 | free(*out_ptr); | ||
| 70 | *out_ptr = NULL; | ||
| 71 | } | ||
| 72 | *out_len = 0; | ||
| 73 | |||
| 74 | if (cbs->len == 0) | ||
| 75 | return 1; | ||
| 76 | |||
| 77 | *out_ptr = BUF_memdup(cbs->data, cbs->len); | ||
| 78 | if (*out_ptr == NULL) | ||
| 79 | return 0; | ||
| 80 | |||
| 81 | *out_len = cbs->len; | ||
| 82 | return 1; | ||
| 83 | } | ||
| 84 | |||
| 85 | int | ||
| 86 | CBS_strdup(const CBS *cbs, char **out_ptr) | ||
| 87 | { | ||
| 88 | if (*out_ptr != NULL) | ||
| 89 | free(*out_ptr); | ||
| 90 | |||
| 91 | *out_ptr = strndup((const char*)cbs->data, cbs->len); | ||
| 92 | return (*out_ptr != NULL); | ||
| 93 | } | ||
| 94 | |||
| 95 | int | ||
| 96 | CBS_contains_zero_byte(const CBS *cbs) | ||
| 97 | { | ||
| 98 | return memchr(cbs->data, 0, cbs->len) != NULL; | ||
| 99 | } | ||
| 100 | |||
| 101 | int | ||
| 102 | CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) | ||
| 103 | { | ||
| 104 | if (len != cbs->len) | ||
| 105 | return 0; | ||
| 106 | |||
| 107 | return CRYPTO_memcmp(cbs->data, data, len) == 0; | ||
| 108 | } | ||
| 109 | |||
| 110 | static int | ||
| 111 | cbs_get_u(CBS *cbs, uint32_t *out, size_t len) | ||
| 112 | { | ||
| 113 | uint32_t result = 0; | ||
| 114 | size_t i; | ||
| 115 | const uint8_t *data; | ||
| 116 | |||
| 117 | if (!cbs_get(cbs, &data, len)) | ||
| 118 | return 0; | ||
| 119 | |||
| 120 | for (i = 0; i < len; i++) { | ||
| 121 | result <<= 8; | ||
| 122 | result |= data[i]; | ||
| 123 | } | ||
| 124 | *out = result; | ||
| 125 | return 1; | ||
| 126 | } | ||
| 127 | |||
| 128 | int | ||
| 129 | CBS_get_u8(CBS *cbs, uint8_t *out) | ||
| 130 | { | ||
| 131 | const uint8_t *v; | ||
| 132 | |||
| 133 | if (!cbs_get(cbs, &v, 1)) | ||
| 134 | return 0; | ||
| 135 | |||
| 136 | *out = *v; | ||
| 137 | return 1; | ||
| 138 | } | ||
| 139 | |||
| 140 | int | ||
| 141 | CBS_get_u16(CBS *cbs, uint16_t *out) | ||
| 142 | { | ||
| 143 | uint32_t v; | ||
| 144 | |||
| 145 | if (!cbs_get_u(cbs, &v, 2)) | ||
| 146 | return 0; | ||
| 147 | |||
| 148 | *out = v; | ||
| 149 | return 1; | ||
| 150 | } | ||
| 151 | |||
| 152 | int | ||
| 153 | CBS_get_u24(CBS *cbs, uint32_t *out) | ||
| 154 | { | ||
| 155 | return cbs_get_u(cbs, out, 3); | ||
| 156 | } | ||
| 157 | |||
| 158 | int | ||
| 159 | CBS_get_u32(CBS *cbs, uint32_t *out) | ||
| 160 | { | ||
| 161 | return cbs_get_u(cbs, out, 4); | ||
| 162 | } | ||
| 163 | |||
| 164 | int | ||
| 165 | CBS_get_bytes(CBS *cbs, CBS *out, size_t len) | ||
| 166 | { | ||
| 167 | const uint8_t *v; | ||
| 168 | |||
| 169 | if (!cbs_get(cbs, &v, len)) | ||
| 170 | return 0; | ||
| 171 | |||
| 172 | CBS_init(out, v, len); | ||
| 173 | return 1; | ||
| 174 | } | ||
| 175 | |||
| 176 | static int | ||
| 177 | cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) | ||
| 178 | { | ||
| 179 | uint32_t len; | ||
| 180 | |||
| 181 | if (!cbs_get_u(cbs, &len, len_len)) | ||
| 182 | return 0; | ||
| 183 | |||
| 184 | return CBS_get_bytes(cbs, out, len); | ||
| 185 | } | ||
| 186 | |||
| 187 | int | ||
| 188 | CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) | ||
| 189 | { | ||
| 190 | return cbs_get_length_prefixed(cbs, out, 1); | ||
| 191 | } | ||
| 192 | |||
| 193 | int | ||
| 194 | CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) | ||
| 195 | { | ||
| 196 | return cbs_get_length_prefixed(cbs, out, 2); | ||
| 197 | } | ||
| 198 | |||
| 199 | int | ||
| 200 | CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) | ||
| 201 | { | ||
| 202 | return cbs_get_length_prefixed(cbs, out, 3); | ||
| 203 | } | ||
| 204 | |||
| 205 | int | ||
| 206 | CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, | ||
| 207 | size_t *out_header_len) | ||
| 208 | { | ||
| 209 | uint8_t tag, length_byte; | ||
| 210 | CBS header = *cbs; | ||
| 211 | CBS throwaway; | ||
| 212 | |||
| 213 | if (out == NULL) | ||
| 214 | out = &throwaway; | ||
| 215 | |||
| 216 | if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte)) | ||
| 217 | return 0; | ||
| 218 | |||
| 219 | if ((tag & 0x1f) == 0x1f) | ||
| 220 | /* Long form tags are not supported. */ | ||
| 221 | return 0; | ||
| 222 | |||
| 223 | if (out_tag != NULL) | ||
| 224 | *out_tag = tag; | ||
| 225 | |||
| 226 | size_t len; | ||
| 227 | if ((length_byte & 0x80) == 0) { | ||
| 228 | /* Short form length. */ | ||
| 229 | len = ((size_t) length_byte) + 2; | ||
| 230 | if (out_header_len != NULL) | ||
| 231 | *out_header_len = 2; | ||
| 232 | |||
| 233 | } else { | ||
| 234 | /* Long form length. */ | ||
| 235 | const size_t num_bytes = length_byte & 0x7f; | ||
| 236 | uint32_t len32; | ||
| 237 | |||
| 238 | if ((tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) { | ||
| 239 | /* indefinite length */ | ||
| 240 | *out_header_len = 2; | ||
| 241 | return CBS_get_bytes(cbs, out, 2); | ||
| 242 | } | ||
| 243 | |||
| 244 | if (num_bytes == 0 || num_bytes > 4) | ||
| 245 | return 0; | ||
| 246 | |||
| 247 | if (!cbs_get_u(&header, &len32, num_bytes)) | ||
| 248 | return 0; | ||
| 249 | |||
| 250 | if (len32 < 128) | ||
| 251 | /* Length should have used short-form encoding. */ | ||
| 252 | return 0; | ||
| 253 | |||
| 254 | if ((len32 >> ((num_bytes-1)*8)) == 0) | ||
| 255 | /* Length should have been at least one byte shorter. */ | ||
| 256 | return 0; | ||
| 257 | |||
| 258 | len = len32; | ||
| 259 | if (len + 2 + num_bytes < len) | ||
| 260 | /* Overflow. */ | ||
| 261 | return 0; | ||
| 262 | |||
| 263 | len += 2 + num_bytes; | ||
| 264 | if (out_header_len != NULL) | ||
| 265 | *out_header_len = 2 + num_bytes; | ||
| 266 | } | ||
| 267 | |||
| 268 | return CBS_get_bytes(cbs, out, len); | ||
| 269 | } | ||
| 270 | |||
| 271 | static int | ||
| 272 | cbs_get_asn1(CBS *cbs, CBS *out, unsigned tag_value, int skip_header) | ||
| 273 | { | ||
| 274 | size_t header_len; | ||
| 275 | unsigned tag; | ||
| 276 | CBS throwaway; | ||
| 277 | |||
| 278 | if (out == NULL) | ||
| 279 | out = &throwaway; | ||
| 280 | |||
| 281 | if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) || | ||
| 282 | tag != tag_value || (header_len > 0 && | ||
| 283 | /* | ||
| 284 | * This ensures that the tag is either zero length or | ||
| 285 | * indefinite-length. | ||
| 286 | */ | ||
| 287 | CBS_len(out) == header_len && | ||
| 288 | CBS_data(out)[header_len - 1] == 0x80)) | ||
| 289 | return 0; | ||
| 290 | |||
| 291 | if (skip_header && !CBS_skip(out, header_len)) { | ||
| 292 | assert(0); | ||
| 293 | return 0; | ||
| 294 | } | ||
| 295 | |||
| 296 | return 1; | ||
| 297 | } | ||
| 298 | |||
| 299 | int | ||
| 300 | CBS_get_asn1(CBS *cbs, CBS *out, unsigned tag_value) | ||
| 301 | { | ||
| 302 | return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */); | ||
| 303 | } | ||
| 304 | |||
| 305 | int | ||
| 306 | CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned tag_value) | ||
| 307 | { | ||
| 308 | return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */); | ||
| 309 | } | ||
| 310 | |||
| 311 | int | ||
| 312 | CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value) | ||
| 313 | { | ||
| 314 | if (CBS_len(cbs) < 1) | ||
| 315 | return 0; | ||
| 316 | |||
| 317 | return CBS_data(cbs)[0] == tag_value; | ||
| 318 | } | ||
| 319 | |||
| 320 | int | ||
| 321 | CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) | ||
| 322 | { | ||
| 323 | CBS bytes; | ||
| 324 | const uint8_t *data; | ||
| 325 | size_t i, len; | ||
| 326 | |||
| 327 | if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) | ||
| 328 | return 0; | ||
| 329 | |||
| 330 | *out = 0; | ||
| 331 | data = CBS_data(&bytes); | ||
| 332 | len = CBS_len(&bytes); | ||
| 333 | |||
| 334 | if (len == 0) | ||
| 335 | /* An INTEGER is encoded with at least one octet. */ | ||
| 336 | return 0; | ||
| 337 | |||
| 338 | if ((data[0] & 0x80) != 0) | ||
| 339 | /* negative number */ | ||
| 340 | return 0; | ||
| 341 | |||
| 342 | for (i = 0; i < len; i++) { | ||
| 343 | if ((*out >> 56) != 0) | ||
| 344 | /* Too large to represent as a uint64_t. */ | ||
| 345 | return 0; | ||
| 346 | |||
| 347 | *out <<= 8; | ||
| 348 | *out |= data[i]; | ||
| 349 | } | ||
| 350 | |||
| 351 | return 1; | ||
| 352 | } | ||
| 353 | |||
| 354 | int | ||
| 355 | CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned tag) | ||
| 356 | { | ||
| 357 | if (CBS_peek_asn1_tag(cbs, tag)) { | ||
| 358 | if (!CBS_get_asn1(cbs, out, tag)) | ||
| 359 | return 0; | ||
| 360 | |||
| 361 | *out_present = 1; | ||
| 362 | } else { | ||
| 363 | *out_present = 0; | ||
| 364 | } | ||
| 365 | return 1; | ||
| 366 | } | ||
| 367 | |||
| 368 | int | ||
| 369 | CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, | ||
| 370 | unsigned tag) | ||
| 371 | { | ||
| 372 | CBS child; | ||
| 373 | int present; | ||
| 374 | |||
| 375 | if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) | ||
| 376 | return 0; | ||
| 377 | |||
| 378 | if (present) { | ||
| 379 | if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) || | ||
| 380 | CBS_len(&child) != 0) | ||
| 381 | return 0; | ||
| 382 | } else { | ||
| 383 | CBS_init(out, NULL, 0); | ||
| 384 | } | ||
| 385 | if (out_present) | ||
| 386 | *out_present = present; | ||
| 387 | |||
| 388 | return 1; | ||
| 389 | } | ||
| 390 | |||
| 391 | int | ||
| 392 | CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned tag, | ||
| 393 | uint64_t default_value) | ||
| 394 | { | ||
| 395 | CBS child; | ||
| 396 | int present; | ||
| 397 | |||
| 398 | if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) | ||
| 399 | return 0; | ||
| 400 | |||
| 401 | if (present) { | ||
| 402 | if (!CBS_get_asn1_uint64(&child, out) || | ||
| 403 | CBS_len(&child) != 0) | ||
| 404 | return 0; | ||
| 405 | } else { | ||
| 406 | *out = default_value; | ||
| 407 | } | ||
| 408 | return 1; | ||
| 409 | } | ||
| 410 | |||
| 411 | int | ||
| 412 | CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned tag, int default_value) | ||
| 413 | { | ||
| 414 | CBS child, child2; | ||
| 415 | int present; | ||
| 416 | |||
| 417 | if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) | ||
| 418 | return 0; | ||
| 419 | |||
| 420 | if (present) { | ||
| 421 | uint8_t boolean; | ||
| 422 | |||
| 423 | if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || | ||
| 424 | CBS_len(&child2) != 1 || CBS_len(&child) != 0) | ||
| 425 | return 0; | ||
| 426 | |||
| 427 | boolean = CBS_data(&child2)[0]; | ||
| 428 | if (boolean == 0) | ||
| 429 | *out = 0; | ||
| 430 | else if (boolean == 0xff) | ||
| 431 | *out = 1; | ||
| 432 | else | ||
| 433 | return 0; | ||
| 434 | |||
| 435 | } else { | ||
| 436 | *out = default_value; | ||
| 437 | } | ||
| 438 | return 1; | ||
| 439 | } | ||
diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h deleted file mode 100644 index 93c3df6f10..0000000000 --- a/src/lib/libssl/bytestring.h +++ /dev/null | |||
| @@ -1,446 +0,0 @@ | |||
| 1 | /* $OpenBSD: bytestring.h,v 1.4 2015/02/07 06:10:32 doug Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2014, Google Inc. | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY | ||
| 12 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION | ||
| 14 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN | ||
| 15 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ | ||
| 16 | |||
| 17 | #ifndef OPENSSL_HEADER_BYTESTRING_H | ||
| 18 | #define OPENSSL_HEADER_BYTESTRING_H | ||
| 19 | |||
| 20 | #if defined(__cplusplus) | ||
| 21 | extern "C" { | ||
| 22 | #endif | ||
| 23 | |||
| 24 | #include <sys/types.h> | ||
| 25 | #include <stdint.h> | ||
| 26 | |||
| 27 | #include <openssl/opensslconf.h> | ||
| 28 | |||
| 29 | /* | ||
| 30 | * Bytestrings are used for parsing and building TLS and ASN.1 messages. | ||
| 31 | * | ||
| 32 | * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and | ||
| 33 | * provides utility functions for safely parsing length-prefixed structures | ||
| 34 | * like TLS and ASN.1 from it. | ||
| 35 | * | ||
| 36 | * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and | ||
| 37 | * provides utility functions for building length-prefixed messages. | ||
| 38 | */ | ||
| 39 | |||
| 40 | /* CRYPTO ByteString */ | ||
| 41 | typedef struct cbs_st { | ||
| 42 | const uint8_t *data; | ||
| 43 | size_t len; | ||
| 44 | } CBS; | ||
| 45 | |||
| 46 | /* | ||
| 47 | * CBS_init sets |cbs| to point to |data|. It does not take ownership of | ||
| 48 | * |data|. | ||
| 49 | */ | ||
| 50 | void CBS_init(CBS *cbs, const uint8_t *data, size_t len); | ||
| 51 | |||
| 52 | /* | ||
| 53 | * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero | ||
| 54 | * otherwise. | ||
| 55 | */ | ||
| 56 | int CBS_skip(CBS *cbs, size_t len); | ||
| 57 | |||
| 58 | /* | ||
| 59 | * CBS_data returns a pointer to the contents of |cbs|. | ||
| 60 | */ | ||
| 61 | const uint8_t *CBS_data(const CBS *cbs); | ||
| 62 | |||
| 63 | /* | ||
| 64 | * CBS_len returns the number of bytes remaining in |cbs|. | ||
| 65 | */ | ||
| 66 | size_t CBS_len(const CBS *cbs); | ||
| 67 | |||
| 68 | /* | ||
| 69 | * CBS_stow copies the current contents of |cbs| into |*out_ptr| and | ||
| 70 | * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with | ||
| 71 | * OPENSSL_free. It returns one on success and zero on allocation failure. On | ||
| 72 | * success, |*out_ptr| should be freed with OPENSSL_free. If |cbs| is empty, | ||
| 73 | * |*out_ptr| will be NULL. | ||
| 74 | */ | ||
| 75 | int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len); | ||
| 76 | |||
| 77 | /* | ||
| 78 | * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a | ||
| 79 | * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed | ||
| 80 | * with OPENSSL_free. It returns one on success and zero on allocation | ||
| 81 | * failure. On success, |*out_ptr| should be freed with OPENSSL_free. | ||
| 82 | * | ||
| 83 | * NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call | ||
| 84 | * |CBS_contains_zero_byte(cbs)| to check for NUL bytes. | ||
| 85 | */ | ||
| 86 | int CBS_strdup(const CBS *cbs, char **out_ptr); | ||
| 87 | |||
| 88 | /* | ||
| 89 | * CBS_contains_zero_byte returns one if the current contents of |cbs| contains | ||
| 90 | * a NUL byte and zero otherwise. | ||
| 91 | */ | ||
| 92 | int CBS_contains_zero_byte(const CBS *cbs); | ||
| 93 | |||
| 94 | /* | ||
| 95 | * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes | ||
| 96 | * starting at |data|. If they're equal, it returns one, otherwise zero. If the | ||
| 97 | * lengths match, it uses a constant-time comparison. | ||
| 98 | */ | ||
| 99 | int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len); | ||
| 100 | |||
| 101 | /* | ||
| 102 | * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It | ||
| 103 | * returns one on success and zero on error. | ||
| 104 | */ | ||
| 105 | int CBS_get_u8(CBS *cbs, uint8_t *out); | ||
| 106 | |||
| 107 | /* | ||
| 108 | * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and | ||
| 109 | * advances |cbs|. It returns one on success and zero on error. | ||
| 110 | */ | ||
| 111 | int CBS_get_u16(CBS *cbs, uint16_t *out); | ||
| 112 | |||
| 113 | /* | ||
| 114 | * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and | ||
| 115 | * advances |cbs|. It returns one on success and zero on error. | ||
| 116 | */ | ||
| 117 | int CBS_get_u24(CBS *cbs, uint32_t *out); | ||
| 118 | |||
| 119 | /* | ||
| 120 | * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs| | ||
| 121 | * and advances |cbs|. It returns one on success and zero on error. | ||
| 122 | */ | ||
| 123 | int CBS_get_u32(CBS *cbs, uint32_t *out); | ||
| 124 | |||
| 125 | /* | ||
| 126 | * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances | ||
| 127 | * |cbs|. It returns one on success and zero on error. | ||
| 128 | */ | ||
| 129 | int CBS_get_bytes(CBS *cbs, CBS *out, size_t len); | ||
| 130 | |||
| 131 | /* | ||
| 132 | * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit, | ||
| 133 | * length-prefixed value from |cbs| and advances |cbs| over it. It returns one | ||
| 134 | * on success and zero on error. | ||
| 135 | */ | ||
| 136 | int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out); | ||
| 137 | |||
| 138 | /* | ||
| 139 | * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit, | ||
| 140 | * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It | ||
| 141 | * returns one on success and zero on error. | ||
| 142 | */ | ||
| 143 | int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); | ||
| 144 | |||
| 145 | /* | ||
| 146 | * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit, | ||
| 147 | * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It | ||
| 148 | * returns one on success and zero on error. | ||
| 149 | */ | ||
| 150 | int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); | ||
| 151 | |||
| 152 | |||
| 153 | /* Parsing ASN.1 */ | ||
| 154 | |||
| 155 | #define CBS_ASN1_BOOLEAN 0x1 | ||
| 156 | #define CBS_ASN1_INTEGER 0x2 | ||
| 157 | #define CBS_ASN1_BITSTRING 0x3 | ||
| 158 | #define CBS_ASN1_OCTETSTRING 0x4 | ||
| 159 | #define CBS_ASN1_OBJECT 0x6 | ||
| 160 | #define CBS_ASN1_ENUMERATED 0xa | ||
| 161 | #define CBS_ASN1_SEQUENCE (0x10 | CBS_ASN1_CONSTRUCTED) | ||
| 162 | #define CBS_ASN1_SET (0x11 | CBS_ASN1_CONSTRUCTED) | ||
| 163 | |||
| 164 | #define CBS_ASN1_CONSTRUCTED 0x20 | ||
| 165 | #define CBS_ASN1_CONTEXT_SPECIFIC 0x80 | ||
| 166 | |||
| 167 | /* | ||
| 168 | * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not | ||
| 169 | * including tag and length bytes) and advances |cbs| over it. The ASN.1 | ||
| 170 | * element must match |tag_value|. It returns one on success and zero | ||
| 171 | * on error. | ||
| 172 | * | ||
| 173 | * Tag numbers greater than 30 are not supported (i.e. short form only). | ||
| 174 | */ | ||
| 175 | int CBS_get_asn1(CBS *cbs, CBS *out, unsigned tag_value); | ||
| 176 | |||
| 177 | /* | ||
| 178 | * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the | ||
| 179 | * ASN.1 header bytes too. | ||
| 180 | */ | ||
| 181 | int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned tag_value); | ||
| 182 | |||
| 183 | /* | ||
| 184 | * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one | ||
| 185 | * if the next ASN.1 element on |cbs| would have tag |tag_value|. If | ||
| 186 | * |cbs| is empty or the tag does not match, it returns zero. Note: if | ||
| 187 | * it returns one, CBS_get_asn1 may still fail if the rest of the | ||
| 188 | * element is malformed. | ||
| 189 | */ | ||
| 190 | int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value); | ||
| 191 | |||
| 192 | /* | ||
| 193 | * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from | ||
| 194 | * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to | ||
| 195 | * the tag number and |*out_header_len| to the length of the ASN.1 header. If | ||
| 196 | * the element has indefinite length then |*out| will only contain the | ||
| 197 | * header. Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore | ||
| 198 | * the value. | ||
| 199 | * | ||
| 200 | * Tag numbers greater than 30 are not supported (i.e. short form only). | ||
| 201 | */ | ||
| 202 | int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, | ||
| 203 | size_t *out_header_len); | ||
| 204 | |||
| 205 | /* | ||
| 206 | * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1| | ||
| 207 | * and sets |*out| to its value. It returns one on success and zero on error, | ||
| 208 | * where error includes the integer being negative, or too large to represent | ||
| 209 | * in 64 bits. | ||
| 210 | */ | ||
| 211 | int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out); | ||
| 212 | |||
| 213 | /* | ||
| 214 | * CBS_get_optional_asn1 gets an optional explicitly-tagged element | ||
| 215 | * from |cbs| tagged with |tag| and sets |*out| to its contents. If | ||
| 216 | * present, it sets |*out_present| to one, otherwise zero. It returns | ||
| 217 | * one on success, whether or not the element was present, and zero on | ||
| 218 | * decode failure. | ||
| 219 | */ | ||
| 220 | int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned tag); | ||
| 221 | |||
| 222 | /* | ||
| 223 | * CBS_get_optional_asn1_octet_string gets an optional | ||
| 224 | * explicitly-tagged OCTET STRING from |cbs|. If present, it sets | ||
| 225 | * |*out| to the string and |*out_present| to one. Otherwise, it sets | ||
| 226 | * |*out| to empty and |*out_present| to zero. |out_present| may be | ||
| 227 | * NULL. It returns one on success, whether or not the element was | ||
| 228 | * present, and zero on decode failure. | ||
| 229 | */ | ||
| 230 | int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, | ||
| 231 | unsigned tag); | ||
| 232 | |||
| 233 | /* | ||
| 234 | * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged | ||
| 235 | * INTEGER from |cbs|. If present, it sets |*out| to the | ||
| 236 | * value. Otherwise, it sets |*out| to |default_value|. It returns one | ||
| 237 | * on success, whether or not the element was present, and zero on | ||
| 238 | * decode failure. | ||
| 239 | */ | ||
| 240 | int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned tag, | ||
| 241 | uint64_t default_value); | ||
| 242 | |||
| 243 | /* | ||
| 244 | * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from | ||
| 245 | * |cbs|. If present, it sets |*out| to either zero or one, based on the | ||
| 246 | * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on | ||
| 247 | * success, whether or not the element was present, and zero on decode | ||
| 248 | * failure. | ||
| 249 | */ | ||
| 250 | int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned tag, | ||
| 251 | int default_value); | ||
| 252 | |||
| 253 | |||
| 254 | /* | ||
| 255 | * CRYPTO ByteBuilder. | ||
| 256 | * | ||
| 257 | * |CBB| objects allow one to build length-prefixed serialisations. A |CBB| | ||
| 258 | * object is associated with a buffer and new buffers are created with | ||
| 259 | * |CBB_init|. Several |CBB| objects can point at the same buffer when a | ||
| 260 | * length-prefix is pending, however only a single |CBB| can be 'current' at | ||
| 261 | * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then | ||
| 262 | * the new |CBB| points at the same buffer as the original. But if the original | ||
| 263 | * |CBB| is used then the length prefix is written out and the new |CBB| must | ||
| 264 | * not be used again. | ||
| 265 | * | ||
| 266 | * If one needs to force a length prefix to be written out because a |CBB| is | ||
| 267 | * going out of scope, use |CBB_flush|. | ||
| 268 | */ | ||
| 269 | |||
| 270 | struct cbb_buffer_st { | ||
| 271 | uint8_t *buf; | ||
| 272 | |||
| 273 | /* The number of valid bytes. */ | ||
| 274 | size_t len; | ||
| 275 | |||
| 276 | /* The size of buf. */ | ||
| 277 | size_t cap; | ||
| 278 | |||
| 279 | /* | ||
| 280 | * One iff |buf| is owned by this object. If not then |buf| cannot be | ||
| 281 | * resized. | ||
| 282 | */ | ||
| 283 | char can_resize; | ||
| 284 | }; | ||
| 285 | |||
| 286 | typedef struct cbb_st { | ||
| 287 | struct cbb_buffer_st *base; | ||
| 288 | |||
| 289 | /* | ||
| 290 | * offset is the offset from the start of |base->buf| to the position of any | ||
| 291 | * pending length-prefix. | ||
| 292 | */ | ||
| 293 | size_t offset; | ||
| 294 | |||
| 295 | /* child points to a child CBB if a length-prefix is pending. */ | ||
| 296 | struct cbb_st *child; | ||
| 297 | |||
| 298 | /* | ||
| 299 | * pending_len_len contains the number of bytes in a pending length-prefix, | ||
| 300 | * or zero if no length-prefix is pending. | ||
| 301 | */ | ||
| 302 | uint8_t pending_len_len; | ||
| 303 | |||
| 304 | char pending_is_asn1; | ||
| 305 | |||
| 306 | /* | ||
| 307 | * is_top_level is true iff this is a top-level |CBB| (as opposed to a child | ||
| 308 | * |CBB|). Top-level objects are valid arguments for |CBB_finish|. | ||
| 309 | */ | ||
| 310 | char is_top_level; | ||
| 311 | } CBB; | ||
| 312 | |||
| 313 | /* | ||
| 314 | * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as | ||
| 315 | * needed, the |initial_capacity| is just a hint. It returns one on success or | ||
| 316 | * zero on error. | ||
| 317 | */ | ||
| 318 | int CBB_init(CBB *cbb, size_t initial_capacity); | ||
| 319 | |||
| 320 | /* | ||
| 321 | * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since | ||
| 322 | * |buf| cannot grow, trying to write more than |len| bytes will cause CBB | ||
| 323 | * functions to fail. It returns one on success or zero on error. | ||
| 324 | */ | ||
| 325 | int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len); | ||
| 326 | |||
| 327 | /* | ||
| 328 | * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects | ||
| 329 | * writing to the same buffer. This should be used in an error case where a | ||
| 330 | * serialisation is abandoned. | ||
| 331 | */ | ||
| 332 | void CBB_cleanup(CBB *cbb); | ||
| 333 | |||
| 334 | /* | ||
| 335 | * CBB_finish completes any pending length prefix and sets |*out_data| to a | ||
| 336 | * malloced buffer and |*out_len| to the length of that buffer. The caller | ||
| 337 | * takes ownership of the buffer and, unless the buffer was fixed with | ||
| 338 | * |CBB_init_fixed|, must call |OPENSSL_free| when done. | ||
| 339 | * | ||
| 340 | * It can only be called on a "top level" |CBB|, i.e. one initialised with | ||
| 341 | * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on | ||
| 342 | * error. | ||
| 343 | */ | ||
| 344 | int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len); | ||
| 345 | |||
| 346 | /* | ||
| 347 | * CBB_flush causes any pending length prefixes to be written out and any child | ||
| 348 | * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero | ||
| 349 | * on error. | ||
| 350 | */ | ||
| 351 | int CBB_flush(CBB *cbb); | ||
| 352 | |||
| 353 | /* | ||
| 354 | * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The | ||
| 355 | * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit | ||
| 356 | * length. It returns one on success or zero on error. | ||
| 357 | */ | ||
| 358 | int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents); | ||
| 359 | |||
| 360 | /* | ||
| 361 | * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|. | ||
| 362 | * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit, | ||
| 363 | * big-endian length. It returns one on success or zero on error. | ||
| 364 | */ | ||
| 365 | int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents); | ||
| 366 | |||
| 367 | /* | ||
| 368 | * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|. | ||
| 369 | * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit, | ||
| 370 | * big-endian length. It returns one on success or zero on error. | ||
| 371 | */ | ||
| 372 | int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); | ||
| 373 | |||
| 374 | /* | ||
| 375 | * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an | ||
| 376 | * ASN.1 object can be written. The |tag| argument will be used as the tag for | ||
| 377 | * the object. Passing in |tag| number 31 will return in an error since only | ||
| 378 | * single octet identifiers are supported. It returns one on success or zero | ||
| 379 | * on error. | ||
| 380 | */ | ||
| 381 | int CBB_add_asn1(CBB *cbb, CBB *out_contents, uint8_t tag); | ||
| 382 | |||
| 383 | /* | ||
| 384 | * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on | ||
| 385 | * success and zero otherwise. | ||
| 386 | */ | ||
| 387 | int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); | ||
| 388 | |||
| 389 | /* | ||
| 390 | * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to | ||
| 391 | * the beginning of that space. The caller must then write |len| bytes of | ||
| 392 | * actual contents to |*out_data|. It returns one on success and zero | ||
| 393 | * otherwise. | ||
| 394 | */ | ||
| 395 | int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len); | ||
| 396 | |||
| 397 | /* | ||
| 398 | * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on | ||
| 399 | * success and zero otherwise. | ||
| 400 | */ | ||
| 401 | int CBB_add_u8(CBB *cbb, uint8_t value); | ||
| 402 | |||
| 403 | /* | ||
| 404 | * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It | ||
| 405 | * returns one on success and zero otherwise. | ||
| 406 | */ | ||
| 407 | int CBB_add_u16(CBB *cbb, uint16_t value); | ||
| 408 | |||
| 409 | /* | ||
| 410 | * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It | ||
| 411 | * returns one on success and zero otherwise. | ||
| 412 | */ | ||
| 413 | int CBB_add_u24(CBB *cbb, uint32_t value); | ||
| 414 | |||
| 415 | /* | ||
| 416 | * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1| | ||
| 417 | * and writes |value| in its contents. It returns one on success and zero on | ||
| 418 | * error. | ||
| 419 | */ | ||
| 420 | int CBB_add_asn1_uint64(CBB *cbb, uint64_t value); | ||
| 421 | |||
| 422 | #ifdef LIBRESSL_INTERNAL | ||
| 423 | /* | ||
| 424 | * CBS_asn1_ber_to_der reads an ASN.1 structure from |in|. If it finds | ||
| 425 | * indefinite-length elements then it attempts to convert the BER data to DER | ||
| 426 | * and sets |*out| and |*out_length| to describe a malloced buffer containing | ||
| 427 | * the DER data. Additionally, |*in| will be advanced over the ASN.1 data. | ||
| 428 | * | ||
| 429 | * If it doesn't find any indefinite-length elements then it sets |*out| to | ||
| 430 | * NULL and |*in| is unmodified. | ||
| 431 | * | ||
| 432 | * A sufficiently complex ASN.1 structure will break this function because it's | ||
| 433 | * not possible to generically convert BER to DER without knowledge of the | ||
| 434 | * structure itself. However, this sufficies to handle the PKCS#7 and #12 output | ||
| 435 | * from NSS. | ||
| 436 | * | ||
| 437 | * It returns one on success and zero otherwise. | ||
| 438 | */ | ||
| 439 | int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len); | ||
| 440 | #endif /* LIBRESSL_INTERNAL */ | ||
| 441 | |||
| 442 | #if defined(__cplusplus) | ||
| 443 | } /* extern C */ | ||
| 444 | #endif | ||
| 445 | |||
| 446 | #endif /* OPENSSL_HEADER_BYTESTRING_H */ | ||
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c deleted file mode 100644 index 534db59ee8..0000000000 --- a/src/lib/libssl/d1_both.c +++ /dev/null | |||
| @@ -1,1402 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.32 2015/02/09 10:53:28 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@openssl.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 60 | * All rights reserved. | ||
| 61 | * | ||
| 62 | * This package is an SSL implementation written | ||
| 63 | * by Eric Young (eay@cryptsoft.com). | ||
| 64 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 65 | * | ||
| 66 | * This library is free for commercial and non-commercial use as long as | ||
| 67 | * the following conditions are aheared to. The following conditions | ||
| 68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 70 | * included with this distribution is covered by the same copyright terms | ||
| 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 72 | * | ||
| 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 74 | * the code are not to be removed. | ||
| 75 | * If this package is used in a product, Eric Young should be given attribution | ||
| 76 | * as the author of the parts of the library used. | ||
| 77 | * This can be in the form of a textual message at program startup or | ||
| 78 | * in documentation (online or textual) provided with the package. | ||
| 79 | * | ||
| 80 | * Redistribution and use in source and binary forms, with or without | ||
| 81 | * modification, are permitted provided that the following conditions | ||
| 82 | * are met: | ||
| 83 | * 1. Redistributions of source code must retain the copyright | ||
| 84 | * notice, this list of conditions and the following disclaimer. | ||
| 85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 86 | * notice, this list of conditions and the following disclaimer in the | ||
| 87 | * documentation and/or other materials provided with the distribution. | ||
| 88 | * 3. All advertising materials mentioning features or use of this software | ||
| 89 | * must display the following acknowledgement: | ||
| 90 | * "This product includes cryptographic software written by | ||
| 91 | * Eric Young (eay@cryptsoft.com)" | ||
| 92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 93 | * being used are not cryptographic related :-). | ||
| 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 95 | * the apps directory (application code) you must include an acknowledgement: | ||
| 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 97 | * | ||
| 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 108 | * SUCH DAMAGE. | ||
| 109 | * | ||
| 110 | * The licence and distribution terms for any publically available version or | ||
| 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 112 | * copied and put under another distribution licence | ||
| 113 | * [including the GNU Public Licence.] | ||
| 114 | */ | ||
| 115 | |||
| 116 | #include <limits.h> | ||
| 117 | #include <stdio.h> | ||
| 118 | #include <string.h> | ||
| 119 | |||
| 120 | #include "ssl_locl.h" | ||
| 121 | |||
| 122 | #include <openssl/buffer.h> | ||
| 123 | #include <openssl/evp.h> | ||
| 124 | #include <openssl/objects.h> | ||
| 125 | #include <openssl/x509.h> | ||
| 126 | |||
| 127 | #include "pqueue.h" | ||
| 128 | |||
| 129 | #define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) | ||
| 130 | |||
| 131 | #define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ | ||
| 132 | if ((end) - (start) <= 8) { \ | ||
| 133 | long ii; \ | ||
| 134 | for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ | ||
| 135 | } else { \ | ||
| 136 | long ii; \ | ||
| 137 | bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ | ||
| 138 | for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ | ||
| 139 | bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ | ||
| 140 | } } | ||
| 141 | |||
| 142 | #define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ | ||
| 143 | long ii; \ | ||
| 144 | OPENSSL_assert((msg_len) > 0); \ | ||
| 145 | is_complete = 1; \ | ||
| 146 | if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ | ||
| 147 | if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ | ||
| 148 | if (bitmask[ii] != 0xff) { is_complete = 0; break; } } | ||
| 149 | |||
| 150 | static unsigned char bitmask_start_values[] = { | ||
| 151 | 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 | ||
| 152 | }; | ||
| 153 | static unsigned char bitmask_end_values[] = { | ||
| 154 | 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f | ||
| 155 | }; | ||
| 156 | |||
| 157 | /* XDTLS: figure out the right values */ | ||
| 158 | static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; | ||
| 159 | |||
| 160 | static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); | ||
| 161 | static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, | ||
| 162 | unsigned long frag_len); | ||
| 163 | static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); | ||
| 164 | static void dtls1_set_message_header_int(SSL *s, unsigned char mt, | ||
| 165 | unsigned long len, unsigned short seq_num, unsigned long frag_off, | ||
| 166 | unsigned long frag_len); | ||
| 167 | static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, | ||
| 168 | int *ok); | ||
| 169 | |||
| 170 | static hm_fragment * | ||
| 171 | dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) | ||
| 172 | { | ||
| 173 | hm_fragment *frag = NULL; | ||
| 174 | unsigned char *buf = NULL; | ||
| 175 | unsigned char *bitmask = NULL; | ||
| 176 | |||
| 177 | frag = malloc(sizeof(hm_fragment)); | ||
| 178 | if (frag == NULL) | ||
| 179 | return NULL; | ||
| 180 | |||
| 181 | if (frag_len) { | ||
| 182 | buf = malloc(frag_len); | ||
| 183 | if (buf == NULL) { | ||
| 184 | free(frag); | ||
| 185 | return NULL; | ||
| 186 | } | ||
| 187 | } | ||
| 188 | |||
| 189 | /* zero length fragment gets zero frag->fragment */ | ||
| 190 | frag->fragment = buf; | ||
| 191 | |||
| 192 | /* Initialize reassembly bitmask if necessary */ | ||
| 193 | if (reassembly) { | ||
| 194 | bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len)); | ||
| 195 | if (bitmask == NULL) { | ||
| 196 | free(buf); | ||
| 197 | free(frag); | ||
| 198 | return NULL; | ||
| 199 | } | ||
| 200 | memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); | ||
| 201 | } | ||
| 202 | |||
| 203 | frag->reassembly = bitmask; | ||
| 204 | |||
| 205 | return frag; | ||
| 206 | } | ||
| 207 | |||
| 208 | static void | ||
| 209 | dtls1_hm_fragment_free(hm_fragment *frag) | ||
| 210 | { | ||
| 211 | |||
| 212 | if (frag->msg_header.is_ccs) { | ||
| 213 | EVP_CIPHER_CTX_free( | ||
| 214 | frag->msg_header.saved_retransmit_state.enc_write_ctx); | ||
| 215 | EVP_MD_CTX_destroy( | ||
| 216 | frag->msg_header.saved_retransmit_state.write_hash); | ||
| 217 | } | ||
| 218 | free(frag->fragment); | ||
| 219 | free(frag->reassembly); | ||
| 220 | free(frag); | ||
| 221 | } | ||
| 222 | |||
| 223 | /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ | ||
| 224 | int | ||
| 225 | dtls1_do_write(SSL *s, int type) | ||
| 226 | { | ||
| 227 | int ret; | ||
| 228 | int curr_mtu; | ||
| 229 | unsigned int len, frag_off, mac_size, blocksize; | ||
| 230 | |||
| 231 | /* AHA! Figure out the MTU, and stick to the right size */ | ||
| 232 | if (s->d1->mtu < dtls1_min_mtu() && | ||
| 233 | !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { | ||
| 234 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), | ||
| 235 | BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); | ||
| 236 | |||
| 237 | /* | ||
| 238 | * I've seen the kernel return bogus numbers when it | ||
| 239 | * doesn't know the MTU (ie., the initial write), so just | ||
| 240 | * make sure we have a reasonable number | ||
| 241 | */ | ||
| 242 | if (s->d1->mtu < dtls1_min_mtu()) { | ||
| 243 | s->d1->mtu = 0; | ||
| 244 | s->d1->mtu = dtls1_guess_mtu(s->d1->mtu); | ||
| 245 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, | ||
| 246 | s->d1->mtu, NULL); | ||
| 247 | } | ||
| 248 | } | ||
| 249 | |||
| 250 | OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); | ||
| 251 | /* should have something reasonable now */ | ||
| 252 | |||
| 253 | if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) | ||
| 254 | OPENSSL_assert(s->init_num == | ||
| 255 | (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); | ||
| 256 | |||
| 257 | if (s->write_hash) | ||
| 258 | mac_size = EVP_MD_CTX_size(s->write_hash); | ||
| 259 | else | ||
| 260 | mac_size = 0; | ||
| 261 | |||
| 262 | if (s->enc_write_ctx && | ||
| 263 | (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) | ||
| 264 | blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher); | ||
| 265 | else | ||
| 266 | blocksize = 0; | ||
| 267 | |||
| 268 | frag_off = 0; | ||
| 269 | while (s->init_num) { | ||
| 270 | curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - | ||
| 271 | DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; | ||
| 272 | |||
| 273 | if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { | ||
| 274 | /* grr.. we could get an error if MTU picked was wrong */ | ||
| 275 | ret = BIO_flush(SSL_get_wbio(s)); | ||
| 276 | if (ret <= 0) | ||
| 277 | return ret; | ||
| 278 | curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - | ||
| 279 | mac_size - blocksize; | ||
| 280 | } | ||
| 281 | |||
| 282 | if (s->init_num > curr_mtu) | ||
| 283 | len = curr_mtu; | ||
| 284 | else | ||
| 285 | len = s->init_num; | ||
| 286 | |||
| 287 | |||
| 288 | /* XDTLS: this function is too long. split out the CCS part */ | ||
| 289 | if (type == SSL3_RT_HANDSHAKE) { | ||
| 290 | if (s->init_off != 0) { | ||
| 291 | OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH); | ||
| 292 | s->init_off -= DTLS1_HM_HEADER_LENGTH; | ||
| 293 | s->init_num += DTLS1_HM_HEADER_LENGTH; | ||
| 294 | |||
| 295 | if (s->init_num > curr_mtu) | ||
| 296 | len = curr_mtu; | ||
| 297 | else | ||
| 298 | len = s->init_num; | ||
| 299 | } | ||
| 300 | |||
| 301 | dtls1_fix_message_header(s, frag_off, | ||
| 302 | len - DTLS1_HM_HEADER_LENGTH); | ||
| 303 | |||
| 304 | dtls1_write_message_header(s, | ||
| 305 | (unsigned char *)&s->init_buf->data[s->init_off]); | ||
| 306 | |||
| 307 | OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); | ||
| 308 | } | ||
| 309 | |||
| 310 | ret = dtls1_write_bytes(s, type, | ||
| 311 | &s->init_buf->data[s->init_off], len); | ||
| 312 | if (ret < 0) { | ||
| 313 | /* | ||
| 314 | * Might need to update MTU here, but we don't know | ||
| 315 | * which previous packet caused the failure -- so | ||
| 316 | * can't really retransmit anything. continue as | ||
| 317 | * if everything is fine and wait for an alert to | ||
| 318 | * handle the retransmit | ||
| 319 | */ | ||
| 320 | if (BIO_ctrl(SSL_get_wbio(s), | ||
| 321 | BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) | ||
| 322 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), | ||
| 323 | BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); | ||
| 324 | else | ||
| 325 | return (-1); | ||
| 326 | } else { | ||
| 327 | |||
| 328 | /* | ||
| 329 | * Bad if this assert fails, only part of the | ||
| 330 | * handshake message got sent. but why would | ||
| 331 | * this happen? | ||
| 332 | */ | ||
| 333 | OPENSSL_assert(len == (unsigned int)ret); | ||
| 334 | |||
| 335 | if (type == SSL3_RT_HANDSHAKE && | ||
| 336 | !s->d1->retransmitting) { | ||
| 337 | /* | ||
| 338 | * Should not be done for 'Hello Request's, | ||
| 339 | * but in that case we'll ignore the result | ||
| 340 | * anyway | ||
| 341 | */ | ||
| 342 | unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off]; | ||
| 343 | const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
| 344 | int xlen; | ||
| 345 | |||
| 346 | if (frag_off == 0 && | ||
| 347 | s->version != DTLS1_BAD_VER) { | ||
| 348 | /* | ||
| 349 | * Reconstruct message header is if it | ||
| 350 | * is being sent in single fragment | ||
| 351 | */ | ||
| 352 | *p++ = msg_hdr->type; | ||
| 353 | l2n3(msg_hdr->msg_len, p); | ||
| 354 | s2n (msg_hdr->seq, p); | ||
| 355 | l2n3(0, p); | ||
| 356 | l2n3(msg_hdr->msg_len, p); | ||
| 357 | p -= DTLS1_HM_HEADER_LENGTH; | ||
| 358 | xlen = ret; | ||
| 359 | } else { | ||
| 360 | p += DTLS1_HM_HEADER_LENGTH; | ||
| 361 | xlen = ret - DTLS1_HM_HEADER_LENGTH; | ||
| 362 | } | ||
| 363 | |||
| 364 | ssl3_finish_mac(s, p, xlen); | ||
| 365 | } | ||
| 366 | |||
| 367 | if (ret == s->init_num) { | ||
| 368 | if (s->msg_callback) | ||
| 369 | s->msg_callback(1, s->version, type, | ||
| 370 | s->init_buf->data, | ||
| 371 | (size_t)(s->init_off + s->init_num), | ||
| 372 | s, s->msg_callback_arg); | ||
| 373 | |||
| 374 | s->init_off = 0; | ||
| 375 | /* done writing this message */ | ||
| 376 | s->init_num = 0; | ||
| 377 | |||
| 378 | return (1); | ||
| 379 | } | ||
| 380 | s->init_off += ret; | ||
| 381 | s->init_num -= ret; | ||
| 382 | frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); | ||
| 383 | } | ||
| 384 | } | ||
| 385 | return (0); | ||
| 386 | } | ||
| 387 | |||
| 388 | |||
| 389 | /* | ||
| 390 | * Obtain handshake message of message type 'mt' (any if mt == -1), | ||
| 391 | * maximum acceptable body length 'max'. | ||
| 392 | * Read an entire handshake message. Handshake messages arrive in | ||
| 393 | * fragments. | ||
| 394 | */ | ||
| 395 | long | ||
| 396 | dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | ||
| 397 | { | ||
| 398 | int i, al; | ||
| 399 | struct hm_header_st *msg_hdr; | ||
| 400 | unsigned char *p; | ||
| 401 | unsigned long msg_len; | ||
| 402 | |||
| 403 | /* | ||
| 404 | * s3->tmp is used to store messages that are unexpected, caused | ||
| 405 | * by the absence of an optional handshake message | ||
| 406 | */ | ||
| 407 | if (s->s3->tmp.reuse_message) { | ||
| 408 | s->s3->tmp.reuse_message = 0; | ||
| 409 | if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { | ||
| 410 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 411 | SSLerr(SSL_F_DTLS1_GET_MESSAGE, | ||
| 412 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 413 | goto f_err; | ||
| 414 | } | ||
| 415 | *ok = 1; | ||
| 416 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | ||
| 417 | s->init_num = (int)s->s3->tmp.message_size; | ||
| 418 | return s->init_num; | ||
| 419 | } | ||
| 420 | |||
| 421 | msg_hdr = &s->d1->r_msg_hdr; | ||
| 422 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | ||
| 423 | |||
| 424 | again: | ||
| 425 | i = dtls1_get_message_fragment(s, st1, stn, max, ok); | ||
| 426 | if (i == DTLS1_HM_BAD_FRAGMENT || | ||
| 427 | i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ | ||
| 428 | goto again; | ||
| 429 | else if (i <= 0 && !*ok) | ||
| 430 | return i; | ||
| 431 | |||
| 432 | p = (unsigned char *)s->init_buf->data; | ||
| 433 | msg_len = msg_hdr->msg_len; | ||
| 434 | |||
| 435 | /* reconstruct message header */ | ||
| 436 | *(p++) = msg_hdr->type; | ||
| 437 | l2n3(msg_len, p); | ||
| 438 | s2n (msg_hdr->seq, p); | ||
| 439 | l2n3(0, p); | ||
| 440 | l2n3(msg_len, p); | ||
| 441 | if (s->version != DTLS1_BAD_VER) { | ||
| 442 | p -= DTLS1_HM_HEADER_LENGTH; | ||
| 443 | msg_len += DTLS1_HM_HEADER_LENGTH; | ||
| 444 | } | ||
| 445 | |||
| 446 | ssl3_finish_mac(s, p, msg_len); | ||
| 447 | if (s->msg_callback) | ||
| 448 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len, | ||
| 449 | s, s->msg_callback_arg); | ||
| 450 | |||
| 451 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | ||
| 452 | |||
| 453 | /* Don't change sequence numbers while listening */ | ||
| 454 | if (!s->d1->listen) | ||
| 455 | s->d1->handshake_read_seq++; | ||
| 456 | |||
| 457 | s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | ||
| 458 | return s->init_num; | ||
| 459 | |||
| 460 | f_err: | ||
| 461 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 462 | *ok = 0; | ||
| 463 | return -1; | ||
| 464 | } | ||
| 465 | |||
| 466 | |||
| 467 | static int | ||
| 468 | dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) | ||
| 469 | { | ||
| 470 | size_t frag_off, frag_len, msg_len; | ||
| 471 | |||
| 472 | msg_len = msg_hdr->msg_len; | ||
| 473 | frag_off = msg_hdr->frag_off; | ||
| 474 | frag_len = msg_hdr->frag_len; | ||
| 475 | |||
| 476 | /* sanity checking */ | ||
| 477 | if ((frag_off + frag_len) > msg_len) { | ||
| 478 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, | ||
| 479 | SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
| 480 | return SSL_AD_ILLEGAL_PARAMETER; | ||
| 481 | } | ||
| 482 | |||
| 483 | if ((frag_off + frag_len) > (unsigned long)max) { | ||
| 484 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, | ||
| 485 | SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
| 486 | return SSL_AD_ILLEGAL_PARAMETER; | ||
| 487 | } | ||
| 488 | |||
| 489 | if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */ | ||
| 490 | { | ||
| 491 | /* | ||
| 492 | * msg_len is limited to 2^24, but is effectively checked | ||
| 493 | * against max above | ||
| 494 | */ | ||
| 495 | if (!BUF_MEM_grow_clean(s->init_buf, | ||
| 496 | msg_len + DTLS1_HM_HEADER_LENGTH)) { | ||
| 497 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB); | ||
| 498 | return SSL_AD_INTERNAL_ERROR; | ||
| 499 | } | ||
| 500 | |||
| 501 | s->s3->tmp.message_size = msg_len; | ||
| 502 | s->d1->r_msg_hdr.msg_len = msg_len; | ||
| 503 | s->s3->tmp.message_type = msg_hdr->type; | ||
| 504 | s->d1->r_msg_hdr.type = msg_hdr->type; | ||
| 505 | s->d1->r_msg_hdr.seq = msg_hdr->seq; | ||
| 506 | } else if (msg_len != s->d1->r_msg_hdr.msg_len) { | ||
| 507 | /* | ||
| 508 | * They must be playing with us! BTW, failure to enforce | ||
| 509 | * upper limit would open possibility for buffer overrun. | ||
| 510 | */ | ||
| 511 | SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, | ||
| 512 | SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
| 513 | return SSL_AD_ILLEGAL_PARAMETER; | ||
| 514 | } | ||
| 515 | |||
| 516 | return 0; /* no error */ | ||
| 517 | } | ||
| 518 | |||
| 519 | static int | ||
| 520 | dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) | ||
| 521 | { | ||
| 522 | /* | ||
| 523 | * (0) check whether the desired fragment is available | ||
| 524 | * if so: | ||
| 525 | * (1) copy over the fragment to s->init_buf->data[] | ||
| 526 | * (2) update s->init_num | ||
| 527 | */ | ||
| 528 | pitem *item; | ||
| 529 | hm_fragment *frag; | ||
| 530 | int al; | ||
| 531 | |||
| 532 | *ok = 0; | ||
| 533 | item = pqueue_peek(s->d1->buffered_messages); | ||
| 534 | if (item == NULL) | ||
| 535 | return 0; | ||
| 536 | |||
| 537 | frag = (hm_fragment *)item->data; | ||
| 538 | |||
| 539 | /* Don't return if reassembly still in progress */ | ||
| 540 | if (frag->reassembly != NULL) | ||
| 541 | return 0; | ||
| 542 | |||
| 543 | if (s->d1->handshake_read_seq == frag->msg_header.seq) { | ||
| 544 | unsigned long frag_len = frag->msg_header.frag_len; | ||
| 545 | pqueue_pop(s->d1->buffered_messages); | ||
| 546 | |||
| 547 | al = dtls1_preprocess_fragment(s, &frag->msg_header, max); | ||
| 548 | |||
| 549 | if (al == 0) /* no alert */ | ||
| 550 | { | ||
| 551 | unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | ||
| 552 | memcpy(&p[frag->msg_header.frag_off], | ||
| 553 | frag->fragment, frag->msg_header.frag_len); | ||
| 554 | } | ||
| 555 | |||
| 556 | dtls1_hm_fragment_free(frag); | ||
| 557 | pitem_free(item); | ||
| 558 | |||
| 559 | if (al == 0) { | ||
| 560 | *ok = 1; | ||
| 561 | return frag_len; | ||
| 562 | } | ||
| 563 | |||
| 564 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 565 | s->init_num = 0; | ||
| 566 | *ok = 0; | ||
| 567 | return -1; | ||
| 568 | } else | ||
| 569 | return 0; | ||
| 570 | } | ||
| 571 | |||
| 572 | /* | ||
| 573 | * dtls1_max_handshake_message_len returns the maximum number of bytes | ||
| 574 | * permitted in a DTLS handshake message for |s|. The minimum is 16KB, | ||
| 575 | * but may be greater if the maximum certificate list size requires it. | ||
| 576 | */ | ||
| 577 | static unsigned long | ||
| 578 | dtls1_max_handshake_message_len(const SSL *s) | ||
| 579 | { | ||
| 580 | unsigned long max_len; | ||
| 581 | |||
| 582 | max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; | ||
| 583 | if (max_len < (unsigned long)s->max_cert_list) | ||
| 584 | return s->max_cert_list; | ||
| 585 | return max_len; | ||
| 586 | } | ||
| 587 | |||
| 588 | static int | ||
| 589 | dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) | ||
| 590 | { | ||
| 591 | hm_fragment *frag = NULL; | ||
| 592 | pitem *item = NULL; | ||
| 593 | int i = -1, is_complete; | ||
| 594 | unsigned char seq64be[8]; | ||
| 595 | unsigned long frag_len = msg_hdr->frag_len; | ||
| 596 | |||
| 597 | if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || | ||
| 598 | msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) | ||
| 599 | goto err; | ||
| 600 | |||
| 601 | if (frag_len == 0) { | ||
| 602 | i = DTLS1_HM_FRAGMENT_RETRY; | ||
| 603 | goto err; | ||
| 604 | } | ||
| 605 | |||
| 606 | /* Try to find item in queue */ | ||
| 607 | memset(seq64be, 0, sizeof(seq64be)); | ||
| 608 | seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); | ||
| 609 | seq64be[7] = (unsigned char)msg_hdr->seq; | ||
| 610 | item = pqueue_find(s->d1->buffered_messages, seq64be); | ||
| 611 | |||
| 612 | if (item == NULL) { | ||
| 613 | frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); | ||
| 614 | if (frag == NULL) | ||
| 615 | goto err; | ||
| 616 | memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); | ||
| 617 | frag->msg_header.frag_len = frag->msg_header.msg_len; | ||
| 618 | frag->msg_header.frag_off = 0; | ||
| 619 | } else { | ||
| 620 | frag = (hm_fragment*)item->data; | ||
| 621 | if (frag->msg_header.msg_len != msg_hdr->msg_len) { | ||
| 622 | item = NULL; | ||
| 623 | frag = NULL; | ||
| 624 | goto err; | ||
| 625 | } | ||
| 626 | } | ||
| 627 | |||
| 628 | /* | ||
| 629 | * If message is already reassembled, this must be a | ||
| 630 | * retransmit and can be dropped. | ||
| 631 | */ | ||
| 632 | if (frag->reassembly == NULL) { | ||
| 633 | unsigned char devnull [256]; | ||
| 634 | |||
| 635 | while (frag_len) { | ||
| 636 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | ||
| 637 | devnull, frag_len > sizeof(devnull) ? | ||
| 638 | sizeof(devnull) : frag_len, 0); | ||
| 639 | if (i <= 0) | ||
| 640 | goto err; | ||
| 641 | frag_len -= i; | ||
| 642 | } | ||
| 643 | i = DTLS1_HM_FRAGMENT_RETRY; | ||
| 644 | goto err; | ||
| 645 | } | ||
| 646 | |||
| 647 | /* read the body of the fragment (header has already been read */ | ||
| 648 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | ||
| 649 | frag->fragment + msg_hdr->frag_off, frag_len, 0); | ||
| 650 | if (i <= 0 || (unsigned long)i != frag_len) | ||
| 651 | goto err; | ||
| 652 | |||
| 653 | RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, | ||
| 654 | (long)(msg_hdr->frag_off + frag_len)); | ||
| 655 | |||
| 656 | RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, | ||
| 657 | is_complete); | ||
| 658 | |||
| 659 | if (is_complete) { | ||
| 660 | free(frag->reassembly); | ||
| 661 | frag->reassembly = NULL; | ||
| 662 | } | ||
| 663 | |||
| 664 | if (item == NULL) { | ||
| 665 | memset(seq64be, 0, sizeof(seq64be)); | ||
| 666 | seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); | ||
| 667 | seq64be[7] = (unsigned char)(msg_hdr->seq); | ||
| 668 | |||
| 669 | item = pitem_new(seq64be, frag); | ||
| 670 | if (item == NULL) { | ||
| 671 | i = -1; | ||
| 672 | goto err; | ||
| 673 | } | ||
| 674 | |||
| 675 | pqueue_insert(s->d1->buffered_messages, item); | ||
| 676 | } | ||
| 677 | |||
| 678 | return DTLS1_HM_FRAGMENT_RETRY; | ||
| 679 | |||
| 680 | err: | ||
| 681 | if (item == NULL && frag != NULL) | ||
| 682 | dtls1_hm_fragment_free(frag); | ||
| 683 | *ok = 0; | ||
| 684 | return i; | ||
| 685 | } | ||
| 686 | |||
| 687 | |||
| 688 | static int | ||
| 689 | dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) | ||
| 690 | { | ||
| 691 | int i = -1; | ||
| 692 | hm_fragment *frag = NULL; | ||
| 693 | pitem *item = NULL; | ||
| 694 | unsigned char seq64be[8]; | ||
| 695 | unsigned long frag_len = msg_hdr->frag_len; | ||
| 696 | |||
| 697 | if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) | ||
| 698 | goto err; | ||
| 699 | |||
| 700 | /* Try to find item in queue, to prevent duplicate entries */ | ||
| 701 | memset(seq64be, 0, sizeof(seq64be)); | ||
| 702 | seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); | ||
| 703 | seq64be[7] = (unsigned char) msg_hdr->seq; | ||
| 704 | item = pqueue_find(s->d1->buffered_messages, seq64be); | ||
| 705 | |||
| 706 | /* | ||
| 707 | * If we already have an entry and this one is a fragment, | ||
| 708 | * don't discard it and rather try to reassemble it. | ||
| 709 | */ | ||
| 710 | if (item != NULL && frag_len < msg_hdr->msg_len) | ||
| 711 | item = NULL; | ||
| 712 | |||
| 713 | /* | ||
| 714 | * Discard the message if sequence number was already there, is | ||
| 715 | * too far in the future, already in the queue or if we received | ||
| 716 | * a FINISHED before the SERVER_HELLO, which then must be a stale | ||
| 717 | * retransmit. | ||
| 718 | */ | ||
| 719 | if (msg_hdr->seq <= s->d1->handshake_read_seq || | ||
| 720 | msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL || | ||
| 721 | (s->d1->handshake_read_seq == 0 && | ||
| 722 | msg_hdr->type == SSL3_MT_FINISHED)) { | ||
| 723 | unsigned char devnull [256]; | ||
| 724 | |||
| 725 | while (frag_len) { | ||
| 726 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | ||
| 727 | devnull, frag_len > sizeof(devnull) ? | ||
| 728 | sizeof(devnull) : frag_len, 0); | ||
| 729 | if (i <= 0) | ||
| 730 | goto err; | ||
| 731 | frag_len -= i; | ||
| 732 | } | ||
| 733 | } else { | ||
| 734 | if (frag_len < msg_hdr->msg_len) | ||
| 735 | return dtls1_reassemble_fragment(s, msg_hdr, ok); | ||
| 736 | |||
| 737 | if (frag_len > dtls1_max_handshake_message_len(s)) | ||
| 738 | goto err; | ||
| 739 | |||
| 740 | frag = dtls1_hm_fragment_new(frag_len, 0); | ||
| 741 | if (frag == NULL) | ||
| 742 | goto err; | ||
| 743 | |||
| 744 | memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); | ||
| 745 | |||
| 746 | if (frag_len) { | ||
| 747 | /* read the body of the fragment (header has already been read */ | ||
| 748 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | ||
| 749 | frag->fragment, frag_len, 0); | ||
| 750 | if (i <= 0 || (unsigned long)i != frag_len) | ||
| 751 | goto err; | ||
| 752 | } | ||
| 753 | |||
| 754 | memset(seq64be, 0, sizeof(seq64be)); | ||
| 755 | seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); | ||
| 756 | seq64be[7] = (unsigned char)(msg_hdr->seq); | ||
| 757 | |||
| 758 | item = pitem_new(seq64be, frag); | ||
| 759 | if (item == NULL) | ||
| 760 | goto err; | ||
| 761 | |||
| 762 | pqueue_insert(s->d1->buffered_messages, item); | ||
| 763 | } | ||
| 764 | |||
| 765 | return DTLS1_HM_FRAGMENT_RETRY; | ||
| 766 | |||
| 767 | err: | ||
| 768 | if (item == NULL && frag != NULL) | ||
| 769 | dtls1_hm_fragment_free(frag); | ||
| 770 | *ok = 0; | ||
| 771 | return i; | ||
| 772 | } | ||
| 773 | |||
| 774 | |||
| 775 | static long | ||
| 776 | dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) | ||
| 777 | { | ||
| 778 | unsigned char wire[DTLS1_HM_HEADER_LENGTH]; | ||
| 779 | unsigned long len, frag_off, frag_len; | ||
| 780 | int i, al; | ||
| 781 | struct hm_header_st msg_hdr; | ||
| 782 | |||
| 783 | again: | ||
| 784 | /* see if we have the required fragment already */ | ||
| 785 | if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { | ||
| 786 | if (*ok) | ||
| 787 | s->init_num = frag_len; | ||
| 788 | return frag_len; | ||
| 789 | } | ||
| 790 | |||
| 791 | /* read handshake message header */ | ||
| 792 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, | ||
| 793 | DTLS1_HM_HEADER_LENGTH, 0); | ||
| 794 | if (i <= 0) /* nbio, or an error */ | ||
| 795 | { | ||
| 796 | s->rwstate = SSL_READING; | ||
| 797 | *ok = 0; | ||
| 798 | return i; | ||
| 799 | } | ||
| 800 | /* Handshake fails if message header is incomplete */ | ||
| 801 | if (i != DTLS1_HM_HEADER_LENGTH) { | ||
| 802 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 803 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, | ||
| 804 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 805 | goto f_err; | ||
| 806 | } | ||
| 807 | |||
| 808 | /* parse the message fragment header */ | ||
| 809 | dtls1_get_message_header(wire, &msg_hdr); | ||
| 810 | |||
| 811 | /* | ||
| 812 | * if this is a future (or stale) message it gets buffered | ||
| 813 | * (or dropped)--no further processing at this time | ||
| 814 | * While listening, we accept seq 1 (ClientHello with cookie) | ||
| 815 | * although we're still expecting seq 0 (ClientHello) | ||
| 816 | */ | ||
| 817 | if (msg_hdr.seq != s->d1->handshake_read_seq && | ||
| 818 | !(s->d1->listen && msg_hdr.seq == 1)) | ||
| 819 | return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); | ||
| 820 | |||
| 821 | len = msg_hdr.msg_len; | ||
| 822 | frag_off = msg_hdr.frag_off; | ||
| 823 | frag_len = msg_hdr.frag_len; | ||
| 824 | |||
| 825 | if (frag_len && frag_len < len) | ||
| 826 | return dtls1_reassemble_fragment(s, &msg_hdr, ok); | ||
| 827 | |||
| 828 | if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && | ||
| 829 | wire[0] == SSL3_MT_HELLO_REQUEST) { | ||
| 830 | /* | ||
| 831 | * The server may always send 'Hello Request' messages -- | ||
| 832 | * we are doing a handshake anyway now, so ignore them | ||
| 833 | * if their format is correct. Does not count for | ||
| 834 | * 'Finished' MAC. | ||
| 835 | */ | ||
| 836 | if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { | ||
| 837 | if (s->msg_callback) | ||
| 838 | s->msg_callback(0, s->version, | ||
| 839 | SSL3_RT_HANDSHAKE, wire, | ||
| 840 | DTLS1_HM_HEADER_LENGTH, s, | ||
| 841 | s->msg_callback_arg); | ||
| 842 | |||
| 843 | s->init_num = 0; | ||
| 844 | goto again; | ||
| 845 | } | ||
| 846 | else /* Incorrectly formated Hello request */ | ||
| 847 | { | ||
| 848 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 849 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, | ||
| 850 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 851 | goto f_err; | ||
| 852 | } | ||
| 853 | } | ||
| 854 | |||
| 855 | if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) | ||
| 856 | goto f_err; | ||
| 857 | |||
| 858 | /* XDTLS: ressurect this when restart is in place */ | ||
| 859 | s->state = stn; | ||
| 860 | |||
| 861 | if (frag_len > 0) { | ||
| 862 | unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; | ||
| 863 | |||
| 864 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | ||
| 865 | &p[frag_off], frag_len, 0); | ||
| 866 | /* XDTLS: fix this--message fragments cannot span multiple packets */ | ||
| 867 | if (i <= 0) { | ||
| 868 | s->rwstate = SSL_READING; | ||
| 869 | *ok = 0; | ||
| 870 | return i; | ||
| 871 | } | ||
| 872 | } else | ||
| 873 | i = 0; | ||
| 874 | |||
| 875 | /* | ||
| 876 | * XDTLS: an incorrectly formatted fragment should cause the | ||
| 877 | * handshake to fail | ||
| 878 | */ | ||
| 879 | if (i != (int)frag_len) { | ||
| 880 | al = SSL3_AD_ILLEGAL_PARAMETER; | ||
| 881 | SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, | ||
| 882 | SSL3_AD_ILLEGAL_PARAMETER); | ||
| 883 | goto f_err; | ||
| 884 | } | ||
| 885 | |||
| 886 | *ok = 1; | ||
| 887 | |||
| 888 | /* | ||
| 889 | * Note that s->init_num is *not* used as current offset in | ||
| 890 | * s->init_buf->data, but as a counter summing up fragments' | ||
| 891 | * lengths: as soon as they sum up to handshake packet | ||
| 892 | * length, we assume we have got all the fragments. | ||
| 893 | */ | ||
| 894 | s->init_num = frag_len; | ||
| 895 | return frag_len; | ||
| 896 | |||
| 897 | f_err: | ||
| 898 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 899 | s->init_num = 0; | ||
| 900 | |||
| 901 | *ok = 0; | ||
| 902 | return (-1); | ||
| 903 | } | ||
| 904 | |||
| 905 | int | ||
| 906 | dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) | ||
| 907 | { | ||
| 908 | unsigned char *p, *d; | ||
| 909 | int i; | ||
| 910 | unsigned long l; | ||
| 911 | |||
| 912 | if (s->state == a) { | ||
| 913 | d = (unsigned char *)s->init_buf->data; | ||
| 914 | p = &(d[DTLS1_HM_HEADER_LENGTH]); | ||
| 915 | |||
| 916 | i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, | ||
| 917 | s->s3->tmp.finish_md); | ||
| 918 | s->s3->tmp.finish_md_len = i; | ||
| 919 | memcpy(p, s->s3->tmp.finish_md, i); | ||
| 920 | p += i; | ||
| 921 | l = i; | ||
| 922 | |||
| 923 | /* | ||
| 924 | * Copy the finished so we can use it for | ||
| 925 | * renegotiation checks | ||
| 926 | */ | ||
| 927 | if (s->type == SSL_ST_CONNECT) { | ||
| 928 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
| 929 | memcpy(s->s3->previous_client_finished, | ||
| 930 | s->s3->tmp.finish_md, i); | ||
| 931 | s->s3->previous_client_finished_len = i; | ||
| 932 | } else { | ||
| 933 | OPENSSL_assert(i <= EVP_MAX_MD_SIZE); | ||
| 934 | memcpy(s->s3->previous_server_finished, | ||
| 935 | s->s3->tmp.finish_md, i); | ||
| 936 | s->s3->previous_server_finished_len = i; | ||
| 937 | } | ||
| 938 | |||
| 939 | d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l); | ||
| 940 | s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH; | ||
| 941 | s->init_off = 0; | ||
| 942 | |||
| 943 | /* buffer the message to handle re-xmits */ | ||
| 944 | dtls1_buffer_message(s, 0); | ||
| 945 | |||
| 946 | s->state = b; | ||
| 947 | } | ||
| 948 | |||
| 949 | /* SSL3_ST_SEND_xxxxxx_HELLO_B */ | ||
| 950 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 951 | } | ||
| 952 | |||
| 953 | /* | ||
| 954 | * for these 2 messages, we need to | ||
| 955 | * ssl->enc_read_ctx re-init | ||
| 956 | * ssl->s3->read_sequence zero | ||
| 957 | * ssl->s3->read_mac_secret re-init | ||
| 958 | * ssl->session->read_sym_enc assign | ||
| 959 | * ssl->session->read_hash assign | ||
| 960 | */ | ||
| 961 | int | ||
| 962 | dtls1_send_change_cipher_spec(SSL *s, int a, int b) | ||
| 963 | { | ||
| 964 | unsigned char *p; | ||
| 965 | |||
| 966 | if (s->state == a) { | ||
| 967 | p = (unsigned char *)s->init_buf->data; | ||
| 968 | *p++=SSL3_MT_CCS; | ||
| 969 | s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; | ||
| 970 | s->init_num = DTLS1_CCS_HEADER_LENGTH; | ||
| 971 | |||
| 972 | if (s->version == DTLS1_BAD_VER) { | ||
| 973 | s->d1->next_handshake_write_seq++; | ||
| 974 | s2n(s->d1->handshake_write_seq, p); | ||
| 975 | s->init_num += 2; | ||
| 976 | } | ||
| 977 | |||
| 978 | s->init_off = 0; | ||
| 979 | |||
| 980 | dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, | ||
| 981 | s->d1->handshake_write_seq, 0, 0); | ||
| 982 | |||
| 983 | /* buffer the message to handle re-xmits */ | ||
| 984 | dtls1_buffer_message(s, 1); | ||
| 985 | |||
| 986 | s->state = b; | ||
| 987 | } | ||
| 988 | |||
| 989 | /* SSL3_ST_CW_CHANGE_B */ | ||
| 990 | return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC)); | ||
| 991 | } | ||
| 992 | |||
| 993 | static int | ||
| 994 | dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | ||
| 995 | { | ||
| 996 | int n; | ||
| 997 | unsigned char *p; | ||
| 998 | |||
| 999 | n = i2d_X509(x, NULL); | ||
| 1000 | if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) { | ||
| 1001 | SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); | ||
| 1002 | return 0; | ||
| 1003 | } | ||
| 1004 | p = (unsigned char *)&(buf->data[*l]); | ||
| 1005 | l2n3(n, p); | ||
| 1006 | i2d_X509(x, &p); | ||
| 1007 | *l += n + 3; | ||
| 1008 | |||
| 1009 | return 1; | ||
| 1010 | } | ||
| 1011 | |||
| 1012 | unsigned long | ||
| 1013 | dtls1_output_cert_chain(SSL *s, X509 *x) | ||
| 1014 | { | ||
| 1015 | unsigned char *p; | ||
| 1016 | int i; | ||
| 1017 | unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH; | ||
| 1018 | BUF_MEM *buf; | ||
| 1019 | |||
| 1020 | /* TLSv1 sends a chain with nothing in it, instead of an alert */ | ||
| 1021 | buf = s->init_buf; | ||
| 1022 | if (!BUF_MEM_grow_clean(buf, 10)) { | ||
| 1023 | SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB); | ||
| 1024 | return (0); | ||
| 1025 | } | ||
| 1026 | if (x != NULL) { | ||
| 1027 | X509_STORE_CTX xs_ctx; | ||
| 1028 | |||
| 1029 | if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, | ||
| 1030 | x, NULL)) { | ||
| 1031 | SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB); | ||
| 1032 | return (0); | ||
| 1033 | } | ||
| 1034 | |||
| 1035 | X509_verify_cert(&xs_ctx); | ||
| 1036 | /* Don't leave errors in the queue */ | ||
| 1037 | ERR_clear_error(); | ||
| 1038 | for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) { | ||
| 1039 | x = sk_X509_value(xs_ctx.chain, i); | ||
| 1040 | |||
| 1041 | if (!dtls1_add_cert_to_buf(buf, &l, x)) { | ||
| 1042 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
| 1043 | return 0; | ||
| 1044 | } | ||
| 1045 | } | ||
| 1046 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
| 1047 | } | ||
| 1048 | /* Thawte special :-) */ | ||
| 1049 | for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) { | ||
| 1050 | x = sk_X509_value(s->ctx->extra_certs, i); | ||
| 1051 | if (!dtls1_add_cert_to_buf(buf, &l, x)) | ||
| 1052 | return 0; | ||
| 1053 | } | ||
| 1054 | |||
| 1055 | l -= (3 + DTLS1_HM_HEADER_LENGTH); | ||
| 1056 | |||
| 1057 | p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); | ||
| 1058 | l2n3(l, p); | ||
| 1059 | l += 3; | ||
| 1060 | p = (unsigned char *)&(buf->data[0]); | ||
| 1061 | p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l); | ||
| 1062 | |||
| 1063 | l += DTLS1_HM_HEADER_LENGTH; | ||
| 1064 | return (l); | ||
| 1065 | } | ||
| 1066 | |||
| 1067 | int | ||
| 1068 | dtls1_read_failed(SSL *s, int code) | ||
| 1069 | { | ||
| 1070 | if (code > 0) { | ||
| 1071 | fprintf(stderr, "invalid state reached %s:%d", | ||
| 1072 | __FILE__, __LINE__); | ||
| 1073 | return 1; | ||
| 1074 | } | ||
| 1075 | |||
| 1076 | if (!dtls1_is_timer_expired(s)) { | ||
| 1077 | /* | ||
| 1078 | * not a timeout, none of our business, let higher layers | ||
| 1079 | * handle this. in fact it's probably an error | ||
| 1080 | */ | ||
| 1081 | return code; | ||
| 1082 | } | ||
| 1083 | |||
| 1084 | if (!SSL_in_init(s)) /* done, no need to send a retransmit */ | ||
| 1085 | { | ||
| 1086 | BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); | ||
| 1087 | return code; | ||
| 1088 | } | ||
| 1089 | |||
| 1090 | return dtls1_handle_timeout(s); | ||
| 1091 | } | ||
| 1092 | |||
| 1093 | int | ||
| 1094 | dtls1_get_queue_priority(unsigned short seq, int is_ccs) | ||
| 1095 | { | ||
| 1096 | /* | ||
| 1097 | * The index of the retransmission queue actually is the message | ||
| 1098 | * sequence number, since the queue only contains messages of a | ||
| 1099 | * single handshake. However, the ChangeCipherSpec has no message | ||
| 1100 | * sequence number and so using only the sequence will result in | ||
| 1101 | * the CCS and Finished having the same index. To prevent this, the | ||
| 1102 | * sequence number is multiplied by 2. In case of a CCS 1 is | ||
| 1103 | * subtracted. This does not only differ CSS and Finished, it also | ||
| 1104 | * maintains the order of the index (important for priority queues) | ||
| 1105 | * and fits in the unsigned short variable. | ||
| 1106 | */ | ||
| 1107 | return seq * 2 - is_ccs; | ||
| 1108 | } | ||
| 1109 | |||
| 1110 | int | ||
| 1111 | dtls1_retransmit_buffered_messages(SSL *s) | ||
| 1112 | { | ||
| 1113 | pqueue sent = s->d1->sent_messages; | ||
| 1114 | piterator iter; | ||
| 1115 | pitem *item; | ||
| 1116 | hm_fragment *frag; | ||
| 1117 | int found = 0; | ||
| 1118 | |||
| 1119 | iter = pqueue_iterator(sent); | ||
| 1120 | |||
| 1121 | for (item = pqueue_next(&iter); item != NULL; | ||
| 1122 | item = pqueue_next(&iter)) { | ||
| 1123 | frag = (hm_fragment *)item->data; | ||
| 1124 | if (dtls1_retransmit_message(s, | ||
| 1125 | (unsigned short)dtls1_get_queue_priority( | ||
| 1126 | frag->msg_header.seq, frag->msg_header.is_ccs), 0, | ||
| 1127 | &found) <= 0 && found) { | ||
| 1128 | fprintf(stderr, "dtls1_retransmit_message() failed\n"); | ||
| 1129 | return -1; | ||
| 1130 | } | ||
| 1131 | } | ||
| 1132 | |||
| 1133 | return 1; | ||
| 1134 | } | ||
| 1135 | |||
| 1136 | int | ||
| 1137 | dtls1_buffer_message(SSL *s, int is_ccs) | ||
| 1138 | { | ||
| 1139 | pitem *item; | ||
| 1140 | hm_fragment *frag; | ||
| 1141 | unsigned char seq64be[8]; | ||
| 1142 | |||
| 1143 | /* Buffer the messsage in order to handle DTLS retransmissions. */ | ||
| 1144 | |||
| 1145 | /* | ||
| 1146 | * This function is called immediately after a message has | ||
| 1147 | * been serialized | ||
| 1148 | */ | ||
| 1149 | OPENSSL_assert(s->init_off == 0); | ||
| 1150 | |||
| 1151 | frag = dtls1_hm_fragment_new(s->init_num, 0); | ||
| 1152 | if (frag == NULL) | ||
| 1153 | return 0; | ||
| 1154 | |||
| 1155 | memcpy(frag->fragment, s->init_buf->data, s->init_num); | ||
| 1156 | |||
| 1157 | if (is_ccs) { | ||
| 1158 | OPENSSL_assert(s->d1->w_msg_hdr.msg_len + | ||
| 1159 | ((s->version == DTLS1_VERSION) ? | ||
| 1160 | DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->init_num); | ||
| 1161 | } else { | ||
| 1162 | OPENSSL_assert(s->d1->w_msg_hdr.msg_len + | ||
| 1163 | DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); | ||
| 1164 | } | ||
| 1165 | |||
| 1166 | frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len; | ||
| 1167 | frag->msg_header.seq = s->d1->w_msg_hdr.seq; | ||
| 1168 | frag->msg_header.type = s->d1->w_msg_hdr.type; | ||
| 1169 | frag->msg_header.frag_off = 0; | ||
| 1170 | frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; | ||
| 1171 | frag->msg_header.is_ccs = is_ccs; | ||
| 1172 | |||
| 1173 | /* save current state*/ | ||
| 1174 | frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx; | ||
| 1175 | frag->msg_header.saved_retransmit_state.write_hash = s->write_hash; | ||
| 1176 | frag->msg_header.saved_retransmit_state.session = s->session; | ||
| 1177 | frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch; | ||
| 1178 | |||
| 1179 | memset(seq64be, 0, sizeof(seq64be)); | ||
| 1180 | seq64be[6] = (unsigned char)(dtls1_get_queue_priority( | ||
| 1181 | frag->msg_header.seq, frag->msg_header.is_ccs) >> 8); | ||
| 1182 | seq64be[7] = (unsigned char)(dtls1_get_queue_priority( | ||
| 1183 | frag->msg_header.seq, frag->msg_header.is_ccs)); | ||
| 1184 | |||
| 1185 | item = pitem_new(seq64be, frag); | ||
| 1186 | if (item == NULL) { | ||
| 1187 | dtls1_hm_fragment_free(frag); | ||
| 1188 | return 0; | ||
| 1189 | } | ||
| 1190 | |||
| 1191 | pqueue_insert(s->d1->sent_messages, item); | ||
| 1192 | return 1; | ||
| 1193 | } | ||
| 1194 | |||
| 1195 | int | ||
| 1196 | dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | ||
| 1197 | int *found) | ||
| 1198 | { | ||
| 1199 | int ret; | ||
| 1200 | /* XDTLS: for now assuming that read/writes are blocking */ | ||
| 1201 | pitem *item; | ||
| 1202 | hm_fragment *frag; | ||
| 1203 | unsigned long header_length; | ||
| 1204 | unsigned char seq64be[8]; | ||
| 1205 | struct dtls1_retransmit_state saved_state; | ||
| 1206 | unsigned char save_write_sequence[8]; | ||
| 1207 | |||
| 1208 | /* | ||
| 1209 | OPENSSL_assert(s->init_num == 0); | ||
| 1210 | OPENSSL_assert(s->init_off == 0); | ||
| 1211 | */ | ||
| 1212 | |||
| 1213 | /* XDTLS: the requested message ought to be found, otherwise error */ | ||
| 1214 | memset(seq64be, 0, sizeof(seq64be)); | ||
| 1215 | seq64be[6] = (unsigned char)(seq >> 8); | ||
| 1216 | seq64be[7] = (unsigned char)seq; | ||
| 1217 | |||
| 1218 | item = pqueue_find(s->d1->sent_messages, seq64be); | ||
| 1219 | if (item == NULL) { | ||
| 1220 | fprintf(stderr, "retransmit: message %d non-existant\n", seq); | ||
| 1221 | *found = 0; | ||
| 1222 | return 0; | ||
| 1223 | } | ||
| 1224 | |||
| 1225 | *found = 1; | ||
| 1226 | frag = (hm_fragment *)item->data; | ||
| 1227 | |||
| 1228 | if (frag->msg_header.is_ccs) | ||
| 1229 | header_length = DTLS1_CCS_HEADER_LENGTH; | ||
| 1230 | else | ||
| 1231 | header_length = DTLS1_HM_HEADER_LENGTH; | ||
| 1232 | |||
| 1233 | memcpy(s->init_buf->data, frag->fragment, | ||
| 1234 | frag->msg_header.msg_len + header_length); | ||
| 1235 | s->init_num = frag->msg_header.msg_len + header_length; | ||
| 1236 | |||
| 1237 | dtls1_set_message_header_int(s, frag->msg_header.type, | ||
| 1238 | frag->msg_header.msg_len, frag->msg_header.seq, 0, | ||
| 1239 | frag->msg_header.frag_len); | ||
| 1240 | |||
| 1241 | /* save current state */ | ||
| 1242 | saved_state.enc_write_ctx = s->enc_write_ctx; | ||
| 1243 | saved_state.write_hash = s->write_hash; | ||
| 1244 | saved_state.session = s->session; | ||
| 1245 | saved_state.epoch = s->d1->w_epoch; | ||
| 1246 | |||
| 1247 | s->d1->retransmitting = 1; | ||
| 1248 | |||
| 1249 | /* restore state in which the message was originally sent */ | ||
| 1250 | s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; | ||
| 1251 | s->write_hash = frag->msg_header.saved_retransmit_state.write_hash; | ||
| 1252 | s->session = frag->msg_header.saved_retransmit_state.session; | ||
| 1253 | s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch; | ||
| 1254 | |||
| 1255 | if (frag->msg_header.saved_retransmit_state.epoch == | ||
| 1256 | saved_state.epoch - 1) { | ||
| 1257 | memcpy(save_write_sequence, s->s3->write_sequence, | ||
| 1258 | sizeof(s->s3->write_sequence)); | ||
| 1259 | memcpy(s->s3->write_sequence, s->d1->last_write_sequence, | ||
| 1260 | sizeof(s->s3->write_sequence)); | ||
| 1261 | } | ||
| 1262 | |||
| 1263 | ret = dtls1_do_write(s, frag->msg_header.is_ccs ? | ||
| 1264 | SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); | ||
| 1265 | |||
| 1266 | /* restore current state */ | ||
| 1267 | s->enc_write_ctx = saved_state.enc_write_ctx; | ||
| 1268 | s->write_hash = saved_state.write_hash; | ||
| 1269 | s->session = saved_state.session; | ||
| 1270 | s->d1->w_epoch = saved_state.epoch; | ||
| 1271 | |||
| 1272 | if (frag->msg_header.saved_retransmit_state.epoch == | ||
| 1273 | saved_state.epoch - 1) { | ||
| 1274 | memcpy(s->d1->last_write_sequence, s->s3->write_sequence, | ||
| 1275 | sizeof(s->s3->write_sequence)); | ||
| 1276 | memcpy(s->s3->write_sequence, save_write_sequence, | ||
| 1277 | sizeof(s->s3->write_sequence)); | ||
| 1278 | } | ||
| 1279 | |||
| 1280 | s->d1->retransmitting = 0; | ||
| 1281 | |||
| 1282 | (void)BIO_flush(SSL_get_wbio(s)); | ||
| 1283 | return ret; | ||
| 1284 | } | ||
| 1285 | |||
| 1286 | /* call this function when the buffered messages are no longer needed */ | ||
| 1287 | void | ||
| 1288 | dtls1_clear_record_buffer(SSL *s) | ||
| 1289 | { | ||
| 1290 | pitem *item; | ||
| 1291 | |||
| 1292 | for(item = pqueue_pop(s->d1->sent_messages); item != NULL; | ||
| 1293 | item = pqueue_pop(s->d1->sent_messages)) { | ||
| 1294 | dtls1_hm_fragment_free((hm_fragment *)item->data); | ||
| 1295 | pitem_free(item); | ||
| 1296 | } | ||
| 1297 | } | ||
| 1298 | |||
| 1299 | unsigned char * | ||
| 1300 | dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt, | ||
| 1301 | unsigned long len, unsigned long frag_off, unsigned long frag_len) | ||
| 1302 | { | ||
| 1303 | /* Don't change sequence numbers while listening */ | ||
| 1304 | if (frag_off == 0 && !s->d1->listen) { | ||
| 1305 | s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; | ||
| 1306 | s->d1->next_handshake_write_seq++; | ||
| 1307 | } | ||
| 1308 | |||
| 1309 | dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq, | ||
| 1310 | frag_off, frag_len); | ||
| 1311 | |||
| 1312 | return p += DTLS1_HM_HEADER_LENGTH; | ||
| 1313 | } | ||
| 1314 | |||
| 1315 | /* don't actually do the writing, wait till the MTU has been retrieved */ | ||
| 1316 | static void | ||
| 1317 | dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, | ||
| 1318 | unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) | ||
| 1319 | { | ||
| 1320 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
| 1321 | |||
| 1322 | msg_hdr->type = mt; | ||
| 1323 | msg_hdr->msg_len = len; | ||
| 1324 | msg_hdr->seq = seq_num; | ||
| 1325 | msg_hdr->frag_off = frag_off; | ||
| 1326 | msg_hdr->frag_len = frag_len; | ||
| 1327 | } | ||
| 1328 | |||
| 1329 | static void | ||
| 1330 | dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) | ||
| 1331 | { | ||
| 1332 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
| 1333 | |||
| 1334 | msg_hdr->frag_off = frag_off; | ||
| 1335 | msg_hdr->frag_len = frag_len; | ||
| 1336 | } | ||
| 1337 | |||
| 1338 | static unsigned char * | ||
| 1339 | dtls1_write_message_header(SSL *s, unsigned char *p) | ||
| 1340 | { | ||
| 1341 | struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; | ||
| 1342 | |||
| 1343 | *p++ = msg_hdr->type; | ||
| 1344 | l2n3(msg_hdr->msg_len, p); | ||
| 1345 | |||
| 1346 | s2n(msg_hdr->seq, p); | ||
| 1347 | l2n3(msg_hdr->frag_off, p); | ||
| 1348 | l2n3(msg_hdr->frag_len, p); | ||
| 1349 | |||
| 1350 | return p; | ||
| 1351 | } | ||
| 1352 | |||
| 1353 | unsigned int | ||
| 1354 | dtls1_min_mtu(void) | ||
| 1355 | { | ||
| 1356 | return (g_probable_mtu[(sizeof(g_probable_mtu) / | ||
| 1357 | sizeof(g_probable_mtu[0])) - 1]); | ||
| 1358 | } | ||
| 1359 | |||
| 1360 | static unsigned int | ||
| 1361 | dtls1_guess_mtu(unsigned int curr_mtu) | ||
| 1362 | { | ||
| 1363 | unsigned int i; | ||
| 1364 | |||
| 1365 | if (curr_mtu == 0) | ||
| 1366 | return g_probable_mtu[0]; | ||
| 1367 | |||
| 1368 | for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++) | ||
| 1369 | if (curr_mtu > g_probable_mtu[i]) | ||
| 1370 | return g_probable_mtu[i]; | ||
| 1371 | |||
| 1372 | return curr_mtu; | ||
| 1373 | } | ||
| 1374 | |||
| 1375 | void | ||
| 1376 | dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) | ||
| 1377 | { | ||
| 1378 | memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); | ||
| 1379 | msg_hdr->type = *(data++); | ||
| 1380 | n2l3(data, msg_hdr->msg_len); | ||
| 1381 | |||
| 1382 | n2s(data, msg_hdr->seq); | ||
| 1383 | n2l3(data, msg_hdr->frag_off); | ||
| 1384 | n2l3(data, msg_hdr->frag_len); | ||
| 1385 | } | ||
| 1386 | |||
| 1387 | void | ||
| 1388 | dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) | ||
| 1389 | { | ||
| 1390 | memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); | ||
| 1391 | |||
| 1392 | ccs_hdr->type = *(data++); | ||
| 1393 | } | ||
| 1394 | |||
| 1395 | int | ||
| 1396 | dtls1_shutdown(SSL *s) | ||
| 1397 | { | ||
| 1398 | int ret; | ||
| 1399 | |||
| 1400 | ret = ssl3_shutdown(s); | ||
| 1401 | return ret; | ||
| 1402 | } | ||
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c deleted file mode 100644 index cf25183de5..0000000000 --- a/src/lib/libssl/d1_clnt.c +++ /dev/null | |||
| @@ -1,1222 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_clnt.c,v 1.43 2015/02/09 10:53:28 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@OpenSSL.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 60 | * All rights reserved. | ||
| 61 | * | ||
| 62 | * This package is an SSL implementation written | ||
| 63 | * by Eric Young (eay@cryptsoft.com). | ||
| 64 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 65 | * | ||
| 66 | * This library is free for commercial and non-commercial use as long as | ||
| 67 | * the following conditions are aheared to. The following conditions | ||
| 68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 70 | * included with this distribution is covered by the same copyright terms | ||
| 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 72 | * | ||
| 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 74 | * the code are not to be removed. | ||
| 75 | * If this package is used in a product, Eric Young should be given attribution | ||
| 76 | * as the author of the parts of the library used. | ||
| 77 | * This can be in the form of a textual message at program startup or | ||
| 78 | * in documentation (online or textual) provided with the package. | ||
| 79 | * | ||
| 80 | * Redistribution and use in source and binary forms, with or without | ||
| 81 | * modification, are permitted provided that the following conditions | ||
| 82 | * are met: | ||
| 83 | * 1. Redistributions of source code must retain the copyright | ||
| 84 | * notice, this list of conditions and the following disclaimer. | ||
| 85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 86 | * notice, this list of conditions and the following disclaimer in the | ||
| 87 | * documentation and/or other materials provided with the distribution. | ||
| 88 | * 3. All advertising materials mentioning features or use of this software | ||
| 89 | * must display the following acknowledgement: | ||
| 90 | * "This product includes cryptographic software written by | ||
| 91 | * Eric Young (eay@cryptsoft.com)" | ||
| 92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 93 | * being used are not cryptographic related :-). | ||
| 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 95 | * the apps directory (application code) you must include an acknowledgement: | ||
| 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 97 | * | ||
| 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 108 | * SUCH DAMAGE. | ||
| 109 | * | ||
| 110 | * The licence and distribution terms for any publically available version or | ||
| 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 112 | * copied and put under another distribution licence | ||
| 113 | * [including the GNU Public Licence.] | ||
| 114 | */ | ||
| 115 | |||
| 116 | #include <stdio.h> | ||
| 117 | |||
| 118 | #include "ssl_locl.h" | ||
| 119 | |||
| 120 | #include <openssl/bn.h> | ||
| 121 | #include <openssl/buffer.h> | ||
| 122 | #include <openssl/dh.h> | ||
| 123 | #include <openssl/evp.h> | ||
| 124 | #include <openssl/md5.h> | ||
| 125 | #include <openssl/objects.h> | ||
| 126 | |||
| 127 | static const SSL_METHOD *dtls1_get_client_method(int ver); | ||
| 128 | static int dtls1_get_hello_verify(SSL *s); | ||
| 129 | |||
| 130 | const SSL_METHOD DTLSv1_client_method_data = { | ||
| 131 | .version = DTLS1_VERSION, | ||
| 132 | .ssl_new = dtls1_new, | ||
| 133 | .ssl_clear = dtls1_clear, | ||
| 134 | .ssl_free = dtls1_free, | ||
| 135 | .ssl_accept = ssl_undefined_function, | ||
| 136 | .ssl_connect = dtls1_connect, | ||
| 137 | .ssl_read = ssl3_read, | ||
| 138 | .ssl_peek = ssl3_peek, | ||
| 139 | .ssl_write = ssl3_write, | ||
| 140 | .ssl_shutdown = dtls1_shutdown, | ||
| 141 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 142 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 143 | .ssl_get_message = dtls1_get_message, | ||
| 144 | .ssl_read_bytes = dtls1_read_bytes, | ||
| 145 | .ssl_write_bytes = dtls1_write_app_data_bytes, | ||
| 146 | .ssl_dispatch_alert = dtls1_dispatch_alert, | ||
| 147 | .ssl_ctrl = dtls1_ctrl, | ||
| 148 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 149 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 150 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 151 | .ssl_pending = ssl3_pending, | ||
| 152 | .num_ciphers = ssl3_num_ciphers, | ||
| 153 | .get_cipher = dtls1_get_cipher, | ||
| 154 | .get_ssl_method = dtls1_get_client_method, | ||
| 155 | .get_timeout = dtls1_default_timeout, | ||
| 156 | .ssl3_enc = &DTLSv1_enc_data, | ||
| 157 | .ssl_version = ssl_undefined_void_function, | ||
| 158 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 159 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 160 | }; | ||
| 161 | |||
| 162 | const SSL_METHOD * | ||
| 163 | DTLSv1_client_method(void) | ||
| 164 | { | ||
| 165 | return &DTLSv1_client_method_data; | ||
| 166 | } | ||
| 167 | |||
| 168 | static const SSL_METHOD * | ||
| 169 | dtls1_get_client_method(int ver) | ||
| 170 | { | ||
| 171 | if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) | ||
| 172 | return (DTLSv1_client_method()); | ||
| 173 | return (NULL); | ||
| 174 | } | ||
| 175 | |||
| 176 | int | ||
| 177 | dtls1_connect(SSL *s) | ||
| 178 | { | ||
| 179 | BUF_MEM *buf = NULL; | ||
| 180 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 181 | int ret = -1; | ||
| 182 | int new_state, state, skip = 0; | ||
| 183 | |||
| 184 | ERR_clear_error(); | ||
| 185 | errno = 0; | ||
| 186 | |||
| 187 | if (s->info_callback != NULL) | ||
| 188 | cb = s->info_callback; | ||
| 189 | else if (s->ctx->info_callback != NULL) | ||
| 190 | cb = s->ctx->info_callback; | ||
| 191 | |||
| 192 | s->in_handshake++; | ||
| 193 | if (!SSL_in_init(s) || SSL_in_before(s)) | ||
| 194 | SSL_clear(s); | ||
| 195 | |||
| 196 | |||
| 197 | for (;;) { | ||
| 198 | state = s->state; | ||
| 199 | |||
| 200 | switch (s->state) { | ||
| 201 | case SSL_ST_RENEGOTIATE: | ||
| 202 | s->renegotiate = 1; | ||
| 203 | s->state = SSL_ST_CONNECT; | ||
| 204 | s->ctx->stats.sess_connect_renegotiate++; | ||
| 205 | /* break */ | ||
| 206 | case SSL_ST_BEFORE: | ||
| 207 | case SSL_ST_CONNECT: | ||
| 208 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 209 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 210 | |||
| 211 | s->server = 0; | ||
| 212 | if (cb != NULL) | ||
| 213 | cb(s, SSL_CB_HANDSHAKE_START, 1); | ||
| 214 | |||
| 215 | if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) && | ||
| 216 | (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00)) { | ||
| 217 | SSLerr(SSL_F_DTLS1_CONNECT, | ||
| 218 | ERR_R_INTERNAL_ERROR); | ||
| 219 | ret = -1; | ||
| 220 | goto end; | ||
| 221 | } | ||
| 222 | |||
| 223 | /* s->version=SSL3_VERSION; */ | ||
| 224 | s->type = SSL_ST_CONNECT; | ||
| 225 | |||
| 226 | if (s->init_buf == NULL) { | ||
| 227 | if ((buf = BUF_MEM_new()) == NULL) { | ||
| 228 | ret = -1; | ||
| 229 | goto end; | ||
| 230 | } | ||
| 231 | if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { | ||
| 232 | ret = -1; | ||
| 233 | goto end; | ||
| 234 | } | ||
| 235 | s->init_buf = buf; | ||
| 236 | buf = NULL; | ||
| 237 | } | ||
| 238 | |||
| 239 | if (!ssl3_setup_buffers(s)) { | ||
| 240 | ret = -1; | ||
| 241 | goto end; | ||
| 242 | } | ||
| 243 | |||
| 244 | /* setup buffing BIO */ | ||
| 245 | if (!ssl_init_wbio_buffer(s, 0)) { | ||
| 246 | ret = -1; | ||
| 247 | goto end; | ||
| 248 | } | ||
| 249 | |||
| 250 | /* don't push the buffering BIO quite yet */ | ||
| 251 | |||
| 252 | s->state = SSL3_ST_CW_CLNT_HELLO_A; | ||
| 253 | s->ctx->stats.sess_connect++; | ||
| 254 | s->init_num = 0; | ||
| 255 | /* mark client_random uninitialized */ | ||
| 256 | memset(s->s3->client_random, 0, | ||
| 257 | sizeof(s->s3->client_random)); | ||
| 258 | s->d1->send_cookie = 0; | ||
| 259 | s->hit = 0; | ||
| 260 | break; | ||
| 261 | |||
| 262 | |||
| 263 | case SSL3_ST_CW_CLNT_HELLO_A: | ||
| 264 | case SSL3_ST_CW_CLNT_HELLO_B: | ||
| 265 | |||
| 266 | s->shutdown = 0; | ||
| 267 | |||
| 268 | /* every DTLS ClientHello resets Finished MAC */ | ||
| 269 | if (!ssl3_init_finished_mac(s)) { | ||
| 270 | ret = -1; | ||
| 271 | goto end; | ||
| 272 | } | ||
| 273 | |||
| 274 | dtls1_start_timer(s); | ||
| 275 | ret = dtls1_client_hello(s); | ||
| 276 | if (ret <= 0) | ||
| 277 | goto end; | ||
| 278 | |||
| 279 | if (s->d1->send_cookie) { | ||
| 280 | s->state = SSL3_ST_CW_FLUSH; | ||
| 281 | s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A; | ||
| 282 | } else | ||
| 283 | s->state = SSL3_ST_CR_SRVR_HELLO_A; | ||
| 284 | |||
| 285 | s->init_num = 0; | ||
| 286 | |||
| 287 | /* turn on buffering for the next lot of output */ | ||
| 288 | if (s->bbio != s->wbio) | ||
| 289 | s->wbio = BIO_push(s->bbio, s->wbio); | ||
| 290 | break; | ||
| 291 | |||
| 292 | case SSL3_ST_CR_SRVR_HELLO_A: | ||
| 293 | case SSL3_ST_CR_SRVR_HELLO_B: | ||
| 294 | ret = ssl3_get_server_hello(s); | ||
| 295 | if (ret <= 0) | ||
| 296 | goto end; | ||
| 297 | else { | ||
| 298 | if (s->hit) { | ||
| 299 | |||
| 300 | s->state = SSL3_ST_CR_FINISHED_A; | ||
| 301 | } else | ||
| 302 | s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; | ||
| 303 | } | ||
| 304 | s->init_num = 0; | ||
| 305 | break; | ||
| 306 | |||
| 307 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: | ||
| 308 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: | ||
| 309 | |||
| 310 | ret = dtls1_get_hello_verify(s); | ||
| 311 | if (ret <= 0) | ||
| 312 | goto end; | ||
| 313 | dtls1_stop_timer(s); | ||
| 314 | if ( s->d1->send_cookie) /* start again, with a cookie */ | ||
| 315 | s->state = SSL3_ST_CW_CLNT_HELLO_A; | ||
| 316 | else | ||
| 317 | s->state = SSL3_ST_CR_CERT_A; | ||
| 318 | s->init_num = 0; | ||
| 319 | break; | ||
| 320 | |||
| 321 | case SSL3_ST_CR_CERT_A: | ||
| 322 | case SSL3_ST_CR_CERT_B: | ||
| 323 | ret = ssl3_check_finished(s); | ||
| 324 | if (ret <= 0) | ||
| 325 | goto end; | ||
| 326 | if (ret == 2) { | ||
| 327 | s->hit = 1; | ||
| 328 | if (s->tlsext_ticket_expected) | ||
| 329 | s->state = SSL3_ST_CR_SESSION_TICKET_A; | ||
| 330 | else | ||
| 331 | s->state = SSL3_ST_CR_FINISHED_A; | ||
| 332 | s->init_num = 0; | ||
| 333 | break; | ||
| 334 | } | ||
| 335 | /* Check if it is anon DH. */ | ||
| 336 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | ||
| 337 | SSL_aNULL)) { | ||
| 338 | ret = ssl3_get_server_certificate(s); | ||
| 339 | if (ret <= 0) | ||
| 340 | goto end; | ||
| 341 | if (s->tlsext_status_expected) | ||
| 342 | s->state = SSL3_ST_CR_CERT_STATUS_A; | ||
| 343 | else | ||
| 344 | s->state = SSL3_ST_CR_KEY_EXCH_A; | ||
| 345 | } else { | ||
| 346 | skip = 1; | ||
| 347 | s->state = SSL3_ST_CR_KEY_EXCH_A; | ||
| 348 | } | ||
| 349 | s->init_num = 0; | ||
| 350 | break; | ||
| 351 | |||
| 352 | case SSL3_ST_CR_KEY_EXCH_A: | ||
| 353 | case SSL3_ST_CR_KEY_EXCH_B: | ||
| 354 | ret = ssl3_get_key_exchange(s); | ||
| 355 | if (ret <= 0) | ||
| 356 | goto end; | ||
| 357 | s->state = SSL3_ST_CR_CERT_REQ_A; | ||
| 358 | s->init_num = 0; | ||
| 359 | |||
| 360 | /* at this point we check that we have the | ||
| 361 | * required stuff from the server */ | ||
| 362 | if (!ssl3_check_cert_and_algorithm(s)) { | ||
| 363 | ret = -1; | ||
| 364 | goto end; | ||
| 365 | } | ||
| 366 | break; | ||
| 367 | |||
| 368 | case SSL3_ST_CR_CERT_REQ_A: | ||
| 369 | case SSL3_ST_CR_CERT_REQ_B: | ||
| 370 | ret = ssl3_get_certificate_request(s); | ||
| 371 | if (ret <= 0) | ||
| 372 | goto end; | ||
| 373 | s->state = SSL3_ST_CR_SRVR_DONE_A; | ||
| 374 | s->init_num = 0; | ||
| 375 | break; | ||
| 376 | |||
| 377 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 378 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 379 | ret = ssl3_get_server_done(s); | ||
| 380 | if (ret <= 0) | ||
| 381 | goto end; | ||
| 382 | dtls1_stop_timer(s); | ||
| 383 | if (s->s3->tmp.cert_req) | ||
| 384 | s->s3->tmp.next_state = SSL3_ST_CW_CERT_A; | ||
| 385 | else | ||
| 386 | s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A; | ||
| 387 | s->init_num = 0; | ||
| 388 | |||
| 389 | s->state = s->s3->tmp.next_state; | ||
| 390 | break; | ||
| 391 | |||
| 392 | case SSL3_ST_CW_CERT_A: | ||
| 393 | case SSL3_ST_CW_CERT_B: | ||
| 394 | case SSL3_ST_CW_CERT_C: | ||
| 395 | case SSL3_ST_CW_CERT_D: | ||
| 396 | dtls1_start_timer(s); | ||
| 397 | ret = dtls1_send_client_certificate(s); | ||
| 398 | if (ret <= 0) | ||
| 399 | goto end; | ||
| 400 | s->state = SSL3_ST_CW_KEY_EXCH_A; | ||
| 401 | s->init_num = 0; | ||
| 402 | break; | ||
| 403 | |||
| 404 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 405 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 406 | dtls1_start_timer(s); | ||
| 407 | ret = dtls1_send_client_key_exchange(s); | ||
| 408 | if (ret <= 0) | ||
| 409 | goto end; | ||
| 410 | |||
| 411 | |||
| 412 | /* EAY EAY EAY need to check for DH fix cert | ||
| 413 | * sent back */ | ||
| 414 | /* For TLS, cert_req is set to 2, so a cert chain | ||
| 415 | * of nothing is sent, but no verify packet is sent */ | ||
| 416 | if (s->s3->tmp.cert_req == 1) { | ||
| 417 | s->state = SSL3_ST_CW_CERT_VRFY_A; | ||
| 418 | } else { | ||
| 419 | s->state = SSL3_ST_CW_CHANGE_A; | ||
| 420 | s->s3->change_cipher_spec = 0; | ||
| 421 | } | ||
| 422 | |||
| 423 | s->init_num = 0; | ||
| 424 | break; | ||
| 425 | |||
| 426 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 427 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 428 | dtls1_start_timer(s); | ||
| 429 | ret = dtls1_send_client_verify(s); | ||
| 430 | if (ret <= 0) | ||
| 431 | goto end; | ||
| 432 | s->state = SSL3_ST_CW_CHANGE_A; | ||
| 433 | s->init_num = 0; | ||
| 434 | s->s3->change_cipher_spec = 0; | ||
| 435 | break; | ||
| 436 | |||
| 437 | case SSL3_ST_CW_CHANGE_A: | ||
| 438 | case SSL3_ST_CW_CHANGE_B: | ||
| 439 | if (!s->hit) | ||
| 440 | dtls1_start_timer(s); | ||
| 441 | ret = dtls1_send_change_cipher_spec(s, | ||
| 442 | SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); | ||
| 443 | if (ret <= 0) | ||
| 444 | goto end; | ||
| 445 | |||
| 446 | s->state = SSL3_ST_CW_FINISHED_A; | ||
| 447 | s->init_num = 0; | ||
| 448 | |||
| 449 | s->session->cipher = s->s3->tmp.new_cipher; | ||
| 450 | if (!s->method->ssl3_enc->setup_key_block(s)) { | ||
| 451 | ret = -1; | ||
| 452 | goto end; | ||
| 453 | } | ||
| 454 | |||
| 455 | if (!s->method->ssl3_enc->change_cipher_state(s, | ||
| 456 | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { | ||
| 457 | ret = -1; | ||
| 458 | goto end; | ||
| 459 | } | ||
| 460 | |||
| 461 | |||
| 462 | dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); | ||
| 463 | break; | ||
| 464 | |||
| 465 | case SSL3_ST_CW_FINISHED_A: | ||
| 466 | case SSL3_ST_CW_FINISHED_B: | ||
| 467 | if (!s->hit) | ||
| 468 | dtls1_start_timer(s); | ||
| 469 | ret = dtls1_send_finished(s, | ||
| 470 | SSL3_ST_CW_FINISHED_A, SSL3_ST_CW_FINISHED_B, | ||
| 471 | s->method->ssl3_enc->client_finished_label, | ||
| 472 | s->method->ssl3_enc->client_finished_label_len); | ||
| 473 | if (ret <= 0) | ||
| 474 | goto end; | ||
| 475 | s->state = SSL3_ST_CW_FLUSH; | ||
| 476 | |||
| 477 | /* clear flags */ | ||
| 478 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | ||
| 479 | if (s->hit) { | ||
| 480 | s->s3->tmp.next_state = SSL_ST_OK; | ||
| 481 | if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) { | ||
| 482 | s->state = SSL_ST_OK; | ||
| 483 | s->s3->flags |= SSL3_FLAGS_POP_BUFFER; | ||
| 484 | s->s3->delay_buf_pop_ret = 0; | ||
| 485 | } | ||
| 486 | } else { | ||
| 487 | |||
| 488 | /* Allow NewSessionTicket if ticket expected */ | ||
| 489 | if (s->tlsext_ticket_expected) | ||
| 490 | s->s3->tmp.next_state = | ||
| 491 | SSL3_ST_CR_SESSION_TICKET_A; | ||
| 492 | else | ||
| 493 | s->s3->tmp.next_state = | ||
| 494 | SSL3_ST_CR_FINISHED_A; | ||
| 495 | } | ||
| 496 | s->init_num = 0; | ||
| 497 | break; | ||
| 498 | |||
| 499 | case SSL3_ST_CR_SESSION_TICKET_A: | ||
| 500 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 501 | ret = ssl3_get_new_session_ticket(s); | ||
| 502 | if (ret <= 0) | ||
| 503 | goto end; | ||
| 504 | s->state = SSL3_ST_CR_FINISHED_A; | ||
| 505 | s->init_num = 0; | ||
| 506 | break; | ||
| 507 | |||
| 508 | case SSL3_ST_CR_CERT_STATUS_A: | ||
| 509 | case SSL3_ST_CR_CERT_STATUS_B: | ||
| 510 | ret = ssl3_get_cert_status(s); | ||
| 511 | if (ret <= 0) | ||
| 512 | goto end; | ||
| 513 | s->state = SSL3_ST_CR_KEY_EXCH_A; | ||
| 514 | s->init_num = 0; | ||
| 515 | break; | ||
| 516 | |||
| 517 | case SSL3_ST_CR_FINISHED_A: | ||
| 518 | case SSL3_ST_CR_FINISHED_B: | ||
| 519 | s->d1->change_cipher_spec_ok = 1; | ||
| 520 | ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, | ||
| 521 | SSL3_ST_CR_FINISHED_B); | ||
| 522 | if (ret <= 0) | ||
| 523 | goto end; | ||
| 524 | dtls1_stop_timer(s); | ||
| 525 | |||
| 526 | if (s->hit) | ||
| 527 | s->state = SSL3_ST_CW_CHANGE_A; | ||
| 528 | else | ||
| 529 | s->state = SSL_ST_OK; | ||
| 530 | |||
| 531 | |||
| 532 | s->init_num = 0; | ||
| 533 | break; | ||
| 534 | |||
| 535 | case SSL3_ST_CW_FLUSH: | ||
| 536 | s->rwstate = SSL_WRITING; | ||
| 537 | if (BIO_flush(s->wbio) <= 0) { | ||
| 538 | /* If the write error was fatal, stop trying */ | ||
| 539 | if (!BIO_should_retry(s->wbio)) { | ||
| 540 | s->rwstate = SSL_NOTHING; | ||
| 541 | s->state = s->s3->tmp.next_state; | ||
| 542 | } | ||
| 543 | |||
| 544 | ret = -1; | ||
| 545 | goto end; | ||
| 546 | } | ||
| 547 | s->rwstate = SSL_NOTHING; | ||
| 548 | s->state = s->s3->tmp.next_state; | ||
| 549 | break; | ||
| 550 | |||
| 551 | case SSL_ST_OK: | ||
| 552 | /* clean a few things up */ | ||
| 553 | ssl3_cleanup_key_block(s); | ||
| 554 | |||
| 555 | /* If we are not 'joining' the last two packets, | ||
| 556 | * remove the buffering now */ | ||
| 557 | if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) | ||
| 558 | ssl_free_wbio_buffer(s); | ||
| 559 | /* else do it later in ssl3_write */ | ||
| 560 | |||
| 561 | s->init_num = 0; | ||
| 562 | s->renegotiate = 0; | ||
| 563 | s->new_session = 0; | ||
| 564 | |||
| 565 | ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); | ||
| 566 | if (s->hit) | ||
| 567 | s->ctx->stats.sess_hit++; | ||
| 568 | |||
| 569 | ret = 1; | ||
| 570 | /* s->server=0; */ | ||
| 571 | s->handshake_func = dtls1_connect; | ||
| 572 | s->ctx->stats.sess_connect_good++; | ||
| 573 | |||
| 574 | if (cb != NULL) | ||
| 575 | cb(s, SSL_CB_HANDSHAKE_DONE, 1); | ||
| 576 | |||
| 577 | /* done with handshaking */ | ||
| 578 | s->d1->handshake_read_seq = 0; | ||
| 579 | s->d1->next_handshake_write_seq = 0; | ||
| 580 | goto end; | ||
| 581 | /* break; */ | ||
| 582 | |||
| 583 | default: | ||
| 584 | SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); | ||
| 585 | ret = -1; | ||
| 586 | goto end; | ||
| 587 | /* break; */ | ||
| 588 | } | ||
| 589 | |||
| 590 | /* did we do anything */ | ||
| 591 | if (!s->s3->tmp.reuse_message && !skip) { | ||
| 592 | if (s->debug) { | ||
| 593 | if ((ret = BIO_flush(s->wbio)) <= 0) | ||
| 594 | goto end; | ||
| 595 | } | ||
| 596 | |||
| 597 | if ((cb != NULL) && (s->state != state)) { | ||
| 598 | new_state = s->state; | ||
| 599 | s->state = state; | ||
| 600 | cb(s, SSL_CB_CONNECT_LOOP, 1); | ||
| 601 | s->state = new_state; | ||
| 602 | } | ||
| 603 | } | ||
| 604 | skip = 0; | ||
| 605 | } | ||
| 606 | end: | ||
| 607 | s->in_handshake--; | ||
| 608 | |||
| 609 | |||
| 610 | if (buf != NULL) | ||
| 611 | BUF_MEM_free(buf); | ||
| 612 | if (cb != NULL) | ||
| 613 | cb(s, SSL_CB_CONNECT_EXIT, ret); | ||
| 614 | return (ret); | ||
| 615 | } | ||
| 616 | |||
| 617 | int | ||
| 618 | dtls1_client_hello(SSL *s) | ||
| 619 | { | ||
| 620 | unsigned char *bufend, *d, *p; | ||
| 621 | unsigned int i; | ||
| 622 | |||
| 623 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { | ||
| 624 | SSL_SESSION *sess = s->session; | ||
| 625 | |||
| 626 | if ((s->session == NULL) || | ||
| 627 | (s->session->ssl_version != s->version) || | ||
| 628 | (!sess->session_id_length && !sess->tlsext_tick) || | ||
| 629 | (s->session->not_resumable)) { | ||
| 630 | if (!ssl_get_new_session(s, 0)) | ||
| 631 | goto err; | ||
| 632 | } | ||
| 633 | /* else use the pre-loaded session */ | ||
| 634 | |||
| 635 | p = s->s3->client_random; | ||
| 636 | |||
| 637 | /* if client_random is initialized, reuse it, we are | ||
| 638 | * required to use same upon reply to HelloVerify */ | ||
| 639 | for (i = 0; p[i]=='\0' && i < sizeof(s->s3->client_random); i++) | ||
| 640 | ; | ||
| 641 | if (i == sizeof(s->s3->client_random)) | ||
| 642 | arc4random_buf(p, sizeof(s->s3->client_random)); | ||
| 643 | |||
| 644 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); | ||
| 645 | |||
| 646 | *(p++) = s->version >> 8; | ||
| 647 | *(p++) = s->version&0xff; | ||
| 648 | s->client_version = s->version; | ||
| 649 | |||
| 650 | /* Random stuff */ | ||
| 651 | memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 652 | p += SSL3_RANDOM_SIZE; | ||
| 653 | |||
| 654 | /* Session ID */ | ||
| 655 | if (s->new_session) | ||
| 656 | i = 0; | ||
| 657 | else | ||
| 658 | i = s->session->session_id_length; | ||
| 659 | *(p++) = i; | ||
| 660 | if (i != 0) { | ||
| 661 | if (i > sizeof s->session->session_id) { | ||
| 662 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, | ||
| 663 | ERR_R_INTERNAL_ERROR); | ||
| 664 | goto err; | ||
| 665 | } | ||
| 666 | memcpy(p, s->session->session_id, i); | ||
| 667 | p += i; | ||
| 668 | } | ||
| 669 | |||
| 670 | /* cookie stuff */ | ||
| 671 | if (s->d1->cookie_len > sizeof(s->d1->cookie)) { | ||
| 672 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 673 | goto err; | ||
| 674 | } | ||
| 675 | *(p++) = s->d1->cookie_len; | ||
| 676 | memcpy(p, s->d1->cookie, s->d1->cookie_len); | ||
| 677 | p += s->d1->cookie_len; | ||
| 678 | |||
| 679 | /* Ciphers supported */ | ||
| 680 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); | ||
| 681 | if (i == 0) { | ||
| 682 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, | ||
| 683 | SSL_R_NO_CIPHERS_AVAILABLE); | ||
| 684 | goto err; | ||
| 685 | } | ||
| 686 | s2n(i, p); | ||
| 687 | p += i; | ||
| 688 | |||
| 689 | /* add in (no) COMPRESSION */ | ||
| 690 | *(p++) = 1; | ||
| 691 | *(p++) = 0; /* Add the NULL method */ | ||
| 692 | |||
| 693 | bufend = (unsigned char *)s->init_buf->data + | ||
| 694 | SSL3_RT_MAX_PLAIN_LENGTH; | ||
| 695 | if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) { | ||
| 696 | SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 697 | goto err; | ||
| 698 | } | ||
| 699 | |||
| 700 | ssl3_handshake_msg_finish(s, p - d); | ||
| 701 | |||
| 702 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | ||
| 703 | } | ||
| 704 | |||
| 705 | /* SSL3_ST_CW_CLNT_HELLO_B */ | ||
| 706 | return (ssl3_handshake_write(s)); | ||
| 707 | err: | ||
| 708 | return (-1); | ||
| 709 | } | ||
| 710 | |||
| 711 | static int | ||
| 712 | dtls1_get_hello_verify(SSL *s) | ||
| 713 | { | ||
| 714 | int n, al, ok = 0; | ||
| 715 | unsigned char *data; | ||
| 716 | unsigned int cookie_len; | ||
| 717 | |||
| 718 | n = s->method->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, | ||
| 719 | DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list, &ok); | ||
| 720 | |||
| 721 | if (!ok) | ||
| 722 | return ((int)n); | ||
| 723 | |||
| 724 | if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { | ||
| 725 | s->d1->send_cookie = 0; | ||
| 726 | s->s3->tmp.reuse_message = 1; | ||
| 727 | return (1); | ||
| 728 | } | ||
| 729 | |||
| 730 | if (2 > n) | ||
| 731 | goto truncated; | ||
| 732 | data = (unsigned char *)s->init_msg; | ||
| 733 | |||
| 734 | if ((data[0] != (s->version >> 8)) || (data[1] != (s->version&0xff))) { | ||
| 735 | SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); | ||
| 736 | s->version = (s->version & 0xff00) | data[1]; | ||
| 737 | al = SSL_AD_PROTOCOL_VERSION; | ||
| 738 | goto f_err; | ||
| 739 | } | ||
| 740 | data += 2; | ||
| 741 | |||
| 742 | if (2 + 1 > n) | ||
| 743 | goto truncated; | ||
| 744 | cookie_len = *(data++); | ||
| 745 | if (2 + 1 + cookie_len > n) | ||
| 746 | goto truncated; | ||
| 747 | if (cookie_len > sizeof(s->d1->cookie)) { | ||
| 748 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 749 | goto f_err; | ||
| 750 | } | ||
| 751 | |||
| 752 | memcpy(s->d1->cookie, data, cookie_len); | ||
| 753 | s->d1->cookie_len = cookie_len; | ||
| 754 | |||
| 755 | s->d1->send_cookie = 1; | ||
| 756 | return 1; | ||
| 757 | |||
| 758 | truncated: | ||
| 759 | al = SSL_AD_DECODE_ERROR; | ||
| 760 | f_err: | ||
| 761 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 762 | return -1; | ||
| 763 | } | ||
| 764 | |||
| 765 | int | ||
| 766 | dtls1_send_client_key_exchange(SSL *s) | ||
| 767 | { | ||
| 768 | unsigned char *p, *q; | ||
| 769 | int n; | ||
| 770 | unsigned long alg_k; | ||
| 771 | EVP_PKEY *pkey = NULL; | ||
| 772 | EC_KEY *clnt_ecdh = NULL; | ||
| 773 | const EC_POINT *srvr_ecpoint = NULL; | ||
| 774 | EVP_PKEY *srvr_pub_pkey = NULL; | ||
| 775 | unsigned char *encodedPoint = NULL; | ||
| 776 | int encoded_pt_len = 0; | ||
| 777 | BN_CTX * bn_ctx = NULL; | ||
| 778 | |||
| 779 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { | ||
| 780 | p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE); | ||
| 781 | |||
| 782 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 783 | |||
| 784 | if (s->session->sess_cert == NULL) { | ||
| 785 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 786 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 787 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 788 | ERR_R_INTERNAL_ERROR); | ||
| 789 | goto err; | ||
| 790 | } | ||
| 791 | |||
| 792 | if (alg_k & SSL_kRSA) { | ||
| 793 | RSA *rsa; | ||
| 794 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 795 | |||
| 796 | pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); | ||
| 797 | if ((pkey == NULL) || | ||
| 798 | (pkey->type != EVP_PKEY_RSA) || | ||
| 799 | (pkey->pkey.rsa == NULL)) { | ||
| 800 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 801 | ERR_R_INTERNAL_ERROR); | ||
| 802 | goto err; | ||
| 803 | } | ||
| 804 | rsa = pkey->pkey.rsa; | ||
| 805 | EVP_PKEY_free(pkey); | ||
| 806 | |||
| 807 | tmp_buf[0] = s->client_version >> 8; | ||
| 808 | tmp_buf[1] = s->client_version&0xff; | ||
| 809 | arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2); | ||
| 810 | |||
| 811 | s->session->master_key_length = sizeof tmp_buf; | ||
| 812 | |||
| 813 | q = p; | ||
| 814 | /* Fix buf for TLS and [incidentally] DTLS */ | ||
| 815 | if (s->version > SSL3_VERSION) | ||
| 816 | p += 2; | ||
| 817 | n = RSA_public_encrypt(sizeof tmp_buf, | ||
| 818 | tmp_buf, p, rsa, RSA_PKCS1_PADDING); | ||
| 819 | if (n <= 0) { | ||
| 820 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 821 | SSL_R_BAD_RSA_ENCRYPT); | ||
| 822 | goto err; | ||
| 823 | } | ||
| 824 | |||
| 825 | /* Fix buf for TLS and [incidentally] DTLS */ | ||
| 826 | if (s->version > SSL3_VERSION) { | ||
| 827 | s2n(n, q); | ||
| 828 | n += 2; | ||
| 829 | } | ||
| 830 | |||
| 831 | s->session->master_key_length = | ||
| 832 | s->method->ssl3_enc->generate_master_secret(s, | ||
| 833 | s->session->master_key, | ||
| 834 | tmp_buf, sizeof tmp_buf); | ||
| 835 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | ||
| 836 | } else if (alg_k & SSL_kDHE) { | ||
| 837 | DH *dh_srvr, *dh_clnt; | ||
| 838 | |||
| 839 | if (s->session->sess_cert->peer_dh_tmp != NULL) | ||
| 840 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | ||
| 841 | else { | ||
| 842 | /* we get them from the cert */ | ||
| 843 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 844 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 845 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 846 | SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | ||
| 847 | goto err; | ||
| 848 | } | ||
| 849 | |||
| 850 | /* generate a new random key */ | ||
| 851 | if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { | ||
| 852 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 853 | ERR_R_DH_LIB); | ||
| 854 | goto err; | ||
| 855 | } | ||
| 856 | if (!DH_generate_key(dh_clnt)) { | ||
| 857 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 858 | ERR_R_DH_LIB); | ||
| 859 | goto err; | ||
| 860 | } | ||
| 861 | |||
| 862 | /* use the 'p' output buffer for the DH key, but | ||
| 863 | * make sure to clear it out afterwards */ | ||
| 864 | |||
| 865 | n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); | ||
| 866 | |||
| 867 | if (n <= 0) { | ||
| 868 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 869 | ERR_R_DH_LIB); | ||
| 870 | goto err; | ||
| 871 | } | ||
| 872 | |||
| 873 | /* generate master key from the result */ | ||
| 874 | s->session->master_key_length = | ||
| 875 | s->method->ssl3_enc->generate_master_secret( | ||
| 876 | s, s->session->master_key, p, n); | ||
| 877 | /* clean up */ | ||
| 878 | memset(p, 0, n); | ||
| 879 | |||
| 880 | /* send off the data */ | ||
| 881 | n = BN_num_bytes(dh_clnt->pub_key); | ||
| 882 | s2n(n, p); | ||
| 883 | BN_bn2bin(dh_clnt->pub_key, p); | ||
| 884 | n += 2; | ||
| 885 | |||
| 886 | DH_free(dh_clnt); | ||
| 887 | |||
| 888 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | ||
| 889 | } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { | ||
| 890 | const EC_GROUP *srvr_group = NULL; | ||
| 891 | EC_KEY *tkey; | ||
| 892 | int ecdh_clnt_cert = 0; | ||
| 893 | int field_size = 0; | ||
| 894 | |||
| 895 | /* Did we send out the client's | ||
| 896 | * ECDH share for use in premaster | ||
| 897 | * computation as part of client certificate? | ||
| 898 | * If so, set ecdh_clnt_cert to 1. | ||
| 899 | */ | ||
| 900 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && | ||
| 901 | (s->cert != NULL)) { | ||
| 902 | /* XXX: For now, we do not support client | ||
| 903 | * authentication using ECDH certificates. | ||
| 904 | * To add such support, one needs to add | ||
| 905 | * code that checks for appropriate | ||
| 906 | * conditions and sets ecdh_clnt_cert to 1. | ||
| 907 | * For example, the cert have an ECC | ||
| 908 | * key on the same curve as the server's | ||
| 909 | * and the key should be authorized for | ||
| 910 | * key agreement. | ||
| 911 | * | ||
| 912 | * One also needs to add code in ssl3_connect | ||
| 913 | * to skip sending the certificate verify | ||
| 914 | * message. | ||
| 915 | * | ||
| 916 | * if ((s->cert->key->privatekey != NULL) && | ||
| 917 | * (s->cert->key->privatekey->type == | ||
| 918 | * EVP_PKEY_EC) && ...) | ||
| 919 | * ecdh_clnt_cert = 1; | ||
| 920 | */ | ||
| 921 | } | ||
| 922 | |||
| 923 | if (s->session->sess_cert->peer_ecdh_tmp != NULL) { | ||
| 924 | tkey = s->session->sess_cert->peer_ecdh_tmp; | ||
| 925 | } else { | ||
| 926 | /* Get the Server Public Key from Cert */ | ||
| 927 | srvr_pub_pkey = X509_get_pubkey(s->session-> \ | ||
| 928 | sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 929 | if ((srvr_pub_pkey == NULL) || | ||
| 930 | (srvr_pub_pkey->type != EVP_PKEY_EC) || | ||
| 931 | (srvr_pub_pkey->pkey.ec == NULL)) { | ||
| 932 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 933 | ERR_R_INTERNAL_ERROR); | ||
| 934 | goto err; | ||
| 935 | } | ||
| 936 | |||
| 937 | tkey = srvr_pub_pkey->pkey.ec; | ||
| 938 | } | ||
| 939 | |||
| 940 | srvr_group = EC_KEY_get0_group(tkey); | ||
| 941 | srvr_ecpoint = EC_KEY_get0_public_key(tkey); | ||
| 942 | |||
| 943 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { | ||
| 944 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 945 | ERR_R_INTERNAL_ERROR); | ||
| 946 | goto err; | ||
| 947 | } | ||
| 948 | |||
| 949 | if ((clnt_ecdh = EC_KEY_new()) == NULL) { | ||
| 950 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 951 | ERR_R_MALLOC_FAILURE); | ||
| 952 | goto err; | ||
| 953 | } | ||
| 954 | |||
| 955 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { | ||
| 956 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 957 | ERR_R_EC_LIB); | ||
| 958 | goto err; | ||
| 959 | } | ||
| 960 | if (ecdh_clnt_cert) { | ||
| 961 | /* Reuse key info from our certificate | ||
| 962 | * We only need our private key to perform | ||
| 963 | * the ECDH computation. | ||
| 964 | */ | ||
| 965 | const BIGNUM *priv_key; | ||
| 966 | tkey = s->cert->key->privatekey->pkey.ec; | ||
| 967 | priv_key = EC_KEY_get0_private_key(tkey); | ||
| 968 | if (priv_key == NULL) { | ||
| 969 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 970 | ERR_R_MALLOC_FAILURE); | ||
| 971 | goto err; | ||
| 972 | } | ||
| 973 | if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) { | ||
| 974 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 975 | ERR_R_EC_LIB); | ||
| 976 | goto err; | ||
| 977 | } | ||
| 978 | } else { | ||
| 979 | /* Generate a new ECDH key pair */ | ||
| 980 | if (!(EC_KEY_generate_key(clnt_ecdh))) { | ||
| 981 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 982 | ERR_R_ECDH_LIB); | ||
| 983 | goto err; | ||
| 984 | } | ||
| 985 | } | ||
| 986 | |||
| 987 | /* use the 'p' output buffer for the ECDH key, but | ||
| 988 | * make sure to clear it out afterwards | ||
| 989 | */ | ||
| 990 | |||
| 991 | field_size = EC_GROUP_get_degree(srvr_group); | ||
| 992 | if (field_size <= 0) { | ||
| 993 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 994 | ERR_R_ECDH_LIB); | ||
| 995 | goto err; | ||
| 996 | } | ||
| 997 | n = ECDH_compute_key(p, (field_size + 7)/8, srvr_ecpoint, clnt_ecdh, NULL); | ||
| 998 | if (n <= 0) { | ||
| 999 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1000 | ERR_R_ECDH_LIB); | ||
| 1001 | goto err; | ||
| 1002 | } | ||
| 1003 | |||
| 1004 | /* generate master key from the result */ | ||
| 1005 | s->session->master_key_length = | ||
| 1006 | s->method->ssl3_enc->generate_master_secret( | ||
| 1007 | s, s->session->master_key, p, n); | ||
| 1008 | memset(p, 0, n); /* clean up */ | ||
| 1009 | |||
| 1010 | if (ecdh_clnt_cert) { | ||
| 1011 | /* Send empty client key exch message */ | ||
| 1012 | n = 0; | ||
| 1013 | } else { | ||
| 1014 | /* First check the size of encoding and | ||
| 1015 | * allocate memory accordingly. | ||
| 1016 | */ | ||
| 1017 | encoded_pt_len = EC_POINT_point2oct(srvr_group, | ||
| 1018 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 1019 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1020 | NULL, 0, NULL); | ||
| 1021 | |||
| 1022 | encodedPoint = malloc(encoded_pt_len); | ||
| 1023 | |||
| 1024 | bn_ctx = BN_CTX_new(); | ||
| 1025 | if ((encodedPoint == NULL) || | ||
| 1026 | (bn_ctx == NULL)) { | ||
| 1027 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1028 | ERR_R_MALLOC_FAILURE); | ||
| 1029 | goto err; | ||
| 1030 | } | ||
| 1031 | |||
| 1032 | /* Encode the public key */ | ||
| 1033 | n = EC_POINT_point2oct(srvr_group, | ||
| 1034 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 1035 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1036 | encodedPoint, encoded_pt_len, bn_ctx); | ||
| 1037 | |||
| 1038 | *p = n; /* length of encoded point */ | ||
| 1039 | /* Encoded point will be copied here */ | ||
| 1040 | p += 1; | ||
| 1041 | |||
| 1042 | /* copy the point */ | ||
| 1043 | memcpy((unsigned char *)p, encodedPoint, n); | ||
| 1044 | /* increment n to account for length field */ | ||
| 1045 | n += 1; | ||
| 1046 | |||
| 1047 | } | ||
| 1048 | |||
| 1049 | /* Free allocated memory */ | ||
| 1050 | BN_CTX_free(bn_ctx); | ||
| 1051 | free(encodedPoint); | ||
| 1052 | EC_KEY_free(clnt_ecdh); | ||
| 1053 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 1054 | } | ||
| 1055 | |||
| 1056 | else { | ||
| 1057 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1058 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 1059 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1060 | ERR_R_INTERNAL_ERROR); | ||
| 1061 | goto err; | ||
| 1062 | } | ||
| 1063 | |||
| 1064 | ssl3_handshake_msg_finish(s, n); | ||
| 1065 | |||
| 1066 | s->state = SSL3_ST_CW_KEY_EXCH_B; | ||
| 1067 | } | ||
| 1068 | |||
| 1069 | /* SSL3_ST_CW_KEY_EXCH_B */ | ||
| 1070 | return (ssl3_handshake_write(s)); | ||
| 1071 | |||
| 1072 | err: | ||
| 1073 | BN_CTX_free(bn_ctx); | ||
| 1074 | free(encodedPoint); | ||
| 1075 | EC_KEY_free(clnt_ecdh); | ||
| 1076 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 1077 | return (-1); | ||
| 1078 | } | ||
| 1079 | |||
| 1080 | int | ||
| 1081 | dtls1_send_client_verify(SSL *s) | ||
| 1082 | { | ||
| 1083 | unsigned char *p; | ||
| 1084 | unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | ||
| 1085 | EVP_PKEY *pkey; | ||
| 1086 | unsigned u = 0; | ||
| 1087 | unsigned long n; | ||
| 1088 | int j; | ||
| 1089 | |||
| 1090 | if (s->state == SSL3_ST_CW_CERT_VRFY_A) { | ||
| 1091 | p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); | ||
| 1092 | |||
| 1093 | pkey = s->cert->key->privatekey; | ||
| 1094 | |||
| 1095 | s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, | ||
| 1096 | &(data[MD5_DIGEST_LENGTH])); | ||
| 1097 | |||
| 1098 | if (pkey->type == EVP_PKEY_RSA) { | ||
| 1099 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 1100 | NID_md5, &(data[0])); | ||
| 1101 | if (RSA_sign(NID_md5_sha1, data, | ||
| 1102 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, | ||
| 1103 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) { | ||
| 1104 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | ||
| 1105 | ERR_R_RSA_LIB); | ||
| 1106 | goto err; | ||
| 1107 | } | ||
| 1108 | s2n(u, p); | ||
| 1109 | n = u + 2; | ||
| 1110 | } else if (pkey->type == EVP_PKEY_DSA) { | ||
| 1111 | if (!DSA_sign(pkey->save_type, | ||
| 1112 | &(data[MD5_DIGEST_LENGTH]), | ||
| 1113 | SHA_DIGEST_LENGTH, &(p[2]), | ||
| 1114 | (unsigned int *)&j, pkey->pkey.dsa)) { | ||
| 1115 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | ||
| 1116 | ERR_R_DSA_LIB); | ||
| 1117 | goto err; | ||
| 1118 | } | ||
| 1119 | s2n(j, p); | ||
| 1120 | n = j + 2; | ||
| 1121 | } else if (pkey->type == EVP_PKEY_EC) { | ||
| 1122 | if (!ECDSA_sign(pkey->save_type, | ||
| 1123 | &(data[MD5_DIGEST_LENGTH]), | ||
| 1124 | SHA_DIGEST_LENGTH, &(p[2]), | ||
| 1125 | (unsigned int *)&j, pkey->pkey.ec)) { | ||
| 1126 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | ||
| 1127 | ERR_R_ECDSA_LIB); | ||
| 1128 | goto err; | ||
| 1129 | } | ||
| 1130 | s2n(j, p); | ||
| 1131 | n = j + 2; | ||
| 1132 | } else { | ||
| 1133 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, | ||
| 1134 | ERR_R_INTERNAL_ERROR); | ||
| 1135 | goto err; | ||
| 1136 | } | ||
| 1137 | |||
| 1138 | ssl3_handshake_msg_finish(s, n); | ||
| 1139 | |||
| 1140 | s->state = SSL3_ST_CW_CERT_VRFY_B; | ||
| 1141 | } | ||
| 1142 | |||
| 1143 | /* s->state = SSL3_ST_CW_CERT_VRFY_B */ | ||
| 1144 | return (ssl3_handshake_write(s)); | ||
| 1145 | |||
| 1146 | err: | ||
| 1147 | return (-1); | ||
| 1148 | } | ||
| 1149 | |||
| 1150 | int | ||
| 1151 | dtls1_send_client_certificate(SSL *s) | ||
| 1152 | { | ||
| 1153 | X509 *x509 = NULL; | ||
| 1154 | EVP_PKEY *pkey = NULL; | ||
| 1155 | int i; | ||
| 1156 | unsigned long l; | ||
| 1157 | |||
| 1158 | if (s->state == SSL3_ST_CW_CERT_A) { | ||
| 1159 | if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || | ||
| 1160 | (s->cert->key->privatekey == NULL)) | ||
| 1161 | s->state = SSL3_ST_CW_CERT_B; | ||
| 1162 | else | ||
| 1163 | s->state = SSL3_ST_CW_CERT_C; | ||
| 1164 | } | ||
| 1165 | |||
| 1166 | /* We need to get a client cert */ | ||
| 1167 | if (s->state == SSL3_ST_CW_CERT_B) { | ||
| 1168 | /* If we get an error, we need to | ||
| 1169 | * ssl->rwstate=SSL_X509_LOOKUP; return(-1); | ||
| 1170 | * We then get retied later */ | ||
| 1171 | i = 0; | ||
| 1172 | i = ssl_do_client_cert_cb(s, &x509, &pkey); | ||
| 1173 | if (i < 0) { | ||
| 1174 | s->rwstate = SSL_X509_LOOKUP; | ||
| 1175 | return (-1); | ||
| 1176 | } | ||
| 1177 | s->rwstate = SSL_NOTHING; | ||
| 1178 | if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { | ||
| 1179 | s->state = SSL3_ST_CW_CERT_B; | ||
| 1180 | if (!SSL_use_certificate(s, x509) || | ||
| 1181 | !SSL_use_PrivateKey(s, pkey)) | ||
| 1182 | i = 0; | ||
| 1183 | } else if (i == 1) { | ||
| 1184 | i = 0; | ||
| 1185 | SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, | ||
| 1186 | SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | ||
| 1187 | } | ||
| 1188 | |||
| 1189 | if (x509 != NULL) | ||
| 1190 | X509_free(x509); | ||
| 1191 | EVP_PKEY_free(pkey); | ||
| 1192 | if (i == 0) { | ||
| 1193 | if (s->version == SSL3_VERSION) { | ||
| 1194 | s->s3->tmp.cert_req = 0; | ||
| 1195 | ssl3_send_alert(s, SSL3_AL_WARNING, | ||
| 1196 | SSL_AD_NO_CERTIFICATE); | ||
| 1197 | return (1); | ||
| 1198 | } else { | ||
| 1199 | s->s3->tmp.cert_req = 2; | ||
| 1200 | } | ||
| 1201 | } | ||
| 1202 | |||
| 1203 | /* Ok, we have a cert */ | ||
| 1204 | s->state = SSL3_ST_CW_CERT_C; | ||
| 1205 | } | ||
| 1206 | |||
| 1207 | if (s->state == SSL3_ST_CW_CERT_C) { | ||
| 1208 | s->state = SSL3_ST_CW_CERT_D; | ||
| 1209 | l = dtls1_output_cert_chain(s, | ||
| 1210 | (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); | ||
| 1211 | s->init_num = (int)l; | ||
| 1212 | s->init_off = 0; | ||
| 1213 | |||
| 1214 | /* set header called by dtls1_output_cert_chain() */ | ||
| 1215 | |||
| 1216 | /* buffer the message to handle re-xmits */ | ||
| 1217 | dtls1_buffer_message(s, 0); | ||
| 1218 | } | ||
| 1219 | |||
| 1220 | /* SSL3_ST_CW_CERT_D */ | ||
| 1221 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 1222 | } | ||
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c deleted file mode 100644 index 7eac48785e..0000000000 --- a/src/lib/libssl/d1_enc.c +++ /dev/null | |||
| @@ -1,214 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_enc.c,v 1.9 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@openssl.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 60 | * All rights reserved. | ||
| 61 | * | ||
| 62 | * This package is an SSL implementation written | ||
| 63 | * by Eric Young (eay@cryptsoft.com). | ||
| 64 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 65 | * | ||
| 66 | * This library is free for commercial and non-commercial use as long as | ||
| 67 | * the following conditions are aheared to. The following conditions | ||
| 68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 70 | * included with this distribution is covered by the same copyright terms | ||
| 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 72 | * | ||
| 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 74 | * the code are not to be removed. | ||
| 75 | * If this package is used in a product, Eric Young should be given attribution | ||
| 76 | * as the author of the parts of the library used. | ||
| 77 | * This can be in the form of a textual message at program startup or | ||
| 78 | * in documentation (online or textual) provided with the package. | ||
| 79 | * | ||
| 80 | * Redistribution and use in source and binary forms, with or without | ||
| 81 | * modification, are permitted provided that the following conditions | ||
| 82 | * are met: | ||
| 83 | * 1. Redistributions of source code must retain the copyright | ||
| 84 | * notice, this list of conditions and the following disclaimer. | ||
| 85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 86 | * notice, this list of conditions and the following disclaimer in the | ||
| 87 | * documentation and/or other materials provided with the distribution. | ||
| 88 | * 3. All advertising materials mentioning features or use of this software | ||
| 89 | * must display the following acknowledgement: | ||
| 90 | * "This product includes cryptographic software written by | ||
| 91 | * Eric Young (eay@cryptsoft.com)" | ||
| 92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 93 | * being used are not cryptographic related :-). | ||
| 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 95 | * the apps directory (application code) you must include an acknowledgement: | ||
| 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 97 | * | ||
| 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 108 | * SUCH DAMAGE. | ||
| 109 | * | ||
| 110 | * The licence and distribution terms for any publically available version or | ||
| 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 112 | * copied and put under another distribution licence | ||
| 113 | * [including the GNU Public Licence.] | ||
| 114 | */ | ||
| 115 | |||
| 116 | #include <stdio.h> | ||
| 117 | |||
| 118 | #include "ssl_locl.h" | ||
| 119 | |||
| 120 | #include <openssl/evp.h> | ||
| 121 | #include <openssl/hmac.h> | ||
| 122 | #include <openssl/md5.h> | ||
| 123 | |||
| 124 | /* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. | ||
| 125 | * | ||
| 126 | * Returns: | ||
| 127 | * 0: (in non-constant time) if the record is publically invalid (i.e. too | ||
| 128 | * short etc). | ||
| 129 | * 1: if the record's padding is valid / the encryption was successful. | ||
| 130 | * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, | ||
| 131 | * an internal error occured. */ | ||
| 132 | int | ||
| 133 | dtls1_enc(SSL *s, int send) | ||
| 134 | { | ||
| 135 | SSL3_RECORD *rec; | ||
| 136 | EVP_CIPHER_CTX *ds; | ||
| 137 | unsigned long l; | ||
| 138 | int bs, i, j, k, mac_size = 0; | ||
| 139 | const EVP_CIPHER *enc; | ||
| 140 | |||
| 141 | if (send) { | ||
| 142 | if (EVP_MD_CTX_md(s->write_hash)) { | ||
| 143 | mac_size = EVP_MD_CTX_size(s->write_hash); | ||
| 144 | if (mac_size < 0) | ||
| 145 | return -1; | ||
| 146 | } | ||
| 147 | ds = s->enc_write_ctx; | ||
| 148 | rec = &(s->s3->wrec); | ||
| 149 | if (s->enc_write_ctx == NULL) | ||
| 150 | enc = NULL; | ||
| 151 | else { | ||
| 152 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | ||
| 153 | if (rec->data != rec->input) | ||
| 154 | /* we can't write into the input stream */ | ||
| 155 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", | ||
| 156 | __FILE__, __LINE__); | ||
| 157 | else if (EVP_CIPHER_block_size(ds->cipher) > 1) { | ||
| 158 | arc4random_buf(rec->input, | ||
| 159 | EVP_CIPHER_block_size(ds->cipher)); | ||
| 160 | } | ||
| 161 | } | ||
| 162 | } else { | ||
| 163 | if (EVP_MD_CTX_md(s->read_hash)) { | ||
| 164 | mac_size = EVP_MD_CTX_size(s->read_hash); | ||
| 165 | OPENSSL_assert(mac_size >= 0); | ||
| 166 | } | ||
| 167 | ds = s->enc_read_ctx; | ||
| 168 | rec = &(s->s3->rrec); | ||
| 169 | if (s->enc_read_ctx == NULL) | ||
| 170 | enc = NULL; | ||
| 171 | else | ||
| 172 | enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | ||
| 173 | } | ||
| 174 | |||
| 175 | |||
| 176 | if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { | ||
| 177 | memmove(rec->data, rec->input, rec->length); | ||
| 178 | rec->input = rec->data; | ||
| 179 | } else { | ||
| 180 | l = rec->length; | ||
| 181 | bs = EVP_CIPHER_block_size(ds->cipher); | ||
| 182 | |||
| 183 | if ((bs != 1) && send) { | ||
| 184 | i = bs - ((int)l % bs); | ||
| 185 | |||
| 186 | /* Add weird padding of upto 256 bytes */ | ||
| 187 | |||
| 188 | /* we need to add 'i' padding bytes of value j */ | ||
| 189 | j = i - 1; | ||
| 190 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { | ||
| 191 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 192 | j++; | ||
| 193 | } | ||
| 194 | for (k = (int)l; k < (int)(l + i); k++) | ||
| 195 | rec->input[k] = j; | ||
| 196 | l += i; | ||
| 197 | rec->length += i; | ||
| 198 | } | ||
| 199 | |||
| 200 | |||
| 201 | if (!send) { | ||
| 202 | if (l == 0 || l % bs != 0) | ||
| 203 | return 0; | ||
| 204 | } | ||
| 205 | |||
| 206 | EVP_Cipher(ds, rec->data, rec->input, l); | ||
| 207 | |||
| 208 | |||
| 209 | if ((bs != 1) && !send) | ||
| 210 | return tls1_cbc_remove_padding(s, rec, bs, mac_size); | ||
| 211 | } | ||
| 212 | return (1); | ||
| 213 | } | ||
| 214 | |||
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c deleted file mode 100644 index 9d9a90d76a..0000000000 --- a/src/lib/libssl/d1_lib.c +++ /dev/null | |||
| @@ -1,468 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_lib.c,v 1.27 2015/02/09 10:53:28 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@OpenSSL.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | |||
| 60 | #include <sys/types.h> | ||
| 61 | #include <sys/socket.h> | ||
| 62 | |||
| 63 | #include <netinet/in.h> | ||
| 64 | |||
| 65 | #include <stdio.h> | ||
| 66 | |||
| 67 | #include <openssl/objects.h> | ||
| 68 | |||
| 69 | #include "pqueue.h" | ||
| 70 | #include "ssl_locl.h" | ||
| 71 | |||
| 72 | int dtls1_listen(SSL *s, struct sockaddr *client); | ||
| 73 | |||
| 74 | SSL3_ENC_METHOD DTLSv1_enc_data = { | ||
| 75 | .enc = dtls1_enc, | ||
| 76 | .mac = tls1_mac, | ||
| 77 | .setup_key_block = tls1_setup_key_block, | ||
| 78 | .generate_master_secret = tls1_generate_master_secret, | ||
| 79 | .change_cipher_state = tls1_change_cipher_state, | ||
| 80 | .final_finish_mac = tls1_final_finish_mac, | ||
| 81 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 82 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 83 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 84 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 85 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 86 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 87 | .alert_value = tls1_alert_code, | ||
| 88 | .export_keying_material = tls1_export_keying_material, | ||
| 89 | .enc_flags = SSL_ENC_FLAG_DTLS|SSL_ENC_FLAG_EXPLICIT_IV, | ||
| 90 | }; | ||
| 91 | |||
| 92 | long | ||
| 93 | dtls1_default_timeout(void) | ||
| 94 | { | ||
| 95 | /* 2 hours, the 24 hours mentioned in the DTLSv1 spec | ||
| 96 | * is way too long for http, the cache would over fill */ | ||
| 97 | return (60*60*2); | ||
| 98 | } | ||
| 99 | |||
| 100 | int | ||
| 101 | dtls1_new(SSL *s) | ||
| 102 | { | ||
| 103 | DTLS1_STATE *d1; | ||
| 104 | |||
| 105 | if (!ssl3_new(s)) | ||
| 106 | return (0); | ||
| 107 | if ((d1 = calloc(1, sizeof *d1)) == NULL) { | ||
| 108 | ssl3_free(s); | ||
| 109 | return (0); | ||
| 110 | } | ||
| 111 | |||
| 112 | /* d1->handshake_epoch=0; */ | ||
| 113 | |||
| 114 | d1->unprocessed_rcds.q = pqueue_new(); | ||
| 115 | d1->processed_rcds.q = pqueue_new(); | ||
| 116 | d1->buffered_messages = pqueue_new(); | ||
| 117 | d1->sent_messages = pqueue_new(); | ||
| 118 | d1->buffered_app_data.q = pqueue_new(); | ||
| 119 | |||
| 120 | if (s->server) { | ||
| 121 | d1->cookie_len = sizeof(s->d1->cookie); | ||
| 122 | } | ||
| 123 | |||
| 124 | if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q || | ||
| 125 | !d1->buffered_messages || !d1->sent_messages || | ||
| 126 | !d1->buffered_app_data.q) { | ||
| 127 | if (d1->unprocessed_rcds.q) | ||
| 128 | pqueue_free(d1->unprocessed_rcds.q); | ||
| 129 | if (d1->processed_rcds.q) | ||
| 130 | pqueue_free(d1->processed_rcds.q); | ||
| 131 | if (d1->buffered_messages) | ||
| 132 | pqueue_free(d1->buffered_messages); | ||
| 133 | if (d1->sent_messages) | ||
| 134 | pqueue_free(d1->sent_messages); | ||
| 135 | if (d1->buffered_app_data.q) | ||
| 136 | pqueue_free(d1->buffered_app_data.q); | ||
| 137 | free(d1); | ||
| 138 | ssl3_free(s); | ||
| 139 | return (0); | ||
| 140 | } | ||
| 141 | |||
| 142 | s->d1 = d1; | ||
| 143 | s->method->ssl_clear(s); | ||
| 144 | return (1); | ||
| 145 | } | ||
| 146 | |||
| 147 | static void | ||
| 148 | dtls1_clear_queues(SSL *s) | ||
| 149 | { | ||
| 150 | pitem *item = NULL; | ||
| 151 | hm_fragment *frag = NULL; | ||
| 152 | DTLS1_RECORD_DATA *rdata; | ||
| 153 | |||
| 154 | while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) { | ||
| 155 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
| 156 | free(rdata->rbuf.buf); | ||
| 157 | free(item->data); | ||
| 158 | pitem_free(item); | ||
| 159 | } | ||
| 160 | |||
| 161 | while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) { | ||
| 162 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
| 163 | free(rdata->rbuf.buf); | ||
| 164 | free(item->data); | ||
| 165 | pitem_free(item); | ||
| 166 | } | ||
| 167 | |||
| 168 | while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) { | ||
| 169 | frag = (hm_fragment *)item->data; | ||
| 170 | free(frag->fragment); | ||
| 171 | free(frag); | ||
| 172 | pitem_free(item); | ||
| 173 | } | ||
| 174 | |||
| 175 | while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) { | ||
| 176 | frag = (hm_fragment *)item->data; | ||
| 177 | free(frag->fragment); | ||
| 178 | free(frag); | ||
| 179 | pitem_free(item); | ||
| 180 | } | ||
| 181 | |||
| 182 | while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) { | ||
| 183 | rdata = (DTLS1_RECORD_DATA *) item->data; | ||
| 184 | free(rdata->rbuf.buf); | ||
| 185 | free(item->data); | ||
| 186 | pitem_free(item); | ||
| 187 | } | ||
| 188 | } | ||
| 189 | |||
| 190 | void | ||
| 191 | dtls1_free(SSL *s) | ||
| 192 | { | ||
| 193 | ssl3_free(s); | ||
| 194 | |||
| 195 | dtls1_clear_queues(s); | ||
| 196 | |||
| 197 | pqueue_free(s->d1->unprocessed_rcds.q); | ||
| 198 | pqueue_free(s->d1->processed_rcds.q); | ||
| 199 | pqueue_free(s->d1->buffered_messages); | ||
| 200 | pqueue_free(s->d1->sent_messages); | ||
| 201 | pqueue_free(s->d1->buffered_app_data.q); | ||
| 202 | |||
| 203 | OPENSSL_cleanse(s->d1, sizeof *s->d1); | ||
| 204 | free(s->d1); | ||
| 205 | s->d1 = NULL; | ||
| 206 | } | ||
| 207 | |||
| 208 | void | ||
| 209 | dtls1_clear(SSL *s) | ||
| 210 | { | ||
| 211 | pqueue unprocessed_rcds; | ||
| 212 | pqueue processed_rcds; | ||
| 213 | pqueue buffered_messages; | ||
| 214 | pqueue sent_messages; | ||
| 215 | pqueue buffered_app_data; | ||
| 216 | unsigned int mtu; | ||
| 217 | |||
| 218 | if (s->d1) { | ||
| 219 | unprocessed_rcds = s->d1->unprocessed_rcds.q; | ||
| 220 | processed_rcds = s->d1->processed_rcds.q; | ||
| 221 | buffered_messages = s->d1->buffered_messages; | ||
| 222 | sent_messages = s->d1->sent_messages; | ||
| 223 | buffered_app_data = s->d1->buffered_app_data.q; | ||
| 224 | mtu = s->d1->mtu; | ||
| 225 | |||
| 226 | dtls1_clear_queues(s); | ||
| 227 | |||
| 228 | memset(s->d1, 0, sizeof(*(s->d1))); | ||
| 229 | |||
| 230 | if (s->server) { | ||
| 231 | s->d1->cookie_len = sizeof(s->d1->cookie); | ||
| 232 | } | ||
| 233 | |||
| 234 | if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { | ||
| 235 | s->d1->mtu = mtu; | ||
| 236 | } | ||
| 237 | |||
| 238 | s->d1->unprocessed_rcds.q = unprocessed_rcds; | ||
| 239 | s->d1->processed_rcds.q = processed_rcds; | ||
| 240 | s->d1->buffered_messages = buffered_messages; | ||
| 241 | s->d1->sent_messages = sent_messages; | ||
| 242 | s->d1->buffered_app_data.q = buffered_app_data; | ||
| 243 | } | ||
| 244 | |||
| 245 | ssl3_clear(s); | ||
| 246 | if (s->options & SSL_OP_CISCO_ANYCONNECT) | ||
| 247 | s->version = DTLS1_BAD_VER; | ||
| 248 | else | ||
| 249 | s->version = DTLS1_VERSION; | ||
| 250 | } | ||
| 251 | |||
| 252 | long | ||
| 253 | dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) | ||
| 254 | { | ||
| 255 | int ret = 0; | ||
| 256 | |||
| 257 | switch (cmd) { | ||
| 258 | case DTLS_CTRL_GET_TIMEOUT: | ||
| 259 | if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) { | ||
| 260 | ret = 1; | ||
| 261 | } | ||
| 262 | break; | ||
| 263 | case DTLS_CTRL_HANDLE_TIMEOUT: | ||
| 264 | ret = dtls1_handle_timeout(s); | ||
| 265 | break; | ||
| 266 | case DTLS_CTRL_LISTEN: | ||
| 267 | ret = dtls1_listen(s, parg); | ||
| 268 | break; | ||
| 269 | |||
| 270 | default: | ||
| 271 | ret = ssl3_ctrl(s, cmd, larg, parg); | ||
| 272 | break; | ||
| 273 | } | ||
| 274 | return (ret); | ||
| 275 | } | ||
| 276 | |||
| 277 | /* | ||
| 278 | * As it's impossible to use stream ciphers in "datagram" mode, this | ||
| 279 | * simple filter is designed to disengage them in DTLS. Unfortunately | ||
| 280 | * there is no universal way to identify stream SSL_CIPHER, so we have | ||
| 281 | * to explicitly list their SSL_* codes. Currently RC4 is the only one | ||
| 282 | * available, but if new ones emerge, they will have to be added... | ||
| 283 | */ | ||
| 284 | const SSL_CIPHER * | ||
| 285 | dtls1_get_cipher(unsigned int u) | ||
| 286 | { | ||
| 287 | const SSL_CIPHER *ciph = ssl3_get_cipher(u); | ||
| 288 | |||
| 289 | if (ciph != NULL) { | ||
| 290 | if (ciph->algorithm_enc == SSL_RC4) | ||
| 291 | return NULL; | ||
| 292 | } | ||
| 293 | |||
| 294 | return ciph; | ||
| 295 | } | ||
| 296 | |||
| 297 | void | ||
| 298 | dtls1_start_timer(SSL *s) | ||
| 299 | { | ||
| 300 | |||
| 301 | /* If timer is not set, initialize duration with 1 second */ | ||
| 302 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { | ||
| 303 | s->d1->timeout_duration = 1; | ||
| 304 | } | ||
| 305 | |||
| 306 | /* Set timeout to current time */ | ||
| 307 | gettimeofday(&(s->d1->next_timeout), NULL); | ||
| 308 | |||
| 309 | /* Add duration to current time */ | ||
| 310 | s->d1->next_timeout.tv_sec += s->d1->timeout_duration; | ||
| 311 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, | ||
| 312 | &(s->d1->next_timeout)); | ||
| 313 | } | ||
| 314 | |||
| 315 | struct timeval* | ||
| 316 | dtls1_get_timeout(SSL *s, struct timeval* timeleft) | ||
| 317 | { | ||
| 318 | struct timeval timenow; | ||
| 319 | |||
| 320 | /* If no timeout is set, just return NULL */ | ||
| 321 | if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { | ||
| 322 | return NULL; | ||
| 323 | } | ||
| 324 | |||
| 325 | /* Get current time */ | ||
| 326 | gettimeofday(&timenow, NULL); | ||
| 327 | |||
| 328 | /* If timer already expired, set remaining time to 0 */ | ||
| 329 | if (s->d1->next_timeout.tv_sec < timenow.tv_sec || | ||
| 330 | (s->d1->next_timeout.tv_sec == timenow.tv_sec && | ||
| 331 | s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { | ||
| 332 | memset(timeleft, 0, sizeof(struct timeval)); | ||
| 333 | return timeleft; | ||
| 334 | } | ||
| 335 | |||
| 336 | /* Calculate time left until timer expires */ | ||
| 337 | memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); | ||
| 338 | timeleft->tv_sec -= timenow.tv_sec; | ||
| 339 | timeleft->tv_usec -= timenow.tv_usec; | ||
| 340 | if (timeleft->tv_usec < 0) { | ||
| 341 | timeleft->tv_sec--; | ||
| 342 | timeleft->tv_usec += 1000000; | ||
| 343 | } | ||
| 344 | |||
| 345 | /* If remaining time is less than 15 ms, set it to 0 | ||
| 346 | * to prevent issues because of small devergences with | ||
| 347 | * socket timeouts. | ||
| 348 | */ | ||
| 349 | if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { | ||
| 350 | memset(timeleft, 0, sizeof(struct timeval)); | ||
| 351 | } | ||
| 352 | |||
| 353 | |||
| 354 | return timeleft; | ||
| 355 | } | ||
| 356 | |||
| 357 | int | ||
| 358 | dtls1_is_timer_expired(SSL *s) | ||
| 359 | { | ||
| 360 | struct timeval timeleft; | ||
| 361 | |||
| 362 | /* Get time left until timeout, return false if no timer running */ | ||
| 363 | if (dtls1_get_timeout(s, &timeleft) == NULL) { | ||
| 364 | return 0; | ||
| 365 | } | ||
| 366 | |||
| 367 | /* Return false if timer is not expired yet */ | ||
| 368 | if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) { | ||
| 369 | return 0; | ||
| 370 | } | ||
| 371 | |||
| 372 | /* Timer expired, so return true */ | ||
| 373 | return 1; | ||
| 374 | } | ||
| 375 | |||
| 376 | void | ||
| 377 | dtls1_double_timeout(SSL *s) | ||
| 378 | { | ||
| 379 | s->d1->timeout_duration *= 2; | ||
| 380 | if (s->d1->timeout_duration > 60) | ||
| 381 | s->d1->timeout_duration = 60; | ||
| 382 | dtls1_start_timer(s); | ||
| 383 | } | ||
| 384 | |||
| 385 | void | ||
| 386 | dtls1_stop_timer(SSL *s) | ||
| 387 | { | ||
| 388 | /* Reset everything */ | ||
| 389 | memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); | ||
| 390 | memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); | ||
| 391 | s->d1->timeout_duration = 1; | ||
| 392 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, | ||
| 393 | &(s->d1->next_timeout)); | ||
| 394 | /* Clear retransmission buffer */ | ||
| 395 | dtls1_clear_record_buffer(s); | ||
| 396 | } | ||
| 397 | |||
| 398 | int | ||
| 399 | dtls1_check_timeout_num(SSL *s) | ||
| 400 | { | ||
| 401 | s->d1->timeout.num_alerts++; | ||
| 402 | |||
| 403 | /* Reduce MTU after 2 unsuccessful retransmissions */ | ||
| 404 | if (s->d1->timeout.num_alerts > 2) { | ||
| 405 | s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), | ||
| 406 | BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); | ||
| 407 | |||
| 408 | } | ||
| 409 | |||
| 410 | if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { | ||
| 411 | /* fail the connection, enough alerts have been sent */ | ||
| 412 | SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED); | ||
| 413 | return -1; | ||
| 414 | } | ||
| 415 | |||
| 416 | return 0; | ||
| 417 | } | ||
| 418 | |||
| 419 | int | ||
| 420 | dtls1_handle_timeout(SSL *s) | ||
| 421 | { | ||
| 422 | /* if no timer is expired, don't do anything */ | ||
| 423 | if (!dtls1_is_timer_expired(s)) { | ||
| 424 | return 0; | ||
| 425 | } | ||
| 426 | |||
| 427 | dtls1_double_timeout(s); | ||
| 428 | |||
| 429 | if (dtls1_check_timeout_num(s) < 0) | ||
| 430 | return -1; | ||
| 431 | |||
| 432 | s->d1->timeout.read_timeouts++; | ||
| 433 | if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { | ||
| 434 | s->d1->timeout.read_timeouts = 1; | ||
| 435 | } | ||
| 436 | |||
| 437 | dtls1_start_timer(s); | ||
| 438 | return dtls1_retransmit_buffered_messages(s); | ||
| 439 | } | ||
| 440 | |||
| 441 | int | ||
| 442 | dtls1_listen(SSL *s, struct sockaddr *client) | ||
| 443 | { | ||
| 444 | int ret; | ||
| 445 | |||
| 446 | SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); | ||
| 447 | s->d1->listen = 1; | ||
| 448 | |||
| 449 | ret = SSL_accept(s); | ||
| 450 | if (ret <= 0) | ||
| 451 | return ret; | ||
| 452 | |||
| 453 | (void)BIO_dgram_get_peer(SSL_get_rbio(s), client); | ||
| 454 | return 1; | ||
| 455 | } | ||
| 456 | |||
| 457 | void | ||
| 458 | dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq, | ||
| 459 | unsigned short epoch) | ||
| 460 | { | ||
| 461 | unsigned char dtlsseq[SSL3_SEQUENCE_SIZE]; | ||
| 462 | unsigned char *p; | ||
| 463 | |||
| 464 | p = dtlsseq; | ||
| 465 | s2n(epoch, p); | ||
| 466 | memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2); | ||
| 467 | memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE); | ||
| 468 | } | ||
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c deleted file mode 100644 index 7f279a4f50..0000000000 --- a/src/lib/libssl/d1_meth.c +++ /dev/null | |||
| @@ -1,112 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_meth.c,v 1.9 2015/02/06 08:30:23 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@OpenSSL.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | |||
| 60 | #include <stdio.h> | ||
| 61 | |||
| 62 | #include <openssl/objects.h> | ||
| 63 | |||
| 64 | #include "ssl_locl.h" | ||
| 65 | |||
| 66 | static const SSL_METHOD *dtls1_get_method(int ver); | ||
| 67 | |||
| 68 | const SSL_METHOD DTLSv1_method_data = { | ||
| 69 | .version = DTLS1_VERSION, | ||
| 70 | .ssl_new = dtls1_new, | ||
| 71 | .ssl_clear = dtls1_clear, | ||
| 72 | .ssl_free = dtls1_free, | ||
| 73 | .ssl_accept = dtls1_accept, | ||
| 74 | .ssl_connect = dtls1_connect, | ||
| 75 | .ssl_read = ssl3_read, | ||
| 76 | .ssl_peek = ssl3_peek, | ||
| 77 | .ssl_write = ssl3_write, | ||
| 78 | .ssl_shutdown = dtls1_shutdown, | ||
| 79 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 80 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 81 | .ssl_get_message = dtls1_get_message, | ||
| 82 | .ssl_read_bytes = dtls1_read_bytes, | ||
| 83 | .ssl_write_bytes = dtls1_write_app_data_bytes, | ||
| 84 | .ssl_dispatch_alert = dtls1_dispatch_alert, | ||
| 85 | .ssl_ctrl = dtls1_ctrl, | ||
| 86 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 87 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 88 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 89 | .ssl_pending = ssl3_pending, | ||
| 90 | .num_ciphers = ssl3_num_ciphers, | ||
| 91 | .get_cipher = dtls1_get_cipher, | ||
| 92 | .get_ssl_method = dtls1_get_method, | ||
| 93 | .get_timeout = dtls1_default_timeout, | ||
| 94 | .ssl3_enc = &DTLSv1_enc_data, | ||
| 95 | .ssl_version = ssl_undefined_void_function, | ||
| 96 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 97 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 98 | }; | ||
| 99 | |||
| 100 | const SSL_METHOD * | ||
| 101 | DTLSv1_method(void) | ||
| 102 | { | ||
| 103 | return &DTLSv1_method_data; | ||
| 104 | } | ||
| 105 | |||
| 106 | static const SSL_METHOD * | ||
| 107 | dtls1_get_method(int ver) | ||
| 108 | { | ||
| 109 | if (ver == DTLS1_VERSION) | ||
| 110 | return (DTLSv1_method()); | ||
| 111 | return (NULL); | ||
| 112 | } | ||
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c deleted file mode 100644 index c997b7f212..0000000000 --- a/src/lib/libssl/d1_pkt.c +++ /dev/null | |||
| @@ -1,1498 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_pkt.c,v 1.40 2015/02/09 10:53:28 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@openssl.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 60 | * All rights reserved. | ||
| 61 | * | ||
| 62 | * This package is an SSL implementation written | ||
| 63 | * by Eric Young (eay@cryptsoft.com). | ||
| 64 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 65 | * | ||
| 66 | * This library is free for commercial and non-commercial use as long as | ||
| 67 | * the following conditions are aheared to. The following conditions | ||
| 68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 70 | * included with this distribution is covered by the same copyright terms | ||
| 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 72 | * | ||
| 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 74 | * the code are not to be removed. | ||
| 75 | * If this package is used in a product, Eric Young should be given attribution | ||
| 76 | * as the author of the parts of the library used. | ||
| 77 | * This can be in the form of a textual message at program startup or | ||
| 78 | * in documentation (online or textual) provided with the package. | ||
| 79 | * | ||
| 80 | * Redistribution and use in source and binary forms, with or without | ||
| 81 | * modification, are permitted provided that the following conditions | ||
| 82 | * are met: | ||
| 83 | * 1. Redistributions of source code must retain the copyright | ||
| 84 | * notice, this list of conditions and the following disclaimer. | ||
| 85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 86 | * notice, this list of conditions and the following disclaimer in the | ||
| 87 | * documentation and/or other materials provided with the distribution. | ||
| 88 | * 3. All advertising materials mentioning features or use of this software | ||
| 89 | * must display the following acknowledgement: | ||
| 90 | * "This product includes cryptographic software written by | ||
| 91 | * Eric Young (eay@cryptsoft.com)" | ||
| 92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 93 | * being used are not cryptographic related :-). | ||
| 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 95 | * the apps directory (application code) you must include an acknowledgement: | ||
| 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 97 | * | ||
| 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 108 | * SUCH DAMAGE. | ||
| 109 | * | ||
| 110 | * The licence and distribution terms for any publically available version or | ||
| 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 112 | * copied and put under another distribution licence | ||
| 113 | * [including the GNU Public Licence.] | ||
| 114 | */ | ||
| 115 | |||
| 116 | #include <machine/endian.h> | ||
| 117 | |||
| 118 | #include <errno.h> | ||
| 119 | #include <stdio.h> | ||
| 120 | |||
| 121 | #include "ssl_locl.h" | ||
| 122 | |||
| 123 | #include <openssl/buffer.h> | ||
| 124 | #include <openssl/evp.h> | ||
| 125 | |||
| 126 | #include "pqueue.h" | ||
| 127 | |||
| 128 | /* mod 128 saturating subtract of two 64-bit values in big-endian order */ | ||
| 129 | static int | ||
| 130 | satsub64be(const unsigned char *v1, const unsigned char *v2) | ||
| 131 | { | ||
| 132 | int ret, sat, brw, i; | ||
| 133 | |||
| 134 | if (sizeof(long) == 8) | ||
| 135 | do { | ||
| 136 | long l; | ||
| 137 | |||
| 138 | if (BYTE_ORDER == LITTLE_ENDIAN) | ||
| 139 | break; | ||
| 140 | /* not reached on little-endians */ | ||
| 141 | /* following test is redundant, because input is | ||
| 142 | * always aligned, but I take no chances... */ | ||
| 143 | if (((size_t)v1 | (size_t)v2) & 0x7) | ||
| 144 | break; | ||
| 145 | |||
| 146 | l = *((long *)v1); | ||
| 147 | l -= *((long *)v2); | ||
| 148 | if (l > 128) | ||
| 149 | return 128; | ||
| 150 | else if (l<-128) | ||
| 151 | return -128; | ||
| 152 | else | ||
| 153 | return (int)l; | ||
| 154 | } while (0); | ||
| 155 | |||
| 156 | ret = (int)v1[7] - (int)v2[7]; | ||
| 157 | sat = 0; | ||
| 158 | brw = ret >> 8; /* brw is either 0 or -1 */ | ||
| 159 | if (ret & 0x80) { | ||
| 160 | for (i = 6; i >= 0; i--) { | ||
| 161 | brw += (int)v1[i]-(int)v2[i]; | ||
| 162 | sat |= ~brw; | ||
| 163 | brw >>= 8; | ||
| 164 | } | ||
| 165 | } else { | ||
| 166 | for (i = 6; i >= 0; i--) { | ||
| 167 | brw += (int)v1[i]-(int)v2[i]; | ||
| 168 | sat |= brw; | ||
| 169 | brw >>= 8; | ||
| 170 | } | ||
| 171 | } | ||
| 172 | brw <<= 8; /* brw is either 0 or -256 */ | ||
| 173 | |||
| 174 | if (sat & 0xff) | ||
| 175 | return brw | 0x80; | ||
| 176 | else | ||
| 177 | return brw + (ret & 0xFF); | ||
| 178 | } | ||
| 179 | |||
| 180 | static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, | ||
| 181 | int len, int peek); | ||
| 182 | static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); | ||
| 183 | static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); | ||
| 184 | static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, | ||
| 185 | unsigned int *is_next_epoch); | ||
| 186 | static int dtls1_buffer_record(SSL *s, record_pqueue *q, | ||
| 187 | unsigned char *priority); | ||
| 188 | static int dtls1_process_record(SSL *s); | ||
| 189 | |||
| 190 | /* copy buffered record into SSL structure */ | ||
| 191 | static int | ||
| 192 | dtls1_copy_record(SSL *s, pitem *item) | ||
| 193 | { | ||
| 194 | DTLS1_RECORD_DATA *rdata; | ||
| 195 | |||
| 196 | rdata = (DTLS1_RECORD_DATA *)item->data; | ||
| 197 | |||
| 198 | free(s->s3->rbuf.buf); | ||
| 199 | |||
| 200 | s->packet = rdata->packet; | ||
| 201 | s->packet_length = rdata->packet_length; | ||
| 202 | memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); | ||
| 203 | memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); | ||
| 204 | |||
| 205 | /* Set proper sequence number for mac calculation */ | ||
| 206 | memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6); | ||
| 207 | |||
| 208 | return (1); | ||
| 209 | } | ||
| 210 | |||
| 211 | |||
| 212 | static int | ||
| 213 | dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) | ||
| 214 | { | ||
| 215 | DTLS1_RECORD_DATA *rdata; | ||
| 216 | pitem *item; | ||
| 217 | |||
| 218 | /* Limit the size of the queue to prevent DOS attacks */ | ||
| 219 | if (pqueue_size(queue->q) >= 100) | ||
| 220 | return 0; | ||
| 221 | |||
| 222 | rdata = malloc(sizeof(DTLS1_RECORD_DATA)); | ||
| 223 | item = pitem_new(priority, rdata); | ||
| 224 | if (rdata == NULL || item == NULL) | ||
| 225 | goto init_err; | ||
| 226 | |||
| 227 | rdata->packet = s->packet; | ||
| 228 | rdata->packet_length = s->packet_length; | ||
| 229 | memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER)); | ||
| 230 | memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD)); | ||
| 231 | |||
| 232 | item->data = rdata; | ||
| 233 | |||
| 234 | |||
| 235 | s->packet = NULL; | ||
| 236 | s->packet_length = 0; | ||
| 237 | memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); | ||
| 238 | memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD)); | ||
| 239 | |||
| 240 | if (!ssl3_setup_buffers(s)) | ||
| 241 | goto err; | ||
| 242 | |||
| 243 | /* insert should not fail, since duplicates are dropped */ | ||
| 244 | if (pqueue_insert(queue->q, item) == NULL) | ||
| 245 | goto err; | ||
| 246 | |||
| 247 | return (1); | ||
| 248 | |||
| 249 | err: | ||
| 250 | free(rdata->rbuf.buf); | ||
| 251 | |||
| 252 | init_err: | ||
| 253 | SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); | ||
| 254 | free(rdata); | ||
| 255 | pitem_free(item); | ||
| 256 | return (-1); | ||
| 257 | } | ||
| 258 | |||
| 259 | |||
| 260 | static int | ||
| 261 | dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) | ||
| 262 | { | ||
| 263 | pitem *item; | ||
| 264 | |||
| 265 | item = pqueue_pop(queue->q); | ||
| 266 | if (item) { | ||
| 267 | dtls1_copy_record(s, item); | ||
| 268 | |||
| 269 | free(item->data); | ||
| 270 | pitem_free(item); | ||
| 271 | |||
| 272 | return (1); | ||
| 273 | } | ||
| 274 | |||
| 275 | return (0); | ||
| 276 | } | ||
| 277 | |||
| 278 | |||
| 279 | /* retrieve a buffered record that belongs to the new epoch, i.e., not processed | ||
| 280 | * yet */ | ||
| 281 | #define dtls1_get_unprocessed_record(s) \ | ||
| 282 | dtls1_retrieve_buffered_record((s), \ | ||
| 283 | &((s)->d1->unprocessed_rcds)) | ||
| 284 | |||
| 285 | /* retrieve a buffered record that belongs to the current epoch, ie, processed */ | ||
| 286 | #define dtls1_get_processed_record(s) \ | ||
| 287 | dtls1_retrieve_buffered_record((s), \ | ||
| 288 | &((s)->d1->processed_rcds)) | ||
| 289 | |||
| 290 | static int | ||
| 291 | dtls1_process_buffered_records(SSL *s) | ||
| 292 | { | ||
| 293 | pitem *item; | ||
| 294 | |||
| 295 | item = pqueue_peek(s->d1->unprocessed_rcds.q); | ||
| 296 | if (item) { | ||
| 297 | /* Check if epoch is current. */ | ||
| 298 | if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch) | ||
| 299 | return (1); | ||
| 300 | /* Nothing to do. */ | ||
| 301 | |||
| 302 | /* Process all the records. */ | ||
| 303 | while (pqueue_peek(s->d1->unprocessed_rcds.q)) { | ||
| 304 | dtls1_get_unprocessed_record(s); | ||
| 305 | if (! dtls1_process_record(s)) | ||
| 306 | return (0); | ||
| 307 | if (dtls1_buffer_record(s, &(s->d1->processed_rcds), | ||
| 308 | s->s3->rrec.seq_num) < 0) | ||
| 309 | return (-1); | ||
| 310 | } | ||
| 311 | } | ||
| 312 | |||
| 313 | /* sync epoch numbers once all the unprocessed records | ||
| 314 | * have been processed */ | ||
| 315 | s->d1->processed_rcds.epoch = s->d1->r_epoch; | ||
| 316 | s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1; | ||
| 317 | |||
| 318 | return (1); | ||
| 319 | } | ||
| 320 | |||
| 321 | static int | ||
| 322 | dtls1_process_record(SSL *s) | ||
| 323 | { | ||
| 324 | int i, al; | ||
| 325 | int enc_err; | ||
| 326 | SSL_SESSION *sess; | ||
| 327 | SSL3_RECORD *rr; | ||
| 328 | unsigned int mac_size, orig_len; | ||
| 329 | unsigned char md[EVP_MAX_MD_SIZE]; | ||
| 330 | |||
| 331 | rr = &(s->s3->rrec); | ||
| 332 | sess = s->session; | ||
| 333 | |||
| 334 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | ||
| 335 | * and we have that many bytes in s->packet | ||
| 336 | */ | ||
| 337 | rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]); | ||
| 338 | |||
| 339 | /* ok, we can now read from 's->packet' data into 'rr' | ||
| 340 | * rr->input points at rr->length bytes, which | ||
| 341 | * need to be copied into rr->data by either | ||
| 342 | * the decryption or by the decompression | ||
| 343 | * When the data is 'copied' into the rr->data buffer, | ||
| 344 | * rr->input will be pointed at the new buffer */ | ||
| 345 | |||
| 346 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | ||
| 347 | * rr->length bytes of encrypted compressed stuff. */ | ||
| 348 | |||
| 349 | /* check is not needed I believe */ | ||
| 350 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { | ||
| 351 | al = SSL_AD_RECORD_OVERFLOW; | ||
| 352 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | ||
| 353 | goto f_err; | ||
| 354 | } | ||
| 355 | |||
| 356 | /* decrypt in place in 'rr->input' */ | ||
| 357 | rr->data = rr->input; | ||
| 358 | |||
| 359 | enc_err = s->method->ssl3_enc->enc(s, 0); | ||
| 360 | /* enc_err is: | ||
| 361 | * 0: (in non-constant time) if the record is publically invalid. | ||
| 362 | * 1: if the padding is valid | ||
| 363 | * -1: if the padding is invalid */ | ||
| 364 | if (enc_err == 0) { | ||
| 365 | /* For DTLS we simply ignore bad packets. */ | ||
| 366 | rr->length = 0; | ||
| 367 | s->packet_length = 0; | ||
| 368 | goto err; | ||
| 369 | } | ||
| 370 | |||
| 371 | |||
| 372 | /* r->length is now the compressed data plus mac */ | ||
| 373 | if ((sess != NULL) && (s->enc_read_ctx != NULL) && | ||
| 374 | (EVP_MD_CTX_md(s->read_hash) != NULL)) { | ||
| 375 | /* s->read_hash != NULL => mac_size != -1 */ | ||
| 376 | unsigned char *mac = NULL; | ||
| 377 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | ||
| 378 | mac_size = EVP_MD_CTX_size(s->read_hash); | ||
| 379 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | ||
| 380 | |||
| 381 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ | ||
| 382 | orig_len = rr->length + ((unsigned int)rr->type >> 8); | ||
| 383 | |||
| 384 | /* orig_len is the length of the record before any padding was | ||
| 385 | * removed. This is public information, as is the MAC in use, | ||
| 386 | * therefore we can safely process the record in a different | ||
| 387 | * amount of time if it's too short to possibly contain a MAC. | ||
| 388 | */ | ||
| 389 | if (orig_len < mac_size || | ||
| 390 | /* CBC records must have a padding length byte too. */ | ||
| 391 | (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && | ||
| 392 | orig_len < mac_size + 1)) { | ||
| 393 | al = SSL_AD_DECODE_ERROR; | ||
| 394 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT); | ||
| 395 | goto f_err; | ||
| 396 | } | ||
| 397 | |||
| 398 | if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { | ||
| 399 | /* We update the length so that the TLS header bytes | ||
| 400 | * can be constructed correctly but we need to extract | ||
| 401 | * the MAC in constant time from within the record, | ||
| 402 | * without leaking the contents of the padding bytes. | ||
| 403 | * */ | ||
| 404 | mac = mac_tmp; | ||
| 405 | ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); | ||
| 406 | rr->length -= mac_size; | ||
| 407 | } else { | ||
| 408 | /* In this case there's no padding, so |orig_len| | ||
| 409 | * equals |rec->length| and we checked that there's | ||
| 410 | * enough bytes for |mac_size| above. */ | ||
| 411 | rr->length -= mac_size; | ||
| 412 | mac = &rr->data[rr->length]; | ||
| 413 | } | ||
| 414 | |||
| 415 | i = s->method->ssl3_enc->mac(s, md, 0 /* not send */); | ||
| 416 | if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) | ||
| 417 | enc_err = -1; | ||
| 418 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) | ||
| 419 | enc_err = -1; | ||
| 420 | } | ||
| 421 | |||
| 422 | if (enc_err < 0) { | ||
| 423 | /* decryption failed, silently discard message */ | ||
| 424 | rr->length = 0; | ||
| 425 | s->packet_length = 0; | ||
| 426 | goto err; | ||
| 427 | } | ||
| 428 | |||
| 429 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { | ||
| 430 | al = SSL_AD_RECORD_OVERFLOW; | ||
| 431 | SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 432 | goto f_err; | ||
| 433 | } | ||
| 434 | |||
| 435 | rr->off = 0; | ||
| 436 | /* So at this point the following is true | ||
| 437 | * ssl->s3->rrec.type is the type of record | ||
| 438 | * ssl->s3->rrec.length == number of bytes in record | ||
| 439 | * ssl->s3->rrec.off == offset to first valid byte | ||
| 440 | * ssl->s3->rrec.data == where to take bytes from, increment | ||
| 441 | * after use :-). | ||
| 442 | */ | ||
| 443 | |||
| 444 | /* we have pulled in a full packet so zero things */ | ||
| 445 | s->packet_length = 0; | ||
| 446 | return (1); | ||
| 447 | |||
| 448 | f_err: | ||
| 449 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 450 | err: | ||
| 451 | return (0); | ||
| 452 | } | ||
| 453 | |||
| 454 | |||
| 455 | /* Call this to get a new input record. | ||
| 456 | * It will return <= 0 if more data is needed, normally due to an error | ||
| 457 | * or non-blocking IO. | ||
| 458 | * When it finishes, one packet has been decoded and can be found in | ||
| 459 | * ssl->s3->rrec.type - is the type of record | ||
| 460 | * ssl->s3->rrec.data, - data | ||
| 461 | * ssl->s3->rrec.length, - number of bytes | ||
| 462 | */ | ||
| 463 | /* used only by dtls1_read_bytes */ | ||
| 464 | int | ||
| 465 | dtls1_get_record(SSL *s) | ||
| 466 | { | ||
| 467 | int ssl_major, ssl_minor; | ||
| 468 | int i, n; | ||
| 469 | SSL3_RECORD *rr; | ||
| 470 | unsigned char *p = NULL; | ||
| 471 | unsigned short version; | ||
| 472 | DTLS1_BITMAP *bitmap; | ||
| 473 | unsigned int is_next_epoch; | ||
| 474 | |||
| 475 | rr = &(s->s3->rrec); | ||
| 476 | |||
| 477 | /* The epoch may have changed. If so, process all the | ||
| 478 | * pending records. This is a non-blocking operation. */ | ||
| 479 | if (dtls1_process_buffered_records(s) < 0) | ||
| 480 | return (-1); | ||
| 481 | |||
| 482 | /* if we're renegotiating, then there may be buffered records */ | ||
| 483 | if (dtls1_get_processed_record(s)) | ||
| 484 | return 1; | ||
| 485 | |||
| 486 | /* get something from the wire */ | ||
| 487 | again: | ||
| 488 | /* check if we have the header */ | ||
| 489 | if ((s->rstate != SSL_ST_READ_BODY) || | ||
| 490 | (s->packet_length < DTLS1_RT_HEADER_LENGTH)) { | ||
| 491 | n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); | ||
| 492 | /* read timeout is handled by dtls1_read_bytes */ | ||
| 493 | if (n <= 0) | ||
| 494 | return(n); /* error or non-blocking */ | ||
| 495 | |||
| 496 | /* this packet contained a partial record, dump it */ | ||
| 497 | if (s->packet_length != DTLS1_RT_HEADER_LENGTH) { | ||
| 498 | s->packet_length = 0; | ||
| 499 | goto again; | ||
| 500 | } | ||
| 501 | |||
| 502 | s->rstate = SSL_ST_READ_BODY; | ||
| 503 | |||
| 504 | p = s->packet; | ||
| 505 | |||
| 506 | /* Pull apart the header into the DTLS1_RECORD */ | ||
| 507 | rr->type= *(p++); | ||
| 508 | ssl_major= *(p++); | ||
| 509 | ssl_minor= *(p++); | ||
| 510 | version = (ssl_major << 8)|ssl_minor; | ||
| 511 | |||
| 512 | /* sequence number is 64 bits, with top 2 bytes = epoch */ | ||
| 513 | n2s(p, rr->epoch); | ||
| 514 | |||
| 515 | memcpy(&(s->s3->read_sequence[2]), p, 6); | ||
| 516 | p += 6; | ||
| 517 | |||
| 518 | n2s(p, rr->length); | ||
| 519 | |||
| 520 | /* Lets check version */ | ||
| 521 | if (!s->first_packet) { | ||
| 522 | if (version != s->version) { | ||
| 523 | /* unexpected version, silently discard */ | ||
| 524 | rr->length = 0; | ||
| 525 | s->packet_length = 0; | ||
| 526 | goto again; | ||
| 527 | } | ||
| 528 | } | ||
| 529 | |||
| 530 | if ((version & 0xff00) != (s->version & 0xff00)) { | ||
| 531 | /* wrong version, silently discard record */ | ||
| 532 | rr->length = 0; | ||
| 533 | s->packet_length = 0; | ||
| 534 | goto again; | ||
| 535 | } | ||
| 536 | |||
| 537 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { | ||
| 538 | /* record too long, silently discard it */ | ||
| 539 | rr->length = 0; | ||
| 540 | s->packet_length = 0; | ||
| 541 | goto again; | ||
| 542 | } | ||
| 543 | |||
| 544 | /* now s->rstate == SSL_ST_READ_BODY */ | ||
| 545 | } | ||
| 546 | |||
| 547 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | ||
| 548 | |||
| 549 | if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) { | ||
| 550 | /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ | ||
| 551 | i = rr->length; | ||
| 552 | n = ssl3_read_n(s, i, i, 1); | ||
| 553 | if (n <= 0) | ||
| 554 | return(n); /* error or non-blocking io */ | ||
| 555 | |||
| 556 | /* this packet contained a partial record, dump it */ | ||
| 557 | if (n != i) { | ||
| 558 | rr->length = 0; | ||
| 559 | s->packet_length = 0; | ||
| 560 | goto again; | ||
| 561 | } | ||
| 562 | |||
| 563 | /* now n == rr->length, | ||
| 564 | * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */ | ||
| 565 | } | ||
| 566 | s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ | ||
| 567 | |||
| 568 | /* match epochs. NULL means the packet is dropped on the floor */ | ||
| 569 | bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); | ||
| 570 | if (bitmap == NULL) { | ||
| 571 | rr->length = 0; | ||
| 572 | s->packet_length = 0; | ||
| 573 | /* dump this record */ | ||
| 574 | goto again; | ||
| 575 | /* get another record */ | ||
| 576 | } | ||
| 577 | |||
| 578 | /* Check whether this is a repeat, or aged record. | ||
| 579 | * Don't check if we're listening and this message is | ||
| 580 | * a ClientHello. They can look as if they're replayed, | ||
| 581 | * since they arrive from different connections and | ||
| 582 | * would be dropped unnecessarily. | ||
| 583 | */ | ||
| 584 | if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && | ||
| 585 | p != NULL && *p == SSL3_MT_CLIENT_HELLO) && | ||
| 586 | !dtls1_record_replay_check(s, bitmap)) { | ||
| 587 | rr->length = 0; | ||
| 588 | s->packet_length=0; /* dump this record */ | ||
| 589 | goto again; | ||
| 590 | /* get another record */ | ||
| 591 | } | ||
| 592 | |||
| 593 | /* just read a 0 length packet */ | ||
| 594 | if (rr->length == 0) | ||
| 595 | goto again; | ||
| 596 | |||
| 597 | /* If this record is from the next epoch (either HM or ALERT), | ||
| 598 | * and a handshake is currently in progress, buffer it since it | ||
| 599 | * cannot be processed at this time. However, do not buffer | ||
| 600 | * anything while listening. | ||
| 601 | */ | ||
| 602 | if (is_next_epoch) { | ||
| 603 | if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { | ||
| 604 | if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), | ||
| 605 | rr->seq_num) < 0) | ||
| 606 | return (-1); | ||
| 607 | /* Mark receipt of record. */ | ||
| 608 | dtls1_record_bitmap_update(s, bitmap); | ||
| 609 | } | ||
| 610 | rr->length = 0; | ||
| 611 | s->packet_length = 0; | ||
| 612 | goto again; | ||
| 613 | } | ||
| 614 | |||
| 615 | if (!dtls1_process_record(s)) { | ||
| 616 | rr->length = 0; | ||
| 617 | s->packet_length = 0; | ||
| 618 | /* dump this record */ | ||
| 619 | goto again; | ||
| 620 | /* get another record */ | ||
| 621 | } | ||
| 622 | /* Mark receipt of record. */ | ||
| 623 | dtls1_record_bitmap_update(s, bitmap); | ||
| 624 | |||
| 625 | return (1); | ||
| 626 | |||
| 627 | } | ||
| 628 | |||
| 629 | /* Return up to 'len' payload bytes received in 'type' records. | ||
| 630 | * 'type' is one of the following: | ||
| 631 | * | ||
| 632 | * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | ||
| 633 | * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) | ||
| 634 | * - 0 (during a shutdown, no data has to be returned) | ||
| 635 | * | ||
| 636 | * If we don't have stored data to work from, read a SSL/TLS record first | ||
| 637 | * (possibly multiple records if we still don't have anything to return). | ||
| 638 | * | ||
| 639 | * This function must handle any surprises the peer may have for us, such as | ||
| 640 | * Alert records (e.g. close_notify), ChangeCipherSpec records (not really | ||
| 641 | * a surprise, but handled as if it were), or renegotiation requests. | ||
| 642 | * Also if record payloads contain fragments too small to process, we store | ||
| 643 | * them until there is enough for the respective protocol (the record protocol | ||
| 644 | * may use arbitrary fragmentation and even interleaving): | ||
| 645 | * Change cipher spec protocol | ||
| 646 | * just 1 byte needed, no need for keeping anything stored | ||
| 647 | * Alert protocol | ||
| 648 | * 2 bytes needed (AlertLevel, AlertDescription) | ||
| 649 | * Handshake protocol | ||
| 650 | * 4 bytes needed (HandshakeType, uint24 length) -- we just have | ||
| 651 | * to detect unexpected Client Hello and Hello Request messages | ||
| 652 | * here, anything else is handled by higher layers | ||
| 653 | * Application data protocol | ||
| 654 | * none of our business | ||
| 655 | */ | ||
| 656 | int | ||
| 657 | dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | ||
| 658 | { | ||
| 659 | int al, i, j, ret; | ||
| 660 | unsigned int n; | ||
| 661 | SSL3_RECORD *rr; | ||
| 662 | void (*cb)(const SSL *ssl, int type2, int val) = NULL; | ||
| 663 | |||
| 664 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | ||
| 665 | if (!ssl3_setup_buffers(s)) | ||
| 666 | return (-1); | ||
| 667 | |||
| 668 | if ((type && | ||
| 669 | type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || | ||
| 670 | (peek && (type != SSL3_RT_APPLICATION_DATA))) { | ||
| 671 | SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 672 | return -1; | ||
| 673 | } | ||
| 674 | |||
| 675 | /* check whether there's a handshake message (client hello?) waiting */ | ||
| 676 | if ((ret = have_handshake_fragment(s, type, buf, len, peek))) | ||
| 677 | return ret; | ||
| 678 | |||
| 679 | /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ | ||
| 680 | |||
| 681 | if (!s->in_handshake && SSL_in_init(s)) | ||
| 682 | { | ||
| 683 | /* type == SSL3_RT_APPLICATION_DATA */ | ||
| 684 | i = s->handshake_func(s); | ||
| 685 | if (i < 0) | ||
| 686 | return (i); | ||
| 687 | if (i == 0) { | ||
| 688 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 689 | return (-1); | ||
| 690 | } | ||
| 691 | } | ||
| 692 | |||
| 693 | start: | ||
| 694 | s->rwstate = SSL_NOTHING; | ||
| 695 | |||
| 696 | /* s->s3->rrec.type - is the type of record | ||
| 697 | * s->s3->rrec.data, - data | ||
| 698 | * s->s3->rrec.off, - offset into 'data' for next read | ||
| 699 | * s->s3->rrec.length, - number of bytes. */ | ||
| 700 | rr = &(s->s3->rrec); | ||
| 701 | |||
| 702 | /* We are not handshaking and have no data yet, | ||
| 703 | * so process data buffered during the last handshake | ||
| 704 | * in advance, if any. | ||
| 705 | */ | ||
| 706 | if (s->state == SSL_ST_OK && rr->length == 0) { | ||
| 707 | pitem *item; | ||
| 708 | item = pqueue_pop(s->d1->buffered_app_data.q); | ||
| 709 | if (item) { | ||
| 710 | |||
| 711 | dtls1_copy_record(s, item); | ||
| 712 | |||
| 713 | free(item->data); | ||
| 714 | pitem_free(item); | ||
| 715 | } | ||
| 716 | } | ||
| 717 | |||
| 718 | /* Check for timeout */ | ||
| 719 | if (dtls1_handle_timeout(s) > 0) | ||
| 720 | goto start; | ||
| 721 | |||
| 722 | /* get new packet if necessary */ | ||
| 723 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { | ||
| 724 | ret = dtls1_get_record(s); | ||
| 725 | if (ret <= 0) { | ||
| 726 | ret = dtls1_read_failed(s, ret); | ||
| 727 | /* anything other than a timeout is an error */ | ||
| 728 | if (ret <= 0) | ||
| 729 | return (ret); | ||
| 730 | else | ||
| 731 | goto start; | ||
| 732 | } | ||
| 733 | } | ||
| 734 | |||
| 735 | if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) { | ||
| 736 | rr->length = 0; | ||
| 737 | goto start; | ||
| 738 | } | ||
| 739 | |||
| 740 | /* we now have a packet which can be read and processed */ | ||
| 741 | |||
| 742 | if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, | ||
| 743 | * reset by ssl3_get_finished */ | ||
| 744 | && (rr->type != SSL3_RT_HANDSHAKE)) { | ||
| 745 | /* We now have application data between CCS and Finished. | ||
| 746 | * Most likely the packets were reordered on their way, so | ||
| 747 | * buffer the application data for later processing rather | ||
| 748 | * than dropping the connection. | ||
| 749 | */ | ||
| 750 | if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), | ||
| 751 | rr->seq_num) < 0) { | ||
| 752 | SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 753 | return (-1); | ||
| 754 | } | ||
| 755 | rr->length = 0; | ||
| 756 | goto start; | ||
| 757 | } | ||
| 758 | |||
| 759 | /* If the other end has shut down, throw anything we read away | ||
| 760 | * (even in 'peek' mode) */ | ||
| 761 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | ||
| 762 | rr->length = 0; | ||
| 763 | s->rwstate = SSL_NOTHING; | ||
| 764 | return (0); | ||
| 765 | } | ||
| 766 | |||
| 767 | |||
| 768 | if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ | ||
| 769 | { | ||
| 770 | /* make sure that we are not getting application data when we | ||
| 771 | * are doing a handshake for the first time */ | ||
| 772 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | ||
| 773 | (s->enc_read_ctx == NULL)) { | ||
| 774 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 775 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE); | ||
| 776 | goto f_err; | ||
| 777 | } | ||
| 778 | |||
| 779 | if (len <= 0) | ||
| 780 | return (len); | ||
| 781 | |||
| 782 | if ((unsigned int)len > rr->length) | ||
| 783 | n = rr->length; | ||
| 784 | else | ||
| 785 | n = (unsigned int)len; | ||
| 786 | |||
| 787 | memcpy(buf, &(rr->data[rr->off]), n); | ||
| 788 | if (!peek) { | ||
| 789 | rr->length -= n; | ||
| 790 | rr->off += n; | ||
| 791 | if (rr->length == 0) { | ||
| 792 | s->rstate = SSL_ST_READ_HEADER; | ||
| 793 | rr->off = 0; | ||
| 794 | } | ||
| 795 | } | ||
| 796 | |||
| 797 | return (n); | ||
| 798 | } | ||
| 799 | |||
| 800 | |||
| 801 | /* If we get here, then type != rr->type; if we have a handshake | ||
| 802 | * message, then it was unexpected (Hello Request or Client Hello). */ | ||
| 803 | |||
| 804 | /* In case of record types for which we have 'fragment' storage, | ||
| 805 | * fill that so that we can process the data at a fixed place. | ||
| 806 | */ | ||
| 807 | { | ||
| 808 | unsigned int k, dest_maxlen = 0; | ||
| 809 | unsigned char *dest = NULL; | ||
| 810 | unsigned int *dest_len = NULL; | ||
| 811 | |||
| 812 | if (rr->type == SSL3_RT_HANDSHAKE) { | ||
| 813 | dest_maxlen = sizeof s->d1->handshake_fragment; | ||
| 814 | dest = s->d1->handshake_fragment; | ||
| 815 | dest_len = &s->d1->handshake_fragment_len; | ||
| 816 | } else if (rr->type == SSL3_RT_ALERT) { | ||
| 817 | dest_maxlen = sizeof(s->d1->alert_fragment); | ||
| 818 | dest = s->d1->alert_fragment; | ||
| 819 | dest_len = &s->d1->alert_fragment_len; | ||
| 820 | } | ||
| 821 | /* else it's a CCS message, or application data or wrong */ | ||
| 822 | else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { | ||
| 823 | /* Application data while renegotiating | ||
| 824 | * is allowed. Try again reading. | ||
| 825 | */ | ||
| 826 | if (rr->type == SSL3_RT_APPLICATION_DATA) { | ||
| 827 | BIO *bio; | ||
| 828 | s->s3->in_read_app_data = 2; | ||
| 829 | bio = SSL_get_rbio(s); | ||
| 830 | s->rwstate = SSL_READING; | ||
| 831 | BIO_clear_retry_flags(bio); | ||
| 832 | BIO_set_retry_read(bio); | ||
| 833 | return (-1); | ||
| 834 | } | ||
| 835 | |||
| 836 | /* Not certain if this is the right error handling */ | ||
| 837 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 838 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | ||
| 839 | goto f_err; | ||
| 840 | } | ||
| 841 | |||
| 842 | if (dest_maxlen > 0) { | ||
| 843 | /* XDTLS: In a pathalogical case, the Client Hello | ||
| 844 | * may be fragmented--don't always expect dest_maxlen bytes */ | ||
| 845 | if (rr->length < dest_maxlen) { | ||
| 846 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
| 847 | /* | ||
| 848 | * for normal alerts rr->length is 2, while | ||
| 849 | * dest_maxlen is 7 if we were to handle this | ||
| 850 | * non-existing alert... | ||
| 851 | */ | ||
| 852 | FIX ME | ||
| 853 | #endif | ||
| 854 | s->rstate = SSL_ST_READ_HEADER; | ||
| 855 | rr->length = 0; | ||
| 856 | goto start; | ||
| 857 | } | ||
| 858 | |||
| 859 | /* now move 'n' bytes: */ | ||
| 860 | for ( k = 0; k < dest_maxlen; k++) { | ||
| 861 | dest[k] = rr->data[rr->off++]; | ||
| 862 | rr->length--; | ||
| 863 | } | ||
| 864 | *dest_len = dest_maxlen; | ||
| 865 | } | ||
| 866 | } | ||
| 867 | |||
| 868 | /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; | ||
| 869 | * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. | ||
| 870 | * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ | ||
| 871 | |||
| 872 | /* If we are a client, check for an incoming 'Hello Request': */ | ||
| 873 | if ((!s->server) && | ||
| 874 | (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && | ||
| 875 | (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && | ||
| 876 | (s->session != NULL) && (s->session->cipher != NULL)) { | ||
| 877 | s->d1->handshake_fragment_len = 0; | ||
| 878 | |||
| 879 | if ((s->d1->handshake_fragment[1] != 0) || | ||
| 880 | (s->d1->handshake_fragment[2] != 0) || | ||
| 881 | (s->d1->handshake_fragment[3] != 0)) { | ||
| 882 | al = SSL_AD_DECODE_ERROR; | ||
| 883 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); | ||
| 884 | goto err; | ||
| 885 | } | ||
| 886 | |||
| 887 | /* no need to check sequence number on HELLO REQUEST messages */ | ||
| 888 | |||
| 889 | if (s->msg_callback) | ||
| 890 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | ||
| 891 | s->d1->handshake_fragment, 4, s, s->msg_callback_arg); | ||
| 892 | |||
| 893 | if (SSL_is_init_finished(s) && | ||
| 894 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | ||
| 895 | !s->s3->renegotiate) { | ||
| 896 | s->d1->handshake_read_seq++; | ||
| 897 | s->new_session = 1; | ||
| 898 | ssl3_renegotiate(s); | ||
| 899 | if (ssl3_renegotiate_check(s)) { | ||
| 900 | i = s->handshake_func(s); | ||
| 901 | if (i < 0) | ||
| 902 | return (i); | ||
| 903 | if (i == 0) { | ||
| 904 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 905 | return (-1); | ||
| 906 | } | ||
| 907 | |||
| 908 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) { | ||
| 909 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ | ||
| 910 | { | ||
| 911 | BIO *bio; | ||
| 912 | /* In the case where we try to read application data, | ||
| 913 | * but we trigger an SSL handshake, we return -1 with | ||
| 914 | * the retry option set. Otherwise renegotiation may | ||
| 915 | * cause nasty problems in the blocking world */ | ||
| 916 | s->rwstate = SSL_READING; | ||
| 917 | bio = SSL_get_rbio(s); | ||
| 918 | BIO_clear_retry_flags(bio); | ||
| 919 | BIO_set_retry_read(bio); | ||
| 920 | return (-1); | ||
| 921 | } | ||
| 922 | } | ||
| 923 | } | ||
| 924 | } | ||
| 925 | /* we either finished a handshake or ignored the request, | ||
| 926 | * now try again to obtain the (application) data we were asked for */ | ||
| 927 | goto start; | ||
| 928 | } | ||
| 929 | |||
| 930 | if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { | ||
| 931 | int alert_level = s->d1->alert_fragment[0]; | ||
| 932 | int alert_descr = s->d1->alert_fragment[1]; | ||
| 933 | |||
| 934 | s->d1->alert_fragment_len = 0; | ||
| 935 | |||
| 936 | if (s->msg_callback) | ||
| 937 | s->msg_callback(0, s->version, SSL3_RT_ALERT, | ||
| 938 | s->d1->alert_fragment, 2, s, s->msg_callback_arg); | ||
| 939 | |||
| 940 | if (s->info_callback != NULL) | ||
| 941 | cb = s->info_callback; | ||
| 942 | else if (s->ctx->info_callback != NULL) | ||
| 943 | cb = s->ctx->info_callback; | ||
| 944 | |||
| 945 | if (cb != NULL) { | ||
| 946 | j = (alert_level << 8) | alert_descr; | ||
| 947 | cb(s, SSL_CB_READ_ALERT, j); | ||
| 948 | } | ||
| 949 | |||
| 950 | if (alert_level == 1) /* warning */ | ||
| 951 | { | ||
| 952 | s->s3->warn_alert = alert_descr; | ||
| 953 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | ||
| 954 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | ||
| 955 | return (0); | ||
| 956 | } | ||
| 957 | } else if (alert_level == 2) /* fatal */ | ||
| 958 | { | ||
| 959 | s->rwstate = SSL_NOTHING; | ||
| 960 | s->s3->fatal_alert = alert_descr; | ||
| 961 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | ||
| 962 | ERR_asprintf_error_data("SSL alert number %d", | ||
| 963 | alert_descr); | ||
| 964 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | ||
| 965 | SSL_CTX_remove_session(s->ctx, s->session); | ||
| 966 | return (0); | ||
| 967 | } else { | ||
| 968 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 969 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); | ||
| 970 | goto f_err; | ||
| 971 | } | ||
| 972 | |||
| 973 | goto start; | ||
| 974 | } | ||
| 975 | |||
| 976 | if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ | ||
| 977 | { | ||
| 978 | s->rwstate = SSL_NOTHING; | ||
| 979 | rr->length = 0; | ||
| 980 | return (0); | ||
| 981 | } | ||
| 982 | |||
| 983 | if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { | ||
| 984 | struct ccs_header_st ccs_hdr; | ||
| 985 | unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; | ||
| 986 | |||
| 987 | dtls1_get_ccs_header(rr->data, &ccs_hdr); | ||
| 988 | |||
| 989 | if (s->version == DTLS1_BAD_VER) | ||
| 990 | ccs_hdr_len = 3; | ||
| 991 | |||
| 992 | /* 'Change Cipher Spec' is just a single byte, so we know | ||
| 993 | * exactly what the record payload has to look like */ | ||
| 994 | /* XDTLS: check that epoch is consistent */ | ||
| 995 | if ((rr->length != ccs_hdr_len) || | ||
| 996 | (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { | ||
| 997 | i = SSL_AD_ILLEGAL_PARAMETER; | ||
| 998 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC); | ||
| 999 | goto err; | ||
| 1000 | } | ||
| 1001 | |||
| 1002 | rr->length = 0; | ||
| 1003 | |||
| 1004 | if (s->msg_callback) | ||
| 1005 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, | ||
| 1006 | rr->data, 1, s, s->msg_callback_arg); | ||
| 1007 | |||
| 1008 | /* We can't process a CCS now, because previous handshake | ||
| 1009 | * messages are still missing, so just drop it. | ||
| 1010 | */ | ||
| 1011 | if (!s->d1->change_cipher_spec_ok) { | ||
| 1012 | goto start; | ||
| 1013 | } | ||
| 1014 | |||
| 1015 | s->d1->change_cipher_spec_ok = 0; | ||
| 1016 | |||
| 1017 | s->s3->change_cipher_spec = 1; | ||
| 1018 | if (!ssl3_do_change_cipher_spec(s)) | ||
| 1019 | goto err; | ||
| 1020 | |||
| 1021 | /* do this whenever CCS is processed */ | ||
| 1022 | dtls1_reset_seq_numbers(s, SSL3_CC_READ); | ||
| 1023 | |||
| 1024 | if (s->version == DTLS1_BAD_VER) | ||
| 1025 | s->d1->handshake_read_seq++; | ||
| 1026 | |||
| 1027 | |||
| 1028 | goto start; | ||
| 1029 | } | ||
| 1030 | |||
| 1031 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | ||
| 1032 | if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && | ||
| 1033 | !s->in_handshake) { | ||
| 1034 | struct hm_header_st msg_hdr; | ||
| 1035 | |||
| 1036 | /* this may just be a stale retransmit */ | ||
| 1037 | dtls1_get_message_header(rr->data, &msg_hdr); | ||
| 1038 | if (rr->epoch != s->d1->r_epoch) { | ||
| 1039 | rr->length = 0; | ||
| 1040 | goto start; | ||
| 1041 | } | ||
| 1042 | |||
| 1043 | /* If we are server, we may have a repeated FINISHED of the | ||
| 1044 | * client here, then retransmit our CCS and FINISHED. | ||
| 1045 | */ | ||
| 1046 | if (msg_hdr.type == SSL3_MT_FINISHED) { | ||
| 1047 | if (dtls1_check_timeout_num(s) < 0) | ||
| 1048 | return -1; | ||
| 1049 | |||
| 1050 | dtls1_retransmit_buffered_messages(s); | ||
| 1051 | rr->length = 0; | ||
| 1052 | goto start; | ||
| 1053 | } | ||
| 1054 | |||
| 1055 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | ||
| 1056 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { | ||
| 1057 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | ||
| 1058 | s->renegotiate = 1; | ||
| 1059 | s->new_session = 1; | ||
| 1060 | } | ||
| 1061 | i = s->handshake_func(s); | ||
| 1062 | if (i < 0) | ||
| 1063 | return (i); | ||
| 1064 | if (i == 0) { | ||
| 1065 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1066 | return (-1); | ||
| 1067 | } | ||
| 1068 | |||
| 1069 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) { | ||
| 1070 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ | ||
| 1071 | { | ||
| 1072 | BIO *bio; | ||
| 1073 | /* In the case where we try to read application data, | ||
| 1074 | * but we trigger an SSL handshake, we return -1 with | ||
| 1075 | * the retry option set. Otherwise renegotiation may | ||
| 1076 | * cause nasty problems in the blocking world */ | ||
| 1077 | s->rwstate = SSL_READING; | ||
| 1078 | bio = SSL_get_rbio(s); | ||
| 1079 | BIO_clear_retry_flags(bio); | ||
| 1080 | BIO_set_retry_read(bio); | ||
| 1081 | return (-1); | ||
| 1082 | } | ||
| 1083 | } | ||
| 1084 | goto start; | ||
| 1085 | } | ||
| 1086 | |||
| 1087 | switch (rr->type) { | ||
| 1088 | default: | ||
| 1089 | /* TLS just ignores unknown message types */ | ||
| 1090 | if (s->version == TLS1_VERSION) { | ||
| 1091 | rr->length = 0; | ||
| 1092 | goto start; | ||
| 1093 | } | ||
| 1094 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1095 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | ||
| 1096 | goto f_err; | ||
| 1097 | case SSL3_RT_CHANGE_CIPHER_SPEC: | ||
| 1098 | case SSL3_RT_ALERT: | ||
| 1099 | case SSL3_RT_HANDSHAKE: | ||
| 1100 | /* we already handled all of these, with the possible exception | ||
| 1101 | * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that | ||
| 1102 | * should not happen when type != rr->type */ | ||
| 1103 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1104 | SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 1105 | goto f_err; | ||
| 1106 | case SSL3_RT_APPLICATION_DATA: | ||
| 1107 | /* At this point, we were expecting handshake data, | ||
| 1108 | * but have application data. If the library was | ||
| 1109 | * running inside ssl3_read() (i.e. in_read_app_data | ||
| 1110 | * is set) and it makes sense to read application data | ||
| 1111 | * at this point (session renegotiation not yet started), | ||
| 1112 | * we will indulge it. | ||
| 1113 | */ | ||
| 1114 | if (s->s3->in_read_app_data && | ||
| 1115 | (s->s3->total_renegotiations != 0) && | ||
| 1116 | (((s->state & SSL_ST_CONNECT) && | ||
| 1117 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | ||
| 1118 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( | ||
| 1119 | (s->state & SSL_ST_ACCEPT) && | ||
| 1120 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | ||
| 1121 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { | ||
| 1122 | s->s3->in_read_app_data = 2; | ||
| 1123 | return (-1); | ||
| 1124 | } else { | ||
| 1125 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1126 | SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | ||
| 1127 | goto f_err; | ||
| 1128 | } | ||
| 1129 | } | ||
| 1130 | /* not reached */ | ||
| 1131 | |||
| 1132 | f_err: | ||
| 1133 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1134 | err: | ||
| 1135 | return (-1); | ||
| 1136 | } | ||
| 1137 | |||
| 1138 | int | ||
| 1139 | dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) | ||
| 1140 | { | ||
| 1141 | int i; | ||
| 1142 | |||
| 1143 | if (SSL_in_init(s) && !s->in_handshake) | ||
| 1144 | { | ||
| 1145 | i = s->handshake_func(s); | ||
| 1146 | if (i < 0) | ||
| 1147 | return (i); | ||
| 1148 | if (i == 0) { | ||
| 1149 | SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1150 | return -1; | ||
| 1151 | } | ||
| 1152 | } | ||
| 1153 | |||
| 1154 | if (len > SSL3_RT_MAX_PLAIN_LENGTH) { | ||
| 1155 | SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG); | ||
| 1156 | return -1; | ||
| 1157 | } | ||
| 1158 | |||
| 1159 | i = dtls1_write_bytes(s, type, buf_, len); | ||
| 1160 | return i; | ||
| 1161 | } | ||
| 1162 | |||
| 1163 | |||
| 1164 | /* this only happens when a client hello is received and a handshake | ||
| 1165 | * is started. */ | ||
| 1166 | static int | ||
| 1167 | have_handshake_fragment(SSL *s, int type, unsigned char *buf, | ||
| 1168 | int len, int peek) | ||
| 1169 | { | ||
| 1170 | |||
| 1171 | if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0)) | ||
| 1172 | /* (partially) satisfy request from storage */ | ||
| 1173 | { | ||
| 1174 | unsigned char *src = s->d1->handshake_fragment; | ||
| 1175 | unsigned char *dst = buf; | ||
| 1176 | unsigned int k, n; | ||
| 1177 | |||
| 1178 | /* peek == 0 */ | ||
| 1179 | n = 0; | ||
| 1180 | while ((len > 0) && (s->d1->handshake_fragment_len > 0)) { | ||
| 1181 | *dst++ = *src++; | ||
| 1182 | len--; | ||
| 1183 | s->d1->handshake_fragment_len--; | ||
| 1184 | n++; | ||
| 1185 | } | ||
| 1186 | /* move any remaining fragment bytes: */ | ||
| 1187 | for (k = 0; k < s->d1->handshake_fragment_len; k++) | ||
| 1188 | s->d1->handshake_fragment[k] = *src++; | ||
| 1189 | return n; | ||
| 1190 | } | ||
| 1191 | |||
| 1192 | return 0; | ||
| 1193 | } | ||
| 1194 | |||
| 1195 | |||
| 1196 | /* Call this to write data in records of type 'type' | ||
| 1197 | * It will return <= 0 if not all data has been sent or non-blocking IO. | ||
| 1198 | */ | ||
| 1199 | int | ||
| 1200 | dtls1_write_bytes(SSL *s, int type, const void *buf, int len) | ||
| 1201 | { | ||
| 1202 | int i; | ||
| 1203 | |||
| 1204 | OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); | ||
| 1205 | s->rwstate = SSL_NOTHING; | ||
| 1206 | i = do_dtls1_write(s, type, buf, len); | ||
| 1207 | return i; | ||
| 1208 | } | ||
| 1209 | |||
| 1210 | int | ||
| 1211 | do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) | ||
| 1212 | { | ||
| 1213 | unsigned char *p, *pseq; | ||
| 1214 | int i, mac_size, clear = 0; | ||
| 1215 | int prefix_len = 0; | ||
| 1216 | SSL3_RECORD *wr; | ||
| 1217 | SSL3_BUFFER *wb; | ||
| 1218 | SSL_SESSION *sess; | ||
| 1219 | int bs; | ||
| 1220 | |||
| 1221 | /* first check if there is a SSL3_BUFFER still being written | ||
| 1222 | * out. This will happen with non blocking IO */ | ||
| 1223 | if (s->s3->wbuf.left != 0) { | ||
| 1224 | OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ | ||
| 1225 | return (ssl3_write_pending(s, type, buf, len)); | ||
| 1226 | } | ||
| 1227 | |||
| 1228 | /* If we have an alert to send, lets send it */ | ||
| 1229 | if (s->s3->alert_dispatch) { | ||
| 1230 | i = s->method->ssl_dispatch_alert(s); | ||
| 1231 | if (i <= 0) | ||
| 1232 | return (i); | ||
| 1233 | /* if it went, fall through and send more stuff */ | ||
| 1234 | } | ||
| 1235 | |||
| 1236 | if (len == 0) | ||
| 1237 | return 0; | ||
| 1238 | |||
| 1239 | wr = &(s->s3->wrec); | ||
| 1240 | wb = &(s->s3->wbuf); | ||
| 1241 | sess = s->session; | ||
| 1242 | |||
| 1243 | if ((sess == NULL) || (s->enc_write_ctx == NULL) || | ||
| 1244 | (EVP_MD_CTX_md(s->write_hash) == NULL)) | ||
| 1245 | clear = 1; | ||
| 1246 | |||
| 1247 | if (clear) | ||
| 1248 | mac_size = 0; | ||
| 1249 | else { | ||
| 1250 | mac_size = EVP_MD_CTX_size(s->write_hash); | ||
| 1251 | if (mac_size < 0) | ||
| 1252 | goto err; | ||
| 1253 | } | ||
| 1254 | |||
| 1255 | /* DTLS implements explicit IV, so no need for empty fragments. */ | ||
| 1256 | |||
| 1257 | p = wb->buf + prefix_len; | ||
| 1258 | |||
| 1259 | /* write the header */ | ||
| 1260 | |||
| 1261 | *(p++) = type&0xff; | ||
| 1262 | wr->type = type; | ||
| 1263 | |||
| 1264 | *(p++) = (s->version >> 8); | ||
| 1265 | *(p++) = s->version&0xff; | ||
| 1266 | |||
| 1267 | /* field where we are to write out packet epoch, seq num and len */ | ||
| 1268 | pseq = p; | ||
| 1269 | |||
| 1270 | p += 10; | ||
| 1271 | |||
| 1272 | /* lets setup the record stuff. */ | ||
| 1273 | |||
| 1274 | /* Make space for the explicit IV in case of CBC. | ||
| 1275 | * (this is a bit of a boundary violation, but what the heck). | ||
| 1276 | */ | ||
| 1277 | if (s->enc_write_ctx && | ||
| 1278 | (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE)) | ||
| 1279 | bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher); | ||
| 1280 | else | ||
| 1281 | bs = 0; | ||
| 1282 | |||
| 1283 | wr->data = p + bs; | ||
| 1284 | /* make room for IV in case of CBC */ | ||
| 1285 | wr->length = (int)len; | ||
| 1286 | wr->input = (unsigned char *)buf; | ||
| 1287 | |||
| 1288 | /* we now 'read' from wr->input, wr->length bytes into | ||
| 1289 | * wr->data */ | ||
| 1290 | |||
| 1291 | memcpy(wr->data, wr->input, wr->length); | ||
| 1292 | wr->input = wr->data; | ||
| 1293 | |||
| 1294 | /* we should still have the output to wr->data and the input | ||
| 1295 | * from wr->input. Length should be wr->length. | ||
| 1296 | * wr->data still points in the wb->buf */ | ||
| 1297 | |||
| 1298 | if (mac_size != 0) { | ||
| 1299 | if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0) | ||
| 1300 | goto err; | ||
| 1301 | wr->length += mac_size; | ||
| 1302 | } | ||
| 1303 | |||
| 1304 | /* this is true regardless of mac size */ | ||
| 1305 | wr->input = p; | ||
| 1306 | wr->data = p; | ||
| 1307 | |||
| 1308 | |||
| 1309 | /* ssl3_enc can only have an error on read */ | ||
| 1310 | if (bs) /* bs != 0 in case of CBC */ | ||
| 1311 | { | ||
| 1312 | arc4random_buf(p, bs); | ||
| 1313 | /* master IV and last CBC residue stand for | ||
| 1314 | * the rest of randomness */ | ||
| 1315 | wr->length += bs; | ||
| 1316 | } | ||
| 1317 | |||
| 1318 | s->method->ssl3_enc->enc(s, 1); | ||
| 1319 | |||
| 1320 | /* record length after mac and block padding */ | ||
| 1321 | /* if (type == SSL3_RT_APPLICATION_DATA || | ||
| 1322 | (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */ | ||
| 1323 | |||
| 1324 | /* there's only one epoch between handshake and app data */ | ||
| 1325 | |||
| 1326 | s2n(s->d1->w_epoch, pseq); | ||
| 1327 | |||
| 1328 | /* XDTLS: ?? */ | ||
| 1329 | /* else | ||
| 1330 | s2n(s->d1->handshake_epoch, pseq); | ||
| 1331 | */ | ||
| 1332 | |||
| 1333 | memcpy(pseq, &(s->s3->write_sequence[2]), 6); | ||
| 1334 | pseq += 6; | ||
| 1335 | s2n(wr->length, pseq); | ||
| 1336 | |||
| 1337 | /* we should now have | ||
| 1338 | * wr->data pointing to the encrypted data, which is | ||
| 1339 | * wr->length long */ | ||
| 1340 | wr->type=type; /* not needed but helps for debugging */ | ||
| 1341 | wr->length += DTLS1_RT_HEADER_LENGTH; | ||
| 1342 | |||
| 1343 | ssl3_record_sequence_increment(s->s3->write_sequence); | ||
| 1344 | |||
| 1345 | /* now let's set up wb */ | ||
| 1346 | wb->left = prefix_len + wr->length; | ||
| 1347 | wb->offset = 0; | ||
| 1348 | |||
| 1349 | /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ | ||
| 1350 | s->s3->wpend_tot = len; | ||
| 1351 | s->s3->wpend_buf = buf; | ||
| 1352 | s->s3->wpend_type = type; | ||
| 1353 | s->s3->wpend_ret = len; | ||
| 1354 | |||
| 1355 | /* we now just need to write the buffer */ | ||
| 1356 | return ssl3_write_pending(s, type, buf, len); | ||
| 1357 | err: | ||
| 1358 | return -1; | ||
| 1359 | } | ||
| 1360 | |||
| 1361 | |||
| 1362 | |||
| 1363 | static int | ||
| 1364 | dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) | ||
| 1365 | { | ||
| 1366 | int cmp; | ||
| 1367 | unsigned int shift; | ||
| 1368 | const unsigned char *seq = s->s3->read_sequence; | ||
| 1369 | |||
| 1370 | cmp = satsub64be(seq, bitmap->max_seq_num); | ||
| 1371 | if (cmp > 0) { | ||
| 1372 | memcpy (s->s3->rrec.seq_num, seq, 8); | ||
| 1373 | return 1; /* this record in new */ | ||
| 1374 | } | ||
| 1375 | shift = -cmp; | ||
| 1376 | if (shift >= sizeof(bitmap->map)*8) | ||
| 1377 | return 0; /* stale, outside the window */ | ||
| 1378 | else if (bitmap->map & (1UL << shift)) | ||
| 1379 | return 0; /* record previously received */ | ||
| 1380 | |||
| 1381 | memcpy(s->s3->rrec.seq_num, seq, 8); | ||
| 1382 | return 1; | ||
| 1383 | } | ||
| 1384 | |||
| 1385 | |||
| 1386 | static void | ||
| 1387 | dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) | ||
| 1388 | { | ||
| 1389 | int cmp; | ||
| 1390 | unsigned int shift; | ||
| 1391 | const unsigned char *seq = s->s3->read_sequence; | ||
| 1392 | |||
| 1393 | cmp = satsub64be(seq, bitmap->max_seq_num); | ||
| 1394 | if (cmp > 0) { | ||
| 1395 | shift = cmp; | ||
| 1396 | if (shift < sizeof(bitmap->map)*8) | ||
| 1397 | bitmap->map <<= shift, bitmap->map |= 1UL; | ||
| 1398 | else | ||
| 1399 | bitmap->map = 1UL; | ||
| 1400 | memcpy(bitmap->max_seq_num, seq, 8); | ||
| 1401 | } else { | ||
| 1402 | shift = -cmp; | ||
| 1403 | if (shift < sizeof(bitmap->map) * 8) | ||
| 1404 | bitmap->map |= 1UL << shift; | ||
| 1405 | } | ||
| 1406 | } | ||
| 1407 | |||
| 1408 | |||
| 1409 | int | ||
| 1410 | dtls1_dispatch_alert(SSL *s) | ||
| 1411 | { | ||
| 1412 | int i, j; | ||
| 1413 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 1414 | unsigned char buf[DTLS1_AL_HEADER_LENGTH]; | ||
| 1415 | unsigned char *ptr = &buf[0]; | ||
| 1416 | |||
| 1417 | s->s3->alert_dispatch = 0; | ||
| 1418 | |||
| 1419 | memset(buf, 0x00, sizeof(buf)); | ||
| 1420 | *ptr++ = s->s3->send_alert[0]; | ||
| 1421 | *ptr++ = s->s3->send_alert[1]; | ||
| 1422 | |||
| 1423 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
| 1424 | if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { | ||
| 1425 | s2n(s->d1->handshake_read_seq, ptr); | ||
| 1426 | l2n3(s->d1->r_msg_hdr.frag_off, ptr); | ||
| 1427 | } | ||
| 1428 | #endif | ||
| 1429 | |||
| 1430 | i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); | ||
| 1431 | if (i <= 0) { | ||
| 1432 | s->s3->alert_dispatch = 1; | ||
| 1433 | /* fprintf( stderr, "not done with alert\n" ); */ | ||
| 1434 | } else { | ||
| 1435 | if (s->s3->send_alert[0] == SSL3_AL_FATAL | ||
| 1436 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
| 1437 | || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
| 1438 | #endif | ||
| 1439 | ) | ||
| 1440 | (void)BIO_flush(s->wbio); | ||
| 1441 | |||
| 1442 | if (s->msg_callback) | ||
| 1443 | s->msg_callback(1, s->version, SSL3_RT_ALERT, | ||
| 1444 | s->s3->send_alert, 2, s, s->msg_callback_arg); | ||
| 1445 | |||
| 1446 | if (s->info_callback != NULL) | ||
| 1447 | cb = s->info_callback; | ||
| 1448 | else if (s->ctx->info_callback != NULL) | ||
| 1449 | cb = s->ctx->info_callback; | ||
| 1450 | |||
| 1451 | if (cb != NULL) { | ||
| 1452 | j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; | ||
| 1453 | cb(s, SSL_CB_WRITE_ALERT, j); | ||
| 1454 | } | ||
| 1455 | } | ||
| 1456 | return (i); | ||
| 1457 | } | ||
| 1458 | |||
| 1459 | |||
| 1460 | static DTLS1_BITMAP * | ||
| 1461 | dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) | ||
| 1462 | { | ||
| 1463 | |||
| 1464 | *is_next_epoch = 0; | ||
| 1465 | |||
| 1466 | /* In current epoch, accept HM, CCS, DATA, & ALERT */ | ||
| 1467 | if (rr->epoch == s->d1->r_epoch) | ||
| 1468 | return &s->d1->bitmap; | ||
| 1469 | |||
| 1470 | /* Only HM and ALERT messages can be from the next epoch */ | ||
| 1471 | else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) && | ||
| 1472 | (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { | ||
| 1473 | *is_next_epoch = 1; | ||
| 1474 | return &s->d1->next_bitmap; | ||
| 1475 | } | ||
| 1476 | |||
| 1477 | return NULL; | ||
| 1478 | } | ||
| 1479 | |||
| 1480 | void | ||
| 1481 | dtls1_reset_seq_numbers(SSL *s, int rw) | ||
| 1482 | { | ||
| 1483 | unsigned char *seq; | ||
| 1484 | unsigned int seq_bytes = sizeof(s->s3->read_sequence); | ||
| 1485 | |||
| 1486 | if (rw & SSL3_CC_READ) { | ||
| 1487 | seq = s->s3->read_sequence; | ||
| 1488 | s->d1->r_epoch++; | ||
| 1489 | memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP)); | ||
| 1490 | memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); | ||
| 1491 | } else { | ||
| 1492 | seq = s->s3->write_sequence; | ||
| 1493 | memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence)); | ||
| 1494 | s->d1->w_epoch++; | ||
| 1495 | } | ||
| 1496 | |||
| 1497 | memset(seq, 0x00, seq_bytes); | ||
| 1498 | } | ||
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c deleted file mode 100644 index 7c426f1145..0000000000 --- a/src/lib/libssl/d1_srtp.c +++ /dev/null | |||
| @@ -1,481 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_srtp.c,v 1.11 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* | ||
| 112 | * DTLS code by Eric Rescorla <ekr@rtfm.com> | ||
| 113 | * | ||
| 114 | * Copyright (C) 2006, Network Resonance, Inc. | ||
| 115 | * Copyright (C) 2011, RTFM, Inc. | ||
| 116 | */ | ||
| 117 | |||
| 118 | #include <stdio.h> | ||
| 119 | |||
| 120 | #include <openssl/objects.h> | ||
| 121 | |||
| 122 | #include "ssl_locl.h" | ||
| 123 | |||
| 124 | #ifndef OPENSSL_NO_SRTP | ||
| 125 | |||
| 126 | #include "srtp.h" | ||
| 127 | |||
| 128 | |||
| 129 | static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { | ||
| 130 | { | ||
| 131 | "SRTP_AES128_CM_SHA1_80", | ||
| 132 | SRTP_AES128_CM_SHA1_80, | ||
| 133 | }, | ||
| 134 | { | ||
| 135 | "SRTP_AES128_CM_SHA1_32", | ||
| 136 | SRTP_AES128_CM_SHA1_32, | ||
| 137 | }, | ||
| 138 | {0} | ||
| 139 | }; | ||
| 140 | |||
| 141 | static int | ||
| 142 | find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr, | ||
| 143 | unsigned len) | ||
| 144 | { | ||
| 145 | SRTP_PROTECTION_PROFILE *p; | ||
| 146 | |||
| 147 | p = srtp_known_profiles; | ||
| 148 | while (p->name) { | ||
| 149 | if ((len == strlen(p->name)) && | ||
| 150 | !strncmp(p->name, profile_name, len)) { | ||
| 151 | *pptr = p; | ||
| 152 | return 0; | ||
| 153 | } | ||
| 154 | |||
| 155 | p++; | ||
| 156 | } | ||
| 157 | |||
| 158 | return 1; | ||
| 159 | } | ||
| 160 | |||
| 161 | static int | ||
| 162 | find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr) | ||
| 163 | { | ||
| 164 | SRTP_PROTECTION_PROFILE *p; | ||
| 165 | |||
| 166 | p = srtp_known_profiles; | ||
| 167 | while (p->name) { | ||
| 168 | if (p->id == profile_num) { | ||
| 169 | *pptr = p; | ||
| 170 | return 0; | ||
| 171 | } | ||
| 172 | p++; | ||
| 173 | } | ||
| 174 | |||
| 175 | return 1; | ||
| 176 | } | ||
| 177 | |||
| 178 | static int | ||
| 179 | ssl_ctx_make_profiles(const char *profiles_string, | ||
| 180 | STACK_OF(SRTP_PROTECTION_PROFILE) **out) | ||
| 181 | { | ||
| 182 | STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; | ||
| 183 | |||
| 184 | char *col; | ||
| 185 | char *ptr = (char *)profiles_string; | ||
| 186 | |||
| 187 | SRTP_PROTECTION_PROFILE *p; | ||
| 188 | |||
| 189 | if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { | ||
| 190 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, | ||
| 191 | SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); | ||
| 192 | return 1; | ||
| 193 | } | ||
| 194 | |||
| 195 | do { | ||
| 196 | col = strchr(ptr, ':'); | ||
| 197 | |||
| 198 | if (!find_profile_by_name(ptr, &p, | ||
| 199 | col ? col - ptr : (int)strlen(ptr))) { | ||
| 200 | sk_SRTP_PROTECTION_PROFILE_push(profiles, p); | ||
| 201 | } else { | ||
| 202 | SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, | ||
| 203 | SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); | ||
| 204 | sk_SRTP_PROTECTION_PROFILE_free(profiles); | ||
| 205 | return 1; | ||
| 206 | } | ||
| 207 | |||
| 208 | if (col) | ||
| 209 | ptr = col + 1; | ||
| 210 | } while (col); | ||
| 211 | |||
| 212 | *out = profiles; | ||
| 213 | |||
| 214 | return 0; | ||
| 215 | } | ||
| 216 | |||
| 217 | int | ||
| 218 | SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) | ||
| 219 | { | ||
| 220 | return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); | ||
| 221 | } | ||
| 222 | |||
| 223 | int | ||
| 224 | SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) | ||
| 225 | { | ||
| 226 | return ssl_ctx_make_profiles(profiles, &s->srtp_profiles); | ||
| 227 | } | ||
| 228 | |||
| 229 | |||
| 230 | STACK_OF(SRTP_PROTECTION_PROFILE) * | ||
| 231 | SSL_get_srtp_profiles(SSL *s) | ||
| 232 | { | ||
| 233 | if (s != NULL) { | ||
| 234 | if (s->srtp_profiles != NULL) { | ||
| 235 | return s->srtp_profiles; | ||
| 236 | } else if ((s->ctx != NULL) && | ||
| 237 | (s->ctx->srtp_profiles != NULL)) { | ||
| 238 | return s->ctx->srtp_profiles; | ||
| 239 | } | ||
| 240 | } | ||
| 241 | |||
| 242 | return NULL; | ||
| 243 | } | ||
| 244 | |||
| 245 | SRTP_PROTECTION_PROFILE * | ||
| 246 | SSL_get_selected_srtp_profile(SSL *s) | ||
| 247 | { | ||
| 248 | return s->srtp_profile; | ||
| 249 | } | ||
| 250 | |||
| 251 | /* Note: this function returns 0 length if there are no | ||
| 252 | profiles specified */ | ||
| 253 | int | ||
| 254 | ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) | ||
| 255 | { | ||
| 256 | int ct = 0; | ||
| 257 | int i; | ||
| 258 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0; | ||
| 259 | SRTP_PROTECTION_PROFILE *prof; | ||
| 260 | |||
| 261 | clnt = SSL_get_srtp_profiles(s); | ||
| 262 | |||
| 263 | ct = sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */ | ||
| 264 | |||
| 265 | if (p) { | ||
| 266 | if (ct == 0) { | ||
| 267 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, | ||
| 268 | SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST); | ||
| 269 | return 1; | ||
| 270 | } | ||
| 271 | |||
| 272 | if ((2 + ct * 2 + 1) > maxlen) { | ||
| 273 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, | ||
| 274 | SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | ||
| 275 | return 1; | ||
| 276 | } | ||
| 277 | |||
| 278 | /* Add the length */ | ||
| 279 | s2n(ct * 2, p); | ||
| 280 | for (i = 0; i < ct; i++) { | ||
| 281 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); | ||
| 282 | s2n(prof->id, p); | ||
| 283 | } | ||
| 284 | |||
| 285 | /* Add an empty use_mki value */ | ||
| 286 | *p++ = 0; | ||
| 287 | } | ||
| 288 | |||
| 289 | *len = 2 + ct*2 + 1; | ||
| 290 | |||
| 291 | return 0; | ||
| 292 | } | ||
| 293 | |||
| 294 | |||
| 295 | int | ||
| 296 | ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) | ||
| 297 | { | ||
| 298 | SRTP_PROTECTION_PROFILE *cprof, *sprof; | ||
| 299 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = 0, *srvr; | ||
| 300 | int ct; | ||
| 301 | int mki_len; | ||
| 302 | int i, j; | ||
| 303 | int id; | ||
| 304 | int ret = 1; | ||
| 305 | |||
| 306 | /* Length value + the MKI length */ | ||
| 307 | if (len < 3) { | ||
| 308 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, | ||
| 309 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 310 | *al = SSL_AD_DECODE_ERROR; | ||
| 311 | goto done; | ||
| 312 | } | ||
| 313 | |||
| 314 | /* Pull off the length of the cipher suite list */ | ||
| 315 | n2s(d, ct); | ||
| 316 | len -= 2; | ||
| 317 | |||
| 318 | /* Check that it is even */ | ||
| 319 | if (ct % 2) { | ||
| 320 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, | ||
| 321 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 322 | *al = SSL_AD_DECODE_ERROR; | ||
| 323 | goto done; | ||
| 324 | } | ||
| 325 | |||
| 326 | /* Check that lengths are consistent */ | ||
| 327 | if (len < (ct + 1)) { | ||
| 328 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, | ||
| 329 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 330 | *al = SSL_AD_DECODE_ERROR; | ||
| 331 | goto done; | ||
| 332 | } | ||
| 333 | |||
| 334 | |||
| 335 | clnt = sk_SRTP_PROTECTION_PROFILE_new_null(); | ||
| 336 | |||
| 337 | while (ct) { | ||
| 338 | n2s(d, id); | ||
| 339 | ct -= 2; | ||
| 340 | len -= 2; | ||
| 341 | |||
| 342 | if (!find_profile_by_num(id, &cprof)) { | ||
| 343 | sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof); | ||
| 344 | } else { | ||
| 345 | ; /* Ignore */ | ||
| 346 | } | ||
| 347 | } | ||
| 348 | |||
| 349 | /* Extract the MKI value as a sanity check, but discard it for now. */ | ||
| 350 | mki_len = *d; | ||
| 351 | d++; | ||
| 352 | len--; | ||
| 353 | |||
| 354 | if (mki_len != len) { | ||
| 355 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, | ||
| 356 | SSL_R_BAD_SRTP_MKI_VALUE); | ||
| 357 | *al = SSL_AD_DECODE_ERROR; | ||
| 358 | goto done; | ||
| 359 | } | ||
| 360 | |||
| 361 | srvr = SSL_get_srtp_profiles(s); | ||
| 362 | |||
| 363 | /* | ||
| 364 | * Pick our most preferred profile. If no profiles have been | ||
| 365 | * configured then the outer loop doesn't run | ||
| 366 | * (sk_SRTP_PROTECTION_PROFILE_num() = -1) | ||
| 367 | * and so we just return without doing anything. | ||
| 368 | */ | ||
| 369 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) { | ||
| 370 | sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); | ||
| 371 | |||
| 372 | for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) { | ||
| 373 | cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j); | ||
| 374 | |||
| 375 | if (cprof->id == sprof->id) { | ||
| 376 | s->srtp_profile = sprof; | ||
| 377 | *al = 0; | ||
| 378 | ret = 0; | ||
| 379 | goto done; | ||
| 380 | } | ||
| 381 | } | ||
| 382 | } | ||
| 383 | |||
| 384 | ret = 0; | ||
| 385 | |||
| 386 | done: | ||
| 387 | if (clnt) | ||
| 388 | sk_SRTP_PROTECTION_PROFILE_free(clnt); | ||
| 389 | |||
| 390 | return ret; | ||
| 391 | } | ||
| 392 | |||
| 393 | int | ||
| 394 | ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) | ||
| 395 | { | ||
| 396 | if (p) { | ||
| 397 | if (maxlen < 5) { | ||
| 398 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, | ||
| 399 | SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); | ||
| 400 | return 1; | ||
| 401 | } | ||
| 402 | |||
| 403 | if (s->srtp_profile == 0) { | ||
| 404 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, | ||
| 405 | SSL_R_USE_SRTP_NOT_NEGOTIATED); | ||
| 406 | return 1; | ||
| 407 | } | ||
| 408 | s2n(2, p); | ||
| 409 | s2n(s->srtp_profile->id, p); | ||
| 410 | *p++ = 0; | ||
| 411 | } | ||
| 412 | *len = 5; | ||
| 413 | |||
| 414 | return 0; | ||
| 415 | } | ||
| 416 | |||
| 417 | |||
| 418 | int | ||
| 419 | ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al) | ||
| 420 | { | ||
| 421 | STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; | ||
| 422 | SRTP_PROTECTION_PROFILE *prof; | ||
| 423 | unsigned id; | ||
| 424 | int i; | ||
| 425 | int ct; | ||
| 426 | |||
| 427 | if (len != 5) { | ||
| 428 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, | ||
| 429 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 430 | *al = SSL_AD_DECODE_ERROR; | ||
| 431 | return 1; | ||
| 432 | } | ||
| 433 | |||
| 434 | n2s(d, ct); | ||
| 435 | if (ct != 2) { | ||
| 436 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, | ||
| 437 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 438 | *al = SSL_AD_DECODE_ERROR; | ||
| 439 | return 1; | ||
| 440 | } | ||
| 441 | |||
| 442 | n2s(d, id); | ||
| 443 | if (*d) { | ||
| 444 | /* Must be no MKI, since we never offer one. */ | ||
| 445 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, | ||
| 446 | SSL_R_BAD_SRTP_MKI_VALUE); | ||
| 447 | *al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 448 | return 1; | ||
| 449 | } | ||
| 450 | |||
| 451 | clnt = SSL_get_srtp_profiles(s); | ||
| 452 | |||
| 453 | /* Throw an error if the server gave us an unsolicited extension. */ | ||
| 454 | if (clnt == NULL) { | ||
| 455 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, | ||
| 456 | SSL_R_NO_SRTP_PROFILES); | ||
| 457 | *al = SSL_AD_DECODE_ERROR; | ||
| 458 | return 1; | ||
| 459 | } | ||
| 460 | |||
| 461 | /* | ||
| 462 | * Check to see if the server gave us something we support | ||
| 463 | * (and presumably offered). | ||
| 464 | */ | ||
| 465 | for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) { | ||
| 466 | prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i); | ||
| 467 | |||
| 468 | if (prof->id == id) { | ||
| 469 | s->srtp_profile = prof; | ||
| 470 | *al = 0; | ||
| 471 | return 0; | ||
| 472 | } | ||
| 473 | } | ||
| 474 | |||
| 475 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, | ||
| 476 | SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); | ||
| 477 | *al = SSL_AD_DECODE_ERROR; | ||
| 478 | return 1; | ||
| 479 | } | ||
| 480 | |||
| 481 | #endif | ||
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c deleted file mode 100644 index 4e6d0da3b3..0000000000 --- a/src/lib/libssl/d1_srvr.c +++ /dev/null | |||
| @@ -1,1357 +0,0 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.49 2015/02/09 10:53:28 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@OpenSSL.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 60 | * All rights reserved. | ||
| 61 | * | ||
| 62 | * This package is an SSL implementation written | ||
| 63 | * by Eric Young (eay@cryptsoft.com). | ||
| 64 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 65 | * | ||
| 66 | * This library is free for commercial and non-commercial use as long as | ||
| 67 | * the following conditions are aheared to. The following conditions | ||
| 68 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 69 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 70 | * included with this distribution is covered by the same copyright terms | ||
| 71 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 72 | * | ||
| 73 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 74 | * the code are not to be removed. | ||
| 75 | * If this package is used in a product, Eric Young should be given attribution | ||
| 76 | * as the author of the parts of the library used. | ||
| 77 | * This can be in the form of a textual message at program startup or | ||
| 78 | * in documentation (online or textual) provided with the package. | ||
| 79 | * | ||
| 80 | * Redistribution and use in source and binary forms, with or without | ||
| 81 | * modification, are permitted provided that the following conditions | ||
| 82 | * are met: | ||
| 83 | * 1. Redistributions of source code must retain the copyright | ||
| 84 | * notice, this list of conditions and the following disclaimer. | ||
| 85 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 86 | * notice, this list of conditions and the following disclaimer in the | ||
| 87 | * documentation and/or other materials provided with the distribution. | ||
| 88 | * 3. All advertising materials mentioning features or use of this software | ||
| 89 | * must display the following acknowledgement: | ||
| 90 | * "This product includes cryptographic software written by | ||
| 91 | * Eric Young (eay@cryptsoft.com)" | ||
| 92 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 93 | * being used are not cryptographic related :-). | ||
| 94 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 95 | * the apps directory (application code) you must include an acknowledgement: | ||
| 96 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 97 | * | ||
| 98 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 99 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 100 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 101 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 102 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 103 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 104 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 105 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 106 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 107 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 108 | * SUCH DAMAGE. | ||
| 109 | * | ||
| 110 | * The licence and distribution terms for any publically available version or | ||
| 111 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 112 | * copied and put under another distribution licence | ||
| 113 | * [including the GNU Public Licence.] | ||
| 114 | */ | ||
| 115 | |||
| 116 | #include <stdio.h> | ||
| 117 | |||
| 118 | #include "ssl_locl.h" | ||
| 119 | |||
| 120 | #include <openssl/bn.h> | ||
| 121 | #include <openssl/buffer.h> | ||
| 122 | #include <openssl/dh.h> | ||
| 123 | #include <openssl/evp.h> | ||
| 124 | #include <openssl/md5.h> | ||
| 125 | #include <openssl/objects.h> | ||
| 126 | #include <openssl/x509.h> | ||
| 127 | |||
| 128 | static const SSL_METHOD *dtls1_get_server_method(int ver); | ||
| 129 | static int dtls1_send_hello_verify_request(SSL *s); | ||
| 130 | |||
| 131 | const SSL_METHOD DTLSv1_server_method_data = { | ||
| 132 | .version = DTLS1_VERSION, | ||
| 133 | .ssl_new = dtls1_new, | ||
| 134 | .ssl_clear = dtls1_clear, | ||
| 135 | .ssl_free = dtls1_free, | ||
| 136 | .ssl_accept = dtls1_accept, | ||
| 137 | .ssl_connect = ssl_undefined_function, | ||
| 138 | .ssl_read = ssl3_read, | ||
| 139 | .ssl_peek = ssl3_peek, | ||
| 140 | .ssl_write = ssl3_write, | ||
| 141 | .ssl_shutdown = dtls1_shutdown, | ||
| 142 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 143 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 144 | .ssl_get_message = dtls1_get_message, | ||
| 145 | .ssl_read_bytes = dtls1_read_bytes, | ||
| 146 | .ssl_write_bytes = dtls1_write_app_data_bytes, | ||
| 147 | .ssl_dispatch_alert = dtls1_dispatch_alert, | ||
| 148 | .ssl_ctrl = dtls1_ctrl, | ||
| 149 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 150 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 151 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 152 | .ssl_pending = ssl3_pending, | ||
| 153 | .num_ciphers = ssl3_num_ciphers, | ||
| 154 | .get_cipher = dtls1_get_cipher, | ||
| 155 | .get_ssl_method = dtls1_get_server_method, | ||
| 156 | .get_timeout = dtls1_default_timeout, | ||
| 157 | .ssl3_enc = &DTLSv1_enc_data, | ||
| 158 | .ssl_version = ssl_undefined_void_function, | ||
| 159 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 160 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 161 | }; | ||
| 162 | |||
| 163 | const SSL_METHOD * | ||
| 164 | DTLSv1_server_method(void) | ||
| 165 | { | ||
| 166 | return &DTLSv1_server_method_data; | ||
| 167 | } | ||
| 168 | |||
| 169 | static const SSL_METHOD * | ||
| 170 | dtls1_get_server_method(int ver) | ||
| 171 | { | ||
| 172 | if (ver == DTLS1_VERSION) | ||
| 173 | return (DTLSv1_server_method()); | ||
| 174 | return (NULL); | ||
| 175 | } | ||
| 176 | |||
| 177 | int | ||
| 178 | dtls1_accept(SSL *s) | ||
| 179 | { | ||
| 180 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 181 | unsigned long alg_k; | ||
| 182 | int ret = -1; | ||
| 183 | int new_state, state, skip = 0; | ||
| 184 | int listen; | ||
| 185 | |||
| 186 | ERR_clear_error(); | ||
| 187 | errno = 0; | ||
| 188 | |||
| 189 | if (s->info_callback != NULL) | ||
| 190 | cb = s->info_callback; | ||
| 191 | else if (s->ctx->info_callback != NULL) | ||
| 192 | cb = s->ctx->info_callback; | ||
| 193 | |||
| 194 | listen = s->d1->listen; | ||
| 195 | |||
| 196 | /* init things to blank */ | ||
| 197 | s->in_handshake++; | ||
| 198 | if (!SSL_in_init(s) || SSL_in_before(s)) | ||
| 199 | SSL_clear(s); | ||
| 200 | |||
| 201 | s->d1->listen = listen; | ||
| 202 | |||
| 203 | if (s->cert == NULL) { | ||
| 204 | SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET); | ||
| 205 | return (-1); | ||
| 206 | } | ||
| 207 | |||
| 208 | for (;;) { | ||
| 209 | state = s->state; | ||
| 210 | |||
| 211 | switch (s->state) { | ||
| 212 | case SSL_ST_RENEGOTIATE: | ||
| 213 | s->renegotiate = 1; | ||
| 214 | /* s->state=SSL_ST_ACCEPT; */ | ||
| 215 | |||
| 216 | case SSL_ST_BEFORE: | ||
| 217 | case SSL_ST_ACCEPT: | ||
| 218 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 219 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 220 | |||
| 221 | s->server = 1; | ||
| 222 | if (cb != NULL) | ||
| 223 | cb(s, SSL_CB_HANDSHAKE_START, 1); | ||
| 224 | |||
| 225 | if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) { | ||
| 226 | SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); | ||
| 227 | return -1; | ||
| 228 | } | ||
| 229 | s->type = SSL_ST_ACCEPT; | ||
| 230 | |||
| 231 | if (s->init_buf == NULL) { | ||
| 232 | BUF_MEM *buf; | ||
| 233 | if ((buf = BUF_MEM_new()) == NULL) { | ||
| 234 | ret = -1; | ||
| 235 | goto end; | ||
| 236 | } | ||
| 237 | if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { | ||
| 238 | BUF_MEM_free(buf); | ||
| 239 | ret = -1; | ||
| 240 | goto end; | ||
| 241 | } | ||
| 242 | s->init_buf = buf; | ||
| 243 | } | ||
| 244 | |||
| 245 | if (!ssl3_setup_buffers(s)) { | ||
| 246 | ret = -1; | ||
| 247 | goto end; | ||
| 248 | } | ||
| 249 | |||
| 250 | s->init_num = 0; | ||
| 251 | |||
| 252 | if (s->state != SSL_ST_RENEGOTIATE) { | ||
| 253 | /* Ok, we now need to push on a buffering BIO so that | ||
| 254 | * the output is sent in a way that TCP likes :-) | ||
| 255 | * ...but not with SCTP :-) | ||
| 256 | */ | ||
| 257 | if (!ssl_init_wbio_buffer(s, 1)) { | ||
| 258 | ret = -1; | ||
| 259 | goto end; | ||
| 260 | } | ||
| 261 | |||
| 262 | if (!ssl3_init_finished_mac(s)) { | ||
| 263 | ret = -1; | ||
| 264 | goto end; | ||
| 265 | } | ||
| 266 | |||
| 267 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | ||
| 268 | s->ctx->stats.sess_accept++; | ||
| 269 | } else { | ||
| 270 | /* s->state == SSL_ST_RENEGOTIATE, | ||
| 271 | * we will just send a HelloRequest */ | ||
| 272 | s->ctx->stats.sess_accept_renegotiate++; | ||
| 273 | s->state = SSL3_ST_SW_HELLO_REQ_A; | ||
| 274 | } | ||
| 275 | |||
| 276 | break; | ||
| 277 | |||
| 278 | case SSL3_ST_SW_HELLO_REQ_A: | ||
| 279 | case SSL3_ST_SW_HELLO_REQ_B: | ||
| 280 | |||
| 281 | s->shutdown = 0; | ||
| 282 | dtls1_clear_record_buffer(s); | ||
| 283 | dtls1_start_timer(s); | ||
| 284 | ret = dtls1_send_hello_request(s); | ||
| 285 | if (ret <= 0) | ||
| 286 | goto end; | ||
| 287 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | ||
| 288 | s->state = SSL3_ST_SW_FLUSH; | ||
| 289 | s->init_num = 0; | ||
| 290 | |||
| 291 | if (!ssl3_init_finished_mac(s)) { | ||
| 292 | ret = -1; | ||
| 293 | goto end; | ||
| 294 | } | ||
| 295 | break; | ||
| 296 | |||
| 297 | case SSL3_ST_SW_HELLO_REQ_C: | ||
| 298 | s->state = SSL_ST_OK; | ||
| 299 | break; | ||
| 300 | |||
| 301 | case SSL3_ST_SR_CLNT_HELLO_A: | ||
| 302 | case SSL3_ST_SR_CLNT_HELLO_B: | ||
| 303 | case SSL3_ST_SR_CLNT_HELLO_C: | ||
| 304 | |||
| 305 | s->shutdown = 0; | ||
| 306 | ret = ssl3_get_client_hello(s); | ||
| 307 | if (ret <= 0) | ||
| 308 | goto end; | ||
| 309 | dtls1_stop_timer(s); | ||
| 310 | |||
| 311 | if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) | ||
| 312 | s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; | ||
| 313 | else | ||
| 314 | s->state = SSL3_ST_SW_SRVR_HELLO_A; | ||
| 315 | |||
| 316 | s->init_num = 0; | ||
| 317 | |||
| 318 | /* Reflect ClientHello sequence to remain stateless while listening */ | ||
| 319 | if (listen) { | ||
| 320 | memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence)); | ||
| 321 | } | ||
| 322 | |||
| 323 | /* If we're just listening, stop here */ | ||
| 324 | if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { | ||
| 325 | ret = 2; | ||
| 326 | s->d1->listen = 0; | ||
| 327 | /* Set expected sequence numbers | ||
| 328 | * to continue the handshake. | ||
| 329 | */ | ||
| 330 | s->d1->handshake_read_seq = 2; | ||
| 331 | s->d1->handshake_write_seq = 1; | ||
| 332 | s->d1->next_handshake_write_seq = 1; | ||
| 333 | goto end; | ||
| 334 | } | ||
| 335 | |||
| 336 | break; | ||
| 337 | |||
| 338 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 339 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 340 | |||
| 341 | ret = dtls1_send_hello_verify_request(s); | ||
| 342 | if (ret <= 0) | ||
| 343 | goto end; | ||
| 344 | s->state = SSL3_ST_SW_FLUSH; | ||
| 345 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | ||
| 346 | |||
| 347 | /* HelloVerifyRequest resets Finished MAC */ | ||
| 348 | if (s->version != DTLS1_BAD_VER) { | ||
| 349 | if (!ssl3_init_finished_mac(s)) { | ||
| 350 | ret = -1; | ||
| 351 | goto end; | ||
| 352 | } | ||
| 353 | } | ||
| 354 | break; | ||
| 355 | |||
| 356 | |||
| 357 | case SSL3_ST_SW_SRVR_HELLO_A: | ||
| 358 | case SSL3_ST_SW_SRVR_HELLO_B: | ||
| 359 | s->renegotiate = 2; | ||
| 360 | dtls1_start_timer(s); | ||
| 361 | ret = dtls1_send_server_hello(s); | ||
| 362 | if (ret <= 0) | ||
| 363 | goto end; | ||
| 364 | |||
| 365 | if (s->hit) { | ||
| 366 | if (s->tlsext_ticket_expected) | ||
| 367 | s->state = SSL3_ST_SW_SESSION_TICKET_A; | ||
| 368 | else | ||
| 369 | s->state = SSL3_ST_SW_CHANGE_A; | ||
| 370 | } else | ||
| 371 | s->state = SSL3_ST_SW_CERT_A; | ||
| 372 | s->init_num = 0; | ||
| 373 | break; | ||
| 374 | |||
| 375 | case SSL3_ST_SW_CERT_A: | ||
| 376 | case SSL3_ST_SW_CERT_B: | ||
| 377 | /* Check if it is anon DH. */ | ||
| 378 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | ||
| 379 | SSL_aNULL)) { | ||
| 380 | dtls1_start_timer(s); | ||
| 381 | ret = dtls1_send_server_certificate(s); | ||
| 382 | if (ret <= 0) | ||
| 383 | goto end; | ||
| 384 | if (s->tlsext_status_expected) | ||
| 385 | s->state = SSL3_ST_SW_CERT_STATUS_A; | ||
| 386 | else | ||
| 387 | s->state = SSL3_ST_SW_KEY_EXCH_A; | ||
| 388 | } else { | ||
| 389 | skip = 1; | ||
| 390 | s->state = SSL3_ST_SW_KEY_EXCH_A; | ||
| 391 | } | ||
| 392 | s->init_num = 0; | ||
| 393 | break; | ||
| 394 | |||
| 395 | case SSL3_ST_SW_KEY_EXCH_A: | ||
| 396 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 397 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 398 | |||
| 399 | /* Only send if using a DH key exchange. */ | ||
| 400 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { | ||
| 401 | dtls1_start_timer(s); | ||
| 402 | ret = dtls1_send_server_key_exchange(s); | ||
| 403 | if (ret <= 0) | ||
| 404 | goto end; | ||
| 405 | } else | ||
| 406 | skip = 1; | ||
| 407 | |||
| 408 | s->state = SSL3_ST_SW_CERT_REQ_A; | ||
| 409 | s->init_num = 0; | ||
| 410 | break; | ||
| 411 | |||
| 412 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 413 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 414 | /* | ||
| 415 | * Determine whether or not we need to request a | ||
| 416 | * certificate. | ||
| 417 | * | ||
| 418 | * Do not request a certificate if: | ||
| 419 | * | ||
| 420 | * - We did not ask for it (SSL_VERIFY_PEER is unset). | ||
| 421 | * | ||
| 422 | * - SSL_VERIFY_CLIENT_ONCE is set and we are | ||
| 423 | * renegotiating. | ||
| 424 | * | ||
| 425 | * - We are using an anonymous ciphersuites | ||
| 426 | * (see section "Certificate request" in SSL 3 drafts | ||
| 427 | * and in RFC 2246) ... except when the application | ||
| 428 | * insists on verification (against the specs, but | ||
| 429 | * s3_clnt.c accepts this for SSL 3). | ||
| 430 | */ | ||
| 431 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | ||
| 432 | ((s->session->peer != NULL) && | ||
| 433 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | ||
| 434 | ((s->s3->tmp.new_cipher->algorithm_auth & | ||
| 435 | SSL_aNULL) && !(s->verify_mode & | ||
| 436 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { | ||
| 437 | /* no cert request */ | ||
| 438 | skip = 1; | ||
| 439 | s->s3->tmp.cert_request = 0; | ||
| 440 | s->state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 441 | } else { | ||
| 442 | s->s3->tmp.cert_request = 1; | ||
| 443 | dtls1_start_timer(s); | ||
| 444 | ret = dtls1_send_certificate_request(s); | ||
| 445 | if (ret <= 0) | ||
| 446 | goto end; | ||
| 447 | s->state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 448 | s->init_num = 0; | ||
| 449 | } | ||
| 450 | break; | ||
| 451 | |||
| 452 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 453 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 454 | dtls1_start_timer(s); | ||
| 455 | ret = dtls1_send_server_done(s); | ||
| 456 | if (ret <= 0) | ||
| 457 | goto end; | ||
| 458 | s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; | ||
| 459 | s->state = SSL3_ST_SW_FLUSH; | ||
| 460 | s->init_num = 0; | ||
| 461 | break; | ||
| 462 | |||
| 463 | case SSL3_ST_SW_FLUSH: | ||
| 464 | s->rwstate = SSL_WRITING; | ||
| 465 | if (BIO_flush(s->wbio) <= 0) { | ||
| 466 | /* If the write error was fatal, stop trying */ | ||
| 467 | if (!BIO_should_retry(s->wbio)) { | ||
| 468 | s->rwstate = SSL_NOTHING; | ||
| 469 | s->state = s->s3->tmp.next_state; | ||
| 470 | } | ||
| 471 | |||
| 472 | ret = -1; | ||
| 473 | goto end; | ||
| 474 | } | ||
| 475 | s->rwstate = SSL_NOTHING; | ||
| 476 | s->state = s->s3->tmp.next_state; | ||
| 477 | break; | ||
| 478 | |||
| 479 | case SSL3_ST_SR_CERT_A: | ||
| 480 | case SSL3_ST_SR_CERT_B: | ||
| 481 | /* Check for second client hello (MS SGC) */ | ||
| 482 | ret = ssl3_check_client_hello(s); | ||
| 483 | if (ret <= 0) | ||
| 484 | goto end; | ||
| 485 | if (ret == 2) { | ||
| 486 | dtls1_stop_timer(s); | ||
| 487 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | ||
| 488 | } else { | ||
| 489 | /* could be sent for a DH cert, even if we | ||
| 490 | * have not asked for it :-) */ | ||
| 491 | ret = ssl3_get_client_certificate(s); | ||
| 492 | if (ret <= 0) | ||
| 493 | goto end; | ||
| 494 | s->init_num = 0; | ||
| 495 | s->state = SSL3_ST_SR_KEY_EXCH_A; | ||
| 496 | } | ||
| 497 | break; | ||
| 498 | |||
| 499 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 500 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 501 | ret = ssl3_get_client_key_exchange(s); | ||
| 502 | if (ret <= 0) | ||
| 503 | goto end; | ||
| 504 | |||
| 505 | s->state = SSL3_ST_SR_CERT_VRFY_A; | ||
| 506 | s->init_num = 0; | ||
| 507 | |||
| 508 | if (ret == 2) { | ||
| 509 | /* For the ECDH ciphersuites when | ||
| 510 | * the client sends its ECDH pub key in | ||
| 511 | * a certificate, the CertificateVerify | ||
| 512 | * message is not sent. | ||
| 513 | */ | ||
| 514 | s->state = SSL3_ST_SR_FINISHED_A; | ||
| 515 | s->init_num = 0; | ||
| 516 | } else { | ||
| 517 | s->state = SSL3_ST_SR_CERT_VRFY_A; | ||
| 518 | s->init_num = 0; | ||
| 519 | |||
| 520 | /* We need to get hashes here so if there is | ||
| 521 | * a client cert, it can be verified */ | ||
| 522 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 523 | NID_md5, &(s->s3->tmp.cert_verify_md[0])); | ||
| 524 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 525 | NID_sha1, | ||
| 526 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); | ||
| 527 | } | ||
| 528 | break; | ||
| 529 | |||
| 530 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 531 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 532 | |||
| 533 | s->d1->change_cipher_spec_ok = 1; | ||
| 534 | /* we should decide if we expected this one */ | ||
| 535 | ret = ssl3_get_cert_verify(s); | ||
| 536 | if (ret <= 0) | ||
| 537 | goto end; | ||
| 538 | s->state = SSL3_ST_SR_FINISHED_A; | ||
| 539 | s->init_num = 0; | ||
| 540 | break; | ||
| 541 | |||
| 542 | case SSL3_ST_SR_FINISHED_A: | ||
| 543 | case SSL3_ST_SR_FINISHED_B: | ||
| 544 | s->d1->change_cipher_spec_ok = 1; | ||
| 545 | ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, | ||
| 546 | SSL3_ST_SR_FINISHED_B); | ||
| 547 | if (ret <= 0) | ||
| 548 | goto end; | ||
| 549 | dtls1_stop_timer(s); | ||
| 550 | if (s->hit) | ||
| 551 | s->state = SSL_ST_OK; | ||
| 552 | else if (s->tlsext_ticket_expected) | ||
| 553 | s->state = SSL3_ST_SW_SESSION_TICKET_A; | ||
| 554 | else | ||
| 555 | s->state = SSL3_ST_SW_CHANGE_A; | ||
| 556 | s->init_num = 0; | ||
| 557 | break; | ||
| 558 | |||
| 559 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 560 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 561 | ret = dtls1_send_newsession_ticket(s); | ||
| 562 | if (ret <= 0) | ||
| 563 | goto end; | ||
| 564 | s->state = SSL3_ST_SW_CHANGE_A; | ||
| 565 | s->init_num = 0; | ||
| 566 | break; | ||
| 567 | |||
| 568 | case SSL3_ST_SW_CERT_STATUS_A: | ||
| 569 | case SSL3_ST_SW_CERT_STATUS_B: | ||
| 570 | ret = ssl3_send_cert_status(s); | ||
| 571 | if (ret <= 0) | ||
| 572 | goto end; | ||
| 573 | s->state = SSL3_ST_SW_KEY_EXCH_A; | ||
| 574 | s->init_num = 0; | ||
| 575 | break; | ||
| 576 | |||
| 577 | |||
| 578 | case SSL3_ST_SW_CHANGE_A: | ||
| 579 | case SSL3_ST_SW_CHANGE_B: | ||
| 580 | |||
| 581 | s->session->cipher = s->s3->tmp.new_cipher; | ||
| 582 | if (!s->method->ssl3_enc->setup_key_block(s)) { | ||
| 583 | ret = -1; | ||
| 584 | goto end; | ||
| 585 | } | ||
| 586 | |||
| 587 | ret = dtls1_send_change_cipher_spec(s, | ||
| 588 | SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B); | ||
| 589 | |||
| 590 | if (ret <= 0) | ||
| 591 | goto end; | ||
| 592 | |||
| 593 | |||
| 594 | s->state = SSL3_ST_SW_FINISHED_A; | ||
| 595 | s->init_num = 0; | ||
| 596 | |||
| 597 | if (!s->method->ssl3_enc->change_cipher_state(s, | ||
| 598 | SSL3_CHANGE_CIPHER_SERVER_WRITE)) { | ||
| 599 | ret = -1; | ||
| 600 | goto end; | ||
| 601 | } | ||
| 602 | |||
| 603 | dtls1_reset_seq_numbers(s, SSL3_CC_WRITE); | ||
| 604 | break; | ||
| 605 | |||
| 606 | case SSL3_ST_SW_FINISHED_A: | ||
| 607 | case SSL3_ST_SW_FINISHED_B: | ||
| 608 | ret = dtls1_send_finished(s, | ||
| 609 | SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B, | ||
| 610 | s->method->ssl3_enc->server_finished_label, | ||
| 611 | s->method->ssl3_enc->server_finished_label_len); | ||
| 612 | if (ret <= 0) | ||
| 613 | goto end; | ||
| 614 | s->state = SSL3_ST_SW_FLUSH; | ||
| 615 | if (s->hit) { | ||
| 616 | s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; | ||
| 617 | |||
| 618 | } else { | ||
| 619 | s->s3->tmp.next_state = SSL_ST_OK; | ||
| 620 | } | ||
| 621 | s->init_num = 0; | ||
| 622 | break; | ||
| 623 | |||
| 624 | case SSL_ST_OK: | ||
| 625 | /* clean a few things up */ | ||
| 626 | ssl3_cleanup_key_block(s); | ||
| 627 | |||
| 628 | /* remove buffering on output */ | ||
| 629 | ssl_free_wbio_buffer(s); | ||
| 630 | |||
| 631 | s->init_num = 0; | ||
| 632 | |||
| 633 | if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ | ||
| 634 | { | ||
| 635 | s->renegotiate = 0; | ||
| 636 | s->new_session = 0; | ||
| 637 | |||
| 638 | ssl_update_cache(s, SSL_SESS_CACHE_SERVER); | ||
| 639 | |||
| 640 | s->ctx->stats.sess_accept_good++; | ||
| 641 | /* s->server=1; */ | ||
| 642 | s->handshake_func = dtls1_accept; | ||
| 643 | |||
| 644 | if (cb != NULL) | ||
| 645 | cb(s, SSL_CB_HANDSHAKE_DONE, 1); | ||
| 646 | } | ||
| 647 | |||
| 648 | ret = 1; | ||
| 649 | |||
| 650 | /* done handshaking, next message is client hello */ | ||
| 651 | s->d1->handshake_read_seq = 0; | ||
| 652 | /* next message is server hello */ | ||
| 653 | s->d1->handshake_write_seq = 0; | ||
| 654 | s->d1->next_handshake_write_seq = 0; | ||
| 655 | goto end; | ||
| 656 | /* break; */ | ||
| 657 | |||
| 658 | default: | ||
| 659 | SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); | ||
| 660 | ret = -1; | ||
| 661 | goto end; | ||
| 662 | /* break; */ | ||
| 663 | } | ||
| 664 | |||
| 665 | if (!s->s3->tmp.reuse_message && !skip) { | ||
| 666 | if (s->debug) { | ||
| 667 | if ((ret = BIO_flush(s->wbio)) <= 0) | ||
| 668 | goto end; | ||
| 669 | } | ||
| 670 | |||
| 671 | if ((cb != NULL) && (s->state != state)) { | ||
| 672 | new_state = s->state; | ||
| 673 | s->state = state; | ||
| 674 | cb(s, SSL_CB_ACCEPT_LOOP, 1); | ||
| 675 | s->state = new_state; | ||
| 676 | } | ||
| 677 | } | ||
| 678 | skip = 0; | ||
| 679 | } | ||
| 680 | end: | ||
| 681 | /* BIO_flush(s->wbio); */ | ||
| 682 | |||
| 683 | s->in_handshake--; | ||
| 684 | |||
| 685 | if (cb != NULL) | ||
| 686 | cb(s, SSL_CB_ACCEPT_EXIT, ret); | ||
| 687 | return (ret); | ||
| 688 | } | ||
| 689 | |||
| 690 | int | ||
| 691 | dtls1_send_hello_request(SSL *s) | ||
| 692 | { | ||
| 693 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { | ||
| 694 | ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); | ||
| 695 | ssl3_handshake_msg_finish(s, 0); | ||
| 696 | |||
| 697 | s->state = SSL3_ST_SW_HELLO_REQ_B; | ||
| 698 | } | ||
| 699 | |||
| 700 | /* SSL3_ST_SW_HELLO_REQ_B */ | ||
| 701 | return (ssl3_handshake_write(s)); | ||
| 702 | } | ||
| 703 | |||
| 704 | int | ||
| 705 | dtls1_send_hello_verify_request(SSL *s) | ||
| 706 | { | ||
| 707 | unsigned char *d, *p; | ||
| 708 | |||
| 709 | if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { | ||
| 710 | d = p = ssl3_handshake_msg_start(s, | ||
| 711 | DTLS1_MT_HELLO_VERIFY_REQUEST); | ||
| 712 | |||
| 713 | *(p++) = s->version >> 8; | ||
| 714 | *(p++) = s->version & 0xFF; | ||
| 715 | |||
| 716 | if (s->ctx->app_gen_cookie_cb == NULL || | ||
| 717 | s->ctx->app_gen_cookie_cb(s, s->d1->cookie, | ||
| 718 | &(s->d1->cookie_len)) == 0) { | ||
| 719 | SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, | ||
| 720 | ERR_R_INTERNAL_ERROR); | ||
| 721 | return 0; | ||
| 722 | } | ||
| 723 | |||
| 724 | *(p++) = (unsigned char) s->d1->cookie_len; | ||
| 725 | memcpy(p, s->d1->cookie, s->d1->cookie_len); | ||
| 726 | p += s->d1->cookie_len; | ||
| 727 | |||
| 728 | ssl3_handshake_msg_finish(s, p - d); | ||
| 729 | |||
| 730 | s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; | ||
| 731 | } | ||
| 732 | |||
| 733 | /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ | ||
| 734 | return (ssl3_handshake_write(s)); | ||
| 735 | } | ||
| 736 | |||
| 737 | int | ||
| 738 | dtls1_send_server_hello(SSL *s) | ||
| 739 | { | ||
| 740 | unsigned char *bufend; | ||
| 741 | unsigned char *p, *d; | ||
| 742 | unsigned int sl; | ||
| 743 | |||
| 744 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { | ||
| 745 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); | ||
| 746 | |||
| 747 | *(p++) = s->version >> 8; | ||
| 748 | *(p++) = s->version & 0xff; | ||
| 749 | |||
| 750 | /* Random stuff */ | ||
| 751 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 752 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 753 | p += SSL3_RANDOM_SIZE; | ||
| 754 | |||
| 755 | /* now in theory we have 3 options to sending back the | ||
| 756 | * session id. If it is a re-use, we send back the | ||
| 757 | * old session-id, if it is a new session, we send | ||
| 758 | * back the new session-id or we send back a 0 length | ||
| 759 | * session-id if we want it to be single use. | ||
| 760 | * Currently I will not implement the '0' length session-id | ||
| 761 | * 12-Jan-98 - I'll now support the '0' length stuff. | ||
| 762 | */ | ||
| 763 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) | ||
| 764 | s->session->session_id_length = 0; | ||
| 765 | |||
| 766 | sl = s->session->session_id_length; | ||
| 767 | if (sl > sizeof s->session->session_id) { | ||
| 768 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, | ||
| 769 | ERR_R_INTERNAL_ERROR); | ||
| 770 | return -1; | ||
| 771 | } | ||
| 772 | *(p++) = sl; | ||
| 773 | memcpy(p, s->session->session_id, sl); | ||
| 774 | p += sl; | ||
| 775 | |||
| 776 | /* put the cipher */ | ||
| 777 | if (s->s3->tmp.new_cipher == NULL) | ||
| 778 | return -1; | ||
| 779 | s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p); | ||
| 780 | |||
| 781 | /* put the compression method */ | ||
| 782 | *(p++) = 0; | ||
| 783 | |||
| 784 | bufend = (unsigned char *)s->init_buf->data + | ||
| 785 | SSL3_RT_MAX_PLAIN_LENGTH; | ||
| 786 | if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { | ||
| 787 | SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, | ||
| 788 | ERR_R_INTERNAL_ERROR); | ||
| 789 | return -1; | ||
| 790 | } | ||
| 791 | |||
| 792 | ssl3_handshake_msg_finish(s, p - d); | ||
| 793 | |||
| 794 | s->state = SSL3_ST_SW_SRVR_HELLO_B; | ||
| 795 | } | ||
| 796 | |||
| 797 | /* SSL3_ST_SW_SRVR_HELLO_B */ | ||
| 798 | return (ssl3_handshake_write(s)); | ||
| 799 | } | ||
| 800 | |||
| 801 | int | ||
| 802 | dtls1_send_server_done(SSL *s) | ||
| 803 | { | ||
| 804 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { | ||
| 805 | ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); | ||
| 806 | ssl3_handshake_msg_finish(s, 0); | ||
| 807 | |||
| 808 | s->state = SSL3_ST_SW_SRVR_DONE_B; | ||
| 809 | } | ||
| 810 | |||
| 811 | /* SSL3_ST_SW_SRVR_DONE_B */ | ||
| 812 | return (ssl3_handshake_write(s)); | ||
| 813 | } | ||
| 814 | |||
| 815 | int | ||
| 816 | dtls1_send_server_key_exchange(SSL *s) | ||
| 817 | { | ||
| 818 | unsigned char *q; | ||
| 819 | int j, num; | ||
| 820 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | ||
| 821 | unsigned int u; | ||
| 822 | DH *dh = NULL, *dhp; | ||
| 823 | EC_KEY *ecdh = NULL, *ecdhp; | ||
| 824 | unsigned char *encodedPoint = NULL; | ||
| 825 | int encodedlen = 0; | ||
| 826 | int curve_id = 0; | ||
| 827 | BN_CTX *bn_ctx = NULL; | ||
| 828 | |||
| 829 | EVP_PKEY *pkey; | ||
| 830 | unsigned char *p, *d; | ||
| 831 | int al, i; | ||
| 832 | unsigned long type; | ||
| 833 | int n; | ||
| 834 | CERT *cert; | ||
| 835 | BIGNUM *r[4]; | ||
| 836 | int nr[4], kn; | ||
| 837 | BUF_MEM *buf; | ||
| 838 | EVP_MD_CTX md_ctx; | ||
| 839 | |||
| 840 | EVP_MD_CTX_init(&md_ctx); | ||
| 841 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) { | ||
| 842 | type = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 843 | cert = s->cert; | ||
| 844 | |||
| 845 | buf = s->init_buf; | ||
| 846 | |||
| 847 | r[0] = r[1] = r[2] = r[3] = NULL; | ||
| 848 | n = 0; | ||
| 849 | |||
| 850 | if (type & SSL_kDHE) { | ||
| 851 | dhp = cert->dh_tmp; | ||
| 852 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) | ||
| 853 | dhp = s->cert->dh_tmp_cb(s, 0, | ||
| 854 | SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 855 | if (dhp == NULL) { | ||
| 856 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 857 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_DH_KEY); | ||
| 858 | goto f_err; | ||
| 859 | } | ||
| 860 | |||
| 861 | if (s->s3->tmp.dh != NULL) { | ||
| 862 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 863 | goto err; | ||
| 864 | } | ||
| 865 | |||
| 866 | if ((dh = DHparams_dup(dhp)) == NULL) { | ||
| 867 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); | ||
| 868 | goto err; | ||
| 869 | } | ||
| 870 | |||
| 871 | s->s3->tmp.dh = dh; | ||
| 872 | if ((dhp->pub_key == NULL || dhp->priv_key == NULL || | ||
| 873 | (s->options & SSL_OP_SINGLE_DH_USE))) { | ||
| 874 | if (!DH_generate_key(dh)) { | ||
| 875 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, | ||
| 876 | ERR_R_DH_LIB); | ||
| 877 | goto err; | ||
| 878 | } | ||
| 879 | } else { | ||
| 880 | dh->pub_key = BN_dup(dhp->pub_key); | ||
| 881 | dh->priv_key = BN_dup(dhp->priv_key); | ||
| 882 | if ((dh->pub_key == NULL) || | ||
| 883 | (dh->priv_key == NULL)) { | ||
| 884 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB); | ||
| 885 | goto err; | ||
| 886 | } | ||
| 887 | } | ||
| 888 | r[0] = dh->p; | ||
| 889 | r[1] = dh->g; | ||
| 890 | r[2] = dh->pub_key; | ||
| 891 | } else if (type & SSL_kECDHE) { | ||
| 892 | const EC_GROUP *group; | ||
| 893 | |||
| 894 | ecdhp = cert->ecdh_tmp; | ||
| 895 | if (ecdhp == NULL && s->cert->ecdh_tmp_cb != NULL) | ||
| 896 | ecdhp = s->cert->ecdh_tmp_cb(s, 0, | ||
| 897 | SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 898 | if (ecdhp == NULL) { | ||
| 899 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 900 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 901 | goto f_err; | ||
| 902 | } | ||
| 903 | |||
| 904 | if (s->s3->tmp.ecdh != NULL) { | ||
| 905 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 906 | goto err; | ||
| 907 | } | ||
| 908 | |||
| 909 | /* Duplicate the ECDH structure. */ | ||
| 910 | if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { | ||
| 911 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
| 912 | goto err; | ||
| 913 | } | ||
| 914 | s->s3->tmp.ecdh = ecdh; | ||
| 915 | |||
| 916 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 917 | (EC_KEY_get0_private_key(ecdh) == NULL) || | ||
| 918 | (s->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 919 | if (!EC_KEY_generate_key(ecdh)) { | ||
| 920 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
| 921 | goto err; | ||
| 922 | } | ||
| 923 | } | ||
| 924 | |||
| 925 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || | ||
| 926 | (EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 927 | (EC_KEY_get0_private_key(ecdh) == NULL)) { | ||
| 928 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
| 929 | goto err; | ||
| 930 | } | ||
| 931 | |||
| 932 | /* XXX: For now, we only support ephemeral ECDH | ||
| 933 | * keys over named (not generic) curves. For | ||
| 934 | * supported named curves, curve_id is non-zero. | ||
| 935 | */ | ||
| 936 | if ((curve_id = tls1_ec_nid2curve_id( | ||
| 937 | EC_GROUP_get_curve_name(group))) == 0) { | ||
| 938 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
| 939 | goto err; | ||
| 940 | } | ||
| 941 | |||
| 942 | /* Encode the public key. | ||
| 943 | * First check the size of encoding and | ||
| 944 | * allocate memory accordingly. | ||
| 945 | */ | ||
| 946 | encodedlen = EC_POINT_point2oct(group, | ||
| 947 | EC_KEY_get0_public_key(ecdh), | ||
| 948 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 949 | NULL, 0, NULL); | ||
| 950 | |||
| 951 | encodedPoint = malloc(encodedlen); | ||
| 952 | |||
| 953 | bn_ctx = BN_CTX_new(); | ||
| 954 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) { | ||
| 955 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); | ||
| 956 | goto err; | ||
| 957 | } | ||
| 958 | |||
| 959 | |||
| 960 | encodedlen = EC_POINT_point2oct(group, | ||
| 961 | EC_KEY_get0_public_key(ecdh), | ||
| 962 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 963 | encodedPoint, encodedlen, bn_ctx); | ||
| 964 | |||
| 965 | if (encodedlen == 0) { | ||
| 966 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
| 967 | goto err; | ||
| 968 | } | ||
| 969 | |||
| 970 | BN_CTX_free(bn_ctx); | ||
| 971 | bn_ctx = NULL; | ||
| 972 | |||
| 973 | /* XXX: For now, we only support named (not | ||
| 974 | * generic) curves in ECDH ephemeral key exchanges. | ||
| 975 | * In this situation, we need four additional bytes | ||
| 976 | * to encode the entire ServerECDHParams | ||
| 977 | * structure. | ||
| 978 | */ | ||
| 979 | n = 4 + encodedlen; | ||
| 980 | |||
| 981 | /* We'll generate the serverKeyExchange message | ||
| 982 | * explicitly so we can set these to NULLs | ||
| 983 | */ | ||
| 984 | r[0] = NULL; | ||
| 985 | r[1] = NULL; | ||
| 986 | r[2] = NULL; | ||
| 987 | r[3] = NULL; | ||
| 988 | } else { | ||
| 989 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 990 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, | ||
| 991 | SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | ||
| 992 | goto f_err; | ||
| 993 | } | ||
| 994 | for (i = 0; r[i] != NULL; i++) { | ||
| 995 | nr[i] = BN_num_bytes(r[i]); | ||
| 996 | n += 2 + nr[i]; | ||
| 997 | } | ||
| 998 | |||
| 999 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { | ||
| 1000 | if ((pkey = ssl_get_sign_pkey(s, | ||
| 1001 | s->s3->tmp.new_cipher, NULL)) == NULL) { | ||
| 1002 | al = SSL_AD_DECODE_ERROR; | ||
| 1003 | goto f_err; | ||
| 1004 | } | ||
| 1005 | kn = EVP_PKEY_size(pkey); | ||
| 1006 | } else { | ||
| 1007 | pkey = NULL; | ||
| 1008 | kn = 0; | ||
| 1009 | } | ||
| 1010 | |||
| 1011 | if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) { | ||
| 1012 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF); | ||
| 1013 | goto err; | ||
| 1014 | } | ||
| 1015 | d = (unsigned char *)s->init_buf->data; | ||
| 1016 | p = &(d[DTLS1_HM_HEADER_LENGTH]); | ||
| 1017 | |||
| 1018 | for (i = 0; r[i] != NULL; i++) { | ||
| 1019 | s2n(nr[i], p); | ||
| 1020 | BN_bn2bin(r[i], p); | ||
| 1021 | p += nr[i]; | ||
| 1022 | } | ||
| 1023 | |||
| 1024 | if (type & SSL_kECDHE) { | ||
| 1025 | /* XXX: For now, we only support named (not generic) curves. | ||
| 1026 | * In this situation, the serverKeyExchange message has: | ||
| 1027 | * [1 byte CurveType], [2 byte CurveName] | ||
| 1028 | * [1 byte length of encoded point], followed by | ||
| 1029 | * the actual encoded point itself | ||
| 1030 | */ | ||
| 1031 | *p = NAMED_CURVE_TYPE; | ||
| 1032 | p += 1; | ||
| 1033 | *p = 0; | ||
| 1034 | p += 1; | ||
| 1035 | *p = curve_id; | ||
| 1036 | p += 1; | ||
| 1037 | *p = encodedlen; | ||
| 1038 | p += 1; | ||
| 1039 | memcpy((unsigned char*)p, | ||
| 1040 | (unsigned char *)encodedPoint, encodedlen); | ||
| 1041 | free(encodedPoint); | ||
| 1042 | encodedPoint = NULL; | ||
| 1043 | p += encodedlen; | ||
| 1044 | } | ||
| 1045 | |||
| 1046 | |||
| 1047 | /* not anonymous */ | ||
| 1048 | if (pkey != NULL) { | ||
| 1049 | /* n is the length of the params, they start at | ||
| 1050 | * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space | ||
| 1051 | * at the end. */ | ||
| 1052 | if (pkey->type == EVP_PKEY_RSA) { | ||
| 1053 | q = md_buf; | ||
| 1054 | j = 0; | ||
| 1055 | for (num = 2; num > 0; num--) { | ||
| 1056 | if (!EVP_DigestInit_ex(&md_ctx, (num == 2) | ||
| 1057 | ? s->ctx->md5 : s->ctx->sha1, NULL)) | ||
| 1058 | goto err; | ||
| 1059 | EVP_DigestUpdate(&md_ctx, | ||
| 1060 | &(s->s3->client_random[0]), | ||
| 1061 | SSL3_RANDOM_SIZE); | ||
| 1062 | EVP_DigestUpdate(&md_ctx, | ||
| 1063 | &(s->s3->server_random[0]), | ||
| 1064 | SSL3_RANDOM_SIZE); | ||
| 1065 | EVP_DigestUpdate(&md_ctx, | ||
| 1066 | &(d[DTLS1_HM_HEADER_LENGTH]), n); | ||
| 1067 | EVP_DigestFinal_ex(&md_ctx, q, | ||
| 1068 | (unsigned int *)&i); | ||
| 1069 | q += i; | ||
| 1070 | j += i; | ||
| 1071 | } | ||
| 1072 | if (RSA_sign(NID_md5_sha1, md_buf, j, &(p[2]), | ||
| 1073 | &u, pkey->pkey.rsa) <= 0) { | ||
| 1074 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA); | ||
| 1075 | goto err; | ||
| 1076 | } | ||
| 1077 | s2n(u, p); | ||
| 1078 | n += u + 2; | ||
| 1079 | } else | ||
| 1080 | if (pkey->type == EVP_PKEY_DSA) { | ||
| 1081 | /* lets do DSS */ | ||
| 1082 | EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL); | ||
| 1083 | EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); | ||
| 1084 | EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); | ||
| 1085 | EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n); | ||
| 1086 | if (!EVP_SignFinal(&md_ctx, &(p[2]), | ||
| 1087 | (unsigned int *)&i, pkey)) { | ||
| 1088 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA); | ||
| 1089 | goto err; | ||
| 1090 | } | ||
| 1091 | s2n(i, p); | ||
| 1092 | n += i + 2; | ||
| 1093 | } else | ||
| 1094 | if (pkey->type == EVP_PKEY_EC) { | ||
| 1095 | /* let's do ECDSA */ | ||
| 1096 | EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL); | ||
| 1097 | EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE); | ||
| 1098 | EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE); | ||
| 1099 | EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n); | ||
| 1100 | if (!EVP_SignFinal(&md_ctx, &(p[2]), | ||
| 1101 | (unsigned int *)&i, pkey)) { | ||
| 1102 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_ECDSA); | ||
| 1103 | goto err; | ||
| 1104 | } | ||
| 1105 | s2n(i, p); | ||
| 1106 | n += i + 2; | ||
| 1107 | } else | ||
| 1108 | { | ||
| 1109 | /* Is this error check actually needed? */ | ||
| 1110 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1111 | SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 1112 | goto f_err; | ||
| 1113 | } | ||
| 1114 | } | ||
| 1115 | |||
| 1116 | d = dtls1_set_message_header(s, d, | ||
| 1117 | SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n); | ||
| 1118 | |||
| 1119 | /* we should now have things packed up, so lets send | ||
| 1120 | * it off */ | ||
| 1121 | s->init_num = n + DTLS1_HM_HEADER_LENGTH; | ||
| 1122 | s->init_off = 0; | ||
| 1123 | |||
| 1124 | /* buffer the message to handle re-xmits */ | ||
| 1125 | dtls1_buffer_message(s, 0); | ||
| 1126 | } | ||
| 1127 | |||
| 1128 | s->state = SSL3_ST_SW_KEY_EXCH_B; | ||
| 1129 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1130 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 1131 | f_err: | ||
| 1132 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1133 | err: | ||
| 1134 | free(encodedPoint); | ||
| 1135 | BN_CTX_free(bn_ctx); | ||
| 1136 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1137 | return (-1); | ||
| 1138 | } | ||
| 1139 | |||
| 1140 | int | ||
| 1141 | dtls1_send_certificate_request(SSL *s) | ||
| 1142 | { | ||
| 1143 | unsigned char *p, *d; | ||
| 1144 | int i, j, nl, off, n; | ||
| 1145 | STACK_OF(X509_NAME) *sk = NULL; | ||
| 1146 | X509_NAME *name; | ||
| 1147 | BUF_MEM *buf; | ||
| 1148 | unsigned int msg_len; | ||
| 1149 | |||
| 1150 | if (s->state == SSL3_ST_SW_CERT_REQ_A) { | ||
| 1151 | buf = s->init_buf; | ||
| 1152 | |||
| 1153 | d = p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]); | ||
| 1154 | |||
| 1155 | /* get the list of acceptable cert types */ | ||
| 1156 | p++; | ||
| 1157 | n = ssl3_get_req_cert_type(s, p); | ||
| 1158 | d[0] = n; | ||
| 1159 | p += n; | ||
| 1160 | n++; | ||
| 1161 | |||
| 1162 | off = n; | ||
| 1163 | p += 2; | ||
| 1164 | n += 2; | ||
| 1165 | |||
| 1166 | sk = SSL_get_client_CA_list(s); | ||
| 1167 | nl = 0; | ||
| 1168 | if (sk != NULL) { | ||
| 1169 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { | ||
| 1170 | name = sk_X509_NAME_value(sk, i); | ||
| 1171 | j = i2d_X509_NAME(name, NULL); | ||
| 1172 | if (!BUF_MEM_grow_clean(buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) { | ||
| 1173 | SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB); | ||
| 1174 | goto err; | ||
| 1175 | } | ||
| 1176 | p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]); | ||
| 1177 | if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) { | ||
| 1178 | s2n(j, p); | ||
| 1179 | i2d_X509_NAME(name, &p); | ||
| 1180 | n += 2 + j; | ||
| 1181 | nl += 2 + j; | ||
| 1182 | } else { | ||
| 1183 | d = p; | ||
| 1184 | i2d_X509_NAME(name, &p); | ||
| 1185 | j -= 2; | ||
| 1186 | s2n(j, d); | ||
| 1187 | j += 2; | ||
| 1188 | n += j; | ||
| 1189 | nl += j; | ||
| 1190 | } | ||
| 1191 | } | ||
| 1192 | } | ||
| 1193 | /* else no CA names */ | ||
| 1194 | p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]); | ||
| 1195 | s2n(nl, p); | ||
| 1196 | |||
| 1197 | d = (unsigned char *)buf->data; | ||
| 1198 | *(d++) = SSL3_MT_CERTIFICATE_REQUEST; | ||
| 1199 | l2n3(n, d); | ||
| 1200 | s2n(s->d1->handshake_write_seq, d); | ||
| 1201 | s->d1->handshake_write_seq++; | ||
| 1202 | |||
| 1203 | /* we should now have things packed up, so lets send | ||
| 1204 | * it off */ | ||
| 1205 | |||
| 1206 | s->init_num = n + DTLS1_HM_HEADER_LENGTH; | ||
| 1207 | s->init_off = 0; | ||
| 1208 | |||
| 1209 | /* XDTLS: set message header ? */ | ||
| 1210 | msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; | ||
| 1211 | dtls1_set_message_header(s, (void *)s->init_buf->data, | ||
| 1212 | SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); | ||
| 1213 | |||
| 1214 | /* buffer the message to handle re-xmits */ | ||
| 1215 | dtls1_buffer_message(s, 0); | ||
| 1216 | |||
| 1217 | s->state = SSL3_ST_SW_CERT_REQ_B; | ||
| 1218 | } | ||
| 1219 | |||
| 1220 | /* SSL3_ST_SW_CERT_REQ_B */ | ||
| 1221 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 1222 | err: | ||
| 1223 | return (-1); | ||
| 1224 | } | ||
| 1225 | |||
| 1226 | int | ||
| 1227 | dtls1_send_server_certificate(SSL *s) | ||
| 1228 | { | ||
| 1229 | unsigned long l; | ||
| 1230 | X509 *x; | ||
| 1231 | |||
| 1232 | if (s->state == SSL3_ST_SW_CERT_A) { | ||
| 1233 | x = ssl_get_server_send_cert(s); | ||
| 1234 | if (x == NULL) { | ||
| 1235 | SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, | ||
| 1236 | ERR_R_INTERNAL_ERROR); | ||
| 1237 | return (0); | ||
| 1238 | } | ||
| 1239 | |||
| 1240 | l = dtls1_output_cert_chain(s, x); | ||
| 1241 | s->state = SSL3_ST_SW_CERT_B; | ||
| 1242 | s->init_num = (int)l; | ||
| 1243 | s->init_off = 0; | ||
| 1244 | |||
| 1245 | /* buffer the message to handle re-xmits */ | ||
| 1246 | dtls1_buffer_message(s, 0); | ||
| 1247 | } | ||
| 1248 | |||
| 1249 | /* SSL3_ST_SW_CERT_B */ | ||
| 1250 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 1251 | } | ||
| 1252 | |||
| 1253 | int | ||
| 1254 | dtls1_send_newsession_ticket(SSL *s) | ||
| 1255 | { | ||
| 1256 | if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { | ||
| 1257 | unsigned char *p, *senc, *macstart; | ||
| 1258 | int len, slen; | ||
| 1259 | unsigned int hlen, msg_len; | ||
| 1260 | EVP_CIPHER_CTX ctx; | ||
| 1261 | HMAC_CTX hctx; | ||
| 1262 | SSL_CTX *tctx = s->initial_ctx; | ||
| 1263 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
| 1264 | unsigned char key_name[16]; | ||
| 1265 | |||
| 1266 | /* get session encoding length */ | ||
| 1267 | slen = i2d_SSL_SESSION(s->session, NULL); | ||
| 1268 | /* Some length values are 16 bits, so forget it if session is | ||
| 1269 | * too long | ||
| 1270 | */ | ||
| 1271 | if (slen > 0xFF00) | ||
| 1272 | return -1; | ||
| 1273 | /* Grow buffer if need be: the length calculation is as | ||
| 1274 | * follows 12 (DTLS handshake message header) + | ||
| 1275 | * 4 (ticket lifetime hint) + 2 (ticket length) + | ||
| 1276 | * 16 (key name) + max_iv_len (iv length) + | ||
| 1277 | * session_length + max_enc_block_size (max encrypted session | ||
| 1278 | * length) + max_md_size (HMAC). | ||
| 1279 | */ | ||
| 1280 | if (!BUF_MEM_grow(s->init_buf, | ||
| 1281 | DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH + | ||
| 1282 | EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) | ||
| 1283 | return -1; | ||
| 1284 | senc = malloc(slen); | ||
| 1285 | if (!senc) | ||
| 1286 | return -1; | ||
| 1287 | p = senc; | ||
| 1288 | i2d_SSL_SESSION(s->session, &p); | ||
| 1289 | |||
| 1290 | p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]); | ||
| 1291 | EVP_CIPHER_CTX_init(&ctx); | ||
| 1292 | HMAC_CTX_init(&hctx); | ||
| 1293 | /* Initialize HMAC and cipher contexts. If callback present | ||
| 1294 | * it does all the work otherwise use generated values | ||
| 1295 | * from parent ctx. | ||
| 1296 | */ | ||
| 1297 | if (tctx->tlsext_ticket_key_cb) { | ||
| 1298 | if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, | ||
| 1299 | &hctx, 1) < 0) { | ||
| 1300 | free(senc); | ||
| 1301 | return -1; | ||
| 1302 | } | ||
| 1303 | } else { | ||
| 1304 | arc4random_buf(iv, 16); | ||
| 1305 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
| 1306 | tctx->tlsext_tick_aes_key, iv); | ||
| 1307 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | ||
| 1308 | tlsext_tick_md(), NULL); | ||
| 1309 | memcpy(key_name, tctx->tlsext_tick_key_name, 16); | ||
| 1310 | } | ||
| 1311 | l2n(s->session->tlsext_tick_lifetime_hint, p); | ||
| 1312 | /* Skip ticket length for now */ | ||
| 1313 | p += 2; | ||
| 1314 | /* Output key name */ | ||
| 1315 | macstart = p; | ||
| 1316 | memcpy(p, key_name, 16); | ||
| 1317 | p += 16; | ||
| 1318 | /* output IV */ | ||
| 1319 | memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); | ||
| 1320 | p += EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 1321 | /* Encrypt session data */ | ||
| 1322 | EVP_EncryptUpdate(&ctx, p, &len, senc, slen); | ||
| 1323 | p += len; | ||
| 1324 | EVP_EncryptFinal(&ctx, p, &len); | ||
| 1325 | p += len; | ||
| 1326 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 1327 | |||
| 1328 | HMAC_Update(&hctx, macstart, p - macstart); | ||
| 1329 | HMAC_Final(&hctx, p, &hlen); | ||
| 1330 | HMAC_CTX_cleanup(&hctx); | ||
| 1331 | |||
| 1332 | p += hlen; | ||
| 1333 | /* Now write out lengths: p points to end of data written */ | ||
| 1334 | /* Total length */ | ||
| 1335 | len = p - (unsigned char *)(s->init_buf->data); | ||
| 1336 | /* Ticket length */ | ||
| 1337 | p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4; | ||
| 1338 | s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p); | ||
| 1339 | |||
| 1340 | /* number of bytes to write */ | ||
| 1341 | s->init_num = len; | ||
| 1342 | s->state = SSL3_ST_SW_SESSION_TICKET_B; | ||
| 1343 | s->init_off = 0; | ||
| 1344 | free(senc); | ||
| 1345 | |||
| 1346 | /* XDTLS: set message header ? */ | ||
| 1347 | msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; | ||
| 1348 | dtls1_set_message_header(s, (void *)s->init_buf->data, | ||
| 1349 | SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len); | ||
| 1350 | |||
| 1351 | /* buffer the message to handle re-xmits */ | ||
| 1352 | dtls1_buffer_message(s, 0); | ||
| 1353 | } | ||
| 1354 | |||
| 1355 | /* SSL3_ST_SW_SESSION_TICKET_B */ | ||
| 1356 | return (dtls1_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 1357 | } | ||
diff --git a/src/lib/libssl/doc/BIO_f_ssl.3 b/src/lib/libssl/doc/BIO_f_ssl.3 deleted file mode 100644 index 851e4f08ca..0000000000 --- a/src/lib/libssl/doc/BIO_f_ssl.3 +++ /dev/null | |||
| @@ -1,478 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: BIO_f_ssl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt BIO_F_SSL 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm BIO_f_ssl , | ||
| 9 | .Nm BIO_set_ssl , | ||
| 10 | .Nm BIO_get_ssl , | ||
| 11 | .Nm BIO_set_ssl_mode , | ||
| 12 | .Nm BIO_set_ssl_renegotiate_bytes , | ||
| 13 | .Nm BIO_get_num_renegotiates , | ||
| 14 | .Nm BIO_set_ssl_renegotiate_timeout , | ||
| 15 | .Nm BIO_new_ssl , | ||
| 16 | .Nm BIO_new_ssl_connect , | ||
| 17 | .Nm BIO_new_buffer_ssl_connect , | ||
| 18 | .Nm BIO_ssl_copy_session_id , | ||
| 19 | .Nm BIO_ssl_shutdown | ||
| 20 | .Nd SSL BIO | ||
| 21 | .Sh SYNOPSIS | ||
| 22 | .In openssl/bio.h | ||
| 23 | .In openssl/ssl.h | ||
| 24 | .Ft BIO_METHOD * | ||
| 25 | .Fn BIO_f_ssl void | ||
| 26 | .Fd #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) | ||
| 27 | .Fd #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) | ||
| 28 | .Fd #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) | ||
| 29 | .Fd #define BIO_set_ssl_renegotiate_bytes(b,num) \ | ||
| 30 | BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) | ||
| 31 | .Fd #define BIO_set_ssl_renegotiate_timeout(b,seconds) \ | ||
| 32 | BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) | ||
| 33 | .Fd #define BIO_get_num_renegotiates(b) \ | ||
| 34 | BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL) | ||
| 35 | .Ft BIO * | ||
| 36 | .Fn BIO_new_ssl "SSL_CTX *ctx" "int client" | ||
| 37 | .Ft BIO * | ||
| 38 | .Fn BIO_new_ssl_connect "SSL_CTX *ctx" | ||
| 39 | .Ft BIO * | ||
| 40 | .Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx" | ||
| 41 | .Ft int | ||
| 42 | .Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from" | ||
| 43 | .Ft void | ||
| 44 | .Fn BIO_ssl_shutdown "BIO *bio" | ||
| 45 | .Fd #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) | ||
| 46 | .Sh DESCRIPTION | ||
| 47 | .Fn BIO_f_ssl | ||
| 48 | returns the | ||
| 49 | .Vt SSL | ||
| 50 | .Vt BIO | ||
| 51 | method. | ||
| 52 | This is a filter | ||
| 53 | .Vt BIO | ||
| 54 | which is a wrapper around the OpenSSL | ||
| 55 | .Vt SSL | ||
| 56 | routines adding a | ||
| 57 | .Vt BIO | ||
| 58 | .Dq flavor | ||
| 59 | to SSL I/O. | ||
| 60 | .Pp | ||
| 61 | I/O performed on an | ||
| 62 | .Vt SSL | ||
| 63 | .Vt BIO | ||
| 64 | communicates using the SSL protocol with | ||
| 65 | the | ||
| 66 | .Vt SSL Ns 's | ||
| 67 | read and write | ||
| 68 | .Vt BIO Ns s. | ||
| 69 | If an SSL connection is not established then an attempt is made to establish | ||
| 70 | one on the first I/O call. | ||
| 71 | .Pp | ||
| 72 | If a | ||
| 73 | .Vt BIO | ||
| 74 | is appended to an | ||
| 75 | .Vt SSL | ||
| 76 | .Vt BIO | ||
| 77 | using | ||
| 78 | .Xr BIO_push 3 | ||
| 79 | it is automatically used as the | ||
| 80 | .Vt SSL | ||
| 81 | .Vt BIO Ns 's read and write | ||
| 82 | .Vt BIO Ns s. | ||
| 83 | .Pp | ||
| 84 | Calling | ||
| 85 | .Xr BIO_reset 3 | ||
| 86 | on an | ||
| 87 | .Vt SSL | ||
| 88 | .Vt BIO | ||
| 89 | closes down any current SSL connection by calling | ||
| 90 | .Xr SSL_shutdown 3 . | ||
| 91 | .Xr BIO_reset | ||
| 92 | is then sent to the next | ||
| 93 | .Vt BIO | ||
| 94 | in the chain; this will typically disconnect the underlying transport. | ||
| 95 | The | ||
| 96 | .Vt SSL | ||
| 97 | .Vt BIO | ||
| 98 | is then reset to the initial accept or connect state. | ||
| 99 | .Pp | ||
| 100 | If the close flag is set when an | ||
| 101 | .Vt SSL | ||
| 102 | .Vt BIO | ||
| 103 | is freed then the internal | ||
| 104 | .Vt SSL | ||
| 105 | structure is also freed using | ||
| 106 | .Xr SSL_free 3 . | ||
| 107 | .Pp | ||
| 108 | .Fn BIO_set_ssl | ||
| 109 | sets the internal | ||
| 110 | .Vt SSL | ||
| 111 | pointer of | ||
| 112 | .Vt BIO | ||
| 113 | .Fa b | ||
| 114 | to | ||
| 115 | .Fa ssl | ||
| 116 | using | ||
| 117 | the close flag | ||
| 118 | .Fa c . | ||
| 119 | .Pp | ||
| 120 | .Fn BIO_get_ssl | ||
| 121 | retrieves the | ||
| 122 | .Vt SSL | ||
| 123 | pointer of | ||
| 124 | .Vt BIO | ||
| 125 | .Fa b ; | ||
| 126 | it can then be manipulated using the standard SSL library functions. | ||
| 127 | .Pp | ||
| 128 | .Fn BIO_set_ssl_mode | ||
| 129 | sets the | ||
| 130 | .Vt SSL | ||
| 131 | .Vt BIO | ||
| 132 | mode to | ||
| 133 | .Fa client . | ||
| 134 | If | ||
| 135 | .Fa client | ||
| 136 | is 1, client mode is set. | ||
| 137 | If | ||
| 138 | .Fa client | ||
| 139 | is 0, server mode is set. | ||
| 140 | .Pp | ||
| 141 | .Fn BIO_set_ssl_renegotiate_bytes | ||
| 142 | sets the renegotiate byte count to | ||
| 143 | .Fa num . | ||
| 144 | When set after every | ||
| 145 | .Fa num | ||
| 146 | bytes of I/O (read and write) the SSL session is automatically renegotiated. | ||
| 147 | .Fa num | ||
| 148 | must be at least 512 bytes. | ||
| 149 | .Pp | ||
| 150 | .Fn BIO_set_ssl_renegotiate_timeout | ||
| 151 | sets the renegotiate timeout to | ||
| 152 | .Fa seconds . | ||
| 153 | When the renegotiate timeout elapses the session is automatically renegotiated. | ||
| 154 | .Pp | ||
| 155 | .Fn BIO_get_num_renegotiates | ||
| 156 | returns the total number of session renegotiations due to I/O or timeout. | ||
| 157 | .Pp | ||
| 158 | .Fn BIO_new_ssl | ||
| 159 | allocates an | ||
| 160 | .Vt SSL | ||
| 161 | .Vt BIO | ||
| 162 | using | ||
| 163 | .Vt SSL_CTX | ||
| 164 | .Va ctx | ||
| 165 | and using client mode if | ||
| 166 | .Fa client | ||
| 167 | is nonzero. | ||
| 168 | .Pp | ||
| 169 | .Fn BIO_new_ssl_connect | ||
| 170 | creates a new | ||
| 171 | .Vt BIO | ||
| 172 | chain consisting of an | ||
| 173 | .Vt SSL | ||
| 174 | .Vt BIO | ||
| 175 | (using | ||
| 176 | .Fa ctx ) | ||
| 177 | followed by a connect BIO. | ||
| 178 | .Pp | ||
| 179 | .Fn BIO_new_buffer_ssl_connect | ||
| 180 | creates a new | ||
| 181 | .Vt BIO | ||
| 182 | chain consisting of a buffering | ||
| 183 | .Vt BIO , | ||
| 184 | an | ||
| 185 | .Vt SSL | ||
| 186 | .Vt BIO | ||
| 187 | (using | ||
| 188 | .Fa ctx ) | ||
| 189 | and a connect | ||
| 190 | .Vt BIO . | ||
| 191 | .Pp | ||
| 192 | .Fn BIO_ssl_copy_session_id | ||
| 193 | copies an SSL session id between | ||
| 194 | .Vt BIO | ||
| 195 | chains | ||
| 196 | .Fa from | ||
| 197 | and | ||
| 198 | .Fa to . | ||
| 199 | It does this by locating the | ||
| 200 | .Vt SSL | ||
| 201 | .Vt BIO Ns s | ||
| 202 | in each chain and calling | ||
| 203 | .Xr SSL_copy_session_id 3 | ||
| 204 | on the internal | ||
| 205 | .Vt SSL | ||
| 206 | pointer. | ||
| 207 | .Pp | ||
| 208 | .Fn BIO_ssl_shutdown | ||
| 209 | closes down an SSL connection on | ||
| 210 | .Vt BIO | ||
| 211 | chain | ||
| 212 | .Fa bio . | ||
| 213 | It does this by locating the | ||
| 214 | .Vt SSL | ||
| 215 | .Vt BIO | ||
| 216 | in the | ||
| 217 | chain and calling | ||
| 218 | .Xr SSL_shutdown 3 | ||
| 219 | on its internal | ||
| 220 | .Vt SSL | ||
| 221 | pointer. | ||
| 222 | .Pp | ||
| 223 | .Fn BIO_do_handshake | ||
| 224 | attempts to complete an SSL handshake on the supplied | ||
| 225 | .Vt BIO | ||
| 226 | and establish the SSL connection. | ||
| 227 | It returns 1 if the connection was established successfully. | ||
| 228 | A zero or negative value is returned if the connection could not be | ||
| 229 | established; the call | ||
| 230 | .Xr BIO_should_retry 3 | ||
| 231 | should be used for non blocking connect | ||
| 232 | .Vt BIO Ns s | ||
| 233 | to determine if the call should be retried. | ||
| 234 | If an SSL connection has already been established this call has no effect. | ||
| 235 | .Sh NOTES | ||
| 236 | .Vt SSL | ||
| 237 | .Vt BIO Ns s | ||
| 238 | are exceptional in that if the underlying transport is non-blocking they can | ||
| 239 | still request a retry in exceptional circumstances. | ||
| 240 | Specifically this will happen if a session renegotiation takes place during a | ||
| 241 | .Xr BIO_read 3 | ||
| 242 | operation. | ||
| 243 | One case where this happens is when SGC or step up occurs. | ||
| 244 | .Pp | ||
| 245 | In OpenSSL 0.9.6 and later the SSL flag | ||
| 246 | .Dv SSL_AUTO_RETRY | ||
| 247 | can be set to disable this behaviour. | ||
| 248 | In other words, when this flag is set an | ||
| 249 | .Vt SSL | ||
| 250 | .Vt BIO | ||
| 251 | using a blocking transport will never request a retry. | ||
| 252 | .Pp | ||
| 253 | Since unknown | ||
| 254 | .Xr BIO_ctrl 3 | ||
| 255 | operations are sent through filter | ||
| 256 | .Vt BIO Ns s | ||
| 257 | the server name and port can be set using | ||
| 258 | .Xr BIO_set_host 3 | ||
| 259 | on the | ||
| 260 | .Vt BIO | ||
| 261 | returned by | ||
| 262 | .Fn BIO_new_ssl_connect | ||
| 263 | without having to locate the connect | ||
| 264 | .Vt BIO | ||
| 265 | first. | ||
| 266 | .Pp | ||
| 267 | Applications do not have to call | ||
| 268 | .Fn BIO_do_handshake | ||
| 269 | but may wish to do so to separate the handshake process from other I/O | ||
| 270 | processing. | ||
| 271 | .Sh RETURN VALUES | ||
| 272 | .\" XXX | ||
| 273 | This section is incomplete. | ||
| 274 | .Sh EXAMPLES | ||
| 275 | This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web | ||
| 276 | server. | ||
| 277 | The I/O routines are identical to those of the unencrypted example in | ||
| 278 | .Xr BIO_s_connect 3 . | ||
| 279 | .Bd -literal | ||
| 280 | BIO *sbio, *out; | ||
| 281 | int len; | ||
| 282 | char tmpbuf[1024]; | ||
| 283 | SSL_CTX *ctx; | ||
| 284 | SSL *ssl; | ||
| 285 | |||
| 286 | ERR_load_crypto_strings(); | ||
| 287 | ERR_load_SSL_strings(); | ||
| 288 | OpenSSL_add_all_algorithms(); | ||
| 289 | |||
| 290 | /* | ||
| 291 | * We would seed the PRNG here if the platform didn't do it automatically | ||
| 292 | */ | ||
| 293 | |||
| 294 | ctx = SSL_CTX_new(SSLv23_client_method()); | ||
| 295 | |||
| 296 | /* | ||
| 297 | * We'd normally set some stuff like the verify paths and mode here because | ||
| 298 | * as things stand this will connect to any server whose certificate is | ||
| 299 | * signed by any CA. | ||
| 300 | */ | ||
| 301 | |||
| 302 | sbio = BIO_new_ssl_connect(ctx); | ||
| 303 | |||
| 304 | BIO_get_ssl(sbio, &ssl); | ||
| 305 | |||
| 306 | if (!ssl) { | ||
| 307 | fprintf(stderr, "Can't locate SSL pointer\en"); | ||
| 308 | /* whatever ... */ | ||
| 309 | } | ||
| 310 | |||
| 311 | /* Don't want any retries */ | ||
| 312 | SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); | ||
| 313 | |||
| 314 | /* We might want to do other things with ssl here */ | ||
| 315 | |||
| 316 | BIO_set_conn_hostname(sbio, "localhost:https"); | ||
| 317 | |||
| 318 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | ||
| 319 | if (BIO_do_connect(sbio) <= 0) { | ||
| 320 | fprintf(stderr, "Error connecting to server\en"); | ||
| 321 | ERR_print_errors_fp(stderr); | ||
| 322 | /* whatever ... */ | ||
| 323 | } | ||
| 324 | |||
| 325 | if (BIO_do_handshake(sbio) <= 0) { | ||
| 326 | fprintf(stderr, "Error establishing SSL connection\en"); | ||
| 327 | ERR_print_errors_fp(stderr); | ||
| 328 | /* whatever ... */ | ||
| 329 | } | ||
| 330 | |||
| 331 | /* Could examine ssl here to get connection info */ | ||
| 332 | |||
| 333 | BIO_puts(sbio, "GET / HTTP/1.0\en\en"); | ||
| 334 | for (;;) { | ||
| 335 | len = BIO_read(sbio, tmpbuf, 1024); | ||
| 336 | if(len <= 0) break; | ||
| 337 | BIO_write(out, tmpbuf, len); | ||
| 338 | } | ||
| 339 | BIO_free_all(sbio); | ||
| 340 | BIO_free(out); | ||
| 341 | .Ed | ||
| 342 | .Pp | ||
| 343 | Here is a simple server example. | ||
| 344 | It makes use of a buffering | ||
| 345 | .Vt BIO | ||
| 346 | to allow lines to be read from the | ||
| 347 | .Vt SSL | ||
| 348 | .Vt BIO | ||
| 349 | using | ||
| 350 | .Xr BIO_gets 3 . | ||
| 351 | It creates a pseudo web page containing the actual request from a client and | ||
| 352 | also echoes the request to standard output. | ||
| 353 | .Bd -literal | ||
| 354 | BIO *sbio, *bbio, *acpt, *out; | ||
| 355 | int len; | ||
| 356 | char tmpbuf[1024]; | ||
| 357 | SSL_CTX *ctx; | ||
| 358 | SSL *ssl; | ||
| 359 | |||
| 360 | ERR_load_crypto_strings(); | ||
| 361 | ERR_load_SSL_strings(); | ||
| 362 | OpenSSL_add_all_algorithms(); | ||
| 363 | |||
| 364 | /* Might seed PRNG here */ | ||
| 365 | |||
| 366 | ctx = SSL_CTX_new(SSLv23_server_method()); | ||
| 367 | |||
| 368 | if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) | ||
| 369 | || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) | ||
| 370 | || !SSL_CTX_check_private_key(ctx)) { | ||
| 371 | fprintf(stderr, "Error setting up SSL_CTX\en"); | ||
| 372 | ERR_print_errors_fp(stderr); | ||
| 373 | return 0; | ||
| 374 | } | ||
| 375 | |||
| 376 | /* | ||
| 377 | * Might do other things here like setting verify locations and DH and/or | ||
| 378 | * RSA temporary key callbacks | ||
| 379 | */ | ||
| 380 | |||
| 381 | /* New SSL BIO setup as server */ | ||
| 382 | sbio = BIO_new_ssl(ctx,0); | ||
| 383 | |||
| 384 | BIO_get_ssl(sbio, &ssl); | ||
| 385 | |||
| 386 | if (!ssl) { | ||
| 387 | fprintf(stderr, "Can't locate SSL pointer\en"); | ||
| 388 | /* whatever ... */ | ||
| 389 | } | ||
| 390 | |||
| 391 | /* Don't want any retries */ | ||
| 392 | SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); | ||
| 393 | |||
| 394 | /* Create the buffering BIO */ | ||
| 395 | |||
| 396 | bbio = BIO_new(BIO_f_buffer()); | ||
| 397 | |||
| 398 | /* Add to chain */ | ||
| 399 | sbio = BIO_push(bbio, sbio); | ||
| 400 | |||
| 401 | acpt = BIO_new_accept("4433"); | ||
| 402 | |||
| 403 | /* | ||
| 404 | * By doing this when a new connection is established we automatically | ||
| 405 | * have sbio inserted into it. The BIO chain is now 'swallowed' by the | ||
| 406 | * accept BIO and will be freed when the accept BIO is freed. | ||
| 407 | */ | ||
| 408 | |||
| 409 | BIO_set_accept_bios(acpt,sbio); | ||
| 410 | |||
| 411 | out = BIO_new_fp(stdout, BIO_NOCLOSE); | ||
| 412 | |||
| 413 | /* Setup accept BIO */ | ||
| 414 | if (BIO_do_accept(acpt) <= 0) { | ||
| 415 | fprintf(stderr, "Error setting up accept BIO\en"); | ||
| 416 | ERR_print_errors_fp(stderr); | ||
| 417 | return 0; | ||
| 418 | } | ||
| 419 | |||
| 420 | /* Now wait for incoming connection */ | ||
| 421 | if (BIO_do_accept(acpt) <= 0) { | ||
| 422 | fprintf(stderr, "Error in connection\en"); | ||
| 423 | ERR_print_errors_fp(stderr); | ||
| 424 | return 0; | ||
| 425 | } | ||
| 426 | |||
| 427 | /* We only want one connection so remove and free accept BIO */ | ||
| 428 | |||
| 429 | sbio = BIO_pop(acpt); | ||
| 430 | |||
| 431 | BIO_free_all(acpt); | ||
| 432 | |||
| 433 | if (BIO_do_handshake(sbio) <= 0) { | ||
| 434 | fprintf(stderr, "Error in SSL handshake\en"); | ||
| 435 | ERR_print_errors_fp(stderr); | ||
| 436 | return 0; | ||
| 437 | } | ||
| 438 | |||
| 439 | BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en"); | ||
| 440 | BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); | ||
| 441 | BIO_puts(sbio, "--------------------------------------------------\er\en"); | ||
| 442 | |||
| 443 | for (;;) { | ||
| 444 | len = BIO_gets(sbio, tmpbuf, 1024); | ||
| 445 | if (len <= 0) | ||
| 446 | break; | ||
| 447 | BIO_write(sbio, tmpbuf, len); | ||
| 448 | BIO_write(out, tmpbuf, len); | ||
| 449 | /* Look for blank line signifying end of headers */ | ||
| 450 | if ((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en')) | ||
| 451 | break; | ||
| 452 | } | ||
| 453 | |||
| 454 | BIO_puts(sbio, "--------------------------------------------------\er\en"); | ||
| 455 | BIO_puts(sbio, "\er\en"); | ||
| 456 | |||
| 457 | /* Since there is a buffering BIO present we had better flush it */ | ||
| 458 | BIO_flush(sbio); | ||
| 459 | |||
| 460 | BIO_free_all(sbio); | ||
| 461 | .Ed | ||
| 462 | .Sh BUGS | ||
| 463 | In OpenSSL versions before 1.0.0 the | ||
| 464 | .Xr BIO_pop 3 | ||
| 465 | call was handled incorrectly: | ||
| 466 | the I/O BIO reference count was incorrectly incremented (instead of | ||
| 467 | decremented) and dissociated with the | ||
| 468 | .Vt SSL | ||
| 469 | .Vt BIO | ||
| 470 | even if the | ||
| 471 | .Vt SSL | ||
| 472 | .Vt BIO | ||
| 473 | was not | ||
| 474 | explicitly being popped (e.g., a pop higher up the chain). | ||
| 475 | Applications which included workarounds for this bug (e.g., freeing BIOs more | ||
| 476 | than once) should be modified to handle this fix or they may free up an already | ||
| 477 | freed | ||
| 478 | .Vt BIO . | ||
diff --git a/src/lib/libssl/doc/SSL_CIPHER_get_name.3 b/src/lib/libssl/doc/SSL_CIPHER_get_name.3 deleted file mode 100644 index ebc478f9c6..0000000000 --- a/src/lib/libssl/doc/SSL_CIPHER_get_name.3 +++ /dev/null | |||
| @@ -1,196 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CIPHER_GET_NAME 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CIPHER_get_name , | ||
| 9 | .Nm SSL_CIPHER_get_bits , | ||
| 10 | .Nm SSL_CIPHER_get_version , | ||
| 11 | .Nm SSL_CIPHER_description | ||
| 12 | .Nd get SSL_CIPHER properties | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft const char * | ||
| 16 | .Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher" | ||
| 17 | .Ft int | ||
| 18 | .Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits" | ||
| 19 | .Ft char * | ||
| 20 | .Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher" | ||
| 21 | .Ft char * | ||
| 22 | .Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_CIPHER_get_name | ||
| 25 | returns a pointer to the name of | ||
| 26 | .Fa cipher . | ||
| 27 | If the | ||
| 28 | argument is the | ||
| 29 | .Dv NULL | ||
| 30 | pointer, a pointer to the constant value | ||
| 31 | .Qq NONE | ||
| 32 | is returned. | ||
| 33 | .Pp | ||
| 34 | .Fn SSL_CIPHER_get_bits | ||
| 35 | returns the number of secret bits used for | ||
| 36 | .Fa cipher . | ||
| 37 | If | ||
| 38 | .Fa alg_bits | ||
| 39 | is not | ||
| 40 | .Dv NULL , | ||
| 41 | it contains the number of bits processed by the | ||
| 42 | chosen algorithm. | ||
| 43 | If | ||
| 44 | .Fa cipher | ||
| 45 | is | ||
| 46 | .Dv NULL , | ||
| 47 | 0 is returned. | ||
| 48 | .Pp | ||
| 49 | .Fn SSL_CIPHER_get_version | ||
| 50 | returns a string which indicates the SSL/TLS protocol version that first | ||
| 51 | defined the cipher. | ||
| 52 | This is currently | ||
| 53 | .Qq SSLv2 | ||
| 54 | or | ||
| 55 | .Qq TLSv1/SSLv3 . | ||
| 56 | In some cases it should possibly return | ||
| 57 | .Qq TLSv1.2 | ||
| 58 | but the function does not; use | ||
| 59 | .Xr SSL_CIPHER_description 3 | ||
| 60 | instead. | ||
| 61 | If | ||
| 62 | .Fa cipher | ||
| 63 | is | ||
| 64 | .Dv NULL , | ||
| 65 | .Qq (NONE) | ||
| 66 | is returned. | ||
| 67 | .Pp | ||
| 68 | .Fn SSL_CIPHER_description | ||
| 69 | returns a textual description of the cipher used into the buffer | ||
| 70 | .Fa buf | ||
| 71 | of length | ||
| 72 | .Fa len | ||
| 73 | provided. | ||
| 74 | If | ||
| 75 | .Fa buf | ||
| 76 | is | ||
| 77 | .Dv NULL , | ||
| 78 | a buffer is allocated using | ||
| 79 | .Xr asprintf 3 ; | ||
| 80 | that buffer should be freed using the | ||
| 81 | .Xr free 3 | ||
| 82 | function. | ||
| 83 | If | ||
| 84 | .Fa len | ||
| 85 | is too small, or if | ||
| 86 | .Fa buf | ||
| 87 | is | ||
| 88 | .Dv NULL | ||
| 89 | and the allocation fails, a pointer to the string | ||
| 90 | .Qq Buffer too small | ||
| 91 | is returned. | ||
| 92 | .Sh NOTES | ||
| 93 | The number of bits processed can be different from the secret bits. | ||
| 94 | For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits. | ||
| 95 | The algorithm does use the full 128 bits (which would be returned for | ||
| 96 | .Fa alg_bits ) , | ||
| 97 | but 88 bits are fixed. | ||
| 98 | The search space is hence only 40 bits. | ||
| 99 | .Pp | ||
| 100 | The string returned by | ||
| 101 | .Fn SSL_CIPHER_description | ||
| 102 | in case of success consists | ||
| 103 | of cleartext information separated by one or more blanks in the following | ||
| 104 | sequence: | ||
| 105 | .Bl -tag -width Ds | ||
| 106 | .It Aq Ar ciphername | ||
| 107 | Textual representation of the cipher name. | ||
| 108 | .It Aq Ar protocol version | ||
| 109 | Protocol version: | ||
| 110 | .Em SSLv2 , | ||
| 111 | .Em SSLv3 , | ||
| 112 | .Em TLSv1.2 . | ||
| 113 | The TLSv1.0 ciphers are flagged with SSLv3. | ||
| 114 | No new ciphers were added by TLSv1.1. | ||
| 115 | .It Kx= Ns Aq Ar key exchange | ||
| 116 | Key exchange method: | ||
| 117 | .Em RSA | ||
| 118 | (for export ciphers as | ||
| 119 | .Em RSA(512) | ||
| 120 | or | ||
| 121 | .Em RSA(1024) ) , | ||
| 122 | .Em DH | ||
| 123 | (for export ciphers as | ||
| 124 | .Em DH(512) | ||
| 125 | or | ||
| 126 | .Em DH(1024) ) , | ||
| 127 | .Em DH/RSA , | ||
| 128 | .Em DH/DSS , | ||
| 129 | .Em Fortezza . | ||
| 130 | .It Au= Ns Aq Ar authentication | ||
| 131 | Authentication method: | ||
| 132 | .Em RSA , | ||
| 133 | .Em DSS , | ||
| 134 | .Em DH , | ||
| 135 | .Em None . | ||
| 136 | .Em None | ||
| 137 | is the representation of anonymous ciphers. | ||
| 138 | .It Enc= Ns Aq Ar symmetric encryption method | ||
| 139 | Encryption method with number of secret bits: | ||
| 140 | .Em DES(40) , | ||
| 141 | .Em DES(56) , | ||
| 142 | .Em 3DES(168) , | ||
| 143 | .Em RC4(40) , | ||
| 144 | .Em RC4(56) , | ||
| 145 | .Em RC4(64) , | ||
| 146 | .Em RC4(128) , | ||
| 147 | .Em RC2(40) , | ||
| 148 | .Em RC2(56) , | ||
| 149 | .Em RC2(128) , | ||
| 150 | .Em IDEA(128) , | ||
| 151 | .Em Fortezza , | ||
| 152 | .Em None . | ||
| 153 | .It Mac= Ns Aq Ar message authentication code | ||
| 154 | Message digest: | ||
| 155 | .Em MD5 , | ||
| 156 | .Em SHA1 . | ||
| 157 | .It Aq Ar export flag | ||
| 158 | If the cipher is flagged exportable with respect to old US crypto | ||
| 159 | regulations, the word | ||
| 160 | .Dq export | ||
| 161 | is printed. | ||
| 162 | .El | ||
| 163 | .Sh RETURN VALUES | ||
| 164 | See | ||
| 165 | .Sx DESCRIPTION | ||
| 166 | .Sh EXAMPLES | ||
| 167 | Some examples for the output of | ||
| 168 | .Fn SSL_CIPHER_description : | ||
| 169 | .D1 "EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1" | ||
| 170 | .D1 "EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1" | ||
| 171 | .D1 "RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5" | ||
| 172 | .D1 "EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export" | ||
| 173 | .Pp | ||
| 174 | A complete list can be retrieved by invoking the following command: | ||
| 175 | .Pp | ||
| 176 | .Dl $ openssl ciphers -v ALL | ||
| 177 | .Sh SEE ALSO | ||
| 178 | .Xr openssl 1 , | ||
| 179 | .Xr ssl 3 , | ||
| 180 | .Xr SSL_get_ciphers 3 , | ||
| 181 | .Xr SSL_get_current_cipher 3 | ||
| 182 | .Sh BUGS | ||
| 183 | If | ||
| 184 | .Fn SSL_CIPHER_description | ||
| 185 | is called with | ||
| 186 | .Fa cipher | ||
| 187 | being | ||
| 188 | .Dv NULL , | ||
| 189 | the library crashes. | ||
| 190 | .Pp | ||
| 191 | If | ||
| 192 | .Fn SSL_CIPHER_description | ||
| 193 | cannot handle a built-in cipher, | ||
| 194 | the according description of the cipher property is | ||
| 195 | .Qq unknown . | ||
| 196 | This case should not occur. | ||
diff --git a/src/lib/libssl/doc/SSL_COMP_add_compression_method.3 b/src/lib/libssl/doc/SSL_COMP_add_compression_method.3 deleted file mode 100644 index d683574dd3..0000000000 --- a/src/lib/libssl/doc/SSL_COMP_add_compression_method.3 +++ /dev/null | |||
| @@ -1,68 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_COMP_ADD_COMPRESSION_METHOD 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_COMP_add_compression_method | ||
| 9 | .Nd handle SSL/TLS integrated compression methods | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_COMP_add_compression_method "int id" "COMP_METHOD *cm" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_COMP_add_compression_method | ||
| 16 | adds the compression method | ||
| 17 | .Fa cm | ||
| 18 | with the identifier | ||
| 19 | .Fa id | ||
| 20 | to the list of available compression methods. | ||
| 21 | This list is globally maintained for all SSL operations within this application. | ||
| 22 | It cannot be set for specific SSL_CTX or SSL objects. | ||
| 23 | .Sh NOTES | ||
| 24 | The TLS standard (or SSLv3) allows the integration of compression methods | ||
| 25 | into the communication. | ||
| 26 | The TLS RFC does however not specify compression methods or their corresponding | ||
| 27 | identifiers, so there is currently no compatible way to integrate compression | ||
| 28 | with unknown peers. | ||
| 29 | It is therefore currently not recommended to integrate compression into | ||
| 30 | applications. | ||
| 31 | Applications for non-public use may agree on certain compression methods. | ||
| 32 | Using different compression methods with the same identifier will lead to | ||
| 33 | connection failure. | ||
| 34 | .Pp | ||
| 35 | An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) | ||
| 36 | will unconditionally send the list of all compression methods enabled with | ||
| 37 | .Fn SSL_COMP_add_compression_method | ||
| 38 | to the server during the handshake. | ||
| 39 | Unlike the mechanisms to set a cipher list, there is no method available to | ||
| 40 | restrict the list of compression method on a per connection basis. | ||
| 41 | .Pp | ||
| 42 | An OpenSSL server will match the identifiers listed by a client against | ||
| 43 | its own compression methods and will unconditionally activate compression | ||
| 44 | when a matching identifier is found. | ||
| 45 | There is no way to restrict the list of compression methods supported on a per | ||
| 46 | connection basis. | ||
| 47 | .Pp | ||
| 48 | The OpenSSL library has the compression methods | ||
| 49 | .Fn COMP_rle | ||
| 50 | and (when especially enabled during compilation) | ||
| 51 | .Fn COMP_zlib | ||
| 52 | available. | ||
| 53 | .Sh WARNINGS | ||
| 54 | Once the identities of the compression methods for the TLS protocol have | ||
| 55 | been standardized, the compression API will most likely be changed. | ||
| 56 | Using it in the current state is not recommended. | ||
| 57 | .Sh RETURN VALUES | ||
| 58 | .Fn SSL_COMP_add_compression_method | ||
| 59 | may return the following values: | ||
| 60 | .Bl -tag -width Ds | ||
| 61 | .It 0 | ||
| 62 | The operation succeeded. | ||
| 63 | .It 1 | ||
| 64 | The operation failed. | ||
| 65 | Check the error queue to find out the reason. | ||
| 66 | .El | ||
| 67 | .Sh SEE ALSO | ||
| 68 | .Xr ssl 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3 deleted file mode 100644 index c18d220643..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_add_extra_chain_cert.3 +++ /dev/null | |||
| @@ -1,45 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_add_extra_chain_cert | ||
| 9 | .Nd add certificate to chain | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft long | ||
| 13 | .Fn SSL_CTX_add_extra_chain_cert "SSL_CTX ctx" "X509 *x509" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_CTX_add_extra_chain_cert | ||
| 16 | adds the certificate | ||
| 17 | .Fa x509 | ||
| 18 | to the certificate chain presented together with the certificate. | ||
| 19 | Several certificates can be added one after the other. | ||
| 20 | .Sh NOTES | ||
| 21 | When constructing the certificate chain, the chain will be formed from | ||
| 22 | these certificates explicitly specified. | ||
| 23 | If no chain is specified, the library will try to complete the chain from the | ||
| 24 | available CA certificates in the trusted CA storage, see | ||
| 25 | .Xr SSL_CTX_load_verify_locations 3 . | ||
| 26 | .Pp | ||
| 27 | The x509 certificate provided to | ||
| 28 | .Fn SSL_CTX_add_extra_chain_cert | ||
| 29 | will be freed by the library when the | ||
| 30 | .Vt SSL_CTX | ||
| 31 | is destroyed. | ||
| 32 | An application | ||
| 33 | .Em should not | ||
| 34 | free the | ||
| 35 | .Fa x509 | ||
| 36 | object. | ||
| 37 | .Sh RETURN VALUES | ||
| 38 | .Fn SSL_CTX_add_extra_chain_cert | ||
| 39 | returns 1 on success. | ||
| 40 | Check out the error stack to find out the reason for failure otherwise. | ||
| 41 | .Sh SEE ALSO | ||
| 42 | .Xr ssl 3 , | ||
| 43 | .Xr SSL_CTX_load_verify_locations 3 , | ||
| 44 | .Xr SSL_CTX_set_client_cert_cb 3 , | ||
| 45 | .Xr SSL_CTX_use_certificate 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_add_session.3 b/src/lib/libssl/doc/SSL_CTX_add_session.3 deleted file mode 100644 index 073b919dc1..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_add_session.3 +++ /dev/null | |||
| @@ -1,90 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_add_session.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_ADD_SESSION 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_add_session , | ||
| 9 | .Nm SSL_add_session , | ||
| 10 | .Nm SSL_CTX_remove_session , | ||
| 11 | .Nm SSL_remove_session | ||
| 12 | .Nd manipulate session cache | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft int | ||
| 16 | .Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c" | ||
| 17 | .Ft int | ||
| 18 | .Fn SSL_add_session "SSL_CTX *ctx" "SSL_SESSION *c" | ||
| 19 | .Ft int | ||
| 20 | .Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c" | ||
| 21 | .Ft int | ||
| 22 | .Fn SSL_remove_session "SSL_CTX *ctx" "SSL_SESSION *c" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_CTX_add_session | ||
| 25 | adds the session | ||
| 26 | .Fa c | ||
| 27 | to the context | ||
| 28 | .Fa ctx . | ||
| 29 | The reference count for session | ||
| 30 | .Fa c | ||
| 31 | is incremented by 1. | ||
| 32 | If a session with the same session id already exists, | ||
| 33 | the old session is removed by calling | ||
| 34 | .Xr SSL_SESSION_free 3 . | ||
| 35 | .Pp | ||
| 36 | .Fn SSL_CTX_remove_session | ||
| 37 | removes the session | ||
| 38 | .Fa c | ||
| 39 | from the context | ||
| 40 | .Fa ctx . | ||
| 41 | .Xr SSL_SESSION_free 3 | ||
| 42 | is called once for | ||
| 43 | .Fa c . | ||
| 44 | .Pp | ||
| 45 | .Fn SSL_add_session | ||
| 46 | and | ||
| 47 | .Fn SSL_remove_session | ||
| 48 | are synonyms for their | ||
| 49 | .Fn SSL_CTX_* | ||
| 50 | counterparts. | ||
| 51 | .Sh NOTES | ||
| 52 | When adding a new session to the internal session cache, it is examined | ||
| 53 | whether a session with the same session id already exists. | ||
| 54 | In this case it is assumed that both sessions are identical. | ||
| 55 | If the same session is stored in a different | ||
| 56 | .Vt SSL_SESSION | ||
| 57 | object, the old session is removed and replaced by the new session. | ||
| 58 | If the session is actually identical (the | ||
| 59 | .Vt SSL_SESSION | ||
| 60 | object is identical), | ||
| 61 | .Fn SSL_CTX_add_session | ||
| 62 | is a no-op, and the return value is 0. | ||
| 63 | .Pp | ||
| 64 | If a server | ||
| 65 | .Vt SSL_CTX | ||
| 66 | is configured with the | ||
| 67 | .Dv SSL_SESS_CACHE_NO_INTERNAL_STORE | ||
| 68 | flag then the internal cache will not be populated automatically by new | ||
| 69 | sessions negotiated by the SSL/TLS implementation, even though the internal | ||
| 70 | cache will be searched automatically for session-resume requests (the | ||
| 71 | latter can be suppressed by | ||
| 72 | .Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ) . | ||
| 73 | So the application can use | ||
| 74 | .Fn SSL_CTX_add_session | ||
| 75 | directly to have full control over the sessions that can be resumed if desired. | ||
| 76 | .Sh RETURN VALUES | ||
| 77 | The following values are returned by all functions: | ||
| 78 | .Bl -tag -width Ds | ||
| 79 | .It 0 | ||
| 80 | The operation failed. | ||
| 81 | In case of the add operation, it was tried to add the same (identical) session | ||
| 82 | twice. | ||
| 83 | In case of the remove operation, the session was not found in the cache. | ||
| 84 | .It 1 | ||
| 85 | The operation succeeded. | ||
| 86 | .El | ||
| 87 | .Sh SEE ALSO | ||
| 88 | .Xr ssl 3 , | ||
| 89 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 90 | .Xr SSL_SESSION_free 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_ctrl.3 b/src/lib/libssl/doc/SSL_CTX_ctrl.3 deleted file mode 100644 index a016845585..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_ctrl.3 +++ /dev/null | |||
| @@ -1,49 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_ctrl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_CTRL 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_ctrl , | ||
| 9 | .Nm SSL_CTX_callback_ctrl , | ||
| 10 | .Nm SSL_ctrl , | ||
| 11 | .Nm SSL_callback_ctrl | ||
| 12 | .Nd internal handling functions for SSL_CTX and SSL objects | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft long | ||
| 16 | .Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "void *parg" | ||
| 17 | .Ft long | ||
| 18 | .Fn SSL_CTX_callback_ctrl "SSL_CTX *" "int cmd" "void (*fp)()" | ||
| 19 | .Ft long | ||
| 20 | .Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "void *parg" | ||
| 21 | .Ft long | ||
| 22 | .Fn SSL_callback_ctrl "SSL *" "int cmd" "void (*fp)()" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | The | ||
| 25 | .Fn SSL_*_ctrl | ||
| 26 | family of functions is used to manipulate settings of | ||
| 27 | the | ||
| 28 | .Vt SSL_CTX | ||
| 29 | and | ||
| 30 | .Vt SSL | ||
| 31 | objects. | ||
| 32 | Depending on the command | ||
| 33 | .Fa cmd | ||
| 34 | the arguments | ||
| 35 | .Fa larg , | ||
| 36 | .Fa parg , | ||
| 37 | or | ||
| 38 | .Fa fp | ||
| 39 | are evaluated. | ||
| 40 | These functions should never be called directly. | ||
| 41 | All functionalities needed are made available via other functions or macros. | ||
| 42 | .Sh RETURN VALUES | ||
| 43 | The return values of the | ||
| 44 | .Fn SSL*_ctrl | ||
| 45 | functions depend on the command supplied via the | ||
| 46 | .Fn cmd | ||
| 47 | parameter. | ||
| 48 | .Sh SEE ALSO | ||
| 49 | .Xr ssl 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_flush_sessions.3 b/src/lib/libssl/doc/SSL_CTX_flush_sessions.3 deleted file mode 100644 index 9d3c52cdd5..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_flush_sessions.3 +++ /dev/null | |||
| @@ -1,57 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_flush_sessions.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_FLUSH_SESSIONS 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_flush_sessions , | ||
| 9 | .Nm SSL_flush_sessions | ||
| 10 | .Nd remove expired sessions | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft void | ||
| 14 | .Fn SSL_CTX_flush_sessions "SSL_CTX *ctx" "long tm" | ||
| 15 | .Ft void | ||
| 16 | .Fn SSL_flush_sessions "SSL_CTX *ctx" "long tm" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_CTX_flush_sessions | ||
| 19 | causes a run through the session cache of | ||
| 20 | .Fa ctx | ||
| 21 | to remove sessions expired at time | ||
| 22 | .Fa tm . | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_flush_sessions | ||
| 25 | is a synonym for | ||
| 26 | .Fn SSL_CTX_flush_sessions . | ||
| 27 | .Sh NOTES | ||
| 28 | If enabled, the internal session cache will collect all sessions established | ||
| 29 | up to the specified maximum number (see | ||
| 30 | .Fn SSL_CTX_sess_set_cache_size ) . | ||
| 31 | As sessions will not be reused ones they are expired, they should be | ||
| 32 | removed from the cache to save resources. | ||
| 33 | This can either be done automatically whenever 255 new sessions were | ||
| 34 | established (see | ||
| 35 | .Xr SSL_CTX_set_session_cache_mode 3 ) | ||
| 36 | or manually by calling | ||
| 37 | .Fn SSL_CTX_flush_sessions . | ||
| 38 | .Pp | ||
| 39 | The parameter | ||
| 40 | .Fa tm | ||
| 41 | specifies the time which should be used for the | ||
| 42 | expiration test, in most cases the actual time given by | ||
| 43 | .Fn time 0 | ||
| 44 | will be used. | ||
| 45 | .Pp | ||
| 46 | .Fn SSL_CTX_flush_sessions | ||
| 47 | will only check sessions stored in the internal cache. | ||
| 48 | When a session is found and removed, the | ||
| 49 | .Va remove_session_cb | ||
| 50 | is however called to synchronize with the external cache (see | ||
| 51 | .Xr SSL_CTX_sess_set_get_cb 3 ) . | ||
| 52 | .Sh RETURN VALUES | ||
| 53 | .Sh SEE ALSO | ||
| 54 | .Xr ssl 3 , | ||
| 55 | .Xr SSL_CTX_sess_set_get_cb 3 , | ||
| 56 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 57 | .Xr SSL_CTX_set_timeout 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_free.3 b/src/lib/libssl/doc/SSL_CTX_free.3 deleted file mode 100644 index 0b2f7a8247..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_free.3 +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_FREE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_free | ||
| 9 | .Nd free an allocated SSL_CTX object | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft void | ||
| 13 | .Fn SSL_CTX_free "SSL_CTX *ctx" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_CTX_free | ||
| 16 | decrements the reference count of | ||
| 17 | .Fa ctx , | ||
| 18 | and removes the | ||
| 19 | .Vt SSL_CTX | ||
| 20 | object pointed to by | ||
| 21 | .Fa ctx | ||
| 22 | and frees up the allocated memory if the reference count has reached 0. | ||
| 23 | .Pp | ||
| 24 | It also calls the | ||
| 25 | .Xr free 3 Ns ing | ||
| 26 | procedures for indirectly affected items, if applicable: | ||
| 27 | the session cache, the list of ciphers, the list of Client CAs, | ||
| 28 | the certificates and keys. | ||
| 29 | .Sh WARNINGS | ||
| 30 | If a session-remove callback is set | ||
| 31 | .Pq Xr SSL_CTX_sess_set_remove_cb 3 , | ||
| 32 | this callback will be called for each session being freed from | ||
| 33 | .Fa ctx Ns 's | ||
| 34 | session cache. | ||
| 35 | This implies that all corresponding sessions from an external session cache are | ||
| 36 | removed as well. | ||
| 37 | If this is not desired, the user should explicitly unset the callback by | ||
| 38 | calling | ||
| 39 | .Fn SSL_CTX_sess_set_remove_cb ctx NULL | ||
| 40 | prior to calling | ||
| 41 | .Fn SSL_CTX_free . | ||
| 42 | .Sh RETURN VALUES | ||
| 43 | .Fn SSL_CTX_free | ||
| 44 | does not provide diagnostic information. | ||
| 45 | .Sh SEE ALSO | ||
| 46 | .Xr ssl 3 , | ||
| 47 | .Xr SSL_CTX_new 3 , | ||
| 48 | .Xr SSL_CTX_sess_set_get_cb 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3 deleted file mode 100644 index 72bbb608fa..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_get_ex_new_index.3 +++ /dev/null | |||
| @@ -1,70 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_GET_EX_NEW_INDEX 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_get_ex_new_index , | ||
| 9 | .Nm SSL_CTX_set_ex_data , | ||
| 10 | .Nm SSL_CTX_get_ex_data | ||
| 11 | .Nd internal application specific data functions | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft int | ||
| 15 | .Fo SSL_CTX_get_ex_new_index | ||
| 16 | .Fa long argl | ||
| 17 | .Fa void *argp | ||
| 18 | .Fa CRYPTO_EX_new *new_func | ||
| 19 | .Fa CRYPTO_EX_dup *dup_func | ||
| 20 | .Fa CRYPTO_EX_free *free_func | ||
| 21 | .Fc | ||
| 22 | .Ft int | ||
| 23 | .Fn SSL_CTX_set_ex_data "SSL_CTX *ctx" "int idx" "void *arg" | ||
| 24 | .Ft void * | ||
| 25 | .Fn SSL_CTX_get_ex_data "const SSL_CTX *ctx" "int idx" | ||
| 26 | .Bd -literal | ||
| 27 | typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 28 | int idx, long argl, void *argp); | ||
| 29 | typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 30 | int idx, long argl, void *argp); | ||
| 31 | typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 32 | int idx, long argl, void *argp); | ||
| 33 | .Ed | ||
| 34 | .Sh DESCRIPTION | ||
| 35 | Several OpenSSL structures can have application specific data attached to them. | ||
| 36 | These functions are used internally by OpenSSL to manipulate application | ||
| 37 | specific data attached to a specific structure. | ||
| 38 | .Pp | ||
| 39 | .Fn SSL_CTX_get_ex_new_index | ||
| 40 | is used to register a new index for application specific data. | ||
| 41 | .Pp | ||
| 42 | .Fn SSL_CTX_set_ex_data | ||
| 43 | is used to store application data at | ||
| 44 | .Fa arg | ||
| 45 | for | ||
| 46 | .Fa idx | ||
| 47 | into the | ||
| 48 | .Fa ctx | ||
| 49 | object. | ||
| 50 | .Pp | ||
| 51 | .Fn SSL_CTX_get_ex_data | ||
| 52 | is used to retrieve the information for | ||
| 53 | .Fa idx | ||
| 54 | from | ||
| 55 | .Fa ctx . | ||
| 56 | .Pp | ||
| 57 | A detailed description for the | ||
| 58 | .Fn *_get_ex_new_index | ||
| 59 | functionality can be found in | ||
| 60 | .Xr RSA_get_ex_new_index 3 . | ||
| 61 | The | ||
| 62 | .Fn *_get_ex_data | ||
| 63 | and | ||
| 64 | .Fn *_set_ex_data | ||
| 65 | functionality is described in | ||
| 66 | .Xr CRYPTO_set_ex_data 3 . | ||
| 67 | .Sh SEE ALSO | ||
| 68 | .Xr CRYPTO_set_ex_data 3 , | ||
| 69 | .Xr RSA_get_ex_new_index 3 , | ||
| 70 | .Xr ssl 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3 b/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3 deleted file mode 100644 index 12e21db6a3..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_get_verify_mode.3 +++ /dev/null | |||
| @@ -1,73 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_get_verify_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_GET_VERIFY_MODE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_get_verify_mode , | ||
| 9 | .Nm SSL_get_verify_mode , | ||
| 10 | .Nm SSL_CTX_get_verify_depth , | ||
| 11 | .Nm SSL_get_verify_depth , | ||
| 12 | .Nm SSL_get_verify_callback , | ||
| 13 | .Nm SSL_CTX_get_verify_callback | ||
| 14 | .Nd get currently set verification parameters | ||
| 15 | .Sh SYNOPSIS | ||
| 16 | .In openssl/ssl.h | ||
| 17 | .Ft int | ||
| 18 | .Fn SSL_CTX_get_verify_mode "const SSL_CTX *ctx" | ||
| 19 | .Ft int | ||
| 20 | .Fn SSL_get_verify_mode "const SSL *ssl" | ||
| 21 | .Ft int | ||
| 22 | .Fn SSL_CTX_get_verify_depth "const SSL_CTX *ctx" | ||
| 23 | .Ft int | ||
| 24 | .Fn SSL_get_verify_depth "const SSL *ssl" | ||
| 25 | .Ft int | ||
| 26 | .Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))" | ||
| 27 | .Fa int "X509_STORE_CTX *" | ||
| 28 | .Fc | ||
| 29 | .Ft int | ||
| 30 | .Fo "(*SSL_get_verify_callback(const SSL *ssl))" | ||
| 31 | .Fa int "X509_STORE_CTX *" | ||
| 32 | .Fc | ||
| 33 | .Sh DESCRIPTION | ||
| 34 | .Fn SSL_CTX_get_verify_mode | ||
| 35 | returns the verification mode currently set in | ||
| 36 | .Fa ctx . | ||
| 37 | .Pp | ||
| 38 | .Fn SSL_get_verify_mode | ||
| 39 | returns the verification mode currently set in | ||
| 40 | .Fa ssl . | ||
| 41 | .Pp | ||
| 42 | .Fn SSL_CTX_get_verify_depth | ||
| 43 | returns the verification depth limit currently set | ||
| 44 | in | ||
| 45 | .Fa ctx . | ||
| 46 | If no limit has been explicitly set, | ||
| 47 | \(mi1 is returned and the default value will be used. | ||
| 48 | .Pp | ||
| 49 | .Fn SSL_get_verify_depth | ||
| 50 | returns the verification depth limit currently set in | ||
| 51 | .Fa ssl . | ||
| 52 | If no limit has been explicitly set, | ||
| 53 | \(mi1 is returned and the default value will be used. | ||
| 54 | .Pp | ||
| 55 | .Fn SSL_CTX_get_verify_callback | ||
| 56 | returns a function pointer to the verification callback currently set in | ||
| 57 | .Fa ctx . | ||
| 58 | If no callback was explicitly set, the | ||
| 59 | .Dv NULL | ||
| 60 | pointer is returned and the default callback will be used. | ||
| 61 | .Pp | ||
| 62 | .Fn SSL_get_verify_callback | ||
| 63 | returns a function pointer to the verification callback currently set in | ||
| 64 | .Fa ssl . | ||
| 65 | If no callback was explicitly set, the | ||
| 66 | .Dv NULL | ||
| 67 | pointer is returned and the default callback will be used. | ||
| 68 | .Sh RETURN VALUES | ||
| 69 | See | ||
| 70 | .Sx DESCRIPTION | ||
| 71 | .Sh SEE ALSO | ||
| 72 | .Xr ssl 3 , | ||
| 73 | .Xr SSL_CTX_set_verify 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3 b/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3 deleted file mode 100644 index 09884db5da..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_load_verify_locations.3 +++ /dev/null | |||
| @@ -1,161 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_load_verify_locations.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_load_verify_locations | ||
| 9 | .Nd set default locations for trusted CA certificates | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fo SSL_CTX_load_verify_locations | ||
| 14 | .Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath" | ||
| 15 | .Fc | ||
| 16 | .Sh DESCRIPTION | ||
| 17 | .Fn SSL_CTX_load_verify_locations | ||
| 18 | specifies the locations for | ||
| 19 | .Fa ctx , | ||
| 20 | at which CA certificates for verification purposes are located. | ||
| 21 | The certificates available via | ||
| 22 | .Fa CAfile | ||
| 23 | and | ||
| 24 | .Fa CApath | ||
| 25 | are trusted. | ||
| 26 | .Sh NOTES | ||
| 27 | If | ||
| 28 | .Fa CAfile | ||
| 29 | is not | ||
| 30 | .Dv NULL , | ||
| 31 | it points to a file of CA certificates in PEM format. | ||
| 32 | The file can contain several CA certificates identified by sequences of: | ||
| 33 | .Bd -literal | ||
| 34 | -----BEGIN CERTIFICATE----- | ||
| 35 | ... (CA certificate in base64 encoding) ... | ||
| 36 | -----END CERTIFICATE----- | ||
| 37 | .Ed | ||
| 38 | Before, between, and after the certificates arbitrary text is allowed which can | ||
| 39 | be used, e.g., for descriptions of the certificates. | ||
| 40 | .Pp | ||
| 41 | The | ||
| 42 | .Fa CAfile | ||
| 43 | is processed on execution of the | ||
| 44 | .Fn SSL_CTX_load_verify_locations | ||
| 45 | function. | ||
| 46 | .Pp | ||
| 47 | If | ||
| 48 | .Fa CApath | ||
| 49 | is not NULL, it points to a directory containing CA certificates in PEM format. | ||
| 50 | The files each contain one CA certificate. | ||
| 51 | The files are looked up by the CA subject name hash value, | ||
| 52 | which must hence be available. | ||
| 53 | If more than one CA certificate with the same name hash value exist, | ||
| 54 | the extension must be different (e.g., | ||
| 55 | .Pa 9d66eef0.0 , | ||
| 56 | .Pa 9d66eef0.1 , | ||
| 57 | etc.). | ||
| 58 | The search is performed in the ordering of the extension number, | ||
| 59 | regardless of other properties of the certificates. | ||
| 60 | .Pp | ||
| 61 | The certificates in | ||
| 62 | .Fa CApath | ||
| 63 | are only looked up when required, e.g., when building the certificate chain or | ||
| 64 | when actually performing the verification of a peer certificate. | ||
| 65 | .Pp | ||
| 66 | When looking up CA certificates, the OpenSSL library will first search the | ||
| 67 | certificates in | ||
| 68 | .Fa CAfile , | ||
| 69 | then those in | ||
| 70 | .Fa CApath . | ||
| 71 | Certificate matching is done based on the subject name, the key identifier (if | ||
| 72 | present), and the serial number as taken from the certificate to be verified. | ||
| 73 | If these data do not match, the next certificate will be tried. | ||
| 74 | If a first certificate matching the parameters is found, | ||
| 75 | the verification process will be performed; | ||
| 76 | no other certificates for the same parameters will be searched in case of | ||
| 77 | failure. | ||
| 78 | .Pp | ||
| 79 | In server mode, when requesting a client certificate, the server must send | ||
| 80 | the list of CAs of which it will accept client certificates. | ||
| 81 | This list is not influenced by the contents of | ||
| 82 | .Fa CAfile | ||
| 83 | or | ||
| 84 | .Fa CApath | ||
| 85 | and must explicitly be set using the | ||
| 86 | .Xr SSL_CTX_set_client_CA_list 3 | ||
| 87 | family of functions. | ||
| 88 | .Pp | ||
| 89 | When building its own certificate chain, an OpenSSL client/server will try to | ||
| 90 | fill in missing certificates from | ||
| 91 | .Fa CAfile Ns / Fa CApath , | ||
| 92 | if the | ||
| 93 | certificate chain was not explicitly specified (see | ||
| 94 | .Xr SSL_CTX_add_extra_chain_cert 3 | ||
| 95 | and | ||
| 96 | .Xr SSL_CTX_use_certificate 3 ) . | ||
| 97 | .Sh WARNINGS | ||
| 98 | If several CA certificates matching the name, key identifier, and serial | ||
| 99 | number condition are available, only the first one will be examined. | ||
| 100 | This may lead to unexpected results if the same CA certificate is available | ||
| 101 | with different expiration dates. | ||
| 102 | If a | ||
| 103 | .Dq certificate expired | ||
| 104 | verification error occurs, no other certificate will be searched. | ||
| 105 | Make sure to not have expired certificates mixed with valid ones. | ||
| 106 | .Sh RETURN VALUES | ||
| 107 | The following return values can occur: | ||
| 108 | .Bl -tag -width Ds | ||
| 109 | .It 0 | ||
| 110 | The operation failed because | ||
| 111 | .Fa CAfile | ||
| 112 | and | ||
| 113 | .Fa CApath | ||
| 114 | are | ||
| 115 | .Dv NULL | ||
| 116 | or the processing at one of the locations specified failed. | ||
| 117 | Check the error stack to find out the reason. | ||
| 118 | .It 1 | ||
| 119 | The operation succeeded. | ||
| 120 | .El | ||
| 121 | .Sh EXAMPLES | ||
| 122 | Generate a CA certificate file with descriptive text from the CA certificates | ||
| 123 | .Pa ca1.pem | ||
| 124 | .Pa ca2.pem | ||
| 125 | .Pa ca3.pem : | ||
| 126 | .Bd -literal | ||
| 127 | #!/bin/sh | ||
| 128 | rm CAfile.pem | ||
| 129 | for i in ca1.pem ca2.pem ca3.pem; do | ||
| 130 | openssl x509 -in $i -text >> CAfile.pem | ||
| 131 | done | ||
| 132 | .Ed | ||
| 133 | .Pp | ||
| 134 | Prepare the directory /some/where/certs containing several CA certificates | ||
| 135 | for use as | ||
| 136 | .Fa CApath : | ||
| 137 | .Bd -literal | ||
| 138 | $ cd /some/where/certs | ||
| 139 | $ rm -f *.[0-9]* *.r[0-9]* | ||
| 140 | $ for c in *.pem; do | ||
| 141 | > [ "$c" = "*.pem" ] && continue | ||
| 142 | > hash=$(openssl x509 -noout -hash -in "$c") | ||
| 143 | > if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then | ||
| 144 | > suf=0 | ||
| 145 | > while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done | ||
| 146 | > ln -s "$c" $hash.$suf | ||
| 147 | > fi | ||
| 148 | > if egrep -q -- '-BEGIN X509 CRL-' "$c"; then | ||
| 149 | > suf=0 | ||
| 150 | > while [ -e $hash.r$suf ]; do suf=$(( $suf + 1 )); done | ||
| 151 | > ln -s "$c" $hash.r$suf | ||
| 152 | > fi | ||
| 153 | > done | ||
| 154 | .Ed | ||
| 155 | .Sh SEE ALSO | ||
| 156 | .Xr ssl 3 , | ||
| 157 | .Xr SSL_CTX_add_extra_chain_cert 3 , | ||
| 158 | .Xr SSL_CTX_set_cert_store 3 , | ||
| 159 | .Xr SSL_CTX_set_client_CA_list 3 , | ||
| 160 | .Xr SSL_CTX_use_certificate 3 , | ||
| 161 | .Xr SSL_get_client_CA_list 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_new.3 b/src/lib/libssl/doc/SSL_CTX_new.3 deleted file mode 100644 index d2c2b03452..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_new.3 +++ /dev/null | |||
| @@ -1,111 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_new.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_NEW 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_new , | ||
| 9 | .Nm SSLv3_method , | ||
| 10 | .Nm SSLv3_server_method , | ||
| 11 | .Nm SSLv3_client_method , | ||
| 12 | .Nm TLSv1_method , | ||
| 13 | .Nm TLSv1_server_method , | ||
| 14 | .Nm TLSv1_client_method , | ||
| 15 | .Nm TLSv1_1_method , | ||
| 16 | .Nm TLSv1_1_server_method , | ||
| 17 | .Nm TLSv1_1_client_method , | ||
| 18 | .Nm SSLv23_method , | ||
| 19 | .Nm SSLv23_server_method , | ||
| 20 | .Nm SSLv23_client_method | ||
| 21 | .Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions | ||
| 22 | .Sh SYNOPSIS | ||
| 23 | .In openssl/ssl.h | ||
| 24 | .Ft SSL_CTX * | ||
| 25 | .Fn SSL_CTX_new "const SSL_METHOD *method" | ||
| 26 | .Sh DESCRIPTION | ||
| 27 | .Fn SSL_CTX_new | ||
| 28 | creates a new | ||
| 29 | .Vt SSL_CTX | ||
| 30 | object as framework to establish TLS/SSL enabled connections. | ||
| 31 | .Sh NOTES | ||
| 32 | The | ||
| 33 | .Vt SSL_CTX | ||
| 34 | object uses | ||
| 35 | .Fa method | ||
| 36 | as its connection method. | ||
| 37 | The methods exist in a generic type (for client and server use), | ||
| 38 | a server only type, and a client only type. | ||
| 39 | .Fa method | ||
| 40 | can be of the following types: | ||
| 41 | .Bl -tag -width Ds | ||
| 42 | .It Fn SSLv3_method void , Fn SSLv3_server_method void , \ | ||
| 43 | Fn SSLv3_client_method void | ||
| 44 | A TLS/SSL connection established with these methods will only understand the | ||
| 45 | SSLv3 protocol. | ||
| 46 | A client will send out SSLv3 client hello messages and will indicate that it | ||
| 47 | only understands SSLv3. | ||
| 48 | A server will only understand SSLv3 client hello messages. | ||
| 49 | Importantly, this means that it will not understand SSLv2 client hello messages | ||
| 50 | which are widely used for compatibility reasons; see | ||
| 51 | .Fn SSLv23_*_method . | ||
| 52 | .It Fn TLSv1_method void , Fn TLSv1_server_method void , \ | ||
| 53 | Fn TLSv1_client_method void | ||
| 54 | A TLS/SSL connection established with these methods will only understand the | ||
| 55 | TLSv1 protocol. | ||
| 56 | A client will send out TLSv1 client hello messages and will indicate that it | ||
| 57 | only understands TLSv1. | ||
| 58 | A server will only understand TLSv1 client hello messages. | ||
| 59 | Importantly, this means that it will not understand SSLv2 client hello messages | ||
| 60 | which are widely used for compatibility reasons; see | ||
| 61 | .Fn SSLv23_*_method . | ||
| 62 | It will also not understand SSLv3 client hello messages. | ||
| 63 | .It Fn SSLv23_method void , Fn SSLv23_server_method void , \ | ||
| 64 | Fn SSLv23_client_method void | ||
| 65 | A TLS/SSL connection established with these methods may understand the SSLv3, | ||
| 66 | TLSv1, TLSv1.1 and TLSv1.2 protocols. | ||
| 67 | .Pp | ||
| 68 | A client will send out TLSv1 client hello messages including extensions and | ||
| 69 | will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback | ||
| 70 | to SSLv3. | ||
| 71 | A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. | ||
| 72 | This is the best choice when compatibility is a concern. | ||
| 73 | .El | ||
| 74 | .Pp | ||
| 75 | The list of protocols available can later be limited using the | ||
| 76 | .Dv SSL_OP_NO_SSLv3 , | ||
| 77 | .Dv SSL_OP_NO_TLSv1 , | ||
| 78 | .Dv SSL_OP_NO_TLSv1_1 , | ||
| 79 | and | ||
| 80 | .Dv SSL_OP_NO_TLSv1_2 | ||
| 81 | options of the | ||
| 82 | .Fn SSL_CTX_set_options | ||
| 83 | or | ||
| 84 | .Fn SSL_set_options | ||
| 85 | functions. | ||
| 86 | Using these options it is possible to choose, for example, | ||
| 87 | .Fn SSLv23_server_method | ||
| 88 | and be able to negotiate with all possible clients, | ||
| 89 | but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2. | ||
| 90 | .Pp | ||
| 91 | .Fn SSL_CTX_new | ||
| 92 | initializes the list of ciphers, the session cache setting, the callbacks, | ||
| 93 | the keys and certificates, and the options to its default values. | ||
| 94 | .Sh RETURN VALUES | ||
| 95 | The following return values can occur: | ||
| 96 | .Bl -tag -width Ds | ||
| 97 | .It Dv NULL | ||
| 98 | The creation of a new | ||
| 99 | .Vt SSL_CTX | ||
| 100 | object failed. | ||
| 101 | Check the error stack to find out the reason. | ||
| 102 | .It Pointer to an SSL_CTX object | ||
| 103 | The return value points to an allocated | ||
| 104 | .Vt SSL_CTX | ||
| 105 | object. | ||
| 106 | .El | ||
| 107 | .Sh SEE ALSO | ||
| 108 | .Xr ssl 3 , | ||
| 109 | .Xr SSL_accept 3 , | ||
| 110 | .Xr SSL_CTX_free 3 , | ||
| 111 | .Xr SSL_set_connect_state 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_number.3 b/src/lib/libssl/doc/SSL_CTX_sess_number.3 deleted file mode 100644 index f3af4eab07..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_sess_number.3 +++ /dev/null | |||
| @@ -1,104 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_sess_number.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SESS_NUMBER 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_sess_number , | ||
| 9 | .Nm SSL_CTX_sess_connect , | ||
| 10 | .Nm SSL_CTX_sess_connect_good , | ||
| 11 | .Nm SSL_CTX_sess_connect_renegotiate , | ||
| 12 | .Nm SSL_CTX_sess_accept , | ||
| 13 | .Nm SSL_CTX_sess_accept_good , | ||
| 14 | .Nm SSL_CTX_sess_accept_renegotiate , | ||
| 15 | .Nm SSL_CTX_sess_hits , | ||
| 16 | .Nm SSL_CTX_sess_cb_hits , | ||
| 17 | .Nm SSL_CTX_sess_misses , | ||
| 18 | .Nm SSL_CTX_sess_timeouts , | ||
| 19 | .Nm SSL_CTX_sess_cache_full | ||
| 20 | .Nd obtain session cache statistics | ||
| 21 | .Sh SYNOPSIS | ||
| 22 | .In openssl/ssl.h | ||
| 23 | .Ft long | ||
| 24 | .Fn SSL_CTX_sess_number "SSL_CTX *ctx" | ||
| 25 | .Ft long | ||
| 26 | .Fn SSL_CTX_sess_connect "SSL_CTX *ctx" | ||
| 27 | .Ft long | ||
| 28 | .Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx" | ||
| 29 | .Ft long | ||
| 30 | .Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx" | ||
| 31 | .Ft long | ||
| 32 | .Fn SSL_CTX_sess_accept "SSL_CTX *ctx" | ||
| 33 | .Ft long | ||
| 34 | .Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx" | ||
| 35 | .Ft long | ||
| 36 | .Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx" | ||
| 37 | .Ft long | ||
| 38 | .Fn SSL_CTX_sess_hits "SSL_CTX *ctx" | ||
| 39 | .Ft long | ||
| 40 | .Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx" | ||
| 41 | .Ft long | ||
| 42 | .Fn SSL_CTX_sess_misses "SSL_CTX *ctx" | ||
| 43 | .Ft long | ||
| 44 | .Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx" | ||
| 45 | .Ft long | ||
| 46 | .Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx" | ||
| 47 | .Sh DESCRIPTION | ||
| 48 | .Fn SSL_CTX_sess_number | ||
| 49 | returns the current number of sessions in the internal session cache. | ||
| 50 | .Pp | ||
| 51 | .Fn SSL_CTX_sess_connect | ||
| 52 | returns the number of started SSL/TLS handshakes in client mode. | ||
| 53 | .Pp | ||
| 54 | .Fn SSL_CTX_sess_connect_good | ||
| 55 | returns the number of successfully established SSL/TLS sessions in client mode. | ||
| 56 | .Pp | ||
| 57 | .Fn SSL_CTX_sess_connect_renegotiate | ||
| 58 | returns the number of start renegotiations in client mode. | ||
| 59 | .Pp | ||
| 60 | .Fn SSL_CTX_sess_accept | ||
| 61 | returns the number of started SSL/TLS handshakes in server mode. | ||
| 62 | .Pp | ||
| 63 | .Fn SSL_CTX_sess_accept_good | ||
| 64 | returns the number of successfully established SSL/TLS sessions in server mode. | ||
| 65 | .Pp | ||
| 66 | .Fn SSL_CTX_sess_accept_renegotiate | ||
| 67 | returns the number of start renegotiations in server mode. | ||
| 68 | .Pp | ||
| 69 | .Fn SSL_CTX_sess_hits | ||
| 70 | returns the number of successfully reused sessions. | ||
| 71 | In client mode a session set with | ||
| 72 | .Xr SSL_set_session 3 | ||
| 73 | successfully reused is counted as a hit. | ||
| 74 | In server mode a session successfully retrieved from internal or external cache | ||
| 75 | is counted as a hit. | ||
| 76 | .Pp | ||
| 77 | .Fn SSL_CTX_sess_cb_hits | ||
| 78 | returns the number of successfully retrieved sessions from the external session | ||
| 79 | cache in server mode. | ||
| 80 | .Pp | ||
| 81 | .Fn SSL_CTX_sess_misses | ||
| 82 | returns the number of sessions proposed by clients that were not found in the | ||
| 83 | internal session cache in server mode. | ||
| 84 | .Pp | ||
| 85 | .Fn SSL_CTX_sess_timeouts | ||
| 86 | returns the number of sessions proposed by clients and either found in the | ||
| 87 | internal or external session cache in server mode, | ||
| 88 | but that were invalid due to timeout. | ||
| 89 | These sessions are not included in the | ||
| 90 | .Fn SSL_CTX_sess_hits | ||
| 91 | count. | ||
| 92 | .Pp | ||
| 93 | .Fn SSL_CTX_sess_cache_full | ||
| 94 | returns the number of sessions that were removed because the maximum session | ||
| 95 | cache size was exceeded. | ||
| 96 | .Sh RETURN VALUES | ||
| 97 | The functions return the values indicated in the | ||
| 98 | .Sx DESCRIPTION | ||
| 99 | section. | ||
| 100 | .Sh SEE ALSO | ||
| 101 | .Xr ssl 3 , | ||
| 102 | .Xr SSL_CTX_sess_set_cache_size 3 , | ||
| 103 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 104 | .Xr SSL_set_session 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3 deleted file mode 100644 index 89d02dd32b..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_sess_set_cache_size.3 +++ /dev/null | |||
| @@ -1,55 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_sess_set_cache_size.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SESS_SET_CACHE_SIZE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_sess_set_cache_size , | ||
| 9 | .Nm SSL_CTX_sess_get_cache_size | ||
| 10 | .Nd manipulate session cache size | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft long | ||
| 14 | .Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t" | ||
| 15 | .Ft long | ||
| 16 | .Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_CTX_sess_set_cache_size | ||
| 19 | sets the size of the internal session cache of context | ||
| 20 | .Fa ctx | ||
| 21 | to | ||
| 22 | .Fa t . | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_CTX_sess_get_cache_size | ||
| 25 | returns the currently valid session cache size. | ||
| 26 | .Sh NOTES | ||
| 27 | The internal session cache size is | ||
| 28 | .Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT , | ||
| 29 | currently 1024\(mu20, so that up to 20000 sessions can be held. | ||
| 30 | This size can be modified using the | ||
| 31 | .Fn SSL_CTX_sess_set_cache_size | ||
| 32 | call. | ||
| 33 | A special case is the size 0, which is used for unlimited size. | ||
| 34 | .Pp | ||
| 35 | When the maximum number of sessions is reached, | ||
| 36 | no more new sessions are added to the cache. | ||
| 37 | New space may be added by calling | ||
| 38 | .Xr SSL_CTX_flush_sessions 3 | ||
| 39 | to remove expired sessions. | ||
| 40 | .Pp | ||
| 41 | If the size of the session cache is reduced and more sessions are already in | ||
| 42 | the session cache, | ||
| 43 | old session will be removed the next time a session shall be added. | ||
| 44 | This removal is not synchronized with the expiration of sessions. | ||
| 45 | .Sh RETURN VALUES | ||
| 46 | .Fn SSL_CTX_sess_set_cache_size | ||
| 47 | returns the previously valid size. | ||
| 48 | .Pp | ||
| 49 | .Fn SSL_CTX_sess_get_cache_size | ||
| 50 | returns the currently valid size. | ||
| 51 | .Sh SEE ALSO | ||
| 52 | .Xr ssl 3 , | ||
| 53 | .Xr SSL_CTX_flush_sessions 3 , | ||
| 54 | .Xr SSL_CTX_sess_number 3 , | ||
| 55 | .Xr SSL_CTX_set_session_cache_mode 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 deleted file mode 100644 index 7a372138c1..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_sess_set_get_cb.3 +++ /dev/null | |||
| @@ -1,159 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SESS_SET_GET_CB 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_sess_set_new_cb , | ||
| 9 | .Nm SSL_CTX_sess_set_remove_cb , | ||
| 10 | .Nm SSL_CTX_sess_set_get_cb , | ||
| 11 | .Nm SSL_CTX_sess_get_new_cb , | ||
| 12 | .Nm SSL_CTX_sess_get_remove_cb , | ||
| 13 | .Nm SSL_CTX_sess_get_get_cb | ||
| 14 | .Nd provide callback functions for server side external session caching | ||
| 15 | .Sh SYNOPSIS | ||
| 16 | .In openssl/ssl.h | ||
| 17 | .Ft void | ||
| 18 | .Fo SSL_CTX_sess_set_new_cb | ||
| 19 | .Fa "SSL_CTX *ctx" | ||
| 20 | .Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)" | ||
| 21 | .Fc | ||
| 22 | .Ft void | ||
| 23 | .Fo SSL_CTX_sess_set_remove_cb | ||
| 24 | .Fa "SSL_CTX *ctx" | ||
| 25 | .Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)" | ||
| 26 | .Fc | ||
| 27 | .Ft void | ||
| 28 | .Fo SSL_CTX_sess_set_get_cb | ||
| 29 | .Fa "SSL_CTX *ctx" | ||
| 30 | .Fa "SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)" | ||
| 31 | .Fc | ||
| 32 | .Ft int | ||
| 33 | .Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" | ||
| 34 | .Fa "struct ssl_st *ssl" | ||
| 35 | .Fa "SSL_SESSION *sess" | ||
| 36 | .Fc | ||
| 37 | .Ft void | ||
| 38 | .Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))" | ||
| 39 | .Fa "struct ssl_ctx_st *ctx" | ||
| 40 | .Fa "SSL_SESSION *sess" | ||
| 41 | .Fc | ||
| 42 | .Ft SSL_SESSION * | ||
| 43 | .Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))" | ||
| 44 | .Fa "struct ssl_st *ssl" | ||
| 45 | .Fa "unsigned char *data" | ||
| 46 | .Fa "int len" | ||
| 47 | .Fa "int *copy" | ||
| 48 | .Fc | ||
| 49 | .Ft int | ||
| 50 | .Fo "(*new_session_cb)" | ||
| 51 | .Fa "struct ssl_st *ssl" | ||
| 52 | .Fa "SSL_SESSION *sess" | ||
| 53 | .Fc | ||
| 54 | .Ft void | ||
| 55 | .Fo "(*remove_session_cb)" | ||
| 56 | .Fa "struct ssl_ctx_st *ctx" | ||
| 57 | .Fa "SSL_SESSION *sess" | ||
| 58 | .Fc | ||
| 59 | .Ft SSL_SESSION * | ||
| 60 | .Fo "(*get_session_cb)" | ||
| 61 | .Fa "struct ssl_st *ssl" | ||
| 62 | .Fa "unsigned char *data" | ||
| 63 | .Fa "int len" | ||
| 64 | .Fa "int *copy" | ||
| 65 | .Fc | ||
| 66 | .Sh DESCRIPTION | ||
| 67 | .Fn SSL_CTX_sess_set_new_cb | ||
| 68 | sets the callback function which is automatically called whenever a new session | ||
| 69 | was negotiated. | ||
| 70 | .Pp | ||
| 71 | .Fn SSL_CTX_sess_set_remove_cb | ||
| 72 | sets the callback function which is automatically called whenever a session is | ||
| 73 | removed by the SSL engine (because it is considered faulty or the session has | ||
| 74 | become obsolete because of exceeding the timeout value). | ||
| 75 | .Pp | ||
| 76 | .Fn SSL_CTX_sess_set_get_cb | ||
| 77 | sets the callback function which is called whenever a SSL/TLS client proposes | ||
| 78 | to resume a session but the session cannot be found in the internal session | ||
| 79 | cache (see | ||
| 80 | .Xr SSL_CTX_set_session_cache_mode 3 ) . | ||
| 81 | (SSL/TLS server only.) | ||
| 82 | .Pp | ||
| 83 | .Fn SSL_CTX_sess_get_new_cb , | ||
| 84 | .Fn SSL_CTX_sess_get_remove_cb , | ||
| 85 | and | ||
| 86 | .Fn SSL_CTX_sess_get_get_cb | ||
| 87 | retrieve the function pointers of the provided callback functions. | ||
| 88 | If a callback function has not been set, the | ||
| 89 | .Dv NULL | ||
| 90 | pointer is returned. | ||
| 91 | .Sh NOTES | ||
| 92 | In order to allow external session caching, synchronization with the internal | ||
| 93 | session cache is realized via callback functions. | ||
| 94 | Inside these callback functions, session can be saved to disk or put into a | ||
| 95 | database using the | ||
| 96 | .Xr d2i_SSL_SESSION 3 | ||
| 97 | interface. | ||
| 98 | .Pp | ||
| 99 | The | ||
| 100 | .Fn new_session_cb | ||
| 101 | function is called whenever a new session has been negotiated and session | ||
| 102 | caching is enabled (see | ||
| 103 | .Xr SSL_CTX_set_session_cache_mode 3 ) . | ||
| 104 | The | ||
| 105 | .Fn new_session_cb | ||
| 106 | is passed the | ||
| 107 | .Fa ssl | ||
| 108 | connection and the ssl session | ||
| 109 | .Fa sess . | ||
| 110 | If the callback returns 0, the session will be immediately removed again. | ||
| 111 | .Pp | ||
| 112 | The | ||
| 113 | .Fn remove_session_cb | ||
| 114 | is called whenever the SSL engine removes a session from the internal cache. | ||
| 115 | This happens when the session is removed because it is expired or when a | ||
| 116 | connection was not shut down cleanly. | ||
| 117 | It also happens for all sessions in the internal session cache when | ||
| 118 | .Xr SSL_CTX_free 3 | ||
| 119 | is called. | ||
| 120 | The | ||
| 121 | .Fn remove_session_cb | ||
| 122 | function is passed the | ||
| 123 | .Fa ctx | ||
| 124 | and the | ||
| 125 | .Vt ssl | ||
| 126 | session | ||
| 127 | .Fa sess . | ||
| 128 | It does not provide any feedback. | ||
| 129 | .Pp | ||
| 130 | The | ||
| 131 | .Fn get_session_cb | ||
| 132 | function is only called on SSL/TLS servers with the session id proposed by the | ||
| 133 | client. | ||
| 134 | The | ||
| 135 | .Fn get_session_cb | ||
| 136 | function is always called, also when session caching was disabled. | ||
| 137 | The | ||
| 138 | .Fn get_session_cb | ||
| 139 | is passed the | ||
| 140 | .Fa ssl | ||
| 141 | connection, the session id of length | ||
| 142 | .Fa length | ||
| 143 | at the memory location | ||
| 144 | .Fa data . | ||
| 145 | With the parameter | ||
| 146 | .Fa copy | ||
| 147 | the callback can require the SSL engine to increment the reference count of the | ||
| 148 | .Vt SSL_SESSION | ||
| 149 | object, | ||
| 150 | Normally the reference count is not incremented and therefore the session must | ||
| 151 | not be explicitly freed with | ||
| 152 | .Xr SSL_SESSION_free 3 . | ||
| 153 | .Sh SEE ALSO | ||
| 154 | .Xr d2i_SSL_SESSION 3 , | ||
| 155 | .Xr ssl 3 , | ||
| 156 | .Xr SSL_CTX_flush_sessions 3 , | ||
| 157 | .Xr SSL_CTX_free 3 , | ||
| 158 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 159 | .Xr SSL_SESSION_free 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_sessions.3 b/src/lib/libssl/doc/SSL_CTX_sessions.3 deleted file mode 100644 index 0d83711205..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_sessions.3 +++ /dev/null | |||
| @@ -1,34 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_sessions.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SESSIONS 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_sessions | ||
| 9 | .Nd access internal session cache | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft struct lhash_st * | ||
| 13 | .Fn SSL_CTX_sessions "SSL_CTX *ctx" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_CTX_sessions | ||
| 16 | returns a pointer to the lhash databases containing the internal session cache | ||
| 17 | for | ||
| 18 | .Fa ctx . | ||
| 19 | .Sh NOTES | ||
| 20 | The sessions in the internal session cache are kept in an | ||
| 21 | .Xr lhash 3 | ||
| 22 | type database. | ||
| 23 | It is possible to directly access this database, e.g., for searching. | ||
| 24 | In parallel, | ||
| 25 | the sessions form a linked list which is maintained separately from the | ||
| 26 | .Xr lhash 3 | ||
| 27 | operations, so that the database must not be modified directly but by using the | ||
| 28 | .Xr SSL_CTX_add_session 3 | ||
| 29 | family of functions. | ||
| 30 | .Sh SEE ALSO | ||
| 31 | .Xr lhash 3 , | ||
| 32 | .Xr ssl 3 , | ||
| 33 | .Xr SSL_CTX_add_session 3 , | ||
| 34 | .Xr SSL_CTX_set_session_cache_mode 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 deleted file mode 100644 index 8ef3c5561e..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 +++ /dev/null | |||
| @@ -1,80 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_CERT_STORE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_cert_store , | ||
| 9 | .Nm SSL_CTX_get_cert_store | ||
| 10 | .Nd manipulate X509 certificate verification storage | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft void | ||
| 14 | .Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store" | ||
| 15 | .Ft X509_STORE * | ||
| 16 | .Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_CTX_set_cert_store | ||
| 19 | setsthe verification storage of | ||
| 20 | .Fa ctx | ||
| 21 | to or replaces it with | ||
| 22 | .Fa store . | ||
| 23 | If another | ||
| 24 | .Vt X509_STORE | ||
| 25 | object is currently set in | ||
| 26 | .Fa ctx , | ||
| 27 | it will be | ||
| 28 | .Xr X509_STORE_free 3 Ns ed. | ||
| 29 | .Pp | ||
| 30 | .Fn SSL_CTX_get_cert_store | ||
| 31 | returns a pointer to the current certificate verification storage. | ||
| 32 | .Sh NOTES | ||
| 33 | In order to verify the certificates presented by the peer, trusted CA | ||
| 34 | certificates must be accessed. | ||
| 35 | These CA certificates are made available via lookup methods, handled inside the | ||
| 36 | .Vt X509_STORE . | ||
| 37 | From the | ||
| 38 | .Vt X509_STORE | ||
| 39 | the | ||
| 40 | .Vt X509_STORE_CTX | ||
| 41 | used when verifying certificates is created. | ||
| 42 | .Pp | ||
| 43 | Typically the trusted certificate store is handled indirectly via using | ||
| 44 | .Xr SSL_CTX_load_verify_locations 3 . | ||
| 45 | Using the | ||
| 46 | .Fn SSL_CTX_set_cert_store | ||
| 47 | and | ||
| 48 | .Fn SSL_CTX_get_cert_store | ||
| 49 | functions it is possible to manipulate the | ||
| 50 | .Vt X509_STORE | ||
| 51 | object beyond the | ||
| 52 | .Xr SSL_CTX_load_verify_locations 3 | ||
| 53 | call. | ||
| 54 | .Pp | ||
| 55 | Currently no detailed documentation on how to use the | ||
| 56 | .Vt X509_STORE | ||
| 57 | object is available. | ||
| 58 | Not all members of the | ||
| 59 | .Vt X509_STORE | ||
| 60 | are used when the verification takes place. | ||
| 61 | So will, for example, the | ||
| 62 | .Fn verify_callback | ||
| 63 | be overridden with the | ||
| 64 | .Fn verify_callback | ||
| 65 | set via the | ||
| 66 | .Xr SSL_CTX_set_verify 3 | ||
| 67 | family of functions. | ||
| 68 | This document must therefore be updated when documentation about the | ||
| 69 | .Vt X509_STORE | ||
| 70 | object and its handling becomes available. | ||
| 71 | .Sh RETURN VALUES | ||
| 72 | .Fn SSL_CTX_set_cert_store | ||
| 73 | does not return diagnostic output. | ||
| 74 | .Pp | ||
| 75 | .Fn SSL_CTX_get_cert_store | ||
| 76 | returns the current setting. | ||
| 77 | .Sh SEE ALSO | ||
| 78 | .Xr ssl 3 , | ||
| 79 | .Xr SSL_CTX_load_verify_locations 3 , | ||
| 80 | .Xr SSL_CTX_set_verify 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3 deleted file mode 100644 index bb242d6929..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_cert_verify_callback.3 +++ /dev/null | |||
| @@ -1,112 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_cert_verify_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_cert_verify_callback | ||
| 9 | .Nd set peer certificate verification procedure | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft void | ||
| 13 | .Fo SSL_CTX_set_cert_verify_callback | ||
| 14 | .Fa "SSL_CTX *ctx" | ||
| 15 | .Fa "int (*callback)(X509_STORE_CTX *, void *)" | ||
| 16 | .Fa "void *arg" | ||
| 17 | .Fc | ||
| 18 | .Sh DESCRIPTION | ||
| 19 | .Fn SSL_CTX_set_cert_verify_callback | ||
| 20 | sets the verification callback function for | ||
| 21 | .Fa ctx . | ||
| 22 | .Vt SSL | ||
| 23 | objects that are created from | ||
| 24 | .Fa ctx | ||
| 25 | inherit the setting valid at the time when | ||
| 26 | .Xr SSL_new 3 | ||
| 27 | is called. | ||
| 28 | .Sh NOTES | ||
| 29 | Whenever a certificate is verified during a SSL/TLS handshake, | ||
| 30 | a verification function is called. | ||
| 31 | If the application does not explicitly specify a verification callback | ||
| 32 | function, the built-in verification function is used. | ||
| 33 | If a verification callback | ||
| 34 | .Fa callback | ||
| 35 | is specified via | ||
| 36 | .Fn SSL_CTX_set_cert_verify_callback , | ||
| 37 | the supplied callback function is called instead. | ||
| 38 | By setting | ||
| 39 | .Fa callback | ||
| 40 | to | ||
| 41 | .Dv NULL , | ||
| 42 | the default behaviour is restored. | ||
| 43 | .Pp | ||
| 44 | When the verification must be performed, | ||
| 45 | .Fa callback | ||
| 46 | will be called with the arguments | ||
| 47 | .Fn callback "X509_STORE_CTX *x509_store_ctx" "void *arg" . | ||
| 48 | The argument | ||
| 49 | .Fa arg | ||
| 50 | is specified by the application when setting | ||
| 51 | .Fa callback . | ||
| 52 | .Pp | ||
| 53 | .Fa callback | ||
| 54 | should return 1 to indicate verification success and 0 to indicate verification | ||
| 55 | failure. | ||
| 56 | If | ||
| 57 | .Dv SSL_VERIFY_PEER | ||
| 58 | is set and | ||
| 59 | .Fa callback | ||
| 60 | returns 0, the handshake will fail. | ||
| 61 | As the verification procedure may allow the connection to continue in case of | ||
| 62 | failure (by always returning 1) the verification result must be set in any case | ||
| 63 | using the | ||
| 64 | .Fa error | ||
| 65 | member of | ||
| 66 | .Fa x509_store_ctx | ||
| 67 | so that the calling application will be informed about the detailed result of | ||
| 68 | the verification procedure! | ||
| 69 | .Pp | ||
| 70 | Within | ||
| 71 | .Fa x509_store_ctx , | ||
| 72 | .Fa callback | ||
| 73 | has access to the | ||
| 74 | .Fa verify_callback | ||
| 75 | function set using | ||
| 76 | .Xr SSL_CTX_set_verify 3 . | ||
| 77 | .Sh WARNINGS | ||
| 78 | Do not mix the verification callback described in this function with the | ||
| 79 | .Fa verify_callback | ||
| 80 | function called during the verification process. | ||
| 81 | The latter is set using the | ||
| 82 | .Xr SSL_CTX_set_verify 3 | ||
| 83 | family of functions. | ||
| 84 | .Pp | ||
| 85 | Providing a complete verification procedure including certificate purpose | ||
| 86 | settings, etc., is a complex task. | ||
| 87 | The built-in procedure is quite powerful and in most cases it should be | ||
| 88 | sufficient to modify its behaviour using the | ||
| 89 | .Fa verify_callback | ||
| 90 | function. | ||
| 91 | .Sh RETURN VALUES | ||
| 92 | .Fn SSL_CTX_set_cert_verify_callback | ||
| 93 | does not provide diagnostic information. | ||
| 94 | .Sh SEE ALSO | ||
| 95 | .Xr ssl 3 , | ||
| 96 | .Xr SSL_CTX_load_verify_locations 3 , | ||
| 97 | .Xr SSL_CTX_set_verify 3 , | ||
| 98 | .Xr SSL_get_verify_result 3 | ||
| 99 | .Sh HISTORY | ||
| 100 | Previous to OpenSSL 0.9.7, the | ||
| 101 | .Fa arg | ||
| 102 | argument to | ||
| 103 | .Fn SSL_CTX_set_cert_verify_callback | ||
| 104 | was ignored, and | ||
| 105 | .Fa callback | ||
| 106 | was called | ||
| 107 | simply as | ||
| 108 | .Ft int | ||
| 109 | .Fn (*callback) "X509_STORE_CTX *" . | ||
| 110 | To compile software written for previous versions of OpenSSL, | ||
| 111 | a dummy argument will have to be added to | ||
| 112 | .Fa callback . | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3 deleted file mode 100644 index e7ce24fb34..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_cipher_list.3 +++ /dev/null | |||
| @@ -1,82 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_CIPHER_LIST 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_cipher_list , | ||
| 9 | .Nm SSL_set_cipher_list | ||
| 10 | .Nd choose list of available SSL_CIPHERs | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft int | ||
| 14 | .Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "const char *str" | ||
| 15 | .Ft int | ||
| 16 | .Fn SSL_set_cipher_list "SSL *ssl" "const char *str" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_CTX_set_cipher_list | ||
| 19 | sets the list of available ciphers for | ||
| 20 | .Fa ctx | ||
| 21 | using the control string | ||
| 22 | .Fa str . | ||
| 23 | The format of the string is described | ||
| 24 | in | ||
| 25 | .Xr openssl 1 . | ||
| 26 | The list of ciphers is inherited by all | ||
| 27 | .Fa ssl | ||
| 28 | objects created from | ||
| 29 | .Fa ctx . | ||
| 30 | .Pp | ||
| 31 | .Fn SSL_set_cipher_list | ||
| 32 | sets the list of ciphers only for | ||
| 33 | .Fa ssl . | ||
| 34 | .Sh NOTES | ||
| 35 | The control string | ||
| 36 | .Fa str | ||
| 37 | should be universally usable and not depend on details of the library | ||
| 38 | configuration (ciphers compiled in). | ||
| 39 | Thus no syntax checking takes place. | ||
| 40 | Items that are not recognized, because the corresponding ciphers are not | ||
| 41 | compiled in or because they are mistyped, are simply ignored. | ||
| 42 | Failure is only flagged if no ciphers could be collected at all. | ||
| 43 | .Pp | ||
| 44 | It should be noted that inclusion of a cipher to be used into the list is a | ||
| 45 | necessary condition. | ||
| 46 | On the client side, the inclusion into the list is also sufficient. | ||
| 47 | On the server side, additional restrictions apply. | ||
| 48 | All ciphers have additional requirements. | ||
| 49 | ADH ciphers don't need a certificate, but DH-parameters must have been set. | ||
| 50 | All other ciphers need a corresponding certificate and key. | ||
| 51 | .Pp | ||
| 52 | A RSA cipher can only be chosen when a RSA certificate is available. | ||
| 53 | RSA export ciphers with a keylength of 512 bits for the RSA key require a | ||
| 54 | temporary 512 bit RSA key, as typically the supplied key has a length of 1024 | ||
| 55 | bits (see | ||
| 56 | .Xr SSL_CTX_set_tmp_rsa_callback 3 ) . | ||
| 57 | RSA ciphers using EDH need a certificate and key and additional DH-parameters | ||
| 58 | (see | ||
| 59 | .Xr SSL_CTX_set_tmp_dh_callback 3 ) . | ||
| 60 | .Pp | ||
| 61 | A DSA cipher can only be chosen when a DSA certificate is available. | ||
| 62 | DSA ciphers always use DH key exchange and therefore need DH-parameters (see | ||
| 63 | .Xr SSL_CTX_set_tmp_dh_callback 3 ) . | ||
| 64 | .Pp | ||
| 65 | When these conditions are not met for any cipher in the list (for example, a | ||
| 66 | client only supports export RSA ciphers with an asymmetric key length of 512 | ||
| 67 | bits and the server is not configured to use temporary RSA keys), the | ||
| 68 | .Dq no shared cipher | ||
| 69 | .Pq Dv SSL_R_NO_SHARED_CIPHER | ||
| 70 | error is generated and the handshake will fail. | ||
| 71 | .Sh RETURN VALUES | ||
| 72 | .Fn SSL_CTX_set_cipher_list | ||
| 73 | and | ||
| 74 | .Fn SSL_set_cipher_list | ||
| 75 | return 1 if any cipher could be selected and 0 on complete failure. | ||
| 76 | .Sh SEE ALSO | ||
| 77 | .Xr ciphers 1 , | ||
| 78 | .Xr ssl 3 , | ||
| 79 | .Xr SSL_CTX_set_tmp_dh_callback 3 , | ||
| 80 | .Xr SSL_CTX_set_tmp_rsa_callback 3 , | ||
| 81 | .Xr SSL_CTX_use_certificate 3 , | ||
| 82 | .Xr SSL_get_ciphers 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3 deleted file mode 100644 index 688c4ac023..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_client_CA_list.3 +++ /dev/null | |||
| @@ -1,132 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_CLIENT_CA_LIST 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_client_CA_list , | ||
| 9 | .Nm SSL_set_client_CA_list , | ||
| 10 | .Nm SSL_CTX_add_client_CA , | ||
| 11 | .Nm SSL_add_client_CA | ||
| 12 | .Nd set list of CAs sent to the client when requesting a client certificate | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft void | ||
| 16 | .Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK_OF(X509_NAME) *list" | ||
| 17 | .Ft void | ||
| 18 | .Fn SSL_set_client_CA_list "SSL *s" "STACK_OF(X509_NAME) *list" | ||
| 19 | .Ft int | ||
| 20 | .Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *cacert" | ||
| 21 | .Ft int | ||
| 22 | .Fn SSL_add_client_CA "SSL *ssl" "X509 *cacert" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_CTX_set_client_CA_list | ||
| 25 | sets the | ||
| 26 | .Fa list | ||
| 27 | of CAs sent to the client when requesting a client certificate for | ||
| 28 | .Fa ctx . | ||
| 29 | .Pp | ||
| 30 | .Fn SSL_set_client_CA_list | ||
| 31 | sets the | ||
| 32 | .Fa list | ||
| 33 | of CAs sent to the client when requesting a client certificate for the chosen | ||
| 34 | .Fa ssl , | ||
| 35 | overriding the setting valid for | ||
| 36 | .Fa ssl Ns 's | ||
| 37 | .Vt SSL_CTX | ||
| 38 | object. | ||
| 39 | .Pp | ||
| 40 | .Fn SSL_CTX_add_client_CA | ||
| 41 | adds the CA name extracted from | ||
| 42 | .Fa cacert | ||
| 43 | to the list of CAs sent to the client when requesting a client certificate for | ||
| 44 | .Fa ctx . | ||
| 45 | .Pp | ||
| 46 | .Fn SSL_add_client_CA | ||
| 47 | adds the CA name extracted from | ||
| 48 | .Fa cacert | ||
| 49 | to the list of CAs sent to the client when requesting a client certificate for | ||
| 50 | the chosen | ||
| 51 | .Fa ssl , | ||
| 52 | overriding the setting valid for | ||
| 53 | .Fa ssl Ns 's | ||
| 54 | .Va SSL_CTX | ||
| 55 | object. | ||
| 56 | .Sh NOTES | ||
| 57 | When a TLS/SSL server requests a client certificate (see | ||
| 58 | .Fn SSL_CTX_set_verify ) , | ||
| 59 | it sends a list of CAs for which it will accept certificates to the client. | ||
| 60 | .Pp | ||
| 61 | This list must explicitly be set using | ||
| 62 | .Fn SSL_CTX_set_client_CA_list | ||
| 63 | for | ||
| 64 | .Fa ctx | ||
| 65 | and | ||
| 66 | .Fn SSL_set_client_CA_list | ||
| 67 | for the specific | ||
| 68 | .Fa ssl . | ||
| 69 | The list specified overrides the previous setting. | ||
| 70 | The CAs listed do not become trusted | ||
| 71 | .Po | ||
| 72 | .Fa list | ||
| 73 | only contains the names, not the complete certificates | ||
| 74 | .Pc ; | ||
| 75 | use | ||
| 76 | .Xr SSL_CTX_load_verify_locations 3 | ||
| 77 | to additionally load them for verification. | ||
| 78 | .Pp | ||
| 79 | If the list of acceptable CAs is compiled in a file, the | ||
| 80 | .Xr SSL_load_client_CA_file 3 | ||
| 81 | function can be used to help importing the necessary data. | ||
| 82 | .Pp | ||
| 83 | .Fn SSL_CTX_add_client_CA | ||
| 84 | and | ||
| 85 | .Fn SSL_add_client_CA | ||
| 86 | can be used to add additional items the list of client CAs. | ||
| 87 | If no list was specified before using | ||
| 88 | .Fn SSL_CTX_set_client_CA_list | ||
| 89 | or | ||
| 90 | .Fn SSL_set_client_CA_list , | ||
| 91 | a new client CA list for | ||
| 92 | .Fa ctx | ||
| 93 | or | ||
| 94 | .Fa ssl | ||
| 95 | (as appropriate) is opened. | ||
| 96 | .Pp | ||
| 97 | These functions are only useful for TLS/SSL servers. | ||
| 98 | .Sh RETURN VALUES | ||
| 99 | .Fn SSL_CTX_set_client_CA_list | ||
| 100 | and | ||
| 101 | .Fn SSL_set_client_CA_list | ||
| 102 | do not return diagnostic information. | ||
| 103 | .Pp | ||
| 104 | .Fn SSL_CTX_add_client_CA | ||
| 105 | and | ||
| 106 | .Fn SSL_add_client_CA | ||
| 107 | have the following return values: | ||
| 108 | .Bl -tag -width Ds | ||
| 109 | .It 0 | ||
| 110 | A failure while manipulating the | ||
| 111 | .Dv STACK_OF Ns | ||
| 112 | .Pq Vt X509_NAME | ||
| 113 | object occurred or the | ||
| 114 | .Vt X509_NAME | ||
| 115 | could not be extracted from | ||
| 116 | .Fa cacert . | ||
| 117 | Check the error stack to find out the reason. | ||
| 118 | .It 1 | ||
| 119 | The operation succeeded. | ||
| 120 | .El | ||
| 121 | .Sh EXAMPLES | ||
| 122 | Scan all certificates in | ||
| 123 | .Fa CAfile | ||
| 124 | and list them as acceptable CAs: | ||
| 125 | .Bd -literal | ||
| 126 | SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); | ||
| 127 | .Ed | ||
| 128 | .Sh SEE ALSO | ||
| 129 | .Xr ssl 3 , | ||
| 130 | .Xr SSL_CTX_load_verify_locations 3 , | ||
| 131 | .Xr SSL_get_client_CA_list 3 , | ||
| 132 | .Xr SSL_load_client_CA_file 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3 deleted file mode 100644 index 7a7d9466d2..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_client_cert_cb.3 +++ /dev/null | |||
| @@ -1,143 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_CLIENT_CERT_CB 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_client_cert_cb , | ||
| 9 | .Nm SSL_CTX_get_client_cert_cb | ||
| 10 | .Nd handle client certificate callback function | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft void | ||
| 14 | .Fo SSL_CTX_set_client_cert_cb | ||
| 15 | .Fa "SSL_CTX *ctx" | ||
| 16 | .Fa "int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)" | ||
| 17 | .Fc | ||
| 18 | .Ft int | ||
| 19 | .Fo "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))" | ||
| 20 | .Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey" | ||
| 21 | .Fc | ||
| 22 | .Ft int | ||
| 23 | .Fn "(*client_cert_cb)" "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey" | ||
| 24 | .Sh DESCRIPTION | ||
| 25 | .Fn SSL_CTX_set_client_cert_cb | ||
| 26 | sets the | ||
| 27 | .Fa client_cert_cb() | ||
| 28 | callback that is called when a client certificate is requested by a server and | ||
| 29 | no certificate was yet set for the SSL object. | ||
| 30 | .Pp | ||
| 31 | When | ||
| 32 | .Fa client_cert_cb | ||
| 33 | is | ||
| 34 | .Dv NULL , | ||
| 35 | no callback function is used. | ||
| 36 | .Pp | ||
| 37 | .Fn SSL_CTX_get_client_cert_cb | ||
| 38 | returns a pointer to the currently set callback function. | ||
| 39 | .Pp | ||
| 40 | .Fn client_cert_cb | ||
| 41 | is the application-defined callback. | ||
| 42 | If it wants to set a certificate, | ||
| 43 | a certificate/private key combination must be set using the | ||
| 44 | .Fa x509 | ||
| 45 | and | ||
| 46 | .Fa pkey | ||
| 47 | arguments and 1 must be returned. | ||
| 48 | The certificate will be installed into | ||
| 49 | .Fa ssl ; | ||
| 50 | see the | ||
| 51 | .Sx NOTES | ||
| 52 | and | ||
| 53 | .Sx BUGS | ||
| 54 | sections. | ||
| 55 | If no certificate should be set, | ||
| 56 | 0 has to be returned and no certificate will be sent. | ||
| 57 | A negative return value will suspend the handshake and the handshake function | ||
| 58 | will return immediately. | ||
| 59 | .Xr SSL_get_error 3 | ||
| 60 | will return | ||
| 61 | .Dv SSL_ERROR_WANT_X509_LOOKUP | ||
| 62 | to indicate that the handshake was suspended. | ||
| 63 | The next call to the handshake function will again lead to the call of | ||
| 64 | .Fa client_cert_cb() . | ||
| 65 | It is the job of the | ||
| 66 | .Fa client_cert_cb() | ||
| 67 | to store information | ||
| 68 | about the state of the last call, if required to continue. | ||
| 69 | .Sh NOTES | ||
| 70 | During a handshake (or renegotiation) | ||
| 71 | a server may request a certificate from the client. | ||
| 72 | A client certificate must only be sent when the server did send the request. | ||
| 73 | .Pp | ||
| 74 | When a certificate has been set using the | ||
| 75 | .Xr SSL_CTX_use_certificate 3 | ||
| 76 | family of functions, | ||
| 77 | it will be sent to the server. | ||
| 78 | The TLS standard requires that only a certificate is sent if it matches the | ||
| 79 | list of acceptable CAs sent by the server. | ||
| 80 | This constraint is violated by the default behavior of the OpenSSL library. | ||
| 81 | Using the callback function it is possible to implement a proper selection | ||
| 82 | routine or to allow a user interaction to choose the certificate to be sent. | ||
| 83 | .Pp | ||
| 84 | If a callback function is defined and no certificate was yet defined for the | ||
| 85 | .Vt SSL | ||
| 86 | object, the callback function will be called. | ||
| 87 | If the callback function returns a certificate, the OpenSSL library | ||
| 88 | will try to load the private key and certificate data into the | ||
| 89 | .Vt SSL | ||
| 90 | object using the | ||
| 91 | .Fn SSL_use_certificate | ||
| 92 | and | ||
| 93 | .Fn SSL_use_private_key | ||
| 94 | functions. | ||
| 95 | Thus it will permanently install the certificate and key for this SSL object. | ||
| 96 | It will not be reset by calling | ||
| 97 | .Xr SSL_clear 3 . | ||
| 98 | If the callback returns no certificate, the OpenSSL library will not send a | ||
| 99 | certificate. | ||
| 100 | .Sh SEE ALSO | ||
| 101 | .Xr ssl 3 , | ||
| 102 | .Xr SSL_clear 3 , | ||
| 103 | .Xr SSL_CTX_add_extra_chain_cert 3 , | ||
| 104 | .Xr SSL_CTX_use_certificate 3 , | ||
| 105 | .Xr SSL_free 3 , | ||
| 106 | .Xr SSL_get_client_CA_list 3 | ||
| 107 | .Sh BUGS | ||
| 108 | The | ||
| 109 | .Fa client_cert_cb() | ||
| 110 | cannot return a complete certificate chain; | ||
| 111 | it can only return one client certificate. | ||
| 112 | If the chain only has a length of 2, | ||
| 113 | the root CA certificate may be omitted according to the TLS standard and | ||
| 114 | thus a standard conforming answer can be sent to the server. | ||
| 115 | For a longer chain, the client must send the complete chain | ||
| 116 | (with the option to leave out the root CA certificate). | ||
| 117 | This can be accomplished only by either adding the intermediate CA certificates | ||
| 118 | into the trusted certificate store for the | ||
| 119 | .Vt SSL_CTX | ||
| 120 | object (resulting in having to add CA certificates that otherwise maybe would | ||
| 121 | not be trusted), or by adding the chain certificates using the | ||
| 122 | .Xr SSL_CTX_add_extra_chain_cert 3 | ||
| 123 | function, which is only available for the | ||
| 124 | .Vt SSL_CTX | ||
| 125 | object as a whole and that therefore probably can only apply for one client | ||
| 126 | certificate, making the concept of the callback function | ||
| 127 | (to allow the choice from several certificates) questionable. | ||
| 128 | .Pp | ||
| 129 | Once the | ||
| 130 | .Vt SSL | ||
| 131 | object has been used in conjunction with the callback function, | ||
| 132 | the certificate will be set for the | ||
| 133 | .Vt SSL | ||
| 134 | object and will not be cleared even when | ||
| 135 | .Xr SSL_clear 3 | ||
| 136 | is called. | ||
| 137 | It is therefore | ||
| 138 | .Em mandatory | ||
| 139 | to destroy the | ||
| 140 | .Vt SSL | ||
| 141 | object using | ||
| 142 | .Xr SSL_free 3 | ||
| 143 | and create a new one to return to the previous state. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3 b/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3 deleted file mode 100644 index ac4d55ae73..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_default_passwd_cb.3 +++ /dev/null | |||
| @@ -1,95 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_default_passwd_cb.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_default_passwd_cb , | ||
| 9 | .Nm SSL_CTX_set_default_passwd_cb_userdata | ||
| 10 | .Nd set passwd callback for encrypted PEM file handling | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft void | ||
| 14 | .Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb" | ||
| 15 | .Ft void | ||
| 16 | .Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *u" | ||
| 17 | .Ft int | ||
| 18 | .Fn pem_passwd_cb "char *buf" "int size" "int rwflag" "void *userdata" | ||
| 19 | .Sh DESCRIPTION | ||
| 20 | .Fn SSL_CTX_set_default_passwd_cb | ||
| 21 | sets the default password callback called when loading/storing a PEM | ||
| 22 | certificate with encryption. | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_CTX_set_default_passwd_cb_userdata | ||
| 25 | sets a pointer to userdata | ||
| 26 | .Fa u | ||
| 27 | which will be provided to the password callback on invocation. | ||
| 28 | .Pp | ||
| 29 | The | ||
| 30 | .Fn pem_passwd_cb , | ||
| 31 | which must be provided by the application, | ||
| 32 | hands back the password to be used during decryption. | ||
| 33 | On invocation a pointer to | ||
| 34 | .Fa userdata | ||
| 35 | is provided. | ||
| 36 | The pem_passwd_cb must write the password into the provided buffer | ||
| 37 | .Fa buf | ||
| 38 | which is of size | ||
| 39 | .Fa size . | ||
| 40 | The actual length of the password must be returned to the calling function. | ||
| 41 | .Fa rwflag | ||
| 42 | indicates whether the callback is used for reading/decryption | ||
| 43 | .Pq Fa rwflag No = 0 | ||
| 44 | or writing/encryption | ||
| 45 | .Pq Fa rwflag No = 1 . | ||
| 46 | .Sh NOTES | ||
| 47 | When loading or storing private keys, a password might be supplied to protect | ||
| 48 | the private key. | ||
| 49 | The way this password can be supplied may depend on the application. | ||
| 50 | If only one private key is handled, it can be practical to have | ||
| 51 | .Fn pem_passwd_cb | ||
| 52 | handle the password dialog interactively. | ||
| 53 | If several keys have to be handled, it can be practical to ask for the password | ||
| 54 | once, then keep it in memory and use it several times. | ||
| 55 | In the last case, the password could be stored into the | ||
| 56 | .Fa userdata | ||
| 57 | storage and the | ||
| 58 | .Fn pem_passwd_cb | ||
| 59 | only returns the password already stored. | ||
| 60 | .Pp | ||
| 61 | When asking for the password interactively, | ||
| 62 | .Fn pem_passwd_cb | ||
| 63 | can use | ||
| 64 | .Fa rwflag | ||
| 65 | to check whether an item shall be encrypted | ||
| 66 | .Pq Fa rwflag No = 1 . | ||
| 67 | In this case the password dialog may ask for the same password twice for | ||
| 68 | comparison in order to catch typos which would make decryption impossible. | ||
| 69 | .Pp | ||
| 70 | Other items in PEM formatting (certificates) can also be encrypted; it is | ||
| 71 | however atypical, as certificate information is considered public. | ||
| 72 | .Sh RETURN VALUES | ||
| 73 | .Fn SSL_CTX_set_default_passwd_cb | ||
| 74 | and | ||
| 75 | .Fn SSL_CTX_set_default_passwd_cb_userdata | ||
| 76 | do not provide diagnostic information. | ||
| 77 | .Sh EXAMPLES | ||
| 78 | The following example returns the password provided as | ||
| 79 | .Fa userdata | ||
| 80 | to the calling function. | ||
| 81 | The password is considered to be a | ||
| 82 | .Sq \e0 | ||
| 83 | terminated string. | ||
| 84 | If the password does not fit into the buffer, the password is truncated. | ||
| 85 | .Bd -literal | ||
| 86 | int pem_passwd_cb(char *buf, int size, int rwflag, void *password) | ||
| 87 | { | ||
| 88 | strncpy(buf, (char *)password, size); | ||
| 89 | buf[size - 1] = '\e0'; | ||
| 90 | return strlen(buf); | ||
| 91 | } | ||
| 92 | .Ed | ||
| 93 | .Sh SEE ALSO | ||
| 94 | .Xr ssl 3 , | ||
| 95 | .Xr SSL_CTX_use_certificate 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3 b/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3 deleted file mode 100644 index 0bea48904e..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_generate_session_id.3 +++ /dev/null | |||
| @@ -1,196 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_generate_session_id.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_GENERATE_SESSION_ID 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_generate_session_id , | ||
| 9 | .Nm SSL_set_generate_session_id , | ||
| 10 | .Nm SSL_has_matching_session_id | ||
| 11 | .Nd manipulate generation of SSL session IDs (server only) | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Bd -literal | ||
| 15 | typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, | ||
| 16 | unsigned int *id_len); | ||
| 17 | .Ed | ||
| 18 | .Ft int | ||
| 19 | .Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb" | ||
| 20 | .Ft int | ||
| 21 | .Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB" "cb);" | ||
| 22 | .Ft int | ||
| 23 | .Fo SSL_has_matching_session_id | ||
| 24 | .Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len" | ||
| 25 | .Fc | ||
| 26 | .Sh DESCRIPTION | ||
| 27 | .Fn SSL_CTX_set_generate_session_id | ||
| 28 | sets the callback function for generating new session ids for SSL/TLS sessions | ||
| 29 | for | ||
| 30 | .Fa ctx | ||
| 31 | to be | ||
| 32 | .Fa cb . | ||
| 33 | .Pp | ||
| 34 | .Fn SSL_set_generate_session_id | ||
| 35 | sets the callback function for generating new session ids for SSL/TLS sessions | ||
| 36 | for | ||
| 37 | .Fa ssl | ||
| 38 | to be | ||
| 39 | .Fa cb . | ||
| 40 | .Pp | ||
| 41 | .Fn SSL_has_matching_session_id | ||
| 42 | checks, whether a session with id | ||
| 43 | .Fa id | ||
| 44 | (of length | ||
| 45 | .Fa id_len ) | ||
| 46 | is already contained in the internal session cache | ||
| 47 | of the parent context of | ||
| 48 | .Fa ssl . | ||
| 49 | .Sh NOTES | ||
| 50 | When a new session is established between client and server, | ||
| 51 | the server generates a session id. | ||
| 52 | The session id is an arbitrary sequence of bytes. | ||
| 53 | The length of the session id is 16 bytes for SSLv2 sessions and between 1 and | ||
| 54 | 32 bytes for SSLv3/TLSv1. | ||
| 55 | The session id is not security critical but must be unique for the server. | ||
| 56 | Additionally, the session id is transmitted in the clear when reusing the | ||
| 57 | session so it must not contain sensitive information. | ||
| 58 | .Pp | ||
| 59 | Without a callback being set, an OpenSSL server will generate a unique session | ||
| 60 | id from pseudo random numbers of the maximum possible length. | ||
| 61 | Using the callback function, the session id can be changed to contain | ||
| 62 | additional information like, e.g., a host id in order to improve load balancing | ||
| 63 | or external caching techniques. | ||
| 64 | .Pp | ||
| 65 | The callback function receives a pointer to the memory location to put | ||
| 66 | .Fa id | ||
| 67 | into and a pointer to the maximum allowed length | ||
| 68 | .Fa id_len . | ||
| 69 | The buffer at location | ||
| 70 | .Fa id | ||
| 71 | is only guaranteed to have the size | ||
| 72 | .Fa id_len . | ||
| 73 | The callback is only allowed to generate a shorter id and reduce | ||
| 74 | .Fa id_len ; | ||
| 75 | the callback | ||
| 76 | .Em must never | ||
| 77 | increase | ||
| 78 | .Fa id_len | ||
| 79 | or write to the location | ||
| 80 | .Fa id | ||
| 81 | exceeding the given limit. | ||
| 82 | .Pp | ||
| 83 | If a SSLv2 session id is generated and | ||
| 84 | .Fa id_len | ||
| 85 | is reduced, it will be restored after the callback has finished and the session | ||
| 86 | id will be padded with 0x00. | ||
| 87 | It is not recommended to change the | ||
| 88 | .Fa id_len | ||
| 89 | for SSLv2 sessions. | ||
| 90 | The callback can use the | ||
| 91 | .Xr SSL_get_version 3 | ||
| 92 | function to check whether the session is of type SSLv2. | ||
| 93 | .Pp | ||
| 94 | The location | ||
| 95 | .Fa id | ||
| 96 | is filled with 0x00 before the callback is called, | ||
| 97 | so the callback may only fill part of the possible length and leave | ||
| 98 | .Fa id_len | ||
| 99 | untouched while maintaining reproducibility. | ||
| 100 | .Pp | ||
| 101 | Since the sessions must be distinguished, session ids must be unique. | ||
| 102 | Without the callback a random number is used, | ||
| 103 | so that the probability of generating the same session id is extremely small | ||
| 104 | (2^128 possible ids for an SSLv2 session, 2^256 for SSLv3/TLSv1). | ||
| 105 | In order to ensure the uniqueness of the generated session id, | ||
| 106 | the callback must call | ||
| 107 | .Fn SSL_has_matching_session_id | ||
| 108 | and generate another id if a conflict occurs. | ||
| 109 | If an id conflict is not resolved, the handshake will fail. | ||
| 110 | If the application codes, e.g., a unique host id, a unique process number, and | ||
| 111 | a unique sequence number into the session id, uniqueness could easily be | ||
| 112 | achieved without randomness added (it should however be taken care that | ||
| 113 | no confidential information is leaked this way). | ||
| 114 | If the application cannot guarantee uniqueness, | ||
| 115 | it is recommended to use the maximum | ||
| 116 | .Fa id_len | ||
| 117 | and fill in the bytes not used to code special information with random data to | ||
| 118 | avoid collisions. | ||
| 119 | .Pp | ||
| 120 | .Fn SSL_has_matching_session_id | ||
| 121 | will only query the internal session cache, not the external one. | ||
| 122 | Since the session id is generated before the handshake is completed, | ||
| 123 | it is not immediately added to the cache. | ||
| 124 | If another thread is using the same internal session cache, | ||
| 125 | a race condition can occur in that another thread generates the same session id. | ||
| 126 | Collisions can also occur when using an external session cache, | ||
| 127 | since the external cache is not tested with | ||
| 128 | .Fn SSL_has_matching_session_id | ||
| 129 | and the same race condition applies. | ||
| 130 | .Pp | ||
| 131 | When calling | ||
| 132 | .Fn SSL_has_matching_session_id | ||
| 133 | for an SSLv2 session with reduced | ||
| 134 | .Fa id_len Ns , | ||
| 135 | the match operation will be performed using the fixed length required and with | ||
| 136 | a 0x00 padded id. | ||
| 137 | .Pp | ||
| 138 | The callback must return 0 if it cannot generate a session id for whatever | ||
| 139 | reason and return 1 on success. | ||
| 140 | .Sh RETURN VALUES | ||
| 141 | .Fn SSL_CTX_set_generate_session_id | ||
| 142 | and | ||
| 143 | .Fn SSL_set_generate_session_id | ||
| 144 | always return 1. | ||
| 145 | .Pp | ||
| 146 | .Fn SSL_has_matching_session_id | ||
| 147 | returns 1 if another session with the same id is already in the cache. | ||
| 148 | .Sh EXAMPLES | ||
| 149 | The callback function listed will generate a session id with the server id | ||
| 150 | given, and will fill the rest with pseudo random bytes: | ||
| 151 | .Bd -literal | ||
| 152 | const char session_id_prefix = "www-18"; | ||
| 153 | |||
| 154 | #define MAX_SESSION_ID_ATTEMPTS 10 | ||
| 155 | static int | ||
| 156 | generate_session_id(const SSL *ssl, unsigned char *id, | ||
| 157 | unsigned int *id_len) | ||
| 158 | { | ||
| 159 | unsigned int count = 0; | ||
| 160 | const char *version; | ||
| 161 | |||
| 162 | version = SSL_get_version(ssl); | ||
| 163 | if (!strcmp(version, "SSLv2")) { | ||
| 164 | /* we must not change id_len */ | ||
| 165 | ; | ||
| 166 | } | ||
| 167 | |||
| 168 | do { | ||
| 169 | RAND_pseudo_bytes(id, *id_len); | ||
| 170 | /* | ||
| 171 | * Prefix the session_id with the required prefix. NB: If | ||
| 172 | * our prefix is too long, clip it \(en but there will be | ||
| 173 | * worse effects anyway, e.g., the server could only | ||
| 174 | * possibly create one session ID (the prefix!) so all | ||
| 175 | * future session negotiations will fail due to conflicts. | ||
| 176 | */ | ||
| 177 | memcpy(id, session_id_prefix, | ||
| 178 | (strlen(session_id_prefix) < *id_len) ? | ||
| 179 | strlen(session_id_prefix) : *id_len); | ||
| 180 | } while (SSL_has_matching_session_id(ssl, id, *id_len) && | ||
| 181 | (++count < MAX_SESSION_ID_ATTEMPTS)); | ||
| 182 | |||
| 183 | if (count >= MAX_SESSION_ID_ATTEMPTS) | ||
| 184 | return 0; | ||
| 185 | return 1; | ||
| 186 | } | ||
| 187 | .Ed | ||
| 188 | .Sh SEE ALSO | ||
| 189 | .Xr ssl 3 , | ||
| 190 | .Xr SSL_get_version 3 | ||
| 191 | .Sh HISTORY | ||
| 192 | .Fn SSL_CTX_set_generate_session_id , | ||
| 193 | .Fn SSL_set_generate_session_id | ||
| 194 | and | ||
| 195 | .Fn SSL_has_matching_session_id | ||
| 196 | were introduced in OpenSSL 0.9.7. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_info_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_info_callback.3 deleted file mode 100644 index 24ee74dda9..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_info_callback.3 +++ /dev/null | |||
| @@ -1,167 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_info_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_INFO_CALLBACK 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_info_callback , | ||
| 9 | .Nm SSL_CTX_get_info_callback , | ||
| 10 | .Nm SSL_set_info_callback , | ||
| 11 | .Nm SSL_get_info_callback | ||
| 12 | .Nd handle information callback for SSL connections | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft void | ||
| 16 | .Fn SSL_CTX_set_info_callback "SSL_CTX *ctx" "void (*callback)()" | ||
| 17 | .Ft void | ||
| 18 | .Fn "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))" | ||
| 19 | .Ft void | ||
| 20 | .Fn SSL_set_info_callback "SSL *ssl" "void (*callback)()" | ||
| 21 | .Ft void | ||
| 22 | .Fn "(*SSL_get_info_callback(const SSL *ssl))" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_CTX_set_info_callback | ||
| 25 | sets the | ||
| 26 | .Fa callback | ||
| 27 | function that can be used to obtain state information for SSL objects created | ||
| 28 | from | ||
| 29 | .Fa ctx | ||
| 30 | during connection setup and use. | ||
| 31 | The setting for | ||
| 32 | .Fa ctx | ||
| 33 | is overridden from the setting for a specific SSL object, if specified. | ||
| 34 | When | ||
| 35 | .Fa callback | ||
| 36 | is | ||
| 37 | .Dv NULL , | ||
| 38 | no callback function is used. | ||
| 39 | .Pp | ||
| 40 | .Fn SSL_set_info_callback | ||
| 41 | sets the | ||
| 42 | .Fa callback | ||
| 43 | function that can be used to | ||
| 44 | obtain state information for | ||
| 45 | .Fa ssl | ||
| 46 | during connection setup and use. | ||
| 47 | When | ||
| 48 | .Fa callback | ||
| 49 | is | ||
| 50 | .Dv NULL , | ||
| 51 | the callback setting currently valid for | ||
| 52 | .Fa ctx | ||
| 53 | is used. | ||
| 54 | .Pp | ||
| 55 | .Fn SSL_CTX_get_info_callback | ||
| 56 | returns a pointer to the currently set information callback function for | ||
| 57 | .Fa ctx . | ||
| 58 | .Pp | ||
| 59 | .Fn SSL_get_info_callback | ||
| 60 | returns a pointer to the currently set information callback function for | ||
| 61 | .Fa ssl . | ||
| 62 | .Sh NOTES | ||
| 63 | When setting up a connection and during use, | ||
| 64 | it is possible to obtain state information from the SSL/TLS engine. | ||
| 65 | When set, an information callback function is called whenever the state changes, | ||
| 66 | an alert appears, or an error occurs. | ||
| 67 | .Pp | ||
| 68 | The callback function is called as | ||
| 69 | .Fn callback "SSL *ssl" "int where" "int ret" . | ||
| 70 | The | ||
| 71 | .Fa where | ||
| 72 | argument specifies information about where (in which context) | ||
| 73 | the callback function was called. | ||
| 74 | If | ||
| 75 | .Fa ret | ||
| 76 | is 0, an error condition occurred. | ||
| 77 | If an alert is handled, | ||
| 78 | .Dv SSL_CB_ALERT | ||
| 79 | is set and | ||
| 80 | .Fa ret | ||
| 81 | specifies the alert information. | ||
| 82 | .Pp | ||
| 83 | .Fa where | ||
| 84 | is a bitmask made up of the following bits: | ||
| 85 | .Bl -tag -width Ds | ||
| 86 | .It Dv SSL_CB_LOOP | ||
| 87 | Callback has been called to indicate state change inside a loop. | ||
| 88 | .It Dv SSL_CB_EXIT | ||
| 89 | Callback has been called to indicate error exit of a handshake function. | ||
| 90 | (May be soft error with retry option for non-blocking setups.) | ||
| 91 | .It Dv SSL_CB_READ | ||
| 92 | Callback has been called during read operation. | ||
| 93 | .It Dv SSL_CB_WRITE | ||
| 94 | Callback has been called during write operation. | ||
| 95 | .It Dv SSL_CB_ALERT | ||
| 96 | Callback has been called due to an alert being sent or received. | ||
| 97 | .It Dv SSL_CB_READ_ALERT | ||
| 98 | .It Dv SSL_CB_WRITE_ALERT | ||
| 99 | .It Dv SSL_CB_ACCEPT_LOOP | ||
| 100 | .It Dv SSL_CB_ACCEPT_EXIT | ||
| 101 | .It Dv SSL_CB_CONNECT_LOOP | ||
| 102 | .It Dv SSL_CB_CONNECT_EXIT | ||
| 103 | .It Dv SSL_CB_HANDSHAKE_START | ||
| 104 | Callback has been called because a new handshake is started. | ||
| 105 | .It Dv SSL_CB_HANDSHAKE_DONE | ||
| 106 | Callback has been called because a handshake is finished. | ||
| 107 | .El | ||
| 108 | .Pp | ||
| 109 | The current state information can be obtained using the | ||
| 110 | .Xr SSL_state_string 3 | ||
| 111 | family of functions. | ||
| 112 | .Pp | ||
| 113 | The | ||
| 114 | .Fa ret | ||
| 115 | information can be evaluated using the | ||
| 116 | .Xr SSL_alert_type_string 3 | ||
| 117 | family of functions. | ||
| 118 | .Sh RETURN VALUES | ||
| 119 | .Fn SSL_set_info_callback | ||
| 120 | does not provide diagnostic information. | ||
| 121 | .Pp | ||
| 122 | .Fn SSL_get_info_callback | ||
| 123 | returns the current setting. | ||
| 124 | .Sh EXAMPLES | ||
| 125 | The following example callback function prints state strings, | ||
| 126 | information about alerts being handled and error messages to the | ||
| 127 | .Va bio_err | ||
| 128 | .Vt BIO . | ||
| 129 | .Bd -literal | ||
| 130 | void | ||
| 131 | apps_ssl_info_callback(SSL *s, int where, int ret) | ||
| 132 | { | ||
| 133 | const char *str; | ||
| 134 | int w; | ||
| 135 | |||
| 136 | w = where & ~SSL_ST_MASK; | ||
| 137 | |||
| 138 | if (w & SSL_ST_CONNECT) | ||
| 139 | str = "SSL_connect"; | ||
| 140 | else if (w & SSL_ST_ACCEPT) | ||
| 141 | str = "SSL_accept"; | ||
| 142 | else | ||
| 143 | str = "undefined"; | ||
| 144 | |||
| 145 | if (where & SSL_CB_LOOP) { | ||
| 146 | BIO_printf(bio_err, "%s:%s\en", str, | ||
| 147 | SSL_state_string_long(s)); | ||
| 148 | } else if (where & SSL_CB_ALERT) { | ||
| 149 | str = (where & SSL_CB_READ) ? "read" : "write"; | ||
| 150 | BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, | ||
| 151 | SSL_alert_type_string_long(ret), | ||
| 152 | SSL_alert_desc_string_long(ret)); | ||
| 153 | } else if (where & SSL_CB_EXIT) { | ||
| 154 | if (ret == 0) | ||
| 155 | BIO_printf(bio_err, "%s:failed in %s\en", | ||
| 156 | str, SSL_state_string_long(s)); | ||
| 157 | else if (ret < 0) { | ||
| 158 | BIO_printf(bio_err, "%s:error in %s\en", | ||
| 159 | str, SSL_state_string_long(s)); | ||
| 160 | } | ||
| 161 | } | ||
| 162 | } | ||
| 163 | .Ed | ||
| 164 | .Sh SEE ALSO | ||
| 165 | .Xr ssl 3 , | ||
| 166 | .Xr SSL_alert_type_string 3 , | ||
| 167 | .Xr SSL_state_string 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3 b/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3 deleted file mode 100644 index 771b49a0b2..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_max_cert_list.3 +++ /dev/null | |||
| @@ -1,105 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_MAX_CERT_LIST 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_max_cert_list , | ||
| 9 | .Nm SSL_CTX_get_max_cert_list , | ||
| 10 | .Nm SSL_set_max_cert_list , | ||
| 11 | .Nm SSL_get_max_cert_list | ||
| 12 | .Nd manipulate allowed size for the peer's certificate chain | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft long | ||
| 16 | .Fn SSL_CTX_set_max_cert_list "SSL_CTX *ctx" "long size" | ||
| 17 | .Ft long | ||
| 18 | .Fn SSL_CTX_get_max_cert_list "SSL_CTX *ctx" | ||
| 19 | .Ft long | ||
| 20 | .Fn SSL_set_max_cert_list "SSL *ssl" "long size" | ||
| 21 | .Ft long | ||
| 22 | .Fn SSL_get_max_cert_list "SSL *ctx" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_CTX_set_max_cert_list | ||
| 25 | sets the maximum size allowed for the peer's certificate chain for all | ||
| 26 | .Vt SSL | ||
| 27 | objects created from | ||
| 28 | .Fa ctx | ||
| 29 | to be | ||
| 30 | .Fa size | ||
| 31 | bytes. | ||
| 32 | The | ||
| 33 | .Vt SSL | ||
| 34 | objects inherit the setting valid for | ||
| 35 | .Fa ctx | ||
| 36 | at the time | ||
| 37 | .Xr SSL_new 3 | ||
| 38 | is being called. | ||
| 39 | .Pp | ||
| 40 | .Fn SSL_CTX_get_max_cert_list | ||
| 41 | returns the currently set maximum size for | ||
| 42 | .Fa ctx . | ||
| 43 | .Pp | ||
| 44 | .Fn SSL_set_max_cert_list | ||
| 45 | sets the maximum size allowed for the peer's certificate chain for | ||
| 46 | .Fa ssl | ||
| 47 | to be | ||
| 48 | .Fa size | ||
| 49 | bytes. | ||
| 50 | This setting stays valid until a new value is set. | ||
| 51 | .Pp | ||
| 52 | .Fn SSL_get_max_cert_list | ||
| 53 | returns the currently set maximum size for | ||
| 54 | .Fa ssl . | ||
| 55 | .Sh NOTES | ||
| 56 | During the handshake process, the peer may send a certificate chain. | ||
| 57 | The TLS/SSL standard does not give any maximum size of the certificate chain. | ||
| 58 | The OpenSSL library handles incoming data by a dynamically allocated buffer. | ||
| 59 | In order to prevent this buffer from growing without bound due to data | ||
| 60 | received from a faulty or malicious peer, a maximum size for the certificate | ||
| 61 | chain is set. | ||
| 62 | .Pp | ||
| 63 | The default value for the maximum certificate chain size is 100kB (30kB | ||
| 64 | on the 16bit DOS platform). | ||
| 65 | This should be sufficient for usual certificate chains | ||
| 66 | (OpenSSL's default maximum chain length is 10, see | ||
| 67 | .Xr SSL_CTX_set_verify 3 , | ||
| 68 | and certificates without special extensions have a typical size of 1-2kB). | ||
| 69 | .Pp | ||
| 70 | For special applications it can be necessary to extend the maximum certificate | ||
| 71 | chain size allowed to be sent by the peer. | ||
| 72 | See for example the work on | ||
| 73 | .%T "Internet X.509 Public Key Infrastructure Proxy Certificate Profile" | ||
| 74 | and | ||
| 75 | .%T "TLS Delegation Protocol" | ||
| 76 | at | ||
| 77 | .Lk http://www.ietf.org/ | ||
| 78 | and | ||
| 79 | .Lk http://www.globus.org/ . | ||
| 80 | .Pp | ||
| 81 | Under normal conditions it should never be necessary to set a value smaller | ||
| 82 | than the default, as the buffer is handled dynamically and only uses the | ||
| 83 | memory actually required by the data sent by the peer. | ||
| 84 | .Pp | ||
| 85 | If the maximum certificate chain size allowed is exceeded, the handshake will | ||
| 86 | fail with a | ||
| 87 | .Dv SSL_R_EXCESSIVE_MESSAGE_SIZE | ||
| 88 | error. | ||
| 89 | .Sh RETURN VALUES | ||
| 90 | .Fn SSL_CTX_set_max_cert_list | ||
| 91 | and | ||
| 92 | .Fn SSL_set_max_cert_list | ||
| 93 | return the previously set value. | ||
| 94 | .Pp | ||
| 95 | .Fn SSL_CTX_get_max_cert_list | ||
| 96 | and | ||
| 97 | .Fn SSL_get_max_cert_list | ||
| 98 | return the currently set value. | ||
| 99 | .Sh SEE ALSO | ||
| 100 | .Xr ssl 3 , | ||
| 101 | .Xr SSL_CTX_set_verify 3 , | ||
| 102 | .Xr SSL_new 3 | ||
| 103 | .Sh HISTORY | ||
| 104 | .Fn SSL*_set/get_max_cert_list | ||
| 105 | were introduced in OpenSSL 0.9.7. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_mode.3 b/src/lib/libssl/doc/SSL_CTX_set_mode.3 deleted file mode 100644 index 2a3fcd5531..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_mode.3 +++ /dev/null | |||
| @@ -1,126 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_MODE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_mode , | ||
| 9 | .Nm SSL_set_mode , | ||
| 10 | .Nm SSL_CTX_get_mode , | ||
| 11 | .Nm SSL_get_mode | ||
| 12 | .Nd manipulate SSL engine mode | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft long | ||
| 16 | .Fn SSL_CTX_set_mode "SSL_CTX *ctx" "long mode" | ||
| 17 | .Ft long | ||
| 18 | .Fn SSL_set_mode "SSL *ssl" "long mode" | ||
| 19 | .Ft long | ||
| 20 | .Fn SSL_CTX_get_mode "SSL_CTX *ctx" | ||
| 21 | .Ft long | ||
| 22 | .Fn SSL_get_mode "SSL *ssl" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_CTX_set_mode | ||
| 25 | adds the mode set via bitmask in | ||
| 26 | .Fa mode | ||
| 27 | to | ||
| 28 | .Fa ctx . | ||
| 29 | Options already set before are not cleared. | ||
| 30 | .Pp | ||
| 31 | .Fn SSL_set_mode | ||
| 32 | adds the mode set via bitmask in | ||
| 33 | .Fa mode | ||
| 34 | to | ||
| 35 | .Fa ssl . | ||
| 36 | Options already set before are not cleared. | ||
| 37 | .Pp | ||
| 38 | .Fn SSL_CTX_get_mode | ||
| 39 | returns the mode set for | ||
| 40 | .Fa ctx . | ||
| 41 | .Pp | ||
| 42 | .Fn SSL_get_mode | ||
| 43 | returns the mode set for | ||
| 44 | .Fa ssl . | ||
| 45 | .Sh NOTES | ||
| 46 | The following mode changes are available: | ||
| 47 | .Bl -tag -width Ds | ||
| 48 | .It Dv SSL_MODE_ENABLE_PARTIAL_WRITE | ||
| 49 | Allow | ||
| 50 | .Fn SSL_write ... n | ||
| 51 | to return | ||
| 52 | .Ms r | ||
| 53 | with | ||
| 54 | .EQ | ||
| 55 | 0 < r < n | ||
| 56 | .EN | ||
| 57 | (i.e., report success when just a single record has been written). | ||
| 58 | When not set (the default), | ||
| 59 | .Xr SSL_write 3 | ||
| 60 | will only report success once the complete chunk was written. | ||
| 61 | Once | ||
| 62 | .Xr SSL_write 3 | ||
| 63 | returns with | ||
| 64 | .Ms r , | ||
| 65 | .Ms r | ||
| 66 | bytes have been successfully written and the next call to | ||
| 67 | .Xr SSL_write 3 | ||
| 68 | must only send the | ||
| 69 | .Ms n \(mi r | ||
| 70 | bytes left, imitating the behaviour of | ||
| 71 | .Xr write 2 . | ||
| 72 | .It Dv SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | ||
| 73 | Make it possible to retry | ||
| 74 | .Xr SSL_write 3 | ||
| 75 | with changed buffer location (the buffer contents must stay the same). | ||
| 76 | This is not the default to avoid the misconception that non-blocking | ||
| 77 | .Xr SSL_write 3 | ||
| 78 | behaves like non-blocking | ||
| 79 | .Xr write 2 . | ||
| 80 | .It Dv SSL_MODE_AUTO_RETRY | ||
| 81 | Never bother the application with retries if the transport is blocking. | ||
| 82 | If a renegotiation take place during normal operation, a | ||
| 83 | .Xr SSL_read 3 | ||
| 84 | or | ||
| 85 | .Xr SSL_write 3 | ||
| 86 | would return | ||
| 87 | with \(mi1 and indicate the need to retry with | ||
| 88 | .Dv SSL_ERROR_WANT_READ . | ||
| 89 | In a non-blocking environment applications must be prepared to handle | ||
| 90 | incomplete read/write operations. | ||
| 91 | In a blocking environment, applications are not always prepared to deal with | ||
| 92 | read/write operations returning without success report. | ||
| 93 | The flag | ||
| 94 | .Dv SSL_MODE_AUTO_RETRY | ||
| 95 | will cause read/write operations to only return after the handshake and | ||
| 96 | successful completion. | ||
| 97 | .It Dv SSL_MODE_RELEASE_BUFFERS | ||
| 98 | When we no longer need a read buffer or a write buffer for a given | ||
| 99 | .Vt SSL , | ||
| 100 | then release the memory we were using to hold it. | ||
| 101 | Released memory is either appended to a list of unused RAM chunks on the | ||
| 102 | .Vt SSL_CTX , | ||
| 103 | or simply freed if the list of unused chunks would become longer than | ||
| 104 | .Va "SSL_CTX->freelist_max_len" , | ||
| 105 | which defaults to 32. | ||
| 106 | Using this flag can save around 34k per idle SSL connection. | ||
| 107 | This flag has no effect on SSL v2 connections, or on DTLS connections. | ||
| 108 | .El | ||
| 109 | .Sh RETURN VALUES | ||
| 110 | .Fn SSL_CTX_set_mode | ||
| 111 | and | ||
| 112 | .Fn SSL_set_mode | ||
| 113 | return the new mode bitmask after adding | ||
| 114 | .Fa mode . | ||
| 115 | .Pp | ||
| 116 | .Fn SSL_CTX_get_mode | ||
| 117 | and | ||
| 118 | .Fn SSL_get_mode | ||
| 119 | return the current bitmask. | ||
| 120 | .Sh SEE ALSO | ||
| 121 | .Xr ssl 3 , | ||
| 122 | .Xr SSL_read 3 , | ||
| 123 | .Xr SSL_write 3 | ||
| 124 | .Sh HISTORY | ||
| 125 | .Dv SSL_MODE_AUTO_RETRY | ||
| 126 | was added in OpenSSL 0.9.6. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3 deleted file mode 100644 index 6589306fd4..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_msg_callback.3 +++ /dev/null | |||
| @@ -1,135 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_msg_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_MSG_CALLBACK 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_msg_callback , | ||
| 9 | .Nm SSL_CTX_set_msg_callback_arg , | ||
| 10 | .Nm SSL_set_msg_callback , | ||
| 11 | .Nm SSL_get_msg_callback_arg | ||
| 12 | .Nd install callback for observing protocol messages | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft void | ||
| 16 | .Fo SSL_CTX_set_msg_callback | ||
| 17 | .Fa "SSL_CTX *ctx" | ||
| 18 | .Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" | ||
| 19 | .Fc | ||
| 20 | .Ft void | ||
| 21 | .Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg" | ||
| 22 | .Ft void | ||
| 23 | .Fo SSL_set_msg_callback | ||
| 24 | .Fa "SSL *ssl" | ||
| 25 | .Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" | ||
| 26 | .Fc | ||
| 27 | .Ft void | ||
| 28 | .Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg" | ||
| 29 | .Sh DESCRIPTION | ||
| 30 | .Fn SSL_CTX_set_msg_callback | ||
| 31 | or | ||
| 32 | .Fn SSL_set_msg_callback | ||
| 33 | can be used to define a message callback function | ||
| 34 | .Fa cb | ||
| 35 | for observing all SSL/TLS protocol messages (such as handshake messages) | ||
| 36 | that are received or sent. | ||
| 37 | .Fn SSL_CTX_set_msg_callback_arg | ||
| 38 | and | ||
| 39 | .Fn SSL_set_msg_callback_arg | ||
| 40 | can be used to set argument | ||
| 41 | .Fa arg | ||
| 42 | to the callback function, which is available for arbitrary application use. | ||
| 43 | .Pp | ||
| 44 | .Fn SSL_CTX_set_msg_callback | ||
| 45 | and | ||
| 46 | .Fn SSL_CTX_set_msg_callback_arg | ||
| 47 | specify default settings that will be copied to new | ||
| 48 | .Vt SSL | ||
| 49 | objects by | ||
| 50 | .Xr SSL_new 3 . | ||
| 51 | .Fn SSL_set_msg_callback | ||
| 52 | and | ||
| 53 | .Fn SSL_set_msg_callback_arg | ||
| 54 | modify the actual settings of an | ||
| 55 | .Vt SSL | ||
| 56 | object. | ||
| 57 | Using a | ||
| 58 | .Dv NULL | ||
| 59 | pointer for | ||
| 60 | .Fa cb | ||
| 61 | disables the message callback. | ||
| 62 | .Pp | ||
| 63 | When | ||
| 64 | .Fa cb | ||
| 65 | is called by the SSL/TLS library for a protocol message, | ||
| 66 | the function arguments have the following meaning: | ||
| 67 | .Bl -tag -width Ds | ||
| 68 | .It Fa write_p | ||
| 69 | This flag is 0 when a protocol message has been received and 1 when a protocol | ||
| 70 | message has been sent. | ||
| 71 | .It Fa version | ||
| 72 | The protocol version according to which the protocol message is | ||
| 73 | interpreted by the library. | ||
| 74 | Currently, this is one of | ||
| 75 | .Dv SSL2_VERSION , | ||
| 76 | .Dv SSL3_VERSION | ||
| 77 | and | ||
| 78 | .Dv TLS1_VERSION | ||
| 79 | (for SSL 2.0, SSL 3.0 and TLS 1.0, respectively). | ||
| 80 | .It Fa content_type | ||
| 81 | In the case of SSL 2.0, this is always 0. | ||
| 82 | In the case of SSL 3.0 or TLS 1.0, this is one of the | ||
| 83 | .Em ContentType | ||
| 84 | values defined in the protocol specification | ||
| 85 | .Po | ||
| 86 | .Dq change_cipher_spec(20) , | ||
| 87 | .Dq alert(21) , | ||
| 88 | .Dq handshake(22) ; | ||
| 89 | but never | ||
| 90 | .Dq application_data(23) | ||
| 91 | because the callback will only be called for protocol messages. | ||
| 92 | .Pc | ||
| 93 | .It Fa buf , Fa len | ||
| 94 | .Fa buf | ||
| 95 | points to a buffer containing the protocol message, which consists of | ||
| 96 | .Fa len | ||
| 97 | bytes. | ||
| 98 | The buffer is no longer valid after the callback function has returned. | ||
| 99 | .It Fa ssl | ||
| 100 | The | ||
| 101 | .Vt SSL | ||
| 102 | object that received or sent the message. | ||
| 103 | .It Fa arg | ||
| 104 | The user-defined argument optionally defined by | ||
| 105 | .Fn SSL_CTX_set_msg_callback_arg | ||
| 106 | or | ||
| 107 | .Fn SSL_set_msg_callback_arg . | ||
| 108 | .El | ||
| 109 | .Sh NOTES | ||
| 110 | Protocol messages are passed to the callback function after decryption | ||
| 111 | and fragment collection where applicable. | ||
| 112 | (Thus record boundaries are not visible.) | ||
| 113 | .Pp | ||
| 114 | If processing a received protocol message results in an error, | ||
| 115 | the callback function may not be called. | ||
| 116 | For example, the callback function will never see messages that are considered | ||
| 117 | too large to be processed. | ||
| 118 | .Pp | ||
| 119 | Due to automatic protocol version negotiation, | ||
| 120 | .Fa version | ||
| 121 | is not necessarily the protocol version used by the sender of the message: | ||
| 122 | If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, | ||
| 123 | .Fa version | ||
| 124 | will be | ||
| 125 | .Dv SSL3_VERSION . | ||
| 126 | .Sh SEE ALSO | ||
| 127 | .Xr ssl 3 , | ||
| 128 | .Xr SSL_new 3 | ||
| 129 | .Sh HISTORY | ||
| 130 | .Fn SSL_CTX_set_msg_callback , | ||
| 131 | .Fn SSL_CTX_set_msg_callback_arg , | ||
| 132 | .Fn SSL_set_msg_callback | ||
| 133 | and | ||
| 134 | .Fn SSL_get_msg_callback_arg | ||
| 135 | were added in OpenSSL 0.9.7. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3 deleted file mode 100644 index 6036dcdb2d..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_options.3 +++ /dev/null | |||
| @@ -1,387 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_options , | ||
| 9 | .Nm SSL_set_options , | ||
| 10 | .Nm SSL_CTX_clear_options , | ||
| 11 | .Nm SSL_clear_options , | ||
| 12 | .Nm SSL_CTX_get_options , | ||
| 13 | .Nm SSL_get_options , | ||
| 14 | .Nm SSL_get_secure_renegotiation_support | ||
| 15 | .Nd manipulate SSL options | ||
| 16 | .Sh SYNOPSIS | ||
| 17 | .In openssl/ssl.h | ||
| 18 | .Ft long | ||
| 19 | .Fn SSL_CTX_set_options "SSL_CTX *ctx" "long options" | ||
| 20 | .Ft long | ||
| 21 | .Fn SSL_set_options "SSL *ssl" "long options" | ||
| 22 | .Ft long | ||
| 23 | .Fn SSL_CTX_clear_options "SSL_CTX *ctx" "long options" | ||
| 24 | .Ft long | ||
| 25 | .Fn SSL_clear_options "SSL *ssl" "long options" | ||
| 26 | .Ft long | ||
| 27 | .Fn SSL_CTX_get_options "SSL_CTX *ctx" | ||
| 28 | .Ft long | ||
| 29 | .Fn SSL_get_options "SSL *ssl" | ||
| 30 | .Ft long | ||
| 31 | .Fn SSL_get_secure_renegotiation_support "SSL *ssl" | ||
| 32 | .Sh DESCRIPTION | ||
| 33 | Note: all these functions are implemented using macros. | ||
| 34 | .Pp | ||
| 35 | .Fn SSL_CTX_set_options | ||
| 36 | adds the options set via bitmask in | ||
| 37 | .Fa options | ||
| 38 | to | ||
| 39 | .Fa ctx . | ||
| 40 | Options already set before are not cleared! | ||
| 41 | .Pp | ||
| 42 | .Fn SSL_set_options | ||
| 43 | adds the options set via bitmask in | ||
| 44 | .Fa options | ||
| 45 | to | ||
| 46 | .Fa ssl . | ||
| 47 | Options already set before are not cleared! | ||
| 48 | .Pp | ||
| 49 | .Fn SSL_CTX_clear_options | ||
| 50 | clears the options set via bitmask in | ||
| 51 | .Fa options | ||
| 52 | to | ||
| 53 | .Fa ctx . | ||
| 54 | .Pp | ||
| 55 | .Fn SSL_clear_options | ||
| 56 | clears the options set via bitmask in | ||
| 57 | .Fa options | ||
| 58 | to | ||
| 59 | .Fa ssl . | ||
| 60 | .Pp | ||
| 61 | .Fn SSL_CTX_get_options | ||
| 62 | returns the options set for | ||
| 63 | .Fa ctx . | ||
| 64 | .Pp | ||
| 65 | .Fn SSL_get_options | ||
| 66 | returns the options set for | ||
| 67 | .Fa ssl . | ||
| 68 | .Pp | ||
| 69 | .Fn SSL_get_secure_renegotiation_support | ||
| 70 | indicates whether the peer supports secure renegotiation. | ||
| 71 | .Sh NOTES | ||
| 72 | The behaviour of the SSL library can be changed by setting several options. | ||
| 73 | The options are coded as bitmasks and can be combined by a bitwise OR | ||
| 74 | operation (|). | ||
| 75 | .Pp | ||
| 76 | .Fn SSL_CTX_set_options | ||
| 77 | and | ||
| 78 | .Fn SSL_set_options | ||
| 79 | affect the (external) protocol behaviour of the SSL library. | ||
| 80 | The (internal) behaviour of the API can be changed by using the similar | ||
| 81 | .Xr SSL_CTX_set_mode 3 | ||
| 82 | and | ||
| 83 | .Xr SSL_set_mode 3 | ||
| 84 | functions. | ||
| 85 | .Pp | ||
| 86 | During a handshake, the option settings of the SSL object are used. | ||
| 87 | When a new SSL object is created from a context using | ||
| 88 | .Xr SSL_new 3 , | ||
| 89 | the current option setting is copied. | ||
| 90 | Changes to | ||
| 91 | .Fa ctx | ||
| 92 | do not affect already created | ||
| 93 | .Vt SSL | ||
| 94 | objects. | ||
| 95 | .Fn SSL_clear | ||
| 96 | does not affect the settings. | ||
| 97 | .Pp | ||
| 98 | The following | ||
| 99 | .Em bug workaround | ||
| 100 | options are available: | ||
| 101 | .Bl -tag -width Ds | ||
| 102 | .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG | ||
| 103 | .Lk www.microsoft.com | ||
| 104 | \(en when talking SSLv2, if session-id reuse is performed, | ||
| 105 | the session-id passed back in the server-finished message is different from the | ||
| 106 | one decided upon. | ||
| 107 | .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG | ||
| 108 | Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but | ||
| 109 | then appears to only use 16 bytes when generating the encryption keys. | ||
| 110 | Using 16 bytes is ok but it should be ok to use 32. | ||
| 111 | According to the SSLv3 spec, one should use 32 bytes for the challenge when | ||
| 112 | operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks | ||
| 113 | this server so 16 bytes is the way to go. | ||
| 114 | .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG | ||
| 115 | As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. | ||
| 116 | .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG | ||
| 117 | \&... | ||
| 118 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | ||
| 119 | \&... | ||
| 120 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG | ||
| 121 | Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. | ||
| 122 | OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. | ||
| 123 | .It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG | ||
| 124 | \&... | ||
| 125 | .It Dv SSL_OP_TLS_D5_BUG | ||
| 126 | \&... | ||
| 127 | .It Dv SSL_OP_TLS_BLOCK_PADDING_BUG | ||
| 128 | \&... | ||
| 129 | .It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | ||
| 130 | Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability | ||
| 131 | affecting CBC ciphers, which cannot be handled by some broken SSL | ||
| 132 | implementations. | ||
| 133 | This option has no effect for connections using other ciphers. | ||
| 134 | .It Dv SSL_OP_TLSEXT_PADDING | ||
| 135 | Adds a padding extension to ensure the ClientHello size is never between 256 | ||
| 136 | and 511 bytes in length. | ||
| 137 | This is needed as a workaround for some implementations. | ||
| 138 | .It Dv SSL_OP_ALL | ||
| 139 | All of the above bug workarounds. | ||
| 140 | .El | ||
| 141 | .Pp | ||
| 142 | It is usually safe to use | ||
| 143 | .Dv SSL_OP_ALL | ||
| 144 | to enable the bug workaround options if compatibility with somewhat broken | ||
| 145 | implementations is desired. | ||
| 146 | .Pp | ||
| 147 | The following | ||
| 148 | .Em modifying | ||
| 149 | options are available: | ||
| 150 | .Bl -tag -width Ds | ||
| 151 | .It Dv SSL_OP_TLS_ROLLBACK_BUG | ||
| 152 | Disable version rollback attack detection. | ||
| 153 | .Pp | ||
| 154 | During the client key exchange, the client must send the same information | ||
| 155 | about acceptable SSL/TLS protocol levels as during the first hello. | ||
| 156 | Some clients violate this rule by adapting to the server's answer. | ||
| 157 | (Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, | ||
| 158 | the server only understands up to SSLv3. | ||
| 159 | In this case the client must still use the same SSLv3.1=TLSv1 announcement. | ||
| 160 | Some clients step down to SSLv3 with respect to the server's answer and violate | ||
| 161 | the version rollback protection.) | ||
| 162 | .It Dv SSL_OP_SINGLE_DH_USE | ||
| 163 | Always create a new key when using temporary/ephemeral DH parameters | ||
| 164 | (see | ||
| 165 | .Xr SSL_CTX_set_tmp_dh_callback 3 ) . | ||
| 166 | This option must be used to prevent small subgroup attacks, when the DH | ||
| 167 | parameters were not generated using | ||
| 168 | .Dq strong | ||
| 169 | primes (e.g., when using DSA-parameters, see | ||
| 170 | .Xr openssl 1 ) . | ||
| 171 | If | ||
| 172 | .Dq strong | ||
| 173 | primes were used, it is not strictly necessary to generate a new DH key during | ||
| 174 | each handshake but it is also recommended. | ||
| 175 | .Dv SSL_OP_SINGLE_DH_USE | ||
| 176 | should therefore be enabled whenever temporary/ephemeral DH parameters are used. | ||
| 177 | .It SSL_OP_EPHEMERAL_RSA | ||
| 178 | Always use ephemeral (temporary) RSA key when doing RSA operations (see | ||
| 179 | .Xr SSL_CTX_set_tmp_rsa_callback 3 ) . | ||
| 180 | According to the specifications, this is only done when a RSA key can only be | ||
| 181 | used for signature operations (namely under export ciphers with restricted RSA | ||
| 182 | keylength). | ||
| 183 | By setting this option, ephemeral RSA keys are always used. | ||
| 184 | This option breaks compatibility with the SSL/TLS specifications and may lead | ||
| 185 | to interoperability problems with clients and should therefore never be used. | ||
| 186 | Ciphers with EDH (ephemeral Diffie-Hellman) key exchange should be used instead. | ||
| 187 | .It Dv SSL_OP_CIPHER_SERVER_PREFERENCE | ||
| 188 | When choosing a cipher, use the server's preferences instead of the client | ||
| 189 | preferences. | ||
| 190 | When not set, the SSL server will always follow the client's preferences. | ||
| 191 | When set, the SSLv3/TLSv1 server will choose following its own preferences. | ||
| 192 | Because of the different protocol, for SSLv2 the server will send its list of | ||
| 193 | preferences to the client and the client chooses. | ||
| 194 | .It Dv SSL_OP_NETSCAPE_CA_DN_BUG | ||
| 195 | If we accept a netscape connection, demand a client cert, have a | ||
| 196 | non-self-signed CA which does not have its CA in netscape, and the browser has | ||
| 197 | a cert, it will crash/hang. | ||
| 198 | Works for 3.x and 4.xbeta | ||
| 199 | .It Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG | ||
| 200 | \&... | ||
| 201 | .It Dv SSL_OP_NO_SSLv2 | ||
| 202 | As of | ||
| 203 | .Ox 5.6 , | ||
| 204 | this option has no effect as SSLv2 support has been removed. | ||
| 205 | In previous versions it disabled use of the SSLv2 protocol. | ||
| 206 | .It Dv SSL_OP_NO_SSLv3 | ||
| 207 | Do not use the SSLv3 protocol. | ||
| 208 | .It Dv SSL_OP_NO_TLSv1 | ||
| 209 | Do not use the TLSv1.0 protocol. | ||
| 210 | .It Dv SSL_OP_NO_TLSv1_1 | ||
| 211 | Do not use the TLSv1.1 protocol. | ||
| 212 | .It Dv SSL_OP_NO_TLSv1_2 | ||
| 213 | Do not use the TLSv1.2 protocol. | ||
| 214 | .It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ||
| 215 | When performing renegotiation as a server, always start a new session (i.e., | ||
| 216 | session resumption requests are only accepted in the initial handshake). | ||
| 217 | This option is not needed for clients. | ||
| 218 | .It Dv SSL_OP_NO_TICKET | ||
| 219 | Normally clients and servers will, where possible, transparently make use of | ||
| 220 | RFC4507bis tickets for stateless session resumption. | ||
| 221 | .Pp | ||
| 222 | If this option is set this functionality is disabled and tickets will not be | ||
| 223 | used by clients or servers. | ||
| 224 | .It Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | ||
| 225 | As of | ||
| 226 | .Ox 5.6 , | ||
| 227 | this option has no effect. | ||
| 228 | In previous versions it allowed legacy insecure renegotiation between OpenSSL | ||
| 229 | and unpatched clients or servers. | ||
| 230 | See the | ||
| 231 | .Sx SECURE RENEGOTIATION | ||
| 232 | section for more details. | ||
| 233 | .It Dv SSL_OP_LEGACY_SERVER_CONNECT | ||
| 234 | Allow legacy insecure renegotiation between OpenSSL and unpatched servers | ||
| 235 | .Em only : | ||
| 236 | this option is currently set by default. | ||
| 237 | See the | ||
| 238 | .Sx SECURE RENEGOTIATION | ||
| 239 | section for more details. | ||
| 240 | .El | ||
| 241 | .Sh SECURE RENEGOTIATION | ||
| 242 | OpenSSL 0.9.8m and later always attempts to use secure renegotiation as | ||
| 243 | described in RFC5746. | ||
| 244 | This counters the prefix attack described in CVE-2009-3555 and elsewhere. | ||
| 245 | .Pp | ||
| 246 | The deprecated and highly broken SSLv2 protocol does not support renegotiation | ||
| 247 | at all; its use is | ||
| 248 | .Em strongly | ||
| 249 | discouraged. | ||
| 250 | .Pp | ||
| 251 | This attack has far-reaching consequences which application writers should be | ||
| 252 | aware of. | ||
| 253 | In the description below an implementation supporting secure renegotiation is | ||
| 254 | referred to as | ||
| 255 | .Dq patched . | ||
| 256 | A server not supporting secure | ||
| 257 | renegotiation is referred to as | ||
| 258 | .Dq unpatched . | ||
| 259 | .Pp | ||
| 260 | The following sections describe the operations permitted by OpenSSL's secure | ||
| 261 | renegotiation implementation. | ||
| 262 | .Ss Patched client and server | ||
| 263 | Connections and renegotiation are always permitted by OpenSSL implementations. | ||
| 264 | .Ss Unpatched client and patched OpenSSL server | ||
| 265 | The initial connection succeeds but client renegotiation is denied by the | ||
| 266 | server with a | ||
| 267 | .Em no_renegotiation | ||
| 268 | warning alert if TLS v1.0 is used or a fatal | ||
| 269 | .Em handshake_failure | ||
| 270 | alert in SSL v3.0. | ||
| 271 | .Pp | ||
| 272 | If the patched OpenSSL server attempts to renegotiate a fatal | ||
| 273 | .Em handshake_failure | ||
| 274 | alert is sent. | ||
| 275 | This is because the server code may be unaware of the unpatched nature of the | ||
| 276 | client. | ||
| 277 | .Pp | ||
| 278 | .Em N.B.: | ||
| 279 | a bug in OpenSSL clients earlier than 0.9.8m (all of which are unpatched) will | ||
| 280 | result in the connection hanging if it receives a | ||
| 281 | .Em no_renegotiation | ||
| 282 | alert. | ||
| 283 | OpenSSL versions 0.9.8m and later will regard a | ||
| 284 | .Em no_renegotiation | ||
| 285 | alert as fatal and respond with a fatal | ||
| 286 | .Em handshake_failure | ||
| 287 | alert. | ||
| 288 | This is because the OpenSSL API currently has no provision to indicate to an | ||
| 289 | application that a renegotiation attempt was refused. | ||
| 290 | .Ss Patched OpenSSL client and unpatched server | ||
| 291 | If the option | ||
| 292 | .Dv SSL_OP_LEGACY_SERVER_CONNECT | ||
| 293 | is set then initial connections and renegotiation between patched OpenSSL | ||
| 294 | clients and unpatched servers succeeds. | ||
| 295 | If neither option is set then initial connections to unpatched servers will | ||
| 296 | fail. | ||
| 297 | .Pp | ||
| 298 | The option | ||
| 299 | .Dv SSL_OP_LEGACY_SERVER_CONNECT | ||
| 300 | is currently set by default even though it has security implications: | ||
| 301 | otherwise it would be impossible to connect to unpatched servers (i.e., all of | ||
| 302 | them initially) and this is clearly not acceptable. | ||
| 303 | Renegotiation is permitted because this does not add any additional security | ||
| 304 | issues: during an attack clients do not see any renegotiations anyway. | ||
| 305 | .Pp | ||
| 306 | As more servers become patched the option | ||
| 307 | .Dv SSL_OP_LEGACY_SERVER_CONNECT | ||
| 308 | will | ||
| 309 | .Em not | ||
| 310 | be set by default in a future version of OpenSSL. | ||
| 311 | .Pp | ||
| 312 | OpenSSL client applications wishing to ensure they can connect to unpatched | ||
| 313 | servers should always | ||
| 314 | .Em set | ||
| 315 | .Dv SSL_OP_LEGACY_SERVER_CONNECT | ||
| 316 | .Pp | ||
| 317 | OpenSSL client applications that want to ensure they can | ||
| 318 | .Em not | ||
| 319 | connect to unpatched servers (and thus avoid any security issues) should always | ||
| 320 | .Em clear | ||
| 321 | .Dv SSL_OP_LEGACY_SERVER_CONNECT | ||
| 322 | using | ||
| 323 | .Fn SSL_CTX_clear_options | ||
| 324 | or | ||
| 325 | .Fn SSL_clear_options . | ||
| 326 | .Sh RETURN VALUES | ||
| 327 | .Fn SSL_CTX_set_options | ||
| 328 | and | ||
| 329 | .Fn SSL_set_options | ||
| 330 | return the new options bitmask after adding | ||
| 331 | .Fa options . | ||
| 332 | .Pp | ||
| 333 | .Fn SSL_CTX_clear_options | ||
| 334 | and | ||
| 335 | .Fn SSL_clear_options | ||
| 336 | return the new options bitmask after clearing | ||
| 337 | .Fa options . | ||
| 338 | .Pp | ||
| 339 | .Fn SSL_CTX_get_options | ||
| 340 | and | ||
| 341 | .Fn SSL_get_options | ||
| 342 | return the current bitmask. | ||
| 343 | .Pp | ||
| 344 | .Fn SSL_get_secure_renegotiation_support | ||
| 345 | returns 1 is the peer supports secure renegotiation and 0 if it does not. | ||
| 346 | .Sh SEE ALSO | ||
| 347 | .Xr openssl 1 , | ||
| 348 | .Xr ssl 3 , | ||
| 349 | .Xr SSL_clear 3 , | ||
| 350 | .Xr SSL_CTX_set_tmp_dh_callback 3 , | ||
| 351 | .Xr SSL_CTX_set_tmp_rsa_callback 3 , | ||
| 352 | .Xr SSL_new 3 | ||
| 353 | .Sh HISTORY | ||
| 354 | .Dv SSL_OP_CIPHER_SERVER_PREFERENCE | ||
| 355 | and | ||
| 356 | .Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ||
| 357 | have been added in | ||
| 358 | OpenSSL 0.9.7. | ||
| 359 | .Pp | ||
| 360 | .Dv SSL_OP_TLS_ROLLBACK_BUG | ||
| 361 | has been added in OpenSSL 0.9.6 and was automatically enabled with | ||
| 362 | .Dv SSL_OP_ALL . | ||
| 363 | As of 0.9.7, it is no longer included in | ||
| 364 | .Dv SSL_OP_ALL | ||
| 365 | and must be explicitly set. | ||
| 366 | .Pp | ||
| 367 | .Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | ||
| 368 | has been added in OpenSSL 0.9.6e. | ||
| 369 | Versions up to OpenSSL 0.9.6c do not include the countermeasure that can be | ||
| 370 | disabled with this option (in OpenSSL 0.9.6d, it was always enabled). | ||
| 371 | .Pp | ||
| 372 | .Fn SSL_CTX_clear_options | ||
| 373 | and | ||
| 374 | .Fn SSL_clear_options | ||
| 375 | were first added in OpenSSL 0.9.8m. | ||
| 376 | .Pp | ||
| 377 | .Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION , | ||
| 378 | .Dv SSL_OP_LEGACY_SERVER_CONNECT | ||
| 379 | and the function | ||
| 380 | .Fn SSL_get_secure_renegotiation_support | ||
| 381 | were first added in OpenSSL 0.9.8m. | ||
| 382 | .Pp | ||
| 383 | .Dv SSL_OP_NO_SSLv2 | ||
| 384 | and | ||
| 385 | .Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | ||
| 386 | were changed to have no effect in | ||
| 387 | .Ox 5.6 . | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3 deleted file mode 100644 index 40504ce59a..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_psk_client_callback.3 +++ /dev/null | |||
| @@ -1,68 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_psk_client_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_psk_client_callback , | ||
| 9 | .Nm SSL_set_psk_client_callback | ||
| 10 | .Nd set PSK client callback | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft void | ||
| 14 | .Fo SSL_CTX_set_psk_client_callback | ||
| 15 | .Fa "SSL_CTX *ctx" | ||
| 16 | .Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \ | ||
| 17 | unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)" | ||
| 18 | .Fc | ||
| 19 | .Ft void | ||
| 20 | .Fo SSL_set_psk_client_callback | ||
| 21 | .Fa "SSL *ssl" | ||
| 22 | .Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \ | ||
| 23 | unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)" | ||
| 24 | .Fc | ||
| 25 | .Sh DESCRIPTION | ||
| 26 | A client application must provide a callback function which is called | ||
| 27 | when the client is sending the ClientKeyExchange message to the server. | ||
| 28 | .Pp | ||
| 29 | The purpose of the callback function is to select the PSK identity and | ||
| 30 | the pre-shared key to use during the connection setup phase. | ||
| 31 | .Pp | ||
| 32 | The callback is set using functions | ||
| 33 | .Fn SSL_CTX_set_psk_client_callback | ||
| 34 | or | ||
| 35 | .Fn SSL_set_psk_client_callback . | ||
| 36 | The callback function is given the connection in parameter | ||
| 37 | .Fa ssl , | ||
| 38 | a | ||
| 39 | .Dv NULL Ns | ||
| 40 | -terminated PSK identity hint sent by the server in parameter | ||
| 41 | .Fa hint , | ||
| 42 | a buffer | ||
| 43 | .Fa identity | ||
| 44 | of length | ||
| 45 | .Fa max_identity_len | ||
| 46 | bytes where the resulting | ||
| 47 | .Dv NULL Ns | ||
| 48 | -terminated identity is to be stored, and a buffer | ||
| 49 | .Fa psk | ||
| 50 | of | ||
| 51 | length | ||
| 52 | .Fa max_psk_len | ||
| 53 | bytes where the resulting pre-shared key is to be stored. | ||
| 54 | .Sh NOTES | ||
| 55 | Note that parameter | ||
| 56 | .Fa hint | ||
| 57 | given to the callback may be | ||
| 58 | .Dv NULL . | ||
| 59 | .Sh RETURN VALUES | ||
| 60 | Return values from the client callback are interpreted as follows: | ||
| 61 | .Pp | ||
| 62 | On success (callback found a PSK identity and a pre-shared key to use) | ||
| 63 | the length (> 0) of | ||
| 64 | .Fa psk | ||
| 65 | in bytes is returned. | ||
| 66 | .Pp | ||
| 67 | Otherwise or on errors callback should return 0. | ||
| 68 | In this case the connection setup fails. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3 b/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3 deleted file mode 100644 index 5cad447318..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_quiet_shutdown.3 +++ /dev/null | |||
| @@ -1,115 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.3 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_QUIET_SHUTDOWN 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_quiet_shutdown , | ||
| 9 | .Nm SSL_CTX_get_quiet_shutdown , | ||
| 10 | .Nm SSL_set_quiet_shutdown , | ||
| 11 | .Nm SSL_get_quiet_shutdown | ||
| 12 | .Nd manipulate shutdown behaviour | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft void | ||
| 16 | .Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode" | ||
| 17 | .Ft int | ||
| 18 | .Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx" | ||
| 19 | .Ft void | ||
| 20 | .Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode" | ||
| 21 | .Ft int | ||
| 22 | .Fn SSL_get_quiet_shutdown "const SSL *ssl" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_CTX_set_quiet_shutdown | ||
| 25 | sets the | ||
| 26 | .Dq quiet shutdown | ||
| 27 | flag for | ||
| 28 | .Fa ctx | ||
| 29 | to be | ||
| 30 | .Fa mode . | ||
| 31 | .Vt SSL | ||
| 32 | objects created from | ||
| 33 | .Fa ctx | ||
| 34 | inherit the | ||
| 35 | .Fa mode | ||
| 36 | valid at the time | ||
| 37 | .Xr SSL_new 3 | ||
| 38 | is called. | ||
| 39 | .Fa mode | ||
| 40 | may be 0 or 1. | ||
| 41 | .Pp | ||
| 42 | .Fn SSL_CTX_get_quiet_shutdown | ||
| 43 | returns the | ||
| 44 | .Dq quiet shutdown | ||
| 45 | setting of | ||
| 46 | .Fa ctx . | ||
| 47 | .Pp | ||
| 48 | .Fn SSL_set_quiet_shutdown | ||
| 49 | sets the | ||
| 50 | .Dq quiet shutdown | ||
| 51 | flag for | ||
| 52 | .Fa ssl | ||
| 53 | to be | ||
| 54 | .Fa mode . | ||
| 55 | The setting stays valid until | ||
| 56 | .Fa ssl | ||
| 57 | is removed with | ||
| 58 | .Xr SSL_free 3 | ||
| 59 | or | ||
| 60 | .Fn SSL_set_quiet_shutdown | ||
| 61 | is called again. | ||
| 62 | It is not changed when | ||
| 63 | .Xr SSL_clear 3 | ||
| 64 | is called. | ||
| 65 | .Fa mode | ||
| 66 | may be 0 or 1. | ||
| 67 | .Pp | ||
| 68 | .Fn SSL_get_quiet_shutdown | ||
| 69 | returns the | ||
| 70 | .Dq quiet shutdown | ||
| 71 | setting of | ||
| 72 | .Fa ssl . | ||
| 73 | .Sh NOTES | ||
| 74 | Normally when a SSL connection is finished, the parties must send out | ||
| 75 | .Dq close notify | ||
| 76 | alert messages using | ||
| 77 | .Xr SSL_shutdown 3 | ||
| 78 | for a clean shutdown. | ||
| 79 | .Pp | ||
| 80 | When setting the | ||
| 81 | .Dq quiet shutdown | ||
| 82 | flag to 1, | ||
| 83 | .Xr SSL_shutdown 3 | ||
| 84 | will set the internal flags to | ||
| 85 | .Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN | ||
| 86 | .Po | ||
| 87 | .Xr SSL_shutdown 3 | ||
| 88 | then behaves like | ||
| 89 | .Xr SSL_set_shutdown 3 | ||
| 90 | called with | ||
| 91 | .Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN | ||
| 92 | .Pc . | ||
| 93 | The session is thus considered to be shut down, but no | ||
| 94 | .Dq close notify | ||
| 95 | alert is sent to the peer. | ||
| 96 | This behaviour violates the TLS standard. | ||
| 97 | .Pp | ||
| 98 | The default is normal shutdown behaviour as described by the TLS standard. | ||
| 99 | .Sh RETURN VALUES | ||
| 100 | .Fn SSL_CTX_set_quiet_shutdown | ||
| 101 | and | ||
| 102 | .Fn SSL_set_quiet_shutdown | ||
| 103 | do not return diagnostic information. | ||
| 104 | .Pp | ||
| 105 | .Fn SSL_CTX_get_quiet_shutdown | ||
| 106 | and | ||
| 107 | .Fn SSL_get_quiet_shutdown | ||
| 108 | return the current setting. | ||
| 109 | .Sh SEE ALSO | ||
| 110 | .Xr ssl 3 , | ||
| 111 | .Xr SSL_clear 3 , | ||
| 112 | .Xr SSL_free 3 , | ||
| 113 | .Xr SSL_new 3 , | ||
| 114 | .Xr SSL_set_shutdown 3 , | ||
| 115 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3 b/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3 deleted file mode 100644 index a4e147f05a..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_session_cache_mode.3 +++ /dev/null | |||
| @@ -1,143 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_session_cache_mode.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_SESSION_CACHE_MODE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_session_cache_mode , | ||
| 9 | .Nm SSL_CTX_get_session_cache_mode | ||
| 10 | .Nd enable/disable session caching | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft long | ||
| 14 | .Fn SSL_CTX_set_session_cache_mode "SSL_CTX ctx" "long mode" | ||
| 15 | .Ft long | ||
| 16 | .Fn SSL_CTX_get_session_cache_mode "SSL_CTX ctx" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_CTX_set_session_cache_mode | ||
| 19 | enables/disables session caching by setting the operational mode for | ||
| 20 | .Ar ctx | ||
| 21 | to | ||
| 22 | .Ar mode . | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_CTX_get_session_cache_mode | ||
| 25 | returns the currently used cache mode. | ||
| 26 | .Sh NOTES | ||
| 27 | The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. | ||
| 28 | The sessions can be held in memory for each | ||
| 29 | .Fa ctx , | ||
| 30 | if more than one | ||
| 31 | .Vt SSL_CTX | ||
| 32 | object is being maintained, the sessions are unique for each | ||
| 33 | .Vt SSL_CTX | ||
| 34 | object. | ||
| 35 | .Pp | ||
| 36 | In order to reuse a session, a client must send the session's id to the server. | ||
| 37 | It can only send exactly one id. | ||
| 38 | The server then either agrees to reuse the session or it starts a full | ||
| 39 | handshake (to create a new session). | ||
| 40 | .Pp | ||
| 41 | A server will lookup up the session in its internal session storage. | ||
| 42 | If the session is not found in internal storage or lookups for the internal | ||
| 43 | storage have been deactivated | ||
| 44 | .Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP , | ||
| 45 | the server will try the external storage if available. | ||
| 46 | .Pp | ||
| 47 | Since a client may try to reuse a session intended for use in a different | ||
| 48 | context, the session id context must be set by the server (see | ||
| 49 | .Xr SSL_CTX_set_session_id_context 3 ) . | ||
| 50 | .Pp | ||
| 51 | The following session cache modes and modifiers are available: | ||
| 52 | .Bl -tag -width Ds | ||
| 53 | .It Dv SSL_SESS_CACHE_OFF | ||
| 54 | No session caching for client or server takes place. | ||
| 55 | .It Dv SSL_SESS_CACHE_CLIENT | ||
| 56 | Client sessions are added to the session cache. | ||
| 57 | As there is no reliable way for the OpenSSL library to know whether a session | ||
| 58 | should be reused or which session to choose (due to the abstract BIO layer the | ||
| 59 | SSL engine does not have details about the connection), | ||
| 60 | the application must select the session to be reused by using the | ||
| 61 | .Xr SSL_set_session 3 | ||
| 62 | function. | ||
| 63 | This option is not activated by default. | ||
| 64 | .It Dv SSL_SESS_CACHE_SERVER | ||
| 65 | Server sessions are added to the session cache. | ||
| 66 | When a client proposes a session to be reused, the server looks for the | ||
| 67 | corresponding session in (first) the internal session cache (unless | ||
| 68 | .Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | ||
| 69 | is set), then (second) in the external cache if available. | ||
| 70 | If the session is found, the server will try to reuse the session. | ||
| 71 | This is the default. | ||
| 72 | .It Dv SSL_SESS_CACHE_BOTH | ||
| 73 | Enable both | ||
| 74 | .Dv SSL_SESS_CACHE_CLIENT | ||
| 75 | and | ||
| 76 | .Dv SSL_SESS_CACHE_SERVER | ||
| 77 | at the same time. | ||
| 78 | .It Dv SSL_SESS_CACHE_NO_AUTO_CLEAR | ||
| 79 | Normally the session cache is checked for expired sessions every 255 | ||
| 80 | connections using the | ||
| 81 | .Xr SSL_CTX_flush_sessions 3 | ||
| 82 | function. | ||
| 83 | Since this may lead to a delay which cannot be controlled, | ||
| 84 | the automatic flushing may be disabled and | ||
| 85 | .Xr SSL_CTX_flush_sessions 3 | ||
| 86 | can be called explicitly by the application. | ||
| 87 | .It Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | ||
| 88 | By setting this flag, session-resume operations in an SSL/TLS server will not | ||
| 89 | automatically look up sessions in the internal cache, | ||
| 90 | even if sessions are automatically stored there. | ||
| 91 | If external session caching callbacks are in use, | ||
| 92 | this flag guarantees that all lookups are directed to the external cache. | ||
| 93 | As automatic lookup only applies for SSL/TLS servers, | ||
| 94 | the flag has no effect on clients. | ||
| 95 | .It Dv SSL_SESS_CACHE_NO_INTERNAL_STORE | ||
| 96 | Depending on the presence of | ||
| 97 | .Dv SSL_SESS_CACHE_CLIENT | ||
| 98 | and/or | ||
| 99 | .Dv SSL_SESS_CACHE_SERVER , | ||
| 100 | sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. | ||
| 101 | Normally a new session is added to the internal cache as well as any external | ||
| 102 | session caching (callback) that is configured for the | ||
| 103 | .Vt SSL_CTX . | ||
| 104 | This flag will prevent sessions being stored in the internal cache | ||
| 105 | (though the application can add them manually using | ||
| 106 | .Xr SSL_CTX_add_session 3 ) . | ||
| 107 | Note: | ||
| 108 | in any SSL/TLS servers where external caching is configured, any successful | ||
| 109 | session lookups in the external cache (e.g., for session-resume requests) would | ||
| 110 | normally be copied into the local cache before processing continues \(en this | ||
| 111 | flag prevents these additions to the internal cache as well. | ||
| 112 | .It Dv SSL_SESS_CACHE_NO_INTERNAL | ||
| 113 | Enable both | ||
| 114 | .Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | ||
| 115 | and | ||
| 116 | .Dv SSL_SESS_CACHE_NO_INTERNAL_STORE | ||
| 117 | at the same time. | ||
| 118 | .El | ||
| 119 | .Pp | ||
| 120 | The default mode is | ||
| 121 | .Dv SSL_SESS_CACHE_SERVER . | ||
| 122 | .Sh RETURN VALUES | ||
| 123 | .Fn SSL_CTX_set_session_cache_mode | ||
| 124 | returns the previously set cache mode. | ||
| 125 | .Pp | ||
| 126 | .Fn SSL_CTX_get_session_cache_mode | ||
| 127 | returns the currently set cache mode. | ||
| 128 | .Sh SEE ALSO | ||
| 129 | .Xr ssl 3 , | ||
| 130 | .Xr SSL_CTX_add_session 3 , | ||
| 131 | .Xr SSL_CTX_flush_sessions 3 , | ||
| 132 | .Xr SSL_CTX_sess_number 3 , | ||
| 133 | .Xr SSL_CTX_sess_set_cache_size 3 , | ||
| 134 | .Xr SSL_CTX_sess_set_get_cb 3 , | ||
| 135 | .Xr SSL_CTX_set_session_id_context 3 , | ||
| 136 | .Xr SSL_CTX_set_timeout 3 , | ||
| 137 | .Xr SSL_session_reused 3 , | ||
| 138 | .Xr SSL_set_session 3 | ||
| 139 | .Sh HISTORY | ||
| 140 | .Dv SSL_SESS_CACHE_NO_INTERNAL_STORE | ||
| 141 | and | ||
| 142 | .Dv SSL_SESS_CACHE_NO_INTERNAL | ||
| 143 | were introduced in OpenSSL 0.9.6h. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 deleted file mode 100644 index 8f85c4e938..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_session_id_context.3 +++ /dev/null | |||
| @@ -1,105 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_session_id_context.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_session_id_context , | ||
| 9 | .Nm SSL_set_session_id_context | ||
| 10 | .Nd set context within which session can be reused (server side only) | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft int | ||
| 14 | .Fo SSL_CTX_set_session_id_context | ||
| 15 | .Fa "SSL_CTX *ctx" | ||
| 16 | .Fa const unsigned char *sid_ctx" | ||
| 17 | .Fa "unsigned int sid_ctx_len" | ||
| 18 | .Fc | ||
| 19 | .Ft int | ||
| 20 | .Fo SSL_set_session_id_context | ||
| 21 | .Fa "SSL *ssl" | ||
| 22 | .Fa const unsigned char *sid_ctx" | ||
| 23 | .Fa "unsigned int sid_ctx_len" | ||
| 24 | .Fc | ||
| 25 | .Sh DESCRIPTION | ||
| 26 | .Fn SSL_CTX_set_session_id_context | ||
| 27 | sets the context | ||
| 28 | .Fa sid_ctx | ||
| 29 | of length | ||
| 30 | .Fa sid_ctx_len | ||
| 31 | within which a session can be reused for the | ||
| 32 | .Fa ctx | ||
| 33 | object. | ||
| 34 | .Pp | ||
| 35 | .Fn SSL_set_session_id_context | ||
| 36 | sets the context | ||
| 37 | .Fa sid_ctx | ||
| 38 | of length | ||
| 39 | .Fa sid_ctx_len | ||
| 40 | within which a session can be reused for the | ||
| 41 | .Fa ssl | ||
| 42 | object. | ||
| 43 | .Sh NOTES | ||
| 44 | Sessions are generated within a certain context. | ||
| 45 | When exporting/importing sessions with | ||
| 46 | .Xr i2d_SSL_SESSION 3 | ||
| 47 | and | ||
| 48 | .Xr d2i_SSL_SESSION 3 , | ||
| 49 | it would be possible to re-import a session generated from another context | ||
| 50 | (e.g., another application), which might lead to malfunctions. | ||
| 51 | Therefore each application must set its own session id context | ||
| 52 | .Fa sid_ctx | ||
| 53 | which is used to distinguish the contexts and is stored in exported sessions. | ||
| 54 | The | ||
| 55 | .Fa sid_ctx | ||
| 56 | can be any kind of binary data with a given length; it is therefore possible | ||
| 57 | to use, for instance, the name of the application, the hostname, the service | ||
| 58 | name... | ||
| 59 | .Pp | ||
| 60 | The session id context becomes part of the session. | ||
| 61 | The session id context is set by the SSL/TLS server. | ||
| 62 | The | ||
| 63 | .Fn SSL_CTX_set_session_id_context | ||
| 64 | and | ||
| 65 | .Fn SSL_set_session_id_context | ||
| 66 | functions are therefore only useful on the server side. | ||
| 67 | .Pp | ||
| 68 | OpenSSL clients will check the session id context returned by the server when | ||
| 69 | reusing a session. | ||
| 70 | .Pp | ||
| 71 | The maximum length of the | ||
| 72 | .Fa sid_ctx | ||
| 73 | is limited to | ||
| 74 | .Dv SSL_MAX_SSL_SESSION_ID_LENGTH . | ||
| 75 | .Sh WARNINGS | ||
| 76 | If the session id context is not set on an SSL/TLS server and client | ||
| 77 | certificates are used, stored sessions will not be reused but a fatal error | ||
| 78 | will be flagged and the handshake will fail. | ||
| 79 | .Pp | ||
| 80 | If a server returns a different session id context to an OpenSSL client | ||
| 81 | when reusing a session, an error will be flagged and the handshake will | ||
| 82 | fail. | ||
| 83 | OpenSSL servers will always return the correct session id context, | ||
| 84 | as an OpenSSL server checks the session id context itself before reusing | ||
| 85 | a session as described above. | ||
| 86 | .Sh RETURN VALUES | ||
| 87 | .Fn SSL_CTX_set_session_id_context | ||
| 88 | and | ||
| 89 | .Fn SSL_set_session_id_context | ||
| 90 | return the following values: | ||
| 91 | .Bl -tag -width Ds | ||
| 92 | .It 0 | ||
| 93 | The length | ||
| 94 | .Fa sid_ctx_len | ||
| 95 | of the session id context | ||
| 96 | .Fa sid_ctx | ||
| 97 | exceeded | ||
| 98 | the maximum allowed length of | ||
| 99 | .Dv SSL_MAX_SSL_SESSION_ID_LENGTH . | ||
| 100 | The error is logged to the error stack. | ||
| 101 | .It 1 | ||
| 102 | The operation succeeded. | ||
| 103 | .El | ||
| 104 | .Sh SEE ALSO | ||
| 105 | .Xr ssl 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3 b/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3 deleted file mode 100644 index f4bd74e73b..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_ssl_version.3 +++ /dev/null | |||
| @@ -1,81 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_ssl_version.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_SSL_VERSION 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_ssl_version , | ||
| 9 | .Nm SSL_set_ssl_method , | ||
| 10 | .Nm SSL_get_ssl_method | ||
| 11 | .Nd choose a new TLS/SSL method | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft int | ||
| 15 | .Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *method" | ||
| 16 | .Ft int | ||
| 17 | .Fn SSL_set_ssl_method "SSL *s" "const SSL_METHOD *method" | ||
| 18 | .Ft const SSL_METHOD * | ||
| 19 | .Fn SSL_get_ssl_method "SSL *ssl" | ||
| 20 | .Sh DESCRIPTION | ||
| 21 | .Fn SSL_CTX_set_ssl_version | ||
| 22 | sets a new default TLS/SSL | ||
| 23 | .Fa method | ||
| 24 | for | ||
| 25 | .Vt SSL | ||
| 26 | objects newly created from this | ||
| 27 | .Fa ctx . | ||
| 28 | .Vt SSL | ||
| 29 | objects already created with | ||
| 30 | .Xr SSL_new 3 | ||
| 31 | are not affected, except when | ||
| 32 | .Xr SSL_clear 3 | ||
| 33 | is called. | ||
| 34 | .Pp | ||
| 35 | .Fn SSL_set_ssl_method | ||
| 36 | sets a new TLS/SSL | ||
| 37 | .Fa method | ||
| 38 | for a particular | ||
| 39 | .Vt SSL | ||
| 40 | object | ||
| 41 | .Fa s . | ||
| 42 | It may be reset when | ||
| 43 | .Xr SSL_clear 3 | ||
| 44 | is called. | ||
| 45 | .Pp | ||
| 46 | .Fn SSL_get_ssl_method | ||
| 47 | returns a function pointer to the TLS/SSL method set in | ||
| 48 | .Fa ssl . | ||
| 49 | .Sh NOTES | ||
| 50 | The available | ||
| 51 | .Fa method | ||
| 52 | choices are described in | ||
| 53 | .Xr SSL_CTX_new 3 . | ||
| 54 | .Pp | ||
| 55 | When | ||
| 56 | .Xr SSL_clear 3 | ||
| 57 | is called and no session is connected to an | ||
| 58 | .Vt SSL | ||
| 59 | object, the method of the | ||
| 60 | .Vt SSL | ||
| 61 | object is reset to the method currently set in the corresponding | ||
| 62 | .Vt SSL_CTX | ||
| 63 | object. | ||
| 64 | .Sh RETURN VALUES | ||
| 65 | The following return values can occur for | ||
| 66 | .Fn SSL_CTX_set_ssl_version | ||
| 67 | and | ||
| 68 | .Fn SSL_set_ssl_method : | ||
| 69 | .Bl -tag -width Ds | ||
| 70 | .It 0 | ||
| 71 | The new choice failed. | ||
| 72 | Check the error stack to find out the reason. | ||
| 73 | .It 1 | ||
| 74 | The operation succeeded. | ||
| 75 | .El | ||
| 76 | .Sh SEE ALSO | ||
| 77 | .Xr ssl 3 , | ||
| 78 | .Xr SSL_clear 3 , | ||
| 79 | .Xr SSL_CTX_new 3 , | ||
| 80 | .Xr SSL_new 3 , | ||
| 81 | .Xr SSL_set_connect_state 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_timeout.3 b/src/lib/libssl/doc/SSL_CTX_set_timeout.3 deleted file mode 100644 index 6454c4616f..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_timeout.3 +++ /dev/null | |||
| @@ -1,65 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_timeout.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_TIMEOUT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_timeout , | ||
| 9 | .Nm SSL_CTX_get_timeout | ||
| 10 | .Nd manipulate timeout values for session caching | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft long | ||
| 14 | .Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t" | ||
| 15 | .Ft long | ||
| 16 | .Fn SSL_CTX_get_timeout "SSL_CTX *ctx" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_CTX_set_timeout | ||
| 19 | sets the timeout for newly created sessions for | ||
| 20 | .Fa ctx | ||
| 21 | to | ||
| 22 | .Fa t . | ||
| 23 | The timeout value | ||
| 24 | .Fa t | ||
| 25 | must be given in seconds. | ||
| 26 | .Pp | ||
| 27 | .Fn SSL_CTX_get_timeout | ||
| 28 | returns the currently set timeout value for | ||
| 29 | .Fa ctx . | ||
| 30 | .Sh NOTES | ||
| 31 | Whenever a new session is created, it is assigned a maximum lifetime. | ||
| 32 | This lifetime is specified by storing the creation time of the session and the | ||
| 33 | timeout value valid at this time. | ||
| 34 | If the actual time is later than creation time plus timeout, | ||
| 35 | the session is not reused. | ||
| 36 | .Pp | ||
| 37 | Due to this realization, all sessions behave according to the timeout value | ||
| 38 | valid at the time of the session negotiation. | ||
| 39 | Changes of the timeout value do not affect already established sessions. | ||
| 40 | .Pp | ||
| 41 | The expiration time of a single session can be modified using the | ||
| 42 | .Xr SSL_SESSION_get_time 3 | ||
| 43 | family of functions. | ||
| 44 | .Pp | ||
| 45 | Expired sessions are removed from the internal session cache, whenever | ||
| 46 | .Xr SSL_CTX_flush_sessions 3 | ||
| 47 | is called, either directly by the application or automatically (see | ||
| 48 | .Xr SSL_CTX_set_session_cache_mode 3 ) . | ||
| 49 | .Pp | ||
| 50 | The default value for session timeout is decided on a per-protocol basis; see | ||
| 51 | .Xr SSL_get_default_timeout 3 . | ||
| 52 | All currently supported protocols have the same default timeout value of 300 | ||
| 53 | seconds. | ||
| 54 | .Sh RETURN VALUES | ||
| 55 | .Fn SSL_CTX_set_timeout | ||
| 56 | returns the previously set timeout value. | ||
| 57 | .Pp | ||
| 58 | .Fn SSL_CTX_get_timeout | ||
| 59 | returns the currently set timeout value. | ||
| 60 | .Sh SEE ALSO | ||
| 61 | .Xr ssl 3 , | ||
| 62 | .Xr SSL_CTX_flush_sessions 3 , | ||
| 63 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 64 | .Xr SSL_get_default_timeout 3 , | ||
| 65 | .Xr SSL_SESSION_get_time 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3 deleted file mode 100644 index 17eed868ee..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_tmp_dh_callback.3 +++ /dev/null | |||
| @@ -1,235 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_tmp_dh_callback , | ||
| 9 | .Nm SSL_CTX_set_tmp_dh , | ||
| 10 | .Nm SSL_set_tmp_dh_callback , | ||
| 11 | .Nm SSL_set_tmp_dh | ||
| 12 | .Nd handle DH keys for ephemeral key exchange | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft void | ||
| 16 | .Fo SSL_CTX_set_tmp_dh_callback | ||
| 17 | .Fa "SSL_CTX *ctx" | ||
| 18 | .Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)" | ||
| 19 | .Fc | ||
| 20 | .Ft long | ||
| 21 | .Fn SSL_CTX_set_tmp_dh "SSL_CTX *ctx" "DH *dh" | ||
| 22 | .Ft void | ||
| 23 | .Fo SSL_set_tmp_dh_callback | ||
| 24 | .Fa "SSL *ssl" | ||
| 25 | .Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength" | ||
| 26 | .Fc | ||
| 27 | .Ft long | ||
| 28 | .Fn SSL_set_tmp_dh "SSL *ssl" "DH *dh" | ||
| 29 | .Sh DESCRIPTION | ||
| 30 | .Fn SSL_CTX_set_tmp_dh_callback | ||
| 31 | sets the callback function for | ||
| 32 | .Fa ctx | ||
| 33 | to be used when a DH parameters are required to | ||
| 34 | .Fa tmp_dh_callback . | ||
| 35 | The callback is inherited by all | ||
| 36 | .Vt ssl | ||
| 37 | objects created from | ||
| 38 | .Fa ctx . | ||
| 39 | .Pp | ||
| 40 | .Fn SSL_CTX_set_tmp_dh | ||
| 41 | sets DH parameters to be used to be | ||
| 42 | .Sy dh Ns . | ||
| 43 | The key is inherited by all | ||
| 44 | .Fa ssl | ||
| 45 | objects created from | ||
| 46 | .Fa ctx . | ||
| 47 | .Pp | ||
| 48 | .Fn SSL_set_tmp_dh_callback | ||
| 49 | sets the callback only for | ||
| 50 | .Fa ssl . | ||
| 51 | .Pp | ||
| 52 | .Fn SSL_set_tmp_dh | ||
| 53 | sets the parameters only for | ||
| 54 | .Fa ssl . | ||
| 55 | .Pp | ||
| 56 | These functions apply to SSL/TLS servers only. | ||
| 57 | .Sh NOTES | ||
| 58 | When using a cipher with RSA authentication, | ||
| 59 | an ephemeral DH key exchange can take place. | ||
| 60 | Ciphers with DSA keys always use ephemeral DH keys as well. | ||
| 61 | In these cases, the session data are negotiated using the ephemeral/temporary | ||
| 62 | DH key and the key supplied and certified by the certificate chain is only used | ||
| 63 | for signing. | ||
| 64 | Anonymous ciphers (without a permanent server key) also use ephemeral DH keys. | ||
| 65 | .Pp | ||
| 66 | Using ephemeral DH key exchange yields forward secrecy, | ||
| 67 | as the connection can only be decrypted when the DH key is known. | ||
| 68 | By generating a temporary DH key inside the server application that is lost | ||
| 69 | when the application is left, it becomes impossible for an attacker to decrypt | ||
| 70 | past sessions, even if he gets hold of the normal (certified) key, | ||
| 71 | as this key was only used for signing. | ||
| 72 | .Pp | ||
| 73 | In order to perform a DH key exchange the server must use a DH group | ||
| 74 | (DH parameters) and generate a DH key. | ||
| 75 | The server will always generate a new DH key during the negotiation, | ||
| 76 | when the DH parameters are supplied via callback and/or when the | ||
| 77 | .Dv SSL_OP_SINGLE_DH_USE | ||
| 78 | option of | ||
| 79 | .Xr SSL_CTX_set_options 3 | ||
| 80 | is set. | ||
| 81 | It will immediately create a DH key, when DH parameters are supplied via | ||
| 82 | .Fn SSL_CTX_set_tmp_dh | ||
| 83 | and | ||
| 84 | .Dv SSL_OP_SINGLE_DH_USE | ||
| 85 | is not set. | ||
| 86 | In this case, it may happen that a key is generated on initialization without | ||
| 87 | later being needed, while on the other hand the computer time during the | ||
| 88 | negotiation is being saved. | ||
| 89 | .Pp | ||
| 90 | If | ||
| 91 | .Dq strong | ||
| 92 | primes were used to generate the DH parameters, it is not strictly necessary to | ||
| 93 | generate a new key for each handshake but it does improve forward secrecy. | ||
| 94 | If it is not assured that | ||
| 95 | .Dq strong | ||
| 96 | primes were used (see especially the section about DSA parameters below), | ||
| 97 | .Dv SSL_OP_SINGLE_DH_USE | ||
| 98 | must be used in order to prevent small subgroup attacks. | ||
| 99 | Always using | ||
| 100 | .Dv SSL_OP_SINGLE_DH_USE | ||
| 101 | has an impact on the computer time needed during negotiation, | ||
| 102 | but it is not very large, | ||
| 103 | so application authors/users should consider always enabling this option. | ||
| 104 | .Pp | ||
| 105 | As generating DH parameters is extremely time consuming, an application should | ||
| 106 | not generate the parameters on the fly but supply the parameters. | ||
| 107 | DH parameters can be reused, | ||
| 108 | as the actual key is newly generated during the negotiation. | ||
| 109 | The risk in reusing DH parameters is that an attacker may specialize on a very | ||
| 110 | often used DH group. | ||
| 111 | Applications should therefore generate their own DH parameters during the | ||
| 112 | installation process using the openssl | ||
| 113 | .Xr openssl 1 | ||
| 114 | application. | ||
| 115 | In order to reduce the computer time needed for this generation, | ||
| 116 | it is possible to use DSA parameters instead (see | ||
| 117 | .Xr openssl 1 ) , | ||
| 118 | but in this case | ||
| 119 | .Dv SSL_OP_SINGLE_DH_USE | ||
| 120 | is mandatory. | ||
| 121 | .Pp | ||
| 122 | Application authors may compile in DH parameters. | ||
| 123 | Files | ||
| 124 | .Pa dh512.pem , | ||
| 125 | .Pa dh1024.pem , | ||
| 126 | .Pa dh2048.pem , | ||
| 127 | and | ||
| 128 | .Pa dh4096.pem | ||
| 129 | in the | ||
| 130 | .Pa apps | ||
| 131 | directory of the current version of the OpenSSL distribution contain the | ||
| 132 | .Sq SKIP | ||
| 133 | DH parameters, | ||
| 134 | which use safe primes and were generated verifiably pseudo-randomly. | ||
| 135 | These files can be converted into C code using the | ||
| 136 | .Fl C | ||
| 137 | option of the | ||
| 138 | .Xr openssl 1 | ||
| 139 | application. | ||
| 140 | Authors may also generate their own set of parameters using | ||
| 141 | .Xr openssl 1 , | ||
| 142 | but a user may not be sure how the parameters were generated. | ||
| 143 | The generation of DH parameters during installation is therefore recommended. | ||
| 144 | .Pp | ||
| 145 | An application may either directly specify the DH parameters or can supply the | ||
| 146 | DH parameters via a callback function. | ||
| 147 | The callback approach has the advantage that the callback may supply DH | ||
| 148 | parameters for different key lengths. | ||
| 149 | .Pp | ||
| 150 | The | ||
| 151 | .Fa tmp_dh_callback | ||
| 152 | is called with the | ||
| 153 | .Fa keylength | ||
| 154 | needed and the | ||
| 155 | .Fa is_export | ||
| 156 | information. | ||
| 157 | The | ||
| 158 | .Fa is_export | ||
| 159 | flag is set when the ephemeral DH key exchange is performed with an export | ||
| 160 | cipher. | ||
| 161 | .Sh RETURN VALUES | ||
| 162 | .Fn SSL_CTX_set_tmp_dh_callback | ||
| 163 | and | ||
| 164 | .Fn SSL_set_tmp_dh_callback | ||
| 165 | do not return diagnostic output. | ||
| 166 | .Pp | ||
| 167 | .Fn SSL_CTX_set_tmp_dh | ||
| 168 | and | ||
| 169 | .Fn SSL_set_tmp_dh | ||
| 170 | do return 1 on success and 0 on failure. | ||
| 171 | Check the error queue to find out the reason of failure. | ||
| 172 | .Sh EXAMPLES | ||
| 173 | Handle DH parameters for key lengths of 512 and 1024 bits. | ||
| 174 | (Error handling partly left out.) | ||
| 175 | .Bd -literal | ||
| 176 | \&... | ||
| 177 | /* Set up ephemeral DH stuff */ | ||
| 178 | DH *dh_512 = NULL; | ||
| 179 | DH *dh_1024 = NULL; | ||
| 180 | FILE *paramfile; | ||
| 181 | |||
| 182 | \&... | ||
| 183 | |||
| 184 | /* "openssl dhparam -out dh_param_512.pem -2 512" */ | ||
| 185 | paramfile = fopen("dh_param_512.pem", "r"); | ||
| 186 | if (paramfile) { | ||
| 187 | dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); | ||
| 188 | fclose(paramfile); | ||
| 189 | } | ||
| 190 | /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ | ||
| 191 | paramfile = fopen("dh_param_1024.pem", "r"); | ||
| 192 | if (paramfile) { | ||
| 193 | dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); | ||
| 194 | fclose(paramfile); | ||
| 195 | } | ||
| 196 | |||
| 197 | \&... | ||
| 198 | |||
| 199 | /* "openssl dhparam -C -2 512" etc... */ | ||
| 200 | DH *get_dh512() { ... } | ||
| 201 | DH *get_dh1024() { ... } | ||
| 202 | |||
| 203 | DH * | ||
| 204 | tmp_dh_callback(SSL *s, int is_export, int keylength) | ||
| 205 | { | ||
| 206 | DH *dh_tmp=NULL; | ||
| 207 | |||
| 208 | switch (keylength) { | ||
| 209 | case 512: | ||
| 210 | if (!dh_512) | ||
| 211 | dh_512 = get_dh512(); | ||
| 212 | dh_tmp = dh_512; | ||
| 213 | break; | ||
| 214 | case 1024: | ||
| 215 | if (!dh_1024) | ||
| 216 | dh_1024 = get_dh1024(); | ||
| 217 | dh_tmp = dh_1024; | ||
| 218 | break; | ||
| 219 | default: | ||
| 220 | /* | ||
| 221 | * Generating a key on the fly is very costly, | ||
| 222 | * so use what is there | ||
| 223 | */ | ||
| 224 | setup_dh_parameters_like_above(); | ||
| 225 | } | ||
| 226 | |||
| 227 | return(dh_tmp); | ||
| 228 | } | ||
| 229 | .Ed | ||
| 230 | .Sh SEE ALSO | ||
| 231 | .Xr openssl 1 , | ||
| 232 | .Xr ssl 3 , | ||
| 233 | .Xr SSL_CTX_set_cipher_list 3 , | ||
| 234 | .Xr SSL_CTX_set_options 3 , | ||
| 235 | .Xr SSL_CTX_set_tmp_rsa_callback 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3 b/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3 deleted file mode 100644 index 253274d122..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_tmp_rsa_callback.3 +++ /dev/null | |||
| @@ -1,231 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_TMP_RSA_CALLBACK.POD 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_tmp_rsa_callback , | ||
| 9 | .Nm SSL_CTX_set_tmp_rsa , | ||
| 10 | .Nm SSL_CTX_need_tmp_rsa , | ||
| 11 | .Nm SSL_set_tmp_rsa_callback , | ||
| 12 | .Nm SSL_set_tmp_rsa , | ||
| 13 | .Nm SSL_need_tmp_rsa | ||
| 14 | .Nd handle RSA keys for ephemeral key exchange | ||
| 15 | .Sh SYNOPSIS | ||
| 16 | .In openssl/ssl.h | ||
| 17 | .Ft void | ||
| 18 | .Fo SSL_CTX_set_tmp_rsa_callback | ||
| 19 | .Fa "SSL_CTX *ctx" | ||
| 20 | .Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)" | ||
| 21 | .Fc | ||
| 22 | .Ft long | ||
| 23 | .Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa" | ||
| 24 | .Ft long | ||
| 25 | .Fn SSL_CTX_need_tmp_rsa "SSL_CTX *ctx" | ||
| 26 | .Ft void | ||
| 27 | .Fo SSL_set_tmp_rsa_callback | ||
| 28 | .Fa "SSL_CTX *ctx" | ||
| 29 | .Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)" | ||
| 30 | .Fc | ||
| 31 | .Ft long | ||
| 32 | .Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa" | ||
| 33 | .Ft long | ||
| 34 | .Fn SSL_need_tmp_rsa "SSL *ssl" | ||
| 35 | .Ft RSA * | ||
| 36 | .Fn "(*tmp_rsa_callback)" "SSL *ssl" "int is_export" "int keylength" | ||
| 37 | .Sh DESCRIPTION | ||
| 38 | .Fn SSL_CTX_set_tmp_rsa_callback | ||
| 39 | sets the callback function for | ||
| 40 | .Fa ctx | ||
| 41 | to be used when a temporary/ephemeral RSA key is required to | ||
| 42 | .Fa tmp_rsa_callback . | ||
| 43 | The callback is inherited by all | ||
| 44 | .Vt SSL | ||
| 45 | objects newly created from | ||
| 46 | .Fa ctx | ||
| 47 | with | ||
| 48 | .Xr SSL_new 3 . | ||
| 49 | Already created SSL objects are not affected. | ||
| 50 | .Pp | ||
| 51 | .Fn SSL_CTX_set_tmp_rsa | ||
| 52 | sets the temporary/ephemeral RSA key to be used to be | ||
| 53 | .Fa rsa . | ||
| 54 | The key is inherited by all | ||
| 55 | .Vt SSL | ||
| 56 | objects newly created from | ||
| 57 | .Fa ctx | ||
| 58 | with | ||
| 59 | .Xr SSL_new 3 . | ||
| 60 | Already created SSL objects are not affected. | ||
| 61 | .Pp | ||
| 62 | .Fn SSL_CTX_need_tmp_rsa | ||
| 63 | returns 1, | ||
| 64 | if a temporary/ephemeral RSA key is needed for RSA-based strength-limited | ||
| 65 | .Sq exportable | ||
| 66 | ciphersuites because a RSA key with a keysize larger than 512 bits is installed. | ||
| 67 | .Pp | ||
| 68 | .Fn SSL_set_tmp_rsa_callback | ||
| 69 | sets the callback only for | ||
| 70 | .Fa ssl . | ||
| 71 | .Pp | ||
| 72 | .Fn SSL_set_tmp_rsa | ||
| 73 | sets the key only for | ||
| 74 | .Fa ssl . | ||
| 75 | .Pp | ||
| 76 | .Fn SSL_need_tmp_rsa | ||
| 77 | returns 1, | ||
| 78 | if a temporary/ephemeral RSA key is needed for RSA-based strength-limited | ||
| 79 | .Sq exportable | ||
| 80 | ciphersuites because a RSA key with a keysize larger than 512 bits is installed. | ||
| 81 | .Pp | ||
| 82 | These functions apply to SSL/TLS servers only. | ||
| 83 | .Sh NOTES | ||
| 84 | When using a cipher with RSA authentication, | ||
| 85 | an ephemeral RSA key exchange can take place. | ||
| 86 | In this case the session data are negotiated using the ephemeral/temporary RSA | ||
| 87 | key and the RSA key supplied and certified by the certificate chain is only | ||
| 88 | used for signing. | ||
| 89 | .Pp | ||
| 90 | Under previous export restrictions, ciphers with RSA keys shorter (512 bits) | ||
| 91 | than the usual key length of 1024 bits were created. | ||
| 92 | To use these ciphers with RSA keys of usual length, an ephemeral key exchange | ||
| 93 | must be performed, as the normal (certified) key cannot be directly used. | ||
| 94 | .Pp | ||
| 95 | Using ephemeral RSA key exchange yields forward secrecy, | ||
| 96 | as the connection can only be decrypted when the RSA key is known. | ||
| 97 | By generating a temporary RSA key inside the server application that is lost | ||
| 98 | when the application is left, it becomes impossible for an attacker to decrypt | ||
| 99 | past sessions, even if he gets hold of the normal (certified) RSA key, | ||
| 100 | as this key was used for signing only. | ||
| 101 | The downside is that creating a RSA key is computationally expensive. | ||
| 102 | .Pp | ||
| 103 | Additionally, the use of ephemeral RSA key exchange is only allowed in the TLS | ||
| 104 | standard when the RSA key can be used for signing only, that is, | ||
| 105 | for export ciphers. | ||
| 106 | Using ephemeral RSA key exchange for other purposes violates the standard and | ||
| 107 | can break interoperability with clients. | ||
| 108 | It is therefore strongly recommended to not use ephemeral RSA key exchange and | ||
| 109 | use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve | ||
| 110 | forward secrecy (see | ||
| 111 | .Xr SSL_CTX_set_tmp_dh_callback 3 ) . | ||
| 112 | .Pp | ||
| 113 | On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default | ||
| 114 | and must be explicitly enabled using the | ||
| 115 | .Dv SSL_OP_EPHEMERAL_RSA | ||
| 116 | option of | ||
| 117 | .Xr SSL_CTX_set_options 3 , | ||
| 118 | violating the TLS/SSL | ||
| 119 | standard. | ||
| 120 | When ephemeral RSA key exchange is required for export ciphers, | ||
| 121 | it will automatically be used without this option! | ||
| 122 | .Pp | ||
| 123 | An application may either directly specify the key or can supply the key via | ||
| 124 | a callback function. | ||
| 125 | The callback approach has the advantage that the callback may generate the key | ||
| 126 | only in case it is actually needed. | ||
| 127 | However, as the generation of a RSA key is costly, | ||
| 128 | it will lead to a significant delay in the handshake procedure. | ||
| 129 | Another advantage of the callback function is that it can supply keys of | ||
| 130 | different size (e.g., for | ||
| 131 | .Dv SSL_OP_EPHEMERAL_RSA | ||
| 132 | usage) while the explicit setting of the key is only useful for key size of | ||
| 133 | 512 bits to satisfy the export restricted ciphers and does give away key length | ||
| 134 | if a longer key would be allowed. | ||
| 135 | .Pp | ||
| 136 | The | ||
| 137 | .Fa tmp_rsa_callback | ||
| 138 | is called with the | ||
| 139 | .Fa keylength | ||
| 140 | needed and the | ||
| 141 | .Fa is_export | ||
| 142 | information. | ||
| 143 | The | ||
| 144 | .Fa is_export | ||
| 145 | flag is set when the ephemeral RSA key exchange is performed with an export | ||
| 146 | cipher. | ||
| 147 | .Sh RETURN VALUES | ||
| 148 | .Fn SSL_CTX_set_tmp_rsa_callback | ||
| 149 | and | ||
| 150 | .Fn SSL_set_tmp_rsa_callback | ||
| 151 | do not return diagnostic output. | ||
| 152 | .Pp | ||
| 153 | .Fn SSL_CTX_set_tmp_rsa | ||
| 154 | and | ||
| 155 | .Fn SSL_set_tmp_rsa | ||
| 156 | return 1 on success and 0 on failure. | ||
| 157 | Check the error queue to find out the reason of failure. | ||
| 158 | .Pp | ||
| 159 | .Fn SSL_CTX_need_tmp_rsa | ||
| 160 | and | ||
| 161 | .Fn SSL_need_tmp_rsa | ||
| 162 | return 1 if a temporary RSA key is needed and 0 otherwise. | ||
| 163 | .Sh EXAMPLES | ||
| 164 | Generate temporary RSA keys to prepare ephemeral RSA key exchange. | ||
| 165 | As the generation of a RSA key costs a lot of computer time, | ||
| 166 | they are saved for later reuse. | ||
| 167 | For demonstration purposes, two keys for 512 bits and 1024 bits | ||
| 168 | respectively are generated. | ||
| 169 | .Bd -literal | ||
| 170 | \&... | ||
| 171 | |||
| 172 | /* Set up ephemeral RSA stuff */ | ||
| 173 | RSA *rsa_512 = NULL; | ||
| 174 | RSA *rsa_1024 = NULL; | ||
| 175 | |||
| 176 | rsa_512 = RSA_generate_key(512, RSA_F4, NULL, NULL); | ||
| 177 | if (rsa_512 == NULL) | ||
| 178 | evaluate_error_queue(); | ||
| 179 | |||
| 180 | rsa_1024 = RSA_generate_key(1024, RSA_F4, NULL, NULL); | ||
| 181 | if (rsa_1024 == NULL) | ||
| 182 | evaluate_error_queue(); | ||
| 183 | |||
| 184 | \&... | ||
| 185 | |||
| 186 | RSA * | ||
| 187 | tmp_rsa_callback(SSL *s, int is_export, int keylength) | ||
| 188 | { | ||
| 189 | RSA *rsa_tmp = NULL; | ||
| 190 | |||
| 191 | switch (keylength) { | ||
| 192 | case 512: | ||
| 193 | if (rsa_512) | ||
| 194 | rsa_tmp = rsa_512; | ||
| 195 | else { | ||
| 196 | /* | ||
| 197 | * generate on the fly, | ||
| 198 | * should not happen in this example | ||
| 199 | */ | ||
| 200 | rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, | ||
| 201 | NULL); | ||
| 202 | rsa_512 = rsa_tmp; /* Remember for later reuse */ | ||
| 203 | } | ||
| 204 | break; | ||
| 205 | case 1024: | ||
| 206 | if (rsa_1024) | ||
| 207 | rsa_tmp = rsa_1024; | ||
| 208 | else | ||
| 209 | should_not_happen_in_this_example(); | ||
| 210 | break; | ||
| 211 | default: | ||
| 212 | /* | ||
| 213 | * Generating a key on the fly is very costly, | ||
| 214 | * so use what is there | ||
| 215 | */ | ||
| 216 | if (rsa_1024) | ||
| 217 | rsa_tmp = rsa_1024; | ||
| 218 | else | ||
| 219 | /* Use at least a shorter key */ | ||
| 220 | rsa_tmp = rsa_512; | ||
| 221 | } | ||
| 222 | return rsa_tmp; | ||
| 223 | } | ||
| 224 | .Ed | ||
| 225 | .Sh SEE ALSO | ||
| 226 | .Xr openssl 1 , | ||
| 227 | .Xr ssl 3 , | ||
| 228 | .Xr SSL_CTX_set_cipher_list 3 , | ||
| 229 | .Xr SSL_CTX_set_options 3 , | ||
| 230 | .Xr SSL_CTX_set_tmp_dh_callback 3 , | ||
| 231 | .Xr SSL_new 3 | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_set_verify.3 b/src/lib/libssl/doc/SSL_CTX_set_verify.3 deleted file mode 100644 index 9292f2086b..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_set_verify.3 +++ /dev/null | |||
| @@ -1,415 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_set_verify.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_SET_VERIFY 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_set_verify , | ||
| 9 | .Nm SSL_set_verify , | ||
| 10 | .Nm SSL_CTX_set_verify_depth , | ||
| 11 | .Nm SSL_set_verify_depth | ||
| 12 | .Nd set peer certificate verification parameters | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft void | ||
| 16 | .Fo SSL_CTX_set_verify | ||
| 17 | .Fa "SSL_CTX *ctx" | ||
| 18 | .Fa "int mode" | ||
| 19 | .Fa "int (*verify_callback)(int, X509_STORE_CTX *)" | ||
| 20 | .Fc | ||
| 21 | .Ft void | ||
| 22 | .Fo SSL_set_verify | ||
| 23 | .Fa "SSL *s" | ||
| 24 | .Fa "int mode" | ||
| 25 | .Fa "int (*verify_callback)(int, X509_STORE_CTX *)" | ||
| 26 | .Fc | ||
| 27 | .Ft void | ||
| 28 | .Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth" | ||
| 29 | .Ft void | ||
| 30 | .Fn SSL_set_verify_depth "SSL *s" "int depth" | ||
| 31 | .Ft int | ||
| 32 | .Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx" | ||
| 33 | .Sh DESCRIPTION | ||
| 34 | .Fn SSL_CTX_set_verify | ||
| 35 | sets the verification flags for | ||
| 36 | .Fa ctx | ||
| 37 | to be | ||
| 38 | .Fa mode | ||
| 39 | and | ||
| 40 | specifies the | ||
| 41 | .Fa verify_callback | ||
| 42 | function to be used. | ||
| 43 | If no callback function shall be specified, the | ||
| 44 | .Dv NULL | ||
| 45 | pointer can be used for | ||
| 46 | .Fa verify_callback . | ||
| 47 | .Pp | ||
| 48 | .Fn SSL_set_verify | ||
| 49 | sets the verification flags for | ||
| 50 | .Fa ssl | ||
| 51 | to be | ||
| 52 | .Fa mode | ||
| 53 | and specifies the | ||
| 54 | .Fa verify_callback | ||
| 55 | function to be used. | ||
| 56 | If no callback function shall be specified, the | ||
| 57 | .Dv NULL | ||
| 58 | pointer can be used for | ||
| 59 | .Fa verify_callback . | ||
| 60 | In this case last | ||
| 61 | .Fa verify_callback | ||
| 62 | set specifically for this | ||
| 63 | .Fa ssl | ||
| 64 | remains. | ||
| 65 | If no special callback was set before, the default callback for the underlying | ||
| 66 | .Fa ctx | ||
| 67 | is used, that was valid at the time | ||
| 68 | .Fa ssl | ||
| 69 | was created with | ||
| 70 | .Xr SSL_new 3 . | ||
| 71 | .Pp | ||
| 72 | .Fn SSL_CTX_set_verify_depth | ||
| 73 | sets the maximum | ||
| 74 | .Fa depth | ||
| 75 | for the certificate chain verification that shall be allowed for | ||
| 76 | .Fa ctx . | ||
| 77 | (See the | ||
| 78 | .Sx BUGS | ||
| 79 | section.) | ||
| 80 | .Pp | ||
| 81 | .Fn SSL_set_verify_depth | ||
| 82 | sets the maximum | ||
| 83 | .Fa depth | ||
| 84 | for the certificate chain verification that shall be allowed for | ||
| 85 | .Fa ssl . | ||
| 86 | (See the | ||
| 87 | .Sx BUGS | ||
| 88 | section.) | ||
| 89 | .Sh NOTES | ||
| 90 | The verification of certificates can be controlled by a set of bitwise ORed | ||
| 91 | .Fa mode | ||
| 92 | flags: | ||
| 93 | .Bl -tag -width Ds | ||
| 94 | .It Dv SSL_VERIFY_NONE | ||
| 95 | .Em Server mode: | ||
| 96 | the server will not send a client certificate request to the client, | ||
| 97 | so the client will not send a certificate. | ||
| 98 | .Pp | ||
| 99 | .Em Client mode: | ||
| 100 | if not using an anonymous cipher (by default disabled), | ||
| 101 | the server will send a certificate which will be checked. | ||
| 102 | The result of the certificate verification process can be checked after the | ||
| 103 | TLS/SSL handshake using the | ||
| 104 | .Xr SSL_get_verify_result 3 | ||
| 105 | function. | ||
| 106 | The handshake will be continued regardless of the verification result. | ||
| 107 | .It Dv SSL_VERIFY_PEER | ||
| 108 | .Em Server mode: | ||
| 109 | the server sends a client certificate request to the client. | ||
| 110 | The certificate returned (if any) is checked. | ||
| 111 | If the verification process fails, | ||
| 112 | the TLS/SSL handshake is immediately terminated with an alert message | ||
| 113 | containing the reason for the verification failure. | ||
| 114 | The behaviour can be controlled by the additional | ||
| 115 | .Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT | ||
| 116 | and | ||
| 117 | .Dv SSL_VERIFY_CLIENT_ONCE | ||
| 118 | flags. | ||
| 119 | .Pp | ||
| 120 | .Em Client mode: | ||
| 121 | the server certificate is verified. | ||
| 122 | If the verification process fails, | ||
| 123 | the TLS/SSL handshake is immediately terminated with an alert message | ||
| 124 | containing the reason for the verification failure. | ||
| 125 | If no server certificate is sent, because an anonymous cipher is used, | ||
| 126 | .Dv SSL_VERIFY_PEER | ||
| 127 | is ignored. | ||
| 128 | .It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT | ||
| 129 | .Em Server mode: | ||
| 130 | if the client did not return a certificate, the TLS/SSL | ||
| 131 | handshake is immediately terminated with a | ||
| 132 | .Dq handshake failure | ||
| 133 | alert. | ||
| 134 | This flag must be used together with | ||
| 135 | .Dv SSL_VERIFY_PEER. | ||
| 136 | .Pp | ||
| 137 | .Em Client mode: | ||
| 138 | ignored | ||
| 139 | .It Dv SSL_VERIFY_CLIENT_ONCE | ||
| 140 | .Em Server mode: | ||
| 141 | only request a client certificate on the initial TLS/SSL handshake. | ||
| 142 | Do not ask for a client certificate again in case of a renegotiation. | ||
| 143 | This flag must be used together with | ||
| 144 | .Dv SSL_VERIFY_PEER . | ||
| 145 | .Pp | ||
| 146 | .Em Client mode: | ||
| 147 | ignored | ||
| 148 | .El | ||
| 149 | .Pp | ||
| 150 | Exactly one of the | ||
| 151 | .Fa mode | ||
| 152 | flags | ||
| 153 | .Dv SSL_VERIFY_NONE | ||
| 154 | and | ||
| 155 | .Dv SSL_VERIFY_PEER | ||
| 156 | must be set at any time. | ||
| 157 | .Pp | ||
| 158 | The actual verification procedure is performed either using the built-in | ||
| 159 | verification procedure or using another application provided verification | ||
| 160 | function set with | ||
| 161 | .Xr SSL_CTX_set_cert_verify_callback 3 . | ||
| 162 | The following descriptions apply in the case of the built-in procedure. | ||
| 163 | An application provided procedure also has access to the verify depth | ||
| 164 | information and the | ||
| 165 | .Fa verify_callback Ns () | ||
| 166 | function, but the way this information is used may be different. | ||
| 167 | .Pp | ||
| 168 | .Fn SSL_CTX_set_verify_depth | ||
| 169 | and | ||
| 170 | .Fn SSL_set_verify_depth | ||
| 171 | set the limit up to which depth certificates in a chain are used during the | ||
| 172 | verification procedure. | ||
| 173 | If the certificate chain is longer than allowed, | ||
| 174 | the certificates above the limit are ignored. | ||
| 175 | Error messages are generated as if these certificates would not be present, | ||
| 176 | most likely a | ||
| 177 | .Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | ||
| 178 | will be issued. | ||
| 179 | The depth count is | ||
| 180 | .Dq level 0: peer certificate , | ||
| 181 | .Dq level 1: CA certificate , | ||
| 182 | .Dq level 2: higher level CA certificate , | ||
| 183 | and so on. | ||
| 184 | Setting the maximum depth to 2 allows the levels 0, 1, and 2. | ||
| 185 | The default depth limit is 100, | ||
| 186 | allowing for the peer certificate and an additional 100 CA certificates. | ||
| 187 | .Pp | ||
| 188 | The | ||
| 189 | .Fa verify_callback | ||
| 190 | function is used to control the behaviour when the | ||
| 191 | .Dv SSL_VERIFY_PEER | ||
| 192 | flag is set. | ||
| 193 | It must be supplied by the application and receives two arguments: | ||
| 194 | .Fa preverify_ok | ||
| 195 | indicates whether the verification of the certificate in question was passed | ||
| 196 | (preverify_ok=1) or not (preverify_ok=0). | ||
| 197 | .Fa x509_ctx | ||
| 198 | is a pointer to the complete context used | ||
| 199 | for the certificate chain verification. | ||
| 200 | .Pp | ||
| 201 | The certificate chain is checked starting with the deepest nesting level | ||
| 202 | (the root CA certificate) and worked upward to the peer's certificate. | ||
| 203 | At each level signatures and issuer attributes are checked. | ||
| 204 | Whenever a verification error is found, the error number is stored in | ||
| 205 | .Fa x509_ctx | ||
| 206 | and | ||
| 207 | .Fa verify_callback | ||
| 208 | is called with | ||
| 209 | .Fa preverify_ok | ||
| 210 | equal to 0. | ||
| 211 | By applying | ||
| 212 | .Fn X509_CTX_store_* | ||
| 213 | functions | ||
| 214 | .Fa verify_callback | ||
| 215 | can locate the certificate in question and perform additional steps (see | ||
| 216 | .Sx EXAMPLES ) . | ||
| 217 | If no error is found for a certificate, | ||
| 218 | .Fa verify_callback | ||
| 219 | is called with | ||
| 220 | .Fa preverify_ok | ||
| 221 | equal to 1 before advancing to the next level. | ||
| 222 | .Pp | ||
| 223 | The return value of | ||
| 224 | .Fa verify_callback | ||
| 225 | controls the strategy of the further verification process. | ||
| 226 | If | ||
| 227 | .Fa verify_callback | ||
| 228 | returns 0, the verification process is immediately stopped with | ||
| 229 | .Dq verification failed | ||
| 230 | state. | ||
| 231 | If | ||
| 232 | .Dv SSL_VERIFY_PEER | ||
| 233 | is set, a verification failure alert is sent to the peer and the TLS/SSL | ||
| 234 | handshake is terminated. | ||
| 235 | If | ||
| 236 | .Fa verify_callback | ||
| 237 | returns 1, the verification process is continued. | ||
| 238 | If | ||
| 239 | .Fa verify_callback | ||
| 240 | always returns 1, | ||
| 241 | the TLS/SSL handshake will not be terminated with respect to verification | ||
| 242 | failures and the connection will be established. | ||
| 243 | The calling process can however retrieve the error code of the last | ||
| 244 | verification error using | ||
| 245 | .Xr SSL_get_verify_result 3 | ||
| 246 | or by maintaining its own error storage managed by | ||
| 247 | .Fa verify_callback . | ||
| 248 | .Pp | ||
| 249 | If no | ||
| 250 | .Fa verify_callback | ||
| 251 | is specified, the default callback will be used. | ||
| 252 | Its return value is identical to | ||
| 253 | .Fa preverify_ok , | ||
| 254 | so that any verification | ||
| 255 | failure will lead to a termination of the TLS/SSL handshake with an | ||
| 256 | alert message, if | ||
| 257 | .Dv SSL_VERIFY_PEER | ||
| 258 | is set. | ||
| 259 | .Sh RETURN VALUES | ||
| 260 | The | ||
| 261 | .Fn SSL*_set_verify* | ||
| 262 | functions do not provide diagnostic information. | ||
| 263 | .Sh EXAMPLES | ||
| 264 | The following code sequence realizes an example | ||
| 265 | .Fa verify_callback | ||
| 266 | function that will always continue the TLS/SSL handshake regardless of | ||
| 267 | verification failure, if wished. | ||
| 268 | The callback realizes a verification depth limit with more informational output. | ||
| 269 | .Pp | ||
| 270 | All verification errors are printed; | ||
| 271 | information about the certificate chain is printed on request. | ||
| 272 | The example is realized for a server that does allow but not require client | ||
| 273 | certificates. | ||
| 274 | .Pp | ||
| 275 | The example makes use of the ex_data technique to store application data | ||
| 276 | into/retrieve application data from the | ||
| 277 | .Vt SSL | ||
| 278 | structure (see | ||
| 279 | .Xr SSL_get_ex_new_index 3 , | ||
| 280 | .Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) . | ||
| 281 | .Bd -literal | ||
| 282 | \&... | ||
| 283 | |||
| 284 | typedef struct { | ||
| 285 | int verbose_mode; | ||
| 286 | int verify_depth; | ||
| 287 | int always_continue; | ||
| 288 | } mydata_t; | ||
| 289 | int mydata_index; | ||
| 290 | \&... | ||
| 291 | static int | ||
| 292 | verify_callback(int preverify_ok, X509_STORE_CTX *ctx) | ||
| 293 | { | ||
| 294 | char buf[256]; | ||
| 295 | X509 *err_cert; | ||
| 296 | int err, depth; | ||
| 297 | SSL *ssl; | ||
| 298 | mydata_t *mydata; | ||
| 299 | |||
| 300 | err_cert = X509_STORE_CTX_get_current_cert(ctx); | ||
| 301 | err = X509_STORE_CTX_get_error(ctx); | ||
| 302 | depth = X509_STORE_CTX_get_error_depth(ctx); | ||
| 303 | |||
| 304 | /* | ||
| 305 | * Retrieve the pointer to the SSL of the connection currently | ||
| 306 | * treated * and the application specific data stored into the | ||
| 307 | * SSL object. | ||
| 308 | */ | ||
| 309 | ssl = X509_STORE_CTX_get_ex_data(ctx, | ||
| 310 | SSL_get_ex_data_X509_STORE_CTX_idx()); | ||
| 311 | mydata = SSL_get_ex_data(ssl, mydata_index); | ||
| 312 | |||
| 313 | X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); | ||
| 314 | |||
| 315 | /* | ||
| 316 | * Catch a too long certificate chain. The depth limit set using | ||
| 317 | * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so | ||
| 318 | * that whenever the "depth>verify_depth" condition is met, we | ||
| 319 | * have violated the limit and want to log this error condition. | ||
| 320 | * We must do it here, because the CHAIN_TOO_LONG error would not | ||
| 321 | * be found explicitly; only errors introduced by cutting off the | ||
| 322 | * additional certificates would be logged. | ||
| 323 | */ | ||
| 324 | if (depth > mydata->verify_depth) { | ||
| 325 | preverify_ok = 0; | ||
| 326 | err = X509_V_ERR_CERT_CHAIN_TOO_LONG; | ||
| 327 | X509_STORE_CTX_set_error(ctx, err); | ||
| 328 | } | ||
| 329 | if (!preverify_ok) { | ||
| 330 | printf("verify error:num=%d:%s:depth=%d:%s\en", err, | ||
| 331 | X509_verify_cert_error_string(err), depth, buf); | ||
| 332 | } else if (mydata->verbose_mode) { | ||
| 333 | printf("depth=%d:%s\en", depth, buf); | ||
| 334 | } | ||
| 335 | |||
| 336 | /* | ||
| 337 | * At this point, err contains the last verification error. | ||
| 338 | * We can use it for something special | ||
| 339 | */ | ||
| 340 | if (!preverify_ok && (err == | ||
| 341 | X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { | ||
| 342 | X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), | ||
| 343 | buf, 256); | ||
| 344 | printf("issuer= %s\en", buf); | ||
| 345 | } | ||
| 346 | |||
| 347 | if (mydata->always_continue) | ||
| 348 | return 1; | ||
| 349 | else | ||
| 350 | return preverify_ok; | ||
| 351 | } | ||
| 352 | \&... | ||
| 353 | |||
| 354 | mydata_t mydata; | ||
| 355 | |||
| 356 | \&... | ||
| 357 | |||
| 358 | mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); | ||
| 359 | |||
| 360 | \&... | ||
| 361 | |||
| 362 | SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, | ||
| 363 | verify_callback); | ||
| 364 | |||
| 365 | /* | ||
| 366 | * Let the verify_callback catch the verify_depth error so that we get | ||
| 367 | * an appropriate error in the logfile. | ||
| 368 | */ | ||
| 369 | SSL_CTX_set_verify_depth(verify_depth + 1); | ||
| 370 | |||
| 371 | /* | ||
| 372 | * Set up the SSL specific data into "mydata" and store it into the SSL | ||
| 373 | * structure. | ||
| 374 | */ | ||
| 375 | mydata.verify_depth = verify_depth; ... | ||
| 376 | SSL_set_ex_data(ssl, mydata_index, &mydata); | ||
| 377 | |||
| 378 | \&... | ||
| 379 | |||
| 380 | SSL_accept(ssl); /* check of success left out for clarity */ | ||
| 381 | if (peer = SSL_get_peer_certificate(ssl)) { | ||
| 382 | if (SSL_get_verify_result(ssl) == X509_V_OK) { | ||
| 383 | /* The client sent a certificate which verified OK */ | ||
| 384 | } | ||
| 385 | } | ||
| 386 | .Ed | ||
| 387 | .Sh SEE ALSO | ||
| 388 | .Xr ssl 3 , | ||
| 389 | .Xr SSL_CTX_get_verify_mode 3 , | ||
| 390 | .Xr SSL_CTX_load_verify_locations 3 , | ||
| 391 | .Xr SSL_CTX_set_cert_verify_callback 3 , | ||
| 392 | .Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 , | ||
| 393 | .Xr SSL_get_ex_new_index 3 , | ||
| 394 | .Xr SSL_get_peer_certificate 3 , | ||
| 395 | .Xr SSL_get_verify_result 3 , | ||
| 396 | .Xr SSL_new 3 | ||
| 397 | .Sh BUGS | ||
| 398 | In client mode, it is not checked whether the | ||
| 399 | .Dv SSL_VERIFY_PEER | ||
| 400 | flag is set, but whether | ||
| 401 | .Dv SSL_VERIFY_NONE | ||
| 402 | is not set. | ||
| 403 | This can lead to unexpected behaviour, if the | ||
| 404 | .Dv SSL_VERIFY_PEER | ||
| 405 | and | ||
| 406 | .Dv SSL_VERIFY_NONE | ||
| 407 | are not used as required (exactly one must be set at any time). | ||
| 408 | .Pp | ||
| 409 | The certificate verification depth set with | ||
| 410 | .Fn SSL[_CTX]_verify_depth | ||
| 411 | stops the verification at a certain depth. | ||
| 412 | The error message produced will be that of an incomplete certificate chain and | ||
| 413 | not | ||
| 414 | .Dv X509_V_ERR_CERT_CHAIN_TOO_LONG | ||
| 415 | as may be expected. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_use_certificate.3 b/src/lib/libssl/doc/SSL_CTX_use_certificate.3 deleted file mode 100644 index 6282c3b0d7..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_use_certificate.3 +++ /dev/null | |||
| @@ -1,336 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.3 2015/02/06 01:37:11 reyk Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: February 6 2015 $ | ||
| 5 | .Dt SSL_CTX_USE_CERTIFICATE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_use_certificate , | ||
| 9 | .Nm SSL_CTX_use_certificate_ASN1 , | ||
| 10 | .Nm SSL_CTX_use_certificate_file , | ||
| 11 | .Nm SSL_use_certificate , | ||
| 12 | .Nm SSL_use_certificate_ASN1 , | ||
| 13 | .Nm SSL_use_certificate_file , | ||
| 14 | .Nm SSL_CTX_use_certificate_chain_file , | ||
| 15 | .Nm SSL_CTX_use_certificate_chain_mem , | ||
| 16 | .Nm SSL_CTX_use_PrivateKey , | ||
| 17 | .Nm SSL_CTX_use_PrivateKey_ASN1 , | ||
| 18 | .Nm SSL_CTX_use_PrivateKey_file , | ||
| 19 | .Nm SSL_CTX_use_RSAPrivateKey , | ||
| 20 | .Nm SSL_CTX_use_RSAPrivateKey_ASN1 , | ||
| 21 | .Nm SSL_CTX_use_RSAPrivateKey_file , | ||
| 22 | .Nm SSL_use_PrivateKey_file , | ||
| 23 | .Nm SSL_use_PrivateKey_ASN1 , | ||
| 24 | .Nm SSL_use_PrivateKey , | ||
| 25 | .Nm SSL_use_RSAPrivateKey , | ||
| 26 | .Nm SSL_use_RSAPrivateKey_ASN1 , | ||
| 27 | .Nm SSL_use_RSAPrivateKey_file , | ||
| 28 | .Nm SSL_CTX_check_private_key , | ||
| 29 | .Nm SSL_check_private_key | ||
| 30 | .Nd load certificate and key data | ||
| 31 | .Sh SYNOPSIS | ||
| 32 | .In openssl/ssl.h | ||
| 33 | .Ft int | ||
| 34 | .Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x" | ||
| 35 | .Ft int | ||
| 36 | .Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d" | ||
| 37 | .Ft int | ||
| 38 | .Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "const char *file" "int type" | ||
| 39 | .Ft int | ||
| 40 | .Fn SSL_use_certificate "SSL *ssl" "X509 *x" | ||
| 41 | .Ft int | ||
| 42 | .Fn SSL_use_certificate_ASN1 "SSL *ssl" "unsigned char *d" "int len" | ||
| 43 | .Ft int | ||
| 44 | .Fn SSL_use_certificate_file "SSL *ssl" "const char *file" "int type" | ||
| 45 | .Ft int | ||
| 46 | .Fn SSL_CTX_use_certificate_chain_file "SSL_CTX *ctx" "const char *file" | ||
| 47 | .Ft int | ||
| 48 | .Fn SSL_CTX_use_certificate_chain_mem "SSL_CTX *ctx" "void *buf" "int len" | ||
| 49 | .Ft int | ||
| 50 | .Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey" | ||
| 51 | .Ft int | ||
| 52 | .Fo SSL_CTX_use_PrivateKey_ASN1 | ||
| 53 | .Fa "int pk" "SSL_CTX *ctx" "unsigned char *d" "long len" | ||
| 54 | .Fc | ||
| 55 | .Ft int | ||
| 56 | .Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "const char *file" "int type" | ||
| 57 | .Ft int | ||
| 58 | .Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa" | ||
| 59 | .Ft int | ||
| 60 | .Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len" | ||
| 61 | .Ft int | ||
| 62 | .Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "const char *file" "int type" | ||
| 63 | .Ft int | ||
| 64 | .Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey" | ||
| 65 | .Ft int | ||
| 66 | .Fn SSL_use_PrivateKey_ASN1 "int pk" "SSL *ssl" "unsigned char *d" "long len" | ||
| 67 | .Ft int | ||
| 68 | .Fn SSL_use_PrivateKey_file "SSL *ssl" "const char *file" "int type" | ||
| 69 | .Ft int | ||
| 70 | .Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa" | ||
| 71 | .Ft int | ||
| 72 | .Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len" | ||
| 73 | .Ft int | ||
| 74 | .Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "const char *file" "int type" | ||
| 75 | .Ft int | ||
| 76 | .Fn SSL_CTX_check_private_key "const SSL_CTX *ctx" | ||
| 77 | .Ft int | ||
| 78 | .Fn SSL_check_private_key "const SSL *ssl" | ||
| 79 | .Sh DESCRIPTION | ||
| 80 | These functions load the certificates and private keys into the | ||
| 81 | .Vt SSL_CTX | ||
| 82 | or | ||
| 83 | .Vt SSL | ||
| 84 | object, respectively. | ||
| 85 | .Pp | ||
| 86 | The | ||
| 87 | .Fn SSL_CTX_* | ||
| 88 | class of functions loads the certificates and keys into the | ||
| 89 | .Vt SSL_CTX | ||
| 90 | object | ||
| 91 | .Fa ctx . | ||
| 92 | The information is passed to | ||
| 93 | .Vt SSL | ||
| 94 | objects | ||
| 95 | .Fa ssl | ||
| 96 | created from | ||
| 97 | .Fa ctx | ||
| 98 | with | ||
| 99 | .Xr SSL_new 3 | ||
| 100 | by copying, so that changes applied to | ||
| 101 | .Fa ctx | ||
| 102 | do not propagate to already existing | ||
| 103 | .Vt SSL | ||
| 104 | objects. | ||
| 105 | .Pp | ||
| 106 | The | ||
| 107 | .Fn SSL_* | ||
| 108 | class of functions only loads certificates and keys into a specific | ||
| 109 | .Vt SSL | ||
| 110 | object. | ||
| 111 | The specific information is kept when | ||
| 112 | .Xr SSL_clear 3 | ||
| 113 | is called for this | ||
| 114 | .Vt SSL | ||
| 115 | object. | ||
| 116 | .Pp | ||
| 117 | .Fn SSL_CTX_use_certificate | ||
| 118 | loads the certificate | ||
| 119 | .Fa x | ||
| 120 | into | ||
| 121 | .Fa ctx ; | ||
| 122 | .Fn SSL_use_certificate | ||
| 123 | loads | ||
| 124 | .Fa x | ||
| 125 | into | ||
| 126 | .Fa ssl . | ||
| 127 | The rest of the certificates needed to form the complete certificate chain can | ||
| 128 | be specified using the | ||
| 129 | .Xr SSL_CTX_add_extra_chain_cert 3 | ||
| 130 | function. | ||
| 131 | .Pp | ||
| 132 | .Fn SSL_CTX_use_certificate_ASN1 | ||
| 133 | loads the ASN1 encoded certificate from the memory location | ||
| 134 | .Fa d | ||
| 135 | (with length | ||
| 136 | .Fa len ) | ||
| 137 | into | ||
| 138 | .Fa ctx ; | ||
| 139 | .Fn SSL_use_certificate_ASN1 | ||
| 140 | loads the ASN1 encoded certificate into | ||
| 141 | .Fa ssl . | ||
| 142 | .Pp | ||
| 143 | .Fn SSL_CTX_use_certificate_file | ||
| 144 | loads the first certificate stored in | ||
| 145 | .Fa file | ||
| 146 | into | ||
| 147 | .Fa ctx . | ||
| 148 | The formatting | ||
| 149 | .Fa type | ||
| 150 | of the certificate must be specified from the known types | ||
| 151 | .Dv SSL_FILETYPE_PEM | ||
| 152 | and | ||
| 153 | .Dv SSL_FILETYPE_ASN1 . | ||
| 154 | .Fn SSL_use_certificate_file | ||
| 155 | loads the certificate from | ||
| 156 | .Fa file | ||
| 157 | into | ||
| 158 | .Fa ssl . | ||
| 159 | See the | ||
| 160 | .Sx NOTES | ||
| 161 | section on why | ||
| 162 | .Fn SSL_CTX_use_certificate_chain_file | ||
| 163 | should be preferred. | ||
| 164 | .Pp | ||
| 165 | The | ||
| 166 | .Fn SSL_CTX_use_certificate_chain* | ||
| 167 | functions load a certificate chain into | ||
| 168 | .Fa ctx . | ||
| 169 | The certificates must be in PEM format and must be sorted starting with the | ||
| 170 | subject's certificate (actual client or server certificate), | ||
| 171 | followed by intermediate CA certificates if applicable, | ||
| 172 | and ending at the highest level (root) CA. | ||
| 173 | There is no corresponding function working on a single | ||
| 174 | .Vt SSL | ||
| 175 | object. | ||
| 176 | .Pp | ||
| 177 | .Fn SSL_CTX_use_PrivateKey | ||
| 178 | adds | ||
| 179 | .Fa pkey | ||
| 180 | as private key to | ||
| 181 | .Fa ctx . | ||
| 182 | .Fn SSL_CTX_use_RSAPrivateKey | ||
| 183 | adds the private key | ||
| 184 | .Fa rsa | ||
| 185 | of type RSA to | ||
| 186 | .Fa ctx . | ||
| 187 | .Fn SSL_use_PrivateKey | ||
| 188 | adds | ||
| 189 | .Fa pkey | ||
| 190 | as private key to | ||
| 191 | .Fa ssl ; | ||
| 192 | .Fn SSL_use_RSAPrivateKey | ||
| 193 | adds | ||
| 194 | .Fa rsa | ||
| 195 | as private key of type RSA to | ||
| 196 | .Fa ssl . | ||
| 197 | If a certificate has already been set and the private does not belong to the | ||
| 198 | certificate, an error is returned. | ||
| 199 | To change a certificate private key pair, | ||
| 200 | the new certificate needs to be set with | ||
| 201 | .Fn SSL_use_certificate | ||
| 202 | or | ||
| 203 | .Fn SSL_CTX_use_certificate | ||
| 204 | before setting the private key with | ||
| 205 | .Fn SSL_CTX_use_PrivateKey | ||
| 206 | or | ||
| 207 | .Fn SSL_use_PrivateKey . | ||
| 208 | .Pp | ||
| 209 | .Fn SSL_CTX_use_PrivateKey_ASN1 | ||
| 210 | adds the private key of type | ||
| 211 | .Fa pk | ||
| 212 | stored at memory location | ||
| 213 | .Fa d | ||
| 214 | (length | ||
| 215 | .Fa len ) | ||
| 216 | to | ||
| 217 | .Fa ctx . | ||
| 218 | .Fn SSL_CTX_use_RSAPrivateKey_ASN1 | ||
| 219 | adds the private key of type RSA stored at memory location | ||
| 220 | .Fa d | ||
| 221 | (length | ||
| 222 | .Fa len ) | ||
| 223 | to | ||
| 224 | .Fa ctx . | ||
| 225 | .Fn SSL_use_PrivateKey_ASN1 | ||
| 226 | and | ||
| 227 | .Fn SSL_use_RSAPrivateKey_ASN1 | ||
| 228 | add the private key to | ||
| 229 | .Fa ssl . | ||
| 230 | .Pp | ||
| 231 | .Fn SSL_CTX_use_PrivateKey_file | ||
| 232 | adds the first private key found in | ||
| 233 | .Fa file | ||
| 234 | to | ||
| 235 | .Fa ctx . | ||
| 236 | The formatting | ||
| 237 | .Fa type | ||
| 238 | of the certificate must be specified from the known types | ||
| 239 | .Dv SSL_FILETYPE_PEM | ||
| 240 | and | ||
| 241 | .Dv SSL_FILETYPE_ASN1 . | ||
| 242 | .Fn SSL_CTX_use_RSAPrivateKey_file | ||
| 243 | adds the first private RSA key found in | ||
| 244 | .Fa file | ||
| 245 | to | ||
| 246 | .Fa ctx . | ||
| 247 | .Fn SSL_use_PrivateKey_file | ||
| 248 | adds the first private key found in | ||
| 249 | .Fa file | ||
| 250 | to | ||
| 251 | .Fa ssl ; | ||
| 252 | .Fn SSL_use_RSAPrivateKey_file | ||
| 253 | adds the first private RSA key found to | ||
| 254 | .Fa ssl . | ||
| 255 | .Pp | ||
| 256 | .Fn SSL_CTX_check_private_key | ||
| 257 | checks the consistency of a private key with the corresponding certificate | ||
| 258 | loaded into | ||
| 259 | .Fa ctx . | ||
| 260 | If more than one key/certificate pair (RSA/DSA) is installed, | ||
| 261 | the last item installed will be checked. | ||
| 262 | If, e.g., the last item was a RSA certificate or key, | ||
| 263 | the RSA key/certificate pair will be checked. | ||
| 264 | .Fn SSL_check_private_key | ||
| 265 | performs the same check for | ||
| 266 | .Fa ssl . | ||
| 267 | If no key/certificate was explicitly added for this | ||
| 268 | .Fa ssl , | ||
| 269 | the last item added into | ||
| 270 | .Fa ctx | ||
| 271 | will be checked. | ||
| 272 | .Sh NOTES | ||
| 273 | The internal certificate store of OpenSSL can hold two private key/certificate | ||
| 274 | pairs at a time: | ||
| 275 | one key/certificate of type RSA and one key/certificate of type DSA. | ||
| 276 | The certificate used depends on the cipher select, see also | ||
| 277 | .Xr SSL_CTX_set_cipher_list 3 . | ||
| 278 | .Pp | ||
| 279 | When reading certificates and private keys from file, files of type | ||
| 280 | .Dv SSL_FILETYPE_ASN1 | ||
| 281 | (also known as | ||
| 282 | .Em DER , | ||
| 283 | binary encoding) can only contain one certificate or private key; consequently, | ||
| 284 | .Fn SSL_CTX_use_certificate_chain_file | ||
| 285 | is only applicable to PEM formatting. | ||
| 286 | Files of type | ||
| 287 | .Dv SSL_FILETYPE_PEM | ||
| 288 | can contain more than one item. | ||
| 289 | .Pp | ||
| 290 | .Fn SSL_CTX_use_certificate_chain_file | ||
| 291 | adds the first certificate found in the file to the certificate store. | ||
| 292 | The other certificates are added to the store of chain certificates using | ||
| 293 | .Xr SSL_CTX_add_extra_chain_cert 3 . | ||
| 294 | There exists only one extra chain store, so that the same chain is appended | ||
| 295 | to both types of certificates, RSA and DSA! | ||
| 296 | If it is not intended to use both type of certificate at the same time, | ||
| 297 | it is recommended to use the | ||
| 298 | .Fn SSL_CTX_use_certificate_chain_file | ||
| 299 | instead of the | ||
| 300 | .Fn SSL_CTX_use_certificate_file | ||
| 301 | function in order to allow the use of complete certificate chains even when no | ||
| 302 | trusted CA storage is used or when the CA issuing the certificate shall not be | ||
| 303 | added to the trusted CA storage. | ||
| 304 | .Pp | ||
| 305 | If additional certificates are needed to complete the chain during the TLS | ||
| 306 | negotiation, CA certificates are additionally looked up in the locations of | ||
| 307 | trusted CA certificates (see | ||
| 308 | .Xr SSL_CTX_load_verify_locations 3 ) . | ||
| 309 | .Pp | ||
| 310 | The private keys loaded from file can be encrypted. | ||
| 311 | In order to successfully load encrypted keys, | ||
| 312 | a function returning the passphrase must have been supplied (see | ||
| 313 | .Xr SSL_CTX_set_default_passwd_cb 3 ) . | ||
| 314 | (Certificate files might be encrypted as well from the technical point of view, | ||
| 315 | it however does not make sense as the data in the certificate is considered | ||
| 316 | public anyway.) | ||
| 317 | .Sh RETURN VALUES | ||
| 318 | On success, the functions return 1. | ||
| 319 | Otherwise check out the error stack to find out the reason. | ||
| 320 | .Sh SEE ALSO | ||
| 321 | .Xr ssl 3 , | ||
| 322 | .Xr SSL_clear 3 , | ||
| 323 | .Xr SSL_CTX_add_extra_chain_cert 3 , | ||
| 324 | .Xr SSL_CTX_load_verify_locations 3 , | ||
| 325 | .Xr SSL_CTX_set_cipher_list 3 , | ||
| 326 | .Xr SSL_CTX_set_client_cert_cb 3 , | ||
| 327 | .Xr SSL_CTX_set_default_passwd_cb 3 , | ||
| 328 | .Xr SSL_new 3 | ||
| 329 | .Sh HISTORY | ||
| 330 | Support for DER encoded private keys | ||
| 331 | .Pq Dv SSL_FILETYPE_ASN1 | ||
| 332 | in | ||
| 333 | .Fn SSL_CTX_use_PrivateKey_file | ||
| 334 | and | ||
| 335 | .Fn SSL_use_PrivateKey_file | ||
| 336 | was added in 0.9.8. | ||
diff --git a/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3 b/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3 deleted file mode 100644 index 00c92b51ab..0000000000 --- a/src/lib/libssl/doc/SSL_CTX_use_psk_identity_hint.3 +++ /dev/null | |||
| @@ -1,110 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_CTX_use_psk_identity_hint.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CTX_USE_PSK_IDENTITY_HINT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_CTX_use_psk_identity_hint , | ||
| 9 | .Nm SSL_use_psk_identity_hint , | ||
| 10 | .Nm SSL_CTX_set_psk_server_callback , | ||
| 11 | .Nm SSL_set_psk_server_callback | ||
| 12 | .Nd set PSK identity hint to use | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft int | ||
| 16 | .Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint" | ||
| 17 | .Ft int | ||
| 18 | .Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint" | ||
| 19 | .Ft void | ||
| 20 | .Fo SSL_CTX_set_psk_server_callback | ||
| 21 | .Fa "SSL_CTX *ctx" | ||
| 22 | .Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)" | ||
| 23 | .Fc | ||
| 24 | .Ft void | ||
| 25 | .Fo SSL_set_psk_server_callback | ||
| 26 | .Fa "SSL *ssl" | ||
| 27 | .Fa "unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len)" | ||
| 28 | .Fc | ||
| 29 | .Sh DESCRIPTION | ||
| 30 | .Fn SSL_CTX_use_psk_identity_hint | ||
| 31 | sets the given | ||
| 32 | .Dv NULL Ns | ||
| 33 | -terminated PSK identity hint | ||
| 34 | .Fa hint | ||
| 35 | to SSL context object | ||
| 36 | .Fa ctx . | ||
| 37 | .Fn SSL_use_psk_identity_hint | ||
| 38 | sets the given | ||
| 39 | .Dv NULL Ns | ||
| 40 | -terminated | ||
| 41 | PSK identity hint | ||
| 42 | .Fa hint | ||
| 43 | to SSL connection object | ||
| 44 | .Fa ssl . | ||
| 45 | If | ||
| 46 | .Fa hint | ||
| 47 | is | ||
| 48 | .Dv NULL | ||
| 49 | the current hint from | ||
| 50 | .Fa ctx | ||
| 51 | or | ||
| 52 | .Fa ssl | ||
| 53 | is deleted. | ||
| 54 | .Pp | ||
| 55 | In the case where PSK identity hint is | ||
| 56 | .Dv NULL , | ||
| 57 | the server does not send the | ||
| 58 | .Em ServerKeyExchange | ||
| 59 | message to the client. | ||
| 60 | .Pp | ||
| 61 | A server application must provide a callback function which is called when the | ||
| 62 | server receives the | ||
| 63 | .Em ClientKeyExchange | ||
| 64 | message from the client. | ||
| 65 | The purpose of the callback function is to validate the received PSK identity | ||
| 66 | and to fetch the pre-shared key used during the connection setup phase. | ||
| 67 | The callback is set using functions | ||
| 68 | .Fn SSL_CTX_set_psk_server_callback | ||
| 69 | or | ||
| 70 | .Fn SSL_set_psk_server_callback . | ||
| 71 | The callback function is given the connection in parameter | ||
| 72 | .Fa ssl , | ||
| 73 | .Dv NULL Ns | ||
| 74 | -terminated PSK identity sent by the client in parameter | ||
| 75 | .Fa identity , | ||
| 76 | and a buffer | ||
| 77 | .Fa psk | ||
| 78 | of length | ||
| 79 | .Fa max_psk_len | ||
| 80 | bytes where the pre-shared key is to be stored. | ||
| 81 | .Sh RETURN VALUES | ||
| 82 | .Fn SSL_CTX_use_psk_identity_hint | ||
| 83 | and | ||
| 84 | .Fn SSL_use_psk_identity_hint | ||
| 85 | return 1 on success, 0 otherwise. | ||
| 86 | .Pp | ||
| 87 | Return values from the server callback are interpreted as follows: | ||
| 88 | .Bl -tag -width Ds | ||
| 89 | .It >0 | ||
| 90 | PSK identity was found and the server callback has provided the PSK | ||
| 91 | successfully in parameter | ||
| 92 | .Fa psk . | ||
| 93 | Return value is the length of | ||
| 94 | .Fa psk | ||
| 95 | in bytes. | ||
| 96 | It is an error to return a value greater than | ||
| 97 | .Fa max_psk_len . | ||
| 98 | .Pp | ||
| 99 | If the PSK identity was not found but the callback instructs the protocol to | ||
| 100 | continue anyway, the callback must provide some random data to | ||
| 101 | .Fa psk | ||
| 102 | and return the length of the random data, so the connection will fail with | ||
| 103 | .Dq decryption_error | ||
| 104 | before it will be finished completely. | ||
| 105 | .It 0 | ||
| 106 | PSK identity was not found. | ||
| 107 | An | ||
| 108 | .Dq unknown_psk_identity | ||
| 109 | alert message will be sent and the connection setup fails. | ||
| 110 | .El | ||
diff --git a/src/lib/libssl/doc/SSL_SESSION_free.3 b/src/lib/libssl/doc/SSL_SESSION_free.3 deleted file mode 100644 index ffd5ae2b29..0000000000 --- a/src/lib/libssl/doc/SSL_SESSION_free.3 +++ /dev/null | |||
| @@ -1,79 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_SESSION_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SESSION_FREE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_SESSION_free | ||
| 9 | .Nd free an allocated SSL_SESSION structure | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft void | ||
| 13 | .Fn SSL_SESSION_free "SSL_SESSION *session" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_SESSION_free | ||
| 16 | decrements the reference count of | ||
| 17 | .Fa session | ||
| 18 | and removes the | ||
| 19 | .Vt SSL_SESSION | ||
| 20 | structure pointed to by | ||
| 21 | .Fa session | ||
| 22 | and frees up the allocated memory, if the reference count has reached 0. | ||
| 23 | .Sh NOTES | ||
| 24 | .Vt SSL_SESSION | ||
| 25 | objects are allocated when a TLS/SSL handshake operation is successfully | ||
| 26 | completed. | ||
| 27 | Depending on the settings, see | ||
| 28 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 29 | the | ||
| 30 | .Vt SSL_SESSION | ||
| 31 | objects are internally referenced by the | ||
| 32 | .Vt SSL_CTX | ||
| 33 | and linked into its session cache. | ||
| 34 | .Vt SSL | ||
| 35 | objects may be using the | ||
| 36 | .Vt SSL_SESSION | ||
| 37 | object; as a session may be reused, several | ||
| 38 | .Vt SSL | ||
| 39 | objects may be using one | ||
| 40 | .Vt SSL_SESSION | ||
| 41 | object at the same time. | ||
| 42 | It is therefore crucial to keep the reference count (usage information) correct | ||
| 43 | and not delete a | ||
| 44 | .Vt SSL_SESSION | ||
| 45 | object that is still used, as this may lead to program failures due to dangling | ||
| 46 | pointers. | ||
| 47 | These failures may also appear delayed, e.g., when an | ||
| 48 | .Vt SSL_SESSION | ||
| 49 | object is completely freed as the reference count incorrectly becomes 0, but it | ||
| 50 | is still referenced in the internal session cache and the cache list is | ||
| 51 | processed during a | ||
| 52 | .Xr SSL_CTX_flush_sessions 3 | ||
| 53 | operation. | ||
| 54 | .Pp | ||
| 55 | .Fn SSL_SESSION_free | ||
| 56 | must only be called for | ||
| 57 | .Vt SSL_SESSION | ||
| 58 | objects, for which the reference count was explicitly incremented (e.g., by | ||
| 59 | calling | ||
| 60 | .Xr SSL_get1_session 3 ; | ||
| 61 | see | ||
| 62 | .Xr SSL_get_session 3 ) | ||
| 63 | or when the | ||
| 64 | .Vt SSL_SESSION | ||
| 65 | object was generated outside a TLS handshake operation, e.g., by using | ||
| 66 | .Xr d2i_SSL_SESSION 3 . | ||
| 67 | It must not be called on other | ||
| 68 | .Vt SSL_SESSION | ||
| 69 | objects, as this would cause incorrect reference counts and therefore program | ||
| 70 | failures. | ||
| 71 | .Sh RETURN VALUES | ||
| 72 | .Fn SSL_SESSION_free | ||
| 73 | does not provide diagnostic information. | ||
| 74 | .Sh SEE ALSO | ||
| 75 | .Xr d2i_SSL_SESSION 3 , | ||
| 76 | .Xr ssl 3 , | ||
| 77 | .Xr SSL_CTX_flush_sessions 3 , | ||
| 78 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 79 | .Xr SSL_get_session 3 | ||
diff --git a/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3 deleted file mode 100644 index a31f519506..0000000000 --- a/src/lib/libssl/doc/SSL_SESSION_get_ex_new_index.3 +++ /dev/null | |||
| @@ -1,80 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_SESSION_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SESSION_GET_EX_NEW_INDEX 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_SESSION_get_ex_new_index , | ||
| 9 | .Nm SSL_SESSION_set_ex_data , | ||
| 10 | .Nm SSL_SESSION_get_ex_data | ||
| 11 | .Nd internal application specific data functions | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft int | ||
| 15 | .Fo SSL_SESSION_get_ex_new_index | ||
| 16 | .Fa "long argl" | ||
| 17 | .Fa "void *argp" | ||
| 18 | .Fa "CRYPTO_EX_new *new_func" | ||
| 19 | .Fa "CRYPTO_EX_dup *dup_func" | ||
| 20 | .Fa "CRYPTO_EX_free *free_func" | ||
| 21 | .Fc | ||
| 22 | .Ft int | ||
| 23 | .Fn SSL_SESSION_set_ex_data "SSL_SESSION *session" "int idx" "void *arg" | ||
| 24 | .Ft void * | ||
| 25 | .Fn SSL_SESSION_get_ex_data "const SSL_SESSION *session" "int idx" | ||
| 26 | .Bd -literal | ||
| 27 | typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 28 | int idx, long argl, void *argp); | ||
| 29 | typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 30 | int idx, long argl, void *argp); | ||
| 31 | typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 32 | int idx, long argl, void *argp); | ||
| 33 | .Ed | ||
| 34 | .Sh DESCRIPTION | ||
| 35 | Several OpenSSL structures can have application specific data attached to them. | ||
| 36 | These functions are used internally by OpenSSL to manipulate | ||
| 37 | application-specific data attached to a specific structure. | ||
| 38 | .Pp | ||
| 39 | .Fn SSL_SESSION_get_ex_new_index | ||
| 40 | is used to register a new index for application-specific data. | ||
| 41 | .Pp | ||
| 42 | .Fn SSL_SESSION_set_ex_data | ||
| 43 | is used to store application data at | ||
| 44 | .Fa arg | ||
| 45 | for | ||
| 46 | .Fa idx | ||
| 47 | into the | ||
| 48 | .Fa session | ||
| 49 | object. | ||
| 50 | .Pp | ||
| 51 | .Fn SSL_SESSION_get_ex_data | ||
| 52 | is used to retrieve the information for | ||
| 53 | .Fa idx | ||
| 54 | from | ||
| 55 | .Fa session . | ||
| 56 | .Pp | ||
| 57 | A detailed description for the | ||
| 58 | .Fn *_get_ex_new_index | ||
| 59 | functionality | ||
| 60 | can be found in | ||
| 61 | .Xr RSA_get_ex_new_index 3 . | ||
| 62 | The | ||
| 63 | .Fn *_get_ex_data | ||
| 64 | and | ||
| 65 | .Fn *_set_ex_data | ||
| 66 | functionality is described in | ||
| 67 | .Xr CRYPTO_set_ex_data 3 . | ||
| 68 | .Sh WARNINGS | ||
| 69 | The application data is only maintained for sessions held in memory. | ||
| 70 | The application data is not included when dumping the session with | ||
| 71 | .Xr i2d_SSL_SESSION 3 | ||
| 72 | (and all functions indirectly calling the dump functions like | ||
| 73 | .Xr PEM_write_SSL_SESSION 3 | ||
| 74 | and | ||
| 75 | .Xr PEM_write_bio_SSL_SESSION 3 ) | ||
| 76 | and can therefore not be restored. | ||
| 77 | .Sh SEE ALSO | ||
| 78 | .Xr CRYPTO_set_ex_data 3 , | ||
| 79 | .Xr RSA_get_ex_new_index 3 , | ||
| 80 | .Xr ssl 3 | ||
diff --git a/src/lib/libssl/doc/SSL_SESSION_get_time.3 b/src/lib/libssl/doc/SSL_SESSION_get_time.3 deleted file mode 100644 index 5eb7e5a162..0000000000 --- a/src/lib/libssl/doc/SSL_SESSION_get_time.3 +++ /dev/null | |||
| @@ -1,94 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_SESSION_get_time.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SESSION_GET_TIME 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_SESSION_get_time , | ||
| 9 | .Nm SSL_SESSION_set_time , | ||
| 10 | .Nm SSL_SESSION_get_timeout , | ||
| 11 | .Nm SSL_SESSION_set_timeout | ||
| 12 | .Nd retrieve and manipulate session time and timeout settings | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft long | ||
| 16 | .Fn SSL_SESSION_get_time "const SSL_SESSION *s" | ||
| 17 | .Ft long | ||
| 18 | .Fn SSL_SESSION_set_time "SSL_SESSION *s" "long tm" | ||
| 19 | .Ft long | ||
| 20 | .Fn SSL_SESSION_get_timeout "const SSL_SESSION *s" | ||
| 21 | .Ft long | ||
| 22 | .Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long tm" | ||
| 23 | .Ft long | ||
| 24 | .Fn SSL_get_time "const SSL_SESSION *s" | ||
| 25 | .Ft long | ||
| 26 | .Fn SSL_set_time "SSL_SESSION *s" "long tm" | ||
| 27 | .Ft long | ||
| 28 | .Fn SSL_get_timeout "const SSL_SESSION *s" | ||
| 29 | .Ft long | ||
| 30 | .Fn SSL_set_timeout "SSL_SESSION *s" "long tm" | ||
| 31 | .Sh DESCRIPTION | ||
| 32 | .Fn SSL_SESSION_get_time | ||
| 33 | returns the time at which the session | ||
| 34 | .Fa s | ||
| 35 | was established. | ||
| 36 | The time is given in seconds since the Epoch and therefore compatible to the | ||
| 37 | time delivered by the | ||
| 38 | .Xr time 3 | ||
| 39 | call. | ||
| 40 | .Pp | ||
| 41 | .Fn SSL_SESSION_set_time | ||
| 42 | replaces the creation time of the session | ||
| 43 | .Fa s | ||
| 44 | with | ||
| 45 | the chosen value | ||
| 46 | .Fa tm . | ||
| 47 | .Pp | ||
| 48 | .Fn SSL_SESSION_get_timeout | ||
| 49 | returns the timeout value set for session | ||
| 50 | .Fa s | ||
| 51 | in seconds. | ||
| 52 | .Pp | ||
| 53 | .Fn SSL_SESSION_set_timeout | ||
| 54 | sets the timeout value for session | ||
| 55 | .Fa s | ||
| 56 | in seconds to | ||
| 57 | .Fa tm . | ||
| 58 | .Pp | ||
| 59 | The | ||
| 60 | .Fn SSL_get_time , | ||
| 61 | .Fn SSL_set_time , | ||
| 62 | .Fn SSL_get_timeout , | ||
| 63 | and | ||
| 64 | .Fn SSL_set_timeout | ||
| 65 | functions are synonyms for the | ||
| 66 | .Fn SSL_SESSION_* | ||
| 67 | counterparts. | ||
| 68 | .Sh NOTES | ||
| 69 | Sessions are expired by examining the creation time and the timeout value. | ||
| 70 | Both are set at creation time of the session to the actual time and the default | ||
| 71 | timeout value at creation, respectively, as set by | ||
| 72 | .Xr SSL_CTX_set_timeout 3 . | ||
| 73 | Using these functions it is possible to extend or shorten the lifetime of the | ||
| 74 | session. | ||
| 75 | .Sh RETURN VALUES | ||
| 76 | .Fn SSL_SESSION_get_time | ||
| 77 | and | ||
| 78 | .Fn SSL_SESSION_get_timeout | ||
| 79 | return the currently valid values. | ||
| 80 | .Pp | ||
| 81 | .Fn SSL_SESSION_set_time | ||
| 82 | and | ||
| 83 | .Fn SSL_SESSION_set_timeout | ||
| 84 | return 1 on success. | ||
| 85 | .Pp | ||
| 86 | If any of the function is passed the | ||
| 87 | .Dv NULL | ||
| 88 | pointer for the session | ||
| 89 | .Fa s , | ||
| 90 | 0 is returned. | ||
| 91 | .Sh SEE ALSO | ||
| 92 | .Xr ssl 3 , | ||
| 93 | .Xr SSL_CTX_set_timeout 3 , | ||
| 94 | .Xr SSL_get_default_timeout 3 | ||
diff --git a/src/lib/libssl/doc/SSL_accept.3 b/src/lib/libssl/doc/SSL_accept.3 deleted file mode 100644 index 06465d1955..0000000000 --- a/src/lib/libssl/doc/SSL_accept.3 +++ /dev/null | |||
| @@ -1,113 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_accept.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_ACCEPT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_accept | ||
| 9 | .Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_accept "SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_accept | ||
| 16 | waits for a TLS/SSL client to initiate the TLS/SSL handshake. | ||
| 17 | The communication channel must already have been set and assigned to the | ||
| 18 | .Fa ssl | ||
| 19 | object by setting an underlying | ||
| 20 | .Vt BIO . | ||
| 21 | .Sh NOTES | ||
| 22 | The behaviour of | ||
| 23 | .Fn SSL_accept | ||
| 24 | depends on the underlying | ||
| 25 | .Vt BIO . | ||
| 26 | .Pp | ||
| 27 | If the underlying | ||
| 28 | .Vt BIO | ||
| 29 | is | ||
| 30 | .Em blocking , | ||
| 31 | .Fn SSL_accept | ||
| 32 | will only return once the handshake has been finished or an error occurred, | ||
| 33 | except for SGC (Server Gated Cryptography). | ||
| 34 | For SGC, | ||
| 35 | .Fn SSL_accept | ||
| 36 | may return with \(mi1, but | ||
| 37 | .Fn SSL_get_error | ||
| 38 | will yield | ||
| 39 | .Dv SSL_ERROR_WANT_READ/WRITE | ||
| 40 | and | ||
| 41 | .Fn SSL_accept | ||
| 42 | should be called again. | ||
| 43 | .Pp | ||
| 44 | If the underlying | ||
| 45 | .Vt BIO | ||
| 46 | is | ||
| 47 | .Em non-blocking , | ||
| 48 | .Fn SSL_accept | ||
| 49 | will also return when the underlying | ||
| 50 | .Vt BIO | ||
| 51 | could not satisfy the needs of | ||
| 52 | .Fn SSL_accept | ||
| 53 | to continue the handshake, indicating the problem by the return value \(mi1. | ||
| 54 | In this case a call to | ||
| 55 | .Xr SSL_get_error 3 | ||
| 56 | with the | ||
| 57 | return value of | ||
| 58 | .Fn SSL_accept | ||
| 59 | will yield | ||
| 60 | .Dv SSL_ERROR_WANT_READ | ||
| 61 | or | ||
| 62 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 63 | The calling process then must repeat the call after taking appropriate action | ||
| 64 | to satisfy the needs of | ||
| 65 | .Fn SSL_accept . | ||
| 66 | The action depends on the underlying | ||
| 67 | .Dv BIO . | ||
| 68 | When using a non-blocking socket, nothing is to be done, but | ||
| 69 | .Xr select 2 | ||
| 70 | can be used to check for the required condition. | ||
| 71 | When using a buffering | ||
| 72 | .Vt BIO , | ||
| 73 | like a | ||
| 74 | .Vt BIO | ||
| 75 | pair, data must be written into or retrieved out of the | ||
| 76 | .Vt BIO | ||
| 77 | before being able to continue. | ||
| 78 | .Sh RETURN VALUES | ||
| 79 | The following return values can occur: | ||
| 80 | .Bl -tag -width Ds | ||
| 81 | .It 0 | ||
| 82 | The TLS/SSL handshake was not successful but was shut down controlled and by | ||
| 83 | the specifications of the TLS/SSL protocol. | ||
| 84 | Call | ||
| 85 | .Xr SSL_get_error 3 | ||
| 86 | with the return value | ||
| 87 | .Fa ret | ||
| 88 | to find out the reason. | ||
| 89 | .It 1 | ||
| 90 | The TLS/SSL handshake was successfully completed, | ||
| 91 | and a TLS/SSL connection has been established. | ||
| 92 | .It <0 | ||
| 93 | The TLS/SSL handshake was not successful because a fatal error occurred either | ||
| 94 | at the protocol level or a connection failure occurred. | ||
| 95 | The shutdown was not clean. | ||
| 96 | It can also occur of action is need to continue the operation for non-blocking | ||
| 97 | .Vt BIO Ns | ||
| 98 | s. | ||
| 99 | Call | ||
| 100 | .Xr SSL_get_error 3 | ||
| 101 | with the return value | ||
| 102 | .Fa ret | ||
| 103 | to find out the reason. | ||
| 104 | .El | ||
| 105 | .Sh SEE ALSO | ||
| 106 | .Xr bio 3 , | ||
| 107 | .Xr ssl 3 , | ||
| 108 | .Xr SSL_connect 3 , | ||
| 109 | .Xr SSL_CTX_new 3 , | ||
| 110 | .Xr SSL_do_handshake 3 , | ||
| 111 | .Xr SSL_get_error 3 , | ||
| 112 | .Xr SSL_set_connect_state 3 , | ||
| 113 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_alert_type_string.3 b/src/lib/libssl/doc/SSL_alert_type_string.3 deleted file mode 100644 index 93b67fbd1d..0000000000 --- a/src/lib/libssl/doc/SSL_alert_type_string.3 +++ /dev/null | |||
| @@ -1,193 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_alert_type_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_ALERT_TYPE_STRING.POD 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_alert_type_string , | ||
| 9 | .Nm SSL_alert_type_string_long , | ||
| 10 | .Nm SSL_alert_desc_string , | ||
| 11 | .Nm SSL_alert_desc_string_long | ||
| 12 | .Nd get textual description of alert information | ||
| 13 | .Sh SYNOPSIS | ||
| 14 | .In openssl/ssl.h | ||
| 15 | .Ft const char * Ns | ||
| 16 | .Fn SSL_alert_type_string "int value" | ||
| 17 | .Ft const char * Ns | ||
| 18 | .Fn SSL_alert_type_string_long "int value" | ||
| 19 | .Ft const char * Ns | ||
| 20 | .Fn SSL_alert_desc_string "int value" | ||
| 21 | .Ft const char * Ns | ||
| 22 | .Fn SSL_alert_desc_string_long "int value" | ||
| 23 | .Sh DESCRIPTION | ||
| 24 | .Fn SSL_alert_type_string | ||
| 25 | returns a one letter string indicating the type of the alert specified by | ||
| 26 | .Fa value . | ||
| 27 | .Pp | ||
| 28 | .Fn SSL_alert_type_string_long | ||
| 29 | returns a string indicating the type of the alert specified by | ||
| 30 | .Fa value . | ||
| 31 | .Pp | ||
| 32 | .Fn SSL_alert_desc_string | ||
| 33 | returns a two letter string as a short form describing the reason of the alert | ||
| 34 | specified by | ||
| 35 | .Fa value . | ||
| 36 | .Pp | ||
| 37 | .Fn SSL_alert_desc_string_long | ||
| 38 | returns a string describing the reason of the alert specified by | ||
| 39 | .Fa value . | ||
| 40 | .Sh NOTES | ||
| 41 | When one side of an SSL/TLS communication wants to inform the peer about | ||
| 42 | a special situation, it sends an alert. | ||
| 43 | The alert is sent as a special message and does not influence the normal data | ||
| 44 | stream (unless its contents results in the communication being canceled). | ||
| 45 | .Pp | ||
| 46 | A warning alert is sent, when a non-fatal error condition occurs. | ||
| 47 | The | ||
| 48 | .Dq close notify | ||
| 49 | alert is sent as a warning alert. | ||
| 50 | Other examples for non-fatal errors are certificate errors | ||
| 51 | .Po | ||
| 52 | .Dq certificate expired , | ||
| 53 | .Dq unsupported certificate | ||
| 54 | .Pc , | ||
| 55 | for which a warning alert may be sent. | ||
| 56 | (The sending party may, however, decide to send a fatal error.) | ||
| 57 | The receiving side may cancel the connection on reception of a warning alert at | ||
| 58 | its discretion. | ||
| 59 | .Pp | ||
| 60 | Several alert messages must be sent as fatal alert messages as specified | ||
| 61 | by the TLS RFC. | ||
| 62 | A fatal alert always leads to a connection abort. | ||
| 63 | .Sh RETURN VALUES | ||
| 64 | The following strings can occur for | ||
| 65 | .Fn SSL_alert_type_string | ||
| 66 | or | ||
| 67 | .Fn SSL_alert_type_string_long : | ||
| 68 | .Bl -tag -width Ds | ||
| 69 | .It \(dqW\(dq/\(dqwarning\(dq | ||
| 70 | .It \(dqF\(dq/\(dqfatal\(dq | ||
| 71 | .It \(dqU\(dq/\(dqunknown\(dq | ||
| 72 | This indicates that no support is available for this alert type. | ||
| 73 | Probably | ||
| 74 | .Fa value | ||
| 75 | does not contain a correct alert message. | ||
| 76 | .El | ||
| 77 | .Pp | ||
| 78 | The following strings can occur for | ||
| 79 | .Fn SSL_alert_desc_string | ||
| 80 | or | ||
| 81 | .Fn SSL_alert_desc_string_long : | ||
| 82 | .Bl -tag -width Ds | ||
| 83 | .It \(dqCN\(dq/\(dqclose notify\(dq | ||
| 84 | The connection shall be closed. | ||
| 85 | This is a warning alert. | ||
| 86 | .It \(dqUM\(dq/\(dqunexpected message\(dq | ||
| 87 | An inappropriate message was received. | ||
| 88 | This alert is always fatal and should never be observed in communication | ||
| 89 | between proper implementations. | ||
| 90 | .It \(dqBM\(dq/\(dqbad record mac\(dq | ||
| 91 | This alert is returned if a record is received with an incorrect MAC. | ||
| 92 | This message is always fatal. | ||
| 93 | .It \(dqDF\(dq/\(dqdecompression failure\(dq | ||
| 94 | The decompression function received improper input | ||
| 95 | (e.g., data that would expand to excessive length). | ||
| 96 | This message is always fatal. | ||
| 97 | .It \(dqHF\(dq/\(dqhandshake failure\(dq | ||
| 98 | Reception of a handshake_failure alert message indicates that the sender was | ||
| 99 | unable to negotiate an acceptable set of security parameters given the options | ||
| 100 | available. | ||
| 101 | This is a fatal error. | ||
| 102 | .It \(dqNC\(dq/\(dqno certificate\(dq | ||
| 103 | A client, that was asked to send a certificate, does not send a certificate | ||
| 104 | (SSLv3 only). | ||
| 105 | .It \(dqBC\(dq/\(dqbad certificate\(dq | ||
| 106 | A certificate was corrupt, contained signatures that did not verify correctly, | ||
| 107 | etc. | ||
| 108 | .It \(dqUC\(dq/\(dqunsupported certificate\(dq | ||
| 109 | A certificate was of an unsupported type. | ||
| 110 | .It \(dqCR\(dq/\(dqcertificate revoked\(dq | ||
| 111 | A certificate was revoked by its signer. | ||
| 112 | .It \(dqCE\(dq/\(dqcertificate expired\(dq | ||
| 113 | A certificate has expired or is not currently valid. | ||
| 114 | .It \(dqCU\(dq/\(dqcertificate unknown\(dq | ||
| 115 | Some other (unspecified) issue arose in processing the certificate, | ||
| 116 | rendering it unacceptable. | ||
| 117 | .It \(dqIP\(dq/\(dqillegal parameter\(dq | ||
| 118 | A field in the handshake was out of range or inconsistent with other fields. | ||
| 119 | This is always fatal. | ||
| 120 | .It \(dqDC\(dq/\(dqdecryption failed\(dq | ||
| 121 | A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple | ||
| 122 | of the block length or its padding values, when checked, weren't correct. | ||
| 123 | This message is always fatal. | ||
| 124 | .It \(dqRO\(dq/\(dqrecord overflow\(dq | ||
| 125 | A TLSCiphertext record was received which had a length more than | ||
| 126 | 2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than | ||
| 127 | 2^14+1024 bytes. | ||
| 128 | This message is always fatal. | ||
| 129 | .It \(dqCA\(dq/\(dqunknown CA\(dq | ||
| 130 | A valid certificate chain or partial chain was received, | ||
| 131 | but the certificate was not accepted because the CA certificate could not be | ||
| 132 | located or couldn't be matched with a known, trusted CA. | ||
| 133 | This message is always fatal. | ||
| 134 | .It \(dqAD\(dq/\(dqaccess denied\(dq | ||
| 135 | A valid certificate was received, but when access control was applied, | ||
| 136 | the sender decided not to proceed with negotiation. | ||
| 137 | This message is always fatal. | ||
| 138 | .It \(dqDE\(dq/\(dqdecode error\(dq | ||
| 139 | A message could not be decoded because some field was out of the specified | ||
| 140 | range or the length of the message was incorrect. | ||
| 141 | This message is always fatal. | ||
| 142 | .It \(dqCY\(dq/\(dqdecrypt error\(dq | ||
| 143 | A handshake cryptographic operation failed, including being unable to correctly | ||
| 144 | verify a signature, decrypt a key exchange, or validate a finished message. | ||
| 145 | .It \(dqER\(dq/\(dqexport restriction\(dq | ||
| 146 | A negotiation not in compliance with export restrictions was detected; | ||
| 147 | for example, attempting to transfer a 1024 bit ephemeral RSA key for the | ||
| 148 | RSA_EXPORT handshake method. | ||
| 149 | This message is always fatal. | ||
| 150 | .It \(dqPV\(dq/\(dqprotocol version\(dq | ||
| 151 | The protocol version the client has attempted to negotiate is recognized, | ||
| 152 | but not supported. | ||
| 153 | (For example, old protocol versions might be avoided for security reasons.) | ||
| 154 | This message is always fatal. | ||
| 155 | .It \(dqIS\(dq/\(dqinsufficient security\(dq | ||
| 156 | Returned instead of handshake_failure when a negotiation has failed | ||
| 157 | specifically because the server requires ciphers more secure than those | ||
| 158 | supported by the client. | ||
| 159 | This message is always fatal. | ||
| 160 | .It \(dqIE\(dq/\(dqinternal error\(dq | ||
| 161 | An internal error unrelated to the peer or the correctness of the protocol | ||
| 162 | makes it impossible to continue (such as a memory allocation failure). | ||
| 163 | This message is always fatal. | ||
| 164 | .It \(dqUS\(dq/\(dquser canceled\(dq | ||
| 165 | This handshake is being canceled for some reason unrelated to a protocol | ||
| 166 | failure. | ||
| 167 | If the user cancels an operation after the handshake is complete, | ||
| 168 | just closing the connection by sending a close_notify is more appropriate. | ||
| 169 | This alert should be followed by a close_notify. | ||
| 170 | This message is generally a warning. | ||
| 171 | .It \(dqNR\(dq/\(dqno renegotiation\(dq | ||
| 172 | Sent by the client in response to a hello request or by the server in response | ||
| 173 | to a client hello after initial handshaking. | ||
| 174 | Either of these would normally lead to renegotiation; when that is not | ||
| 175 | appropriate, the recipient should respond with this alert; at that point, | ||
| 176 | the original requester can decide whether to proceed with the connection. | ||
| 177 | One case where this would be appropriate would be where a server has spawned a | ||
| 178 | process to satisfy a request; the process might receive security parameters | ||
| 179 | (key length, authentication, etc.) at startup and it might be difficult to | ||
| 180 | communicate changes to these parameters after that point. | ||
| 181 | This message is always a warning. | ||
| 182 | .It \(dqUP\(dq/\(dqunknown PSK identity\(dq | ||
| 183 | Sent by the server to indicate that it does not recognize a PSK identity or an | ||
| 184 | SRP identity. | ||
| 185 | .It \(dqUK\(dq/\(dqunknown\(dq | ||
| 186 | This indicates that no description is available for this alert type. | ||
| 187 | Probably | ||
| 188 | .Fa value | ||
| 189 | does not contain a correct alert message. | ||
| 190 | .El | ||
| 191 | .Sh SEE ALSO | ||
| 192 | .Xr ssl 3 , | ||
| 193 | .Xr SSL_CTX_set_info_callback 3 | ||
diff --git a/src/lib/libssl/doc/SSL_clear.3 b/src/lib/libssl/doc/SSL_clear.3 deleted file mode 100644 index 8d49a840ca..0000000000 --- a/src/lib/libssl/doc/SSL_clear.3 +++ /dev/null | |||
| @@ -1,92 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_clear.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CLEAR 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_clear | ||
| 9 | .Nd reset SSL object to allow another connection | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_clear "SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | Reset | ||
| 16 | .Fa ssl | ||
| 17 | to allow another connection. | ||
| 18 | All settings (method, ciphers, BIOs) are kept. | ||
| 19 | .Sh NOTES | ||
| 20 | .Fn SSL_clear | ||
| 21 | is used to prepare an | ||
| 22 | .Vt SSL | ||
| 23 | object for a new connection. | ||
| 24 | While all settings are kept, | ||
| 25 | a side effect is the handling of the current SSL session. | ||
| 26 | If a session is still | ||
| 27 | .Em open , | ||
| 28 | it is considered bad and will be removed from the session cache, | ||
| 29 | as required by RFC2246. | ||
| 30 | A session is considered open if | ||
| 31 | .Xr SSL_shutdown 3 | ||
| 32 | was not called for the connection or at least | ||
| 33 | .Xr SSL_set_shutdown 3 | ||
| 34 | was used to | ||
| 35 | set the | ||
| 36 | .Dv SSL_SENT_SHUTDOWN | ||
| 37 | state. | ||
| 38 | .Pp | ||
| 39 | If a session was closed cleanly, | ||
| 40 | the session object will be kept and all settings corresponding. | ||
| 41 | This explicitly means that for example the special method used during the | ||
| 42 | session will be kept for the next handshake. | ||
| 43 | So if the session was a TLSv1 session, a | ||
| 44 | .Vt SSL | ||
| 45 | client object will use a TLSv1 client method for the next handshake and a | ||
| 46 | .Vt SSL | ||
| 47 | server object will use a TLSv1 server method, even if | ||
| 48 | .Fn SSLv23_*_method Ns s | ||
| 49 | were chosen on startup. | ||
| 50 | This might lead to connection failures (see | ||
| 51 | .Xr SSL_new 3 ) | ||
| 52 | for a description of the method's properties. | ||
| 53 | .Sh WARNINGS | ||
| 54 | .Fn SSL_clear | ||
| 55 | resets the | ||
| 56 | .Vt SSL | ||
| 57 | object to allow for another connection. | ||
| 58 | The reset operation however keeps several settings of the last sessions | ||
| 59 | (some of these settings were made automatically during the last handshake). | ||
| 60 | It only makes sense for a new connection with the exact same peer that shares | ||
| 61 | these settings, | ||
| 62 | and may fail if that peer changes its settings between connections. | ||
| 63 | Use the sequence | ||
| 64 | .Xr SSL_get_session 3 ; | ||
| 65 | .Xr SSL_new 3 ; | ||
| 66 | .Xr SSL_set_session 3 ; | ||
| 67 | .Xr SSL_free 3 | ||
| 68 | instead to avoid such failures (or simply | ||
| 69 | .Xr SSL_free 3 ; | ||
| 70 | .Xr SSL_new 3 | ||
| 71 | if session reuse is not desired). | ||
| 72 | .Sh RETURN VALUES | ||
| 73 | The following return values can occur: | ||
| 74 | .Bl -tag -width Ds | ||
| 75 | .It 0 | ||
| 76 | The | ||
| 77 | .Fn SSL_clear | ||
| 78 | operation could not be performed. | ||
| 79 | Check the error stack to find out the reason. | ||
| 80 | .It 1 | ||
| 81 | The | ||
| 82 | .Fn SSL_clear | ||
| 83 | operation was successful. | ||
| 84 | .El | ||
| 85 | .Sh SEE ALSO | ||
| 86 | .Xr ssl 3 , | ||
| 87 | .Xr SSL_CTX_set_client_cert_cb 3 , | ||
| 88 | .Xr SSL_CTX_set_options 3 , | ||
| 89 | .Xr SSL_free 3 , | ||
| 90 | .Xr SSL_new 3 , | ||
| 91 | .Xr SSL_set_shutdown 3 , | ||
| 92 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_connect.3 b/src/lib/libssl/doc/SSL_connect.3 deleted file mode 100644 index 74f9b61951..0000000000 --- a/src/lib/libssl/doc/SSL_connect.3 +++ /dev/null | |||
| @@ -1,102 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_connect.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_CONNECT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_connect | ||
| 9 | .Nd initiate the TLS/SSL handshake with an TLS/SSL server | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_connect "SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_connect | ||
| 16 | initiates the TLS/SSL handshake with a server. | ||
| 17 | The communication channel must already have been set and assigned to the | ||
| 18 | .Fa ssl | ||
| 19 | by setting an underlying | ||
| 20 | .Vt BIO . | ||
| 21 | .Sh NOTES | ||
| 22 | The behaviour of | ||
| 23 | .Fn SSL_connect | ||
| 24 | depends on the underlying | ||
| 25 | .Vt BIO . | ||
| 26 | .Pp | ||
| 27 | If the underlying | ||
| 28 | .Vt BIO | ||
| 29 | is | ||
| 30 | .Em blocking , | ||
| 31 | .Fn SSL_connect | ||
| 32 | will only return once the handshake has been finished or an error occurred. | ||
| 33 | .Pp | ||
| 34 | If the underlying | ||
| 35 | .Vt BIO | ||
| 36 | is | ||
| 37 | .Em non-blocking , | ||
| 38 | .Fn SSL_connect | ||
| 39 | will also return when the underlying | ||
| 40 | .Vt BIO | ||
| 41 | could not satisfy the needs of | ||
| 42 | .Fn SSL_connect | ||
| 43 | to continue the handshake, indicating the problem with the return value \(mi1. | ||
| 44 | In this case a call to | ||
| 45 | .Xr SSL_get_error 3 | ||
| 46 | with the return value of | ||
| 47 | .Fn SSL_connect | ||
| 48 | will yield | ||
| 49 | .Dv SSL_ERROR_WANT_READ | ||
| 50 | or | ||
| 51 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 52 | The calling process then must repeat the call after taking appropriate action | ||
| 53 | to satisfy the needs of | ||
| 54 | .Fn SSL_connect . | ||
| 55 | The action depends on the underlying | ||
| 56 | .Vt BIO . | ||
| 57 | When using a non-blocking socket, nothing is to be done, but | ||
| 58 | .Xr select 2 | ||
| 59 | can be used to check for the required condition. | ||
| 60 | When using a buffering | ||
| 61 | .Vt BIO , | ||
| 62 | like a | ||
| 63 | .Vt BIO | ||
| 64 | pair, data must be written into or retrieved out of the | ||
| 65 | .Vt BIO | ||
| 66 | before being able to continue. | ||
| 67 | .Sh RETURN VALUES | ||
| 68 | The following return values can occur: | ||
| 69 | .Bl -tag -width Ds | ||
| 70 | .It 0 | ||
| 71 | The TLS/SSL handshake was not successful but was shut down controlled and | ||
| 72 | by the specifications of the TLS/SSL protocol. | ||
| 73 | Call | ||
| 74 | .Xr SSL_get_error 3 | ||
| 75 | with the return value | ||
| 76 | .Fa ret | ||
| 77 | to find out the reason. | ||
| 78 | .It 1 | ||
| 79 | The TLS/SSL handshake was successfully completed, | ||
| 80 | and a TLS/SSL connection has been established. | ||
| 81 | .It <0 | ||
| 82 | The TLS/SSL handshake was not successful, because either a fatal error occurred | ||
| 83 | at the protocol level or a connection failure occurred. | ||
| 84 | The shutdown was not clean. | ||
| 85 | It can also occur if action is needed to continue the operation for | ||
| 86 | non-blocking | ||
| 87 | .Vt BIO Ns s. | ||
| 88 | Call | ||
| 89 | .Xr SSL_get_error 3 | ||
| 90 | with the return value | ||
| 91 | .Fa ret | ||
| 92 | to find out the reason. | ||
| 93 | .El | ||
| 94 | .Sh SEE ALSO | ||
| 95 | .Xr bio 3 , | ||
| 96 | .Xr ssl 3 , | ||
| 97 | .Xr SSL_accept 3 , | ||
| 98 | .Xr SSL_CTX_new 3 , | ||
| 99 | .Xr SSL_do_handshake 3 , | ||
| 100 | .Xr SSL_get_error 3 , | ||
| 101 | .Xr SSL_set_connect_state 3 , | ||
| 102 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_do_handshake.3 b/src/lib/libssl/doc/SSL_do_handshake.3 deleted file mode 100644 index cc29df2583..0000000000 --- a/src/lib/libssl/doc/SSL_do_handshake.3 +++ /dev/null | |||
| @@ -1,113 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_do_handshake.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_DO_HANDSHAKE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_do_handshake | ||
| 9 | .Nd perform a TLS/SSL handshake | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_do_handshake "SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_do_handshake | ||
| 16 | will wait for a SSL/TLS handshake to take place. | ||
| 17 | If the connection is in client mode, the handshake will be started. | ||
| 18 | The handshake routines may have to be explicitly set in advance using either | ||
| 19 | .Xr SSL_set_connect_state 3 | ||
| 20 | or | ||
| 21 | .Xr SSL_set_accept_state 3 . | ||
| 22 | .Sh NOTES | ||
| 23 | The behaviour of | ||
| 24 | .Fn SSL_do_handshake | ||
| 25 | depends on the underlying | ||
| 26 | .Vt BIO . | ||
| 27 | .Pp | ||
| 28 | If the underlying | ||
| 29 | .Vt BIO | ||
| 30 | is | ||
| 31 | .Em blocking , | ||
| 32 | .Fn SSL_do_handshake | ||
| 33 | will only return once the handshake has been finished or an error occurred, | ||
| 34 | except for SGC (Server Gated Cryptography). | ||
| 35 | For SGC, | ||
| 36 | .Fn SSL_do_handshake | ||
| 37 | may return with \(mi1, but | ||
| 38 | .Xr SSL_get_error 3 | ||
| 39 | will yield | ||
| 40 | .Dv SSL_ERROR_WANT_READ | ||
| 41 | or | ||
| 42 | .Dv SSL_ERROR_WANT_WRITE | ||
| 43 | and | ||
| 44 | .Fn SSL_do_handshake | ||
| 45 | should be called again. | ||
| 46 | .Pp | ||
| 47 | If the underlying | ||
| 48 | .Vt BIO | ||
| 49 | is | ||
| 50 | .Em non-blocking , | ||
| 51 | .Fn SSL_do_handshake | ||
| 52 | will also return when the underlying | ||
| 53 | .Vt BIO | ||
| 54 | could not satisfy the needs of | ||
| 55 | .Fn SSL_do_handshake | ||
| 56 | to continue the handshake. | ||
| 57 | In this case a call to | ||
| 58 | .Xr SSL_get_error 3 | ||
| 59 | with the return value of | ||
| 60 | .Fn SSL_do_handshake | ||
| 61 | will yield | ||
| 62 | .Dv SSL_ERROR_WANT_READ | ||
| 63 | or | ||
| 64 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 65 | The calling process then must repeat the call after taking appropriate action | ||
| 66 | to satisfy the needs of | ||
| 67 | .Fn SSL_do_handshake . | ||
| 68 | The action depends on the underlying | ||
| 69 | .Vt BIO . | ||
| 70 | When using a non-blocking socket, nothing is to be done, but | ||
| 71 | .Xr select 2 | ||
| 72 | can be used to check for the required condition. | ||
| 73 | When using a buffering | ||
| 74 | .Vt BIO , | ||
| 75 | like a | ||
| 76 | .Vt BIO | ||
| 77 | pair, data must be written into or retrieved out of the | ||
| 78 | .Vt BIO | ||
| 79 | before being able to continue. | ||
| 80 | .Sh RETURN VALUES | ||
| 81 | The following return values can occur: | ||
| 82 | .Bl -tag -width Ds | ||
| 83 | .It 0 | ||
| 84 | The TLS/SSL handshake was not successful but was shut down controlled and | ||
| 85 | by the specifications of the TLS/SSL protocol. | ||
| 86 | Call | ||
| 87 | .Xr SSL_get_error 3 | ||
| 88 | with the return value | ||
| 89 | .Fa ret | ||
| 90 | to find out the reason. | ||
| 91 | .It 1 | ||
| 92 | The TLS/SSL handshake was successfully completed, | ||
| 93 | and a TLS/SSL connection has been established. | ||
| 94 | .It <0 | ||
| 95 | The TLS/SSL handshake was not successful because either a fatal error occurred | ||
| 96 | at the protocol level or a connection failure occurred. | ||
| 97 | The shutdown was not clean. | ||
| 98 | It can also occur if action is needed to continue the operation for | ||
| 99 | non-blocking | ||
| 100 | .Vt BIO Ns s. | ||
| 101 | Call | ||
| 102 | .Xr SSL_get_error 3 | ||
| 103 | with the return value | ||
| 104 | .Fa ret | ||
| 105 | to find out the reason. | ||
| 106 | .El | ||
| 107 | .Sh SEE ALSO | ||
| 108 | .Xr bio 3 , | ||
| 109 | .Xr ssl 3 , | ||
| 110 | .Xr SSL_accept 3 , | ||
| 111 | .Xr SSL_connect 3 , | ||
| 112 | .Xr SSL_get_error 3 , | ||
| 113 | .Xr SSL_set_connect_state 3 | ||
diff --git a/src/lib/libssl/doc/SSL_free.3 b/src/lib/libssl/doc/SSL_free.3 deleted file mode 100644 index c0078d817a..0000000000 --- a/src/lib/libssl/doc/SSL_free.3 +++ /dev/null | |||
| @@ -1,62 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_FREE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_free | ||
| 9 | .Nd free an allocated SSL structure | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft void | ||
| 13 | .Fn SSL_free "SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_free | ||
| 16 | decrements the reference count of | ||
| 17 | .Fa ssl , | ||
| 18 | and removes the | ||
| 19 | .Vt SSL | ||
| 20 | structure pointed to by | ||
| 21 | .Fa ssl | ||
| 22 | and frees up the allocated memory if the reference count has reached 0. | ||
| 23 | .Sh NOTES | ||
| 24 | .Fn SSL_free | ||
| 25 | also calls the | ||
| 26 | .Xr free 3 Ns | ||
| 27 | ing procedures for indirectly affected items, if applicable: the buffering | ||
| 28 | .Vt BIO , | ||
| 29 | the read and write | ||
| 30 | .Vt BIOs , | ||
| 31 | cipher lists specially created for this | ||
| 32 | .Fa ssl , | ||
| 33 | the | ||
| 34 | .Sy SSL_SESSION . | ||
| 35 | Do not explicitly free these indirectly freed up items before or after calling | ||
| 36 | .Fn SSL_free , | ||
| 37 | as trying to free things twice may lead to program failure. | ||
| 38 | .Pp | ||
| 39 | The | ||
| 40 | .Fa ssl | ||
| 41 | session has reference counts from two users: the | ||
| 42 | .Vt SSL | ||
| 43 | object, for which the reference count is removed by | ||
| 44 | .Fn SSL_free | ||
| 45 | and the internal session cache. | ||
| 46 | If the session is considered bad, because | ||
| 47 | .Xr SSL_shutdown 3 | ||
| 48 | was not called for the connection and | ||
| 49 | .Xr SSL_set_shutdown 3 | ||
| 50 | was not used to set the | ||
| 51 | .Vt SSL_SENT_SHUTDOWN | ||
| 52 | state, the session will also be removed from the session cache as required by | ||
| 53 | RFC2246. | ||
| 54 | .Sh RETURN VALUES | ||
| 55 | .Fn SSL_free | ||
| 56 | does not provide diagnostic information. | ||
| 57 | .Sh SEE ALSO | ||
| 58 | .Xr ssl 3 , | ||
| 59 | .Xr SSL_clear 3 , | ||
| 60 | .Xr SSL_new 3 , | ||
| 61 | .Xr SSL_set_shutdown 3 , | ||
| 62 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_SSL_CTX.3 b/src/lib/libssl/doc/SSL_get_SSL_CTX.3 deleted file mode 100644 index 7ba5b0cb81..0000000000 --- a/src/lib/libssl/doc/SSL_get_SSL_CTX.3 +++ /dev/null | |||
| @@ -1,28 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_SSL_CTX.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_SSL_CTX 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_SSL_CTX | ||
| 9 | .Nd get the SSL_CTX from which an SSL is created | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft SSL_CTX * | ||
| 13 | .Fn SSL_get_SSL_CTX "const SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_SSL_CTX | ||
| 16 | returns a pointer to the | ||
| 17 | .Vt SSL_CTX | ||
| 18 | object from which | ||
| 19 | .Fa ssl | ||
| 20 | was created with | ||
| 21 | .Xr SSL_new 3 . | ||
| 22 | .Sh RETURN VALUES | ||
| 23 | The pointer to the | ||
| 24 | .Vt SSL_CTX | ||
| 25 | object is returned. | ||
| 26 | .Sh SEE ALSO | ||
| 27 | .Xr ssl 3 , | ||
| 28 | .Xr SSL_new 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_ciphers.3 b/src/lib/libssl/doc/SSL_get_ciphers.3 deleted file mode 100644 index 89abc172b4..0000000000 --- a/src/lib/libssl/doc/SSL_get_ciphers.3 +++ /dev/null | |||
| @@ -1,68 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_ciphers.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_CIPHERS 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_ciphers , | ||
| 9 | .Nm SSL_get_cipher_list | ||
| 10 | .Nd get list of available SSL_CIPHERs | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft STACK_OF(SSL_CIPHER) * | ||
| 14 | .Fn SSL_get_ciphers "const SSL *ssl" | ||
| 15 | .Ft const char * | ||
| 16 | .Fn SSL_get_cipher_list "const SSL *ssl" "int priority" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_get_ciphers | ||
| 19 | returns the stack of available | ||
| 20 | .Vt SSL_CIPHER Ns s | ||
| 21 | for | ||
| 22 | .Fa ssl , | ||
| 23 | sorted by preference. | ||
| 24 | If | ||
| 25 | .Fa ssl | ||
| 26 | is | ||
| 27 | .Dv NULL | ||
| 28 | or no ciphers are available, | ||
| 29 | .Dv NULL | ||
| 30 | is returned. | ||
| 31 | .Pp | ||
| 32 | .Fn SSL_get_cipher_list | ||
| 33 | returns a pointer to the name of the | ||
| 34 | .Vt SSL_CIPHER | ||
| 35 | listed for | ||
| 36 | .Fa ssl | ||
| 37 | with | ||
| 38 | .Fa priority . | ||
| 39 | If | ||
| 40 | .Fa ssl | ||
| 41 | is | ||
| 42 | .Dv NULL , | ||
| 43 | no ciphers are available, or there are fewer ciphers than | ||
| 44 | .Fa priority | ||
| 45 | available, | ||
| 46 | .Dv NULL | ||
| 47 | is returned. | ||
| 48 | .Sh NOTES | ||
| 49 | The details of the ciphers obtained by | ||
| 50 | .Fn SSL_get_ciphers | ||
| 51 | can be obtained using the | ||
| 52 | .Xr SSL_CIPHER_get_name 3 | ||
| 53 | family of functions. | ||
| 54 | .Pp | ||
| 55 | Call | ||
| 56 | .Fn SSL_get_cipher_list | ||
| 57 | with | ||
| 58 | .Fa priority | ||
| 59 | starting from 0 to obtain the sorted list of available ciphers, until | ||
| 60 | .Dv NULL | ||
| 61 | is returned. | ||
| 62 | .Sh RETURN VALUES | ||
| 63 | See | ||
| 64 | .Sx DESCRIPTION . | ||
| 65 | .Sh SEE ALSO | ||
| 66 | .Xr ssl 3 , | ||
| 67 | .Xr SSL_CIPHER_get_name 3 , | ||
| 68 | .Xr SSL_CTX_set_cipher_list 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_client_CA_list.3 b/src/lib/libssl/doc/SSL_get_client_CA_list.3 deleted file mode 100644 index 7aa5a90c9a..0000000000 --- a/src/lib/libssl/doc/SSL_get_client_CA_list.3 +++ /dev/null | |||
| @@ -1,61 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_client_CA_list.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_CLIENT_CA_LIST 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_client_CA_list , | ||
| 9 | .Nm SSL_CTX_get_client_CA_list | ||
| 10 | .Nd get list of client CAs | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft STACK_OF(X509_NAME) * | ||
| 14 | .Fn SSL_get_client_CA_list "const SSL *s" | ||
| 15 | .Ft STACK_OF(X509_NAME) * | ||
| 16 | .Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_CTX_get_client_CA_list | ||
| 19 | returns the list of client CAs explicitly set for | ||
| 20 | .Fa ctx | ||
| 21 | using | ||
| 22 | .Xr SSL_CTX_set_client_CA_list 3 . | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_get_client_CA_list | ||
| 25 | returns the list of client CAs explicitly set for | ||
| 26 | .Fa ssl | ||
| 27 | using | ||
| 28 | .Fn SSL_set_client_CA_list | ||
| 29 | or | ||
| 30 | .Fa ssl Ns 's | ||
| 31 | .Vt SSL_CTX | ||
| 32 | object with | ||
| 33 | .Xr SSL_CTX_set_client_CA_list 3 , | ||
| 34 | when in server mode. | ||
| 35 | In client mode, | ||
| 36 | .Fn SSL_get_client_CA_list | ||
| 37 | returns the list of client CAs sent from the server, if any. | ||
| 38 | .Sh RETURN VALUES | ||
| 39 | .Fn SSL_CTX_set_client_CA_list | ||
| 40 | and | ||
| 41 | .Fn SSL_set_client_CA_list | ||
| 42 | do not return diagnostic information. | ||
| 43 | .Pp | ||
| 44 | .Fn SSL_CTX_add_client_CA | ||
| 45 | and | ||
| 46 | .Fn SSL_add_client_CA | ||
| 47 | have the following return values: | ||
| 48 | .Bl -tag -width Ds | ||
| 49 | .It Dv STACK_OF Ns Po Vt X509_NAMES Pc | ||
| 50 | List of CA names explicitly set (for | ||
| 51 | .Fa ctx | ||
| 52 | or in server mode) or sent by the server (client mode). | ||
| 53 | .It Dv NULL | ||
| 54 | No client CA list was explicitly set (for | ||
| 55 | .Fa ctx | ||
| 56 | or in server mode) or the server did not send a list of CAs (client mode). | ||
| 57 | .El | ||
| 58 | .Sh SEE ALSO | ||
| 59 | .Xr ssl 3 , | ||
| 60 | .Xr SSL_CTX_set_client_CA_list 3 , | ||
| 61 | .Xr SSL_CTX_set_client_cert_cb 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_current_cipher.3 b/src/lib/libssl/doc/SSL_get_current_cipher.3 deleted file mode 100644 index d7140571b0..0000000000 --- a/src/lib/libssl/doc/SSL_get_current_cipher.3 +++ /dev/null | |||
| @@ -1,52 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_current_cipher.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_CURRENT_CIPHER 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_current_cipher , | ||
| 9 | .Nm SSL_get_cipher , | ||
| 10 | .Nm SSL_get_cipher_name , | ||
| 11 | .Nm SSL_get_cipher_bits , | ||
| 12 | .Nm SSL_get_cipher_version | ||
| 13 | .Nd get SSL_CIPHER of a connection | ||
| 14 | .Sh SYNOPSIS | ||
| 15 | .In openssl/ssl.h | ||
| 16 | .Ft SSL_CIPHER * | ||
| 17 | .Fn SSL_get_current_cipher "const SSL *ssl" | ||
| 18 | .Fd #define SSL_get_cipher(s) SSL_CIPHER_get_name(SSL_get_current_cipher(s)) | ||
| 19 | .Fd #define SSL_get_cipher_name(s) \ | ||
| 20 | SSL_CIPHER_get_name(SSL_get_current_cipher(s)) | ||
| 21 | .Fd #define SSL_get_cipher_bits(s,np) \ | ||
| 22 | SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) | ||
| 23 | .Fd #define SSL_get_cipher_version(s) \ | ||
| 24 | SSL_CIPHER_get_version(SSL_get_current_cipher(s)) | ||
| 25 | .Sh DESCRIPTION | ||
| 26 | .Fn SSL_get_current_cipher | ||
| 27 | returns a pointer to an | ||
| 28 | .Vt SSL_CIPHER | ||
| 29 | object containing the description of the actually used cipher of a connection | ||
| 30 | established with the | ||
| 31 | .Fa ssl | ||
| 32 | object. | ||
| 33 | .Pp | ||
| 34 | .Fn SSL_get_cipher | ||
| 35 | and | ||
| 36 | .Fn SSL_get_cipher_name | ||
| 37 | are identical macros to obtain the name of the currently used cipher. | ||
| 38 | .Fn SSL_get_cipher_bits | ||
| 39 | is a macro to obtain the number of secret/algorithm bits used and | ||
| 40 | .Fn SSL_get_cipher_version | ||
| 41 | returns the protocol name. | ||
| 42 | See | ||
| 43 | .Xr SSL_CIPHER_get_name 3 | ||
| 44 | for more details. | ||
| 45 | .Sh RETURN VALUES | ||
| 46 | .Fn SSL_get_current_cipher | ||
| 47 | returns the cipher actually used or | ||
| 48 | .Dv NULL , | ||
| 49 | when no session has been established. | ||
| 50 | .Sh SEE ALSO | ||
| 51 | .Xr ssl 3 , | ||
| 52 | .Xr SSL_CIPHER_get_name 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_default_timeout.3 b/src/lib/libssl/doc/SSL_get_default_timeout.3 deleted file mode 100644 index 1a58e87f27..0000000000 --- a/src/lib/libssl/doc/SSL_get_default_timeout.3 +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_default_timeout.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_DEFAULT_TIMEOUT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_default_timeout | ||
| 9 | .Nd get default session timeout value | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft long | ||
| 13 | .Fn SSL_get_default_timeout "const SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_default_timeout | ||
| 16 | returns the default timeout value assigned to | ||
| 17 | .Vt SSL_SESSION | ||
| 18 | objects negotiated for the protocol valid for | ||
| 19 | .Fa ssl . | ||
| 20 | .Sh NOTES | ||
| 21 | Whenever a new session is negotiated, it is assigned a timeout value, | ||
| 22 | after which it will not be accepted for session reuse. | ||
| 23 | If the timeout value was not explicitly set using | ||
| 24 | .Xr SSL_CTX_set_timeout 3 , | ||
| 25 | the hardcoded default timeout for the protocol will be used. | ||
| 26 | .Pp | ||
| 27 | .Fn SSL_get_default_timeout | ||
| 28 | return this hardcoded value, which is 300 seconds for all currently supported | ||
| 29 | protocols (SSLv2, SSLv3, and TLSv1). | ||
| 30 | .Sh RETURN VALUES | ||
| 31 | See description. | ||
| 32 | .Sh SEE ALSO | ||
| 33 | .Xr ssl 3 , | ||
| 34 | .Xr SSL_CTX_flush_sessions 3 , | ||
| 35 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 36 | .Xr SSL_SESSION_get_time 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_error.3 b/src/lib/libssl/doc/SSL_get_error.3 deleted file mode 100644 index 95fdf5ab00..0000000000 --- a/src/lib/libssl/doc/SSL_get_error.3 +++ /dev/null | |||
| @@ -1,169 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_error.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_ERROR 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_error | ||
| 9 | .Nd obtain result code for TLS/SSL I/O operation | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_get_error "const SSL *ssl" "int ret" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_error | ||
| 16 | returns a result code (suitable for the C | ||
| 17 | .Dq switch | ||
| 18 | statement) for a preceding call to | ||
| 19 | .Xr SSL_connect 3 , | ||
| 20 | .Xr SSL_accept 3 , | ||
| 21 | .Xr SSL_do_handshake 3 , | ||
| 22 | .Xr SSL_read 3 , | ||
| 23 | .Xr SSL_peek 3 , | ||
| 24 | or | ||
| 25 | .Xr SSL_write 3 | ||
| 26 | on | ||
| 27 | .Fa ssl . | ||
| 28 | The value returned by that TLS/SSL I/O function must be passed to | ||
| 29 | .Fn SSL_get_error | ||
| 30 | in parameter | ||
| 31 | .Fa ret . | ||
| 32 | .Pp | ||
| 33 | In addition to | ||
| 34 | .Fa ssl | ||
| 35 | and | ||
| 36 | .Fa ret , | ||
| 37 | .Fn SSL_get_error | ||
| 38 | inspects the current thread's OpenSSL error queue. | ||
| 39 | Thus, | ||
| 40 | .Fn SSL_get_error | ||
| 41 | must be used in the same thread that performed the TLS/SSL I/O operation, | ||
| 42 | and no other OpenSSL function calls should appear in between. | ||
| 43 | The current thread's error queue must be empty before the TLS/SSL I/O operation | ||
| 44 | is attempted, or | ||
| 45 | .Fn SSL_get_error | ||
| 46 | will not work reliably. | ||
| 47 | .Sh RETURN VALUES | ||
| 48 | The following return values can currently occur: | ||
| 49 | .Bl -tag -width Ds | ||
| 50 | .It Dv SSL_ERROR_NONE | ||
| 51 | The TLS/SSL I/O operation completed. | ||
| 52 | This result code is returned if and only if | ||
| 53 | .Fa ret | ||
| 54 | < 0. | ||
| 55 | .It Dv SSL_ERROR_ZERO_RETURN | ||
| 56 | The TLS/SSL connection has been closed. | ||
| 57 | If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned | ||
| 58 | only if a closure alert has occurred in the protocol, i.e., if the connection | ||
| 59 | has been closed cleanly. | ||
| 60 | Note that in this case | ||
| 61 | .Dv SSL_ERROR_ZERO_RETURN | ||
| 62 | does not necessarily indicate that the underlying transport has been closed. | ||
| 63 | .It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE | ||
| 64 | The operation did not complete; | ||
| 65 | the same TLS/SSL I/O function should be called again later. | ||
| 66 | If, by then, the underlying | ||
| 67 | .Vt BIO | ||
| 68 | has data available for reading (if the result code is | ||
| 69 | .Dv SSL_ERROR_WANT_READ ) | ||
| 70 | or allows writing data | ||
| 71 | .Pq Dv SSL_ERROR_WANT_WRITE , | ||
| 72 | then some TLS/SSL protocol progress will take place, | ||
| 73 | i.e., at least part of an TLS/SSL record will be read or written. | ||
| 74 | Note that the retry may again lead to a | ||
| 75 | .Dv SSL_ERROR_WANT_READ | ||
| 76 | or | ||
| 77 | .Dv SSL_ERROR_WANT_WRITE | ||
| 78 | condition. | ||
| 79 | There is no fixed upper limit for the number of iterations that may be | ||
| 80 | necessary until progress becomes visible at application protocol level. | ||
| 81 | .Pp | ||
| 82 | For socket | ||
| 83 | .Fa BIO Ns | ||
| 84 | s (e.g., when | ||
| 85 | .Fn SSL_set_fd | ||
| 86 | was used), | ||
| 87 | .Xr select 2 | ||
| 88 | or | ||
| 89 | .Xr poll 2 | ||
| 90 | on the underlying socket can be used to find out when the TLS/SSL I/O function | ||
| 91 | should be retried. | ||
| 92 | .Pp | ||
| 93 | Caveat: Any TLS/SSL I/O function can lead to either of | ||
| 94 | .Dv SSL_ERROR_WANT_READ | ||
| 95 | and | ||
| 96 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 97 | In particular, | ||
| 98 | .Xr SSL_read 3 | ||
| 99 | or | ||
| 100 | .Xr SSL_peek 3 | ||
| 101 | may want to write data and | ||
| 102 | .Xr SSL_write 3 | ||
| 103 | may want | ||
| 104 | to read data. | ||
| 105 | This is mainly because TLS/SSL handshakes may occur at any time during the | ||
| 106 | protocol (initiated by either the client or the server); | ||
| 107 | .Xr SSL_read 3 , | ||
| 108 | .Xr SSL_peek 3 , | ||
| 109 | and | ||
| 110 | .Xr SSL_write 3 | ||
| 111 | will handle any pending handshakes. | ||
| 112 | .It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT | ||
| 113 | The operation did not complete; the same TLS/SSL I/O function should be | ||
| 114 | called again later. | ||
| 115 | The underlying BIO was not connected yet to the peer and the call would block | ||
| 116 | in | ||
| 117 | .Xr connect 2 Ns / Ns | ||
| 118 | .Xr accept 2 . | ||
| 119 | The SSL function should be | ||
| 120 | called again when the connection is established. | ||
| 121 | These messages can only appear with a | ||
| 122 | .Xr BIO_s_connect 3 | ||
| 123 | or | ||
| 124 | .Xr BIO_s_accept 3 | ||
| 125 | .Vt BIO , | ||
| 126 | respectively. | ||
| 127 | In order to find out when the connection has been successfully established, | ||
| 128 | on many platforms | ||
| 129 | .Xr select 2 | ||
| 130 | or | ||
| 131 | .Xr poll 2 | ||
| 132 | for writing on the socket file descriptor can be used. | ||
| 133 | .It Dv SSL_ERROR_WANT_X509_LOOKUP | ||
| 134 | The operation did not complete because an application callback set by | ||
| 135 | .Xr SSL_CTX_set_client_cert_cb 3 | ||
| 136 | has asked to be called again. | ||
| 137 | The TLS/SSL I/O function should be called again later. | ||
| 138 | Details depend on the application. | ||
| 139 | .It Dv SSL_ERROR_SYSCALL | ||
| 140 | Some I/O error occurred. | ||
| 141 | The OpenSSL error queue may contain more information on the error. | ||
| 142 | If the error queue is empty (i.e., | ||
| 143 | .Fn ERR_get_error | ||
| 144 | returns 0), | ||
| 145 | .Fa ret | ||
| 146 | can be used to find out more about the error: | ||
| 147 | If | ||
| 148 | .Fa ret | ||
| 149 | == 0, an | ||
| 150 | .Dv EOF | ||
| 151 | was observed that violates the protocol. | ||
| 152 | If | ||
| 153 | .Fa ret | ||
| 154 | == \(mi1, the underlying | ||
| 155 | .Vt BIO | ||
| 156 | reported an | ||
| 157 | I/O error (for socket I/O on Unix systems, consult | ||
| 158 | .Dv errno | ||
| 159 | for details). | ||
| 160 | .It Dv SSL_ERROR_SSL | ||
| 161 | A failure in the SSL library occurred, usually a protocol error. | ||
| 162 | The OpenSSL error queue contains more information on the error. | ||
| 163 | .El | ||
| 164 | .Sh SEE ALSO | ||
| 165 | .Xr err 3 , | ||
| 166 | .Xr ssl 3 | ||
| 167 | .Sh HISTORY | ||
| 168 | .Fn SSL_get_error | ||
| 169 | was added in SSLeay 0.8. | ||
diff --git a/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3 deleted file mode 100644 index ac8a27c952..0000000000 --- a/src/lib/libssl/doc/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ /dev/null | |||
| @@ -1,65 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.3 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_ex_data_X509_STORE_CTX_idx | ||
| 9 | .Nd get ex_data index to access SSL structure from X509_STORE_CTX | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_get_ex_data_X509_STORE_CTX_idx void | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_ex_data_X509_STORE_CTX_idx | ||
| 16 | returns the index number under which the pointer to the | ||
| 17 | .Vt SSL | ||
| 18 | object is stored into the | ||
| 19 | .Vt X509_STORE_CTX | ||
| 20 | object. | ||
| 21 | .Sh NOTES | ||
| 22 | Whenever a | ||
| 23 | .Vt X509_STORE_CTX | ||
| 24 | object is created for the verification of the peer's certificate during a | ||
| 25 | handshake, a pointer to the | ||
| 26 | .Vt SSL | ||
| 27 | object is stored into the | ||
| 28 | .Vt X509_STORE_CTX | ||
| 29 | object to identify the connection affected. | ||
| 30 | To retrieve this pointer the | ||
| 31 | .Xr X509_STORE_CTX_get_ex_data 3 | ||
| 32 | function can be used with the correct index. | ||
| 33 | This index is globally the same for all | ||
| 34 | .Vt X509_STORE_CTX | ||
| 35 | objects and can be retrieved using | ||
| 36 | .Fn SSL_get_ex_data_X509_STORE_CTX_idx . | ||
| 37 | The index value is set when | ||
| 38 | .Fn SSL_get_ex_data_X509_STORE_CTX_idx | ||
| 39 | is first called either by the application program directly or indirectly during | ||
| 40 | other SSL setup functions or during the handshake. | ||
| 41 | .Pp | ||
| 42 | The value depends on other index values defined for | ||
| 43 | .Vt X509_STORE_CTX | ||
| 44 | objects before the SSL index is created. | ||
| 45 | .Sh RETURN VALUES | ||
| 46 | .Bl -tag -width Ds | ||
| 47 | .It \(>=0 | ||
| 48 | The index value to access the pointer. | ||
| 49 | .It <0 | ||
| 50 | An error occurred, check the error stack for a detailed error message. | ||
| 51 | .El | ||
| 52 | .Sh EXAMPLES | ||
| 53 | The index returned from | ||
| 54 | .Fn SSL_get_ex_data_X509_STORE_CTX_idx | ||
| 55 | provides access to | ||
| 56 | .Vt SSL | ||
| 57 | object for the connection during the | ||
| 58 | .Fn verify_callback | ||
| 59 | when checking the peer's certificate. | ||
| 60 | Please check the example in | ||
| 61 | .Xr SSL_CTX_set_verify 3 . | ||
| 62 | .Sh SEE ALSO | ||
| 63 | .Xr CRYPTO_set_ex_data 3 , | ||
| 64 | .Xr ssl 3 , | ||
| 65 | .Xr SSL_CTX_set_verify 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_ex_new_index.3 b/src/lib/libssl/doc/SSL_get_ex_new_index.3 deleted file mode 100644 index d4613a6210..0000000000 --- a/src/lib/libssl/doc/SSL_get_ex_new_index.3 +++ /dev/null | |||
| @@ -1,76 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_ex_new_index.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_EX_NEW_INDEX 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_ex_new_index , | ||
| 9 | .Nm SSL_set_ex_data , | ||
| 10 | .Nm SSL_get_ex_data | ||
| 11 | .Nd internal application specific data functions | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft int | ||
| 15 | .Fo SSL_get_ex_new_index | ||
| 16 | .Fa "long argl" | ||
| 17 | .Fa "void *argp" | ||
| 18 | .Fa "CRYPTO_EX_new *new_func" | ||
| 19 | .Fa "CRYPTO_EX_dup *dup_func" | ||
| 20 | .Fa "CRYPTO_EX_free *free_func" | ||
| 21 | .Fc | ||
| 22 | .Ft int | ||
| 23 | .Fn SSL_set_ex_data "SSL *ssl" "int idx" "void *arg" | ||
| 24 | .Ft void * | ||
| 25 | .Fn SSL_get_ex_data "const SSL *ssl" "int idx" | ||
| 26 | .Bd -literal | ||
| 27 | typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 28 | int idx, long argl, void *argp); | ||
| 29 | typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 30 | int idx, long argl, void *argp); | ||
| 31 | typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 32 | int idx, long argl, void *argp); | ||
| 33 | .Ed | ||
| 34 | .Sh DESCRIPTION | ||
| 35 | Several OpenSSL structures can have application specific data attached to them. | ||
| 36 | These functions are used internally by OpenSSL to manipulate application | ||
| 37 | specific data attached to a specific structure. | ||
| 38 | .Pp | ||
| 39 | .Fn SSL_get_ex_new_index | ||
| 40 | is used to register a new index for application specific data. | ||
| 41 | .Pp | ||
| 42 | .Fn SSL_set_ex_data | ||
| 43 | is used to store application data at | ||
| 44 | .Fa arg | ||
| 45 | for | ||
| 46 | .Fa idx | ||
| 47 | into the | ||
| 48 | .Fa ssl | ||
| 49 | object. | ||
| 50 | .Pp | ||
| 51 | .Fn SSL_get_ex_data | ||
| 52 | is used to retrieve the information for | ||
| 53 | .Fa idx | ||
| 54 | from | ||
| 55 | .Fa ssl . | ||
| 56 | .Pp | ||
| 57 | A detailed description for the | ||
| 58 | .Fn *_get_ex_new_index | ||
| 59 | functionality can be found in | ||
| 60 | .Xr RSA_get_ex_new_index 3 . | ||
| 61 | The | ||
| 62 | .Fn *_get_ex_data | ||
| 63 | and | ||
| 64 | .Fn *_set_ex_data | ||
| 65 | functionality is described in | ||
| 66 | .Xr CRYPTO_set_ex_data 3 . | ||
| 67 | .Sh EXAMPLES | ||
| 68 | An example of how to use the functionality is included in the example | ||
| 69 | .Fn verify_callback | ||
| 70 | in | ||
| 71 | .Xr SSL_CTX_set_verify 3 . | ||
| 72 | .Sh SEE ALSO | ||
| 73 | .Xr CRYPTO_set_ex_data 3 , | ||
| 74 | .Xr RSA_get_ex_new_index 3 , | ||
| 75 | .Xr ssl 3 , | ||
| 76 | .Xr SSL_CTX_set_verify 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_fd.3 b/src/lib/libssl/doc/SSL_get_fd.3 deleted file mode 100644 index b66b5f1044..0000000000 --- a/src/lib/libssl/doc/SSL_get_fd.3 +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_fd.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_FD 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_fd , | ||
| 9 | .Nm SSL_get_rfd , | ||
| 10 | .Nm SSL_get_wfd | ||
| 11 | .Nd get file descriptor linked to an SSL object | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft int | ||
| 15 | .Fn SSL_get_fd "const SSL *ssl" | ||
| 16 | .Ft int | ||
| 17 | .Fn SSL_get_rfd "const SSL *ssl" | ||
| 18 | .Ft int | ||
| 19 | .Fn SSL_get_wfd "const SSL *ssl" | ||
| 20 | .Sh DESCRIPTION | ||
| 21 | .Fn SSL_get_fd | ||
| 22 | returns the file descriptor which is linked to | ||
| 23 | .Fa ssl . | ||
| 24 | .Fn SSL_get_rfd | ||
| 25 | and | ||
| 26 | .Fn SSL_get_wfd | ||
| 27 | return the file descriptors for the read or the write channel, | ||
| 28 | which can be different. | ||
| 29 | If the read and the write channel are different, | ||
| 30 | .Fn SSL_get_fd | ||
| 31 | will return the file descriptor of the read channel. | ||
| 32 | .Sh RETURN VALUES | ||
| 33 | The following return values can occur: | ||
| 34 | .Bl -tag -width Ds | ||
| 35 | .It \(mi1 | ||
| 36 | The operation failed, because the underlying | ||
| 37 | .Vt BIO | ||
| 38 | is not of the correct type (suitable for file descriptors). | ||
| 39 | .It \(>=0 | ||
| 40 | The file descriptor linked to | ||
| 41 | .Fa ssl . | ||
| 42 | .El | ||
| 43 | .Sh SEE ALSO | ||
| 44 | .Xr bio 3 , | ||
| 45 | .Xr ssl 3 , | ||
| 46 | .Xr SSL_set_fd 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_peer_cert_chain.3 b/src/lib/libssl/doc/SSL_get_peer_cert_chain.3 deleted file mode 100644 index e4faece5d0..0000000000 --- a/src/lib/libssl/doc/SSL_get_peer_cert_chain.3 +++ /dev/null | |||
| @@ -1,47 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_peer_cert_chain.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_PEER_CERT_CHAIN 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_peer_cert_chain | ||
| 9 | .Nd get the X509 certificate chain of the peer | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft STACK_OF(X509) * | ||
| 13 | .Fn SSL_get_peer_cert_chain "const SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_peer_cert_chain | ||
| 16 | returns a pointer to | ||
| 17 | .Dv STACK_OF Ns Po Vt X509 Pc | ||
| 18 | certificates forming the certificate chain of the peer. | ||
| 19 | If called on the client side, the stack also contains the peer's certificate; | ||
| 20 | if called on the server side, the peer's certificate must be obtained | ||
| 21 | separately using | ||
| 22 | .Xr SSL_get_peer_certificate 3 . | ||
| 23 | If the peer did not present a certificate, | ||
| 24 | .Dv NULL | ||
| 25 | is returned. | ||
| 26 | .Sh NOTES | ||
| 27 | The peer certificate chain is not necessarily available after reusing a | ||
| 28 | session, in which case a | ||
| 29 | .Dv NULL | ||
| 30 | pointer is returned. | ||
| 31 | .Pp | ||
| 32 | The reference count of the | ||
| 33 | .Dv STACK_OF Ns Po Vt X509 Pc | ||
| 34 | object is not incremented. | ||
| 35 | If the corresponding session is freed, the pointer must not be used any longer. | ||
| 36 | .Sh RETURN VALUES | ||
| 37 | The following return values can occur: | ||
| 38 | .Bl -tag -width Ds | ||
| 39 | .It Dv NULL | ||
| 40 | No certificate was presented by the peer or no connection was established or | ||
| 41 | the certificate chain is no longer available when a session is reused. | ||
| 42 | .It Pointer to a Dv STACK_OF Ns Po X509 Pc | ||
| 43 | The return value points to the certificate chain presented by the peer. | ||
| 44 | .El | ||
| 45 | .Sh SEE ALSO | ||
| 46 | .Xr ssl 3 , | ||
| 47 | .Xr SSL_get_peer_certificate 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_peer_certificate.3 b/src/lib/libssl/doc/SSL_get_peer_certificate.3 deleted file mode 100644 index bb32572356..0000000000 --- a/src/lib/libssl/doc/SSL_get_peer_certificate.3 +++ /dev/null | |||
| @@ -1,53 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_peer_certificate.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_PEER_CERTIFICATE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_peer_certificate | ||
| 9 | .Nd get the X509 certificate of the peer | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft X509 * | ||
| 13 | .Fn SSL_get_peer_certificate "const SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_peer_certificate | ||
| 16 | returns a pointer to the X509 certificate the peer presented. | ||
| 17 | If the peer did not present a certificate, | ||
| 18 | .Dv NULL | ||
| 19 | is returned. | ||
| 20 | .Sh NOTES | ||
| 21 | Due to the protocol definition, a TLS/SSL server will always send a | ||
| 22 | certificate, if present. | ||
| 23 | A client will only send a certificate when explicitly requested to do so by the | ||
| 24 | server (see | ||
| 25 | .Xr SSL_CTX_set_verify 3 ) . | ||
| 26 | If an anonymous cipher is used, no certificates are sent. | ||
| 27 | .Pp | ||
| 28 | That a certificate is returned does not indicate information about the | ||
| 29 | verification state. | ||
| 30 | Use | ||
| 31 | .Xr SSL_get_verify_result 3 | ||
| 32 | to check the verification state. | ||
| 33 | .Pp | ||
| 34 | The reference count of the | ||
| 35 | .Vt X509 | ||
| 36 | object is incremented by one, so that it will not be destroyed when the session | ||
| 37 | containing the peer certificate is freed. | ||
| 38 | The | ||
| 39 | .Vt X509 | ||
| 40 | object must be explicitly freed using | ||
| 41 | .Xr X509_free 3 . | ||
| 42 | .Sh RETURN VALUES | ||
| 43 | The following return values can occur: | ||
| 44 | .Bl -tag -width Ds | ||
| 45 | .It Dv NULL | ||
| 46 | No certificate was presented by the peer or no connection was established. | ||
| 47 | .It Pointer to an X509 certificate | ||
| 48 | The return value points to the certificate presented by the peer. | ||
| 49 | .El | ||
| 50 | .Sh SEE ALSO | ||
| 51 | .Xr ssl 3 , | ||
| 52 | .Xr SSL_CTX_set_verify 3 , | ||
| 53 | .Xr SSL_get_verify_result 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_psk_identity.3 b/src/lib/libssl/doc/SSL_get_psk_identity.3 deleted file mode 100644 index 408555c0ee..0000000000 --- a/src/lib/libssl/doc/SSL_get_psk_identity.3 +++ /dev/null | |||
| @@ -1,44 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_psk_identity.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_PSK_IDENTITY 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_psk_identity , | ||
| 9 | .Nm SSL_get_psk_identity_hint | ||
| 10 | .Nd get PSK client identity and hint | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft const char * | ||
| 14 | .Fn SSL_get_psk_identity_hint "const SSL *ssl" | ||
| 15 | .Ft const char * | ||
| 16 | .Fn SSL_get_psk_identity "const SSL *ssl" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_get_psk_identity_hint | ||
| 19 | is used to retrieve the PSK identity hint used during the connection setup | ||
| 20 | related to | ||
| 21 | .Vt SSL | ||
| 22 | object | ||
| 23 | .Fa ssl . | ||
| 24 | Similarly, | ||
| 25 | .Fn SSL_get_psk_identity | ||
| 26 | is used to retrieve the PSK identity used during the connection setup. | ||
| 27 | .Sh RETURN VALUES | ||
| 28 | If | ||
| 29 | .Pf non- Dv NULL , | ||
| 30 | .Fn SSL_get_psk_identity_hint | ||
| 31 | returns the PSK identity hint and | ||
| 32 | .Fn SSL_get_psk_identity | ||
| 33 | returns the PSK identity. | ||
| 34 | Both are | ||
| 35 | .Dv NULL Ns -terminated. | ||
| 36 | .Fn SSL_get_psk_identity_hint | ||
| 37 | may return | ||
| 38 | .Dv NULL | ||
| 39 | if no PSK identity hint was used during the connection setup. | ||
| 40 | .Pp | ||
| 41 | Note that the return value is valid only during the lifetime of the | ||
| 42 | .Vt SSL | ||
| 43 | object | ||
| 44 | .Fa ssl . | ||
diff --git a/src/lib/libssl/doc/SSL_get_rbio.3 b/src/lib/libssl/doc/SSL_get_rbio.3 deleted file mode 100644 index 4455692eac..0000000000 --- a/src/lib/libssl/doc/SSL_get_rbio.3 +++ /dev/null | |||
| @@ -1,45 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_rbio.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_RBIO 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_rbio , | ||
| 9 | .Nm SSL_get_wbio | ||
| 10 | .Nd get BIO linked to an SSL object | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft BIO * | ||
| 14 | .Fn SSL_get_rbio "SSL *ssl" | ||
| 15 | .Ft BIO * | ||
| 16 | .Fn SSL_get_wbio "SSL *ssl" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_get_rbio | ||
| 19 | and | ||
| 20 | .Fn SSL_get_wbio | ||
| 21 | return pointers to the | ||
| 22 | .Vt BIO Ns s | ||
| 23 | for the read or the write channel, which can be different. | ||
| 24 | The reference count of the | ||
| 25 | .Vt BIO | ||
| 26 | is not incremented. | ||
| 27 | .Sh RETURN VALUES | ||
| 28 | The following return values can occur: | ||
| 29 | .Bl -tag -width Ds | ||
| 30 | .It Dv NULL | ||
| 31 | No | ||
| 32 | .Vt BIO | ||
| 33 | was connected to the | ||
| 34 | .Vt SSL | ||
| 35 | object. | ||
| 36 | .It Any other pointer | ||
| 37 | The | ||
| 38 | .Vt BIO | ||
| 39 | linked to | ||
| 40 | .Fa ssl . | ||
| 41 | .El | ||
| 42 | .Sh SEE ALSO | ||
| 43 | .Xr bio 3 , | ||
| 44 | .Xr ssl 3 , | ||
| 45 | .Xr SSL_set_bio 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_session.3 b/src/lib/libssl/doc/SSL_get_session.3 deleted file mode 100644 index 435fe20956..0000000000 --- a/src/lib/libssl/doc/SSL_get_session.3 +++ /dev/null | |||
| @@ -1,97 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_session.3,v 1.3 2014/12/04 18:27:10 schwarze Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 4 2014 $ | ||
| 5 | .Dt SSL_GET_SESSION 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_session , | ||
| 9 | .Nm SSL_get0_session , | ||
| 10 | .Nm SSL_get1_session | ||
| 11 | .Nd retrieve TLS/SSL session data | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft SSL_SESSION * | ||
| 15 | .Fn SSL_get_session "const SSL *ssl" | ||
| 16 | .Ft SSL_SESSION * | ||
| 17 | .Fn SSL_get0_session "const SSL *ssl" | ||
| 18 | .Ft SSL_SESSION * | ||
| 19 | .Fn SSL_get1_session "SSL *ssl" | ||
| 20 | .Sh DESCRIPTION | ||
| 21 | .Fn SSL_get_session | ||
| 22 | returns a pointer to the | ||
| 23 | .Vt SSL_SESSION | ||
| 24 | actually used in | ||
| 25 | .Fa ssl . | ||
| 26 | The reference count of the | ||
| 27 | .Vt SSL_SESSION | ||
| 28 | is not incremented, so that the pointer can become invalid by other operations. | ||
| 29 | .Pp | ||
| 30 | .Fn SSL_get0_session | ||
| 31 | is the same as | ||
| 32 | .Fn SSL_get_session . | ||
| 33 | .Pp | ||
| 34 | .Fn SSL_get1_session | ||
| 35 | is the same as | ||
| 36 | .Fn SSL_get_session , | ||
| 37 | but the reference count of the | ||
| 38 | .Vt SSL_SESSION | ||
| 39 | is incremented by one. | ||
| 40 | .Sh NOTES | ||
| 41 | The | ||
| 42 | Fa ssl | ||
| 43 | session contains all information required to re-establish the connection | ||
| 44 | without a new handshake. | ||
| 45 | .Pp | ||
| 46 | .Fn SSL_get0_session | ||
| 47 | returns a pointer to the actual session. | ||
| 48 | As the reference counter is not incremented, | ||
| 49 | the pointer is only valid while the connection is in use. | ||
| 50 | If | ||
| 51 | .Xr SSL_clear 3 | ||
| 52 | or | ||
| 53 | .Xr SSL_free 3 | ||
| 54 | is called, the session may be removed completely (if considered bad), | ||
| 55 | and the pointer obtained will become invalid. | ||
| 56 | Even if the session is valid, | ||
| 57 | it can be removed at any time due to timeout during | ||
| 58 | .Xr SSL_CTX_flush_sessions 3 . | ||
| 59 | .Pp | ||
| 60 | If the data is to be kept, | ||
| 61 | .Fn SSL_get1_session | ||
| 62 | will increment the reference count, so that the session will not be implicitly | ||
| 63 | removed by other operations but stays in memory. | ||
| 64 | In order to remove the session | ||
| 65 | .Xr SSL_SESSION_free 3 | ||
| 66 | must be explicitly called once to decrement the reference count again. | ||
| 67 | .Pp | ||
| 68 | .Vt SSL_SESSION | ||
| 69 | objects keep internal link information about the session cache list when being | ||
| 70 | inserted into one | ||
| 71 | .Vt SSL_CTX | ||
| 72 | object's session cache. | ||
| 73 | One | ||
| 74 | .Vt SSL_SESSION | ||
| 75 | object, regardless of its reference count, must therefore only be used with one | ||
| 76 | .Vt SSL_CTX | ||
| 77 | object (and the | ||
| 78 | .Vt SSL | ||
| 79 | objects created from this | ||
| 80 | .Vt SSL_CTX | ||
| 81 | object). | ||
| 82 | .Sh RETURN VALUES | ||
| 83 | The following return values can occur: | ||
| 84 | .Bl -tag -width Ds | ||
| 85 | .It Dv NULL | ||
| 86 | There is no session available in | ||
| 87 | .Fa ssl . | ||
| 88 | .It Pointer to an Vt SSL | ||
| 89 | The return value points to the data of an | ||
| 90 | .Vt SSL | ||
| 91 | session. | ||
| 92 | .El | ||
| 93 | .Sh SEE ALSO | ||
| 94 | .Xr ssl 3 , | ||
| 95 | .Xr SSL_clear 3 , | ||
| 96 | .Xr SSL_free 3 , | ||
| 97 | .Xr SSL_SESSION_free 3 | ||
diff --git a/src/lib/libssl/doc/SSL_get_verify_result.3 b/src/lib/libssl/doc/SSL_get_verify_result.3 deleted file mode 100644 index e89e3dea61..0000000000 --- a/src/lib/libssl/doc/SSL_get_verify_result.3 +++ /dev/null | |||
| @@ -1,49 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_verify_result.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_VERIFY_RESULT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_verify_result | ||
| 9 | .Nd get result of peer certificate verification | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft long | ||
| 13 | .Fn SSL_get_verify_result "const SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_verify_result | ||
| 16 | returns the result of the verification of the X509 certificate presented by the | ||
| 17 | peer, if any. | ||
| 18 | .Sh NOTES | ||
| 19 | .Fn SSL_get_verify_result | ||
| 20 | can only return one error code while the verification of a certificate can fail | ||
| 21 | because of many reasons at the same time. | ||
| 22 | Only the last verification error that occurred during the processing is | ||
| 23 | available from | ||
| 24 | .Fn SSL_get_verify_result . | ||
| 25 | .Pp | ||
| 26 | The verification result is part of the established session and is restored when | ||
| 27 | a session is reused. | ||
| 28 | .Sh RETURN VALUES | ||
| 29 | The following return values can currently occur: | ||
| 30 | .Bl -tag -width Ds | ||
| 31 | .It Dv X509_V_OK | ||
| 32 | The verification succeeded or no peer certificate was presented. | ||
| 33 | .It Any other value | ||
| 34 | Documented in | ||
| 35 | .Xr openssl 1 . | ||
| 36 | .El | ||
| 37 | .Sh SEE ALSO | ||
| 38 | .Xr openssl 1 , | ||
| 39 | .Xr ssl 3 , | ||
| 40 | .Xr SSL_get_peer_certificate 3 , | ||
| 41 | .Xr SSL_set_verify_result 3 | ||
| 42 | .Sh BUGS | ||
| 43 | If no peer certificate was presented, the returned result code is | ||
| 44 | .Dv X509_V_OK . | ||
| 45 | This is because no verification error occurred; | ||
| 46 | however, it does not indicate success. | ||
| 47 | .Fn SSL_get_verify_result | ||
| 48 | is only useful in connection with | ||
| 49 | .Xr SSL_get_peer_certificate 3 . | ||
diff --git a/src/lib/libssl/doc/SSL_get_version.3 b/src/lib/libssl/doc/SSL_get_version.3 deleted file mode 100644 index ecfd005f12..0000000000 --- a/src/lib/libssl/doc/SSL_get_version.3 +++ /dev/null | |||
| @@ -1,35 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_get_version.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_GET_VERSION 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_get_version | ||
| 9 | .Nd get the protocol version of a connection | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft const char * | ||
| 13 | .Fn SSL_get_version "const SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_get_version | ||
| 16 | returns the name of the protocol used for the connection | ||
| 17 | .Fa ssl . | ||
| 18 | .Sh RETURN VALUES | ||
| 19 | The following strings can be returned: | ||
| 20 | .Bl -tag -width Ds | ||
| 21 | .It Qq SSLv2 | ||
| 22 | The connection uses the SSLv2 protocol. | ||
| 23 | .It Qq SSLv3 | ||
| 24 | The connection uses the SSLv3 protocol. | ||
| 25 | .It Qq TLSv1 | ||
| 26 | The connection uses the TLSv1.0 protocol. | ||
| 27 | .It Qq TLSv1.1 | ||
| 28 | The connection uses the TLSv1.1 protocol. | ||
| 29 | .It Qq TLSv1.2 | ||
| 30 | The connection uses the TLSv1.2 protocol. | ||
| 31 | .It Qq unknown | ||
| 32 | This indicates that no version has been set (no connection established). | ||
| 33 | .El | ||
| 34 | .Sh SEE ALSO | ||
| 35 | .Xr ssl 3 | ||
diff --git a/src/lib/libssl/doc/SSL_library_init.3 b/src/lib/libssl/doc/SSL_library_init.3 deleted file mode 100644 index 0c84c5d9c9..0000000000 --- a/src/lib/libssl/doc/SSL_library_init.3 +++ /dev/null | |||
| @@ -1,54 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_library_init.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_LIBRARY_INIT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_library_init , | ||
| 9 | .Nm OpenSSL_add_ssl_algorithms , | ||
| 10 | .Nm SSLeay_add_ssl_algorithms | ||
| 11 | .Nd initialize SSL library by registering algorithms | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft int | ||
| 15 | .Fn SSL_library_init void | ||
| 16 | .Fd #define OpenSSL_add_ssl_algorithms() SSL_library_init() | ||
| 17 | .Fd #define SSLeay_add_ssl_algorithms() SSL_library_init() | ||
| 18 | .Sh DESCRIPTION | ||
| 19 | .Fn SSL_library_init | ||
| 20 | registers the available SSL/TLS ciphers and digests. | ||
| 21 | .Pp | ||
| 22 | .Fn OpenSSL_add_ssl_algorithms | ||
| 23 | and | ||
| 24 | .Fn SSLeay_add_ssl_algorithms | ||
| 25 | are synonyms for | ||
| 26 | .Fn SSL_library_init . | ||
| 27 | .Sh NOTES | ||
| 28 | .Fn SSL_library_init | ||
| 29 | must be called before any other action takes place. | ||
| 30 | .Fn SSL_library_init | ||
| 31 | is not reentrant. | ||
| 32 | .Sh WARNING | ||
| 33 | .Fn SSL_library_init | ||
| 34 | adds ciphers and digests used directly and indirectly by SSL/TLS. | ||
| 35 | .Sh RETURN VALUES | ||
| 36 | .Fn SSL_library_init | ||
| 37 | always returns 1, so it is safe to discard the return value. | ||
| 38 | .Sh EXAMPLES | ||
| 39 | A typical TLS/SSL application will start with the library initialization, and | ||
| 40 | provide readable error messages. | ||
| 41 | .Bd -literal | ||
| 42 | SSL_load_error_strings(); /* readable error messages */ | ||
| 43 | SSL_library_init(); /* initialize library */ | ||
| 44 | .Ed | ||
| 45 | .Sh NOTES | ||
| 46 | OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to | ||
| 47 | .Fn SSL_library_init . | ||
| 48 | Applications which need to use SHA2 in earlier versions of OpenSSL should call | ||
| 49 | .Fn OpenSSL_add_all_algorithms | ||
| 50 | as well. | ||
| 51 | .Sh SEE ALSO | ||
| 52 | .Xr RAND_add 3 , | ||
| 53 | .Xr ssl 3 , | ||
| 54 | .Xr SSL_load_error_strings 3 | ||
diff --git a/src/lib/libssl/doc/SSL_load_client_CA_file.3 b/src/lib/libssl/doc/SSL_load_client_CA_file.3 deleted file mode 100644 index d1f085583f..0000000000 --- a/src/lib/libssl/doc/SSL_load_client_CA_file.3 +++ /dev/null | |||
| @@ -1,53 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_load_client_CA_file.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_LOAD_CLIENT_CA_FILE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_load_client_CA_file | ||
| 9 | .Nd load certificate names from file | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft STACK_OF(X509_NAME) * | ||
| 13 | .Fn SSL_load_client_CA_file "const char *file" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_load_client_CA_file | ||
| 16 | reads certificates from | ||
| 17 | .Fa file | ||
| 18 | and returns a | ||
| 19 | .Dv STACK_OF Ns | ||
| 20 | .Pq Vt X509_NAME | ||
| 21 | with the subject names found. | ||
| 22 | .Sh NOTES | ||
| 23 | .Fn SSL_load_client_CA_file | ||
| 24 | reads a file of PEM formatted certificates and extracts the | ||
| 25 | .Vt X509_NAME Ns s | ||
| 26 | of the certificates found. | ||
| 27 | While the name suggests the specific usage as support function for | ||
| 28 | .Xr SSL_CTX_set_client_CA_list 3 , | ||
| 29 | it is not limited to CA certificates. | ||
| 30 | .Sh RETURN VALUES | ||
| 31 | The following return values can occur: | ||
| 32 | .Bl -tag -width Ds | ||
| 33 | .It Dv NULL | ||
| 34 | The operation failed, check out the error stack for the reason. | ||
| 35 | .It Pointer to Dv STACK_OF Ns Po Vt X509_NAME Pc | ||
| 36 | Pointer to the subject names of the successfully read certificates. | ||
| 37 | .El | ||
| 38 | .Sh EXAMPLES | ||
| 39 | Load names of CAs from file and use it as a client CA list: | ||
| 40 | .Bd -literal | ||
| 41 | SSL_CTX *ctx; | ||
| 42 | STACK_OF(X509_NAME) *cert_names; | ||
| 43 | \&... | ||
| 44 | cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); | ||
| 45 | if (cert_names != NULL) | ||
| 46 | SSL_CTX_set_client_CA_list(ctx, cert_names); | ||
| 47 | else | ||
| 48 | error_handling(); | ||
| 49 | \&... | ||
| 50 | .Ed | ||
| 51 | .Sh SEE ALSO | ||
| 52 | .Xr ssl 3 , | ||
| 53 | .Xr SSL_CTX_set_client_CA_list 3 | ||
diff --git a/src/lib/libssl/doc/SSL_new.3 b/src/lib/libssl/doc/SSL_new.3 deleted file mode 100644 index 884b51270b..0000000000 --- a/src/lib/libssl/doc/SSL_new.3 +++ /dev/null | |||
| @@ -1,41 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_new.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_NEW 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_new | ||
| 9 | .Nd create a new SSL structure for a connection | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft SSL * | ||
| 13 | .Fn SSL_new "SSL_CTX *ctx" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_new | ||
| 16 | creates a new | ||
| 17 | .Vt SSL | ||
| 18 | structure which is needed to hold the data for a TLS/SSL connection. | ||
| 19 | The new structure inherits the settings of the underlying context | ||
| 20 | .Fa ctx : | ||
| 21 | connection method (SSLv2/v3/TLSv1), options, verification settings, | ||
| 22 | timeout settings. | ||
| 23 | .Sh RETURN VALUES | ||
| 24 | The following return values can occur: | ||
| 25 | .Bl -tag -width Ds | ||
| 26 | .It Dv NULL | ||
| 27 | The creation of a new | ||
| 28 | .Vt SSL | ||
| 29 | structure failed. | ||
| 30 | Check the error stack to find out the reason. | ||
| 31 | .It Pointer to an Vt SSL No structure | ||
| 32 | The return value points to an allocated | ||
| 33 | .Vt SSL | ||
| 34 | structure. | ||
| 35 | .El | ||
| 36 | .Sh SEE ALSO | ||
| 37 | .Xr ssl 3 , | ||
| 38 | .Xr SSL_clear 3 , | ||
| 39 | .Xr SSL_CTX_set_options 3 , | ||
| 40 | .Xr SSL_free 3 , | ||
| 41 | .Xr SSL_get_SSL_CTX 3 | ||
diff --git a/src/lib/libssl/doc/SSL_pending.3 b/src/lib/libssl/doc/SSL_pending.3 deleted file mode 100644 index 25ef4ea0ba..0000000000 --- a/src/lib/libssl/doc/SSL_pending.3 +++ /dev/null | |||
| @@ -1,44 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_pending.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_PENDING 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_pending | ||
| 9 | .Nd obtain number of readable bytes buffered in an SSL object | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_pending "const SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_pending | ||
| 16 | returns the number of bytes which are available inside | ||
| 17 | .Fa ssl | ||
| 18 | for immediate read. | ||
| 19 | .Sh NOTES | ||
| 20 | Data are received in blocks from the peer. | ||
| 21 | Therefore data can be buffered inside | ||
| 22 | .Fa ssl | ||
| 23 | and are ready for immediate retrieval with | ||
| 24 | .Xr SSL_read 3 . | ||
| 25 | .Sh RETURN VALUES | ||
| 26 | The number of bytes pending is returned. | ||
| 27 | .Sh SEE ALSO | ||
| 28 | .Xr ssl 3 , | ||
| 29 | .Xr SSL_read 3 | ||
| 30 | .Sh BUGS | ||
| 31 | .Fn SSL_pending | ||
| 32 | takes into account only bytes from the TLS/SSL record that is currently being | ||
| 33 | processed (if any). | ||
| 34 | If the | ||
| 35 | .Vt SSL | ||
| 36 | object's | ||
| 37 | .Em read_ahead | ||
| 38 | flag is set, additional protocol bytes may have been read containing more | ||
| 39 | TLS/SSL records; these are ignored by | ||
| 40 | .Fn SSL_pending . | ||
| 41 | .Pp | ||
| 42 | Up to OpenSSL 0.9.6, | ||
| 43 | .Fn SSL_pending | ||
| 44 | does not check if the record type of pending data is application data. | ||
diff --git a/src/lib/libssl/doc/SSL_read.3 b/src/lib/libssl/doc/SSL_read.3 deleted file mode 100644 index d6e5960958..0000000000 --- a/src/lib/libssl/doc/SSL_read.3 +++ /dev/null | |||
| @@ -1,193 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_read.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_READ 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_read | ||
| 9 | .Nd read bytes from a TLS/SSL connection | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_read "SSL *ssl" "void *buf" "int num" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_read | ||
| 16 | tries to read | ||
| 17 | .Fa num | ||
| 18 | bytes from the specified | ||
| 19 | .Fa ssl | ||
| 20 | into the buffer | ||
| 21 | .Fa buf . | ||
| 22 | .Sh NOTES | ||
| 23 | If necessary, | ||
| 24 | .Fn SSL_read | ||
| 25 | will negotiate a TLS/SSL session, if not already explicitly performed by | ||
| 26 | .Xr SSL_connect 3 | ||
| 27 | or | ||
| 28 | .Xr SSL_accept 3 . | ||
| 29 | If the peer requests a re-negotiation, | ||
| 30 | it will be performed transparently during the | ||
| 31 | .Fn SSL_read | ||
| 32 | operation. | ||
| 33 | The behaviour of | ||
| 34 | .Fn SSL_read | ||
| 35 | depends on the underlying | ||
| 36 | .Vt BIO . | ||
| 37 | .Pp | ||
| 38 | For the transparent negotiation to succeed, the | ||
| 39 | .Fa ssl | ||
| 40 | must have been initialized to client or server mode. | ||
| 41 | This is being done by calling | ||
| 42 | .Xr SSL_set_connect_state 3 | ||
| 43 | or | ||
| 44 | .Xr SSL_set_accept_state 3 | ||
| 45 | before the first call to | ||
| 46 | .Fn SSL_read | ||
| 47 | or | ||
| 48 | .Xr SSL_write 3 . | ||
| 49 | .Pp | ||
| 50 | .Fn SSL_read | ||
| 51 | works based on the SSL/TLS records. | ||
| 52 | The data are received in records (with a maximum record size of 16kB for | ||
| 53 | SSLv3/TLSv1). | ||
| 54 | Only after a record has been completely received can it be processed | ||
| 55 | (decrypted and checked for integrity). | ||
| 56 | Therefore data not retrieved at the last call of | ||
| 57 | .Fn SSL_read | ||
| 58 | can still be buffered inside the SSL layer and will be retrieved on the next | ||
| 59 | call to | ||
| 60 | .Fn SSL_read . | ||
| 61 | If | ||
| 62 | .Fa num | ||
| 63 | is higher than the number of bytes buffered, | ||
| 64 | .Fn SSL_read | ||
| 65 | will return with the bytes buffered. | ||
| 66 | If no more bytes are in the buffer, | ||
| 67 | .Fn SSL_read | ||
| 68 | will trigger the processing of the next record. | ||
| 69 | Only when the record has been received and processed completely will | ||
| 70 | .Fn SSL_read | ||
| 71 | return reporting success. | ||
| 72 | At most the contents of the record will be returned. | ||
| 73 | As the size of an SSL/TLS record may exceed the maximum packet size of the | ||
| 74 | underlying transport (e.g., TCP), it may be necessary to read several packets | ||
| 75 | from the transport layer before the record is complete and | ||
| 76 | .Fn SSL_read | ||
| 77 | can succeed. | ||
| 78 | .Pp | ||
| 79 | If the underlying | ||
| 80 | .Vt BIO | ||
| 81 | is | ||
| 82 | .Em blocking , | ||
| 83 | .Fn SSL_read | ||
| 84 | will only return once the read operation has been finished or an error | ||
| 85 | has occurred, except when a renegotiation take place, in which case a | ||
| 86 | .Dv SSL_ERROR_WANT_READ | ||
| 87 | may occur. | ||
| 88 | This behavior can be controlled with the | ||
| 89 | .Dv SSL_MODE_AUTO_RETRY | ||
| 90 | flag of the | ||
| 91 | .Xr SSL_CTX_set_mode 3 | ||
| 92 | call. | ||
| 93 | .Pp | ||
| 94 | If the underlying | ||
| 95 | .Vt BIO | ||
| 96 | is | ||
| 97 | .Em non-blocking , | ||
| 98 | .Fn SSL_read | ||
| 99 | will also return when the underlying | ||
| 100 | .Vt BIO | ||
| 101 | could not satisfy the needs of | ||
| 102 | .Fn SSL_read | ||
| 103 | to continue the operation. | ||
| 104 | In this case a call to | ||
| 105 | .Xr SSL_get_error 3 | ||
| 106 | with the return value of | ||
| 107 | .Fn SSL_read | ||
| 108 | will yield | ||
| 109 | .Dv SSL_ERROR_WANT_READ | ||
| 110 | or | ||
| 111 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 112 | As at any time a re-negotiation is possible, a call to | ||
| 113 | .Fn SSL_read | ||
| 114 | can also cause write operations! | ||
| 115 | The calling process then must repeat the call after taking appropriate action | ||
| 116 | to satisfy the needs of | ||
| 117 | .Fn SSL_read . | ||
| 118 | The action depends on the underlying | ||
| 119 | .Vt BIO . | ||
| 120 | When using a non-blocking socket, nothing is to be done, but | ||
| 121 | .Xr select 2 | ||
| 122 | can be used to check for the required condition. | ||
| 123 | When using a buffering | ||
| 124 | .Vt BIO , | ||
| 125 | like a | ||
| 126 | .Vt BIO | ||
| 127 | pair, data must be written into or retrieved out of the | ||
| 128 | .Vt BIO | ||
| 129 | before being able to continue. | ||
| 130 | .Pp | ||
| 131 | .Xr SSL_pending 3 | ||
| 132 | can be used to find out whether there are buffered bytes available for | ||
| 133 | immediate retrieval. | ||
| 134 | In this case | ||
| 135 | .Fn SSL_read | ||
| 136 | can be called without blocking or actually receiving new data from the | ||
| 137 | underlying socket. | ||
| 138 | .Sh WARNING | ||
| 139 | When an | ||
| 140 | .Fn SSL_read | ||
| 141 | operation has to be repeated because of | ||
| 142 | .Dv SSL_ERROR_WANT_READ | ||
| 143 | or | ||
| 144 | .Dv SSL_ERROR_WANT_WRITE , | ||
| 145 | it must be repeated with the same arguments. | ||
| 146 | .Sh RETURN VALUES | ||
| 147 | The following return values can occur: | ||
| 148 | .Bl -tag -width Ds | ||
| 149 | .It >0 | ||
| 150 | The read operation was successful; the return value is the number of bytes | ||
| 151 | actually read from the TLS/SSL connection. | ||
| 152 | .It 0 | ||
| 153 | The read operation was not successful. | ||
| 154 | The reason may either be a clean shutdown due to a | ||
| 155 | .Dq close notify | ||
| 156 | alert sent by the peer (in which case the | ||
| 157 | .Dv SSL_RECEIVED_SHUTDOWN | ||
| 158 | flag in the ssl shutdown state is set (see | ||
| 159 | .Xr SSL_shutdown 3 | ||
| 160 | and | ||
| 161 | .Xr SSL_set_shutdown 3 ) . | ||
| 162 | It is also possible that the peer simply shut down the underlying transport and | ||
| 163 | the shutdown is incomplete. | ||
| 164 | Call | ||
| 165 | .Fn SSL_get_error | ||
| 166 | with the return value to find out whether an error occurred or the connection | ||
| 167 | was shut down cleanly | ||
| 168 | .Pq Dv SSL_ERROR_ZERO_RETURN . | ||
| 169 | .Pp | ||
| 170 | SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only | ||
| 171 | be detected whether the underlying connection was closed. | ||
| 172 | It cannot be checked whether the closure was initiated by the peer or by | ||
| 173 | something else. | ||
| 174 | .It <0 | ||
| 175 | The read operation was not successful, because either an error occurred or | ||
| 176 | action must be taken by the calling process. | ||
| 177 | Call | ||
| 178 | .Fn SSL_get_error | ||
| 179 | with the return value to find out the reason. | ||
| 180 | .El | ||
| 181 | .Sh SEE ALSO | ||
| 182 | .Xr bio 3 , | ||
| 183 | .Xr ssl 3 , | ||
| 184 | .Xr SSL_accept 3 , | ||
| 185 | .Xr SSL_connect 3 , | ||
| 186 | .Xr SSL_CTX_new 3 , | ||
| 187 | .Xr SSL_CTX_set_mode 3 , | ||
| 188 | .Xr SSL_get_error 3 , | ||
| 189 | .Xr SSL_pending 3 , | ||
| 190 | .Xr SSL_set_connect_state 3 , | ||
| 191 | .Xr SSL_set_shutdown 3 , | ||
| 192 | .Xr SSL_shutdown 3 , | ||
| 193 | .Xr SSL_write 3 | ||
diff --git a/src/lib/libssl/doc/SSL_rstate_string.3 b/src/lib/libssl/doc/SSL_rstate_string.3 deleted file mode 100644 index 81d83e52a1..0000000000 --- a/src/lib/libssl/doc/SSL_rstate_string.3 +++ /dev/null | |||
| @@ -1,55 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_rstate_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_RSTATE_STRING 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_rstate_string , | ||
| 9 | .Nm SSL_rstate_string_long | ||
| 10 | .Nd get textual description of state of an SSL object during read operation | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft const char * | ||
| 14 | .Fn SSL_rstate_string "SSL *ssl" | ||
| 15 | .Ft const char * | ||
| 16 | .Fn SSL_rstate_string_long "SSL *ssl" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_rstate_string | ||
| 19 | returns a 2-letter string indicating the current read state of the | ||
| 20 | .Vt SSL | ||
| 21 | object | ||
| 22 | .Fa ssl . | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_rstate_string_long | ||
| 25 | returns a string indicating the current read state of the | ||
| 26 | .Vt SSL | ||
| 27 | object | ||
| 28 | .Fa ssl . | ||
| 29 | .Sh NOTES | ||
| 30 | When performing a read operation, the SSL/TLS engine must parse the record, | ||
| 31 | consisting of header and body. | ||
| 32 | When working in a blocking environment, | ||
| 33 | .Fn SSL_rstate_string[_long] | ||
| 34 | should always return | ||
| 35 | .Qo RD Qc Ns / Ns Qo read done Qc . | ||
| 36 | .Pp | ||
| 37 | This function should only seldom be needed in applications. | ||
| 38 | .Sh RETURN VALUES | ||
| 39 | .Fn SSL_rstate_string | ||
| 40 | and | ||
| 41 | .Fn SSL_rstate_string_long | ||
| 42 | can return the following values: | ||
| 43 | .Bl -tag -width Ds | ||
| 44 | .It Qo RH Qc Ns / Ns Qo read header Qc | ||
| 45 | The header of the record is being evaluated. | ||
| 46 | .It Qo RB Qc Ns / Ns Qo read body Qc | ||
| 47 | The body of the record is being evaluated. | ||
| 48 | .It Qo RD Qc Ns / Ns Qo read done Qc | ||
| 49 | The record has been completely processed. | ||
| 50 | .It Qo unknown Qc Ns / Ns Qo unknown Qc | ||
| 51 | The read state is unknown. | ||
| 52 | This should never happen. | ||
| 53 | .El | ||
| 54 | .Sh SEE ALSO | ||
| 55 | .Xr ssl 3 | ||
diff --git a/src/lib/libssl/doc/SSL_session_reused.3 b/src/lib/libssl/doc/SSL_session_reused.3 deleted file mode 100644 index 6ea45f749b..0000000000 --- a/src/lib/libssl/doc/SSL_session_reused.3 +++ /dev/null | |||
| @@ -1,32 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_session_reused.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SESSION_REUSED 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_session_reused | ||
| 9 | .Nd query whether a reused session was negotiated during handshake | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_session_reused "SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | Query whether a reused session was negotiated during the handshake. | ||
| 16 | .Sh NOTES | ||
| 17 | During the negotiation, a client can propose to reuse a session. | ||
| 18 | The server then looks up the session in its cache. | ||
| 19 | If both client and server agree on the session, | ||
| 20 | it will be reused and a flag is set that can be queried by the application. | ||
| 21 | .Sh RETURN VALUES | ||
| 22 | The following return values can occur: | ||
| 23 | .Bl -tag -width Ds | ||
| 24 | .It 0 | ||
| 25 | A new session was negotiated. | ||
| 26 | .It 1 | ||
| 27 | A session was reused. | ||
| 28 | .El | ||
| 29 | .Sh SEE ALSO | ||
| 30 | .Xr ssl 3 , | ||
| 31 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 32 | .Xr SSL_set_session 3 | ||
diff --git a/src/lib/libssl/doc/SSL_set_bio.3 b/src/lib/libssl/doc/SSL_set_bio.3 deleted file mode 100644 index 7e2611e000..0000000000 --- a/src/lib/libssl/doc/SSL_set_bio.3 +++ /dev/null | |||
| @@ -1,51 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_set_bio.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SET_BIO 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_set_bio | ||
| 9 | .Nd connect the SSL object with a BIO | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft void | ||
| 13 | .Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_set_bio | ||
| 16 | connects the | ||
| 17 | .Vt BIO Ns | ||
| 18 | s | ||
| 19 | .Fa rbio | ||
| 20 | and | ||
| 21 | .Fa wbio | ||
| 22 | for the read and write operations of the TLS/SSL (encrypted) side of | ||
| 23 | .Fa ssl . | ||
| 24 | .Pp | ||
| 25 | The SSL engine inherits the behaviour of | ||
| 26 | .Fa rbio | ||
| 27 | and | ||
| 28 | .Fa wbio , | ||
| 29 | respectively. | ||
| 30 | If a | ||
| 31 | .Vt BIO | ||
| 32 | is non-blocking, the | ||
| 33 | .Fa ssl | ||
| 34 | will also have non-blocking behaviour. | ||
| 35 | .Pp | ||
| 36 | If there was already a | ||
| 37 | .Vt BIO | ||
| 38 | connected to | ||
| 39 | .Fa ssl , | ||
| 40 | .Xr BIO_free 3 | ||
| 41 | will be called (for both the reading and writing side, if different). | ||
| 42 | .Sh RETURN VALUES | ||
| 43 | .Fn SSL_set_bio | ||
| 44 | cannot fail. | ||
| 45 | .Sh SEE ALSO | ||
| 46 | .Xr bio 3 , | ||
| 47 | .Xr ssl 3 , | ||
| 48 | .Xr SSL_accept 3 , | ||
| 49 | .Xr SSL_connect 3 , | ||
| 50 | .Xr SSL_get_rbio 3 , | ||
| 51 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_set_connect_state.3 b/src/lib/libssl/doc/SSL_set_connect_state.3 deleted file mode 100644 index e3f946f8ee..0000000000 --- a/src/lib/libssl/doc/SSL_set_connect_state.3 +++ /dev/null | |||
| @@ -1,71 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_set_connect_state.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SET_CONNECT_STATE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_set_connect_state , | ||
| 9 | .Nm SSL_get_accept_state | ||
| 10 | .Nd prepare SSL object to work in client or server mode | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft void | ||
| 14 | .Fn SSL_set_connect_state "SSL *ssl" | ||
| 15 | .Ft void | ||
| 16 | .Fn SSL_set_accept_state "SSL *ssl" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_set_connect_state | ||
| 19 | sets | ||
| 20 | .Fa ssl | ||
| 21 | to work in client mode. | ||
| 22 | .Pp | ||
| 23 | .Fn SSL_set_accept_state | ||
| 24 | sets | ||
| 25 | .Fa ssl | ||
| 26 | to work in server mode. | ||
| 27 | .Sh NOTES | ||
| 28 | When the | ||
| 29 | .Vt SSL_CTX | ||
| 30 | object was created with | ||
| 31 | .Xr SSL_CTX_new 3 , | ||
| 32 | it was either assigned a dedicated client method, a dedicated server method, or | ||
| 33 | a generic method, that can be used for both client and server connections. | ||
| 34 | (The method might have been changed with | ||
| 35 | .Xr SSL_CTX_set_ssl_version 3 | ||
| 36 | or | ||
| 37 | .Xr SSL_set_ssl_method 3 . ) | ||
| 38 | .Pp | ||
| 39 | When beginning a new handshake, the SSL engine must know whether it must call | ||
| 40 | the connect (client) or accept (server) routines. | ||
| 41 | Even though it may be clear from the method chosen whether client or server | ||
| 42 | mode was requested, the handshake routines must be explicitly set. | ||
| 43 | .Pp | ||
| 44 | When using the | ||
| 45 | .Xr SSL_connect 3 | ||
| 46 | or | ||
| 47 | .Xr SSL_accept 3 | ||
| 48 | routines, the correct handshake routines are automatically set. | ||
| 49 | When performing a transparent negotiation using | ||
| 50 | .Xr SSL_write 3 | ||
| 51 | or | ||
| 52 | .Xr SSL_read 3 , | ||
| 53 | the handshake routines must be explicitly set in advance using either | ||
| 54 | .Fn SSL_set_connect_state | ||
| 55 | or | ||
| 56 | .Fn SSL_set_accept_state . | ||
| 57 | .Sh RETURN VALUES | ||
| 58 | .Fn SSL_set_connect_state | ||
| 59 | and | ||
| 60 | .Fn SSL_set_accept_state | ||
| 61 | do not return diagnostic information. | ||
| 62 | .Sh SEE ALSO | ||
| 63 | .Xr ssl 3 , | ||
| 64 | .Xr SSL_accept 3 , | ||
| 65 | .Xr SSL_connect 3 , | ||
| 66 | .Xr SSL_CTX_new 3 , | ||
| 67 | .Xr SSL_CTX_set_ssl_version 3 , | ||
| 68 | .Xr SSL_do_handshake 3 , | ||
| 69 | .Xr SSL_new 3 , | ||
| 70 | .Xr SSL_read 3 , | ||
| 71 | .Xr SSL_write 3 | ||
diff --git a/src/lib/libssl/doc/SSL_set_fd.3 b/src/lib/libssl/doc/SSL_set_fd.3 deleted file mode 100644 index 94e0c7614a..0000000000 --- a/src/lib/libssl/doc/SSL_set_fd.3 +++ /dev/null | |||
| @@ -1,73 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_set_fd.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SET_FD 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_set_fd , | ||
| 9 | .Nm SSL_set_rfd , | ||
| 10 | .Nm SSL_set_wfd | ||
| 11 | .Nd connect the SSL object with a file descriptor | ||
| 12 | .Sh SYNOPSIS | ||
| 13 | .In openssl/ssl.h | ||
| 14 | .Ft int | ||
| 15 | .Fn SSL_set_fd "SSL *ssl" "int fd" | ||
| 16 | .Ft int | ||
| 17 | .Fn SSL_set_rfd "SSL *ssl" "int fd" | ||
| 18 | .Ft int | ||
| 19 | .Fn SSL_set_wfd "SSL *ssl" "int fd" | ||
| 20 | .Sh DESCRIPTION | ||
| 21 | .Fn SSL_set_fd | ||
| 22 | sets the file descriptor | ||
| 23 | .Fa fd | ||
| 24 | as the input/output facility for the TLS/SSL (encrypted) side of | ||
| 25 | .Fa ssl . | ||
| 26 | .Fa fd | ||
| 27 | will typically be the socket file descriptor of a network connection. | ||
| 28 | .Pp | ||
| 29 | When performing the operation, a socket | ||
| 30 | .Vt BIO | ||
| 31 | is automatically created to interface between the | ||
| 32 | .Fa ssl | ||
| 33 | and | ||
| 34 | .Fa fd . | ||
| 35 | The | ||
| 36 | .Vt BIO | ||
| 37 | and hence the SSL engine inherit the behaviour of | ||
| 38 | .Fa fd . | ||
| 39 | If | ||
| 40 | .Fa fd | ||
| 41 | is non-blocking, the | ||
| 42 | .Fa ssl | ||
| 43 | will also have non-blocking behaviour. | ||
| 44 | .Pp | ||
| 45 | If there was already a | ||
| 46 | .Vt BIO | ||
| 47 | connected to | ||
| 48 | .Fa ssl , | ||
| 49 | .Xr BIO_free 3 | ||
| 50 | will be called (for both the reading and writing side, if different). | ||
| 51 | .Pp | ||
| 52 | .Fn SSL_set_rfd | ||
| 53 | and | ||
| 54 | .Fn SSL_set_wfd | ||
| 55 | perform the respective action, but only for the read channel or the write | ||
| 56 | channel, which can be set independently. | ||
| 57 | .Sh RETURN VALUES | ||
| 58 | The following return values can occur: | ||
| 59 | .Bl -tag -width Ds | ||
| 60 | .It 0 | ||
| 61 | The operation failed. | ||
| 62 | Check the error stack to find out why. | ||
| 63 | .It 1 | ||
| 64 | The operation succeeded. | ||
| 65 | .El | ||
| 66 | .Sh SEE ALSO | ||
| 67 | .Xr bio 3 , | ||
| 68 | .Xr ssl 3 , | ||
| 69 | .Xr SSL_accept 3 , | ||
| 70 | .Xr SSL_connect 3 , | ||
| 71 | .Xr SSL_get_fd 3 , | ||
| 72 | .Xr SSL_set_bio 3 , | ||
| 73 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_set_session.3 b/src/lib/libssl/doc/SSL_set_session.3 deleted file mode 100644 index 1f2fc66cba..0000000000 --- a/src/lib/libssl/doc/SSL_set_session.3 +++ /dev/null | |||
| @@ -1,68 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_set_session.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SET_SESSION 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_set_session | ||
| 9 | .Nd set a TLS/SSL session to be used during TLS/SSL connect | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_set_session | ||
| 16 | sets | ||
| 17 | .Fa session | ||
| 18 | to be used when the TLS/SSL connection is to be established. | ||
| 19 | .Fn SSL_set_session | ||
| 20 | is only useful for TLS/SSL clients. | ||
| 21 | When the session is set, the reference count of | ||
| 22 | .Fa session | ||
| 23 | is incremented | ||
| 24 | by 1. | ||
| 25 | If the session is not reused, the reference count is decremented again during | ||
| 26 | .Fn SSL_connect . | ||
| 27 | Whether the session was reused can be queried with the | ||
| 28 | .Xr SSL_session_reused 3 | ||
| 29 | call. | ||
| 30 | .Pp | ||
| 31 | If there is already a session set inside | ||
| 32 | .Fa ssl | ||
| 33 | (because it was set with | ||
| 34 | .Fn SSL_set_session | ||
| 35 | before or because the same | ||
| 36 | .Fa ssl | ||
| 37 | was already used for a connection), | ||
| 38 | .Xr SSL_SESSION_free 3 | ||
| 39 | will be called for that session. | ||
| 40 | .Sh NOTES | ||
| 41 | .Vt SSL_SESSION | ||
| 42 | objects keep internal link information about the session cache list when being | ||
| 43 | inserted into one | ||
| 44 | .Vt SSL_CTX | ||
| 45 | object's session cache. | ||
| 46 | One | ||
| 47 | .Vt SSL_SESSION | ||
| 48 | object, regardless of its reference count, must therefore only be used with one | ||
| 49 | .Vt SSL_CTX | ||
| 50 | object (and the | ||
| 51 | .Vt SSL | ||
| 52 | objects created from this | ||
| 53 | .Vt SSL_CTX | ||
| 54 | object). | ||
| 55 | .Sh RETURN VALUES | ||
| 56 | The following return values can occur: | ||
| 57 | .Bl -tag -width Ds | ||
| 58 | .It 0 | ||
| 59 | The operation failed; check the error stack to find out the reason. | ||
| 60 | .It 1 | ||
| 61 | The operation succeeded. | ||
| 62 | .El | ||
| 63 | .Sh SEE ALSO | ||
| 64 | .Xr ssl 3 , | ||
| 65 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 66 | .Xr SSL_get_session 3 , | ||
| 67 | .Xr SSL_SESSION_free 3 , | ||
| 68 | .Xr SSL_session_reused 3 | ||
diff --git a/src/lib/libssl/doc/SSL_set_shutdown.3 b/src/lib/libssl/doc/SSL_set_shutdown.3 deleted file mode 100644 index 546b52dad5..0000000000 --- a/src/lib/libssl/doc/SSL_set_shutdown.3 +++ /dev/null | |||
| @@ -1,88 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_set_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SET_SHUTDOWN 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_set_shutdown , | ||
| 9 | .Nm SSL_get_shutdown | ||
| 10 | .Nd manipulate shutdown state of an SSL connection | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft void | ||
| 14 | .Fn SSL_set_shutdown "SSL *ssl" "int mode" | ||
| 15 | .Ft int | ||
| 16 | .Fn SSL_get_shutdown "const SSL *ssl" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_set_shutdown | ||
| 19 | sets the shutdown state of | ||
| 20 | .Fa ssl | ||
| 21 | to | ||
| 22 | .Fa mode . | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_get_shutdown | ||
| 25 | returns the shutdown mode of | ||
| 26 | .Fa ssl . | ||
| 27 | .Sh NOTES | ||
| 28 | The shutdown state of an ssl connection is a bitmask of: | ||
| 29 | .Bl -tag -width Ds | ||
| 30 | .It 0 | ||
| 31 | No shutdown setting, yet. | ||
| 32 | .It Dv SSL_SENT_SHUTDOWN | ||
| 33 | A | ||
| 34 | .Dq close notify | ||
| 35 | shutdown alert was sent to the peer; the connection is being considered closed | ||
| 36 | and the session is closed and correct. | ||
| 37 | .It Dv SSL_RECEIVED_SHUTDOWN | ||
| 38 | A shutdown alert was received form the peer, either a normal | ||
| 39 | .Dq close notify | ||
| 40 | or a fatal error. | ||
| 41 | .El | ||
| 42 | .Pp | ||
| 43 | .Dv SSL_SENT_SHUTDOWN | ||
| 44 | and | ||
| 45 | .Dv SSL_RECEIVED_SHUTDOWN | ||
| 46 | can be set at the same time. | ||
| 47 | .Pp | ||
| 48 | The shutdown state of the connection is used to determine the state of the | ||
| 49 | .Fa ssl | ||
| 50 | session. | ||
| 51 | If the session is still open when | ||
| 52 | .Xr SSL_clear 3 | ||
| 53 | or | ||
| 54 | .Xr SSL_free 3 | ||
| 55 | is called, it is considered bad and removed according to RFC2246. | ||
| 56 | The actual condition for a correctly closed session is | ||
| 57 | .Dv SSL_SENT_SHUTDOWN | ||
| 58 | (according to the TLS RFC, it is acceptable to only send the | ||
| 59 | .Dq close notify | ||
| 60 | alert but to not wait for the peer's answer when the underlying connection is | ||
| 61 | closed). | ||
| 62 | .Fn SSL_set_shutdown | ||
| 63 | can be used to set this state without sending a close alert to the peer (see | ||
| 64 | .Xr SSL_shutdown 3 ) . | ||
| 65 | .Pp | ||
| 66 | If a | ||
| 67 | .Dq close notify | ||
| 68 | was received, | ||
| 69 | .Dv SSL_RECEIVED_SHUTDOWN | ||
| 70 | will be set, but to set | ||
| 71 | .Dv SSL_SENT_SHUTDOWN | ||
| 72 | the application must still call | ||
| 73 | .Xr SSL_shutdown 3 | ||
| 74 | or | ||
| 75 | .Fn SSL_set_shutdown | ||
| 76 | itself. | ||
| 77 | .Sh RETURN VALUES | ||
| 78 | .Fn SSL_set_shutdown | ||
| 79 | does not return diagnostic information. | ||
| 80 | .Pp | ||
| 81 | .Fn SSL_get_shutdown | ||
| 82 | returns the current setting. | ||
| 83 | .Sh SEE ALSO | ||
| 84 | .Xr ssl 3 , | ||
| 85 | .Xr SSL_clear 3 , | ||
| 86 | .Xr SSL_CTX_set_quiet_shutdown 3 , | ||
| 87 | .Xr SSL_free 3 , | ||
| 88 | .Xr SSL_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_set_verify_result.3 b/src/lib/libssl/doc/SSL_set_verify_result.3 deleted file mode 100644 index 9d5474d07a..0000000000 --- a/src/lib/libssl/doc/SSL_set_verify_result.3 +++ /dev/null | |||
| @@ -1,42 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_set_verify_result.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SET_VERIFY_RESULT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_set_verify_result | ||
| 9 | .Nd override result of peer certificate verification | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft void | ||
| 13 | .Fn SSL_set_verify_result "SSL *ssl" "long verify_result" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_set_verify_result | ||
| 16 | sets | ||
| 17 | .Fa verify_result | ||
| 18 | of the object | ||
| 19 | .Fa ssl | ||
| 20 | to be the result of the verification of the X509 certificate presented by the | ||
| 21 | peer, if any. | ||
| 22 | .Sh NOTES | ||
| 23 | .Fn SSL_set_verify_result | ||
| 24 | overrides the verification result. | ||
| 25 | It only changes the verification result of the | ||
| 26 | .Fa ssl | ||
| 27 | object. | ||
| 28 | It does not become part of the established session, so if the session is to be | ||
| 29 | reused later, the original value will reappear. | ||
| 30 | .Pp | ||
| 31 | The valid codes for | ||
| 32 | .Fa verify_result | ||
| 33 | are documented in | ||
| 34 | .Xr openssl 1 . | ||
| 35 | .Sh RETURN VALUES | ||
| 36 | .Fn SSL_set_verify_result | ||
| 37 | does not provide a return value. | ||
| 38 | .Sh SEE ALSO | ||
| 39 | .Xr openssl 1 , | ||
| 40 | .Xr ssl 3 , | ||
| 41 | .Xr SSL_get_peer_certificate 3 , | ||
| 42 | .Xr SSL_get_verify_result 3 | ||
diff --git a/src/lib/libssl/doc/SSL_shutdown.3 b/src/lib/libssl/doc/SSL_shutdown.3 deleted file mode 100644 index 187e656fe3..0000000000 --- a/src/lib/libssl/doc/SSL_shutdown.3 +++ /dev/null | |||
| @@ -1,204 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_shutdown.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_SHUTDOWN 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_shutdown | ||
| 9 | .Nd shut down a TLS/SSL connection | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_shutdown "SSL *ssl" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_shutdown | ||
| 16 | shuts down an active TLS/SSL connection. | ||
| 17 | It sends the | ||
| 18 | .Dq close notify | ||
| 19 | shutdown alert to the peer. | ||
| 20 | .Sh NOTES | ||
| 21 | .Fn SSL_shutdown | ||
| 22 | tries to send the | ||
| 23 | .Dq close notify | ||
| 24 | shutdown alert to the peer. | ||
| 25 | Whether the operation succeeds or not, the | ||
| 26 | .Dv SSL_SENT_SHUTDOWN | ||
| 27 | flag is set and a currently open session is considered closed and good and will | ||
| 28 | be kept in the session cache for further reuse. | ||
| 29 | .Pp | ||
| 30 | The shutdown procedure consists of 2 steps: the sending of the | ||
| 31 | .Dq close notify | ||
| 32 | shutdown alert and the reception of the peer's | ||
| 33 | .Dq close notify | ||
| 34 | shutdown alert. | ||
| 35 | According to the TLS standard, it is acceptable for an application to only send | ||
| 36 | its shutdown alert and then close the underlying connection without waiting for | ||
| 37 | the peer's response (this way resources can be saved, as the process can | ||
| 38 | already terminate or serve another connection). | ||
| 39 | When the underlying connection shall be used for more communications, | ||
| 40 | the complete shutdown procedure (bidirectional | ||
| 41 | .Dq close notify | ||
| 42 | alerts) must be performed, so that the peers stay synchronized. | ||
| 43 | .Pp | ||
| 44 | .Fn SSL_shutdown | ||
| 45 | supports both uni- and bidirectional shutdown by its 2 step behavior. | ||
| 46 | .Pp | ||
| 47 | When the application is the first party to send the | ||
| 48 | .Dq close notify | ||
| 49 | alert, | ||
| 50 | .Fn SSL_shutdown | ||
| 51 | will only send the alert and then set the | ||
| 52 | .Dv SSL_SENT_SHUTDOWN | ||
| 53 | flag (so that the session is considered good and will be kept in cache). | ||
| 54 | .Fn SSL_shutdown | ||
| 55 | will then return 0. | ||
| 56 | If a unidirectional shutdown is enough | ||
| 57 | (the underlying connection shall be closed anyway), this first call to | ||
| 58 | .Fn SSL_shutdown | ||
| 59 | is sufficient. | ||
| 60 | In order to complete the bidirectional shutdown handshake, | ||
| 61 | .Fn SSL_shutdown | ||
| 62 | must be called again. | ||
| 63 | The second call will make | ||
| 64 | .Fn SSL_shutdown | ||
| 65 | wait for the peer's | ||
| 66 | .Dq close notify | ||
| 67 | shutdown alert. | ||
| 68 | On success, the second call to | ||
| 69 | .Fn SSL_shutdown | ||
| 70 | will return 1. | ||
| 71 | .Pp | ||
| 72 | If the peer already sent the | ||
| 73 | .Dq close notify | ||
| 74 | alert and it was already processed implicitly inside another function | ||
| 75 | .Pq Xr SSL_read 3 , | ||
| 76 | the | ||
| 77 | .Dv SSL_RECEIVED_SHUTDOWN | ||
| 78 | flag is set. | ||
| 79 | .Fn SSL_shutdown | ||
| 80 | will send the | ||
| 81 | .Dq close notify | ||
| 82 | alert, set the | ||
| 83 | .Dv SSL_SENT_SHUTDOWN | ||
| 84 | flag and will immediately return with 1. | ||
| 85 | Whether | ||
| 86 | .Dv SSL_RECEIVED_SHUTDOWN | ||
| 87 | is already set can be checked using the | ||
| 88 | .Fn SSL_get_shutdown | ||
| 89 | (see also the | ||
| 90 | .Xr SSL_set_shutdown 3 | ||
| 91 | call). | ||
| 92 | .Pp | ||
| 93 | It is therefore recommended to check the return value of | ||
| 94 | .Fn SSL_shutdown | ||
| 95 | and call | ||
| 96 | .Fn SSL_shutdown | ||
| 97 | again, if the bidirectional shutdown is not yet complete (return value of the | ||
| 98 | first call is 0). | ||
| 99 | As the shutdown is not specially handled in the SSLv2 protocol, | ||
| 100 | .Fn SSL_shutdown | ||
| 101 | will succeed on the first call. | ||
| 102 | .Pp | ||
| 103 | The behaviour of | ||
| 104 | .Fn SSL_shutdown | ||
| 105 | additionally depends on the underlying | ||
| 106 | .Vt BIO . | ||
| 107 | .Pp | ||
| 108 | If the underlying | ||
| 109 | .Vt BIO | ||
| 110 | is | ||
| 111 | .Em blocking , | ||
| 112 | .Fn SSL_shutdown | ||
| 113 | will only return once the | ||
| 114 | handshake step has been finished or an error occurred. | ||
| 115 | .Pp | ||
| 116 | If the underlying | ||
| 117 | .Vt BIO | ||
| 118 | is | ||
| 119 | .Em non-blocking , | ||
| 120 | .Fn SSL_shutdown | ||
| 121 | will also return when the underlying | ||
| 122 | .Vt BIO | ||
| 123 | could not satisfy the needs of | ||
| 124 | .Fn SSL_shutdown | ||
| 125 | to continue the handshake. | ||
| 126 | In this case a call to | ||
| 127 | .Xr SSL_get_error 3 | ||
| 128 | with the | ||
| 129 | return value of | ||
| 130 | .Fn SSL_shutdown | ||
| 131 | will yield | ||
| 132 | .Dv SSL_ERROR_WANT_READ | ||
| 133 | or | ||
| 134 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 135 | The calling process then must repeat the call after taking appropriate action | ||
| 136 | to satisfy the needs of | ||
| 137 | .Fn SSL_shutdown . | ||
| 138 | The action depends on the underlying | ||
| 139 | .Vt BIO . | ||
| 140 | When using a non-blocking socket, nothing is to be done, but | ||
| 141 | .Xr select 2 | ||
| 142 | can be used to check for the required condition. | ||
| 143 | When using a buffering | ||
| 144 | .Vt BIO , | ||
| 145 | like a | ||
| 146 | .Vt BIO | ||
| 147 | pair, data must be written into or retrieved out of the | ||
| 148 | .Vt BIO | ||
| 149 | before being able to continue. | ||
| 150 | .Pp | ||
| 151 | .Fn SSL_shutdown | ||
| 152 | can be modified to only set the connection to | ||
| 153 | .Dq shutdown | ||
| 154 | state but not actually send the | ||
| 155 | .Dq close notify | ||
| 156 | alert messages; see | ||
| 157 | .Xr SSL_CTX_set_quiet_shutdown 3 . | ||
| 158 | When | ||
| 159 | .Dq quiet shutdown | ||
| 160 | is enabled, | ||
| 161 | .Fn SSL_shutdown | ||
| 162 | will always succeed and return 1. | ||
| 163 | .Sh RETURN VALUES | ||
| 164 | The following return values can occur: | ||
| 165 | .Bl -tag -width Ds | ||
| 166 | .It 0 | ||
| 167 | The shutdown is not yet finished. | ||
| 168 | Call | ||
| 169 | .Fn SSL_shutdown | ||
| 170 | for a second time, if a bidirectional shutdown shall be performed. | ||
| 171 | The output of | ||
| 172 | .Xr SSL_get_error 3 | ||
| 173 | may be misleading, as an erroneous | ||
| 174 | .Dv SSL_ERROR_SYSCALL | ||
| 175 | may be flagged even though no error occurred. | ||
| 176 | .It 1 | ||
| 177 | The shutdown was successfully completed. | ||
| 178 | The | ||
| 179 | .Dq close notify | ||
| 180 | alert was sent and the peer's | ||
| 181 | .Dq close notify | ||
| 182 | alert was received. | ||
| 183 | .It \(mi1 | ||
| 184 | The shutdown was not successful because a fatal error occurred either | ||
| 185 | at the protocol level or a connection failure occurred. | ||
| 186 | It can also occur if action is need to continue the operation for non-blocking | ||
| 187 | .Vt BIO Ns | ||
| 188 | s. | ||
| 189 | Call | ||
| 190 | .Xr SSL_get_error 3 | ||
| 191 | with the return value | ||
| 192 | .Fa ret | ||
| 193 | to find out the reason. | ||
| 194 | .El | ||
| 195 | .Sh SEE ALSO | ||
| 196 | .Xr bio 3 , | ||
| 197 | .Xr ssl 3 , | ||
| 198 | .Xr SSL_accept 3 , | ||
| 199 | .Xr SSL_clear 3 , | ||
| 200 | .Xr SSL_connect 3 , | ||
| 201 | .Xr SSL_CTX_set_quiet_shutdown 3 , | ||
| 202 | .Xr SSL_free 3 , | ||
| 203 | .Xr SSL_get_error 3 , | ||
| 204 | .Xr SSL_set_shutdown 3 | ||
diff --git a/src/lib/libssl/doc/SSL_state_string.3 b/src/lib/libssl/doc/SSL_state_string.3 deleted file mode 100644 index e9a042a3ce..0000000000 --- a/src/lib/libssl/doc/SSL_state_string.3 +++ /dev/null | |||
| @@ -1,57 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_state_string.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_STATE_STRING 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_state_string , | ||
| 9 | .Nm SSL_state_string_long | ||
| 10 | .Nd get textual description of state of an SSL object | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft const char * | ||
| 14 | .Fn SSL_state_string "const SSL *ssl" | ||
| 15 | .Ft const char * | ||
| 16 | .Fn SSL_state_string_long "const SSL *ssl" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn SSL_state_string | ||
| 19 | returns a 6 letter string indicating the current state of the | ||
| 20 | .Vt SSL | ||
| 21 | object | ||
| 22 | .Fa ssl . | ||
| 23 | .Pp | ||
| 24 | .Fn SSL_state_string_long | ||
| 25 | returns a string indicating the current state of the | ||
| 26 | .Vt SSL | ||
| 27 | object | ||
| 28 | .Fa ssl . | ||
| 29 | .Sh NOTES | ||
| 30 | During its use, an | ||
| 31 | .Vt SSL | ||
| 32 | object passes several states. | ||
| 33 | The state is internally maintained. | ||
| 34 | Querying the state information is not very informative before or when a | ||
| 35 | connection has been established. | ||
| 36 | It however can be of significant interest during the handshake. | ||
| 37 | .Pp | ||
| 38 | When using non-blocking sockets, | ||
| 39 | the function call performing the handshake may return with | ||
| 40 | .Dv SSL_ERROR_WANT_READ | ||
| 41 | or | ||
| 42 | .Dv SSL_ERROR_WANT_WRITE | ||
| 43 | condition, so that | ||
| 44 | .Fn SSL_state_string[_long] | ||
| 45 | may be called. | ||
| 46 | .Pp | ||
| 47 | For both blocking or non-blocking sockets, | ||
| 48 | the details state information can be used within the | ||
| 49 | .Fn info_callback | ||
| 50 | function set with the | ||
| 51 | .Xr SSL_set_info_callback 3 | ||
| 52 | call. | ||
| 53 | .Sh RETURN VALUES | ||
| 54 | Detailed description of possible states to be included later. | ||
| 55 | .Sh SEE ALSO | ||
| 56 | .Xr ssl 3 , | ||
| 57 | .Xr SSL_CTX_set_info_callback 3 | ||
diff --git a/src/lib/libssl/doc/SSL_want.3 b/src/lib/libssl/doc/SSL_want.3 deleted file mode 100644 index e9513c8793..0000000000 --- a/src/lib/libssl/doc/SSL_want.3 +++ /dev/null | |||
| @@ -1,103 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_want.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_WANT 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_want , | ||
| 9 | .Nm SSL_want_nothing , | ||
| 10 | .Nm SSL_want_read , | ||
| 11 | .Nm SSL_want_write , | ||
| 12 | .Nm SSL_want_x509_lookup | ||
| 13 | .Nd obtain state information TLS/SSL I/O operation | ||
| 14 | .Sh SYNOPSIS | ||
| 15 | .In openssl/ssl.h | ||
| 16 | .Ft int | ||
| 17 | .Fn SSL_want "const SSL *ssl" | ||
| 18 | .Ft int | ||
| 19 | .Fn SSL_want_nothing "const SSL *ssl" | ||
| 20 | .Ft int | ||
| 21 | .Fn SSL_want_read "const SSL *ssl" | ||
| 22 | .Ft int | ||
| 23 | .Fn SSL_want_write "const SSL *ssl" | ||
| 24 | .Ft int | ||
| 25 | .Fn SSL_want_x509_lookup "const SSL *ssl" | ||
| 26 | .Sh DESCRIPTION | ||
| 27 | .Fn SSL_want | ||
| 28 | returns state information for the | ||
| 29 | .Vt SSL | ||
| 30 | object | ||
| 31 | .Fa ssl . | ||
| 32 | .Pp | ||
| 33 | The other | ||
| 34 | .Fn SSL_want_* | ||
| 35 | calls are shortcuts for the possible states returned by | ||
| 36 | .Fn SSL_want . | ||
| 37 | .Sh NOTES | ||
| 38 | .Fn SSL_want | ||
| 39 | examines the internal state information of the | ||
| 40 | .Vt SSL | ||
| 41 | object. | ||
| 42 | Its return values are similar to those of | ||
| 43 | .Xr SSL_get_error 3 . | ||
| 44 | Unlike | ||
| 45 | .Xr SSL_get_error 3 , | ||
| 46 | which also evaluates the error queue, | ||
| 47 | the results are obtained by examining an internal state flag only. | ||
| 48 | The information must therefore only be used for normal operation under | ||
| 49 | non-blocking I/O. | ||
| 50 | Error conditions are not handled and must be treated using | ||
| 51 | .Xr SSL_get_error 3 . | ||
| 52 | .Pp | ||
| 53 | The result returned by | ||
| 54 | .Fn SSL_want | ||
| 55 | should always be consistent with the result of | ||
| 56 | .Xr SSL_get_error 3 . | ||
| 57 | .Sh RETURN VALUES | ||
| 58 | The following return values can currently occur for | ||
| 59 | .Fn SSL_want : | ||
| 60 | .Bl -tag -width Ds | ||
| 61 | .It .Dv SSL_NOTHING | ||
| 62 | There is no data to be written or to be read. | ||
| 63 | .It .Dv SSL_WRITING | ||
| 64 | There are data in the SSL buffer that must be written to the underlying | ||
| 65 | .Vt BIO | ||
| 66 | layer in order to complete the actual | ||
| 67 | .Fn SSL_* | ||
| 68 | operation. | ||
| 69 | A call to | ||
| 70 | .Xr SSL_get_error 3 | ||
| 71 | should return | ||
| 72 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 73 | .It Dv SSL_READING | ||
| 74 | More data must be read from the underlying | ||
| 75 | .Vt BIO | ||
| 76 | layer in order to | ||
| 77 | complete the actual | ||
| 78 | .Fn SSL_* | ||
| 79 | operation. | ||
| 80 | A call to | ||
| 81 | .Xr SSL_get_error 3 | ||
| 82 | should return | ||
| 83 | .Dv SSL_ERROR_WANT_READ. | ||
| 84 | .It Dv SSL_X509_LOOKUP | ||
| 85 | The operation did not complete because an application callback set by | ||
| 86 | .Xr SSL_CTX_set_client_cert_cb 3 | ||
| 87 | has asked to be called again. | ||
| 88 | A call to | ||
| 89 | .Xr SSL_get_error 3 | ||
| 90 | should return | ||
| 91 | .Dv SSL_ERROR_WANT_X509_LOOKUP . | ||
| 92 | .El | ||
| 93 | .Pp | ||
| 94 | .Fn SSL_want_nothing , | ||
| 95 | .Fn SSL_want_read , | ||
| 96 | .Fn SSL_want_write , | ||
| 97 | and | ||
| 98 | .Fn SSL_want_x509_lookup | ||
| 99 | return 1 when the corresponding condition is true or 0 otherwise. | ||
| 100 | .Sh SEE ALSO | ||
| 101 | .Xr err 3 , | ||
| 102 | .Xr ssl 3 , | ||
| 103 | .Xr SSL_get_error 3 | ||
diff --git a/src/lib/libssl/doc/SSL_write.3 b/src/lib/libssl/doc/SSL_write.3 deleted file mode 100644 index f020b8b59c..0000000000 --- a/src/lib/libssl/doc/SSL_write.3 +++ /dev/null | |||
| @@ -1,175 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: SSL_write.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL_WRITE 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL_write | ||
| 9 | .Nd write bytes to a TLS/SSL connection | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .In openssl/ssl.h | ||
| 12 | .Ft int | ||
| 13 | .Fn SSL_write "SSL *ssl" "const void *buf" "int num" | ||
| 14 | .Sh DESCRIPTION | ||
| 15 | .Fn SSL_write | ||
| 16 | writes | ||
| 17 | .Fa num | ||
| 18 | bytes from the buffer | ||
| 19 | .Fa buf | ||
| 20 | into the specified | ||
| 21 | .Fa ssl | ||
| 22 | connection. | ||
| 23 | .Sh NOTES | ||
| 24 | If necessary, | ||
| 25 | .Fn SSL_write | ||
| 26 | will negotiate a TLS/SSL session, if not already explicitly performed by | ||
| 27 | .Xr SSL_connect 3 | ||
| 28 | or | ||
| 29 | .Xr SSL_accept 3 . | ||
| 30 | If the peer requests a re-negotiation, | ||
| 31 | it will be performed transparently during the | ||
| 32 | .Fn SSL_write | ||
| 33 | operation. | ||
| 34 | The behaviour of | ||
| 35 | .Fn SSL_write | ||
| 36 | depends on the underlying | ||
| 37 | .Vt BIO . | ||
| 38 | .Pp | ||
| 39 | For the transparent negotiation to succeed, the | ||
| 40 | .Fa ssl | ||
| 41 | must have been initialized to client or server mode. | ||
| 42 | This is being done by calling | ||
| 43 | .Xr SSL_set_connect_state 3 | ||
| 44 | or | ||
| 45 | .Xr SSL_set_accept_state 3 | ||
| 46 | before the first call to an | ||
| 47 | .Xr SSL_read 3 | ||
| 48 | or | ||
| 49 | .Fn SSL_write | ||
| 50 | function. | ||
| 51 | .Pp | ||
| 52 | If the underlying | ||
| 53 | .Vt BIO | ||
| 54 | is | ||
| 55 | .Em blocking , | ||
| 56 | .Fn SSL_write | ||
| 57 | will only return once the write operation has been finished or an error | ||
| 58 | occurred, except when a renegotiation take place, in which case a | ||
| 59 | .Dv SSL_ERROR_WANT_READ | ||
| 60 | may occur. | ||
| 61 | This behaviour can be controlled with the | ||
| 62 | .Dv SSL_MODE_AUTO_RETRY | ||
| 63 | flag of the | ||
| 64 | .Xr SSL_CTX_set_mode 3 | ||
| 65 | call. | ||
| 66 | .Pp | ||
| 67 | If the underlying | ||
| 68 | .Vt BIO | ||
| 69 | is | ||
| 70 | .Em non-blocking , | ||
| 71 | .Fn SSL_write | ||
| 72 | will also return when the underlying | ||
| 73 | .Vt BIO | ||
| 74 | could not satisfy the needs of | ||
| 75 | .Fn SSL_write | ||
| 76 | to continue the operation. | ||
| 77 | In this case a call to | ||
| 78 | .Xr SSL_get_error 3 | ||
| 79 | with the return value of | ||
| 80 | .Fn SSL_write | ||
| 81 | will yield | ||
| 82 | .Dv SSL_ERROR_WANT_READ | ||
| 83 | or | ||
| 84 | .Dv SSL_ERROR_WANT_WRITE . | ||
| 85 | As at any time a re-negotiation is possible, a call to | ||
| 86 | .Fn SSL_write | ||
| 87 | can also cause read operations! | ||
| 88 | The calling process then must repeat the call after taking appropriate action | ||
| 89 | to satisfy the needs of | ||
| 90 | .Fn SSL_write . | ||
| 91 | The action depends on the underlying | ||
| 92 | .Vt BIO . | ||
| 93 | When using a non-blocking socket, nothing is to be done, but | ||
| 94 | .Xr select 2 | ||
| 95 | can be used to check for the required condition. | ||
| 96 | When using a buffering | ||
| 97 | .Vt BIO , | ||
| 98 | like a | ||
| 99 | .Vt BIO | ||
| 100 | pair, data must be written into or retrieved out of the BIO before being able | ||
| 101 | to continue. | ||
| 102 | .Pp | ||
| 103 | .Fn SSL_write | ||
| 104 | will only return with success, when the complete contents of | ||
| 105 | .Fa buf | ||
| 106 | of length | ||
| 107 | .Fa num | ||
| 108 | have been written. | ||
| 109 | This default behaviour can be changed with the | ||
| 110 | .Dv SSL_MODE_ENABLE_PARTIAL_WRITE | ||
| 111 | option of | ||
| 112 | .Xr SSL_CTX_set_mode 3 . | ||
| 113 | When this flag is set, | ||
| 114 | .Fn SSL_write | ||
| 115 | will also return with success when a partial write has been successfully | ||
| 116 | completed. | ||
| 117 | In this case the | ||
| 118 | .Fn SSL_write | ||
| 119 | operation is considered completed. | ||
| 120 | The bytes are sent and a new | ||
| 121 | .Fn SSL_write | ||
| 122 | operation with a new buffer (with the already sent bytes removed) must be | ||
| 123 | started. | ||
| 124 | A partial write is performed with the size of a message block, which is 16kB | ||
| 125 | for SSLv3/TLSv1. | ||
| 126 | .Sh WARNING | ||
| 127 | When an | ||
| 128 | .Fn SSL_write | ||
| 129 | operation has to be repeated because of | ||
| 130 | .Dv SSL_ERROR_WANT_READ | ||
| 131 | or | ||
| 132 | .Dv SSL_ERROR_WANT_WRITE , | ||
| 133 | it must be repeated with the same arguments. | ||
| 134 | .Pp | ||
| 135 | When calling | ||
| 136 | .Fn SSL_write | ||
| 137 | with | ||
| 138 | .Fa num Ns | ||
| 139 | =0 bytes to be sent the behaviour is undefined. | ||
| 140 | .Sh RETURN VALUES | ||
| 141 | The following return values can occur: | ||
| 142 | .Bl -tag -width Ds | ||
| 143 | .It >0 | ||
| 144 | The write operation was successful. | ||
| 145 | The return value is the number of bytes actually written to the TLS/SSL | ||
| 146 | connection. | ||
| 147 | .It 0 | ||
| 148 | The write operation was not successful. | ||
| 149 | Probably the underlying connection was closed. | ||
| 150 | Call | ||
| 151 | .Xr SSL_get_error 3 | ||
| 152 | with the return value to find out whether an error occurred or the connection | ||
| 153 | was shut down cleanly | ||
| 154 | .Pq Dv SSL_ERROR_ZERO_RETURN . | ||
| 155 | .Pp | ||
| 156 | SSLv2 (deprecated) does not support a shutdown alert protocol, so it can only | ||
| 157 | be detected whether the underlying connection was closed. | ||
| 158 | It cannot be checked why the closure happened. | ||
| 159 | .It <0 | ||
| 160 | The write operation was not successful, because either an error occurred or | ||
| 161 | action must be taken by the calling process. | ||
| 162 | Call | ||
| 163 | .Xr SSL_get_error 3 | ||
| 164 | with the return value to find out the reason. | ||
| 165 | .El | ||
| 166 | .Sh SEE ALSO | ||
| 167 | .Xr bio 3 , | ||
| 168 | .Xr ssl 3 , | ||
| 169 | .Xr SSL_accept 3 , | ||
| 170 | .Xr SSL_connect 3 , | ||
| 171 | .Xr SSL_CTX_new 3 , | ||
| 172 | .Xr SSL_CTX_set_mode 3 , | ||
| 173 | .Xr SSL_get_error 3 , | ||
| 174 | .Xr SSL_read 3 , | ||
| 175 | .Xr SSL_set_connect_state 3 | ||
diff --git a/src/lib/libssl/doc/d2i_SSL_SESSION.3 b/src/lib/libssl/doc/d2i_SSL_SESSION.3 deleted file mode 100644 index ef8a36de79..0000000000 --- a/src/lib/libssl/doc/d2i_SSL_SESSION.3 +++ /dev/null | |||
| @@ -1,129 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: d2i_SSL_SESSION.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt D2I_SSL_SESSION 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm d2i_SSL_SESSION , | ||
| 9 | .Nm i2d_SSL_SESSION | ||
| 10 | .Nd convert SSL_SESSION object from/to ASN1 representation | ||
| 11 | .Sh SYNOPSIS | ||
| 12 | .In openssl/ssl.h | ||
| 13 | .Ft SSL_SESSION * | ||
| 14 | .Fn d2i_SSL_SESSION "SSL_SESSION **a" "const unsigned char **pp" "long length" | ||
| 15 | .Ft int | ||
| 16 | .Fn i2d_SSL_SESSION "SSL_SESSION *in" "unsigned char **pp" | ||
| 17 | .Sh DESCRIPTION | ||
| 18 | .Fn d2i_SSL_SESSION | ||
| 19 | transforms the external ASN1 representation of an SSL/TLS session, | ||
| 20 | stored as binary data at location | ||
| 21 | .Fa pp | ||
| 22 | with length | ||
| 23 | .Fa length , | ||
| 24 | into | ||
| 25 | an | ||
| 26 | .Vt SSL_SESSION | ||
| 27 | object. | ||
| 28 | .Pp | ||
| 29 | .Fn i2d_SSL_SESSION | ||
| 30 | transforms the | ||
| 31 | .Vt SSL_SESSION | ||
| 32 | object | ||
| 33 | .Fa in | ||
| 34 | into the ASN1 representation and stores it into the memory location pointed to | ||
| 35 | by | ||
| 36 | .Fa pp . | ||
| 37 | The length of the resulting ASN1 representation is returned. | ||
| 38 | If | ||
| 39 | .Fa pp | ||
| 40 | is the | ||
| 41 | .Dv NULL | ||
| 42 | pointer, only the length is calculated and returned. | ||
| 43 | .Sh NOTES | ||
| 44 | The | ||
| 45 | .Vt SSL_SESSION | ||
| 46 | object is built from several | ||
| 47 | .Xr malloc 3 Ns | ||
| 48 | -ed parts; it can therefore not be moved, copied or stored directly. | ||
| 49 | In order to store session data on disk or into a database, | ||
| 50 | it must be transformed into a binary ASN1 representation. | ||
| 51 | .Pp | ||
| 52 | When using | ||
| 53 | .Fn d2i_SSL_SESSION , | ||
| 54 | the | ||
| 55 | .Vt SSL_SESSION | ||
| 56 | object is automatically allocated. | ||
| 57 | The reference count is 1, so that the session must be explicitly removed using | ||
| 58 | .Xr SSL_SESSION_free 3 , | ||
| 59 | unless the | ||
| 60 | .Vt SSL_SESSION | ||
| 61 | object is completely taken over, when being called inside the | ||
| 62 | .Xr get_session_cb 3 | ||
| 63 | (see | ||
| 64 | .Xr SSL_CTX_sess_set_get_cb 3 ) . | ||
| 65 | .Pp | ||
| 66 | .Vt SSL_SESSION | ||
| 67 | objects keep internal link information about the session cache list when being | ||
| 68 | inserted into one | ||
| 69 | .Vt SSL_CTX | ||
| 70 | object's session cache. | ||
| 71 | One | ||
| 72 | .Vt SSL_SESSION | ||
| 73 | object, regardless of its reference count, must therefore only be used with one | ||
| 74 | .Vt SSL_CTX | ||
| 75 | object (and the | ||
| 76 | .Vt SSL | ||
| 77 | objects created from this | ||
| 78 | .Vt SSL_CTX | ||
| 79 | object). | ||
| 80 | .Pp | ||
| 81 | When using | ||
| 82 | .Fn i2d_SSL_SESSION , | ||
| 83 | the memory location pointed to by | ||
| 84 | .Fa pp | ||
| 85 | must be large enough to hold the binary representation of the session. | ||
| 86 | There is no known limit on the size of the created ASN1 representation, | ||
| 87 | so the necessary amount of space should be obtained by first calling | ||
| 88 | .Fn i2d_SSL_SESSION | ||
| 89 | with | ||
| 90 | .Fa pp Ns | ||
| 91 | = Ns | ||
| 92 | .Dv NULL , | ||
| 93 | and obtain the size needed, then allocate the memory and call | ||
| 94 | .Fn i2d_SSL_SESSION | ||
| 95 | again. | ||
| 96 | Note that this will advance the value contained in | ||
| 97 | .Fa *pp | ||
| 98 | so it is necessary to save a copy of the original allocation. | ||
| 99 | For example: | ||
| 100 | .Bd -literal | ||
| 101 | int i, j; | ||
| 102 | |||
| 103 | char *p, *temp; | ||
| 104 | |||
| 105 | i = i2d_SSL_SESSION(sess, NULL); | ||
| 106 | p = temp = malloc(i); | ||
| 107 | if (temp != NULL) { | ||
| 108 | j = i2d_SSL_SESSION(sess, &temp); | ||
| 109 | assert(i == j); | ||
| 110 | assert(p + i == temp); | ||
| 111 | } | ||
| 112 | .Ed | ||
| 113 | .Sh RETURN VALUES | ||
| 114 | .Fn d2i_SSL_SESSION | ||
| 115 | returns a pointer to the newly allocated | ||
| 116 | .Vt SSL_SESSION | ||
| 117 | object. | ||
| 118 | In case of failure a | ||
| 119 | .Dv NULL | ||
| 120 | pointer is returned and the error message can be retrieved from the error | ||
| 121 | stack. | ||
| 122 | .Pp | ||
| 123 | .Fn i2d_SSL_SESSION | ||
| 124 | returns the size of the ASN1 representation in bytes. | ||
| 125 | When the session is not valid, 0 is returned and no operation is performed. | ||
| 126 | .Sh SEE ALSO | ||
| 127 | .Xr ssl 3 , | ||
| 128 | .Xr SSL_CTX_sess_set_get_cb 3 , | ||
| 129 | .Xr SSL_SESSION_free 3 | ||
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf deleted file mode 100644 index ed4bde52e8..0000000000 --- a/src/lib/libssl/doc/openssl.cnf +++ /dev/null | |||
| @@ -1,348 +0,0 @@ | |||
| 1 | # | ||
| 2 | # OpenSSL example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | |||
| 6 | # This definition stops the following lines choking if HOME isn't | ||
| 7 | # defined. | ||
| 8 | HOME = . | ||
| 9 | |||
| 10 | # Extra OBJECT IDENTIFIER info: | ||
| 11 | #oid_file = $ENV::HOME/.oid | ||
| 12 | oid_section = new_oids | ||
| 13 | |||
| 14 | # To use this configuration file with the "-extfile" option of the | ||
| 15 | # "openssl x509" utility, name here the section containing the | ||
| 16 | # X.509v3 extensions to use: | ||
| 17 | # extensions = | ||
| 18 | # (Alternatively, use a configuration file that has only | ||
| 19 | # X.509v3 extensions in its main [= default] section.) | ||
| 20 | |||
| 21 | [ new_oids ] | ||
| 22 | |||
| 23 | # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. | ||
| 24 | # Add a simple OID like this: | ||
| 25 | # testoid1=1.2.3.4 | ||
| 26 | # Or use config file substitution like this: | ||
| 27 | # testoid2=${testoid1}.5.6 | ||
| 28 | |||
| 29 | # Policies used by the TSA examples. | ||
| 30 | tsa_policy1 = 1.2.3.4.1 | ||
| 31 | tsa_policy2 = 1.2.3.4.5.6 | ||
| 32 | tsa_policy3 = 1.2.3.4.5.7 | ||
| 33 | |||
| 34 | #################################################################### | ||
| 35 | [ ca ] | ||
| 36 | default_ca = CA_default # The default ca section | ||
| 37 | |||
| 38 | #################################################################### | ||
| 39 | [ CA_default ] | ||
| 40 | |||
| 41 | dir = ./demoCA # Where everything is kept | ||
| 42 | certs = $dir/certs # Where the issued certs are kept | ||
| 43 | crl_dir = $dir/crl # Where the issued crl are kept | ||
| 44 | database = $dir/index.txt # database index file. | ||
| 45 | #unique_subject = no # Set to 'no' to allow creation of | ||
| 46 | # several ctificates with same subject. | ||
| 47 | new_certs_dir = $dir/newcerts # default place for new certs. | ||
| 48 | |||
| 49 | certificate = $dir/cacert.pem # The CA certificate | ||
| 50 | serial = $dir/serial # The current serial number | ||
| 51 | crlnumber = $dir/crlnumber # the current crl number | ||
| 52 | # must be commented out to leave a V1 CRL | ||
| 53 | crl = $dir/crl.pem # The current CRL | ||
| 54 | private_key = $dir/private/cakey.pem# The private key | ||
| 55 | |||
| 56 | x509_extensions = usr_cert # The extentions to add to the cert | ||
| 57 | |||
| 58 | # Comment out the following two lines for the "traditional" | ||
| 59 | # (and highly broken) format. | ||
| 60 | name_opt = ca_default # Subject Name options | ||
| 61 | cert_opt = ca_default # Certificate field options | ||
| 62 | |||
| 63 | # Extension copying option: use with caution. | ||
| 64 | # copy_extensions = copy | ||
| 65 | |||
| 66 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs | ||
| 67 | # so this is commented out by default to leave a V1 CRL. | ||
| 68 | # crlnumber must also be commented out to leave a V1 CRL. | ||
| 69 | # crl_extensions = crl_ext | ||
| 70 | |||
| 71 | default_days = 365 # how long to certify for | ||
| 72 | default_crl_days= 30 # how long before next CRL | ||
| 73 | default_md = default # use public key default MD | ||
| 74 | preserve = no # keep passed DN ordering | ||
| 75 | |||
| 76 | # A few difference way of specifying how similar the request should look | ||
| 77 | # For type CA, the listed attributes must be the same, and the optional | ||
| 78 | # and supplied fields are just that :-) | ||
| 79 | policy = policy_match | ||
| 80 | |||
| 81 | # For the CA policy | ||
| 82 | [ policy_match ] | ||
| 83 | countryName = match | ||
| 84 | stateOrProvinceName = match | ||
| 85 | organizationName = match | ||
| 86 | organizationalUnitName = optional | ||
| 87 | commonName = supplied | ||
| 88 | emailAddress = optional | ||
| 89 | |||
| 90 | # For the 'anything' policy | ||
| 91 | # At this point in time, you must list all acceptable 'object' | ||
| 92 | # types. | ||
| 93 | [ policy_anything ] | ||
| 94 | countryName = optional | ||
| 95 | stateOrProvinceName = optional | ||
| 96 | localityName = optional | ||
| 97 | organizationName = optional | ||
| 98 | organizationalUnitName = optional | ||
| 99 | commonName = supplied | ||
| 100 | emailAddress = optional | ||
| 101 | |||
| 102 | #################################################################### | ||
| 103 | [ req ] | ||
| 104 | default_bits = 1024 | ||
| 105 | default_keyfile = privkey.pem | ||
| 106 | distinguished_name = req_distinguished_name | ||
| 107 | attributes = req_attributes | ||
| 108 | x509_extensions = v3_ca # The extentions to add to the self signed cert | ||
| 109 | |||
| 110 | # Passwords for private keys if not present they will be prompted for | ||
| 111 | # input_password = secret | ||
| 112 | # output_password = secret | ||
| 113 | |||
| 114 | # This sets a mask for permitted string types. There are several options. | ||
| 115 | # default: PrintableString, T61String, BMPString. | ||
| 116 | # pkix : PrintableString, BMPString (PKIX recommendation before 2004) | ||
| 117 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). | ||
| 118 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). | ||
| 119 | # MASK:XXXX a literal mask value. | ||
| 120 | # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. | ||
| 121 | string_mask = utf8only | ||
| 122 | |||
| 123 | # req_extensions = v3_req # The extensions to add to a certificate request | ||
| 124 | |||
| 125 | [ req_distinguished_name ] | ||
| 126 | countryName = Country Name (2 letter code) | ||
| 127 | countryName_default = AU | ||
| 128 | countryName_min = 2 | ||
| 129 | countryName_max = 2 | ||
| 130 | |||
| 131 | stateOrProvinceName = State or Province Name (full name) | ||
| 132 | stateOrProvinceName_default = Some-State | ||
| 133 | |||
| 134 | localityName = Locality Name (eg, city) | ||
| 135 | |||
| 136 | 0.organizationName = Organization Name (eg, company) | ||
| 137 | 0.organizationName_default = Internet Widgits Pty Ltd | ||
| 138 | |||
| 139 | # we can do this but it is not needed normally :-) | ||
| 140 | #1.organizationName = Second Organization Name (eg, company) | ||
| 141 | #1.organizationName_default = World Wide Web Pty Ltd | ||
| 142 | |||
| 143 | organizationalUnitName = Organizational Unit Name (eg, section) | ||
| 144 | #organizationalUnitName_default = | ||
| 145 | |||
| 146 | commonName = Common Name (e.g. server FQDN or YOUR name) | ||
| 147 | commonName_max = 64 | ||
| 148 | |||
| 149 | emailAddress = Email Address | ||
| 150 | emailAddress_max = 64 | ||
| 151 | |||
| 152 | # SET-ex3 = SET extension number 3 | ||
| 153 | |||
| 154 | [ req_attributes ] | ||
| 155 | challengePassword = A challenge password | ||
| 156 | challengePassword_min = 4 | ||
| 157 | challengePassword_max = 20 | ||
| 158 | |||
| 159 | unstructuredName = An optional company name | ||
| 160 | |||
| 161 | [ usr_cert ] | ||
| 162 | |||
| 163 | # These extensions are added when 'ca' signs a request. | ||
| 164 | |||
| 165 | # This goes against PKIX guidelines but some CAs do it and some software | ||
| 166 | # requires this to avoid interpreting an end user certificate as a CA. | ||
| 167 | |||
| 168 | basicConstraints=CA:FALSE | ||
| 169 | |||
| 170 | # Here are some examples of the usage of nsCertType. If it is omitted | ||
| 171 | # the certificate can be used for anything *except* object signing. | ||
| 172 | |||
| 173 | # This is OK for an SSL server. | ||
| 174 | # nsCertType = server | ||
| 175 | |||
| 176 | # For an object signing certificate this would be used. | ||
| 177 | # nsCertType = objsign | ||
| 178 | |||
| 179 | # For normal client use this is typical | ||
| 180 | # nsCertType = client, email | ||
| 181 | |||
| 182 | # and for everything including object signing: | ||
| 183 | # nsCertType = client, email, objsign | ||
| 184 | |||
| 185 | # This is typical in keyUsage for a client certificate. | ||
| 186 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
| 187 | |||
| 188 | # This will be displayed in Netscape's comment listbox. | ||
| 189 | nsComment = "OpenSSL Generated Certificate" | ||
| 190 | |||
| 191 | # PKIX recommendations harmless if included in all certificates. | ||
| 192 | subjectKeyIdentifier=hash | ||
| 193 | authorityKeyIdentifier=keyid,issuer | ||
| 194 | |||
| 195 | # This stuff is for subjectAltName and issuerAltname. | ||
| 196 | # Import the email address. | ||
| 197 | # subjectAltName=email:copy | ||
| 198 | # An alternative to produce certificates that aren't | ||
| 199 | # deprecated according to PKIX. | ||
| 200 | # subjectAltName=email:move | ||
| 201 | |||
| 202 | # Copy subject details | ||
| 203 | # issuerAltName=issuer:copy | ||
| 204 | |||
| 205 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem | ||
| 206 | #nsBaseUrl | ||
| 207 | #nsRevocationUrl | ||
| 208 | #nsRenewalUrl | ||
| 209 | #nsCaPolicyUrl | ||
| 210 | #nsSslServerName | ||
| 211 | |||
| 212 | # This is required for TSA certificates. | ||
| 213 | # extendedKeyUsage = critical,timeStamping | ||
| 214 | |||
| 215 | [ v3_req ] | ||
| 216 | |||
| 217 | # Extensions to add to a certificate request | ||
| 218 | |||
| 219 | basicConstraints = CA:FALSE | ||
| 220 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
| 221 | |||
| 222 | [ v3_ca ] | ||
| 223 | |||
| 224 | |||
| 225 | # Extensions for a typical CA | ||
| 226 | |||
| 227 | |||
| 228 | # PKIX recommendation. | ||
| 229 | |||
| 230 | subjectKeyIdentifier=hash | ||
| 231 | |||
| 232 | authorityKeyIdentifier=keyid:always,issuer | ||
| 233 | |||
| 234 | # This is what PKIX recommends but some broken software chokes on critical | ||
| 235 | # extensions. | ||
| 236 | #basicConstraints = critical,CA:true | ||
| 237 | # So we do this instead. | ||
| 238 | basicConstraints = CA:true | ||
| 239 | |||
| 240 | # Key usage: this is typical for a CA certificate. However since it will | ||
| 241 | # prevent it being used as an test self-signed certificate it is best | ||
| 242 | # left out by default. | ||
| 243 | # keyUsage = cRLSign, keyCertSign | ||
| 244 | |||
| 245 | # Some might want this also | ||
| 246 | # nsCertType = sslCA, emailCA | ||
| 247 | |||
| 248 | # Include email address in subject alt name: another PKIX recommendation | ||
| 249 | # subjectAltName=email:copy | ||
| 250 | # Copy issuer details | ||
| 251 | # issuerAltName=issuer:copy | ||
| 252 | |||
| 253 | # DER hex encoding of an extension: beware experts only! | ||
| 254 | # obj=DER:02:03 | ||
| 255 | # Where 'obj' is a standard or added object | ||
| 256 | # You can even override a supported extension: | ||
| 257 | # basicConstraints= critical, DER:30:03:01:01:FF | ||
| 258 | |||
| 259 | [ crl_ext ] | ||
| 260 | |||
| 261 | # CRL extensions. | ||
| 262 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. | ||
| 263 | |||
| 264 | # issuerAltName=issuer:copy | ||
| 265 | authorityKeyIdentifier=keyid:always | ||
| 266 | |||
| 267 | [ proxy_cert_ext ] | ||
| 268 | # These extensions should be added when creating a proxy certificate | ||
| 269 | |||
| 270 | # This goes against PKIX guidelines but some CAs do it and some software | ||
| 271 | # requires this to avoid interpreting an end user certificate as a CA. | ||
| 272 | |||
| 273 | basicConstraints=CA:FALSE | ||
| 274 | |||
| 275 | # Here are some examples of the usage of nsCertType. If it is omitted | ||
| 276 | # the certificate can be used for anything *except* object signing. | ||
| 277 | |||
| 278 | # This is OK for an SSL server. | ||
| 279 | # nsCertType = server | ||
| 280 | |||
| 281 | # For an object signing certificate this would be used. | ||
| 282 | # nsCertType = objsign | ||
| 283 | |||
| 284 | # For normal client use this is typical | ||
| 285 | # nsCertType = client, email | ||
| 286 | |||
| 287 | # and for everything including object signing: | ||
| 288 | # nsCertType = client, email, objsign | ||
| 289 | |||
| 290 | # This is typical in keyUsage for a client certificate. | ||
| 291 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
| 292 | |||
| 293 | # This will be displayed in Netscape's comment listbox. | ||
| 294 | nsComment = "OpenSSL Generated Certificate" | ||
| 295 | |||
| 296 | # PKIX recommendations harmless if included in all certificates. | ||
| 297 | subjectKeyIdentifier=hash | ||
| 298 | authorityKeyIdentifier=keyid,issuer | ||
| 299 | |||
| 300 | # This stuff is for subjectAltName and issuerAltname. | ||
| 301 | # Import the email address. | ||
| 302 | # subjectAltName=email:copy | ||
| 303 | # An alternative to produce certificates that aren't | ||
| 304 | # deprecated according to PKIX. | ||
| 305 | # subjectAltName=email:move | ||
| 306 | |||
| 307 | # Copy subject details | ||
| 308 | # issuerAltName=issuer:copy | ||
| 309 | |||
| 310 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem | ||
| 311 | #nsBaseUrl | ||
| 312 | #nsRevocationUrl | ||
| 313 | #nsRenewalUrl | ||
| 314 | #nsCaPolicyUrl | ||
| 315 | #nsSslServerName | ||
| 316 | |||
| 317 | # This really needs to be in place for it to be a proxy certificate. | ||
| 318 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo | ||
| 319 | |||
| 320 | #################################################################### | ||
| 321 | [ tsa ] | ||
| 322 | |||
| 323 | default_tsa = tsa_config1 # the default TSA section | ||
| 324 | |||
| 325 | [ tsa_config1 ] | ||
| 326 | |||
| 327 | # These are used by the TSA reply generation only. | ||
| 328 | dir = ./demoCA # TSA root directory | ||
| 329 | serial = $dir/tsaserial # The current serial number (mandatory) | ||
| 330 | crypto_device = builtin # OpenSSL engine to use for signing | ||
| 331 | signer_cert = $dir/tsacert.pem # The TSA signing certificate | ||
| 332 | # (optional) | ||
| 333 | certs = $dir/cacert.pem # Certificate chain to include in reply | ||
| 334 | # (optional) | ||
| 335 | signer_key = $dir/private/tsakey.pem # The TSA private key (optional) | ||
| 336 | |||
| 337 | default_policy = tsa_policy1 # Policy if request did not specify it | ||
| 338 | # (optional) | ||
| 339 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) | ||
| 340 | digests = md5, sha1 # Acceptable message digests (mandatory) | ||
| 341 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional) | ||
| 342 | clock_precision_digits = 0 # number of digits after dot. (optional) | ||
| 343 | ordering = yes # Is ordering defined for timestamps? | ||
| 344 | # (optional, default: no) | ||
| 345 | tsa_name = yes # Must the TSA name be included in the reply? | ||
| 346 | # (optional, default: no) | ||
| 347 | ess_cert_id_chain = no # Must the ESS cert id chain be included? | ||
| 348 | # (optional, default: no) | ||
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt deleted file mode 100644 index f8817b0a71..0000000000 --- a/src/lib/libssl/doc/openssl.txt +++ /dev/null | |||
| @@ -1,1254 +0,0 @@ | |||
| 1 | |||
| 2 | This is some preliminary documentation for OpenSSL. | ||
| 3 | |||
| 4 | Contents: | ||
| 5 | |||
| 6 | OpenSSL X509V3 extension configuration | ||
| 7 | X509V3 Extension code: programmers guide | ||
| 8 | PKCS#12 Library | ||
| 9 | |||
| 10 | |||
| 11 | ============================================================================== | ||
| 12 | OpenSSL X509V3 extension configuration | ||
| 13 | ============================================================================== | ||
| 14 | |||
| 15 | OpenSSL X509V3 extension configuration: preliminary documentation. | ||
| 16 | |||
| 17 | INTRODUCTION. | ||
| 18 | |||
| 19 | For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now | ||
| 20 | possible to add and print out common X509 V3 certificate and CRL extensions. | ||
| 21 | |||
| 22 | BEGINNERS NOTE | ||
| 23 | |||
| 24 | For most simple applications you don't need to know too much about extensions: | ||
| 25 | the default openssl.cnf values will usually do sensible things. | ||
| 26 | |||
| 27 | If you want to know more you can initially quickly look through the sections | ||
| 28 | describing how the standard OpenSSL utilities display and add extensions and | ||
| 29 | then the list of supported extensions. | ||
| 30 | |||
| 31 | For more technical information about the meaning of extensions see: | ||
| 32 | |||
| 33 | http://www.imc.org/ietf-pkix/ | ||
| 34 | http://home.netscape.com/eng/security/certs.html | ||
| 35 | |||
| 36 | PRINTING EXTENSIONS. | ||
| 37 | |||
| 38 | Extension values are automatically printed out for supported extensions. | ||
| 39 | |||
| 40 | openssl x509 -in cert.pem -text | ||
| 41 | openssl crl -in crl.pem -text | ||
| 42 | |||
| 43 | will give information in the extension printout, for example: | ||
| 44 | |||
| 45 | X509v3 extensions: | ||
| 46 | X509v3 Basic Constraints: | ||
| 47 | CA:TRUE | ||
| 48 | X509v3 Subject Key Identifier: | ||
| 49 | 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15 | ||
| 50 | X509v3 Authority Key Identifier: | ||
| 51 | keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00 | ||
| 52 | X509v3 Key Usage: | ||
| 53 | Certificate Sign, CRL Sign | ||
| 54 | X509v3 Subject Alternative Name: | ||
| 55 | email:email@1.address, email:email@2.address | ||
| 56 | |||
| 57 | CONFIGURATION FILES. | ||
| 58 | |||
| 59 | The OpenSSL utilities 'ca' and 'req' can now have extension sections listing | ||
| 60 | which certificate extensions to include. In each case a line: | ||
| 61 | |||
| 62 | x509_extensions = extension_section | ||
| 63 | |||
| 64 | indicates which section contains the extensions. In the case of 'req' the | ||
| 65 | extension section is used when the -x509 option is present to create a | ||
| 66 | self signed root certificate. | ||
| 67 | |||
| 68 | The 'x509' utility also supports extensions when it signs a certificate. | ||
| 69 | The -extfile option is used to set the configuration file containing the | ||
| 70 | extensions. In this case a line with: | ||
| 71 | |||
| 72 | extensions = extension_section | ||
| 73 | |||
| 74 | in the nameless (default) section is used. If no such line is included then | ||
| 75 | it uses the default section. | ||
| 76 | |||
| 77 | You can also add extensions to CRLs: a line | ||
| 78 | |||
| 79 | crl_extensions = crl_extension_section | ||
| 80 | |||
| 81 | will include extensions when the -gencrl option is used with the 'ca' utility. | ||
| 82 | You can add any extension to a CRL but of the supported extensions only | ||
| 83 | issuerAltName and authorityKeyIdentifier make any real sense. Note: these are | ||
| 84 | CRL extensions NOT CRL *entry* extensions which cannot currently be generated. | ||
| 85 | CRL entry extensions can be displayed. | ||
| 86 | |||
| 87 | NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL | ||
| 88 | you should not include a crl_extensions line in the configuration file. | ||
| 89 | |||
| 90 | As with all configuration files you can use the inbuilt environment expansion | ||
| 91 | to allow the values to be passed in the environment. Therefore if you have | ||
| 92 | several extension sections used for different purposes you can have a line: | ||
| 93 | |||
| 94 | x509_extensions = $ENV::ENV_EXT | ||
| 95 | |||
| 96 | and set the ENV_EXT environment variable before calling the relevant utility. | ||
| 97 | |||
| 98 | EXTENSION SYNTAX. | ||
| 99 | |||
| 100 | Extensions have the basic form: | ||
| 101 | |||
| 102 | extension_name=[critical,] extension_options | ||
| 103 | |||
| 104 | the use of the critical option makes the extension critical. Extreme caution | ||
| 105 | should be made when using the critical flag. If an extension is marked | ||
| 106 | as critical then any client that does not understand the extension should | ||
| 107 | reject it as invalid. Some broken software will reject certificates which | ||
| 108 | have *any* critical extensions (these violates PKIX but we have to live | ||
| 109 | with it). | ||
| 110 | |||
| 111 | There are three main types of extension: string extensions, multi-valued | ||
| 112 | extensions, and raw extensions. | ||
| 113 | |||
| 114 | String extensions simply have a string which contains either the value itself | ||
| 115 | or how it is obtained. | ||
| 116 | |||
| 117 | For example: | ||
| 118 | |||
| 119 | nsComment="This is a Comment" | ||
| 120 | |||
| 121 | Multi-valued extensions have a short form and a long form. The short form | ||
| 122 | is a list of names and values: | ||
| 123 | |||
| 124 | basicConstraints=critical,CA:true,pathlen:1 | ||
| 125 | |||
| 126 | The long form allows the values to be placed in a separate section: | ||
| 127 | |||
| 128 | basicConstraints=critical,@bs_section | ||
| 129 | |||
| 130 | [bs_section] | ||
| 131 | |||
| 132 | CA=true | ||
| 133 | pathlen=1 | ||
| 134 | |||
| 135 | Both forms are equivalent. However it should be noted that in some cases the | ||
| 136 | same name can appear multiple times, for example, | ||
| 137 | |||
| 138 | subjectAltName=email:steve@here,email:steve@there | ||
| 139 | |||
| 140 | in this case an equivalent long form is: | ||
| 141 | |||
| 142 | subjectAltName=@alt_section | ||
| 143 | |||
| 144 | [alt_section] | ||
| 145 | |||
| 146 | email.1=steve@here | ||
| 147 | email.2=steve@there | ||
| 148 | |||
| 149 | This is because the configuration file code cannot handle the same name | ||
| 150 | occurring twice in the same section. | ||
| 151 | |||
| 152 | The syntax of raw extensions is governed by the extension code: it can | ||
| 153 | for example contain data in multiple sections. The correct syntax to | ||
| 154 | use is defined by the extension code itself: check out the certificate | ||
| 155 | policies extension for an example. | ||
| 156 | |||
| 157 | There are two ways to encode arbitrary extensions. | ||
| 158 | |||
| 159 | The first way is to use the word ASN1 followed by the extension content | ||
| 160 | using the same syntax as ASN1_generate_nconf(). For example: | ||
| 161 | |||
| 162 | 1.2.3.4=critical,ASN1:UTF8String:Some random data | ||
| 163 | |||
| 164 | 1.2.3.4=ASN1:SEQUENCE:seq_sect | ||
| 165 | |||
| 166 | [seq_sect] | ||
| 167 | |||
| 168 | field1 = UTF8:field1 | ||
| 169 | field2 = UTF8:field2 | ||
| 170 | |||
| 171 | It is also possible to use the word DER to include arbitrary data in any | ||
| 172 | extension. | ||
| 173 | |||
| 174 | 1.2.3.4=critical,DER:01:02:03:04 | ||
| 175 | 1.2.3.4=DER:01020304 | ||
| 176 | |||
| 177 | The value following DER is a hex dump of the DER encoding of the extension | ||
| 178 | Any extension can be placed in this form to override the default behaviour. | ||
| 179 | For example: | ||
| 180 | |||
| 181 | basicConstraints=critical,DER:00:01:02:03 | ||
| 182 | |||
| 183 | WARNING: DER should be used with caution. It is possible to create totally | ||
| 184 | invalid extensions unless care is taken. | ||
| 185 | |||
| 186 | CURRENTLY SUPPORTED EXTENSIONS. | ||
| 187 | |||
| 188 | If you aren't sure about extensions then they can be largely ignored: its only | ||
| 189 | when you want to do things like restrict certificate usage when you need to | ||
| 190 | worry about them. | ||
| 191 | |||
| 192 | The only extension that a beginner might want to look at is Basic Constraints. | ||
| 193 | If in addition you want to try Netscape object signing the you should also | ||
| 194 | look at Netscape Certificate Type. | ||
| 195 | |||
| 196 | Literal String extensions. | ||
| 197 | |||
| 198 | In each case the 'value' of the extension is placed directly in the | ||
| 199 | extension. Currently supported extensions in this category are: nsBaseUrl, | ||
| 200 | nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl, | ||
| 201 | nsSslServerName and nsComment. | ||
| 202 | |||
| 203 | For example: | ||
| 204 | |||
| 205 | nsComment="This is a test comment" | ||
| 206 | |||
| 207 | Bit Strings. | ||
| 208 | |||
| 209 | Bit string extensions just consist of a list of supported bits, currently | ||
| 210 | two extensions are in this category: PKIX keyUsage and the Netscape specific | ||
| 211 | nsCertType. | ||
| 212 | |||
| 213 | nsCertType (netscape certificate type) takes the flags: client, server, email, | ||
| 214 | objsign, reserved, sslCA, emailCA, objCA. | ||
| 215 | |||
| 216 | keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation, | ||
| 217 | keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, | ||
| 218 | encipherOnly, decipherOnly. | ||
| 219 | |||
| 220 | For example: | ||
| 221 | |||
| 222 | nsCertType=server | ||
| 223 | |||
| 224 | keyUsage=digitalSignature, nonRepudiation | ||
| 225 | |||
| 226 | Hints on Netscape Certificate Type. | ||
| 227 | |||
| 228 | Other than Basic Constraints this is the only extension a beginner might | ||
| 229 | want to use, if you want to try Netscape object signing, otherwise it can | ||
| 230 | be ignored. | ||
| 231 | |||
| 232 | If you want a certificate that can be used just for object signing then: | ||
| 233 | |||
| 234 | nsCertType=objsign | ||
| 235 | |||
| 236 | will do the job. If you want to use it as a normal end user and server | ||
| 237 | certificate as well then | ||
| 238 | |||
| 239 | nsCertType=objsign,email,server | ||
| 240 | |||
| 241 | is more appropriate. You cannot use a self signed certificate for object | ||
| 242 | signing (well Netscape signtool can but it cheats!) so you need to create | ||
| 243 | a CA certificate and sign an end user certificate with it. | ||
| 244 | |||
| 245 | Side note: If you want to conform to the Netscape specifications then you | ||
| 246 | should really also set: | ||
| 247 | |||
| 248 | nsCertType=objCA | ||
| 249 | |||
| 250 | in the *CA* certificate for just an object signing CA and | ||
| 251 | |||
| 252 | nsCertType=objCA,emailCA,sslCA | ||
| 253 | |||
| 254 | for everything. Current Netscape software doesn't enforce this so it can | ||
| 255 | be omitted. | ||
| 256 | |||
| 257 | Basic Constraints. | ||
| 258 | |||
| 259 | This is generally the only extension you need to worry about for simple | ||
| 260 | applications. If you want your certificate to be usable as a CA certificate | ||
| 261 | (in addition to an end user certificate) then you set this to: | ||
| 262 | |||
| 263 | basicConstraints=CA:TRUE | ||
| 264 | |||
| 265 | if you want to be certain the certificate cannot be used as a CA then do: | ||
| 266 | |||
| 267 | basicConstraints=CA:FALSE | ||
| 268 | |||
| 269 | The rest of this section describes more advanced usage. | ||
| 270 | |||
| 271 | Basic constraints is a multi-valued extension that supports a CA and an | ||
| 272 | optional pathlen option. The CA option takes the values true and false and | ||
| 273 | pathlen takes an integer. Note if the CA option is false the pathlen option | ||
| 274 | should be omitted. | ||
| 275 | |||
| 276 | The pathlen parameter indicates the maximum number of CAs that can appear | ||
| 277 | below this one in a chain. So if you have a CA with a pathlen of zero it can | ||
| 278 | only be used to sign end user certificates and not further CAs. This all | ||
| 279 | assumes that the software correctly interprets this extension of course. | ||
| 280 | |||
| 281 | Examples: | ||
| 282 | |||
| 283 | basicConstraints=CA:TRUE | ||
| 284 | basicConstraints=critical,CA:TRUE, pathlen:0 | ||
| 285 | |||
| 286 | NOTE: for a CA to be considered valid it must have the CA option set to | ||
| 287 | TRUE. An end user certificate MUST NOT have the CA value set to true. | ||
| 288 | According to PKIX recommendations it should exclude the extension entirely, | ||
| 289 | however some software may require CA set to FALSE for end entity certificates. | ||
| 290 | |||
| 291 | Extended Key Usage. | ||
| 292 | |||
| 293 | This extensions consists of a list of usages. | ||
| 294 | |||
| 295 | These can either be object short names of the dotted numerical form of OIDs. | ||
| 296 | While any OID can be used only certain values make sense. In particular the | ||
| 297 | following PKIX, NS and MS values are meaningful: | ||
| 298 | |||
| 299 | Value Meaning | ||
| 300 | ----- ------- | ||
| 301 | serverAuth SSL/TLS Web Server Authentication. | ||
| 302 | clientAuth SSL/TLS Web Client Authentication. | ||
| 303 | codeSigning Code signing. | ||
| 304 | emailProtection E-mail Protection (S/MIME). | ||
| 305 | timeStamping Trusted Timestamping | ||
| 306 | msCodeInd Microsoft Individual Code Signing (authenticode) | ||
| 307 | msCodeCom Microsoft Commercial Code Signing (authenticode) | ||
| 308 | msCTLSign Microsoft Trust List Signing | ||
| 309 | msSGC Microsoft Server Gated Crypto | ||
| 310 | msEFS Microsoft Encrypted File System | ||
| 311 | nsSGC Netscape Server Gated Crypto | ||
| 312 | |||
| 313 | For example, under IE5 a CA can be used for any purpose: by including a list | ||
| 314 | of the above usages the CA can be restricted to only authorised uses. | ||
| 315 | |||
| 316 | Note: software packages may place additional interpretations on certificate | ||
| 317 | use, in particular some usages may only work for selected CAs. Don't for example | ||
| 318 | expect just including msSGC or nsSGC will automatically mean that a certificate | ||
| 319 | can be used for SGC ("step up" encryption) otherwise anyone could use it. | ||
| 320 | |||
| 321 | Examples: | ||
| 322 | |||
| 323 | extendedKeyUsage=critical,codeSigning,1.2.3.4 | ||
| 324 | extendedKeyUsage=nsSGC,msSGC | ||
| 325 | |||
| 326 | Subject Key Identifier. | ||
| 327 | |||
| 328 | This is really a string extension and can take two possible values. Either | ||
| 329 | a hex string giving details of the extension value to include or the word | ||
| 330 | 'hash' which then automatically follow PKIX guidelines in selecting and | ||
| 331 | appropriate key identifier. The use of the hex string is strongly discouraged. | ||
| 332 | |||
| 333 | Example: subjectKeyIdentifier=hash | ||
| 334 | |||
| 335 | Authority Key Identifier. | ||
| 336 | |||
| 337 | The authority key identifier extension permits two options. keyid and issuer: | ||
| 338 | both can take the optional value "always". | ||
| 339 | |||
| 340 | If the keyid option is present an attempt is made to copy the subject key | ||
| 341 | identifier from the parent certificate. If the value "always" is present | ||
| 342 | then an error is returned if the option fails. | ||
| 343 | |||
| 344 | The issuer option copies the issuer and serial number from the issuer | ||
| 345 | certificate. Normally this will only be done if the keyid option fails or | ||
| 346 | is not included: the "always" flag will always include the value. | ||
| 347 | |||
| 348 | Subject Alternative Name. | ||
| 349 | |||
| 350 | The subject alternative name extension allows various literal values to be | ||
| 351 | included in the configuration file. These include "email" (an email address) | ||
| 352 | "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a | ||
| 353 | registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. | ||
| 354 | |||
| 355 | Also the email option include a special 'copy' value. This will automatically | ||
| 356 | include and email addresses contained in the certificate subject name in | ||
| 357 | the extension. | ||
| 358 | |||
| 359 | otherName can include arbitrary data associated with an OID: the value | ||
| 360 | should be the OID followed by a semicolon and the content in standard | ||
| 361 | ASN1_generate_nconf() format. | ||
| 362 | |||
| 363 | Examples: | ||
| 364 | |||
| 365 | subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ | ||
| 366 | subjectAltName=email:my@other.address,RID:1.2.3.4 | ||
| 367 | subjectAltName=otherName:1.2.3.4;UTF8:some other identifier | ||
| 368 | |||
| 369 | Issuer Alternative Name. | ||
| 370 | |||
| 371 | The issuer alternative name option supports all the literal options of | ||
| 372 | subject alternative name. It does *not* support the email:copy option because | ||
| 373 | that would not make sense. It does support an additional issuer:copy option | ||
| 374 | that will copy all the subject alternative name values from the issuer | ||
| 375 | certificate (if possible). | ||
| 376 | |||
| 377 | Example: | ||
| 378 | |||
| 379 | issuserAltName = issuer:copy | ||
| 380 | |||
| 381 | Authority Info Access. | ||
| 382 | |||
| 383 | The authority information access extension gives details about how to access | ||
| 384 | certain information relating to the CA. Its syntax is accessOID;location | ||
| 385 | where 'location' has the same syntax as subject alternative name (except | ||
| 386 | that email:copy is not supported). accessOID can be any valid OID but only | ||
| 387 | certain values are meaningful for example OCSP and caIssuers. OCSP gives the | ||
| 388 | location of an OCSP responder: this is used by Netscape PSM and other software. | ||
| 389 | |||
| 390 | Example: | ||
| 391 | |||
| 392 | authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ | ||
| 393 | authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html | ||
| 394 | |||
| 395 | CRL distribution points. | ||
| 396 | |||
| 397 | This is a multi-valued extension that supports all the literal options of | ||
| 398 | subject alternative name. Of the few software packages that currently interpret | ||
| 399 | this extension most only interpret the URI option. | ||
| 400 | |||
| 401 | Currently each option will set a new DistributionPoint with the fullName | ||
| 402 | field set to the given value. | ||
| 403 | |||
| 404 | Other fields like cRLissuer and reasons cannot currently be set or displayed: | ||
| 405 | at this time no examples were available that used these fields. | ||
| 406 | |||
| 407 | If you see this extension with <UNSUPPORTED> when you attempt to print it out | ||
| 408 | or it doesn't appear to display correctly then let me know, including the | ||
| 409 | certificate (mail me at steve@openssl.org) . | ||
| 410 | |||
| 411 | Examples: | ||
| 412 | |||
| 413 | crlDistributionPoints=URI:http://www.myhost.com/myca.crl | ||
| 414 | crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl | ||
| 415 | |||
| 416 | Certificate Policies. | ||
| 417 | |||
| 418 | This is a RAW extension. It attempts to display the contents of this extension: | ||
| 419 | unfortunately this extension is often improperly encoded. | ||
| 420 | |||
| 421 | The certificate policies extension will rarely be used in practice: few | ||
| 422 | software packages interpret it correctly or at all. IE5 does partially | ||
| 423 | support this extension: but it needs the 'ia5org' option because it will | ||
| 424 | only correctly support a broken encoding. Of the options below only the | ||
| 425 | policy OID, explicitText and CPS options are displayed with IE5. | ||
| 426 | |||
| 427 | All the fields of this extension can be set by using the appropriate syntax. | ||
| 428 | |||
| 429 | If you follow the PKIX recommendations of not including any qualifiers and just | ||
| 430 | using only one OID then you just include the value of that OID. Multiple OIDs | ||
| 431 | can be set separated by commas, for example: | ||
| 432 | |||
| 433 | certificatePolicies= 1.2.4.5, 1.1.3.4 | ||
| 434 | |||
| 435 | If you wish to include qualifiers then the policy OID and qualifiers need to | ||
| 436 | be specified in a separate section: this is done by using the @section syntax | ||
| 437 | instead of a literal OID value. | ||
| 438 | |||
| 439 | The section referred to must include the policy OID using the name | ||
| 440 | policyIdentifier, cPSuri qualifiers can be included using the syntax: | ||
| 441 | |||
| 442 | CPS.nnn=value | ||
| 443 | |||
| 444 | userNotice qualifiers can be set using the syntax: | ||
| 445 | |||
| 446 | userNotice.nnn=@notice | ||
| 447 | |||
| 448 | The value of the userNotice qualifier is specified in the relevant section. | ||
| 449 | This section can include explicitText, organization and noticeNumbers | ||
| 450 | options. explicitText and organization are text strings, noticeNumbers is a | ||
| 451 | comma separated list of numbers. The organization and noticeNumbers options | ||
| 452 | (if included) must BOTH be present. If you use the userNotice option with IE5 | ||
| 453 | then you need the 'ia5org' option at the top level to modify the encoding: | ||
| 454 | otherwise it will not be interpreted properly. | ||
| 455 | |||
| 456 | Example: | ||
| 457 | |||
| 458 | certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect | ||
| 459 | |||
| 460 | [polsect] | ||
| 461 | |||
| 462 | policyIdentifier = 1.3.5.8 | ||
| 463 | CPS.1="http://my.host.name/" | ||
| 464 | CPS.2="http://my.your.name/" | ||
| 465 | userNotice.1=@notice | ||
| 466 | |||
| 467 | [notice] | ||
| 468 | |||
| 469 | explicitText="Explicit Text Here" | ||
| 470 | organization="Organisation Name" | ||
| 471 | noticeNumbers=1,2,3,4 | ||
| 472 | |||
| 473 | TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field, | ||
| 474 | according to PKIX it should be of type DisplayText but Verisign uses an | ||
| 475 | IA5STRING and IE5 needs this too. | ||
| 476 | |||
| 477 | Display only extensions. | ||
| 478 | |||
| 479 | Some extensions are only partially supported and currently are only displayed | ||
| 480 | but cannot be set. These include private key usage period, CRL number, and | ||
| 481 | CRL reason. | ||
| 482 | |||
| 483 | ============================================================================== | ||
| 484 | X509V3 Extension code: programmers guide | ||
| 485 | ============================================================================== | ||
| 486 | |||
| 487 | The purpose of the extension code is twofold. It allows an extension to be | ||
| 488 | created from a string or structure describing its contents and it prints out an | ||
| 489 | extension in a human or machine readable form. | ||
| 490 | |||
| 491 | 1. Initialisation and cleanup. | ||
| 492 | |||
| 493 | No special initialisation is needed before calling the extension functions. | ||
| 494 | You used to have to call X509V3_add_standard_extensions(); but this is no longer | ||
| 495 | required and this function no longer does anything. | ||
| 496 | |||
| 497 | void X509V3_EXT_cleanup(void); | ||
| 498 | |||
| 499 | This function should be called to cleanup the extension code if any custom | ||
| 500 | extensions have been added. If no custom extensions have been added then this | ||
| 501 | call does nothing. After this call all custom extension code is freed up but | ||
| 502 | you can still use the standard extensions. | ||
| 503 | |||
| 504 | 2. Printing and parsing extensions. | ||
| 505 | |||
| 506 | The simplest way to print out extensions is via the standard X509 printing | ||
| 507 | routines: if you use the standard X509_print() function, the supported | ||
| 508 | extensions will be printed out automatically. | ||
| 509 | |||
| 510 | The following functions allow finer control over extension display: | ||
| 511 | |||
| 512 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); | ||
| 513 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | ||
| 514 | |||
| 515 | These two functions print out an individual extension to a BIO or FILE pointer. | ||
| 516 | Currently the flag argument is unused and should be set to 0. The 'indent' | ||
| 517 | argument is the number of spaces to indent each line. | ||
| 518 | |||
| 519 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); | ||
| 520 | |||
| 521 | This function parses an extension and returns its internal structure. The | ||
| 522 | precise structure you get back depends on the extension being parsed. If the | ||
| 523 | extension if basicConstraints you will get back a pointer to a | ||
| 524 | BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more | ||
| 525 | details about the structures returned. The returned structure should be freed | ||
| 526 | after use using the relevant free function, BASIC_CONSTRAINTS_free() for | ||
| 527 | example. | ||
| 528 | |||
| 529 | void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); | ||
| 530 | void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); | ||
| 531 | void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); | ||
| 532 | void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); | ||
| 533 | |||
| 534 | These functions combine the operations of searching for extensions and | ||
| 535 | parsing them. They search a certificate, a CRL a CRL entry or a stack | ||
| 536 | of extensions respectively for extension whose NID is 'nid' and return | ||
| 537 | the parsed result of NULL if an error occurred. For example: | ||
| 538 | |||
| 539 | BASIC_CONSTRAINTS *bs; | ||
| 540 | bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); | ||
| 541 | |||
| 542 | This will search for the basicConstraints extension and either return | ||
| 543 | it value or NULL. NULL can mean either the extension was not found, it | ||
| 544 | occurred more than once or it could not be parsed. | ||
| 545 | |||
| 546 | If 'idx' is NULL then an extension is only parsed if it occurs precisely | ||
| 547 | once. This is standard behaviour because extensions normally cannot occur | ||
| 548 | more than once. If however more than one extension of the same type can | ||
| 549 | occur it can be used to parse successive extensions for example: | ||
| 550 | |||
| 551 | int i; | ||
| 552 | void *ext; | ||
| 553 | |||
| 554 | i = -1; | ||
| 555 | for(;;) { | ||
| 556 | ext = X509_get_ext_d2i(x, nid, crit, &idx); | ||
| 557 | if(ext == NULL) break; | ||
| 558 | /* Do something with ext */ | ||
| 559 | } | ||
| 560 | |||
| 561 | If 'crit' is not NULL and the extension was found then the int it points to | ||
| 562 | is set to 1 for critical extensions and 0 for non critical. Therefore if the | ||
| 563 | function returns NULL but 'crit' is set to 0 or 1 then the extension was | ||
| 564 | found but it could not be parsed. | ||
| 565 | |||
| 566 | The int pointed to by crit will be set to -1 if the extension was not found | ||
| 567 | and -2 if the extension occurred more than once (this will only happen if | ||
| 568 | idx is NULL). In both cases the function will return NULL. | ||
| 569 | |||
| 570 | 3. Generating extensions. | ||
| 571 | |||
| 572 | An extension will typically be generated from a configuration file, or some | ||
| 573 | other kind of configuration database. | ||
| 574 | |||
| 575 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
| 576 | X509 *cert); | ||
| 577 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
| 578 | X509_CRL *crl); | ||
| 579 | |||
| 580 | These functions add all the extensions in the given section to the given | ||
| 581 | certificate or CRL. They will normally be called just before the certificate | ||
| 582 | or CRL is due to be signed. Both return 0 on error on non zero for success. | ||
| 583 | |||
| 584 | In each case 'conf' is the LHASH pointer of the configuration file to use | ||
| 585 | and 'section' is the section containing the extension details. | ||
| 586 | |||
| 587 | See the 'context functions' section for a description of the ctx parameter. | ||
| 588 | |||
| 589 | |||
| 590 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, | ||
| 591 | char *value); | ||
| 592 | |||
| 593 | This function returns an extension based on a name and value pair, if the | ||
| 594 | pair will not need to access other sections in a config file (or there is no | ||
| 595 | config file) then the 'conf' parameter can be set to NULL. | ||
| 596 | |||
| 597 | X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid, | ||
| 598 | char *value); | ||
| 599 | |||
| 600 | This function creates an extension in the same way as X509V3_EXT_conf() but | ||
| 601 | takes the NID of the extension rather than its name. | ||
| 602 | |||
| 603 | For example to produce basicConstraints with the CA flag and a path length of | ||
| 604 | 10: | ||
| 605 | |||
| 606 | x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10"); | ||
| 607 | |||
| 608 | |||
| 609 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | ||
| 610 | |||
| 611 | This function sets up an extension from its internal structure. The ext_nid | ||
| 612 | parameter is the NID of the extension and 'crit' is the critical flag. | ||
| 613 | |||
| 614 | 4. Context functions. | ||
| 615 | |||
| 616 | The following functions set and manipulate an extension context structure. | ||
| 617 | The purpose of the extension context is to allow the extension code to | ||
| 618 | access various structures relating to the "environment" of the certificate: | ||
| 619 | for example the issuers certificate or the certificate request. | ||
| 620 | |||
| 621 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, | ||
| 622 | X509_REQ *req, X509_CRL *crl, int flags); | ||
| 623 | |||
| 624 | This function sets up an X509V3_CTX structure with details of the certificate | ||
| 625 | environment: specifically the issuers certificate, the subject certificate, | ||
| 626 | the certificate request and the CRL: if these are not relevant or not | ||
| 627 | available then they can be set to NULL. The 'flags' parameter should be set | ||
| 628 | to zero. | ||
| 629 | |||
| 630 | X509V3_set_ctx_test(ctx) | ||
| 631 | |||
| 632 | This macro is used to set the 'ctx' structure to a 'test' value: this is to | ||
| 633 | allow the syntax of an extension (or configuration file) to be tested. | ||
| 634 | |||
| 635 | X509V3_set_ctx_nodb(ctx) | ||
| 636 | |||
| 637 | This macro is used when no configuration database is present. | ||
| 638 | |||
| 639 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); | ||
| 640 | |||
| 641 | This function is used to set the configuration database when it is an LHASH | ||
| 642 | structure: typically a configuration file. | ||
| 643 | |||
| 644 | The following functions are used to access a configuration database: they | ||
| 645 | should only be used in RAW extensions. | ||
| 646 | |||
| 647 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); | ||
| 648 | |||
| 649 | This function returns the value of the parameter "name" in "section", or NULL | ||
| 650 | if there has been an error. | ||
| 651 | |||
| 652 | void X509V3_string_free(X509V3_CTX *ctx, char *str); | ||
| 653 | |||
| 654 | This function frees up the string returned by the above function. | ||
| 655 | |||
| 656 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); | ||
| 657 | |||
| 658 | This function returns a whole section as a STACK_OF(CONF_VALUE) . | ||
| 659 | |||
| 660 | void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); | ||
| 661 | |||
| 662 | This function frees up the STACK returned by the above function. | ||
| 663 | |||
| 664 | Note: it is possible to use the extension code with a custom configuration | ||
| 665 | database. To do this the "db_meth" element of the X509V3_CTX structure should | ||
| 666 | be set to an X509V3_CTX_METHOD structure. This structure contains the following | ||
| 667 | function pointers: | ||
| 668 | |||
| 669 | char * (*get_string)(void *db, char *section, char *value); | ||
| 670 | STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); | ||
| 671 | void (*free_string)(void *db, char * string); | ||
| 672 | void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); | ||
| 673 | |||
| 674 | these will be called and passed the 'db' element in the X509V3_CTX structure | ||
| 675 | to access the database. If a given function is not implemented or not required | ||
| 676 | it can be set to NULL. | ||
| 677 | |||
| 678 | 5. String helper functions. | ||
| 679 | |||
| 680 | There are several "i2s" and "s2i" functions that convert structures to and | ||
| 681 | from ASCII strings. In all the "i2s" cases the returned string should be | ||
| 682 | freed using Free() after use. Since some of these are part of other extension | ||
| 683 | code they may take a 'method' parameter. Unless otherwise stated it can be | ||
| 684 | safely set to NULL. | ||
| 685 | |||
| 686 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct); | ||
| 687 | |||
| 688 | This returns a hex string from an ASN1_OCTET_STRING. | ||
| 689 | |||
| 690 | char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); | ||
| 691 | char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); | ||
| 692 | |||
| 693 | These return a string decimal representations of an ASN1_INTEGER and an | ||
| 694 | ASN1_ENUMERATED type, respectively. | ||
| 695 | |||
| 696 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | ||
| 697 | X509V3_CTX *ctx, char *str); | ||
| 698 | |||
| 699 | This converts an ASCII hex string to an ASN1_OCTET_STRING. | ||
| 700 | |||
| 701 | ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); | ||
| 702 | |||
| 703 | This converts a decimal ASCII string into an ASN1_INTEGER. | ||
| 704 | |||
| 705 | 6. Multi valued extension helper functions. | ||
| 706 | |||
| 707 | The following functions can be used to manipulate STACKs of CONF_VALUE | ||
| 708 | structures, as used by multi valued extensions. | ||
| 709 | |||
| 710 | int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); | ||
| 711 | |||
| 712 | This function expects a boolean value in 'value' and sets 'asn1_bool' to | ||
| 713 | it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following | ||
| 714 | strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE" | ||
| 715 | "false", "N", "n", "NO" or "no". | ||
| 716 | |||
| 717 | int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); | ||
| 718 | |||
| 719 | This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER. | ||
| 720 | |||
| 721 | int X509V3_add_value(const char *name, const char *value, | ||
| 722 | STACK_OF(CONF_VALUE) **extlist); | ||
| 723 | |||
| 724 | This simply adds a string name and value pair. | ||
| 725 | |||
| 726 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, | ||
| 727 | STACK_OF(CONF_VALUE) **extlist); | ||
| 728 | |||
| 729 | The same as above but for an unsigned character value. | ||
| 730 | |||
| 731 | int X509V3_add_value_bool(const char *name, int asn1_bool, | ||
| 732 | STACK_OF(CONF_VALUE) **extlist); | ||
| 733 | |||
| 734 | This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool' | ||
| 735 | |||
| 736 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, | ||
| 737 | STACK_OF(CONF_VALUE) **extlist); | ||
| 738 | |||
| 739 | This is the same as above except it adds nothing if asn1_bool is FALSE. | ||
| 740 | |||
| 741 | int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, | ||
| 742 | STACK_OF(CONF_VALUE) **extlist); | ||
| 743 | |||
| 744 | This function adds the value of the ASN1_INTEGER in decimal form. | ||
| 745 | |||
| 746 | 7. Other helper functions. | ||
| 747 | |||
| 748 | <to be added> | ||
| 749 | |||
| 750 | ADDING CUSTOM EXTENSIONS. | ||
| 751 | |||
| 752 | Currently there are three types of supported extensions. | ||
| 753 | |||
| 754 | String extensions are simple strings where the value is placed directly in the | ||
| 755 | extensions, and the string returned is printed out. | ||
| 756 | |||
| 757 | Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs | ||
| 758 | or return a STACK_OF(CONF_VALUE). | ||
| 759 | |||
| 760 | Raw extensions are just passed a BIO or a value and it is the extensions | ||
| 761 | responsibility to handle all the necessary printing. | ||
| 762 | |||
| 763 | There are two ways to add an extension. One is simply as an alias to an already | ||
| 764 | existing extension. An alias is an extension that is identical in ASN1 structure | ||
| 765 | to an existing extension but has a different OBJECT IDENTIFIER. This can be | ||
| 766 | done by calling: | ||
| 767 | |||
| 768 | int X509V3_EXT_add_alias(int nid_to, int nid_from); | ||
| 769 | |||
| 770 | 'nid_to' is the new extension NID and 'nid_from' is the already existing | ||
| 771 | extension NID. | ||
| 772 | |||
| 773 | Alternatively an extension can be written from scratch. This involves writing | ||
| 774 | the ASN1 code to encode and decode the extension and functions to print out and | ||
| 775 | generate the extension from strings. The relevant functions are then placed in | ||
| 776 | a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext); | ||
| 777 | called. | ||
| 778 | |||
| 779 | The X509V3_EXT_METHOD structure is described below. | ||
| 780 | |||
| 781 | struct { | ||
| 782 | int ext_nid; | ||
| 783 | int ext_flags; | ||
| 784 | X509V3_EXT_NEW ext_new; | ||
| 785 | X509V3_EXT_FREE ext_free; | ||
| 786 | X509V3_EXT_D2I d2i; | ||
| 787 | X509V3_EXT_I2D i2d; | ||
| 788 | X509V3_EXT_I2S i2s; | ||
| 789 | X509V3_EXT_S2I s2i; | ||
| 790 | X509V3_EXT_I2V i2v; | ||
| 791 | X509V3_EXT_V2I v2i; | ||
| 792 | X509V3_EXT_R2I r2i; | ||
| 793 | X509V3_EXT_I2R i2r; | ||
| 794 | |||
| 795 | void *usr_data; | ||
| 796 | }; | ||
| 797 | |||
| 798 | The elements have the following meanings. | ||
| 799 | |||
| 800 | ext_nid is the NID of the object identifier of the extension. | ||
| 801 | |||
| 802 | ext_flags is set of flags. Currently the only external flag is | ||
| 803 | X509V3_EXT_MULTILINE which means a multi valued extensions | ||
| 804 | should be printed on separate lines. | ||
| 805 | |||
| 806 | usr_data is an extension specific pointer to any relevant data. This | ||
| 807 | allows extensions to share identical code but have different | ||
| 808 | uses. An example of this is the bit string extension which uses | ||
| 809 | usr_data to contain a list of the bit names. | ||
| 810 | |||
| 811 | All the remaining elements are function pointers. | ||
| 812 | |||
| 813 | ext_new is a pointer to a function that allocates memory for the | ||
| 814 | extension ASN1 structure: for example ASN1_OBJECT_new(). | ||
| 815 | |||
| 816 | ext_free is a pointer to a function that free up memory of the extension | ||
| 817 | ASN1 structure: for example ASN1_OBJECT_free(). | ||
| 818 | |||
| 819 | d2i is the standard ASN1 function that converts a DER buffer into | ||
| 820 | the internal ASN1 structure: for example d2i_ASN1_IA5STRING(). | ||
| 821 | |||
| 822 | i2d is the standard ASN1 function that converts the internal | ||
| 823 | structure into the DER representation: for example | ||
| 824 | i2d_ASN1_IA5STRING(). | ||
| 825 | |||
| 826 | The remaining functions are depend on the type of extension. One i2X and | ||
| 827 | one X2i should be set and the rest set to NULL. The types set do not need | ||
| 828 | to match up, for example the extension could be set using the multi valued | ||
| 829 | v2i function and printed out using the raw i2r. | ||
| 830 | |||
| 831 | All functions have the X509V3_EXT_METHOD passed to them in the 'method' | ||
| 832 | parameter and an X509V3_CTX structure. Extension code can then access the | ||
| 833 | parent structure via the 'method' parameter to for example make use of the value | ||
| 834 | of usr_data. If the code needs to use detail relating to the request it can | ||
| 835 | use the 'ctx' parameter. | ||
| 836 | |||
| 837 | A note should be given here about the 'flags' member of the 'ctx' parameter. | ||
| 838 | If it has the value CTX_TEST then the configuration syntax is being checked | ||
| 839 | and no actual certificate or CRL exists. Therefore any attempt in the config | ||
| 840 | file to access such information should silently succeed. If the syntax is OK | ||
| 841 | then it should simply return a (possibly bogus) extension, otherwise it | ||
| 842 | should return NULL. | ||
| 843 | |||
| 844 | char *i2s(struct v3_ext_method *method, void *ext); | ||
| 845 | |||
| 846 | This function takes the internal structure in the ext parameter and returns | ||
| 847 | a Malloc'ed string representing its value. | ||
| 848 | |||
| 849 | void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | ||
| 850 | |||
| 851 | This function takes the string representation in the ext parameter and returns | ||
| 852 | an allocated internal structure: ext_free() will be used on this internal | ||
| 853 | structure after use. | ||
| 854 | |||
| 855 | i2v and v2i handle a STACK_OF(CONF_VALUE): | ||
| 856 | |||
| 857 | typedef struct | ||
| 858 | { | ||
| 859 | char *section; | ||
| 860 | char *name; | ||
| 861 | char *value; | ||
| 862 | } CONF_VALUE; | ||
| 863 | |||
| 864 | Only the name and value members are currently used. | ||
| 865 | |||
| 866 | STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext); | ||
| 867 | |||
| 868 | This function is passed the internal structure in the ext parameter and | ||
| 869 | returns a STACK of CONF_VALUE structures. The values of name, value, | ||
| 870 | section and the structure itself will be freed up with Free after use. | ||
| 871 | Several helper functions are available to add values to this STACK. | ||
| 872 | |||
| 873 | void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, | ||
| 874 | STACK_OF(CONF_VALUE) *values); | ||
| 875 | |||
| 876 | This function takes a STACK_OF(CONF_VALUE) structures and should set the | ||
| 877 | values of the external structure. This typically uses the name element to | ||
| 878 | determine which structure element to set and the value element to determine | ||
| 879 | what to set it to. Several helper functions are available for this | ||
| 880 | purpose (see above). | ||
| 881 | |||
| 882 | int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent); | ||
| 883 | |||
| 884 | This function is passed the internal extension structure in the ext parameter | ||
| 885 | and sends out a human readable version of the extension to out. The 'indent' | ||
| 886 | parameter should be noted to determine the necessary amount of indentation | ||
| 887 | needed on the output. | ||
| 888 | |||
| 889 | void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | ||
| 890 | |||
| 891 | This is just passed the string representation of the extension. It is intended | ||
| 892 | to be used for more elaborate extensions where the standard single and multi | ||
| 893 | valued options are insufficient. They can use the 'ctx' parameter to parse the | ||
| 894 | configuration database themselves. See the context functions section for details | ||
| 895 | of how to do this. | ||
| 896 | |||
| 897 | Note: although this type takes the same parameters as the "r2s" function there | ||
| 898 | is a subtle difference. Whereas an "r2i" function can access a configuration | ||
| 899 | database an "s2i" function MUST NOT. This is so the internal code can safely | ||
| 900 | assume that an "s2i" function will work without a configuration database. | ||
| 901 | |||
| 902 | ============================================================================== | ||
| 903 | PKCS#12 Library | ||
| 904 | ============================================================================== | ||
| 905 | |||
| 906 | This section describes the internal PKCS#12 support. There are very few | ||
| 907 | differences between the old external library and the new internal code at | ||
| 908 | present. This may well change because the external library will not be updated | ||
| 909 | much in future. | ||
| 910 | |||
| 911 | This version now includes a couple of high level PKCS#12 functions which | ||
| 912 | generally "do the right thing" and should make it much easier to handle PKCS#12 | ||
| 913 | structures. | ||
| 914 | |||
| 915 | HIGH LEVEL FUNCTIONS. | ||
| 916 | |||
| 917 | For most applications you only need concern yourself with the high level | ||
| 918 | functions. They can parse and generate simple PKCS#12 files as produced by | ||
| 919 | Netscape and MSIE or indeed any compliant PKCS#12 file containing a single | ||
| 920 | private key and certificate pair. | ||
| 921 | |||
| 922 | 1. Initialisation and cleanup. | ||
| 923 | |||
| 924 | No special initialisation is needed for the internal PKCS#12 library: the | ||
| 925 | standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to | ||
| 926 | add all algorithms (you should at least add SHA1 though) then you can manually | ||
| 927 | initialise the PKCS#12 library with: | ||
| 928 | |||
| 929 | PKCS12_PBE_add(); | ||
| 930 | |||
| 931 | The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is | ||
| 932 | called or it can be directly freed with: | ||
| 933 | |||
| 934 | EVP_PBE_cleanup(); | ||
| 935 | |||
| 936 | after this call (or EVP_cleanup() ) no more PKCS#12 library functions should | ||
| 937 | be called. | ||
| 938 | |||
| 939 | 2. I/O functions. | ||
| 940 | |||
| 941 | i2d_PKCS12_bio(bp, p12) | ||
| 942 | |||
| 943 | This writes out a PKCS12 structure to a BIO. | ||
| 944 | |||
| 945 | i2d_PKCS12_fp(fp, p12) | ||
| 946 | |||
| 947 | This is the same but for a FILE pointer. | ||
| 948 | |||
| 949 | d2i_PKCS12_bio(bp, p12) | ||
| 950 | |||
| 951 | This reads in a PKCS12 structure from a BIO. | ||
| 952 | |||
| 953 | d2i_PKCS12_fp(fp, p12) | ||
| 954 | |||
| 955 | This is the same but for a FILE pointer. | ||
| 956 | |||
| 957 | 3. High level functions. | ||
| 958 | |||
| 959 | 3.1 Parsing with PKCS12_parse(). | ||
| 960 | |||
| 961 | int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, | ||
| 962 | STACK **ca); | ||
| 963 | |||
| 964 | This function takes a PKCS12 structure and a password (ASCII, null terminated) | ||
| 965 | and returns the private key, the corresponding certificate and any CA | ||
| 966 | certificates. If any of these is not required it can be passed as a NULL. | ||
| 967 | The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK | ||
| 968 | structure. Typically to read in a PKCS#12 file you might do: | ||
| 969 | |||
| 970 | p12 = d2i_PKCS12_fp(fp, NULL); | ||
| 971 | PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */ | ||
| 972 | PKCS12_free(p12); | ||
| 973 | |||
| 974 | 3.2 PKCS#12 creation with PKCS12_create(). | ||
| 975 | |||
| 976 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | ||
| 977 | STACK *ca, int nid_key, int nid_cert, int iter, | ||
| 978 | int mac_iter, int keytype); | ||
| 979 | |||
| 980 | This function will create a PKCS12 structure from a given password, name, | ||
| 981 | private key, certificate and optional STACK of CA certificates. The remaining | ||
| 982 | 5 parameters can be set to 0 and sensible defaults will be used. | ||
| 983 | |||
| 984 | The parameters nid_key and nid_cert are the key and certificate encryption | ||
| 985 | algorithms, iter is the encryption iteration count, mac_iter is the MAC | ||
| 986 | iteration count and keytype is the type of private key. If you really want | ||
| 987 | to know what these last 5 parameters do then read the low level section. | ||
| 988 | |||
| 989 | Typically to create a PKCS#12 file the following could be used: | ||
| 990 | |||
| 991 | p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0); | ||
| 992 | i2d_PKCS12_fp(fp, p12); | ||
| 993 | PKCS12_free(p12); | ||
| 994 | |||
| 995 | 3.3 Changing a PKCS#12 structure password. | ||
| 996 | |||
| 997 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); | ||
| 998 | |||
| 999 | This changes the password of an already existing PKCS#12 structure. oldpass | ||
| 1000 | is the old password and newpass is the new one. An error occurs if the old | ||
| 1001 | password is incorrect. | ||
| 1002 | |||
| 1003 | LOW LEVEL FUNCTIONS. | ||
| 1004 | |||
| 1005 | In some cases the high level functions do not provide the necessary | ||
| 1006 | functionality. For example if you want to generate or parse more complex | ||
| 1007 | PKCS#12 files. The sample pkcs12 application uses the low level functions | ||
| 1008 | to display details about the internal structure of a PKCS#12 file. | ||
| 1009 | |||
| 1010 | Introduction. | ||
| 1011 | |||
| 1012 | This is a brief description of how a PKCS#12 file is represented internally: | ||
| 1013 | some knowledge of PKCS#12 is assumed. | ||
| 1014 | |||
| 1015 | A PKCS#12 object contains several levels. | ||
| 1016 | |||
| 1017 | At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a | ||
| 1018 | CRL, a private key, encrypted or unencrypted, a set of safebags (so the | ||
| 1019 | structure can be nested) or other secrets (not documented at present). | ||
| 1020 | A safebag can optionally have attributes, currently these are: a unicode | ||
| 1021 | friendlyName (a Unicode string) or a localKeyID (a string of bytes). | ||
| 1022 | |||
| 1023 | At the next level is an authSafe which is a set of safebags collected into | ||
| 1024 | a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself. | ||
| 1025 | |||
| 1026 | At the top level is the PKCS12 structure itself which contains a set of | ||
| 1027 | authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it | ||
| 1028 | contains a MAC which is a kind of password protected digest to preserve | ||
| 1029 | integrity (so any unencrypted stuff below can't be tampered with). | ||
| 1030 | |||
| 1031 | The reason for these levels is so various objects can be encrypted in various | ||
| 1032 | ways. For example you might want to encrypt a set of private keys with | ||
| 1033 | triple-DES and then include the related certificates either unencrypted or | ||
| 1034 | with lower encryption. Yes it's the dreaded crypto laws at work again which | ||
| 1035 | allow strong encryption on private keys and only weak encryption on other | ||
| 1036 | stuff. | ||
| 1037 | |||
| 1038 | To build one of these things you turn all certificates and keys into safebags | ||
| 1039 | (with optional attributes). You collect the safebags into (one or more) STACKS | ||
| 1040 | and convert these into authsafes (encrypted or unencrypted). The authsafes | ||
| 1041 | are collected into a STACK and added to a PKCS12 structure. Finally a MAC | ||
| 1042 | inserted. | ||
| 1043 | |||
| 1044 | Pulling one apart is basically the reverse process. The MAC is verified against | ||
| 1045 | the given password. The authsafes are extracted and each authsafe split into | ||
| 1046 | a set of safebags (possibly involving decryption). Finally the safebags are | ||
| 1047 | decomposed into the original keys and certificates and the attributes used to | ||
| 1048 | match up private key and certificate pairs. | ||
| 1049 | |||
| 1050 | Anyway here are the functions that do the dirty work. | ||
| 1051 | |||
| 1052 | 1. Construction functions. | ||
| 1053 | |||
| 1054 | 1.1 Safebag functions. | ||
| 1055 | |||
| 1056 | M_PKCS12_x5092certbag(x509) | ||
| 1057 | |||
| 1058 | This macro takes an X509 structure and returns a certificate bag. The | ||
| 1059 | X509 structure can be freed up after calling this function. | ||
| 1060 | |||
| 1061 | M_PKCS12_x509crl2certbag(crl) | ||
| 1062 | |||
| 1063 | As above but for a CRL. | ||
| 1064 | |||
| 1065 | PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey) | ||
| 1066 | |||
| 1067 | Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure. | ||
| 1068 | Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo | ||
| 1069 | structure contains a private key data in plain text form it should be free'd | ||
| 1070 | up as soon as it has been encrypted for security reasons (freeing up the | ||
| 1071 | structure zeros out the sensitive data). This can be done with | ||
| 1072 | PKCS8_PRIV_KEY_INFO_free(). | ||
| 1073 | |||
| 1074 | PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) | ||
| 1075 | |||
| 1076 | This sets the key type when a key is imported into MSIE or Outlook 98. Two | ||
| 1077 | values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type | ||
| 1078 | key that can also be used for signing but its size is limited in the export | ||
| 1079 | versions of MS software to 512 bits, it is also the default. KEY_SIG is a | ||
| 1080 | signing only key but the keysize is unlimited (well 16K is supposed to work). | ||
| 1081 | If you are using the domestic version of MSIE then you can ignore this because | ||
| 1082 | KEY_EX is not limited and can be used for both. | ||
| 1083 | |||
| 1084 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) | ||
| 1085 | |||
| 1086 | Convert a PKCS8 private key structure into a keybag. This routine embeds the | ||
| 1087 | p8 structure in the keybag so p8 should not be freed up or used after it is | ||
| 1088 | called. The p8 structure will be freed up when the safebag is freed. | ||
| 1089 | |||
| 1090 | PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) | ||
| 1091 | |||
| 1092 | Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not | ||
| 1093 | embedded and can be freed up after use. | ||
| 1094 | |||
| 1095 | int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) | ||
| 1096 | int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) | ||
| 1097 | |||
| 1098 | Add a local key id or a friendlyname to a safebag. | ||
| 1099 | |||
| 1100 | 1.2 Authsafe functions. | ||
| 1101 | |||
| 1102 | PKCS7 *PKCS12_pack_p7data(STACK *sk) | ||
| 1103 | Take a stack of safebags and convert them into an unencrypted authsafe. The | ||
| 1104 | stack of safebags can be freed up after calling this function. | ||
| 1105 | |||
| 1106 | PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags); | ||
| 1107 | |||
| 1108 | As above but encrypted. | ||
| 1109 | |||
| 1110 | 1.3 PKCS12 functions. | ||
| 1111 | |||
| 1112 | PKCS12 *PKCS12_init(int mode) | ||
| 1113 | |||
| 1114 | Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data). | ||
| 1115 | |||
| 1116 | M_PKCS12_pack_authsafes(p12, safes) | ||
| 1117 | |||
| 1118 | This macro takes a STACK of authsafes and adds them to a PKCS#12 structure. | ||
| 1119 | |||
| 1120 | int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type); | ||
| 1121 | |||
| 1122 | Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests | ||
| 1123 | that SHA-1 should be used. | ||
| 1124 | |||
| 1125 | 2. Extraction Functions. | ||
| 1126 | |||
| 1127 | 2.1 Safebags. | ||
| 1128 | |||
| 1129 | M_PKCS12_bag_type(bag) | ||
| 1130 | |||
| 1131 | Return the type of "bag". Returns one of the following | ||
| 1132 | |||
| 1133 | NID_keyBag | ||
| 1134 | NID_pkcs8ShroudedKeyBag 7 | ||
| 1135 | NID_certBag 8 | ||
| 1136 | NID_crlBag 9 | ||
| 1137 | NID_secretBag 10 | ||
| 1138 | NID_safeContentsBag 11 | ||
| 1139 | |||
| 1140 | M_PKCS12_cert_bag_type(bag) | ||
| 1141 | |||
| 1142 | Returns type of certificate bag, following are understood. | ||
| 1143 | |||
| 1144 | NID_x509Certificate 14 | ||
| 1145 | NID_sdsiCertificate 15 | ||
| 1146 | |||
| 1147 | M_PKCS12_crl_bag_type(bag) | ||
| 1148 | |||
| 1149 | Returns crl bag type, currently only NID_crlBag is recognised. | ||
| 1150 | |||
| 1151 | M_PKCS12_certbag2x509(bag) | ||
| 1152 | |||
| 1153 | This macro extracts an X509 certificate from a certificate bag. | ||
| 1154 | |||
| 1155 | M_PKCS12_certbag2x509crl(bag) | ||
| 1156 | |||
| 1157 | As above but for a CRL. | ||
| 1158 | |||
| 1159 | EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) | ||
| 1160 | |||
| 1161 | Extract a private key from a PKCS8 private key info structure. | ||
| 1162 | |||
| 1163 | M_PKCS12_decrypt_skey(bag, pass, passlen) | ||
| 1164 | |||
| 1165 | Decrypt a shrouded key bag and return a PKCS8 private key info structure. | ||
| 1166 | Works with both RSA and DSA keys | ||
| 1167 | |||
| 1168 | char *PKCS12_get_friendlyname(bag) | ||
| 1169 | |||
| 1170 | Returns the friendlyName of a bag if present or NULL if none. The returned | ||
| 1171 | string is a null terminated ASCII string allocated with Malloc(). It should | ||
| 1172 | thus be freed up with Free() after use. | ||
| 1173 | |||
| 1174 | 2.2 AuthSafe functions. | ||
| 1175 | |||
| 1176 | M_PKCS12_unpack_p7data(p7) | ||
| 1177 | |||
| 1178 | Extract a STACK of safe bags from a PKCS#7 data ContentInfo. | ||
| 1179 | |||
| 1180 | #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) | ||
| 1181 | |||
| 1182 | As above but for an encrypted content info. | ||
| 1183 | |||
| 1184 | 2.3 PKCS12 functions. | ||
| 1185 | |||
| 1186 | M_PKCS12_unpack_authsafes(p12) | ||
| 1187 | |||
| 1188 | Extract a STACK of authsafes from a PKCS12 structure. | ||
| 1189 | |||
| 1190 | M_PKCS12_mac_present(p12) | ||
| 1191 | |||
| 1192 | Check to see if a MAC is present. | ||
| 1193 | |||
| 1194 | int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen) | ||
| 1195 | |||
| 1196 | Verify a MAC on a PKCS12 structure. Returns an error if MAC not present. | ||
| 1197 | |||
| 1198 | |||
| 1199 | Notes. | ||
| 1200 | |||
| 1201 | 1. All the function return 0 or NULL on error. | ||
| 1202 | 2. Encryption based functions take a common set of parameters. These are | ||
| 1203 | described below. | ||
| 1204 | |||
| 1205 | pass, passlen | ||
| 1206 | ASCII password and length. The password on the MAC is called the "integrity | ||
| 1207 | password" the encryption password is called the "privacy password" in the | ||
| 1208 | PKCS#12 documentation. The passwords do not have to be the same. If -1 is | ||
| 1209 | passed for the length it is worked out by the function itself (currently | ||
| 1210 | this is sometimes done whatever is passed as the length but that may change). | ||
| 1211 | |||
| 1212 | salt, saltlen | ||
| 1213 | A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a | ||
| 1214 | default length is used. | ||
| 1215 | |||
| 1216 | iter | ||
| 1217 | Iteration count. This is a measure of how many times an internal function is | ||
| 1218 | called to encrypt the data. The larger this value is the longer it takes, it | ||
| 1219 | makes dictionary attacks on passwords harder. NOTE: Some implementations do | ||
| 1220 | not support an iteration count on the MAC. If the password for the MAC and | ||
| 1221 | encryption is the same then there is no point in having a high iteration | ||
| 1222 | count for encryption if the MAC has no count. The MAC could be attacked | ||
| 1223 | and the password used for the main decryption. | ||
| 1224 | |||
| 1225 | pbe_nid | ||
| 1226 | This is the NID of the password based encryption method used. The following are | ||
| 1227 | supported. | ||
| 1228 | NID_pbe_WithSHA1And128BitRC4 | ||
| 1229 | NID_pbe_WithSHA1And40BitRC4 | ||
| 1230 | NID_pbe_WithSHA1And3_Key_TripleDES_CBC | ||
| 1231 | NID_pbe_WithSHA1And2_Key_TripleDES_CBC | ||
| 1232 | NID_pbe_WithSHA1And128BitRC2_CBC | ||
| 1233 | NID_pbe_WithSHA1And40BitRC2_CBC | ||
| 1234 | |||
| 1235 | Which you use depends on the implementation you are exporting to. "Export | ||
| 1236 | grade" (i.e. cryptographically challenged) products cannot support all | ||
| 1237 | algorithms. Typically you may be able to use any encryption on shrouded key | ||
| 1238 | bags but they must then be placed in an unencrypted authsafe. Other authsafes | ||
| 1239 | may only support 40bit encryption. Of course if you are using SSLeay | ||
| 1240 | throughout you can strongly encrypt everything and have high iteration counts | ||
| 1241 | on everything. | ||
| 1242 | |||
| 1243 | 3. For decryption routines only the password and length are needed. | ||
| 1244 | |||
| 1245 | 4. Unlike the external version the nid's of objects are the values of the | ||
| 1246 | constants: that is NID_certBag is the real nid, therefore there is no | ||
| 1247 | PKCS12_obj_offset() function. Note the object constants are not the same as | ||
| 1248 | those of the external version. If you use these constants then you will need | ||
| 1249 | to recompile your code. | ||
| 1250 | |||
| 1251 | 5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or | ||
| 1252 | macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be | ||
| 1253 | reused or freed up safely. | ||
| 1254 | |||
diff --git a/src/lib/libssl/doc/ssl.3 b/src/lib/libssl/doc/ssl.3 deleted file mode 100644 index d87d7583c4..0000000000 --- a/src/lib/libssl/doc/ssl.3 +++ /dev/null | |||
| @@ -1,1320 +0,0 @@ | |||
| 1 | .\" | ||
| 2 | .\" $OpenBSD: ssl.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | ||
| 3 | .\" | ||
| 4 | .Dd $Mdocdate: December 2 2014 $ | ||
| 5 | .Dt SSL 3 | ||
| 6 | .Os | ||
| 7 | .Sh NAME | ||
| 8 | .Nm SSL | ||
| 9 | .Nd OpenSSL SSL/TLS library | ||
| 10 | .Sh SYNOPSIS | ||
| 11 | .Sh DESCRIPTION | ||
| 12 | The OpenSSL | ||
| 13 | .Nm ssl | ||
| 14 | library implements the Secure Sockets Layer (SSL v2/v3) and | ||
| 15 | Transport Layer Security (TLS v1) protocols. | ||
| 16 | It provides a rich API which is documented here. | ||
| 17 | .Pp | ||
| 18 | At first the library must be initialized; see | ||
| 19 | .Xr SSL_library_init 3 . | ||
| 20 | .Pp | ||
| 21 | Then an | ||
| 22 | .Vt SSL_CTX | ||
| 23 | object is created as a framework to establish TLS/SSL enabled connections (see | ||
| 24 | .Xr SSL_CTX_new 3 ) . | ||
| 25 | Various options regarding certificates, algorithms, etc., can be set in this | ||
| 26 | object. | ||
| 27 | .Pp | ||
| 28 | When a network connection has been created, it can be assigned to an | ||
| 29 | .Vt SSL | ||
| 30 | object. | ||
| 31 | After the | ||
| 32 | .Vt SSL | ||
| 33 | object has been created using | ||
| 34 | .Xr SSL_new 3 , | ||
| 35 | .Xr SSL_set_fd 3 | ||
| 36 | or | ||
| 37 | .Xr SSL_set_bio 3 | ||
| 38 | can be used to associate the network connection with the object. | ||
| 39 | .Pp | ||
| 40 | Then the TLS/SSL handshake is performed using | ||
| 41 | .Xr SSL_accept 3 | ||
| 42 | or | ||
| 43 | .Xr SSL_connect 3 | ||
| 44 | respectively. | ||
| 45 | .Xr SSL_read 3 | ||
| 46 | and | ||
| 47 | .Xr SSL_write 3 | ||
| 48 | are used to read and write data on the TLS/SSL connection. | ||
| 49 | .Xr SSL_shutdown 3 | ||
| 50 | can be used to shut down the TLS/SSL connection. | ||
| 51 | .Sh DATA STRUCTURES | ||
| 52 | Currently the OpenSSL | ||
| 53 | .Nm ssl | ||
| 54 | library functions deals with the following data structures: | ||
| 55 | .Bl -tag -width Ds | ||
| 56 | .It Vt SSL_METHOD No (SSL Method) | ||
| 57 | That's a dispatch structure describing the internal | ||
| 58 | .Nm ssl | ||
| 59 | library methods/functions which implement the various protocol versions | ||
| 60 | (SSLv1, SSLv2 and TLSv1). | ||
| 61 | It's needed to create an | ||
| 62 | .Vt SSL_CTX . | ||
| 63 | .It Vt SSL_CIPHER No (SSL Cipher) | ||
| 64 | This structure holds the algorithm information for a particular cipher which | ||
| 65 | is a core part of the SSL/TLS protocol. | ||
| 66 | The available ciphers are configured on an | ||
| 67 | .Vt SSL_CTX | ||
| 68 | basis and the actually used ones are then part of the | ||
| 69 | .Vt SSL_SESSION . | ||
| 70 | .It Vt SSL_CTX No (SSL Context) | ||
| 71 | That's the global context structure which is created by a server or client | ||
| 72 | once per program lifetime and which holds mainly default values for the | ||
| 73 | .Vt SSL | ||
| 74 | structures which are later created for the connections. | ||
| 75 | .It Vt SSL_SESSION No (SSL Session) | ||
| 76 | This is a structure containing the current TLS/SSL session details for a | ||
| 77 | connection: | ||
| 78 | .Vt SSL_CIPHER Ns s, client and server certificates, keys, etc. | ||
| 79 | .It Vt SSL No (SSL Connection) | ||
| 80 | That's the main SSL/TLS structure which is created by a server or client per | ||
| 81 | established connection. | ||
| 82 | This actually is the core structure in the SSL API. | ||
| 83 | Under run-time the application usually deals with this structure which has | ||
| 84 | links to mostly all other structures. | ||
| 85 | .El | ||
| 86 | .Sh HEADER FILES | ||
| 87 | Currently the OpenSSL | ||
| 88 | .Nm ssl | ||
| 89 | library provides the following C header files containing the prototypes for the | ||
| 90 | data structures and functions: | ||
| 91 | .Bl -tag -width Ds | ||
| 92 | .It Pa ssl.h | ||
| 93 | That's the common header file for the SSL/TLS API. | ||
| 94 | Include it into your program to make the API of the | ||
| 95 | .Nm ssl | ||
| 96 | library available. | ||
| 97 | It internally includes both more private SSL headers and headers from the | ||
| 98 | .Em crypto | ||
| 99 | library. | ||
| 100 | Whenever you need hardcore details on the internals of the SSL API, look inside | ||
| 101 | this header file. | ||
| 102 | .It Pa ssl2.h | ||
| 103 | That's the sub header file dealing with the SSLv2 protocol only. | ||
| 104 | .Bf Em | ||
| 105 | Usually you don't have to include it explicitly because it's already included | ||
| 106 | by | ||
| 107 | .Pa ssl.h . | ||
| 108 | .Ef | ||
| 109 | .It Pa ssl3.h | ||
| 110 | That's the sub header file dealing with the SSLv3 protocol only. | ||
| 111 | .Bf Em | ||
| 112 | Usually you don't have to include it explicitly because it's already included | ||
| 113 | by | ||
| 114 | .Pa ssl.h . | ||
| 115 | .Ef | ||
| 116 | .It Pa ssl23.h | ||
| 117 | That's the sub header file dealing with the combined use of the SSLv2 and SSLv3 | ||
| 118 | protocols. | ||
| 119 | .Bf Em | ||
| 120 | Usually you don't have to include it explicitly because it's already included | ||
| 121 | by | ||
| 122 | .Pa ssl.h . | ||
| 123 | .Ef | ||
| 124 | .It Pa tls1.h | ||
| 125 | That's the sub header file dealing with the TLSv1 protocol only. | ||
| 126 | .Bf Em | ||
| 127 | Usually you don't have to include it explicitly because it's already included | ||
| 128 | by | ||
| 129 | .Pa ssl.h . | ||
| 130 | .Ef | ||
| 131 | .El | ||
| 132 | .Sh API FUNCTIONS | ||
| 133 | The functions that the OpenSSL | ||
| 134 | .Nm ssl | ||
| 135 | library exports are documented below: | ||
| 136 | .Ss DEALING WITH PROTOCOL METHODS | ||
| 137 | Here we document the various API functions which deal with the SSL/TLS protocol | ||
| 138 | methods defined in | ||
| 139 | .Vt SSL_METHOD | ||
| 140 | structures. | ||
| 141 | .Bl -tag -width Ds | ||
| 142 | .It Xo | ||
| 143 | .Ft const SSL_METHOD * | ||
| 144 | .Fn SSLv2_client_method void | ||
| 145 | .Xc | ||
| 146 | Constructor for the SSLv2 | ||
| 147 | .Vt SSL_METHOD | ||
| 148 | structure for a dedicated client. | ||
| 149 | .It Xo | ||
| 150 | .Ft const SSL_METHOD * | ||
| 151 | .Fn SSLv2_server_method void | ||
| 152 | .Xc | ||
| 153 | Constructor for the SSLv2 | ||
| 154 | .Vt SSL_METHOD | ||
| 155 | structure for a dedicated server. | ||
| 156 | .It Xo | ||
| 157 | .Ft const SSL_METHOD * | ||
| 158 | .Fn SSLv2_method void | ||
| 159 | .Xc | ||
| 160 | Constructor for the SSLv2 | ||
| 161 | .Vt SSL_METHOD | ||
| 162 | structure for combined client and server. | ||
| 163 | .It Xo | ||
| 164 | .Ft const SSL_METHOD * | ||
| 165 | .Fn SSLv3_client_method void | ||
| 166 | .Xc | ||
| 167 | Constructor for the SSLv3 | ||
| 168 | .Vt SSL_METHOD | ||
| 169 | structure for a dedicated client. | ||
| 170 | .It Xo | ||
| 171 | .Ft const SSL_METHOD * | ||
| 172 | .Fn SSLv3_server_method void | ||
| 173 | .Xc | ||
| 174 | Constructor for the SSLv3 | ||
| 175 | .Vt SSL_METHOD | ||
| 176 | structure for a dedicated server. | ||
| 177 | .It Xo | ||
| 178 | .Ft const SSL_METHOD * | ||
| 179 | .Fn SSLv3_method void | ||
| 180 | .Xc | ||
| 181 | Constructor for the SSLv3 | ||
| 182 | .Vt SSL_METHOD | ||
| 183 | structure for combined client and server. | ||
| 184 | .It Xo | ||
| 185 | .Ft const SSL_METHOD * | ||
| 186 | .Fn TLSv1_client_method void | ||
| 187 | .Xc | ||
| 188 | Constructor for the TLSv1 | ||
| 189 | .Vt SSL_METHOD | ||
| 190 | structure for a dedicated client. | ||
| 191 | .It Xo | ||
| 192 | .Ft const SSL_METHOD * | ||
| 193 | .Fn TLSv1_server_method void | ||
| 194 | .Xc | ||
| 195 | Constructor for the TLSv1 | ||
| 196 | .Vt SSL_METHOD | ||
| 197 | structure for a dedicated server. | ||
| 198 | .It Xo | ||
| 199 | .Ft const SSL_METHOD * | ||
| 200 | .Fn TLSv1_method void | ||
| 201 | .Xc | ||
| 202 | Constructor for the TLSv1 | ||
| 203 | .Vt SSL_METHOD | ||
| 204 | structure for combined client and server. | ||
| 205 | .El | ||
| 206 | .Ss DEALING WITH CIPHERS | ||
| 207 | Here we document the various API functions which deal with the SSL/TLS ciphers | ||
| 208 | defined in | ||
| 209 | .Vt SSL_CIPHER | ||
| 210 | structures. | ||
| 211 | .Bl -tag -width Ds | ||
| 212 | .It Xo | ||
| 213 | .Ft char * | ||
| 214 | .Fn SSL_CIPHER_description "SSL_CIPHER *cipher" "char *buf" "int len" | ||
| 215 | .Xc | ||
| 216 | Write a string to | ||
| 217 | .Fa buf | ||
| 218 | (with a maximum size of | ||
| 219 | .Fa len ) | ||
| 220 | containing a human readable description of | ||
| 221 | .Fa cipher . | ||
| 222 | Returns | ||
| 223 | .Fa buf . | ||
| 224 | .It Xo | ||
| 225 | .Ft int | ||
| 226 | .Fn SSL_CIPHER_get_bits "SSL_CIPHER *cipher" "int *alg_bits" | ||
| 227 | .Xc | ||
| 228 | Determine the number of bits in | ||
| 229 | .Fa cipher . | ||
| 230 | Because of export crippled ciphers there are two bits: | ||
| 231 | the bits the algorithm supports in general (stored to | ||
| 232 | .Fa alg_bits ) | ||
| 233 | and the bits which are actually used (the return value). | ||
| 234 | .It Xo | ||
| 235 | .Ft const char * | ||
| 236 | .Fn SSL_CIPHER_get_name "SSL_CIPHER *cipher" | ||
| 237 | .Xc | ||
| 238 | Return the internal name of | ||
| 239 | .Fa cipher | ||
| 240 | as a string. | ||
| 241 | These are the various strings defined by the | ||
| 242 | .Dv SSL2_TXT_xxx , | ||
| 243 | .Dv SSL3_TXT_xxx | ||
| 244 | and | ||
| 245 | .Dv TLS1_TXT_xxx | ||
| 246 | definitions in the header files. | ||
| 247 | .It Xo | ||
| 248 | .Ft char * | ||
| 249 | .Fn SSL_CIPHER_get_version "SSL_CIPHER *cipher" | ||
| 250 | .Xc | ||
| 251 | Returns a string like | ||
| 252 | Qq TLSv1/SSLv3 | ||
| 253 | or | ||
| 254 | Qq SSLv2 | ||
| 255 | which indicates the SSL/TLS protocol version to which | ||
| 256 | .Fa cipher | ||
| 257 | belongs (i.e., where it was defined in the specification the first time). | ||
| 258 | .El | ||
| 259 | .Ss DEALING WITH PROTOCOL CONTEXTS | ||
| 260 | Here we document the various API functions which deal with the SSL/TLS | ||
| 261 | protocol context defined in the | ||
| 262 | .Vt SSL_CTX | ||
| 263 | structure. | ||
| 264 | .Bl -tag -width Ds | ||
| 265 | .It Xo | ||
| 266 | .Ft int | ||
| 267 | .Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *x" | ||
| 268 | .Xc | ||
| 269 | .It Xo | ||
| 270 | .Ft long | ||
| 271 | .Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509" | ||
| 272 | .Xc | ||
| 273 | .It Xo | ||
| 274 | .Ft int | ||
| 275 | .Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c" | ||
| 276 | .Xc | ||
| 277 | .It Xo | ||
| 278 | .Ft int | ||
| 279 | .Fn SSL_CTX_check_private_key "const SSL_CTX *ctx" | ||
| 280 | .Xc | ||
| 281 | .It Xo | ||
| 282 | .Ft long | ||
| 283 | .Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "char *parg" | ||
| 284 | .Xc | ||
| 285 | .It Xo | ||
| 286 | .Ft void | ||
| 287 | .Fn SSL_CTX_flush_sessions "SSL_CTX *s" "long t" | ||
| 288 | .Xc | ||
| 289 | .It Xo | ||
| 290 | .Ft void | ||
| 291 | .Fn SSL_CTX_free "SSL_CTX *a" | ||
| 292 | .Xc | ||
| 293 | .It Xo | ||
| 294 | .Ft char * | ||
| 295 | .Fn SSL_CTX_get_app_data "SSL_CTX *ctx" | ||
| 296 | .Xc | ||
| 297 | .It Xo | ||
| 298 | .Ft X509_STORE * | ||
| 299 | .Fn SSL_CTX_get_cert_store "SSL_CTX *ctx" | ||
| 300 | .Xc | ||
| 301 | .It Xo | ||
| 302 | .Ft STACK * | ||
| 303 | .Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx" | ||
| 304 | .Xc | ||
| 305 | .It Xo | ||
| 306 | .Ft int | ||
| 307 | .Fn "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))" | ||
| 308 | .Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey" | ||
| 309 | .Xc | ||
| 310 | .It Xo | ||
| 311 | .Ft char * | ||
| 312 | .Fn SSL_CTX_get_ex_data "const SSL_CTX *s" "int idx" | ||
| 313 | .Xc | ||
| 314 | .It Xo | ||
| 315 | .Ft int | ||
| 316 | .Fo SSL_CTX_get_ex_new_index | ||
| 317 | .Fa "long argl" | ||
| 318 | .Fa "void *argp" | ||
| 319 | .Fa "CRYPTO_EX_new *new_func" | ||
| 320 | .Fa "CRYPTO_EX_dup *dup_func" | ||
| 321 | .Fa "CRYPTO_EX_free *free_func" | ||
| 322 | .Fc | ||
| 323 | .Xc | ||
| 324 | .It Xo | ||
| 325 | .Ft void | ||
| 326 | .Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))" | ||
| 327 | .Fa "SSL *ssl" | ||
| 328 | .Fa "int cb" | ||
| 329 | .Fa "int ret" | ||
| 330 | .Fc | ||
| 331 | .Xc | ||
| 332 | .It Xo | ||
| 333 | .Ft int | ||
| 334 | .Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx" | ||
| 335 | .Xc | ||
| 336 | .It Xo | ||
| 337 | .Ft int | ||
| 338 | .Fn SSL_CTX_get_session_cache_mode "SSL_CTX *ctx" | ||
| 339 | .Xc | ||
| 340 | .It Xo | ||
| 341 | .Ft long | ||
| 342 | .Fn SSL_CTX_get_timeout "const SSL_CTX *ctx" | ||
| 343 | .Xc | ||
| 344 | .It Xo | ||
| 345 | .Ft int | ||
| 346 | .Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))" | ||
| 347 | .Fa "int ok" | ||
| 348 | .Fa "X509_STORE_CTX *ctx" | ||
| 349 | .Fc | ||
| 350 | .Xc | ||
| 351 | .It Xo | ||
| 352 | .Ft int | ||
| 353 | .Fn SSL_CTX_get_verify_mode "SSL_CTX *ctx" | ||
| 354 | .Xc | ||
| 355 | .It Xo | ||
| 356 | .Ft int | ||
| 357 | .Fn SSL_CTX_load_verify_locations "SSL_CTX *ctx" "char *CAfile" "char *CApath" | ||
| 358 | .Xc | ||
| 359 | .It Xo | ||
| 360 | .Ft long | ||
| 361 | .Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx" | ||
| 362 | .Xc | ||
| 363 | .It Xo | ||
| 364 | .Ft SSL_CTX * | ||
| 365 | .Fn SSL_CTX_new "const SSL_METHOD *meth" | ||
| 366 | .Xc | ||
| 367 | .It Xo | ||
| 368 | .Ft int | ||
| 369 | .Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c" | ||
| 370 | .Xc | ||
| 371 | .It Xo | ||
| 372 | .Ft int | ||
| 373 | .Fn SSL_CTX_sess_accept "SSL_CTX *ctx" | ||
| 374 | .Xc | ||
| 375 | .It Xo | ||
| 376 | .Ft int | ||
| 377 | .Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx" | ||
| 378 | .Xc | ||
| 379 | .It Xo | ||
| 380 | .Ft int | ||
| 381 | .Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx" | ||
| 382 | .Xc | ||
| 383 | .It Xo | ||
| 384 | .Ft int | ||
| 385 | .Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx" | ||
| 386 | .Xc | ||
| 387 | .It Xo | ||
| 388 | .Ft int | ||
| 389 | .Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx" | ||
| 390 | .Xc | ||
| 391 | .It Xo | ||
| 392 | .Ft int | ||
| 393 | .Fn SSL_CTX_sess_connect "SSL_CTX *ctx" | ||
| 394 | .Xc | ||
| 395 | .It Xo | ||
| 396 | .Ft int | ||
| 397 | .Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx" | ||
| 398 | .Xc | ||
| 399 | .It Xo | ||
| 400 | .Ft int | ||
| 401 | .Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx" | ||
| 402 | .Xc | ||
| 403 | .It Xo | ||
| 404 | .Ft int | ||
| 405 | .Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx" | ||
| 406 | .Xc | ||
| 407 | .It Xo | ||
| 408 | .Ft SSL_SESSION * | ||
| 409 | .Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))" | ||
| 410 | .Fa "SSL *ssl" | ||
| 411 | .Fa "unsigned char *data" | ||
| 412 | .Fa "int len" | ||
| 413 | .Fa "int *copy" | ||
| 414 | .Fc | ||
| 415 | .Xc | ||
| 416 | .It Xo | ||
| 417 | .Ft int | ||
| 418 | .Fn "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" "SSL *ssl" "SSL_SESSION *sess" | ||
| 419 | .Xc | ||
| 420 | .It Xo | ||
| 421 | .Ft void | ||
| 422 | .Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))" | ||
| 423 | .Fa "SSL_CTX *ctx" | ||
| 424 | .Fa "SSL_SESSION *sess" | ||
| 425 | .Fc | ||
| 426 | .Xc | ||
| 427 | .It Xo | ||
| 428 | .Ft int | ||
| 429 | .Fn SSL_CTX_sess_hits "SSL_CTX *ctx" | ||
| 430 | .Xc | ||
| 431 | .It Xo | ||
| 432 | .Ft int | ||
| 433 | .Fn SSL_CTX_sess_misses "SSL_CTX *ctx" | ||
| 434 | .Xc | ||
| 435 | .It Xo | ||
| 436 | .Ft int | ||
| 437 | .Fn SSL_CTX_sess_number "SSL_CTX *ctx" | ||
| 438 | .Xc | ||
| 439 | .It Xo | ||
| 440 | .Ft void | ||
| 441 | .Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t" | ||
| 442 | .Xc | ||
| 443 | .It Xo | ||
| 444 | .Ft void | ||
| 445 | .Fo SSL_CTX_sess_set_get_cb | ||
| 446 | .Fa "SSL_CTX *ctx" | ||
| 447 | .Fa "SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy)" | ||
| 448 | .Fc | ||
| 449 | .Xc | ||
| 450 | .It Xo | ||
| 451 | .Ft void | ||
| 452 | .Fo SSL_CTX_sess_set_new_cb | ||
| 453 | .Fa "SSL_CTX *ctx" | ||
| 454 | .Fa "int (*cb)(SSL *ssl, SSL_SESSION *sess)" | ||
| 455 | .Fc | ||
| 456 | .Xc | ||
| 457 | .It Xo | ||
| 458 | .Ft void | ||
| 459 | .Fo SSL_CTX_sess_set_remove_cb | ||
| 460 | .Fa "SSL_CTX *ctx" | ||
| 461 | .Fa "void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)" | ||
| 462 | .Fc | ||
| 463 | .Xc | ||
| 464 | .It Xo | ||
| 465 | .Ft int | ||
| 466 | .Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx" | ||
| 467 | .Xc | ||
| 468 | .It Xo | ||
| 469 | .Ft LHASH * | ||
| 470 | .Fn SSL_CTX_sessions "SSL_CTX *ctx" | ||
| 471 | .Xc | ||
| 472 | .It Xo | ||
| 473 | .Ft void | ||
| 474 | .Fn SSL_CTX_set_app_data "SSL_CTX *ctx" "void *arg" | ||
| 475 | .Xc | ||
| 476 | .It Xo | ||
| 477 | .Ft void | ||
| 478 | .Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *cs" | ||
| 479 | .Xc | ||
| 480 | .It Xo | ||
| 481 | .Ft void | ||
| 482 | .Fn SSL_CTX_set_cert_verify_cb "SSL_CTX *ctx" "int (*cb)()" "char *arg" | ||
| 483 | .Xc | ||
| 484 | .It Xo | ||
| 485 | .Ft int | ||
| 486 | .Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "char *str" | ||
| 487 | .Xc | ||
| 488 | .It Xo | ||
| 489 | .Ft void | ||
| 490 | .Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK *list" | ||
| 491 | .Xc | ||
| 492 | .It Xo | ||
| 493 | .Ft void | ||
| 494 | .Fo SSL_CTX_set_client_cert_cb | ||
| 495 | .Fa "SSL_CTX *ctx" | ||
| 496 | .Fa "int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)" | ||
| 497 | .Fc | ||
| 498 | .Xc | ||
| 499 | .It Xo | ||
| 500 | .Ft void | ||
| 501 | .Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb" | ||
| 502 | .Xc | ||
| 503 | .It Xo | ||
| 504 | .Ft void | ||
| 505 | .Fn SSL_CTX_set_default_read_ahead "SSL_CTX *ctx" "int m" | ||
| 506 | .Xc | ||
| 507 | .It Xo | ||
| 508 | .Ft int | ||
| 509 | .Fn SSL_CTX_set_default_verify_paths "SSL_CTX *ctx" | ||
| 510 | .Xc | ||
| 511 | .It Xo | ||
| 512 | .Ft int | ||
| 513 | .Fn SSL_CTX_set_ex_data "SSL_CTX *s" "int idx" "char *arg" | ||
| 514 | .Xc | ||
| 515 | .It Xo | ||
| 516 | .Ft void | ||
| 517 | .Fo SSL_CTX_set_info_callback | ||
| 518 | .Fa "SSL_CTX *ctx" | ||
| 519 | .Fa "void (*cb)(SSL *ssl, int cb, int ret)" | ||
| 520 | .Fc | ||
| 521 | .Xc | ||
| 522 | .It Xo | ||
| 523 | .Ft void | ||
| 524 | .Fo SSL_CTX_set_msg_callback | ||
| 525 | .Fa "SSL_CTX *ctx" | ||
| 526 | .Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \ | ||
| 527 | size_t len, SSL *ssl, void *arg)" | ||
| 528 | .Fc | ||
| 529 | .Xc | ||
| 530 | .It Xo | ||
| 531 | .Ft void | ||
| 532 | .Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg" | ||
| 533 | .Xc | ||
| 534 | .It Xo | ||
| 535 | .Ft void | ||
| 536 | .Fn SSL_CTX_set_options "SSL_CTX *ctx" "unsigned long op" | ||
| 537 | .Xc | ||
| 538 | .It Xo | ||
| 539 | .Ft void | ||
| 540 | .Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode" | ||
| 541 | .Xc | ||
| 542 | .It Xo | ||
| 543 | .Ft void | ||
| 544 | .Fn SSL_CTX_set_session_cache_mode "SSL_CTX *ctx" "int mode" | ||
| 545 | .Xc | ||
| 546 | .It Xo | ||
| 547 | .Ft int | ||
| 548 | .Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *meth" | ||
| 549 | .Xc | ||
| 550 | .It Xo | ||
| 551 | .Ft void | ||
| 552 | .Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t" | ||
| 553 | .Xc | ||
| 554 | .It Xo | ||
| 555 | .Ft long | ||
| 556 | .Fn SSL_CTX_set_tmp_dh "SSL_CTX* ctx" "DH *dh" | ||
| 557 | .Xc | ||
| 558 | .It Xo | ||
| 559 | .Ft long | ||
| 560 | .Fn SSL_CTX_set_tmp_dh_callback "SSL_CTX *ctx" "DH *(*cb)(void)" | ||
| 561 | .Xc | ||
| 562 | .It Xo | ||
| 563 | .Ft long | ||
| 564 | .Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa" | ||
| 565 | .Xc | ||
| 566 | .It Xo | ||
| 567 | .Fn SSL_CTX_set_tmp_rsa_callback | ||
| 568 | .Xc | ||
| 569 | .Ft long | ||
| 570 | .Fo SSL_CTX_set_tmp_rsa_callback | ||
| 571 | .Fa "SSL_CTX *ctx" | ||
| 572 | .Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)" | ||
| 573 | .Fc | ||
| 574 | .Pp | ||
| 575 | Sets the callback which will be called when a temporary private key is | ||
| 576 | required. | ||
| 577 | The | ||
| 578 | .Fa export | ||
| 579 | flag will be set if the reason for needing a temp key is that an export | ||
| 580 | ciphersuite is in use, in which case, | ||
| 581 | .Fa keylength | ||
| 582 | will contain the required keylength in bits. | ||
| 583 | .\" XXX using what? | ||
| 584 | Generate a key of appropriate size (using ???) and return it. | ||
| 585 | .It Xo | ||
| 586 | .Fn SSL_set_tmp_rsa_callback | ||
| 587 | .Xc | ||
| 588 | .Ft long | ||
| 589 | .Fo SSL_set_tmp_rsa_callback | ||
| 590 | .Fa "SSL *ssl" | ||
| 591 | .Fa "RSA *(*cb)(SSL *ssl, int export, int keylength)" | ||
| 592 | .Fc | ||
| 593 | .Pp | ||
| 594 | The same as | ||
| 595 | .Fn SSL_CTX_set_tmp_rsa_callback , | ||
| 596 | except it operates on an | ||
| 597 | .Vt SSL | ||
| 598 | session instead of a context. | ||
| 599 | .It Xo | ||
| 600 | .Ft void | ||
| 601 | .Fn SSL_CTX_set_verify "SSL_CTX *ctx" "int mode" "int (*cb)(void)" | ||
| 602 | .Xc | ||
| 603 | .It Xo | ||
| 604 | .Ft int | ||
| 605 | .Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey" | ||
| 606 | .Xc | ||
| 607 | .It Xo | ||
| 608 | .Ft int | ||
| 609 | .Fo SSL_CTX_use_PrivateKey_ASN1 | ||
| 610 | .Fa "int type" | ||
| 611 | .Fa "SSL_CTX *ctx" | ||
| 612 | .Fa "unsigned char *d" | ||
| 613 | .Fa "long len" | ||
| 614 | .Fc | ||
| 615 | .Xc | ||
| 616 | .It Xo | ||
| 617 | .Ft int | ||
| 618 | .Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "char *file" "int type" | ||
| 619 | .Xc | ||
| 620 | .It Xo | ||
| 621 | .Ft int | ||
| 622 | .Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa" | ||
| 623 | .Xc | ||
| 624 | .It Xo | ||
| 625 | .Ft int | ||
| 626 | .Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len" | ||
| 627 | .Xc | ||
| 628 | .It Xo | ||
| 629 | .Ft int | ||
| 630 | .Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "char *file" "int type" | ||
| 631 | .Xc | ||
| 632 | .It Xo | ||
| 633 | .Ft int | ||
| 634 | .Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x" | ||
| 635 | .Xc | ||
| 636 | .It Xo | ||
| 637 | .Ft int | ||
| 638 | .Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d" | ||
| 639 | .Xc | ||
| 640 | .It Xo | ||
| 641 | .Ft int | ||
| 642 | .Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "char *file" "int type" | ||
| 643 | .Xc | ||
| 644 | .It Xo | ||
| 645 | .Ft void | ||
| 646 | .Fo SSL_CTX_set_psk_client_callback | ||
| 647 | .Fa "SSL_CTX *ctx" | ||
| 648 | .Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \ | ||
| 649 | unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)" | ||
| 650 | .Fc | ||
| 651 | .Xc | ||
| 652 | .It Xo | ||
| 653 | .Ft int | ||
| 654 | .Fn SSL_CTX_use_psk_identity_hint "SSL_CTX *ctx" "const char *hint" | ||
| 655 | .Xc | ||
| 656 | .It Xo | ||
| 657 | .Ft void | ||
| 658 | .Fo SSL_CTX_set_psk_server_callback | ||
| 659 | .Fa "SSL_CTX *ctx" | ||
| 660 | .Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \ | ||
| 661 | unsigned char *psk, int max_psk_len)" | ||
| 662 | .Fc | ||
| 663 | .Xc | ||
| 664 | .El | ||
| 665 | .Ss DEALING WITH SESSIONS | ||
| 666 | Here we document the various API functions which deal with the SSL/TLS sessions | ||
| 667 | defined in the | ||
| 668 | .Vt SSL_SESSION | ||
| 669 | structures. | ||
| 670 | .Bl -tag -width Ds | ||
| 671 | .It Xo | ||
| 672 | .Ft int | ||
| 673 | .Fn SSL_SESSION_cmp "const SSL_SESSION *a" "const SSL_SESSION *b" | ||
| 674 | .Xc | ||
| 675 | .It Xo | ||
| 676 | .Ft void | ||
| 677 | .Fn SSL_SESSION_free "SSL_SESSION *ss" | ||
| 678 | .Xc | ||
| 679 | .It Xo | ||
| 680 | .Ft char * | ||
| 681 | .Fn SSL_SESSION_get_app_data "SSL_SESSION *s" | ||
| 682 | .Xc | ||
| 683 | .It Xo | ||
| 684 | .Ft char * | ||
| 685 | .Fn SSL_SESSION_get_ex_data "const SSL_SESSION *s" "int idx" | ||
| 686 | .Xc | ||
| 687 | .It Xo | ||
| 688 | .Ft int | ||
| 689 | .Fo SSL_SESSION_get_ex_new_index | ||
| 690 | .Fa "long argl" | ||
| 691 | .Fa "char *argp" | ||
| 692 | .Fa "int (*new_func)(void)" | ||
| 693 | .Fa "int (*dup_func)(void), void (*free_func)(void)" | ||
| 694 | .Fc | ||
| 695 | .Xc | ||
| 696 | .It Xo | ||
| 697 | .Ft long | ||
| 698 | .Fn SSL_SESSION_get_time "const SSL_SESSION *s" | ||
| 699 | .Xc | ||
| 700 | .It Xo | ||
| 701 | .Ft long | ||
| 702 | .Fn SSL_SESSION_get_timeout "const SSL_SESSION *s" | ||
| 703 | .Xc | ||
| 704 | .It Xo | ||
| 705 | .Ft unsigned long | ||
| 706 | .Fn SSL_SESSION_hash "const SSL_SESSION *a" | ||
| 707 | .Xc | ||
| 708 | .It Xo | ||
| 709 | .Ft SSL_SESSION * | ||
| 710 | .Fn SSL_SESSION_new void | ||
| 711 | .Xc | ||
| 712 | .It Xo | ||
| 713 | .Ft int | ||
| 714 | .Fn SSL_SESSION_print "BIO *bp" "const SSL_SESSION *x" | ||
| 715 | .Xc | ||
| 716 | .It Xo | ||
| 717 | .Ft int | ||
| 718 | .Fn SSL_SESSION_print_fp "FILE *fp" "const SSL_SESSION *x" | ||
| 719 | .Xc | ||
| 720 | .It Xo | ||
| 721 | .Ft void | ||
| 722 | .Fn SSL_SESSION_set_app_data "SSL_SESSION *s" "char *a" | ||
| 723 | .Xc | ||
| 724 | .It Xo | ||
| 725 | .Ft int | ||
| 726 | .Fn SSL_SESSION_set_ex_data "SSL_SESSION *s" "int idx" "char *arg" | ||
| 727 | .Xc | ||
| 728 | .It Xo | ||
| 729 | .Ft long | ||
| 730 | .Fn SSL_SESSION_set_time "SSL_SESSION *s" "long t" | ||
| 731 | .Xc | ||
| 732 | .It Xo | ||
| 733 | .Ft long | ||
| 734 | .Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long t" | ||
| 735 | .Xc | ||
| 736 | .El | ||
| 737 | .Ss DEALING WITH CONNECTIONS | ||
| 738 | Here we document the various API functions which deal with the SSL/TLS | ||
| 739 | connection defined in the | ||
| 740 | .Vt SSL | ||
| 741 | structure. | ||
| 742 | .Bl -tag -width Ds | ||
| 743 | .It Xo | ||
| 744 | .Ft int | ||
| 745 | .Fn SSL_accept "SSL *ssl" | ||
| 746 | .Xc | ||
| 747 | .It Xo | ||
| 748 | .Ft int | ||
| 749 | .Fn SSL_add_dir_cert_subjects_to_stack "STACK *stack" "const char *dir" | ||
| 750 | .Xc | ||
| 751 | .It Xo | ||
| 752 | .Ft int | ||
| 753 | .Fn SSL_add_file_cert_subjects_to_stack "STACK *stack" "const char *file" | ||
| 754 | .Xc | ||
| 755 | .It Xo | ||
| 756 | .Ft int | ||
| 757 | .Fn SSL_add_client_CA "SSL *ssl" "X509 *x" | ||
| 758 | .Xc | ||
| 759 | .It Xo | ||
| 760 | .Ft char * | ||
| 761 | .Fn SSL_alert_desc_string "int value" | ||
| 762 | .Xc | ||
| 763 | .It Xo | ||
| 764 | .Ft char * | ||
| 765 | .Fn SSL_alert_desc_string_long "int value" | ||
| 766 | .Xc | ||
| 767 | .It Xo | ||
| 768 | .Ft char * | ||
| 769 | .Fn SSL_alert_type_string "int value" | ||
| 770 | .Xc | ||
| 771 | .It Xo | ||
| 772 | .Ft char * | ||
| 773 | .Fn SSL_alert_type_string_long "int value" | ||
| 774 | .Xc | ||
| 775 | .It Xo | ||
| 776 | .Ft int | ||
| 777 | .Fn SSL_check_private_key "const SSL *ssl" | ||
| 778 | .Xc | ||
| 779 | .It Xo | ||
| 780 | .Ft void | ||
| 781 | .Fn SSL_clear "SSL *ssl" | ||
| 782 | .Xc | ||
| 783 | .It Xo | ||
| 784 | .Ft long | ||
| 785 | .Fn SSL_clear_num_renegotiations "SSL *ssl" | ||
| 786 | .Xc | ||
| 787 | .It Xo | ||
| 788 | .Ft int | ||
| 789 | .Fn SSL_connect "SSL *ssl" | ||
| 790 | .Xc | ||
| 791 | .It Xo | ||
| 792 | .Ft void | ||
| 793 | .Fn SSL_copy_session_id "SSL *t" "const SSL *f" | ||
| 794 | .Xc | ||
| 795 | .It Xo | ||
| 796 | .Ft long | ||
| 797 | .Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "char *parg" | ||
| 798 | .Xc | ||
| 799 | .It Xo | ||
| 800 | .Ft int | ||
| 801 | .Fn SSL_do_handshake "SSL *ssl" | ||
| 802 | .Xc | ||
| 803 | .It Xo | ||
| 804 | .Ft SSL * | ||
| 805 | .Fn SSL_dup "SSL *ssl" | ||
| 806 | .Xc | ||
| 807 | .It Xo | ||
| 808 | .Ft STACK * | ||
| 809 | .Fn SSL_dup_CA_list "STACK *sk" | ||
| 810 | .Xc | ||
| 811 | .It Xo | ||
| 812 | .Ft void | ||
| 813 | .Fn SSL_free "SSL *ssl" | ||
| 814 | .Xc | ||
| 815 | .It Xo | ||
| 816 | .Ft SSL_CTX * | ||
| 817 | .Fn SSL_get_SSL_CTX "const SSL *ssl" | ||
| 818 | .Xc | ||
| 819 | .It Xo | ||
| 820 | .Ft char * | ||
| 821 | .Fn SSL_get_app_data "SSL *ssl" | ||
| 822 | .Xc | ||
| 823 | .It Xo | ||
| 824 | .Ft X509 * | ||
| 825 | .Fn SSL_get_certificate "const SSL *ssl" | ||
| 826 | .Xc | ||
| 827 | .It Xo | ||
| 828 | .Ft const char * | ||
| 829 | .Fn SSL_get_cipher "const SSL *ssl" | ||
| 830 | .Xc | ||
| 831 | .It Xo | ||
| 832 | .Ft int | ||
| 833 | .Fn SSL_get_cipher_bits "const SSL *ssl" "int *alg_bits" | ||
| 834 | .Xc | ||
| 835 | .It Xo | ||
| 836 | .Ft char * | ||
| 837 | .Fn SSL_get_cipher_list "const SSL *ssl" "int n" | ||
| 838 | .Xc | ||
| 839 | .It Xo | ||
| 840 | .Ft char * | ||
| 841 | .Fn SSL_get_cipher_name "const SSL *ssl" | ||
| 842 | .Xc | ||
| 843 | .It Xo | ||
| 844 | .Ft char * | ||
| 845 | .Fn SSL_get_cipher_version "const SSL *ssl" | ||
| 846 | .Xc | ||
| 847 | .It Xo | ||
| 848 | .Ft STACK * | ||
| 849 | .Fn SSL_get_ciphers "const SSL *ssl" | ||
| 850 | .Xc | ||
| 851 | .It Xo | ||
| 852 | .Ft STACK * | ||
| 853 | .Fn SSL_get_client_CA_list "const SSL *ssl" | ||
| 854 | .Xc | ||
| 855 | .It Xo | ||
| 856 | .Ft SSL_CIPHER * | ||
| 857 | .Fn SSL_get_current_cipher "SSL *ssl" | ||
| 858 | .Xc | ||
| 859 | .It Xo | ||
| 860 | .Ft long | ||
| 861 | .Fn SSL_get_default_timeout "const SSL *ssl" | ||
| 862 | .Xc | ||
| 863 | .It Xo | ||
| 864 | .Ft int | ||
| 865 | .Fn SSL_get_error "const SSL *ssl" "int i" | ||
| 866 | .Xc | ||
| 867 | .It Xo | ||
| 868 | .Ft char * | ||
| 869 | .Fn SSL_get_ex_data "const SSL *ssl" "int idx" | ||
| 870 | .Xc | ||
| 871 | .It Xo | ||
| 872 | .Ft int | ||
| 873 | .Fn SSL_get_ex_data_X509_STORE_CTX_idx void | ||
| 874 | .Xc | ||
| 875 | .It Xo | ||
| 876 | .Ft int | ||
| 877 | .Fo SSL_get_ex_new_index | ||
| 878 | .Fa "long argl" | ||
| 879 | .Fa "char *argp" | ||
| 880 | .Fa "int (*new_func)(void)" | ||
| 881 | .Fa "int (*dup_func)(void)" | ||
| 882 | .Fa "void (*free_func)(void)" | ||
| 883 | .Fc | ||
| 884 | .Xc | ||
| 885 | .It Xo | ||
| 886 | .Ft int | ||
| 887 | .Fn SSL_get_fd "const SSL *ssl" | ||
| 888 | .Xc | ||
| 889 | .It Xo | ||
| 890 | .Ft void | ||
| 891 | .Fn "(*SSL_get_info_callback(const SSL *ssl))" | ||
| 892 | .Xc | ||
| 893 | .It Xo | ||
| 894 | .Ft STACK * | ||
| 895 | .Fn SSL_get_peer_cert_chain "const SSL *ssl" | ||
| 896 | .Xc | ||
| 897 | .It Xo | ||
| 898 | .Ft X509 * | ||
| 899 | .Fn SSL_get_peer_certificate "const SSL *ssl" | ||
| 900 | .Xc | ||
| 901 | .It Xo | ||
| 902 | .Ft EVP_PKEY * | ||
| 903 | .Fn SSL_get_privatekey "SSL *ssl" | ||
| 904 | .Xc | ||
| 905 | .It Xo | ||
| 906 | .Ft int | ||
| 907 | .Fn SSL_get_quiet_shutdown "const SSL *ssl" | ||
| 908 | .Xc | ||
| 909 | .It Xo | ||
| 910 | .Ft BIO * | ||
| 911 | .Fn SSL_get_rbio "const SSL *ssl" | ||
| 912 | .Xc | ||
| 913 | .It Xo | ||
| 914 | .Ft int | ||
| 915 | .Fn SSL_get_read_ahead "const SSL *ssl" | ||
| 916 | .Xc | ||
| 917 | .It Xo | ||
| 918 | .Ft SSL_SESSION * | ||
| 919 | .Fn SSL_get_session "const SSL *ssl" | ||
| 920 | .Xc | ||
| 921 | .It Xo | ||
| 922 | .Ft char * | ||
| 923 | .Fn SSL_get_shared_ciphers "const SSL *ssl" "char *buf" "int len" | ||
| 924 | .Xc | ||
| 925 | .It Xo | ||
| 926 | .Ft int | ||
| 927 | .Fn SSL_get_shutdown "const SSL *ssl" | ||
| 928 | .Xc | ||
| 929 | .It Xo | ||
| 930 | .Ft const SSL_METHOD * | ||
| 931 | .Fn SSL_get_ssl_method "SSL *ssl" | ||
| 932 | .Xc | ||
| 933 | .It Xo | ||
| 934 | .Ft int | ||
| 935 | .Fn SSL_get_state "const SSL *ssl" | ||
| 936 | .Xc | ||
| 937 | .It Xo | ||
| 938 | .Ft long | ||
| 939 | .Fn SSL_get_time "const SSL *ssl" | ||
| 940 | .Xc | ||
| 941 | .It Xo | ||
| 942 | .Ft long | ||
| 943 | .Fn SSL_get_timeout "const SSL *ssl" | ||
| 944 | .Xc | ||
| 945 | .It Xo | ||
| 946 | .Ft int | ||
| 947 | .Fn "(*SSL_get_verify_callback(const SSL *ssl))" int "X509_STORE_CTX *" | ||
| 948 | .Xc | ||
| 949 | .It Xo | ||
| 950 | .Ft int | ||
| 951 | .Fn SSL_get_verify_mode "const SSL *ssl" | ||
| 952 | .Xc | ||
| 953 | .It Xo | ||
| 954 | .Ft long | ||
| 955 | .Fn SSL_get_verify_result "const SSL *ssl" | ||
| 956 | .Xc | ||
| 957 | .It Xo | ||
| 958 | .Ft char * | ||
| 959 | .Fn SSL_get_version "const SSL *ssl" | ||
| 960 | .Xc | ||
| 961 | .It Xo | ||
| 962 | .Ft BIO * | ||
| 963 | .Fn SSL_get_wbio "const SSL *ssl" | ||
| 964 | .Xc | ||
| 965 | .It Xo | ||
| 966 | .Ft int | ||
| 967 | .Fn SSL_in_accept_init "SSL *ssl" | ||
| 968 | .Xc | ||
| 969 | .It Xo | ||
| 970 | .Ft int | ||
| 971 | .Fn SSL_in_before "SSL *ssl" | ||
| 972 | .Xc | ||
| 973 | .It Xo | ||
| 974 | .Ft int | ||
| 975 | .Fn SSL_in_connect_init "SSL *ssl" | ||
| 976 | .Xc | ||
| 977 | .It Xo | ||
| 978 | .Ft int | ||
| 979 | .Fn SSL_in_init "SSL *ssl" | ||
| 980 | .Xc | ||
| 981 | .It Xo | ||
| 982 | .Ft int | ||
| 983 | .Fn SSL_is_init_finished "SSL *ssl" | ||
| 984 | .Xc | ||
| 985 | .It Xo | ||
| 986 | .Ft STACK * | ||
| 987 | .Fn SSL_load_client_CA_file "char *file" | ||
| 988 | .Xc | ||
| 989 | .It Xo | ||
| 990 | .Ft void | ||
| 991 | .Fn SSL_load_error_strings "void" | ||
| 992 | .Xc | ||
| 993 | .It Xo | ||
| 994 | .Ft SSL * | ||
| 995 | .Fn SSL_new "SSL_CTX *ctx" | ||
| 996 | .Xc | ||
| 997 | .It Xo | ||
| 998 | .Ft long | ||
| 999 | .Fn SSL_num_renegotiations "SSL *ssl" | ||
| 1000 | .Xc | ||
| 1001 | .It Xo | ||
| 1002 | .Ft int | ||
| 1003 | .Fn SSL_peek "SSL *ssl" "void *buf" "int num" | ||
| 1004 | .Xc | ||
| 1005 | .It Xo | ||
| 1006 | .Ft int | ||
| 1007 | .Fn SSL_pending "const SSL *ssl" | ||
| 1008 | .Xc | ||
| 1009 | .It Xo | ||
| 1010 | .Ft int | ||
| 1011 | .Fn SSL_read "SSL *ssl" "void *buf" "int num" | ||
| 1012 | .Xc | ||
| 1013 | .It Xo | ||
| 1014 | .Ft int | ||
| 1015 | .Fn SSL_renegotiate "SSL *ssl" | ||
| 1016 | .Xc | ||
| 1017 | .It Xo | ||
| 1018 | .Ft char * | ||
| 1019 | .Fn SSL_rstate_string "SSL *ssl" | ||
| 1020 | .Xc | ||
| 1021 | .It Xo | ||
| 1022 | .Ft char * | ||
| 1023 | .Fn SSL_rstate_string_long "SSL *ssl" | ||
| 1024 | .Xc | ||
| 1025 | .It Xo | ||
| 1026 | .Ft long | ||
| 1027 | .Fn SSL_session_reused "SSL *ssl" | ||
| 1028 | .Xc | ||
| 1029 | .It Xo | ||
| 1030 | .Ft void | ||
| 1031 | .Fn SSL_set_accept_state "SSL *ssl" | ||
| 1032 | .Xc | ||
| 1033 | .It Xo | ||
| 1034 | .Ft void | ||
| 1035 | .Fn SSL_set_app_data "SSL *ssl" "char *arg" | ||
| 1036 | .Xc | ||
| 1037 | .It Xo | ||
| 1038 | .Ft void | ||
| 1039 | .Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio" | ||
| 1040 | .Xc | ||
| 1041 | .It Xo | ||
| 1042 | .Ft int | ||
| 1043 | .Fn SSL_set_cipher_list "SSL *ssl" "char *str" | ||
| 1044 | .Xc | ||
| 1045 | .It Xo | ||
| 1046 | .Ft void | ||
| 1047 | .Fn SSL_set_client_CA_list "SSL *ssl" "STACK *list" | ||
| 1048 | .Xc | ||
| 1049 | .It Xo | ||
| 1050 | .Ft void | ||
| 1051 | .Fn SSL_set_connect_state "SSL *ssl" | ||
| 1052 | .Xc | ||
| 1053 | .It Xo | ||
| 1054 | .Ft int | ||
| 1055 | .Fn SSL_set_ex_data "SSL *ssl" "int idx" "char *arg" | ||
| 1056 | .Xc | ||
| 1057 | .It Xo | ||
| 1058 | .Ft int | ||
| 1059 | .Fn SSL_set_fd "SSL *ssl" "int fd" | ||
| 1060 | .Xc | ||
| 1061 | .It Xo | ||
| 1062 | .Ft void | ||
| 1063 | .Fn SSL_set_info_callback "SSL *ssl" "void (*cb)(void)" | ||
| 1064 | .Xc | ||
| 1065 | .It Xo | ||
| 1066 | .Ft void | ||
| 1067 | .Fo SSL_set_msg_callback | ||
| 1068 | .Fa "SSL *ctx" | ||
| 1069 | .Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, \ | ||
| 1070 | size_t len, SSL *ssl, void *arg)" | ||
| 1071 | .Fc | ||
| 1072 | .Xc | ||
| 1073 | .It Xo | ||
| 1074 | .Ft void | ||
| 1075 | .Fn SSL_set_msg_callback_arg "SSL *ctx" "void *arg" | ||
| 1076 | .Xc | ||
| 1077 | .It Xo | ||
| 1078 | .Ft void | ||
| 1079 | .Fn SSL_set_options "SSL *ssl" "unsigned long op" | ||
| 1080 | .Xc | ||
| 1081 | .It Xo | ||
| 1082 | .Ft void | ||
| 1083 | .Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode" | ||
| 1084 | .Xc | ||
| 1085 | .It Xo | ||
| 1086 | .Ft void | ||
| 1087 | .Fn SSL_set_read_ahead "SSL *ssl" "int yes" | ||
| 1088 | .Xc | ||
| 1089 | .It Xo | ||
| 1090 | .Ft int | ||
| 1091 | .Fn SSL_set_rfd "SSL *ssl" "int fd" | ||
| 1092 | .Xc | ||
| 1093 | .It Xo | ||
| 1094 | .Ft int | ||
| 1095 | .Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session" | ||
| 1096 | .Xc | ||
| 1097 | .It Xo | ||
| 1098 | .Ft void | ||
| 1099 | .Fn SSL_set_shutdown "SSL *ssl" "int mode" | ||
| 1100 | .Xc | ||
| 1101 | .It Xo | ||
| 1102 | .Ft int | ||
| 1103 | .Fn SSL_set_ssl_method "SSL *ssl" "const SSL_METHOD *meth" | ||
| 1104 | .Xc | ||
| 1105 | .It Xo | ||
| 1106 | .Ft void | ||
| 1107 | .Fn SSL_set_time "SSL *ssl" "long t" | ||
| 1108 | .Xc | ||
| 1109 | .It Xo | ||
| 1110 | .Ft void | ||
| 1111 | .Fn SSL_set_timeout "SSL *ssl" "long t" | ||
| 1112 | .Xc | ||
| 1113 | .It Xo | ||
| 1114 | .Ft void | ||
| 1115 | .Fn SSL_set_verify "SSL *ssl" "int mode" "int (*callback)(void)" | ||
| 1116 | .Xc | ||
| 1117 | .It Xo | ||
| 1118 | .Ft void | ||
| 1119 | .Fn SSL_set_verify_result "SSL *ssl" "long arg" | ||
| 1120 | .Xc | ||
| 1121 | .It Xo | ||
| 1122 | .Ft int | ||
| 1123 | .Fn SSL_set_wfd "SSL *ssl" "int fd" | ||
| 1124 | .Xc | ||
| 1125 | .It Xo | ||
| 1126 | .Ft int | ||
| 1127 | .Fn SSL_shutdown "SSL *ssl" | ||
| 1128 | .Xc | ||
| 1129 | .It Xo | ||
| 1130 | .Ft int | ||
| 1131 | .Fn SSL_state "const SSL *ssl" | ||
| 1132 | .Xc | ||
| 1133 | .It Xo | ||
| 1134 | .Ft char * | ||
| 1135 | .Fn SSL_state_string "const SSL *ssl" | ||
| 1136 | .Xc | ||
| 1137 | .It Xo | ||
| 1138 | .Ft char * | ||
| 1139 | .Fn SSL_state_string_long "const SSL *ssl" | ||
| 1140 | .Xc | ||
| 1141 | .It Xo | ||
| 1142 | .Ft long | ||
| 1143 | .Fn SSL_total_renegotiations "SSL *ssl" | ||
| 1144 | .Xc | ||
| 1145 | .It Xo | ||
| 1146 | .Ft int | ||
| 1147 | .Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey" | ||
| 1148 | .Xc | ||
| 1149 | .It Xo | ||
| 1150 | .Ft int | ||
| 1151 | .Fn SSL_use_PrivateKey_ASN1 "int type" "SSL *ssl" "unsigned char *d" "long len" | ||
| 1152 | .Xc | ||
| 1153 | .It Xo | ||
| 1154 | .Ft int | ||
| 1155 | .Fn SSL_use_PrivateKey_file "SSL *ssl" "char *file" "int type" | ||
| 1156 | .Xc | ||
| 1157 | .It Xo | ||
| 1158 | .Ft int | ||
| 1159 | .Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa" | ||
| 1160 | .Xc | ||
| 1161 | .It Xo | ||
| 1162 | .Ft int | ||
| 1163 | .Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "unsigned char *d" "long len" | ||
| 1164 | .Xc | ||
| 1165 | .It Xo | ||
| 1166 | .Ft int | ||
| 1167 | .Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "char *file" "int type" | ||
| 1168 | .Xc | ||
| 1169 | .It Xo | ||
| 1170 | .Ft int | ||
| 1171 | .Fn SSL_use_certificate "SSL *ssl" "X509 *x" | ||
| 1172 | .Xc | ||
| 1173 | .It Xo | ||
| 1174 | .Ft int | ||
| 1175 | .Fn SSL_use_certificate_ASN1 "SSL *ssl" "int len" "unsigned char *d" | ||
| 1176 | .Xc | ||
| 1177 | .It Xo | ||
| 1178 | .Ft int | ||
| 1179 | .Fn SSL_use_certificate_file "SSL *ssl" "char *file" "int type" | ||
| 1180 | .Xc | ||
| 1181 | .It Xo | ||
| 1182 | .Ft int | ||
| 1183 | .Fn SSL_version "const SSL *ssl" | ||
| 1184 | .Xc | ||
| 1185 | .It Xo | ||
| 1186 | .Ft int | ||
| 1187 | .Fn SSL_want "const SSL *ssl" | ||
| 1188 | .Xc | ||
| 1189 | .It Xo | ||
| 1190 | .Ft int | ||
| 1191 | .Fn SSL_want_nothing "const SSL *ssl" | ||
| 1192 | .Xc | ||
| 1193 | .It Xo | ||
| 1194 | .Ft int | ||
| 1195 | .Fn SSL_want_read "const SSL *ssl" | ||
| 1196 | .Xc | ||
| 1197 | .It Xo | ||
| 1198 | .Ft int | ||
| 1199 | .Fn SSL_want_write "const SSL *ssl" | ||
| 1200 | .Xc | ||
| 1201 | .It Xo | ||
| 1202 | .Ft int | ||
| 1203 | .Fn SSL_want_x509_lookup "const SSL *ssl" | ||
| 1204 | .Xc | ||
| 1205 | .It Xo | ||
| 1206 | .Ft int | ||
| 1207 | .Fn SSL_write "SSL *ssl" "const void *buf" "int num" | ||
| 1208 | .Xc | ||
| 1209 | .It Xo | ||
| 1210 | .Ft void | ||
| 1211 | .Fo SSL_set_psk_client_callback | ||
| 1212 | .Fa "SSL *ssl" | ||
| 1213 | .Fa "unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, \ | ||
| 1214 | unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)" | ||
| 1215 | .Fc | ||
| 1216 | .Xc | ||
| 1217 | .It Xo | ||
| 1218 | .Ft int | ||
| 1219 | .Fn SSL_use_psk_identity_hint "SSL *ssl" "const char *hint" | ||
| 1220 | .Xc | ||
| 1221 | .It Xo | ||
| 1222 | .Ft void | ||
| 1223 | .Fo SSL_set_psk_server_callback | ||
| 1224 | .Fa "SSL *ssl" | ||
| 1225 | .Fa "unsigned int (*callback)(SSL *ssl, const char *identity, \ | ||
| 1226 | unsigned char *psk, int max_psk_len)" | ||
| 1227 | .Fc | ||
| 1228 | .Xc | ||
| 1229 | .It Xo | ||
| 1230 | .Ft const char * | ||
| 1231 | .Fn SSL_get_psk_identity_hint "SSL *ssl" | ||
| 1232 | .Xc | ||
| 1233 | .It Xo | ||
| 1234 | .Ft const char * | ||
| 1235 | .Fn SSL_get_psk_identity "SSL *ssl" | ||
| 1236 | .Xc | ||
| 1237 | .El | ||
| 1238 | .Sh SEE ALSO | ||
| 1239 | .Xr openssl 1 , | ||
| 1240 | .Xr crypto 3 , | ||
| 1241 | .Xr d2i_SSL_SESSION 3 , | ||
| 1242 | .Xr SSL_accept 3 , | ||
| 1243 | .Xr SSL_alert_type_string 3 , | ||
| 1244 | .Xr SSL_CIPHER_get_name 3 , | ||
| 1245 | .Xr SSL_clear 3 , | ||
| 1246 | .Xr SSL_COMP_add_compression_method 3 , | ||
| 1247 | .Xr SSL_connect 3 , | ||
| 1248 | .Xr SSL_CTX_add_extra_chain_cert 3 , | ||
| 1249 | .Xr SSL_CTX_add_session 3 , | ||
| 1250 | .Xr SSL_CTX_ctrl 3 , | ||
| 1251 | .Xr SSL_CTX_flush_sessions 3 , | ||
| 1252 | .Xr SSL_CTX_get_ex_new_index 3 , | ||
| 1253 | .Xr SSL_CTX_get_verify_mode 3 , | ||
| 1254 | .Xr SSL_CTX_load_verify_locations 3 , | ||
| 1255 | .Xr SSL_CTX_new 3 , | ||
| 1256 | .Xr SSL_CTX_sess_number 3 , | ||
| 1257 | .Xr SSL_CTX_sess_set_cache_size 3 , | ||
| 1258 | .Xr SSL_CTX_sess_set_get_cb 3 , | ||
| 1259 | .Xr SSL_CTX_sessions 3 , | ||
| 1260 | .Xr SSL_CTX_set_cert_store 3 , | ||
| 1261 | .Xr SSL_CTX_set_cert_verify_callback 3 , | ||
| 1262 | .Xr SSL_CTX_set_cipher_list 3 , | ||
| 1263 | .Xr SSL_CTX_set_client_CA_list 3 , | ||
| 1264 | .Xr SSL_CTX_set_client_cert_cb 3 , | ||
| 1265 | .Xr SSL_CTX_set_default_passwd_cb 3 , | ||
| 1266 | .Xr SSL_CTX_set_generate_session_id 3 , | ||
| 1267 | .Xr SSL_CTX_set_info_callback 3 , | ||
| 1268 | .Xr SSL_CTX_set_max_cert_list 3 , | ||
| 1269 | .Xr SSL_CTX_set_mode 3 , | ||
| 1270 | .Xr SSL_CTX_set_msg_callback 3 , | ||
| 1271 | .Xr SSL_CTX_set_options 3 , | ||
| 1272 | .Xr SSL_CTX_set_psk_client_callback 3 , | ||
| 1273 | .Xr SSL_CTX_set_quiet_shutdown 3 , | ||
| 1274 | .Xr SSL_CTX_set_session_cache_mode 3 , | ||
| 1275 | .Xr SSL_CTX_set_session_id_context 3 , | ||
| 1276 | .Xr SSL_CTX_set_ssl_version 3 , | ||
| 1277 | .Xr SSL_CTX_set_timeout 3 , | ||
| 1278 | .Xr SSL_CTX_set_tmp_dh_callback 3 , | ||
| 1279 | .Xr SSL_CTX_set_tmp_rsa_callback 3 , | ||
| 1280 | .Xr SSL_CTX_set_verify 3 , | ||
| 1281 | .Xr SSL_CTX_use_certificate 3 , | ||
| 1282 | .Xr SSL_CTX_use_psk_identity_hint 3 , | ||
| 1283 | .Xr SSL_do_handshake 3 , | ||
| 1284 | .Xr SSL_get_ciphers 3 , | ||
| 1285 | .Xr SSL_get_client_CA_list 3 , | ||
| 1286 | .Xr SSL_get_default_timeout 3 , | ||
| 1287 | .Xr SSL_get_error 3 , | ||
| 1288 | .Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 , | ||
| 1289 | .Xr SSL_get_ex_new_index 3 , | ||
| 1290 | .Xr SSL_get_fd 3 , | ||
| 1291 | .Xr SSL_get_peer_cert_chain 3 , | ||
| 1292 | .Xr SSL_get_psk_identity 3 , | ||
| 1293 | .Xr SSL_get_rbio 3 , | ||
| 1294 | .Xr SSL_get_session 3 , | ||
| 1295 | .Xr SSL_get_SSL_CTX 3 , | ||
| 1296 | .Xr SSL_get_verify_result 3 , | ||
| 1297 | .Xr SSL_get_version 3 , | ||
| 1298 | .Xr SSL_library_init 3 , | ||
| 1299 | .Xr SSL_load_client_CA_file 3 , | ||
| 1300 | .Xr SSL_new 3 , | ||
| 1301 | .Xr SSL_pending 3 , | ||
| 1302 | .Xr SSL_read 3 , | ||
| 1303 | .Xr SSL_rstate_string 3 , | ||
| 1304 | .Xr SSL_SESSION_free 3 , | ||
| 1305 | .Xr SSL_SESSION_get_ex_new_index 3 , | ||
| 1306 | .Xr SSL_SESSION_get_time 3 , | ||
| 1307 | .Xr SSL_session_reused 3 , | ||
| 1308 | .Xr SSL_set_bio 3 , | ||
| 1309 | .Xr SSL_set_connect_state 3 , | ||
| 1310 | .Xr SSL_set_fd 3 , | ||
| 1311 | .Xr SSL_set_session 3 , | ||
| 1312 | .Xr SSL_set_shutdown 3 , | ||
| 1313 | .Xr SSL_shutdown 3 , | ||
| 1314 | .Xr SSL_state_string 3 , | ||
| 1315 | .Xr SSL_want 3 , | ||
| 1316 | .Xr SSL_write 3 | ||
| 1317 | .Sh HISTORY | ||
| 1318 | The | ||
| 1319 | .Nm | ||
| 1320 | document appeared in OpenSSL 0.9.2. | ||
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt deleted file mode 100644 index 7bada8d35f..0000000000 --- a/src/lib/libssl/doc/standards.txt +++ /dev/null | |||
| @@ -1,285 +0,0 @@ | |||
| 1 | Standards related to OpenSSL | ||
| 2 | ============================ | ||
| 3 | |||
| 4 | [Please, this is currently a draft. I made a first try at finding | ||
| 5 | documents that describe parts of what OpenSSL implements. There are | ||
| 6 | big gaps, and I've most certainly done something wrong. Please | ||
| 7 | correct whatever is... Also, this note should be removed when this | ||
| 8 | file is reaching a somewhat correct state. -- Richard Levitte] | ||
| 9 | |||
| 10 | |||
| 11 | All pointers in here will be either URL's or blobs of text borrowed | ||
| 12 | from miscellaneous indexes, like rfc-index.txt (index of RFCs), | ||
| 13 | 1id-index.txt (index of Internet drafts) and the like. | ||
| 14 | |||
| 15 | To find the latest possible RFCs, it's recommended to either browse | ||
| 16 | ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and | ||
| 17 | use the search mechanism found there. | ||
| 18 | To find the latest possible Internet drafts, it's recommended to | ||
| 19 | browse ftp://ftp.isi.edu/internet-drafts/. | ||
| 20 | To find the latest possible PKCS, it's recommended to browse | ||
| 21 | http://www.rsasecurity.com/rsalabs/pkcs/. | ||
| 22 | |||
| 23 | |||
| 24 | Implemented: | ||
| 25 | ------------ | ||
| 26 | |||
| 27 | These are documents that describe things that are implemented (in | ||
| 28 | whole or at least great parts) in OpenSSL. | ||
| 29 | |||
| 30 | 1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. | ||
| 31 | (Format: TXT=25661 bytes) (Status: INFORMATIONAL) | ||
| 32 | |||
| 33 | 1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format: | ||
| 34 | TXT=32407 bytes) (Status: INFORMATIONAL) | ||
| 35 | |||
| 36 | 1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format: | ||
| 37 | TXT=35222 bytes) (Status: INFORMATIONAL) | ||
| 38 | |||
| 39 | 2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999. | ||
| 40 | (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD) | ||
| 41 | |||
| 42 | 2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest. | ||
| 43 | January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL) | ||
| 44 | |||
| 45 | 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. | ||
| 46 | March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) | ||
| 47 | |||
| 48 | PKCS#8: Private-Key Information Syntax Standard | ||
| 49 | |||
| 50 | PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. | ||
| 51 | |||
| 52 | 2560 X.509 Internet Public Key Infrastructure Online Certificate | ||
| 53 | Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, | ||
| 54 | C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED | ||
| 55 | STANDARD) | ||
| 56 | |||
| 57 | 2712 Addition of Kerberos Cipher Suites to Transport Layer Security | ||
| 58 | (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) | ||
| 59 | (Status: PROPOSED STANDARD) | ||
| 60 | |||
| 61 | 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0. | ||
| 62 | B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status: | ||
| 63 | INFORMATIONAL) | ||
| 64 | |||
| 65 | 2986 PKCS #10: Certification Request Syntax Specification Version 1.7. | ||
| 66 | M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes) | ||
| 67 | (Obsoletes RFC2314) (Status: INFORMATIONAL) | ||
| 68 | |||
| 69 | 3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. | ||
| 70 | September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) | ||
| 71 | |||
| 72 | 3161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP) | ||
| 73 | C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001 | ||
| 74 | (Status: PROPOSED STANDARD) | ||
| 75 | |||
| 76 | 3268 Advanced Encryption Standard (AES) Ciphersuites for Transport | ||
| 77 | Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) | ||
| 78 | (Status: PROPOSED STANDARD) | ||
| 79 | |||
| 80 | 3279 Algorithms and Identifiers for the Internet X.509 Public Key | ||
| 81 | Infrastructure Certificate and Certificate Revocation List (CRL) | ||
| 82 | Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format: | ||
| 83 | TXT=53833 bytes) (Status: PROPOSED STANDARD) | ||
| 84 | |||
| 85 | 3280 Internet X.509 Public Key Infrastructure Certificate and | ||
| 86 | Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. | ||
| 87 | Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes | ||
| 88 | RFC2459) (Status: PROPOSED STANDARD) | ||
| 89 | |||
| 90 | 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography | ||
| 91 | Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. | ||
| 92 | (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: | ||
| 93 | INFORMATIONAL) | ||
| 94 | |||
| 95 | 3713 A Description of the Camellia Encryption Algorithm. M. Matsui, | ||
| 96 | J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) | ||
| 97 | (Status: INFORMATIONAL) | ||
| 98 | |||
| 99 | 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate | ||
| 100 | Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. | ||
| 101 | June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) | ||
| 102 | |||
| 103 | 4132 Addition of Camellia Cipher Suites to Transport Layer Security | ||
| 104 | (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 | ||
| 105 | bytes) (Status: PROPOSED STANDARD) | ||
| 106 | |||
| 107 | 4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). | ||
| 108 | H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) | ||
| 109 | (Status: PROPOSED STANDARD) | ||
| 110 | |||
| 111 | 4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, | ||
| 112 | D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) | ||
| 113 | (Obsoletes RFC4009) (Status: INFORMATIONAL) | ||
| 114 | |||
| 115 | |||
| 116 | Related: | ||
| 117 | -------- | ||
| 118 | |||
| 119 | These are documents that are close to OpenSSL, for example the | ||
| 120 | STARTTLS documents. | ||
| 121 | |||
| 122 | 1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message | ||
| 123 | Encryption and Authentication Procedures. J. Linn. February 1993. | ||
| 124 | (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED | ||
| 125 | STANDARD) | ||
| 126 | |||
| 127 | 1422 Privacy Enhancement for Internet Electronic Mail: Part II: | ||
| 128 | Certificate-Based Key Management. S. Kent. February 1993. (Format: | ||
| 129 | TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD) | ||
| 130 | |||
| 131 | 1423 Privacy Enhancement for Internet Electronic Mail: Part III: | ||
| 132 | Algorithms, Modes, and Identifiers. D. Balenson. February 1993. | ||
| 133 | (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED | ||
| 134 | STANDARD) | ||
| 135 | |||
| 136 | 1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key | ||
| 137 | Certification and Related Services. B. Kaliski. February 1993. | ||
| 138 | (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) | ||
| 139 | |||
| 140 | 2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October | ||
| 141 | 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD) | ||
| 142 | |||
| 143 | 2510 Internet X.509 Public Key Infrastructure Certificate Management | ||
| 144 | Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178 | ||
| 145 | bytes) (Status: PROPOSED STANDARD) | ||
| 146 | |||
| 147 | 2511 Internet X.509 Certificate Request Message Format. M. Myers, C. | ||
| 148 | Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes) | ||
| 149 | (Status: PROPOSED STANDARD) | ||
| 150 | |||
| 151 | 2527 Internet X.509 Public Key Infrastructure Certificate Policy and | ||
| 152 | Certification Practices Framework. S. Chokhani, W. Ford. March 1999. | ||
| 153 | (Format: TXT=91860 bytes) (Status: INFORMATIONAL) | ||
| 154 | |||
| 155 | 2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake | ||
| 156 | 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status: | ||
| 157 | PROPOSED STANDARD) | ||
| 158 | |||
| 159 | 2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS). | ||
| 160 | D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status: | ||
| 161 | PROPOSED STANDARD) | ||
| 162 | |||
| 163 | 2559 Internet X.509 Public Key Infrastructure Operational Protocols - | ||
| 164 | LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format: | ||
| 165 | TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD) | ||
| 166 | |||
| 167 | 2585 Internet X.509 Public Key Infrastructure Operational Protocols: | ||
| 168 | FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813 | ||
| 169 | bytes) (Status: PROPOSED STANDARD) | ||
| 170 | |||
| 171 | 2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S. | ||
| 172 | Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes) | ||
| 173 | (Status: PROPOSED STANDARD) | ||
| 174 | |||
| 175 | 2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. | ||
| 176 | (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD) | ||
| 177 | |||
| 178 | 2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. | ||
| 179 | (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD) | ||
| 180 | |||
| 181 | 2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June | ||
| 182 | 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD) | ||
| 183 | |||
| 184 | 2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October | ||
| 185 | 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL) | ||
| 186 | |||
| 187 | 2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace. | ||
| 188 | February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status: | ||
| 189 | EXPERIMENTAL) | ||
| 190 | |||
| 191 | 2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J. | ||
| 192 | Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status: | ||
| 193 | PROPOSED STANDARD) | ||
| 194 | |||
| 195 | 2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May | ||
| 196 | 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED | ||
| 197 | STANDARD) | ||
| 198 | |||
| 199 | 2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes) | ||
| 200 | (Status: INFORMATIONAL) | ||
| 201 | |||
| 202 | 2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July | ||
| 203 | 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL) | ||
| 204 | |||
| 205 | 2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. | ||
| 206 | October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD) | ||
| 207 | |||
| 208 | 2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0. | ||
| 209 | M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes) | ||
| 210 | (Status: INFORMATIONAL) | ||
| 211 | |||
| 212 | 3029 Internet X.509 Public Key Infrastructure Data Validation and | ||
| 213 | Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev, | ||
| 214 | R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status: | ||
| 215 | EXPERIMENTAL) | ||
| 216 | |||
| 217 | 3039 Internet X.509 Public Key Infrastructure Qualified Certificates | ||
| 218 | Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001. | ||
| 219 | (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD) | ||
| 220 | |||
| 221 | 3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P. | ||
| 222 | Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes) | ||
| 223 | (Status: INFORMATIONAL) | ||
| 224 | |||
| 225 | 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol | ||
| 226 | (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001. | ||
| 227 | (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD) | ||
| 228 | |||
| 229 | 3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner. | ||
| 230 | October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD) | ||
| 231 | |||
| 232 | 3207 SMTP Service Extension for Secure SMTP over Transport Layer | ||
| 233 | Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes) | ||
| 234 | (Obsoletes RFC2487) (Status: PROPOSED STANDARD) | ||
| 235 | |||
| 236 | 3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001. | ||
| 237 | (Format: TXT=19855 bytes) (Status: INFORMATIONAL) | ||
| 238 | |||
| 239 | 3274 Compressed Data Content Type for Cryptographic Message Syntax | ||
| 240 | (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status: | ||
| 241 | PROPOSED STANDARD) | ||
| 242 | |||
| 243 | 3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in | ||
| 244 | Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P. | ||
| 245 | Lambert. April 2002. (Format: TXT=33779 bytes) (Status: | ||
| 246 | INFORMATIONAL) | ||
| 247 | |||
| 248 | 3281 An Internet Attribute Certificate Profile for Authorization. S. | ||
| 249 | Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status: | ||
| 250 | PROPOSED STANDARD) | ||
| 251 | |||
| 252 | 3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002. | ||
| 253 | (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status: | ||
| 254 | PROPOSED STANDARD) | ||
| 255 | |||
| 256 | 3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August | ||
| 257 | 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status: | ||
| 258 | PROPOSED STANDARD) | ||
| 259 | |||
| 260 | 3377 Lightweight Directory Access Protocol (v3): Technical | ||
| 261 | Specification. J. Hodges, R. Morgan. September 2002. (Format: | ||
| 262 | TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255, | ||
| 263 | RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD) | ||
| 264 | |||
| 265 | 3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad, | ||
| 266 | R. Housley. September 2002. (Format: TXT=73072 bytes) (Status: | ||
| 267 | INFORMATIONAL) | ||
| 268 | |||
| 269 | 3436 Transport Layer Security over Stream Control Transmission | ||
| 270 | Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. | ||
| 271 | (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) | ||
| 272 | |||
| 273 | 3657 Use of the Camellia Encryption Algorithm in Cryptographic | ||
| 274 | Message Syntax (CMS). S. Moriai, A. Kato. January 2004. | ||
| 275 | (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) | ||
| 276 | |||
| 277 | "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt> | ||
| 278 | |||
| 279 | |||
| 280 | To be implemented: | ||
| 281 | ------------------ | ||
| 282 | |||
| 283 | These are documents that describe things that are planed to be | ||
| 284 | implemented in the hopefully short future. | ||
| 285 | |||
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h deleted file mode 100644 index 1d65dc5821..0000000000 --- a/src/lib/libssl/dtls1.h +++ /dev/null | |||
| @@ -1,246 +0,0 @@ | |||
| 1 | /* $OpenBSD: dtls1.h,v 1.17 2015/02/09 10:53:28 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@OpenSSL.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | |||
| 60 | #ifndef HEADER_DTLS1_H | ||
| 61 | #define HEADER_DTLS1_H | ||
| 62 | |||
| 63 | #include <sys/time.h> | ||
| 64 | |||
| 65 | #include <stdio.h> | ||
| 66 | #include <stdlib.h> | ||
| 67 | #include <string.h> | ||
| 68 | |||
| 69 | #include <openssl/buffer.h> | ||
| 70 | |||
| 71 | #ifdef __cplusplus | ||
| 72 | extern "C" { | ||
| 73 | #endif | ||
| 74 | |||
| 75 | #define DTLS1_VERSION 0xFEFF | ||
| 76 | #define DTLS1_BAD_VER 0x0100 | ||
| 77 | |||
| 78 | /* lengths of messages */ | ||
| 79 | #define DTLS1_COOKIE_LENGTH 256 | ||
| 80 | |||
| 81 | #define DTLS1_RT_HEADER_LENGTH 13 | ||
| 82 | |||
| 83 | #define DTLS1_HM_HEADER_LENGTH 12 | ||
| 84 | |||
| 85 | #define DTLS1_HM_BAD_FRAGMENT -2 | ||
| 86 | #define DTLS1_HM_FRAGMENT_RETRY -3 | ||
| 87 | |||
| 88 | #define DTLS1_CCS_HEADER_LENGTH 1 | ||
| 89 | |||
| 90 | #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE | ||
| 91 | #define DTLS1_AL_HEADER_LENGTH 7 | ||
| 92 | #else | ||
| 93 | #define DTLS1_AL_HEADER_LENGTH 2 | ||
| 94 | #endif | ||
| 95 | |||
| 96 | #ifndef OPENSSL_NO_SSL_INTERN | ||
| 97 | |||
| 98 | |||
| 99 | typedef struct dtls1_bitmap_st { | ||
| 100 | unsigned long map; /* track 32 packets on 32-bit systems | ||
| 101 | and 64 - on 64-bit systems */ | ||
| 102 | unsigned char max_seq_num[8]; /* max record number seen so far, | ||
| 103 | 64-bit value in big-endian | ||
| 104 | encoding */ | ||
| 105 | } DTLS1_BITMAP; | ||
| 106 | |||
| 107 | struct dtls1_retransmit_state { | ||
| 108 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | ||
| 109 | EVP_MD_CTX *write_hash; /* used for mac generation */ | ||
| 110 | SSL_SESSION *session; | ||
| 111 | unsigned short epoch; | ||
| 112 | }; | ||
| 113 | |||
| 114 | struct hm_header_st { | ||
| 115 | unsigned char type; | ||
| 116 | unsigned long msg_len; | ||
| 117 | unsigned short seq; | ||
| 118 | unsigned long frag_off; | ||
| 119 | unsigned long frag_len; | ||
| 120 | unsigned int is_ccs; | ||
| 121 | struct dtls1_retransmit_state saved_retransmit_state; | ||
| 122 | }; | ||
| 123 | |||
| 124 | struct ccs_header_st { | ||
| 125 | unsigned char type; | ||
| 126 | unsigned short seq; | ||
| 127 | }; | ||
| 128 | |||
| 129 | struct dtls1_timeout_st { | ||
| 130 | /* Number of read timeouts so far */ | ||
| 131 | unsigned int read_timeouts; | ||
| 132 | |||
| 133 | /* Number of write timeouts so far */ | ||
| 134 | unsigned int write_timeouts; | ||
| 135 | |||
| 136 | /* Number of alerts received so far */ | ||
| 137 | unsigned int num_alerts; | ||
| 138 | }; | ||
| 139 | |||
| 140 | struct _pqueue; | ||
| 141 | |||
| 142 | typedef struct record_pqueue_st { | ||
| 143 | unsigned short epoch; | ||
| 144 | struct _pqueue *q; | ||
| 145 | } record_pqueue; | ||
| 146 | |||
| 147 | typedef struct hm_fragment_st { | ||
| 148 | struct hm_header_st msg_header; | ||
| 149 | unsigned char *fragment; | ||
| 150 | unsigned char *reassembly; | ||
| 151 | } hm_fragment; | ||
| 152 | |||
| 153 | typedef struct dtls1_state_st { | ||
| 154 | unsigned int send_cookie; | ||
| 155 | unsigned char cookie[DTLS1_COOKIE_LENGTH]; | ||
| 156 | unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; | ||
| 157 | unsigned int cookie_len; | ||
| 158 | |||
| 159 | /* | ||
| 160 | * The current data and handshake epoch. This is initially | ||
| 161 | * undefined, and starts at zero once the initial handshake is | ||
| 162 | * completed | ||
| 163 | */ | ||
| 164 | unsigned short r_epoch; | ||
| 165 | unsigned short w_epoch; | ||
| 166 | |||
| 167 | /* records being received in the current epoch */ | ||
| 168 | DTLS1_BITMAP bitmap; | ||
| 169 | |||
| 170 | /* renegotiation starts a new set of sequence numbers */ | ||
| 171 | DTLS1_BITMAP next_bitmap; | ||
| 172 | |||
| 173 | /* handshake message numbers */ | ||
| 174 | unsigned short handshake_write_seq; | ||
| 175 | unsigned short next_handshake_write_seq; | ||
| 176 | |||
| 177 | unsigned short handshake_read_seq; | ||
| 178 | |||
| 179 | /* save last sequence number for retransmissions */ | ||
| 180 | unsigned char last_write_sequence[8]; | ||
| 181 | |||
| 182 | /* Received handshake records (processed and unprocessed) */ | ||
| 183 | record_pqueue unprocessed_rcds; | ||
| 184 | record_pqueue processed_rcds; | ||
| 185 | |||
| 186 | /* Buffered handshake messages */ | ||
| 187 | struct _pqueue *buffered_messages; | ||
| 188 | |||
| 189 | /* Buffered (sent) handshake records */ | ||
| 190 | struct _pqueue *sent_messages; | ||
| 191 | |||
| 192 | /* Buffered application records. | ||
| 193 | * Only for records between CCS and Finished | ||
| 194 | * to prevent either protocol violation or | ||
| 195 | * unnecessary message loss. | ||
| 196 | */ | ||
| 197 | record_pqueue buffered_app_data; | ||
| 198 | |||
| 199 | /* Is set when listening for new connections with dtls1_listen() */ | ||
| 200 | unsigned int listen; | ||
| 201 | |||
| 202 | unsigned int mtu; /* max DTLS packet size */ | ||
| 203 | |||
| 204 | struct hm_header_st w_msg_hdr; | ||
| 205 | struct hm_header_st r_msg_hdr; | ||
| 206 | |||
| 207 | struct dtls1_timeout_st timeout; | ||
| 208 | |||
| 209 | /* Indicates when the last handshake msg or heartbeat sent will timeout */ | ||
| 210 | struct timeval next_timeout; | ||
| 211 | |||
| 212 | /* Timeout duration */ | ||
| 213 | unsigned short timeout_duration; | ||
| 214 | |||
| 215 | /* storage for Alert/Handshake protocol data received but not | ||
| 216 | * yet processed by ssl3_read_bytes: */ | ||
| 217 | unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; | ||
| 218 | unsigned int alert_fragment_len; | ||
| 219 | unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; | ||
| 220 | unsigned int handshake_fragment_len; | ||
| 221 | |||
| 222 | unsigned int retransmitting; | ||
| 223 | unsigned int change_cipher_spec_ok; | ||
| 224 | |||
| 225 | |||
| 226 | } DTLS1_STATE; | ||
| 227 | |||
| 228 | typedef struct dtls1_record_data_st { | ||
| 229 | unsigned char *packet; | ||
| 230 | unsigned int packet_length; | ||
| 231 | SSL3_BUFFER rbuf; | ||
| 232 | SSL3_RECORD rrec; | ||
| 233 | } DTLS1_RECORD_DATA; | ||
| 234 | |||
| 235 | #endif | ||
| 236 | |||
| 237 | /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ | ||
| 238 | #define DTLS1_TMO_READ_COUNT 2 | ||
| 239 | #define DTLS1_TMO_WRITE_COUNT 2 | ||
| 240 | |||
| 241 | #define DTLS1_TMO_ALERT_COUNT 12 | ||
| 242 | |||
| 243 | #ifdef __cplusplus | ||
| 244 | } | ||
| 245 | #endif | ||
| 246 | #endif | ||
diff --git a/src/lib/libssl/pqueue.c b/src/lib/libssl/pqueue.c deleted file mode 100644 index 602969deb0..0000000000 --- a/src/lib/libssl/pqueue.c +++ /dev/null | |||
| @@ -1,201 +0,0 @@ | |||
| 1 | /* $OpenBSD: pqueue.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */ | ||
| 2 | /* | ||
| 3 | * DTLS implementation written by Nagendra Modadugu | ||
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 5 | */ | ||
| 6 | /* ==================================================================== | ||
| 7 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in | ||
| 18 | * the documentation and/or other materials provided with the | ||
| 19 | * distribution. | ||
| 20 | * | ||
| 21 | * 3. All advertising materials mentioning features or use of this | ||
| 22 | * software must display the following acknowledgment: | ||
| 23 | * "This product includes software developed by the OpenSSL Project | ||
| 24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 25 | * | ||
| 26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 27 | * endorse or promote products derived from this software without | ||
| 28 | * prior written permission. For written permission, please contact | ||
| 29 | * openssl-core@OpenSSL.org. | ||
| 30 | * | ||
| 31 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 32 | * nor may "OpenSSL" appear in their names without prior written | ||
| 33 | * permission of the OpenSSL Project. | ||
| 34 | * | ||
| 35 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 36 | * acknowledgment: | ||
| 37 | * "This product includes software developed by the OpenSSL Project | ||
| 38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 39 | * | ||
| 40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 52 | * ==================================================================== | ||
| 53 | * | ||
| 54 | * This product includes cryptographic software written by Eric Young | ||
| 55 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 56 | * Hudson (tjh@cryptsoft.com). | ||
| 57 | * | ||
| 58 | */ | ||
| 59 | |||
| 60 | #include <stdlib.h> | ||
| 61 | #include <string.h> | ||
| 62 | |||
| 63 | #include "pqueue.h" | ||
| 64 | |||
| 65 | typedef struct _pqueue { | ||
| 66 | pitem *items; | ||
| 67 | int count; | ||
| 68 | } pqueue_s; | ||
| 69 | |||
| 70 | pitem * | ||
| 71 | pitem_new(unsigned char *prio64be, void *data) | ||
| 72 | { | ||
| 73 | pitem *item = malloc(sizeof(pitem)); | ||
| 74 | |||
| 75 | if (item == NULL) | ||
| 76 | return NULL; | ||
| 77 | |||
| 78 | memcpy(item->priority, prio64be, sizeof(item->priority)); | ||
| 79 | |||
| 80 | item->data = data; | ||
| 81 | item->next = NULL; | ||
| 82 | |||
| 83 | return item; | ||
| 84 | } | ||
| 85 | |||
| 86 | void | ||
| 87 | pitem_free(pitem *item) | ||
| 88 | { | ||
| 89 | free(item); | ||
| 90 | } | ||
| 91 | |||
| 92 | pqueue_s * | ||
| 93 | pqueue_new(void) | ||
| 94 | { | ||
| 95 | return calloc(1, sizeof(pqueue_s)); | ||
| 96 | } | ||
| 97 | |||
| 98 | void | ||
| 99 | pqueue_free(pqueue_s *pq) | ||
| 100 | { | ||
| 101 | free(pq); | ||
| 102 | } | ||
| 103 | |||
| 104 | pitem * | ||
| 105 | pqueue_insert(pqueue_s *pq, pitem *item) | ||
| 106 | { | ||
| 107 | pitem *curr, *next; | ||
| 108 | |||
| 109 | if (pq->items == NULL) { | ||
| 110 | pq->items = item; | ||
| 111 | return item; | ||
| 112 | } | ||
| 113 | |||
| 114 | for (curr = NULL, next = pq->items; next != NULL; | ||
| 115 | curr = next, next = next->next) { | ||
| 116 | /* we can compare 64-bit value in big-endian encoding | ||
| 117 | * with memcmp:-) */ | ||
| 118 | int cmp = memcmp(next->priority, item->priority, | ||
| 119 | sizeof(item->priority)); | ||
| 120 | if (cmp > 0) { /* next > item */ | ||
| 121 | item->next = next; | ||
| 122 | |||
| 123 | if (curr == NULL) | ||
| 124 | pq->items = item; | ||
| 125 | else | ||
| 126 | curr->next = item; | ||
| 127 | |||
| 128 | return item; | ||
| 129 | } else if (cmp == 0) /* duplicates not allowed */ | ||
| 130 | return NULL; | ||
| 131 | } | ||
| 132 | |||
| 133 | item->next = NULL; | ||
| 134 | curr->next = item; | ||
| 135 | |||
| 136 | return item; | ||
| 137 | } | ||
| 138 | |||
| 139 | pitem * | ||
| 140 | pqueue_peek(pqueue_s *pq) | ||
| 141 | { | ||
| 142 | return pq->items; | ||
| 143 | } | ||
| 144 | |||
| 145 | pitem * | ||
| 146 | pqueue_pop(pqueue_s *pq) | ||
| 147 | { | ||
| 148 | pitem *item = pq->items; | ||
| 149 | |||
| 150 | if (pq->items != NULL) | ||
| 151 | pq->items = pq->items->next; | ||
| 152 | |||
| 153 | return item; | ||
| 154 | } | ||
| 155 | |||
| 156 | pitem * | ||
| 157 | pqueue_find(pqueue_s *pq, unsigned char *prio64be) | ||
| 158 | { | ||
| 159 | pitem *next; | ||
| 160 | |||
| 161 | for (next = pq->items; next != NULL; next = next->next) | ||
| 162 | if (memcmp(next->priority, prio64be, | ||
| 163 | sizeof(next->priority)) == 0) | ||
| 164 | return next; | ||
| 165 | |||
| 166 | return NULL; | ||
| 167 | } | ||
| 168 | |||
| 169 | pitem * | ||
| 170 | pqueue_iterator(pqueue_s *pq) | ||
| 171 | { | ||
| 172 | return pqueue_peek(pq); | ||
| 173 | } | ||
| 174 | |||
| 175 | pitem * | ||
| 176 | pqueue_next(pitem **item) | ||
| 177 | { | ||
| 178 | pitem *ret; | ||
| 179 | |||
| 180 | if (item == NULL || *item == NULL) | ||
| 181 | return NULL; | ||
| 182 | |||
| 183 | /* *item != NULL */ | ||
| 184 | ret = *item; | ||
| 185 | *item = (*item)->next; | ||
| 186 | |||
| 187 | return ret; | ||
| 188 | } | ||
| 189 | |||
| 190 | int | ||
| 191 | pqueue_size(pqueue_s *pq) | ||
| 192 | { | ||
| 193 | pitem *item = pq->items; | ||
| 194 | int count = 0; | ||
| 195 | |||
| 196 | while (item != NULL) { | ||
| 197 | count++; | ||
| 198 | item = item->next; | ||
| 199 | } | ||
| 200 | return count; | ||
| 201 | } | ||
diff --git a/src/lib/libssl/pqueue.h b/src/lib/libssl/pqueue.h deleted file mode 100644 index 0d7ddc04e2..0000000000 --- a/src/lib/libssl/pqueue.h +++ /dev/null | |||
| @@ -1,89 +0,0 @@ | |||
| 1 | /* $OpenBSD: pqueue.h,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */ | ||
| 2 | |||
| 3 | /* | ||
| 4 | * DTLS implementation written by Nagendra Modadugu | ||
| 5 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | ||
| 6 | */ | ||
| 7 | /* ==================================================================== | ||
| 8 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | ||
| 9 | * | ||
| 10 | * Redistribution and use in source and binary forms, with or without | ||
| 11 | * modification, are permitted provided that the following conditions | ||
| 12 | * are met: | ||
| 13 | * | ||
| 14 | * 1. Redistributions of source code must retain the above copyright | ||
| 15 | * notice, this list of conditions and the following disclaimer. | ||
| 16 | * | ||
| 17 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 18 | * notice, this list of conditions and the following disclaimer in | ||
| 19 | * the documentation and/or other materials provided with the | ||
| 20 | * distribution. | ||
| 21 | * | ||
| 22 | * 3. All advertising materials mentioning features or use of this | ||
| 23 | * software must display the following acknowledgment: | ||
| 24 | * "This product includes software developed by the OpenSSL Project | ||
| 25 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 26 | * | ||
| 27 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 28 | * endorse or promote products derived from this software without | ||
| 29 | * prior written permission. For written permission, please contact | ||
| 30 | * openssl-core@OpenSSL.org. | ||
| 31 | * | ||
| 32 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 33 | * nor may "OpenSSL" appear in their names without prior written | ||
| 34 | * permission of the OpenSSL Project. | ||
| 35 | * | ||
| 36 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 37 | * acknowledgment: | ||
| 38 | * "This product includes software developed by the OpenSSL Project | ||
| 39 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 42 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 44 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 45 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 46 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 47 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 48 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 49 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 50 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 51 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 52 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 53 | * ==================================================================== | ||
| 54 | * | ||
| 55 | * This product includes cryptographic software written by Eric Young | ||
| 56 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 57 | * Hudson (tjh@cryptsoft.com). | ||
| 58 | * | ||
| 59 | */ | ||
| 60 | |||
| 61 | #ifndef HEADER_PQUEUE_H | ||
| 62 | #define HEADER_PQUEUE_H | ||
| 63 | |||
| 64 | typedef struct _pqueue *pqueue; | ||
| 65 | |||
| 66 | typedef struct _pitem { | ||
| 67 | unsigned char priority[8]; /* 64-bit value in big-endian encoding */ | ||
| 68 | void *data; | ||
| 69 | struct _pitem *next; | ||
| 70 | } pitem; | ||
| 71 | |||
| 72 | typedef struct _pitem *piterator; | ||
| 73 | |||
| 74 | pitem *pitem_new(unsigned char *prio64be, void *data); | ||
| 75 | void pitem_free(pitem *item); | ||
| 76 | |||
| 77 | pqueue pqueue_new(void); | ||
| 78 | void pqueue_free(pqueue pq); | ||
| 79 | |||
| 80 | pitem *pqueue_insert(pqueue pq, pitem *item); | ||
| 81 | pitem *pqueue_peek(pqueue pq); | ||
| 82 | pitem *pqueue_pop(pqueue pq); | ||
| 83 | pitem *pqueue_find(pqueue pq, unsigned char *prio64be); | ||
| 84 | pitem *pqueue_iterator(pqueue pq); | ||
| 85 | pitem *pqueue_next(piterator *iter); | ||
| 86 | |||
| 87 | int pqueue_size(pqueue pq); | ||
| 88 | |||
| 89 | #endif /* ! HEADER_PQUEUE_H */ | ||
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c deleted file mode 100644 index 4159ae0580..0000000000 --- a/src/lib/libssl/s23_clnt.c +++ /dev/null | |||
| @@ -1,567 +0,0 @@ | |||
| 1 | /* $OpenBSD: s23_clnt.c,v 1.36 2015/02/06 08:30:23 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 112 | #include <stdio.h> | ||
| 113 | |||
| 114 | #include "ssl_locl.h" | ||
| 115 | |||
| 116 | #include <openssl/buffer.h> | ||
| 117 | #include <openssl/evp.h> | ||
| 118 | #include <openssl/objects.h> | ||
| 119 | |||
| 120 | static const SSL_METHOD *ssl23_get_client_method(int ver); | ||
| 121 | static int ssl23_client_hello(SSL *s); | ||
| 122 | static int ssl23_get_server_hello(SSL *s); | ||
| 123 | |||
| 124 | const SSL_METHOD SSLv23_client_method_data = { | ||
| 125 | .version = TLS1_2_VERSION, | ||
| 126 | .ssl_new = tls1_new, | ||
| 127 | .ssl_clear = tls1_clear, | ||
| 128 | .ssl_free = tls1_free, | ||
| 129 | .ssl_accept = ssl_undefined_function, | ||
| 130 | .ssl_connect = ssl23_connect, | ||
| 131 | .ssl_read = ssl23_read, | ||
| 132 | .ssl_peek = ssl23_peek, | ||
| 133 | .ssl_write = ssl23_write, | ||
| 134 | .ssl_shutdown = ssl_undefined_function, | ||
| 135 | .ssl_renegotiate = ssl_undefined_function, | ||
| 136 | .ssl_renegotiate_check = ssl_ok, | ||
| 137 | .ssl_get_message = ssl3_get_message, | ||
| 138 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 139 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 140 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 141 | .ssl_ctrl = ssl3_ctrl, | ||
| 142 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 143 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 144 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 145 | .ssl_pending = ssl_undefined_const_function, | ||
| 146 | .num_ciphers = ssl3_num_ciphers, | ||
| 147 | .get_cipher = ssl3_get_cipher, | ||
| 148 | .get_ssl_method = ssl23_get_client_method, | ||
| 149 | .get_timeout = ssl23_default_timeout, | ||
| 150 | .ssl3_enc = &ssl3_undef_enc_method, | ||
| 151 | .ssl_version = ssl_undefined_void_function, | ||
| 152 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 153 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 154 | }; | ||
| 155 | |||
| 156 | const SSL_METHOD * | ||
| 157 | SSLv23_client_method(void) | ||
| 158 | { | ||
| 159 | return &SSLv23_client_method_data; | ||
| 160 | } | ||
| 161 | |||
| 162 | static const SSL_METHOD * | ||
| 163 | ssl23_get_client_method(int ver) | ||
| 164 | { | ||
| 165 | if (ver == SSL3_VERSION) | ||
| 166 | return (SSLv3_client_method()); | ||
| 167 | if (ver == TLS1_VERSION) | ||
| 168 | return (TLSv1_client_method()); | ||
| 169 | if (ver == TLS1_1_VERSION) | ||
| 170 | return (TLSv1_1_client_method()); | ||
| 171 | if (ver == TLS1_2_VERSION) | ||
| 172 | return (TLSv1_2_client_method()); | ||
| 173 | return (NULL); | ||
| 174 | } | ||
| 175 | |||
| 176 | int | ||
| 177 | ssl23_connect(SSL *s) | ||
| 178 | { | ||
| 179 | BUF_MEM *buf = NULL; | ||
| 180 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 181 | int ret = -1; | ||
| 182 | int new_state, state; | ||
| 183 | |||
| 184 | ERR_clear_error(); | ||
| 185 | errno = 0; | ||
| 186 | |||
| 187 | if (s->info_callback != NULL) | ||
| 188 | cb = s->info_callback; | ||
| 189 | else if (s->ctx->info_callback != NULL) | ||
| 190 | cb = s->ctx->info_callback; | ||
| 191 | |||
| 192 | s->in_handshake++; | ||
| 193 | if (!SSL_in_init(s) || SSL_in_before(s)) | ||
| 194 | SSL_clear(s); | ||
| 195 | |||
| 196 | for (;;) { | ||
| 197 | state = s->state; | ||
| 198 | |||
| 199 | switch (s->state) { | ||
| 200 | case SSL_ST_BEFORE: | ||
| 201 | case SSL_ST_CONNECT: | ||
| 202 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 203 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 204 | |||
| 205 | if (s->session != NULL) { | ||
| 206 | SSLerr(SSL_F_SSL23_CONNECT, SSL_R_SSL23_DOING_SESSION_ID_REUSE); | ||
| 207 | ret = -1; | ||
| 208 | goto end; | ||
| 209 | } | ||
| 210 | s->server = 0; | ||
| 211 | if (cb != NULL) | ||
| 212 | cb(s, SSL_CB_HANDSHAKE_START, 1); | ||
| 213 | |||
| 214 | /* s->version=TLS1_VERSION; */ | ||
| 215 | s->type = SSL_ST_CONNECT; | ||
| 216 | |||
| 217 | if (s->init_buf == NULL) { | ||
| 218 | if ((buf = BUF_MEM_new()) == NULL) { | ||
| 219 | ret = -1; | ||
| 220 | goto end; | ||
| 221 | } | ||
| 222 | if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { | ||
| 223 | ret = -1; | ||
| 224 | goto end; | ||
| 225 | } | ||
| 226 | s->init_buf = buf; | ||
| 227 | buf = NULL; | ||
| 228 | } | ||
| 229 | |||
| 230 | if (!ssl3_setup_buffers(s)) { | ||
| 231 | ret = -1; | ||
| 232 | goto end; | ||
| 233 | } | ||
| 234 | |||
| 235 | if (!ssl3_init_finished_mac(s)) { | ||
| 236 | ret = -1; | ||
| 237 | goto end; | ||
| 238 | } | ||
| 239 | |||
| 240 | s->state = SSL23_ST_CW_CLNT_HELLO_A; | ||
| 241 | s->ctx->stats.sess_connect++; | ||
| 242 | s->init_num = 0; | ||
| 243 | break; | ||
| 244 | |||
| 245 | case SSL23_ST_CW_CLNT_HELLO_A: | ||
| 246 | case SSL23_ST_CW_CLNT_HELLO_B: | ||
| 247 | |||
| 248 | s->shutdown = 0; | ||
| 249 | ret = ssl23_client_hello(s); | ||
| 250 | if (ret <= 0) | ||
| 251 | goto end; | ||
| 252 | s->state = SSL23_ST_CR_SRVR_HELLO_A; | ||
| 253 | s->init_num = 0; | ||
| 254 | |||
| 255 | break; | ||
| 256 | |||
| 257 | case SSL23_ST_CR_SRVR_HELLO_A: | ||
| 258 | case SSL23_ST_CR_SRVR_HELLO_B: | ||
| 259 | ret = ssl23_get_server_hello(s); | ||
| 260 | if (ret >= 0) | ||
| 261 | cb = NULL; | ||
| 262 | goto end; | ||
| 263 | /* break; */ | ||
| 264 | |||
| 265 | default: | ||
| 266 | SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE); | ||
| 267 | ret = -1; | ||
| 268 | goto end; | ||
| 269 | /* break; */ | ||
| 270 | } | ||
| 271 | |||
| 272 | if (s->debug) { | ||
| 273 | (void)BIO_flush(s->wbio); | ||
| 274 | } | ||
| 275 | |||
| 276 | if ((cb != NULL) && (s->state != state)) { | ||
| 277 | new_state = s->state; | ||
| 278 | s->state = state; | ||
| 279 | cb(s, SSL_CB_CONNECT_LOOP, 1); | ||
| 280 | s->state = new_state; | ||
| 281 | } | ||
| 282 | } | ||
| 283 | end: | ||
| 284 | s->in_handshake--; | ||
| 285 | if (buf != NULL) | ||
| 286 | BUF_MEM_free(buf); | ||
| 287 | if (cb != NULL) | ||
| 288 | cb(s, SSL_CB_CONNECT_EXIT, ret); | ||
| 289 | return (ret); | ||
| 290 | } | ||
| 291 | |||
| 292 | static int | ||
| 293 | ssl23_client_hello(SSL *s) | ||
| 294 | { | ||
| 295 | unsigned char *buf; | ||
| 296 | unsigned char *p, *d; | ||
| 297 | int i; | ||
| 298 | unsigned long l; | ||
| 299 | int version = 0, version_major, version_minor; | ||
| 300 | int ret; | ||
| 301 | unsigned long mask, options = s->options; | ||
| 302 | |||
| 303 | /* | ||
| 304 | * SSL_OP_NO_X disables all protocols above X *if* there are | ||
| 305 | * some protocols below X enabled. This is required in order | ||
| 306 | * to maintain "version capability" vector contiguous. So | ||
| 307 | * that if application wants to disable TLS1.0 in favour of | ||
| 308 | * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the | ||
| 309 | * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. | ||
| 310 | */ | ||
| 311 | mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3; | ||
| 312 | version = TLS1_2_VERSION; | ||
| 313 | |||
| 314 | if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) | ||
| 315 | version = TLS1_1_VERSION; | ||
| 316 | mask &= ~SSL_OP_NO_TLSv1_1; | ||
| 317 | if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) | ||
| 318 | version = TLS1_VERSION; | ||
| 319 | mask &= ~SSL_OP_NO_TLSv1; | ||
| 320 | if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) | ||
| 321 | version = SSL3_VERSION; | ||
| 322 | mask &= ~SSL_OP_NO_SSLv3; | ||
| 323 | |||
| 324 | buf = (unsigned char *)s->init_buf->data; | ||
| 325 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { | ||
| 326 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 327 | |||
| 328 | if (version == TLS1_2_VERSION) { | ||
| 329 | version_major = TLS1_2_VERSION_MAJOR; | ||
| 330 | version_minor = TLS1_2_VERSION_MINOR; | ||
| 331 | } else if (version == TLS1_1_VERSION) { | ||
| 332 | version_major = TLS1_1_VERSION_MAJOR; | ||
| 333 | version_minor = TLS1_1_VERSION_MINOR; | ||
| 334 | } else if (version == TLS1_VERSION) { | ||
| 335 | version_major = TLS1_VERSION_MAJOR; | ||
| 336 | version_minor = TLS1_VERSION_MINOR; | ||
| 337 | } else if (version == SSL3_VERSION) { | ||
| 338 | version_major = SSL3_VERSION_MAJOR; | ||
| 339 | version_minor = SSL3_VERSION_MINOR; | ||
| 340 | } else { | ||
| 341 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); | ||
| 342 | return (-1); | ||
| 343 | } | ||
| 344 | |||
| 345 | s->client_version = version; | ||
| 346 | |||
| 347 | /* create Client Hello in SSL 3.0/TLS 1.0 format */ | ||
| 348 | |||
| 349 | /* | ||
| 350 | * Do the record header (5 bytes) and handshake | ||
| 351 | * message header (4 bytes) last | ||
| 352 | */ | ||
| 353 | d = p = &(buf[9]); | ||
| 354 | |||
| 355 | *(p++) = version_major; | ||
| 356 | *(p++) = version_minor; | ||
| 357 | |||
| 358 | /* Random stuff */ | ||
| 359 | memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 360 | p += SSL3_RANDOM_SIZE; | ||
| 361 | |||
| 362 | /* Session ID (zero since there is no reuse) */ | ||
| 363 | *(p++) = 0; | ||
| 364 | |||
| 365 | /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ | ||
| 366 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); | ||
| 367 | if (i == 0) { | ||
| 368 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 369 | SSL_R_NO_CIPHERS_AVAILABLE); | ||
| 370 | return -1; | ||
| 371 | } | ||
| 372 | #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH | ||
| 373 | /* | ||
| 374 | * Some servers hang if client hello > 256 bytes | ||
| 375 | * as hack workaround chop number of supported ciphers | ||
| 376 | * to keep it well below this if we use TLS v1.2 | ||
| 377 | */ | ||
| 378 | if (TLS1_get_version(s) >= TLS1_2_VERSION && | ||
| 379 | i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) | ||
| 380 | i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; | ||
| 381 | #endif | ||
| 382 | s2n(i, p); | ||
| 383 | p += i; | ||
| 384 | |||
| 385 | /* add in (no) COMPRESSION */ | ||
| 386 | *(p++) = 1; | ||
| 387 | /* Add the NULL method */ | ||
| 388 | *(p++) = 0; | ||
| 389 | |||
| 390 | /* TLS extensions*/ | ||
| 391 | if (ssl_prepare_clienthello_tlsext(s) <= 0) { | ||
| 392 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, | ||
| 393 | SSL_R_CLIENTHELLO_TLSEXT); | ||
| 394 | return -1; | ||
| 395 | } | ||
| 396 | if ((p = ssl_add_clienthello_tlsext(s, p, | ||
| 397 | buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { | ||
| 398 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 399 | return -1; | ||
| 400 | } | ||
| 401 | |||
| 402 | l = p - d; | ||
| 403 | |||
| 404 | /* fill in 4-byte handshake header */ | ||
| 405 | d = &(buf[5]); | ||
| 406 | *(d++) = SSL3_MT_CLIENT_HELLO; | ||
| 407 | l2n3(l, d); | ||
| 408 | |||
| 409 | l += 4; | ||
| 410 | |||
| 411 | if (l > SSL3_RT_MAX_PLAIN_LENGTH) { | ||
| 412 | SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); | ||
| 413 | return -1; | ||
| 414 | } | ||
| 415 | |||
| 416 | /* fill in 5-byte record header */ | ||
| 417 | d = buf; | ||
| 418 | *(d++) = SSL3_RT_HANDSHAKE; | ||
| 419 | *(d++) = version_major; | ||
| 420 | |||
| 421 | /* | ||
| 422 | * Some servers hang if we use long client hellos | ||
| 423 | * and a record number > TLS 1.0. | ||
| 424 | */ | ||
| 425 | if (TLS1_get_client_version(s) > TLS1_VERSION) | ||
| 426 | *(d++) = 1; | ||
| 427 | else | ||
| 428 | *(d++) = version_minor; | ||
| 429 | s2n((int)l, d); | ||
| 430 | |||
| 431 | /* number of bytes to write */ | ||
| 432 | s->init_num = p - buf; | ||
| 433 | s->init_off = 0; | ||
| 434 | |||
| 435 | ssl3_finish_mac(s, &(buf[5]), s->init_num - 5); | ||
| 436 | |||
| 437 | s->state = SSL23_ST_CW_CLNT_HELLO_B; | ||
| 438 | s->init_off = 0; | ||
| 439 | } | ||
| 440 | |||
| 441 | /* SSL3_ST_CW_CLNT_HELLO_B */ | ||
| 442 | ret = ssl23_write_bytes(s); | ||
| 443 | |||
| 444 | if ((ret >= 2) && s->msg_callback) { | ||
| 445 | /* Client Hello has been sent; tell msg_callback */ | ||
| 446 | |||
| 447 | s->msg_callback(1, version, SSL3_RT_HANDSHAKE, | ||
| 448 | s->init_buf->data + 5, ret - 5, s, s->msg_callback_arg); | ||
| 449 | } | ||
| 450 | |||
| 451 | return ret; | ||
| 452 | } | ||
| 453 | |||
| 454 | static int | ||
| 455 | ssl23_get_server_hello(SSL *s) | ||
| 456 | { | ||
| 457 | char buf[8]; | ||
| 458 | unsigned char *p; | ||
| 459 | int i; | ||
| 460 | int n; | ||
| 461 | |||
| 462 | n = ssl23_read_bytes(s, 7); | ||
| 463 | |||
| 464 | if (n != 7) | ||
| 465 | return (n); | ||
| 466 | p = s->packet; | ||
| 467 | |||
| 468 | memcpy(buf, p, n); | ||
| 469 | |||
| 470 | /* Old unsupported sslv2 handshake */ | ||
| 471 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && | ||
| 472 | (p[5] == 0x00) && (p[6] == 0x02)) { | ||
| 473 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 474 | SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 475 | goto err; | ||
| 476 | } | ||
| 477 | |||
| 478 | if (p[1] == SSL3_VERSION_MAJOR && | ||
| 479 | p[2] <= TLS1_2_VERSION_MINOR && | ||
| 480 | ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || | ||
| 481 | (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { | ||
| 482 | /* we have sslv3 or tls1 (server hello or alert) */ | ||
| 483 | |||
| 484 | if ((p[2] == SSL3_VERSION_MINOR) && | ||
| 485 | !(s->options & SSL_OP_NO_SSLv3)) { | ||
| 486 | s->version = SSL3_VERSION; | ||
| 487 | s->method = SSLv3_client_method(); | ||
| 488 | } else if ((p[2] == TLS1_VERSION_MINOR) && | ||
| 489 | !(s->options & SSL_OP_NO_TLSv1)) { | ||
| 490 | s->version = TLS1_VERSION; | ||
| 491 | s->method = TLSv1_client_method(); | ||
| 492 | } else if ((p[2] == TLS1_1_VERSION_MINOR) && | ||
| 493 | !(s->options & SSL_OP_NO_TLSv1_1)) { | ||
| 494 | s->version = TLS1_1_VERSION; | ||
| 495 | s->method = TLSv1_1_client_method(); | ||
| 496 | } else if ((p[2] == TLS1_2_VERSION_MINOR) && | ||
| 497 | !(s->options & SSL_OP_NO_TLSv1_2)) { | ||
| 498 | s->version = TLS1_2_VERSION; | ||
| 499 | s->method = TLSv1_2_client_method(); | ||
| 500 | } else { | ||
| 501 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 502 | SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 503 | goto err; | ||
| 504 | } | ||
| 505 | |||
| 506 | if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { | ||
| 507 | /* fatal alert */ | ||
| 508 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 509 | int j; | ||
| 510 | |||
| 511 | if (s->info_callback != NULL) | ||
| 512 | cb = s->info_callback; | ||
| 513 | else if (s->ctx->info_callback != NULL) | ||
| 514 | cb = s->ctx->info_callback; | ||
| 515 | |||
| 516 | i = p[5]; | ||
| 517 | if (cb != NULL) { | ||
| 518 | j = (i << 8) | p[6]; | ||
| 519 | cb(s, SSL_CB_READ_ALERT, j); | ||
| 520 | } | ||
| 521 | |||
| 522 | if (s->msg_callback) | ||
| 523 | s->msg_callback(0, s->version, SSL3_RT_ALERT, | ||
| 524 | p + 5, 2, s, s->msg_callback_arg); | ||
| 525 | |||
| 526 | s->rwstate = SSL_NOTHING; | ||
| 527 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, | ||
| 528 | SSL_AD_REASON_OFFSET + p[6]); | ||
| 529 | goto err; | ||
| 530 | } | ||
| 531 | |||
| 532 | if (!ssl_init_wbio_buffer(s, 1)) | ||
| 533 | goto err; | ||
| 534 | |||
| 535 | /* we are in this state */ | ||
| 536 | s->state = SSL3_ST_CR_SRVR_HELLO_A; | ||
| 537 | |||
| 538 | /* put the 7 bytes we have read into the input buffer | ||
| 539 | * for SSLv3 */ | ||
| 540 | s->rstate = SSL_ST_READ_HEADER; | ||
| 541 | s->packet_length = n; | ||
| 542 | if (s->s3->rbuf.buf == NULL) | ||
| 543 | if (!ssl3_setup_read_buffer(s)) | ||
| 544 | goto err; | ||
| 545 | s->packet = &(s->s3->rbuf.buf[0]); | ||
| 546 | memcpy(s->packet, buf, n); | ||
| 547 | s->s3->rbuf.left = n; | ||
| 548 | s->s3->rbuf.offset = 0; | ||
| 549 | |||
| 550 | s->handshake_func = s->method->ssl_connect; | ||
| 551 | } else { | ||
| 552 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL); | ||
| 553 | goto err; | ||
| 554 | } | ||
| 555 | s->init_num = 0; | ||
| 556 | |||
| 557 | /* | ||
| 558 | * Since, if we are sending a ssl23 client hello, we are not | ||
| 559 | * reusing a session-id | ||
| 560 | */ | ||
| 561 | if (!ssl_get_new_session(s, 0)) | ||
| 562 | goto err; | ||
| 563 | |||
| 564 | return (SSL_connect(s)); | ||
| 565 | err: | ||
| 566 | return (-1); | ||
| 567 | } | ||
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c deleted file mode 100644 index cd594aa3c9..0000000000 --- a/src/lib/libssl/s23_lib.c +++ /dev/null | |||
| @@ -1,132 +0,0 @@ | |||
| 1 | /* $OpenBSD: s23_lib.c,v 1.18 2014/11/16 14:12:47 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include <openssl/objects.h> | ||
| 62 | |||
| 63 | #include "ssl_locl.h" | ||
| 64 | |||
| 65 | long | ||
| 66 | ssl23_default_timeout(void) | ||
| 67 | { | ||
| 68 | return (300); | ||
| 69 | } | ||
| 70 | |||
| 71 | int | ||
| 72 | ssl23_read(SSL *s, void *buf, int len) | ||
| 73 | { | ||
| 74 | int n; | ||
| 75 | |||
| 76 | errno = 0; | ||
| 77 | if (SSL_in_init(s) && (!s->in_handshake)) { | ||
| 78 | n = s->handshake_func(s); | ||
| 79 | if (n < 0) | ||
| 80 | return (n); | ||
| 81 | if (n == 0) { | ||
| 82 | SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 83 | return (-1); | ||
| 84 | } | ||
| 85 | return (SSL_read(s, buf, len)); | ||
| 86 | } else { | ||
| 87 | ssl_undefined_function(s); | ||
| 88 | return (-1); | ||
| 89 | } | ||
| 90 | } | ||
| 91 | |||
| 92 | int | ||
| 93 | ssl23_peek(SSL *s, void *buf, int len) | ||
| 94 | { | ||
| 95 | int n; | ||
| 96 | |||
| 97 | errno = 0; | ||
| 98 | if (SSL_in_init(s) && (!s->in_handshake)) { | ||
| 99 | n = s->handshake_func(s); | ||
| 100 | if (n < 0) | ||
| 101 | return (n); | ||
| 102 | if (n == 0) { | ||
| 103 | SSLerr(SSL_F_SSL23_PEEK, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 104 | return (-1); | ||
| 105 | } | ||
| 106 | return (SSL_peek(s, buf, len)); | ||
| 107 | } else { | ||
| 108 | ssl_undefined_function(s); | ||
| 109 | return (-1); | ||
| 110 | } | ||
| 111 | } | ||
| 112 | |||
| 113 | int | ||
| 114 | ssl23_write(SSL *s, const void *buf, int len) | ||
| 115 | { | ||
| 116 | int n; | ||
| 117 | |||
| 118 | errno = 0; | ||
| 119 | if (SSL_in_init(s) && (!s->in_handshake)) { | ||
| 120 | n = s->handshake_func(s); | ||
| 121 | if (n < 0) | ||
| 122 | return (n); | ||
| 123 | if (n == 0) { | ||
| 124 | SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 125 | return (-1); | ||
| 126 | } | ||
| 127 | return (SSL_write(s, buf, len)); | ||
| 128 | } else { | ||
| 129 | ssl_undefined_function(s); | ||
| 130 | return (-1); | ||
| 131 | } | ||
| 132 | } | ||
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c deleted file mode 100644 index 2081f48f08..0000000000 --- a/src/lib/libssl/s23_pkt.c +++ /dev/null | |||
| @@ -1,116 +0,0 @@ | |||
| 1 | /* $OpenBSD: s23_pkt.c,v 1.9 2014/11/16 14:12:47 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <errno.h> | ||
| 60 | #include <stdio.h> | ||
| 61 | |||
| 62 | #include "ssl_locl.h" | ||
| 63 | |||
| 64 | #include <openssl/buffer.h> | ||
| 65 | #include <openssl/evp.h> | ||
| 66 | |||
| 67 | int | ||
| 68 | ssl23_write_bytes(SSL *s) | ||
| 69 | { | ||
| 70 | int i, num, tot; | ||
| 71 | char *buf; | ||
| 72 | |||
| 73 | buf = s->init_buf->data; | ||
| 74 | tot = s->init_off; | ||
| 75 | num = s->init_num; | ||
| 76 | for (;;) { | ||
| 77 | s->rwstate = SSL_WRITING; | ||
| 78 | i = BIO_write(s->wbio, &(buf[tot]), num); | ||
| 79 | if (i <= 0) { | ||
| 80 | s->init_off = tot; | ||
| 81 | s->init_num = num; | ||
| 82 | return (i); | ||
| 83 | } | ||
| 84 | s->rwstate = SSL_NOTHING; | ||
| 85 | if (i == num) | ||
| 86 | return (tot + i); | ||
| 87 | |||
| 88 | num -= i; | ||
| 89 | tot += i; | ||
| 90 | } | ||
| 91 | } | ||
| 92 | |||
| 93 | /* return regularly only when we have read (at least) 'n' bytes */ | ||
| 94 | int | ||
| 95 | ssl23_read_bytes(SSL *s, int n) | ||
| 96 | { | ||
| 97 | unsigned char *p; | ||
| 98 | int j; | ||
| 99 | |||
| 100 | if (s->packet_length < (unsigned int)n) { | ||
| 101 | p = s->packet; | ||
| 102 | |||
| 103 | for (;;) { | ||
| 104 | s->rwstate = SSL_READING; | ||
| 105 | j = BIO_read(s->rbio, (char *)&(p[s->packet_length]), | ||
| 106 | n - s->packet_length); | ||
| 107 | if (j <= 0) | ||
| 108 | return (j); | ||
| 109 | s->rwstate = SSL_NOTHING; | ||
| 110 | s->packet_length += j; | ||
| 111 | if (s->packet_length >= (unsigned int)n) | ||
| 112 | return (s->packet_length); | ||
| 113 | } | ||
| 114 | } | ||
| 115 | return (n); | ||
| 116 | } | ||
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c deleted file mode 100644 index 9e0ee453db..0000000000 --- a/src/lib/libssl/s23_srvr.c +++ /dev/null | |||
| @@ -1,580 +0,0 @@ | |||
| 1 | /* $OpenBSD: s23_srvr.c,v 1.38 2015/02/06 08:30:23 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 112 | #include <stdio.h> | ||
| 113 | |||
| 114 | #include "ssl_locl.h" | ||
| 115 | |||
| 116 | #include <openssl/buffer.h> | ||
| 117 | #include <openssl/evp.h> | ||
| 118 | #include <openssl/objects.h> | ||
| 119 | |||
| 120 | static const SSL_METHOD *ssl23_get_server_method(int ver); | ||
| 121 | int ssl23_get_client_hello(SSL *s); | ||
| 122 | |||
| 123 | const SSL_METHOD SSLv23_server_method_data = { | ||
| 124 | .version = TLS1_2_VERSION, | ||
| 125 | .ssl_new = tls1_new, | ||
| 126 | .ssl_clear = tls1_clear, | ||
| 127 | .ssl_free = tls1_free, | ||
| 128 | .ssl_accept = ssl23_accept, | ||
| 129 | .ssl_connect = ssl_undefined_function, | ||
| 130 | .ssl_read = ssl23_read, | ||
| 131 | .ssl_peek = ssl23_peek, | ||
| 132 | .ssl_write = ssl23_write, | ||
| 133 | .ssl_shutdown = ssl_undefined_function, | ||
| 134 | .ssl_renegotiate = ssl_undefined_function, | ||
| 135 | .ssl_renegotiate_check = ssl_ok, | ||
| 136 | .ssl_get_message = ssl3_get_message, | ||
| 137 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 138 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 139 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 140 | .ssl_ctrl = ssl3_ctrl, | ||
| 141 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 142 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 143 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 144 | .ssl_pending = ssl_undefined_const_function, | ||
| 145 | .num_ciphers = ssl3_num_ciphers, | ||
| 146 | .get_cipher = ssl3_get_cipher, | ||
| 147 | .get_ssl_method = ssl23_get_server_method, | ||
| 148 | .get_timeout = ssl23_default_timeout, | ||
| 149 | .ssl3_enc = &ssl3_undef_enc_method, | ||
| 150 | .ssl_version = ssl_undefined_void_function, | ||
| 151 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 152 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 153 | }; | ||
| 154 | |||
| 155 | const SSL_METHOD * | ||
| 156 | SSLv23_server_method(void) | ||
| 157 | { | ||
| 158 | return &SSLv23_server_method_data; | ||
| 159 | } | ||
| 160 | |||
| 161 | static const SSL_METHOD * | ||
| 162 | ssl23_get_server_method(int ver) | ||
| 163 | { | ||
| 164 | if (ver == SSL3_VERSION) | ||
| 165 | return (SSLv3_server_method()); | ||
| 166 | if (ver == TLS1_VERSION) | ||
| 167 | return (TLSv1_server_method()); | ||
| 168 | if (ver == TLS1_1_VERSION) | ||
| 169 | return (TLSv1_1_server_method()); | ||
| 170 | if (ver == TLS1_2_VERSION) | ||
| 171 | return (TLSv1_2_server_method()); | ||
| 172 | return (NULL); | ||
| 173 | } | ||
| 174 | |||
| 175 | int | ||
| 176 | ssl23_accept(SSL *s) | ||
| 177 | { | ||
| 178 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 179 | int ret = -1; | ||
| 180 | int new_state, state; | ||
| 181 | |||
| 182 | ERR_clear_error(); | ||
| 183 | errno = 0; | ||
| 184 | |||
| 185 | if (s->info_callback != NULL) | ||
| 186 | cb = s->info_callback; | ||
| 187 | else if (s->ctx->info_callback != NULL) | ||
| 188 | cb = s->ctx->info_callback; | ||
| 189 | |||
| 190 | s->in_handshake++; | ||
| 191 | if (!SSL_in_init(s) || SSL_in_before(s)) | ||
| 192 | SSL_clear(s); | ||
| 193 | |||
| 194 | for (;;) { | ||
| 195 | state = s->state; | ||
| 196 | |||
| 197 | switch (s->state) { | ||
| 198 | case SSL_ST_BEFORE: | ||
| 199 | case SSL_ST_ACCEPT: | ||
| 200 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 201 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 202 | |||
| 203 | s->server = 1; | ||
| 204 | if (cb != NULL) | ||
| 205 | cb(s, SSL_CB_HANDSHAKE_START, 1); | ||
| 206 | |||
| 207 | /* s->version=SSL3_VERSION; */ | ||
| 208 | s->type = SSL_ST_ACCEPT; | ||
| 209 | |||
| 210 | if (s->init_buf == NULL) { | ||
| 211 | BUF_MEM *buf; | ||
| 212 | if ((buf = BUF_MEM_new()) == NULL) { | ||
| 213 | ret = -1; | ||
| 214 | goto end; | ||
| 215 | } | ||
| 216 | if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { | ||
| 217 | BUF_MEM_free(buf); | ||
| 218 | ret = -1; | ||
| 219 | goto end; | ||
| 220 | } | ||
| 221 | s->init_buf = buf; | ||
| 222 | } | ||
| 223 | |||
| 224 | if (!ssl3_init_finished_mac(s)) { | ||
| 225 | ret = -1; | ||
| 226 | goto end; | ||
| 227 | } | ||
| 228 | |||
| 229 | s->state = SSL23_ST_SR_CLNT_HELLO_A; | ||
| 230 | s->ctx->stats.sess_accept++; | ||
| 231 | s->init_num = 0; | ||
| 232 | break; | ||
| 233 | |||
| 234 | case SSL23_ST_SR_CLNT_HELLO_A: | ||
| 235 | case SSL23_ST_SR_CLNT_HELLO_B: | ||
| 236 | |||
| 237 | s->shutdown = 0; | ||
| 238 | ret = ssl23_get_client_hello(s); | ||
| 239 | if (ret >= 0) | ||
| 240 | cb = NULL; | ||
| 241 | goto end; | ||
| 242 | /* break; */ | ||
| 243 | |||
| 244 | default: | ||
| 245 | SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE); | ||
| 246 | ret = -1; | ||
| 247 | goto end; | ||
| 248 | /* break; */ | ||
| 249 | } | ||
| 250 | |||
| 251 | if ((cb != NULL) && (s->state != state)) { | ||
| 252 | new_state = s->state; | ||
| 253 | s->state = state; | ||
| 254 | cb(s, SSL_CB_ACCEPT_LOOP, 1); | ||
| 255 | s->state = new_state; | ||
| 256 | } | ||
| 257 | } | ||
| 258 | end: | ||
| 259 | s->in_handshake--; | ||
| 260 | if (cb != NULL) | ||
| 261 | cb(s, SSL_CB_ACCEPT_EXIT, ret); | ||
| 262 | return (ret); | ||
| 263 | } | ||
| 264 | |||
| 265 | |||
| 266 | int | ||
| 267 | ssl23_get_client_hello(SSL *s) | ||
| 268 | { | ||
| 269 | char buf[11]; | ||
| 270 | /* | ||
| 271 | * sizeof(buf) == 11, because we'll need to request this many bytes in | ||
| 272 | * the initial read. | ||
| 273 | * We can detect SSL 3.0/TLS 1.0 Client Hellos ('type == 3') correctly | ||
| 274 | * only when the following is in a single record, which is not | ||
| 275 | * guaranteed by the protocol specification: | ||
| 276 | * Byte Content | ||
| 277 | * 0 type \ | ||
| 278 | * 1/2 version > record header | ||
| 279 | * 3/4 length / | ||
| 280 | * 5 msg_type \ | ||
| 281 | * 6-8 length > Client Hello message | ||
| 282 | * 9/10 client_version / | ||
| 283 | */ | ||
| 284 | unsigned char *p, *d, *d_len, *dd; | ||
| 285 | unsigned int i; | ||
| 286 | unsigned int csl, sil, cl; | ||
| 287 | int n = 0, j; | ||
| 288 | int type = 0; | ||
| 289 | int v[2]; | ||
| 290 | |||
| 291 | if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { | ||
| 292 | /* read the initial header */ | ||
| 293 | v[0] = v[1] = 0; | ||
| 294 | |||
| 295 | if (!ssl3_setup_buffers(s)) | ||
| 296 | return -1; | ||
| 297 | |||
| 298 | n = ssl23_read_bytes(s, sizeof buf); | ||
| 299 | if (n != sizeof buf) | ||
| 300 | return(n); | ||
| 301 | |||
| 302 | p = s->packet; | ||
| 303 | |||
| 304 | memcpy(buf, p, n); | ||
| 305 | |||
| 306 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { | ||
| 307 | /* | ||
| 308 | * SSLv2 header | ||
| 309 | */ | ||
| 310 | if ((p[3] == 0x00) && (p[4] == 0x02)) { | ||
| 311 | v[0] = p[3]; | ||
| 312 | v[1] = p[4]; | ||
| 313 | /* SSLv2 */ | ||
| 314 | if (!(s->options & SSL_OP_NO_SSLv2)) | ||
| 315 | type = 1; | ||
| 316 | } else if (p[3] == SSL3_VERSION_MAJOR) { | ||
| 317 | v[0] = p[3]; | ||
| 318 | v[1] = p[4]; | ||
| 319 | /* SSLv3/TLSv1 */ | ||
| 320 | if (p[4] >= TLS1_VERSION_MINOR) { | ||
| 321 | if (p[4] >= TLS1_2_VERSION_MINOR && | ||
| 322 | !(s->options & SSL_OP_NO_TLSv1_2)) { | ||
| 323 | s->version = TLS1_2_VERSION; | ||
| 324 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | ||
| 325 | } else if (p[4] >= TLS1_1_VERSION_MINOR && | ||
| 326 | !(s->options & SSL_OP_NO_TLSv1_1)) { | ||
| 327 | s->version = TLS1_1_VERSION; | ||
| 328 | /* type=2; */ /* done later to survive restarts */ | ||
| 329 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | ||
| 330 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | ||
| 331 | s->version = TLS1_VERSION; | ||
| 332 | /* type=2; */ /* done later to survive restarts */ | ||
| 333 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | ||
| 334 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | ||
| 335 | s->version = SSL3_VERSION; | ||
| 336 | /* type=2; */ | ||
| 337 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | ||
| 338 | } else if (!(s->options & SSL_OP_NO_SSLv2)) { | ||
| 339 | type = 1; | ||
| 340 | } | ||
| 341 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | ||
| 342 | s->version = SSL3_VERSION; | ||
| 343 | /* type=2; */ | ||
| 344 | s->state = SSL23_ST_SR_CLNT_HELLO_B; | ||
| 345 | } else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
| 346 | type = 1; | ||
| 347 | |||
| 348 | } | ||
| 349 | } else if ((p[0] == SSL3_RT_HANDSHAKE) && | ||
| 350 | (p[1] == SSL3_VERSION_MAJOR) && | ||
| 351 | (p[5] == SSL3_MT_CLIENT_HELLO) && | ||
| 352 | ((p[3] == 0 && p[4] < 5 /* silly record length? */) || | ||
| 353 | (p[9] >= p[1]))) { | ||
| 354 | /* | ||
| 355 | * SSLv3 or tls1 header | ||
| 356 | */ | ||
| 357 | |||
| 358 | v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */ | ||
| 359 | /* We must look at client_version inside the Client Hello message | ||
| 360 | * to get the correct minor version. | ||
| 361 | * However if we have only a pathologically small fragment of the | ||
| 362 | * Client Hello message, this would be difficult, and we'd have | ||
| 363 | * to read more records to find out. | ||
| 364 | * No known SSL 3.0 client fragments ClientHello like this, | ||
| 365 | * so we simply reject such connections to avoid | ||
| 366 | * protocol version downgrade attacks. */ | ||
| 367 | if (p[3] == 0 && p[4] < 6) { | ||
| 368 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | ||
| 369 | SSL_R_RECORD_TOO_SMALL); | ||
| 370 | return -1; | ||
| 371 | } | ||
| 372 | /* if major version number > 3 set minor to a value | ||
| 373 | * which will use the highest version 3 we support. | ||
| 374 | * If TLS 2.0 ever appears we will need to revise | ||
| 375 | * this.... | ||
| 376 | */ | ||
| 377 | if (p[9] > SSL3_VERSION_MAJOR) | ||
| 378 | v[1] = 0xff; | ||
| 379 | else | ||
| 380 | v[1] = p[10]; /* minor version according to client_version */ | ||
| 381 | if (v[1] >= TLS1_VERSION_MINOR) { | ||
| 382 | if (v[1] >= TLS1_2_VERSION_MINOR && | ||
| 383 | !(s->options & SSL_OP_NO_TLSv1_2)) { | ||
| 384 | s->version = TLS1_2_VERSION; | ||
| 385 | type = 3; | ||
| 386 | } else if (v[1] >= TLS1_1_VERSION_MINOR && | ||
| 387 | !(s->options & SSL_OP_NO_TLSv1_1)) { | ||
| 388 | s->version = TLS1_1_VERSION; | ||
| 389 | type = 3; | ||
| 390 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | ||
| 391 | s->version = TLS1_VERSION; | ||
| 392 | type = 3; | ||
| 393 | } else if (!(s->options & SSL_OP_NO_SSLv3)) { | ||
| 394 | s->version = SSL3_VERSION; | ||
| 395 | type = 3; | ||
| 396 | } | ||
| 397 | } else { | ||
| 398 | /* client requests SSL 3.0 */ | ||
| 399 | if (!(s->options & SSL_OP_NO_SSLv3)) { | ||
| 400 | s->version = SSL3_VERSION; | ||
| 401 | type = 3; | ||
| 402 | } else if (!(s->options & SSL_OP_NO_TLSv1)) { | ||
| 403 | /* we won't be able to use TLS of course, | ||
| 404 | * but this will send an appropriate alert */ | ||
| 405 | s->version = TLS1_VERSION; | ||
| 406 | type = 3; | ||
| 407 | } | ||
| 408 | } | ||
| 409 | } | ||
| 410 | else if ((strncmp("GET ", (char *)p, 4) == 0) || | ||
| 411 | (strncmp("POST ",(char *)p, 5) == 0) || | ||
| 412 | (strncmp("HEAD ",(char *)p, 5) == 0) || | ||
| 413 | (strncmp("PUT ", (char *)p, 4) == 0)) { | ||
| 414 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST); | ||
| 415 | return -1; | ||
| 416 | } else if (strncmp("CONNECT", (char *)p, 7) == 0) { | ||
| 417 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST); | ||
| 418 | return -1; | ||
| 419 | } | ||
| 420 | } | ||
| 421 | |||
| 422 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { | ||
| 423 | /* we have SSLv3/TLSv1 in an SSLv2 header | ||
| 424 | * (other cases skip this state) */ | ||
| 425 | |||
| 426 | type = 2; | ||
| 427 | p = s->packet; | ||
| 428 | v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ | ||
| 429 | v[1] = p[4]; | ||
| 430 | |||
| 431 | /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 | ||
| 432 | * header is sent directly on the wire, not wrapped as a TLS | ||
| 433 | * record. It's format is: | ||
| 434 | * Byte Content | ||
| 435 | * 0-1 msg_length | ||
| 436 | * 2 msg_type | ||
| 437 | * 3-4 version | ||
| 438 | * 5-6 cipher_spec_length | ||
| 439 | * 7-8 session_id_length | ||
| 440 | * 9-10 challenge_length | ||
| 441 | * ... ... | ||
| 442 | */ | ||
| 443 | n = ((p[0] & 0x7f) << 8) | p[1]; | ||
| 444 | if (n > (1024 * 4)) { | ||
| 445 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE); | ||
| 446 | return -1; | ||
| 447 | } | ||
| 448 | if (n < 9) { | ||
| 449 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | ||
| 450 | SSL_R_RECORD_LENGTH_MISMATCH); | ||
| 451 | return -1; | ||
| 452 | } | ||
| 453 | |||
| 454 | j = ssl23_read_bytes(s, n + 2); | ||
| 455 | if (j != n + 2) | ||
| 456 | return -1; | ||
| 457 | |||
| 458 | ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2); | ||
| 459 | if (s->msg_callback) | ||
| 460 | s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2, | ||
| 461 | s->packet_length - 2, s, s->msg_callback_arg); | ||
| 462 | |||
| 463 | p = s->packet; | ||
| 464 | p += 5; | ||
| 465 | n2s(p, csl); | ||
| 466 | n2s(p, sil); | ||
| 467 | n2s(p, cl); | ||
| 468 | d = (unsigned char *)s->init_buf->data; | ||
| 469 | if ((csl + sil + cl + 11) != s->packet_length) { | ||
| 470 | /* | ||
| 471 | * We can't have TLS extensions in SSL 2.0 format | ||
| 472 | * Client Hello, can we ? Error condition should be | ||
| 473 | * '>' otherwise | ||
| 474 | */ | ||
| 475 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, | ||
| 476 | SSL_R_RECORD_LENGTH_MISMATCH); | ||
| 477 | return -1; | ||
| 478 | } | ||
| 479 | |||
| 480 | /* record header: msg_type ... */ | ||
| 481 | *(d++) = SSL3_MT_CLIENT_HELLO; | ||
| 482 | /* ... and length (actual value will be written later) */ | ||
| 483 | d_len = d; | ||
| 484 | d += 3; | ||
| 485 | |||
| 486 | /* client_version */ | ||
| 487 | *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ | ||
| 488 | *(d++) = v[1]; | ||
| 489 | |||
| 490 | /* lets populate the random area */ | ||
| 491 | /* get the challenge_length */ | ||
| 492 | i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl; | ||
| 493 | memset(d, 0, SSL3_RANDOM_SIZE); | ||
| 494 | memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i); | ||
| 495 | d += SSL3_RANDOM_SIZE; | ||
| 496 | |||
| 497 | /* no session-id reuse */ | ||
| 498 | *(d++) = 0; | ||
| 499 | |||
| 500 | /* ciphers */ | ||
| 501 | j = 0; | ||
| 502 | dd = d; | ||
| 503 | d += 2; | ||
| 504 | for (i = 0; i < csl; i += 3) { | ||
| 505 | if (p[i] != 0) | ||
| 506 | continue; | ||
| 507 | *(d++) = p[i + 1]; | ||
| 508 | *(d++) = p[i + 2]; | ||
| 509 | j += 2; | ||
| 510 | } | ||
| 511 | s2n(j, dd); | ||
| 512 | |||
| 513 | /* add in (no) COMPRESSION */ | ||
| 514 | *(d++) = 1; | ||
| 515 | *(d++) = 0; | ||
| 516 | |||
| 517 | i = (d - (unsigned char *)s->init_buf->data) - 4; | ||
| 518 | l2n3((long)i, d_len); | ||
| 519 | |||
| 520 | /* get the data reused from the init_buf */ | ||
| 521 | s->s3->tmp.reuse_message = 1; | ||
| 522 | s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO; | ||
| 523 | s->s3->tmp.message_size = i; | ||
| 524 | } | ||
| 525 | |||
| 526 | /* imaginary new state (for program structure): */ | ||
| 527 | /* s->state = SSL23_SR_CLNT_HELLO_C */ | ||
| 528 | |||
| 529 | if (type == 1) { | ||
| 530 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 531 | return -1; | ||
| 532 | } | ||
| 533 | |||
| 534 | if ((type == 2) || (type == 3)) { | ||
| 535 | /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ | ||
| 536 | |||
| 537 | if (!ssl_init_wbio_buffer(s, 1)) | ||
| 538 | return -1; | ||
| 539 | |||
| 540 | /* we are in this state */ | ||
| 541 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | ||
| 542 | |||
| 543 | if (type == 3) { | ||
| 544 | /* put the 'n' bytes we have read into the input buffer | ||
| 545 | * for SSLv3 */ | ||
| 546 | s->rstate = SSL_ST_READ_HEADER; | ||
| 547 | s->packet_length = n; | ||
| 548 | if (s->s3->rbuf.buf == NULL) | ||
| 549 | if (!ssl3_setup_read_buffer(s)) | ||
| 550 | return -1; | ||
| 551 | |||
| 552 | s->packet = &(s->s3->rbuf.buf[0]); | ||
| 553 | memcpy(s->packet, buf, n); | ||
| 554 | s->s3->rbuf.left = n; | ||
| 555 | s->s3->rbuf.offset = 0; | ||
| 556 | } else { | ||
| 557 | s->packet_length = 0; | ||
| 558 | s->s3->rbuf.left = 0; | ||
| 559 | s->s3->rbuf.offset = 0; | ||
| 560 | } | ||
| 561 | if (s->version == TLS1_2_VERSION) | ||
| 562 | s->method = TLSv1_2_server_method(); | ||
| 563 | else if (s->version == TLS1_1_VERSION) | ||
| 564 | s->method = TLSv1_1_server_method(); | ||
| 565 | else if (s->version == TLS1_VERSION) | ||
| 566 | s->method = TLSv1_server_method(); | ||
| 567 | else | ||
| 568 | s->method = SSLv3_server_method(); | ||
| 569 | s->handshake_func = s->method->ssl_accept; | ||
| 570 | } | ||
| 571 | |||
| 572 | if ((type < 1) || (type > 3)) { | ||
| 573 | /* bad, very bad */ | ||
| 574 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); | ||
| 575 | return -1; | ||
| 576 | } | ||
| 577 | s->init_num = 0; | ||
| 578 | |||
| 579 | return (SSL_accept(s)); | ||
| 580 | } | ||
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c deleted file mode 100644 index a2ce9e9fa3..0000000000 --- a/src/lib/libssl/s3_both.c +++ /dev/null | |||
| @@ -1,702 +0,0 @@ | |||
| 1 | /* $OpenBSD: s3_both.c,v 1.37 2014/12/14 21:49:29 bcook Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | |||
| 117 | #include <limits.h> | ||
| 118 | #include <stdio.h> | ||
| 119 | #include <string.h> | ||
| 120 | |||
| 121 | #include "ssl_locl.h" | ||
| 122 | |||
| 123 | #include <openssl/buffer.h> | ||
| 124 | #include <openssl/evp.h> | ||
| 125 | #include <openssl/objects.h> | ||
| 126 | #include <openssl/x509.h> | ||
| 127 | |||
| 128 | /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ | ||
| 129 | int | ||
| 130 | ssl3_do_write(SSL *s, int type) | ||
| 131 | { | ||
| 132 | int ret; | ||
| 133 | |||
| 134 | ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], | ||
| 135 | s->init_num); | ||
| 136 | if (ret < 0) | ||
| 137 | return (-1); | ||
| 138 | if (type == SSL3_RT_HANDSHAKE) | ||
| 139 | /* should not be done for 'Hello Request's, but in that case | ||
| 140 | * we'll ignore the result anyway */ | ||
| 141 | ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off], ret); | ||
| 142 | |||
| 143 | if (ret == s->init_num) { | ||
| 144 | if (s->msg_callback) | ||
| 145 | s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); | ||
| 146 | return (1); | ||
| 147 | } | ||
| 148 | s->init_off += ret; | ||
| 149 | s->init_num -= ret; | ||
| 150 | return (0); | ||
| 151 | } | ||
| 152 | |||
| 153 | int | ||
| 154 | ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) | ||
| 155 | { | ||
| 156 | unsigned char *p, *d; | ||
| 157 | unsigned long l; | ||
| 158 | int md_len; | ||
| 159 | |||
| 160 | if (s->state == a) { | ||
| 161 | d = (unsigned char *)s->init_buf->data; | ||
| 162 | p = &(d[4]); | ||
| 163 | |||
| 164 | md_len = s->method->ssl3_enc->finish_mac_length; | ||
| 165 | if (s->method->ssl3_enc->final_finish_mac(s, sender, slen, | ||
| 166 | s->s3->tmp.finish_md) != md_len) | ||
| 167 | return (0); | ||
| 168 | s->s3->tmp.finish_md_len = md_len; | ||
| 169 | memcpy(p, s->s3->tmp.finish_md, md_len); | ||
| 170 | p += md_len; | ||
| 171 | l = md_len; | ||
| 172 | |||
| 173 | /* Copy finished so we can use it for renegotiation checks. */ | ||
| 174 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | ||
| 175 | if (s->type == SSL_ST_CONNECT) { | ||
| 176 | memcpy(s->s3->previous_client_finished, | ||
| 177 | s->s3->tmp.finish_md, md_len); | ||
| 178 | s->s3->previous_client_finished_len = md_len; | ||
| 179 | } else { | ||
| 180 | memcpy(s->s3->previous_server_finished, | ||
| 181 | s->s3->tmp.finish_md, md_len); | ||
| 182 | s->s3->previous_server_finished_len = md_len; | ||
| 183 | } | ||
| 184 | |||
| 185 | *(d++) = SSL3_MT_FINISHED; | ||
| 186 | l2n3(l, d); | ||
| 187 | s->init_num = (int)l + 4; | ||
| 188 | s->init_off = 0; | ||
| 189 | |||
| 190 | s->state = b; | ||
| 191 | } | ||
| 192 | |||
| 193 | /* SSL3_ST_SEND_xxxxxx_HELLO_B */ | ||
| 194 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 195 | } | ||
| 196 | |||
| 197 | /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ | ||
| 198 | static void | ||
| 199 | ssl3_take_mac(SSL *s) | ||
| 200 | { | ||
| 201 | const char *sender; | ||
| 202 | int slen; | ||
| 203 | /* If no new cipher setup return immediately: other functions will | ||
| 204 | * set the appropriate error. | ||
| 205 | */ | ||
| 206 | if (s->s3->tmp.new_cipher == NULL) | ||
| 207 | return; | ||
| 208 | if (s->state & SSL_ST_CONNECT) { | ||
| 209 | sender = s->method->ssl3_enc->server_finished_label; | ||
| 210 | slen = s->method->ssl3_enc->server_finished_label_len; | ||
| 211 | } else { | ||
| 212 | sender = s->method->ssl3_enc->client_finished_label; | ||
| 213 | slen = s->method->ssl3_enc->client_finished_label_len; | ||
| 214 | } | ||
| 215 | |||
| 216 | s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | ||
| 217 | sender, slen, s->s3->tmp.peer_finish_md); | ||
| 218 | } | ||
| 219 | |||
| 220 | int | ||
| 221 | ssl3_get_finished(SSL *s, int a, int b) | ||
| 222 | { | ||
| 223 | int al, ok, md_len; | ||
| 224 | long n; | ||
| 225 | unsigned char *p; | ||
| 226 | |||
| 227 | |||
| 228 | n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, | ||
| 229 | 64, /* should actually be 36+4 :-) */ &ok); | ||
| 230 | |||
| 231 | if (!ok) | ||
| 232 | return ((int)n); | ||
| 233 | |||
| 234 | /* If this occurs, we have missed a message */ | ||
| 235 | if (!s->s3->change_cipher_spec) { | ||
| 236 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 237 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS); | ||
| 238 | goto f_err; | ||
| 239 | } | ||
| 240 | s->s3->change_cipher_spec = 0; | ||
| 241 | |||
| 242 | md_len = s->method->ssl3_enc->finish_mac_length; | ||
| 243 | p = (unsigned char *)s->init_msg; | ||
| 244 | |||
| 245 | if (s->s3->tmp.peer_finish_md_len != md_len || n != md_len) { | ||
| 246 | al = SSL_AD_DECODE_ERROR; | ||
| 247 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH); | ||
| 248 | goto f_err; | ||
| 249 | } | ||
| 250 | |||
| 251 | if (timingsafe_memcmp(p, s->s3->tmp.peer_finish_md, md_len) != 0) { | ||
| 252 | al = SSL_AD_DECRYPT_ERROR; | ||
| 253 | SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED); | ||
| 254 | goto f_err; | ||
| 255 | } | ||
| 256 | |||
| 257 | /* Copy finished so we can use it for renegotiation checks. */ | ||
| 258 | OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE); | ||
| 259 | if (s->type == SSL_ST_ACCEPT) { | ||
| 260 | memcpy(s->s3->previous_client_finished, | ||
| 261 | s->s3->tmp.peer_finish_md, md_len); | ||
| 262 | s->s3->previous_client_finished_len = md_len; | ||
| 263 | } else { | ||
| 264 | memcpy(s->s3->previous_server_finished, | ||
| 265 | s->s3->tmp.peer_finish_md, md_len); | ||
| 266 | s->s3->previous_server_finished_len = md_len; | ||
| 267 | } | ||
| 268 | |||
| 269 | return (1); | ||
| 270 | f_err: | ||
| 271 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 272 | return (0); | ||
| 273 | } | ||
| 274 | |||
| 275 | /* for these 2 messages, we need to | ||
| 276 | * ssl->enc_read_ctx re-init | ||
| 277 | * ssl->s3->read_sequence zero | ||
| 278 | * ssl->s3->read_mac_secret re-init | ||
| 279 | * ssl->session->read_sym_enc assign | ||
| 280 | * ssl->session->read_hash assign | ||
| 281 | */ | ||
| 282 | int | ||
| 283 | ssl3_send_change_cipher_spec(SSL *s, int a, int b) | ||
| 284 | { | ||
| 285 | unsigned char *p; | ||
| 286 | |||
| 287 | if (s->state == a) { | ||
| 288 | p = (unsigned char *)s->init_buf->data; | ||
| 289 | *p = SSL3_MT_CCS; | ||
| 290 | s->init_num = 1; | ||
| 291 | s->init_off = 0; | ||
| 292 | |||
| 293 | s->state = b; | ||
| 294 | } | ||
| 295 | |||
| 296 | /* SSL3_ST_CW_CHANGE_B */ | ||
| 297 | return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC)); | ||
| 298 | } | ||
| 299 | |||
| 300 | static int | ||
| 301 | ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x) | ||
| 302 | { | ||
| 303 | int n; | ||
| 304 | unsigned char *p; | ||
| 305 | |||
| 306 | n = i2d_X509(x, NULL); | ||
| 307 | if (!BUF_MEM_grow_clean(buf, n + (*l) + 3)) { | ||
| 308 | SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB); | ||
| 309 | return (-1); | ||
| 310 | } | ||
| 311 | p = (unsigned char *)&(buf->data[*l]); | ||
| 312 | l2n3(n, p); | ||
| 313 | i2d_X509(x, &p); | ||
| 314 | *l += n + 3; | ||
| 315 | |||
| 316 | return (0); | ||
| 317 | } | ||
| 318 | |||
| 319 | unsigned long | ||
| 320 | ssl3_output_cert_chain(SSL *s, X509 *x) | ||
| 321 | { | ||
| 322 | unsigned char *p; | ||
| 323 | int i; | ||
| 324 | unsigned long l = 7; | ||
| 325 | BUF_MEM *buf; | ||
| 326 | int no_chain; | ||
| 327 | |||
| 328 | if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) | ||
| 329 | no_chain = 1; | ||
| 330 | else | ||
| 331 | no_chain = 0; | ||
| 332 | |||
| 333 | /* TLSv1 sends a chain with nothing in it, instead of an alert */ | ||
| 334 | buf = s->init_buf; | ||
| 335 | if (!BUF_MEM_grow_clean(buf, 10)) { | ||
| 336 | SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB); | ||
| 337 | return (0); | ||
| 338 | } | ||
| 339 | if (x != NULL) { | ||
| 340 | if (no_chain) { | ||
| 341 | if (ssl3_add_cert_to_buf(buf, &l, x)) | ||
| 342 | return (0); | ||
| 343 | } else { | ||
| 344 | X509_STORE_CTX xs_ctx; | ||
| 345 | |||
| 346 | if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) { | ||
| 347 | SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB); | ||
| 348 | return (0); | ||
| 349 | } | ||
| 350 | X509_verify_cert(&xs_ctx); | ||
| 351 | /* Don't leave errors in the queue */ | ||
| 352 | ERR_clear_error(); | ||
| 353 | for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) { | ||
| 354 | x = sk_X509_value(xs_ctx.chain, i); | ||
| 355 | |||
| 356 | if (ssl3_add_cert_to_buf(buf, &l, x)) { | ||
| 357 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
| 358 | return 0; | ||
| 359 | } | ||
| 360 | } | ||
| 361 | X509_STORE_CTX_cleanup(&xs_ctx); | ||
| 362 | } | ||
| 363 | } | ||
| 364 | /* Thawte special :-) */ | ||
| 365 | for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) { | ||
| 366 | x = sk_X509_value(s->ctx->extra_certs, i); | ||
| 367 | if (ssl3_add_cert_to_buf(buf, &l, x)) | ||
| 368 | return (0); | ||
| 369 | } | ||
| 370 | |||
| 371 | l -= 7; | ||
| 372 | p = (unsigned char *)&(buf->data[4]); | ||
| 373 | l2n3(l, p); | ||
| 374 | l += 3; | ||
| 375 | p = (unsigned char *)&(buf->data[0]); | ||
| 376 | *(p++) = SSL3_MT_CERTIFICATE; | ||
| 377 | l2n3(l, p); | ||
| 378 | l += 4; | ||
| 379 | return (l); | ||
| 380 | } | ||
| 381 | |||
| 382 | /* Obtain handshake message of message type 'mt' (any if mt == -1), | ||
| 383 | * maximum acceptable body length 'max'. | ||
| 384 | * The first four bytes (msg_type and length) are read in state 'st1', | ||
| 385 | * the body is read in state 'stn'. | ||
| 386 | */ | ||
| 387 | long | ||
| 388 | ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | ||
| 389 | { | ||
| 390 | unsigned char *p; | ||
| 391 | unsigned long l; | ||
| 392 | long n; | ||
| 393 | int i, al; | ||
| 394 | |||
| 395 | if (s->s3->tmp.reuse_message) { | ||
| 396 | s->s3->tmp.reuse_message = 0; | ||
| 397 | if ((mt >= 0) && (s->s3->tmp.message_type != mt)) { | ||
| 398 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 399 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); | ||
| 400 | goto f_err; | ||
| 401 | } | ||
| 402 | *ok = 1; | ||
| 403 | s->init_msg = s->init_buf->data + 4; | ||
| 404 | s->init_num = (int)s->s3->tmp.message_size; | ||
| 405 | return s->init_num; | ||
| 406 | } | ||
| 407 | |||
| 408 | p = (unsigned char *)s->init_buf->data; | ||
| 409 | |||
| 410 | if (s->state == st1) /* s->init_num < 4 */ | ||
| 411 | { | ||
| 412 | int skip_message; | ||
| 413 | |||
| 414 | do { | ||
| 415 | while (s->init_num < 4) { | ||
| 416 | i = s->method->ssl_read_bytes(s, | ||
| 417 | SSL3_RT_HANDSHAKE, &p[s->init_num], | ||
| 418 | 4 - s->init_num, 0); | ||
| 419 | if (i <= 0) { | ||
| 420 | s->rwstate = SSL_READING; | ||
| 421 | *ok = 0; | ||
| 422 | return i; | ||
| 423 | } | ||
| 424 | s->init_num += i; | ||
| 425 | } | ||
| 426 | |||
| 427 | skip_message = 0; | ||
| 428 | if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) { | ||
| 429 | /* | ||
| 430 | * The server may always send 'Hello Request' | ||
| 431 | * messages -- we are doing a handshake anyway | ||
| 432 | * now, so ignore them if their format is | ||
| 433 | * correct. Does not count for 'Finished' MAC. | ||
| 434 | */ | ||
| 435 | if (p[1] == 0 && p[2] == 0 &&p[3] == 0) { | ||
| 436 | s->init_num = 0; | ||
| 437 | skip_message = 1; | ||
| 438 | |||
| 439 | if (s->msg_callback) | ||
| 440 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); | ||
| 441 | } | ||
| 442 | } | ||
| 443 | } | ||
| 444 | while (skip_message); | ||
| 445 | |||
| 446 | /* s->init_num == 4 */ | ||
| 447 | |||
| 448 | if ((mt >= 0) && (*p != mt)) { | ||
| 449 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 450 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); | ||
| 451 | goto f_err; | ||
| 452 | } | ||
| 453 | if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && | ||
| 454 | (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) { | ||
| 455 | /* At this point we have got an MS SGC second client | ||
| 456 | * hello (maybe we should always allow the client to | ||
| 457 | * start a new handshake?). We need to restart the mac. | ||
| 458 | * Don't increment {num,total}_renegotiations because | ||
| 459 | * we have not completed the handshake. */ | ||
| 460 | if (!ssl3_init_finished_mac(s)) { | ||
| 461 | SSLerr(SSL_F_SSL3_GET_MESSAGE, | ||
| 462 | ERR_R_MALLOC_FAILURE); | ||
| 463 | goto err; | ||
| 464 | } | ||
| 465 | } | ||
| 466 | |||
| 467 | s->s3->tmp.message_type= *(p++); | ||
| 468 | |||
| 469 | n2l3(p, l); | ||
| 470 | if (l > (unsigned long)max) { | ||
| 471 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 472 | SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
| 473 | goto f_err; | ||
| 474 | } | ||
| 475 | if (l && !BUF_MEM_grow_clean(s->init_buf, l + 4)) { | ||
| 476 | SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); | ||
| 477 | goto err; | ||
| 478 | } | ||
| 479 | s->s3->tmp.message_size = l; | ||
| 480 | s->state = stn; | ||
| 481 | |||
| 482 | s->init_msg = s->init_buf->data + 4; | ||
| 483 | s->init_num = 0; | ||
| 484 | } | ||
| 485 | |||
| 486 | /* next state (stn) */ | ||
| 487 | p = s->init_msg; | ||
| 488 | n = s->s3->tmp.message_size - s->init_num; | ||
| 489 | while (n > 0) { | ||
| 490 | i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, | ||
| 491 | &p[s->init_num], n, 0); | ||
| 492 | if (i <= 0) { | ||
| 493 | s->rwstate = SSL_READING; | ||
| 494 | *ok = 0; | ||
| 495 | return i; | ||
| 496 | } | ||
| 497 | s->init_num += i; | ||
| 498 | n -= i; | ||
| 499 | } | ||
| 500 | |||
| 501 | /* If receiving Finished, record MAC of prior handshake messages for | ||
| 502 | * Finished verification. */ | ||
| 503 | if (*s->init_buf->data == SSL3_MT_FINISHED) | ||
| 504 | ssl3_take_mac(s); | ||
| 505 | |||
| 506 | /* Feed this message into MAC computation. */ | ||
| 507 | ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | ||
| 508 | if (s->msg_callback) | ||
| 509 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); | ||
| 510 | *ok = 1; | ||
| 511 | return s->init_num; | ||
| 512 | f_err: | ||
| 513 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 514 | err: | ||
| 515 | *ok = 0; | ||
| 516 | return (-1); | ||
| 517 | } | ||
| 518 | |||
| 519 | int | ||
| 520 | ssl_cert_type(X509 *x, EVP_PKEY *pkey) | ||
| 521 | { | ||
| 522 | EVP_PKEY *pk; | ||
| 523 | int ret = -1, i; | ||
| 524 | |||
| 525 | if (pkey == NULL) | ||
| 526 | pk = X509_get_pubkey(x); | ||
| 527 | else | ||
| 528 | pk = pkey; | ||
| 529 | if (pk == NULL) | ||
| 530 | goto err; | ||
| 531 | |||
| 532 | i = pk->type; | ||
| 533 | if (i == EVP_PKEY_RSA) { | ||
| 534 | ret = SSL_PKEY_RSA_ENC; | ||
| 535 | } else if (i == EVP_PKEY_DSA) { | ||
| 536 | ret = SSL_PKEY_DSA_SIGN; | ||
| 537 | } | ||
| 538 | else if (i == EVP_PKEY_EC) { | ||
| 539 | ret = SSL_PKEY_ECC; | ||
| 540 | } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) { | ||
| 541 | ret = SSL_PKEY_GOST01; | ||
| 542 | } | ||
| 543 | err: | ||
| 544 | if (!pkey) | ||
| 545 | EVP_PKEY_free(pk); | ||
| 546 | return (ret); | ||
| 547 | } | ||
| 548 | |||
| 549 | int | ||
| 550 | ssl_verify_alarm_type(long type) | ||
| 551 | { | ||
| 552 | int al; | ||
| 553 | |||
| 554 | switch (type) { | ||
| 555 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | ||
| 556 | case X509_V_ERR_UNABLE_TO_GET_CRL: | ||
| 557 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | ||
| 558 | al = SSL_AD_UNKNOWN_CA; | ||
| 559 | break; | ||
| 560 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: | ||
| 561 | case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: | ||
| 562 | case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: | ||
| 563 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | ||
| 564 | case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | ||
| 565 | case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: | ||
| 566 | case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: | ||
| 567 | case X509_V_ERR_CERT_NOT_YET_VALID: | ||
| 568 | case X509_V_ERR_CRL_NOT_YET_VALID: | ||
| 569 | case X509_V_ERR_CERT_UNTRUSTED: | ||
| 570 | case X509_V_ERR_CERT_REJECTED: | ||
| 571 | al = SSL_AD_BAD_CERTIFICATE; | ||
| 572 | break; | ||
| 573 | case X509_V_ERR_CERT_SIGNATURE_FAILURE: | ||
| 574 | case X509_V_ERR_CRL_SIGNATURE_FAILURE: | ||
| 575 | al = SSL_AD_DECRYPT_ERROR; | ||
| 576 | break; | ||
| 577 | case X509_V_ERR_CERT_HAS_EXPIRED: | ||
| 578 | case X509_V_ERR_CRL_HAS_EXPIRED: | ||
| 579 | al = SSL_AD_CERTIFICATE_EXPIRED; | ||
| 580 | break; | ||
| 581 | case X509_V_ERR_CERT_REVOKED: | ||
| 582 | al = SSL_AD_CERTIFICATE_REVOKED; | ||
| 583 | break; | ||
| 584 | case X509_V_ERR_OUT_OF_MEM: | ||
| 585 | al = SSL_AD_INTERNAL_ERROR; | ||
| 586 | break; | ||
| 587 | case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: | ||
| 588 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: | ||
| 589 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: | ||
| 590 | case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: | ||
| 591 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: | ||
| 592 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | ||
| 593 | case X509_V_ERR_INVALID_CA: | ||
| 594 | al = SSL_AD_UNKNOWN_CA; | ||
| 595 | break; | ||
| 596 | case X509_V_ERR_APPLICATION_VERIFICATION: | ||
| 597 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 598 | break; | ||
| 599 | case X509_V_ERR_INVALID_PURPOSE: | ||
| 600 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | ||
| 601 | break; | ||
| 602 | default: | ||
| 603 | al = SSL_AD_CERTIFICATE_UNKNOWN; | ||
| 604 | break; | ||
| 605 | } | ||
| 606 | return (al); | ||
| 607 | } | ||
| 608 | |||
| 609 | int | ||
| 610 | ssl3_setup_read_buffer(SSL *s) | ||
| 611 | { | ||
| 612 | unsigned char *p; | ||
| 613 | size_t len, align, headerlen; | ||
| 614 | |||
| 615 | if (SSL_IS_DTLS(s)) | ||
| 616 | headerlen = DTLS1_RT_HEADER_LENGTH; | ||
| 617 | else | ||
| 618 | headerlen = SSL3_RT_HEADER_LENGTH; | ||
| 619 | |||
| 620 | align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); | ||
| 621 | |||
| 622 | if (s->s3->rbuf.buf == NULL) { | ||
| 623 | len = SSL3_RT_MAX_PLAIN_LENGTH + | ||
| 624 | SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; | ||
| 625 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) { | ||
| 626 | s->s3->init_extra = 1; | ||
| 627 | len += SSL3_RT_MAX_EXTRA; | ||
| 628 | } | ||
| 629 | if ((p = malloc(len)) == NULL) | ||
| 630 | goto err; | ||
| 631 | s->s3->rbuf.buf = p; | ||
| 632 | s->s3->rbuf.len = len; | ||
| 633 | } | ||
| 634 | |||
| 635 | s->packet = &(s->s3->rbuf.buf[0]); | ||
| 636 | return 1; | ||
| 637 | |||
| 638 | err: | ||
| 639 | SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE); | ||
| 640 | return 0; | ||
| 641 | } | ||
| 642 | |||
| 643 | int | ||
| 644 | ssl3_setup_write_buffer(SSL *s) | ||
| 645 | { | ||
| 646 | unsigned char *p; | ||
| 647 | size_t len, align, headerlen; | ||
| 648 | |||
| 649 | if (SSL_IS_DTLS(s)) | ||
| 650 | headerlen = DTLS1_RT_HEADER_LENGTH + 1; | ||
| 651 | else | ||
| 652 | headerlen = SSL3_RT_HEADER_LENGTH; | ||
| 653 | |||
| 654 | align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); | ||
| 655 | |||
| 656 | if (s->s3->wbuf.buf == NULL) { | ||
| 657 | len = s->max_send_fragment + | ||
| 658 | SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; | ||
| 659 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) | ||
| 660 | len += headerlen + align + | ||
| 661 | SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; | ||
| 662 | |||
| 663 | if ((p = malloc(len)) == NULL) | ||
| 664 | goto err; | ||
| 665 | s->s3->wbuf.buf = p; | ||
| 666 | s->s3->wbuf.len = len; | ||
| 667 | } | ||
| 668 | |||
| 669 | return 1; | ||
| 670 | |||
| 671 | err: | ||
| 672 | SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE); | ||
| 673 | return 0; | ||
| 674 | } | ||
| 675 | |||
| 676 | |||
| 677 | int | ||
| 678 | ssl3_setup_buffers(SSL *s) | ||
| 679 | { | ||
| 680 | if (!ssl3_setup_read_buffer(s)) | ||
| 681 | return 0; | ||
| 682 | if (!ssl3_setup_write_buffer(s)) | ||
| 683 | return 0; | ||
| 684 | return 1; | ||
| 685 | } | ||
| 686 | |||
| 687 | int | ||
| 688 | ssl3_release_write_buffer(SSL *s) | ||
| 689 | { | ||
| 690 | free(s->s3->wbuf.buf); | ||
| 691 | s->s3->wbuf.buf = NULL; | ||
| 692 | return 1; | ||
| 693 | } | ||
| 694 | |||
| 695 | int | ||
| 696 | ssl3_release_read_buffer(SSL *s) | ||
| 697 | { | ||
| 698 | free(s->s3->rbuf.buf); | ||
| 699 | s->s3->rbuf.buf = NULL; | ||
| 700 | return 1; | ||
| 701 | } | ||
| 702 | |||
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c deleted file mode 100644 index fd4781b64c..0000000000 --- a/src/lib/libssl/s3_cbc.c +++ /dev/null | |||
| @@ -1,704 +0,0 @@ | |||
| 1 | /* $OpenBSD: s3_cbc.c,v 1.9 2014/12/15 00:46:53 doug Exp $ */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 2012 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@openssl.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | #include "ssl_locl.h" | ||
| 57 | |||
| 58 | #include <openssl/md5.h> | ||
| 59 | #include <openssl/sha.h> | ||
| 60 | |||
| 61 | /* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length | ||
| 62 | * field. (SHA-384/512 have 128-bit length.) */ | ||
| 63 | #define MAX_HASH_BIT_COUNT_BYTES 16 | ||
| 64 | |||
| 65 | /* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support. | ||
| 66 | * Currently SHA-384/512 has a 128-byte block size and that's the largest | ||
| 67 | * supported by TLS.) */ | ||
| 68 | #define MAX_HASH_BLOCK_SIZE 128 | ||
| 69 | |||
| 70 | /* Some utility functions are needed: | ||
| 71 | * | ||
| 72 | * These macros return the given value with the MSB copied to all the other | ||
| 73 | * bits. They use the fact that arithmetic shift shifts-in the sign bit. | ||
| 74 | * However, this is not ensured by the C standard so you may need to replace | ||
| 75 | * them with something else on odd CPUs. */ | ||
| 76 | #define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1))) | ||
| 77 | #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) | ||
| 78 | |||
| 79 | /* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */ | ||
| 80 | static unsigned | ||
| 81 | constant_time_lt(unsigned a, unsigned b) | ||
| 82 | { | ||
| 83 | a -= b; | ||
| 84 | return DUPLICATE_MSB_TO_ALL(a); | ||
| 85 | } | ||
| 86 | |||
| 87 | /* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ | ||
| 88 | static unsigned | ||
| 89 | constant_time_ge(unsigned a, unsigned b) | ||
| 90 | { | ||
| 91 | a -= b; | ||
| 92 | return DUPLICATE_MSB_TO_ALL(~a); | ||
| 93 | } | ||
| 94 | |||
| 95 | /* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ | ||
| 96 | static unsigned char | ||
| 97 | constant_time_eq_8(unsigned a, unsigned b) | ||
| 98 | { | ||
| 99 | unsigned c = a ^ b; | ||
| 100 | c--; | ||
| 101 | return DUPLICATE_MSB_TO_ALL_8(c); | ||
| 102 | } | ||
| 103 | |||
| 104 | /* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC | ||
| 105 | * record in |rec| by updating |rec->length| in constant time. | ||
| 106 | * | ||
| 107 | * block_size: the block size of the cipher used to encrypt the record. | ||
| 108 | * returns: | ||
| 109 | * 0: (in non-constant time) if the record is publicly invalid. | ||
| 110 | * 1: if the padding was valid | ||
| 111 | * -1: otherwise. */ | ||
| 112 | int | ||
| 113 | ssl3_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, | ||
| 114 | unsigned mac_size) | ||
| 115 | { | ||
| 116 | unsigned padding_length, good; | ||
| 117 | const unsigned overhead = 1 /* padding length byte */ + mac_size; | ||
| 118 | |||
| 119 | /* These lengths are all public so we can test them in non-constant | ||
| 120 | * time. */ | ||
| 121 | if (overhead > rec->length) | ||
| 122 | return 0; | ||
| 123 | |||
| 124 | padding_length = rec->data[rec->length - 1]; | ||
| 125 | good = constant_time_ge(rec->length, padding_length + overhead); | ||
| 126 | /* SSLv3 requires that the padding is minimal. */ | ||
| 127 | good &= constant_time_ge(block_size, padding_length + 1); | ||
| 128 | padding_length = good & (padding_length + 1); | ||
| 129 | rec->length -= padding_length; | ||
| 130 | rec->type |= padding_length << 8; /* kludge: pass padding length */ | ||
| 131 | return (int)((good & 1) | (~good & -1)); | ||
| 132 | } | ||
| 133 | |||
| 134 | /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC | ||
| 135 | * record in |rec| in constant time and returns 1 if the padding is valid and | ||
| 136 | * -1 otherwise. It also removes any explicit IV from the start of the record | ||
| 137 | * without leaking any timing about whether there was enough space after the | ||
| 138 | * padding was removed. | ||
| 139 | * | ||
| 140 | * block_size: the block size of the cipher used to encrypt the record. | ||
| 141 | * returns: | ||
| 142 | * 0: (in non-constant time) if the record is publicly invalid. | ||
| 143 | * 1: if the padding was valid | ||
| 144 | * -1: otherwise. */ | ||
| 145 | int | ||
| 146 | tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, | ||
| 147 | unsigned mac_size) | ||
| 148 | { | ||
| 149 | unsigned padding_length, good, to_check, i; | ||
| 150 | const unsigned overhead = 1 /* padding length byte */ + mac_size; | ||
| 151 | |||
| 152 | /* Check if version requires explicit IV */ | ||
| 153 | if (SSL_USE_EXPLICIT_IV(s)) { | ||
| 154 | /* These lengths are all public so we can test them in | ||
| 155 | * non-constant time. | ||
| 156 | */ | ||
| 157 | if (overhead + block_size > rec->length) | ||
| 158 | return 0; | ||
| 159 | /* We can now safely skip explicit IV */ | ||
| 160 | rec->data += block_size; | ||
| 161 | rec->input += block_size; | ||
| 162 | rec->length -= block_size; | ||
| 163 | } else if (overhead > rec->length) | ||
| 164 | return 0; | ||
| 165 | |||
| 166 | padding_length = rec->data[rec->length - 1]; | ||
| 167 | |||
| 168 | /* NB: if compression is in operation the first packet may not be of | ||
| 169 | * even length so the padding bug check cannot be performed. This bug | ||
| 170 | * workaround has been around since SSLeay so hopefully it is either | ||
| 171 | * fixed now or no buggy implementation supports compression [steve] | ||
| 172 | * (We don't support compression either, so it's not in operation.) | ||
| 173 | */ | ||
| 174 | if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)) { | ||
| 175 | /* First packet is even in size, so check */ | ||
| 176 | if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", | ||
| 177 | SSL3_SEQUENCE_SIZE) == 0) && !(padding_length & 1)) { | ||
| 178 | s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; | ||
| 179 | } | ||
| 180 | if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && | ||
| 181 | padding_length > 0) { | ||
| 182 | padding_length--; | ||
| 183 | } | ||
| 184 | } | ||
| 185 | |||
| 186 | if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { | ||
| 187 | /* padding is already verified */ | ||
| 188 | rec->length -= padding_length + 1; | ||
| 189 | return 1; | ||
| 190 | } | ||
| 191 | |||
| 192 | good = constant_time_ge(rec->length, overhead + padding_length); | ||
| 193 | /* The padding consists of a length byte at the end of the record and | ||
| 194 | * then that many bytes of padding, all with the same value as the | ||
| 195 | * length byte. Thus, with the length byte included, there are i+1 | ||
| 196 | * bytes of padding. | ||
| 197 | * | ||
| 198 | * We can't check just |padding_length+1| bytes because that leaks | ||
| 199 | * decrypted information. Therefore we always have to check the maximum | ||
| 200 | * amount of padding possible. (Again, the length of the record is | ||
| 201 | * public information so we can use it.) */ | ||
| 202 | to_check = 255; /* maximum amount of padding. */ | ||
| 203 | if (to_check > rec->length - 1) | ||
| 204 | to_check = rec->length - 1; | ||
| 205 | |||
| 206 | for (i = 0; i < to_check; i++) { | ||
| 207 | unsigned char mask = constant_time_ge(padding_length, i); | ||
| 208 | unsigned char b = rec->data[rec->length - 1 - i]; | ||
| 209 | /* The final |padding_length+1| bytes should all have the value | ||
| 210 | * |padding_length|. Therefore the XOR should be zero. */ | ||
| 211 | good &= ~(mask&(padding_length ^ b)); | ||
| 212 | } | ||
| 213 | |||
| 214 | /* If any of the final |padding_length+1| bytes had the wrong value, | ||
| 215 | * one or more of the lower eight bits of |good| will be cleared. We | ||
| 216 | * AND the bottom 8 bits together and duplicate the result to all the | ||
| 217 | * bits. */ | ||
| 218 | good &= good >> 4; | ||
| 219 | good &= good >> 2; | ||
| 220 | good &= good >> 1; | ||
| 221 | good <<= sizeof(good)*8 - 1; | ||
| 222 | good = DUPLICATE_MSB_TO_ALL(good); | ||
| 223 | |||
| 224 | padding_length = good & (padding_length + 1); | ||
| 225 | rec->length -= padding_length; | ||
| 226 | rec->type |= padding_length<<8; /* kludge: pass padding length */ | ||
| 227 | |||
| 228 | return (int)((good & 1) | (~good & -1)); | ||
| 229 | } | ||
| 230 | |||
| 231 | /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in | ||
| 232 | * constant time (independent of the concrete value of rec->length, which may | ||
| 233 | * vary within a 256-byte window). | ||
| 234 | * | ||
| 235 | * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to | ||
| 236 | * this function. | ||
| 237 | * | ||
| 238 | * On entry: | ||
| 239 | * rec->orig_len >= md_size | ||
| 240 | * md_size <= EVP_MAX_MD_SIZE | ||
| 241 | * | ||
| 242 | * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with | ||
| 243 | * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into | ||
| 244 | * a single or pair of cache-lines, then the variable memory accesses don't | ||
| 245 | * actually affect the timing. CPUs with smaller cache-lines [if any] are | ||
| 246 | * not multi-core and are not considered vulnerable to cache-timing attacks. | ||
| 247 | */ | ||
| 248 | #define CBC_MAC_ROTATE_IN_PLACE | ||
| 249 | |||
| 250 | void | ||
| 251 | ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec, | ||
| 252 | unsigned md_size, unsigned orig_len) | ||
| 253 | { | ||
| 254 | #if defined(CBC_MAC_ROTATE_IN_PLACE) | ||
| 255 | unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; | ||
| 256 | unsigned char *rotated_mac; | ||
| 257 | #else | ||
| 258 | unsigned char rotated_mac[EVP_MAX_MD_SIZE]; | ||
| 259 | #endif | ||
| 260 | |||
| 261 | /* mac_end is the index of |rec->data| just after the end of the MAC. */ | ||
| 262 | unsigned mac_end = rec->length; | ||
| 263 | unsigned mac_start = mac_end - md_size; | ||
| 264 | /* scan_start contains the number of bytes that we can ignore because | ||
| 265 | * the MAC's position can only vary by 255 bytes. */ | ||
| 266 | unsigned scan_start = 0; | ||
| 267 | unsigned i, j; | ||
| 268 | unsigned div_spoiler; | ||
| 269 | unsigned rotate_offset; | ||
| 270 | |||
| 271 | OPENSSL_assert(orig_len >= md_size); | ||
| 272 | OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); | ||
| 273 | |||
| 274 | #if defined(CBC_MAC_ROTATE_IN_PLACE) | ||
| 275 | rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63); | ||
| 276 | #endif | ||
| 277 | |||
| 278 | /* This information is public so it's safe to branch based on it. */ | ||
| 279 | if (orig_len > md_size + 255 + 1) | ||
| 280 | scan_start = orig_len - (md_size + 255 + 1); | ||
| 281 | /* div_spoiler contains a multiple of md_size that is used to cause the | ||
| 282 | * modulo operation to be constant time. Without this, the time varies | ||
| 283 | * based on the amount of padding when running on Intel chips at least. | ||
| 284 | * | ||
| 285 | * The aim of right-shifting md_size is so that the compiler doesn't | ||
| 286 | * figure out that it can remove div_spoiler as that would require it | ||
| 287 | * to prove that md_size is always even, which I hope is beyond it. */ | ||
| 288 | div_spoiler = md_size >> 1; | ||
| 289 | div_spoiler <<= (sizeof(div_spoiler) - 1) * 8; | ||
| 290 | rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; | ||
| 291 | |||
| 292 | memset(rotated_mac, 0, md_size); | ||
| 293 | for (i = scan_start, j = 0; i < orig_len; i++) { | ||
| 294 | unsigned char mac_started = constant_time_ge(i, mac_start); | ||
| 295 | unsigned char mac_ended = constant_time_ge(i, mac_end); | ||
| 296 | unsigned char b = rec->data[i]; | ||
| 297 | rotated_mac[j++] |= b & mac_started & ~mac_ended; | ||
| 298 | j &= constant_time_lt(j, md_size); | ||
| 299 | } | ||
| 300 | |||
| 301 | /* Now rotate the MAC */ | ||
| 302 | #if defined(CBC_MAC_ROTATE_IN_PLACE) | ||
| 303 | j = 0; | ||
| 304 | for (i = 0; i < md_size; i++) { | ||
| 305 | /* in case cache-line is 32 bytes, touch second line */ | ||
| 306 | ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; | ||
| 307 | out[j++] = rotated_mac[rotate_offset++]; | ||
| 308 | rotate_offset &= constant_time_lt(rotate_offset, md_size); | ||
| 309 | } | ||
| 310 | #else | ||
| 311 | memset(out, 0, md_size); | ||
| 312 | rotate_offset = md_size - rotate_offset; | ||
| 313 | rotate_offset &= constant_time_lt(rotate_offset, md_size); | ||
| 314 | for (i = 0; i < md_size; i++) { | ||
| 315 | for (j = 0; j < md_size; j++) | ||
| 316 | out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); | ||
| 317 | rotate_offset++; | ||
| 318 | rotate_offset &= constant_time_lt(rotate_offset, md_size); | ||
| 319 | } | ||
| 320 | #endif | ||
| 321 | } | ||
| 322 | |||
| 323 | /* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in | ||
| 324 | * little-endian order. The value of p is advanced by four. */ | ||
| 325 | #define u32toLE(n, p) \ | ||
| 326 | (*((p)++)=(unsigned char)(n), \ | ||
| 327 | *((p)++)=(unsigned char)(n>>8), \ | ||
| 328 | *((p)++)=(unsigned char)(n>>16), \ | ||
| 329 | *((p)++)=(unsigned char)(n>>24)) | ||
| 330 | |||
| 331 | /* These functions serialize the state of a hash and thus perform the standard | ||
| 332 | * "final" operation without adding the padding and length that such a function | ||
| 333 | * typically does. */ | ||
| 334 | static void | ||
| 335 | tls1_md5_final_raw(void* ctx, unsigned char *md_out) | ||
| 336 | { | ||
| 337 | MD5_CTX *md5 = ctx; | ||
| 338 | u32toLE(md5->A, md_out); | ||
| 339 | u32toLE(md5->B, md_out); | ||
| 340 | u32toLE(md5->C, md_out); | ||
| 341 | u32toLE(md5->D, md_out); | ||
| 342 | } | ||
| 343 | |||
| 344 | static void | ||
| 345 | tls1_sha1_final_raw(void* ctx, unsigned char *md_out) | ||
| 346 | { | ||
| 347 | SHA_CTX *sha1 = ctx; | ||
| 348 | l2n(sha1->h0, md_out); | ||
| 349 | l2n(sha1->h1, md_out); | ||
| 350 | l2n(sha1->h2, md_out); | ||
| 351 | l2n(sha1->h3, md_out); | ||
| 352 | l2n(sha1->h4, md_out); | ||
| 353 | } | ||
| 354 | #define LARGEST_DIGEST_CTX SHA_CTX | ||
| 355 | |||
| 356 | static void | ||
| 357 | tls1_sha256_final_raw(void* ctx, unsigned char *md_out) | ||
| 358 | { | ||
| 359 | SHA256_CTX *sha256 = ctx; | ||
| 360 | unsigned i; | ||
| 361 | |||
| 362 | for (i = 0; i < 8; i++) { | ||
| 363 | l2n(sha256->h[i], md_out); | ||
| 364 | } | ||
| 365 | } | ||
| 366 | #undef LARGEST_DIGEST_CTX | ||
| 367 | #define LARGEST_DIGEST_CTX SHA256_CTX | ||
| 368 | |||
| 369 | static void | ||
| 370 | tls1_sha512_final_raw(void* ctx, unsigned char *md_out) | ||
| 371 | { | ||
| 372 | SHA512_CTX *sha512 = ctx; | ||
| 373 | unsigned i; | ||
| 374 | |||
| 375 | for (i = 0; i < 8; i++) { | ||
| 376 | l2n8(sha512->h[i], md_out); | ||
| 377 | } | ||
| 378 | } | ||
| 379 | #undef LARGEST_DIGEST_CTX | ||
| 380 | #define LARGEST_DIGEST_CTX SHA512_CTX | ||
| 381 | |||
| 382 | /* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function | ||
| 383 | * which ssl3_cbc_digest_record supports. */ | ||
| 384 | char | ||
| 385 | ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) | ||
| 386 | { | ||
| 387 | switch (EVP_MD_CTX_type(ctx)) { | ||
| 388 | case NID_md5: | ||
| 389 | case NID_sha1: | ||
| 390 | case NID_sha224: | ||
| 391 | case NID_sha256: | ||
| 392 | case NID_sha384: | ||
| 393 | case NID_sha512: | ||
| 394 | return 1; | ||
| 395 | default: | ||
| 396 | return 0; | ||
| 397 | } | ||
| 398 | } | ||
| 399 | |||
| 400 | /* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS | ||
| 401 | * record. | ||
| 402 | * | ||
| 403 | * ctx: the EVP_MD_CTX from which we take the hash function. | ||
| 404 | * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX. | ||
| 405 | * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written. | ||
| 406 | * md_out_size: if non-NULL, the number of output bytes is written here. | ||
| 407 | * header: the 13-byte, TLS record header. | ||
| 408 | * data: the record data itself, less any preceeding explicit IV. | ||
| 409 | * data_plus_mac_size: the secret, reported length of the data and MAC | ||
| 410 | * once the padding has been removed. | ||
| 411 | * data_plus_mac_plus_padding_size: the public length of the whole | ||
| 412 | * record, including padding. | ||
| 413 | * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS. | ||
| 414 | * | ||
| 415 | * On entry: by virtue of having been through one of the remove_padding | ||
| 416 | * functions, above, we know that data_plus_mac_size is large enough to contain | ||
| 417 | * a padding byte and MAC. (If the padding was invalid, it might contain the | ||
| 418 | * padding too. ) */ | ||
| 419 | int | ||
| 420 | ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, | ||
| 421 | size_t* md_out_size, const unsigned char header[13], | ||
| 422 | const unsigned char *data, size_t data_plus_mac_size, | ||
| 423 | size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, | ||
| 424 | unsigned mac_secret_length, char is_sslv3) | ||
| 425 | { | ||
| 426 | union { double align; | ||
| 427 | unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; | ||
| 428 | } md_state; | ||
| 429 | void (*md_final_raw)(void *ctx, unsigned char *md_out); | ||
| 430 | void (*md_transform)(void *ctx, const unsigned char *block); | ||
| 431 | unsigned md_size, md_block_size = 64; | ||
| 432 | unsigned sslv3_pad_length = 40, header_length, variance_blocks, | ||
| 433 | len, max_mac_bytes, num_blocks, | ||
| 434 | num_starting_blocks, k, mac_end_offset, c, index_a, index_b; | ||
| 435 | unsigned int bits; /* at most 18 bits */ | ||
| 436 | unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; | ||
| 437 | /* hmac_pad is the masked HMAC key. */ | ||
| 438 | unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; | ||
| 439 | unsigned char first_block[MAX_HASH_BLOCK_SIZE]; | ||
| 440 | unsigned char mac_out[EVP_MAX_MD_SIZE]; | ||
| 441 | unsigned i, j, md_out_size_u; | ||
| 442 | EVP_MD_CTX md_ctx; | ||
| 443 | /* mdLengthSize is the number of bytes in the length field that terminates | ||
| 444 | * the hash. */ | ||
| 445 | unsigned md_length_size = 8; | ||
| 446 | char length_is_big_endian = 1; | ||
| 447 | |||
| 448 | /* This is a, hopefully redundant, check that allows us to forget about | ||
| 449 | * many possible overflows later in this function. */ | ||
| 450 | OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); | ||
| 451 | |||
| 452 | switch (EVP_MD_CTX_type(ctx)) { | ||
| 453 | case NID_md5: | ||
| 454 | MD5_Init((MD5_CTX*)md_state.c); | ||
| 455 | md_final_raw = tls1_md5_final_raw; | ||
| 456 | md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; | ||
| 457 | md_size = 16; | ||
| 458 | sslv3_pad_length = 48; | ||
| 459 | length_is_big_endian = 0; | ||
| 460 | break; | ||
| 461 | case NID_sha1: | ||
| 462 | SHA1_Init((SHA_CTX*)md_state.c); | ||
| 463 | md_final_raw = tls1_sha1_final_raw; | ||
| 464 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; | ||
| 465 | md_size = 20; | ||
| 466 | break; | ||
| 467 | case NID_sha224: | ||
| 468 | SHA224_Init((SHA256_CTX*)md_state.c); | ||
| 469 | md_final_raw = tls1_sha256_final_raw; | ||
| 470 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; | ||
| 471 | md_size = 224/8; | ||
| 472 | break; | ||
| 473 | case NID_sha256: | ||
| 474 | SHA256_Init((SHA256_CTX*)md_state.c); | ||
| 475 | md_final_raw = tls1_sha256_final_raw; | ||
| 476 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; | ||
| 477 | md_size = 32; | ||
| 478 | break; | ||
| 479 | case NID_sha384: | ||
| 480 | SHA384_Init((SHA512_CTX*)md_state.c); | ||
| 481 | md_final_raw = tls1_sha512_final_raw; | ||
| 482 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; | ||
| 483 | md_size = 384/8; | ||
| 484 | md_block_size = 128; | ||
| 485 | md_length_size = 16; | ||
| 486 | break; | ||
| 487 | case NID_sha512: | ||
| 488 | SHA512_Init((SHA512_CTX*)md_state.c); | ||
| 489 | md_final_raw = tls1_sha512_final_raw; | ||
| 490 | md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; | ||
| 491 | md_size = 64; | ||
| 492 | md_block_size = 128; | ||
| 493 | md_length_size = 16; | ||
| 494 | break; | ||
| 495 | default: | ||
| 496 | /* ssl3_cbc_record_digest_supported should have been | ||
| 497 | * called first to check that the hash function is | ||
| 498 | * supported. */ | ||
| 499 | OPENSSL_assert(0); | ||
| 500 | if (md_out_size) | ||
| 501 | *md_out_size = 0; | ||
| 502 | return 0; | ||
| 503 | } | ||
| 504 | |||
| 505 | OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); | ||
| 506 | OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); | ||
| 507 | OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); | ||
| 508 | |||
| 509 | header_length = 13; | ||
| 510 | if (is_sslv3) { | ||
| 511 | header_length = mac_secret_length + sslv3_pad_length + | ||
| 512 | 8 /* sequence number */ + | ||
| 513 | 1 /* record type */ + | ||
| 514 | 2 /* record length */; | ||
| 515 | } | ||
| 516 | |||
| 517 | /* variance_blocks is the number of blocks of the hash that we have to | ||
| 518 | * calculate in constant time because they could be altered by the | ||
| 519 | * padding value. | ||
| 520 | * | ||
| 521 | * In SSLv3, the padding must be minimal so the end of the plaintext | ||
| 522 | * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that | ||
| 523 | * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash | ||
| 524 | * termination (0x80 + 64-bit length) don't fit in the final block, we | ||
| 525 | * say that the final two blocks can vary based on the padding. | ||
| 526 | * | ||
| 527 | * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not | ||
| 528 | * required to be minimal. Therefore we say that the final six blocks | ||
| 529 | * can vary based on the padding. | ||
| 530 | * | ||
| 531 | * Later in the function, if the message is short and there obviously | ||
| 532 | * cannot be this many blocks then variance_blocks can be reduced. */ | ||
| 533 | variance_blocks = is_sslv3 ? 2 : 6; | ||
| 534 | /* From now on we're dealing with the MAC, which conceptually has 13 | ||
| 535 | * bytes of `header' before the start of the data (TLS) or 71/75 bytes | ||
| 536 | * (SSLv3) */ | ||
| 537 | len = data_plus_mac_plus_padding_size + header_length; | ||
| 538 | /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including | ||
| 539 | * |header|, assuming that there's no padding. */ | ||
| 540 | max_mac_bytes = len - md_size - 1; | ||
| 541 | /* num_blocks is the maximum number of hash blocks. */ | ||
| 542 | num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; | ||
| 543 | /* In order to calculate the MAC in constant time we have to handle | ||
| 544 | * the final blocks specially because the padding value could cause the | ||
| 545 | * end to appear somewhere in the final |variance_blocks| blocks and we | ||
| 546 | * can't leak where. However, |num_starting_blocks| worth of data can | ||
| 547 | * be hashed right away because no padding value can affect whether | ||
| 548 | * they are plaintext. */ | ||
| 549 | num_starting_blocks = 0; | ||
| 550 | /* k is the starting byte offset into the conceptual header||data where | ||
| 551 | * we start processing. */ | ||
| 552 | k = 0; | ||
| 553 | /* mac_end_offset is the index just past the end of the data to be | ||
| 554 | * MACed. */ | ||
| 555 | mac_end_offset = data_plus_mac_size + header_length - md_size; | ||
| 556 | /* c is the index of the 0x80 byte in the final hash block that | ||
| 557 | * contains application data. */ | ||
| 558 | c = mac_end_offset % md_block_size; | ||
| 559 | /* index_a is the hash block number that contains the 0x80 terminating | ||
| 560 | * value. */ | ||
| 561 | index_a = mac_end_offset / md_block_size; | ||
| 562 | /* index_b is the hash block number that contains the 64-bit hash | ||
| 563 | * length, in bits. */ | ||
| 564 | index_b = (mac_end_offset + md_length_size) / md_block_size; | ||
| 565 | /* bits is the hash-length in bits. It includes the additional hash | ||
| 566 | * block for the masked HMAC key, or whole of |header| in the case of | ||
| 567 | * SSLv3. */ | ||
| 568 | |||
| 569 | /* For SSLv3, if we're going to have any starting blocks then we need | ||
| 570 | * at least two because the header is larger than a single block. */ | ||
| 571 | if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) { | ||
| 572 | num_starting_blocks = num_blocks - variance_blocks; | ||
| 573 | k = md_block_size*num_starting_blocks; | ||
| 574 | } | ||
| 575 | |||
| 576 | bits = 8*mac_end_offset; | ||
| 577 | if (!is_sslv3) { | ||
| 578 | /* Compute the initial HMAC block. For SSLv3, the padding and | ||
| 579 | * secret bytes are included in |header| because they take more | ||
| 580 | * than a single block. */ | ||
| 581 | bits += 8*md_block_size; | ||
| 582 | memset(hmac_pad, 0, md_block_size); | ||
| 583 | OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); | ||
| 584 | memcpy(hmac_pad, mac_secret, mac_secret_length); | ||
| 585 | for (i = 0; i < md_block_size; i++) | ||
| 586 | hmac_pad[i] ^= 0x36; | ||
| 587 | |||
| 588 | md_transform(md_state.c, hmac_pad); | ||
| 589 | } | ||
| 590 | |||
| 591 | if (length_is_big_endian) { | ||
| 592 | memset(length_bytes, 0, md_length_size - 4); | ||
| 593 | length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24); | ||
| 594 | length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16); | ||
| 595 | length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8); | ||
| 596 | length_bytes[md_length_size - 1] = (unsigned char)bits; | ||
| 597 | } else { | ||
| 598 | memset(length_bytes, 0, md_length_size); | ||
| 599 | length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24); | ||
| 600 | length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16); | ||
| 601 | length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8); | ||
| 602 | length_bytes[md_length_size - 8] = (unsigned char)bits; | ||
| 603 | } | ||
| 604 | |||
| 605 | if (k > 0) { | ||
| 606 | if (is_sslv3) { | ||
| 607 | /* The SSLv3 header is larger than a single block. | ||
| 608 | * overhang is the number of bytes beyond a single | ||
| 609 | * block that the header consumes: either 7 bytes | ||
| 610 | * (SHA1) or 11 bytes (MD5). */ | ||
| 611 | unsigned overhang = header_length - md_block_size; | ||
| 612 | md_transform(md_state.c, header); | ||
| 613 | memcpy(first_block, header + md_block_size, overhang); | ||
| 614 | memcpy(first_block + overhang, data, md_block_size - overhang); | ||
| 615 | md_transform(md_state.c, first_block); | ||
| 616 | for (i = 1; i < k/md_block_size - 1; i++) | ||
| 617 | md_transform(md_state.c, data + md_block_size*i - overhang); | ||
| 618 | } else { | ||
| 619 | /* k is a multiple of md_block_size. */ | ||
| 620 | memcpy(first_block, header, 13); | ||
| 621 | memcpy(first_block + 13, data, md_block_size - 13); | ||
| 622 | md_transform(md_state.c, first_block); | ||
| 623 | for (i = 1; i < k/md_block_size; i++) | ||
| 624 | md_transform(md_state.c, data + md_block_size*i - 13); | ||
| 625 | } | ||
| 626 | } | ||
| 627 | |||
| 628 | memset(mac_out, 0, sizeof(mac_out)); | ||
| 629 | |||
| 630 | /* We now process the final hash blocks. For each block, we construct | ||
| 631 | * it in constant time. If the |i==index_a| then we'll include the 0x80 | ||
| 632 | * bytes and zero pad etc. For each block we selectively copy it, in | ||
| 633 | * constant time, to |mac_out|. */ | ||
| 634 | for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) { | ||
| 635 | unsigned char block[MAX_HASH_BLOCK_SIZE]; | ||
| 636 | unsigned char is_block_a = constant_time_eq_8(i, index_a); | ||
| 637 | unsigned char is_block_b = constant_time_eq_8(i, index_b); | ||
| 638 | for (j = 0; j < md_block_size; j++) { | ||
| 639 | unsigned char b = 0, is_past_c, is_past_cp1; | ||
| 640 | if (k < header_length) | ||
| 641 | b = header[k]; | ||
| 642 | else if (k < data_plus_mac_plus_padding_size + header_length) | ||
| 643 | b = data[k - header_length]; | ||
| 644 | k++; | ||
| 645 | |||
| 646 | is_past_c = is_block_a & constant_time_ge(j, c); | ||
| 647 | is_past_cp1 = is_block_a & constant_time_ge(j, c + 1); | ||
| 648 | /* If this is the block containing the end of the | ||
| 649 | * application data, and we are at the offset for the | ||
| 650 | * 0x80 value, then overwrite b with 0x80. */ | ||
| 651 | b = (b&~is_past_c) | (0x80&is_past_c); | ||
| 652 | /* If this the the block containing the end of the | ||
| 653 | * application data and we're past the 0x80 value then | ||
| 654 | * just write zero. */ | ||
| 655 | b = b&~is_past_cp1; | ||
| 656 | /* If this is index_b (the final block), but not | ||
| 657 | * index_a (the end of the data), then the 64-bit | ||
| 658 | * length didn't fit into index_a and we're having to | ||
| 659 | * add an extra block of zeros. */ | ||
| 660 | b &= ~is_block_b | is_block_a; | ||
| 661 | |||
| 662 | /* The final bytes of one of the blocks contains the | ||
| 663 | * length. */ | ||
| 664 | if (j >= md_block_size - md_length_size) { | ||
| 665 | /* If this is index_b, write a length byte. */ | ||
| 666 | b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]); | ||
| 667 | } | ||
| 668 | block[j] = b; | ||
| 669 | } | ||
| 670 | |||
| 671 | md_transform(md_state.c, block); | ||
| 672 | md_final_raw(md_state.c, block); | ||
| 673 | /* If this is index_b, copy the hash value to |mac_out|. */ | ||
| 674 | for (j = 0; j < md_size; j++) | ||
| 675 | mac_out[j] |= block[j]&is_block_b; | ||
| 676 | } | ||
| 677 | |||
| 678 | EVP_MD_CTX_init(&md_ctx); | ||
| 679 | if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) { | ||
| 680 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 681 | return 0; | ||
| 682 | } | ||
| 683 | if (is_sslv3) { | ||
| 684 | /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ | ||
| 685 | memset(hmac_pad, 0x5c, sslv3_pad_length); | ||
| 686 | |||
| 687 | EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length); | ||
| 688 | EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length); | ||
| 689 | EVP_DigestUpdate(&md_ctx, mac_out, md_size); | ||
| 690 | } else { | ||
| 691 | /* Complete the HMAC in the standard manner. */ | ||
| 692 | for (i = 0; i < md_block_size; i++) | ||
| 693 | hmac_pad[i] ^= 0x6a; | ||
| 694 | |||
| 695 | EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); | ||
| 696 | EVP_DigestUpdate(&md_ctx, mac_out, md_size); | ||
| 697 | } | ||
| 698 | EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); | ||
| 699 | if (md_out_size) | ||
| 700 | *md_out_size = md_out_size_u; | ||
| 701 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 702 | |||
| 703 | return 1; | ||
| 704 | } | ||
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c deleted file mode 100644 index d68aecf541..0000000000 --- a/src/lib/libssl/s3_clnt.c +++ /dev/null | |||
| @@ -1,2726 +0,0 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.108 2015/03/08 16:48:47 miod Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 124 | /* ==================================================================== | ||
| 125 | * Copyright 2005 Nokia. All rights reserved. | ||
| 126 | * | ||
| 127 | * The portions of the attached software ("Contribution") is developed by | ||
| 128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 129 | * license. | ||
| 130 | * | ||
| 131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 133 | * support (see RFC 4279) to OpenSSL. | ||
| 134 | * | ||
| 135 | * No patent licenses or other rights except those expressly stated in | ||
| 136 | * the OpenSSL open source license shall be deemed granted or received | ||
| 137 | * expressly, by implication, estoppel, or otherwise. | ||
| 138 | * | ||
| 139 | * No assurances are provided by Nokia that the Contribution does not | ||
| 140 | * infringe the patent or other intellectual property rights of any third | ||
| 141 | * party or that the license provides you with all the necessary rights | ||
| 142 | * to make use of the Contribution. | ||
| 143 | * | ||
| 144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 148 | * OTHERWISE. | ||
| 149 | */ | ||
| 150 | |||
| 151 | #include <stdio.h> | ||
| 152 | |||
| 153 | #include "ssl_locl.h" | ||
| 154 | |||
| 155 | #include <openssl/bn.h> | ||
| 156 | #include <openssl/buffer.h> | ||
| 157 | #include <openssl/dh.h> | ||
| 158 | #include <openssl/evp.h> | ||
| 159 | #include <openssl/md5.h> | ||
| 160 | #include <openssl/objects.h> | ||
| 161 | |||
| 162 | #ifndef OPENSSL_NO_ENGINE | ||
| 163 | #include <openssl/engine.h> | ||
| 164 | #endif | ||
| 165 | #ifndef OPENSSL_NO_GOST | ||
| 166 | #include <openssl/gost.h> | ||
| 167 | #endif | ||
| 168 | |||
| 169 | static const SSL_METHOD *ssl3_get_client_method(int ver); | ||
| 170 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b); | ||
| 171 | |||
| 172 | const SSL_METHOD SSLv3_client_method_data = { | ||
| 173 | .version = SSL3_VERSION, | ||
| 174 | .ssl_new = ssl3_new, | ||
| 175 | .ssl_clear = ssl3_clear, | ||
| 176 | .ssl_free = ssl3_free, | ||
| 177 | .ssl_accept = ssl_undefined_function, | ||
| 178 | .ssl_connect = ssl3_connect, | ||
| 179 | .ssl_read = ssl3_read, | ||
| 180 | .ssl_peek = ssl3_peek, | ||
| 181 | .ssl_write = ssl3_write, | ||
| 182 | .ssl_shutdown = ssl3_shutdown, | ||
| 183 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 184 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 185 | .ssl_get_message = ssl3_get_message, | ||
| 186 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 187 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 188 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 189 | .ssl_ctrl = ssl3_ctrl, | ||
| 190 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 191 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 192 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 193 | .ssl_pending = ssl3_pending, | ||
| 194 | .num_ciphers = ssl3_num_ciphers, | ||
| 195 | .get_cipher = ssl3_get_cipher, | ||
| 196 | .get_ssl_method = ssl3_get_client_method, | ||
| 197 | .get_timeout = ssl3_default_timeout, | ||
| 198 | .ssl3_enc = &SSLv3_enc_data, | ||
| 199 | .ssl_version = ssl_undefined_void_function, | ||
| 200 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 201 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 202 | }; | ||
| 203 | |||
| 204 | const SSL_METHOD * | ||
| 205 | SSLv3_client_method(void) | ||
| 206 | { | ||
| 207 | return &SSLv3_client_method_data; | ||
| 208 | } | ||
| 209 | |||
| 210 | static const SSL_METHOD * | ||
| 211 | ssl3_get_client_method(int ver) | ||
| 212 | { | ||
| 213 | if (ver == SSL3_VERSION) | ||
| 214 | return (SSLv3_client_method()); | ||
| 215 | return (NULL); | ||
| 216 | } | ||
| 217 | |||
| 218 | int | ||
| 219 | ssl3_connect(SSL *s) | ||
| 220 | { | ||
| 221 | BUF_MEM *buf = NULL; | ||
| 222 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 223 | int ret = -1; | ||
| 224 | int new_state, state, skip = 0; | ||
| 225 | |||
| 226 | ERR_clear_error(); | ||
| 227 | errno = 0; | ||
| 228 | |||
| 229 | if (s->info_callback != NULL) | ||
| 230 | cb = s->info_callback; | ||
| 231 | else if (s->ctx->info_callback != NULL) | ||
| 232 | cb = s->ctx->info_callback; | ||
| 233 | |||
| 234 | s->in_handshake++; | ||
| 235 | if (!SSL_in_init(s) || SSL_in_before(s)) | ||
| 236 | SSL_clear(s); | ||
| 237 | |||
| 238 | for (;;) { | ||
| 239 | state = s->state; | ||
| 240 | |||
| 241 | switch (s->state) { | ||
| 242 | case SSL_ST_RENEGOTIATE: | ||
| 243 | s->renegotiate = 1; | ||
| 244 | s->state = SSL_ST_CONNECT; | ||
| 245 | s->ctx->stats.sess_connect_renegotiate++; | ||
| 246 | /* break */ | ||
| 247 | case SSL_ST_BEFORE: | ||
| 248 | case SSL_ST_CONNECT: | ||
| 249 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 250 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 251 | |||
| 252 | s->server = 0; | ||
| 253 | if (cb != NULL) | ||
| 254 | cb(s, SSL_CB_HANDSHAKE_START, 1); | ||
| 255 | |||
| 256 | if ((s->version & 0xff00 ) != 0x0300) { | ||
| 257 | SSLerr(SSL_F_SSL3_CONNECT, | ||
| 258 | ERR_R_INTERNAL_ERROR); | ||
| 259 | ret = -1; | ||
| 260 | goto end; | ||
| 261 | } | ||
| 262 | |||
| 263 | /* s->version=SSL3_VERSION; */ | ||
| 264 | s->type = SSL_ST_CONNECT; | ||
| 265 | |||
| 266 | if (s->init_buf == NULL) { | ||
| 267 | if ((buf = BUF_MEM_new()) == NULL) { | ||
| 268 | ret = -1; | ||
| 269 | goto end; | ||
| 270 | } | ||
| 271 | if (!BUF_MEM_grow(buf, | ||
| 272 | SSL3_RT_MAX_PLAIN_LENGTH)) { | ||
| 273 | ret = -1; | ||
| 274 | goto end; | ||
| 275 | } | ||
| 276 | s->init_buf = buf; | ||
| 277 | buf = NULL; | ||
| 278 | } | ||
| 279 | |||
| 280 | if (!ssl3_setup_buffers(s)) { | ||
| 281 | ret = -1; | ||
| 282 | goto end; | ||
| 283 | } | ||
| 284 | |||
| 285 | /* setup buffing BIO */ | ||
| 286 | if (!ssl_init_wbio_buffer(s, 0)) { | ||
| 287 | ret = -1; | ||
| 288 | goto end; | ||
| 289 | } | ||
| 290 | |||
| 291 | /* don't push the buffering BIO quite yet */ | ||
| 292 | |||
| 293 | if (!ssl3_init_finished_mac(s)) { | ||
| 294 | ret = -1; | ||
| 295 | goto end; | ||
| 296 | } | ||
| 297 | |||
| 298 | s->state = SSL3_ST_CW_CLNT_HELLO_A; | ||
| 299 | s->ctx->stats.sess_connect++; | ||
| 300 | s->init_num = 0; | ||
| 301 | break; | ||
| 302 | |||
| 303 | case SSL3_ST_CW_CLNT_HELLO_A: | ||
| 304 | case SSL3_ST_CW_CLNT_HELLO_B: | ||
| 305 | |||
| 306 | s->shutdown = 0; | ||
| 307 | ret = ssl3_client_hello(s); | ||
| 308 | if (ret <= 0) | ||
| 309 | goto end; | ||
| 310 | s->state = SSL3_ST_CR_SRVR_HELLO_A; | ||
| 311 | s->init_num = 0; | ||
| 312 | |||
| 313 | /* turn on buffering for the next lot of output */ | ||
| 314 | if (s->bbio != s->wbio) | ||
| 315 | s->wbio = BIO_push(s->bbio, s->wbio); | ||
| 316 | |||
| 317 | break; | ||
| 318 | |||
| 319 | case SSL3_ST_CR_SRVR_HELLO_A: | ||
| 320 | case SSL3_ST_CR_SRVR_HELLO_B: | ||
| 321 | ret = ssl3_get_server_hello(s); | ||
| 322 | if (ret <= 0) | ||
| 323 | goto end; | ||
| 324 | |||
| 325 | if (s->hit) { | ||
| 326 | s->state = SSL3_ST_CR_FINISHED_A; | ||
| 327 | if (s->tlsext_ticket_expected) { | ||
| 328 | /* receive renewed session ticket */ | ||
| 329 | s->state = SSL3_ST_CR_SESSION_TICKET_A; | ||
| 330 | } | ||
| 331 | } else | ||
| 332 | s->state = SSL3_ST_CR_CERT_A; | ||
| 333 | s->init_num = 0; | ||
| 334 | break; | ||
| 335 | |||
| 336 | case SSL3_ST_CR_CERT_A: | ||
| 337 | case SSL3_ST_CR_CERT_B: | ||
| 338 | ret = ssl3_check_finished(s); | ||
| 339 | if (ret <= 0) | ||
| 340 | goto end; | ||
| 341 | if (ret == 2) { | ||
| 342 | s->hit = 1; | ||
| 343 | if (s->tlsext_ticket_expected) | ||
| 344 | s->state = SSL3_ST_CR_SESSION_TICKET_A; | ||
| 345 | else | ||
| 346 | s->state = SSL3_ST_CR_FINISHED_A; | ||
| 347 | s->init_num = 0; | ||
| 348 | break; | ||
| 349 | } | ||
| 350 | /* Check if it is anon DH/ECDH. */ | ||
| 351 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | ||
| 352 | SSL_aNULL)) { | ||
| 353 | ret = ssl3_get_server_certificate(s); | ||
| 354 | if (ret <= 0) | ||
| 355 | goto end; | ||
| 356 | if (s->tlsext_status_expected) | ||
| 357 | s->state = SSL3_ST_CR_CERT_STATUS_A; | ||
| 358 | else | ||
| 359 | s->state = SSL3_ST_CR_KEY_EXCH_A; | ||
| 360 | } else { | ||
| 361 | skip = 1; | ||
| 362 | s->state = SSL3_ST_CR_KEY_EXCH_A; | ||
| 363 | } | ||
| 364 | s->init_num = 0; | ||
| 365 | break; | ||
| 366 | |||
| 367 | case SSL3_ST_CR_KEY_EXCH_A: | ||
| 368 | case SSL3_ST_CR_KEY_EXCH_B: | ||
| 369 | ret = ssl3_get_key_exchange(s); | ||
| 370 | if (ret <= 0) | ||
| 371 | goto end; | ||
| 372 | s->state = SSL3_ST_CR_CERT_REQ_A; | ||
| 373 | s->init_num = 0; | ||
| 374 | |||
| 375 | /* | ||
| 376 | * At this point we check that we have the | ||
| 377 | * required stuff from the server. | ||
| 378 | */ | ||
| 379 | if (!ssl3_check_cert_and_algorithm(s)) { | ||
| 380 | ret = -1; | ||
| 381 | goto end; | ||
| 382 | } | ||
| 383 | break; | ||
| 384 | |||
| 385 | case SSL3_ST_CR_CERT_REQ_A: | ||
| 386 | case SSL3_ST_CR_CERT_REQ_B: | ||
| 387 | ret = ssl3_get_certificate_request(s); | ||
| 388 | if (ret <= 0) | ||
| 389 | goto end; | ||
| 390 | s->state = SSL3_ST_CR_SRVR_DONE_A; | ||
| 391 | s->init_num = 0; | ||
| 392 | break; | ||
| 393 | |||
| 394 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 395 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 396 | ret = ssl3_get_server_done(s); | ||
| 397 | if (ret <= 0) | ||
| 398 | goto end; | ||
| 399 | if (s->s3->tmp.cert_req) | ||
| 400 | s->state = SSL3_ST_CW_CERT_A; | ||
| 401 | else | ||
| 402 | s->state = SSL3_ST_CW_KEY_EXCH_A; | ||
| 403 | s->init_num = 0; | ||
| 404 | |||
| 405 | break; | ||
| 406 | |||
| 407 | case SSL3_ST_CW_CERT_A: | ||
| 408 | case SSL3_ST_CW_CERT_B: | ||
| 409 | case SSL3_ST_CW_CERT_C: | ||
| 410 | case SSL3_ST_CW_CERT_D: | ||
| 411 | ret = ssl3_send_client_certificate(s); | ||
| 412 | if (ret <= 0) | ||
| 413 | goto end; | ||
| 414 | s->state = SSL3_ST_CW_KEY_EXCH_A; | ||
| 415 | s->init_num = 0; | ||
| 416 | break; | ||
| 417 | |||
| 418 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 419 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 420 | ret = ssl3_send_client_key_exchange(s); | ||
| 421 | if (ret <= 0) | ||
| 422 | goto end; | ||
| 423 | /* | ||
| 424 | * EAY EAY EAY need to check for DH fix cert | ||
| 425 | * sent back | ||
| 426 | */ | ||
| 427 | /* | ||
| 428 | * For TLS, cert_req is set to 2, so a cert chain | ||
| 429 | * of nothing is sent, but no verify packet is sent | ||
| 430 | */ | ||
| 431 | /* | ||
| 432 | * XXX: For now, we do not support client | ||
| 433 | * authentication in ECDH cipher suites with | ||
| 434 | * ECDH (rather than ECDSA) certificates. | ||
| 435 | * We need to skip the certificate verify | ||
| 436 | * message when client's ECDH public key is sent | ||
| 437 | * inside the client certificate. | ||
| 438 | */ | ||
| 439 | if (s->s3->tmp.cert_req == 1) { | ||
| 440 | s->state = SSL3_ST_CW_CERT_VRFY_A; | ||
| 441 | } else { | ||
| 442 | s->state = SSL3_ST_CW_CHANGE_A; | ||
| 443 | s->s3->change_cipher_spec = 0; | ||
| 444 | } | ||
| 445 | if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { | ||
| 446 | s->state = SSL3_ST_CW_CHANGE_A; | ||
| 447 | s->s3->change_cipher_spec = 0; | ||
| 448 | } | ||
| 449 | |||
| 450 | s->init_num = 0; | ||
| 451 | break; | ||
| 452 | |||
| 453 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 454 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 455 | ret = ssl3_send_client_verify(s); | ||
| 456 | if (ret <= 0) | ||
| 457 | goto end; | ||
| 458 | s->state = SSL3_ST_CW_CHANGE_A; | ||
| 459 | s->init_num = 0; | ||
| 460 | s->s3->change_cipher_spec = 0; | ||
| 461 | break; | ||
| 462 | |||
| 463 | case SSL3_ST_CW_CHANGE_A: | ||
| 464 | case SSL3_ST_CW_CHANGE_B: | ||
| 465 | ret = ssl3_send_change_cipher_spec(s, | ||
| 466 | SSL3_ST_CW_CHANGE_A, SSL3_ST_CW_CHANGE_B); | ||
| 467 | if (ret <= 0) | ||
| 468 | goto end; | ||
| 469 | |||
| 470 | if (s->s3->next_proto_neg_seen) | ||
| 471 | s->state = SSL3_ST_CW_NEXT_PROTO_A; | ||
| 472 | else | ||
| 473 | s->state = SSL3_ST_CW_FINISHED_A; | ||
| 474 | s->init_num = 0; | ||
| 475 | |||
| 476 | s->session->cipher = s->s3->tmp.new_cipher; | ||
| 477 | if (!s->method->ssl3_enc->setup_key_block(s)) { | ||
| 478 | ret = -1; | ||
| 479 | goto end; | ||
| 480 | } | ||
| 481 | |||
| 482 | if (!s->method->ssl3_enc->change_cipher_state(s, | ||
| 483 | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { | ||
| 484 | ret = -1; | ||
| 485 | goto end; | ||
| 486 | } | ||
| 487 | |||
| 488 | break; | ||
| 489 | |||
| 490 | case SSL3_ST_CW_NEXT_PROTO_A: | ||
| 491 | case SSL3_ST_CW_NEXT_PROTO_B: | ||
| 492 | ret = ssl3_send_next_proto(s); | ||
| 493 | if (ret <= 0) | ||
| 494 | goto end; | ||
| 495 | s->state = SSL3_ST_CW_FINISHED_A; | ||
| 496 | break; | ||
| 497 | |||
| 498 | case SSL3_ST_CW_FINISHED_A: | ||
| 499 | case SSL3_ST_CW_FINISHED_B: | ||
| 500 | ret = ssl3_send_finished(s, SSL3_ST_CW_FINISHED_A, | ||
| 501 | SSL3_ST_CW_FINISHED_B, | ||
| 502 | s->method->ssl3_enc->client_finished_label, | ||
| 503 | s->method->ssl3_enc->client_finished_label_len); | ||
| 504 | if (ret <= 0) | ||
| 505 | goto end; | ||
| 506 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 507 | s->state = SSL3_ST_CW_FLUSH; | ||
| 508 | |||
| 509 | /* clear flags */ | ||
| 510 | s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER; | ||
| 511 | if (s->hit) { | ||
| 512 | s->s3->tmp.next_state = SSL_ST_OK; | ||
| 513 | if (s->s3->flags & | ||
| 514 | SSL3_FLAGS_DELAY_CLIENT_FINISHED) { | ||
| 515 | s->state = SSL_ST_OK; | ||
| 516 | s->s3->flags|=SSL3_FLAGS_POP_BUFFER; | ||
| 517 | s->s3->delay_buf_pop_ret = 0; | ||
| 518 | } | ||
| 519 | } else { | ||
| 520 | /* Allow NewSessionTicket if ticket expected */ | ||
| 521 | if (s->tlsext_ticket_expected) | ||
| 522 | s->s3->tmp.next_state = | ||
| 523 | SSL3_ST_CR_SESSION_TICKET_A; | ||
| 524 | else | ||
| 525 | |||
| 526 | s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; | ||
| 527 | } | ||
| 528 | s->init_num = 0; | ||
| 529 | break; | ||
| 530 | |||
| 531 | case SSL3_ST_CR_SESSION_TICKET_A: | ||
| 532 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 533 | ret = ssl3_get_new_session_ticket(s); | ||
| 534 | if (ret <= 0) | ||
| 535 | goto end; | ||
| 536 | s->state = SSL3_ST_CR_FINISHED_A; | ||
| 537 | s->init_num = 0; | ||
| 538 | break; | ||
| 539 | |||
| 540 | case SSL3_ST_CR_CERT_STATUS_A: | ||
| 541 | case SSL3_ST_CR_CERT_STATUS_B: | ||
| 542 | ret = ssl3_get_cert_status(s); | ||
| 543 | if (ret <= 0) | ||
| 544 | goto end; | ||
| 545 | s->state = SSL3_ST_CR_KEY_EXCH_A; | ||
| 546 | s->init_num = 0; | ||
| 547 | break; | ||
| 548 | |||
| 549 | case SSL3_ST_CR_FINISHED_A: | ||
| 550 | case SSL3_ST_CR_FINISHED_B: | ||
| 551 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 552 | ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, | ||
| 553 | SSL3_ST_CR_FINISHED_B); | ||
| 554 | if (ret <= 0) | ||
| 555 | goto end; | ||
| 556 | |||
| 557 | if (s->hit) | ||
| 558 | s->state = SSL3_ST_CW_CHANGE_A; | ||
| 559 | else | ||
| 560 | s->state = SSL_ST_OK; | ||
| 561 | s->init_num = 0; | ||
| 562 | break; | ||
| 563 | |||
| 564 | case SSL3_ST_CW_FLUSH: | ||
| 565 | s->rwstate = SSL_WRITING; | ||
| 566 | if (BIO_flush(s->wbio) <= 0) { | ||
| 567 | ret = -1; | ||
| 568 | goto end; | ||
| 569 | } | ||
| 570 | s->rwstate = SSL_NOTHING; | ||
| 571 | s->state = s->s3->tmp.next_state; | ||
| 572 | break; | ||
| 573 | |||
| 574 | case SSL_ST_OK: | ||
| 575 | /* clean a few things up */ | ||
| 576 | ssl3_cleanup_key_block(s); | ||
| 577 | |||
| 578 | if (s->init_buf != NULL) { | ||
| 579 | BUF_MEM_free(s->init_buf); | ||
| 580 | s->init_buf = NULL; | ||
| 581 | } | ||
| 582 | |||
| 583 | /* | ||
| 584 | * If we are not 'joining' the last two packets, | ||
| 585 | * remove the buffering now | ||
| 586 | */ | ||
| 587 | if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) | ||
| 588 | ssl_free_wbio_buffer(s); | ||
| 589 | /* else do it later in ssl3_write */ | ||
| 590 | |||
| 591 | s->init_num = 0; | ||
| 592 | s->renegotiate = 0; | ||
| 593 | s->new_session = 0; | ||
| 594 | |||
| 595 | ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); | ||
| 596 | if (s->hit) | ||
| 597 | s->ctx->stats.sess_hit++; | ||
| 598 | |||
| 599 | ret = 1; | ||
| 600 | /* s->server=0; */ | ||
| 601 | s->handshake_func = ssl3_connect; | ||
| 602 | s->ctx->stats.sess_connect_good++; | ||
| 603 | |||
| 604 | if (cb != NULL) | ||
| 605 | cb(s, SSL_CB_HANDSHAKE_DONE, 1); | ||
| 606 | |||
| 607 | goto end; | ||
| 608 | /* break; */ | ||
| 609 | |||
| 610 | default: | ||
| 611 | SSLerr(SSL_F_SSL3_CONNECT, | ||
| 612 | SSL_R_UNKNOWN_STATE); | ||
| 613 | ret = -1; | ||
| 614 | goto end; | ||
| 615 | /* break; */ | ||
| 616 | } | ||
| 617 | |||
| 618 | /* did we do anything */ | ||
| 619 | if (!s->s3->tmp.reuse_message && !skip) { | ||
| 620 | if (s->debug) { | ||
| 621 | if ((ret = BIO_flush(s->wbio)) <= 0) | ||
| 622 | goto end; | ||
| 623 | } | ||
| 624 | |||
| 625 | if ((cb != NULL) && (s->state != state)) { | ||
| 626 | new_state = s->state; | ||
| 627 | s->state = state; | ||
| 628 | cb(s, SSL_CB_CONNECT_LOOP, 1); | ||
| 629 | s->state = new_state; | ||
| 630 | } | ||
| 631 | } | ||
| 632 | skip = 0; | ||
| 633 | } | ||
| 634 | end: | ||
| 635 | s->in_handshake--; | ||
| 636 | if (buf != NULL) | ||
| 637 | BUF_MEM_free(buf); | ||
| 638 | if (cb != NULL) | ||
| 639 | cb(s, SSL_CB_CONNECT_EXIT, ret); | ||
| 640 | return (ret); | ||
| 641 | } | ||
| 642 | |||
| 643 | |||
| 644 | int | ||
| 645 | ssl3_client_hello(SSL *s) | ||
| 646 | { | ||
| 647 | unsigned char *bufend, *p, *d; | ||
| 648 | int i; | ||
| 649 | |||
| 650 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { | ||
| 651 | SSL_SESSION *sess = s->session; | ||
| 652 | |||
| 653 | if ((sess == NULL) || | ||
| 654 | (sess->ssl_version != s->version) || | ||
| 655 | (!sess->session_id_length && !sess->tlsext_tick) || | ||
| 656 | (sess->not_resumable)) { | ||
| 657 | if (!ssl_get_new_session(s, 0)) | ||
| 658 | goto err; | ||
| 659 | } | ||
| 660 | /* else use the pre-loaded session */ | ||
| 661 | |||
| 662 | arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 663 | |||
| 664 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_HELLO); | ||
| 665 | |||
| 666 | /* | ||
| 667 | * Version indicates the negotiated version: for example from | ||
| 668 | * an SSLv2/v3 compatible client hello). The client_version | ||
| 669 | * field is the maximum version we permit and it is also | ||
| 670 | * used in RSA encrypted premaster secrets. Some servers can | ||
| 671 | * choke if we initially report a higher version then | ||
| 672 | * renegotiate to a lower one in the premaster secret. This | ||
| 673 | * didn't happen with TLS 1.0 as most servers supported it | ||
| 674 | * but it can with TLS 1.1 or later if the server only supports | ||
| 675 | * 1.0. | ||
| 676 | * | ||
| 677 | * Possible scenario with previous logic: | ||
| 678 | * 1. Client hello indicates TLS 1.2 | ||
| 679 | * 2. Server hello says TLS 1.0 | ||
| 680 | * 3. RSA encrypted premaster secret uses 1.2. | ||
| 681 | * 4. Handhaked proceeds using TLS 1.0. | ||
| 682 | * 5. Server sends hello request to renegotiate. | ||
| 683 | * 6. Client hello indicates TLS v1.0 as we now | ||
| 684 | * know that is maximum server supports. | ||
| 685 | * 7. Server chokes on RSA encrypted premaster secret | ||
| 686 | * containing version 1.0. | ||
| 687 | * | ||
| 688 | * For interoperability it should be OK to always use the | ||
| 689 | * maximum version we support in client hello and then rely | ||
| 690 | * on the checking of version to ensure the servers isn't | ||
| 691 | * being inconsistent: for example initially negotiating with | ||
| 692 | * TLS 1.0 and renegotiating with TLS 1.2. We do this by using | ||
| 693 | * client_version in client hello and not resetting it to | ||
| 694 | * the negotiated version. | ||
| 695 | */ | ||
| 696 | *(p++) = s->client_version >> 8; | ||
| 697 | *(p++) = s->client_version & 0xff; | ||
| 698 | |||
| 699 | /* Random stuff */ | ||
| 700 | memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 701 | p += SSL3_RANDOM_SIZE; | ||
| 702 | |||
| 703 | /* Session ID */ | ||
| 704 | if (s->new_session) | ||
| 705 | i = 0; | ||
| 706 | else | ||
| 707 | i = s->session->session_id_length; | ||
| 708 | *(p++) = i; | ||
| 709 | if (i != 0) { | ||
| 710 | if (i > (int)sizeof(s->session->session_id)) { | ||
| 711 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, | ||
| 712 | ERR_R_INTERNAL_ERROR); | ||
| 713 | goto err; | ||
| 714 | } | ||
| 715 | memcpy(p, s->session->session_id, i); | ||
| 716 | p += i; | ||
| 717 | } | ||
| 718 | |||
| 719 | /* Ciphers supported */ | ||
| 720 | i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &p[2]); | ||
| 721 | if (i == 0) { | ||
| 722 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, | ||
| 723 | SSL_R_NO_CIPHERS_AVAILABLE); | ||
| 724 | goto err; | ||
| 725 | } | ||
| 726 | #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH | ||
| 727 | /* | ||
| 728 | * Some servers hang if client hello > 256 bytes | ||
| 729 | * as hack workaround chop number of supported ciphers | ||
| 730 | * to keep it well below this if we use TLS v1.2 | ||
| 731 | */ | ||
| 732 | if (TLS1_get_version(s) >= TLS1_2_VERSION && | ||
| 733 | i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) | ||
| 734 | i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; | ||
| 735 | #endif | ||
| 736 | s2n(i, p); | ||
| 737 | p += i; | ||
| 738 | |||
| 739 | /* add in (no) COMPRESSION */ | ||
| 740 | *(p++) = 1; | ||
| 741 | *(p++) = 0; /* Add the NULL method */ | ||
| 742 | |||
| 743 | /* TLS extensions*/ | ||
| 744 | if (ssl_prepare_clienthello_tlsext(s) <= 0) { | ||
| 745 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, | ||
| 746 | SSL_R_CLIENTHELLO_TLSEXT); | ||
| 747 | goto err; | ||
| 748 | } | ||
| 749 | bufend = (unsigned char *)s->init_buf->data + | ||
| 750 | SSL3_RT_MAX_PLAIN_LENGTH; | ||
| 751 | if ((p = ssl_add_clienthello_tlsext(s, p, bufend)) == NULL) { | ||
| 752 | SSLerr(SSL_F_SSL3_CLIENT_HELLO, | ||
| 753 | ERR_R_INTERNAL_ERROR); | ||
| 754 | goto err; | ||
| 755 | } | ||
| 756 | |||
| 757 | s->state = SSL3_ST_CW_CLNT_HELLO_B; | ||
| 758 | |||
| 759 | ssl3_handshake_msg_finish(s, p - d); | ||
| 760 | } | ||
| 761 | |||
| 762 | /* SSL3_ST_CW_CLNT_HELLO_B */ | ||
| 763 | return (ssl3_handshake_write(s)); | ||
| 764 | |||
| 765 | err: | ||
| 766 | return (-1); | ||
| 767 | } | ||
| 768 | |||
| 769 | int | ||
| 770 | ssl3_get_server_hello(SSL *s) | ||
| 771 | { | ||
| 772 | STACK_OF(SSL_CIPHER) *sk; | ||
| 773 | const SSL_CIPHER *c; | ||
| 774 | unsigned char *p, *q, *d; | ||
| 775 | int i, al, ok; | ||
| 776 | unsigned int j; | ||
| 777 | uint16_t cipher_value; | ||
| 778 | long n; | ||
| 779 | unsigned long alg_k; | ||
| 780 | |||
| 781 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, | ||
| 782 | SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); | ||
| 783 | |||
| 784 | if (!ok) | ||
| 785 | return ((int)n); | ||
| 786 | |||
| 787 | if (SSL_IS_DTLS(s)) { | ||
| 788 | if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { | ||
| 789 | if (s->d1->send_cookie == 0) { | ||
| 790 | s->s3->tmp.reuse_message = 1; | ||
| 791 | return (1); | ||
| 792 | } else { | ||
| 793 | /* Already sent a cookie. */ | ||
| 794 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 795 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 796 | SSL_R_BAD_MESSAGE_TYPE); | ||
| 797 | goto f_err; | ||
| 798 | } | ||
| 799 | } | ||
| 800 | } | ||
| 801 | |||
| 802 | if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) { | ||
| 803 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 804 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 805 | SSL_R_BAD_MESSAGE_TYPE); | ||
| 806 | goto f_err; | ||
| 807 | } | ||
| 808 | |||
| 809 | d = p = (unsigned char *)s->init_msg; | ||
| 810 | |||
| 811 | if (2 > n) | ||
| 812 | goto truncated; | ||
| 813 | if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { | ||
| 814 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); | ||
| 815 | s->version = (s->version&0xff00) | p[1]; | ||
| 816 | al = SSL_AD_PROTOCOL_VERSION; | ||
| 817 | goto f_err; | ||
| 818 | } | ||
| 819 | p += 2; | ||
| 820 | |||
| 821 | /* load the server hello data */ | ||
| 822 | |||
| 823 | if (p + SSL3_RANDOM_SIZE + 1 - d > n) | ||
| 824 | goto truncated; | ||
| 825 | |||
| 826 | /* load the server random */ | ||
| 827 | memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE); | ||
| 828 | p += SSL3_RANDOM_SIZE; | ||
| 829 | |||
| 830 | /* get the session-id */ | ||
| 831 | j = *(p++); | ||
| 832 | |||
| 833 | if ((j > sizeof s->session->session_id) || | ||
| 834 | (j > SSL3_SESSION_ID_SIZE)) { | ||
| 835 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 836 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 837 | SSL_R_SSL3_SESSION_ID_TOO_LONG); | ||
| 838 | goto f_err; | ||
| 839 | } | ||
| 840 | |||
| 841 | if (p + j + 2 - d > n) | ||
| 842 | goto truncated; | ||
| 843 | |||
| 844 | /* Get the cipher value. */ | ||
| 845 | q = p + j; | ||
| 846 | n2s(q, cipher_value); | ||
| 847 | |||
| 848 | /* | ||
| 849 | * Check if we want to resume the session based on external | ||
| 850 | * pre-shared secret | ||
| 851 | */ | ||
| 852 | if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { | ||
| 853 | SSL_CIPHER *pref_cipher = NULL; | ||
| 854 | s->session->master_key_length = sizeof(s->session->master_key); | ||
| 855 | if (s->tls_session_secret_cb(s, s->session->master_key, | ||
| 856 | &s->session->master_key_length, NULL, &pref_cipher, | ||
| 857 | s->tls_session_secret_cb_arg)) { | ||
| 858 | s->session->cipher = pref_cipher ? pref_cipher : | ||
| 859 | ssl3_get_cipher_by_value(cipher_value); | ||
| 860 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 861 | } | ||
| 862 | } | ||
| 863 | |||
| 864 | if (j != 0 && j == s->session->session_id_length && | ||
| 865 | timingsafe_memcmp(p, s->session->session_id, j) == 0) { | ||
| 866 | if (s->sid_ctx_length != s->session->sid_ctx_length || | ||
| 867 | timingsafe_memcmp(s->session->sid_ctx, | ||
| 868 | s->sid_ctx, s->sid_ctx_length) != 0) { | ||
| 869 | /* actually a client application bug */ | ||
| 870 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 871 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 872 | SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
| 873 | goto f_err; | ||
| 874 | } | ||
| 875 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 876 | s->hit = 1; | ||
| 877 | } else { | ||
| 878 | /* a miss or crap from the other end */ | ||
| 879 | |||
| 880 | /* If we were trying for session-id reuse, make a new | ||
| 881 | * SSL_SESSION so we don't stuff up other people */ | ||
| 882 | s->hit = 0; | ||
| 883 | if (s->session->session_id_length > 0) { | ||
| 884 | if (!ssl_get_new_session(s, 0)) { | ||
| 885 | al = SSL_AD_INTERNAL_ERROR; | ||
| 886 | goto f_err; | ||
| 887 | } | ||
| 888 | } | ||
| 889 | s->session->session_id_length = j; | ||
| 890 | memcpy(s->session->session_id, p, j); /* j could be 0 */ | ||
| 891 | } | ||
| 892 | p += j; | ||
| 893 | |||
| 894 | if ((c = ssl3_get_cipher_by_value(cipher_value)) == NULL) { | ||
| 895 | /* unknown cipher */ | ||
| 896 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 897 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 898 | SSL_R_UNKNOWN_CIPHER_RETURNED); | ||
| 899 | goto f_err; | ||
| 900 | } | ||
| 901 | |||
| 902 | /* TLS v1.2 only ciphersuites require v1.2 or later */ | ||
| 903 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | ||
| 904 | (TLS1_get_version(s) < TLS1_2_VERSION)) { | ||
| 905 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 906 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 907 | SSL_R_WRONG_CIPHER_RETURNED); | ||
| 908 | goto f_err; | ||
| 909 | } | ||
| 910 | p += SSL3_CIPHER_VALUE_SIZE; | ||
| 911 | |||
| 912 | sk = ssl_get_ciphers_by_id(s); | ||
| 913 | i = sk_SSL_CIPHER_find(sk, c); | ||
| 914 | if (i < 0) { | ||
| 915 | /* we did not say we would use this cipher */ | ||
| 916 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 917 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 918 | SSL_R_WRONG_CIPHER_RETURNED); | ||
| 919 | goto f_err; | ||
| 920 | } | ||
| 921 | |||
| 922 | /* | ||
| 923 | * Depending on the session caching (internal/external), the cipher | ||
| 924 | * and/or cipher_id values may not be set. Make sure that | ||
| 925 | * cipher_id is set and use it for comparison. | ||
| 926 | */ | ||
| 927 | if (s->session->cipher) | ||
| 928 | s->session->cipher_id = s->session->cipher->id; | ||
| 929 | if (s->hit && (s->session->cipher_id != c->id)) { | ||
| 930 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 931 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 932 | SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); | ||
| 933 | goto f_err; | ||
| 934 | } | ||
| 935 | s->s3->tmp.new_cipher = c; | ||
| 936 | /* | ||
| 937 | * Don't digest cached records if no sigalgs: we may need them for | ||
| 938 | * client authentication. | ||
| 939 | */ | ||
| 940 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 941 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) && | ||
| 942 | !ssl3_digest_cached_records(s)) { | ||
| 943 | al = SSL_AD_INTERNAL_ERROR; | ||
| 944 | goto f_err; | ||
| 945 | } | ||
| 946 | /* lets get the compression algorithm */ | ||
| 947 | /* COMPRESSION */ | ||
| 948 | if (p + 1 - d > n) | ||
| 949 | goto truncated; | ||
| 950 | if (*(p++) != 0) { | ||
| 951 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 952 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 953 | SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | ||
| 954 | goto f_err; | ||
| 955 | } | ||
| 956 | |||
| 957 | /* TLS extensions*/ | ||
| 958 | if (s->version >= SSL3_VERSION) { | ||
| 959 | if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) { | ||
| 960 | /* 'al' set by ssl_parse_serverhello_tlsext */ | ||
| 961 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 962 | SSL_R_PARSE_TLSEXT); | ||
| 963 | goto f_err; | ||
| 964 | |||
| 965 | } | ||
| 966 | if (ssl_check_serverhello_tlsext(s) <= 0) { | ||
| 967 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, | ||
| 968 | SSL_R_SERVERHELLO_TLSEXT); | ||
| 969 | goto err; | ||
| 970 | } | ||
| 971 | } | ||
| 972 | |||
| 973 | if (p != d + n) | ||
| 974 | goto truncated; | ||
| 975 | |||
| 976 | return (1); | ||
| 977 | |||
| 978 | truncated: | ||
| 979 | /* wrong packet length */ | ||
| 980 | al = SSL_AD_DECODE_ERROR; | ||
| 981 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH); | ||
| 982 | f_err: | ||
| 983 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 984 | err: | ||
| 985 | return (-1); | ||
| 986 | } | ||
| 987 | |||
| 988 | int | ||
| 989 | ssl3_get_server_certificate(SSL *s) | ||
| 990 | { | ||
| 991 | int al, i, ok, ret = -1; | ||
| 992 | unsigned long n, nc, llen, l; | ||
| 993 | X509 *x = NULL; | ||
| 994 | const unsigned char *q, *p; | ||
| 995 | unsigned char *d; | ||
| 996 | STACK_OF(X509) *sk = NULL; | ||
| 997 | SESS_CERT *sc; | ||
| 998 | EVP_PKEY *pkey = NULL; | ||
| 999 | |||
| 1000 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, | ||
| 1001 | SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); | ||
| 1002 | |||
| 1003 | if (!ok) | ||
| 1004 | return ((int)n); | ||
| 1005 | |||
| 1006 | if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { | ||
| 1007 | s->s3->tmp.reuse_message = 1; | ||
| 1008 | return (1); | ||
| 1009 | } | ||
| 1010 | |||
| 1011 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { | ||
| 1012 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1013 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1014 | SSL_R_BAD_MESSAGE_TYPE); | ||
| 1015 | goto f_err; | ||
| 1016 | } | ||
| 1017 | p = d = (unsigned char *)s->init_msg; | ||
| 1018 | |||
| 1019 | if ((sk = sk_X509_new_null()) == NULL) { | ||
| 1020 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1021 | ERR_R_MALLOC_FAILURE); | ||
| 1022 | goto err; | ||
| 1023 | } | ||
| 1024 | |||
| 1025 | if (p + 3 - d > n) | ||
| 1026 | goto truncated; | ||
| 1027 | n2l3(p, llen); | ||
| 1028 | if (llen + 3 != n) { | ||
| 1029 | al = SSL_AD_DECODE_ERROR; | ||
| 1030 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1031 | SSL_R_LENGTH_MISMATCH); | ||
| 1032 | goto f_err; | ||
| 1033 | } | ||
| 1034 | for (nc = 0; nc < llen; ) { | ||
| 1035 | if (p + 3 - d > n) | ||
| 1036 | goto truncated; | ||
| 1037 | n2l3(p, l); | ||
| 1038 | if ((l + nc + 3) > llen) { | ||
| 1039 | al = SSL_AD_DECODE_ERROR; | ||
| 1040 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1041 | SSL_R_CERT_LENGTH_MISMATCH); | ||
| 1042 | goto f_err; | ||
| 1043 | } | ||
| 1044 | |||
| 1045 | q = p; | ||
| 1046 | x = d2i_X509(NULL, &q, l); | ||
| 1047 | if (x == NULL) { | ||
| 1048 | al = SSL_AD_BAD_CERTIFICATE; | ||
| 1049 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1050 | ERR_R_ASN1_LIB); | ||
| 1051 | goto f_err; | ||
| 1052 | } | ||
| 1053 | if (q != (p + l)) { | ||
| 1054 | al = SSL_AD_DECODE_ERROR; | ||
| 1055 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1056 | SSL_R_CERT_LENGTH_MISMATCH); | ||
| 1057 | goto f_err; | ||
| 1058 | } | ||
| 1059 | if (!sk_X509_push(sk, x)) { | ||
| 1060 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1061 | ERR_R_MALLOC_FAILURE); | ||
| 1062 | goto err; | ||
| 1063 | } | ||
| 1064 | x = NULL; | ||
| 1065 | nc += l + 3; | ||
| 1066 | p = q; | ||
| 1067 | } | ||
| 1068 | |||
| 1069 | i = ssl_verify_cert_chain(s, sk); | ||
| 1070 | if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { | ||
| 1071 | al = ssl_verify_alarm_type(s->verify_result); | ||
| 1072 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1073 | SSL_R_CERTIFICATE_VERIFY_FAILED); | ||
| 1074 | goto f_err; | ||
| 1075 | |||
| 1076 | } | ||
| 1077 | ERR_clear_error(); /* but we keep s->verify_result */ | ||
| 1078 | |||
| 1079 | sc = ssl_sess_cert_new(); | ||
| 1080 | if (sc == NULL) | ||
| 1081 | goto err; | ||
| 1082 | if (s->session->sess_cert) | ||
| 1083 | ssl_sess_cert_free(s->session->sess_cert); | ||
| 1084 | s->session->sess_cert = sc; | ||
| 1085 | |||
| 1086 | sc->cert_chain = sk; | ||
| 1087 | /* | ||
| 1088 | * Inconsistency alert: cert_chain does include the peer's | ||
| 1089 | * certificate, which we don't include in s3_srvr.c | ||
| 1090 | */ | ||
| 1091 | x = sk_X509_value(sk, 0); | ||
| 1092 | sk = NULL; | ||
| 1093 | /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ | ||
| 1094 | |||
| 1095 | pkey = X509_get_pubkey(x); | ||
| 1096 | |||
| 1097 | if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { | ||
| 1098 | x = NULL; | ||
| 1099 | al = SSL3_AL_FATAL; | ||
| 1100 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1101 | SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); | ||
| 1102 | goto f_err; | ||
| 1103 | } | ||
| 1104 | |||
| 1105 | i = ssl_cert_type(x, pkey); | ||
| 1106 | if (i < 0) { | ||
| 1107 | x = NULL; | ||
| 1108 | al = SSL3_AL_FATAL; | ||
| 1109 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1110 | SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 1111 | goto f_err; | ||
| 1112 | } | ||
| 1113 | |||
| 1114 | sc->peer_cert_type = i; | ||
| 1115 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | ||
| 1116 | /* | ||
| 1117 | * Why would the following ever happen? | ||
| 1118 | * We just created sc a couple of lines ago. | ||
| 1119 | */ | ||
| 1120 | if (sc->peer_pkeys[i].x509 != NULL) | ||
| 1121 | X509_free(sc->peer_pkeys[i].x509); | ||
| 1122 | sc->peer_pkeys[i].x509 = x; | ||
| 1123 | sc->peer_key = &(sc->peer_pkeys[i]); | ||
| 1124 | |||
| 1125 | if (s->session->peer != NULL) | ||
| 1126 | X509_free(s->session->peer); | ||
| 1127 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | ||
| 1128 | s->session->peer = x; | ||
| 1129 | s->session->verify_result = s->verify_result; | ||
| 1130 | |||
| 1131 | x = NULL; | ||
| 1132 | ret = 1; | ||
| 1133 | |||
| 1134 | if (0) { | ||
| 1135 | truncated: | ||
| 1136 | /* wrong packet length */ | ||
| 1137 | al = SSL_AD_DECODE_ERROR; | ||
| 1138 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | ||
| 1139 | SSL_R_BAD_PACKET_LENGTH); | ||
| 1140 | f_err: | ||
| 1141 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1142 | } | ||
| 1143 | err: | ||
| 1144 | EVP_PKEY_free(pkey); | ||
| 1145 | X509_free(x); | ||
| 1146 | sk_X509_pop_free(sk, X509_free); | ||
| 1147 | return (ret); | ||
| 1148 | } | ||
| 1149 | |||
| 1150 | int | ||
| 1151 | ssl3_get_key_exchange(SSL *s) | ||
| 1152 | { | ||
| 1153 | unsigned char *q, md_buf[EVP_MAX_MD_SIZE*2]; | ||
| 1154 | EVP_MD_CTX md_ctx; | ||
| 1155 | unsigned char *param, *p; | ||
| 1156 | int al, i, j, param_len, ok; | ||
| 1157 | long n, alg_k, alg_a; | ||
| 1158 | EVP_PKEY *pkey = NULL; | ||
| 1159 | const EVP_MD *md = NULL; | ||
| 1160 | RSA *rsa = NULL; | ||
| 1161 | DH *dh = NULL; | ||
| 1162 | EC_KEY *ecdh = NULL; | ||
| 1163 | BN_CTX *bn_ctx = NULL; | ||
| 1164 | EC_POINT *srvr_ecpoint = NULL; | ||
| 1165 | int curve_nid = 0; | ||
| 1166 | int encoded_pt_len = 0; | ||
| 1167 | |||
| 1168 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 1169 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 1170 | |||
| 1171 | EVP_MD_CTX_init(&md_ctx); | ||
| 1172 | |||
| 1173 | /* | ||
| 1174 | * Use same message size as in ssl3_get_certificate_request() | ||
| 1175 | * as ServerKeyExchange message may be skipped. | ||
| 1176 | */ | ||
| 1177 | n = s->method->ssl_get_message(s, SSL3_ST_CR_KEY_EXCH_A, | ||
| 1178 | SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list, &ok); | ||
| 1179 | if (!ok) | ||
| 1180 | return ((int)n); | ||
| 1181 | |||
| 1182 | if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { | ||
| 1183 | /* | ||
| 1184 | * Do not skip server key exchange if this cipher suite uses | ||
| 1185 | * ephemeral keys. | ||
| 1186 | */ | ||
| 1187 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { | ||
| 1188 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1189 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 1190 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1191 | goto f_err; | ||
| 1192 | } | ||
| 1193 | |||
| 1194 | s->s3->tmp.reuse_message = 1; | ||
| 1195 | return (1); | ||
| 1196 | } | ||
| 1197 | |||
| 1198 | if (s->session->sess_cert != NULL) { | ||
| 1199 | DH_free(s->session->sess_cert->peer_dh_tmp); | ||
| 1200 | s->session->sess_cert->peer_dh_tmp = NULL; | ||
| 1201 | |||
| 1202 | EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); | ||
| 1203 | s->session->sess_cert->peer_ecdh_tmp = NULL; | ||
| 1204 | } else { | ||
| 1205 | s->session->sess_cert = ssl_sess_cert_new(); | ||
| 1206 | if (s->session->sess_cert == NULL) | ||
| 1207 | goto err; | ||
| 1208 | } | ||
| 1209 | |||
| 1210 | param = p = (unsigned char *)s->init_msg; | ||
| 1211 | param_len = 0; | ||
| 1212 | |||
| 1213 | if (alg_k & SSL_kDHE) { | ||
| 1214 | if ((dh = DH_new()) == NULL) { | ||
| 1215 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1216 | ERR_R_DH_LIB); | ||
| 1217 | goto err; | ||
| 1218 | } | ||
| 1219 | if (2 > n) | ||
| 1220 | goto truncated; | ||
| 1221 | n2s(p, i); | ||
| 1222 | param_len = i + 2; | ||
| 1223 | if (param_len > n) { | ||
| 1224 | al = SSL_AD_DECODE_ERROR; | ||
| 1225 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1226 | SSL_R_BAD_DH_P_LENGTH); | ||
| 1227 | goto f_err; | ||
| 1228 | } | ||
| 1229 | if (!(dh->p = BN_bin2bn(p, i, NULL))) { | ||
| 1230 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1231 | ERR_R_BN_LIB); | ||
| 1232 | goto err; | ||
| 1233 | } | ||
| 1234 | p += i; | ||
| 1235 | |||
| 1236 | if (param_len + 2 > n) | ||
| 1237 | goto truncated; | ||
| 1238 | n2s(p, i); | ||
| 1239 | param_len += i + 2; | ||
| 1240 | if (param_len > n) { | ||
| 1241 | al = SSL_AD_DECODE_ERROR; | ||
| 1242 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1243 | SSL_R_BAD_DH_G_LENGTH); | ||
| 1244 | goto f_err; | ||
| 1245 | } | ||
| 1246 | if (!(dh->g = BN_bin2bn(p, i, NULL))) { | ||
| 1247 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1248 | ERR_R_BN_LIB); | ||
| 1249 | goto err; | ||
| 1250 | } | ||
| 1251 | p += i; | ||
| 1252 | |||
| 1253 | if (param_len + 2 > n) | ||
| 1254 | goto truncated; | ||
| 1255 | n2s(p, i); | ||
| 1256 | param_len += i + 2; | ||
| 1257 | if (param_len > n) { | ||
| 1258 | al = SSL_AD_DECODE_ERROR; | ||
| 1259 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1260 | SSL_R_BAD_DH_PUB_KEY_LENGTH); | ||
| 1261 | goto f_err; | ||
| 1262 | } | ||
| 1263 | if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) { | ||
| 1264 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1265 | ERR_R_BN_LIB); | ||
| 1266 | goto err; | ||
| 1267 | } | ||
| 1268 | p += i; | ||
| 1269 | n -= param_len; | ||
| 1270 | |||
| 1271 | /* | ||
| 1272 | * Check the strength of the DH key just constructed. | ||
| 1273 | * Discard keys weaker than 1024 bits. | ||
| 1274 | */ | ||
| 1275 | |||
| 1276 | if (DH_size(dh) < 1024 / 8) { | ||
| 1277 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1278 | SSL_R_BAD_DH_P_LENGTH); | ||
| 1279 | goto err; | ||
| 1280 | } | ||
| 1281 | |||
| 1282 | if (alg_a & SSL_aRSA) | ||
| 1283 | pkey = X509_get_pubkey( | ||
| 1284 | s->session->sess_cert->peer_pkeys[ | ||
| 1285 | SSL_PKEY_RSA_ENC].x509); | ||
| 1286 | else if (alg_a & SSL_aDSS) | ||
| 1287 | pkey = X509_get_pubkey( | ||
| 1288 | s->session->sess_cert->peer_pkeys[ | ||
| 1289 | SSL_PKEY_DSA_SIGN].x509); | ||
| 1290 | /* else anonymous DH, so no certificate or pkey. */ | ||
| 1291 | |||
| 1292 | s->session->sess_cert->peer_dh_tmp = dh; | ||
| 1293 | dh = NULL; | ||
| 1294 | } else if (alg_k & SSL_kECDHE) { | ||
| 1295 | const EC_GROUP *group; | ||
| 1296 | EC_GROUP *ngroup; | ||
| 1297 | |||
| 1298 | if ((ecdh = EC_KEY_new()) == NULL) { | ||
| 1299 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1300 | ERR_R_MALLOC_FAILURE); | ||
| 1301 | goto err; | ||
| 1302 | } | ||
| 1303 | |||
| 1304 | /* | ||
| 1305 | * Extract elliptic curve parameters and the | ||
| 1306 | * server's ephemeral ECDH public key. | ||
| 1307 | * Keep accumulating lengths of various components in | ||
| 1308 | * param_len and make sure it never exceeds n. | ||
| 1309 | */ | ||
| 1310 | |||
| 1311 | /* | ||
| 1312 | * XXX: For now we only support named (not generic) curves | ||
| 1313 | * and the ECParameters in this case is just three bytes. | ||
| 1314 | */ | ||
| 1315 | param_len = 3; | ||
| 1316 | if (param_len > n) { | ||
| 1317 | al = SSL_AD_DECODE_ERROR; | ||
| 1318 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1319 | SSL_R_LENGTH_TOO_SHORT); | ||
| 1320 | goto f_err; | ||
| 1321 | } | ||
| 1322 | |||
| 1323 | /* | ||
| 1324 | * Check curve is one of our preferences, if not server has | ||
| 1325 | * sent an invalid curve. | ||
| 1326 | */ | ||
| 1327 | if (tls1_check_curve(s, p, param_len) != 1) { | ||
| 1328 | al = SSL_AD_DECODE_ERROR; | ||
| 1329 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_CURVE); | ||
| 1330 | goto f_err; | ||
| 1331 | } | ||
| 1332 | |||
| 1333 | if ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0) { | ||
| 1334 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1335 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1336 | SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); | ||
| 1337 | goto f_err; | ||
| 1338 | } | ||
| 1339 | |||
| 1340 | ngroup = EC_GROUP_new_by_curve_name(curve_nid); | ||
| 1341 | if (ngroup == NULL) { | ||
| 1342 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1343 | ERR_R_EC_LIB); | ||
| 1344 | goto err; | ||
| 1345 | } | ||
| 1346 | if (EC_KEY_set_group(ecdh, ngroup) == 0) { | ||
| 1347 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1348 | ERR_R_EC_LIB); | ||
| 1349 | goto err; | ||
| 1350 | } | ||
| 1351 | EC_GROUP_free(ngroup); | ||
| 1352 | |||
| 1353 | group = EC_KEY_get0_group(ecdh); | ||
| 1354 | |||
| 1355 | p += 3; | ||
| 1356 | |||
| 1357 | /* Next, get the encoded ECPoint */ | ||
| 1358 | if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || | ||
| 1359 | ((bn_ctx = BN_CTX_new()) == NULL)) { | ||
| 1360 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1361 | ERR_R_MALLOC_FAILURE); | ||
| 1362 | goto err; | ||
| 1363 | } | ||
| 1364 | |||
| 1365 | if (param_len + 1 > n) | ||
| 1366 | goto truncated; | ||
| 1367 | encoded_pt_len = *p; | ||
| 1368 | /* length of encoded point */ | ||
| 1369 | p += 1; | ||
| 1370 | param_len += (1 + encoded_pt_len); | ||
| 1371 | if ((param_len > n) || (EC_POINT_oct2point(group, srvr_ecpoint, | ||
| 1372 | p, encoded_pt_len, bn_ctx) == 0)) { | ||
| 1373 | al = SSL_AD_DECODE_ERROR; | ||
| 1374 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1375 | SSL_R_BAD_ECPOINT); | ||
| 1376 | goto f_err; | ||
| 1377 | } | ||
| 1378 | |||
| 1379 | n -= param_len; | ||
| 1380 | p += encoded_pt_len; | ||
| 1381 | |||
| 1382 | /* | ||
| 1383 | * The ECC/TLS specification does not mention the use | ||
| 1384 | * of DSA to sign ECParameters in the server key | ||
| 1385 | * exchange message. We do support RSA and ECDSA. | ||
| 1386 | */ | ||
| 1387 | if (alg_a & SSL_aRSA) | ||
| 1388 | pkey = X509_get_pubkey( | ||
| 1389 | s->session->sess_cert->peer_pkeys[ | ||
| 1390 | SSL_PKEY_RSA_ENC].x509); | ||
| 1391 | else if (alg_a & SSL_aECDSA) | ||
| 1392 | pkey = X509_get_pubkey( | ||
| 1393 | s->session->sess_cert->peer_pkeys[ | ||
| 1394 | SSL_PKEY_ECC].x509); | ||
| 1395 | /* Else anonymous ECDH, so no certificate or pkey. */ | ||
| 1396 | EC_KEY_set_public_key(ecdh, srvr_ecpoint); | ||
| 1397 | s->session->sess_cert->peer_ecdh_tmp = ecdh; | ||
| 1398 | ecdh = NULL; | ||
| 1399 | BN_CTX_free(bn_ctx); | ||
| 1400 | bn_ctx = NULL; | ||
| 1401 | EC_POINT_free(srvr_ecpoint); | ||
| 1402 | srvr_ecpoint = NULL; | ||
| 1403 | } else if (alg_k) { | ||
| 1404 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1405 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1406 | SSL_R_UNEXPECTED_MESSAGE); | ||
| 1407 | goto f_err; | ||
| 1408 | } | ||
| 1409 | |||
| 1410 | /* p points to the next byte, there are 'n' bytes left */ | ||
| 1411 | |||
| 1412 | /* if it was signed, check the signature */ | ||
| 1413 | if (pkey != NULL) { | ||
| 1414 | if (SSL_USE_SIGALGS(s)) { | ||
| 1415 | int sigalg = tls12_get_sigid(pkey); | ||
| 1416 | /* Should never happen */ | ||
| 1417 | if (sigalg == -1) { | ||
| 1418 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1419 | ERR_R_INTERNAL_ERROR); | ||
| 1420 | goto err; | ||
| 1421 | } | ||
| 1422 | /* | ||
| 1423 | * Check key type is consistent | ||
| 1424 | * with signature | ||
| 1425 | */ | ||
| 1426 | if (2 > n) | ||
| 1427 | goto truncated; | ||
| 1428 | if (sigalg != (int)p[1]) { | ||
| 1429 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1430 | SSL_R_WRONG_SIGNATURE_TYPE); | ||
| 1431 | al = SSL_AD_DECODE_ERROR; | ||
| 1432 | goto f_err; | ||
| 1433 | } | ||
| 1434 | md = tls12_get_hash(p[0]); | ||
| 1435 | if (md == NULL) { | ||
| 1436 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1437 | SSL_R_UNKNOWN_DIGEST); | ||
| 1438 | al = SSL_AD_DECODE_ERROR; | ||
| 1439 | goto f_err; | ||
| 1440 | } | ||
| 1441 | p += 2; | ||
| 1442 | n -= 2; | ||
| 1443 | } else | ||
| 1444 | md = EVP_sha1(); | ||
| 1445 | |||
| 1446 | if (2 > n) | ||
| 1447 | goto truncated; | ||
| 1448 | n2s(p, i); | ||
| 1449 | n -= 2; | ||
| 1450 | j = EVP_PKEY_size(pkey); | ||
| 1451 | |||
| 1452 | if (i != n || n > j) { | ||
| 1453 | /* wrong packet length */ | ||
| 1454 | al = SSL_AD_DECODE_ERROR; | ||
| 1455 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1456 | SSL_R_WRONG_SIGNATURE_LENGTH); | ||
| 1457 | goto f_err; | ||
| 1458 | } | ||
| 1459 | |||
| 1460 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { | ||
| 1461 | int num; | ||
| 1462 | |||
| 1463 | j = 0; | ||
| 1464 | q = md_buf; | ||
| 1465 | for (num = 2; num > 0; num--) { | ||
| 1466 | if (!EVP_DigestInit_ex(&md_ctx, | ||
| 1467 | (num == 2) ? s->ctx->md5 : s->ctx->sha1, | ||
| 1468 | NULL)) { | ||
| 1469 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1470 | goto f_err; | ||
| 1471 | } | ||
| 1472 | EVP_DigestUpdate(&md_ctx, | ||
| 1473 | s->s3->client_random, | ||
| 1474 | SSL3_RANDOM_SIZE); | ||
| 1475 | EVP_DigestUpdate(&md_ctx, | ||
| 1476 | s->s3->server_random, | ||
| 1477 | SSL3_RANDOM_SIZE); | ||
| 1478 | EVP_DigestUpdate(&md_ctx, param, param_len); | ||
| 1479 | EVP_DigestFinal_ex(&md_ctx, q, | ||
| 1480 | (unsigned int *)&i); | ||
| 1481 | q += i; | ||
| 1482 | j += i; | ||
| 1483 | } | ||
| 1484 | i = RSA_verify(NID_md5_sha1, md_buf, j, | ||
| 1485 | p, n, pkey->pkey.rsa); | ||
| 1486 | if (i < 0) { | ||
| 1487 | al = SSL_AD_DECRYPT_ERROR; | ||
| 1488 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1489 | SSL_R_BAD_RSA_DECRYPT); | ||
| 1490 | goto f_err; | ||
| 1491 | } | ||
| 1492 | if (i == 0) { | ||
| 1493 | /* bad signature */ | ||
| 1494 | al = SSL_AD_DECRYPT_ERROR; | ||
| 1495 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1496 | SSL_R_BAD_SIGNATURE); | ||
| 1497 | goto f_err; | ||
| 1498 | } | ||
| 1499 | } else { | ||
| 1500 | EVP_VerifyInit_ex(&md_ctx, md, NULL); | ||
| 1501 | EVP_VerifyUpdate(&md_ctx, s->s3->client_random, | ||
| 1502 | SSL3_RANDOM_SIZE); | ||
| 1503 | EVP_VerifyUpdate(&md_ctx, s->s3->server_random, | ||
| 1504 | SSL3_RANDOM_SIZE); | ||
| 1505 | EVP_VerifyUpdate(&md_ctx, param, param_len); | ||
| 1506 | if (EVP_VerifyFinal(&md_ctx, p,(int)n, pkey) <= 0) { | ||
| 1507 | /* bad signature */ | ||
| 1508 | al = SSL_AD_DECRYPT_ERROR; | ||
| 1509 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1510 | SSL_R_BAD_SIGNATURE); | ||
| 1511 | goto f_err; | ||
| 1512 | } | ||
| 1513 | } | ||
| 1514 | } else { | ||
| 1515 | /* aNULL does not need public keys. */ | ||
| 1516 | if (!(alg_a & SSL_aNULL)) { | ||
| 1517 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1518 | ERR_R_INTERNAL_ERROR); | ||
| 1519 | goto err; | ||
| 1520 | } | ||
| 1521 | /* still data left over */ | ||
| 1522 | if (n != 0) { | ||
| 1523 | al = SSL_AD_DECODE_ERROR; | ||
| 1524 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, | ||
| 1525 | SSL_R_EXTRA_DATA_IN_MESSAGE); | ||
| 1526 | goto f_err; | ||
| 1527 | } | ||
| 1528 | } | ||
| 1529 | EVP_PKEY_free(pkey); | ||
| 1530 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1531 | return (1); | ||
| 1532 | truncated: | ||
| 1533 | /* wrong packet length */ | ||
| 1534 | al = SSL_AD_DECODE_ERROR; | ||
| 1535 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); | ||
| 1536 | f_err: | ||
| 1537 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1538 | err: | ||
| 1539 | EVP_PKEY_free(pkey); | ||
| 1540 | RSA_free(rsa); | ||
| 1541 | DH_free(dh); | ||
| 1542 | BN_CTX_free(bn_ctx); | ||
| 1543 | EC_POINT_free(srvr_ecpoint); | ||
| 1544 | EC_KEY_free(ecdh); | ||
| 1545 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1546 | return (-1); | ||
| 1547 | } | ||
| 1548 | |||
| 1549 | int | ||
| 1550 | ssl3_get_certificate_request(SSL *s) | ||
| 1551 | { | ||
| 1552 | int ok, ret = 0; | ||
| 1553 | unsigned long n, nc, l; | ||
| 1554 | unsigned int llen, ctype_num, i; | ||
| 1555 | X509_NAME *xn = NULL; | ||
| 1556 | const unsigned char *p, *q; | ||
| 1557 | unsigned char *d; | ||
| 1558 | STACK_OF(X509_NAME) *ca_sk = NULL; | ||
| 1559 | |||
| 1560 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_REQ_A, | ||
| 1561 | SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list, &ok); | ||
| 1562 | |||
| 1563 | if (!ok) | ||
| 1564 | return ((int)n); | ||
| 1565 | |||
| 1566 | s->s3->tmp.cert_req = 0; | ||
| 1567 | |||
| 1568 | if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) { | ||
| 1569 | s->s3->tmp.reuse_message = 1; | ||
| 1570 | /* | ||
| 1571 | * If we get here we don't need any cached handshake records | ||
| 1572 | * as we wont be doing client auth. | ||
| 1573 | */ | ||
| 1574 | if (s->s3->handshake_buffer) { | ||
| 1575 | if (!ssl3_digest_cached_records(s)) | ||
| 1576 | goto err; | ||
| 1577 | } | ||
| 1578 | return (1); | ||
| 1579 | } | ||
| 1580 | |||
| 1581 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) { | ||
| 1582 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); | ||
| 1583 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1584 | SSL_R_WRONG_MESSAGE_TYPE); | ||
| 1585 | goto err; | ||
| 1586 | } | ||
| 1587 | |||
| 1588 | /* TLS does not like anon-DH with client cert */ | ||
| 1589 | if (s->version > SSL3_VERSION) { | ||
| 1590 | if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { | ||
| 1591 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1592 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 1593 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1594 | SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); | ||
| 1595 | goto err; | ||
| 1596 | } | ||
| 1597 | } | ||
| 1598 | |||
| 1599 | p = d = (unsigned char *)s->init_msg; | ||
| 1600 | |||
| 1601 | if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) { | ||
| 1602 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1603 | ERR_R_MALLOC_FAILURE); | ||
| 1604 | goto err; | ||
| 1605 | } | ||
| 1606 | |||
| 1607 | /* get the certificate types */ | ||
| 1608 | if (1 > n) | ||
| 1609 | goto truncated; | ||
| 1610 | ctype_num= *(p++); | ||
| 1611 | if (ctype_num > SSL3_CT_NUMBER) | ||
| 1612 | ctype_num = SSL3_CT_NUMBER; | ||
| 1613 | if (p + ctype_num - d > n) { | ||
| 1614 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1615 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1616 | goto err; | ||
| 1617 | } | ||
| 1618 | |||
| 1619 | for (i = 0; i < ctype_num; i++) | ||
| 1620 | s->s3->tmp.ctype[i] = p[i]; | ||
| 1621 | p += ctype_num; | ||
| 1622 | if (SSL_USE_SIGALGS(s)) { | ||
| 1623 | if (p + 2 - d > n) { | ||
| 1624 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1625 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1626 | goto err; | ||
| 1627 | } | ||
| 1628 | n2s(p, llen); | ||
| 1629 | /* Check we have enough room for signature algorithms and | ||
| 1630 | * following length value. | ||
| 1631 | */ | ||
| 1632 | if ((unsigned long)(p - d + llen + 2) > n) { | ||
| 1633 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1634 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1635 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1636 | goto err; | ||
| 1637 | } | ||
| 1638 | if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) { | ||
| 1639 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1640 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1641 | SSL_R_SIGNATURE_ALGORITHMS_ERROR); | ||
| 1642 | goto err; | ||
| 1643 | } | ||
| 1644 | p += llen; | ||
| 1645 | } | ||
| 1646 | |||
| 1647 | /* get the CA RDNs */ | ||
| 1648 | if (p + 2 - d > n) { | ||
| 1649 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1650 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1651 | goto err; | ||
| 1652 | } | ||
| 1653 | n2s(p, llen); | ||
| 1654 | |||
| 1655 | if ((unsigned long)(p - d + llen) != n) { | ||
| 1656 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1657 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1658 | SSL_R_LENGTH_MISMATCH); | ||
| 1659 | goto err; | ||
| 1660 | } | ||
| 1661 | |||
| 1662 | for (nc = 0; nc < llen; ) { | ||
| 1663 | if (p + 2 - d > n) { | ||
| 1664 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1665 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1666 | goto err; | ||
| 1667 | } | ||
| 1668 | n2s(p, l); | ||
| 1669 | if ((l + nc + 2) > llen) { | ||
| 1670 | if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) | ||
| 1671 | goto cont; /* netscape bugs */ | ||
| 1672 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1673 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1674 | SSL_R_CA_DN_TOO_LONG); | ||
| 1675 | goto err; | ||
| 1676 | } | ||
| 1677 | |||
| 1678 | q = p; | ||
| 1679 | |||
| 1680 | if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) { | ||
| 1681 | /* If netscape tolerance is on, ignore errors */ | ||
| 1682 | if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) | ||
| 1683 | goto cont; | ||
| 1684 | else { | ||
| 1685 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1686 | SSL_AD_DECODE_ERROR); | ||
| 1687 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1688 | ERR_R_ASN1_LIB); | ||
| 1689 | goto err; | ||
| 1690 | } | ||
| 1691 | } | ||
| 1692 | |||
| 1693 | if (q != (p + l)) { | ||
| 1694 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1695 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1696 | SSL_R_CA_DN_LENGTH_MISMATCH); | ||
| 1697 | goto err; | ||
| 1698 | } | ||
| 1699 | if (!sk_X509_NAME_push(ca_sk, xn)) { | ||
| 1700 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1701 | ERR_R_MALLOC_FAILURE); | ||
| 1702 | goto err; | ||
| 1703 | } | ||
| 1704 | |||
| 1705 | p += l; | ||
| 1706 | nc += l + 2; | ||
| 1707 | } | ||
| 1708 | |||
| 1709 | if (0) { | ||
| 1710 | cont: | ||
| 1711 | ERR_clear_error(); | ||
| 1712 | } | ||
| 1713 | |||
| 1714 | /* we should setup a certificate to return.... */ | ||
| 1715 | s->s3->tmp.cert_req = 1; | ||
| 1716 | s->s3->tmp.ctype_num = ctype_num; | ||
| 1717 | if (s->s3->tmp.ca_names != NULL) | ||
| 1718 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); | ||
| 1719 | s->s3->tmp.ca_names = ca_sk; | ||
| 1720 | ca_sk = NULL; | ||
| 1721 | |||
| 1722 | ret = 1; | ||
| 1723 | if (0) { | ||
| 1724 | truncated: | ||
| 1725 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, | ||
| 1726 | SSL_R_BAD_PACKET_LENGTH); | ||
| 1727 | } | ||
| 1728 | err: | ||
| 1729 | if (ca_sk != NULL) | ||
| 1730 | sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); | ||
| 1731 | return (ret); | ||
| 1732 | } | ||
| 1733 | |||
| 1734 | static int | ||
| 1735 | ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 1736 | { | ||
| 1737 | return (X509_NAME_cmp(*a, *b)); | ||
| 1738 | } | ||
| 1739 | |||
| 1740 | int | ||
| 1741 | ssl3_get_new_session_ticket(SSL *s) | ||
| 1742 | { | ||
| 1743 | int ok, al, ret = 0, ticklen; | ||
| 1744 | long n; | ||
| 1745 | const unsigned char *p; | ||
| 1746 | unsigned char *d; | ||
| 1747 | |||
| 1748 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, | ||
| 1749 | SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok); | ||
| 1750 | if (!ok) | ||
| 1751 | return ((int)n); | ||
| 1752 | |||
| 1753 | if (s->s3->tmp.message_type == SSL3_MT_FINISHED) { | ||
| 1754 | s->s3->tmp.reuse_message = 1; | ||
| 1755 | return (1); | ||
| 1756 | } | ||
| 1757 | if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) { | ||
| 1758 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1759 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, | ||
| 1760 | SSL_R_BAD_MESSAGE_TYPE); | ||
| 1761 | goto f_err; | ||
| 1762 | } | ||
| 1763 | if (n < 6) { | ||
| 1764 | /* need at least ticket_lifetime_hint + ticket length */ | ||
| 1765 | al = SSL_AD_DECODE_ERROR; | ||
| 1766 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, | ||
| 1767 | SSL_R_LENGTH_MISMATCH); | ||
| 1768 | goto f_err; | ||
| 1769 | } | ||
| 1770 | |||
| 1771 | p = d = (unsigned char *)s->init_msg; | ||
| 1772 | n2l(p, s->session->tlsext_tick_lifetime_hint); | ||
| 1773 | n2s(p, ticklen); | ||
| 1774 | /* ticket_lifetime_hint + ticket_length + ticket */ | ||
| 1775 | if (ticklen + 6 != n) { | ||
| 1776 | al = SSL_AD_DECODE_ERROR; | ||
| 1777 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, | ||
| 1778 | SSL_R_LENGTH_MISMATCH); | ||
| 1779 | goto f_err; | ||
| 1780 | } | ||
| 1781 | free(s->session->tlsext_tick); | ||
| 1782 | s->session->tlsext_ticklen = 0; | ||
| 1783 | s->session->tlsext_tick = malloc(ticklen); | ||
| 1784 | if (!s->session->tlsext_tick) { | ||
| 1785 | SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, | ||
| 1786 | ERR_R_MALLOC_FAILURE); | ||
| 1787 | goto err; | ||
| 1788 | } | ||
| 1789 | memcpy(s->session->tlsext_tick, p, ticklen); | ||
| 1790 | s->session->tlsext_ticklen = ticklen; | ||
| 1791 | /* | ||
| 1792 | * There are two ways to detect a resumed ticket sesion. | ||
| 1793 | * One is to set an appropriate session ID and then the server | ||
| 1794 | * must return a match in ServerHello. This allows the normal | ||
| 1795 | * client session ID matching to work and we know much | ||
| 1796 | * earlier that the ticket has been accepted. | ||
| 1797 | * | ||
| 1798 | * The other way is to set zero length session ID when the | ||
| 1799 | * ticket is presented and rely on the handshake to determine | ||
| 1800 | * session resumption. | ||
| 1801 | * | ||
| 1802 | * We choose the former approach because this fits in with | ||
| 1803 | * assumptions elsewhere in OpenSSL. The session ID is set | ||
| 1804 | * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the | ||
| 1805 | * ticket. | ||
| 1806 | */ | ||
| 1807 | EVP_Digest(p, ticklen, s->session->session_id, | ||
| 1808 | &s->session->session_id_length, EVP_sha256(), NULL); | ||
| 1809 | ret = 1; | ||
| 1810 | return (ret); | ||
| 1811 | f_err: | ||
| 1812 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1813 | err: | ||
| 1814 | return (-1); | ||
| 1815 | } | ||
| 1816 | |||
| 1817 | int | ||
| 1818 | ssl3_get_cert_status(SSL *s) | ||
| 1819 | { | ||
| 1820 | int ok, al; | ||
| 1821 | unsigned long resplen, n; | ||
| 1822 | const unsigned char *p; | ||
| 1823 | |||
| 1824 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_STATUS_A, | ||
| 1825 | SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS, | ||
| 1826 | 16384, &ok); | ||
| 1827 | |||
| 1828 | if (!ok) | ||
| 1829 | return ((int)n); | ||
| 1830 | if (n < 4) { | ||
| 1831 | /* need at least status type + length */ | ||
| 1832 | al = SSL_AD_DECODE_ERROR; | ||
| 1833 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS, | ||
| 1834 | SSL_R_LENGTH_MISMATCH); | ||
| 1835 | goto f_err; | ||
| 1836 | } | ||
| 1837 | p = (unsigned char *)s->init_msg; | ||
| 1838 | if (*p++ != TLSEXT_STATUSTYPE_ocsp) { | ||
| 1839 | al = SSL_AD_DECODE_ERROR; | ||
| 1840 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS, | ||
| 1841 | SSL_R_UNSUPPORTED_STATUS_TYPE); | ||
| 1842 | goto f_err; | ||
| 1843 | } | ||
| 1844 | n2l3(p, resplen); | ||
| 1845 | if (resplen + 4 != n) { | ||
| 1846 | al = SSL_AD_DECODE_ERROR; | ||
| 1847 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS, | ||
| 1848 | SSL_R_LENGTH_MISMATCH); | ||
| 1849 | goto f_err; | ||
| 1850 | } | ||
| 1851 | free(s->tlsext_ocsp_resp); | ||
| 1852 | s->tlsext_ocsp_resp = BUF_memdup(p, resplen); | ||
| 1853 | if (!s->tlsext_ocsp_resp) { | ||
| 1854 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1855 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS, | ||
| 1856 | ERR_R_MALLOC_FAILURE); | ||
| 1857 | goto f_err; | ||
| 1858 | } | ||
| 1859 | s->tlsext_ocsp_resplen = resplen; | ||
| 1860 | if (s->ctx->tlsext_status_cb) { | ||
| 1861 | int ret; | ||
| 1862 | ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 1863 | if (ret == 0) { | ||
| 1864 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
| 1865 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS, | ||
| 1866 | SSL_R_INVALID_STATUS_RESPONSE); | ||
| 1867 | goto f_err; | ||
| 1868 | } | ||
| 1869 | if (ret < 0) { | ||
| 1870 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1871 | SSLerr(SSL_F_SSL3_GET_CERT_STATUS, | ||
| 1872 | ERR_R_MALLOC_FAILURE); | ||
| 1873 | goto f_err; | ||
| 1874 | } | ||
| 1875 | } | ||
| 1876 | return (1); | ||
| 1877 | f_err: | ||
| 1878 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1879 | return (-1); | ||
| 1880 | } | ||
| 1881 | |||
| 1882 | int | ||
| 1883 | ssl3_get_server_done(SSL *s) | ||
| 1884 | { | ||
| 1885 | int ok, ret = 0; | ||
| 1886 | long n; | ||
| 1887 | |||
| 1888 | n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_DONE_A, | ||
| 1889 | SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, | ||
| 1890 | 30, /* should be very small, like 0 :-) */ &ok); | ||
| 1891 | |||
| 1892 | if (!ok) | ||
| 1893 | return ((int)n); | ||
| 1894 | if (n > 0) { | ||
| 1895 | /* should contain no data */ | ||
| 1896 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); | ||
| 1897 | SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); | ||
| 1898 | return (-1); | ||
| 1899 | } | ||
| 1900 | ret = 1; | ||
| 1901 | return (ret); | ||
| 1902 | } | ||
| 1903 | |||
| 1904 | int | ||
| 1905 | ssl3_send_client_key_exchange(SSL *s) | ||
| 1906 | { | ||
| 1907 | unsigned char *p, *q; | ||
| 1908 | int n; | ||
| 1909 | unsigned long alg_k; | ||
| 1910 | EVP_PKEY *pkey = NULL; | ||
| 1911 | EC_KEY *clnt_ecdh = NULL; | ||
| 1912 | const EC_POINT *srvr_ecpoint = NULL; | ||
| 1913 | EVP_PKEY *srvr_pub_pkey = NULL; | ||
| 1914 | unsigned char *encodedPoint = NULL; | ||
| 1915 | int encoded_pt_len = 0; | ||
| 1916 | BN_CTX *bn_ctx = NULL; | ||
| 1917 | |||
| 1918 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) { | ||
| 1919 | p = ssl3_handshake_msg_start(s, SSL3_MT_CLIENT_KEY_EXCHANGE); | ||
| 1920 | |||
| 1921 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 1922 | |||
| 1923 | if (s->session->sess_cert == NULL) { | ||
| 1924 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1925 | SSL_AD_UNEXPECTED_MESSAGE); | ||
| 1926 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1927 | ERR_R_INTERNAL_ERROR); | ||
| 1928 | goto err; | ||
| 1929 | } | ||
| 1930 | |||
| 1931 | if (alg_k & SSL_kRSA) { | ||
| 1932 | RSA *rsa; | ||
| 1933 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 1934 | |||
| 1935 | pkey = X509_get_pubkey( | ||
| 1936 | s->session->sess_cert->peer_pkeys[ | ||
| 1937 | SSL_PKEY_RSA_ENC].x509); | ||
| 1938 | if ((pkey == NULL) || | ||
| 1939 | (pkey->type != EVP_PKEY_RSA) || | ||
| 1940 | (pkey->pkey.rsa == NULL)) { | ||
| 1941 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1942 | ERR_R_INTERNAL_ERROR); | ||
| 1943 | EVP_PKEY_free(pkey); | ||
| 1944 | goto err; | ||
| 1945 | } | ||
| 1946 | rsa = pkey->pkey.rsa; | ||
| 1947 | EVP_PKEY_free(pkey); | ||
| 1948 | |||
| 1949 | tmp_buf[0] = s->client_version >> 8; | ||
| 1950 | tmp_buf[1] = s->client_version & 0xff; | ||
| 1951 | arc4random_buf(&tmp_buf[2], sizeof(tmp_buf) - 2); | ||
| 1952 | |||
| 1953 | s->session->master_key_length = sizeof tmp_buf; | ||
| 1954 | |||
| 1955 | q = p; | ||
| 1956 | /* Fix buf for TLS and beyond */ | ||
| 1957 | if (s->version > SSL3_VERSION) | ||
| 1958 | p += 2; | ||
| 1959 | n = RSA_public_encrypt(sizeof tmp_buf, | ||
| 1960 | tmp_buf, p, rsa, RSA_PKCS1_PADDING); | ||
| 1961 | if (n <= 0) { | ||
| 1962 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1963 | SSL_R_BAD_RSA_ENCRYPT); | ||
| 1964 | goto err; | ||
| 1965 | } | ||
| 1966 | |||
| 1967 | /* Fix buf for TLS and beyond */ | ||
| 1968 | if (s->version > SSL3_VERSION) { | ||
| 1969 | s2n(n, q); | ||
| 1970 | n += 2; | ||
| 1971 | } | ||
| 1972 | |||
| 1973 | s->session->master_key_length = | ||
| 1974 | s->method->ssl3_enc->generate_master_secret( | ||
| 1975 | s, s->session->master_key, tmp_buf, sizeof tmp_buf); | ||
| 1976 | OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); | ||
| 1977 | } else if (alg_k & SSL_kDHE) { | ||
| 1978 | DH *dh_srvr, *dh_clnt; | ||
| 1979 | |||
| 1980 | /* Ensure that we have an ephemeral key for DHE. */ | ||
| 1981 | if (s->session->sess_cert->peer_dh_tmp == NULL) { | ||
| 1982 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1983 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 1984 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1985 | SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); | ||
| 1986 | goto err; | ||
| 1987 | } | ||
| 1988 | dh_srvr = s->session->sess_cert->peer_dh_tmp; | ||
| 1989 | |||
| 1990 | /* Generate a new random key. */ | ||
| 1991 | if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) { | ||
| 1992 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1993 | ERR_R_DH_LIB); | ||
| 1994 | goto err; | ||
| 1995 | } | ||
| 1996 | if (!DH_generate_key(dh_clnt)) { | ||
| 1997 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1998 | ERR_R_DH_LIB); | ||
| 1999 | DH_free(dh_clnt); | ||
| 2000 | goto err; | ||
| 2001 | } | ||
| 2002 | |||
| 2003 | /* | ||
| 2004 | * Use the 'p' output buffer for the DH key, but | ||
| 2005 | * make sure to clear it out afterwards. | ||
| 2006 | */ | ||
| 2007 | n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); | ||
| 2008 | |||
| 2009 | if (n <= 0) { | ||
| 2010 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2011 | ERR_R_DH_LIB); | ||
| 2012 | DH_free(dh_clnt); | ||
| 2013 | goto err; | ||
| 2014 | } | ||
| 2015 | |||
| 2016 | /* Generate master key from the result. */ | ||
| 2017 | s->session->master_key_length = | ||
| 2018 | s->method->ssl3_enc->generate_master_secret(s, | ||
| 2019 | s->session->master_key, p, n); | ||
| 2020 | |||
| 2021 | /* Clean up. */ | ||
| 2022 | memset(p, 0, n); | ||
| 2023 | |||
| 2024 | /* Send off the data. */ | ||
| 2025 | n = BN_num_bytes(dh_clnt->pub_key); | ||
| 2026 | s2n(n, p); | ||
| 2027 | BN_bn2bin(dh_clnt->pub_key, p); | ||
| 2028 | n += 2; | ||
| 2029 | |||
| 2030 | DH_free(dh_clnt); | ||
| 2031 | |||
| 2032 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | ||
| 2033 | } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { | ||
| 2034 | const EC_GROUP *srvr_group = NULL; | ||
| 2035 | EC_KEY *tkey; | ||
| 2036 | int ecdh_clnt_cert = 0; | ||
| 2037 | int field_size = 0; | ||
| 2038 | |||
| 2039 | /* | ||
| 2040 | * Did we send out the client's ECDH share for use | ||
| 2041 | * in premaster computation as part of client | ||
| 2042 | * certificate? If so, set ecdh_clnt_cert to 1. | ||
| 2043 | */ | ||
| 2044 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && | ||
| 2045 | (s->cert != NULL)) { | ||
| 2046 | /* | ||
| 2047 | * XXX: For now, we do not support client | ||
| 2048 | * authentication using ECDH certificates. | ||
| 2049 | * To add such support, one needs to add | ||
| 2050 | * code that checks for appropriate | ||
| 2051 | * conditions and sets ecdh_clnt_cert to 1. | ||
| 2052 | * For example, the cert have an ECC | ||
| 2053 | * key on the same curve as the server's | ||
| 2054 | * and the key should be authorized for | ||
| 2055 | * key agreement. | ||
| 2056 | * | ||
| 2057 | * One also needs to add code in ssl3_connect | ||
| 2058 | * to skip sending the certificate verify | ||
| 2059 | * message. | ||
| 2060 | * | ||
| 2061 | * if ((s->cert->key->privatekey != NULL) && | ||
| 2062 | * (s->cert->key->privatekey->type == | ||
| 2063 | * EVP_PKEY_EC) && ...) | ||
| 2064 | * ecdh_clnt_cert = 1; | ||
| 2065 | */ | ||
| 2066 | } | ||
| 2067 | |||
| 2068 | /* Ensure that we have an ephemeral key for ECDHE. */ | ||
| 2069 | if ((alg_k & SSL_kECDHE) && | ||
| 2070 | s->session->sess_cert->peer_ecdh_tmp == NULL) { | ||
| 2071 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 2072 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 2073 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2074 | ERR_R_INTERNAL_ERROR); | ||
| 2075 | goto err; | ||
| 2076 | } | ||
| 2077 | tkey = s->session->sess_cert->peer_ecdh_tmp; | ||
| 2078 | |||
| 2079 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { | ||
| 2080 | /* Get the Server Public Key from Cert */ | ||
| 2081 | srvr_pub_pkey = X509_get_pubkey(s->session-> \ | ||
| 2082 | sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); | ||
| 2083 | if (srvr_pub_pkey != NULL && | ||
| 2084 | srvr_pub_pkey->type == EVP_PKEY_EC) | ||
| 2085 | tkey = srvr_pub_pkey->pkey.ec; | ||
| 2086 | } | ||
| 2087 | |||
| 2088 | if (tkey == NULL) { | ||
| 2089 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2090 | ERR_R_INTERNAL_ERROR); | ||
| 2091 | goto err; | ||
| 2092 | } | ||
| 2093 | |||
| 2094 | srvr_group = EC_KEY_get0_group(tkey); | ||
| 2095 | srvr_ecpoint = EC_KEY_get0_public_key(tkey); | ||
| 2096 | |||
| 2097 | if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) { | ||
| 2098 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2099 | ERR_R_INTERNAL_ERROR); | ||
| 2100 | goto err; | ||
| 2101 | } | ||
| 2102 | |||
| 2103 | if ((clnt_ecdh = EC_KEY_new()) == NULL) { | ||
| 2104 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2105 | ERR_R_MALLOC_FAILURE); | ||
| 2106 | goto err; | ||
| 2107 | } | ||
| 2108 | |||
| 2109 | if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) { | ||
| 2110 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2111 | ERR_R_EC_LIB); | ||
| 2112 | goto err; | ||
| 2113 | } | ||
| 2114 | if (ecdh_clnt_cert) { | ||
| 2115 | /* | ||
| 2116 | * Reuse key info from our certificate | ||
| 2117 | * We only need our private key to perform | ||
| 2118 | * the ECDH computation. | ||
| 2119 | */ | ||
| 2120 | const BIGNUM *priv_key; | ||
| 2121 | tkey = s->cert->key->privatekey->pkey.ec; | ||
| 2122 | priv_key = EC_KEY_get0_private_key(tkey); | ||
| 2123 | if (priv_key == NULL) { | ||
| 2124 | SSLerr( | ||
| 2125 | SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2126 | ERR_R_MALLOC_FAILURE); | ||
| 2127 | goto err; | ||
| 2128 | } | ||
| 2129 | if (!EC_KEY_set_private_key(clnt_ecdh, | ||
| 2130 | priv_key)) { | ||
| 2131 | SSLerr( | ||
| 2132 | SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2133 | ERR_R_EC_LIB); | ||
| 2134 | goto err; | ||
| 2135 | } | ||
| 2136 | } else { | ||
| 2137 | /* Generate a new ECDH key pair */ | ||
| 2138 | if (!(EC_KEY_generate_key(clnt_ecdh))) { | ||
| 2139 | SSLerr( | ||
| 2140 | SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2141 | ERR_R_ECDH_LIB); | ||
| 2142 | goto err; | ||
| 2143 | } | ||
| 2144 | } | ||
| 2145 | |||
| 2146 | /* | ||
| 2147 | * Use the 'p' output buffer for the ECDH key, but | ||
| 2148 | * make sure to clear it out afterwards. | ||
| 2149 | */ | ||
| 2150 | field_size = EC_GROUP_get_degree(srvr_group); | ||
| 2151 | if (field_size <= 0) { | ||
| 2152 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2153 | ERR_R_ECDH_LIB); | ||
| 2154 | goto err; | ||
| 2155 | } | ||
| 2156 | n = ECDH_compute_key(p, (field_size + 7)/8, | ||
| 2157 | srvr_ecpoint, clnt_ecdh, NULL); | ||
| 2158 | if (n <= 0) { | ||
| 2159 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2160 | ERR_R_ECDH_LIB); | ||
| 2161 | goto err; | ||
| 2162 | } | ||
| 2163 | |||
| 2164 | /* generate master key from the result */ | ||
| 2165 | s->session->master_key_length = s->method->ssl3_enc \ | ||
| 2166 | -> generate_master_secret(s, | ||
| 2167 | s->session->master_key, p, n); | ||
| 2168 | |||
| 2169 | memset(p, 0, n); /* clean up */ | ||
| 2170 | |||
| 2171 | if (ecdh_clnt_cert) { | ||
| 2172 | /* Send empty client key exch message. */ | ||
| 2173 | n = 0; | ||
| 2174 | } else { | ||
| 2175 | /* | ||
| 2176 | * First check the size of encoding and | ||
| 2177 | * allocate memory accordingly. | ||
| 2178 | */ | ||
| 2179 | encoded_pt_len = EC_POINT_point2oct( | ||
| 2180 | srvr_group, | ||
| 2181 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 2182 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 2183 | NULL, 0, NULL); | ||
| 2184 | |||
| 2185 | encodedPoint = malloc(encoded_pt_len); | ||
| 2186 | |||
| 2187 | bn_ctx = BN_CTX_new(); | ||
| 2188 | if ((encodedPoint == NULL) || | ||
| 2189 | (bn_ctx == NULL)) { | ||
| 2190 | SSLerr( | ||
| 2191 | SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2192 | ERR_R_MALLOC_FAILURE); | ||
| 2193 | goto err; | ||
| 2194 | } | ||
| 2195 | |||
| 2196 | /* Encode the public key */ | ||
| 2197 | n = EC_POINT_point2oct(srvr_group, | ||
| 2198 | EC_KEY_get0_public_key(clnt_ecdh), | ||
| 2199 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 2200 | encodedPoint, encoded_pt_len, bn_ctx); | ||
| 2201 | |||
| 2202 | *p = n; /* length of encoded point */ | ||
| 2203 | /* Encoded point will be copied here */ | ||
| 2204 | p += 1; | ||
| 2205 | |||
| 2206 | /* copy the point */ | ||
| 2207 | memcpy((unsigned char *)p, encodedPoint, n); | ||
| 2208 | /* increment n to account for length field */ | ||
| 2209 | n += 1; | ||
| 2210 | |||
| 2211 | } | ||
| 2212 | |||
| 2213 | /* Free allocated memory */ | ||
| 2214 | BN_CTX_free(bn_ctx); | ||
| 2215 | free(encodedPoint); | ||
| 2216 | EC_KEY_free(clnt_ecdh); | ||
| 2217 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 2218 | } else if (alg_k & SSL_kGOST) { | ||
| 2219 | /* GOST key exchange message creation */ | ||
| 2220 | EVP_PKEY_CTX *pkey_ctx; | ||
| 2221 | X509 *peer_cert; | ||
| 2222 | |||
| 2223 | size_t msglen; | ||
| 2224 | unsigned int md_len; | ||
| 2225 | unsigned char premaster_secret[32], shared_ukm[32], | ||
| 2226 | tmp[256]; | ||
| 2227 | EVP_MD_CTX *ukm_hash; | ||
| 2228 | EVP_PKEY *pub_key; | ||
| 2229 | int nid; | ||
| 2230 | |||
| 2231 | /* Get server sertificate PKEY and create ctx from it */ | ||
| 2232 | peer_cert = s->session->sess_cert->peer_pkeys[SSL_PKEY_GOST01].x509; | ||
| 2233 | if (!peer_cert) { | ||
| 2234 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2235 | SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); | ||
| 2236 | goto err; | ||
| 2237 | } | ||
| 2238 | |||
| 2239 | pkey_ctx = EVP_PKEY_CTX_new( | ||
| 2240 | pub_key = X509_get_pubkey(peer_cert), | ||
| 2241 | NULL); | ||
| 2242 | /* | ||
| 2243 | * If we have send a certificate, and certificate key | ||
| 2244 | * parameters match those of server certificate, use | ||
| 2245 | * certificate key for key exchange. | ||
| 2246 | * Otherwise, generate ephemeral key pair. | ||
| 2247 | */ | ||
| 2248 | |||
| 2249 | EVP_PKEY_encrypt_init(pkey_ctx); | ||
| 2250 | /* Generate session key. */ | ||
| 2251 | arc4random_buf(premaster_secret, 32); | ||
| 2252 | /* | ||
| 2253 | * If we have client certificate, use its secret | ||
| 2254 | * as peer key. | ||
| 2255 | */ | ||
| 2256 | if (s->s3->tmp.cert_req && s->cert->key->privatekey) { | ||
| 2257 | if (EVP_PKEY_derive_set_peer(pkey_ctx, | ||
| 2258 | s->cert->key->privatekey) <=0) { | ||
| 2259 | /* | ||
| 2260 | * If there was an error - | ||
| 2261 | * just ignore it. Ephemeral key | ||
| 2262 | * would be used | ||
| 2263 | */ | ||
| 2264 | ERR_clear_error(); | ||
| 2265 | } | ||
| 2266 | } | ||
| 2267 | /* | ||
| 2268 | * Compute shared IV and store it in algorithm-specific | ||
| 2269 | * context data | ||
| 2270 | */ | ||
| 2271 | ukm_hash = EVP_MD_CTX_create(); | ||
| 2272 | if (ukm_hash == NULL) { | ||
| 2273 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2274 | ERR_R_MALLOC_FAILURE); | ||
| 2275 | goto err; | ||
| 2276 | } | ||
| 2277 | |||
| 2278 | if (ssl_get_algorithm2(s) & SSL_HANDSHAKE_MAC_GOST94) | ||
| 2279 | nid = NID_id_GostR3411_94; | ||
| 2280 | else | ||
| 2281 | nid = NID_id_tc26_gost3411_2012_256; | ||
| 2282 | if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid))) | ||
| 2283 | goto err; | ||
| 2284 | EVP_DigestUpdate(ukm_hash, | ||
| 2285 | s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 2286 | EVP_DigestUpdate(ukm_hash, | ||
| 2287 | s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 2288 | EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len); | ||
| 2289 | EVP_MD_CTX_destroy(ukm_hash); | ||
| 2290 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, | ||
| 2291 | EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { | ||
| 2292 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2293 | SSL_R_LIBRARY_BUG); | ||
| 2294 | goto err; | ||
| 2295 | } | ||
| 2296 | /* | ||
| 2297 | * Make GOST keytransport blob message, | ||
| 2298 | * encapsulate it into sequence. | ||
| 2299 | */ | ||
| 2300 | *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; | ||
| 2301 | msglen = 255; | ||
| 2302 | if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, | ||
| 2303 | premaster_secret, 32) < 0) { | ||
| 2304 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2305 | SSL_R_LIBRARY_BUG); | ||
| 2306 | goto err; | ||
| 2307 | } | ||
| 2308 | if (msglen >= 0x80) { | ||
| 2309 | *(p++) = 0x81; | ||
| 2310 | *(p++) = msglen & 0xff; | ||
| 2311 | n = msglen + 3; | ||
| 2312 | } else { | ||
| 2313 | *(p++) = msglen & 0xff; | ||
| 2314 | n = msglen + 2; | ||
| 2315 | } | ||
| 2316 | memcpy(p, tmp, msglen); | ||
| 2317 | /* Check if pubkey from client certificate was used. */ | ||
| 2318 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, | ||
| 2319 | EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) { | ||
| 2320 | /* Set flag "skip certificate verify". */ | ||
| 2321 | s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; | ||
| 2322 | } | ||
| 2323 | EVP_PKEY_CTX_free(pkey_ctx); | ||
| 2324 | s->session->master_key_length = | ||
| 2325 | s->method->ssl3_enc->generate_master_secret(s, | ||
| 2326 | s->session->master_key, premaster_secret, 32); | ||
| 2327 | EVP_PKEY_free(pub_key); | ||
| 2328 | |||
| 2329 | } else { | ||
| 2330 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 2331 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 2332 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 2333 | ERR_R_INTERNAL_ERROR); | ||
| 2334 | goto err; | ||
| 2335 | } | ||
| 2336 | |||
| 2337 | s->state = SSL3_ST_CW_KEY_EXCH_B; | ||
| 2338 | |||
| 2339 | ssl3_handshake_msg_finish(s, n); | ||
| 2340 | } | ||
| 2341 | |||
| 2342 | /* SSL3_ST_CW_KEY_EXCH_B */ | ||
| 2343 | return (ssl3_handshake_write(s)); | ||
| 2344 | |||
| 2345 | err: | ||
| 2346 | BN_CTX_free(bn_ctx); | ||
| 2347 | free(encodedPoint); | ||
| 2348 | EC_KEY_free(clnt_ecdh); | ||
| 2349 | EVP_PKEY_free(srvr_pub_pkey); | ||
| 2350 | return (-1); | ||
| 2351 | } | ||
| 2352 | |||
| 2353 | int | ||
| 2354 | ssl3_send_client_verify(SSL *s) | ||
| 2355 | { | ||
| 2356 | unsigned char *p; | ||
| 2357 | unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | ||
| 2358 | EVP_PKEY *pkey; | ||
| 2359 | EVP_PKEY_CTX *pctx = NULL; | ||
| 2360 | EVP_MD_CTX mctx; | ||
| 2361 | unsigned u = 0; | ||
| 2362 | unsigned long n; | ||
| 2363 | int j; | ||
| 2364 | |||
| 2365 | EVP_MD_CTX_init(&mctx); | ||
| 2366 | |||
| 2367 | if (s->state == SSL3_ST_CW_CERT_VRFY_A) { | ||
| 2368 | p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_VERIFY); | ||
| 2369 | |||
| 2370 | /* | ||
| 2371 | * Create context from key and test if sha1 is allowed as | ||
| 2372 | * digest. | ||
| 2373 | */ | ||
| 2374 | pkey = s->cert->key->privatekey; | ||
| 2375 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | ||
| 2376 | EVP_PKEY_sign_init(pctx); | ||
| 2377 | if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { | ||
| 2378 | if (!SSL_USE_SIGALGS(s)) | ||
| 2379 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 2380 | NID_sha1, &(data[MD5_DIGEST_LENGTH])); | ||
| 2381 | } else { | ||
| 2382 | ERR_clear_error(); | ||
| 2383 | } | ||
| 2384 | /* | ||
| 2385 | * For TLS v1.2 send signature algorithm and signature | ||
| 2386 | * using agreed digest and cached handshake records. | ||
| 2387 | */ | ||
| 2388 | if (SSL_USE_SIGALGS(s)) { | ||
| 2389 | long hdatalen = 0; | ||
| 2390 | void *hdata; | ||
| 2391 | const EVP_MD *md = s->cert->key->digest; | ||
| 2392 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, | ||
| 2393 | &hdata); | ||
| 2394 | if (hdatalen <= 0 || | ||
| 2395 | !tls12_get_sigandhash(p, pkey, md)) { | ||
| 2396 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2397 | ERR_R_INTERNAL_ERROR); | ||
| 2398 | goto err; | ||
| 2399 | } | ||
| 2400 | p += 2; | ||
| 2401 | if (!EVP_SignInit_ex(&mctx, md, NULL) || | ||
| 2402 | !EVP_SignUpdate(&mctx, hdata, hdatalen) || | ||
| 2403 | !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { | ||
| 2404 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2405 | ERR_R_EVP_LIB); | ||
| 2406 | goto err; | ||
| 2407 | } | ||
| 2408 | s2n(u, p); | ||
| 2409 | n = u + 4; | ||
| 2410 | if (!ssl3_digest_cached_records(s)) | ||
| 2411 | goto err; | ||
| 2412 | } else if (pkey->type == EVP_PKEY_RSA) { | ||
| 2413 | s->method->ssl3_enc->cert_verify_mac( | ||
| 2414 | s, NID_md5, &(data[0])); | ||
| 2415 | if (RSA_sign(NID_md5_sha1, data, | ||
| 2416 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, &(p[2]), | ||
| 2417 | &u, pkey->pkey.rsa) <= 0 ) { | ||
| 2418 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2419 | ERR_R_RSA_LIB); | ||
| 2420 | goto err; | ||
| 2421 | } | ||
| 2422 | s2n(u, p); | ||
| 2423 | n = u + 2; | ||
| 2424 | } else if (pkey->type == EVP_PKEY_DSA) { | ||
| 2425 | if (!DSA_sign(pkey->save_type, | ||
| 2426 | &(data[MD5_DIGEST_LENGTH]), | ||
| 2427 | SHA_DIGEST_LENGTH, &(p[2]), | ||
| 2428 | (unsigned int *)&j, pkey->pkey.dsa)) { | ||
| 2429 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2430 | ERR_R_DSA_LIB); | ||
| 2431 | goto err; | ||
| 2432 | } | ||
| 2433 | s2n(j, p); | ||
| 2434 | n = j + 2; | ||
| 2435 | } else if (pkey->type == EVP_PKEY_EC) { | ||
| 2436 | if (!ECDSA_sign(pkey->save_type, | ||
| 2437 | &(data[MD5_DIGEST_LENGTH]), | ||
| 2438 | SHA_DIGEST_LENGTH, &(p[2]), | ||
| 2439 | (unsigned int *)&j, pkey->pkey.ec)) { | ||
| 2440 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2441 | ERR_R_ECDSA_LIB); | ||
| 2442 | goto err; | ||
| 2443 | } | ||
| 2444 | s2n(j, p); | ||
| 2445 | n = j + 2; | ||
| 2446 | #ifndef OPENSSL_NO_GOST | ||
| 2447 | } else if (pkey->type == NID_id_GostR3410_94 || | ||
| 2448 | pkey->type == NID_id_GostR3410_2001) { | ||
| 2449 | unsigned char signbuf[128]; | ||
| 2450 | long hdatalen = 0; | ||
| 2451 | void *hdata; | ||
| 2452 | const EVP_MD *md; | ||
| 2453 | int nid; | ||
| 2454 | size_t sigsize; | ||
| 2455 | |||
| 2456 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | ||
| 2457 | if (hdatalen <= 0) { | ||
| 2458 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2459 | ERR_R_INTERNAL_ERROR); | ||
| 2460 | goto err; | ||
| 2461 | } | ||
| 2462 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || | ||
| 2463 | !(md = EVP_get_digestbynid(nid))) { | ||
| 2464 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2465 | ERR_R_EVP_LIB); | ||
| 2466 | goto err; | ||
| 2467 | } | ||
| 2468 | if (!EVP_DigestInit_ex(&mctx, md, NULL) || | ||
| 2469 | !EVP_DigestUpdate(&mctx, hdata, hdatalen) || | ||
| 2470 | !EVP_DigestFinal(&mctx, signbuf, &u) || | ||
| 2471 | (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || | ||
| 2472 | (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, | ||
| 2473 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, | ||
| 2474 | GOST_SIG_FORMAT_RS_LE, | ||
| 2475 | NULL) <= 0) || | ||
| 2476 | (EVP_PKEY_sign(pctx, &(p[2]), &sigsize, | ||
| 2477 | signbuf, u) <= 0)) { | ||
| 2478 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2479 | ERR_R_EVP_LIB); | ||
| 2480 | goto err; | ||
| 2481 | } | ||
| 2482 | if (!ssl3_digest_cached_records(s)) | ||
| 2483 | goto err; | ||
| 2484 | j = sigsize; | ||
| 2485 | s2n(j, p); | ||
| 2486 | n = j + 2; | ||
| 2487 | #endif | ||
| 2488 | } else { | ||
| 2489 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, | ||
| 2490 | ERR_R_INTERNAL_ERROR); | ||
| 2491 | goto err; | ||
| 2492 | } | ||
| 2493 | |||
| 2494 | s->state = SSL3_ST_CW_CERT_VRFY_B; | ||
| 2495 | |||
| 2496 | ssl3_handshake_msg_finish(s, n); | ||
| 2497 | } | ||
| 2498 | |||
| 2499 | EVP_MD_CTX_cleanup(&mctx); | ||
| 2500 | EVP_PKEY_CTX_free(pctx); | ||
| 2501 | |||
| 2502 | return (ssl3_handshake_write(s)); | ||
| 2503 | |||
| 2504 | err: | ||
| 2505 | EVP_MD_CTX_cleanup(&mctx); | ||
| 2506 | EVP_PKEY_CTX_free(pctx); | ||
| 2507 | return (-1); | ||
| 2508 | } | ||
| 2509 | |||
| 2510 | int | ||
| 2511 | ssl3_send_client_certificate(SSL *s) | ||
| 2512 | { | ||
| 2513 | X509 *x509 = NULL; | ||
| 2514 | EVP_PKEY *pkey = NULL; | ||
| 2515 | int i; | ||
| 2516 | unsigned long l; | ||
| 2517 | |||
| 2518 | if (s->state == SSL3_ST_CW_CERT_A) { | ||
| 2519 | if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || | ||
| 2520 | (s->cert->key->privatekey == NULL)) | ||
| 2521 | s->state = SSL3_ST_CW_CERT_B; | ||
| 2522 | else | ||
| 2523 | s->state = SSL3_ST_CW_CERT_C; | ||
| 2524 | } | ||
| 2525 | |||
| 2526 | /* We need to get a client cert */ | ||
| 2527 | if (s->state == SSL3_ST_CW_CERT_B) { | ||
| 2528 | /* | ||
| 2529 | * If we get an error, we need to | ||
| 2530 | * ssl->rwstate=SSL_X509_LOOKUP; return(-1); | ||
| 2531 | * We then get retied later | ||
| 2532 | */ | ||
| 2533 | i = ssl_do_client_cert_cb(s, &x509, &pkey); | ||
| 2534 | if (i < 0) { | ||
| 2535 | s->rwstate = SSL_X509_LOOKUP; | ||
| 2536 | return (-1); | ||
| 2537 | } | ||
| 2538 | s->rwstate = SSL_NOTHING; | ||
| 2539 | if ((i == 1) && (pkey != NULL) && (x509 != NULL)) { | ||
| 2540 | s->state = SSL3_ST_CW_CERT_B; | ||
| 2541 | if (!SSL_use_certificate(s, x509) || | ||
| 2542 | !SSL_use_PrivateKey(s, pkey)) | ||
| 2543 | i = 0; | ||
| 2544 | } else if (i == 1) { | ||
| 2545 | i = 0; | ||
| 2546 | SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, | ||
| 2547 | SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); | ||
| 2548 | } | ||
| 2549 | |||
| 2550 | if (x509 != NULL) | ||
| 2551 | X509_free(x509); | ||
| 2552 | EVP_PKEY_free(pkey); | ||
| 2553 | if (i == 0) { | ||
| 2554 | if (s->version == SSL3_VERSION) { | ||
| 2555 | s->s3->tmp.cert_req = 0; | ||
| 2556 | ssl3_send_alert(s, SSL3_AL_WARNING, | ||
| 2557 | SSL_AD_NO_CERTIFICATE); | ||
| 2558 | return (1); | ||
| 2559 | } else { | ||
| 2560 | s->s3->tmp.cert_req = 2; | ||
| 2561 | } | ||
| 2562 | } | ||
| 2563 | |||
| 2564 | /* Ok, we have a cert */ | ||
| 2565 | s->state = SSL3_ST_CW_CERT_C; | ||
| 2566 | } | ||
| 2567 | |||
| 2568 | if (s->state == SSL3_ST_CW_CERT_C) { | ||
| 2569 | s->state = SSL3_ST_CW_CERT_D; | ||
| 2570 | l = ssl3_output_cert_chain(s, | ||
| 2571 | (s->s3->tmp.cert_req == 2) ? NULL : s->cert->key->x509); | ||
| 2572 | s->init_num = (int)l; | ||
| 2573 | s->init_off = 0; | ||
| 2574 | } | ||
| 2575 | /* SSL3_ST_CW_CERT_D */ | ||
| 2576 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 2577 | } | ||
| 2578 | |||
| 2579 | #define has_bits(i,m) (((i)&(m)) == (m)) | ||
| 2580 | |||
| 2581 | int | ||
| 2582 | ssl3_check_cert_and_algorithm(SSL *s) | ||
| 2583 | { | ||
| 2584 | int i, idx; | ||
| 2585 | long alg_k, alg_a; | ||
| 2586 | EVP_PKEY *pkey = NULL; | ||
| 2587 | SESS_CERT *sc; | ||
| 2588 | DH *dh; | ||
| 2589 | |||
| 2590 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 2591 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 2592 | |||
| 2593 | /* We don't have a certificate. */ | ||
| 2594 | if (alg_a & SSL_aNULL) | ||
| 2595 | return (1); | ||
| 2596 | |||
| 2597 | sc = s->session->sess_cert; | ||
| 2598 | if (sc == NULL) { | ||
| 2599 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2600 | ERR_R_INTERNAL_ERROR); | ||
| 2601 | goto err; | ||
| 2602 | } | ||
| 2603 | dh = s->session->sess_cert->peer_dh_tmp; | ||
| 2604 | |||
| 2605 | /* This is the passed certificate. */ | ||
| 2606 | |||
| 2607 | idx = sc->peer_cert_type; | ||
| 2608 | if (idx == SSL_PKEY_ECC) { | ||
| 2609 | if (ssl_check_srvr_ecc_cert_and_alg( | ||
| 2610 | sc->peer_pkeys[idx].x509, s) == 0) { | ||
| 2611 | /* check failed */ | ||
| 2612 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2613 | SSL_R_BAD_ECC_CERT); | ||
| 2614 | goto f_err; | ||
| 2615 | } else { | ||
| 2616 | return (1); | ||
| 2617 | } | ||
| 2618 | } | ||
| 2619 | pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); | ||
| 2620 | i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); | ||
| 2621 | EVP_PKEY_free(pkey); | ||
| 2622 | |||
| 2623 | /* Check that we have a certificate if we require one. */ | ||
| 2624 | if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { | ||
| 2625 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2626 | SSL_R_MISSING_RSA_SIGNING_CERT); | ||
| 2627 | goto f_err; | ||
| 2628 | } else if ((alg_a & SSL_aDSS) && | ||
| 2629 | !has_bits(i, EVP_PK_DSA|EVP_PKT_SIGN)) { | ||
| 2630 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2631 | SSL_R_MISSING_DSA_SIGNING_CERT); | ||
| 2632 | goto f_err; | ||
| 2633 | } | ||
| 2634 | if ((alg_k & SSL_kRSA) && | ||
| 2635 | !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) { | ||
| 2636 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2637 | SSL_R_MISSING_RSA_ENCRYPTING_CERT); | ||
| 2638 | goto f_err; | ||
| 2639 | } | ||
| 2640 | if ((alg_k & SSL_kDHE) && | ||
| 2641 | !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) { | ||
| 2642 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | ||
| 2643 | SSL_R_MISSING_DH_KEY); | ||
| 2644 | goto f_err; | ||
| 2645 | } | ||
| 2646 | |||
| 2647 | return (1); | ||
| 2648 | f_err: | ||
| 2649 | ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); | ||
| 2650 | err: | ||
| 2651 | return (0); | ||
| 2652 | } | ||
| 2653 | |||
| 2654 | int | ||
| 2655 | ssl3_send_next_proto(SSL *s) | ||
| 2656 | { | ||
| 2657 | unsigned int len, padding_len; | ||
| 2658 | unsigned char *d, *p; | ||
| 2659 | |||
| 2660 | if (s->state == SSL3_ST_CW_NEXT_PROTO_A) { | ||
| 2661 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_NEXT_PROTO); | ||
| 2662 | |||
| 2663 | len = s->next_proto_negotiated_len; | ||
| 2664 | padding_len = 32 - ((len + 2) % 32); | ||
| 2665 | *(p++) = len; | ||
| 2666 | memcpy(p, s->next_proto_negotiated, len); | ||
| 2667 | p += len; | ||
| 2668 | *(p++) = padding_len; | ||
| 2669 | memset(p, 0, padding_len); | ||
| 2670 | p += padding_len; | ||
| 2671 | |||
| 2672 | ssl3_handshake_msg_finish(s, p - d); | ||
| 2673 | |||
| 2674 | s->state = SSL3_ST_CW_NEXT_PROTO_B; | ||
| 2675 | } | ||
| 2676 | |||
| 2677 | return (ssl3_handshake_write(s)); | ||
| 2678 | } | ||
| 2679 | |||
| 2680 | /* | ||
| 2681 | * Check to see if handshake is full or resumed. Usually this is just a | ||
| 2682 | * case of checking to see if a cache hit has occurred. In the case of | ||
| 2683 | * session tickets we have to check the next message to be sure. | ||
| 2684 | */ | ||
| 2685 | |||
| 2686 | int | ||
| 2687 | ssl3_check_finished(SSL *s) | ||
| 2688 | { | ||
| 2689 | int ok; | ||
| 2690 | long n; | ||
| 2691 | |||
| 2692 | /* If we have no ticket it cannot be a resumed session. */ | ||
| 2693 | if (!s->session->tlsext_tick) | ||
| 2694 | return (1); | ||
| 2695 | /* this function is called when we really expect a Certificate | ||
| 2696 | * message, so permit appropriate message length */ | ||
| 2697 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, | ||
| 2698 | SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); | ||
| 2699 | if (!ok) | ||
| 2700 | return ((int)n); | ||
| 2701 | s->s3->tmp.reuse_message = 1; | ||
| 2702 | if ((s->s3->tmp.message_type == SSL3_MT_FINISHED) || | ||
| 2703 | (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) | ||
| 2704 | return (2); | ||
| 2705 | |||
| 2706 | return (1); | ||
| 2707 | } | ||
| 2708 | |||
| 2709 | int | ||
| 2710 | ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) | ||
| 2711 | { | ||
| 2712 | int i = 0; | ||
| 2713 | |||
| 2714 | #ifndef OPENSSL_NO_ENGINE | ||
| 2715 | if (s->ctx->client_cert_engine) { | ||
| 2716 | i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s, | ||
| 2717 | SSL_get_client_CA_list(s), | ||
| 2718 | px509, ppkey, NULL, NULL, NULL); | ||
| 2719 | if (i != 0) | ||
| 2720 | return (i); | ||
| 2721 | } | ||
| 2722 | #endif | ||
| 2723 | if (s->ctx->client_cert_cb) | ||
| 2724 | i = s->ctx->client_cert_cb(s, px509, ppkey); | ||
| 2725 | return (i); | ||
| 2726 | } | ||
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c deleted file mode 100644 index c6062934dc..0000000000 --- a/src/lib/libssl/s3_lib.c +++ /dev/null | |||
| @@ -1,2865 +0,0 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.95 2015/02/08 22:06:49 miod Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 124 | /* ==================================================================== | ||
| 125 | * Copyright 2005 Nokia. All rights reserved. | ||
| 126 | * | ||
| 127 | * The portions of the attached software ("Contribution") is developed by | ||
| 128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 129 | * license. | ||
| 130 | * | ||
| 131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 133 | * support (see RFC 4279) to OpenSSL. | ||
| 134 | * | ||
| 135 | * No patent licenses or other rights except those expressly stated in | ||
| 136 | * the OpenSSL open source license shall be deemed granted or received | ||
| 137 | * expressly, by implication, estoppel, or otherwise. | ||
| 138 | * | ||
| 139 | * No assurances are provided by Nokia that the Contribution does not | ||
| 140 | * infringe the patent or other intellectual property rights of any third | ||
| 141 | * party or that the license provides you with all the necessary rights | ||
| 142 | * to make use of the Contribution. | ||
| 143 | * | ||
| 144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 148 | * OTHERWISE. | ||
| 149 | */ | ||
| 150 | |||
| 151 | #include <stdio.h> | ||
| 152 | |||
| 153 | #include <openssl/dh.h> | ||
| 154 | #include <openssl/md5.h> | ||
| 155 | #include <openssl/objects.h> | ||
| 156 | |||
| 157 | #include "ssl_locl.h" | ||
| 158 | |||
| 159 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) | ||
| 160 | |||
| 161 | /* | ||
| 162 | * FIXED_NONCE_LEN is a macro that provides in the correct value to set the | ||
| 163 | * fixed nonce length in algorithms2. It is the inverse of the | ||
| 164 | * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. | ||
| 165 | */ | ||
| 166 | #define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) | ||
| 167 | |||
| 168 | /* list of available SSLv3 ciphers (sorted by id) */ | ||
| 169 | SSL_CIPHER ssl3_ciphers[] = { | ||
| 170 | |||
| 171 | /* The RSA ciphers */ | ||
| 172 | /* Cipher 01 */ | ||
| 173 | { | ||
| 174 | .valid = 1, | ||
| 175 | .name = SSL3_TXT_RSA_NULL_MD5, | ||
| 176 | .id = SSL3_CK_RSA_NULL_MD5, | ||
| 177 | .algorithm_mkey = SSL_kRSA, | ||
| 178 | .algorithm_auth = SSL_aRSA, | ||
| 179 | .algorithm_enc = SSL_eNULL, | ||
| 180 | .algorithm_mac = SSL_MD5, | ||
| 181 | .algorithm_ssl = SSL_SSLV3, | ||
| 182 | .algo_strength = SSL_STRONG_NONE, | ||
| 183 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 184 | .strength_bits = 0, | ||
| 185 | .alg_bits = 0, | ||
| 186 | }, | ||
| 187 | |||
| 188 | /* Cipher 02 */ | ||
| 189 | { | ||
| 190 | .valid = 1, | ||
| 191 | .name = SSL3_TXT_RSA_NULL_SHA, | ||
| 192 | .id = SSL3_CK_RSA_NULL_SHA, | ||
| 193 | .algorithm_mkey = SSL_kRSA, | ||
| 194 | .algorithm_auth = SSL_aRSA, | ||
| 195 | .algorithm_enc = SSL_eNULL, | ||
| 196 | .algorithm_mac = SSL_SHA1, | ||
| 197 | .algorithm_ssl = SSL_SSLV3, | ||
| 198 | .algo_strength = SSL_STRONG_NONE, | ||
| 199 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 200 | .strength_bits = 0, | ||
| 201 | .alg_bits = 0, | ||
| 202 | }, | ||
| 203 | |||
| 204 | /* Cipher 04 */ | ||
| 205 | { | ||
| 206 | .valid = 1, | ||
| 207 | .name = SSL3_TXT_RSA_RC4_128_MD5, | ||
| 208 | .id = SSL3_CK_RSA_RC4_128_MD5, | ||
| 209 | .algorithm_mkey = SSL_kRSA, | ||
| 210 | .algorithm_auth = SSL_aRSA, | ||
| 211 | .algorithm_enc = SSL_RC4, | ||
| 212 | .algorithm_mac = SSL_MD5, | ||
| 213 | .algorithm_ssl = SSL_SSLV3, | ||
| 214 | .algo_strength = SSL_MEDIUM, | ||
| 215 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 216 | .strength_bits = 128, | ||
| 217 | .alg_bits = 128, | ||
| 218 | }, | ||
| 219 | |||
| 220 | /* Cipher 05 */ | ||
| 221 | { | ||
| 222 | .valid = 1, | ||
| 223 | .name = SSL3_TXT_RSA_RC4_128_SHA, | ||
| 224 | .id = SSL3_CK_RSA_RC4_128_SHA, | ||
| 225 | .algorithm_mkey = SSL_kRSA, | ||
| 226 | .algorithm_auth = SSL_aRSA, | ||
| 227 | .algorithm_enc = SSL_RC4, | ||
| 228 | .algorithm_mac = SSL_SHA1, | ||
| 229 | .algorithm_ssl = SSL_SSLV3, | ||
| 230 | .algo_strength = SSL_MEDIUM, | ||
| 231 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 232 | .strength_bits = 128, | ||
| 233 | .alg_bits = 128, | ||
| 234 | }, | ||
| 235 | |||
| 236 | /* Cipher 07 */ | ||
| 237 | #ifndef OPENSSL_NO_IDEA | ||
| 238 | { | ||
| 239 | .valid = 1, | ||
| 240 | .name = SSL3_TXT_RSA_IDEA_128_SHA, | ||
| 241 | .id = SSL3_CK_RSA_IDEA_128_SHA, | ||
| 242 | .algorithm_mkey = SSL_kRSA, | ||
| 243 | .algorithm_auth = SSL_aRSA, | ||
| 244 | .algorithm_enc = SSL_IDEA, | ||
| 245 | .algorithm_mac = SSL_SHA1, | ||
| 246 | .algorithm_ssl = SSL_SSLV3, | ||
| 247 | .algo_strength = SSL_MEDIUM, | ||
| 248 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 249 | .strength_bits = 128, | ||
| 250 | .alg_bits = 128, | ||
| 251 | }, | ||
| 252 | #endif | ||
| 253 | |||
| 254 | /* Cipher 09 */ | ||
| 255 | { | ||
| 256 | .valid = 1, | ||
| 257 | .name = SSL3_TXT_RSA_DES_64_CBC_SHA, | ||
| 258 | .id = SSL3_CK_RSA_DES_64_CBC_SHA, | ||
| 259 | .algorithm_mkey = SSL_kRSA, | ||
| 260 | .algorithm_auth = SSL_aRSA, | ||
| 261 | .algorithm_enc = SSL_DES, | ||
| 262 | .algorithm_mac = SSL_SHA1, | ||
| 263 | .algorithm_ssl = SSL_SSLV3, | ||
| 264 | .algo_strength = SSL_LOW, | ||
| 265 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 266 | .strength_bits = 56, | ||
| 267 | .alg_bits = 56, | ||
| 268 | }, | ||
| 269 | |||
| 270 | /* Cipher 0A */ | ||
| 271 | { | ||
| 272 | .valid = 1, | ||
| 273 | .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, | ||
| 274 | .id = SSL3_CK_RSA_DES_192_CBC3_SHA, | ||
| 275 | .algorithm_mkey = SSL_kRSA, | ||
| 276 | .algorithm_auth = SSL_aRSA, | ||
| 277 | .algorithm_enc = SSL_3DES, | ||
| 278 | .algorithm_mac = SSL_SHA1, | ||
| 279 | .algorithm_ssl = SSL_SSLV3, | ||
| 280 | .algo_strength = SSL_HIGH, | ||
| 281 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 282 | .strength_bits = 112, | ||
| 283 | .alg_bits = 168, | ||
| 284 | }, | ||
| 285 | |||
| 286 | /* | ||
| 287 | * Ephemeral DH (DHE) ciphers. | ||
| 288 | */ | ||
| 289 | |||
| 290 | /* Cipher 12 */ | ||
| 291 | { | ||
| 292 | .valid = 1, | ||
| 293 | .name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | ||
| 294 | .id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | ||
| 295 | .algorithm_mkey = SSL_kDHE, | ||
| 296 | .algorithm_auth = SSL_aDSS, | ||
| 297 | .algorithm_enc = SSL_DES, | ||
| 298 | .algorithm_mac = SSL_SHA1, | ||
| 299 | .algorithm_ssl = SSL_SSLV3, | ||
| 300 | .algo_strength = SSL_LOW, | ||
| 301 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 302 | .strength_bits = 56, | ||
| 303 | .alg_bits = 56, | ||
| 304 | }, | ||
| 305 | |||
| 306 | /* Cipher 13 */ | ||
| 307 | { | ||
| 308 | .valid = 1, | ||
| 309 | .name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | ||
| 310 | .id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | ||
| 311 | .algorithm_mkey = SSL_kDHE, | ||
| 312 | .algorithm_auth = SSL_aDSS, | ||
| 313 | .algorithm_enc = SSL_3DES, | ||
| 314 | .algorithm_mac = SSL_SHA1, | ||
| 315 | .algorithm_ssl = SSL_SSLV3, | ||
| 316 | .algo_strength = SSL_HIGH, | ||
| 317 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 318 | .strength_bits = 112, | ||
| 319 | .alg_bits = 168, | ||
| 320 | }, | ||
| 321 | |||
| 322 | /* Cipher 15 */ | ||
| 323 | { | ||
| 324 | .valid = 1, | ||
| 325 | .name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | ||
| 326 | .id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | ||
| 327 | .algorithm_mkey = SSL_kDHE, | ||
| 328 | .algorithm_auth = SSL_aRSA, | ||
| 329 | .algorithm_enc = SSL_DES, | ||
| 330 | .algorithm_mac = SSL_SHA1, | ||
| 331 | .algorithm_ssl = SSL_SSLV3, | ||
| 332 | .algo_strength = SSL_LOW, | ||
| 333 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 334 | .strength_bits = 56, | ||
| 335 | .alg_bits = 56, | ||
| 336 | }, | ||
| 337 | |||
| 338 | /* Cipher 16 */ | ||
| 339 | { | ||
| 340 | .valid = 1, | ||
| 341 | .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | ||
| 342 | .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | ||
| 343 | .algorithm_mkey = SSL_kDHE, | ||
| 344 | .algorithm_auth = SSL_aRSA, | ||
| 345 | .algorithm_enc = SSL_3DES, | ||
| 346 | .algorithm_mac = SSL_SHA1, | ||
| 347 | .algorithm_ssl = SSL_SSLV3, | ||
| 348 | .algo_strength = SSL_HIGH, | ||
| 349 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 350 | .strength_bits = 112, | ||
| 351 | .alg_bits = 168, | ||
| 352 | }, | ||
| 353 | |||
| 354 | /* Cipher 18 */ | ||
| 355 | { | ||
| 356 | .valid = 1, | ||
| 357 | .name = SSL3_TXT_ADH_RC4_128_MD5, | ||
| 358 | .id = SSL3_CK_ADH_RC4_128_MD5, | ||
| 359 | .algorithm_mkey = SSL_kDHE, | ||
| 360 | .algorithm_auth = SSL_aNULL, | ||
| 361 | .algorithm_enc = SSL_RC4, | ||
| 362 | .algorithm_mac = SSL_MD5, | ||
| 363 | .algorithm_ssl = SSL_SSLV3, | ||
| 364 | .algo_strength = SSL_MEDIUM, | ||
| 365 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 366 | .strength_bits = 128, | ||
| 367 | .alg_bits = 128, | ||
| 368 | }, | ||
| 369 | |||
| 370 | /* Cipher 1A */ | ||
| 371 | { | ||
| 372 | .valid = 1, | ||
| 373 | .name = SSL3_TXT_ADH_DES_64_CBC_SHA, | ||
| 374 | .id = SSL3_CK_ADH_DES_64_CBC_SHA, | ||
| 375 | .algorithm_mkey = SSL_kDHE, | ||
| 376 | .algorithm_auth = SSL_aNULL, | ||
| 377 | .algorithm_enc = SSL_DES, | ||
| 378 | .algorithm_mac = SSL_SHA1, | ||
| 379 | .algorithm_ssl = SSL_SSLV3, | ||
| 380 | .algo_strength = SSL_LOW, | ||
| 381 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 382 | .strength_bits = 56, | ||
| 383 | .alg_bits = 56, | ||
| 384 | }, | ||
| 385 | |||
| 386 | /* Cipher 1B */ | ||
| 387 | { | ||
| 388 | .valid = 1, | ||
| 389 | .name = SSL3_TXT_ADH_DES_192_CBC_SHA, | ||
| 390 | .id = SSL3_CK_ADH_DES_192_CBC_SHA, | ||
| 391 | .algorithm_mkey = SSL_kDHE, | ||
| 392 | .algorithm_auth = SSL_aNULL, | ||
| 393 | .algorithm_enc = SSL_3DES, | ||
| 394 | .algorithm_mac = SSL_SHA1, | ||
| 395 | .algorithm_ssl = SSL_SSLV3, | ||
| 396 | .algo_strength = SSL_HIGH, | ||
| 397 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 398 | .strength_bits = 112, | ||
| 399 | .alg_bits = 168, | ||
| 400 | }, | ||
| 401 | |||
| 402 | /* | ||
| 403 | * AES ciphersuites. | ||
| 404 | */ | ||
| 405 | |||
| 406 | /* Cipher 2F */ | ||
| 407 | { | ||
| 408 | .valid = 1, | ||
| 409 | .name = TLS1_TXT_RSA_WITH_AES_128_SHA, | ||
| 410 | .id = TLS1_CK_RSA_WITH_AES_128_SHA, | ||
| 411 | .algorithm_mkey = SSL_kRSA, | ||
| 412 | .algorithm_auth = SSL_aRSA, | ||
| 413 | .algorithm_enc = SSL_AES128, | ||
| 414 | .algorithm_mac = SSL_SHA1, | ||
| 415 | .algorithm_ssl = SSL_TLSV1, | ||
| 416 | .algo_strength = SSL_HIGH, | ||
| 417 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 418 | .strength_bits = 128, | ||
| 419 | .alg_bits = 128, | ||
| 420 | }, | ||
| 421 | |||
| 422 | /* Cipher 32 */ | ||
| 423 | { | ||
| 424 | .valid = 1, | ||
| 425 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | ||
| 426 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | ||
| 427 | .algorithm_mkey = SSL_kDHE, | ||
| 428 | .algorithm_auth = SSL_aDSS, | ||
| 429 | .algorithm_enc = SSL_AES128, | ||
| 430 | .algorithm_mac = SSL_SHA1, | ||
| 431 | .algorithm_ssl = SSL_TLSV1, | ||
| 432 | .algo_strength = SSL_HIGH, | ||
| 433 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 434 | .strength_bits = 128, | ||
| 435 | .alg_bits = 128, | ||
| 436 | }, | ||
| 437 | |||
| 438 | /* Cipher 33 */ | ||
| 439 | { | ||
| 440 | .valid = 1, | ||
| 441 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | ||
| 442 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | ||
| 443 | .algorithm_mkey = SSL_kDHE, | ||
| 444 | .algorithm_auth = SSL_aRSA, | ||
| 445 | .algorithm_enc = SSL_AES128, | ||
| 446 | .algorithm_mac = SSL_SHA1, | ||
| 447 | .algorithm_ssl = SSL_TLSV1, | ||
| 448 | .algo_strength = SSL_HIGH, | ||
| 449 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 450 | .strength_bits = 128, | ||
| 451 | .alg_bits = 128, | ||
| 452 | }, | ||
| 453 | |||
| 454 | /* Cipher 34 */ | ||
| 455 | { | ||
| 456 | .valid = 1, | ||
| 457 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA, | ||
| 458 | .id = TLS1_CK_ADH_WITH_AES_128_SHA, | ||
| 459 | .algorithm_mkey = SSL_kDHE, | ||
| 460 | .algorithm_auth = SSL_aNULL, | ||
| 461 | .algorithm_enc = SSL_AES128, | ||
| 462 | .algorithm_mac = SSL_SHA1, | ||
| 463 | .algorithm_ssl = SSL_TLSV1, | ||
| 464 | .algo_strength = SSL_HIGH, | ||
| 465 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 466 | .strength_bits = 128, | ||
| 467 | .alg_bits = 128, | ||
| 468 | }, | ||
| 469 | |||
| 470 | /* Cipher 35 */ | ||
| 471 | { | ||
| 472 | .valid = 1, | ||
| 473 | .name = TLS1_TXT_RSA_WITH_AES_256_SHA, | ||
| 474 | .id = TLS1_CK_RSA_WITH_AES_256_SHA, | ||
| 475 | .algorithm_mkey = SSL_kRSA, | ||
| 476 | .algorithm_auth = SSL_aRSA, | ||
| 477 | .algorithm_enc = SSL_AES256, | ||
| 478 | .algorithm_mac = SSL_SHA1, | ||
| 479 | .algorithm_ssl = SSL_TLSV1, | ||
| 480 | .algo_strength = SSL_HIGH, | ||
| 481 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 482 | .strength_bits = 256, | ||
| 483 | .alg_bits = 256, | ||
| 484 | }, | ||
| 485 | |||
| 486 | /* Cipher 38 */ | ||
| 487 | { | ||
| 488 | .valid = 1, | ||
| 489 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | ||
| 490 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | ||
| 491 | .algorithm_mkey = SSL_kDHE, | ||
| 492 | .algorithm_auth = SSL_aDSS, | ||
| 493 | .algorithm_enc = SSL_AES256, | ||
| 494 | .algorithm_mac = SSL_SHA1, | ||
| 495 | .algorithm_ssl = SSL_TLSV1, | ||
| 496 | .algo_strength = SSL_HIGH, | ||
| 497 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 498 | .strength_bits = 256, | ||
| 499 | .alg_bits = 256, | ||
| 500 | }, | ||
| 501 | |||
| 502 | /* Cipher 39 */ | ||
| 503 | { | ||
| 504 | .valid = 1, | ||
| 505 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | ||
| 506 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | ||
| 507 | .algorithm_mkey = SSL_kDHE, | ||
| 508 | .algorithm_auth = SSL_aRSA, | ||
| 509 | .algorithm_enc = SSL_AES256, | ||
| 510 | .algorithm_mac = SSL_SHA1, | ||
| 511 | .algorithm_ssl = SSL_TLSV1, | ||
| 512 | .algo_strength = SSL_HIGH, | ||
| 513 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 514 | .strength_bits = 256, | ||
| 515 | .alg_bits = 256, | ||
| 516 | }, | ||
| 517 | |||
| 518 | /* Cipher 3A */ | ||
| 519 | { | ||
| 520 | .valid = 1, | ||
| 521 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA, | ||
| 522 | .id = TLS1_CK_ADH_WITH_AES_256_SHA, | ||
| 523 | .algorithm_mkey = SSL_kDHE, | ||
| 524 | .algorithm_auth = SSL_aNULL, | ||
| 525 | .algorithm_enc = SSL_AES256, | ||
| 526 | .algorithm_mac = SSL_SHA1, | ||
| 527 | .algorithm_ssl = SSL_TLSV1, | ||
| 528 | .algo_strength = SSL_HIGH, | ||
| 529 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 530 | .strength_bits = 256, | ||
| 531 | .alg_bits = 256, | ||
| 532 | }, | ||
| 533 | |||
| 534 | /* TLS v1.2 ciphersuites */ | ||
| 535 | /* Cipher 3B */ | ||
| 536 | { | ||
| 537 | .valid = 1, | ||
| 538 | .name = TLS1_TXT_RSA_WITH_NULL_SHA256, | ||
| 539 | .id = TLS1_CK_RSA_WITH_NULL_SHA256, | ||
| 540 | .algorithm_mkey = SSL_kRSA, | ||
| 541 | .algorithm_auth = SSL_aRSA, | ||
| 542 | .algorithm_enc = SSL_eNULL, | ||
| 543 | .algorithm_mac = SSL_SHA256, | ||
| 544 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 545 | .algo_strength = SSL_STRONG_NONE, | ||
| 546 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 547 | .strength_bits = 0, | ||
| 548 | .alg_bits = 0, | ||
| 549 | }, | ||
| 550 | |||
| 551 | /* Cipher 3C */ | ||
| 552 | { | ||
| 553 | .valid = 1, | ||
| 554 | .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, | ||
| 555 | .id = TLS1_CK_RSA_WITH_AES_128_SHA256, | ||
| 556 | .algorithm_mkey = SSL_kRSA, | ||
| 557 | .algorithm_auth = SSL_aRSA, | ||
| 558 | .algorithm_enc = SSL_AES128, | ||
| 559 | .algorithm_mac = SSL_SHA256, | ||
| 560 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 561 | .algo_strength = SSL_HIGH, | ||
| 562 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 563 | .strength_bits = 128, | ||
| 564 | .alg_bits = 128, | ||
| 565 | }, | ||
| 566 | |||
| 567 | /* Cipher 3D */ | ||
| 568 | { | ||
| 569 | .valid = 1, | ||
| 570 | .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, | ||
| 571 | .id = TLS1_CK_RSA_WITH_AES_256_SHA256, | ||
| 572 | .algorithm_mkey = SSL_kRSA, | ||
| 573 | .algorithm_auth = SSL_aRSA, | ||
| 574 | .algorithm_enc = SSL_AES256, | ||
| 575 | .algorithm_mac = SSL_SHA256, | ||
| 576 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 577 | .algo_strength = SSL_HIGH, | ||
| 578 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 579 | .strength_bits = 256, | ||
| 580 | .alg_bits = 256, | ||
| 581 | }, | ||
| 582 | |||
| 583 | /* Cipher 40 */ | ||
| 584 | { | ||
| 585 | .valid = 1, | ||
| 586 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256, | ||
| 587 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256, | ||
| 588 | .algorithm_mkey = SSL_kDHE, | ||
| 589 | .algorithm_auth = SSL_aDSS, | ||
| 590 | .algorithm_enc = SSL_AES128, | ||
| 591 | .algorithm_mac = SSL_SHA256, | ||
| 592 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 593 | .algo_strength = SSL_HIGH, | ||
| 594 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 595 | .strength_bits = 128, | ||
| 596 | .alg_bits = 128, | ||
| 597 | }, | ||
| 598 | |||
| 599 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 600 | /* Camellia ciphersuites from RFC4132 (128-bit portion) */ | ||
| 601 | |||
| 602 | /* Cipher 41 */ | ||
| 603 | { | ||
| 604 | .valid = 1, | ||
| 605 | .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 606 | .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 607 | .algorithm_mkey = SSL_kRSA, | ||
| 608 | .algorithm_auth = SSL_aRSA, | ||
| 609 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 610 | .algorithm_mac = SSL_SHA1, | ||
| 611 | .algorithm_ssl = SSL_TLSV1, | ||
| 612 | .algo_strength = SSL_HIGH, | ||
| 613 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 614 | .strength_bits = 128, | ||
| 615 | .alg_bits = 128, | ||
| 616 | }, | ||
| 617 | |||
| 618 | /* Cipher 44 */ | ||
| 619 | { | ||
| 620 | .valid = 1, | ||
| 621 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 622 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, | ||
| 623 | .algorithm_mkey = SSL_kDHE, | ||
| 624 | .algorithm_auth = SSL_aDSS, | ||
| 625 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 626 | .algorithm_mac = SSL_SHA1, | ||
| 627 | .algorithm_ssl = SSL_TLSV1, | ||
| 628 | .algo_strength = SSL_HIGH, | ||
| 629 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 630 | .strength_bits = 128, | ||
| 631 | .alg_bits = 128, | ||
| 632 | }, | ||
| 633 | |||
| 634 | /* Cipher 45 */ | ||
| 635 | { | ||
| 636 | .valid = 1, | ||
| 637 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 638 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, | ||
| 639 | .algorithm_mkey = SSL_kDHE, | ||
| 640 | .algorithm_auth = SSL_aRSA, | ||
| 641 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 642 | .algorithm_mac = SSL_SHA1, | ||
| 643 | .algorithm_ssl = SSL_TLSV1, | ||
| 644 | .algo_strength = SSL_HIGH, | ||
| 645 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 646 | .strength_bits = 128, | ||
| 647 | .alg_bits = 128, | ||
| 648 | }, | ||
| 649 | |||
| 650 | /* Cipher 46 */ | ||
| 651 | { | ||
| 652 | .valid = 1, | ||
| 653 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
| 654 | .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, | ||
| 655 | .algorithm_mkey = SSL_kDHE, | ||
| 656 | .algorithm_auth = SSL_aNULL, | ||
| 657 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 658 | .algorithm_mac = SSL_SHA1, | ||
| 659 | .algorithm_ssl = SSL_TLSV1, | ||
| 660 | .algo_strength = SSL_HIGH, | ||
| 661 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 662 | .strength_bits = 128, | ||
| 663 | .alg_bits = 128, | ||
| 664 | }, | ||
| 665 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
| 666 | |||
| 667 | /* TLS v1.2 ciphersuites */ | ||
| 668 | /* Cipher 67 */ | ||
| 669 | { | ||
| 670 | .valid = 1, | ||
| 671 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, | ||
| 672 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, | ||
| 673 | .algorithm_mkey = SSL_kDHE, | ||
| 674 | .algorithm_auth = SSL_aRSA, | ||
| 675 | .algorithm_enc = SSL_AES128, | ||
| 676 | .algorithm_mac = SSL_SHA256, | ||
| 677 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 678 | .algo_strength = SSL_HIGH, | ||
| 679 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 680 | .strength_bits = 128, | ||
| 681 | .alg_bits = 128, | ||
| 682 | }, | ||
| 683 | |||
| 684 | /* Cipher 6A */ | ||
| 685 | { | ||
| 686 | .valid = 1, | ||
| 687 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256, | ||
| 688 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256, | ||
| 689 | .algorithm_mkey = SSL_kDHE, | ||
| 690 | .algorithm_auth = SSL_aDSS, | ||
| 691 | .algorithm_enc = SSL_AES256, | ||
| 692 | .algorithm_mac = SSL_SHA256, | ||
| 693 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 694 | .algo_strength = SSL_HIGH, | ||
| 695 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 696 | .strength_bits = 256, | ||
| 697 | .alg_bits = 256, | ||
| 698 | }, | ||
| 699 | |||
| 700 | /* Cipher 6B */ | ||
| 701 | { | ||
| 702 | .valid = 1, | ||
| 703 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, | ||
| 704 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, | ||
| 705 | .algorithm_mkey = SSL_kDHE, | ||
| 706 | .algorithm_auth = SSL_aRSA, | ||
| 707 | .algorithm_enc = SSL_AES256, | ||
| 708 | .algorithm_mac = SSL_SHA256, | ||
| 709 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 710 | .algo_strength = SSL_HIGH, | ||
| 711 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 712 | .strength_bits = 256, | ||
| 713 | .alg_bits = 256, | ||
| 714 | }, | ||
| 715 | |||
| 716 | /* Cipher 6C */ | ||
| 717 | { | ||
| 718 | .valid = 1, | ||
| 719 | .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, | ||
| 720 | .id = TLS1_CK_ADH_WITH_AES_128_SHA256, | ||
| 721 | .algorithm_mkey = SSL_kDHE, | ||
| 722 | .algorithm_auth = SSL_aNULL, | ||
| 723 | .algorithm_enc = SSL_AES128, | ||
| 724 | .algorithm_mac = SSL_SHA256, | ||
| 725 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 726 | .algo_strength = SSL_HIGH, | ||
| 727 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 728 | .strength_bits = 128, | ||
| 729 | .alg_bits = 128, | ||
| 730 | }, | ||
| 731 | |||
| 732 | /* Cipher 6D */ | ||
| 733 | { | ||
| 734 | .valid = 1, | ||
| 735 | .name = TLS1_TXT_ADH_WITH_AES_256_SHA256, | ||
| 736 | .id = TLS1_CK_ADH_WITH_AES_256_SHA256, | ||
| 737 | .algorithm_mkey = SSL_kDHE, | ||
| 738 | .algorithm_auth = SSL_aNULL, | ||
| 739 | .algorithm_enc = SSL_AES256, | ||
| 740 | .algorithm_mac = SSL_SHA256, | ||
| 741 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 742 | .algo_strength = SSL_HIGH, | ||
| 743 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 744 | .strength_bits = 256, | ||
| 745 | .alg_bits = 256, | ||
| 746 | }, | ||
| 747 | |||
| 748 | /* GOST Ciphersuites */ | ||
| 749 | |||
| 750 | /* Cipher 81 */ | ||
| 751 | { | ||
| 752 | .valid = 1, | ||
| 753 | .name = "GOST2001-GOST89-GOST89", | ||
| 754 | .id = 0x3000081, | ||
| 755 | .algorithm_mkey = SSL_kGOST, | ||
| 756 | .algorithm_auth = SSL_aGOST01, | ||
| 757 | .algorithm_enc = SSL_eGOST2814789CNT, | ||
| 758 | .algorithm_mac = SSL_GOST89MAC, | ||
| 759 | .algorithm_ssl = SSL_TLSV1, | ||
| 760 | .algo_strength = SSL_HIGH, | ||
| 761 | .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| | ||
| 762 | TLS1_STREAM_MAC, | ||
| 763 | .strength_bits = 256, | ||
| 764 | .alg_bits = 256 | ||
| 765 | }, | ||
| 766 | |||
| 767 | /* Cipher 83 */ | ||
| 768 | { | ||
| 769 | .valid = 1, | ||
| 770 | .name = "GOST2001-NULL-GOST94", | ||
| 771 | .id = 0x3000083, | ||
| 772 | .algorithm_mkey = SSL_kGOST, | ||
| 773 | .algorithm_auth = SSL_aGOST01, | ||
| 774 | .algorithm_enc = SSL_eNULL, | ||
| 775 | .algorithm_mac = SSL_GOST94, | ||
| 776 | .algorithm_ssl = SSL_TLSV1, | ||
| 777 | .algo_strength = SSL_STRONG_NONE, | ||
| 778 | .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, | ||
| 779 | .strength_bits = 0, | ||
| 780 | .alg_bits = 0 | ||
| 781 | }, | ||
| 782 | |||
| 783 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 784 | /* Camellia ciphersuites from RFC4132 (256-bit portion) */ | ||
| 785 | |||
| 786 | /* Cipher 84 */ | ||
| 787 | { | ||
| 788 | .valid = 1, | ||
| 789 | .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 790 | .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 791 | .algorithm_mkey = SSL_kRSA, | ||
| 792 | .algorithm_auth = SSL_aRSA, | ||
| 793 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 794 | .algorithm_mac = SSL_SHA1, | ||
| 795 | .algorithm_ssl = SSL_TLSV1, | ||
| 796 | .algo_strength = SSL_HIGH, | ||
| 797 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 798 | .strength_bits = 256, | ||
| 799 | .alg_bits = 256, | ||
| 800 | }, | ||
| 801 | |||
| 802 | /* Cipher 87 */ | ||
| 803 | { | ||
| 804 | .valid = 1, | ||
| 805 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 806 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, | ||
| 807 | .algorithm_mkey = SSL_kDHE, | ||
| 808 | .algorithm_auth = SSL_aDSS, | ||
| 809 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 810 | .algorithm_mac = SSL_SHA1, | ||
| 811 | .algorithm_ssl = SSL_TLSV1, | ||
| 812 | .algo_strength = SSL_HIGH, | ||
| 813 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 814 | .strength_bits = 256, | ||
| 815 | .alg_bits = 256, | ||
| 816 | }, | ||
| 817 | |||
| 818 | /* Cipher 88 */ | ||
| 819 | { | ||
| 820 | .valid = 1, | ||
| 821 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 822 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, | ||
| 823 | .algorithm_mkey = SSL_kDHE, | ||
| 824 | .algorithm_auth = SSL_aRSA, | ||
| 825 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 826 | .algorithm_mac = SSL_SHA1, | ||
| 827 | .algorithm_ssl = SSL_TLSV1, | ||
| 828 | .algo_strength = SSL_HIGH, | ||
| 829 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 830 | .strength_bits = 256, | ||
| 831 | .alg_bits = 256, | ||
| 832 | }, | ||
| 833 | |||
| 834 | /* Cipher 89 */ | ||
| 835 | { | ||
| 836 | .valid = 1, | ||
| 837 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
| 838 | .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, | ||
| 839 | .algorithm_mkey = SSL_kDHE, | ||
| 840 | .algorithm_auth = SSL_aNULL, | ||
| 841 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 842 | .algorithm_mac = SSL_SHA1, | ||
| 843 | .algorithm_ssl = SSL_TLSV1, | ||
| 844 | .algo_strength = SSL_HIGH, | ||
| 845 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 846 | .strength_bits = 256, | ||
| 847 | .alg_bits = 256, | ||
| 848 | }, | ||
| 849 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
| 850 | |||
| 851 | /* | ||
| 852 | * GCM ciphersuites from RFC5288. | ||
| 853 | */ | ||
| 854 | |||
| 855 | /* Cipher 9C */ | ||
| 856 | { | ||
| 857 | .valid = 1, | ||
| 858 | .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, | ||
| 859 | .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, | ||
| 860 | .algorithm_mkey = SSL_kRSA, | ||
| 861 | .algorithm_auth = SSL_aRSA, | ||
| 862 | .algorithm_enc = SSL_AES128GCM, | ||
| 863 | .algorithm_mac = SSL_AEAD, | ||
| 864 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 865 | .algo_strength = SSL_HIGH, | ||
| 866 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 867 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 868 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 869 | .strength_bits = 128, | ||
| 870 | .alg_bits = 128, | ||
| 871 | }, | ||
| 872 | |||
| 873 | /* Cipher 9D */ | ||
| 874 | { | ||
| 875 | .valid = 1, | ||
| 876 | .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, | ||
| 877 | .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, | ||
| 878 | .algorithm_mkey = SSL_kRSA, | ||
| 879 | .algorithm_auth = SSL_aRSA, | ||
| 880 | .algorithm_enc = SSL_AES256GCM, | ||
| 881 | .algorithm_mac = SSL_AEAD, | ||
| 882 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 883 | .algo_strength = SSL_HIGH, | ||
| 884 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 885 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 886 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 887 | .strength_bits = 256, | ||
| 888 | .alg_bits = 256, | ||
| 889 | }, | ||
| 890 | |||
| 891 | /* Cipher 9E */ | ||
| 892 | { | ||
| 893 | .valid = 1, | ||
| 894 | .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, | ||
| 895 | .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, | ||
| 896 | .algorithm_mkey = SSL_kDHE, | ||
| 897 | .algorithm_auth = SSL_aRSA, | ||
| 898 | .algorithm_enc = SSL_AES128GCM, | ||
| 899 | .algorithm_mac = SSL_AEAD, | ||
| 900 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 901 | .algo_strength = SSL_HIGH, | ||
| 902 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 903 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 904 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 905 | .strength_bits = 128, | ||
| 906 | .alg_bits = 128, | ||
| 907 | }, | ||
| 908 | |||
| 909 | /* Cipher 9F */ | ||
| 910 | { | ||
| 911 | .valid = 1, | ||
| 912 | .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, | ||
| 913 | .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, | ||
| 914 | .algorithm_mkey = SSL_kDHE, | ||
| 915 | .algorithm_auth = SSL_aRSA, | ||
| 916 | .algorithm_enc = SSL_AES256GCM, | ||
| 917 | .algorithm_mac = SSL_AEAD, | ||
| 918 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 919 | .algo_strength = SSL_HIGH, | ||
| 920 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 921 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 922 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 923 | .strength_bits = 256, | ||
| 924 | .alg_bits = 256, | ||
| 925 | }, | ||
| 926 | |||
| 927 | /* Cipher A2 */ | ||
| 928 | { | ||
| 929 | .valid = 1, | ||
| 930 | .name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256, | ||
| 931 | .id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256, | ||
| 932 | .algorithm_mkey = SSL_kDHE, | ||
| 933 | .algorithm_auth = SSL_aDSS, | ||
| 934 | .algorithm_enc = SSL_AES128GCM, | ||
| 935 | .algorithm_mac = SSL_AEAD, | ||
| 936 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 937 | .algo_strength = SSL_HIGH, | ||
| 938 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 939 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 940 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 941 | .strength_bits = 128, | ||
| 942 | .alg_bits = 128, | ||
| 943 | }, | ||
| 944 | |||
| 945 | /* Cipher A3 */ | ||
| 946 | { | ||
| 947 | .valid = 1, | ||
| 948 | .name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384, | ||
| 949 | .id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384, | ||
| 950 | .algorithm_mkey = SSL_kDHE, | ||
| 951 | .algorithm_auth = SSL_aDSS, | ||
| 952 | .algorithm_enc = SSL_AES256GCM, | ||
| 953 | .algorithm_mac = SSL_AEAD, | ||
| 954 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 955 | .algo_strength = SSL_HIGH, | ||
| 956 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 957 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 958 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 959 | .strength_bits = 256, | ||
| 960 | .alg_bits = 256, | ||
| 961 | }, | ||
| 962 | |||
| 963 | /* Cipher A6 */ | ||
| 964 | { | ||
| 965 | .valid = 1, | ||
| 966 | .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, | ||
| 967 | .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, | ||
| 968 | .algorithm_mkey = SSL_kDHE, | ||
| 969 | .algorithm_auth = SSL_aNULL, | ||
| 970 | .algorithm_enc = SSL_AES128GCM, | ||
| 971 | .algorithm_mac = SSL_AEAD, | ||
| 972 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 973 | .algo_strength = SSL_HIGH, | ||
| 974 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 975 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 976 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 977 | .strength_bits = 128, | ||
| 978 | .alg_bits = 128, | ||
| 979 | }, | ||
| 980 | |||
| 981 | /* Cipher A7 */ | ||
| 982 | { | ||
| 983 | .valid = 1, | ||
| 984 | .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, | ||
| 985 | .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, | ||
| 986 | .algorithm_mkey = SSL_kDHE, | ||
| 987 | .algorithm_auth = SSL_aNULL, | ||
| 988 | .algorithm_enc = SSL_AES256GCM, | ||
| 989 | .algorithm_mac = SSL_AEAD, | ||
| 990 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 991 | .algo_strength = SSL_HIGH, | ||
| 992 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 993 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 994 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 995 | .strength_bits = 256, | ||
| 996 | .alg_bits = 256, | ||
| 997 | }, | ||
| 998 | |||
| 999 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 1000 | /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ | ||
| 1001 | |||
| 1002 | /* Cipher BA */ | ||
| 1003 | { | ||
| 1004 | .valid = 1, | ||
| 1005 | .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1006 | .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1007 | .algorithm_mkey = SSL_kRSA, | ||
| 1008 | .algorithm_auth = SSL_aRSA, | ||
| 1009 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 1010 | .algorithm_mac = SSL_SHA256, | ||
| 1011 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1012 | .algo_strength = SSL_HIGH, | ||
| 1013 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1014 | .strength_bits = 128, | ||
| 1015 | .alg_bits = 128, | ||
| 1016 | }, | ||
| 1017 | |||
| 1018 | /* Cipher BD */ | ||
| 1019 | { | ||
| 1020 | .valid = 1, | ||
| 1021 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1022 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1023 | .algorithm_mkey = SSL_kDHE, | ||
| 1024 | .algorithm_auth = SSL_aDSS, | ||
| 1025 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 1026 | .algorithm_mac = SSL_SHA256, | ||
| 1027 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1028 | .algo_strength = SSL_HIGH, | ||
| 1029 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1030 | .strength_bits = 128, | ||
| 1031 | .alg_bits = 128, | ||
| 1032 | }, | ||
| 1033 | |||
| 1034 | /* Cipher BE */ | ||
| 1035 | { | ||
| 1036 | .valid = 1, | ||
| 1037 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1038 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1039 | .algorithm_mkey = SSL_kDHE, | ||
| 1040 | .algorithm_auth = SSL_aRSA, | ||
| 1041 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 1042 | .algorithm_mac = SSL_SHA256, | ||
| 1043 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1044 | .algo_strength = SSL_HIGH, | ||
| 1045 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1046 | .strength_bits = 128, | ||
| 1047 | .alg_bits = 128, | ||
| 1048 | }, | ||
| 1049 | |||
| 1050 | /* Cipher BF */ | ||
| 1051 | { | ||
| 1052 | .valid = 1, | ||
| 1053 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1054 | .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, | ||
| 1055 | .algorithm_mkey = SSL_kDHE, | ||
| 1056 | .algorithm_auth = SSL_aNULL, | ||
| 1057 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 1058 | .algorithm_mac = SSL_SHA256, | ||
| 1059 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1060 | .algo_strength = SSL_HIGH, | ||
| 1061 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1062 | .strength_bits = 128, | ||
| 1063 | .alg_bits = 128, | ||
| 1064 | }, | ||
| 1065 | |||
| 1066 | /* Cipher C0 */ | ||
| 1067 | { | ||
| 1068 | .valid = 1, | ||
| 1069 | .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1070 | .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1071 | .algorithm_mkey = SSL_kRSA, | ||
| 1072 | .algorithm_auth = SSL_aRSA, | ||
| 1073 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 1074 | .algorithm_mac = SSL_SHA256, | ||
| 1075 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1076 | .algo_strength = SSL_HIGH, | ||
| 1077 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1078 | .strength_bits = 256, | ||
| 1079 | .alg_bits = 256, | ||
| 1080 | }, | ||
| 1081 | |||
| 1082 | /* Cipher C3 */ | ||
| 1083 | { | ||
| 1084 | .valid = 1, | ||
| 1085 | .name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1086 | .id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1087 | .algorithm_mkey = SSL_kDHE, | ||
| 1088 | .algorithm_auth = SSL_aDSS, | ||
| 1089 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 1090 | .algorithm_mac = SSL_SHA256, | ||
| 1091 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1092 | .algo_strength = SSL_HIGH, | ||
| 1093 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1094 | .strength_bits = 256, | ||
| 1095 | .alg_bits = 256, | ||
| 1096 | }, | ||
| 1097 | |||
| 1098 | /* Cipher C4 */ | ||
| 1099 | { | ||
| 1100 | .valid = 1, | ||
| 1101 | .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1102 | .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1103 | .algorithm_mkey = SSL_kDHE, | ||
| 1104 | .algorithm_auth = SSL_aRSA, | ||
| 1105 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 1106 | .algorithm_mac = SSL_SHA256, | ||
| 1107 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1108 | .algo_strength = SSL_HIGH, | ||
| 1109 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1110 | .strength_bits = 256, | ||
| 1111 | .alg_bits = 256, | ||
| 1112 | }, | ||
| 1113 | |||
| 1114 | /* Cipher C5 */ | ||
| 1115 | { | ||
| 1116 | .valid = 1, | ||
| 1117 | .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1118 | .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, | ||
| 1119 | .algorithm_mkey = SSL_kDHE, | ||
| 1120 | .algorithm_auth = SSL_aNULL, | ||
| 1121 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 1122 | .algorithm_mac = SSL_SHA256, | ||
| 1123 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1124 | .algo_strength = SSL_HIGH, | ||
| 1125 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1126 | .strength_bits = 256, | ||
| 1127 | .alg_bits = 256, | ||
| 1128 | }, | ||
| 1129 | #endif /* OPENSSL_NO_CAMELLIA */ | ||
| 1130 | |||
| 1131 | /* Cipher C001 */ | ||
| 1132 | { | ||
| 1133 | .valid = 1, | ||
| 1134 | .name = TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, | ||
| 1135 | .id = TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, | ||
| 1136 | .algorithm_mkey = SSL_kECDHe, | ||
| 1137 | .algorithm_auth = SSL_aECDH, | ||
| 1138 | .algorithm_enc = SSL_eNULL, | ||
| 1139 | .algorithm_mac = SSL_SHA1, | ||
| 1140 | .algorithm_ssl = SSL_TLSV1, | ||
| 1141 | .algo_strength = SSL_STRONG_NONE, | ||
| 1142 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1143 | .strength_bits = 0, | ||
| 1144 | .alg_bits = 0, | ||
| 1145 | }, | ||
| 1146 | |||
| 1147 | /* Cipher C002 */ | ||
| 1148 | { | ||
| 1149 | .valid = 1, | ||
| 1150 | .name = TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, | ||
| 1151 | .id = TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, | ||
| 1152 | .algorithm_mkey = SSL_kECDHe, | ||
| 1153 | .algorithm_auth = SSL_aECDH, | ||
| 1154 | .algorithm_enc = SSL_RC4, | ||
| 1155 | .algorithm_mac = SSL_SHA1, | ||
| 1156 | .algorithm_ssl = SSL_TLSV1, | ||
| 1157 | .algo_strength = SSL_MEDIUM, | ||
| 1158 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1159 | .strength_bits = 128, | ||
| 1160 | .alg_bits = 128, | ||
| 1161 | }, | ||
| 1162 | |||
| 1163 | /* Cipher C003 */ | ||
| 1164 | { | ||
| 1165 | .valid = 1, | ||
| 1166 | .name = TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, | ||
| 1167 | .id = TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, | ||
| 1168 | .algorithm_mkey = SSL_kECDHe, | ||
| 1169 | .algorithm_auth = SSL_aECDH, | ||
| 1170 | .algorithm_enc = SSL_3DES, | ||
| 1171 | .algorithm_mac = SSL_SHA1, | ||
| 1172 | .algorithm_ssl = SSL_TLSV1, | ||
| 1173 | .algo_strength = SSL_HIGH, | ||
| 1174 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1175 | .strength_bits = 112, | ||
| 1176 | .alg_bits = 168, | ||
| 1177 | }, | ||
| 1178 | |||
| 1179 | /* Cipher C004 */ | ||
| 1180 | { | ||
| 1181 | .valid = 1, | ||
| 1182 | .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | ||
| 1183 | .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, | ||
| 1184 | .algorithm_mkey = SSL_kECDHe, | ||
| 1185 | .algorithm_auth = SSL_aECDH, | ||
| 1186 | .algorithm_enc = SSL_AES128, | ||
| 1187 | .algorithm_mac = SSL_SHA1, | ||
| 1188 | .algorithm_ssl = SSL_TLSV1, | ||
| 1189 | .algo_strength = SSL_HIGH, | ||
| 1190 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1191 | .strength_bits = 128, | ||
| 1192 | .alg_bits = 128, | ||
| 1193 | }, | ||
| 1194 | |||
| 1195 | /* Cipher C005 */ | ||
| 1196 | { | ||
| 1197 | .valid = 1, | ||
| 1198 | .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | ||
| 1199 | .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, | ||
| 1200 | .algorithm_mkey = SSL_kECDHe, | ||
| 1201 | .algorithm_auth = SSL_aECDH, | ||
| 1202 | .algorithm_enc = SSL_AES256, | ||
| 1203 | .algorithm_mac = SSL_SHA1, | ||
| 1204 | .algorithm_ssl = SSL_TLSV1, | ||
| 1205 | .algo_strength = SSL_HIGH, | ||
| 1206 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1207 | .strength_bits = 256, | ||
| 1208 | .alg_bits = 256, | ||
| 1209 | }, | ||
| 1210 | |||
| 1211 | /* Cipher C006 */ | ||
| 1212 | { | ||
| 1213 | .valid = 1, | ||
| 1214 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, | ||
| 1215 | .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, | ||
| 1216 | .algorithm_mkey = SSL_kECDHE, | ||
| 1217 | .algorithm_auth = SSL_aECDSA, | ||
| 1218 | .algorithm_enc = SSL_eNULL, | ||
| 1219 | .algorithm_mac = SSL_SHA1, | ||
| 1220 | .algorithm_ssl = SSL_TLSV1, | ||
| 1221 | .algo_strength = SSL_STRONG_NONE, | ||
| 1222 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1223 | .strength_bits = 0, | ||
| 1224 | .alg_bits = 0, | ||
| 1225 | }, | ||
| 1226 | |||
| 1227 | /* Cipher C007 */ | ||
| 1228 | { | ||
| 1229 | .valid = 1, | ||
| 1230 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, | ||
| 1231 | .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, | ||
| 1232 | .algorithm_mkey = SSL_kECDHE, | ||
| 1233 | .algorithm_auth = SSL_aECDSA, | ||
| 1234 | .algorithm_enc = SSL_RC4, | ||
| 1235 | .algorithm_mac = SSL_SHA1, | ||
| 1236 | .algorithm_ssl = SSL_TLSV1, | ||
| 1237 | .algo_strength = SSL_MEDIUM, | ||
| 1238 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1239 | .strength_bits = 128, | ||
| 1240 | .alg_bits = 128, | ||
| 1241 | }, | ||
| 1242 | |||
| 1243 | /* Cipher C008 */ | ||
| 1244 | { | ||
| 1245 | .valid = 1, | ||
| 1246 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | ||
| 1247 | .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, | ||
| 1248 | .algorithm_mkey = SSL_kECDHE, | ||
| 1249 | .algorithm_auth = SSL_aECDSA, | ||
| 1250 | .algorithm_enc = SSL_3DES, | ||
| 1251 | .algorithm_mac = SSL_SHA1, | ||
| 1252 | .algorithm_ssl = SSL_TLSV1, | ||
| 1253 | .algo_strength = SSL_HIGH, | ||
| 1254 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1255 | .strength_bits = 112, | ||
| 1256 | .alg_bits = 168, | ||
| 1257 | }, | ||
| 1258 | |||
| 1259 | /* Cipher C009 */ | ||
| 1260 | { | ||
| 1261 | .valid = 1, | ||
| 1262 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | ||
| 1263 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, | ||
| 1264 | .algorithm_mkey = SSL_kECDHE, | ||
| 1265 | .algorithm_auth = SSL_aECDSA, | ||
| 1266 | .algorithm_enc = SSL_AES128, | ||
| 1267 | .algorithm_mac = SSL_SHA1, | ||
| 1268 | .algorithm_ssl = SSL_TLSV1, | ||
| 1269 | .algo_strength = SSL_HIGH, | ||
| 1270 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1271 | .strength_bits = 128, | ||
| 1272 | .alg_bits = 128, | ||
| 1273 | }, | ||
| 1274 | |||
| 1275 | /* Cipher C00A */ | ||
| 1276 | { | ||
| 1277 | .valid = 1, | ||
| 1278 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | ||
| 1279 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, | ||
| 1280 | .algorithm_mkey = SSL_kECDHE, | ||
| 1281 | .algorithm_auth = SSL_aECDSA, | ||
| 1282 | .algorithm_enc = SSL_AES256, | ||
| 1283 | .algorithm_mac = SSL_SHA1, | ||
| 1284 | .algorithm_ssl = SSL_TLSV1, | ||
| 1285 | .algo_strength = SSL_HIGH, | ||
| 1286 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1287 | .strength_bits = 256, | ||
| 1288 | .alg_bits = 256, | ||
| 1289 | }, | ||
| 1290 | |||
| 1291 | /* Cipher C00B */ | ||
| 1292 | { | ||
| 1293 | .valid = 1, | ||
| 1294 | .name = TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, | ||
| 1295 | .id = TLS1_CK_ECDH_RSA_WITH_NULL_SHA, | ||
| 1296 | .algorithm_mkey = SSL_kECDHr, | ||
| 1297 | .algorithm_auth = SSL_aECDH, | ||
| 1298 | .algorithm_enc = SSL_eNULL, | ||
| 1299 | .algorithm_mac = SSL_SHA1, | ||
| 1300 | .algorithm_ssl = SSL_TLSV1, | ||
| 1301 | .algo_strength = SSL_STRONG_NONE, | ||
| 1302 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1303 | .strength_bits = 0, | ||
| 1304 | .alg_bits = 0, | ||
| 1305 | }, | ||
| 1306 | |||
| 1307 | /* Cipher C00C */ | ||
| 1308 | { | ||
| 1309 | .valid = 1, | ||
| 1310 | .name = TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, | ||
| 1311 | .id = TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, | ||
| 1312 | .algorithm_mkey = SSL_kECDHr, | ||
| 1313 | .algorithm_auth = SSL_aECDH, | ||
| 1314 | .algorithm_enc = SSL_RC4, | ||
| 1315 | .algorithm_mac = SSL_SHA1, | ||
| 1316 | .algorithm_ssl = SSL_TLSV1, | ||
| 1317 | .algo_strength = SSL_MEDIUM, | ||
| 1318 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1319 | .strength_bits = 128, | ||
| 1320 | .alg_bits = 128, | ||
| 1321 | }, | ||
| 1322 | |||
| 1323 | /* Cipher C00D */ | ||
| 1324 | { | ||
| 1325 | .valid = 1, | ||
| 1326 | .name = TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1327 | .id = TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1328 | .algorithm_mkey = SSL_kECDHr, | ||
| 1329 | .algorithm_auth = SSL_aECDH, | ||
| 1330 | .algorithm_enc = SSL_3DES, | ||
| 1331 | .algorithm_mac = SSL_SHA1, | ||
| 1332 | .algorithm_ssl = SSL_TLSV1, | ||
| 1333 | .algo_strength = SSL_HIGH, | ||
| 1334 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1335 | .strength_bits = 112, | ||
| 1336 | .alg_bits = 168, | ||
| 1337 | }, | ||
| 1338 | |||
| 1339 | /* Cipher C00E */ | ||
| 1340 | { | ||
| 1341 | .valid = 1, | ||
| 1342 | .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
| 1343 | .id = TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, | ||
| 1344 | .algorithm_mkey = SSL_kECDHr, | ||
| 1345 | .algorithm_auth = SSL_aECDH, | ||
| 1346 | .algorithm_enc = SSL_AES128, | ||
| 1347 | .algorithm_mac = SSL_SHA1, | ||
| 1348 | .algorithm_ssl = SSL_TLSV1, | ||
| 1349 | .algo_strength = SSL_HIGH, | ||
| 1350 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1351 | .strength_bits = 128, | ||
| 1352 | .alg_bits = 128, | ||
| 1353 | }, | ||
| 1354 | |||
| 1355 | /* Cipher C00F */ | ||
| 1356 | { | ||
| 1357 | .valid = 1, | ||
| 1358 | .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
| 1359 | .id = TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, | ||
| 1360 | .algorithm_mkey = SSL_kECDHr, | ||
| 1361 | .algorithm_auth = SSL_aECDH, | ||
| 1362 | .algorithm_enc = SSL_AES256, | ||
| 1363 | .algorithm_mac = SSL_SHA1, | ||
| 1364 | .algorithm_ssl = SSL_TLSV1, | ||
| 1365 | .algo_strength = SSL_HIGH, | ||
| 1366 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1367 | .strength_bits = 256, | ||
| 1368 | .alg_bits = 256, | ||
| 1369 | }, | ||
| 1370 | |||
| 1371 | /* Cipher C010 */ | ||
| 1372 | { | ||
| 1373 | .valid = 1, | ||
| 1374 | .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, | ||
| 1375 | .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, | ||
| 1376 | .algorithm_mkey = SSL_kECDHE, | ||
| 1377 | .algorithm_auth = SSL_aRSA, | ||
| 1378 | .algorithm_enc = SSL_eNULL, | ||
| 1379 | .algorithm_mac = SSL_SHA1, | ||
| 1380 | .algorithm_ssl = SSL_TLSV1, | ||
| 1381 | .algo_strength = SSL_STRONG_NONE, | ||
| 1382 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1383 | .strength_bits = 0, | ||
| 1384 | .alg_bits = 0, | ||
| 1385 | }, | ||
| 1386 | |||
| 1387 | /* Cipher C011 */ | ||
| 1388 | { | ||
| 1389 | .valid = 1, | ||
| 1390 | .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, | ||
| 1391 | .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, | ||
| 1392 | .algorithm_mkey = SSL_kECDHE, | ||
| 1393 | .algorithm_auth = SSL_aRSA, | ||
| 1394 | .algorithm_enc = SSL_RC4, | ||
| 1395 | .algorithm_mac = SSL_SHA1, | ||
| 1396 | .algorithm_ssl = SSL_TLSV1, | ||
| 1397 | .algo_strength = SSL_MEDIUM, | ||
| 1398 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1399 | .strength_bits = 128, | ||
| 1400 | .alg_bits = 128, | ||
| 1401 | }, | ||
| 1402 | |||
| 1403 | /* Cipher C012 */ | ||
| 1404 | { | ||
| 1405 | .valid = 1, | ||
| 1406 | .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1407 | .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, | ||
| 1408 | .algorithm_mkey = SSL_kECDHE, | ||
| 1409 | .algorithm_auth = SSL_aRSA, | ||
| 1410 | .algorithm_enc = SSL_3DES, | ||
| 1411 | .algorithm_mac = SSL_SHA1, | ||
| 1412 | .algorithm_ssl = SSL_TLSV1, | ||
| 1413 | .algo_strength = SSL_HIGH, | ||
| 1414 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1415 | .strength_bits = 112, | ||
| 1416 | .alg_bits = 168, | ||
| 1417 | }, | ||
| 1418 | |||
| 1419 | /* Cipher C013 */ | ||
| 1420 | { | ||
| 1421 | .valid = 1, | ||
| 1422 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
| 1423 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, | ||
| 1424 | .algorithm_mkey = SSL_kECDHE, | ||
| 1425 | .algorithm_auth = SSL_aRSA, | ||
| 1426 | .algorithm_enc = SSL_AES128, | ||
| 1427 | .algorithm_mac = SSL_SHA1, | ||
| 1428 | .algorithm_ssl = SSL_TLSV1, | ||
| 1429 | .algo_strength = SSL_HIGH, | ||
| 1430 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1431 | .strength_bits = 128, | ||
| 1432 | .alg_bits = 128, | ||
| 1433 | }, | ||
| 1434 | |||
| 1435 | /* Cipher C014 */ | ||
| 1436 | { | ||
| 1437 | .valid = 1, | ||
| 1438 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
| 1439 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, | ||
| 1440 | .algorithm_mkey = SSL_kECDHE, | ||
| 1441 | .algorithm_auth = SSL_aRSA, | ||
| 1442 | .algorithm_enc = SSL_AES256, | ||
| 1443 | .algorithm_mac = SSL_SHA1, | ||
| 1444 | .algorithm_ssl = SSL_TLSV1, | ||
| 1445 | .algo_strength = SSL_HIGH, | ||
| 1446 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1447 | .strength_bits = 256, | ||
| 1448 | .alg_bits = 256, | ||
| 1449 | }, | ||
| 1450 | |||
| 1451 | /* Cipher C015 */ | ||
| 1452 | { | ||
| 1453 | .valid = 1, | ||
| 1454 | .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, | ||
| 1455 | .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, | ||
| 1456 | .algorithm_mkey = SSL_kECDHE, | ||
| 1457 | .algorithm_auth = SSL_aNULL, | ||
| 1458 | .algorithm_enc = SSL_eNULL, | ||
| 1459 | .algorithm_mac = SSL_SHA1, | ||
| 1460 | .algorithm_ssl = SSL_TLSV1, | ||
| 1461 | .algo_strength = SSL_STRONG_NONE, | ||
| 1462 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1463 | .strength_bits = 0, | ||
| 1464 | .alg_bits = 0, | ||
| 1465 | }, | ||
| 1466 | |||
| 1467 | /* Cipher C016 */ | ||
| 1468 | { | ||
| 1469 | .valid = 1, | ||
| 1470 | .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, | ||
| 1471 | .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, | ||
| 1472 | .algorithm_mkey = SSL_kECDHE, | ||
| 1473 | .algorithm_auth = SSL_aNULL, | ||
| 1474 | .algorithm_enc = SSL_RC4, | ||
| 1475 | .algorithm_mac = SSL_SHA1, | ||
| 1476 | .algorithm_ssl = SSL_TLSV1, | ||
| 1477 | .algo_strength = SSL_MEDIUM, | ||
| 1478 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1479 | .strength_bits = 128, | ||
| 1480 | .alg_bits = 128, | ||
| 1481 | }, | ||
| 1482 | |||
| 1483 | /* Cipher C017 */ | ||
| 1484 | { | ||
| 1485 | .valid = 1, | ||
| 1486 | .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
| 1487 | .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, | ||
| 1488 | .algorithm_mkey = SSL_kECDHE, | ||
| 1489 | .algorithm_auth = SSL_aNULL, | ||
| 1490 | .algorithm_enc = SSL_3DES, | ||
| 1491 | .algorithm_mac = SSL_SHA1, | ||
| 1492 | .algorithm_ssl = SSL_TLSV1, | ||
| 1493 | .algo_strength = SSL_HIGH, | ||
| 1494 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1495 | .strength_bits = 112, | ||
| 1496 | .alg_bits = 168, | ||
| 1497 | }, | ||
| 1498 | |||
| 1499 | /* Cipher C018 */ | ||
| 1500 | { | ||
| 1501 | .valid = 1, | ||
| 1502 | .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
| 1503 | .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, | ||
| 1504 | .algorithm_mkey = SSL_kECDHE, | ||
| 1505 | .algorithm_auth = SSL_aNULL, | ||
| 1506 | .algorithm_enc = SSL_AES128, | ||
| 1507 | .algorithm_mac = SSL_SHA1, | ||
| 1508 | .algorithm_ssl = SSL_TLSV1, | ||
| 1509 | .algo_strength = SSL_HIGH, | ||
| 1510 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1511 | .strength_bits = 128, | ||
| 1512 | .alg_bits = 128, | ||
| 1513 | }, | ||
| 1514 | |||
| 1515 | /* Cipher C019 */ | ||
| 1516 | { | ||
| 1517 | .valid = 1, | ||
| 1518 | .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
| 1519 | .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, | ||
| 1520 | .algorithm_mkey = SSL_kECDHE, | ||
| 1521 | .algorithm_auth = SSL_aNULL, | ||
| 1522 | .algorithm_enc = SSL_AES256, | ||
| 1523 | .algorithm_mac = SSL_SHA1, | ||
| 1524 | .algorithm_ssl = SSL_TLSV1, | ||
| 1525 | .algo_strength = SSL_HIGH, | ||
| 1526 | .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, | ||
| 1527 | .strength_bits = 256, | ||
| 1528 | .alg_bits = 256, | ||
| 1529 | }, | ||
| 1530 | |||
| 1531 | |||
| 1532 | /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ | ||
| 1533 | |||
| 1534 | /* Cipher C023 */ | ||
| 1535 | { | ||
| 1536 | .valid = 1, | ||
| 1537 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, | ||
| 1538 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, | ||
| 1539 | .algorithm_mkey = SSL_kECDHE, | ||
| 1540 | .algorithm_auth = SSL_aECDSA, | ||
| 1541 | .algorithm_enc = SSL_AES128, | ||
| 1542 | .algorithm_mac = SSL_SHA256, | ||
| 1543 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1544 | .algo_strength = SSL_HIGH, | ||
| 1545 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1546 | .strength_bits = 128, | ||
| 1547 | .alg_bits = 128, | ||
| 1548 | }, | ||
| 1549 | |||
| 1550 | /* Cipher C024 */ | ||
| 1551 | { | ||
| 1552 | .valid = 1, | ||
| 1553 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, | ||
| 1554 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, | ||
| 1555 | .algorithm_mkey = SSL_kECDHE, | ||
| 1556 | .algorithm_auth = SSL_aECDSA, | ||
| 1557 | .algorithm_enc = SSL_AES256, | ||
| 1558 | .algorithm_mac = SSL_SHA384, | ||
| 1559 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1560 | .algo_strength = SSL_HIGH, | ||
| 1561 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | ||
| 1562 | .strength_bits = 256, | ||
| 1563 | .alg_bits = 256, | ||
| 1564 | }, | ||
| 1565 | |||
| 1566 | /* Cipher C025 */ | ||
| 1567 | { | ||
| 1568 | .valid = 1, | ||
| 1569 | .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256, | ||
| 1570 | .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256, | ||
| 1571 | .algorithm_mkey = SSL_kECDHe, | ||
| 1572 | .algorithm_auth = SSL_aECDH, | ||
| 1573 | .algorithm_enc = SSL_AES128, | ||
| 1574 | .algorithm_mac = SSL_SHA256, | ||
| 1575 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1576 | .algo_strength = SSL_HIGH, | ||
| 1577 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1578 | .strength_bits = 128, | ||
| 1579 | .alg_bits = 128, | ||
| 1580 | }, | ||
| 1581 | |||
| 1582 | /* Cipher C026 */ | ||
| 1583 | { | ||
| 1584 | .valid = 1, | ||
| 1585 | .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384, | ||
| 1586 | .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384, | ||
| 1587 | .algorithm_mkey = SSL_kECDHe, | ||
| 1588 | .algorithm_auth = SSL_aECDH, | ||
| 1589 | .algorithm_enc = SSL_AES256, | ||
| 1590 | .algorithm_mac = SSL_SHA384, | ||
| 1591 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1592 | .algo_strength = SSL_HIGH, | ||
| 1593 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | ||
| 1594 | .strength_bits = 256, | ||
| 1595 | .alg_bits = 256, | ||
| 1596 | }, | ||
| 1597 | |||
| 1598 | /* Cipher C027 */ | ||
| 1599 | { | ||
| 1600 | .valid = 1, | ||
| 1601 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, | ||
| 1602 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, | ||
| 1603 | .algorithm_mkey = SSL_kECDHE, | ||
| 1604 | .algorithm_auth = SSL_aRSA, | ||
| 1605 | .algorithm_enc = SSL_AES128, | ||
| 1606 | .algorithm_mac = SSL_SHA256, | ||
| 1607 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1608 | .algo_strength = SSL_HIGH, | ||
| 1609 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1610 | .strength_bits = 128, | ||
| 1611 | .alg_bits = 128, | ||
| 1612 | }, | ||
| 1613 | |||
| 1614 | /* Cipher C028 */ | ||
| 1615 | { | ||
| 1616 | .valid = 1, | ||
| 1617 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, | ||
| 1618 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, | ||
| 1619 | .algorithm_mkey = SSL_kECDHE, | ||
| 1620 | .algorithm_auth = SSL_aRSA, | ||
| 1621 | .algorithm_enc = SSL_AES256, | ||
| 1622 | .algorithm_mac = SSL_SHA384, | ||
| 1623 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1624 | .algo_strength = SSL_HIGH, | ||
| 1625 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | ||
| 1626 | .strength_bits = 256, | ||
| 1627 | .alg_bits = 256, | ||
| 1628 | }, | ||
| 1629 | |||
| 1630 | /* Cipher C029 */ | ||
| 1631 | { | ||
| 1632 | .valid = 1, | ||
| 1633 | .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256, | ||
| 1634 | .id = TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256, | ||
| 1635 | .algorithm_mkey = SSL_kECDHr, | ||
| 1636 | .algorithm_auth = SSL_aECDH, | ||
| 1637 | .algorithm_enc = SSL_AES128, | ||
| 1638 | .algorithm_mac = SSL_SHA256, | ||
| 1639 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1640 | .algo_strength = SSL_HIGH, | ||
| 1641 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, | ||
| 1642 | .strength_bits = 128, | ||
| 1643 | .alg_bits = 128, | ||
| 1644 | }, | ||
| 1645 | |||
| 1646 | /* Cipher C02A */ | ||
| 1647 | { | ||
| 1648 | .valid = 1, | ||
| 1649 | .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384, | ||
| 1650 | .id = TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384, | ||
| 1651 | .algorithm_mkey = SSL_kECDHr, | ||
| 1652 | .algorithm_auth = SSL_aECDH, | ||
| 1653 | .algorithm_enc = SSL_AES256, | ||
| 1654 | .algorithm_mac = SSL_SHA384, | ||
| 1655 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1656 | .algo_strength = SSL_HIGH, | ||
| 1657 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, | ||
| 1658 | .strength_bits = 256, | ||
| 1659 | .alg_bits = 256, | ||
| 1660 | }, | ||
| 1661 | |||
| 1662 | /* GCM based TLS v1.2 ciphersuites from RFC5289 */ | ||
| 1663 | |||
| 1664 | /* Cipher C02B */ | ||
| 1665 | { | ||
| 1666 | .valid = 1, | ||
| 1667 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | ||
| 1668 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | ||
| 1669 | .algorithm_mkey = SSL_kECDHE, | ||
| 1670 | .algorithm_auth = SSL_aECDSA, | ||
| 1671 | .algorithm_enc = SSL_AES128GCM, | ||
| 1672 | .algorithm_mac = SSL_AEAD, | ||
| 1673 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1674 | .algo_strength = SSL_HIGH, | ||
| 1675 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 1676 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1677 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1678 | .strength_bits = 128, | ||
| 1679 | .alg_bits = 128, | ||
| 1680 | }, | ||
| 1681 | |||
| 1682 | /* Cipher C02C */ | ||
| 1683 | { | ||
| 1684 | .valid = 1, | ||
| 1685 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | ||
| 1686 | .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | ||
| 1687 | .algorithm_mkey = SSL_kECDHE, | ||
| 1688 | .algorithm_auth = SSL_aECDSA, | ||
| 1689 | .algorithm_enc = SSL_AES256GCM, | ||
| 1690 | .algorithm_mac = SSL_AEAD, | ||
| 1691 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1692 | .algo_strength = SSL_HIGH, | ||
| 1693 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 1694 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1695 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1696 | .strength_bits = 256, | ||
| 1697 | .alg_bits = 256, | ||
| 1698 | }, | ||
| 1699 | |||
| 1700 | /* Cipher C02D */ | ||
| 1701 | { | ||
| 1702 | .valid = 1, | ||
| 1703 | .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, | ||
| 1704 | .id = TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, | ||
| 1705 | .algorithm_mkey = SSL_kECDHe, | ||
| 1706 | .algorithm_auth = SSL_aECDH, | ||
| 1707 | .algorithm_enc = SSL_AES128GCM, | ||
| 1708 | .algorithm_mac = SSL_AEAD, | ||
| 1709 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1710 | .algo_strength = SSL_HIGH, | ||
| 1711 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 1712 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1713 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1714 | .strength_bits = 128, | ||
| 1715 | .alg_bits = 128, | ||
| 1716 | }, | ||
| 1717 | |||
| 1718 | /* Cipher C02E */ | ||
| 1719 | { | ||
| 1720 | .valid = 1, | ||
| 1721 | .name = TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, | ||
| 1722 | .id = TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, | ||
| 1723 | .algorithm_mkey = SSL_kECDHe, | ||
| 1724 | .algorithm_auth = SSL_aECDH, | ||
| 1725 | .algorithm_enc = SSL_AES256GCM, | ||
| 1726 | .algorithm_mac = SSL_AEAD, | ||
| 1727 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1728 | .algo_strength = SSL_HIGH, | ||
| 1729 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 1730 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1731 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1732 | .strength_bits = 256, | ||
| 1733 | .alg_bits = 256, | ||
| 1734 | }, | ||
| 1735 | |||
| 1736 | /* Cipher C02F */ | ||
| 1737 | { | ||
| 1738 | .valid = 1, | ||
| 1739 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | ||
| 1740 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | ||
| 1741 | .algorithm_mkey = SSL_kECDHE, | ||
| 1742 | .algorithm_auth = SSL_aRSA, | ||
| 1743 | .algorithm_enc = SSL_AES128GCM, | ||
| 1744 | .algorithm_mac = SSL_AEAD, | ||
| 1745 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1746 | .algo_strength = SSL_HIGH, | ||
| 1747 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 1748 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1749 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1750 | .strength_bits = 128, | ||
| 1751 | .alg_bits = 128, | ||
| 1752 | }, | ||
| 1753 | |||
| 1754 | /* Cipher C030 */ | ||
| 1755 | { | ||
| 1756 | .valid = 1, | ||
| 1757 | .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | ||
| 1758 | .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | ||
| 1759 | .algorithm_mkey = SSL_kECDHE, | ||
| 1760 | .algorithm_auth = SSL_aRSA, | ||
| 1761 | .algorithm_enc = SSL_AES256GCM, | ||
| 1762 | .algorithm_mac = SSL_AEAD, | ||
| 1763 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1764 | .algo_strength = SSL_HIGH, | ||
| 1765 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 1766 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1767 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1768 | .strength_bits = 256, | ||
| 1769 | .alg_bits = 256, | ||
| 1770 | }, | ||
| 1771 | |||
| 1772 | /* Cipher C031 */ | ||
| 1773 | { | ||
| 1774 | .valid = 1, | ||
| 1775 | .name = TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256, | ||
| 1776 | .id = TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256, | ||
| 1777 | .algorithm_mkey = SSL_kECDHr, | ||
| 1778 | .algorithm_auth = SSL_aECDH, | ||
| 1779 | .algorithm_enc = SSL_AES128GCM, | ||
| 1780 | .algorithm_mac = SSL_AEAD, | ||
| 1781 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1782 | .algo_strength = SSL_HIGH, | ||
| 1783 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 1784 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1785 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1786 | .strength_bits = 128, | ||
| 1787 | .alg_bits = 128, | ||
| 1788 | }, | ||
| 1789 | |||
| 1790 | /* Cipher C032 */ | ||
| 1791 | { | ||
| 1792 | .valid = 1, | ||
| 1793 | .name = TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384, | ||
| 1794 | .id = TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384, | ||
| 1795 | .algorithm_mkey = SSL_kECDHr, | ||
| 1796 | .algorithm_auth = SSL_aECDH, | ||
| 1797 | .algorithm_enc = SSL_AES256GCM, | ||
| 1798 | .algorithm_mac = SSL_AEAD, | ||
| 1799 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1800 | .algo_strength = SSL_HIGH, | ||
| 1801 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| | ||
| 1802 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(4)| | ||
| 1803 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, | ||
| 1804 | .strength_bits = 256, | ||
| 1805 | .alg_bits = 256, | ||
| 1806 | }, | ||
| 1807 | |||
| 1808 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | ||
| 1809 | /* Cipher CC13 */ | ||
| 1810 | { | ||
| 1811 | .valid = 1, | ||
| 1812 | .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, | ||
| 1813 | .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, | ||
| 1814 | .algorithm_mkey = SSL_kECDHE, | ||
| 1815 | .algorithm_auth = SSL_aRSA, | ||
| 1816 | .algorithm_enc = SSL_CHACHA20POLY1305, | ||
| 1817 | .algorithm_mac = SSL_AEAD, | ||
| 1818 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1819 | .algo_strength = SSL_HIGH, | ||
| 1820 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 1821 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), | ||
| 1822 | .strength_bits = 256, | ||
| 1823 | .alg_bits = 0, | ||
| 1824 | }, | ||
| 1825 | |||
| 1826 | /* Cipher CC14 */ | ||
| 1827 | { | ||
| 1828 | .valid = 1, | ||
| 1829 | .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, | ||
| 1830 | .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, | ||
| 1831 | .algorithm_mkey = SSL_kECDHE, | ||
| 1832 | .algorithm_auth = SSL_aECDSA, | ||
| 1833 | .algorithm_enc = SSL_CHACHA20POLY1305, | ||
| 1834 | .algorithm_mac = SSL_AEAD, | ||
| 1835 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1836 | .algo_strength = SSL_HIGH, | ||
| 1837 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 1838 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), | ||
| 1839 | .strength_bits = 256, | ||
| 1840 | .alg_bits = 0, | ||
| 1841 | }, | ||
| 1842 | |||
| 1843 | /* Cipher CC15 */ | ||
| 1844 | { | ||
| 1845 | .valid = 1, | ||
| 1846 | .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, | ||
| 1847 | .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, | ||
| 1848 | .algorithm_mkey = SSL_kDHE, | ||
| 1849 | .algorithm_auth = SSL_aRSA, | ||
| 1850 | .algorithm_enc = SSL_CHACHA20POLY1305, | ||
| 1851 | .algorithm_mac = SSL_AEAD, | ||
| 1852 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 1853 | .algo_strength = SSL_HIGH, | ||
| 1854 | .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| | ||
| 1855 | SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), | ||
| 1856 | .strength_bits = 256, | ||
| 1857 | .alg_bits = 0, | ||
| 1858 | }, | ||
| 1859 | #endif | ||
| 1860 | |||
| 1861 | /* Cipher FF85 FIXME IANA */ | ||
| 1862 | { | ||
| 1863 | .valid = 1, | ||
| 1864 | .name = "GOST2012256-GOST89-GOST89", | ||
| 1865 | .id = 0x300ff85, /* FIXME IANA */ | ||
| 1866 | .algorithm_mkey = SSL_kGOST, | ||
| 1867 | .algorithm_auth = SSL_aGOST01, | ||
| 1868 | .algorithm_enc = SSL_eGOST2814789CNT, | ||
| 1869 | .algorithm_mac = SSL_GOST89MAC, | ||
| 1870 | .algorithm_ssl = SSL_TLSV1, | ||
| 1871 | .algo_strength = SSL_HIGH, | ||
| 1872 | .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| | ||
| 1873 | TLS1_STREAM_MAC, | ||
| 1874 | .strength_bits = 256, | ||
| 1875 | .alg_bits = 256 | ||
| 1876 | }, | ||
| 1877 | |||
| 1878 | /* Cipher FF87 FIXME IANA */ | ||
| 1879 | { | ||
| 1880 | .valid = 1, | ||
| 1881 | .name = "GOST2012256-NULL-STREEBOG256", | ||
| 1882 | .id = 0x300ff87, /* FIXME IANA */ | ||
| 1883 | .algorithm_mkey = SSL_kGOST, | ||
| 1884 | .algorithm_auth = SSL_aGOST01, | ||
| 1885 | .algorithm_enc = SSL_eNULL, | ||
| 1886 | .algorithm_mac = SSL_STREEBOG256, | ||
| 1887 | .algorithm_ssl = SSL_TLSV1, | ||
| 1888 | .algo_strength = SSL_STRONG_NONE, | ||
| 1889 | .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, | ||
| 1890 | .strength_bits = 0, | ||
| 1891 | .alg_bits = 0 | ||
| 1892 | }, | ||
| 1893 | |||
| 1894 | |||
| 1895 | /* end of list */ | ||
| 1896 | }; | ||
| 1897 | |||
| 1898 | SSL3_ENC_METHOD SSLv3_enc_data = { | ||
| 1899 | .enc = ssl3_enc, | ||
| 1900 | .mac = n_ssl3_mac, | ||
| 1901 | .setup_key_block = ssl3_setup_key_block, | ||
| 1902 | .generate_master_secret = ssl3_generate_master_secret, | ||
| 1903 | .change_cipher_state = ssl3_change_cipher_state, | ||
| 1904 | .final_finish_mac = ssl3_final_finish_mac, | ||
| 1905 | .finish_mac_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, | ||
| 1906 | .cert_verify_mac = ssl3_cert_verify_mac, | ||
| 1907 | .client_finished_label = SSL3_MD_CLIENT_FINISHED_CONST, | ||
| 1908 | .client_finished_label_len = 4, | ||
| 1909 | .server_finished_label = SSL3_MD_SERVER_FINISHED_CONST, | ||
| 1910 | .server_finished_label_len = 4, | ||
| 1911 | .alert_value = ssl3_alert_code, | ||
| 1912 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, | ||
| 1913 | const char *, size_t, const unsigned char *, size_t, | ||
| 1914 | int use_context))ssl_undefined_function, | ||
| 1915 | .enc_flags = 0, | ||
| 1916 | }; | ||
| 1917 | |||
| 1918 | long | ||
| 1919 | ssl3_default_timeout(void) | ||
| 1920 | { | ||
| 1921 | /* | ||
| 1922 | * 2 hours, the 24 hours mentioned in the SSLv3 spec | ||
| 1923 | * is way too long for http, the cache would over fill | ||
| 1924 | */ | ||
| 1925 | return (60 * 60 * 2); | ||
| 1926 | } | ||
| 1927 | |||
| 1928 | int | ||
| 1929 | ssl3_num_ciphers(void) | ||
| 1930 | { | ||
| 1931 | return (SSL3_NUM_CIPHERS); | ||
| 1932 | } | ||
| 1933 | |||
| 1934 | const SSL_CIPHER * | ||
| 1935 | ssl3_get_cipher(unsigned int u) | ||
| 1936 | { | ||
| 1937 | if (u < SSL3_NUM_CIPHERS) | ||
| 1938 | return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); | ||
| 1939 | else | ||
| 1940 | return (NULL); | ||
| 1941 | } | ||
| 1942 | |||
| 1943 | const SSL_CIPHER * | ||
| 1944 | ssl3_get_cipher_by_id(unsigned int id) | ||
| 1945 | { | ||
| 1946 | const SSL_CIPHER *cp; | ||
| 1947 | SSL_CIPHER c; | ||
| 1948 | |||
| 1949 | c.id = id; | ||
| 1950 | cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); | ||
| 1951 | if (cp != NULL && cp->valid == 1) | ||
| 1952 | return (cp); | ||
| 1953 | |||
| 1954 | return (NULL); | ||
| 1955 | } | ||
| 1956 | |||
| 1957 | const SSL_CIPHER * | ||
| 1958 | ssl3_get_cipher_by_value(uint16_t value) | ||
| 1959 | { | ||
| 1960 | return ssl3_get_cipher_by_id(SSL3_CK_ID | value); | ||
| 1961 | } | ||
| 1962 | |||
| 1963 | uint16_t | ||
| 1964 | ssl3_cipher_get_value(const SSL_CIPHER *c) | ||
| 1965 | { | ||
| 1966 | return (c->id & SSL3_CK_VALUE_MASK); | ||
| 1967 | } | ||
| 1968 | |||
| 1969 | int | ||
| 1970 | ssl3_pending(const SSL *s) | ||
| 1971 | { | ||
| 1972 | if (s->rstate == SSL_ST_READ_BODY) | ||
| 1973 | return 0; | ||
| 1974 | |||
| 1975 | return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? | ||
| 1976 | s->s3->rrec.length : 0; | ||
| 1977 | } | ||
| 1978 | |||
| 1979 | unsigned char * | ||
| 1980 | ssl3_handshake_msg_start(SSL *s, uint8_t msg_type) | ||
| 1981 | { | ||
| 1982 | unsigned char *d, *p; | ||
| 1983 | int hdr_len; | ||
| 1984 | |||
| 1985 | d = p = (unsigned char *)s->init_buf->data; | ||
| 1986 | |||
| 1987 | hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : | ||
| 1988 | SSL3_HM_HEADER_LENGTH; | ||
| 1989 | |||
| 1990 | /* Handshake message type and length. */ | ||
| 1991 | *(p++) = msg_type; | ||
| 1992 | l2n3(0, p); | ||
| 1993 | |||
| 1994 | return (d + hdr_len); | ||
| 1995 | } | ||
| 1996 | |||
| 1997 | void | ||
| 1998 | ssl3_handshake_msg_finish(SSL *s, unsigned int len) | ||
| 1999 | { | ||
| 2000 | unsigned char *d, *p; | ||
| 2001 | uint8_t msg_type; | ||
| 2002 | int hdr_len; | ||
| 2003 | |||
| 2004 | d = p = (unsigned char *)s->init_buf->data; | ||
| 2005 | |||
| 2006 | hdr_len = SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : | ||
| 2007 | SSL3_HM_HEADER_LENGTH; | ||
| 2008 | |||
| 2009 | /* Handshake message length. */ | ||
| 2010 | msg_type = *(p++); | ||
| 2011 | l2n3(len, p); | ||
| 2012 | |||
| 2013 | s->init_num = hdr_len + (int)len; | ||
| 2014 | s->init_off = 0; | ||
| 2015 | |||
| 2016 | if (SSL_IS_DTLS(s)) { | ||
| 2017 | dtls1_set_message_header(s, d, msg_type, len, 0, len); | ||
| 2018 | dtls1_buffer_message(s, 0); | ||
| 2019 | } | ||
| 2020 | } | ||
| 2021 | |||
| 2022 | int | ||
| 2023 | ssl3_handshake_write(SSL *s) | ||
| 2024 | { | ||
| 2025 | if (SSL_IS_DTLS(s)) | ||
| 2026 | return dtls1_do_write(s, SSL3_RT_HANDSHAKE); | ||
| 2027 | |||
| 2028 | return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | ||
| 2029 | } | ||
| 2030 | |||
| 2031 | int | ||
| 2032 | ssl3_new(SSL *s) | ||
| 2033 | { | ||
| 2034 | SSL3_STATE *s3; | ||
| 2035 | |||
| 2036 | if ((s3 = calloc(1, sizeof *s3)) == NULL) | ||
| 2037 | goto err; | ||
| 2038 | memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); | ||
| 2039 | memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); | ||
| 2040 | |||
| 2041 | s->s3 = s3; | ||
| 2042 | |||
| 2043 | s->method->ssl_clear(s); | ||
| 2044 | return (1); | ||
| 2045 | err: | ||
| 2046 | return (0); | ||
| 2047 | } | ||
| 2048 | |||
| 2049 | void | ||
| 2050 | ssl3_free(SSL *s) | ||
| 2051 | { | ||
| 2052 | if (s == NULL) | ||
| 2053 | return; | ||
| 2054 | |||
| 2055 | ssl3_cleanup_key_block(s); | ||
| 2056 | ssl3_release_read_buffer(s); | ||
| 2057 | ssl3_release_write_buffer(s); | ||
| 2058 | |||
| 2059 | DH_free(s->s3->tmp.dh); | ||
| 2060 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 2061 | |||
| 2062 | if (s->s3->tmp.ca_names != NULL) | ||
| 2063 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); | ||
| 2064 | BIO_free(s->s3->handshake_buffer); | ||
| 2065 | ssl3_free_digest_list(s); | ||
| 2066 | free(s->s3->alpn_selected); | ||
| 2067 | |||
| 2068 | OPENSSL_cleanse(s->s3, sizeof *s->s3); | ||
| 2069 | free(s->s3); | ||
| 2070 | s->s3 = NULL; | ||
| 2071 | } | ||
| 2072 | |||
| 2073 | void | ||
| 2074 | ssl3_clear(SSL *s) | ||
| 2075 | { | ||
| 2076 | unsigned char *rp, *wp; | ||
| 2077 | size_t rlen, wlen; | ||
| 2078 | int init_extra; | ||
| 2079 | |||
| 2080 | ssl3_cleanup_key_block(s); | ||
| 2081 | if (s->s3->tmp.ca_names != NULL) | ||
| 2082 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); | ||
| 2083 | |||
| 2084 | DH_free(s->s3->tmp.dh); | ||
| 2085 | s->s3->tmp.dh = NULL; | ||
| 2086 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 2087 | s->s3->tmp.ecdh = NULL; | ||
| 2088 | |||
| 2089 | s->s3->is_probably_safari = 0; | ||
| 2090 | |||
| 2091 | rp = s->s3->rbuf.buf; | ||
| 2092 | wp = s->s3->wbuf.buf; | ||
| 2093 | rlen = s->s3->rbuf.len; | ||
| 2094 | wlen = s->s3->wbuf.len; | ||
| 2095 | init_extra = s->s3->init_extra; | ||
| 2096 | |||
| 2097 | BIO_free(s->s3->handshake_buffer); | ||
| 2098 | s->s3->handshake_buffer = NULL; | ||
| 2099 | |||
| 2100 | ssl3_free_digest_list(s); | ||
| 2101 | |||
| 2102 | free(s->s3->alpn_selected); | ||
| 2103 | s->s3->alpn_selected = NULL; | ||
| 2104 | |||
| 2105 | memset(s->s3, 0, sizeof *s->s3); | ||
| 2106 | s->s3->rbuf.buf = rp; | ||
| 2107 | s->s3->wbuf.buf = wp; | ||
| 2108 | s->s3->rbuf.len = rlen; | ||
| 2109 | s->s3->wbuf.len = wlen; | ||
| 2110 | s->s3->init_extra = init_extra; | ||
| 2111 | |||
| 2112 | ssl_free_wbio_buffer(s); | ||
| 2113 | |||
| 2114 | s->packet_length = 0; | ||
| 2115 | s->s3->renegotiate = 0; | ||
| 2116 | s->s3->total_renegotiations = 0; | ||
| 2117 | s->s3->num_renegotiations = 0; | ||
| 2118 | s->s3->in_read_app_data = 0; | ||
| 2119 | s->version = SSL3_VERSION; | ||
| 2120 | |||
| 2121 | free(s->next_proto_negotiated); | ||
| 2122 | s->next_proto_negotiated = NULL; | ||
| 2123 | s->next_proto_negotiated_len = 0; | ||
| 2124 | } | ||
| 2125 | |||
| 2126 | |||
| 2127 | long | ||
| 2128 | ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | ||
| 2129 | { | ||
| 2130 | int ret = 0; | ||
| 2131 | |||
| 2132 | if (cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB) { | ||
| 2133 | if (!ssl_cert_inst(&s->cert)) { | ||
| 2134 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2135 | ERR_R_MALLOC_FAILURE); | ||
| 2136 | return (0); | ||
| 2137 | } | ||
| 2138 | } | ||
| 2139 | |||
| 2140 | switch (cmd) { | ||
| 2141 | case SSL_CTRL_GET_SESSION_REUSED: | ||
| 2142 | ret = s->hit; | ||
| 2143 | break; | ||
| 2144 | case SSL_CTRL_GET_CLIENT_CERT_REQUEST: | ||
| 2145 | break; | ||
| 2146 | case SSL_CTRL_GET_NUM_RENEGOTIATIONS: | ||
| 2147 | ret = s->s3->num_renegotiations; | ||
| 2148 | break; | ||
| 2149 | case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: | ||
| 2150 | ret = s->s3->num_renegotiations; | ||
| 2151 | s->s3->num_renegotiations = 0; | ||
| 2152 | break; | ||
| 2153 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | ||
| 2154 | ret = s->s3->total_renegotiations; | ||
| 2155 | break; | ||
| 2156 | case SSL_CTRL_GET_FLAGS: | ||
| 2157 | ret = (int)(s->s3->flags); | ||
| 2158 | break; | ||
| 2159 | case SSL_CTRL_NEED_TMP_RSA: | ||
| 2160 | ret = 0; | ||
| 2161 | break; | ||
| 2162 | case SSL_CTRL_SET_TMP_RSA: | ||
| 2163 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 2164 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2165 | break; | ||
| 2166 | case SSL_CTRL_SET_TMP_DH: | ||
| 2167 | { | ||
| 2168 | DH *dh = (DH *)parg; | ||
| 2169 | if (dh == NULL) { | ||
| 2170 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2171 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 2172 | return (ret); | ||
| 2173 | } | ||
| 2174 | if ((dh = DHparams_dup(dh)) == NULL) { | ||
| 2175 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2176 | ERR_R_DH_LIB); | ||
| 2177 | return (ret); | ||
| 2178 | } | ||
| 2179 | if (!(s->options & SSL_OP_SINGLE_DH_USE)) { | ||
| 2180 | if (!DH_generate_key(dh)) { | ||
| 2181 | DH_free(dh); | ||
| 2182 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2183 | ERR_R_DH_LIB); | ||
| 2184 | return (ret); | ||
| 2185 | } | ||
| 2186 | } | ||
| 2187 | DH_free(s->cert->dh_tmp); | ||
| 2188 | s->cert->dh_tmp = dh; | ||
| 2189 | ret = 1; | ||
| 2190 | } | ||
| 2191 | break; | ||
| 2192 | |||
| 2193 | case SSL_CTRL_SET_TMP_DH_CB: | ||
| 2194 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2195 | return (ret); | ||
| 2196 | |||
| 2197 | case SSL_CTRL_SET_DH_AUTO: | ||
| 2198 | s->cert->dh_tmp_auto = larg; | ||
| 2199 | return 1; | ||
| 2200 | |||
| 2201 | case SSL_CTRL_SET_TMP_ECDH: | ||
| 2202 | { | ||
| 2203 | EC_KEY *ecdh = NULL; | ||
| 2204 | |||
| 2205 | if (parg == NULL) { | ||
| 2206 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2207 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 2208 | return (ret); | ||
| 2209 | } | ||
| 2210 | if (!EC_KEY_up_ref((EC_KEY *)parg)) { | ||
| 2211 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2212 | ERR_R_ECDH_LIB); | ||
| 2213 | return (ret); | ||
| 2214 | } | ||
| 2215 | ecdh = (EC_KEY *)parg; | ||
| 2216 | if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 2217 | if (!EC_KEY_generate_key(ecdh)) { | ||
| 2218 | EC_KEY_free(ecdh); | ||
| 2219 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2220 | ERR_R_ECDH_LIB); | ||
| 2221 | return (ret); | ||
| 2222 | } | ||
| 2223 | } | ||
| 2224 | EC_KEY_free(s->cert->ecdh_tmp); | ||
| 2225 | s->cert->ecdh_tmp = ecdh; | ||
| 2226 | ret = 1; | ||
| 2227 | } | ||
| 2228 | break; | ||
| 2229 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2230 | { | ||
| 2231 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2232 | ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2233 | return (ret); | ||
| 2234 | } | ||
| 2235 | break; | ||
| 2236 | case SSL_CTRL_SET_TLSEXT_HOSTNAME: | ||
| 2237 | if (larg == TLSEXT_NAMETYPE_host_name) { | ||
| 2238 | free(s->tlsext_hostname); | ||
| 2239 | s->tlsext_hostname = NULL; | ||
| 2240 | |||
| 2241 | ret = 1; | ||
| 2242 | if (parg == NULL) | ||
| 2243 | break; | ||
| 2244 | if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { | ||
| 2245 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2246 | SSL_R_SSL3_EXT_INVALID_SERVERNAME); | ||
| 2247 | return 0; | ||
| 2248 | } | ||
| 2249 | if ((s->tlsext_hostname = strdup((char *)parg)) | ||
| 2250 | == NULL) { | ||
| 2251 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2252 | ERR_R_INTERNAL_ERROR); | ||
| 2253 | return 0; | ||
| 2254 | } | ||
| 2255 | } else { | ||
| 2256 | SSLerr(SSL_F_SSL3_CTRL, | ||
| 2257 | SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); | ||
| 2258 | return 0; | ||
| 2259 | } | ||
| 2260 | break; | ||
| 2261 | case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: | ||
| 2262 | s->tlsext_debug_arg = parg; | ||
| 2263 | ret = 1; | ||
| 2264 | break; | ||
| 2265 | |||
| 2266 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: | ||
| 2267 | s->tlsext_status_type = larg; | ||
| 2268 | ret = 1; | ||
| 2269 | break; | ||
| 2270 | |||
| 2271 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: | ||
| 2272 | *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts; | ||
| 2273 | ret = 1; | ||
| 2274 | break; | ||
| 2275 | |||
| 2276 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: | ||
| 2277 | s->tlsext_ocsp_exts = parg; | ||
| 2278 | ret = 1; | ||
| 2279 | break; | ||
| 2280 | |||
| 2281 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: | ||
| 2282 | *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids; | ||
| 2283 | ret = 1; | ||
| 2284 | break; | ||
| 2285 | |||
| 2286 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: | ||
| 2287 | s->tlsext_ocsp_ids = parg; | ||
| 2288 | ret = 1; | ||
| 2289 | break; | ||
| 2290 | |||
| 2291 | case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
| 2292 | *(unsigned char **)parg = s->tlsext_ocsp_resp; | ||
| 2293 | return s->tlsext_ocsp_resplen; | ||
| 2294 | |||
| 2295 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: | ||
| 2296 | free(s->tlsext_ocsp_resp); | ||
| 2297 | s->tlsext_ocsp_resp = parg; | ||
| 2298 | s->tlsext_ocsp_resplen = larg; | ||
| 2299 | ret = 1; | ||
| 2300 | break; | ||
| 2301 | |||
| 2302 | case SSL_CTRL_SET_ECDH_AUTO: | ||
| 2303 | s->cert->ecdh_tmp_auto = larg; | ||
| 2304 | ret = 1; | ||
| 2305 | break; | ||
| 2306 | |||
| 2307 | default: | ||
| 2308 | break; | ||
| 2309 | } | ||
| 2310 | return (ret); | ||
| 2311 | } | ||
| 2312 | |||
| 2313 | long | ||
| 2314 | ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | ||
| 2315 | { | ||
| 2316 | int ret = 0; | ||
| 2317 | |||
| 2318 | if (cmd == SSL_CTRL_SET_TMP_DH_CB) { | ||
| 2319 | if (!ssl_cert_inst(&s->cert)) { | ||
| 2320 | SSLerr(SSL_F_SSL3_CALLBACK_CTRL, | ||
| 2321 | ERR_R_MALLOC_FAILURE); | ||
| 2322 | return (0); | ||
| 2323 | } | ||
| 2324 | } | ||
| 2325 | |||
| 2326 | switch (cmd) { | ||
| 2327 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 2328 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2329 | break; | ||
| 2330 | case SSL_CTRL_SET_TMP_DH_CB: | ||
| 2331 | s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | ||
| 2332 | break; | ||
| 2333 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2334 | s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2335 | break; | ||
| 2336 | case SSL_CTRL_SET_TLSEXT_DEBUG_CB: | ||
| 2337 | s->tlsext_debug_cb = (void (*)(SSL *, int , int, | ||
| 2338 | unsigned char *, int, void *))fp; | ||
| 2339 | break; | ||
| 2340 | default: | ||
| 2341 | break; | ||
| 2342 | } | ||
| 2343 | return (ret); | ||
| 2344 | } | ||
| 2345 | |||
| 2346 | long | ||
| 2347 | ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | ||
| 2348 | { | ||
| 2349 | CERT *cert; | ||
| 2350 | |||
| 2351 | cert = ctx->cert; | ||
| 2352 | |||
| 2353 | switch (cmd) { | ||
| 2354 | case SSL_CTRL_NEED_TMP_RSA: | ||
| 2355 | return (0); | ||
| 2356 | case SSL_CTRL_SET_TMP_RSA: | ||
| 2357 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 2358 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2359 | return (0); | ||
| 2360 | case SSL_CTRL_SET_TMP_DH: | ||
| 2361 | { | ||
| 2362 | DH *new = NULL, *dh; | ||
| 2363 | |||
| 2364 | dh = (DH *)parg; | ||
| 2365 | if ((new = DHparams_dup(dh)) == NULL) { | ||
| 2366 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
| 2367 | ERR_R_DH_LIB); | ||
| 2368 | return 0; | ||
| 2369 | } | ||
| 2370 | if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) { | ||
| 2371 | if (!DH_generate_key(new)) { | ||
| 2372 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
| 2373 | ERR_R_DH_LIB); | ||
| 2374 | DH_free(new); | ||
| 2375 | return 0; | ||
| 2376 | } | ||
| 2377 | } | ||
| 2378 | DH_free(cert->dh_tmp); | ||
| 2379 | cert->dh_tmp = new; | ||
| 2380 | return 1; | ||
| 2381 | } | ||
| 2382 | /*break; */ | ||
| 2383 | |||
| 2384 | case SSL_CTRL_SET_TMP_DH_CB: | ||
| 2385 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2386 | return (0); | ||
| 2387 | |||
| 2388 | case SSL_CTRL_SET_DH_AUTO: | ||
| 2389 | ctx->cert->dh_tmp_auto = larg; | ||
| 2390 | return (1); | ||
| 2391 | |||
| 2392 | case SSL_CTRL_SET_TMP_ECDH: | ||
| 2393 | { | ||
| 2394 | EC_KEY *ecdh = NULL; | ||
| 2395 | |||
| 2396 | if (parg == NULL) { | ||
| 2397 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
| 2398 | ERR_R_ECDH_LIB); | ||
| 2399 | return 0; | ||
| 2400 | } | ||
| 2401 | ecdh = EC_KEY_dup((EC_KEY *)parg); | ||
| 2402 | if (ecdh == NULL) { | ||
| 2403 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
| 2404 | ERR_R_EC_LIB); | ||
| 2405 | return 0; | ||
| 2406 | } | ||
| 2407 | if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 2408 | if (!EC_KEY_generate_key(ecdh)) { | ||
| 2409 | EC_KEY_free(ecdh); | ||
| 2410 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
| 2411 | ERR_R_ECDH_LIB); | ||
| 2412 | return 0; | ||
| 2413 | } | ||
| 2414 | } | ||
| 2415 | |||
| 2416 | EC_KEY_free(cert->ecdh_tmp); | ||
| 2417 | cert->ecdh_tmp = ecdh; | ||
| 2418 | return 1; | ||
| 2419 | } | ||
| 2420 | /* break; */ | ||
| 2421 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2422 | { | ||
| 2423 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
| 2424 | ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2425 | return (0); | ||
| 2426 | } | ||
| 2427 | break; | ||
| 2428 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: | ||
| 2429 | ctx->tlsext_servername_arg = parg; | ||
| 2430 | break; | ||
| 2431 | case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: | ||
| 2432 | case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: | ||
| 2433 | { | ||
| 2434 | unsigned char *keys = parg; | ||
| 2435 | if (!keys) | ||
| 2436 | return 48; | ||
| 2437 | if (larg != 48) { | ||
| 2438 | SSLerr(SSL_F_SSL3_CTX_CTRL, | ||
| 2439 | SSL_R_INVALID_TICKET_KEYS_LENGTH); | ||
| 2440 | return 0; | ||
| 2441 | } | ||
| 2442 | if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) { | ||
| 2443 | memcpy(ctx->tlsext_tick_key_name, keys, 16); | ||
| 2444 | memcpy(ctx->tlsext_tick_hmac_key, | ||
| 2445 | keys + 16, 16); | ||
| 2446 | memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16); | ||
| 2447 | } else { | ||
| 2448 | memcpy(keys, ctx->tlsext_tick_key_name, 16); | ||
| 2449 | memcpy(keys + 16, | ||
| 2450 | ctx->tlsext_tick_hmac_key, 16); | ||
| 2451 | memcpy(keys + 32, | ||
| 2452 | ctx->tlsext_tick_aes_key, 16); | ||
| 2453 | } | ||
| 2454 | return 1; | ||
| 2455 | } | ||
| 2456 | |||
| 2457 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: | ||
| 2458 | ctx->tlsext_status_arg = parg; | ||
| 2459 | return 1; | ||
| 2460 | break; | ||
| 2461 | |||
| 2462 | case SSL_CTRL_SET_ECDH_AUTO: | ||
| 2463 | ctx->cert->ecdh_tmp_auto = larg; | ||
| 2464 | return 1; | ||
| 2465 | |||
| 2466 | /* A Thawte special :-) */ | ||
| 2467 | case SSL_CTRL_EXTRA_CHAIN_CERT: | ||
| 2468 | if (ctx->extra_certs == NULL) { | ||
| 2469 | if ((ctx->extra_certs = sk_X509_new_null()) == NULL) | ||
| 2470 | return (0); | ||
| 2471 | } | ||
| 2472 | sk_X509_push(ctx->extra_certs,(X509 *)parg); | ||
| 2473 | break; | ||
| 2474 | |||
| 2475 | case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: | ||
| 2476 | *(STACK_OF(X509) **)parg = ctx->extra_certs; | ||
| 2477 | break; | ||
| 2478 | |||
| 2479 | case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: | ||
| 2480 | if (ctx->extra_certs) { | ||
| 2481 | sk_X509_pop_free(ctx->extra_certs, X509_free); | ||
| 2482 | ctx->extra_certs = NULL; | ||
| 2483 | } | ||
| 2484 | break; | ||
| 2485 | |||
| 2486 | default: | ||
| 2487 | return (0); | ||
| 2488 | } | ||
| 2489 | return (1); | ||
| 2490 | } | ||
| 2491 | |||
| 2492 | long | ||
| 2493 | ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | ||
| 2494 | { | ||
| 2495 | CERT *cert; | ||
| 2496 | |||
| 2497 | cert = ctx->cert; | ||
| 2498 | |||
| 2499 | switch (cmd) { | ||
| 2500 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 2501 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2502 | return (0); | ||
| 2503 | case SSL_CTRL_SET_TMP_DH_CB: | ||
| 2504 | cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | ||
| 2505 | break; | ||
| 2506 | case SSL_CTRL_SET_TMP_ECDH_CB: | ||
| 2507 | cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; | ||
| 2508 | break; | ||
| 2509 | case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: | ||
| 2510 | ctx->tlsext_servername_callback = | ||
| 2511 | (int (*)(SSL *, int *, void *))fp; | ||
| 2512 | break; | ||
| 2513 | |||
| 2514 | case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: | ||
| 2515 | ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; | ||
| 2516 | break; | ||
| 2517 | |||
| 2518 | case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: | ||
| 2519 | ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, | ||
| 2520 | unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; | ||
| 2521 | break; | ||
| 2522 | |||
| 2523 | default: | ||
| 2524 | return (0); | ||
| 2525 | } | ||
| 2526 | return (1); | ||
| 2527 | } | ||
| 2528 | |||
| 2529 | /* | ||
| 2530 | * This function needs to check if the ciphers required are actually available. | ||
| 2531 | */ | ||
| 2532 | const SSL_CIPHER * | ||
| 2533 | ssl3_get_cipher_by_char(const unsigned char *p) | ||
| 2534 | { | ||
| 2535 | uint16_t cipher_value; | ||
| 2536 | |||
| 2537 | n2s(p, cipher_value); | ||
| 2538 | return ssl3_get_cipher_by_value(cipher_value); | ||
| 2539 | } | ||
| 2540 | |||
| 2541 | int | ||
| 2542 | ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) | ||
| 2543 | { | ||
| 2544 | if (p != NULL) { | ||
| 2545 | if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) | ||
| 2546 | return (0); | ||
| 2547 | s2n(ssl3_cipher_get_value(c), p); | ||
| 2548 | } | ||
| 2549 | return (2); | ||
| 2550 | } | ||
| 2551 | |||
| 2552 | SSL_CIPHER * | ||
| 2553 | ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | ||
| 2554 | STACK_OF(SSL_CIPHER) *srvr) | ||
| 2555 | { | ||
| 2556 | unsigned long alg_k, alg_a, mask_k, mask_a; | ||
| 2557 | STACK_OF(SSL_CIPHER) *prio, *allow; | ||
| 2558 | SSL_CIPHER *c, *ret = NULL; | ||
| 2559 | int i, ii, ok; | ||
| 2560 | CERT *cert; | ||
| 2561 | |||
| 2562 | /* Let's see which ciphers we can support */ | ||
| 2563 | cert = s->cert; | ||
| 2564 | |||
| 2565 | /* | ||
| 2566 | * Do not set the compare functions, because this may lead to a | ||
| 2567 | * reordering by "id". We want to keep the original ordering. | ||
| 2568 | * We may pay a price in performance during sk_SSL_CIPHER_find(), | ||
| 2569 | * but would have to pay with the price of sk_SSL_CIPHER_dup(). | ||
| 2570 | */ | ||
| 2571 | |||
| 2572 | if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { | ||
| 2573 | prio = srvr; | ||
| 2574 | allow = clnt; | ||
| 2575 | } else { | ||
| 2576 | prio = clnt; | ||
| 2577 | allow = srvr; | ||
| 2578 | } | ||
| 2579 | |||
| 2580 | for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { | ||
| 2581 | c = sk_SSL_CIPHER_value(prio, i); | ||
| 2582 | |||
| 2583 | /* Skip TLS v1.2 only ciphersuites if not supported. */ | ||
| 2584 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | ||
| 2585 | !SSL_USE_TLS1_2_CIPHERS(s)) | ||
| 2586 | continue; | ||
| 2587 | |||
| 2588 | ssl_set_cert_masks(cert, c); | ||
| 2589 | mask_k = cert->mask_k; | ||
| 2590 | mask_a = cert->mask_a; | ||
| 2591 | |||
| 2592 | alg_k = c->algorithm_mkey; | ||
| 2593 | alg_a = c->algorithm_auth; | ||
| 2594 | |||
| 2595 | |||
| 2596 | ok = (alg_k & mask_k) && (alg_a & mask_a); | ||
| 2597 | |||
| 2598 | /* | ||
| 2599 | * If we are considering an ECC cipher suite that uses our | ||
| 2600 | * certificate check it. | ||
| 2601 | */ | ||
| 2602 | if (alg_a & (SSL_aECDSA|SSL_aECDH)) | ||
| 2603 | ok = ok && tls1_check_ec_server_key(s); | ||
| 2604 | /* | ||
| 2605 | * If we are considering an ECC cipher suite that uses | ||
| 2606 | * an ephemeral EC key check it. | ||
| 2607 | */ | ||
| 2608 | if (alg_k & SSL_kECDHE) | ||
| 2609 | ok = ok && tls1_check_ec_tmp_key(s); | ||
| 2610 | |||
| 2611 | if (!ok) | ||
| 2612 | continue; | ||
| 2613 | ii = sk_SSL_CIPHER_find(allow, c); | ||
| 2614 | if (ii >= 0) { | ||
| 2615 | if ((alg_k & SSL_kECDHE) && | ||
| 2616 | (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { | ||
| 2617 | if (!ret) | ||
| 2618 | ret = sk_SSL_CIPHER_value(allow, ii); | ||
| 2619 | continue; | ||
| 2620 | } | ||
| 2621 | ret = sk_SSL_CIPHER_value(allow, ii); | ||
| 2622 | break; | ||
| 2623 | } | ||
| 2624 | } | ||
| 2625 | return (ret); | ||
| 2626 | } | ||
| 2627 | |||
| 2628 | int | ||
| 2629 | ssl3_get_req_cert_type(SSL *s, unsigned char *p) | ||
| 2630 | { | ||
| 2631 | int ret = 0; | ||
| 2632 | unsigned long alg_k; | ||
| 2633 | |||
| 2634 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 2635 | |||
| 2636 | #ifndef OPENSSL_NO_GOST | ||
| 2637 | if ((alg_k & SSL_kGOST) && (s->version >= TLS1_VERSION)) { | ||
| 2638 | p[ret++] = TLS_CT_GOST94_SIGN; | ||
| 2639 | p[ret++] = TLS_CT_GOST01_SIGN; | ||
| 2640 | p[ret++] = TLS_CT_GOST12_256_SIGN; | ||
| 2641 | p[ret++] = TLS_CT_GOST12_512_SIGN; | ||
| 2642 | } | ||
| 2643 | #endif | ||
| 2644 | |||
| 2645 | if (alg_k & SSL_kDHE) { | ||
| 2646 | p[ret++] = SSL3_CT_RSA_FIXED_DH; | ||
| 2647 | p[ret++] = SSL3_CT_DSS_FIXED_DH; | ||
| 2648 | } | ||
| 2649 | if (s->version == SSL3_VERSION && (alg_k & SSL_kDHE)) { | ||
| 2650 | p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH; | ||
| 2651 | p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH; | ||
| 2652 | } | ||
| 2653 | p[ret++] = SSL3_CT_RSA_SIGN; | ||
| 2654 | p[ret++] = SSL3_CT_DSS_SIGN; | ||
| 2655 | if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { | ||
| 2656 | p[ret++] = TLS_CT_RSA_FIXED_ECDH; | ||
| 2657 | p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; | ||
| 2658 | } | ||
| 2659 | |||
| 2660 | /* | ||
| 2661 | * ECDSA certs can be used with RSA cipher suites as well | ||
| 2662 | * so we don't need to check for SSL_kECDH or SSL_kECDHE | ||
| 2663 | */ | ||
| 2664 | if (s->version >= TLS1_VERSION) { | ||
| 2665 | p[ret++] = TLS_CT_ECDSA_SIGN; | ||
| 2666 | } | ||
| 2667 | return (ret); | ||
| 2668 | } | ||
| 2669 | |||
| 2670 | int | ||
| 2671 | ssl3_shutdown(SSL *s) | ||
| 2672 | { | ||
| 2673 | int ret; | ||
| 2674 | |||
| 2675 | /* | ||
| 2676 | * Don't do anything much if we have not done the handshake or | ||
| 2677 | * we don't want to send messages :-) | ||
| 2678 | */ | ||
| 2679 | if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) { | ||
| 2680 | s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | ||
| 2681 | return (1); | ||
| 2682 | } | ||
| 2683 | |||
| 2684 | if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { | ||
| 2685 | s->shutdown|=SSL_SENT_SHUTDOWN; | ||
| 2686 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); | ||
| 2687 | /* | ||
| 2688 | * Our shutdown alert has been sent now, and if it still needs | ||
| 2689 | * to be written, s->s3->alert_dispatch will be true | ||
| 2690 | */ | ||
| 2691 | if (s->s3->alert_dispatch) | ||
| 2692 | return(-1); /* return WANT_WRITE */ | ||
| 2693 | } else if (s->s3->alert_dispatch) { | ||
| 2694 | /* resend it if not sent */ | ||
| 2695 | ret = s->method->ssl_dispatch_alert(s); | ||
| 2696 | if (ret == -1) { | ||
| 2697 | /* | ||
| 2698 | * We only get to return -1 here the 2nd/Nth | ||
| 2699 | * invocation, we must have already signalled | ||
| 2700 | * return 0 upon a previous invoation, | ||
| 2701 | * return WANT_WRITE | ||
| 2702 | */ | ||
| 2703 | return (ret); | ||
| 2704 | } | ||
| 2705 | } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { | ||
| 2706 | /* If we are waiting for a close from our peer, we are closed */ | ||
| 2707 | s->method->ssl_read_bytes(s, 0, NULL, 0, 0); | ||
| 2708 | if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { | ||
| 2709 | return(-1); /* return WANT_READ */ | ||
| 2710 | } | ||
| 2711 | } | ||
| 2712 | |||
| 2713 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && | ||
| 2714 | !s->s3->alert_dispatch) | ||
| 2715 | return (1); | ||
| 2716 | else | ||
| 2717 | return (0); | ||
| 2718 | } | ||
| 2719 | |||
| 2720 | int | ||
| 2721 | ssl3_write(SSL *s, const void *buf, int len) | ||
| 2722 | { | ||
| 2723 | int ret, n; | ||
| 2724 | |||
| 2725 | #if 0 | ||
| 2726 | if (s->shutdown & SSL_SEND_SHUTDOWN) { | ||
| 2727 | s->rwstate = SSL_NOTHING; | ||
| 2728 | return (0); | ||
| 2729 | } | ||
| 2730 | #endif | ||
| 2731 | errno = 0; | ||
| 2732 | if (s->s3->renegotiate) | ||
| 2733 | ssl3_renegotiate_check(s); | ||
| 2734 | |||
| 2735 | /* | ||
| 2736 | * This is an experimental flag that sends the | ||
| 2737 | * last handshake message in the same packet as the first | ||
| 2738 | * use data - used to see if it helps the TCP protocol during | ||
| 2739 | * session-id reuse | ||
| 2740 | */ | ||
| 2741 | /* The second test is because the buffer may have been removed */ | ||
| 2742 | if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) { | ||
| 2743 | /* First time through, we write into the buffer */ | ||
| 2744 | if (s->s3->delay_buf_pop_ret == 0) { | ||
| 2745 | ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, | ||
| 2746 | buf, len); | ||
| 2747 | if (ret <= 0) | ||
| 2748 | return (ret); | ||
| 2749 | |||
| 2750 | s->s3->delay_buf_pop_ret = ret; | ||
| 2751 | } | ||
| 2752 | |||
| 2753 | s->rwstate = SSL_WRITING; | ||
| 2754 | n = BIO_flush(s->wbio); | ||
| 2755 | if (n <= 0) | ||
| 2756 | return (n); | ||
| 2757 | s->rwstate = SSL_NOTHING; | ||
| 2758 | |||
| 2759 | /* We have flushed the buffer, so remove it */ | ||
| 2760 | ssl_free_wbio_buffer(s); | ||
| 2761 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | ||
| 2762 | |||
| 2763 | ret = s->s3->delay_buf_pop_ret; | ||
| 2764 | s->s3->delay_buf_pop_ret = 0; | ||
| 2765 | } else { | ||
| 2766 | ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, | ||
| 2767 | buf, len); | ||
| 2768 | if (ret <= 0) | ||
| 2769 | return (ret); | ||
| 2770 | } | ||
| 2771 | |||
| 2772 | return (ret); | ||
| 2773 | } | ||
| 2774 | |||
| 2775 | static int | ||
| 2776 | ssl3_read_internal(SSL *s, void *buf, int len, int peek) | ||
| 2777 | { | ||
| 2778 | int ret; | ||
| 2779 | |||
| 2780 | errno = 0; | ||
| 2781 | if (s->s3->renegotiate) | ||
| 2782 | ssl3_renegotiate_check(s); | ||
| 2783 | s->s3->in_read_app_data = 1; | ||
| 2784 | ret = s->method->ssl_read_bytes(s, | ||
| 2785 | SSL3_RT_APPLICATION_DATA, buf, len, peek); | ||
| 2786 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) { | ||
| 2787 | /* | ||
| 2788 | * ssl3_read_bytes decided to call s->handshake_func, which | ||
| 2789 | * called ssl3_read_bytes to read handshake data. | ||
| 2790 | * However, ssl3_read_bytes actually found application data | ||
| 2791 | * and thinks that application data makes sense here; so disable | ||
| 2792 | * handshake processing and try to read application data again. | ||
| 2793 | */ | ||
| 2794 | s->in_handshake++; | ||
| 2795 | ret = s->method->ssl_read_bytes(s, | ||
| 2796 | SSL3_RT_APPLICATION_DATA, buf, len, peek); | ||
| 2797 | s->in_handshake--; | ||
| 2798 | } else | ||
| 2799 | s->s3->in_read_app_data = 0; | ||
| 2800 | |||
| 2801 | return (ret); | ||
| 2802 | } | ||
| 2803 | |||
| 2804 | int | ||
| 2805 | ssl3_read(SSL *s, void *buf, int len) | ||
| 2806 | { | ||
| 2807 | return ssl3_read_internal(s, buf, len, 0); | ||
| 2808 | } | ||
| 2809 | |||
| 2810 | int | ||
| 2811 | ssl3_peek(SSL *s, void *buf, int len) | ||
| 2812 | { | ||
| 2813 | return ssl3_read_internal(s, buf, len, 1); | ||
| 2814 | } | ||
| 2815 | |||
| 2816 | int | ||
| 2817 | ssl3_renegotiate(SSL *s) | ||
| 2818 | { | ||
| 2819 | if (s->handshake_func == NULL) | ||
| 2820 | return (1); | ||
| 2821 | |||
| 2822 | if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) | ||
| 2823 | return (0); | ||
| 2824 | |||
| 2825 | s->s3->renegotiate = 1; | ||
| 2826 | return (1); | ||
| 2827 | } | ||
| 2828 | |||
| 2829 | int | ||
| 2830 | ssl3_renegotiate_check(SSL *s) | ||
| 2831 | { | ||
| 2832 | int ret = 0; | ||
| 2833 | |||
| 2834 | if (s->s3->renegotiate) { | ||
| 2835 | if ((s->s3->rbuf.left == 0) && (s->s3->wbuf.left == 0) && | ||
| 2836 | !SSL_in_init(s)) { | ||
| 2837 | /* | ||
| 2838 | * If we are the server, and we have sent | ||
| 2839 | * a 'RENEGOTIATE' message, we need to go | ||
| 2840 | * to SSL_ST_ACCEPT. | ||
| 2841 | */ | ||
| 2842 | /* SSL_ST_ACCEPT */ | ||
| 2843 | s->state = SSL_ST_RENEGOTIATE; | ||
| 2844 | s->s3->renegotiate = 0; | ||
| 2845 | s->s3->num_renegotiations++; | ||
| 2846 | s->s3->total_renegotiations++; | ||
| 2847 | ret = 1; | ||
| 2848 | } | ||
| 2849 | } | ||
| 2850 | return (ret); | ||
| 2851 | } | ||
| 2852 | /* | ||
| 2853 | * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF | ||
| 2854 | * and handshake macs if required. | ||
| 2855 | */ | ||
| 2856 | long | ||
| 2857 | ssl_get_algorithm2(SSL *s) | ||
| 2858 | { | ||
| 2859 | long alg2 = s->s3->tmp.new_cipher->algorithm2; | ||
| 2860 | |||
| 2861 | if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && | ||
| 2862 | alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) | ||
| 2863 | return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; | ||
| 2864 | return alg2; | ||
| 2865 | } | ||
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c deleted file mode 100644 index 117e6ec2da..0000000000 --- a/src/lib/libssl/s3_pkt.c +++ /dev/null | |||
| @@ -1,1401 +0,0 @@ | |||
| 1 | /* $OpenBSD: s3_pkt.c,v 1.54 2014/12/14 21:49:29 bcook Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 112 | #include <errno.h> | ||
| 113 | #include <stdio.h> | ||
| 114 | |||
| 115 | #include "ssl_locl.h" | ||
| 116 | |||
| 117 | #include <openssl/buffer.h> | ||
| 118 | #include <openssl/evp.h> | ||
| 119 | |||
| 120 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | ||
| 121 | unsigned int len, int create_empty_fragment); | ||
| 122 | static int ssl3_get_record(SSL *s); | ||
| 123 | |||
| 124 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase | ||
| 125 | * packet by another n bytes. | ||
| 126 | * The packet will be in the sub-array of s->s3->rbuf.buf specified | ||
| 127 | * by s->packet and s->packet_length. | ||
| 128 | * (If s->read_ahead is set, 'max' bytes may be stored in rbuf | ||
| 129 | * [plus s->packet_length bytes if extend == 1].) | ||
| 130 | */ | ||
| 131 | int | ||
| 132 | ssl3_read_n(SSL *s, int n, int max, int extend) | ||
| 133 | { | ||
| 134 | int i, len, left; | ||
| 135 | size_t align; | ||
| 136 | unsigned char *pkt; | ||
| 137 | SSL3_BUFFER *rb; | ||
| 138 | |||
| 139 | if (n <= 0) | ||
| 140 | return n; | ||
| 141 | |||
| 142 | rb = &(s->s3->rbuf); | ||
| 143 | if (rb->buf == NULL) | ||
| 144 | if (!ssl3_setup_read_buffer(s)) | ||
| 145 | return -1; | ||
| 146 | |||
| 147 | left = rb->left; | ||
| 148 | align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; | ||
| 149 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); | ||
| 150 | |||
| 151 | if (!extend) { | ||
| 152 | /* start with empty packet ... */ | ||
| 153 | if (left == 0) | ||
| 154 | rb->offset = align; | ||
| 155 | else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) { | ||
| 156 | /* check if next packet length is large | ||
| 157 | * enough to justify payload alignment... */ | ||
| 158 | pkt = rb->buf + rb->offset; | ||
| 159 | if (pkt[0] == SSL3_RT_APPLICATION_DATA && | ||
| 160 | (pkt[3]<<8|pkt[4]) >= 128) { | ||
| 161 | /* Note that even if packet is corrupted | ||
| 162 | * and its length field is insane, we can | ||
| 163 | * only be led to wrong decision about | ||
| 164 | * whether memmove will occur or not. | ||
| 165 | * Header values has no effect on memmove | ||
| 166 | * arguments and therefore no buffer | ||
| 167 | * overrun can be triggered. */ | ||
| 168 | memmove(rb->buf + align, pkt, left); | ||
| 169 | rb->offset = align; | ||
| 170 | } | ||
| 171 | } | ||
| 172 | s->packet = rb->buf + rb->offset; | ||
| 173 | s->packet_length = 0; | ||
| 174 | /* ... now we can act as if 'extend' was set */ | ||
| 175 | } | ||
| 176 | |||
| 177 | /* For DTLS/UDP reads should not span multiple packets | ||
| 178 | * because the read operation returns the whole packet | ||
| 179 | * at once (as long as it fits into the buffer). */ | ||
| 180 | if (SSL_IS_DTLS(s)) { | ||
| 181 | if (left > 0 && n > left) | ||
| 182 | n = left; | ||
| 183 | } | ||
| 184 | |||
| 185 | /* if there is enough in the buffer from a previous read, take some */ | ||
| 186 | if (left >= n) { | ||
| 187 | s->packet_length += n; | ||
| 188 | rb->left = left - n; | ||
| 189 | rb->offset += n; | ||
| 190 | return (n); | ||
| 191 | } | ||
| 192 | |||
| 193 | /* else we need to read more data */ | ||
| 194 | |||
| 195 | len = s->packet_length; | ||
| 196 | pkt = rb->buf + align; | ||
| 197 | /* Move any available bytes to front of buffer: | ||
| 198 | * 'len' bytes already pointed to by 'packet', | ||
| 199 | * 'left' extra ones at the end */ | ||
| 200 | if (s->packet != pkt) { | ||
| 201 | /* len > 0 */ | ||
| 202 | memmove(pkt, s->packet, len + left); | ||
| 203 | s->packet = pkt; | ||
| 204 | rb->offset = len + align; | ||
| 205 | } | ||
| 206 | |||
| 207 | if (n > (int)(rb->len - rb->offset)) { | ||
| 208 | /* does not happen */ | ||
| 209 | SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); | ||
| 210 | return -1; | ||
| 211 | } | ||
| 212 | |||
| 213 | if (!s->read_ahead) { | ||
| 214 | /* ignore max parameter */ | ||
| 215 | max = n; | ||
| 216 | } else { | ||
| 217 | if (max < n) | ||
| 218 | max = n; | ||
| 219 | if (max > (int)(rb->len - rb->offset)) | ||
| 220 | max = rb->len - rb->offset; | ||
| 221 | } | ||
| 222 | |||
| 223 | while (left < n) { | ||
| 224 | /* Now we have len+left bytes at the front of s->s3->rbuf.buf | ||
| 225 | * and need to read in more until we have len+n (up to | ||
| 226 | * len+max if possible) */ | ||
| 227 | |||
| 228 | errno = 0; | ||
| 229 | if (s->rbio != NULL) { | ||
| 230 | s->rwstate = SSL_READING; | ||
| 231 | i = BIO_read(s->rbio, pkt + len + left, max - left); | ||
| 232 | } else { | ||
| 233 | SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); | ||
| 234 | i = -1; | ||
| 235 | } | ||
| 236 | |||
| 237 | if (i <= 0) { | ||
| 238 | rb->left = left; | ||
| 239 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | ||
| 240 | !SSL_IS_DTLS(s)) { | ||
| 241 | if (len + left == 0) | ||
| 242 | ssl3_release_read_buffer(s); | ||
| 243 | } | ||
| 244 | return (i); | ||
| 245 | } | ||
| 246 | left += i; | ||
| 247 | |||
| 248 | /* | ||
| 249 | * reads should *never* span multiple packets for DTLS because | ||
| 250 | * the underlying transport protocol is message oriented as | ||
| 251 | * opposed to byte oriented as in the TLS case. | ||
| 252 | */ | ||
| 253 | if (SSL_IS_DTLS(s)) { | ||
| 254 | if (n > left) | ||
| 255 | n = left; /* makes the while condition false */ | ||
| 256 | } | ||
| 257 | } | ||
| 258 | |||
| 259 | /* done reading, now the book-keeping */ | ||
| 260 | rb->offset += n; | ||
| 261 | rb->left = left - n; | ||
| 262 | s->packet_length += n; | ||
| 263 | s->rwstate = SSL_NOTHING; | ||
| 264 | return (n); | ||
| 265 | } | ||
| 266 | |||
| 267 | /* Call this to get a new input record. | ||
| 268 | * It will return <= 0 if more data is needed, normally due to an error | ||
| 269 | * or non-blocking IO. | ||
| 270 | * When it finishes, one packet has been decoded and can be found in | ||
| 271 | * ssl->s3->rrec.type - is the type of record | ||
| 272 | * ssl->s3->rrec.data, - data | ||
| 273 | * ssl->s3->rrec.length, - number of bytes | ||
| 274 | */ | ||
| 275 | /* used only by ssl3_read_bytes */ | ||
| 276 | static int | ||
| 277 | ssl3_get_record(SSL *s) | ||
| 278 | { | ||
| 279 | int ssl_major, ssl_minor, al; | ||
| 280 | int enc_err, n, i, ret = -1; | ||
| 281 | SSL3_RECORD *rr; | ||
| 282 | SSL_SESSION *sess; | ||
| 283 | unsigned char *p; | ||
| 284 | unsigned char md[EVP_MAX_MD_SIZE]; | ||
| 285 | short version; | ||
| 286 | unsigned mac_size, orig_len; | ||
| 287 | size_t extra; | ||
| 288 | |||
| 289 | rr = &(s->s3->rrec); | ||
| 290 | sess = s->session; | ||
| 291 | |||
| 292 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | ||
| 293 | extra = SSL3_RT_MAX_EXTRA; | ||
| 294 | else | ||
| 295 | extra = 0; | ||
| 296 | |||
| 297 | if (extra && !s->s3->init_extra) { | ||
| 298 | /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | ||
| 299 | * set after ssl3_setup_buffers() was done */ | ||
| 300 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | ||
| 301 | return -1; | ||
| 302 | } | ||
| 303 | |||
| 304 | again: | ||
| 305 | /* check if we have the header */ | ||
| 306 | if ((s->rstate != SSL_ST_READ_BODY) || | ||
| 307 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) { | ||
| 308 | n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); | ||
| 309 | if (n <= 0) | ||
| 310 | return(n); /* error or non-blocking */ | ||
| 311 | s->rstate = SSL_ST_READ_BODY; | ||
| 312 | |||
| 313 | p = s->packet; | ||
| 314 | |||
| 315 | /* Pull apart the header into the SSL3_RECORD */ | ||
| 316 | rr->type= *(p++); | ||
| 317 | ssl_major= *(p++); | ||
| 318 | ssl_minor= *(p++); | ||
| 319 | version = (ssl_major << 8)|ssl_minor; | ||
| 320 | n2s(p, rr->length); | ||
| 321 | |||
| 322 | /* Lets check version */ | ||
| 323 | if (!s->first_packet) { | ||
| 324 | if (version != s->version) { | ||
| 325 | SSLerr(SSL_F_SSL3_GET_RECORD, | ||
| 326 | SSL_R_WRONG_VERSION_NUMBER); | ||
| 327 | if ((s->version & 0xFF00) == (version & 0xFF00) && | ||
| 328 | !s->enc_write_ctx && !s->write_hash) | ||
| 329 | /* Send back error using their minor version number :-) */ | ||
| 330 | s->version = (unsigned short)version; | ||
| 331 | al = SSL_AD_PROTOCOL_VERSION; | ||
| 332 | goto f_err; | ||
| 333 | } | ||
| 334 | } | ||
| 335 | |||
| 336 | if ((version >> 8) != SSL3_VERSION_MAJOR) { | ||
| 337 | SSLerr(SSL_F_SSL3_GET_RECORD, | ||
| 338 | SSL_R_WRONG_VERSION_NUMBER); | ||
| 339 | goto err; | ||
| 340 | } | ||
| 341 | |||
| 342 | if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) { | ||
| 343 | al = SSL_AD_RECORD_OVERFLOW; | ||
| 344 | SSLerr(SSL_F_SSL3_GET_RECORD, | ||
| 345 | SSL_R_PACKET_LENGTH_TOO_LONG); | ||
| 346 | goto f_err; | ||
| 347 | } | ||
| 348 | |||
| 349 | /* now s->rstate == SSL_ST_READ_BODY */ | ||
| 350 | } | ||
| 351 | |||
| 352 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ | ||
| 353 | |||
| 354 | if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) { | ||
| 355 | /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ | ||
| 356 | i = rr->length; | ||
| 357 | n = ssl3_read_n(s, i, i, 1); | ||
| 358 | if (n <= 0) | ||
| 359 | return(n); /* error or non-blocking io */ | ||
| 360 | /* now n == rr->length, | ||
| 361 | * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ | ||
| 362 | } | ||
| 363 | |||
| 364 | s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ | ||
| 365 | |||
| 366 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | ||
| 367 | * and we have that many bytes in s->packet | ||
| 368 | */ | ||
| 369 | rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]); | ||
| 370 | |||
| 371 | /* ok, we can now read from 's->packet' data into 'rr' | ||
| 372 | * rr->input points at rr->length bytes, which | ||
| 373 | * need to be copied into rr->data by either | ||
| 374 | * the decryption or by the decompression | ||
| 375 | * When the data is 'copied' into the rr->data buffer, | ||
| 376 | * rr->input will be pointed at the new buffer */ | ||
| 377 | |||
| 378 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | ||
| 379 | * rr->length bytes of encrypted compressed stuff. */ | ||
| 380 | |||
| 381 | /* check is not needed I believe */ | ||
| 382 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) { | ||
| 383 | al = SSL_AD_RECORD_OVERFLOW; | ||
| 384 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | ||
| 385 | goto f_err; | ||
| 386 | } | ||
| 387 | |||
| 388 | /* decrypt in place in 'rr->input' */ | ||
| 389 | rr->data = rr->input; | ||
| 390 | |||
| 391 | enc_err = s->method->ssl3_enc->enc(s, 0); | ||
| 392 | /* enc_err is: | ||
| 393 | * 0: (in non-constant time) if the record is publically invalid. | ||
| 394 | * 1: if the padding is valid | ||
| 395 | * -1: if the padding is invalid */ | ||
| 396 | if (enc_err == 0) { | ||
| 397 | al = SSL_AD_DECRYPTION_FAILED; | ||
| 398 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | ||
| 399 | goto f_err; | ||
| 400 | } | ||
| 401 | |||
| 402 | |||
| 403 | /* r->length is now the compressed data plus mac */ | ||
| 404 | if ((sess != NULL) && (s->enc_read_ctx != NULL) && | ||
| 405 | (EVP_MD_CTX_md(s->read_hash) != NULL)) { | ||
| 406 | /* s->read_hash != NULL => mac_size != -1 */ | ||
| 407 | unsigned char *mac = NULL; | ||
| 408 | unsigned char mac_tmp[EVP_MAX_MD_SIZE]; | ||
| 409 | |||
| 410 | mac_size = EVP_MD_CTX_size(s->read_hash); | ||
| 411 | OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); | ||
| 412 | |||
| 413 | /* kludge: *_cbc_remove_padding passes padding length in rr->type */ | ||
| 414 | orig_len = rr->length + ((unsigned int)rr->type >> 8); | ||
| 415 | |||
| 416 | /* orig_len is the length of the record before any padding was | ||
| 417 | * removed. This is public information, as is the MAC in use, | ||
| 418 | * therefore we can safely process the record in a different | ||
| 419 | * amount of time if it's too short to possibly contain a MAC. | ||
| 420 | */ | ||
| 421 | if (orig_len < mac_size || | ||
| 422 | /* CBC records must have a padding length byte too. */ | ||
| 423 | (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && | ||
| 424 | orig_len < mac_size + 1)) { | ||
| 425 | al = SSL_AD_DECODE_ERROR; | ||
| 426 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); | ||
| 427 | goto f_err; | ||
| 428 | } | ||
| 429 | |||
| 430 | if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { | ||
| 431 | /* We update the length so that the TLS header bytes | ||
| 432 | * can be constructed correctly but we need to extract | ||
| 433 | * the MAC in constant time from within the record, | ||
| 434 | * without leaking the contents of the padding bytes. | ||
| 435 | * */ | ||
| 436 | mac = mac_tmp; | ||
| 437 | ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); | ||
| 438 | rr->length -= mac_size; | ||
| 439 | } else { | ||
| 440 | /* In this case there's no padding, so |orig_len| | ||
| 441 | * equals |rec->length| and we checked that there's | ||
| 442 | * enough bytes for |mac_size| above. */ | ||
| 443 | rr->length -= mac_size; | ||
| 444 | mac = &rr->data[rr->length]; | ||
| 445 | } | ||
| 446 | |||
| 447 | i = s->method->ssl3_enc->mac(s,md,0 /* not send */); | ||
| 448 | if (i < 0 || mac == NULL || | ||
| 449 | timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) | ||
| 450 | enc_err = -1; | ||
| 451 | if (rr->length > | ||
| 452 | SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size) | ||
| 453 | enc_err = -1; | ||
| 454 | } | ||
| 455 | |||
| 456 | if (enc_err < 0) { | ||
| 457 | /* | ||
| 458 | * A separate 'decryption_failed' alert was introduced with | ||
| 459 | * TLS 1.0, SSL 3.0 only has 'bad_record_mac'. But unless a | ||
| 460 | * decryption failure is directly visible from the ciphertext | ||
| 461 | * anyway, we should not reveal which kind of error | ||
| 462 | * occurred -- this might become visible to an attacker | ||
| 463 | * (e.g. via a logfile) | ||
| 464 | */ | ||
| 465 | al = SSL_AD_BAD_RECORD_MAC; | ||
| 466 | SSLerr(SSL_F_SSL3_GET_RECORD, | ||
| 467 | SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | ||
| 468 | goto f_err; | ||
| 469 | } | ||
| 470 | |||
| 471 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { | ||
| 472 | al = SSL_AD_RECORD_OVERFLOW; | ||
| 473 | SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 474 | goto f_err; | ||
| 475 | } | ||
| 476 | |||
| 477 | rr->off = 0; | ||
| 478 | /* | ||
| 479 | * So at this point the following is true | ||
| 480 | * | ||
| 481 | * ssl->s3->rrec.type is the type of record | ||
| 482 | * ssl->s3->rrec.length == number of bytes in record | ||
| 483 | * ssl->s3->rrec.off == offset to first valid byte | ||
| 484 | * ssl->s3->rrec.data == where to take bytes from, increment | ||
| 485 | * after use :-). | ||
| 486 | */ | ||
| 487 | |||
| 488 | /* we have pulled in a full packet so zero things */ | ||
| 489 | s->packet_length = 0; | ||
| 490 | |||
| 491 | /* just read a 0 length packet */ | ||
| 492 | if (rr->length == 0) | ||
| 493 | goto again; | ||
| 494 | |||
| 495 | return (1); | ||
| 496 | |||
| 497 | f_err: | ||
| 498 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 499 | err: | ||
| 500 | return (ret); | ||
| 501 | } | ||
| 502 | |||
| 503 | /* Call this to write data in records of type 'type' | ||
| 504 | * It will return <= 0 if not all data has been sent or non-blocking IO. | ||
| 505 | */ | ||
| 506 | int | ||
| 507 | ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) | ||
| 508 | { | ||
| 509 | const unsigned char *buf = buf_; | ||
| 510 | unsigned int tot, n, nw; | ||
| 511 | int i; | ||
| 512 | |||
| 513 | if (len < 0) { | ||
| 514 | SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 515 | return -1; | ||
| 516 | } | ||
| 517 | |||
| 518 | s->rwstate = SSL_NOTHING; | ||
| 519 | tot = s->s3->wnum; | ||
| 520 | s->s3->wnum = 0; | ||
| 521 | |||
| 522 | if (SSL_in_init(s) && !s->in_handshake) { | ||
| 523 | i = s->handshake_func(s); | ||
| 524 | if (i < 0) | ||
| 525 | return (i); | ||
| 526 | if (i == 0) { | ||
| 527 | SSLerr(SSL_F_SSL3_WRITE_BYTES, | ||
| 528 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 529 | return -1; | ||
| 530 | } | ||
| 531 | } | ||
| 532 | |||
| 533 | if (len < tot) | ||
| 534 | len = tot; | ||
| 535 | n = (len - tot); | ||
| 536 | for (;;) { | ||
| 537 | if (n > s->max_send_fragment) | ||
| 538 | nw = s->max_send_fragment; | ||
| 539 | else | ||
| 540 | nw = n; | ||
| 541 | |||
| 542 | i = do_ssl3_write(s, type, &(buf[tot]), nw, 0); | ||
| 543 | if (i <= 0) { | ||
| 544 | s->s3->wnum = tot; | ||
| 545 | return i; | ||
| 546 | } | ||
| 547 | |||
| 548 | if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA && | ||
| 549 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) { | ||
| 550 | /* | ||
| 551 | * Next chunk of data should get another prepended | ||
| 552 | * empty fragment in ciphersuites with known-IV | ||
| 553 | * weakness. | ||
| 554 | */ | ||
| 555 | s->s3->empty_fragment_done = 0; | ||
| 556 | |||
| 557 | return tot + i; | ||
| 558 | } | ||
| 559 | |||
| 560 | n -= i; | ||
| 561 | tot += i; | ||
| 562 | } | ||
| 563 | } | ||
| 564 | |||
| 565 | static int | ||
| 566 | do_ssl3_write(SSL *s, int type, const unsigned char *buf, | ||
| 567 | unsigned int len, int create_empty_fragment) | ||
| 568 | { | ||
| 569 | unsigned char *p, *plen; | ||
| 570 | int i, mac_size, clear = 0; | ||
| 571 | int prefix_len = 0; | ||
| 572 | int eivlen; | ||
| 573 | size_t align; | ||
| 574 | SSL3_RECORD *wr; | ||
| 575 | SSL3_BUFFER *wb = &(s->s3->wbuf); | ||
| 576 | SSL_SESSION *sess; | ||
| 577 | |||
| 578 | if (wb->buf == NULL) | ||
| 579 | if (!ssl3_setup_write_buffer(s)) | ||
| 580 | return -1; | ||
| 581 | |||
| 582 | /* first check if there is a SSL3_BUFFER still being written | ||
| 583 | * out. This will happen with non blocking IO */ | ||
| 584 | if (wb->left != 0) | ||
| 585 | return (ssl3_write_pending(s, type, buf, len)); | ||
| 586 | |||
| 587 | /* If we have an alert to send, lets send it */ | ||
| 588 | if (s->s3->alert_dispatch) { | ||
| 589 | i = s->method->ssl_dispatch_alert(s); | ||
| 590 | if (i <= 0) | ||
| 591 | return (i); | ||
| 592 | /* if it went, fall through and send more stuff */ | ||
| 593 | /* we may have released our buffer, so get it again */ | ||
| 594 | if (wb->buf == NULL) | ||
| 595 | if (!ssl3_setup_write_buffer(s)) | ||
| 596 | return -1; | ||
| 597 | } | ||
| 598 | |||
| 599 | if (len == 0 && !create_empty_fragment) | ||
| 600 | return 0; | ||
| 601 | |||
| 602 | wr = &(s->s3->wrec); | ||
| 603 | sess = s->session; | ||
| 604 | |||
| 605 | if ((sess == NULL) || (s->enc_write_ctx == NULL) || | ||
| 606 | (EVP_MD_CTX_md(s->write_hash) == NULL)) { | ||
| 607 | clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ | ||
| 608 | mac_size = 0; | ||
| 609 | } else { | ||
| 610 | mac_size = EVP_MD_CTX_size(s->write_hash); | ||
| 611 | if (mac_size < 0) | ||
| 612 | goto err; | ||
| 613 | } | ||
| 614 | |||
| 615 | /* | ||
| 616 | * 'create_empty_fragment' is true only when this function calls | ||
| 617 | * itself. | ||
| 618 | */ | ||
| 619 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) { | ||
| 620 | /* | ||
| 621 | * Countermeasure against known-IV weakness in CBC ciphersuites | ||
| 622 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) | ||
| 623 | */ | ||
| 624 | if (s->s3->need_empty_fragments && | ||
| 625 | type == SSL3_RT_APPLICATION_DATA) { | ||
| 626 | /* recursive function call with 'create_empty_fragment' set; | ||
| 627 | * this prepares and buffers the data for an empty fragment | ||
| 628 | * (these 'prefix_len' bytes are sent out later | ||
| 629 | * together with the actual payload) */ | ||
| 630 | prefix_len = do_ssl3_write(s, type, buf, 0, 1); | ||
| 631 | if (prefix_len <= 0) | ||
| 632 | goto err; | ||
| 633 | |||
| 634 | if (prefix_len > | ||
| 635 | (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) { | ||
| 636 | /* insufficient space */ | ||
| 637 | SSLerr(SSL_F_DO_SSL3_WRITE, | ||
| 638 | ERR_R_INTERNAL_ERROR); | ||
| 639 | goto err; | ||
| 640 | } | ||
| 641 | } | ||
| 642 | |||
| 643 | s->s3->empty_fragment_done = 1; | ||
| 644 | } | ||
| 645 | |||
| 646 | if (create_empty_fragment) { | ||
| 647 | /* extra fragment would be couple of cipher blocks, | ||
| 648 | * which would be multiple of SSL3_ALIGN_PAYLOAD, so | ||
| 649 | * if we want to align the real payload, then we can | ||
| 650 | * just pretent we simply have two headers. */ | ||
| 651 | align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH; | ||
| 652 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); | ||
| 653 | |||
| 654 | p = wb->buf + align; | ||
| 655 | wb->offset = align; | ||
| 656 | } else if (prefix_len) { | ||
| 657 | p = wb->buf + wb->offset + prefix_len; | ||
| 658 | } else { | ||
| 659 | align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH; | ||
| 660 | align = (-align) & (SSL3_ALIGN_PAYLOAD - 1); | ||
| 661 | |||
| 662 | p = wb->buf + align; | ||
| 663 | wb->offset = align; | ||
| 664 | } | ||
| 665 | |||
| 666 | /* write the header */ | ||
| 667 | |||
| 668 | *(p++) = type&0xff; | ||
| 669 | wr->type = type; | ||
| 670 | |||
| 671 | *(p++) = (s->version >> 8); | ||
| 672 | /* Some servers hang if iniatial client hello is larger than 256 | ||
| 673 | * bytes and record version number > TLS 1.0 | ||
| 674 | */ | ||
| 675 | if (s->state == SSL3_ST_CW_CLNT_HELLO_B && !s->renegotiate && | ||
| 676 | TLS1_get_version(s) > TLS1_VERSION) | ||
| 677 | *(p++) = 0x1; | ||
| 678 | else | ||
| 679 | *(p++) = s->version&0xff; | ||
| 680 | |||
| 681 | /* field where we are to write out packet length */ | ||
| 682 | plen = p; | ||
| 683 | p += 2; | ||
| 684 | |||
| 685 | /* Explicit IV length. */ | ||
| 686 | if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) { | ||
| 687 | int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); | ||
| 688 | if (mode == EVP_CIPH_CBC_MODE) { | ||
| 689 | eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); | ||
| 690 | if (eivlen <= 1) | ||
| 691 | eivlen = 0; | ||
| 692 | } | ||
| 693 | /* Need explicit part of IV for GCM mode */ | ||
| 694 | else if (mode == EVP_CIPH_GCM_MODE) | ||
| 695 | eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
| 696 | else | ||
| 697 | eivlen = 0; | ||
| 698 | } else if (s->aead_write_ctx != NULL && | ||
| 699 | s->aead_write_ctx->variable_nonce_in_record) { | ||
| 700 | eivlen = s->aead_write_ctx->variable_nonce_len; | ||
| 701 | } else | ||
| 702 | eivlen = 0; | ||
| 703 | |||
| 704 | /* lets setup the record stuff. */ | ||
| 705 | wr->data = p + eivlen; | ||
| 706 | wr->length = (int)len; | ||
| 707 | wr->input = (unsigned char *)buf; | ||
| 708 | |||
| 709 | /* we now 'read' from wr->input, wr->length bytes into wr->data */ | ||
| 710 | |||
| 711 | memcpy(wr->data, wr->input, wr->length); | ||
| 712 | wr->input = wr->data; | ||
| 713 | |||
| 714 | /* we should still have the output to wr->data and the input | ||
| 715 | * from wr->input. Length should be wr->length. | ||
| 716 | * wr->data still points in the wb->buf */ | ||
| 717 | |||
| 718 | if (mac_size != 0) { | ||
| 719 | if (s->method->ssl3_enc->mac(s, | ||
| 720 | &(p[wr->length + eivlen]), 1) < 0) | ||
| 721 | goto err; | ||
| 722 | wr->length += mac_size; | ||
| 723 | } | ||
| 724 | |||
| 725 | wr->input = p; | ||
| 726 | wr->data = p; | ||
| 727 | |||
| 728 | if (eivlen) { | ||
| 729 | /* if (RAND_pseudo_bytes(p, eivlen) <= 0) | ||
| 730 | goto err; | ||
| 731 | */ | ||
| 732 | wr->length += eivlen; | ||
| 733 | } | ||
| 734 | |||
| 735 | /* ssl3_enc can only have an error on read */ | ||
| 736 | s->method->ssl3_enc->enc(s, 1); | ||
| 737 | |||
| 738 | /* record length after mac and block padding */ | ||
| 739 | s2n(wr->length, plen); | ||
| 740 | |||
| 741 | /* we should now have | ||
| 742 | * wr->data pointing to the encrypted data, which is | ||
| 743 | * wr->length long */ | ||
| 744 | wr->type=type; /* not needed but helps for debugging */ | ||
| 745 | wr->length += SSL3_RT_HEADER_LENGTH; | ||
| 746 | |||
| 747 | if (create_empty_fragment) { | ||
| 748 | /* we are in a recursive call; | ||
| 749 | * just return the length, don't write out anything here | ||
| 750 | */ | ||
| 751 | return wr->length; | ||
| 752 | } | ||
| 753 | |||
| 754 | /* now let's set up wb */ | ||
| 755 | wb->left = prefix_len + wr->length; | ||
| 756 | |||
| 757 | /* memorize arguments so that ssl3_write_pending can detect | ||
| 758 | * bad write retries later */ | ||
| 759 | s->s3->wpend_tot = len; | ||
| 760 | s->s3->wpend_buf = buf; | ||
| 761 | s->s3->wpend_type = type; | ||
| 762 | s->s3->wpend_ret = len; | ||
| 763 | |||
| 764 | /* we now just need to write the buffer */ | ||
| 765 | return ssl3_write_pending(s, type, buf, len); | ||
| 766 | err: | ||
| 767 | return -1; | ||
| 768 | } | ||
| 769 | |||
| 770 | /* if s->s3->wbuf.left != 0, we need to call this */ | ||
| 771 | int | ||
| 772 | ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) | ||
| 773 | { | ||
| 774 | int i; | ||
| 775 | SSL3_BUFFER *wb = &(s->s3->wbuf); | ||
| 776 | |||
| 777 | /* XXXX */ | ||
| 778 | if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) && | ||
| 779 | !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || | ||
| 780 | (s->s3->wpend_type != type)) { | ||
| 781 | SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); | ||
| 782 | return (-1); | ||
| 783 | } | ||
| 784 | |||
| 785 | for (;;) { | ||
| 786 | errno = 0; | ||
| 787 | if (s->wbio != NULL) { | ||
| 788 | s->rwstate = SSL_WRITING; | ||
| 789 | i = BIO_write(s->wbio, | ||
| 790 | (char *)&(wb->buf[wb->offset]), | ||
| 791 | (unsigned int)wb->left); | ||
| 792 | } else { | ||
| 793 | SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET); | ||
| 794 | i = -1; | ||
| 795 | } | ||
| 796 | if (i == wb->left) { | ||
| 797 | wb->left = 0; | ||
| 798 | wb->offset += i; | ||
| 799 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | ||
| 800 | !SSL_IS_DTLS(s)) | ||
| 801 | ssl3_release_write_buffer(s); | ||
| 802 | s->rwstate = SSL_NOTHING; | ||
| 803 | return (s->s3->wpend_ret); | ||
| 804 | } else if (i <= 0) { | ||
| 805 | /* | ||
| 806 | * For DTLS, just drop it. That's kind of the | ||
| 807 | * whole point in using a datagram service. | ||
| 808 | */ | ||
| 809 | if (SSL_IS_DTLS(s)) | ||
| 810 | wb->left = 0; | ||
| 811 | return (i); | ||
| 812 | } | ||
| 813 | wb->offset += i; | ||
| 814 | wb->left -= i; | ||
| 815 | } | ||
| 816 | } | ||
| 817 | |||
| 818 | /* Return up to 'len' payload bytes received in 'type' records. | ||
| 819 | * 'type' is one of the following: | ||
| 820 | * | ||
| 821 | * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) | ||
| 822 | * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) | ||
| 823 | * - 0 (during a shutdown, no data has to be returned) | ||
| 824 | * | ||
| 825 | * If we don't have stored data to work from, read a SSL/TLS record first | ||
| 826 | * (possibly multiple records if we still don't have anything to return). | ||
| 827 | * | ||
| 828 | * This function must handle any surprises the peer may have for us, such as | ||
| 829 | * Alert records (e.g. close_notify), ChangeCipherSpec records (not really | ||
| 830 | * a surprise, but handled as if it were), or renegotiation requests. | ||
| 831 | * Also if record payloads contain fragments too small to process, we store | ||
| 832 | * them until there is enough for the respective protocol (the record protocol | ||
| 833 | * may use arbitrary fragmentation and even interleaving): | ||
| 834 | * Change cipher spec protocol | ||
| 835 | * just 1 byte needed, no need for keeping anything stored | ||
| 836 | * Alert protocol | ||
| 837 | * 2 bytes needed (AlertLevel, AlertDescription) | ||
| 838 | * Handshake protocol | ||
| 839 | * 4 bytes needed (HandshakeType, uint24 length) -- we just have | ||
| 840 | * to detect unexpected Client Hello and Hello Request messages | ||
| 841 | * here, anything else is handled by higher layers | ||
| 842 | * Application data protocol | ||
| 843 | * none of our business | ||
| 844 | */ | ||
| 845 | int | ||
| 846 | ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | ||
| 847 | { | ||
| 848 | int al, i, j, ret; | ||
| 849 | unsigned int n; | ||
| 850 | SSL3_RECORD *rr; | ||
| 851 | void (*cb)(const SSL *ssl, int type2, int val) = NULL; | ||
| 852 | |||
| 853 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ | ||
| 854 | if (!ssl3_setup_read_buffer(s)) | ||
| 855 | return (-1); | ||
| 856 | |||
| 857 | if (len < 0) { | ||
| 858 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 859 | return -1; | ||
| 860 | } | ||
| 861 | |||
| 862 | if ((type && type != SSL3_RT_APPLICATION_DATA && | ||
| 863 | type != SSL3_RT_HANDSHAKE) || | ||
| 864 | (peek && (type != SSL3_RT_APPLICATION_DATA))) { | ||
| 865 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 866 | return -1; | ||
| 867 | } | ||
| 868 | |||
| 869 | if ((type == SSL3_RT_HANDSHAKE) && | ||
| 870 | (s->s3->handshake_fragment_len > 0)) { | ||
| 871 | /* (partially) satisfy request from storage */ | ||
| 872 | unsigned char *src = s->s3->handshake_fragment; | ||
| 873 | unsigned char *dst = buf; | ||
| 874 | unsigned int k; | ||
| 875 | |||
| 876 | /* peek == 0 */ | ||
| 877 | n = 0; | ||
| 878 | while ((len > 0) && (s->s3->handshake_fragment_len > 0)) { | ||
| 879 | *dst++ = *src++; | ||
| 880 | len--; | ||
| 881 | s->s3->handshake_fragment_len--; | ||
| 882 | n++; | ||
| 883 | } | ||
| 884 | /* move any remaining fragment bytes: */ | ||
| 885 | for (k = 0; k < s->s3->handshake_fragment_len; k++) | ||
| 886 | s->s3->handshake_fragment[k] = *src++; | ||
| 887 | return n; | ||
| 888 | } | ||
| 889 | |||
| 890 | /* | ||
| 891 | * Now s->s3->handshake_fragment_len == 0 if | ||
| 892 | * type == SSL3_RT_HANDSHAKE. | ||
| 893 | */ | ||
| 894 | if (!s->in_handshake && SSL_in_init(s)) { | ||
| 895 | /* type == SSL3_RT_APPLICATION_DATA */ | ||
| 896 | i = s->handshake_func(s); | ||
| 897 | if (i < 0) | ||
| 898 | return (i); | ||
| 899 | if (i == 0) { | ||
| 900 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 901 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 902 | return (-1); | ||
| 903 | } | ||
| 904 | } | ||
| 905 | start: | ||
| 906 | s->rwstate = SSL_NOTHING; | ||
| 907 | |||
| 908 | /* | ||
| 909 | * s->s3->rrec.type - is the type of record | ||
| 910 | * s->s3->rrec.data, - data | ||
| 911 | * s->s3->rrec.off, - offset into 'data' for next read | ||
| 912 | * s->s3->rrec.length, - number of bytes. | ||
| 913 | */ | ||
| 914 | rr = &(s->s3->rrec); | ||
| 915 | |||
| 916 | /* get new packet if necessary */ | ||
| 917 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) { | ||
| 918 | ret = ssl3_get_record(s); | ||
| 919 | if (ret <= 0) | ||
| 920 | return (ret); | ||
| 921 | } | ||
| 922 | |||
| 923 | /* we now have a packet which can be read and processed */ | ||
| 924 | |||
| 925 | if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, | ||
| 926 | * reset by ssl3_get_finished */ | ||
| 927 | && (rr->type != SSL3_RT_HANDSHAKE)) { | ||
| 928 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 929 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 930 | SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | ||
| 931 | goto f_err; | ||
| 932 | } | ||
| 933 | |||
| 934 | /* If the other end has shut down, throw anything we read away | ||
| 935 | * (even in 'peek' mode) */ | ||
| 936 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | ||
| 937 | rr->length = 0; | ||
| 938 | s->rwstate = SSL_NOTHING; | ||
| 939 | return (0); | ||
| 940 | } | ||
| 941 | |||
| 942 | |||
| 943 | /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ | ||
| 944 | if (type == rr->type) { | ||
| 945 | /* make sure that we are not getting application data when we | ||
| 946 | * are doing a handshake for the first time */ | ||
| 947 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | ||
| 948 | (s->enc_read_ctx == NULL)) { | ||
| 949 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 950 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 951 | SSL_R_APP_DATA_IN_HANDSHAKE); | ||
| 952 | goto f_err; | ||
| 953 | } | ||
| 954 | |||
| 955 | if (len <= 0) | ||
| 956 | return (len); | ||
| 957 | |||
| 958 | if ((unsigned int)len > rr->length) | ||
| 959 | n = rr->length; | ||
| 960 | else | ||
| 961 | n = (unsigned int)len; | ||
| 962 | |||
| 963 | memcpy(buf, &(rr->data[rr->off]), n); | ||
| 964 | if (!peek) { | ||
| 965 | rr->length -= n; | ||
| 966 | rr->off += n; | ||
| 967 | if (rr->length == 0) { | ||
| 968 | s->rstate = SSL_ST_READ_HEADER; | ||
| 969 | rr->off = 0; | ||
| 970 | if (s->mode & SSL_MODE_RELEASE_BUFFERS && | ||
| 971 | s->s3->rbuf.left == 0) | ||
| 972 | ssl3_release_read_buffer(s); | ||
| 973 | } | ||
| 974 | } | ||
| 975 | return (n); | ||
| 976 | } | ||
| 977 | |||
| 978 | |||
| 979 | /* If we get here, then type != rr->type; if we have a handshake | ||
| 980 | * message, then it was unexpected (Hello Request or Client Hello). */ | ||
| 981 | |||
| 982 | { | ||
| 983 | /* | ||
| 984 | * In case of record types for which we have 'fragment' | ||
| 985 | * storage, * fill that so that we can process the data | ||
| 986 | * at a fixed place. | ||
| 987 | */ | ||
| 988 | unsigned int dest_maxlen = 0; | ||
| 989 | unsigned char *dest = NULL; | ||
| 990 | unsigned int *dest_len = NULL; | ||
| 991 | |||
| 992 | if (rr->type == SSL3_RT_HANDSHAKE) { | ||
| 993 | dest_maxlen = sizeof s->s3->handshake_fragment; | ||
| 994 | dest = s->s3->handshake_fragment; | ||
| 995 | dest_len = &s->s3->handshake_fragment_len; | ||
| 996 | } else if (rr->type == SSL3_RT_ALERT) { | ||
| 997 | dest_maxlen = sizeof s->s3->alert_fragment; | ||
| 998 | dest = s->s3->alert_fragment; | ||
| 999 | dest_len = &s->s3->alert_fragment_len; | ||
| 1000 | } | ||
| 1001 | if (dest_maxlen > 0) { | ||
| 1002 | /* available space in 'dest' */ | ||
| 1003 | n = dest_maxlen - *dest_len; | ||
| 1004 | if (rr->length < n) | ||
| 1005 | n = rr->length; /* available bytes */ | ||
| 1006 | |||
| 1007 | /* now move 'n' bytes: */ | ||
| 1008 | while (n-- > 0) { | ||
| 1009 | dest[(*dest_len)++] = rr->data[rr->off++]; | ||
| 1010 | rr->length--; | ||
| 1011 | } | ||
| 1012 | |||
| 1013 | if (*dest_len < dest_maxlen) | ||
| 1014 | goto start; /* fragment was too small */ | ||
| 1015 | } | ||
| 1016 | } | ||
| 1017 | |||
| 1018 | /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; | ||
| 1019 | * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. | ||
| 1020 | * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ | ||
| 1021 | |||
| 1022 | /* If we are a client, check for an incoming 'Hello Request': */ | ||
| 1023 | if ((!s->server) && (s->s3->handshake_fragment_len >= 4) && | ||
| 1024 | (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && | ||
| 1025 | (s->session != NULL) && (s->session->cipher != NULL)) { | ||
| 1026 | s->s3->handshake_fragment_len = 0; | ||
| 1027 | |||
| 1028 | if ((s->s3->handshake_fragment[1] != 0) || | ||
| 1029 | (s->s3->handshake_fragment[2] != 0) || | ||
| 1030 | (s->s3->handshake_fragment[3] != 0)) { | ||
| 1031 | al = SSL_AD_DECODE_ERROR; | ||
| 1032 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); | ||
| 1033 | goto f_err; | ||
| 1034 | } | ||
| 1035 | |||
| 1036 | if (s->msg_callback) | ||
| 1037 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, | ||
| 1038 | s->s3->handshake_fragment, 4, s, | ||
| 1039 | s->msg_callback_arg); | ||
| 1040 | |||
| 1041 | if (SSL_is_init_finished(s) && | ||
| 1042 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | ||
| 1043 | !s->s3->renegotiate) { | ||
| 1044 | ssl3_renegotiate(s); | ||
| 1045 | if (ssl3_renegotiate_check(s)) { | ||
| 1046 | i = s->handshake_func(s); | ||
| 1047 | if (i < 0) | ||
| 1048 | return (i); | ||
| 1049 | if (i == 0) { | ||
| 1050 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 1051 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1052 | return (-1); | ||
| 1053 | } | ||
| 1054 | |||
| 1055 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) { | ||
| 1056 | if (s->s3->rbuf.left == 0) { | ||
| 1057 | /* no read-ahead left? */ | ||
| 1058 | BIO *bio; | ||
| 1059 | /* In the case where we try to read application data, | ||
| 1060 | * but we trigger an SSL handshake, we return -1 with | ||
| 1061 | * the retry option set. Otherwise renegotiation may | ||
| 1062 | * cause nasty problems in the blocking world */ | ||
| 1063 | s->rwstate = SSL_READING; | ||
| 1064 | bio = SSL_get_rbio(s); | ||
| 1065 | BIO_clear_retry_flags(bio); | ||
| 1066 | BIO_set_retry_read(bio); | ||
| 1067 | return (-1); | ||
| 1068 | } | ||
| 1069 | } | ||
| 1070 | } | ||
| 1071 | } | ||
| 1072 | /* we either finished a handshake or ignored the request, | ||
| 1073 | * now try again to obtain the (application) data we were asked for */ | ||
| 1074 | goto start; | ||
| 1075 | } | ||
| 1076 | /* If we are a server and get a client hello when renegotiation isn't | ||
| 1077 | * allowed send back a no renegotiation alert and carry on. | ||
| 1078 | * WARNING: experimental code, needs reviewing (steve) | ||
| 1079 | */ | ||
| 1080 | if (s->server && | ||
| 1081 | SSL_is_init_finished(s) && | ||
| 1082 | !s->s3->send_connection_binding && | ||
| 1083 | (s->version > SSL3_VERSION) && | ||
| 1084 | (s->s3->handshake_fragment_len >= 4) && | ||
| 1085 | (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && | ||
| 1086 | (s->session != NULL) && (s->session->cipher != NULL)) { | ||
| 1087 | /*s->s3->handshake_fragment_len = 0;*/ | ||
| 1088 | rr->length = 0; | ||
| 1089 | ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); | ||
| 1090 | goto start; | ||
| 1091 | } | ||
| 1092 | if (s->s3->alert_fragment_len >= 2) { | ||
| 1093 | int alert_level = s->s3->alert_fragment[0]; | ||
| 1094 | int alert_descr = s->s3->alert_fragment[1]; | ||
| 1095 | |||
| 1096 | s->s3->alert_fragment_len = 0; | ||
| 1097 | |||
| 1098 | if (s->msg_callback) | ||
| 1099 | s->msg_callback(0, s->version, SSL3_RT_ALERT, | ||
| 1100 | s->s3->alert_fragment, 2, s, s->msg_callback_arg); | ||
| 1101 | |||
| 1102 | if (s->info_callback != NULL) | ||
| 1103 | cb = s->info_callback; | ||
| 1104 | else if (s->ctx->info_callback != NULL) | ||
| 1105 | cb = s->ctx->info_callback; | ||
| 1106 | |||
| 1107 | if (cb != NULL) { | ||
| 1108 | j = (alert_level << 8) | alert_descr; | ||
| 1109 | cb(s, SSL_CB_READ_ALERT, j); | ||
| 1110 | } | ||
| 1111 | |||
| 1112 | if (alert_level == 1) { | ||
| 1113 | /* warning */ | ||
| 1114 | s->s3->warn_alert = alert_descr; | ||
| 1115 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) { | ||
| 1116 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | ||
| 1117 | return (0); | ||
| 1118 | } | ||
| 1119 | /* This is a warning but we receive it if we requested | ||
| 1120 | * renegotiation and the peer denied it. Terminate with | ||
| 1121 | * a fatal alert because if application tried to | ||
| 1122 | * renegotiatie it presumably had a good reason and | ||
| 1123 | * expects it to succeed. | ||
| 1124 | * | ||
| 1125 | * In future we might have a renegotiation where we | ||
| 1126 | * don't care if the peer refused it where we carry on. | ||
| 1127 | */ | ||
| 1128 | else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { | ||
| 1129 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1130 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 1131 | SSL_R_NO_RENEGOTIATION); | ||
| 1132 | goto f_err; | ||
| 1133 | } | ||
| 1134 | } else if (alert_level == 2) { | ||
| 1135 | /* fatal */ | ||
| 1136 | s->rwstate = SSL_NOTHING; | ||
| 1137 | s->s3->fatal_alert = alert_descr; | ||
| 1138 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 1139 | SSL_AD_REASON_OFFSET + alert_descr); | ||
| 1140 | ERR_asprintf_error_data("SSL alert number %d", | ||
| 1141 | alert_descr); | ||
| 1142 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; | ||
| 1143 | SSL_CTX_remove_session(s->ctx, s->session); | ||
| 1144 | return (0); | ||
| 1145 | } else { | ||
| 1146 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1147 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE); | ||
| 1148 | goto f_err; | ||
| 1149 | } | ||
| 1150 | |||
| 1151 | goto start; | ||
| 1152 | } | ||
| 1153 | |||
| 1154 | if (s->shutdown & SSL_SENT_SHUTDOWN) { | ||
| 1155 | /* but we have not received a shutdown */ | ||
| 1156 | s->rwstate = SSL_NOTHING; | ||
| 1157 | rr->length = 0; | ||
| 1158 | return (0); | ||
| 1159 | } | ||
| 1160 | |||
| 1161 | if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { | ||
| 1162 | /* 'Change Cipher Spec' is just a single byte, so we know | ||
| 1163 | * exactly what the record payload has to look like */ | ||
| 1164 | if ((rr->length != 1) || (rr->off != 0) || | ||
| 1165 | (rr->data[0] != SSL3_MT_CCS)) { | ||
| 1166 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1167 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 1168 | SSL_R_BAD_CHANGE_CIPHER_SPEC); | ||
| 1169 | goto f_err; | ||
| 1170 | } | ||
| 1171 | |||
| 1172 | /* Check we have a cipher to change to */ | ||
| 1173 | if (s->s3->tmp.new_cipher == NULL) { | ||
| 1174 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1175 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 1176 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 1177 | goto f_err; | ||
| 1178 | } | ||
| 1179 | |||
| 1180 | /* Check that we should be receiving a Change Cipher Spec. */ | ||
| 1181 | if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) { | ||
| 1182 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1183 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 1184 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 1185 | goto f_err; | ||
| 1186 | } | ||
| 1187 | s->s3->flags &= ~SSL3_FLAGS_CCS_OK; | ||
| 1188 | |||
| 1189 | rr->length = 0; | ||
| 1190 | |||
| 1191 | if (s->msg_callback) { | ||
| 1192 | s->msg_callback(0, s->version, | ||
| 1193 | SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, | ||
| 1194 | s->msg_callback_arg); | ||
| 1195 | } | ||
| 1196 | |||
| 1197 | s->s3->change_cipher_spec = 1; | ||
| 1198 | if (!ssl3_do_change_cipher_spec(s)) | ||
| 1199 | goto err; | ||
| 1200 | else | ||
| 1201 | goto start; | ||
| 1202 | } | ||
| 1203 | |||
| 1204 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | ||
| 1205 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { | ||
| 1206 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | ||
| 1207 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { | ||
| 1208 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | ||
| 1209 | s->renegotiate = 1; | ||
| 1210 | s->new_session = 1; | ||
| 1211 | } | ||
| 1212 | i = s->handshake_func(s); | ||
| 1213 | if (i < 0) | ||
| 1214 | return (i); | ||
| 1215 | if (i == 0) { | ||
| 1216 | SSLerr(SSL_F_SSL3_READ_BYTES, | ||
| 1217 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 1218 | return (-1); | ||
| 1219 | } | ||
| 1220 | |||
| 1221 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) { | ||
| 1222 | if (s->s3->rbuf.left == 0) { /* no read-ahead left? */ | ||
| 1223 | BIO *bio; | ||
| 1224 | /* In the case where we try to read application data, | ||
| 1225 | * but we trigger an SSL handshake, we return -1 with | ||
| 1226 | * the retry option set. Otherwise renegotiation may | ||
| 1227 | * cause nasty problems in the blocking world */ | ||
| 1228 | s->rwstate = SSL_READING; | ||
| 1229 | bio = SSL_get_rbio(s); | ||
| 1230 | BIO_clear_retry_flags(bio); | ||
| 1231 | BIO_set_retry_read(bio); | ||
| 1232 | return (-1); | ||
| 1233 | } | ||
| 1234 | } | ||
| 1235 | goto start; | ||
| 1236 | } | ||
| 1237 | |||
| 1238 | switch (rr->type) { | ||
| 1239 | default: | ||
| 1240 | /* | ||
| 1241 | * TLS up to v1.1 just ignores unknown message types: | ||
| 1242 | * TLS v1.2 give an unexpected message alert. | ||
| 1243 | */ | ||
| 1244 | if (s->version >= TLS1_VERSION && | ||
| 1245 | s->version <= TLS1_1_VERSION) { | ||
| 1246 | rr->length = 0; | ||
| 1247 | goto start; | ||
| 1248 | } | ||
| 1249 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1250 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | ||
| 1251 | goto f_err; | ||
| 1252 | case SSL3_RT_CHANGE_CIPHER_SPEC: | ||
| 1253 | case SSL3_RT_ALERT: | ||
| 1254 | case SSL3_RT_HANDSHAKE: | ||
| 1255 | /* we already handled all of these, with the possible exception | ||
| 1256 | * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that | ||
| 1257 | * should not happen when type != rr->type */ | ||
| 1258 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1259 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 1260 | goto f_err; | ||
| 1261 | case SSL3_RT_APPLICATION_DATA: | ||
| 1262 | /* At this point, we were expecting handshake data, | ||
| 1263 | * but have application data. If the library was | ||
| 1264 | * running inside ssl3_read() (i.e. in_read_app_data | ||
| 1265 | * is set) and it makes sense to read application data | ||
| 1266 | * at this point (session renegotiation not yet started), | ||
| 1267 | * we will indulge it. | ||
| 1268 | */ | ||
| 1269 | if (s->s3->in_read_app_data && | ||
| 1270 | (s->s3->total_renegotiations != 0) && | ||
| 1271 | (((s->state & SSL_ST_CONNECT) && | ||
| 1272 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | ||
| 1273 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A)) || | ||
| 1274 | ((s->state & SSL_ST_ACCEPT) && | ||
| 1275 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | ||
| 1276 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A)))) { | ||
| 1277 | s->s3->in_read_app_data = 2; | ||
| 1278 | return (-1); | ||
| 1279 | } else { | ||
| 1280 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1281 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); | ||
| 1282 | goto f_err; | ||
| 1283 | } | ||
| 1284 | } | ||
| 1285 | /* not reached */ | ||
| 1286 | |||
| 1287 | f_err: | ||
| 1288 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1289 | err: | ||
| 1290 | return (-1); | ||
| 1291 | } | ||
| 1292 | |||
| 1293 | int | ||
| 1294 | ssl3_do_change_cipher_spec(SSL *s) | ||
| 1295 | { | ||
| 1296 | int i; | ||
| 1297 | const char *sender; | ||
| 1298 | int slen; | ||
| 1299 | |||
| 1300 | if (s->state & SSL_ST_ACCEPT) | ||
| 1301 | i = SSL3_CHANGE_CIPHER_SERVER_READ; | ||
| 1302 | else | ||
| 1303 | i = SSL3_CHANGE_CIPHER_CLIENT_READ; | ||
| 1304 | |||
| 1305 | if (s->s3->tmp.key_block == NULL) { | ||
| 1306 | if (s->session == NULL || s->session->master_key_length == 0) { | ||
| 1307 | /* might happen if dtls1_read_bytes() calls this */ | ||
| 1308 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, | ||
| 1309 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 1310 | return (0); | ||
| 1311 | } | ||
| 1312 | |||
| 1313 | s->session->cipher = s->s3->tmp.new_cipher; | ||
| 1314 | if (!s->method->ssl3_enc->setup_key_block(s)) | ||
| 1315 | return (0); | ||
| 1316 | } | ||
| 1317 | |||
| 1318 | if (!s->method->ssl3_enc->change_cipher_state(s, i)) | ||
| 1319 | return (0); | ||
| 1320 | |||
| 1321 | /* we have to record the message digest at | ||
| 1322 | * this point so we can get it before we read | ||
| 1323 | * the finished message */ | ||
| 1324 | if (s->state & SSL_ST_CONNECT) { | ||
| 1325 | sender = s->method->ssl3_enc->server_finished_label; | ||
| 1326 | slen = s->method->ssl3_enc->server_finished_label_len; | ||
| 1327 | } else { | ||
| 1328 | sender = s->method->ssl3_enc->client_finished_label; | ||
| 1329 | slen = s->method->ssl3_enc->client_finished_label_len; | ||
| 1330 | } | ||
| 1331 | |||
| 1332 | i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, | ||
| 1333 | s->s3->tmp.peer_finish_md); | ||
| 1334 | if (i == 0) { | ||
| 1335 | SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); | ||
| 1336 | return 0; | ||
| 1337 | } | ||
| 1338 | s->s3->tmp.peer_finish_md_len = i; | ||
| 1339 | |||
| 1340 | return (1); | ||
| 1341 | } | ||
| 1342 | |||
| 1343 | int | ||
| 1344 | ssl3_send_alert(SSL *s, int level, int desc) | ||
| 1345 | { | ||
| 1346 | /* Map tls/ssl alert value to correct one */ | ||
| 1347 | desc = s->method->ssl3_enc->alert_value(desc); | ||
| 1348 | if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) { | ||
| 1349 | /* SSL 3.0 does not have protocol_version alerts */ | ||
| 1350 | desc = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1351 | } | ||
| 1352 | if (desc < 0) | ||
| 1353 | return -1; | ||
| 1354 | /* If a fatal one, remove from cache */ | ||
| 1355 | if ((level == 2) && (s->session != NULL)) | ||
| 1356 | SSL_CTX_remove_session(s->ctx, s->session); | ||
| 1357 | |||
| 1358 | s->s3->alert_dispatch = 1; | ||
| 1359 | s->s3->send_alert[0] = level; | ||
| 1360 | s->s3->send_alert[1] = desc; | ||
| 1361 | if (s->s3->wbuf.left == 0) /* data still being written out? */ | ||
| 1362 | return s->method->ssl_dispatch_alert(s); | ||
| 1363 | |||
| 1364 | /* else data is still being written out, we will get written | ||
| 1365 | * some time in the future */ | ||
| 1366 | return -1; | ||
| 1367 | } | ||
| 1368 | |||
| 1369 | int | ||
| 1370 | ssl3_dispatch_alert(SSL *s) | ||
| 1371 | { | ||
| 1372 | int i, j; | ||
| 1373 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 1374 | |||
| 1375 | s->s3->alert_dispatch = 0; | ||
| 1376 | i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); | ||
| 1377 | if (i <= 0) { | ||
| 1378 | s->s3->alert_dispatch = 1; | ||
| 1379 | } else { | ||
| 1380 | /* Alert sent to BIO. If it is important, flush it now. | ||
| 1381 | * If the message does not get sent due to non-blocking IO, | ||
| 1382 | * we will not worry too much. */ | ||
| 1383 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) | ||
| 1384 | (void)BIO_flush(s->wbio); | ||
| 1385 | |||
| 1386 | if (s->msg_callback) | ||
| 1387 | s->msg_callback(1, s->version, SSL3_RT_ALERT, | ||
| 1388 | s->s3->send_alert, 2, s, s->msg_callback_arg); | ||
| 1389 | |||
| 1390 | if (s->info_callback != NULL) | ||
| 1391 | cb = s->info_callback; | ||
| 1392 | else if (s->ctx->info_callback != NULL) | ||
| 1393 | cb = s->ctx->info_callback; | ||
| 1394 | |||
| 1395 | if (cb != NULL) { | ||
| 1396 | j = (s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; | ||
| 1397 | cb(s, SSL_CB_WRITE_ALERT, j); | ||
| 1398 | } | ||
| 1399 | } | ||
| 1400 | return (i); | ||
| 1401 | } | ||
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c deleted file mode 100644 index 0bff0204d9..0000000000 --- a/src/lib/libssl/s3_srvr.c +++ /dev/null | |||
| @@ -1,2863 +0,0 @@ | |||
| 1 | /* $OpenBSD: s3_srvr.c,v 1.100 2015/02/25 03:49:21 bcook Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 124 | /* ==================================================================== | ||
| 125 | * Copyright 2005 Nokia. All rights reserved. | ||
| 126 | * | ||
| 127 | * The portions of the attached software ("Contribution") is developed by | ||
| 128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 129 | * license. | ||
| 130 | * | ||
| 131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 133 | * support (see RFC 4279) to OpenSSL. | ||
| 134 | * | ||
| 135 | * No patent licenses or other rights except those expressly stated in | ||
| 136 | * the OpenSSL open source license shall be deemed granted or received | ||
| 137 | * expressly, by implication, estoppel, or otherwise. | ||
| 138 | * | ||
| 139 | * No assurances are provided by Nokia that the Contribution does not | ||
| 140 | * infringe the patent or other intellectual property rights of any third | ||
| 141 | * party or that the license provides you with all the necessary rights | ||
| 142 | * to make use of the Contribution. | ||
| 143 | * | ||
| 144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 148 | * OTHERWISE. | ||
| 149 | */ | ||
| 150 | |||
| 151 | #define REUSE_CIPHER_BUG | ||
| 152 | |||
| 153 | #include <stdio.h> | ||
| 154 | |||
| 155 | #include "ssl_locl.h" | ||
| 156 | |||
| 157 | #include <openssl/bn.h> | ||
| 158 | #include <openssl/buffer.h> | ||
| 159 | #include <openssl/evp.h> | ||
| 160 | #include <openssl/dh.h> | ||
| 161 | #ifndef OPENSSL_NO_GOST | ||
| 162 | #include <openssl/gost.h> | ||
| 163 | #endif | ||
| 164 | #include <openssl/hmac.h> | ||
| 165 | #include <openssl/md5.h> | ||
| 166 | #include <openssl/objects.h> | ||
| 167 | #include <openssl/x509.h> | ||
| 168 | |||
| 169 | static const SSL_METHOD *ssl3_get_server_method(int ver); | ||
| 170 | |||
| 171 | const SSL_METHOD SSLv3_server_method_data = { | ||
| 172 | .version = SSL3_VERSION, | ||
| 173 | .ssl_new = ssl3_new, | ||
| 174 | .ssl_clear = ssl3_clear, | ||
| 175 | .ssl_free = ssl3_free, | ||
| 176 | .ssl_accept = ssl3_accept, | ||
| 177 | .ssl_connect = ssl_undefined_function, | ||
| 178 | .ssl_read = ssl3_read, | ||
| 179 | .ssl_peek = ssl3_peek, | ||
| 180 | .ssl_write = ssl3_write, | ||
| 181 | .ssl_shutdown = ssl3_shutdown, | ||
| 182 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 183 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 184 | .ssl_get_message = ssl3_get_message, | ||
| 185 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 186 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 187 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 188 | .ssl_ctrl = ssl3_ctrl, | ||
| 189 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 190 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 191 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 192 | .ssl_pending = ssl3_pending, | ||
| 193 | .num_ciphers = ssl3_num_ciphers, | ||
| 194 | .get_cipher = ssl3_get_cipher, | ||
| 195 | .get_ssl_method = ssl3_get_server_method, | ||
| 196 | .get_timeout = ssl3_default_timeout, | ||
| 197 | .ssl3_enc = &SSLv3_enc_data, | ||
| 198 | .ssl_version = ssl_undefined_void_function, | ||
| 199 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 200 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 201 | }; | ||
| 202 | |||
| 203 | const SSL_METHOD * | ||
| 204 | SSLv3_server_method(void) | ||
| 205 | { | ||
| 206 | return &SSLv3_server_method_data; | ||
| 207 | } | ||
| 208 | |||
| 209 | static const SSL_METHOD * | ||
| 210 | ssl3_get_server_method(int ver) | ||
| 211 | { | ||
| 212 | if (ver == SSL3_VERSION) | ||
| 213 | return (SSLv3_server_method()); | ||
| 214 | return (NULL); | ||
| 215 | } | ||
| 216 | |||
| 217 | int | ||
| 218 | ssl3_accept(SSL *s) | ||
| 219 | { | ||
| 220 | unsigned long alg_k; | ||
| 221 | void (*cb)(const SSL *ssl, int type, int val) = NULL; | ||
| 222 | int ret = -1; | ||
| 223 | int new_state, state, skip = 0; | ||
| 224 | |||
| 225 | ERR_clear_error(); | ||
| 226 | errno = 0; | ||
| 227 | |||
| 228 | if (s->info_callback != NULL) | ||
| 229 | cb = s->info_callback; | ||
| 230 | else if (s->ctx->info_callback != NULL) | ||
| 231 | cb = s->ctx->info_callback; | ||
| 232 | |||
| 233 | /* init things to blank */ | ||
| 234 | s->in_handshake++; | ||
| 235 | if (!SSL_in_init(s) || SSL_in_before(s)) | ||
| 236 | SSL_clear(s); | ||
| 237 | |||
| 238 | if (s->cert == NULL) { | ||
| 239 | SSLerr(SSL_F_SSL3_ACCEPT, | ||
| 240 | SSL_R_NO_CERTIFICATE_SET); | ||
| 241 | return (-1); | ||
| 242 | } | ||
| 243 | |||
| 244 | for (;;) { | ||
| 245 | state = s->state; | ||
| 246 | |||
| 247 | switch (s->state) { | ||
| 248 | case SSL_ST_RENEGOTIATE: | ||
| 249 | s->renegotiate = 1; | ||
| 250 | /* s->state=SSL_ST_ACCEPT; */ | ||
| 251 | |||
| 252 | case SSL_ST_BEFORE: | ||
| 253 | case SSL_ST_ACCEPT: | ||
| 254 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 255 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 256 | |||
| 257 | s->server = 1; | ||
| 258 | if (cb != NULL) | ||
| 259 | cb(s, SSL_CB_HANDSHAKE_START, 1); | ||
| 260 | |||
| 261 | if ((s->version >> 8) != 3) { | ||
| 262 | SSLerr(SSL_F_SSL3_ACCEPT, | ||
| 263 | ERR_R_INTERNAL_ERROR); | ||
| 264 | return (-1); | ||
| 265 | } | ||
| 266 | s->type = SSL_ST_ACCEPT; | ||
| 267 | |||
| 268 | if (s->init_buf == NULL) { | ||
| 269 | BUF_MEM *buf; | ||
| 270 | if ((buf = BUF_MEM_new()) == NULL) { | ||
| 271 | ret = -1; | ||
| 272 | goto end; | ||
| 273 | } | ||
| 274 | if (!BUF_MEM_grow(buf, | ||
| 275 | SSL3_RT_MAX_PLAIN_LENGTH)) { | ||
| 276 | BUF_MEM_free(buf); | ||
| 277 | ret = -1; | ||
| 278 | goto end; | ||
| 279 | } | ||
| 280 | s->init_buf = buf; | ||
| 281 | } | ||
| 282 | |||
| 283 | if (!ssl3_setup_buffers(s)) { | ||
| 284 | ret = -1; | ||
| 285 | goto end; | ||
| 286 | } | ||
| 287 | |||
| 288 | s->init_num = 0; | ||
| 289 | s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 290 | |||
| 291 | if (s->state != SSL_ST_RENEGOTIATE) { | ||
| 292 | /* | ||
| 293 | * Ok, we now need to push on a buffering BIO | ||
| 294 | * so that the output is sent in a way that | ||
| 295 | * TCP likes :-) | ||
| 296 | */ | ||
| 297 | if (!ssl_init_wbio_buffer(s, 1)) { | ||
| 298 | ret = -1; | ||
| 299 | goto end; | ||
| 300 | } | ||
| 301 | |||
| 302 | if (!ssl3_init_finished_mac(s)) { | ||
| 303 | ret = -1; | ||
| 304 | goto end; | ||
| 305 | } | ||
| 306 | |||
| 307 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | ||
| 308 | s->ctx->stats.sess_accept++; | ||
| 309 | } else if (!s->s3->send_connection_binding) { | ||
| 310 | /* | ||
| 311 | * Server attempting to renegotiate with | ||
| 312 | * client that doesn't support secure | ||
| 313 | * renegotiation. | ||
| 314 | */ | ||
| 315 | SSLerr(SSL_F_SSL3_ACCEPT, | ||
| 316 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | ||
| 317 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 318 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 319 | ret = -1; | ||
| 320 | goto end; | ||
| 321 | } else { | ||
| 322 | /* | ||
| 323 | * s->state == SSL_ST_RENEGOTIATE, | ||
| 324 | * we will just send a HelloRequest | ||
| 325 | */ | ||
| 326 | s->ctx->stats.sess_accept_renegotiate++; | ||
| 327 | s->state = SSL3_ST_SW_HELLO_REQ_A; | ||
| 328 | } | ||
| 329 | break; | ||
| 330 | |||
| 331 | case SSL3_ST_SW_HELLO_REQ_A: | ||
| 332 | case SSL3_ST_SW_HELLO_REQ_B: | ||
| 333 | |||
| 334 | s->shutdown = 0; | ||
| 335 | ret = ssl3_send_hello_request(s); | ||
| 336 | if (ret <= 0) | ||
| 337 | goto end; | ||
| 338 | s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; | ||
| 339 | s->state = SSL3_ST_SW_FLUSH; | ||
| 340 | s->init_num = 0; | ||
| 341 | |||
| 342 | if (!ssl3_init_finished_mac(s)) { | ||
| 343 | ret = -1; | ||
| 344 | goto end; | ||
| 345 | } | ||
| 346 | break; | ||
| 347 | |||
| 348 | case SSL3_ST_SW_HELLO_REQ_C: | ||
| 349 | s->state = SSL_ST_OK; | ||
| 350 | break; | ||
| 351 | |||
| 352 | case SSL3_ST_SR_CLNT_HELLO_A: | ||
| 353 | case SSL3_ST_SR_CLNT_HELLO_B: | ||
| 354 | case SSL3_ST_SR_CLNT_HELLO_C: | ||
| 355 | |||
| 356 | s->shutdown = 0; | ||
| 357 | if (s->rwstate != SSL_X509_LOOKUP) { | ||
| 358 | ret = ssl3_get_client_hello(s); | ||
| 359 | if (ret <= 0) | ||
| 360 | goto end; | ||
| 361 | } | ||
| 362 | |||
| 363 | s->renegotiate = 2; | ||
| 364 | s->state = SSL3_ST_SW_SRVR_HELLO_A; | ||
| 365 | s->init_num = 0; | ||
| 366 | break; | ||
| 367 | |||
| 368 | case SSL3_ST_SW_SRVR_HELLO_A: | ||
| 369 | case SSL3_ST_SW_SRVR_HELLO_B: | ||
| 370 | ret = ssl3_send_server_hello(s); | ||
| 371 | if (ret <= 0) | ||
| 372 | goto end; | ||
| 373 | if (s->hit) { | ||
| 374 | if (s->tlsext_ticket_expected) | ||
| 375 | s->state = SSL3_ST_SW_SESSION_TICKET_A; | ||
| 376 | else | ||
| 377 | s->state = SSL3_ST_SW_CHANGE_A; | ||
| 378 | } | ||
| 379 | else | ||
| 380 | s->state = SSL3_ST_SW_CERT_A; | ||
| 381 | s->init_num = 0; | ||
| 382 | break; | ||
| 383 | |||
| 384 | case SSL3_ST_SW_CERT_A: | ||
| 385 | case SSL3_ST_SW_CERT_B: | ||
| 386 | /* Check if it is anon DH or anon ECDH. */ | ||
| 387 | if (!(s->s3->tmp.new_cipher->algorithm_auth & | ||
| 388 | SSL_aNULL)) { | ||
| 389 | ret = ssl3_send_server_certificate(s); | ||
| 390 | if (ret <= 0) | ||
| 391 | goto end; | ||
| 392 | if (s->tlsext_status_expected) | ||
| 393 | s->state = SSL3_ST_SW_CERT_STATUS_A; | ||
| 394 | else | ||
| 395 | s->state = SSL3_ST_SW_KEY_EXCH_A; | ||
| 396 | } else { | ||
| 397 | skip = 1; | ||
| 398 | s->state = SSL3_ST_SW_KEY_EXCH_A; | ||
| 399 | } | ||
| 400 | s->init_num = 0; | ||
| 401 | break; | ||
| 402 | |||
| 403 | case SSL3_ST_SW_KEY_EXCH_A: | ||
| 404 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 405 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 406 | |||
| 407 | /* | ||
| 408 | * Only send if using a DH key exchange. | ||
| 409 | * | ||
| 410 | * For ECC ciphersuites, we send a ServerKeyExchange | ||
| 411 | * message only if the cipher suite is ECDHE. In other | ||
| 412 | * cases, the server certificate contains the server's | ||
| 413 | * public key for key exchange. | ||
| 414 | */ | ||
| 415 | if (alg_k & (SSL_kDHE|SSL_kECDHE)) { | ||
| 416 | ret = ssl3_send_server_key_exchange(s); | ||
| 417 | if (ret <= 0) | ||
| 418 | goto end; | ||
| 419 | } else | ||
| 420 | skip = 1; | ||
| 421 | |||
| 422 | s->state = SSL3_ST_SW_CERT_REQ_A; | ||
| 423 | s->init_num = 0; | ||
| 424 | break; | ||
| 425 | |||
| 426 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 427 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 428 | /* | ||
| 429 | * Determine whether or not we need to request a | ||
| 430 | * certificate. | ||
| 431 | * | ||
| 432 | * Do not request a certificate if: | ||
| 433 | * | ||
| 434 | * - We did not ask for it (SSL_VERIFY_PEER is unset). | ||
| 435 | * | ||
| 436 | * - SSL_VERIFY_CLIENT_ONCE is set and we are | ||
| 437 | * renegotiating. | ||
| 438 | * | ||
| 439 | * - We are using an anonymous ciphersuites | ||
| 440 | * (see section "Certificate request" in SSL 3 drafts | ||
| 441 | * and in RFC 2246) ... except when the application | ||
| 442 | * insists on verification (against the specs, but | ||
| 443 | * s3_clnt.c accepts this for SSL 3). | ||
| 444 | */ | ||
| 445 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | ||
| 446 | ((s->session->peer != NULL) && | ||
| 447 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || | ||
| 448 | ((s->s3->tmp.new_cipher->algorithm_auth & | ||
| 449 | SSL_aNULL) && !(s->verify_mode & | ||
| 450 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) { | ||
| 451 | /* No cert request */ | ||
| 452 | skip = 1; | ||
| 453 | s->s3->tmp.cert_request = 0; | ||
| 454 | s->state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 455 | if (s->s3->handshake_buffer) | ||
| 456 | if (!ssl3_digest_cached_records(s)) | ||
| 457 | return (-1); | ||
| 458 | } else { | ||
| 459 | s->s3->tmp.cert_request = 1; | ||
| 460 | ret = ssl3_send_certificate_request(s); | ||
| 461 | if (ret <= 0) | ||
| 462 | goto end; | ||
| 463 | s->state = SSL3_ST_SW_SRVR_DONE_A; | ||
| 464 | s->init_num = 0; | ||
| 465 | } | ||
| 466 | break; | ||
| 467 | |||
| 468 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 469 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 470 | ret = ssl3_send_server_done(s); | ||
| 471 | if (ret <= 0) | ||
| 472 | goto end; | ||
| 473 | s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; | ||
| 474 | s->state = SSL3_ST_SW_FLUSH; | ||
| 475 | s->init_num = 0; | ||
| 476 | break; | ||
| 477 | |||
| 478 | case SSL3_ST_SW_FLUSH: | ||
| 479 | |||
| 480 | /* | ||
| 481 | * This code originally checked to see if | ||
| 482 | * any data was pending using BIO_CTRL_INFO | ||
| 483 | * and then flushed. This caused problems | ||
| 484 | * as documented in PR#1939. The proposed | ||
| 485 | * fix doesn't completely resolve this issue | ||
| 486 | * as buggy implementations of BIO_CTRL_PENDING | ||
| 487 | * still exist. So instead we just flush | ||
| 488 | * unconditionally. | ||
| 489 | */ | ||
| 490 | |||
| 491 | s->rwstate = SSL_WRITING; | ||
| 492 | if (BIO_flush(s->wbio) <= 0) { | ||
| 493 | ret = -1; | ||
| 494 | goto end; | ||
| 495 | } | ||
| 496 | s->rwstate = SSL_NOTHING; | ||
| 497 | |||
| 498 | s->state = s->s3->tmp.next_state; | ||
| 499 | break; | ||
| 500 | |||
| 501 | case SSL3_ST_SR_CERT_A: | ||
| 502 | case SSL3_ST_SR_CERT_B: | ||
| 503 | /* Check for second client hello (MS SGC) */ | ||
| 504 | ret = ssl3_check_client_hello(s); | ||
| 505 | if (ret <= 0) | ||
| 506 | goto end; | ||
| 507 | if (ret == 2) | ||
| 508 | s->state = SSL3_ST_SR_CLNT_HELLO_C; | ||
| 509 | else { | ||
| 510 | if (s->s3->tmp.cert_request) { | ||
| 511 | ret = ssl3_get_client_certificate(s); | ||
| 512 | if (ret <= 0) | ||
| 513 | goto end; | ||
| 514 | } | ||
| 515 | s->init_num = 0; | ||
| 516 | s->state = SSL3_ST_SR_KEY_EXCH_A; | ||
| 517 | } | ||
| 518 | break; | ||
| 519 | |||
| 520 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 521 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 522 | ret = ssl3_get_client_key_exchange(s); | ||
| 523 | if (ret <= 0) | ||
| 524 | goto end; | ||
| 525 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 526 | if (ret == 2) { | ||
| 527 | /* | ||
| 528 | * For the ECDH ciphersuites when | ||
| 529 | * the client sends its ECDH pub key in | ||
| 530 | * a certificate, the CertificateVerify | ||
| 531 | * message is not sent. | ||
| 532 | * Also for GOST ciphersuites when | ||
| 533 | * the client uses its key from the certificate | ||
| 534 | * for key exchange. | ||
| 535 | */ | ||
| 536 | if (s->s3->next_proto_neg_seen) | ||
| 537 | s->state = SSL3_ST_SR_NEXT_PROTO_A; | ||
| 538 | else | ||
| 539 | s->state = SSL3_ST_SR_FINISHED_A; | ||
| 540 | s->init_num = 0; | ||
| 541 | } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { | ||
| 542 | s->state = SSL3_ST_SR_CERT_VRFY_A; | ||
| 543 | s->init_num = 0; | ||
| 544 | if (!s->session->peer) | ||
| 545 | break; | ||
| 546 | /* | ||
| 547 | * For sigalgs freeze the handshake buffer | ||
| 548 | * at this point and digest cached records. | ||
| 549 | */ | ||
| 550 | if (!s->s3->handshake_buffer) { | ||
| 551 | SSLerr(SSL_F_SSL3_ACCEPT, | ||
| 552 | ERR_R_INTERNAL_ERROR); | ||
| 553 | return (-1); | ||
| 554 | } | ||
| 555 | s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; | ||
| 556 | if (!ssl3_digest_cached_records(s)) | ||
| 557 | return (-1); | ||
| 558 | } else { | ||
| 559 | int offset = 0; | ||
| 560 | int dgst_num; | ||
| 561 | |||
| 562 | s->state = SSL3_ST_SR_CERT_VRFY_A; | ||
| 563 | s->init_num = 0; | ||
| 564 | |||
| 565 | /* | ||
| 566 | * We need to get hashes here so if there is | ||
| 567 | * a client cert, it can be verified | ||
| 568 | * FIXME - digest processing for | ||
| 569 | * CertificateVerify should be generalized. | ||
| 570 | * But it is next step | ||
| 571 | */ | ||
| 572 | if (s->s3->handshake_buffer) | ||
| 573 | if (!ssl3_digest_cached_records(s)) | ||
| 574 | return (-1); | ||
| 575 | for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; | ||
| 576 | dgst_num++) | ||
| 577 | if (s->s3->handshake_dgst[dgst_num]) { | ||
| 578 | int dgst_size; | ||
| 579 | |||
| 580 | s->method->ssl3_enc->cert_verify_mac(s, | ||
| 581 | EVP_MD_CTX_type( | ||
| 582 | s->s3->handshake_dgst[dgst_num]), | ||
| 583 | &(s->s3->tmp.cert_verify_md[offset])); | ||
| 584 | dgst_size = EVP_MD_CTX_size( | ||
| 585 | s->s3->handshake_dgst[dgst_num]); | ||
| 586 | if (dgst_size < 0) { | ||
| 587 | ret = -1; | ||
| 588 | goto end; | ||
| 589 | } | ||
| 590 | offset += dgst_size; | ||
| 591 | } | ||
| 592 | } | ||
| 593 | break; | ||
| 594 | |||
| 595 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 596 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 597 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 598 | |||
| 599 | /* we should decide if we expected this one */ | ||
| 600 | ret = ssl3_get_cert_verify(s); | ||
| 601 | if (ret <= 0) | ||
| 602 | goto end; | ||
| 603 | |||
| 604 | if (s->s3->next_proto_neg_seen) | ||
| 605 | s->state = SSL3_ST_SR_NEXT_PROTO_A; | ||
| 606 | else | ||
| 607 | s->state = SSL3_ST_SR_FINISHED_A; | ||
| 608 | s->init_num = 0; | ||
| 609 | break; | ||
| 610 | |||
| 611 | case SSL3_ST_SR_NEXT_PROTO_A: | ||
| 612 | case SSL3_ST_SR_NEXT_PROTO_B: | ||
| 613 | ret = ssl3_get_next_proto(s); | ||
| 614 | if (ret <= 0) | ||
| 615 | goto end; | ||
| 616 | s->init_num = 0; | ||
| 617 | s->state = SSL3_ST_SR_FINISHED_A; | ||
| 618 | break; | ||
| 619 | |||
| 620 | case SSL3_ST_SR_FINISHED_A: | ||
| 621 | case SSL3_ST_SR_FINISHED_B: | ||
| 622 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 623 | ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A, | ||
| 624 | SSL3_ST_SR_FINISHED_B); | ||
| 625 | if (ret <= 0) | ||
| 626 | goto end; | ||
| 627 | if (s->hit) | ||
| 628 | s->state = SSL_ST_OK; | ||
| 629 | else if (s->tlsext_ticket_expected) | ||
| 630 | s->state = SSL3_ST_SW_SESSION_TICKET_A; | ||
| 631 | else | ||
| 632 | s->state = SSL3_ST_SW_CHANGE_A; | ||
| 633 | s->init_num = 0; | ||
| 634 | break; | ||
| 635 | |||
| 636 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 637 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 638 | ret = ssl3_send_newsession_ticket(s); | ||
| 639 | if (ret <= 0) | ||
| 640 | goto end; | ||
| 641 | s->state = SSL3_ST_SW_CHANGE_A; | ||
| 642 | s->init_num = 0; | ||
| 643 | break; | ||
| 644 | |||
| 645 | case SSL3_ST_SW_CERT_STATUS_A: | ||
| 646 | case SSL3_ST_SW_CERT_STATUS_B: | ||
| 647 | ret = ssl3_send_cert_status(s); | ||
| 648 | if (ret <= 0) | ||
| 649 | goto end; | ||
| 650 | s->state = SSL3_ST_SW_KEY_EXCH_A; | ||
| 651 | s->init_num = 0; | ||
| 652 | break; | ||
| 653 | |||
| 654 | |||
| 655 | case SSL3_ST_SW_CHANGE_A: | ||
| 656 | case SSL3_ST_SW_CHANGE_B: | ||
| 657 | |||
| 658 | s->session->cipher = s->s3->tmp.new_cipher; | ||
| 659 | if (!s->method->ssl3_enc->setup_key_block(s)) { | ||
| 660 | ret = -1; | ||
| 661 | goto end; | ||
| 662 | } | ||
| 663 | |||
| 664 | ret = ssl3_send_change_cipher_spec(s, | ||
| 665 | SSL3_ST_SW_CHANGE_A, SSL3_ST_SW_CHANGE_B); | ||
| 666 | |||
| 667 | if (ret <= 0) | ||
| 668 | goto end; | ||
| 669 | s->state = SSL3_ST_SW_FINISHED_A; | ||
| 670 | s->init_num = 0; | ||
| 671 | |||
| 672 | if (!s->method->ssl3_enc->change_cipher_state( | ||
| 673 | s, SSL3_CHANGE_CIPHER_SERVER_WRITE)) { | ||
| 674 | ret = -1; | ||
| 675 | goto end; | ||
| 676 | } | ||
| 677 | |||
| 678 | break; | ||
| 679 | |||
| 680 | case SSL3_ST_SW_FINISHED_A: | ||
| 681 | case SSL3_ST_SW_FINISHED_B: | ||
| 682 | ret = ssl3_send_finished(s, | ||
| 683 | SSL3_ST_SW_FINISHED_A, SSL3_ST_SW_FINISHED_B, | ||
| 684 | s->method->ssl3_enc->server_finished_label, | ||
| 685 | s->method->ssl3_enc->server_finished_label_len); | ||
| 686 | if (ret <= 0) | ||
| 687 | goto end; | ||
| 688 | s->state = SSL3_ST_SW_FLUSH; | ||
| 689 | if (s->hit) { | ||
| 690 | if (s->s3->next_proto_neg_seen) { | ||
| 691 | s->s3->flags |= SSL3_FLAGS_CCS_OK; | ||
| 692 | s->s3->tmp.next_state = | ||
| 693 | SSL3_ST_SR_NEXT_PROTO_A; | ||
| 694 | } else | ||
| 695 | s->s3->tmp.next_state = | ||
| 696 | SSL3_ST_SR_FINISHED_A; | ||
| 697 | } else | ||
| 698 | s->s3->tmp.next_state = SSL_ST_OK; | ||
| 699 | s->init_num = 0; | ||
| 700 | break; | ||
| 701 | |||
| 702 | case SSL_ST_OK: | ||
| 703 | /* clean a few things up */ | ||
| 704 | ssl3_cleanup_key_block(s); | ||
| 705 | |||
| 706 | BUF_MEM_free(s->init_buf); | ||
| 707 | s->init_buf = NULL; | ||
| 708 | |||
| 709 | /* remove buffering on output */ | ||
| 710 | ssl_free_wbio_buffer(s); | ||
| 711 | |||
| 712 | s->init_num = 0; | ||
| 713 | |||
| 714 | /* skipped if we just sent a HelloRequest */ | ||
| 715 | if (s->renegotiate == 2) { | ||
| 716 | s->renegotiate = 0; | ||
| 717 | s->new_session = 0; | ||
| 718 | |||
| 719 | ssl_update_cache(s, SSL_SESS_CACHE_SERVER); | ||
| 720 | |||
| 721 | s->ctx->stats.sess_accept_good++; | ||
| 722 | /* s->server=1; */ | ||
| 723 | s->handshake_func = ssl3_accept; | ||
| 724 | |||
| 725 | if (cb != NULL) | ||
| 726 | cb(s, SSL_CB_HANDSHAKE_DONE, 1); | ||
| 727 | } | ||
| 728 | |||
| 729 | ret = 1; | ||
| 730 | goto end; | ||
| 731 | /* break; */ | ||
| 732 | |||
| 733 | default: | ||
| 734 | SSLerr(SSL_F_SSL3_ACCEPT, | ||
| 735 | SSL_R_UNKNOWN_STATE); | ||
| 736 | ret = -1; | ||
| 737 | goto end; | ||
| 738 | /* break; */ | ||
| 739 | } | ||
| 740 | |||
| 741 | if (!s->s3->tmp.reuse_message && !skip) { | ||
| 742 | if (s->debug) { | ||
| 743 | if ((ret = BIO_flush(s->wbio)) <= 0) | ||
| 744 | goto end; | ||
| 745 | } | ||
| 746 | |||
| 747 | |||
| 748 | if ((cb != NULL) && (s->state != state)) { | ||
| 749 | new_state = s->state; | ||
| 750 | s->state = state; | ||
| 751 | cb(s, SSL_CB_ACCEPT_LOOP, 1); | ||
| 752 | s->state = new_state; | ||
| 753 | } | ||
| 754 | } | ||
| 755 | skip = 0; | ||
| 756 | } | ||
| 757 | end: | ||
| 758 | /* BIO_flush(s->wbio); */ | ||
| 759 | |||
| 760 | s->in_handshake--; | ||
| 761 | if (cb != NULL) | ||
| 762 | cb(s, SSL_CB_ACCEPT_EXIT, ret); | ||
| 763 | return (ret); | ||
| 764 | } | ||
| 765 | |||
| 766 | int | ||
| 767 | ssl3_send_hello_request(SSL *s) | ||
| 768 | { | ||
| 769 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) { | ||
| 770 | ssl3_handshake_msg_start(s, SSL3_MT_HELLO_REQUEST); | ||
| 771 | ssl3_handshake_msg_finish(s, 0); | ||
| 772 | |||
| 773 | s->state = SSL3_ST_SW_HELLO_REQ_B; | ||
| 774 | } | ||
| 775 | |||
| 776 | /* SSL3_ST_SW_HELLO_REQ_B */ | ||
| 777 | return (ssl3_handshake_write(s)); | ||
| 778 | } | ||
| 779 | |||
| 780 | int | ||
| 781 | ssl3_check_client_hello(SSL *s) | ||
| 782 | { | ||
| 783 | int ok; | ||
| 784 | long n; | ||
| 785 | |||
| 786 | /* | ||
| 787 | * This function is called when we really expect a Certificate message, | ||
| 788 | * so permit appropriate message length | ||
| 789 | */ | ||
| 790 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, | ||
| 791 | SSL3_ST_SR_CERT_B, -1, s->max_cert_list, &ok); | ||
| 792 | if (!ok) | ||
| 793 | return ((int)n); | ||
| 794 | s->s3->tmp.reuse_message = 1; | ||
| 795 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) { | ||
| 796 | /* | ||
| 797 | * We only allow the client to restart the handshake once per | ||
| 798 | * negotiation. | ||
| 799 | */ | ||
| 800 | if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) { | ||
| 801 | SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, | ||
| 802 | SSL_R_MULTIPLE_SGC_RESTARTS); | ||
| 803 | return (-1); | ||
| 804 | } | ||
| 805 | /* | ||
| 806 | * Throw away what we have done so far in the current handshake, | ||
| 807 | * which will now be aborted. (A full SSL_clear would be too | ||
| 808 | * much.) | ||
| 809 | */ | ||
| 810 | DH_free(s->s3->tmp.dh); | ||
| 811 | s->s3->tmp.dh = NULL; | ||
| 812 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 813 | s->s3->tmp.ecdh = NULL; | ||
| 814 | s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; | ||
| 815 | return (2); | ||
| 816 | } | ||
| 817 | return (1); | ||
| 818 | } | ||
| 819 | |||
| 820 | int | ||
| 821 | ssl3_get_client_hello(SSL *s) | ||
| 822 | { | ||
| 823 | int i, j, ok, al, ret = -1; | ||
| 824 | unsigned int cookie_len; | ||
| 825 | long n; | ||
| 826 | unsigned long id; | ||
| 827 | unsigned char *p, *d; | ||
| 828 | SSL_CIPHER *c; | ||
| 829 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | ||
| 830 | unsigned long alg_k; | ||
| 831 | |||
| 832 | /* | ||
| 833 | * We do this so that we will respond with our native type. | ||
| 834 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, | ||
| 835 | * This down switching should be handled by a different method. | ||
| 836 | * If we are SSLv3, we will respond with SSLv3, even if prompted with | ||
| 837 | * TLSv1. | ||
| 838 | */ | ||
| 839 | if (s->state == SSL3_ST_SR_CLNT_HELLO_A) { | ||
| 840 | s->state = SSL3_ST_SR_CLNT_HELLO_B; | ||
| 841 | } | ||
| 842 | s->first_packet = 1; | ||
| 843 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CLNT_HELLO_B, | ||
| 844 | SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO, | ||
| 845 | SSL3_RT_MAX_PLAIN_LENGTH, &ok); | ||
| 846 | |||
| 847 | if (!ok) | ||
| 848 | return ((int)n); | ||
| 849 | s->first_packet = 0; | ||
| 850 | d = p = (unsigned char *)s->init_msg; | ||
| 851 | |||
| 852 | if (2 > n) | ||
| 853 | goto truncated; | ||
| 854 | /* | ||
| 855 | * Use version from inside client hello, not from record header. | ||
| 856 | * (may differ: see RFC 2246, Appendix E, second paragraph) | ||
| 857 | */ | ||
| 858 | s->client_version = (((int)p[0]) << 8)|(int)p[1]; | ||
| 859 | p += 2; | ||
| 860 | |||
| 861 | if ((s->version == DTLS1_VERSION && s->client_version > s->version) || | ||
| 862 | (s->version != DTLS1_VERSION && s->client_version < s->version)) { | ||
| 863 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 864 | SSL_R_WRONG_VERSION_NUMBER); | ||
| 865 | if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && | ||
| 866 | !s->enc_write_ctx && !s->write_hash) { | ||
| 867 | /* | ||
| 868 | * Similar to ssl3_get_record, send alert using remote | ||
| 869 | * version number | ||
| 870 | */ | ||
| 871 | s->version = s->client_version; | ||
| 872 | } | ||
| 873 | al = SSL_AD_PROTOCOL_VERSION; | ||
| 874 | goto f_err; | ||
| 875 | } | ||
| 876 | |||
| 877 | /* | ||
| 878 | * If we require cookies and this ClientHello doesn't | ||
| 879 | * contain one, just return since we do not want to | ||
| 880 | * allocate any memory yet. So check cookie length... | ||
| 881 | */ | ||
| 882 | if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { | ||
| 883 | unsigned int session_length, cookie_length; | ||
| 884 | |||
| 885 | session_length = *(p + SSL3_RANDOM_SIZE); | ||
| 886 | cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); | ||
| 887 | |||
| 888 | if (cookie_length == 0) | ||
| 889 | return (1); | ||
| 890 | } | ||
| 891 | |||
| 892 | if (p + SSL3_RANDOM_SIZE + 1 - d > n) | ||
| 893 | goto truncated; | ||
| 894 | |||
| 895 | /* load the client random */ | ||
| 896 | memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE); | ||
| 897 | p += SSL3_RANDOM_SIZE; | ||
| 898 | |||
| 899 | /* get the session-id */ | ||
| 900 | j= *(p++); | ||
| 901 | if (p + j - d > n) | ||
| 902 | goto truncated; | ||
| 903 | |||
| 904 | s->hit = 0; | ||
| 905 | /* | ||
| 906 | * Versions before 0.9.7 always allow clients to resume sessions in | ||
| 907 | * renegotiation. 0.9.7 and later allow this by default, but optionally | ||
| 908 | * ignore resumption requests with flag | ||
| 909 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag | ||
| 910 | * rather than a change to default behavior so that applications | ||
| 911 | * relying on this for security won't even compile against older | ||
| 912 | * library versions). | ||
| 913 | * | ||
| 914 | * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() | ||
| 915 | * to request renegotiation but not a new session (s->new_session | ||
| 916 | * remains unset): for servers, this essentially just means that the | ||
| 917 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be | ||
| 918 | * ignored. | ||
| 919 | */ | ||
| 920 | if ((s->new_session && (s->options & | ||
| 921 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { | ||
| 922 | if (!ssl_get_new_session(s, 1)) | ||
| 923 | goto err; | ||
| 924 | } else { | ||
| 925 | i = ssl_get_prev_session(s, p, j, d + n); | ||
| 926 | if (i == 1) { /* previous session */ | ||
| 927 | s->hit = 1; | ||
| 928 | } else if (i == -1) | ||
| 929 | goto err; | ||
| 930 | else { | ||
| 931 | /* i == 0 */ | ||
| 932 | if (!ssl_get_new_session(s, 1)) | ||
| 933 | goto err; | ||
| 934 | } | ||
| 935 | } | ||
| 936 | |||
| 937 | p += j; | ||
| 938 | |||
| 939 | if (SSL_IS_DTLS(s)) { | ||
| 940 | /* cookie stuff */ | ||
| 941 | if (p + 1 - d > n) | ||
| 942 | goto truncated; | ||
| 943 | cookie_len = *(p++); | ||
| 944 | |||
| 945 | /* | ||
| 946 | * The ClientHello may contain a cookie even if the | ||
| 947 | * HelloVerify message has not been sent--make sure that it | ||
| 948 | * does not cause an overflow. | ||
| 949 | */ | ||
| 950 | if (cookie_len > sizeof(s->d1->rcvd_cookie)) { | ||
| 951 | /* too much data */ | ||
| 952 | al = SSL_AD_DECODE_ERROR; | ||
| 953 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 954 | SSL_R_COOKIE_MISMATCH); | ||
| 955 | goto f_err; | ||
| 956 | } | ||
| 957 | |||
| 958 | if (p + cookie_len - d > n) | ||
| 959 | goto truncated; | ||
| 960 | |||
| 961 | /* verify the cookie if appropriate option is set. */ | ||
| 962 | if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && | ||
| 963 | cookie_len > 0) { | ||
| 964 | memcpy(s->d1->rcvd_cookie, p, cookie_len); | ||
| 965 | |||
| 966 | if (s->ctx->app_verify_cookie_cb != NULL) { | ||
| 967 | if (s->ctx->app_verify_cookie_cb(s, | ||
| 968 | s->d1->rcvd_cookie, cookie_len) == 0) { | ||
| 969 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 970 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 971 | SSL_R_COOKIE_MISMATCH); | ||
| 972 | goto f_err; | ||
| 973 | } | ||
| 974 | /* else cookie verification succeeded */ | ||
| 975 | } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie, | ||
| 976 | s->d1->cookie_len) != 0) { | ||
| 977 | /* default verification */ | ||
| 978 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 979 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 980 | SSL_R_COOKIE_MISMATCH); | ||
| 981 | goto f_err; | ||
| 982 | } | ||
| 983 | |||
| 984 | ret = 2; | ||
| 985 | } | ||
| 986 | |||
| 987 | p += cookie_len; | ||
| 988 | } | ||
| 989 | |||
| 990 | if (p + 2 - d > n) | ||
| 991 | goto truncated; | ||
| 992 | n2s(p, i); | ||
| 993 | if ((i == 0) && (j != 0)) { | ||
| 994 | /* we need a cipher if we are not resuming a session */ | ||
| 995 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 996 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 997 | SSL_R_NO_CIPHERS_SPECIFIED); | ||
| 998 | goto f_err; | ||
| 999 | } | ||
| 1000 | if (p + i - d > n) | ||
| 1001 | goto truncated; | ||
| 1002 | if ((i > 0) && | ||
| 1003 | (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL)) { | ||
| 1004 | goto err; | ||
| 1005 | } | ||
| 1006 | p += i; | ||
| 1007 | |||
| 1008 | /* If it is a hit, check that the cipher is in the list */ | ||
| 1009 | if ((s->hit) && (i > 0)) { | ||
| 1010 | j = 0; | ||
| 1011 | id = s->session->cipher->id; | ||
| 1012 | |||
| 1013 | for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { | ||
| 1014 | c = sk_SSL_CIPHER_value(ciphers, i); | ||
| 1015 | if (c->id == id) { | ||
| 1016 | j = 1; | ||
| 1017 | break; | ||
| 1018 | } | ||
| 1019 | } | ||
| 1020 | if (j == 0) { | ||
| 1021 | /* | ||
| 1022 | * We need to have the cipher in the cipher | ||
| 1023 | * list if we are asked to reuse it | ||
| 1024 | */ | ||
| 1025 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1026 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1027 | SSL_R_REQUIRED_CIPHER_MISSING); | ||
| 1028 | goto f_err; | ||
| 1029 | } | ||
| 1030 | } | ||
| 1031 | |||
| 1032 | /* compression */ | ||
| 1033 | if (p + 1 - d > n) | ||
| 1034 | goto truncated; | ||
| 1035 | i= *(p++); | ||
| 1036 | if (p + i - d > n) | ||
| 1037 | goto truncated; | ||
| 1038 | for (j = 0; j < i; j++) { | ||
| 1039 | if (p[j] == 0) | ||
| 1040 | break; | ||
| 1041 | } | ||
| 1042 | |||
| 1043 | p += i; | ||
| 1044 | if (j >= i) { | ||
| 1045 | /* no compress */ | ||
| 1046 | al = SSL_AD_DECODE_ERROR; | ||
| 1047 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1048 | SSL_R_NO_COMPRESSION_SPECIFIED); | ||
| 1049 | goto f_err; | ||
| 1050 | } | ||
| 1051 | |||
| 1052 | /* TLS extensions*/ | ||
| 1053 | if (s->version >= SSL3_VERSION) { | ||
| 1054 | if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) { | ||
| 1055 | /* 'al' set by ssl_parse_clienthello_tlsext */ | ||
| 1056 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1057 | SSL_R_PARSE_TLSEXT); | ||
| 1058 | goto f_err; | ||
| 1059 | } | ||
| 1060 | } | ||
| 1061 | if (ssl_check_clienthello_tlsext_early(s) <= 0) { | ||
| 1062 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1063 | SSL_R_CLIENTHELLO_TLSEXT); | ||
| 1064 | goto err; | ||
| 1065 | } | ||
| 1066 | |||
| 1067 | /* | ||
| 1068 | * Check if we want to use external pre-shared secret for this | ||
| 1069 | * handshake for not reused session only. We need to generate | ||
| 1070 | * server_random before calling tls_session_secret_cb in order to allow | ||
| 1071 | * SessionTicket processing to use it in key derivation. | ||
| 1072 | */ | ||
| 1073 | arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 1074 | |||
| 1075 | if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) { | ||
| 1076 | SSL_CIPHER *pref_cipher = NULL; | ||
| 1077 | |||
| 1078 | s->session->master_key_length = sizeof(s->session->master_key); | ||
| 1079 | if (s->tls_session_secret_cb(s, s->session->master_key, | ||
| 1080 | &s->session->master_key_length, ciphers, &pref_cipher, | ||
| 1081 | s->tls_session_secret_cb_arg)) { | ||
| 1082 | s->hit = 1; | ||
| 1083 | s->session->ciphers = ciphers; | ||
| 1084 | s->session->verify_result = X509_V_OK; | ||
| 1085 | |||
| 1086 | ciphers = NULL; | ||
| 1087 | |||
| 1088 | /* check if some cipher was preferred by call back */ | ||
| 1089 | pref_cipher = pref_cipher ? pref_cipher : | ||
| 1090 | ssl3_choose_cipher(s, s->session->ciphers, | ||
| 1091 | SSL_get_ciphers(s)); | ||
| 1092 | if (pref_cipher == NULL) { | ||
| 1093 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1094 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1095 | SSL_R_NO_SHARED_CIPHER); | ||
| 1096 | goto f_err; | ||
| 1097 | } | ||
| 1098 | |||
| 1099 | s->session->cipher = pref_cipher; | ||
| 1100 | |||
| 1101 | if (s->cipher_list) | ||
| 1102 | sk_SSL_CIPHER_free(s->cipher_list); | ||
| 1103 | |||
| 1104 | if (s->cipher_list_by_id) | ||
| 1105 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
| 1106 | |||
| 1107 | s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); | ||
| 1108 | s->cipher_list_by_id = | ||
| 1109 | sk_SSL_CIPHER_dup(s->session->ciphers); | ||
| 1110 | } | ||
| 1111 | } | ||
| 1112 | |||
| 1113 | /* | ||
| 1114 | * Given s->session->ciphers and SSL_get_ciphers, we must | ||
| 1115 | * pick a cipher | ||
| 1116 | */ | ||
| 1117 | |||
| 1118 | if (!s->hit) { | ||
| 1119 | if (s->session->ciphers != NULL) | ||
| 1120 | sk_SSL_CIPHER_free(s->session->ciphers); | ||
| 1121 | s->session->ciphers = ciphers; | ||
| 1122 | if (ciphers == NULL) { | ||
| 1123 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 1124 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1125 | SSL_R_NO_CIPHERS_PASSED); | ||
| 1126 | goto f_err; | ||
| 1127 | } | ||
| 1128 | ciphers = NULL; | ||
| 1129 | c = ssl3_choose_cipher(s, s->session->ciphers, | ||
| 1130 | SSL_get_ciphers(s)); | ||
| 1131 | |||
| 1132 | if (c == NULL) { | ||
| 1133 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1134 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1135 | SSL_R_NO_SHARED_CIPHER); | ||
| 1136 | goto f_err; | ||
| 1137 | } | ||
| 1138 | s->s3->tmp.new_cipher = c; | ||
| 1139 | } else { | ||
| 1140 | /* Session-id reuse */ | ||
| 1141 | #ifdef REUSE_CIPHER_BUG | ||
| 1142 | STACK_OF(SSL_CIPHER) *sk; | ||
| 1143 | SSL_CIPHER *nc = NULL; | ||
| 1144 | SSL_CIPHER *ec = NULL; | ||
| 1145 | |||
| 1146 | if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) { | ||
| 1147 | sk = s->session->ciphers; | ||
| 1148 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | ||
| 1149 | c = sk_SSL_CIPHER_value(sk, i); | ||
| 1150 | if (c->algorithm_enc & SSL_eNULL) | ||
| 1151 | nc = c; | ||
| 1152 | } | ||
| 1153 | if (nc != NULL) | ||
| 1154 | s->s3->tmp.new_cipher = nc; | ||
| 1155 | else if (ec != NULL) | ||
| 1156 | s->s3->tmp.new_cipher = ec; | ||
| 1157 | else | ||
| 1158 | s->s3->tmp.new_cipher = s->session->cipher; | ||
| 1159 | } else | ||
| 1160 | #endif | ||
| 1161 | s->s3->tmp.new_cipher = s->session->cipher; | ||
| 1162 | } | ||
| 1163 | |||
| 1164 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 1165 | if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || | ||
| 1166 | !(s->verify_mode & SSL_VERIFY_PEER)) { | ||
| 1167 | if (!ssl3_digest_cached_records(s)) { | ||
| 1168 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1169 | goto f_err; | ||
| 1170 | } | ||
| 1171 | } | ||
| 1172 | |||
| 1173 | /* | ||
| 1174 | * We now have the following setup. | ||
| 1175 | * client_random | ||
| 1176 | * cipher_list - our prefered list of ciphers | ||
| 1177 | * ciphers - the clients prefered list of ciphers | ||
| 1178 | * compression - basically ignored right now | ||
| 1179 | * ssl version is set - sslv3 | ||
| 1180 | * s->session - The ssl session has been setup. | ||
| 1181 | * s->hit - session reuse flag | ||
| 1182 | * s->tmp.new_cipher - the new cipher to use. | ||
| 1183 | */ | ||
| 1184 | |||
| 1185 | /* Handles TLS extensions that we couldn't check earlier */ | ||
| 1186 | if (s->version >= SSL3_VERSION) { | ||
| 1187 | if (ssl_check_clienthello_tlsext_late(s) <= 0) { | ||
| 1188 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, | ||
| 1189 | SSL_R_CLIENTHELLO_TLSEXT); | ||
| 1190 | goto err; | ||
| 1191 | } | ||
| 1192 | } | ||
| 1193 | |||
| 1194 | if (ret < 0) | ||
| 1195 | ret = 1; | ||
| 1196 | if (0) { | ||
| 1197 | truncated: | ||
| 1198 | al = SSL_AD_DECODE_ERROR; | ||
| 1199 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_BAD_PACKET_LENGTH); | ||
| 1200 | f_err: | ||
| 1201 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1202 | } | ||
| 1203 | err: | ||
| 1204 | if (ciphers != NULL) | ||
| 1205 | sk_SSL_CIPHER_free(ciphers); | ||
| 1206 | return (ret); | ||
| 1207 | } | ||
| 1208 | |||
| 1209 | int | ||
| 1210 | ssl3_send_server_hello(SSL *s) | ||
| 1211 | { | ||
| 1212 | unsigned char *bufend; | ||
| 1213 | unsigned char *p, *d; | ||
| 1214 | int sl; | ||
| 1215 | |||
| 1216 | if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { | ||
| 1217 | d = p = ssl3_handshake_msg_start(s, SSL3_MT_SERVER_HELLO); | ||
| 1218 | |||
| 1219 | *(p++) = s->version >> 8; | ||
| 1220 | *(p++) = s->version & 0xff; | ||
| 1221 | |||
| 1222 | /* Random stuff */ | ||
| 1223 | memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 1224 | p += SSL3_RANDOM_SIZE; | ||
| 1225 | |||
| 1226 | /* | ||
| 1227 | * There are several cases for the session ID to send | ||
| 1228 | * back in the server hello: | ||
| 1229 | * | ||
| 1230 | * - For session reuse from the session cache, | ||
| 1231 | * we send back the old session ID. | ||
| 1232 | * - If stateless session reuse (using a session ticket) | ||
| 1233 | * is successful, we send back the client's "session ID" | ||
| 1234 | * (which doesn't actually identify the session). | ||
| 1235 | * - If it is a new session, we send back the new | ||
| 1236 | * session ID. | ||
| 1237 | * - However, if we want the new session to be single-use, | ||
| 1238 | * we send back a 0-length session ID. | ||
| 1239 | * | ||
| 1240 | * s->hit is non-zero in either case of session reuse, | ||
| 1241 | * so the following won't overwrite an ID that we're supposed | ||
| 1242 | * to send back. | ||
| 1243 | */ | ||
| 1244 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) | ||
| 1245 | && !s->hit) | ||
| 1246 | s->session->session_id_length = 0; | ||
| 1247 | |||
| 1248 | sl = s->session->session_id_length; | ||
| 1249 | if (sl > (int)sizeof(s->session->session_id)) { | ||
| 1250 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, | ||
| 1251 | ERR_R_INTERNAL_ERROR); | ||
| 1252 | return (-1); | ||
| 1253 | } | ||
| 1254 | *(p++) = sl; | ||
| 1255 | memcpy(p, s->session->session_id, sl); | ||
| 1256 | p += sl; | ||
| 1257 | |||
| 1258 | /* put the cipher */ | ||
| 1259 | s2n(ssl3_cipher_get_value(s->s3->tmp.new_cipher), p); | ||
| 1260 | |||
| 1261 | /* put the compression method */ | ||
| 1262 | *(p++) = 0; | ||
| 1263 | |||
| 1264 | if (ssl_prepare_serverhello_tlsext(s) <= 0) { | ||
| 1265 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, | ||
| 1266 | SSL_R_SERVERHELLO_TLSEXT); | ||
| 1267 | return (-1); | ||
| 1268 | } | ||
| 1269 | bufend = (unsigned char *)s->init_buf->data + | ||
| 1270 | SSL3_RT_MAX_PLAIN_LENGTH; | ||
| 1271 | if ((p = ssl_add_serverhello_tlsext(s, p, bufend)) == NULL) { | ||
| 1272 | SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, | ||
| 1273 | ERR_R_INTERNAL_ERROR); | ||
| 1274 | return (-1); | ||
| 1275 | } | ||
| 1276 | |||
| 1277 | ssl3_handshake_msg_finish(s, p - d); | ||
| 1278 | } | ||
| 1279 | |||
| 1280 | /* SSL3_ST_SW_SRVR_HELLO_B */ | ||
| 1281 | return (ssl3_handshake_write(s)); | ||
| 1282 | } | ||
| 1283 | |||
| 1284 | int | ||
| 1285 | ssl3_send_server_done(SSL *s) | ||
| 1286 | { | ||
| 1287 | if (s->state == SSL3_ST_SW_SRVR_DONE_A) { | ||
| 1288 | ssl3_handshake_msg_start(s, SSL3_MT_SERVER_DONE); | ||
| 1289 | ssl3_handshake_msg_finish(s, 0); | ||
| 1290 | |||
| 1291 | s->state = SSL3_ST_SW_SRVR_DONE_B; | ||
| 1292 | } | ||
| 1293 | |||
| 1294 | /* SSL3_ST_SW_SRVR_DONE_B */ | ||
| 1295 | return (ssl3_handshake_write(s)); | ||
| 1296 | } | ||
| 1297 | |||
| 1298 | int | ||
| 1299 | ssl3_send_server_key_exchange(SSL *s) | ||
| 1300 | { | ||
| 1301 | unsigned char *q; | ||
| 1302 | int j, num; | ||
| 1303 | unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH]; | ||
| 1304 | unsigned int u; | ||
| 1305 | DH *dh = NULL, *dhp; | ||
| 1306 | EC_KEY *ecdh = NULL, *ecdhp; | ||
| 1307 | unsigned char *encodedPoint = NULL; | ||
| 1308 | int encodedlen = 0; | ||
| 1309 | int curve_id = 0; | ||
| 1310 | BN_CTX *bn_ctx = NULL; | ||
| 1311 | |||
| 1312 | EVP_PKEY *pkey; | ||
| 1313 | const EVP_MD *md = NULL; | ||
| 1314 | unsigned char *p, *d; | ||
| 1315 | int al, i; | ||
| 1316 | unsigned long type; | ||
| 1317 | int n; | ||
| 1318 | CERT *cert; | ||
| 1319 | BIGNUM *r[4]; | ||
| 1320 | int nr[4], kn; | ||
| 1321 | BUF_MEM *buf; | ||
| 1322 | EVP_MD_CTX md_ctx; | ||
| 1323 | |||
| 1324 | EVP_MD_CTX_init(&md_ctx); | ||
| 1325 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) { | ||
| 1326 | type = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 1327 | cert = s->cert; | ||
| 1328 | |||
| 1329 | buf = s->init_buf; | ||
| 1330 | |||
| 1331 | r[0] = r[1] = r[2] = r[3] = NULL; | ||
| 1332 | n = 0; | ||
| 1333 | if (type & SSL_kDHE) { | ||
| 1334 | if (s->cert->dh_tmp_auto != 0) { | ||
| 1335 | if ((dhp = ssl_get_auto_dh(s)) == NULL) { | ||
| 1336 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1337 | SSLerr( | ||
| 1338 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1339 | ERR_R_INTERNAL_ERROR); | ||
| 1340 | goto f_err; | ||
| 1341 | } | ||
| 1342 | } else | ||
| 1343 | dhp = cert->dh_tmp; | ||
| 1344 | |||
| 1345 | if (dhp == NULL && s->cert->dh_tmp_cb != NULL) | ||
| 1346 | dhp = s->cert->dh_tmp_cb(s, 0, | ||
| 1347 | SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 1348 | |||
| 1349 | if (dhp == NULL) { | ||
| 1350 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1351 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1352 | SSL_R_MISSING_TMP_DH_KEY); | ||
| 1353 | goto f_err; | ||
| 1354 | } | ||
| 1355 | |||
| 1356 | if (s->s3->tmp.dh != NULL) { | ||
| 1357 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1358 | ERR_R_INTERNAL_ERROR); | ||
| 1359 | goto err; | ||
| 1360 | } | ||
| 1361 | |||
| 1362 | if (s->cert->dh_tmp_auto != 0) { | ||
| 1363 | dh = dhp; | ||
| 1364 | } else if ((dh = DHparams_dup(dhp)) == NULL) { | ||
| 1365 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1366 | ERR_R_DH_LIB); | ||
| 1367 | goto err; | ||
| 1368 | } | ||
| 1369 | s->s3->tmp.dh = dh; | ||
| 1370 | |||
| 1371 | if ((dhp->pub_key == NULL || dhp->priv_key == NULL || | ||
| 1372 | (s->options & SSL_OP_SINGLE_DH_USE))) { | ||
| 1373 | if (!DH_generate_key(dh)) { | ||
| 1374 | SSLerr( | ||
| 1375 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1376 | ERR_R_DH_LIB); | ||
| 1377 | goto err; | ||
| 1378 | } | ||
| 1379 | } else { | ||
| 1380 | dh->pub_key = BN_dup(dhp->pub_key); | ||
| 1381 | dh->priv_key = BN_dup(dhp->priv_key); | ||
| 1382 | if ((dh->pub_key == NULL) || | ||
| 1383 | (dh->priv_key == NULL)) { | ||
| 1384 | SSLerr( | ||
| 1385 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1386 | ERR_R_DH_LIB); | ||
| 1387 | goto err; | ||
| 1388 | } | ||
| 1389 | } | ||
| 1390 | r[0] = dh->p; | ||
| 1391 | r[1] = dh->g; | ||
| 1392 | r[2] = dh->pub_key; | ||
| 1393 | } else | ||
| 1394 | if (type & SSL_kECDHE) { | ||
| 1395 | const EC_GROUP *group; | ||
| 1396 | |||
| 1397 | ecdhp = cert->ecdh_tmp; | ||
| 1398 | if (s->cert->ecdh_tmp_auto != 0) { | ||
| 1399 | int nid = tls1_get_shared_curve(s); | ||
| 1400 | if (nid != NID_undef) | ||
| 1401 | ecdhp = EC_KEY_new_by_curve_name(nid); | ||
| 1402 | } else if (ecdhp == NULL && | ||
| 1403 | s->cert->ecdh_tmp_cb != NULL) { | ||
| 1404 | ecdhp = s->cert->ecdh_tmp_cb(s, 0, | ||
| 1405 | SSL_C_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 1406 | } | ||
| 1407 | if (ecdhp == NULL) { | ||
| 1408 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1409 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1410 | SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 1411 | goto f_err; | ||
| 1412 | } | ||
| 1413 | |||
| 1414 | if (s->s3->tmp.ecdh != NULL) { | ||
| 1415 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1416 | ERR_R_INTERNAL_ERROR); | ||
| 1417 | goto err; | ||
| 1418 | } | ||
| 1419 | |||
| 1420 | /* Duplicate the ECDH structure. */ | ||
| 1421 | if (s->cert->ecdh_tmp_auto != 0) { | ||
| 1422 | ecdh = ecdhp; | ||
| 1423 | } else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { | ||
| 1424 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1425 | ERR_R_ECDH_LIB); | ||
| 1426 | goto err; | ||
| 1427 | } | ||
| 1428 | s->s3->tmp.ecdh = ecdh; | ||
| 1429 | |||
| 1430 | if ((EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 1431 | (EC_KEY_get0_private_key(ecdh) == NULL) || | ||
| 1432 | (s->options & SSL_OP_SINGLE_ECDH_USE)) { | ||
| 1433 | if (!EC_KEY_generate_key(ecdh)) { | ||
| 1434 | SSLerr( | ||
| 1435 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1436 | ERR_R_ECDH_LIB); | ||
| 1437 | goto err; | ||
| 1438 | } | ||
| 1439 | } | ||
| 1440 | |||
| 1441 | if (((group = EC_KEY_get0_group(ecdh)) == NULL) || | ||
| 1442 | (EC_KEY_get0_public_key(ecdh) == NULL) || | ||
| 1443 | (EC_KEY_get0_private_key(ecdh) == NULL)) { | ||
| 1444 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); | ||
| 1445 | goto err; | ||
| 1446 | } | ||
| 1447 | |||
| 1448 | /* | ||
| 1449 | * XXX: For now, we only support ephemeral ECDH | ||
| 1450 | * keys over named (not generic) curves. For | ||
| 1451 | * supported named curves, curve_id is non-zero. | ||
| 1452 | */ | ||
| 1453 | if ((curve_id = tls1_ec_nid2curve_id( | ||
| 1454 | EC_GROUP_get_curve_name(group))) == 0) { | ||
| 1455 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1456 | SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); | ||
| 1457 | goto err; | ||
| 1458 | } | ||
| 1459 | |||
| 1460 | /* | ||
| 1461 | * Encode the public key. | ||
| 1462 | * First check the size of encoding and | ||
| 1463 | * allocate memory accordingly. | ||
| 1464 | */ | ||
| 1465 | encodedlen = EC_POINT_point2oct(group, | ||
| 1466 | EC_KEY_get0_public_key(ecdh), | ||
| 1467 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1468 | NULL, 0, NULL); | ||
| 1469 | |||
| 1470 | encodedPoint = malloc(encodedlen); | ||
| 1471 | |||
| 1472 | bn_ctx = BN_CTX_new(); | ||
| 1473 | if ((encodedPoint == NULL) || (bn_ctx == NULL)) { | ||
| 1474 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1475 | ERR_R_MALLOC_FAILURE); | ||
| 1476 | goto err; | ||
| 1477 | } | ||
| 1478 | |||
| 1479 | |||
| 1480 | encodedlen = EC_POINT_point2oct(group, | ||
| 1481 | EC_KEY_get0_public_key(ecdh), | ||
| 1482 | POINT_CONVERSION_UNCOMPRESSED, | ||
| 1483 | encodedPoint, encodedlen, bn_ctx); | ||
| 1484 | |||
| 1485 | if (encodedlen == 0) { | ||
| 1486 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1487 | ERR_R_ECDH_LIB); | ||
| 1488 | goto err; | ||
| 1489 | } | ||
| 1490 | |||
| 1491 | BN_CTX_free(bn_ctx); | ||
| 1492 | bn_ctx = NULL; | ||
| 1493 | |||
| 1494 | /* | ||
| 1495 | * XXX: For now, we only support named (not | ||
| 1496 | * generic) curves in ECDH ephemeral key exchanges. | ||
| 1497 | * In this situation, we need four additional bytes | ||
| 1498 | * to encode the entire ServerECDHParams | ||
| 1499 | * structure. | ||
| 1500 | */ | ||
| 1501 | n = 4 + encodedlen; | ||
| 1502 | |||
| 1503 | /* | ||
| 1504 | * We'll generate the serverKeyExchange message | ||
| 1505 | * explicitly so we can set these to NULLs | ||
| 1506 | */ | ||
| 1507 | r[0] = NULL; | ||
| 1508 | r[1] = NULL; | ||
| 1509 | r[2] = NULL; | ||
| 1510 | r[3] = NULL; | ||
| 1511 | } else | ||
| 1512 | { | ||
| 1513 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1514 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1515 | SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); | ||
| 1516 | goto f_err; | ||
| 1517 | } | ||
| 1518 | for (i = 0; i < 4 && r[i] != NULL; i++) { | ||
| 1519 | nr[i] = BN_num_bytes(r[i]); | ||
| 1520 | n += 2 + nr[i]; | ||
| 1521 | } | ||
| 1522 | |||
| 1523 | if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)) { | ||
| 1524 | if ((pkey = ssl_get_sign_pkey( | ||
| 1525 | s, s->s3->tmp.new_cipher, &md)) == NULL) { | ||
| 1526 | al = SSL_AD_DECODE_ERROR; | ||
| 1527 | goto f_err; | ||
| 1528 | } | ||
| 1529 | kn = EVP_PKEY_size(pkey); | ||
| 1530 | } else { | ||
| 1531 | pkey = NULL; | ||
| 1532 | kn = 0; | ||
| 1533 | } | ||
| 1534 | |||
| 1535 | if (!BUF_MEM_grow_clean(buf, n + 4 + kn)) { | ||
| 1536 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1537 | ERR_LIB_BUF); | ||
| 1538 | goto err; | ||
| 1539 | } | ||
| 1540 | d = (unsigned char *)s->init_buf->data; | ||
| 1541 | p = &d[4]; | ||
| 1542 | |||
| 1543 | for (i = 0; i < 4 && r[i] != NULL; i++) { | ||
| 1544 | s2n(nr[i], p); | ||
| 1545 | BN_bn2bin(r[i], p); | ||
| 1546 | p += nr[i]; | ||
| 1547 | } | ||
| 1548 | |||
| 1549 | if (type & SSL_kECDHE) { | ||
| 1550 | /* | ||
| 1551 | * XXX: For now, we only support named (not generic) | ||
| 1552 | * curves. | ||
| 1553 | * In this situation, the serverKeyExchange message has: | ||
| 1554 | * [1 byte CurveType], [2 byte CurveName] | ||
| 1555 | * [1 byte length of encoded point], followed by | ||
| 1556 | * the actual encoded point itself | ||
| 1557 | */ | ||
| 1558 | *p = NAMED_CURVE_TYPE; | ||
| 1559 | p += 1; | ||
| 1560 | *p = 0; | ||
| 1561 | p += 1; | ||
| 1562 | *p = curve_id; | ||
| 1563 | p += 1; | ||
| 1564 | *p = encodedlen; | ||
| 1565 | p += 1; | ||
| 1566 | memcpy((unsigned char*)p, | ||
| 1567 | (unsigned char *)encodedPoint, encodedlen); | ||
| 1568 | free(encodedPoint); | ||
| 1569 | encodedPoint = NULL; | ||
| 1570 | p += encodedlen; | ||
| 1571 | } | ||
| 1572 | |||
| 1573 | |||
| 1574 | /* not anonymous */ | ||
| 1575 | if (pkey != NULL) { | ||
| 1576 | /* | ||
| 1577 | * n is the length of the params, they start at &(d[4]) | ||
| 1578 | * and p points to the space at the end. | ||
| 1579 | */ | ||
| 1580 | if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) { | ||
| 1581 | q = md_buf; | ||
| 1582 | j = 0; | ||
| 1583 | for (num = 2; num > 0; num--) { | ||
| 1584 | if (!EVP_DigestInit_ex(&md_ctx, | ||
| 1585 | (num == 2) ? s->ctx->md5 : | ||
| 1586 | s->ctx->sha1, NULL)) | ||
| 1587 | goto err; | ||
| 1588 | EVP_DigestUpdate(&md_ctx, | ||
| 1589 | s->s3->client_random, | ||
| 1590 | SSL3_RANDOM_SIZE); | ||
| 1591 | EVP_DigestUpdate(&md_ctx, | ||
| 1592 | s->s3->server_random, | ||
| 1593 | SSL3_RANDOM_SIZE); | ||
| 1594 | EVP_DigestUpdate(&md_ctx, &d[4], n); | ||
| 1595 | EVP_DigestFinal_ex(&md_ctx, q, | ||
| 1596 | (unsigned int *)&i); | ||
| 1597 | q += i; | ||
| 1598 | j += i; | ||
| 1599 | } | ||
| 1600 | if (RSA_sign(NID_md5_sha1, md_buf, j, | ||
| 1601 | &(p[2]), &u, pkey->pkey.rsa) <= 0) { | ||
| 1602 | SSLerr( | ||
| 1603 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1604 | ERR_LIB_RSA); | ||
| 1605 | goto err; | ||
| 1606 | } | ||
| 1607 | s2n(u, p); | ||
| 1608 | n += u + 2; | ||
| 1609 | } else if (md) { | ||
| 1610 | /* Send signature algorithm. */ | ||
| 1611 | if (SSL_USE_SIGALGS(s)) { | ||
| 1612 | if (!tls12_get_sigandhash(p, pkey, md)) { | ||
| 1613 | /* Should never happen */ | ||
| 1614 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1615 | SSLerr( | ||
| 1616 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1617 | ERR_R_INTERNAL_ERROR); | ||
| 1618 | goto f_err; | ||
| 1619 | } | ||
| 1620 | p += 2; | ||
| 1621 | } | ||
| 1622 | EVP_SignInit_ex(&md_ctx, md, NULL); | ||
| 1623 | EVP_SignUpdate(&md_ctx, | ||
| 1624 | s->s3->client_random, | ||
| 1625 | SSL3_RANDOM_SIZE); | ||
| 1626 | EVP_SignUpdate(&md_ctx, | ||
| 1627 | s->s3->server_random, | ||
| 1628 | SSL3_RANDOM_SIZE); | ||
| 1629 | EVP_SignUpdate(&md_ctx, &d[4], n); | ||
| 1630 | if (!EVP_SignFinal(&md_ctx, &p[2], | ||
| 1631 | (unsigned int *)&i, pkey)) { | ||
| 1632 | SSLerr( | ||
| 1633 | SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1634 | ERR_LIB_EVP); | ||
| 1635 | goto err; | ||
| 1636 | } | ||
| 1637 | s2n(i, p); | ||
| 1638 | n += i + 2; | ||
| 1639 | if (SSL_USE_SIGALGS(s)) | ||
| 1640 | n += 2; | ||
| 1641 | } else { | ||
| 1642 | /* Is this error check actually needed? */ | ||
| 1643 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1644 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1645 | SSL_R_UNKNOWN_PKEY_TYPE); | ||
| 1646 | goto f_err; | ||
| 1647 | } | ||
| 1648 | } | ||
| 1649 | |||
| 1650 | *(d++) = SSL3_MT_SERVER_KEY_EXCHANGE; | ||
| 1651 | l2n3(n, d); | ||
| 1652 | |||
| 1653 | /* we should now have things packed up, so lets send it off */ | ||
| 1654 | s->init_num = n + 4; | ||
| 1655 | s->init_off = 0; | ||
| 1656 | } | ||
| 1657 | |||
| 1658 | s->state = SSL3_ST_SW_KEY_EXCH_B; | ||
| 1659 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1660 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 1661 | f_err: | ||
| 1662 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1663 | err: | ||
| 1664 | free(encodedPoint); | ||
| 1665 | BN_CTX_free(bn_ctx); | ||
| 1666 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1667 | return (-1); | ||
| 1668 | } | ||
| 1669 | |||
| 1670 | int | ||
| 1671 | ssl3_send_certificate_request(SSL *s) | ||
| 1672 | { | ||
| 1673 | unsigned char *p, *d; | ||
| 1674 | int i, j, nl, off, n; | ||
| 1675 | STACK_OF(X509_NAME) *sk = NULL; | ||
| 1676 | X509_NAME *name; | ||
| 1677 | BUF_MEM *buf; | ||
| 1678 | |||
| 1679 | if (s->state == SSL3_ST_SW_CERT_REQ_A) { | ||
| 1680 | buf = s->init_buf; | ||
| 1681 | |||
| 1682 | d = p = (unsigned char *)&(buf->data[4]); | ||
| 1683 | |||
| 1684 | /* get the list of acceptable cert types */ | ||
| 1685 | p++; | ||
| 1686 | n = ssl3_get_req_cert_type(s, p); | ||
| 1687 | d[0] = n; | ||
| 1688 | p += n; | ||
| 1689 | n++; | ||
| 1690 | |||
| 1691 | if (SSL_USE_SIGALGS(s)) { | ||
| 1692 | nl = tls12_get_req_sig_algs(s, p + 2); | ||
| 1693 | s2n(nl, p); | ||
| 1694 | p += nl + 2; | ||
| 1695 | n += nl + 2; | ||
| 1696 | } | ||
| 1697 | |||
| 1698 | off = n; | ||
| 1699 | p += 2; | ||
| 1700 | n += 2; | ||
| 1701 | |||
| 1702 | sk = SSL_get_client_CA_list(s); | ||
| 1703 | nl = 0; | ||
| 1704 | if (sk != NULL) { | ||
| 1705 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { | ||
| 1706 | name = sk_X509_NAME_value(sk, i); | ||
| 1707 | j = i2d_X509_NAME(name, NULL); | ||
| 1708 | if (!BUF_MEM_grow_clean(buf, 4 + n + j + 2)) { | ||
| 1709 | SSLerr( | ||
| 1710 | SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, | ||
| 1711 | ERR_R_BUF_LIB); | ||
| 1712 | goto err; | ||
| 1713 | } | ||
| 1714 | p = (unsigned char *)&(buf->data[4 + n]); | ||
| 1715 | if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) { | ||
| 1716 | s2n(j, p); | ||
| 1717 | i2d_X509_NAME(name, &p); | ||
| 1718 | n += 2 + j; | ||
| 1719 | nl += 2 + j; | ||
| 1720 | } else { | ||
| 1721 | d = p; | ||
| 1722 | i2d_X509_NAME(name, &p); | ||
| 1723 | j -= 2; | ||
| 1724 | s2n(j, d); | ||
| 1725 | j += 2; | ||
| 1726 | n += j; | ||
| 1727 | nl += j; | ||
| 1728 | } | ||
| 1729 | } | ||
| 1730 | } | ||
| 1731 | /* else no CA names */ | ||
| 1732 | p = (unsigned char *)&(buf->data[4 + off]); | ||
| 1733 | s2n(nl, p); | ||
| 1734 | |||
| 1735 | d = (unsigned char *)buf->data; | ||
| 1736 | *(d++) = SSL3_MT_CERTIFICATE_REQUEST; | ||
| 1737 | l2n3(n, d); | ||
| 1738 | |||
| 1739 | /* we should now have things packed up, so lets send it off */ | ||
| 1740 | s->init_num = n + 4; | ||
| 1741 | s->init_off = 0; | ||
| 1742 | |||
| 1743 | s->state = SSL3_ST_SW_CERT_REQ_B; | ||
| 1744 | } | ||
| 1745 | |||
| 1746 | /* SSL3_ST_SW_CERT_REQ_B */ | ||
| 1747 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 1748 | err: | ||
| 1749 | return (-1); | ||
| 1750 | } | ||
| 1751 | |||
| 1752 | int | ||
| 1753 | ssl3_get_client_key_exchange(SSL *s) | ||
| 1754 | { | ||
| 1755 | int i, al, ok; | ||
| 1756 | long n; | ||
| 1757 | unsigned long alg_k; | ||
| 1758 | unsigned char *d, *p; | ||
| 1759 | RSA *rsa = NULL; | ||
| 1760 | EVP_PKEY *pkey = NULL; | ||
| 1761 | BIGNUM *pub = NULL; | ||
| 1762 | DH *dh_srvr; | ||
| 1763 | |||
| 1764 | EC_KEY *srvr_ecdh = NULL; | ||
| 1765 | EVP_PKEY *clnt_pub_pkey = NULL; | ||
| 1766 | EC_POINT *clnt_ecpoint = NULL; | ||
| 1767 | BN_CTX *bn_ctx = NULL; | ||
| 1768 | |||
| 1769 | /* 2048 maxlen is a guess. How long a key does that permit? */ | ||
| 1770 | n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A, | ||
| 1771 | SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok); | ||
| 1772 | if (!ok) | ||
| 1773 | return ((int)n); | ||
| 1774 | d = p = (unsigned char *)s->init_msg; | ||
| 1775 | |||
| 1776 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 1777 | |||
| 1778 | if (alg_k & SSL_kRSA) { | ||
| 1779 | char fakekey[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 1780 | |||
| 1781 | arc4random_buf(fakekey, sizeof(fakekey)); | ||
| 1782 | fakekey[0] = s->client_version >> 8; | ||
| 1783 | fakekey[1] = s->client_version & 0xff; | ||
| 1784 | |||
| 1785 | pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; | ||
| 1786 | if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || | ||
| 1787 | (pkey->pkey.rsa == NULL)) { | ||
| 1788 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1789 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1790 | SSL_R_MISSING_RSA_CERTIFICATE); | ||
| 1791 | goto f_err; | ||
| 1792 | } | ||
| 1793 | rsa = pkey->pkey.rsa; | ||
| 1794 | |||
| 1795 | /* TLS and [incidentally] DTLS{0xFEFF} */ | ||
| 1796 | if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) { | ||
| 1797 | if (2 > n) | ||
| 1798 | goto truncated; | ||
| 1799 | n2s(p, i); | ||
| 1800 | if (n != i + 2) { | ||
| 1801 | if (!(s->options & SSL_OP_TLS_D5_BUG)) { | ||
| 1802 | SSLerr( | ||
| 1803 | SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1804 | SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); | ||
| 1805 | goto err; | ||
| 1806 | } else | ||
| 1807 | p -= 2; | ||
| 1808 | } else | ||
| 1809 | n = i; | ||
| 1810 | } | ||
| 1811 | |||
| 1812 | i = RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING); | ||
| 1813 | |||
| 1814 | ERR_clear_error(); | ||
| 1815 | |||
| 1816 | al = -1; | ||
| 1817 | |||
| 1818 | if (i != SSL_MAX_MASTER_KEY_LENGTH) { | ||
| 1819 | al = SSL_AD_DECODE_ERROR; | ||
| 1820 | /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ | ||
| 1821 | } | ||
| 1822 | |||
| 1823 | if (p + 2 - d > n) /* needed in the SSL3 case */ | ||
| 1824 | goto truncated; | ||
| 1825 | if ((al == -1) && !((p[0] == (s->client_version >> 8)) && | ||
| 1826 | (p[1] == (s->client_version & 0xff)))) { | ||
| 1827 | /* | ||
| 1828 | * The premaster secret must contain the same version | ||
| 1829 | * number as the ClientHello to detect version rollback | ||
| 1830 | * attacks (strangely, the protocol does not offer such | ||
| 1831 | * protection for DH ciphersuites). | ||
| 1832 | * However, buggy clients exist that send the negotiated | ||
| 1833 | * protocol version instead if the server does not | ||
| 1834 | * support the requested protocol version. | ||
| 1835 | * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such | ||
| 1836 | * clients. | ||
| 1837 | */ | ||
| 1838 | if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && | ||
| 1839 | (p[0] == (s->version >> 8)) && | ||
| 1840 | (p[1] == (s->version & 0xff)))) { | ||
| 1841 | al = SSL_AD_DECODE_ERROR; | ||
| 1842 | /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ | ||
| 1843 | |||
| 1844 | /* | ||
| 1845 | * The Klima-Pokorny-Rosa extension of | ||
| 1846 | * Bleichenbacher's attack | ||
| 1847 | * (http://eprint.iacr.org/2003/052/) exploits | ||
| 1848 | * the version number check as a "bad version | ||
| 1849 | * oracle" -- an alert would reveal that the | ||
| 1850 | * plaintext corresponding to some ciphertext | ||
| 1851 | * made up by the adversary is properly | ||
| 1852 | * formatted except that the version number is | ||
| 1853 | * wrong. | ||
| 1854 | * To avoid such attacks, we should treat this | ||
| 1855 | * just like any other decryption error. | ||
| 1856 | */ | ||
| 1857 | } | ||
| 1858 | } | ||
| 1859 | |||
| 1860 | if (al != -1) { | ||
| 1861 | /* | ||
| 1862 | * Some decryption failure -- use random value instead | ||
| 1863 | * as countermeasure against Bleichenbacher's attack | ||
| 1864 | * on PKCS #1 v1.5 RSA padding (see RFC 2246, | ||
| 1865 | * section 7.4.7.1). | ||
| 1866 | */ | ||
| 1867 | i = SSL_MAX_MASTER_KEY_LENGTH; | ||
| 1868 | p = fakekey; | ||
| 1869 | } | ||
| 1870 | |||
| 1871 | s->session->master_key_length = | ||
| 1872 | s->method->ssl3_enc->generate_master_secret(s, | ||
| 1873 | s->session->master_key, | ||
| 1874 | p, i); | ||
| 1875 | OPENSSL_cleanse(p, i); | ||
| 1876 | } else if (alg_k & SSL_kDHE) { | ||
| 1877 | if (2 > n) | ||
| 1878 | goto truncated; | ||
| 1879 | n2s(p, i); | ||
| 1880 | if (n != i + 2) { | ||
| 1881 | if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { | ||
| 1882 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1883 | SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); | ||
| 1884 | goto err; | ||
| 1885 | } else { | ||
| 1886 | p -= 2; | ||
| 1887 | i = (int)n; | ||
| 1888 | } | ||
| 1889 | } | ||
| 1890 | |||
| 1891 | if (n == 0L) { | ||
| 1892 | /* the parameters are in the cert */ | ||
| 1893 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1894 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1895 | SSL_R_UNABLE_TO_DECODE_DH_CERTS); | ||
| 1896 | goto f_err; | ||
| 1897 | } else { | ||
| 1898 | if (s->s3->tmp.dh == NULL) { | ||
| 1899 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1900 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1901 | SSL_R_MISSING_TMP_DH_KEY); | ||
| 1902 | goto f_err; | ||
| 1903 | } else | ||
| 1904 | dh_srvr = s->s3->tmp.dh; | ||
| 1905 | } | ||
| 1906 | |||
| 1907 | pub = BN_bin2bn(p, i, NULL); | ||
| 1908 | if (pub == NULL) { | ||
| 1909 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1910 | SSL_R_BN_LIB); | ||
| 1911 | goto err; | ||
| 1912 | } | ||
| 1913 | |||
| 1914 | i = DH_compute_key(p, pub, dh_srvr); | ||
| 1915 | |||
| 1916 | if (i <= 0) { | ||
| 1917 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1918 | ERR_R_DH_LIB); | ||
| 1919 | BN_clear_free(pub); | ||
| 1920 | goto err; | ||
| 1921 | } | ||
| 1922 | |||
| 1923 | DH_free(s->s3->tmp.dh); | ||
| 1924 | s->s3->tmp.dh = NULL; | ||
| 1925 | |||
| 1926 | BN_clear_free(pub); | ||
| 1927 | pub = NULL; | ||
| 1928 | s->session->master_key_length = | ||
| 1929 | s->method->ssl3_enc->generate_master_secret( | ||
| 1930 | s, s->session->master_key, p, i); | ||
| 1931 | OPENSSL_cleanse(p, i); | ||
| 1932 | } else | ||
| 1933 | |||
| 1934 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { | ||
| 1935 | int ret = 1; | ||
| 1936 | int field_size = 0; | ||
| 1937 | const EC_KEY *tkey; | ||
| 1938 | const EC_GROUP *group; | ||
| 1939 | const BIGNUM *priv_key; | ||
| 1940 | |||
| 1941 | /* Initialize structures for server's ECDH key pair. */ | ||
| 1942 | if ((srvr_ecdh = EC_KEY_new()) == NULL) { | ||
| 1943 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1944 | ERR_R_MALLOC_FAILURE); | ||
| 1945 | goto err; | ||
| 1946 | } | ||
| 1947 | |||
| 1948 | /* Let's get server private key and group information. */ | ||
| 1949 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { | ||
| 1950 | /* Use the certificate */ | ||
| 1951 | tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; | ||
| 1952 | } else { | ||
| 1953 | /* | ||
| 1954 | * Use the ephermeral values we saved when | ||
| 1955 | * generating the ServerKeyExchange msg. | ||
| 1956 | */ | ||
| 1957 | tkey = s->s3->tmp.ecdh; | ||
| 1958 | } | ||
| 1959 | |||
| 1960 | group = EC_KEY_get0_group(tkey); | ||
| 1961 | priv_key = EC_KEY_get0_private_key(tkey); | ||
| 1962 | |||
| 1963 | if (!EC_KEY_set_group(srvr_ecdh, group) || | ||
| 1964 | !EC_KEY_set_private_key(srvr_ecdh, priv_key)) { | ||
| 1965 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1966 | ERR_R_EC_LIB); | ||
| 1967 | goto err; | ||
| 1968 | } | ||
| 1969 | |||
| 1970 | /* Let's get client's public key */ | ||
| 1971 | if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) { | ||
| 1972 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1973 | ERR_R_MALLOC_FAILURE); | ||
| 1974 | goto err; | ||
| 1975 | } | ||
| 1976 | |||
| 1977 | if (n == 0L) { | ||
| 1978 | /* Client Publickey was in Client Certificate */ | ||
| 1979 | |||
| 1980 | if (alg_k & SSL_kECDHE) { | ||
| 1981 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1982 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1983 | SSL_R_MISSING_TMP_ECDH_KEY); | ||
| 1984 | goto f_err; | ||
| 1985 | } | ||
| 1986 | if (((clnt_pub_pkey = X509_get_pubkey( | ||
| 1987 | s->session->peer)) == NULL) || | ||
| 1988 | (clnt_pub_pkey->type != EVP_PKEY_EC)) { | ||
| 1989 | /* | ||
| 1990 | * XXX: For now, we do not support client | ||
| 1991 | * authentication using ECDH certificates | ||
| 1992 | * so this branch (n == 0L) of the code is | ||
| 1993 | * never executed. When that support is | ||
| 1994 | * added, we ought to ensure the key | ||
| 1995 | * received in the certificate is | ||
| 1996 | * authorized for key agreement. | ||
| 1997 | * ECDH_compute_key implicitly checks that | ||
| 1998 | * the two ECDH shares are for the same | ||
| 1999 | * group. | ||
| 2000 | */ | ||
| 2001 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 2002 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2003 | SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); | ||
| 2004 | goto f_err; | ||
| 2005 | } | ||
| 2006 | |||
| 2007 | if (EC_POINT_copy(clnt_ecpoint, | ||
| 2008 | EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) | ||
| 2009 | == 0) { | ||
| 2010 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2011 | ERR_R_EC_LIB); | ||
| 2012 | goto err; | ||
| 2013 | } | ||
| 2014 | ret = 2; /* Skip certificate verify processing */ | ||
| 2015 | } else { | ||
| 2016 | /* | ||
| 2017 | * Get client's public key from encoded point | ||
| 2018 | * in the ClientKeyExchange message. | ||
| 2019 | */ | ||
| 2020 | if ((bn_ctx = BN_CTX_new()) == NULL) { | ||
| 2021 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2022 | ERR_R_MALLOC_FAILURE); | ||
| 2023 | goto err; | ||
| 2024 | } | ||
| 2025 | |||
| 2026 | /* Get encoded point length */ | ||
| 2027 | i = *p; | ||
| 2028 | |||
| 2029 | p += 1; | ||
| 2030 | if (n != 1 + i) { | ||
| 2031 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2032 | ERR_R_EC_LIB); | ||
| 2033 | goto err; | ||
| 2034 | } | ||
| 2035 | if (EC_POINT_oct2point(group, | ||
| 2036 | clnt_ecpoint, p, i, bn_ctx) == 0) { | ||
| 2037 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2038 | ERR_R_EC_LIB); | ||
| 2039 | goto err; | ||
| 2040 | } | ||
| 2041 | /* | ||
| 2042 | * p is pointing to somewhere in the buffer | ||
| 2043 | * currently, so set it to the start. | ||
| 2044 | */ | ||
| 2045 | p = (unsigned char *)s->init_buf->data; | ||
| 2046 | } | ||
| 2047 | |||
| 2048 | /* Compute the shared pre-master secret */ | ||
| 2049 | field_size = EC_GROUP_get_degree(group); | ||
| 2050 | if (field_size <= 0) { | ||
| 2051 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2052 | ERR_R_ECDH_LIB); | ||
| 2053 | goto err; | ||
| 2054 | } | ||
| 2055 | i = ECDH_compute_key(p, (field_size + 7)/8, clnt_ecpoint, | ||
| 2056 | srvr_ecdh, NULL); | ||
| 2057 | if (i <= 0) { | ||
| 2058 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2059 | ERR_R_ECDH_LIB); | ||
| 2060 | goto err; | ||
| 2061 | } | ||
| 2062 | |||
| 2063 | EVP_PKEY_free(clnt_pub_pkey); | ||
| 2064 | EC_POINT_free(clnt_ecpoint); | ||
| 2065 | EC_KEY_free(srvr_ecdh); | ||
| 2066 | BN_CTX_free(bn_ctx); | ||
| 2067 | EC_KEY_free(s->s3->tmp.ecdh); | ||
| 2068 | s->s3->tmp.ecdh = NULL; | ||
| 2069 | |||
| 2070 | |||
| 2071 | /* Compute the master secret */ | ||
| 2072 | s->session->master_key_length = s->method->ssl3_enc-> \ | ||
| 2073 | generate_master_secret(s, s->session->master_key, p, i); | ||
| 2074 | |||
| 2075 | OPENSSL_cleanse(p, i); | ||
| 2076 | return (ret); | ||
| 2077 | } else | ||
| 2078 | if (alg_k & SSL_kGOST) { | ||
| 2079 | int ret = 0; | ||
| 2080 | EVP_PKEY_CTX *pkey_ctx; | ||
| 2081 | EVP_PKEY *client_pub_pkey = NULL, *pk = NULL; | ||
| 2082 | unsigned char premaster_secret[32], *start; | ||
| 2083 | size_t outlen = 32, inlen; | ||
| 2084 | unsigned long alg_a; | ||
| 2085 | int Ttag, Tclass; | ||
| 2086 | long Tlen; | ||
| 2087 | |||
| 2088 | /* Get our certificate private key*/ | ||
| 2089 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 2090 | if (alg_a & SSL_aGOST01) | ||
| 2091 | pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; | ||
| 2092 | |||
| 2093 | pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); | ||
| 2094 | EVP_PKEY_decrypt_init(pkey_ctx); | ||
| 2095 | /* | ||
| 2096 | * If client certificate is present and is of the same type, | ||
| 2097 | * maybe use it for key exchange. | ||
| 2098 | * Don't mind errors from EVP_PKEY_derive_set_peer, because | ||
| 2099 | * it is completely valid to use a client certificate for | ||
| 2100 | * authorization only. | ||
| 2101 | */ | ||
| 2102 | client_pub_pkey = X509_get_pubkey(s->session->peer); | ||
| 2103 | if (client_pub_pkey) { | ||
| 2104 | if (EVP_PKEY_derive_set_peer(pkey_ctx, | ||
| 2105 | client_pub_pkey) <= 0) | ||
| 2106 | ERR_clear_error(); | ||
| 2107 | } | ||
| 2108 | if (2 > n) | ||
| 2109 | goto truncated; | ||
| 2110 | /* Decrypt session key */ | ||
| 2111 | if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, | ||
| 2112 | &Tclass, n) != V_ASN1_CONSTRUCTED || | ||
| 2113 | Ttag != V_ASN1_SEQUENCE || Tclass != V_ASN1_UNIVERSAL) { | ||
| 2114 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2115 | SSL_R_DECRYPTION_FAILED); | ||
| 2116 | goto gerr; | ||
| 2117 | } | ||
| 2118 | start = p; | ||
| 2119 | inlen = Tlen; | ||
| 2120 | if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, | ||
| 2121 | start, inlen) <=0) { | ||
| 2122 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2123 | SSL_R_DECRYPTION_FAILED); | ||
| 2124 | goto gerr; | ||
| 2125 | } | ||
| 2126 | /* Generate master secret */ | ||
| 2127 | s->session->master_key_length = | ||
| 2128 | s->method->ssl3_enc->generate_master_secret( | ||
| 2129 | s, s->session->master_key, premaster_secret, 32); | ||
| 2130 | /* Check if pubkey from client certificate was used */ | ||
| 2131 | if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, | ||
| 2132 | EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) | ||
| 2133 | ret = 2; | ||
| 2134 | else | ||
| 2135 | ret = 1; | ||
| 2136 | gerr: | ||
| 2137 | EVP_PKEY_free(client_pub_pkey); | ||
| 2138 | EVP_PKEY_CTX_free(pkey_ctx); | ||
| 2139 | if (ret) | ||
| 2140 | return (ret); | ||
| 2141 | else | ||
| 2142 | goto err; | ||
| 2143 | } else { | ||
| 2144 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 2145 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 2146 | SSL_R_UNKNOWN_CIPHER_TYPE); | ||
| 2147 | goto f_err; | ||
| 2148 | } | ||
| 2149 | |||
| 2150 | return (1); | ||
| 2151 | truncated: | ||
| 2152 | al = SSL_AD_DECODE_ERROR; | ||
| 2153 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_PACKET_LENGTH); | ||
| 2154 | f_err: | ||
| 2155 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 2156 | err: | ||
| 2157 | EVP_PKEY_free(clnt_pub_pkey); | ||
| 2158 | EC_POINT_free(clnt_ecpoint); | ||
| 2159 | EC_KEY_free(srvr_ecdh); | ||
| 2160 | BN_CTX_free(bn_ctx); | ||
| 2161 | return (-1); | ||
| 2162 | } | ||
| 2163 | |||
| 2164 | int | ||
| 2165 | ssl3_get_cert_verify(SSL *s) | ||
| 2166 | { | ||
| 2167 | EVP_PKEY *pkey = NULL; | ||
| 2168 | unsigned char *p; | ||
| 2169 | int al, ok, ret = 0; | ||
| 2170 | long n; | ||
| 2171 | int type = 0, i, j; | ||
| 2172 | X509 *peer; | ||
| 2173 | const EVP_MD *md = NULL; | ||
| 2174 | EVP_MD_CTX mctx; | ||
| 2175 | EVP_MD_CTX_init(&mctx); | ||
| 2176 | |||
| 2177 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, | ||
| 2178 | SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); | ||
| 2179 | if (!ok) | ||
| 2180 | return ((int)n); | ||
| 2181 | |||
| 2182 | if (s->session->peer != NULL) { | ||
| 2183 | peer = s->session->peer; | ||
| 2184 | pkey = X509_get_pubkey(peer); | ||
| 2185 | type = X509_certificate_type(peer, pkey); | ||
| 2186 | } else { | ||
| 2187 | peer = NULL; | ||
| 2188 | pkey = NULL; | ||
| 2189 | } | ||
| 2190 | |||
| 2191 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { | ||
| 2192 | s->s3->tmp.reuse_message = 1; | ||
| 2193 | if (peer != NULL) { | ||
| 2194 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 2195 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2196 | SSL_R_MISSING_VERIFY_MESSAGE); | ||
| 2197 | goto f_err; | ||
| 2198 | } | ||
| 2199 | ret = 1; | ||
| 2200 | goto end; | ||
| 2201 | } | ||
| 2202 | |||
| 2203 | if (peer == NULL) { | ||
| 2204 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2205 | SSL_R_NO_CLIENT_CERT_RECEIVED); | ||
| 2206 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 2207 | goto f_err; | ||
| 2208 | } | ||
| 2209 | |||
| 2210 | if (!(type & EVP_PKT_SIGN)) { | ||
| 2211 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2212 | SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); | ||
| 2213 | al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 2214 | goto f_err; | ||
| 2215 | } | ||
| 2216 | |||
| 2217 | if (s->s3->change_cipher_spec) { | ||
| 2218 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2219 | SSL_R_CCS_RECEIVED_EARLY); | ||
| 2220 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 2221 | goto f_err; | ||
| 2222 | } | ||
| 2223 | |||
| 2224 | /* we now have a signature that we need to verify */ | ||
| 2225 | p = (unsigned char *)s->init_msg; | ||
| 2226 | /* | ||
| 2227 | * Check for broken implementations of GOST ciphersuites. | ||
| 2228 | * | ||
| 2229 | * If key is GOST and n is exactly 64, it is a bare | ||
| 2230 | * signature without length field. | ||
| 2231 | */ | ||
| 2232 | if (n == 64 && (pkey->type == NID_id_GostR3410_94 || | ||
| 2233 | pkey->type == NID_id_GostR3410_2001) ) { | ||
| 2234 | i = 64; | ||
| 2235 | } else { | ||
| 2236 | if (SSL_USE_SIGALGS(s)) { | ||
| 2237 | int sigalg = tls12_get_sigid(pkey); | ||
| 2238 | /* Should never happen */ | ||
| 2239 | if (sigalg == -1) { | ||
| 2240 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2241 | ERR_R_INTERNAL_ERROR); | ||
| 2242 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2243 | goto f_err; | ||
| 2244 | } | ||
| 2245 | if (2 > n) | ||
| 2246 | goto truncated; | ||
| 2247 | /* Check key type is consistent with signature */ | ||
| 2248 | if (sigalg != (int)p[1]) { | ||
| 2249 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2250 | SSL_R_WRONG_SIGNATURE_TYPE); | ||
| 2251 | al = SSL_AD_DECODE_ERROR; | ||
| 2252 | goto f_err; | ||
| 2253 | } | ||
| 2254 | md = tls12_get_hash(p[0]); | ||
| 2255 | if (md == NULL) { | ||
| 2256 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2257 | SSL_R_UNKNOWN_DIGEST); | ||
| 2258 | al = SSL_AD_DECODE_ERROR; | ||
| 2259 | goto f_err; | ||
| 2260 | } | ||
| 2261 | p += 2; | ||
| 2262 | n -= 2; | ||
| 2263 | } | ||
| 2264 | if (2 > n) | ||
| 2265 | goto truncated; | ||
| 2266 | n2s(p, i); | ||
| 2267 | n -= 2; | ||
| 2268 | if (i > n) | ||
| 2269 | goto truncated; | ||
| 2270 | } | ||
| 2271 | j = EVP_PKEY_size(pkey); | ||
| 2272 | if ((i > j) || (n > j) || (n <= 0)) { | ||
| 2273 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2274 | SSL_R_WRONG_SIGNATURE_SIZE); | ||
| 2275 | al = SSL_AD_DECODE_ERROR; | ||
| 2276 | goto f_err; | ||
| 2277 | } | ||
| 2278 | |||
| 2279 | if (SSL_USE_SIGALGS(s)) { | ||
| 2280 | long hdatalen = 0; | ||
| 2281 | void *hdata; | ||
| 2282 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | ||
| 2283 | if (hdatalen <= 0) { | ||
| 2284 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2285 | ERR_R_INTERNAL_ERROR); | ||
| 2286 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2287 | goto f_err; | ||
| 2288 | } | ||
| 2289 | if (!EVP_VerifyInit_ex(&mctx, md, NULL) || | ||
| 2290 | !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { | ||
| 2291 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2292 | ERR_R_EVP_LIB); | ||
| 2293 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2294 | goto f_err; | ||
| 2295 | } | ||
| 2296 | |||
| 2297 | if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) { | ||
| 2298 | al = SSL_AD_DECRYPT_ERROR; | ||
| 2299 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2300 | SSL_R_BAD_SIGNATURE); | ||
| 2301 | goto f_err; | ||
| 2302 | } | ||
| 2303 | } else | ||
| 2304 | if (pkey->type == EVP_PKEY_RSA) { | ||
| 2305 | i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, | ||
| 2306 | MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i, | ||
| 2307 | pkey->pkey.rsa); | ||
| 2308 | if (i < 0) { | ||
| 2309 | al = SSL_AD_DECRYPT_ERROR; | ||
| 2310 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2311 | SSL_R_BAD_RSA_DECRYPT); | ||
| 2312 | goto f_err; | ||
| 2313 | } | ||
| 2314 | if (i == 0) { | ||
| 2315 | al = SSL_AD_DECRYPT_ERROR; | ||
| 2316 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2317 | SSL_R_BAD_RSA_SIGNATURE); | ||
| 2318 | goto f_err; | ||
| 2319 | } | ||
| 2320 | } else | ||
| 2321 | if (pkey->type == EVP_PKEY_DSA) { | ||
| 2322 | j = DSA_verify(pkey->save_type, | ||
| 2323 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | ||
| 2324 | SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa); | ||
| 2325 | if (j <= 0) { | ||
| 2326 | /* bad signature */ | ||
| 2327 | al = SSL_AD_DECRYPT_ERROR; | ||
| 2328 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2329 | SSL_R_BAD_DSA_SIGNATURE); | ||
| 2330 | goto f_err; | ||
| 2331 | } | ||
| 2332 | } else | ||
| 2333 | if (pkey->type == EVP_PKEY_EC) { | ||
| 2334 | j = ECDSA_verify(pkey->save_type, | ||
| 2335 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), | ||
| 2336 | SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec); | ||
| 2337 | if (j <= 0) { | ||
| 2338 | /* bad signature */ | ||
| 2339 | al = SSL_AD_DECRYPT_ERROR; | ||
| 2340 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2341 | SSL_R_BAD_ECDSA_SIGNATURE); | ||
| 2342 | goto f_err; | ||
| 2343 | } | ||
| 2344 | } else | ||
| 2345 | #ifndef OPENSSL_NO_GOST | ||
| 2346 | if (pkey->type == NID_id_GostR3410_94 || | ||
| 2347 | pkey->type == NID_id_GostR3410_2001) { | ||
| 2348 | long hdatalen = 0; | ||
| 2349 | void *hdata; | ||
| 2350 | unsigned char signature[128]; | ||
| 2351 | unsigned int siglen = sizeof(signature); | ||
| 2352 | int nid; | ||
| 2353 | EVP_PKEY_CTX *pctx; | ||
| 2354 | |||
| 2355 | hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); | ||
| 2356 | if (hdatalen <= 0) { | ||
| 2357 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2358 | ERR_R_INTERNAL_ERROR); | ||
| 2359 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2360 | goto f_err; | ||
| 2361 | } | ||
| 2362 | if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || | ||
| 2363 | !(md = EVP_get_digestbynid(nid))) { | ||
| 2364 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2365 | ERR_R_EVP_LIB); | ||
| 2366 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2367 | goto f_err; | ||
| 2368 | } | ||
| 2369 | pctx = EVP_PKEY_CTX_new(pkey, NULL); | ||
| 2370 | if (!pctx) { | ||
| 2371 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2372 | ERR_R_EVP_LIB); | ||
| 2373 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2374 | goto f_err; | ||
| 2375 | } | ||
| 2376 | if (!EVP_DigestInit_ex(&mctx, md, NULL) || | ||
| 2377 | !EVP_DigestUpdate(&mctx, hdata, hdatalen) || | ||
| 2378 | !EVP_DigestFinal(&mctx, signature, &siglen) || | ||
| 2379 | (EVP_PKEY_verify_init(pctx) <= 0) || | ||
| 2380 | (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || | ||
| 2381 | (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, | ||
| 2382 | EVP_PKEY_CTRL_GOST_SIG_FORMAT, | ||
| 2383 | GOST_SIG_FORMAT_RS_LE, | ||
| 2384 | NULL) <= 0)) { | ||
| 2385 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2386 | ERR_R_EVP_LIB); | ||
| 2387 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2388 | EVP_PKEY_CTX_free(pctx); | ||
| 2389 | goto f_err; | ||
| 2390 | } | ||
| 2391 | |||
| 2392 | if (EVP_PKEY_verify(pctx, p, i, signature, siglen) <= 0) { | ||
| 2393 | al = SSL_AD_DECRYPT_ERROR; | ||
| 2394 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2395 | SSL_R_BAD_SIGNATURE); | ||
| 2396 | EVP_PKEY_CTX_free(pctx); | ||
| 2397 | goto f_err; | ||
| 2398 | } | ||
| 2399 | |||
| 2400 | EVP_PKEY_CTX_free(pctx); | ||
| 2401 | } else | ||
| 2402 | #endif | ||
| 2403 | { | ||
| 2404 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, | ||
| 2405 | ERR_R_INTERNAL_ERROR); | ||
| 2406 | al = SSL_AD_UNSUPPORTED_CERTIFICATE; | ||
| 2407 | goto f_err; | ||
| 2408 | } | ||
| 2409 | |||
| 2410 | |||
| 2411 | ret = 1; | ||
| 2412 | if (0) { | ||
| 2413 | truncated: | ||
| 2414 | al = SSL_AD_DECODE_ERROR; | ||
| 2415 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_PACKET_LENGTH); | ||
| 2416 | f_err: | ||
| 2417 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 2418 | } | ||
| 2419 | end: | ||
| 2420 | if (s->s3->handshake_buffer) { | ||
| 2421 | BIO_free(s->s3->handshake_buffer); | ||
| 2422 | s->s3->handshake_buffer = NULL; | ||
| 2423 | s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; | ||
| 2424 | } | ||
| 2425 | EVP_MD_CTX_cleanup(&mctx); | ||
| 2426 | EVP_PKEY_free(pkey); | ||
| 2427 | return (ret); | ||
| 2428 | } | ||
| 2429 | |||
| 2430 | int | ||
| 2431 | ssl3_get_client_certificate(SSL *s) | ||
| 2432 | { | ||
| 2433 | int i, ok, al, ret = -1; | ||
| 2434 | X509 *x = NULL; | ||
| 2435 | unsigned long l, nc, llen, n; | ||
| 2436 | const unsigned char *p, *q; | ||
| 2437 | STACK_OF(X509) *sk = NULL; | ||
| 2438 | |||
| 2439 | n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, | ||
| 2440 | -1, s->max_cert_list, &ok); | ||
| 2441 | |||
| 2442 | if (!ok) | ||
| 2443 | return ((int)n); | ||
| 2444 | |||
| 2445 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) { | ||
| 2446 | if ((s->verify_mode & SSL_VERIFY_PEER) && | ||
| 2447 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { | ||
| 2448 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2449 | SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); | ||
| 2450 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 2451 | goto f_err; | ||
| 2452 | } | ||
| 2453 | /* | ||
| 2454 | * If tls asked for a client cert, | ||
| 2455 | * the client must return a 0 list. | ||
| 2456 | */ | ||
| 2457 | if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) { | ||
| 2458 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2459 | SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST | ||
| 2460 | ); | ||
| 2461 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 2462 | goto f_err; | ||
| 2463 | } | ||
| 2464 | s->s3->tmp.reuse_message = 1; | ||
| 2465 | return (1); | ||
| 2466 | } | ||
| 2467 | |||
| 2468 | if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) { | ||
| 2469 | al = SSL_AD_UNEXPECTED_MESSAGE; | ||
| 2470 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2471 | SSL_R_WRONG_MESSAGE_TYPE); | ||
| 2472 | goto f_err; | ||
| 2473 | } | ||
| 2474 | p = (const unsigned char *)s->init_msg; | ||
| 2475 | |||
| 2476 | if ((sk = sk_X509_new_null()) == NULL) { | ||
| 2477 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2478 | ERR_R_MALLOC_FAILURE); | ||
| 2479 | goto err; | ||
| 2480 | } | ||
| 2481 | |||
| 2482 | if (3 > n) | ||
| 2483 | goto truncated; | ||
| 2484 | n2l3(p, llen); | ||
| 2485 | if (llen + 3 != n) | ||
| 2486 | goto truncated; | ||
| 2487 | for (nc = 0; nc < llen;) { | ||
| 2488 | n2l3(p, l); | ||
| 2489 | if (l + nc + 3 > llen) { | ||
| 2490 | al = SSL_AD_DECODE_ERROR; | ||
| 2491 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2492 | SSL_R_CERT_LENGTH_MISMATCH); | ||
| 2493 | goto f_err; | ||
| 2494 | } | ||
| 2495 | |||
| 2496 | q = p; | ||
| 2497 | x = d2i_X509(NULL, &p, l); | ||
| 2498 | if (x == NULL) { | ||
| 2499 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2500 | ERR_R_ASN1_LIB); | ||
| 2501 | goto err; | ||
| 2502 | } | ||
| 2503 | if (p != (q + l)) { | ||
| 2504 | al = SSL_AD_DECODE_ERROR; | ||
| 2505 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2506 | SSL_R_CERT_LENGTH_MISMATCH); | ||
| 2507 | goto f_err; | ||
| 2508 | } | ||
| 2509 | if (!sk_X509_push(sk, x)) { | ||
| 2510 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2511 | ERR_R_MALLOC_FAILURE); | ||
| 2512 | goto err; | ||
| 2513 | } | ||
| 2514 | x = NULL; | ||
| 2515 | nc += l + 3; | ||
| 2516 | } | ||
| 2517 | |||
| 2518 | if (sk_X509_num(sk) <= 0) { | ||
| 2519 | /* TLS does not mind 0 certs returned */ | ||
| 2520 | if (s->version == SSL3_VERSION) { | ||
| 2521 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 2522 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2523 | SSL_R_NO_CERTIFICATES_RETURNED); | ||
| 2524 | goto f_err; | ||
| 2525 | } | ||
| 2526 | /* Fail for TLS only if we required a certificate */ | ||
| 2527 | else if ((s->verify_mode & SSL_VERIFY_PEER) && | ||
| 2528 | (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { | ||
| 2529 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2530 | SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); | ||
| 2531 | al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 2532 | goto f_err; | ||
| 2533 | } | ||
| 2534 | /* No client certificate so digest cached records */ | ||
| 2535 | if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) { | ||
| 2536 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2537 | goto f_err; | ||
| 2538 | } | ||
| 2539 | } else { | ||
| 2540 | i = ssl_verify_cert_chain(s, sk); | ||
| 2541 | if (i <= 0) { | ||
| 2542 | al = ssl_verify_alarm_type(s->verify_result); | ||
| 2543 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2544 | SSL_R_NO_CERTIFICATE_RETURNED); | ||
| 2545 | goto f_err; | ||
| 2546 | } | ||
| 2547 | } | ||
| 2548 | |||
| 2549 | if (s->session->peer != NULL) /* This should not be needed */ | ||
| 2550 | X509_free(s->session->peer); | ||
| 2551 | s->session->peer = sk_X509_shift(sk); | ||
| 2552 | s->session->verify_result = s->verify_result; | ||
| 2553 | |||
| 2554 | /* | ||
| 2555 | * With the current implementation, sess_cert will always be NULL | ||
| 2556 | * when we arrive here | ||
| 2557 | */ | ||
| 2558 | if (s->session->sess_cert == NULL) { | ||
| 2559 | s->session->sess_cert = ssl_sess_cert_new(); | ||
| 2560 | if (s->session->sess_cert == NULL) { | ||
| 2561 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2562 | ERR_R_MALLOC_FAILURE); | ||
| 2563 | goto err; | ||
| 2564 | } | ||
| 2565 | } | ||
| 2566 | if (s->session->sess_cert->cert_chain != NULL) | ||
| 2567 | sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); | ||
| 2568 | s->session->sess_cert->cert_chain = sk; | ||
| 2569 | |||
| 2570 | /* | ||
| 2571 | * Inconsistency alert: cert_chain does *not* include the | ||
| 2572 | * peer's own certificate, while we do include it in s3_clnt.c | ||
| 2573 | */ | ||
| 2574 | |||
| 2575 | sk = NULL; | ||
| 2576 | |||
| 2577 | ret = 1; | ||
| 2578 | if (0) { | ||
| 2579 | truncated: | ||
| 2580 | al = SSL_AD_DECODE_ERROR; | ||
| 2581 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, | ||
| 2582 | SSL_R_BAD_PACKET_LENGTH); | ||
| 2583 | f_err: | ||
| 2584 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 2585 | } | ||
| 2586 | err: | ||
| 2587 | if (x != NULL) | ||
| 2588 | X509_free(x); | ||
| 2589 | if (sk != NULL) | ||
| 2590 | sk_X509_pop_free(sk, X509_free); | ||
| 2591 | return (ret); | ||
| 2592 | } | ||
| 2593 | |||
| 2594 | int | ||
| 2595 | ssl3_send_server_certificate(SSL *s) | ||
| 2596 | { | ||
| 2597 | unsigned long l; | ||
| 2598 | X509 *x; | ||
| 2599 | |||
| 2600 | if (s->state == SSL3_ST_SW_CERT_A) { | ||
| 2601 | x = ssl_get_server_send_cert(s); | ||
| 2602 | if (x == NULL) { | ||
| 2603 | SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, | ||
| 2604 | ERR_R_INTERNAL_ERROR); | ||
| 2605 | return (0); | ||
| 2606 | } | ||
| 2607 | |||
| 2608 | l = ssl3_output_cert_chain(s, x); | ||
| 2609 | s->state = SSL3_ST_SW_CERT_B; | ||
| 2610 | s->init_num = (int)l; | ||
| 2611 | s->init_off = 0; | ||
| 2612 | } | ||
| 2613 | |||
| 2614 | /* SSL3_ST_SW_CERT_B */ | ||
| 2615 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 2616 | } | ||
| 2617 | |||
| 2618 | /* send a new session ticket (not necessarily for a new session) */ | ||
| 2619 | int | ||
| 2620 | ssl3_send_newsession_ticket(SSL *s) | ||
| 2621 | { | ||
| 2622 | if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { | ||
| 2623 | unsigned char *p, *senc, *macstart; | ||
| 2624 | const unsigned char *const_p; | ||
| 2625 | int len, slen_full, slen; | ||
| 2626 | SSL_SESSION *sess; | ||
| 2627 | unsigned int hlen; | ||
| 2628 | EVP_CIPHER_CTX ctx; | ||
| 2629 | HMAC_CTX hctx; | ||
| 2630 | SSL_CTX *tctx = s->initial_ctx; | ||
| 2631 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
| 2632 | unsigned char key_name[16]; | ||
| 2633 | |||
| 2634 | /* get session encoding length */ | ||
| 2635 | slen_full = i2d_SSL_SESSION(s->session, NULL); | ||
| 2636 | /* | ||
| 2637 | * Some length values are 16 bits, so forget it if session is | ||
| 2638 | * too long | ||
| 2639 | */ | ||
| 2640 | if (slen_full > 0xFF00) | ||
| 2641 | return (-1); | ||
| 2642 | senc = malloc(slen_full); | ||
| 2643 | if (!senc) | ||
| 2644 | return (-1); | ||
| 2645 | p = senc; | ||
| 2646 | i2d_SSL_SESSION(s->session, &p); | ||
| 2647 | |||
| 2648 | /* | ||
| 2649 | * Create a fresh copy (not shared with other threads) to | ||
| 2650 | * clean up | ||
| 2651 | */ | ||
| 2652 | const_p = senc; | ||
| 2653 | sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); | ||
| 2654 | if (sess == NULL) { | ||
| 2655 | free(senc); | ||
| 2656 | return (-1); | ||
| 2657 | } | ||
| 2658 | |||
| 2659 | /* ID is irrelevant for the ticket */ | ||
| 2660 | sess->session_id_length = 0; | ||
| 2661 | |||
| 2662 | slen = i2d_SSL_SESSION(sess, NULL); | ||
| 2663 | if (slen > slen_full) { | ||
| 2664 | /* shouldn't ever happen */ | ||
| 2665 | free(senc); | ||
| 2666 | return (-1); | ||
| 2667 | } | ||
| 2668 | p = senc; | ||
| 2669 | i2d_SSL_SESSION(sess, &p); | ||
| 2670 | SSL_SESSION_free(sess); | ||
| 2671 | |||
| 2672 | /* | ||
| 2673 | * Grow buffer if need be: the length calculation is as | ||
| 2674 | * follows 1 (size of message name) + 3 (message length | ||
| 2675 | * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) + | ||
| 2676 | * 16 (key name) + max_iv_len (iv length) + | ||
| 2677 | * session_length + max_enc_block_size (max encrypted session | ||
| 2678 | * length) + max_md_size (HMAC). | ||
| 2679 | */ | ||
| 2680 | if (!BUF_MEM_grow(s->init_buf, | ||
| 2681 | 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + | ||
| 2682 | EVP_MAX_MD_SIZE + slen)) { | ||
| 2683 | free(senc); | ||
| 2684 | return (-1); | ||
| 2685 | } | ||
| 2686 | |||
| 2687 | p = (unsigned char *)s->init_buf->data; | ||
| 2688 | /* do the header */ | ||
| 2689 | *(p++) = SSL3_MT_NEWSESSION_TICKET; | ||
| 2690 | /* Skip message length for now */ | ||
| 2691 | p += 3; | ||
| 2692 | EVP_CIPHER_CTX_init(&ctx); | ||
| 2693 | HMAC_CTX_init(&hctx); | ||
| 2694 | /* | ||
| 2695 | * Initialize HMAC and cipher contexts. If callback present | ||
| 2696 | * it does all the work otherwise use generated values | ||
| 2697 | * from parent ctx. | ||
| 2698 | */ | ||
| 2699 | if (tctx->tlsext_ticket_key_cb) { | ||
| 2700 | if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, | ||
| 2701 | &hctx, 1) < 0) { | ||
| 2702 | free(senc); | ||
| 2703 | return (-1); | ||
| 2704 | } | ||
| 2705 | } else { | ||
| 2706 | arc4random_buf(iv, 16); | ||
| 2707 | EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
| 2708 | tctx->tlsext_tick_aes_key, iv); | ||
| 2709 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | ||
| 2710 | tlsext_tick_md(), NULL); | ||
| 2711 | memcpy(key_name, tctx->tlsext_tick_key_name, 16); | ||
| 2712 | } | ||
| 2713 | |||
| 2714 | /* | ||
| 2715 | * Ticket lifetime hint (advisory only): | ||
| 2716 | * We leave this unspecified for resumed session | ||
| 2717 | * (for simplicity), and guess that tickets for new | ||
| 2718 | * sessions will live as long as their sessions. | ||
| 2719 | */ | ||
| 2720 | l2n(s->hit ? 0 : s->session->timeout, p); | ||
| 2721 | |||
| 2722 | /* Skip ticket length for now */ | ||
| 2723 | p += 2; | ||
| 2724 | /* Output key name */ | ||
| 2725 | macstart = p; | ||
| 2726 | memcpy(p, key_name, 16); | ||
| 2727 | p += 16; | ||
| 2728 | /* output IV */ | ||
| 2729 | memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); | ||
| 2730 | p += EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 2731 | /* Encrypt session data */ | ||
| 2732 | EVP_EncryptUpdate(&ctx, p, &len, senc, slen); | ||
| 2733 | p += len; | ||
| 2734 | EVP_EncryptFinal(&ctx, p, &len); | ||
| 2735 | p += len; | ||
| 2736 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2737 | |||
| 2738 | HMAC_Update(&hctx, macstart, p - macstart); | ||
| 2739 | HMAC_Final(&hctx, p, &hlen); | ||
| 2740 | HMAC_CTX_cleanup(&hctx); | ||
| 2741 | |||
| 2742 | p += hlen; | ||
| 2743 | /* Now write out lengths: p points to end of data written */ | ||
| 2744 | /* Total length */ | ||
| 2745 | len = p - (unsigned char *)s->init_buf->data; | ||
| 2746 | p = (unsigned char *)s->init_buf->data + 1; | ||
| 2747 | l2n3(len - 4, p); /* Message length */ | ||
| 2748 | p += 4; | ||
| 2749 | s2n(len - 10, p); | ||
| 2750 | /* Ticket length */ | ||
| 2751 | |||
| 2752 | /* number of bytes to write */ | ||
| 2753 | s->init_num = len; | ||
| 2754 | s->state = SSL3_ST_SW_SESSION_TICKET_B; | ||
| 2755 | s->init_off = 0; | ||
| 2756 | free(senc); | ||
| 2757 | } | ||
| 2758 | |||
| 2759 | /* SSL3_ST_SW_SESSION_TICKET_B */ | ||
| 2760 | return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); | ||
| 2761 | } | ||
| 2762 | |||
| 2763 | int | ||
| 2764 | ssl3_send_cert_status(SSL *s) | ||
| 2765 | { | ||
| 2766 | unsigned char *p; | ||
| 2767 | |||
| 2768 | if (s->state == SSL3_ST_SW_CERT_STATUS_A) { | ||
| 2769 | /* | ||
| 2770 | * Grow buffer if need be: the length calculation is as | ||
| 2771 | * follows 1 (message type) + 3 (message length) + | ||
| 2772 | * 1 (ocsp response type) + 3 (ocsp response length) | ||
| 2773 | * + (ocsp response) | ||
| 2774 | */ | ||
| 2775 | if (!BUF_MEM_grow(s->init_buf, SSL3_HM_HEADER_LENGTH + 4 + | ||
| 2776 | s->tlsext_ocsp_resplen)) | ||
| 2777 | return (-1); | ||
| 2778 | |||
| 2779 | p = ssl3_handshake_msg_start(s, SSL3_MT_CERTIFICATE_STATUS); | ||
| 2780 | |||
| 2781 | *(p++) = s->tlsext_status_type; | ||
| 2782 | l2n3(s->tlsext_ocsp_resplen, p); | ||
| 2783 | memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen); | ||
| 2784 | |||
| 2785 | ssl3_handshake_msg_finish(s, s->tlsext_ocsp_resplen + 4); | ||
| 2786 | |||
| 2787 | s->state = SSL3_ST_SW_CERT_STATUS_B; | ||
| 2788 | } | ||
| 2789 | |||
| 2790 | /* SSL3_ST_SW_CERT_STATUS_B */ | ||
| 2791 | return (ssl3_handshake_write(s)); | ||
| 2792 | } | ||
| 2793 | |||
| 2794 | /* | ||
| 2795 | * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. | ||
| 2796 | * It sets the next_proto member in s if found | ||
| 2797 | */ | ||
| 2798 | int | ||
| 2799 | ssl3_get_next_proto(SSL *s) | ||
| 2800 | { | ||
| 2801 | int ok; | ||
| 2802 | int proto_len, padding_len; | ||
| 2803 | long n; | ||
| 2804 | const unsigned char *p; | ||
| 2805 | |||
| 2806 | /* | ||
| 2807 | * Clients cannot send a NextProtocol message if we didn't see the | ||
| 2808 | * extension in their ClientHello | ||
| 2809 | */ | ||
| 2810 | if (!s->s3->next_proto_neg_seen) { | ||
| 2811 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | ||
| 2812 | SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); | ||
| 2813 | return (-1); | ||
| 2814 | } | ||
| 2815 | |||
| 2816 | /* 514 maxlen is enough for the payload format below */ | ||
| 2817 | n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A, | ||
| 2818 | SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok); | ||
| 2819 | if (!ok) | ||
| 2820 | return ((int)n); | ||
| 2821 | |||
| 2822 | /* | ||
| 2823 | * s->state doesn't reflect whether ChangeCipherSpec has been received | ||
| 2824 | * in this handshake, but s->s3->change_cipher_spec does (will be reset | ||
| 2825 | * by ssl3_get_finished). | ||
| 2826 | */ | ||
| 2827 | if (!s->s3->change_cipher_spec) { | ||
| 2828 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | ||
| 2829 | SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); | ||
| 2830 | return (-1); | ||
| 2831 | } | ||
| 2832 | |||
| 2833 | if (n < 2) | ||
| 2834 | return (0); | ||
| 2835 | /* The body must be > 1 bytes long */ | ||
| 2836 | |||
| 2837 | p = (unsigned char *)s->init_msg; | ||
| 2838 | |||
| 2839 | /* | ||
| 2840 | * The payload looks like: | ||
| 2841 | * uint8 proto_len; | ||
| 2842 | * uint8 proto[proto_len]; | ||
| 2843 | * uint8 padding_len; | ||
| 2844 | * uint8 padding[padding_len]; | ||
| 2845 | */ | ||
| 2846 | proto_len = p[0]; | ||
| 2847 | if (proto_len + 2 > s->init_num) | ||
| 2848 | return (0); | ||
| 2849 | padding_len = p[proto_len + 1]; | ||
| 2850 | if (proto_len + padding_len + 2 != s->init_num) | ||
| 2851 | return (0); | ||
| 2852 | |||
| 2853 | s->next_proto_negotiated = malloc(proto_len); | ||
| 2854 | if (!s->next_proto_negotiated) { | ||
| 2855 | SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, | ||
| 2856 | ERR_R_MALLOC_FAILURE); | ||
| 2857 | return (0); | ||
| 2858 | } | ||
| 2859 | memcpy(s->next_proto_negotiated, p + 1, proto_len); | ||
| 2860 | s->next_proto_negotiated_len = proto_len; | ||
| 2861 | |||
| 2862 | return (1); | ||
| 2863 | } | ||
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version deleted file mode 100644 index 2e4d25cdf5..0000000000 --- a/src/lib/libssl/shlib_version +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | major=32 | ||
| 2 | minor=0 | ||
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h deleted file mode 100644 index 051a254034..0000000000 --- a/src/lib/libssl/srtp.h +++ /dev/null | |||
| @@ -1,143 +0,0 @@ | |||
| 1 | /* $OpenBSD: srtp.h,v 1.5 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* | ||
| 112 | * DTLS code by Eric Rescorla <ekr@rtfm.com> | ||
| 113 | * | ||
| 114 | * Copyright (C) 2006, Network Resonance, Inc. | ||
| 115 | * Copyright (C) 2011, RTFM, Inc. | ||
| 116 | */ | ||
| 117 | |||
| 118 | #ifndef HEADER_D1_SRTP_H | ||
| 119 | #define HEADER_D1_SRTP_H | ||
| 120 | |||
| 121 | #ifdef __cplusplus | ||
| 122 | extern "C" { | ||
| 123 | #endif | ||
| 124 | |||
| 125 | #define SRTP_AES128_CM_SHA1_80 0x0001 | ||
| 126 | #define SRTP_AES128_CM_SHA1_32 0x0002 | ||
| 127 | #define SRTP_AES128_F8_SHA1_80 0x0003 | ||
| 128 | #define SRTP_AES128_F8_SHA1_32 0x0004 | ||
| 129 | #define SRTP_NULL_SHA1_80 0x0005 | ||
| 130 | #define SRTP_NULL_SHA1_32 0x0006 | ||
| 131 | |||
| 132 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); | ||
| 133 | int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); | ||
| 134 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); | ||
| 135 | |||
| 136 | STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); | ||
| 137 | SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); | ||
| 138 | |||
| 139 | #ifdef __cplusplus | ||
| 140 | } | ||
| 141 | #endif | ||
| 142 | |||
| 143 | #endif | ||
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h deleted file mode 100644 index 73d007400f..0000000000 --- a/src/lib/libssl/ssl.h +++ /dev/null | |||
| @@ -1,2394 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.83 2015/02/22 15:54:27 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | /* ==================================================================== | ||
| 117 | * Copyright 2005 Nokia. All rights reserved. | ||
| 118 | * | ||
| 119 | * The portions of the attached software ("Contribution") is developed by | ||
| 120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 121 | * license. | ||
| 122 | * | ||
| 123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 125 | * support (see RFC 4279) to OpenSSL. | ||
| 126 | * | ||
| 127 | * No patent licenses or other rights except those expressly stated in | ||
| 128 | * the OpenSSL open source license shall be deemed granted or received | ||
| 129 | * expressly, by implication, estoppel, or otherwise. | ||
| 130 | * | ||
| 131 | * No assurances are provided by Nokia that the Contribution does not | ||
| 132 | * infringe the patent or other intellectual property rights of any third | ||
| 133 | * party or that the license provides you with all the necessary rights | ||
| 134 | * to make use of the Contribution. | ||
| 135 | * | ||
| 136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 140 | * OTHERWISE. | ||
| 141 | */ | ||
| 142 | |||
| 143 | #ifndef HEADER_SSL_H | ||
| 144 | #define HEADER_SSL_H | ||
| 145 | |||
| 146 | #include <stdint.h> | ||
| 147 | |||
| 148 | #include <openssl/opensslconf.h> | ||
| 149 | #include <openssl/hmac.h> | ||
| 150 | #include <openssl/pem.h> | ||
| 151 | #include <openssl/safestack.h> | ||
| 152 | |||
| 153 | #ifndef OPENSSL_NO_BIO | ||
| 154 | #include <openssl/bio.h> | ||
| 155 | #endif | ||
| 156 | |||
| 157 | #ifndef OPENSSL_NO_DEPRECATED | ||
| 158 | #include <openssl/buffer.h> | ||
| 159 | #include <openssl/crypto.h> | ||
| 160 | #include <openssl/lhash.h> | ||
| 161 | |||
| 162 | #ifndef OPENSSL_NO_X509 | ||
| 163 | #include <openssl/x509.h> | ||
| 164 | #endif | ||
| 165 | #endif | ||
| 166 | |||
| 167 | #ifdef __cplusplus | ||
| 168 | extern "C" { | ||
| 169 | #endif | ||
| 170 | |||
| 171 | /* SSLeay version number for ASN.1 encoding of the session information */ | ||
| 172 | /* Version 0 - initial version | ||
| 173 | * Version 1 - added the optional peer certificate | ||
| 174 | */ | ||
| 175 | #define SSL_SESSION_ASN1_VERSION 0x0001 | ||
| 176 | |||
| 177 | /* text strings for the ciphers */ | ||
| 178 | #define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 | ||
| 179 | #define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 | ||
| 180 | #define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 | ||
| 181 | #define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 | ||
| 182 | #define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 | ||
| 183 | #define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 | ||
| 184 | #define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 | ||
| 185 | #define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA | ||
| 186 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 | ||
| 187 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA | ||
| 188 | |||
| 189 | /* VRS Additional Kerberos5 entries | ||
| 190 | */ | ||
| 191 | #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA | ||
| 192 | #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA | ||
| 193 | #define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA | ||
| 194 | #define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA | ||
| 195 | #define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 | ||
| 196 | #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 | ||
| 197 | #define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 | ||
| 198 | #define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 | ||
| 199 | |||
| 200 | #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA | ||
| 201 | #define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA | ||
| 202 | #define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA | ||
| 203 | #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 | ||
| 204 | #define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 | ||
| 205 | #define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 | ||
| 206 | |||
| 207 | #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA | ||
| 208 | #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 | ||
| 209 | #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA | ||
| 210 | #define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 | ||
| 211 | #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA | ||
| 212 | #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 | ||
| 213 | #define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 | ||
| 214 | |||
| 215 | #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 | ||
| 216 | #define SSL_MAX_SID_CTX_LENGTH 32 | ||
| 217 | |||
| 218 | #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) | ||
| 219 | #define SSL_MAX_KEY_ARG_LENGTH 8 | ||
| 220 | #define SSL_MAX_MASTER_KEY_LENGTH 48 | ||
| 221 | |||
| 222 | |||
| 223 | /* These are used to specify which ciphers to use and not to use */ | ||
| 224 | |||
| 225 | #define SSL_TXT_LOW "LOW" | ||
| 226 | #define SSL_TXT_MEDIUM "MEDIUM" | ||
| 227 | #define SSL_TXT_HIGH "HIGH" | ||
| 228 | |||
| 229 | #define SSL_TXT_kFZA "kFZA" /* unused! */ | ||
| 230 | #define SSL_TXT_aFZA "aFZA" /* unused! */ | ||
| 231 | #define SSL_TXT_eFZA "eFZA" /* unused! */ | ||
| 232 | #define SSL_TXT_FZA "FZA" /* unused! */ | ||
| 233 | |||
| 234 | #define SSL_TXT_aNULL "aNULL" | ||
| 235 | #define SSL_TXT_eNULL "eNULL" | ||
| 236 | #define SSL_TXT_NULL "NULL" | ||
| 237 | |||
| 238 | #define SSL_TXT_kRSA "kRSA" | ||
| 239 | #define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ | ||
| 240 | #define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ | ||
| 241 | #define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */ | ||
| 242 | #define SSL_TXT_kEDH "kEDH" | ||
| 243 | #define SSL_TXT_kKRB5 "kKRB5" | ||
| 244 | #define SSL_TXT_kECDHr "kECDHr" | ||
| 245 | #define SSL_TXT_kECDHe "kECDHe" | ||
| 246 | #define SSL_TXT_kECDH "kECDH" | ||
| 247 | #define SSL_TXT_kEECDH "kEECDH" | ||
| 248 | #define SSL_TXT_kPSK "kPSK" | ||
| 249 | #define SSL_TXT_kGOST "kGOST" | ||
| 250 | #define SSL_TXT_kSRP "kSRP" | ||
| 251 | |||
| 252 | #define SSL_TXT_aRSA "aRSA" | ||
| 253 | #define SSL_TXT_aDSS "aDSS" | ||
| 254 | #define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ | ||
| 255 | #define SSL_TXT_aECDH "aECDH" | ||
| 256 | #define SSL_TXT_aKRB5 "aKRB5" | ||
| 257 | #define SSL_TXT_aECDSA "aECDSA" | ||
| 258 | #define SSL_TXT_aPSK "aPSK" | ||
| 259 | #define SSL_TXT_aGOST94 "aGOST94" | ||
| 260 | #define SSL_TXT_aGOST01 "aGOST01" | ||
| 261 | #define SSL_TXT_aGOST "aGOST" | ||
| 262 | |||
| 263 | #define SSL_TXT_DSS "DSS" | ||
| 264 | #define SSL_TXT_DH "DH" | ||
| 265 | #define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */ | ||
| 266 | #define SSL_TXT_EDH "EDH" /* previous name for DHE */ | ||
| 267 | #define SSL_TXT_ADH "ADH" | ||
| 268 | #define SSL_TXT_RSA "RSA" | ||
| 269 | #define SSL_TXT_ECDH "ECDH" | ||
| 270 | #define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */ | ||
| 271 | #define SSL_TXT_EECDH "EECDH" /* previous name for ECDHE */ | ||
| 272 | #define SSL_TXT_AECDH "AECDH" | ||
| 273 | #define SSL_TXT_ECDSA "ECDSA" | ||
| 274 | #define SSL_TXT_KRB5 "KRB5" | ||
| 275 | #define SSL_TXT_PSK "PSK" | ||
| 276 | #define SSL_TXT_SRP "SRP" | ||
| 277 | |||
| 278 | #define SSL_TXT_DES "DES" | ||
| 279 | #define SSL_TXT_3DES "3DES" | ||
| 280 | #define SSL_TXT_RC4 "RC4" | ||
| 281 | #define SSL_TXT_RC2 "RC2" | ||
| 282 | #define SSL_TXT_IDEA "IDEA" | ||
| 283 | #define SSL_TXT_SEED "SEED" | ||
| 284 | #define SSL_TXT_AES128 "AES128" | ||
| 285 | #define SSL_TXT_AES256 "AES256" | ||
| 286 | #define SSL_TXT_AES "AES" | ||
| 287 | #define SSL_TXT_AES_GCM "AESGCM" | ||
| 288 | #define SSL_TXT_CAMELLIA128 "CAMELLIA128" | ||
| 289 | #define SSL_TXT_CAMELLIA256 "CAMELLIA256" | ||
| 290 | #define SSL_TXT_CAMELLIA "CAMELLIA" | ||
| 291 | #define SSL_TXT_CHACHA20 "CHACHA20" | ||
| 292 | |||
| 293 | #define SSL_TXT_AEAD "AEAD" | ||
| 294 | #define SSL_TXT_MD5 "MD5" | ||
| 295 | #define SSL_TXT_SHA1 "SHA1" | ||
| 296 | #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ | ||
| 297 | #define SSL_TXT_GOST94 "GOST94" | ||
| 298 | #define SSL_TXT_GOST89MAC "GOST89MAC" | ||
| 299 | #define SSL_TXT_SHA256 "SHA256" | ||
| 300 | #define SSL_TXT_SHA384 "SHA384" | ||
| 301 | #define SSL_TXT_STREEBOG256 "STREEBOG256" | ||
| 302 | #define SSL_TXT_STREEBOG512 "STREEBOG512" | ||
| 303 | |||
| 304 | #define SSL_TXT_DTLS1 "DTLSv1" | ||
| 305 | #define SSL_TXT_DTLS1_BAD "DTLSv1-bad" | ||
| 306 | #define SSL_TXT_SSLV2 "SSLv2" | ||
| 307 | #define SSL_TXT_SSLV3 "SSLv3" | ||
| 308 | #define SSL_TXT_TLSV1 "TLSv1" | ||
| 309 | #define SSL_TXT_TLSV1_1 "TLSv1.1" | ||
| 310 | #define SSL_TXT_TLSV1_2 "TLSv1.2" | ||
| 311 | |||
| 312 | #define SSL_TXT_EXP "EXP" | ||
| 313 | #define SSL_TXT_EXPORT "EXPORT" | ||
| 314 | |||
| 315 | #define SSL_TXT_ALL "ALL" | ||
| 316 | |||
| 317 | /* | ||
| 318 | * COMPLEMENTOF* definitions. These identifiers are used to (de-select) | ||
| 319 | * ciphers normally not being used. | ||
| 320 | * Example: "RC4" will activate all ciphers using RC4 including ciphers | ||
| 321 | * without authentication, which would normally disabled by DEFAULT (due | ||
| 322 | * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" | ||
| 323 | * will make sure that it is also disabled in the specific selection. | ||
| 324 | * COMPLEMENTOF* identifiers are portable between version, as adjustments | ||
| 325 | * to the default cipher setup will also be included here. | ||
| 326 | * | ||
| 327 | * COMPLEMENTOFDEFAULT does not experience the same special treatment that | ||
| 328 | * DEFAULT gets, as only selection is being done and no sorting as needed | ||
| 329 | * for DEFAULT. | ||
| 330 | */ | ||
| 331 | #define SSL_TXT_CMPALL "COMPLEMENTOFALL" | ||
| 332 | #define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" | ||
| 333 | |||
| 334 | /* The following cipher list is used by default. | ||
| 335 | * It also is substituted when an application-defined cipher list string | ||
| 336 | * starts with 'DEFAULT'. */ | ||
| 337 | #define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" | ||
| 338 | /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always | ||
| 339 | * starts with a reasonable order, and all we have to do for DEFAULT is | ||
| 340 | * throwing out anonymous and unencrypted ciphersuites! | ||
| 341 | * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable | ||
| 342 | * some of them.) | ||
| 343 | */ | ||
| 344 | |||
| 345 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ | ||
| 346 | #define SSL_SENT_SHUTDOWN 1 | ||
| 347 | #define SSL_RECEIVED_SHUTDOWN 2 | ||
| 348 | |||
| 349 | |||
| 350 | #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 | ||
| 351 | #define SSL_FILETYPE_PEM X509_FILETYPE_PEM | ||
| 352 | |||
| 353 | /* This is needed to stop compilers complaining about the | ||
| 354 | * 'struct ssl_st *' function parameters used to prototype callbacks | ||
| 355 | * in SSL_CTX. */ | ||
| 356 | typedef struct ssl_st *ssl_crock_st; | ||
| 357 | typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; | ||
| 358 | typedef struct ssl_method_st SSL_METHOD; | ||
| 359 | typedef struct ssl_cipher_st SSL_CIPHER; | ||
| 360 | typedef struct ssl_session_st SSL_SESSION; | ||
| 361 | |||
| 362 | DECLARE_STACK_OF(SSL_CIPHER) | ||
| 363 | |||
| 364 | /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ | ||
| 365 | typedef struct srtp_protection_profile_st { | ||
| 366 | const char *name; | ||
| 367 | unsigned long id; | ||
| 368 | } SRTP_PROTECTION_PROFILE; | ||
| 369 | |||
| 370 | DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) | ||
| 371 | |||
| 372 | typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, | ||
| 373 | int len, void *arg); | ||
| 374 | typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, | ||
| 375 | STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); | ||
| 376 | |||
| 377 | #ifndef OPENSSL_NO_SSL_INTERN | ||
| 378 | |||
| 379 | /* used to hold info on the particular ciphers used */ | ||
| 380 | struct ssl_cipher_st { | ||
| 381 | int valid; | ||
| 382 | const char *name; /* text name */ | ||
| 383 | unsigned long id; /* id, 4 bytes, first is version */ | ||
| 384 | |||
| 385 | /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */ | ||
| 386 | unsigned long algorithm_mkey; /* key exchange algorithm */ | ||
| 387 | unsigned long algorithm_auth; /* server authentication */ | ||
| 388 | unsigned long algorithm_enc; /* symmetric encryption */ | ||
| 389 | unsigned long algorithm_mac; /* symmetric authentication */ | ||
| 390 | unsigned long algorithm_ssl; /* (major) protocol version */ | ||
| 391 | |||
| 392 | unsigned long algo_strength; /* strength and export flags */ | ||
| 393 | unsigned long algorithm2; /* Extra flags */ | ||
| 394 | int strength_bits; /* Number of bits really used */ | ||
| 395 | int alg_bits; /* Number of bits for algorithm */ | ||
| 396 | }; | ||
| 397 | |||
| 398 | |||
| 399 | /* Used to hold functions for SSLv3/TLSv1 functions */ | ||
| 400 | struct ssl_method_st { | ||
| 401 | int version; | ||
| 402 | int (*ssl_new)(SSL *s); | ||
| 403 | void (*ssl_clear)(SSL *s); | ||
| 404 | void (*ssl_free)(SSL *s); | ||
| 405 | int (*ssl_accept)(SSL *s); | ||
| 406 | int (*ssl_connect)(SSL *s); | ||
| 407 | int (*ssl_read)(SSL *s, void *buf, int len); | ||
| 408 | int (*ssl_peek)(SSL *s, void *buf, int len); | ||
| 409 | int (*ssl_write)(SSL *s, const void *buf, int len); | ||
| 410 | int (*ssl_shutdown)(SSL *s); | ||
| 411 | int (*ssl_renegotiate)(SSL *s); | ||
| 412 | int (*ssl_renegotiate_check)(SSL *s); | ||
| 413 | long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, | ||
| 414 | long max, int *ok); | ||
| 415 | int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, | ||
| 416 | int len, int peek); | ||
| 417 | int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); | ||
| 418 | int (*ssl_dispatch_alert)(SSL *s); | ||
| 419 | long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); | ||
| 420 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); | ||
| 421 | const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); | ||
| 422 | int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr); | ||
| 423 | int (*ssl_pending)(const SSL *s); | ||
| 424 | int (*num_ciphers)(void); | ||
| 425 | const SSL_CIPHER *(*get_cipher)(unsigned ncipher); | ||
| 426 | const struct ssl_method_st *(*get_ssl_method)(int version); | ||
| 427 | long (*get_timeout)(void); | ||
| 428 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ | ||
| 429 | int (*ssl_version)(void); | ||
| 430 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); | ||
| 431 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); | ||
| 432 | }; | ||
| 433 | |||
| 434 | /* Lets make this into an ASN.1 type structure as follows | ||
| 435 | * SSL_SESSION_ID ::= SEQUENCE { | ||
| 436 | * version INTEGER, -- structure version number | ||
| 437 | * SSLversion INTEGER, -- SSL version number | ||
| 438 | * Cipher OCTET STRING, -- the 3 byte cipher ID | ||
| 439 | * Session_ID OCTET STRING, -- the Session ID | ||
| 440 | * Master_key OCTET STRING, -- the master key | ||
| 441 | * KRB5_principal OCTET STRING -- optional Kerberos principal | ||
| 442 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | ||
| 443 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | ||
| 444 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | ||
| 445 | * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context | ||
| 446 | * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' | ||
| 447 | * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension | ||
| 448 | * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint | ||
| 449 | * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity | ||
| 450 | * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket | ||
| 451 | * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) | ||
| 452 | * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method | ||
| 453 | * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username | ||
| 454 | * } | ||
| 455 | * Look in ssl/ssl_asn1.c for more details | ||
| 456 | * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). | ||
| 457 | */ | ||
| 458 | struct ssl_session_st { | ||
| 459 | int ssl_version; /* what ssl version session info is | ||
| 460 | * being kept in here? */ | ||
| 461 | |||
| 462 | int master_key_length; | ||
| 463 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 464 | /* session_id - valid? */ | ||
| 465 | unsigned int session_id_length; | ||
| 466 | unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; | ||
| 467 | /* this is used to determine whether the session is being reused in | ||
| 468 | * the appropriate context. It is up to the application to set this, | ||
| 469 | * via SSL_new */ | ||
| 470 | unsigned int sid_ctx_length; | ||
| 471 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
| 472 | |||
| 473 | /* Used to indicate that session resumption is not allowed. | ||
| 474 | * Applications can also set this bit for a new session via | ||
| 475 | * not_resumable_session_cb to disable session caching and tickets. */ | ||
| 476 | int not_resumable; | ||
| 477 | |||
| 478 | /* The cert is the certificate used to establish this connection */ | ||
| 479 | struct sess_cert_st /* SESS_CERT */ *sess_cert; | ||
| 480 | |||
| 481 | /* This is the cert for the other end. | ||
| 482 | * On clients, it will be the same as sess_cert->peer_key->x509 | ||
| 483 | * (the latter is not enough as sess_cert is not retained | ||
| 484 | * in the external representation of sessions, see ssl_asn1.c). */ | ||
| 485 | X509 *peer; | ||
| 486 | /* when app_verify_callback accepts a session where the peer's certificate | ||
| 487 | * is not ok, we must remember the error for session reuse: */ | ||
| 488 | long verify_result; /* only for servers */ | ||
| 489 | |||
| 490 | long timeout; | ||
| 491 | time_t time; | ||
| 492 | int references; | ||
| 493 | |||
| 494 | const SSL_CIPHER *cipher; | ||
| 495 | unsigned long cipher_id; /* when ASN.1 loaded, this | ||
| 496 | * needs to be used to load | ||
| 497 | * the 'cipher' structure */ | ||
| 498 | |||
| 499 | STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ | ||
| 500 | |||
| 501 | CRYPTO_EX_DATA ex_data; /* application specific data */ | ||
| 502 | |||
| 503 | /* These are used to make removal of session-ids more | ||
| 504 | * efficient and to implement a maximum cache size. */ | ||
| 505 | struct ssl_session_st *prev, *next; | ||
| 506 | char *tlsext_hostname; | ||
| 507 | size_t tlsext_ecpointformatlist_length; | ||
| 508 | uint8_t *tlsext_ecpointformatlist; /* peer's list */ | ||
| 509 | size_t tlsext_ellipticcurvelist_length; | ||
| 510 | uint16_t *tlsext_ellipticcurvelist; /* peer's list */ | ||
| 511 | |||
| 512 | /* RFC4507 info */ | ||
| 513 | unsigned char *tlsext_tick; /* Session ticket */ | ||
| 514 | size_t tlsext_ticklen; /* Session ticket length */ | ||
| 515 | long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ | ||
| 516 | }; | ||
| 517 | |||
| 518 | #endif | ||
| 519 | |||
| 520 | #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L | ||
| 521 | #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L | ||
| 522 | /* Allow initial connection to servers that don't support RI */ | ||
| 523 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | ||
| 524 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L | ||
| 525 | #define SSL_OP_TLSEXT_PADDING 0x00000010L | ||
| 526 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | ||
| 527 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L | ||
| 528 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L | ||
| 529 | #define SSL_OP_TLS_D5_BUG 0x00000100L | ||
| 530 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L | ||
| 531 | |||
| 532 | /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ | ||
| 533 | #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 | ||
| 534 | |||
| 535 | /* Refers to ancient SSLREF and SSLv2, retained for compatibility */ | ||
| 536 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | ||
| 537 | |||
| 538 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | ||
| 539 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | ||
| 540 | * the workaround is not needed. | ||
| 541 | * Unfortunately some broken SSL/TLS implementations cannot handle it | ||
| 542 | * at all, which is why it was previously included in SSL_OP_ALL. | ||
| 543 | * Now it's not. | ||
| 544 | */ | ||
| 545 | #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ | ||
| 546 | |||
| 547 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. | ||
| 548 | * This used to be 0x000FFFFFL before 0.9.7. */ | ||
| 549 | #define SSL_OP_ALL 0x800003FFL | ||
| 550 | |||
| 551 | /* DTLS options */ | ||
| 552 | #define SSL_OP_NO_QUERY_MTU 0x00001000L | ||
| 553 | /* Turn on Cookie Exchange (on relevant for servers) */ | ||
| 554 | #define SSL_OP_COOKIE_EXCHANGE 0x00002000L | ||
| 555 | /* Don't use RFC4507 ticket extension */ | ||
| 556 | #define SSL_OP_NO_TICKET 0x00004000L | ||
| 557 | /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ | ||
| 558 | #define SSL_OP_CISCO_ANYCONNECT 0x00008000L | ||
| 559 | |||
| 560 | /* As server, disallow session resumption on renegotiation */ | ||
| 561 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L | ||
| 562 | /* Don't use compression even if supported */ | ||
| 563 | #define SSL_OP_NO_COMPRESSION 0x00020000L | ||
| 564 | /* Permit unsafe legacy renegotiation */ | ||
| 565 | #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L | ||
| 566 | /* If set, always create a new key when using tmp_ecdh parameters */ | ||
| 567 | #define SSL_OP_SINGLE_ECDH_USE 0x00080000L | ||
| 568 | /* If set, always create a new key when using tmp_dh parameters */ | ||
| 569 | #define SSL_OP_SINGLE_DH_USE 0x00100000L | ||
| 570 | /* Set to always use the tmp_rsa key when doing RSA operations, | ||
| 571 | * even when this violates protocol specs */ | ||
| 572 | #define SSL_OP_EPHEMERAL_RSA 0x00200000L | ||
| 573 | /* Set on servers to choose the cipher according to the server's | ||
| 574 | * preferences */ | ||
| 575 | #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L | ||
| 576 | /* If set, a server will allow a client to issue a SSLv3.0 version number | ||
| 577 | * as latest version supported in the premaster secret, even when TLSv1.0 | ||
| 578 | * (version 3.1) was announced in the client hello. Normally this is | ||
| 579 | * forbidden to prevent version rollback attacks. */ | ||
| 580 | #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L | ||
| 581 | |||
| 582 | #define SSL_OP_NO_SSLv2 0x01000000L | ||
| 583 | #define SSL_OP_NO_SSLv3 0x02000000L | ||
| 584 | #define SSL_OP_NO_TLSv1 0x04000000L | ||
| 585 | #define SSL_OP_NO_TLSv1_2 0x08000000L | ||
| 586 | #define SSL_OP_NO_TLSv1_1 0x10000000L | ||
| 587 | |||
| 588 | /* Obsolete flags kept for compatibility. No sane code should use them. */ | ||
| 589 | #define SSL_OP_PKCS1_CHECK_1 0x0 | ||
| 590 | #define SSL_OP_PKCS1_CHECK_2 0x0 | ||
| 591 | |||
| 592 | #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L | ||
| 593 | #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L | ||
| 594 | /* Make server add server-hello extension from early version of | ||
| 595 | * cryptopro draft, when GOST ciphersuite is negotiated. | ||
| 596 | * Required for interoperability with CryptoPro CSP 3.x | ||
| 597 | */ | ||
| 598 | #define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L | ||
| 599 | |||
| 600 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success | ||
| 601 | * when just a single record has been written): */ | ||
| 602 | #define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L | ||
| 603 | /* Make it possible to retry SSL_write() with changed buffer location | ||
| 604 | * (buffer contents must stay the same!); this is not the default to avoid | ||
| 605 | * the misconception that non-blocking SSL_write() behaves like | ||
| 606 | * non-blocking write(): */ | ||
| 607 | #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L | ||
| 608 | /* Never bother the application with retries if the transport | ||
| 609 | * is blocking: */ | ||
| 610 | #define SSL_MODE_AUTO_RETRY 0x00000004L | ||
| 611 | /* Don't attempt to automatically build certificate chain */ | ||
| 612 | #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L | ||
| 613 | /* Save RAM by releasing read and write buffers when they're empty. (SSL3 and | ||
| 614 | * TLS only.) "Released" buffers are put onto a free-list in the context | ||
| 615 | * or just freed (depending on the context's setting for freelist_max_len). */ | ||
| 616 | #define SSL_MODE_RELEASE_BUFFERS 0x00000010L | ||
| 617 | |||
| 618 | /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, | ||
| 619 | * they cannot be used to clear bits. */ | ||
| 620 | |||
| 621 | #define SSL_CTX_set_options(ctx,op) \ | ||
| 622 | SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) | ||
| 623 | #define SSL_CTX_clear_options(ctx,op) \ | ||
| 624 | SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) | ||
| 625 | #define SSL_CTX_get_options(ctx) \ | ||
| 626 | SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) | ||
| 627 | #define SSL_set_options(ssl,op) \ | ||
| 628 | SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) | ||
| 629 | #define SSL_clear_options(ssl,op) \ | ||
| 630 | SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) | ||
| 631 | #define SSL_get_options(ssl) \ | ||
| 632 | SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) | ||
| 633 | |||
| 634 | #define SSL_CTX_set_mode(ctx,op) \ | ||
| 635 | SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) | ||
| 636 | #define SSL_CTX_clear_mode(ctx,op) \ | ||
| 637 | SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) | ||
| 638 | #define SSL_CTX_get_mode(ctx) \ | ||
| 639 | SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) | ||
| 640 | #define SSL_clear_mode(ssl,op) \ | ||
| 641 | SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) | ||
| 642 | #define SSL_set_mode(ssl,op) \ | ||
| 643 | SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) | ||
| 644 | #define SSL_get_mode(ssl) \ | ||
| 645 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) | ||
| 646 | #define SSL_set_mtu(ssl, mtu) \ | ||
| 647 | SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) | ||
| 648 | |||
| 649 | #define SSL_get_secure_renegotiation_support(ssl) \ | ||
| 650 | SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) | ||
| 651 | |||
| 652 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, | ||
| 653 | int version, int content_type, const void *buf, size_t len, SSL *ssl, | ||
| 654 | void *arg)); | ||
| 655 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, | ||
| 656 | int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | ||
| 657 | #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | ||
| 658 | #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | ||
| 659 | |||
| 660 | struct ssl_aead_ctx_st; | ||
| 661 | typedef struct ssl_aead_ctx_st SSL_AEAD_CTX; | ||
| 662 | |||
| 663 | #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ | ||
| 664 | |||
| 665 | #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) | ||
| 666 | |||
| 667 | /* This callback type is used inside SSL_CTX, SSL, and in the functions that set | ||
| 668 | * them. It is used to override the generation of SSL/TLS session IDs in a | ||
| 669 | * server. Return value should be zero on an error, non-zero to proceed. Also, | ||
| 670 | * callbacks should themselves check if the id they generate is unique otherwise | ||
| 671 | * the SSL handshake will fail with an error - callbacks can do this using the | ||
| 672 | * 'ssl' value they're passed by; | ||
| 673 | * SSL_has_matching_session_id(ssl, id, *id_len) | ||
| 674 | * The length value passed in is set at the maximum size the session ID can be. | ||
| 675 | * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback | ||
| 676 | * can alter this length to be less if desired, but under SSLv2 session IDs are | ||
| 677 | * supposed to be fixed at 16 bytes so the id will be padded after the callback | ||
| 678 | * returns in this case. It is also an error for the callback to set the size to | ||
| 679 | * zero. */ | ||
| 680 | typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, | ||
| 681 | unsigned int *id_len); | ||
| 682 | |||
| 683 | typedef struct ssl_comp_st SSL_COMP; | ||
| 684 | |||
| 685 | #ifndef OPENSSL_NO_SSL_INTERN | ||
| 686 | |||
| 687 | struct ssl_comp_st { | ||
| 688 | int id; | ||
| 689 | const char *name; | ||
| 690 | }; | ||
| 691 | |||
| 692 | DECLARE_STACK_OF(SSL_COMP) | ||
| 693 | DECLARE_LHASH_OF(SSL_SESSION); | ||
| 694 | |||
| 695 | struct ssl_ctx_st { | ||
| 696 | const SSL_METHOD *method; | ||
| 697 | |||
| 698 | STACK_OF(SSL_CIPHER) *cipher_list; | ||
| 699 | /* same as above but sorted for lookup */ | ||
| 700 | STACK_OF(SSL_CIPHER) *cipher_list_by_id; | ||
| 701 | |||
| 702 | struct x509_store_st /* X509_STORE */ *cert_store; | ||
| 703 | LHASH_OF(SSL_SESSION) *sessions; | ||
| 704 | /* Most session-ids that will be cached, default is | ||
| 705 | * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ | ||
| 706 | unsigned long session_cache_size; | ||
| 707 | struct ssl_session_st *session_cache_head; | ||
| 708 | struct ssl_session_st *session_cache_tail; | ||
| 709 | |||
| 710 | /* This can have one of 2 values, ored together, | ||
| 711 | * SSL_SESS_CACHE_CLIENT, | ||
| 712 | * SSL_SESS_CACHE_SERVER, | ||
| 713 | * Default is SSL_SESSION_CACHE_SERVER, which means only | ||
| 714 | * SSL_accept which cache SSL_SESSIONS. */ | ||
| 715 | int session_cache_mode; | ||
| 716 | |||
| 717 | /* If timeout is not 0, it is the default timeout value set | ||
| 718 | * when SSL_new() is called. This has been put in to make | ||
| 719 | * life easier to set things up */ | ||
| 720 | long session_timeout; | ||
| 721 | |||
| 722 | /* If this callback is not null, it will be called each | ||
| 723 | * time a session id is added to the cache. If this function | ||
| 724 | * returns 1, it means that the callback will do a | ||
| 725 | * SSL_SESSION_free() when it has finished using it. Otherwise, | ||
| 726 | * on 0, it means the callback has finished with it. | ||
| 727 | * If remove_session_cb is not null, it will be called when | ||
| 728 | * a session-id is removed from the cache. After the call, | ||
| 729 | * OpenSSL will SSL_SESSION_free() it. */ | ||
| 730 | int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); | ||
| 731 | void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); | ||
| 732 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, | ||
| 733 | unsigned char *data, int len, int *copy); | ||
| 734 | |||
| 735 | struct { | ||
| 736 | int sess_connect; /* SSL new conn - started */ | ||
| 737 | int sess_connect_renegotiate;/* SSL reneg - requested */ | ||
| 738 | int sess_connect_good; /* SSL new conne/reneg - finished */ | ||
| 739 | int sess_accept; /* SSL new accept - started */ | ||
| 740 | int sess_accept_renegotiate;/* SSL reneg - requested */ | ||
| 741 | int sess_accept_good; /* SSL accept/reneg - finished */ | ||
| 742 | int sess_miss; /* session lookup misses */ | ||
| 743 | int sess_timeout; /* reuse attempt on timeouted session */ | ||
| 744 | int sess_cache_full; /* session removed due to full cache */ | ||
| 745 | int sess_hit; /* session reuse actually done */ | ||
| 746 | int sess_cb_hit; /* session-id that was not | ||
| 747 | * in the cache was | ||
| 748 | * passed back via the callback. This | ||
| 749 | * indicates that the application is | ||
| 750 | * supplying session-id's from other | ||
| 751 | * processes - spooky :-) */ | ||
| 752 | } stats; | ||
| 753 | |||
| 754 | int references; | ||
| 755 | |||
| 756 | /* if defined, these override the X509_verify_cert() calls */ | ||
| 757 | int (*app_verify_callback)(X509_STORE_CTX *, void *); | ||
| 758 | void *app_verify_arg; | ||
| 759 | /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored | ||
| 760 | * ('app_verify_callback' was called with just one argument) */ | ||
| 761 | |||
| 762 | /* Default password callback. */ | ||
| 763 | pem_password_cb *default_passwd_callback; | ||
| 764 | |||
| 765 | /* Default password callback user data. */ | ||
| 766 | void *default_passwd_callback_userdata; | ||
| 767 | |||
| 768 | /* get client cert callback */ | ||
| 769 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | ||
| 770 | |||
| 771 | /* cookie generate callback */ | ||
| 772 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 773 | unsigned int *cookie_len); | ||
| 774 | |||
| 775 | /* verify cookie callback */ | ||
| 776 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 777 | unsigned int cookie_len); | ||
| 778 | |||
| 779 | CRYPTO_EX_DATA ex_data; | ||
| 780 | |||
| 781 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | ||
| 782 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ | ||
| 783 | |||
| 784 | STACK_OF(X509) *extra_certs; | ||
| 785 | |||
| 786 | /* Default values used when no per-SSL value is defined follow */ | ||
| 787 | |||
| 788 | void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ | ||
| 789 | |||
| 790 | /* what we put in client cert requests */ | ||
| 791 | STACK_OF(X509_NAME) *client_CA; | ||
| 792 | |||
| 793 | |||
| 794 | /* Default values to use in SSL structures follow (these are copied by SSL_new) */ | ||
| 795 | |||
| 796 | unsigned long options; | ||
| 797 | unsigned long mode; | ||
| 798 | long max_cert_list; | ||
| 799 | |||
| 800 | struct cert_st /* CERT */ *cert; | ||
| 801 | int read_ahead; | ||
| 802 | |||
| 803 | /* callback that allows applications to peek at protocol messages */ | ||
| 804 | void (*msg_callback)(int write_p, int version, int content_type, | ||
| 805 | const void *buf, size_t len, SSL *ssl, void *arg); | ||
| 806 | void *msg_callback_arg; | ||
| 807 | |||
| 808 | int verify_mode; | ||
| 809 | unsigned int sid_ctx_length; | ||
| 810 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
| 811 | int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ | ||
| 812 | |||
| 813 | /* Default generate session ID callback. */ | ||
| 814 | GEN_SESSION_CB generate_session_id; | ||
| 815 | |||
| 816 | X509_VERIFY_PARAM *param; | ||
| 817 | |||
| 818 | int quiet_shutdown; | ||
| 819 | |||
| 820 | /* Maximum amount of data to send in one fragment. | ||
| 821 | * actual record size can be more than this due to | ||
| 822 | * padding and MAC overheads. | ||
| 823 | */ | ||
| 824 | unsigned int max_send_fragment; | ||
| 825 | |||
| 826 | #ifndef OPENSSL_NO_ENGINE | ||
| 827 | /* Engine to pass requests for client certs to | ||
| 828 | */ | ||
| 829 | ENGINE *client_cert_engine; | ||
| 830 | #endif | ||
| 831 | |||
| 832 | /* TLS extensions servername callback */ | ||
| 833 | int (*tlsext_servername_callback)(SSL*, int *, void *); | ||
| 834 | void *tlsext_servername_arg; | ||
| 835 | /* RFC 4507 session ticket keys */ | ||
| 836 | unsigned char tlsext_tick_key_name[16]; | ||
| 837 | unsigned char tlsext_tick_hmac_key[16]; | ||
| 838 | unsigned char tlsext_tick_aes_key[16]; | ||
| 839 | /* Callback to support customisation of ticket key setting */ | ||
| 840 | int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name, | ||
| 841 | unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); | ||
| 842 | |||
| 843 | /* certificate status request info */ | ||
| 844 | /* Callback for status request */ | ||
| 845 | int (*tlsext_status_cb)(SSL *ssl, void *arg); | ||
| 846 | void *tlsext_status_arg; | ||
| 847 | |||
| 848 | |||
| 849 | |||
| 850 | |||
| 851 | /* Next protocol negotiation information */ | ||
| 852 | /* (for experimental NPN extension). */ | ||
| 853 | |||
| 854 | /* For a server, this contains a callback function by which the set of | ||
| 855 | * advertised protocols can be provided. */ | ||
| 856 | int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, | ||
| 857 | unsigned int *len, void *arg); | ||
| 858 | void *next_protos_advertised_cb_arg; | ||
| 859 | /* For a client, this contains a callback function that selects the | ||
| 860 | * next protocol from the list provided by the server. */ | ||
| 861 | int (*next_proto_select_cb)(SSL *s, unsigned char **out, | ||
| 862 | unsigned char *outlen, const unsigned char *in, | ||
| 863 | unsigned int inlen, void *arg); | ||
| 864 | void *next_proto_select_cb_arg; | ||
| 865 | |||
| 866 | /* | ||
| 867 | * ALPN information | ||
| 868 | * (we are in the process of transitioning from NPN to ALPN). | ||
| 869 | */ | ||
| 870 | |||
| 871 | /* | ||
| 872 | * Server callback function that allows the server to select the | ||
| 873 | * protocol for the connection. | ||
| 874 | * out: on successful return, this must point to the raw protocol | ||
| 875 | * name (without the length prefix). | ||
| 876 | * outlen: on successful return, this contains the length of out. | ||
| 877 | * in: points to the client's list of supported protocols in | ||
| 878 | * wire-format. | ||
| 879 | * inlen: the length of in. | ||
| 880 | */ | ||
| 881 | int (*alpn_select_cb)(SSL *s, const unsigned char **out, | ||
| 882 | unsigned char *outlen, const unsigned char *in, unsigned int inlen, | ||
| 883 | void *arg); | ||
| 884 | void *alpn_select_cb_arg; | ||
| 885 | |||
| 886 | /* Client list of supported protocols in wire format. */ | ||
| 887 | unsigned char *alpn_client_proto_list; | ||
| 888 | unsigned int alpn_client_proto_list_len; | ||
| 889 | |||
| 890 | /* SRTP profiles we are willing to do from RFC 5764 */ | ||
| 891 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; | ||
| 892 | }; | ||
| 893 | |||
| 894 | #endif | ||
| 895 | |||
| 896 | #define SSL_SESS_CACHE_OFF 0x0000 | ||
| 897 | #define SSL_SESS_CACHE_CLIENT 0x0001 | ||
| 898 | #define SSL_SESS_CACHE_SERVER 0x0002 | ||
| 899 | #define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) | ||
| 900 | #define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 | ||
| 901 | /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ | ||
| 902 | #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 | ||
| 903 | #define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 | ||
| 904 | #define SSL_SESS_CACHE_NO_INTERNAL \ | ||
| 905 | (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) | ||
| 906 | |||
| 907 | LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); | ||
| 908 | #define SSL_CTX_sess_number(ctx) \ | ||
| 909 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) | ||
| 910 | #define SSL_CTX_sess_connect(ctx) \ | ||
| 911 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) | ||
| 912 | #define SSL_CTX_sess_connect_good(ctx) \ | ||
| 913 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) | ||
| 914 | #define SSL_CTX_sess_connect_renegotiate(ctx) \ | ||
| 915 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) | ||
| 916 | #define SSL_CTX_sess_accept(ctx) \ | ||
| 917 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) | ||
| 918 | #define SSL_CTX_sess_accept_renegotiate(ctx) \ | ||
| 919 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) | ||
| 920 | #define SSL_CTX_sess_accept_good(ctx) \ | ||
| 921 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) | ||
| 922 | #define SSL_CTX_sess_hits(ctx) \ | ||
| 923 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) | ||
| 924 | #define SSL_CTX_sess_cb_hits(ctx) \ | ||
| 925 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) | ||
| 926 | #define SSL_CTX_sess_misses(ctx) \ | ||
| 927 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) | ||
| 928 | #define SSL_CTX_sess_timeouts(ctx) \ | ||
| 929 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) | ||
| 930 | #define SSL_CTX_sess_cache_full(ctx) \ | ||
| 931 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) | ||
| 932 | |||
| 933 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | ||
| 934 | int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); | ||
| 935 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, | ||
| 936 | SSL_SESSION *sess); | ||
| 937 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | ||
| 938 | void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess)); | ||
| 939 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, | ||
| 940 | SSL_SESSION *sess); | ||
| 941 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, | ||
| 942 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, | ||
| 943 | int len, int *copy)); | ||
| 944 | SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, | ||
| 945 | unsigned char *Data, int len, int *copy); | ||
| 946 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl, | ||
| 947 | int type, int val)); | ||
| 948 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, | ||
| 949 | int val); | ||
| 950 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | ||
| 951 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); | ||
| 952 | int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, | ||
| 953 | EVP_PKEY **pkey); | ||
| 954 | #ifndef OPENSSL_NO_ENGINE | ||
| 955 | int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); | ||
| 956 | #endif | ||
| 957 | void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | ||
| 958 | int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 959 | unsigned int *cookie_len)); | ||
| 960 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | ||
| 961 | int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, | ||
| 962 | unsigned int cookie_len)); | ||
| 963 | void | ||
| 964 | SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl, | ||
| 965 | const unsigned char **out, unsigned int *outlen, void *arg), void *arg); | ||
| 966 | void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl, | ||
| 967 | unsigned char **out, unsigned char *outlen, const unsigned char *in, | ||
| 968 | unsigned int inlen, void *arg), void *arg); | ||
| 969 | |||
| 970 | int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, | ||
| 971 | const unsigned char *in, unsigned int inlen, const unsigned char *client, | ||
| 972 | unsigned int client_len); | ||
| 973 | void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, | ||
| 974 | unsigned *len); | ||
| 975 | |||
| 976 | #define OPENSSL_NPN_UNSUPPORTED 0 | ||
| 977 | #define OPENSSL_NPN_NEGOTIATED 1 | ||
| 978 | #define OPENSSL_NPN_NO_OVERLAP 2 | ||
| 979 | |||
| 980 | int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, | ||
| 981 | unsigned int protos_len); | ||
| 982 | int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, | ||
| 983 | unsigned int protos_len); | ||
| 984 | void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, | ||
| 985 | int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen, | ||
| 986 | const unsigned char *in, unsigned int inlen, void *arg), void *arg); | ||
| 987 | void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, | ||
| 988 | unsigned int *len); | ||
| 989 | |||
| 990 | #define SSL_NOTHING 1 | ||
| 991 | #define SSL_WRITING 2 | ||
| 992 | #define SSL_READING 3 | ||
| 993 | #define SSL_X509_LOOKUP 4 | ||
| 994 | |||
| 995 | /* These will only be used when doing non-blocking IO */ | ||
| 996 | #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | ||
| 997 | #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | ||
| 998 | #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | ||
| 999 | #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | ||
| 1000 | |||
| 1001 | #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | ||
| 1002 | #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | ||
| 1003 | |||
| 1004 | #ifndef OPENSSL_NO_SSL_INTERN | ||
| 1005 | |||
| 1006 | struct ssl_st { | ||
| 1007 | /* protocol version | ||
| 1008 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) | ||
| 1009 | */ | ||
| 1010 | int version; | ||
| 1011 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ | ||
| 1012 | |||
| 1013 | const SSL_METHOD *method; /* SSLv3 */ | ||
| 1014 | |||
| 1015 | /* There are 2 BIO's even though they are normally both the | ||
| 1016 | * same. This is so data can be read and written to different | ||
| 1017 | * handlers */ | ||
| 1018 | |||
| 1019 | #ifndef OPENSSL_NO_BIO | ||
| 1020 | BIO *rbio; /* used by SSL_read */ | ||
| 1021 | BIO *wbio; /* used by SSL_write */ | ||
| 1022 | BIO *bbio; /* used during session-id reuse to concatenate | ||
| 1023 | * messages */ | ||
| 1024 | #else | ||
| 1025 | char *rbio; /* used by SSL_read */ | ||
| 1026 | char *wbio; /* used by SSL_write */ | ||
| 1027 | char *bbio; | ||
| 1028 | #endif | ||
| 1029 | /* This holds a variable that indicates what we were doing | ||
| 1030 | * when a 0 or -1 is returned. This is needed for | ||
| 1031 | * non-blocking IO so we know what request needs re-doing when | ||
| 1032 | * in SSL_accept or SSL_connect */ | ||
| 1033 | int rwstate; | ||
| 1034 | |||
| 1035 | /* true when we are actually in SSL_accept() or SSL_connect() */ | ||
| 1036 | int in_handshake; | ||
| 1037 | int (*handshake_func)(SSL *); | ||
| 1038 | |||
| 1039 | /* Imagine that here's a boolean member "init" that is | ||
| 1040 | * switched as soon as SSL_set_{accept/connect}_state | ||
| 1041 | * is called for the first time, so that "state" and | ||
| 1042 | * "handshake_func" are properly initialized. But as | ||
| 1043 | * handshake_func is == 0 until then, we use this | ||
| 1044 | * test instead of an "init" member. | ||
| 1045 | */ | ||
| 1046 | |||
| 1047 | int server; /* are we the server side? - mostly used by SSL_clear*/ | ||
| 1048 | |||
| 1049 | int new_session;/* Generate a new session or reuse an old one. | ||
| 1050 | * NB: For servers, the 'new' session may actually be a previously | ||
| 1051 | * cached session or even the previous session unless | ||
| 1052 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | ||
| 1053 | int quiet_shutdown;/* don't send shutdown packets */ | ||
| 1054 | int shutdown; /* we have shut things down, 0x01 sent, 0x02 | ||
| 1055 | * for received */ | ||
| 1056 | int state; /* where we are */ | ||
| 1057 | int rstate; /* where we are when reading */ | ||
| 1058 | |||
| 1059 | BUF_MEM *init_buf; /* buffer used during init */ | ||
| 1060 | void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ | ||
| 1061 | int init_num; /* amount read/written */ | ||
| 1062 | int init_off; /* amount read/written */ | ||
| 1063 | |||
| 1064 | /* used internally to point at a raw packet */ | ||
| 1065 | unsigned char *packet; | ||
| 1066 | unsigned int packet_length; | ||
| 1067 | |||
| 1068 | struct ssl3_state_st *s3; /* SSLv3 variables */ | ||
| 1069 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | ||
| 1070 | |||
| 1071 | int read_ahead; /* Read as many input bytes as possible | ||
| 1072 | * (for non-blocking reads) */ | ||
| 1073 | |||
| 1074 | /* callback that allows applications to peek at protocol messages */ | ||
| 1075 | void (*msg_callback)(int write_p, int version, int content_type, | ||
| 1076 | const void *buf, size_t len, SSL *ssl, void *arg); | ||
| 1077 | void *msg_callback_arg; | ||
| 1078 | |||
| 1079 | int hit; /* reusing a previous session */ | ||
| 1080 | |||
| 1081 | X509_VERIFY_PARAM *param; | ||
| 1082 | |||
| 1083 | /* crypto */ | ||
| 1084 | STACK_OF(SSL_CIPHER) *cipher_list; | ||
| 1085 | STACK_OF(SSL_CIPHER) *cipher_list_by_id; | ||
| 1086 | |||
| 1087 | /* These are the ones being used, the ones in SSL_SESSION are | ||
| 1088 | * the ones to be 'copied' into these ones */ | ||
| 1089 | int mac_flags; | ||
| 1090 | |||
| 1091 | SSL_AEAD_CTX *aead_read_ctx; /* AEAD context. If non-NULL, then | ||
| 1092 | enc_read_ctx and read_hash are | ||
| 1093 | ignored. */ | ||
| 1094 | |||
| 1095 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ | ||
| 1096 | EVP_MD_CTX *read_hash; /* used for mac generation */ | ||
| 1097 | |||
| 1098 | SSL_AEAD_CTX *aead_write_ctx; /* AEAD context. If non-NULL, then | ||
| 1099 | enc_write_ctx and write_hash are | ||
| 1100 | ignored. */ | ||
| 1101 | |||
| 1102 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | ||
| 1103 | EVP_MD_CTX *write_hash; /* used for mac generation */ | ||
| 1104 | |||
| 1105 | /* session info */ | ||
| 1106 | |||
| 1107 | /* client cert? */ | ||
| 1108 | /* This is used to hold the server certificate used */ | ||
| 1109 | struct cert_st /* CERT */ *cert; | ||
| 1110 | |||
| 1111 | /* the session_id_context is used to ensure sessions are only reused | ||
| 1112 | * in the appropriate context */ | ||
| 1113 | unsigned int sid_ctx_length; | ||
| 1114 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
| 1115 | |||
| 1116 | /* This can also be in the session once a session is established */ | ||
| 1117 | SSL_SESSION *session; | ||
| 1118 | |||
| 1119 | /* Default generate session ID callback. */ | ||
| 1120 | GEN_SESSION_CB generate_session_id; | ||
| 1121 | |||
| 1122 | /* Used in SSL2 and SSL3 */ | ||
| 1123 | int verify_mode; /* 0 don't care about verify failure. | ||
| 1124 | * 1 fail if verify fails */ | ||
| 1125 | int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ | ||
| 1126 | |||
| 1127 | void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ | ||
| 1128 | |||
| 1129 | int error; /* error bytes to be written */ | ||
| 1130 | int error_code; /* actual code */ | ||
| 1131 | |||
| 1132 | |||
| 1133 | |||
| 1134 | SSL_CTX *ctx; | ||
| 1135 | /* set this flag to 1 and a sleep(1) is put into all SSL_read() | ||
| 1136 | * and SSL_write() calls, good for nbio debuging :-) */ | ||
| 1137 | int debug; | ||
| 1138 | |||
| 1139 | |||
| 1140 | /* extra application data */ | ||
| 1141 | long verify_result; | ||
| 1142 | CRYPTO_EX_DATA ex_data; | ||
| 1143 | |||
| 1144 | /* for server side, keep the list of CA_dn we can use */ | ||
| 1145 | STACK_OF(X509_NAME) *client_CA; | ||
| 1146 | |||
| 1147 | int references; | ||
| 1148 | unsigned long options; /* protocol behaviour */ | ||
| 1149 | unsigned long mode; /* API behaviour */ | ||
| 1150 | long max_cert_list; | ||
| 1151 | int first_packet; | ||
| 1152 | int client_version; /* what was passed, used for | ||
| 1153 | * SSLv3/TLS rollback check */ | ||
| 1154 | unsigned int max_send_fragment; | ||
| 1155 | /* TLS extension debug callback */ | ||
| 1156 | void (*tlsext_debug_cb)(SSL *s, int client_server, int type, | ||
| 1157 | unsigned char *data, int len, void *arg); | ||
| 1158 | void *tlsext_debug_arg; | ||
| 1159 | char *tlsext_hostname; | ||
| 1160 | int servername_done; /* no further mod of servername | ||
| 1161 | 0 : call the servername extension callback. | ||
| 1162 | 1 : prepare 2, allow last ack just after in server callback. | ||
| 1163 | 2 : don't call servername callback, no ack in server hello | ||
| 1164 | */ | ||
| 1165 | /* certificate status request info */ | ||
| 1166 | /* Status type or -1 if no status type */ | ||
| 1167 | int tlsext_status_type; | ||
| 1168 | /* Expect OCSP CertificateStatus message */ | ||
| 1169 | int tlsext_status_expected; | ||
| 1170 | /* OCSP status request only */ | ||
| 1171 | STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; | ||
| 1172 | X509_EXTENSIONS *tlsext_ocsp_exts; | ||
| 1173 | /* OCSP response received or to be sent */ | ||
| 1174 | unsigned char *tlsext_ocsp_resp; | ||
| 1175 | int tlsext_ocsp_resplen; | ||
| 1176 | |||
| 1177 | /* RFC4507 session ticket expected to be received or sent */ | ||
| 1178 | int tlsext_ticket_expected; | ||
| 1179 | size_t tlsext_ecpointformatlist_length; | ||
| 1180 | uint8_t *tlsext_ecpointformatlist; /* our list */ | ||
| 1181 | size_t tlsext_ellipticcurvelist_length; | ||
| 1182 | uint16_t *tlsext_ellipticcurvelist; /* our list */ | ||
| 1183 | |||
| 1184 | /* TLS Session Ticket extension override */ | ||
| 1185 | TLS_SESSION_TICKET_EXT *tlsext_session_ticket; | ||
| 1186 | |||
| 1187 | /* TLS Session Ticket extension callback */ | ||
| 1188 | tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; | ||
| 1189 | void *tls_session_ticket_ext_cb_arg; | ||
| 1190 | |||
| 1191 | /* TLS pre-shared secret session resumption */ | ||
| 1192 | tls_session_secret_cb_fn tls_session_secret_cb; | ||
| 1193 | void *tls_session_secret_cb_arg; | ||
| 1194 | |||
| 1195 | SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ | ||
| 1196 | |||
| 1197 | /* Next protocol negotiation. For the client, this is the protocol that | ||
| 1198 | * we sent in NextProtocol and is set when handling ServerHello | ||
| 1199 | * extensions. | ||
| 1200 | * | ||
| 1201 | * For a server, this is the client's selected_protocol from | ||
| 1202 | * NextProtocol and is set when handling the NextProtocol message, | ||
| 1203 | * before the Finished message. */ | ||
| 1204 | unsigned char *next_proto_negotiated; | ||
| 1205 | unsigned char next_proto_negotiated_len; | ||
| 1206 | |||
| 1207 | #define session_ctx initial_ctx | ||
| 1208 | |||
| 1209 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ | ||
| 1210 | SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ | ||
| 1211 | |||
| 1212 | unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? | ||
| 1213 | 0: disabled | ||
| 1214 | 1: enabled | ||
| 1215 | 2: enabled, but not allowed to send Requests | ||
| 1216 | */ | ||
| 1217 | unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ | ||
| 1218 | unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ | ||
| 1219 | |||
| 1220 | /* Client list of supported protocols in wire format. */ | ||
| 1221 | unsigned char *alpn_client_proto_list; | ||
| 1222 | unsigned int alpn_client_proto_list_len; | ||
| 1223 | |||
| 1224 | int renegotiate;/* 1 if we are renegotiating. | ||
| 1225 | * 2 if we are a server and are inside a handshake | ||
| 1226 | * (i.e. not just sending a HelloRequest) */ | ||
| 1227 | |||
| 1228 | }; | ||
| 1229 | |||
| 1230 | #endif | ||
| 1231 | |||
| 1232 | #ifdef __cplusplus | ||
| 1233 | } | ||
| 1234 | #endif | ||
| 1235 | |||
| 1236 | #include <openssl/ssl2.h> | ||
| 1237 | #include <openssl/ssl3.h> | ||
| 1238 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ | ||
| 1239 | #include <openssl/dtls1.h> /* Datagram TLS */ | ||
| 1240 | #include <openssl/ssl23.h> | ||
| 1241 | #include <openssl/srtp.h> /* Support for the use_srtp extension */ | ||
| 1242 | |||
| 1243 | #ifdef __cplusplus | ||
| 1244 | extern "C" { | ||
| 1245 | #endif | ||
| 1246 | |||
| 1247 | /* compatibility */ | ||
| 1248 | #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) | ||
| 1249 | #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) | ||
| 1250 | #define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) | ||
| 1251 | #define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) | ||
| 1252 | #define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) | ||
| 1253 | #define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) | ||
| 1254 | |||
| 1255 | /* The following are the possible values for ssl->state are are | ||
| 1256 | * used to indicate where we are up to in the SSL connection establishment. | ||
| 1257 | * The macros that follow are about the only things you should need to use | ||
| 1258 | * and even then, only when using non-blocking IO. | ||
| 1259 | * It can also be useful to work out where you were when the connection | ||
| 1260 | * failed */ | ||
| 1261 | |||
| 1262 | #define SSL_ST_CONNECT 0x1000 | ||
| 1263 | #define SSL_ST_ACCEPT 0x2000 | ||
| 1264 | #define SSL_ST_MASK 0x0FFF | ||
| 1265 | #define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) | ||
| 1266 | #define SSL_ST_BEFORE 0x4000 | ||
| 1267 | #define SSL_ST_OK 0x03 | ||
| 1268 | #define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) | ||
| 1269 | |||
| 1270 | #define SSL_CB_LOOP 0x01 | ||
| 1271 | #define SSL_CB_EXIT 0x02 | ||
| 1272 | #define SSL_CB_READ 0x04 | ||
| 1273 | #define SSL_CB_WRITE 0x08 | ||
| 1274 | #define SSL_CB_ALERT 0x4000 /* used in callback */ | ||
| 1275 | #define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) | ||
| 1276 | #define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) | ||
| 1277 | #define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) | ||
| 1278 | #define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) | ||
| 1279 | #define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) | ||
| 1280 | #define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) | ||
| 1281 | #define SSL_CB_HANDSHAKE_START 0x10 | ||
| 1282 | #define SSL_CB_HANDSHAKE_DONE 0x20 | ||
| 1283 | |||
| 1284 | /* Is the SSL_connection established? */ | ||
| 1285 | #define SSL_get_state(a) SSL_state(a) | ||
| 1286 | #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) | ||
| 1287 | #define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) | ||
| 1288 | #define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) | ||
| 1289 | #define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) | ||
| 1290 | #define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) | ||
| 1291 | |||
| 1292 | /* The following 2 states are kept in ssl->rstate when reads fail, | ||
| 1293 | * you should not need these */ | ||
| 1294 | #define SSL_ST_READ_HEADER 0xF0 | ||
| 1295 | #define SSL_ST_READ_BODY 0xF1 | ||
| 1296 | #define SSL_ST_READ_DONE 0xF2 | ||
| 1297 | |||
| 1298 | /* Obtain latest Finished message | ||
| 1299 | * -- that we sent (SSL_get_finished) | ||
| 1300 | * -- that we expected from peer (SSL_get_peer_finished). | ||
| 1301 | * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ | ||
| 1302 | size_t SSL_get_finished(const SSL *s, void *buf, size_t count); | ||
| 1303 | size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); | ||
| 1304 | |||
| 1305 | /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options | ||
| 1306 | * are 'ored' with SSL_VERIFY_PEER if they are desired */ | ||
| 1307 | #define SSL_VERIFY_NONE 0x00 | ||
| 1308 | #define SSL_VERIFY_PEER 0x01 | ||
| 1309 | #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 | ||
| 1310 | #define SSL_VERIFY_CLIENT_ONCE 0x04 | ||
| 1311 | |||
| 1312 | #define OpenSSL_add_ssl_algorithms() SSL_library_init() | ||
| 1313 | #define SSLeay_add_ssl_algorithms() SSL_library_init() | ||
| 1314 | |||
| 1315 | /* More backward compatibility */ | ||
| 1316 | #define SSL_get_cipher(s) \ | ||
| 1317 | SSL_CIPHER_get_name(SSL_get_current_cipher(s)) | ||
| 1318 | #define SSL_get_cipher_bits(s,np) \ | ||
| 1319 | SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) | ||
| 1320 | #define SSL_get_cipher_version(s) \ | ||
| 1321 | SSL_CIPHER_get_version(SSL_get_current_cipher(s)) | ||
| 1322 | #define SSL_get_cipher_name(s) \ | ||
| 1323 | SSL_CIPHER_get_name(SSL_get_current_cipher(s)) | ||
| 1324 | #define SSL_get_time(a) SSL_SESSION_get_time(a) | ||
| 1325 | #define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) | ||
| 1326 | #define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) | ||
| 1327 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) | ||
| 1328 | |||
| 1329 | #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) | ||
| 1330 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) | ||
| 1331 | |||
| 1332 | DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | ||
| 1333 | |||
| 1334 | #define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */ | ||
| 1335 | |||
| 1336 | /* These alert types are for SSLv3 and TLSv1 */ | ||
| 1337 | #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY | ||
| 1338 | #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ | ||
| 1339 | #define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ | ||
| 1340 | #define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED | ||
| 1341 | #define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW | ||
| 1342 | #define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ | ||
| 1343 | #define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ | ||
| 1344 | #define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ | ||
| 1345 | #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE | ||
| 1346 | #define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE | ||
| 1347 | #define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED | ||
| 1348 | #define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED | ||
| 1349 | #define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN | ||
| 1350 | #define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ | ||
| 1351 | #define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ | ||
| 1352 | #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ | ||
| 1353 | #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ | ||
| 1354 | #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR | ||
| 1355 | #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ | ||
| 1356 | #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ | ||
| 1357 | #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ | ||
| 1358 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ | ||
| 1359 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED | ||
| 1360 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION | ||
| 1361 | #define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION | ||
| 1362 | #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE | ||
| 1363 | #define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME | ||
| 1364 | #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE | ||
| 1365 | #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE | ||
| 1366 | #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ | ||
| 1367 | #define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ | ||
| 1368 | |||
| 1369 | #define SSL_ERROR_NONE 0 | ||
| 1370 | #define SSL_ERROR_SSL 1 | ||
| 1371 | #define SSL_ERROR_WANT_READ 2 | ||
| 1372 | #define SSL_ERROR_WANT_WRITE 3 | ||
| 1373 | #define SSL_ERROR_WANT_X509_LOOKUP 4 | ||
| 1374 | #define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ | ||
| 1375 | #define SSL_ERROR_ZERO_RETURN 6 | ||
| 1376 | #define SSL_ERROR_WANT_CONNECT 7 | ||
| 1377 | #define SSL_ERROR_WANT_ACCEPT 8 | ||
| 1378 | |||
| 1379 | #define SSL_CTRL_NEED_TMP_RSA 1 | ||
| 1380 | #define SSL_CTRL_SET_TMP_RSA 2 | ||
| 1381 | #define SSL_CTRL_SET_TMP_DH 3 | ||
| 1382 | #define SSL_CTRL_SET_TMP_ECDH 4 | ||
| 1383 | #define SSL_CTRL_SET_TMP_RSA_CB 5 | ||
| 1384 | #define SSL_CTRL_SET_TMP_DH_CB 6 | ||
| 1385 | #define SSL_CTRL_SET_TMP_ECDH_CB 7 | ||
| 1386 | |||
| 1387 | #define SSL_CTRL_GET_SESSION_REUSED 8 | ||
| 1388 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 | ||
| 1389 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 | ||
| 1390 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 | ||
| 1391 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 | ||
| 1392 | #define SSL_CTRL_GET_FLAGS 13 | ||
| 1393 | #define SSL_CTRL_EXTRA_CHAIN_CERT 14 | ||
| 1394 | |||
| 1395 | #define SSL_CTRL_SET_MSG_CALLBACK 15 | ||
| 1396 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 | ||
| 1397 | |||
| 1398 | /* only applies to datagram connections */ | ||
| 1399 | #define SSL_CTRL_SET_MTU 17 | ||
| 1400 | /* Stats */ | ||
| 1401 | #define SSL_CTRL_SESS_NUMBER 20 | ||
| 1402 | #define SSL_CTRL_SESS_CONNECT 21 | ||
| 1403 | #define SSL_CTRL_SESS_CONNECT_GOOD 22 | ||
| 1404 | #define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 | ||
| 1405 | #define SSL_CTRL_SESS_ACCEPT 24 | ||
| 1406 | #define SSL_CTRL_SESS_ACCEPT_GOOD 25 | ||
| 1407 | #define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 | ||
| 1408 | #define SSL_CTRL_SESS_HIT 27 | ||
| 1409 | #define SSL_CTRL_SESS_CB_HIT 28 | ||
| 1410 | #define SSL_CTRL_SESS_MISSES 29 | ||
| 1411 | #define SSL_CTRL_SESS_TIMEOUTS 30 | ||
| 1412 | #define SSL_CTRL_SESS_CACHE_FULL 31 | ||
| 1413 | #define SSL_CTRL_OPTIONS 32 | ||
| 1414 | #define SSL_CTRL_MODE 33 | ||
| 1415 | |||
| 1416 | #define SSL_CTRL_GET_READ_AHEAD 40 | ||
| 1417 | #define SSL_CTRL_SET_READ_AHEAD 41 | ||
| 1418 | #define SSL_CTRL_SET_SESS_CACHE_SIZE 42 | ||
| 1419 | #define SSL_CTRL_GET_SESS_CACHE_SIZE 43 | ||
| 1420 | #define SSL_CTRL_SET_SESS_CACHE_MODE 44 | ||
| 1421 | #define SSL_CTRL_GET_SESS_CACHE_MODE 45 | ||
| 1422 | |||
| 1423 | #define SSL_CTRL_GET_MAX_CERT_LIST 50 | ||
| 1424 | #define SSL_CTRL_SET_MAX_CERT_LIST 51 | ||
| 1425 | |||
| 1426 | #define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 | ||
| 1427 | |||
| 1428 | /* see tls1.h for macros based on these */ | ||
| 1429 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 | ||
| 1430 | #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 | ||
| 1431 | #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 | ||
| 1432 | #define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 | ||
| 1433 | #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 | ||
| 1434 | #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 | ||
| 1435 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 | ||
| 1436 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 | ||
| 1437 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 | ||
| 1438 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 | ||
| 1439 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 | ||
| 1440 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 | ||
| 1441 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 | ||
| 1442 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 | ||
| 1443 | #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 | ||
| 1444 | #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 | ||
| 1445 | |||
| 1446 | #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 | ||
| 1447 | |||
| 1448 | #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 | ||
| 1449 | #define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 | ||
| 1450 | #define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 | ||
| 1451 | |||
| 1452 | #define SSL_CTRL_SET_SRP_ARG 78 | ||
| 1453 | #define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 | ||
| 1454 | #define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 | ||
| 1455 | #define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 | ||
| 1456 | |||
| 1457 | #define DTLS_CTRL_GET_TIMEOUT 73 | ||
| 1458 | #define DTLS_CTRL_HANDLE_TIMEOUT 74 | ||
| 1459 | #define DTLS_CTRL_LISTEN 75 | ||
| 1460 | |||
| 1461 | #define SSL_CTRL_GET_RI_SUPPORT 76 | ||
| 1462 | #define SSL_CTRL_CLEAR_OPTIONS 77 | ||
| 1463 | #define SSL_CTRL_CLEAR_MODE 78 | ||
| 1464 | |||
| 1465 | #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 | ||
| 1466 | #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 | ||
| 1467 | |||
| 1468 | #define SSL_CTRL_SET_ECDH_AUTO 94 | ||
| 1469 | |||
| 1470 | #define SSL_CTRL_SET_DH_AUTO 118 | ||
| 1471 | |||
| 1472 | #define DTLSv1_get_timeout(ssl, arg) \ | ||
| 1473 | SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) | ||
| 1474 | #define DTLSv1_handle_timeout(ssl) \ | ||
| 1475 | SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) | ||
| 1476 | #define DTLSv1_listen(ssl, peer) \ | ||
| 1477 | SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) | ||
| 1478 | |||
| 1479 | #define SSL_session_reused(ssl) \ | ||
| 1480 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) | ||
| 1481 | #define SSL_num_renegotiations(ssl) \ | ||
| 1482 | SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) | ||
| 1483 | #define SSL_clear_num_renegotiations(ssl) \ | ||
| 1484 | SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) | ||
| 1485 | #define SSL_total_renegotiations(ssl) \ | ||
| 1486 | SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) | ||
| 1487 | |||
| 1488 | #define SSL_CTX_need_tmp_RSA(ctx) \ | ||
| 1489 | SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) | ||
| 1490 | #define SSL_CTX_set_tmp_rsa(ctx,rsa) \ | ||
| 1491 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | ||
| 1492 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ | ||
| 1493 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | ||
| 1494 | #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ | ||
| 1495 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
| 1496 | #define SSL_CTX_set_dh_auto(ctx, onoff) \ | ||
| 1497 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) | ||
| 1498 | #define SSL_CTX_set_ecdh_auto(ctx, onoff) \ | ||
| 1499 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) | ||
| 1500 | |||
| 1501 | #define SSL_need_tmp_RSA(ssl) \ | ||
| 1502 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) | ||
| 1503 | #define SSL_set_tmp_rsa(ssl,rsa) \ | ||
| 1504 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) | ||
| 1505 | #define SSL_set_tmp_dh(ssl,dh) \ | ||
| 1506 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | ||
| 1507 | #define SSL_set_tmp_ecdh(ssl,ecdh) \ | ||
| 1508 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | ||
| 1509 | #define SSL_set_dh_auto(s, onoff) \ | ||
| 1510 | SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) | ||
| 1511 | #define SSL_set_ecdh_auto(s, onoff) \ | ||
| 1512 | SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) | ||
| 1513 | |||
| 1514 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ | ||
| 1515 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | ||
| 1516 | #define SSL_CTX_get_extra_chain_certs(ctx,px509) \ | ||
| 1517 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) | ||
| 1518 | #define SSL_CTX_clear_extra_chain_certs(ctx) \ | ||
| 1519 | SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) | ||
| 1520 | |||
| 1521 | #ifndef OPENSSL_NO_BIO | ||
| 1522 | BIO_METHOD *BIO_f_ssl(void); | ||
| 1523 | BIO *BIO_new_ssl(SSL_CTX *ctx, int client); | ||
| 1524 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx); | ||
| 1525 | BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); | ||
| 1526 | int BIO_ssl_copy_session_id(BIO *to, BIO *from); | ||
| 1527 | void BIO_ssl_shutdown(BIO *ssl_bio); | ||
| 1528 | #endif | ||
| 1529 | |||
| 1530 | int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); | ||
| 1531 | SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); | ||
| 1532 | void SSL_CTX_free(SSL_CTX *); | ||
| 1533 | long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); | ||
| 1534 | long SSL_CTX_get_timeout(const SSL_CTX *ctx); | ||
| 1535 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); | ||
| 1536 | void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); | ||
| 1537 | int SSL_want(const SSL *s); | ||
| 1538 | int SSL_clear(SSL *s); | ||
| 1539 | |||
| 1540 | void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); | ||
| 1541 | |||
| 1542 | const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); | ||
| 1543 | const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id); | ||
| 1544 | const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value); | ||
| 1545 | int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); | ||
| 1546 | char * SSL_CIPHER_get_version(const SSL_CIPHER *c); | ||
| 1547 | const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); | ||
| 1548 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); | ||
| 1549 | uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c); | ||
| 1550 | |||
| 1551 | int SSL_get_fd(const SSL *s); | ||
| 1552 | int SSL_get_rfd(const SSL *s); | ||
| 1553 | int SSL_get_wfd(const SSL *s); | ||
| 1554 | const char * SSL_get_cipher_list(const SSL *s, int n); | ||
| 1555 | char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); | ||
| 1556 | int SSL_get_read_ahead(const SSL * s); | ||
| 1557 | int SSL_pending(const SSL *s); | ||
| 1558 | int SSL_set_fd(SSL *s, int fd); | ||
| 1559 | int SSL_set_rfd(SSL *s, int fd); | ||
| 1560 | int SSL_set_wfd(SSL *s, int fd); | ||
| 1561 | #ifndef OPENSSL_NO_BIO | ||
| 1562 | void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); | ||
| 1563 | BIO * SSL_get_rbio(const SSL *s); | ||
| 1564 | BIO * SSL_get_wbio(const SSL *s); | ||
| 1565 | #endif | ||
| 1566 | int SSL_set_cipher_list(SSL *s, const char *str); | ||
| 1567 | void SSL_set_read_ahead(SSL *s, int yes); | ||
| 1568 | int SSL_get_verify_mode(const SSL *s); | ||
| 1569 | int SSL_get_verify_depth(const SSL *s); | ||
| 1570 | int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *); | ||
| 1571 | void SSL_set_verify(SSL *s, int mode, | ||
| 1572 | int (*callback)(int ok, X509_STORE_CTX *ctx)); | ||
| 1573 | void SSL_set_verify_depth(SSL *s, int depth); | ||
| 1574 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); | ||
| 1575 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); | ||
| 1576 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); | ||
| 1577 | int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); | ||
| 1578 | int SSL_use_certificate(SSL *ssl, X509 *x); | ||
| 1579 | int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); | ||
| 1580 | |||
| 1581 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); | ||
| 1582 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); | ||
| 1583 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type); | ||
| 1584 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); | ||
| 1585 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); | ||
| 1586 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); | ||
| 1587 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ | ||
| 1588 | int SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len); | ||
| 1589 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); | ||
| 1590 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | ||
| 1591 | const char *file); | ||
| 1592 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | ||
| 1593 | const char *dir); | ||
| 1594 | |||
| 1595 | void SSL_load_error_strings(void ); | ||
| 1596 | const char *SSL_state_string(const SSL *s); | ||
| 1597 | const char *SSL_rstate_string(const SSL *s); | ||
| 1598 | const char *SSL_state_string_long(const SSL *s); | ||
| 1599 | const char *SSL_rstate_string_long(const SSL *s); | ||
| 1600 | long SSL_SESSION_get_time(const SSL_SESSION *s); | ||
| 1601 | long SSL_SESSION_set_time(SSL_SESSION *s, long t); | ||
| 1602 | long SSL_SESSION_get_timeout(const SSL_SESSION *s); | ||
| 1603 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); | ||
| 1604 | void SSL_copy_session_id(SSL *to, const SSL *from); | ||
| 1605 | X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); | ||
| 1606 | int | ||
| 1607 | SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, | ||
| 1608 | unsigned int sid_ctx_len); | ||
| 1609 | |||
| 1610 | SSL_SESSION *SSL_SESSION_new(void); | ||
| 1611 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, | ||
| 1612 | unsigned int *len); | ||
| 1613 | unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); | ||
| 1614 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); | ||
| 1615 | #ifndef OPENSSL_NO_BIO | ||
| 1616 | int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); | ||
| 1617 | #endif | ||
| 1618 | void SSL_SESSION_free(SSL_SESSION *ses); | ||
| 1619 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); | ||
| 1620 | int SSL_set_session(SSL *to, SSL_SESSION *session); | ||
| 1621 | int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | ||
| 1622 | int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); | ||
| 1623 | int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | ||
| 1624 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); | ||
| 1625 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | ||
| 1626 | unsigned int id_len); | ||
| 1627 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, | ||
| 1628 | long length); | ||
| 1629 | |||
| 1630 | #ifdef HEADER_X509_H | ||
| 1631 | X509 * SSL_get_peer_certificate(const SSL *s); | ||
| 1632 | #endif | ||
| 1633 | |||
| 1634 | STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); | ||
| 1635 | |||
| 1636 | int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); | ||
| 1637 | int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); | ||
| 1638 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); | ||
| 1639 | void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, | ||
| 1640 | int (*callback)(int, X509_STORE_CTX *)); | ||
| 1641 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); | ||
| 1642 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg); | ||
| 1643 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); | ||
| 1644 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); | ||
| 1645 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); | ||
| 1646 | int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); | ||
| 1647 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); | ||
| 1648 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); | ||
| 1649 | |||
| 1650 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); | ||
| 1651 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); | ||
| 1652 | |||
| 1653 | int SSL_CTX_check_private_key(const SSL_CTX *ctx); | ||
| 1654 | int SSL_check_private_key(const SSL *ctx); | ||
| 1655 | |||
| 1656 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); | ||
| 1657 | |||
| 1658 | SSL *SSL_new(SSL_CTX *ctx); | ||
| 1659 | int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); | ||
| 1660 | |||
| 1661 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); | ||
| 1662 | int SSL_set_purpose(SSL *s, int purpose); | ||
| 1663 | int SSL_CTX_set_trust(SSL_CTX *s, int trust); | ||
| 1664 | int SSL_set_trust(SSL *s, int trust); | ||
| 1665 | |||
| 1666 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); | ||
| 1667 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); | ||
| 1668 | |||
| 1669 | |||
| 1670 | void SSL_free(SSL *ssl); | ||
| 1671 | int SSL_accept(SSL *ssl); | ||
| 1672 | int SSL_connect(SSL *ssl); | ||
| 1673 | int SSL_read(SSL *ssl, void *buf, int num); | ||
| 1674 | int SSL_peek(SSL *ssl, void *buf, int num); | ||
| 1675 | int SSL_write(SSL *ssl, const void *buf, int num); | ||
| 1676 | long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); | ||
| 1677 | long SSL_callback_ctrl(SSL *, int, void (*)(void)); | ||
| 1678 | long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); | ||
| 1679 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); | ||
| 1680 | |||
| 1681 | int SSL_get_error(const SSL *s, int ret_code); | ||
| 1682 | const char *SSL_get_version(const SSL *s); | ||
| 1683 | |||
| 1684 | /* This sets the 'default' SSL version that SSL_new() will create */ | ||
| 1685 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); | ||
| 1686 | |||
| 1687 | const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | ||
| 1688 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | ||
| 1689 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | ||
| 1690 | |||
| 1691 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ | ||
| 1692 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ | ||
| 1693 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ | ||
| 1694 | |||
| 1695 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | ||
| 1696 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | ||
| 1697 | const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ | ||
| 1698 | |||
| 1699 | const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ | ||
| 1700 | const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ | ||
| 1701 | const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ | ||
| 1702 | |||
| 1703 | const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ | ||
| 1704 | const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ | ||
| 1705 | const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ | ||
| 1706 | |||
| 1707 | |||
| 1708 | const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ | ||
| 1709 | const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ | ||
| 1710 | const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ | ||
| 1711 | |||
| 1712 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); | ||
| 1713 | |||
| 1714 | int SSL_do_handshake(SSL *s); | ||
| 1715 | int SSL_renegotiate(SSL *s); | ||
| 1716 | int SSL_renegotiate_abbreviated(SSL *s); | ||
| 1717 | int SSL_renegotiate_pending(SSL *s); | ||
| 1718 | int SSL_shutdown(SSL *s); | ||
| 1719 | |||
| 1720 | const SSL_METHOD *SSL_get_ssl_method(SSL *s); | ||
| 1721 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); | ||
| 1722 | const char *SSL_alert_type_string_long(int value); | ||
| 1723 | const char *SSL_alert_type_string(int value); | ||
| 1724 | const char *SSL_alert_desc_string_long(int value); | ||
| 1725 | const char *SSL_alert_desc_string(int value); | ||
| 1726 | |||
| 1727 | void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); | ||
| 1728 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); | ||
| 1729 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); | ||
| 1730 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); | ||
| 1731 | int SSL_add_client_CA(SSL *ssl, X509 *x); | ||
| 1732 | int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); | ||
| 1733 | |||
| 1734 | void SSL_set_connect_state(SSL *s); | ||
| 1735 | void SSL_set_accept_state(SSL *s); | ||
| 1736 | |||
| 1737 | long SSL_get_default_timeout(const SSL *s); | ||
| 1738 | |||
| 1739 | int SSL_library_init(void ); | ||
| 1740 | |||
| 1741 | char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); | ||
| 1742 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); | ||
| 1743 | |||
| 1744 | SSL *SSL_dup(SSL *ssl); | ||
| 1745 | |||
| 1746 | X509 *SSL_get_certificate(const SSL *ssl); | ||
| 1747 | /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); | ||
| 1748 | |||
| 1749 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); | ||
| 1750 | int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); | ||
| 1751 | void SSL_set_quiet_shutdown(SSL *ssl,int mode); | ||
| 1752 | int SSL_get_quiet_shutdown(const SSL *ssl); | ||
| 1753 | void SSL_set_shutdown(SSL *ssl,int mode); | ||
| 1754 | int SSL_get_shutdown(const SSL *ssl); | ||
| 1755 | int SSL_version(const SSL *ssl); | ||
| 1756 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); | ||
| 1757 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | ||
| 1758 | const char *CApath); | ||
| 1759 | int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len); | ||
| 1760 | #define SSL_get0_session SSL_get_session /* just peek at pointer */ | ||
| 1761 | SSL_SESSION *SSL_get_session(const SSL *ssl); | ||
| 1762 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ | ||
| 1763 | SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); | ||
| 1764 | SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); | ||
| 1765 | void SSL_set_info_callback(SSL *ssl, | ||
| 1766 | void (*cb)(const SSL *ssl, int type, int val)); | ||
| 1767 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val); | ||
| 1768 | int SSL_state(const SSL *ssl); | ||
| 1769 | void SSL_set_state(SSL *ssl, int state); | ||
| 1770 | |||
| 1771 | void SSL_set_verify_result(SSL *ssl, long v); | ||
| 1772 | long SSL_get_verify_result(const SSL *ssl); | ||
| 1773 | |||
| 1774 | int SSL_set_ex_data(SSL *ssl, int idx, void *data); | ||
| 1775 | void *SSL_get_ex_data(const SSL *ssl, int idx); | ||
| 1776 | int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 1777 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 1778 | |||
| 1779 | int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); | ||
| 1780 | void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); | ||
| 1781 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, | ||
| 1782 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, | ||
| 1783 | CRYPTO_EX_free *free_func); | ||
| 1784 | |||
| 1785 | int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); | ||
| 1786 | void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); | ||
| 1787 | int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 1788 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 1789 | |||
| 1790 | int SSL_get_ex_data_X509_STORE_CTX_idx(void ); | ||
| 1791 | |||
| 1792 | #define SSL_CTX_sess_set_cache_size(ctx,t) \ | ||
| 1793 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) | ||
| 1794 | #define SSL_CTX_sess_get_cache_size(ctx) \ | ||
| 1795 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) | ||
| 1796 | #define SSL_CTX_set_session_cache_mode(ctx,m) \ | ||
| 1797 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) | ||
| 1798 | #define SSL_CTX_get_session_cache_mode(ctx) \ | ||
| 1799 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) | ||
| 1800 | |||
| 1801 | #define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) | ||
| 1802 | #define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) | ||
| 1803 | #define SSL_CTX_get_read_ahead(ctx) \ | ||
| 1804 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) | ||
| 1805 | #define SSL_CTX_set_read_ahead(ctx,m) \ | ||
| 1806 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) | ||
| 1807 | #define SSL_CTX_get_max_cert_list(ctx) \ | ||
| 1808 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) | ||
| 1809 | #define SSL_CTX_set_max_cert_list(ctx,m) \ | ||
| 1810 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) | ||
| 1811 | #define SSL_get_max_cert_list(ssl) \ | ||
| 1812 | SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) | ||
| 1813 | #define SSL_set_max_cert_list(ssl,m) \ | ||
| 1814 | SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) | ||
| 1815 | |||
| 1816 | #define SSL_CTX_set_max_send_fragment(ctx,m) \ | ||
| 1817 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) | ||
| 1818 | #define SSL_set_max_send_fragment(ssl,m) \ | ||
| 1819 | SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) | ||
| 1820 | |||
| 1821 | /* NB: the keylength is only applicable when is_export is true */ | ||
| 1822 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, | ||
| 1823 | RSA *(*cb)(SSL *ssl, int is_export, int keylength)); | ||
| 1824 | |||
| 1825 | void SSL_set_tmp_rsa_callback(SSL *ssl, | ||
| 1826 | RSA *(*cb)(SSL *ssl, int is_export, int keylength)); | ||
| 1827 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, | ||
| 1828 | DH *(*dh)(SSL *ssl, int is_export, int keylength)); | ||
| 1829 | void SSL_set_tmp_dh_callback(SSL *ssl, | ||
| 1830 | DH *(*dh)(SSL *ssl, int is_export, int keylength)); | ||
| 1831 | void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, | ||
| 1832 | EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); | ||
| 1833 | void SSL_set_tmp_ecdh_callback(SSL *ssl, | ||
| 1834 | EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); | ||
| 1835 | |||
| 1836 | const void *SSL_get_current_compression(SSL *s); | ||
| 1837 | const void *SSL_get_current_expansion(SSL *s); | ||
| 1838 | |||
| 1839 | const char *SSL_COMP_get_name(const void *comp); | ||
| 1840 | void *SSL_COMP_get_compression_methods(void); | ||
| 1841 | int SSL_COMP_add_compression_method(int id, void *cm); | ||
| 1842 | |||
| 1843 | /* TLS extensions functions */ | ||
| 1844 | int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); | ||
| 1845 | |||
| 1846 | int SSL_set_session_ticket_ext_cb(SSL *s, | ||
| 1847 | tls_session_ticket_ext_cb_fn cb, void *arg); | ||
| 1848 | |||
| 1849 | /* Pre-shared secret session resumption functions */ | ||
| 1850 | int SSL_set_session_secret_cb(SSL *s, | ||
| 1851 | tls_session_secret_cb_fn tls_session_secret_cb, void *arg); | ||
| 1852 | |||
| 1853 | void SSL_set_debug(SSL *s, int debug); | ||
| 1854 | int SSL_cache_hit(SSL *s); | ||
| 1855 | |||
| 1856 | /* BEGIN ERROR CODES */ | ||
| 1857 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 1858 | * made after this point may be overwritten when the script is next run. | ||
| 1859 | */ | ||
| 1860 | void ERR_load_SSL_strings(void); | ||
| 1861 | |||
| 1862 | /* Error codes for the SSL functions. */ | ||
| 1863 | |||
| 1864 | /* Function codes. */ | ||
| 1865 | #define SSL_F_CLIENT_CERTIFICATE 100 | ||
| 1866 | #define SSL_F_CLIENT_FINISHED 167 | ||
| 1867 | #define SSL_F_CLIENT_HELLO 101 | ||
| 1868 | #define SSL_F_CLIENT_MASTER_KEY 102 | ||
| 1869 | #define SSL_F_D2I_SSL_SESSION 103 | ||
| 1870 | #define SSL_F_DO_DTLS1_WRITE 245 | ||
| 1871 | #define SSL_F_DO_SSL3_WRITE 104 | ||
| 1872 | #define SSL_F_DTLS1_ACCEPT 246 | ||
| 1873 | #define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 | ||
| 1874 | #define SSL_F_DTLS1_BUFFER_RECORD 247 | ||
| 1875 | #define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 | ||
| 1876 | #define SSL_F_DTLS1_CLIENT_HELLO 248 | ||
| 1877 | #define SSL_F_DTLS1_CONNECT 249 | ||
| 1878 | #define SSL_F_DTLS1_ENC 250 | ||
| 1879 | #define SSL_F_DTLS1_GET_HELLO_VERIFY 251 | ||
| 1880 | #define SSL_F_DTLS1_GET_MESSAGE 252 | ||
| 1881 | #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 | ||
| 1882 | #define SSL_F_DTLS1_GET_RECORD 254 | ||
| 1883 | #define SSL_F_DTLS1_HANDLE_TIMEOUT 297 | ||
| 1884 | #define SSL_F_DTLS1_HEARTBEAT 305 | ||
| 1885 | #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 | ||
| 1886 | #define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 | ||
| 1887 | #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 | ||
| 1888 | #define SSL_F_DTLS1_PROCESS_RECORD 257 | ||
| 1889 | #define SSL_F_DTLS1_READ_BYTES 258 | ||
| 1890 | #define SSL_F_DTLS1_READ_FAILED 259 | ||
| 1891 | #define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 | ||
| 1892 | #define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 | ||
| 1893 | #define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 | ||
| 1894 | #define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 | ||
| 1895 | #define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 | ||
| 1896 | #define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 | ||
| 1897 | #define SSL_F_DTLS1_SEND_SERVER_HELLO 266 | ||
| 1898 | #define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 | ||
| 1899 | #define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 | ||
| 1900 | #define SSL_F_GET_CLIENT_FINISHED 105 | ||
| 1901 | #define SSL_F_GET_CLIENT_HELLO 106 | ||
| 1902 | #define SSL_F_GET_CLIENT_MASTER_KEY 107 | ||
| 1903 | #define SSL_F_GET_SERVER_FINISHED 108 | ||
| 1904 | #define SSL_F_GET_SERVER_HELLO 109 | ||
| 1905 | #define SSL_F_GET_SERVER_VERIFY 110 | ||
| 1906 | #define SSL_F_I2D_SSL_SESSION 111 | ||
| 1907 | #define SSL_F_READ_N 112 | ||
| 1908 | #define SSL_F_REQUEST_CERTIFICATE 113 | ||
| 1909 | #define SSL_F_SERVER_FINISH 239 | ||
| 1910 | #define SSL_F_SERVER_HELLO 114 | ||
| 1911 | #define SSL_F_SERVER_VERIFY 240 | ||
| 1912 | #define SSL_F_SSL23_ACCEPT 115 | ||
| 1913 | #define SSL_F_SSL23_CLIENT_HELLO 116 | ||
| 1914 | #define SSL_F_SSL23_CONNECT 117 | ||
| 1915 | #define SSL_F_SSL23_GET_CLIENT_HELLO 118 | ||
| 1916 | #define SSL_F_SSL23_GET_SERVER_HELLO 119 | ||
| 1917 | #define SSL_F_SSL23_PEEK 237 | ||
| 1918 | #define SSL_F_SSL23_READ 120 | ||
| 1919 | #define SSL_F_SSL23_WRITE 121 | ||
| 1920 | #define SSL_F_SSL2_ACCEPT 122 | ||
| 1921 | #define SSL_F_SSL2_CONNECT 123 | ||
| 1922 | #define SSL_F_SSL2_ENC_INIT 124 | ||
| 1923 | #define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 | ||
| 1924 | #define SSL_F_SSL2_PEEK 234 | ||
| 1925 | #define SSL_F_SSL2_READ 125 | ||
| 1926 | #define SSL_F_SSL2_READ_INTERNAL 236 | ||
| 1927 | #define SSL_F_SSL2_SET_CERTIFICATE 126 | ||
| 1928 | #define SSL_F_SSL2_WRITE 127 | ||
| 1929 | #define SSL_F_SSL3_ACCEPT 128 | ||
| 1930 | #define SSL_F_SSL3_ADD_CERT_TO_BUF 296 | ||
| 1931 | #define SSL_F_SSL3_CALLBACK_CTRL 233 | ||
| 1932 | #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 | ||
| 1933 | #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 | ||
| 1934 | #define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 | ||
| 1935 | #define SSL_F_SSL3_CLIENT_HELLO 131 | ||
| 1936 | #define SSL_F_SSL3_CONNECT 132 | ||
| 1937 | #define SSL_F_SSL3_CTRL 213 | ||
| 1938 | #define SSL_F_SSL3_CTX_CTRL 133 | ||
| 1939 | #define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 | ||
| 1940 | #define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 | ||
| 1941 | #define SSL_F_SSL3_ENC 134 | ||
| 1942 | #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 | ||
| 1943 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 | ||
| 1944 | #define SSL_F_SSL3_GET_CERT_STATUS 289 | ||
| 1945 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 | ||
| 1946 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 | ||
| 1947 | #define SSL_F_SSL3_GET_CLIENT_HELLO 138 | ||
| 1948 | #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 | ||
| 1949 | #define SSL_F_SSL3_GET_FINISHED 140 | ||
| 1950 | #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 | ||
| 1951 | #define SSL_F_SSL3_GET_MESSAGE 142 | ||
| 1952 | #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 | ||
| 1953 | #define SSL_F_SSL3_GET_NEXT_PROTO 306 | ||
| 1954 | #define SSL_F_SSL3_GET_RECORD 143 | ||
| 1955 | #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 | ||
| 1956 | #define SSL_F_SSL3_GET_SERVER_DONE 145 | ||
| 1957 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 | ||
| 1958 | #define SSL_F_SSL3_HANDSHAKE_MAC 285 | ||
| 1959 | #define SSL_F_SSL3_NEW_SESSION_TICKET 287 | ||
| 1960 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 | ||
| 1961 | #define SSL_F_SSL3_PEEK 235 | ||
| 1962 | #define SSL_F_SSL3_READ_BYTES 148 | ||
| 1963 | #define SSL_F_SSL3_READ_N 149 | ||
| 1964 | #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 | ||
| 1965 | #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 | ||
| 1966 | #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 | ||
| 1967 | #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 | ||
| 1968 | #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 | ||
| 1969 | #define SSL_F_SSL3_SEND_SERVER_HELLO 242 | ||
| 1970 | #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 | ||
| 1971 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | ||
| 1972 | #define SSL_F_SSL3_SETUP_READ_BUFFER 156 | ||
| 1973 | #define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 | ||
| 1974 | #define SSL_F_SSL3_WRITE_BYTES 158 | ||
| 1975 | #define SSL_F_SSL3_WRITE_PENDING 159 | ||
| 1976 | #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 | ||
| 1977 | #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 | ||
| 1978 | #define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 | ||
| 1979 | #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 | ||
| 1980 | #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 | ||
| 1981 | #define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 | ||
| 1982 | #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 | ||
| 1983 | #define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 | ||
| 1984 | #define SSL_F_SSL_BAD_METHOD 160 | ||
| 1985 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 | ||
| 1986 | #define SSL_F_SSL_CERT_DUP 221 | ||
| 1987 | #define SSL_F_SSL_CERT_INST 222 | ||
| 1988 | #define SSL_F_SSL_CERT_INSTANTIATE 214 | ||
| 1989 | #define SSL_F_SSL_CERT_NEW 162 | ||
| 1990 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 | ||
| 1991 | #define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 | ||
| 1992 | #define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 | ||
| 1993 | #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 | ||
| 1994 | #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 | ||
| 1995 | #define SSL_F_SSL_CLEAR 164 | ||
| 1996 | #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 | ||
| 1997 | #define SSL_F_SSL_CREATE_CIPHER_LIST 166 | ||
| 1998 | #define SSL_F_SSL_CTRL 232 | ||
| 1999 | #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 | ||
| 2000 | #define SSL_F_SSL_CTX_MAKE_PROFILES 309 | ||
| 2001 | #define SSL_F_SSL_CTX_NEW 169 | ||
| 2002 | #define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 | ||
| 2003 | #define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 | ||
| 2004 | #define SSL_F_SSL_CTX_SET_PURPOSE 226 | ||
| 2005 | #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 | ||
| 2006 | #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 | ||
| 2007 | #define SSL_F_SSL_CTX_SET_TRUST 229 | ||
| 2008 | #define SSL_F_SSL_CTX_USE_CERTIFICATE 171 | ||
| 2009 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 | ||
| 2010 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 | ||
| 2011 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 | ||
| 2012 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 | ||
| 2013 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 | ||
| 2014 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 | ||
| 2015 | #define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 | ||
| 2016 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 | ||
| 2017 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 | ||
| 2018 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 | ||
| 2019 | #define SSL_F_SSL_DO_HANDSHAKE 180 | ||
| 2020 | #define SSL_F_SSL_GET_NEW_SESSION 181 | ||
| 2021 | #define SSL_F_SSL_GET_PREV_SESSION 217 | ||
| 2022 | #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 | ||
| 2023 | #define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 | ||
| 2024 | #define SSL_F_SSL_GET_SIGN_PKEY 183 | ||
| 2025 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 | ||
| 2026 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 | ||
| 2027 | #define SSL_F_SSL_NEW 186 | ||
| 2028 | #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 | ||
| 2029 | #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 | ||
| 2030 | #define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 | ||
| 2031 | #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 | ||
| 2032 | #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 | ||
| 2033 | #define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 | ||
| 2034 | #define SSL_F_SSL_PEEK 270 | ||
| 2035 | #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 | ||
| 2036 | #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 | ||
| 2037 | #define SSL_F_SSL_READ 223 | ||
| 2038 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 | ||
| 2039 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 | ||
| 2040 | #define SSL_F_SSL_SESSION_NEW 189 | ||
| 2041 | #define SSL_F_SSL_SESSION_PRINT_FP 190 | ||
| 2042 | #define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 | ||
| 2043 | #define SSL_F_SSL_SESS_CERT_NEW 225 | ||
| 2044 | #define SSL_F_SSL_SET_CERT 191 | ||
| 2045 | #define SSL_F_SSL_SET_CIPHER_LIST 271 | ||
| 2046 | #define SSL_F_SSL_SET_FD 192 | ||
| 2047 | #define SSL_F_SSL_SET_PKEY 193 | ||
| 2048 | #define SSL_F_SSL_SET_PURPOSE 227 | ||
| 2049 | #define SSL_F_SSL_SET_RFD 194 | ||
| 2050 | #define SSL_F_SSL_SET_SESSION 195 | ||
| 2051 | #define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 | ||
| 2052 | #define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 | ||
| 2053 | #define SSL_F_SSL_SET_TRUST 228 | ||
| 2054 | #define SSL_F_SSL_SET_WFD 196 | ||
| 2055 | #define SSL_F_SSL_SHUTDOWN 224 | ||
| 2056 | #define SSL_F_SSL_SRP_CTX_INIT 313 | ||
| 2057 | #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 | ||
| 2058 | #define SSL_F_SSL_UNDEFINED_FUNCTION 197 | ||
| 2059 | #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 | ||
| 2060 | #define SSL_F_SSL_USE_CERTIFICATE 198 | ||
| 2061 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 | ||
| 2062 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 | ||
| 2063 | #define SSL_F_SSL_USE_PRIVATEKEY 201 | ||
| 2064 | #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 | ||
| 2065 | #define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 | ||
| 2066 | #define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 | ||
| 2067 | #define SSL_F_SSL_USE_RSAPRIVATEKEY 204 | ||
| 2068 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 | ||
| 2069 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 | ||
| 2070 | #define SSL_F_SSL_VERIFY_CERT_CHAIN 207 | ||
| 2071 | #define SSL_F_SSL_WRITE 208 | ||
| 2072 | #define SSL_F_TLS1_AEAD_CTX_INIT 339 | ||
| 2073 | #define SSL_F_TLS1_CERT_VERIFY_MAC 286 | ||
| 2074 | #define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 | ||
| 2075 | #define SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD 340 | ||
| 2076 | #define SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER 338 | ||
| 2077 | #define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 | ||
| 2078 | #define SSL_F_TLS1_ENC 210 | ||
| 2079 | #define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 | ||
| 2080 | #define SSL_F_TLS1_HEARTBEAT 315 | ||
| 2081 | #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 | ||
| 2082 | #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 | ||
| 2083 | #define SSL_F_TLS1_PRF 284 | ||
| 2084 | #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 | ||
| 2085 | #define SSL_F_WRITE_PENDING 212 | ||
| 2086 | |||
| 2087 | /* Reason codes. */ | ||
| 2088 | #define SSL_R_APP_DATA_IN_HANDSHAKE 100 | ||
| 2089 | #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 | ||
| 2090 | #define SSL_R_BAD_ALERT_RECORD 101 | ||
| 2091 | #define SSL_R_BAD_AUTHENTICATION_TYPE 102 | ||
| 2092 | #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 | ||
| 2093 | #define SSL_R_BAD_CHECKSUM 104 | ||
| 2094 | #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 | ||
| 2095 | #define SSL_R_BAD_DECOMPRESSION 107 | ||
| 2096 | #define SSL_R_BAD_DH_G_LENGTH 108 | ||
| 2097 | #define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 | ||
| 2098 | #define SSL_R_BAD_DH_P_LENGTH 110 | ||
| 2099 | #define SSL_R_BAD_DIGEST_LENGTH 111 | ||
| 2100 | #define SSL_R_BAD_DSA_SIGNATURE 112 | ||
| 2101 | #define SSL_R_BAD_ECC_CERT 304 | ||
| 2102 | #define SSL_R_BAD_ECDSA_SIGNATURE 305 | ||
| 2103 | #define SSL_R_BAD_ECPOINT 306 | ||
| 2104 | #define SSL_R_BAD_HANDSHAKE_LENGTH 332 | ||
| 2105 | #define SSL_R_BAD_HELLO_REQUEST 105 | ||
| 2106 | #define SSL_R_BAD_LENGTH 271 | ||
| 2107 | #define SSL_R_BAD_MAC_DECODE 113 | ||
| 2108 | #define SSL_R_BAD_MAC_LENGTH 333 | ||
| 2109 | #define SSL_R_BAD_MESSAGE_TYPE 114 | ||
| 2110 | #define SSL_R_BAD_PACKET_LENGTH 115 | ||
| 2111 | #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 | ||
| 2112 | #define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 | ||
| 2113 | #define SSL_R_BAD_RESPONSE_ARGUMENT 117 | ||
| 2114 | #define SSL_R_BAD_RSA_DECRYPT 118 | ||
| 2115 | #define SSL_R_BAD_RSA_ENCRYPT 119 | ||
| 2116 | #define SSL_R_BAD_RSA_E_LENGTH 120 | ||
| 2117 | #define SSL_R_BAD_RSA_MODULUS_LENGTH 121 | ||
| 2118 | #define SSL_R_BAD_RSA_SIGNATURE 122 | ||
| 2119 | #define SSL_R_BAD_SIGNATURE 123 | ||
| 2120 | #define SSL_R_BAD_SRP_A_LENGTH 347 | ||
| 2121 | #define SSL_R_BAD_SRP_B_LENGTH 348 | ||
| 2122 | #define SSL_R_BAD_SRP_G_LENGTH 349 | ||
| 2123 | #define SSL_R_BAD_SRP_N_LENGTH 350 | ||
| 2124 | #define SSL_R_BAD_SRP_S_LENGTH 351 | ||
| 2125 | #define SSL_R_BAD_SRTP_MKI_VALUE 352 | ||
| 2126 | #define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 | ||
| 2127 | #define SSL_R_BAD_SSL_FILETYPE 124 | ||
| 2128 | #define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 | ||
| 2129 | #define SSL_R_BAD_STATE 126 | ||
| 2130 | #define SSL_R_BAD_WRITE_RETRY 127 | ||
| 2131 | #define SSL_R_BIO_NOT_SET 128 | ||
| 2132 | #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 | ||
| 2133 | #define SSL_R_BN_LIB 130 | ||
| 2134 | #define SSL_R_CA_DN_LENGTH_MISMATCH 131 | ||
| 2135 | #define SSL_R_CA_DN_TOO_LONG 132 | ||
| 2136 | #define SSL_R_CCS_RECEIVED_EARLY 133 | ||
| 2137 | #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 | ||
| 2138 | #define SSL_R_CERT_LENGTH_MISMATCH 135 | ||
| 2139 | #define SSL_R_CHALLENGE_IS_DIFFERENT 136 | ||
| 2140 | #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 | ||
| 2141 | #define SSL_R_CIPHER_COMPRESSION_UNAVAILABLE 371 | ||
| 2142 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 | ||
| 2143 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 | ||
| 2144 | #define SSL_R_CLIENTHELLO_TLSEXT 226 | ||
| 2145 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 | ||
| 2146 | #define SSL_R_COMPRESSION_DISABLED 343 | ||
| 2147 | #define SSL_R_COMPRESSION_FAILURE 141 | ||
| 2148 | #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 | ||
| 2149 | #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 | ||
| 2150 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 | ||
| 2151 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 | ||
| 2152 | #define SSL_R_COOKIE_MISMATCH 308 | ||
| 2153 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 | ||
| 2154 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 | ||
| 2155 | #define SSL_R_DECRYPTION_FAILED 147 | ||
| 2156 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 | ||
| 2157 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 | ||
| 2158 | #define SSL_R_DIGEST_CHECK_FAILED 149 | ||
| 2159 | #define SSL_R_DTLS_MESSAGE_TOO_BIG 334 | ||
| 2160 | #define SSL_R_DUPLICATE_COMPRESSION_ID 309 | ||
| 2161 | #define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 | ||
| 2162 | #define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 | ||
| 2163 | #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 | ||
| 2164 | #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 | ||
| 2165 | #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 | ||
| 2166 | #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 | ||
| 2167 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 | ||
| 2168 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 | ||
| 2169 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 | ||
| 2170 | #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 | ||
| 2171 | #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 | ||
| 2172 | #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 | ||
| 2173 | #define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 | ||
| 2174 | #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 | ||
| 2175 | #define SSL_R_HTTPS_PROXY_REQUEST 155 | ||
| 2176 | #define SSL_R_HTTP_REQUEST 156 | ||
| 2177 | #define SSL_R_ILLEGAL_PADDING 283 | ||
| 2178 | #define SSL_R_INAPPROPRIATE_FALLBACK 373 | ||
| 2179 | #define SSL_R_INCONSISTENT_COMPRESSION 340 | ||
| 2180 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 | ||
| 2181 | #define SSL_R_INVALID_COMMAND 280 | ||
| 2182 | #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 | ||
| 2183 | #define SSL_R_INVALID_PURPOSE 278 | ||
| 2184 | #define SSL_R_INVALID_SRP_USERNAME 357 | ||
| 2185 | #define SSL_R_INVALID_STATUS_RESPONSE 328 | ||
| 2186 | #define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 | ||
| 2187 | #define SSL_R_INVALID_TRUST 279 | ||
| 2188 | #define SSL_R_KEY_ARG_TOO_LONG 284 | ||
| 2189 | #define SSL_R_KRB5 285 | ||
| 2190 | #define SSL_R_KRB5_C_CC_PRINC 286 | ||
| 2191 | #define SSL_R_KRB5_C_GET_CRED 287 | ||
| 2192 | #define SSL_R_KRB5_C_INIT 288 | ||
| 2193 | #define SSL_R_KRB5_C_MK_REQ 289 | ||
| 2194 | #define SSL_R_KRB5_S_BAD_TICKET 290 | ||
| 2195 | #define SSL_R_KRB5_S_INIT 291 | ||
| 2196 | #define SSL_R_KRB5_S_RD_REQ 292 | ||
| 2197 | #define SSL_R_KRB5_S_TKT_EXPIRED 293 | ||
| 2198 | #define SSL_R_KRB5_S_TKT_NYV 294 | ||
| 2199 | #define SSL_R_KRB5_S_TKT_SKEW 295 | ||
| 2200 | #define SSL_R_LENGTH_MISMATCH 159 | ||
| 2201 | #define SSL_R_LENGTH_TOO_SHORT 160 | ||
| 2202 | #define SSL_R_LIBRARY_BUG 274 | ||
| 2203 | #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 | ||
| 2204 | #define SSL_R_MESSAGE_TOO_LONG 296 | ||
| 2205 | #define SSL_R_MISSING_DH_DSA_CERT 162 | ||
| 2206 | #define SSL_R_MISSING_DH_KEY 163 | ||
| 2207 | #define SSL_R_MISSING_DH_RSA_CERT 164 | ||
| 2208 | #define SSL_R_MISSING_DSA_SIGNING_CERT 165 | ||
| 2209 | #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 | ||
| 2210 | #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 | ||
| 2211 | #define SSL_R_MISSING_RSA_CERTIFICATE 168 | ||
| 2212 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 | ||
| 2213 | #define SSL_R_MISSING_RSA_SIGNING_CERT 170 | ||
| 2214 | #define SSL_R_MISSING_SRP_PARAM 358 | ||
| 2215 | #define SSL_R_MISSING_TMP_DH_KEY 171 | ||
| 2216 | #define SSL_R_MISSING_TMP_ECDH_KEY 311 | ||
| 2217 | #define SSL_R_MISSING_TMP_RSA_KEY 172 | ||
| 2218 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 | ||
| 2219 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 | ||
| 2220 | #define SSL_R_MULTIPLE_SGC_RESTARTS 346 | ||
| 2221 | #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 | ||
| 2222 | #define SSL_R_NO_CERTIFICATES_RETURNED 176 | ||
| 2223 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 | ||
| 2224 | #define SSL_R_NO_CERTIFICATE_RETURNED 178 | ||
| 2225 | #define SSL_R_NO_CERTIFICATE_SET 179 | ||
| 2226 | #define SSL_R_NO_CERTIFICATE_SPECIFIED 180 | ||
| 2227 | #define SSL_R_NO_CIPHERS_AVAILABLE 181 | ||
| 2228 | #define SSL_R_NO_CIPHERS_PASSED 182 | ||
| 2229 | #define SSL_R_NO_CIPHERS_SPECIFIED 183 | ||
| 2230 | #define SSL_R_NO_CIPHER_LIST 184 | ||
| 2231 | #define SSL_R_NO_CIPHER_MATCH 185 | ||
| 2232 | #define SSL_R_NO_CLIENT_CERT_METHOD 331 | ||
| 2233 | #define SSL_R_NO_CLIENT_CERT_RECEIVED 186 | ||
| 2234 | #define SSL_R_NO_COMPRESSION_SPECIFIED 187 | ||
| 2235 | #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 | ||
| 2236 | #define SSL_R_NO_METHOD_SPECIFIED 188 | ||
| 2237 | #define SSL_R_NO_PRIVATEKEY 189 | ||
| 2238 | #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 | ||
| 2239 | #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 | ||
| 2240 | #define SSL_R_NO_PUBLICKEY 192 | ||
| 2241 | #define SSL_R_NO_RENEGOTIATION 339 | ||
| 2242 | #define SSL_R_NO_REQUIRED_DIGEST 324 | ||
| 2243 | #define SSL_R_NO_SHARED_CIPHER 193 | ||
| 2244 | #define SSL_R_NO_SRTP_PROFILES 359 | ||
| 2245 | #define SSL_R_NO_VERIFY_CALLBACK 194 | ||
| 2246 | #define SSL_R_NULL_SSL_CTX 195 | ||
| 2247 | #define SSL_R_NULL_SSL_METHOD_PASSED 196 | ||
| 2248 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 | ||
| 2249 | #define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 | ||
| 2250 | #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 | ||
| 2251 | #define SSL_R_PACKET_LENGTH_TOO_LONG 198 | ||
| 2252 | #define SSL_R_PARSE_TLSEXT 227 | ||
| 2253 | #define SSL_R_PATH_TOO_LONG 270 | ||
| 2254 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 | ||
| 2255 | #define SSL_R_PEER_ERROR 200 | ||
| 2256 | #define SSL_R_PEER_ERROR_CERTIFICATE 201 | ||
| 2257 | #define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 | ||
| 2258 | #define SSL_R_PEER_ERROR_NO_CIPHER 203 | ||
| 2259 | #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 | ||
| 2260 | #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 | ||
| 2261 | #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 | ||
| 2262 | #define SSL_R_PROTOCOL_IS_SHUTDOWN 207 | ||
| 2263 | #define SSL_R_PSK_IDENTITY_NOT_FOUND 223 | ||
| 2264 | #define SSL_R_PSK_NO_CLIENT_CB 224 | ||
| 2265 | #define SSL_R_PSK_NO_SERVER_CB 225 | ||
| 2266 | #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 | ||
| 2267 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 | ||
| 2268 | #define SSL_R_PUBLIC_KEY_NOT_RSA 210 | ||
| 2269 | #define SSL_R_READ_BIO_NOT_SET 211 | ||
| 2270 | #define SSL_R_READ_TIMEOUT_EXPIRED 312 | ||
| 2271 | #define SSL_R_READ_WRONG_PACKET_TYPE 212 | ||
| 2272 | #define SSL_R_RECORD_LENGTH_MISMATCH 213 | ||
| 2273 | #define SSL_R_RECORD_TOO_LARGE 214 | ||
| 2274 | #define SSL_R_RECORD_TOO_SMALL 298 | ||
| 2275 | #define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 | ||
| 2276 | #define SSL_R_RENEGOTIATION_ENCODING_ERR 336 | ||
| 2277 | #define SSL_R_RENEGOTIATION_MISMATCH 337 | ||
| 2278 | #define SSL_R_REQUIRED_CIPHER_MISSING 215 | ||
| 2279 | #define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 | ||
| 2280 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 | ||
| 2281 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 | ||
| 2282 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 | ||
| 2283 | #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 | ||
| 2284 | #define SSL_R_SERVERHELLO_TLSEXT 275 | ||
| 2285 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 | ||
| 2286 | #define SSL_R_SHORT_READ 219 | ||
| 2287 | #define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 | ||
| 2288 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | ||
| 2289 | #define SSL_R_SRP_A_CALC 361 | ||
| 2290 | #define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 | ||
| 2291 | #define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 | ||
| 2292 | #define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 | ||
| 2293 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | ||
| 2294 | #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 | ||
| 2295 | #define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 | ||
| 2296 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 | ||
| 2297 | #define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 | ||
| 2298 | #define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 | ||
| 2299 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | ||
| 2300 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | ||
| 2301 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 | ||
| 2302 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 | ||
| 2303 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 | ||
| 2304 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 | ||
| 2305 | #define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 | ||
| 2306 | #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 | ||
| 2307 | #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 | ||
| 2308 | #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 | ||
| 2309 | #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 | ||
| 2310 | #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 | ||
| 2311 | #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 | ||
| 2312 | #define SSL_R_SSL_HANDSHAKE_FAILURE 229 | ||
| 2313 | #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 | ||
| 2314 | #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 | ||
| 2315 | #define SSL_R_SSL_SESSION_ID_CONFLICT 302 | ||
| 2316 | #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 | ||
| 2317 | #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 | ||
| 2318 | #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 | ||
| 2319 | #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 | ||
| 2320 | #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 | ||
| 2321 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 | ||
| 2322 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 | ||
| 2323 | #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 | ||
| 2324 | #define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 | ||
| 2325 | #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 | ||
| 2326 | #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 | ||
| 2327 | #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 | ||
| 2328 | #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 | ||
| 2329 | #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 | ||
| 2330 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 | ||
| 2331 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 | ||
| 2332 | #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 | ||
| 2333 | #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 | ||
| 2334 | #define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 | ||
| 2335 | #define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 | ||
| 2336 | #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 | ||
| 2337 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 | ||
| 2338 | #define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 | ||
| 2339 | #define SSL_R_TLS_HEARTBEAT_PENDING 366 | ||
| 2340 | #define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 | ||
| 2341 | #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 | ||
| 2342 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 | ||
| 2343 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 | ||
| 2344 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 | ||
| 2345 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 | ||
| 2346 | #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 | ||
| 2347 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 | ||
| 2348 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 | ||
| 2349 | #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 | ||
| 2350 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 | ||
| 2351 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 | ||
| 2352 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 | ||
| 2353 | #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 | ||
| 2354 | #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 | ||
| 2355 | #define SSL_R_UNEXPECTED_MESSAGE 244 | ||
| 2356 | #define SSL_R_UNEXPECTED_RECORD 245 | ||
| 2357 | #define SSL_R_UNINITIALIZED 276 | ||
| 2358 | #define SSL_R_UNKNOWN_ALERT_TYPE 246 | ||
| 2359 | #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 | ||
| 2360 | #define SSL_R_UNKNOWN_CIPHER_RETURNED 248 | ||
| 2361 | #define SSL_R_UNKNOWN_CIPHER_TYPE 249 | ||
| 2362 | #define SSL_R_UNKNOWN_DIGEST 368 | ||
| 2363 | #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 | ||
| 2364 | #define SSL_R_UNKNOWN_PKEY_TYPE 251 | ||
| 2365 | #define SSL_R_UNKNOWN_PROTOCOL 252 | ||
| 2366 | #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 | ||
| 2367 | #define SSL_R_UNKNOWN_SSL_VERSION 254 | ||
| 2368 | #define SSL_R_UNKNOWN_STATE 255 | ||
| 2369 | #define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 | ||
| 2370 | #define SSL_R_UNSUPPORTED_CIPHER 256 | ||
| 2371 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 | ||
| 2372 | #define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 | ||
| 2373 | #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 | ||
| 2374 | #define SSL_R_UNSUPPORTED_PROTOCOL 258 | ||
| 2375 | #define SSL_R_UNSUPPORTED_SSL_VERSION 259 | ||
| 2376 | #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 | ||
| 2377 | #define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 | ||
| 2378 | #define SSL_R_WRITE_BIO_NOT_SET 260 | ||
| 2379 | #define SSL_R_WRONG_CIPHER_RETURNED 261 | ||
| 2380 | #define SSL_R_WRONG_CURVE 378 | ||
| 2381 | #define SSL_R_WRONG_MESSAGE_TYPE 262 | ||
| 2382 | #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 | ||
| 2383 | #define SSL_R_WRONG_SIGNATURE_LENGTH 264 | ||
| 2384 | #define SSL_R_WRONG_SIGNATURE_SIZE 265 | ||
| 2385 | #define SSL_R_WRONG_SIGNATURE_TYPE 370 | ||
| 2386 | #define SSL_R_WRONG_SSL_VERSION 266 | ||
| 2387 | #define SSL_R_WRONG_VERSION_NUMBER 267 | ||
| 2388 | #define SSL_R_X509_LIB 268 | ||
| 2389 | #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 | ||
| 2390 | |||
| 2391 | #ifdef __cplusplus | ||
| 2392 | } | ||
| 2393 | #endif | ||
| 2394 | #endif | ||
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h deleted file mode 100644 index 3a8d300729..0000000000 --- a/src/lib/libssl/ssl2.h +++ /dev/null | |||
| @@ -1,153 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl2.h,v 1.12 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #ifndef HEADER_SSL2_H | ||
| 60 | #define HEADER_SSL2_H | ||
| 61 | |||
| 62 | #ifdef __cplusplus | ||
| 63 | extern "C" { | ||
| 64 | #endif | ||
| 65 | |||
| 66 | /* Protocol Version Codes */ | ||
| 67 | #define SSL2_VERSION 0x0002 | ||
| 68 | #define SSL2_VERSION_MAJOR 0x00 | ||
| 69 | #define SSL2_VERSION_MINOR 0x02 | ||
| 70 | /* #define SSL2_CLIENT_VERSION 0x0002 */ | ||
| 71 | /* #define SSL2_SERVER_VERSION 0x0002 */ | ||
| 72 | |||
| 73 | /* Protocol Message Codes */ | ||
| 74 | #define SSL2_MT_ERROR 0 | ||
| 75 | #define SSL2_MT_CLIENT_HELLO 1 | ||
| 76 | #define SSL2_MT_CLIENT_MASTER_KEY 2 | ||
| 77 | #define SSL2_MT_CLIENT_FINISHED 3 | ||
| 78 | #define SSL2_MT_SERVER_HELLO 4 | ||
| 79 | #define SSL2_MT_SERVER_VERIFY 5 | ||
| 80 | #define SSL2_MT_SERVER_FINISHED 6 | ||
| 81 | #define SSL2_MT_REQUEST_CERTIFICATE 7 | ||
| 82 | #define SSL2_MT_CLIENT_CERTIFICATE 8 | ||
| 83 | |||
| 84 | /* Error Message Codes */ | ||
| 85 | #define SSL2_PE_UNDEFINED_ERROR 0x0000 | ||
| 86 | #define SSL2_PE_NO_CIPHER 0x0001 | ||
| 87 | #define SSL2_PE_NO_CERTIFICATE 0x0002 | ||
| 88 | #define SSL2_PE_BAD_CERTIFICATE 0x0004 | ||
| 89 | #define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 | ||
| 90 | |||
| 91 | /* Cipher Kind Values */ | ||
| 92 | #define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */ | ||
| 93 | #define SSL2_CK_RC4_128_WITH_MD5 0x02010080 | ||
| 94 | #define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 | ||
| 95 | #define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 | ||
| 96 | #define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 | ||
| 97 | #define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 | ||
| 98 | #define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 | ||
| 99 | #define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */ | ||
| 100 | #define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 | ||
| 101 | #define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */ | ||
| 102 | #define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */ | ||
| 103 | |||
| 104 | #define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */ | ||
| 105 | #define SSL2_CK_NULL 0x02ff0810 /* SSLeay */ | ||
| 106 | |||
| 107 | #define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" | ||
| 108 | #define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" | ||
| 109 | #define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" | ||
| 110 | #define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" | ||
| 111 | #define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" | ||
| 112 | #define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" | ||
| 113 | #define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" | ||
| 114 | #define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" | ||
| 115 | #define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" | ||
| 116 | #define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" | ||
| 117 | #define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" | ||
| 118 | #define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" | ||
| 119 | |||
| 120 | #define SSL2_TXT_NULL "NULL" | ||
| 121 | |||
| 122 | /* Flags for the SSL_CIPHER.algorithm2 field */ | ||
| 123 | #define SSL2_CF_5_BYTE_ENC 0x01 | ||
| 124 | #define SSL2_CF_8_BYTE_ENC 0x02 | ||
| 125 | |||
| 126 | /* Certificate Type Codes */ | ||
| 127 | #define SSL2_CT_X509_CERTIFICATE 0x01 | ||
| 128 | |||
| 129 | /* Authentication Type Code */ | ||
| 130 | #define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 | ||
| 131 | |||
| 132 | #define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 | ||
| 133 | |||
| 134 | /* Upper/Lower Bounds */ | ||
| 135 | #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 | ||
| 136 | #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ | ||
| 137 | #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ | ||
| 138 | |||
| 139 | #define SSL2_CHALLENGE_LENGTH 16 | ||
| 140 | /*#define SSL2_CHALLENGE_LENGTH 32 */ | ||
| 141 | #define SSL2_MIN_CHALLENGE_LENGTH 16 | ||
| 142 | #define SSL2_MAX_CHALLENGE_LENGTH 32 | ||
| 143 | #define SSL2_CONNECTION_ID_LENGTH 16 | ||
| 144 | #define SSL2_MAX_CONNECTION_ID_LENGTH 16 | ||
| 145 | #define SSL2_SSL_SESSION_ID_LENGTH 16 | ||
| 146 | #define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 | ||
| 147 | #define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 | ||
| 148 | #define SSL2_MAX_KEY_MATERIAL_LENGTH 24 | ||
| 149 | |||
| 150 | #ifdef __cplusplus | ||
| 151 | } | ||
| 152 | #endif | ||
| 153 | #endif | ||
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h deleted file mode 100644 index 570e4b0171..0000000000 --- a/src/lib/libssl/ssl23.h +++ /dev/null | |||
| @@ -1,82 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl23.h,v 1.4 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #ifndef HEADER_SSL23_H | ||
| 60 | #define HEADER_SSL23_H | ||
| 61 | |||
| 62 | #ifdef __cplusplus | ||
| 63 | extern "C" { | ||
| 64 | #endif | ||
| 65 | |||
| 66 | /*client */ | ||
| 67 | /* write to server */ | ||
| 68 | #define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) | ||
| 69 | #define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) | ||
| 70 | /* read from server */ | ||
| 71 | #define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) | ||
| 72 | #define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) | ||
| 73 | |||
| 74 | /* server */ | ||
| 75 | /* read from client */ | ||
| 76 | #define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) | ||
| 77 | #define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) | ||
| 78 | |||
| 79 | #ifdef __cplusplus | ||
| 80 | } | ||
| 81 | #endif | ||
| 82 | #endif | ||
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h deleted file mode 100644 index 61f600c55d..0000000000 --- a/src/lib/libssl/ssl3.h +++ /dev/null | |||
| @@ -1,636 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.36 2015/02/22 15:54:27 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | |||
| 117 | #ifndef HEADER_SSL3_H | ||
| 118 | #define HEADER_SSL3_H | ||
| 119 | |||
| 120 | #include <openssl/buffer.h> | ||
| 121 | #include <openssl/evp.h> | ||
| 122 | #include <openssl/ssl.h> | ||
| 123 | |||
| 124 | #ifdef __cplusplus | ||
| 125 | extern "C" { | ||
| 126 | #endif | ||
| 127 | |||
| 128 | /* TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. */ | ||
| 129 | #define SSL3_CK_SCSV 0x030000FF | ||
| 130 | |||
| 131 | /* TLS_FALLBACK_SCSV from draft-ietf-tls-downgrade-scsv-03. */ | ||
| 132 | #define SSL3_CK_FALLBACK_SCSV 0x03005600 | ||
| 133 | |||
| 134 | #define SSL3_CK_RSA_NULL_MD5 0x03000001 | ||
| 135 | #define SSL3_CK_RSA_NULL_SHA 0x03000002 | ||
| 136 | #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 | ||
| 137 | #define SSL3_CK_RSA_RC4_128_MD5 0x03000004 | ||
| 138 | #define SSL3_CK_RSA_RC4_128_SHA 0x03000005 | ||
| 139 | #define SSL3_CK_RSA_RC2_40_MD5 0x03000006 | ||
| 140 | #define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 | ||
| 141 | #define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 | ||
| 142 | #define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 | ||
| 143 | #define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A | ||
| 144 | |||
| 145 | #define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B | ||
| 146 | #define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C | ||
| 147 | #define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D | ||
| 148 | #define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E | ||
| 149 | #define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F | ||
| 150 | #define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 | ||
| 151 | |||
| 152 | #define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 | ||
| 153 | #define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 | ||
| 154 | #define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 | ||
| 155 | #define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 | ||
| 156 | #define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 | ||
| 157 | #define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 | ||
| 158 | |||
| 159 | #define SSL3_CK_ADH_RC4_40_MD5 0x03000017 | ||
| 160 | #define SSL3_CK_ADH_RC4_128_MD5 0x03000018 | ||
| 161 | #define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 | ||
| 162 | #define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A | ||
| 163 | #define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B | ||
| 164 | |||
| 165 | /* VRS Additional Kerberos5 entries | ||
| 166 | */ | ||
| 167 | #define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E | ||
| 168 | #define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F | ||
| 169 | #define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 | ||
| 170 | #define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 | ||
| 171 | #define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 | ||
| 172 | #define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 | ||
| 173 | #define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 | ||
| 174 | #define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 | ||
| 175 | |||
| 176 | #define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 | ||
| 177 | #define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 | ||
| 178 | #define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 | ||
| 179 | #define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 | ||
| 180 | #define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A | ||
| 181 | #define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B | ||
| 182 | |||
| 183 | #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" | ||
| 184 | #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" | ||
| 185 | #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" | ||
| 186 | #define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" | ||
| 187 | #define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" | ||
| 188 | #define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" | ||
| 189 | #define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" | ||
| 190 | #define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" | ||
| 191 | #define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" | ||
| 192 | #define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" | ||
| 193 | |||
| 194 | #define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" | ||
| 195 | #define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" | ||
| 196 | #define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" | ||
| 197 | #define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" | ||
| 198 | #define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" | ||
| 199 | #define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" | ||
| 200 | |||
| 201 | #define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" | ||
| 202 | #define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" | ||
| 203 | #define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" | ||
| 204 | #define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" | ||
| 205 | #define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" | ||
| 206 | #define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" | ||
| 207 | |||
| 208 | #define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" | ||
| 209 | #define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" | ||
| 210 | #define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" | ||
| 211 | #define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" | ||
| 212 | #define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" | ||
| 213 | |||
| 214 | #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" | ||
| 215 | #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" | ||
| 216 | #define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" | ||
| 217 | #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" | ||
| 218 | #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" | ||
| 219 | #define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" | ||
| 220 | #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" | ||
| 221 | #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" | ||
| 222 | |||
| 223 | #define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" | ||
| 224 | #define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" | ||
| 225 | #define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" | ||
| 226 | #define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" | ||
| 227 | #define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" | ||
| 228 | #define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" | ||
| 229 | |||
| 230 | #define SSL3_SSL_SESSION_ID_LENGTH 32 | ||
| 231 | #define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 | ||
| 232 | |||
| 233 | #define SSL3_MASTER_SECRET_SIZE 48 | ||
| 234 | #define SSL3_RANDOM_SIZE 32 | ||
| 235 | #define SSL3_SEQUENCE_SIZE 8 | ||
| 236 | #define SSL3_SESSION_ID_SIZE 32 | ||
| 237 | #define SSL3_CIPHER_VALUE_SIZE 2 | ||
| 238 | |||
| 239 | #define SSL3_RT_HEADER_LENGTH 5 | ||
| 240 | #define SSL3_HM_HEADER_LENGTH 4 | ||
| 241 | |||
| 242 | #define SSL3_ALIGN_PAYLOAD 8 | ||
| 243 | |||
| 244 | /* This is the maximum MAC (digest) size used by the SSL library. | ||
| 245 | * Currently maximum of 20 is used by SHA1, but we reserve for | ||
| 246 | * future extension for 512-bit hashes. | ||
| 247 | */ | ||
| 248 | |||
| 249 | #define SSL3_RT_MAX_MD_SIZE 64 | ||
| 250 | |||
| 251 | /* Maximum block size used in all ciphersuites. Currently 16 for AES. | ||
| 252 | */ | ||
| 253 | |||
| 254 | #define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 | ||
| 255 | |||
| 256 | #define SSL3_RT_MAX_EXTRA (16384) | ||
| 257 | |||
| 258 | /* Maximum plaintext length: defined by SSL/TLS standards */ | ||
| 259 | #define SSL3_RT_MAX_PLAIN_LENGTH 16384 | ||
| 260 | /* Maximum compression overhead: defined by SSL/TLS standards */ | ||
| 261 | #define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 | ||
| 262 | |||
| 263 | /* The standards give a maximum encryption overhead of 1024 bytes. | ||
| 264 | * In practice the value is lower than this. The overhead is the maximum | ||
| 265 | * number of padding bytes (256) plus the mac size. | ||
| 266 | */ | ||
| 267 | #define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) | ||
| 268 | |||
| 269 | /* OpenSSL currently only uses a padding length of at most one block so | ||
| 270 | * the send overhead is smaller. | ||
| 271 | */ | ||
| 272 | |||
| 273 | #define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ | ||
| 274 | (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) | ||
| 275 | |||
| 276 | /* If compression isn't used don't include the compression overhead */ | ||
| 277 | #define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH | ||
| 278 | #define SSL3_RT_MAX_ENCRYPTED_LENGTH \ | ||
| 279 | (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) | ||
| 280 | #define SSL3_RT_MAX_PACKET_SIZE \ | ||
| 281 | (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) | ||
| 282 | |||
| 283 | #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" | ||
| 284 | #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" | ||
| 285 | |||
| 286 | #define SSL3_VERSION 0x0300 | ||
| 287 | #define SSL3_VERSION_MAJOR 0x03 | ||
| 288 | #define SSL3_VERSION_MINOR 0x00 | ||
| 289 | |||
| 290 | #define SSL3_RT_CHANGE_CIPHER_SPEC 20 | ||
| 291 | #define SSL3_RT_ALERT 21 | ||
| 292 | #define SSL3_RT_HANDSHAKE 22 | ||
| 293 | #define SSL3_RT_APPLICATION_DATA 23 | ||
| 294 | #define TLS1_RT_HEARTBEAT 24 | ||
| 295 | |||
| 296 | #define SSL3_AL_WARNING 1 | ||
| 297 | #define SSL3_AL_FATAL 2 | ||
| 298 | |||
| 299 | #define SSL3_AD_CLOSE_NOTIFY 0 | ||
| 300 | #define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ | ||
| 301 | #define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ | ||
| 302 | #define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ | ||
| 303 | #define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ | ||
| 304 | #define SSL3_AD_NO_CERTIFICATE 41 | ||
| 305 | #define SSL3_AD_BAD_CERTIFICATE 42 | ||
| 306 | #define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 | ||
| 307 | #define SSL3_AD_CERTIFICATE_REVOKED 44 | ||
| 308 | #define SSL3_AD_CERTIFICATE_EXPIRED 45 | ||
| 309 | #define SSL3_AD_CERTIFICATE_UNKNOWN 46 | ||
| 310 | #define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ | ||
| 311 | |||
| 312 | #define TLS1_HB_REQUEST 1 | ||
| 313 | #define TLS1_HB_RESPONSE 2 | ||
| 314 | |||
| 315 | #ifndef OPENSSL_NO_SSL_INTERN | ||
| 316 | |||
| 317 | typedef struct ssl3_record_st { | ||
| 318 | /*r */ int type; /* type of record */ | ||
| 319 | /*rw*/ unsigned int length; /* How many bytes available */ | ||
| 320 | /*r */ unsigned int off; /* read/write offset into 'buf' */ | ||
| 321 | /*rw*/ unsigned char *data; /* pointer to the record data */ | ||
| 322 | /*rw*/ unsigned char *input; /* where the decode bytes are */ | ||
| 323 | /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ | ||
| 324 | /*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ | ||
| 325 | } SSL3_RECORD; | ||
| 326 | |||
| 327 | typedef struct ssl3_buffer_st { | ||
| 328 | unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, | ||
| 329 | * see ssl3_setup_buffers() */ | ||
| 330 | size_t len; /* buffer size */ | ||
| 331 | int offset; /* where to 'copy from' */ | ||
| 332 | int left; /* how many bytes left */ | ||
| 333 | } SSL3_BUFFER; | ||
| 334 | |||
| 335 | #endif | ||
| 336 | |||
| 337 | #define SSL3_CT_RSA_SIGN 1 | ||
| 338 | #define SSL3_CT_DSS_SIGN 2 | ||
| 339 | #define SSL3_CT_RSA_FIXED_DH 3 | ||
| 340 | #define SSL3_CT_DSS_FIXED_DH 4 | ||
| 341 | #define SSL3_CT_RSA_EPHEMERAL_DH 5 | ||
| 342 | #define SSL3_CT_DSS_EPHEMERAL_DH 6 | ||
| 343 | #define SSL3_CT_FORTEZZA_DMS 20 | ||
| 344 | /* SSL3_CT_NUMBER is used to size arrays and it must be large | ||
| 345 | * enough to contain all of the cert types defined either for | ||
| 346 | * SSLv3 and TLSv1. | ||
| 347 | */ | ||
| 348 | #define SSL3_CT_NUMBER 11 | ||
| 349 | |||
| 350 | |||
| 351 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | ||
| 352 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | ||
| 353 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | ||
| 354 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | ||
| 355 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | ||
| 356 | #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 | ||
| 357 | #define SSL3_FLAGS_CCS_OK 0x0080 | ||
| 358 | |||
| 359 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
| 360 | * restart a handshake because of MS SGC and so prevents us | ||
| 361 | * from restarting the handshake in a loop. It's reset on a | ||
| 362 | * renegotiation, so effectively limits the client to one restart | ||
| 363 | * per negotiation. This limits the possibility of a DDoS | ||
| 364 | * attack where the client handshakes in a loop using SGC to | ||
| 365 | * restart. Servers which permit renegotiation can still be | ||
| 366 | * effected, but we can't prevent that. | ||
| 367 | */ | ||
| 368 | #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 | ||
| 369 | |||
| 370 | #ifndef OPENSSL_NO_SSL_INTERN | ||
| 371 | |||
| 372 | typedef struct ssl3_state_st { | ||
| 373 | long flags; | ||
| 374 | int delay_buf_pop_ret; | ||
| 375 | |||
| 376 | unsigned char read_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 377 | int read_mac_secret_size; | ||
| 378 | unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; | ||
| 379 | unsigned char write_sequence[SSL3_SEQUENCE_SIZE]; | ||
| 380 | int write_mac_secret_size; | ||
| 381 | unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; | ||
| 382 | |||
| 383 | unsigned char server_random[SSL3_RANDOM_SIZE]; | ||
| 384 | unsigned char client_random[SSL3_RANDOM_SIZE]; | ||
| 385 | |||
| 386 | /* flags for countermeasure against known-IV weakness */ | ||
| 387 | int need_empty_fragments; | ||
| 388 | int empty_fragment_done; | ||
| 389 | |||
| 390 | /* The value of 'extra' when the buffers were initialized */ | ||
| 391 | int init_extra; | ||
| 392 | |||
| 393 | SSL3_BUFFER rbuf; /* read IO goes into here */ | ||
| 394 | SSL3_BUFFER wbuf; /* write IO goes into here */ | ||
| 395 | |||
| 396 | SSL3_RECORD rrec; /* each decoded record goes in here */ | ||
| 397 | SSL3_RECORD wrec; /* goes out from here */ | ||
| 398 | |||
| 399 | /* storage for Alert/Handshake protocol data received but not | ||
| 400 | * yet processed by ssl3_read_bytes: */ | ||
| 401 | unsigned char alert_fragment[2]; | ||
| 402 | unsigned int alert_fragment_len; | ||
| 403 | unsigned char handshake_fragment[4]; | ||
| 404 | unsigned int handshake_fragment_len; | ||
| 405 | |||
| 406 | /* partial write - check the numbers match */ | ||
| 407 | unsigned int wnum; /* number of bytes sent so far */ | ||
| 408 | int wpend_tot; /* number bytes written */ | ||
| 409 | int wpend_type; | ||
| 410 | int wpend_ret; /* number of bytes submitted */ | ||
| 411 | const unsigned char *wpend_buf; | ||
| 412 | |||
| 413 | /* used during startup, digest all incoming/outgoing packets */ | ||
| 414 | BIO *handshake_buffer; | ||
| 415 | /* When set of handshake digests is determined, buffer is hashed | ||
| 416 | * and freed and MD_CTX-es for all required digests are stored in | ||
| 417 | * this array */ | ||
| 418 | EVP_MD_CTX **handshake_dgst; | ||
| 419 | /* this is set whenerver we see a change_cipher_spec message | ||
| 420 | * come in when we are not looking for one */ | ||
| 421 | int change_cipher_spec; | ||
| 422 | |||
| 423 | int warn_alert; | ||
| 424 | int fatal_alert; | ||
| 425 | /* we allow one fatal and one warning alert to be outstanding, | ||
| 426 | * send close alert via the warning alert */ | ||
| 427 | int alert_dispatch; | ||
| 428 | unsigned char send_alert[2]; | ||
| 429 | |||
| 430 | /* This flag is set when we should renegotiate ASAP, basically when | ||
| 431 | * there is no more data in the read or write buffers */ | ||
| 432 | int renegotiate; | ||
| 433 | int total_renegotiations; | ||
| 434 | int num_renegotiations; | ||
| 435 | |||
| 436 | int in_read_app_data; | ||
| 437 | |||
| 438 | struct { | ||
| 439 | /* actually only needs to be 16+20 */ | ||
| 440 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | ||
| 441 | |||
| 442 | /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ | ||
| 443 | unsigned char finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 444 | int finish_md_len; | ||
| 445 | unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 446 | int peer_finish_md_len; | ||
| 447 | |||
| 448 | unsigned long message_size; | ||
| 449 | int message_type; | ||
| 450 | |||
| 451 | /* used to hold the new cipher we are going to use */ | ||
| 452 | const SSL_CIPHER *new_cipher; | ||
| 453 | DH *dh; | ||
| 454 | |||
| 455 | EC_KEY *ecdh; /* holds short lived ECDH key */ | ||
| 456 | |||
| 457 | /* used when SSL_ST_FLUSH_DATA is entered */ | ||
| 458 | int next_state; | ||
| 459 | |||
| 460 | int reuse_message; | ||
| 461 | |||
| 462 | /* used for certificate requests */ | ||
| 463 | int cert_req; | ||
| 464 | int ctype_num; | ||
| 465 | char ctype[SSL3_CT_NUMBER]; | ||
| 466 | STACK_OF(X509_NAME) *ca_names; | ||
| 467 | |||
| 468 | int key_block_length; | ||
| 469 | unsigned char *key_block; | ||
| 470 | |||
| 471 | const EVP_CIPHER *new_sym_enc; | ||
| 472 | const EVP_AEAD *new_aead; | ||
| 473 | const EVP_MD *new_hash; | ||
| 474 | int new_mac_pkey_type; | ||
| 475 | int new_mac_secret_size; | ||
| 476 | int cert_request; | ||
| 477 | } tmp; | ||
| 478 | |||
| 479 | /* Connection binding to prevent renegotiation attacks */ | ||
| 480 | unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; | ||
| 481 | unsigned char previous_client_finished_len; | ||
| 482 | unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; | ||
| 483 | unsigned char previous_server_finished_len; | ||
| 484 | int send_connection_binding; /* TODOEKR */ | ||
| 485 | |||
| 486 | /* Set if we saw the Next Protocol Negotiation extension from our peer. | ||
| 487 | */ | ||
| 488 | int next_proto_neg_seen; | ||
| 489 | |||
| 490 | /* | ||
| 491 | * ALPN information | ||
| 492 | * (we are in the process of transitioning from NPN to ALPN). | ||
| 493 | */ | ||
| 494 | |||
| 495 | /* | ||
| 496 | * In a server these point to the selected ALPN protocol after the | ||
| 497 | * ClientHello has been processed. In a client these contain the | ||
| 498 | * protocol that the server selected once the ServerHello has been | ||
| 499 | * processed. | ||
| 500 | */ | ||
| 501 | unsigned char *alpn_selected; | ||
| 502 | unsigned int alpn_selected_len; | ||
| 503 | |||
| 504 | /* This is set to true if we believe that this is a version of Safari | ||
| 505 | * running on OS X 10.6 or newer. We wish to know this because Safari | ||
| 506 | * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ | ||
| 507 | char is_probably_safari; | ||
| 508 | } SSL3_STATE; | ||
| 509 | |||
| 510 | #endif | ||
| 511 | |||
| 512 | /* SSLv3 */ | ||
| 513 | /*client */ | ||
| 514 | /* extra state */ | ||
| 515 | #define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) | ||
| 516 | /* write to server */ | ||
| 517 | #define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) | ||
| 518 | #define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) | ||
| 519 | /* read from server */ | ||
| 520 | #define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) | ||
| 521 | #define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) | ||
| 522 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) | ||
| 523 | #define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) | ||
| 524 | #define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) | ||
| 525 | #define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) | ||
| 526 | #define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) | ||
| 527 | #define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) | ||
| 528 | #define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) | ||
| 529 | #define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) | ||
| 530 | #define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) | ||
| 531 | #define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) | ||
| 532 | /* write to server */ | ||
| 533 | #define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) | ||
| 534 | #define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) | ||
| 535 | #define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) | ||
| 536 | #define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) | ||
| 537 | #define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) | ||
| 538 | #define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) | ||
| 539 | #define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) | ||
| 540 | #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) | ||
| 541 | #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) | ||
| 542 | #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) | ||
| 543 | #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) | ||
| 544 | #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) | ||
| 545 | #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) | ||
| 546 | #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) | ||
| 547 | /* read from server */ | ||
| 548 | #define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) | ||
| 549 | #define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) | ||
| 550 | #define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) | ||
| 551 | #define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) | ||
| 552 | #define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) | ||
| 553 | #define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) | ||
| 554 | #define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) | ||
| 555 | #define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) | ||
| 556 | |||
| 557 | /* server */ | ||
| 558 | /* extra state */ | ||
| 559 | #define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) | ||
| 560 | /* read from client */ | ||
| 561 | /* Do not change the number values, they do matter */ | ||
| 562 | #define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) | ||
| 563 | #define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) | ||
| 564 | #define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) | ||
| 565 | /* write to client */ | ||
| 566 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) | ||
| 567 | #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) | ||
| 568 | #define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) | ||
| 569 | #define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) | ||
| 570 | #define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) | ||
| 571 | #define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) | ||
| 572 | #define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) | ||
| 573 | #define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) | ||
| 574 | #define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) | ||
| 575 | #define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) | ||
| 576 | #define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) | ||
| 577 | #define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) | ||
| 578 | #define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) | ||
| 579 | #define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) | ||
| 580 | #define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) | ||
| 581 | /* read from client */ | ||
| 582 | #define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) | ||
| 583 | #define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) | ||
| 584 | #define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) | ||
| 585 | #define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) | ||
| 586 | #define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) | ||
| 587 | #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) | ||
| 588 | #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) | ||
| 589 | #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) | ||
| 590 | #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) | ||
| 591 | #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) | ||
| 592 | #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) | ||
| 593 | #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) | ||
| 594 | /* write to client */ | ||
| 595 | #define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) | ||
| 596 | #define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) | ||
| 597 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) | ||
| 598 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) | ||
| 599 | #define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) | ||
| 600 | #define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) | ||
| 601 | #define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) | ||
| 602 | #define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) | ||
| 603 | |||
| 604 | #define SSL3_MT_HELLO_REQUEST 0 | ||
| 605 | #define SSL3_MT_CLIENT_HELLO 1 | ||
| 606 | #define SSL3_MT_SERVER_HELLO 2 | ||
| 607 | #define SSL3_MT_NEWSESSION_TICKET 4 | ||
| 608 | #define SSL3_MT_CERTIFICATE 11 | ||
| 609 | #define SSL3_MT_SERVER_KEY_EXCHANGE 12 | ||
| 610 | #define SSL3_MT_CERTIFICATE_REQUEST 13 | ||
| 611 | #define SSL3_MT_SERVER_DONE 14 | ||
| 612 | #define SSL3_MT_CERTIFICATE_VERIFY 15 | ||
| 613 | #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | ||
| 614 | #define SSL3_MT_FINISHED 20 | ||
| 615 | #define SSL3_MT_CERTIFICATE_STATUS 22 | ||
| 616 | |||
| 617 | #define SSL3_MT_NEXT_PROTO 67 | ||
| 618 | |||
| 619 | #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | ||
| 620 | |||
| 621 | #define SSL3_MT_CCS 1 | ||
| 622 | |||
| 623 | /* These are used when changing over to a new cipher */ | ||
| 624 | #define SSL3_CC_READ 0x01 | ||
| 625 | #define SSL3_CC_WRITE 0x02 | ||
| 626 | #define SSL3_CC_CLIENT 0x10 | ||
| 627 | #define SSL3_CC_SERVER 0x20 | ||
| 628 | #define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) | ||
| 629 | #define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) | ||
| 630 | #define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) | ||
| 631 | #define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) | ||
| 632 | |||
| 633 | #ifdef __cplusplus | ||
| 634 | } | ||
| 635 | #endif | ||
| 636 | #endif | ||
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c deleted file mode 100644 index 3010a735c9..0000000000 --- a/src/lib/libssl/ssl_algs.c +++ /dev/null | |||
| @@ -1,131 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_algs.c,v 1.22 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include <openssl/lhash.h> | ||
| 62 | #include <openssl/objects.h> | ||
| 63 | |||
| 64 | #include "ssl_locl.h" | ||
| 65 | |||
| 66 | int | ||
| 67 | SSL_library_init(void) | ||
| 68 | { | ||
| 69 | |||
| 70 | #ifndef OPENSSL_NO_DES | ||
| 71 | EVP_add_cipher(EVP_des_cbc()); | ||
| 72 | EVP_add_cipher(EVP_des_ede3_cbc()); | ||
| 73 | #endif | ||
| 74 | #ifndef OPENSSL_NO_IDEA | ||
| 75 | EVP_add_cipher(EVP_idea_cbc()); | ||
| 76 | #endif | ||
| 77 | #ifndef OPENSSL_NO_RC4 | ||
| 78 | EVP_add_cipher(EVP_rc4()); | ||
| 79 | #if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__)) | ||
| 80 | EVP_add_cipher(EVP_rc4_hmac_md5()); | ||
| 81 | #endif | ||
| 82 | #endif | ||
| 83 | #ifndef OPENSSL_NO_RC2 | ||
| 84 | EVP_add_cipher(EVP_rc2_cbc()); | ||
| 85 | /* Not actually used for SSL/TLS but this makes PKCS#12 work | ||
| 86 | * if an application only calls SSL_library_init(). | ||
| 87 | */ | ||
| 88 | EVP_add_cipher(EVP_rc2_40_cbc()); | ||
| 89 | #endif | ||
| 90 | EVP_add_cipher(EVP_aes_128_cbc()); | ||
| 91 | EVP_add_cipher(EVP_aes_192_cbc()); | ||
| 92 | EVP_add_cipher(EVP_aes_256_cbc()); | ||
| 93 | EVP_add_cipher(EVP_aes_128_gcm()); | ||
| 94 | EVP_add_cipher(EVP_aes_256_gcm()); | ||
| 95 | EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); | ||
| 96 | EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); | ||
| 97 | #ifndef OPENSSL_NO_CAMELLIA | ||
| 98 | EVP_add_cipher(EVP_camellia_128_cbc()); | ||
| 99 | EVP_add_cipher(EVP_camellia_256_cbc()); | ||
| 100 | #endif | ||
| 101 | #ifndef OPENSSL_NO_GOST | ||
| 102 | EVP_add_cipher(EVP_gost2814789_cfb64()); | ||
| 103 | EVP_add_cipher(EVP_gost2814789_cnt()); | ||
| 104 | #endif | ||
| 105 | |||
| 106 | EVP_add_digest(EVP_md5()); | ||
| 107 | EVP_add_digest_alias(SN_md5, "ssl2-md5"); | ||
| 108 | EVP_add_digest_alias(SN_md5, "ssl3-md5"); | ||
| 109 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | ||
| 110 | EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); | ||
| 111 | EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); | ||
| 112 | EVP_add_digest(EVP_sha224()); | ||
| 113 | EVP_add_digest(EVP_sha256()); | ||
| 114 | EVP_add_digest(EVP_sha384()); | ||
| 115 | EVP_add_digest(EVP_sha512()); | ||
| 116 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | ||
| 117 | EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); | ||
| 118 | EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); | ||
| 119 | EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); | ||
| 120 | EVP_add_digest(EVP_ecdsa()); | ||
| 121 | #ifndef OPENSSL_NO_GOST | ||
| 122 | EVP_add_digest(EVP_gostr341194()); | ||
| 123 | EVP_add_digest(EVP_gost2814789imit()); | ||
| 124 | EVP_add_digest(EVP_streebog256()); | ||
| 125 | EVP_add_digest(EVP_streebog512()); | ||
| 126 | #endif | ||
| 127 | /* initialize cipher/digest methods table */ | ||
| 128 | ssl_load_ciphers(); | ||
| 129 | return (1); | ||
| 130 | } | ||
| 131 | |||
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c deleted file mode 100644 index b60b3ea3f8..0000000000 --- a/src/lib/libssl/ssl_asn1.c +++ /dev/null | |||
| @@ -1,692 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_asn1.c,v 1.40 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <stdlib.h> | ||
| 61 | |||
| 62 | #include "ssl_locl.h" | ||
| 63 | |||
| 64 | #include <openssl/objects.h> | ||
| 65 | #include <openssl/x509.h> | ||
| 66 | |||
| 67 | /* XXX - these are here to avoid including asn1_mac.h */ | ||
| 68 | int asn1_GetSequence(ASN1_const_CTX *c, long *length); | ||
| 69 | void asn1_add_error(const unsigned char *address, int offset); | ||
| 70 | |||
| 71 | typedef struct ssl_session_asn1_st { | ||
| 72 | ASN1_INTEGER version; | ||
| 73 | ASN1_INTEGER ssl_version; | ||
| 74 | ASN1_OCTET_STRING cipher; | ||
| 75 | ASN1_OCTET_STRING master_key; | ||
| 76 | ASN1_OCTET_STRING session_id; | ||
| 77 | ASN1_OCTET_STRING session_id_context; | ||
| 78 | ASN1_INTEGER time; | ||
| 79 | ASN1_INTEGER timeout; | ||
| 80 | ASN1_INTEGER verify_result; | ||
| 81 | ASN1_OCTET_STRING tlsext_hostname; | ||
| 82 | ASN1_INTEGER tlsext_tick_lifetime; | ||
| 83 | ASN1_OCTET_STRING tlsext_tick; | ||
| 84 | } SSL_SESSION_ASN1; | ||
| 85 | |||
| 86 | int | ||
| 87 | i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) | ||
| 88 | { | ||
| 89 | #define LSIZE2 (sizeof(long)*2) | ||
| 90 | int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0, v6 = 0, v9 = 0, v10 = 0; | ||
| 91 | unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2]; | ||
| 92 | unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2]; | ||
| 93 | unsigned char ibuf6[LSIZE2]; | ||
| 94 | SSL_SESSION_ASN1 a; | ||
| 95 | unsigned char *p; | ||
| 96 | int len = 0, ret; | ||
| 97 | long l; | ||
| 98 | |||
| 99 | if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0))) | ||
| 100 | return (0); | ||
| 101 | |||
| 102 | /* | ||
| 103 | * Note that I cheat in the following 2 assignments. | ||
| 104 | * I know that if the ASN1_INTEGER passed to ASN1_INTEGER_set | ||
| 105 | * is > sizeof(long)+1, the buffer will not be re-malloc()ed. | ||
| 106 | * This is a bit evil but makes things simple, no dynamic allocation | ||
| 107 | * to clean up :-) | ||
| 108 | */ | ||
| 109 | a.version.length = LSIZE2; | ||
| 110 | a.version.type = V_ASN1_INTEGER; | ||
| 111 | a.version.data = ibuf1; | ||
| 112 | ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION); | ||
| 113 | len += i2d_ASN1_INTEGER(&(a.version), NULL); | ||
| 114 | |||
| 115 | a.ssl_version.length = LSIZE2; | ||
| 116 | a.ssl_version.type = V_ASN1_INTEGER; | ||
| 117 | a.ssl_version.data = ibuf2; | ||
| 118 | ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version); | ||
| 119 | len += i2d_ASN1_INTEGER(&(a.ssl_version), NULL); | ||
| 120 | |||
| 121 | a.cipher.length = 2; | ||
| 122 | a.cipher.type = V_ASN1_OCTET_STRING; | ||
| 123 | l = (in->cipher == NULL) ? in->cipher_id : in->cipher->id; | ||
| 124 | buf[0] = ((unsigned char)(l >> 8L)) & 0xff; | ||
| 125 | buf[1] = ((unsigned char)(l)) & 0xff; | ||
| 126 | a.cipher.data = buf; | ||
| 127 | len += i2d_ASN1_OCTET_STRING(&(a.cipher), NULL); | ||
| 128 | |||
| 129 | a.master_key.length = in->master_key_length; | ||
| 130 | a.master_key.type = V_ASN1_OCTET_STRING; | ||
| 131 | a.master_key.data = in->master_key; | ||
| 132 | len += i2d_ASN1_OCTET_STRING(&(a.master_key), NULL); | ||
| 133 | |||
| 134 | a.session_id.length = in->session_id_length; | ||
| 135 | a.session_id.type = V_ASN1_OCTET_STRING; | ||
| 136 | a.session_id.data = in->session_id; | ||
| 137 | len += i2d_ASN1_OCTET_STRING(&(a.session_id), NULL); | ||
| 138 | |||
| 139 | if (in->time != 0L) { | ||
| 140 | a.time.length = LSIZE2; | ||
| 141 | a.time.type = V_ASN1_INTEGER; | ||
| 142 | a.time.data = ibuf3; | ||
| 143 | ASN1_INTEGER_set(&(a.time), in->time); /* XXX 2038 */ | ||
| 144 | v1 = i2d_ASN1_INTEGER(&(a.time), NULL); | ||
| 145 | len += ASN1_object_size(1, v1, 1); | ||
| 146 | } | ||
| 147 | |||
| 148 | if (in->timeout != 0L) { | ||
| 149 | a.timeout.length = LSIZE2; | ||
| 150 | a.timeout.type = V_ASN1_INTEGER; | ||
| 151 | a.timeout.data = ibuf4; | ||
| 152 | ASN1_INTEGER_set(&(a.timeout), in->timeout); | ||
| 153 | v2 = i2d_ASN1_INTEGER(&(a.timeout), NULL); | ||
| 154 | len += ASN1_object_size(1, v2, 2); | ||
| 155 | } | ||
| 156 | |||
| 157 | if (in->peer != NULL) { | ||
| 158 | v3 = i2d_X509(in->peer, NULL); | ||
| 159 | len += ASN1_object_size(1, v3, 3); | ||
| 160 | } | ||
| 161 | |||
| 162 | a.session_id_context.length = in->sid_ctx_length; | ||
| 163 | a.session_id_context.type = V_ASN1_OCTET_STRING; | ||
| 164 | a.session_id_context.data = in->sid_ctx; | ||
| 165 | v4 = i2d_ASN1_OCTET_STRING(&(a.session_id_context), NULL); | ||
| 166 | len += ASN1_object_size(1, v4, 4); | ||
| 167 | |||
| 168 | if (in->verify_result != X509_V_OK) { | ||
| 169 | a.verify_result.length = LSIZE2; | ||
| 170 | a.verify_result.type = V_ASN1_INTEGER; | ||
| 171 | a.verify_result.data = ibuf5; | ||
| 172 | ASN1_INTEGER_set(&a.verify_result, in->verify_result); | ||
| 173 | v5 = i2d_ASN1_INTEGER(&(a.verify_result), NULL); | ||
| 174 | len += ASN1_object_size(1, v5, 5); | ||
| 175 | } | ||
| 176 | |||
| 177 | if (in->tlsext_hostname) { | ||
| 178 | a.tlsext_hostname.length = strlen(in->tlsext_hostname); | ||
| 179 | a.tlsext_hostname.type = V_ASN1_OCTET_STRING; | ||
| 180 | a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname; | ||
| 181 | v6 = i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), NULL); | ||
| 182 | len += ASN1_object_size(1, v6, 6); | ||
| 183 | } | ||
| 184 | |||
| 185 | /* 7 - PSK identity hint. */ | ||
| 186 | /* 8 - PSK identity. */ | ||
| 187 | |||
| 188 | if (in->tlsext_tick_lifetime_hint > 0) { | ||
| 189 | a.tlsext_tick_lifetime.length = LSIZE2; | ||
| 190 | a.tlsext_tick_lifetime.type = V_ASN1_INTEGER; | ||
| 191 | a.tlsext_tick_lifetime.data = ibuf6; | ||
| 192 | ASN1_INTEGER_set(&a.tlsext_tick_lifetime, | ||
| 193 | in->tlsext_tick_lifetime_hint); | ||
| 194 | v9 = i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), NULL); | ||
| 195 | len += ASN1_object_size(1, v9, 9); | ||
| 196 | } | ||
| 197 | |||
| 198 | if (in->tlsext_tick) { | ||
| 199 | a.tlsext_tick.length = in->tlsext_ticklen; | ||
| 200 | a.tlsext_tick.type = V_ASN1_OCTET_STRING; | ||
| 201 | a.tlsext_tick.data = (unsigned char *)in->tlsext_tick; | ||
| 202 | v10 = i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), NULL); | ||
| 203 | len += ASN1_object_size(1, v10, 10); | ||
| 204 | } | ||
| 205 | |||
| 206 | /* 11 - Compression method. */ | ||
| 207 | /* 12 - SRP username. */ | ||
| 208 | |||
| 209 | /* If given a NULL pointer, return the length only. */ | ||
| 210 | ret = (ASN1_object_size(1, len, V_ASN1_SEQUENCE)); | ||
| 211 | if (pp == NULL) | ||
| 212 | return (ret); | ||
| 213 | |||
| 214 | /* Burp out the ASN1. */ | ||
| 215 | p = *pp; | ||
| 216 | ASN1_put_object(&p, 1, len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 217 | i2d_ASN1_INTEGER(&(a.version), &p); | ||
| 218 | i2d_ASN1_INTEGER(&(a.ssl_version), &p); | ||
| 219 | i2d_ASN1_OCTET_STRING(&(a.cipher), &p); | ||
| 220 | i2d_ASN1_OCTET_STRING(&(a.session_id), &p); | ||
| 221 | i2d_ASN1_OCTET_STRING(&(a.master_key), &p); | ||
| 222 | if (in->time != 0L) { | ||
| 223 | ASN1_put_object(&p, 1, v1, 1, V_ASN1_CONTEXT_SPECIFIC); | ||
| 224 | i2d_ASN1_INTEGER(&(a.time), &p); | ||
| 225 | } | ||
| 226 | if (in->timeout != 0L) { | ||
| 227 | ASN1_put_object(&p, 1, v2, 2, V_ASN1_CONTEXT_SPECIFIC); | ||
| 228 | i2d_ASN1_INTEGER(&(a.timeout), &p); | ||
| 229 | } | ||
| 230 | if (in->peer != NULL) { | ||
| 231 | ASN1_put_object(&p, 1, v3, 3, V_ASN1_CONTEXT_SPECIFIC); | ||
| 232 | i2d_X509(in->peer, &p); | ||
| 233 | } | ||
| 234 | ASN1_put_object(&p, 1, v4, 4, V_ASN1_CONTEXT_SPECIFIC); | ||
| 235 | i2d_ASN1_OCTET_STRING(&(a.session_id_context), &p); | ||
| 236 | if (in->verify_result != X509_V_OK) { | ||
| 237 | ASN1_put_object(&p, 1, v5, 5, V_ASN1_CONTEXT_SPECIFIC); | ||
| 238 | i2d_ASN1_INTEGER(&(a.verify_result), &p); | ||
| 239 | } | ||
| 240 | if (in->tlsext_hostname) { | ||
| 241 | ASN1_put_object(&p, 1, v6, 6, V_ASN1_CONTEXT_SPECIFIC); | ||
| 242 | i2d_ASN1_OCTET_STRING(&(a.tlsext_hostname), &p); | ||
| 243 | } | ||
| 244 | /* 7 - PSK identity hint. */ | ||
| 245 | /* 8 - PSK identity. */ | ||
| 246 | if (in->tlsext_tick_lifetime_hint > 0) { | ||
| 247 | ASN1_put_object(&p, 1, v9, 9, V_ASN1_CONTEXT_SPECIFIC); | ||
| 248 | i2d_ASN1_INTEGER(&(a.tlsext_tick_lifetime), &p); | ||
| 249 | } | ||
| 250 | if (in->tlsext_tick) { | ||
| 251 | ASN1_put_object(&p, 1, v10, 10, V_ASN1_CONTEXT_SPECIFIC); | ||
| 252 | i2d_ASN1_OCTET_STRING(&(a.tlsext_tick), &p); | ||
| 253 | } | ||
| 254 | /* 11 - Compression method. */ | ||
| 255 | /* 12 - SRP username. */ | ||
| 256 | |||
| 257 | *pp = p; | ||
| 258 | return (ret); | ||
| 259 | } | ||
| 260 | |||
| 261 | SSL_SESSION * | ||
| 262 | d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) | ||
| 263 | { | ||
| 264 | SSL_SESSION *ret = NULL; | ||
| 265 | ASN1_const_CTX c; | ||
| 266 | ASN1_INTEGER ai, *aip; | ||
| 267 | ASN1_OCTET_STRING os, *osp; | ||
| 268 | int ssl_version = 0, i; | ||
| 269 | int Tinf, Ttag, Tclass; | ||
| 270 | long Tlen; | ||
| 271 | long id; | ||
| 272 | |||
| 273 | c.pp = pp; | ||
| 274 | c.p = *pp; | ||
| 275 | c.q = *pp; | ||
| 276 | c.max = (length == 0) ? 0 : (c.p + length); | ||
| 277 | c.slen = length; | ||
| 278 | |||
| 279 | if (a == NULL || *a == NULL) { | ||
| 280 | if ((ret = SSL_SESSION_new()) == NULL) { | ||
| 281 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 282 | goto err; | ||
| 283 | } | ||
| 284 | } else | ||
| 285 | ret = *a; | ||
| 286 | |||
| 287 | aip = &ai; | ||
| 288 | osp = &os; | ||
| 289 | |||
| 290 | if (!asn1_GetSequence(&c, &length)) { | ||
| 291 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 292 | goto err; | ||
| 293 | } | ||
| 294 | |||
| 295 | ai.data = NULL; | ||
| 296 | ai.length = 0; | ||
| 297 | c.q = c.p; | ||
| 298 | if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) { | ||
| 299 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 300 | goto err; | ||
| 301 | } | ||
| 302 | c.slen -= (c.p - c.q); | ||
| 303 | |||
| 304 | if (ai.data != NULL) { | ||
| 305 | free(ai.data); | ||
| 306 | ai.data = NULL; | ||
| 307 | ai.length = 0; | ||
| 308 | } | ||
| 309 | |||
| 310 | /* we don't care about the version right now :-) */ | ||
| 311 | c.q = c.p; | ||
| 312 | if (d2i_ASN1_INTEGER(&aip, &c.p, c.slen) == NULL) { | ||
| 313 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 314 | goto err; | ||
| 315 | } | ||
| 316 | c.slen -= (c.p - c.q); | ||
| 317 | ssl_version = (int)ASN1_INTEGER_get(aip); | ||
| 318 | ret->ssl_version = ssl_version; | ||
| 319 | if (ai.data != NULL) { | ||
| 320 | free(ai.data); | ||
| 321 | ai.data = NULL; | ||
| 322 | ai.length = 0; | ||
| 323 | } | ||
| 324 | |||
| 325 | os.data = NULL; | ||
| 326 | os.length = 0; | ||
| 327 | c.q = c.p; | ||
| 328 | if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) { | ||
| 329 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 330 | goto err; | ||
| 331 | } | ||
| 332 | c.slen -= (c.p - c.q); | ||
| 333 | if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { | ||
| 334 | if (os.length != 2) { | ||
| 335 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 336 | SSL_R_CIPHER_CODE_WRONG_LENGTH); | ||
| 337 | goto err; | ||
| 338 | } | ||
| 339 | id = 0x03000000L | ((unsigned long)os.data[0]<<8L) | | ||
| 340 | (unsigned long)os.data[1]; | ||
| 341 | } else { | ||
| 342 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION); | ||
| 343 | goto err; | ||
| 344 | } | ||
| 345 | |||
| 346 | ret->cipher = NULL; | ||
| 347 | ret->cipher_id = id; | ||
| 348 | |||
| 349 | c.q = c.p; | ||
| 350 | if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) { | ||
| 351 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 352 | goto err; | ||
| 353 | } | ||
| 354 | c.slen -= (c.p - c.q); | ||
| 355 | |||
| 356 | i = SSL3_MAX_SSL_SESSION_ID_LENGTH; | ||
| 357 | if (os.length > i) | ||
| 358 | os.length = i; | ||
| 359 | if (os.length > (int)sizeof(ret->session_id)) /* can't happen */ | ||
| 360 | os.length = sizeof(ret->session_id); | ||
| 361 | |||
| 362 | ret->session_id_length = os.length; | ||
| 363 | OPENSSL_assert(os.length <= (int)sizeof(ret->session_id)); | ||
| 364 | memcpy(ret->session_id, os.data, os.length); | ||
| 365 | |||
| 366 | c.q = c.p; | ||
| 367 | if (d2i_ASN1_OCTET_STRING(&osp, &c.p, c.slen) == NULL) { | ||
| 368 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 369 | goto err; | ||
| 370 | } | ||
| 371 | c.slen -= (c.p - c.q); | ||
| 372 | if (os.length > SSL_MAX_MASTER_KEY_LENGTH) | ||
| 373 | ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH; | ||
| 374 | else | ||
| 375 | ret->master_key_length = os.length; | ||
| 376 | memcpy(ret->master_key, os.data, ret->master_key_length); | ||
| 377 | |||
| 378 | os.length = 0; | ||
| 379 | |||
| 380 | /* 1 - Time (INTEGER). */ | ||
| 381 | /* XXX 2038 */ | ||
| 382 | ai.length = 0; | ||
| 383 | if (c.slen != 0L && | ||
| 384 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 1)) { | ||
| 385 | c.q = c.p; | ||
| 386 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 387 | if (Tinf & 0x80) { | ||
| 388 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 389 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 390 | goto err; | ||
| 391 | } | ||
| 392 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 393 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 394 | if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) { | ||
| 395 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 396 | goto err; | ||
| 397 | } | ||
| 398 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 399 | Tlen = c.slen - (c.p - c.q); | ||
| 400 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 401 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 402 | ERR_R_MISSING_ASN1_EOS); | ||
| 403 | goto err; | ||
| 404 | } | ||
| 405 | } | ||
| 406 | c.slen -= (c.p - c.q); | ||
| 407 | } | ||
| 408 | if (ai.data != NULL) { | ||
| 409 | ret->time = ASN1_INTEGER_get(aip); | ||
| 410 | free(ai.data); | ||
| 411 | ai.data = NULL; | ||
| 412 | ai.length = 0; | ||
| 413 | } else | ||
| 414 | ret->time = time(NULL); | ||
| 415 | |||
| 416 | /* 2 - Timeout (INTEGER). */ | ||
| 417 | ai.length = 0; | ||
| 418 | if (c.slen != 0L && | ||
| 419 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 2)) { | ||
| 420 | c.q = c.p; | ||
| 421 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 422 | if (Tinf & 0x80) { | ||
| 423 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 424 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 425 | goto err; | ||
| 426 | } | ||
| 427 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 428 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 429 | if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) { | ||
| 430 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 431 | goto err; | ||
| 432 | } | ||
| 433 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 434 | Tlen = c.slen - (c.p - c.q); | ||
| 435 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 436 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 437 | ERR_R_MISSING_ASN1_EOS); | ||
| 438 | goto err; | ||
| 439 | } | ||
| 440 | } | ||
| 441 | c.slen -= (c.p - c.q); | ||
| 442 | } | ||
| 443 | if (ai.data != NULL) { | ||
| 444 | ret->timeout = ASN1_INTEGER_get(aip); | ||
| 445 | free(ai.data); | ||
| 446 | ai.data = NULL; | ||
| 447 | ai.length = 0; | ||
| 448 | } else | ||
| 449 | ret->timeout = 3; | ||
| 450 | |||
| 451 | /* 3 - Peer (X509). */ | ||
| 452 | if (ret->peer != NULL) { | ||
| 453 | X509_free(ret->peer); | ||
| 454 | ret->peer = NULL; | ||
| 455 | } | ||
| 456 | if (c.slen != 0L && | ||
| 457 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 3)) { | ||
| 458 | c.q = c.p; | ||
| 459 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 460 | if (Tinf & 0x80) { | ||
| 461 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 462 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 463 | goto err; | ||
| 464 | } | ||
| 465 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 466 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 467 | if (d2i_X509(&ret->peer, &c.p, Tlen) == NULL) { | ||
| 468 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 469 | goto err; | ||
| 470 | } | ||
| 471 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 472 | Tlen = c.slen - (c.p - c.q); | ||
| 473 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 474 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 475 | ERR_R_MISSING_ASN1_EOS); | ||
| 476 | goto err; | ||
| 477 | } | ||
| 478 | } | ||
| 479 | c.slen -= (c.p - c.q); | ||
| 480 | } | ||
| 481 | |||
| 482 | /* 4 - Session ID (OCTET STRING). */ | ||
| 483 | os.length = 0; | ||
| 484 | free(os.data); | ||
| 485 | os.data = NULL; | ||
| 486 | if (c.slen != 0L && | ||
| 487 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 4)) { | ||
| 488 | c.q = c.p; | ||
| 489 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 490 | if (Tinf & 0x80) { | ||
| 491 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 492 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 493 | goto err; | ||
| 494 | } | ||
| 495 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 496 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 497 | if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) { | ||
| 498 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 499 | goto err; | ||
| 500 | } | ||
| 501 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 502 | Tlen = c.slen - (c.p - c.q); | ||
| 503 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 504 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 505 | ERR_R_MISSING_ASN1_EOS); | ||
| 506 | goto err; | ||
| 507 | } | ||
| 508 | } | ||
| 509 | c.slen -= (c.p - c.q); | ||
| 510 | } | ||
| 511 | if (os.data != NULL) { | ||
| 512 | if (os.length > SSL_MAX_SID_CTX_LENGTH) { | ||
| 513 | SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH); | ||
| 514 | goto err; | ||
| 515 | } else { | ||
| 516 | ret->sid_ctx_length = os.length; | ||
| 517 | memcpy(ret->sid_ctx, os.data, os.length); | ||
| 518 | } | ||
| 519 | free(os.data); | ||
| 520 | os.data = NULL; | ||
| 521 | os.length = 0; | ||
| 522 | } else | ||
| 523 | ret->sid_ctx_length = 0; | ||
| 524 | |||
| 525 | /* 5 - Verify_result. */ | ||
| 526 | ai.length = 0; | ||
| 527 | if (c.slen != 0L && | ||
| 528 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 5)) { | ||
| 529 | c.q = c.p; | ||
| 530 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 531 | if (Tinf & 0x80) { | ||
| 532 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 533 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 534 | goto err; | ||
| 535 | } | ||
| 536 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 537 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 538 | if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) { | ||
| 539 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 540 | goto err; | ||
| 541 | } | ||
| 542 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 543 | Tlen = c.slen - (c.p - c.q); | ||
| 544 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 545 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 546 | ERR_R_MISSING_ASN1_EOS); | ||
| 547 | goto err; | ||
| 548 | } | ||
| 549 | } | ||
| 550 | c.slen -= (c.p - c.q); | ||
| 551 | } | ||
| 552 | if (ai.data != NULL) { | ||
| 553 | ret->verify_result = ASN1_INTEGER_get(aip); | ||
| 554 | free(ai.data); | ||
| 555 | ai.data = NULL; | ||
| 556 | ai.length = 0; | ||
| 557 | } else | ||
| 558 | ret->verify_result = X509_V_OK; | ||
| 559 | |||
| 560 | /* 6 - HostName (OCTET STRING). */ | ||
| 561 | os.length = 0; | ||
| 562 | os.data = NULL; | ||
| 563 | if (c.slen != 0L && | ||
| 564 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 6)) { | ||
| 565 | c.q = c.p; | ||
| 566 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 567 | if (Tinf & 0x80) { | ||
| 568 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 569 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 570 | goto err; | ||
| 571 | } | ||
| 572 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 573 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 574 | if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) { | ||
| 575 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 576 | goto err; | ||
| 577 | } | ||
| 578 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 579 | Tlen = c.slen - (c.p - c.q); | ||
| 580 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 581 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 582 | ERR_R_MISSING_ASN1_EOS); | ||
| 583 | goto err; | ||
| 584 | } | ||
| 585 | } | ||
| 586 | c.slen -= (c.p - c.q); | ||
| 587 | } | ||
| 588 | if (os.data) { | ||
| 589 | ret->tlsext_hostname = strndup((char *)os.data, os.length); | ||
| 590 | free(os.data); | ||
| 591 | os.data = NULL; | ||
| 592 | os.length = 0; | ||
| 593 | } else | ||
| 594 | ret->tlsext_hostname = NULL; | ||
| 595 | |||
| 596 | /* 7 - PSK identity hint (OCTET STRING). */ | ||
| 597 | /* 8 - PSK identity (OCTET STRING). */ | ||
| 598 | |||
| 599 | /* 9 - Ticket lifetime. */ | ||
| 600 | ai.length = 0; | ||
| 601 | if (c.slen != 0L && | ||
| 602 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 9)) { | ||
| 603 | c.q = c.p; | ||
| 604 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 605 | if (Tinf & 0x80) { | ||
| 606 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 607 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 608 | goto err; | ||
| 609 | } | ||
| 610 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 611 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 612 | if (d2i_ASN1_INTEGER(&aip, &c.p, Tlen) == NULL) { | ||
| 613 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 614 | goto err; | ||
| 615 | } | ||
| 616 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 617 | Tlen = c.slen - (c.p - c.q); | ||
| 618 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 619 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 620 | ERR_R_MISSING_ASN1_EOS); | ||
| 621 | goto err; | ||
| 622 | } | ||
| 623 | } | ||
| 624 | c.slen -= (c.p - c.q); | ||
| 625 | } | ||
| 626 | if (ai.data != NULL) { | ||
| 627 | ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip); | ||
| 628 | free(ai.data); | ||
| 629 | ai.data = NULL; | ||
| 630 | ai.length = 0; | ||
| 631 | } else if (ret->tlsext_ticklen && ret->session_id_length) | ||
| 632 | ret->tlsext_tick_lifetime_hint = -1; | ||
| 633 | else | ||
| 634 | ret->tlsext_tick_lifetime_hint = 0; | ||
| 635 | os.length = 0; | ||
| 636 | os.data = NULL; | ||
| 637 | |||
| 638 | /* 10 - Ticket (OCTET STRING). */ | ||
| 639 | if (c.slen != 0L && | ||
| 640 | *c.p == (V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC | 10)) { | ||
| 641 | c.q = c.p; | ||
| 642 | Tinf = ASN1_get_object(&c.p, &Tlen, &Ttag, &Tclass, c.slen); | ||
| 643 | if (Tinf & 0x80) { | ||
| 644 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 645 | ERR_R_BAD_ASN1_OBJECT_HEADER); | ||
| 646 | goto err; | ||
| 647 | } | ||
| 648 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) | ||
| 649 | Tlen = c.slen - (c.p - c.q) - 2; | ||
| 650 | if (d2i_ASN1_OCTET_STRING(&osp, &c.p, Tlen) == NULL) { | ||
| 651 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 652 | goto err; | ||
| 653 | } | ||
| 654 | if (Tinf == (V_ASN1_CONSTRUCTED + 1)) { | ||
| 655 | Tlen = c.slen - (c.p - c.q); | ||
| 656 | if(!ASN1_const_check_infinite_end(&c.p, Tlen)) { | ||
| 657 | SSLerr(SSL_F_D2I_SSL_SESSION, | ||
| 658 | ERR_R_MISSING_ASN1_EOS); | ||
| 659 | goto err; | ||
| 660 | } | ||
| 661 | } | ||
| 662 | c.slen -= (c.p - c.q); | ||
| 663 | } | ||
| 664 | if (os.data) { | ||
| 665 | ret->tlsext_tick = os.data; | ||
| 666 | ret->tlsext_ticklen = os.length; | ||
| 667 | os.data = NULL; | ||
| 668 | os.length = 0; | ||
| 669 | } else | ||
| 670 | ret->tlsext_tick = NULL; | ||
| 671 | |||
| 672 | /* 11 - Compression method (OCTET STRING). */ | ||
| 673 | /* 12 - SRP username (OCTET STRING). */ | ||
| 674 | |||
| 675 | if (!asn1_const_Finish(&c)) { | ||
| 676 | SSLerr(SSL_F_D2I_SSL_SESSION, ERR_R_NESTED_ASN1_ERROR); | ||
| 677 | goto err; | ||
| 678 | } | ||
| 679 | |||
| 680 | *pp = c.p; | ||
| 681 | if (a != NULL) | ||
| 682 | *a = ret; | ||
| 683 | |||
| 684 | return (ret); | ||
| 685 | |||
| 686 | err: | ||
| 687 | ERR_asprintf_error_data("offset=%d", (int)(c.q - *pp)); | ||
| 688 | if (ret != NULL && (a == NULL || *a != ret)) | ||
| 689 | SSL_SESSION_free(ret); | ||
| 690 | |||
| 691 | return (NULL); | ||
| 692 | } | ||
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c deleted file mode 100644 index 90c351298b..0000000000 --- a/src/lib/libssl/ssl_cert.c +++ /dev/null | |||
| @@ -1,737 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.49 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | |||
| 117 | #include <sys/types.h> | ||
| 118 | |||
| 119 | #include <dirent.h> | ||
| 120 | #include <stdio.h> | ||
| 121 | #include <unistd.h> | ||
| 122 | |||
| 123 | #include <openssl/bio.h> | ||
| 124 | #include <openssl/bn.h> | ||
| 125 | #include <openssl/dh.h> | ||
| 126 | #include <openssl/objects.h> | ||
| 127 | #include <openssl/opensslconf.h> | ||
| 128 | #include <openssl/pem.h> | ||
| 129 | #include <openssl/x509v3.h> | ||
| 130 | |||
| 131 | #include "ssl_locl.h" | ||
| 132 | |||
| 133 | int | ||
| 134 | SSL_get_ex_data_X509_STORE_CTX_idx(void) | ||
| 135 | { | ||
| 136 | static volatile int ssl_x509_store_ctx_idx = -1; | ||
| 137 | int got_write_lock = 0; | ||
| 138 | |||
| 139 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 140 | |||
| 141 | if (ssl_x509_store_ctx_idx < 0) { | ||
| 142 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 143 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 144 | got_write_lock = 1; | ||
| 145 | |||
| 146 | if (ssl_x509_store_ctx_idx < 0) { | ||
| 147 | ssl_x509_store_ctx_idx = | ||
| 148 | X509_STORE_CTX_get_ex_new_index( | ||
| 149 | 0, "SSL for verify callback", NULL, NULL, NULL); | ||
| 150 | } | ||
| 151 | } | ||
| 152 | |||
| 153 | if (got_write_lock) | ||
| 154 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 155 | else | ||
| 156 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 157 | |||
| 158 | return ssl_x509_store_ctx_idx; | ||
| 159 | } | ||
| 160 | |||
| 161 | static void | ||
| 162 | ssl_cert_set_default_md(CERT *cert) | ||
| 163 | { | ||
| 164 | /* Set digest values to defaults */ | ||
| 165 | cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | ||
| 166 | cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); | ||
| 167 | cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); | ||
| 168 | cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | ||
| 169 | #ifndef OPENSSL_NO_GOST | ||
| 170 | cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); | ||
| 171 | #endif | ||
| 172 | } | ||
| 173 | |||
| 174 | CERT * | ||
| 175 | ssl_cert_new(void) | ||
| 176 | { | ||
| 177 | CERT *ret; | ||
| 178 | |||
| 179 | ret = calloc(1, sizeof(CERT)); | ||
| 180 | if (ret == NULL) { | ||
| 181 | SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); | ||
| 182 | return (NULL); | ||
| 183 | } | ||
| 184 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); | ||
| 185 | ret->references = 1; | ||
| 186 | ssl_cert_set_default_md(ret); | ||
| 187 | return (ret); | ||
| 188 | } | ||
| 189 | |||
| 190 | CERT * | ||
| 191 | ssl_cert_dup(CERT *cert) | ||
| 192 | { | ||
| 193 | CERT *ret; | ||
| 194 | int i; | ||
| 195 | |||
| 196 | ret = calloc(1, sizeof(CERT)); | ||
| 197 | if (ret == NULL) { | ||
| 198 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); | ||
| 199 | return (NULL); | ||
| 200 | } | ||
| 201 | |||
| 202 | /* | ||
| 203 | * same as ret->key = ret->pkeys + (cert->key - cert->pkeys), | ||
| 204 | * if you find that more readable | ||
| 205 | */ | ||
| 206 | ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; | ||
| 207 | |||
| 208 | ret->valid = cert->valid; | ||
| 209 | ret->mask_k = cert->mask_k; | ||
| 210 | ret->mask_a = cert->mask_a; | ||
| 211 | |||
| 212 | if (cert->dh_tmp != NULL) { | ||
| 213 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | ||
| 214 | if (ret->dh_tmp == NULL) { | ||
| 215 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); | ||
| 216 | goto err; | ||
| 217 | } | ||
| 218 | if (cert->dh_tmp->priv_key) { | ||
| 219 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | ||
| 220 | if (!b) { | ||
| 221 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | ||
| 222 | goto err; | ||
| 223 | } | ||
| 224 | ret->dh_tmp->priv_key = b; | ||
| 225 | } | ||
| 226 | if (cert->dh_tmp->pub_key) { | ||
| 227 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | ||
| 228 | if (!b) { | ||
| 229 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | ||
| 230 | goto err; | ||
| 231 | } | ||
| 232 | ret->dh_tmp->pub_key = b; | ||
| 233 | } | ||
| 234 | } | ||
| 235 | ret->dh_tmp_cb = cert->dh_tmp_cb; | ||
| 236 | ret->dh_tmp_auto = cert->dh_tmp_auto; | ||
| 237 | |||
| 238 | if (cert->ecdh_tmp) { | ||
| 239 | ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); | ||
| 240 | if (ret->ecdh_tmp == NULL) { | ||
| 241 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); | ||
| 242 | goto err; | ||
| 243 | } | ||
| 244 | } | ||
| 245 | ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; | ||
| 246 | ret->ecdh_tmp_auto = cert->ecdh_tmp_auto; | ||
| 247 | |||
| 248 | for (i = 0; i < SSL_PKEY_NUM; i++) { | ||
| 249 | if (cert->pkeys[i].x509 != NULL) { | ||
| 250 | ret->pkeys[i].x509 = cert->pkeys[i].x509; | ||
| 251 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, | ||
| 252 | CRYPTO_LOCK_X509); | ||
| 253 | } | ||
| 254 | |||
| 255 | if (cert->pkeys[i].privatekey != NULL) { | ||
| 256 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; | ||
| 257 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, | ||
| 258 | CRYPTO_LOCK_EVP_PKEY); | ||
| 259 | |||
| 260 | switch (i) { | ||
| 261 | /* | ||
| 262 | * If there was anything special to do for | ||
| 263 | * certain types of keys, we'd do it here. | ||
| 264 | * (Nothing at the moment, I think.) | ||
| 265 | */ | ||
| 266 | |||
| 267 | case SSL_PKEY_RSA_ENC: | ||
| 268 | case SSL_PKEY_RSA_SIGN: | ||
| 269 | /* We have an RSA key. */ | ||
| 270 | break; | ||
| 271 | |||
| 272 | case SSL_PKEY_DSA_SIGN: | ||
| 273 | /* We have a DSA key. */ | ||
| 274 | break; | ||
| 275 | |||
| 276 | case SSL_PKEY_DH_RSA: | ||
| 277 | case SSL_PKEY_DH_DSA: | ||
| 278 | /* We have a DH key. */ | ||
| 279 | break; | ||
| 280 | |||
| 281 | case SSL_PKEY_ECC: | ||
| 282 | /* We have an ECC key */ | ||
| 283 | break; | ||
| 284 | |||
| 285 | default: | ||
| 286 | /* Can't happen. */ | ||
| 287 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | ||
| 288 | } | ||
| 289 | } | ||
| 290 | } | ||
| 291 | |||
| 292 | /* | ||
| 293 | * ret->extra_certs *should* exist, but currently the own certificate | ||
| 294 | * chain is held inside SSL_CTX | ||
| 295 | */ | ||
| 296 | |||
| 297 | ret->references = 1; | ||
| 298 | /* | ||
| 299 | * Set digests to defaults. NB: we don't copy existing values | ||
| 300 | * as they will be set during handshake. | ||
| 301 | */ | ||
| 302 | ssl_cert_set_default_md(ret); | ||
| 303 | |||
| 304 | return (ret); | ||
| 305 | |||
| 306 | err: | ||
| 307 | DH_free(ret->dh_tmp); | ||
| 308 | EC_KEY_free(ret->ecdh_tmp); | ||
| 309 | |||
| 310 | for (i = 0; i < SSL_PKEY_NUM; i++) { | ||
| 311 | if (ret->pkeys[i].x509 != NULL) | ||
| 312 | X509_free(ret->pkeys[i].x509); | ||
| 313 | EVP_PKEY_free(ret->pkeys[i].privatekey); | ||
| 314 | } | ||
| 315 | free (ret); | ||
| 316 | return NULL; | ||
| 317 | } | ||
| 318 | |||
| 319 | |||
| 320 | void | ||
| 321 | ssl_cert_free(CERT *c) | ||
| 322 | { | ||
| 323 | int i; | ||
| 324 | |||
| 325 | if (c == NULL) | ||
| 326 | return; | ||
| 327 | |||
| 328 | i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); | ||
| 329 | if (i > 0) | ||
| 330 | return; | ||
| 331 | |||
| 332 | DH_free(c->dh_tmp); | ||
| 333 | EC_KEY_free(c->ecdh_tmp); | ||
| 334 | |||
| 335 | for (i = 0; i < SSL_PKEY_NUM; i++) { | ||
| 336 | if (c->pkeys[i].x509 != NULL) | ||
| 337 | X509_free(c->pkeys[i].x509); | ||
| 338 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
| 339 | } | ||
| 340 | |||
| 341 | free(c); | ||
| 342 | } | ||
| 343 | |||
| 344 | int | ||
| 345 | ssl_cert_inst(CERT **o) | ||
| 346 | { | ||
| 347 | /* | ||
| 348 | * Create a CERT if there isn't already one | ||
| 349 | * (which cannot really happen, as it is initially created in | ||
| 350 | * SSL_CTX_new; but the earlier code usually allows for that one | ||
| 351 | * being non-existant, so we follow that behaviour, as it might | ||
| 352 | * turn out that there actually is a reason for it -- but I'm | ||
| 353 | * not sure that *all* of the existing code could cope with | ||
| 354 | * s->cert being NULL, otherwise we could do without the | ||
| 355 | * initialization in SSL_CTX_new). | ||
| 356 | */ | ||
| 357 | |||
| 358 | if (o == NULL) { | ||
| 359 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); | ||
| 360 | return (0); | ||
| 361 | } | ||
| 362 | if (*o == NULL) { | ||
| 363 | if ((*o = ssl_cert_new()) == NULL) { | ||
| 364 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); | ||
| 365 | return (0); | ||
| 366 | } | ||
| 367 | } | ||
| 368 | return (1); | ||
| 369 | } | ||
| 370 | |||
| 371 | |||
| 372 | SESS_CERT * | ||
| 373 | ssl_sess_cert_new(void) | ||
| 374 | { | ||
| 375 | SESS_CERT *ret; | ||
| 376 | |||
| 377 | ret = calloc(1, sizeof *ret); | ||
| 378 | if (ret == NULL) { | ||
| 379 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); | ||
| 380 | return NULL; | ||
| 381 | } | ||
| 382 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | ||
| 383 | ret->references = 1; | ||
| 384 | |||
| 385 | return ret; | ||
| 386 | } | ||
| 387 | |||
| 388 | void | ||
| 389 | ssl_sess_cert_free(SESS_CERT *sc) | ||
| 390 | { | ||
| 391 | int i; | ||
| 392 | |||
| 393 | if (sc == NULL) | ||
| 394 | return; | ||
| 395 | |||
| 396 | i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); | ||
| 397 | if (i > 0) | ||
| 398 | return; | ||
| 399 | |||
| 400 | /* i == 0 */ | ||
| 401 | if (sc->cert_chain != NULL) | ||
| 402 | sk_X509_pop_free(sc->cert_chain, X509_free); | ||
| 403 | for (i = 0; i < SSL_PKEY_NUM; i++) { | ||
| 404 | if (sc->peer_pkeys[i].x509 != NULL) | ||
| 405 | X509_free(sc->peer_pkeys[i].x509); | ||
| 406 | } | ||
| 407 | |||
| 408 | DH_free(sc->peer_dh_tmp); | ||
| 409 | EC_KEY_free(sc->peer_ecdh_tmp); | ||
| 410 | |||
| 411 | free(sc); | ||
| 412 | } | ||
| 413 | |||
| 414 | int | ||
| 415 | ssl_set_peer_cert_type(SESS_CERT *sc, int type) | ||
| 416 | { | ||
| 417 | sc->peer_cert_type = type; | ||
| 418 | return (1); | ||
| 419 | } | ||
| 420 | |||
| 421 | int | ||
| 422 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | ||
| 423 | { | ||
| 424 | X509_STORE_CTX ctx; | ||
| 425 | X509 *x; | ||
| 426 | int ret; | ||
| 427 | |||
| 428 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | ||
| 429 | return (0); | ||
| 430 | |||
| 431 | x = sk_X509_value(sk, 0); | ||
| 432 | if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) { | ||
| 433 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); | ||
| 434 | return (0); | ||
| 435 | } | ||
| 436 | X509_STORE_CTX_set_ex_data(&ctx, | ||
| 437 | SSL_get_ex_data_X509_STORE_CTX_idx(), s); | ||
| 438 | |||
| 439 | /* | ||
| 440 | * We need to inherit the verify parameters. These can be | ||
| 441 | * determined by the context: if its a server it will verify | ||
| 442 | * SSL client certificates or vice versa. | ||
| 443 | */ | ||
| 444 | X509_STORE_CTX_set_default(&ctx, | ||
| 445 | s->server ? "ssl_client" : "ssl_server"); | ||
| 446 | |||
| 447 | /* | ||
| 448 | * Anything non-default in "param" should overwrite anything | ||
| 449 | * in the ctx. | ||
| 450 | */ | ||
| 451 | X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); | ||
| 452 | |||
| 453 | if (s->verify_callback) | ||
| 454 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); | ||
| 455 | |||
| 456 | if (s->ctx->app_verify_callback != NULL) | ||
| 457 | ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | ||
| 458 | else | ||
| 459 | ret = X509_verify_cert(&ctx); | ||
| 460 | |||
| 461 | s->verify_result = ctx.error; | ||
| 462 | X509_STORE_CTX_cleanup(&ctx); | ||
| 463 | |||
| 464 | return (ret); | ||
| 465 | } | ||
| 466 | |||
| 467 | static void | ||
| 468 | set_client_CA_list(STACK_OF(X509_NAME) **ca_list, | ||
| 469 | STACK_OF(X509_NAME) *name_list) | ||
| 470 | { | ||
| 471 | if (*ca_list != NULL) | ||
| 472 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); | ||
| 473 | |||
| 474 | *ca_list = name_list; | ||
| 475 | } | ||
| 476 | |||
| 477 | STACK_OF(X509_NAME) * | ||
| 478 | SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) | ||
| 479 | { | ||
| 480 | int i; | ||
| 481 | STACK_OF(X509_NAME) *ret; | ||
| 482 | X509_NAME *name; | ||
| 483 | |||
| 484 | ret = sk_X509_NAME_new_null(); | ||
| 485 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { | ||
| 486 | name = X509_NAME_dup(sk_X509_NAME_value(sk, i)); | ||
| 487 | if ((name == NULL) || !sk_X509_NAME_push(ret, name)) { | ||
| 488 | sk_X509_NAME_pop_free(ret, X509_NAME_free); | ||
| 489 | return (NULL); | ||
| 490 | } | ||
| 491 | } | ||
| 492 | return (ret); | ||
| 493 | } | ||
| 494 | |||
| 495 | void | ||
| 496 | SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list) | ||
| 497 | { | ||
| 498 | set_client_CA_list(&(s->client_CA), name_list); | ||
| 499 | } | ||
| 500 | |||
| 501 | void | ||
| 502 | SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list) | ||
| 503 | { | ||
| 504 | set_client_CA_list(&(ctx->client_CA), name_list); | ||
| 505 | } | ||
| 506 | |||
| 507 | STACK_OF(X509_NAME) * | ||
| 508 | SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) | ||
| 509 | { | ||
| 510 | return (ctx->client_CA); | ||
| 511 | } | ||
| 512 | |||
| 513 | STACK_OF(X509_NAME) * | ||
| 514 | SSL_get_client_CA_list(const SSL *s) | ||
| 515 | { | ||
| 516 | if (s->type == SSL_ST_CONNECT) { | ||
| 517 | /* We are in the client. */ | ||
| 518 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && | ||
| 519 | (s->s3 != NULL)) | ||
| 520 | return (s->s3->tmp.ca_names); | ||
| 521 | else | ||
| 522 | return (NULL); | ||
| 523 | } else { | ||
| 524 | if (s->client_CA != NULL) | ||
| 525 | return (s->client_CA); | ||
| 526 | else | ||
| 527 | return (s->ctx->client_CA); | ||
| 528 | } | ||
| 529 | } | ||
| 530 | |||
| 531 | static int | ||
| 532 | add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x) | ||
| 533 | { | ||
| 534 | X509_NAME *name; | ||
| 535 | |||
| 536 | if (x == NULL) | ||
| 537 | return (0); | ||
| 538 | if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL)) | ||
| 539 | return (0); | ||
| 540 | |||
| 541 | if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL) | ||
| 542 | return (0); | ||
| 543 | |||
| 544 | if (!sk_X509_NAME_push(*sk, name)) { | ||
| 545 | X509_NAME_free(name); | ||
| 546 | return (0); | ||
| 547 | } | ||
| 548 | return (1); | ||
| 549 | } | ||
| 550 | |||
| 551 | int | ||
| 552 | SSL_add_client_CA(SSL *ssl, X509 *x) | ||
| 553 | { | ||
| 554 | return (add_client_CA(&(ssl->client_CA), x)); | ||
| 555 | } | ||
| 556 | |||
| 557 | int | ||
| 558 | SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) | ||
| 559 | { | ||
| 560 | return (add_client_CA(&(ctx->client_CA), x)); | ||
| 561 | } | ||
| 562 | |||
| 563 | static int | ||
| 564 | xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) | ||
| 565 | { | ||
| 566 | return (X509_NAME_cmp(*a, *b)); | ||
| 567 | } | ||
| 568 | |||
| 569 | /*! | ||
| 570 | * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; | ||
| 571 | * it doesn't really have anything to do with clients (except that a common use | ||
| 572 | * for a stack of CAs is to send it to the client). Actually, it doesn't have | ||
| 573 | * much to do with CAs, either, since it will load any old cert. | ||
| 574 | * \param file the file containing one or more certs. | ||
| 575 | * \return a ::STACK containing the certs. | ||
| 576 | */ | ||
| 577 | STACK_OF(X509_NAME) * | ||
| 578 | SSL_load_client_CA_file(const char *file) | ||
| 579 | { | ||
| 580 | BIO *in; | ||
| 581 | X509 *x = NULL; | ||
| 582 | X509_NAME *xn = NULL; | ||
| 583 | STACK_OF(X509_NAME) *ret = NULL, *sk; | ||
| 584 | |||
| 585 | sk = sk_X509_NAME_new(xname_cmp); | ||
| 586 | |||
| 587 | in = BIO_new(BIO_s_file_internal()); | ||
| 588 | |||
| 589 | if ((sk == NULL) || (in == NULL)) { | ||
| 590 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); | ||
| 591 | goto err; | ||
| 592 | } | ||
| 593 | |||
| 594 | if (!BIO_read_filename(in, file)) | ||
| 595 | goto err; | ||
| 596 | |||
| 597 | for (;;) { | ||
| 598 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) | ||
| 599 | break; | ||
| 600 | if (ret == NULL) { | ||
| 601 | ret = sk_X509_NAME_new_null(); | ||
| 602 | if (ret == NULL) { | ||
| 603 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, | ||
| 604 | ERR_R_MALLOC_FAILURE); | ||
| 605 | goto err; | ||
| 606 | } | ||
| 607 | } | ||
| 608 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; | ||
| 609 | /* check for duplicates */ | ||
| 610 | xn = X509_NAME_dup(xn); | ||
| 611 | if (xn == NULL) | ||
| 612 | goto err; | ||
| 613 | if (sk_X509_NAME_find(sk, xn) >= 0) | ||
| 614 | X509_NAME_free(xn); | ||
| 615 | else { | ||
| 616 | sk_X509_NAME_push(sk, xn); | ||
| 617 | sk_X509_NAME_push(ret, xn); | ||
| 618 | } | ||
| 619 | } | ||
| 620 | |||
| 621 | if (0) { | ||
| 622 | err: | ||
| 623 | if (ret != NULL) | ||
| 624 | sk_X509_NAME_pop_free(ret, X509_NAME_free); | ||
| 625 | ret = NULL; | ||
| 626 | } | ||
| 627 | if (sk != NULL) | ||
| 628 | sk_X509_NAME_free(sk); | ||
| 629 | BIO_free(in); | ||
| 630 | if (x != NULL) | ||
| 631 | X509_free(x); | ||
| 632 | if (ret != NULL) | ||
| 633 | ERR_clear_error(); | ||
| 634 | return (ret); | ||
| 635 | } | ||
| 636 | |||
| 637 | /*! | ||
| 638 | * Add a file of certs to a stack. | ||
| 639 | * \param stack the stack to add to. | ||
| 640 | * \param file the file to add from. All certs in this file that are not | ||
| 641 | * already in the stack will be added. | ||
| 642 | * \return 1 for success, 0 for failure. Note that in the case of failure some | ||
| 643 | * certs may have been added to \c stack. | ||
| 644 | */ | ||
| 645 | |||
| 646 | int | ||
| 647 | SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
| 648 | const char *file) | ||
| 649 | { | ||
| 650 | BIO *in; | ||
| 651 | X509 *x = NULL; | ||
| 652 | X509_NAME *xn = NULL; | ||
| 653 | int ret = 1; | ||
| 654 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); | ||
| 655 | |||
| 656 | oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp); | ||
| 657 | |||
| 658 | in = BIO_new(BIO_s_file_internal()); | ||
| 659 | |||
| 660 | if (in == NULL) { | ||
| 661 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, | ||
| 662 | ERR_R_MALLOC_FAILURE); | ||
| 663 | goto err; | ||
| 664 | } | ||
| 665 | |||
| 666 | if (!BIO_read_filename(in, file)) | ||
| 667 | goto err; | ||
| 668 | |||
| 669 | for (;;) { | ||
| 670 | if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL) | ||
| 671 | break; | ||
| 672 | if ((xn = X509_get_subject_name(x)) == NULL) goto err; | ||
| 673 | xn = X509_NAME_dup(xn); | ||
| 674 | if (xn == NULL) | ||
| 675 | goto err; | ||
| 676 | if (sk_X509_NAME_find(stack, xn) >= 0) | ||
| 677 | X509_NAME_free(xn); | ||
| 678 | else | ||
| 679 | sk_X509_NAME_push(stack, xn); | ||
| 680 | } | ||
| 681 | |||
| 682 | ERR_clear_error(); | ||
| 683 | |||
| 684 | if (0) { | ||
| 685 | err: | ||
| 686 | ret = 0; | ||
| 687 | } | ||
| 688 | BIO_free(in); | ||
| 689 | if (x != NULL) | ||
| 690 | X509_free(x); | ||
| 691 | |||
| 692 | (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); | ||
| 693 | |||
| 694 | return ret; | ||
| 695 | } | ||
| 696 | |||
| 697 | /*! | ||
| 698 | * Add a directory of certs to a stack. | ||
| 699 | * \param stack the stack to append to. | ||
| 700 | * \param dir the directory to append from. All files in this directory will be | ||
| 701 | * examined as potential certs. Any that are acceptable to | ||
| 702 | * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will | ||
| 703 | * be included. | ||
| 704 | * \return 1 for success, 0 for failure. Note that in the case of failure some | ||
| 705 | * certs may have been added to \c stack. | ||
| 706 | */ | ||
| 707 | |||
| 708 | int | ||
| 709 | SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) | ||
| 710 | { | ||
| 711 | DIR *dirp = NULL; | ||
| 712 | char *path = NULL; | ||
| 713 | int ret = 0; | ||
| 714 | |||
| 715 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | ||
| 716 | dirp = opendir(dir); | ||
| 717 | if (dirp) { | ||
| 718 | struct dirent *dp; | ||
| 719 | while ((dp = readdir(dirp)) != NULL) { | ||
| 720 | if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) { | ||
| 721 | ret = SSL_add_file_cert_subjects_to_stack( | ||
| 722 | stack, path); | ||
| 723 | free(path); | ||
| 724 | } | ||
| 725 | if (!ret) | ||
| 726 | break; | ||
| 727 | } | ||
| 728 | (void) closedir(dirp); | ||
| 729 | } | ||
| 730 | if (!ret) { | ||
| 731 | SYSerr(SYS_F_OPENDIR, errno); | ||
| 732 | ERR_asprintf_error_data("opendir ('%s')", dir); | ||
| 733 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | ||
| 734 | } | ||
| 735 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | ||
| 736 | return ret; | ||
| 737 | } | ||
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c deleted file mode 100644 index 96b4099d19..0000000000 --- a/src/lib/libssl/ssl_ciph.c +++ /dev/null | |||
| @@ -1,1765 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_ciph.c,v 1.81 2015/02/07 04:17:11 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | /* ==================================================================== | ||
| 117 | * Copyright 2005 Nokia. All rights reserved. | ||
| 118 | * | ||
| 119 | * The portions of the attached software ("Contribution") is developed by | ||
| 120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 121 | * license. | ||
| 122 | * | ||
| 123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 125 | * support (see RFC 4279) to OpenSSL. | ||
| 126 | * | ||
| 127 | * No patent licenses or other rights except those expressly stated in | ||
| 128 | * the OpenSSL open source license shall be deemed granted or received | ||
| 129 | * expressly, by implication, estoppel, or otherwise. | ||
| 130 | * | ||
| 131 | * No assurances are provided by Nokia that the Contribution does not | ||
| 132 | * infringe the patent or other intellectual property rights of any third | ||
| 133 | * party or that the license provides you with all the necessary rights | ||
| 134 | * to make use of the Contribution. | ||
| 135 | * | ||
| 136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 140 | * OTHERWISE. | ||
| 141 | */ | ||
| 142 | |||
| 143 | #include <stdio.h> | ||
| 144 | |||
| 145 | #include <openssl/objects.h> | ||
| 146 | |||
| 147 | #ifndef OPENSSL_NO_ENGINE | ||
| 148 | #include <openssl/engine.h> | ||
| 149 | #endif | ||
| 150 | |||
| 151 | #include "ssl_locl.h" | ||
| 152 | |||
| 153 | #define SSL_ENC_DES_IDX 0 | ||
| 154 | #define SSL_ENC_3DES_IDX 1 | ||
| 155 | #define SSL_ENC_RC4_IDX 2 | ||
| 156 | #define SSL_ENC_IDEA_IDX 3 | ||
| 157 | #define SSL_ENC_NULL_IDX 4 | ||
| 158 | #define SSL_ENC_AES128_IDX 5 | ||
| 159 | #define SSL_ENC_AES256_IDX 6 | ||
| 160 | #define SSL_ENC_CAMELLIA128_IDX 7 | ||
| 161 | #define SSL_ENC_CAMELLIA256_IDX 8 | ||
| 162 | #define SSL_ENC_GOST89_IDX 9 | ||
| 163 | #define SSL_ENC_AES128GCM_IDX 10 | ||
| 164 | #define SSL_ENC_AES256GCM_IDX 11 | ||
| 165 | #define SSL_ENC_NUM_IDX 12 | ||
| 166 | |||
| 167 | |||
| 168 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { | ||
| 169 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | ||
| 170 | }; | ||
| 171 | |||
| 172 | #define SSL_MD_MD5_IDX 0 | ||
| 173 | #define SSL_MD_SHA1_IDX 1 | ||
| 174 | #define SSL_MD_GOST94_IDX 2 | ||
| 175 | #define SSL_MD_GOST89MAC_IDX 3 | ||
| 176 | #define SSL_MD_SHA256_IDX 4 | ||
| 177 | #define SSL_MD_SHA384_IDX 5 | ||
| 178 | #define SSL_MD_STREEBOG256_IDX 6 | ||
| 179 | #define SSL_MD_STREEBOG512_IDX 7 | ||
| 180 | /*Constant SSL_MAX_DIGEST equal to size of digests array should be | ||
| 181 | * defined in the | ||
| 182 | * ssl_locl.h */ | ||
| 183 | #define SSL_MD_NUM_IDX SSL_MAX_DIGEST | ||
| 184 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { | ||
| 185 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | ||
| 186 | }; | ||
| 187 | |||
| 188 | static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { | ||
| 189 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_GOSTIMIT, | ||
| 190 | EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, | ||
| 191 | }; | ||
| 192 | |||
| 193 | static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { | ||
| 194 | 0, 0, 0, 0, 0, 0, 0, 0 | ||
| 195 | }; | ||
| 196 | |||
| 197 | static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { | ||
| 198 | SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, | ||
| 199 | SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, | ||
| 200 | SSL_HANDSHAKE_MAC_SHA384, SSL_HANDSHAKE_MAC_STREEBOG256, | ||
| 201 | SSL_HANDSHAKE_MAC_STREEBOG512 | ||
| 202 | }; | ||
| 203 | |||
| 204 | #define CIPHER_ADD 1 | ||
| 205 | #define CIPHER_KILL 2 | ||
| 206 | #define CIPHER_DEL 3 | ||
| 207 | #define CIPHER_ORD 4 | ||
| 208 | #define CIPHER_SPECIAL 5 | ||
| 209 | |||
| 210 | typedef struct cipher_order_st { | ||
| 211 | const SSL_CIPHER *cipher; | ||
| 212 | int active; | ||
| 213 | int dead; | ||
| 214 | struct cipher_order_st *next, *prev; | ||
| 215 | } CIPHER_ORDER; | ||
| 216 | |||
| 217 | static const SSL_CIPHER cipher_aliases[] = { | ||
| 218 | |||
| 219 | /* "ALL" doesn't include eNULL (must be specifically enabled) */ | ||
| 220 | { | ||
| 221 | .name = SSL_TXT_ALL, | ||
| 222 | .algorithm_enc = ~SSL_eNULL, | ||
| 223 | }, | ||
| 224 | |||
| 225 | /* "COMPLEMENTOFALL" */ | ||
| 226 | { | ||
| 227 | .name = SSL_TXT_CMPALL, | ||
| 228 | .algorithm_enc = SSL_eNULL, | ||
| 229 | }, | ||
| 230 | |||
| 231 | /* | ||
| 232 | * "COMPLEMENTOFDEFAULT" | ||
| 233 | * (does *not* include ciphersuites not found in ALL!) | ||
| 234 | */ | ||
| 235 | { | ||
| 236 | .name = SSL_TXT_CMPDEF, | ||
| 237 | .algorithm_mkey = SSL_kDHE|SSL_kECDHE, | ||
| 238 | .algorithm_auth = SSL_aNULL, | ||
| 239 | .algorithm_enc = ~SSL_eNULL, | ||
| 240 | }, | ||
| 241 | |||
| 242 | /* | ||
| 243 | * key exchange aliases | ||
| 244 | * (some of those using only a single bit here combine multiple key | ||
| 245 | * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS | ||
| 246 | * and DHE_RSA) | ||
| 247 | */ | ||
| 248 | { | ||
| 249 | .name = SSL_TXT_kRSA, | ||
| 250 | .algorithm_mkey = SSL_kRSA, | ||
| 251 | }, | ||
| 252 | { | ||
| 253 | .name = SSL_TXT_kEDH, | ||
| 254 | .algorithm_mkey = SSL_kDHE, | ||
| 255 | }, | ||
| 256 | { | ||
| 257 | .name = SSL_TXT_DH, | ||
| 258 | .algorithm_mkey = SSL_kDHE, | ||
| 259 | }, | ||
| 260 | |||
| 261 | { | ||
| 262 | .name = SSL_TXT_kECDHr, | ||
| 263 | .algorithm_mkey = SSL_kECDHr, | ||
| 264 | }, | ||
| 265 | { | ||
| 266 | .name = SSL_TXT_kECDHe, | ||
| 267 | .algorithm_mkey = SSL_kECDHe, | ||
| 268 | }, | ||
| 269 | { | ||
| 270 | .name = SSL_TXT_kECDH, | ||
| 271 | .algorithm_mkey = SSL_kECDHr|SSL_kECDHe, | ||
| 272 | }, | ||
| 273 | { | ||
| 274 | .name = SSL_TXT_kEECDH, | ||
| 275 | .algorithm_mkey = SSL_kECDHE, | ||
| 276 | }, | ||
| 277 | { | ||
| 278 | .name = SSL_TXT_ECDH, | ||
| 279 | .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE, | ||
| 280 | }, | ||
| 281 | |||
| 282 | { | ||
| 283 | .name = SSL_TXT_kGOST, | ||
| 284 | .algorithm_mkey = SSL_kGOST, | ||
| 285 | }, | ||
| 286 | |||
| 287 | /* server authentication aliases */ | ||
| 288 | { | ||
| 289 | .name = SSL_TXT_aRSA, | ||
| 290 | .algorithm_auth = SSL_aRSA, | ||
| 291 | }, | ||
| 292 | { | ||
| 293 | .name = SSL_TXT_aDSS, | ||
| 294 | .algorithm_auth = SSL_aDSS, | ||
| 295 | }, | ||
| 296 | { | ||
| 297 | .name = SSL_TXT_DSS, | ||
| 298 | .algorithm_auth = SSL_aDSS, | ||
| 299 | }, | ||
| 300 | { | ||
| 301 | .name = SSL_TXT_aNULL, | ||
| 302 | .algorithm_auth = SSL_aNULL, | ||
| 303 | }, | ||
| 304 | { | ||
| 305 | .name = SSL_TXT_aECDH, | ||
| 306 | .algorithm_auth = SSL_aECDH, | ||
| 307 | }, | ||
| 308 | { | ||
| 309 | .name = SSL_TXT_aECDSA, | ||
| 310 | .algorithm_auth = SSL_aECDSA, | ||
| 311 | }, | ||
| 312 | { | ||
| 313 | .name = SSL_TXT_ECDSA, | ||
| 314 | .algorithm_auth = SSL_aECDSA, | ||
| 315 | }, | ||
| 316 | { | ||
| 317 | .name = SSL_TXT_aGOST01, | ||
| 318 | .algorithm_auth = SSL_aGOST01, | ||
| 319 | }, | ||
| 320 | { | ||
| 321 | .name = SSL_TXT_aGOST, | ||
| 322 | .algorithm_auth = SSL_aGOST01, | ||
| 323 | }, | ||
| 324 | |||
| 325 | /* aliases combining key exchange and server authentication */ | ||
| 326 | { | ||
| 327 | .name = SSL_TXT_DHE, | ||
| 328 | .algorithm_mkey = SSL_kDHE, | ||
| 329 | .algorithm_auth = ~SSL_aNULL, | ||
| 330 | }, | ||
| 331 | { | ||
| 332 | .name = SSL_TXT_EDH, | ||
| 333 | .algorithm_mkey = SSL_kDHE, | ||
| 334 | .algorithm_auth = ~SSL_aNULL, | ||
| 335 | }, | ||
| 336 | { | ||
| 337 | .name = SSL_TXT_ECDHE, | ||
| 338 | .algorithm_mkey = SSL_kECDHE, | ||
| 339 | .algorithm_auth = ~SSL_aNULL, | ||
| 340 | }, | ||
| 341 | { | ||
| 342 | .name = SSL_TXT_EECDH, | ||
| 343 | .algorithm_mkey = SSL_kECDHE, | ||
| 344 | .algorithm_auth = ~SSL_aNULL, | ||
| 345 | }, | ||
| 346 | { | ||
| 347 | .name = SSL_TXT_NULL, | ||
| 348 | .algorithm_enc = SSL_eNULL, | ||
| 349 | }, | ||
| 350 | { | ||
| 351 | .name = SSL_TXT_RSA, | ||
| 352 | .algorithm_mkey = SSL_kRSA, | ||
| 353 | .algorithm_auth = SSL_aRSA, | ||
| 354 | }, | ||
| 355 | { | ||
| 356 | .name = SSL_TXT_ADH, | ||
| 357 | .algorithm_mkey = SSL_kDHE, | ||
| 358 | .algorithm_auth = SSL_aNULL, | ||
| 359 | }, | ||
| 360 | { | ||
| 361 | .name = SSL_TXT_AECDH, | ||
| 362 | .algorithm_mkey = SSL_kECDHE, | ||
| 363 | .algorithm_auth = SSL_aNULL, | ||
| 364 | }, | ||
| 365 | |||
| 366 | /* symmetric encryption aliases */ | ||
| 367 | { | ||
| 368 | .name = SSL_TXT_DES, | ||
| 369 | .algorithm_enc = SSL_DES, | ||
| 370 | }, | ||
| 371 | { | ||
| 372 | .name = SSL_TXT_3DES, | ||
| 373 | .algorithm_enc = SSL_3DES, | ||
| 374 | }, | ||
| 375 | { | ||
| 376 | .name = SSL_TXT_RC4, | ||
| 377 | .algorithm_enc = SSL_RC4, | ||
| 378 | }, | ||
| 379 | { | ||
| 380 | .name = SSL_TXT_IDEA, | ||
| 381 | .algorithm_enc = SSL_IDEA, | ||
| 382 | }, | ||
| 383 | { | ||
| 384 | .name = SSL_TXT_eNULL, | ||
| 385 | .algorithm_enc = SSL_eNULL, | ||
| 386 | }, | ||
| 387 | { | ||
| 388 | .name = SSL_TXT_AES128, | ||
| 389 | .algorithm_enc = SSL_AES128|SSL_AES128GCM, | ||
| 390 | }, | ||
| 391 | { | ||
| 392 | .name = SSL_TXT_AES256, | ||
| 393 | .algorithm_enc = SSL_AES256|SSL_AES256GCM, | ||
| 394 | }, | ||
| 395 | { | ||
| 396 | .name = SSL_TXT_AES, | ||
| 397 | .algorithm_enc = SSL_AES, | ||
| 398 | }, | ||
| 399 | { | ||
| 400 | .name = SSL_TXT_AES_GCM, | ||
| 401 | .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM, | ||
| 402 | }, | ||
| 403 | { | ||
| 404 | .name = SSL_TXT_CAMELLIA128, | ||
| 405 | .algorithm_enc = SSL_CAMELLIA128, | ||
| 406 | }, | ||
| 407 | { | ||
| 408 | .name = SSL_TXT_CAMELLIA256, | ||
| 409 | .algorithm_enc = SSL_CAMELLIA256, | ||
| 410 | }, | ||
| 411 | { | ||
| 412 | .name = SSL_TXT_CAMELLIA, | ||
| 413 | .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256, | ||
| 414 | }, | ||
| 415 | { | ||
| 416 | .name = SSL_TXT_CHACHA20, | ||
| 417 | .algorithm_enc = SSL_CHACHA20POLY1305, | ||
| 418 | }, | ||
| 419 | |||
| 420 | /* MAC aliases */ | ||
| 421 | { | ||
| 422 | .name = SSL_TXT_AEAD, | ||
| 423 | .algorithm_mac = SSL_AEAD, | ||
| 424 | }, | ||
| 425 | { | ||
| 426 | .name = SSL_TXT_MD5, | ||
| 427 | .algorithm_mac = SSL_MD5, | ||
| 428 | }, | ||
| 429 | { | ||
| 430 | .name = SSL_TXT_SHA1, | ||
| 431 | .algorithm_mac = SSL_SHA1, | ||
| 432 | }, | ||
| 433 | { | ||
| 434 | .name = SSL_TXT_SHA, | ||
| 435 | .algorithm_mac = SSL_SHA1, | ||
| 436 | }, | ||
| 437 | { | ||
| 438 | .name = SSL_TXT_GOST94, | ||
| 439 | .algorithm_mac = SSL_GOST94, | ||
| 440 | }, | ||
| 441 | { | ||
| 442 | .name = SSL_TXT_GOST89MAC, | ||
| 443 | .algorithm_mac = SSL_GOST89MAC, | ||
| 444 | }, | ||
| 445 | { | ||
| 446 | .name = SSL_TXT_SHA256, | ||
| 447 | .algorithm_mac = SSL_SHA256, | ||
| 448 | }, | ||
| 449 | { | ||
| 450 | .name = SSL_TXT_SHA384, | ||
| 451 | .algorithm_mac = SSL_SHA384, | ||
| 452 | }, | ||
| 453 | { | ||
| 454 | .name = SSL_TXT_STREEBOG256, | ||
| 455 | .algorithm_mac = SSL_STREEBOG256, | ||
| 456 | }, | ||
| 457 | { | ||
| 458 | .name = SSL_TXT_STREEBOG512, | ||
| 459 | .algorithm_mac = SSL_STREEBOG512, | ||
| 460 | }, | ||
| 461 | |||
| 462 | /* protocol version aliases */ | ||
| 463 | { | ||
| 464 | .name = SSL_TXT_SSLV3, | ||
| 465 | .algorithm_ssl = SSL_SSLV3, | ||
| 466 | }, | ||
| 467 | { | ||
| 468 | .name = SSL_TXT_TLSV1, | ||
| 469 | .algorithm_ssl = SSL_TLSV1, | ||
| 470 | }, | ||
| 471 | { | ||
| 472 | .name = SSL_TXT_TLSV1_2, | ||
| 473 | .algorithm_ssl = SSL_TLSV1_2, | ||
| 474 | }, | ||
| 475 | |||
| 476 | /* strength classes */ | ||
| 477 | { | ||
| 478 | .name = SSL_TXT_LOW, | ||
| 479 | .algo_strength = SSL_LOW, | ||
| 480 | }, | ||
| 481 | { | ||
| 482 | .name = SSL_TXT_MEDIUM, | ||
| 483 | .algo_strength = SSL_MEDIUM, | ||
| 484 | }, | ||
| 485 | { | ||
| 486 | .name = SSL_TXT_HIGH, | ||
| 487 | .algo_strength = SSL_HIGH, | ||
| 488 | }, | ||
| 489 | }; | ||
| 490 | |||
| 491 | void | ||
| 492 | ssl_load_ciphers(void) | ||
| 493 | { | ||
| 494 | ssl_cipher_methods[SSL_ENC_DES_IDX] = | ||
| 495 | EVP_get_cipherbyname(SN_des_cbc); | ||
| 496 | ssl_cipher_methods[SSL_ENC_3DES_IDX] = | ||
| 497 | EVP_get_cipherbyname(SN_des_ede3_cbc); | ||
| 498 | ssl_cipher_methods[SSL_ENC_RC4_IDX] = | ||
| 499 | EVP_get_cipherbyname(SN_rc4); | ||
| 500 | #ifndef OPENSSL_NO_IDEA | ||
| 501 | ssl_cipher_methods[SSL_ENC_IDEA_IDX] = | ||
| 502 | EVP_get_cipherbyname(SN_idea_cbc); | ||
| 503 | #else | ||
| 504 | ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL; | ||
| 505 | #endif | ||
| 506 | ssl_cipher_methods[SSL_ENC_AES128_IDX] = | ||
| 507 | EVP_get_cipherbyname(SN_aes_128_cbc); | ||
| 508 | ssl_cipher_methods[SSL_ENC_AES256_IDX] = | ||
| 509 | EVP_get_cipherbyname(SN_aes_256_cbc); | ||
| 510 | ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] = | ||
| 511 | EVP_get_cipherbyname(SN_camellia_128_cbc); | ||
| 512 | ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] = | ||
| 513 | EVP_get_cipherbyname(SN_camellia_256_cbc); | ||
| 514 | ssl_cipher_methods[SSL_ENC_GOST89_IDX] = | ||
| 515 | EVP_get_cipherbyname(SN_gost89_cnt); | ||
| 516 | |||
| 517 | ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] = | ||
| 518 | EVP_get_cipherbyname(SN_aes_128_gcm); | ||
| 519 | ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = | ||
| 520 | EVP_get_cipherbyname(SN_aes_256_gcm); | ||
| 521 | |||
| 522 | ssl_digest_methods[SSL_MD_MD5_IDX] = | ||
| 523 | EVP_get_digestbyname(SN_md5); | ||
| 524 | ssl_mac_secret_size[SSL_MD_MD5_IDX] = | ||
| 525 | EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); | ||
| 526 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0); | ||
| 527 | ssl_digest_methods[SSL_MD_SHA1_IDX] = | ||
| 528 | EVP_get_digestbyname(SN_sha1); | ||
| 529 | ssl_mac_secret_size[SSL_MD_SHA1_IDX] = | ||
| 530 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]); | ||
| 531 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0); | ||
| 532 | ssl_digest_methods[SSL_MD_GOST94_IDX] = | ||
| 533 | EVP_get_digestbyname(SN_id_GostR3411_94); | ||
| 534 | if (ssl_digest_methods[SSL_MD_GOST94_IDX]) { | ||
| 535 | ssl_mac_secret_size[SSL_MD_GOST94_IDX] = | ||
| 536 | EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]); | ||
| 537 | OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0); | ||
| 538 | } | ||
| 539 | ssl_digest_methods[SSL_MD_GOST89MAC_IDX] = | ||
| 540 | EVP_get_digestbyname(SN_id_Gost28147_89_MAC); | ||
| 541 | if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { | ||
| 542 | ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; | ||
| 543 | } | ||
| 544 | |||
| 545 | ssl_digest_methods[SSL_MD_SHA256_IDX] = | ||
| 546 | EVP_get_digestbyname(SN_sha256); | ||
| 547 | ssl_mac_secret_size[SSL_MD_SHA256_IDX] = | ||
| 548 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]); | ||
| 549 | ssl_digest_methods[SSL_MD_SHA384_IDX] = | ||
| 550 | EVP_get_digestbyname(SN_sha384); | ||
| 551 | ssl_mac_secret_size[SSL_MD_SHA384_IDX] = | ||
| 552 | EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); | ||
| 553 | ssl_digest_methods[SSL_MD_STREEBOG256_IDX] = | ||
| 554 | EVP_get_digestbyname(SN_id_tc26_gost3411_2012_256); | ||
| 555 | ssl_mac_secret_size[SSL_MD_STREEBOG256_IDX] = | ||
| 556 | EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG256_IDX]); | ||
| 557 | ssl_digest_methods[SSL_MD_STREEBOG512_IDX] = | ||
| 558 | EVP_get_digestbyname(SN_id_tc26_gost3411_2012_512); | ||
| 559 | ssl_mac_secret_size[SSL_MD_STREEBOG512_IDX] = | ||
| 560 | EVP_MD_size(ssl_digest_methods[SSL_MD_STREEBOG512_IDX]); | ||
| 561 | } | ||
| 562 | |||
| 563 | int | ||
| 564 | ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
| 565 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size) | ||
| 566 | { | ||
| 567 | const SSL_CIPHER *c; | ||
| 568 | int i; | ||
| 569 | |||
| 570 | c = s->cipher; | ||
| 571 | if (c == NULL) | ||
| 572 | return (0); | ||
| 573 | |||
| 574 | /* | ||
| 575 | * This function does not handle EVP_AEAD. | ||
| 576 | * See ssl_cipher_get_aead_evp instead. | ||
| 577 | */ | ||
| 578 | if (c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) | ||
| 579 | return(0); | ||
| 580 | |||
| 581 | if ((enc == NULL) || (md == NULL)) | ||
| 582 | return (0); | ||
| 583 | |||
| 584 | switch (c->algorithm_enc) { | ||
| 585 | case SSL_DES: | ||
| 586 | i = SSL_ENC_DES_IDX; | ||
| 587 | break; | ||
| 588 | case SSL_3DES: | ||
| 589 | i = SSL_ENC_3DES_IDX; | ||
| 590 | break; | ||
| 591 | case SSL_RC4: | ||
| 592 | i = SSL_ENC_RC4_IDX; | ||
| 593 | break; | ||
| 594 | case SSL_IDEA: | ||
| 595 | i = SSL_ENC_IDEA_IDX; | ||
| 596 | break; | ||
| 597 | case SSL_eNULL: | ||
| 598 | i = SSL_ENC_NULL_IDX; | ||
| 599 | break; | ||
| 600 | case SSL_AES128: | ||
| 601 | i = SSL_ENC_AES128_IDX; | ||
| 602 | break; | ||
| 603 | case SSL_AES256: | ||
| 604 | i = SSL_ENC_AES256_IDX; | ||
| 605 | break; | ||
| 606 | case SSL_CAMELLIA128: | ||
| 607 | i = SSL_ENC_CAMELLIA128_IDX; | ||
| 608 | break; | ||
| 609 | case SSL_CAMELLIA256: | ||
| 610 | i = SSL_ENC_CAMELLIA256_IDX; | ||
| 611 | break; | ||
| 612 | case SSL_eGOST2814789CNT: | ||
| 613 | i = SSL_ENC_GOST89_IDX; | ||
| 614 | break; | ||
| 615 | case SSL_AES128GCM: | ||
| 616 | i = SSL_ENC_AES128GCM_IDX; | ||
| 617 | break; | ||
| 618 | case SSL_AES256GCM: | ||
| 619 | i = SSL_ENC_AES256GCM_IDX; | ||
| 620 | break; | ||
| 621 | default: | ||
| 622 | i = -1; | ||
| 623 | break; | ||
| 624 | } | ||
| 625 | |||
| 626 | if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) | ||
| 627 | *enc = NULL; | ||
| 628 | else { | ||
| 629 | if (i == SSL_ENC_NULL_IDX) | ||
| 630 | *enc = EVP_enc_null(); | ||
| 631 | else | ||
| 632 | *enc = ssl_cipher_methods[i]; | ||
| 633 | } | ||
| 634 | |||
| 635 | switch (c->algorithm_mac) { | ||
| 636 | case SSL_MD5: | ||
| 637 | i = SSL_MD_MD5_IDX; | ||
| 638 | break; | ||
| 639 | case SSL_SHA1: | ||
| 640 | i = SSL_MD_SHA1_IDX; | ||
| 641 | break; | ||
| 642 | case SSL_SHA256: | ||
| 643 | i = SSL_MD_SHA256_IDX; | ||
| 644 | break; | ||
| 645 | case SSL_SHA384: | ||
| 646 | i = SSL_MD_SHA384_IDX; | ||
| 647 | break; | ||
| 648 | case SSL_GOST94: | ||
| 649 | i = SSL_MD_GOST94_IDX; | ||
| 650 | break; | ||
| 651 | case SSL_GOST89MAC: | ||
| 652 | i = SSL_MD_GOST89MAC_IDX; | ||
| 653 | break; | ||
| 654 | case SSL_STREEBOG256: | ||
| 655 | i = SSL_MD_STREEBOG256_IDX; | ||
| 656 | break; | ||
| 657 | case SSL_STREEBOG512: | ||
| 658 | i = SSL_MD_STREEBOG512_IDX; | ||
| 659 | break; | ||
| 660 | default: | ||
| 661 | i = -1; | ||
| 662 | break; | ||
| 663 | } | ||
| 664 | if ((i < 0) || (i >= SSL_MD_NUM_IDX)) { | ||
| 665 | *md = NULL; | ||
| 666 | |||
| 667 | if (mac_pkey_type != NULL) | ||
| 668 | *mac_pkey_type = NID_undef; | ||
| 669 | if (mac_secret_size != NULL) | ||
| 670 | *mac_secret_size = 0; | ||
| 671 | if (c->algorithm_mac == SSL_AEAD) | ||
| 672 | mac_pkey_type = NULL; | ||
| 673 | } else { | ||
| 674 | *md = ssl_digest_methods[i]; | ||
| 675 | if (mac_pkey_type != NULL) | ||
| 676 | *mac_pkey_type = ssl_mac_pkey_id[i]; | ||
| 677 | if (mac_secret_size != NULL) | ||
| 678 | *mac_secret_size = ssl_mac_secret_size[i]; | ||
| 679 | } | ||
| 680 | |||
| 681 | if ((*enc != NULL) && | ||
| 682 | (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) && | ||
| 683 | (!mac_pkey_type || *mac_pkey_type != NID_undef)) { | ||
| 684 | const EVP_CIPHER *evp; | ||
| 685 | |||
| 686 | if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR || | ||
| 687 | s->ssl_version < TLS1_VERSION) | ||
| 688 | return 1; | ||
| 689 | |||
| 690 | if (c->algorithm_enc == SSL_RC4 && | ||
| 691 | c->algorithm_mac == SSL_MD5 && | ||
| 692 | (evp = EVP_get_cipherbyname("RC4-HMAC-MD5"))) | ||
| 693 | *enc = evp, *md = NULL; | ||
| 694 | else if (c->algorithm_enc == SSL_AES128 && | ||
| 695 | c->algorithm_mac == SSL_SHA1 && | ||
| 696 | (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1"))) | ||
| 697 | *enc = evp, *md = NULL; | ||
| 698 | else if (c->algorithm_enc == SSL_AES256 && | ||
| 699 | c->algorithm_mac == SSL_SHA1 && | ||
| 700 | (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1"))) | ||
| 701 | *enc = evp, *md = NULL; | ||
| 702 | return (1); | ||
| 703 | } else | ||
| 704 | return (0); | ||
| 705 | } | ||
| 706 | |||
| 707 | /* | ||
| 708 | * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object | ||
| 709 | * for s->cipher. It returns 1 on success and 0 on error. | ||
| 710 | */ | ||
| 711 | int | ||
| 712 | ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) | ||
| 713 | { | ||
| 714 | const SSL_CIPHER *c = s->cipher; | ||
| 715 | |||
| 716 | *aead = NULL; | ||
| 717 | |||
| 718 | if (c == NULL) | ||
| 719 | return 0; | ||
| 720 | if ((c->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD) == 0) | ||
| 721 | return 0; | ||
| 722 | |||
| 723 | switch (c->algorithm_enc) { | ||
| 724 | #ifndef OPENSSL_NO_AES | ||
| 725 | case SSL_AES128GCM: | ||
| 726 | *aead = EVP_aead_aes_128_gcm(); | ||
| 727 | return 1; | ||
| 728 | case SSL_AES256GCM: | ||
| 729 | *aead = EVP_aead_aes_256_gcm(); | ||
| 730 | return 1; | ||
| 731 | #endif | ||
| 732 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | ||
| 733 | case SSL_CHACHA20POLY1305: | ||
| 734 | *aead = EVP_aead_chacha20_poly1305(); | ||
| 735 | return 1; | ||
| 736 | #endif | ||
| 737 | default: | ||
| 738 | break; | ||
| 739 | } | ||
| 740 | return 0; | ||
| 741 | } | ||
| 742 | |||
| 743 | int | ||
| 744 | ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) | ||
| 745 | { | ||
| 746 | if (idx < 0 || idx >= SSL_MD_NUM_IDX) { | ||
| 747 | return 0; | ||
| 748 | } | ||
| 749 | *mask = ssl_handshake_digest_flag[idx]; | ||
| 750 | if (*mask) | ||
| 751 | *md = ssl_digest_methods[idx]; | ||
| 752 | else | ||
| 753 | *md = NULL; | ||
| 754 | return 1; | ||
| 755 | } | ||
| 756 | |||
| 757 | #define ITEM_SEP(a) \ | ||
| 758 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | ||
| 759 | |||
| 760 | static void | ||
| 761 | ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, | ||
| 762 | CIPHER_ORDER **tail) | ||
| 763 | { | ||
| 764 | if (curr == *tail) | ||
| 765 | return; | ||
| 766 | if (curr == *head) | ||
| 767 | *head = curr->next; | ||
| 768 | if (curr->prev != NULL) | ||
| 769 | curr->prev->next = curr->next; | ||
| 770 | if (curr->next != NULL) | ||
| 771 | curr->next->prev = curr->prev; | ||
| 772 | (*tail)->next = curr; | ||
| 773 | curr->prev= *tail; | ||
| 774 | curr->next = NULL; | ||
| 775 | *tail = curr; | ||
| 776 | } | ||
| 777 | |||
| 778 | static void | ||
| 779 | ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, | ||
| 780 | CIPHER_ORDER **tail) | ||
| 781 | { | ||
| 782 | if (curr == *head) | ||
| 783 | return; | ||
| 784 | if (curr == *tail) | ||
| 785 | *tail = curr->prev; | ||
| 786 | if (curr->next != NULL) | ||
| 787 | curr->next->prev = curr->prev; | ||
| 788 | if (curr->prev != NULL) | ||
| 789 | curr->prev->next = curr->next; | ||
| 790 | (*head)->prev = curr; | ||
| 791 | curr->next= *head; | ||
| 792 | curr->prev = NULL; | ||
| 793 | *head = curr; | ||
| 794 | } | ||
| 795 | |||
| 796 | static void | ||
| 797 | ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, | ||
| 798 | unsigned long *enc, unsigned long *mac, unsigned long *ssl) | ||
| 799 | { | ||
| 800 | *mkey = 0; | ||
| 801 | *auth = 0; | ||
| 802 | *enc = 0; | ||
| 803 | *mac = 0; | ||
| 804 | *ssl = 0; | ||
| 805 | |||
| 806 | /* | ||
| 807 | * Check for the availability of GOST 34.10 public/private key | ||
| 808 | * algorithms. If they are not available disable the associated | ||
| 809 | * authentication and key exchange algorithms. | ||
| 810 | */ | ||
| 811 | if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { | ||
| 812 | *auth |= SSL_aGOST01; | ||
| 813 | *mkey |= SSL_kGOST; | ||
| 814 | } | ||
| 815 | |||
| 816 | #ifdef SSL_FORBID_ENULL | ||
| 817 | *enc |= SSL_eNULL; | ||
| 818 | #endif | ||
| 819 | |||
| 820 | *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES : 0; | ||
| 821 | *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; | ||
| 822 | *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 : 0; | ||
| 823 | *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; | ||
| 824 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; | ||
| 825 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; | ||
| 826 | *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM : 0; | ||
| 827 | *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; | ||
| 828 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; | ||
| 829 | *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256 : 0; | ||
| 830 | *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT : 0; | ||
| 831 | |||
| 832 | *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 : 0; | ||
| 833 | *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; | ||
| 834 | *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; | ||
| 835 | *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; | ||
| 836 | *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; | ||
| 837 | *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL) ? SSL_GOST89MAC : 0; | ||
| 838 | *mac |= (ssl_digest_methods[SSL_MD_STREEBOG256_IDX] == NULL) ? SSL_STREEBOG256 : 0; | ||
| 839 | *mac |= (ssl_digest_methods[SSL_MD_STREEBOG512_IDX] == NULL) ? SSL_STREEBOG512 : 0; | ||
| 840 | |||
| 841 | } | ||
| 842 | |||
| 843 | static void | ||
| 844 | ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, | ||
| 845 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
| 846 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
| 847 | unsigned long disabled_ssl, CIPHER_ORDER *co_list, | ||
| 848 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 849 | { | ||
| 850 | int i, co_list_num; | ||
| 851 | const SSL_CIPHER *c; | ||
| 852 | |||
| 853 | /* | ||
| 854 | * We have num_of_ciphers descriptions compiled in, depending on the | ||
| 855 | * method selected (SSLv3, TLSv1, etc). These will later be sorted in | ||
| 856 | * a linked list with at most num entries. | ||
| 857 | */ | ||
| 858 | |||
| 859 | /* Get the initial list of ciphers */ | ||
| 860 | co_list_num = 0; /* actual count of ciphers */ | ||
| 861 | for (i = 0; i < num_of_ciphers; i++) { | ||
| 862 | c = ssl_method->get_cipher(i); | ||
| 863 | /* drop those that use any of that is not available */ | ||
| 864 | if ((c != NULL) && c->valid && | ||
| 865 | !(c->algorithm_mkey & disabled_mkey) && | ||
| 866 | !(c->algorithm_auth & disabled_auth) && | ||
| 867 | !(c->algorithm_enc & disabled_enc) && | ||
| 868 | !(c->algorithm_mac & disabled_mac) && | ||
| 869 | !(c->algorithm_ssl & disabled_ssl)) { | ||
| 870 | co_list[co_list_num].cipher = c; | ||
| 871 | co_list[co_list_num].next = NULL; | ||
| 872 | co_list[co_list_num].prev = NULL; | ||
| 873 | co_list[co_list_num].active = 0; | ||
| 874 | co_list_num++; | ||
| 875 | /* | ||
| 876 | if (!sk_push(ca_list,(char *)c)) goto err; | ||
| 877 | */ | ||
| 878 | } | ||
| 879 | } | ||
| 880 | |||
| 881 | /* | ||
| 882 | * Prepare linked list from list entries | ||
| 883 | */ | ||
| 884 | if (co_list_num > 0) { | ||
| 885 | co_list[0].prev = NULL; | ||
| 886 | |||
| 887 | if (co_list_num > 1) { | ||
| 888 | co_list[0].next = &co_list[1]; | ||
| 889 | |||
| 890 | for (i = 1; i < co_list_num - 1; i++) { | ||
| 891 | co_list[i].prev = &co_list[i - 1]; | ||
| 892 | co_list[i].next = &co_list[i + 1]; | ||
| 893 | } | ||
| 894 | |||
| 895 | co_list[co_list_num - 1].prev = | ||
| 896 | &co_list[co_list_num - 2]; | ||
| 897 | } | ||
| 898 | |||
| 899 | co_list[co_list_num - 1].next = NULL; | ||
| 900 | |||
| 901 | *head_p = &co_list[0]; | ||
| 902 | *tail_p = &co_list[co_list_num - 1]; | ||
| 903 | } | ||
| 904 | } | ||
| 905 | |||
| 906 | static void | ||
| 907 | ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, | ||
| 908 | unsigned long disabled_mkey, unsigned long disabled_auth, | ||
| 909 | unsigned long disabled_enc, unsigned long disabled_mac, | ||
| 910 | unsigned long disabled_ssl, CIPHER_ORDER *head) | ||
| 911 | { | ||
| 912 | CIPHER_ORDER *ciph_curr; | ||
| 913 | const SSL_CIPHER **ca_curr; | ||
| 914 | int i; | ||
| 915 | unsigned long mask_mkey = ~disabled_mkey; | ||
| 916 | unsigned long mask_auth = ~disabled_auth; | ||
| 917 | unsigned long mask_enc = ~disabled_enc; | ||
| 918 | unsigned long mask_mac = ~disabled_mac; | ||
| 919 | unsigned long mask_ssl = ~disabled_ssl; | ||
| 920 | |||
| 921 | /* | ||
| 922 | * First, add the real ciphers as already collected | ||
| 923 | */ | ||
| 924 | ciph_curr = head; | ||
| 925 | ca_curr = ca_list; | ||
| 926 | while (ciph_curr != NULL) { | ||
| 927 | *ca_curr = ciph_curr->cipher; | ||
| 928 | ca_curr++; | ||
| 929 | ciph_curr = ciph_curr->next; | ||
| 930 | } | ||
| 931 | |||
| 932 | /* | ||
| 933 | * Now we add the available ones from the cipher_aliases[] table. | ||
| 934 | * They represent either one or more algorithms, some of which | ||
| 935 | * in any affected category must be supported (set in enabled_mask), | ||
| 936 | * or represent a cipher strength value (will be added in any case because algorithms=0). | ||
| 937 | */ | ||
| 938 | for (i = 0; i < num_of_group_aliases; i++) { | ||
| 939 | unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; | ||
| 940 | unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; | ||
| 941 | unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; | ||
| 942 | unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; | ||
| 943 | unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; | ||
| 944 | |||
| 945 | if (algorithm_mkey) | ||
| 946 | if ((algorithm_mkey & mask_mkey) == 0) | ||
| 947 | continue; | ||
| 948 | |||
| 949 | if (algorithm_auth) | ||
| 950 | if ((algorithm_auth & mask_auth) == 0) | ||
| 951 | continue; | ||
| 952 | |||
| 953 | if (algorithm_enc) | ||
| 954 | if ((algorithm_enc & mask_enc) == 0) | ||
| 955 | continue; | ||
| 956 | |||
| 957 | if (algorithm_mac) | ||
| 958 | if ((algorithm_mac & mask_mac) == 0) | ||
| 959 | continue; | ||
| 960 | |||
| 961 | if (algorithm_ssl) | ||
| 962 | if ((algorithm_ssl & mask_ssl) == 0) | ||
| 963 | continue; | ||
| 964 | |||
| 965 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | ||
| 966 | ca_curr++; | ||
| 967 | } | ||
| 968 | |||
| 969 | *ca_curr = NULL; /* end of list */ | ||
| 970 | } | ||
| 971 | |||
| 972 | static void | ||
| 973 | ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey, | ||
| 974 | unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac, | ||
| 975 | unsigned long alg_ssl, unsigned long algo_strength, | ||
| 976 | int rule, int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 977 | { | ||
| 978 | CIPHER_ORDER *head, *tail, *curr, *next, *last; | ||
| 979 | const SSL_CIPHER *cp; | ||
| 980 | int reverse = 0; | ||
| 981 | |||
| 982 | |||
| 983 | if (rule == CIPHER_DEL) | ||
| 984 | reverse = 1; /* needed to maintain sorting between currently deleted ciphers */ | ||
| 985 | |||
| 986 | head = *head_p; | ||
| 987 | tail = *tail_p; | ||
| 988 | |||
| 989 | if (reverse) { | ||
| 990 | next = tail; | ||
| 991 | last = head; | ||
| 992 | } else { | ||
| 993 | next = head; | ||
| 994 | last = tail; | ||
| 995 | } | ||
| 996 | |||
| 997 | curr = NULL; | ||
| 998 | for (;;) { | ||
| 999 | if (curr == last) | ||
| 1000 | break; | ||
| 1001 | curr = next; | ||
| 1002 | next = reverse ? curr->prev : curr->next; | ||
| 1003 | |||
| 1004 | cp = curr->cipher; | ||
| 1005 | |||
| 1006 | /* | ||
| 1007 | * Selection criteria is either the value of strength_bits | ||
| 1008 | * or the algorithms used. | ||
| 1009 | */ | ||
| 1010 | if (strength_bits >= 0) { | ||
| 1011 | if (strength_bits != cp->strength_bits) | ||
| 1012 | continue; | ||
| 1013 | } else { | ||
| 1014 | |||
| 1015 | if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) | ||
| 1016 | continue; | ||
| 1017 | if (alg_auth && !(alg_auth & cp->algorithm_auth)) | ||
| 1018 | continue; | ||
| 1019 | if (alg_enc && !(alg_enc & cp->algorithm_enc)) | ||
| 1020 | continue; | ||
| 1021 | if (alg_mac && !(alg_mac & cp->algorithm_mac)) | ||
| 1022 | continue; | ||
| 1023 | if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) | ||
| 1024 | continue; | ||
| 1025 | if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) | ||
| 1026 | continue; | ||
| 1027 | } | ||
| 1028 | |||
| 1029 | |||
| 1030 | /* add the cipher if it has not been added yet. */ | ||
| 1031 | if (rule == CIPHER_ADD) { | ||
| 1032 | /* reverse == 0 */ | ||
| 1033 | if (!curr->active) { | ||
| 1034 | ll_append_tail(&head, curr, &tail); | ||
| 1035 | curr->active = 1; | ||
| 1036 | } | ||
| 1037 | } | ||
| 1038 | /* Move the added cipher to this location */ | ||
| 1039 | else if (rule == CIPHER_ORD) { | ||
| 1040 | /* reverse == 0 */ | ||
| 1041 | if (curr->active) { | ||
| 1042 | ll_append_tail(&head, curr, &tail); | ||
| 1043 | } | ||
| 1044 | } else if (rule == CIPHER_DEL) { | ||
| 1045 | /* reverse == 1 */ | ||
| 1046 | if (curr->active) { | ||
| 1047 | /* most recently deleted ciphersuites get best positions | ||
| 1048 | * for any future CIPHER_ADD (note that the CIPHER_DEL loop | ||
| 1049 | * works in reverse to maintain the order) */ | ||
| 1050 | ll_append_head(&head, curr, &tail); | ||
| 1051 | curr->active = 0; | ||
| 1052 | } | ||
| 1053 | } else if (rule == CIPHER_KILL) { | ||
| 1054 | /* reverse == 0 */ | ||
| 1055 | if (head == curr) | ||
| 1056 | head = curr->next; | ||
| 1057 | else | ||
| 1058 | curr->prev->next = curr->next; | ||
| 1059 | if (tail == curr) | ||
| 1060 | tail = curr->prev; | ||
| 1061 | curr->active = 0; | ||
| 1062 | if (curr->next != NULL) | ||
| 1063 | curr->next->prev = curr->prev; | ||
| 1064 | if (curr->prev != NULL) | ||
| 1065 | curr->prev->next = curr->next; | ||
| 1066 | curr->next = NULL; | ||
| 1067 | curr->prev = NULL; | ||
| 1068 | } | ||
| 1069 | } | ||
| 1070 | |||
| 1071 | *head_p = head; | ||
| 1072 | *tail_p = tail; | ||
| 1073 | } | ||
| 1074 | |||
| 1075 | static int | ||
| 1076 | ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 1077 | { | ||
| 1078 | int max_strength_bits, i, *number_uses; | ||
| 1079 | CIPHER_ORDER *curr; | ||
| 1080 | |||
| 1081 | /* | ||
| 1082 | * This routine sorts the ciphers with descending strength. The sorting | ||
| 1083 | * must keep the pre-sorted sequence, so we apply the normal sorting | ||
| 1084 | * routine as '+' movement to the end of the list. | ||
| 1085 | */ | ||
| 1086 | max_strength_bits = 0; | ||
| 1087 | curr = *head_p; | ||
| 1088 | while (curr != NULL) { | ||
| 1089 | if (curr->active && | ||
| 1090 | (curr->cipher->strength_bits > max_strength_bits)) | ||
| 1091 | max_strength_bits = curr->cipher->strength_bits; | ||
| 1092 | curr = curr->next; | ||
| 1093 | } | ||
| 1094 | |||
| 1095 | number_uses = calloc((max_strength_bits + 1), sizeof(int)); | ||
| 1096 | if (!number_uses) { | ||
| 1097 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); | ||
| 1098 | return (0); | ||
| 1099 | } | ||
| 1100 | |||
| 1101 | /* | ||
| 1102 | * Now find the strength_bits values actually used | ||
| 1103 | */ | ||
| 1104 | curr = *head_p; | ||
| 1105 | while (curr != NULL) { | ||
| 1106 | if (curr->active) | ||
| 1107 | number_uses[curr->cipher->strength_bits]++; | ||
| 1108 | curr = curr->next; | ||
| 1109 | } | ||
| 1110 | /* | ||
| 1111 | * Go through the list of used strength_bits values in descending | ||
| 1112 | * order. | ||
| 1113 | */ | ||
| 1114 | for (i = max_strength_bits; i >= 0; i--) | ||
| 1115 | if (number_uses[i] > 0) | ||
| 1116 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p); | ||
| 1117 | |||
| 1118 | free(number_uses); | ||
| 1119 | return (1); | ||
| 1120 | } | ||
| 1121 | |||
| 1122 | static int | ||
| 1123 | ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, | ||
| 1124 | CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list) | ||
| 1125 | { | ||
| 1126 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; | ||
| 1127 | unsigned long algo_strength; | ||
| 1128 | int j, multi, found, rule, retval, ok, buflen; | ||
| 1129 | unsigned long cipher_id = 0; | ||
| 1130 | const char *l, *buf; | ||
| 1131 | char ch; | ||
| 1132 | |||
| 1133 | retval = 1; | ||
| 1134 | l = rule_str; | ||
| 1135 | for (;;) { | ||
| 1136 | ch = *l; | ||
| 1137 | |||
| 1138 | if (ch == '\0') | ||
| 1139 | break; | ||
| 1140 | |||
| 1141 | if (ch == '-') { | ||
| 1142 | rule = CIPHER_DEL; | ||
| 1143 | l++; | ||
| 1144 | } else if (ch == '+') { | ||
| 1145 | rule = CIPHER_ORD; | ||
| 1146 | l++; | ||
| 1147 | } else if (ch == '!') { | ||
| 1148 | rule = CIPHER_KILL; | ||
| 1149 | l++; | ||
| 1150 | } else if (ch == '@') { | ||
| 1151 | rule = CIPHER_SPECIAL; | ||
| 1152 | l++; | ||
| 1153 | } else { | ||
| 1154 | rule = CIPHER_ADD; | ||
| 1155 | } | ||
| 1156 | |||
| 1157 | if (ITEM_SEP(ch)) { | ||
| 1158 | l++; | ||
| 1159 | continue; | ||
| 1160 | } | ||
| 1161 | |||
| 1162 | alg_mkey = 0; | ||
| 1163 | alg_auth = 0; | ||
| 1164 | alg_enc = 0; | ||
| 1165 | alg_mac = 0; | ||
| 1166 | alg_ssl = 0; | ||
| 1167 | algo_strength = 0; | ||
| 1168 | |||
| 1169 | for (;;) { | ||
| 1170 | ch = *l; | ||
| 1171 | buf = l; | ||
| 1172 | buflen = 0; | ||
| 1173 | while (((ch >= 'A') && (ch <= 'Z')) || | ||
| 1174 | ((ch >= '0') && (ch <= '9')) || | ||
| 1175 | ((ch >= 'a') && (ch <= 'z')) || | ||
| 1176 | (ch == '-') || (ch == '.')) { | ||
| 1177 | ch = *(++l); | ||
| 1178 | buflen++; | ||
| 1179 | } | ||
| 1180 | |||
| 1181 | if (buflen == 0) { | ||
| 1182 | /* | ||
| 1183 | * We hit something we cannot deal with, | ||
| 1184 | * it is no command or separator nor | ||
| 1185 | * alphanumeric, so we call this an error. | ||
| 1186 | */ | ||
| 1187 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | ||
| 1188 | SSL_R_INVALID_COMMAND); | ||
| 1189 | retval = found = 0; | ||
| 1190 | l++; | ||
| 1191 | break; | ||
| 1192 | } | ||
| 1193 | |||
| 1194 | if (rule == CIPHER_SPECIAL) { | ||
| 1195 | /* unused -- avoid compiler warning */ | ||
| 1196 | found = 0; | ||
| 1197 | /* special treatment */ | ||
| 1198 | break; | ||
| 1199 | } | ||
| 1200 | |||
| 1201 | /* check for multi-part specification */ | ||
| 1202 | if (ch == '+') { | ||
| 1203 | multi = 1; | ||
| 1204 | l++; | ||
| 1205 | } else | ||
| 1206 | multi = 0; | ||
| 1207 | |||
| 1208 | /* | ||
| 1209 | * Now search for the cipher alias in the ca_list. | ||
| 1210 | * Be careful with the strncmp, because the "buflen" | ||
| 1211 | * limitation will make the rule "ADH:SOME" and the | ||
| 1212 | * cipher "ADH-MY-CIPHER" look like a match for | ||
| 1213 | * buflen=3. So additionally check whether the cipher | ||
| 1214 | * name found has the correct length. We can save a | ||
| 1215 | * strlen() call: just checking for the '\0' at the | ||
| 1216 | * right place is sufficient, we have to strncmp() | ||
| 1217 | * anyway (we cannot use strcmp(), because buf is not | ||
| 1218 | * '\0' terminated.) | ||
| 1219 | */ | ||
| 1220 | j = found = 0; | ||
| 1221 | cipher_id = 0; | ||
| 1222 | while (ca_list[j]) { | ||
| 1223 | if (!strncmp(buf, ca_list[j]->name, buflen) && | ||
| 1224 | (ca_list[j]->name[buflen] == '\0')) { | ||
| 1225 | found = 1; | ||
| 1226 | break; | ||
| 1227 | } else | ||
| 1228 | j++; | ||
| 1229 | } | ||
| 1230 | |||
| 1231 | if (!found) | ||
| 1232 | break; /* ignore this entry */ | ||
| 1233 | |||
| 1234 | if (ca_list[j]->algorithm_mkey) { | ||
| 1235 | if (alg_mkey) { | ||
| 1236 | alg_mkey &= ca_list[j]->algorithm_mkey; | ||
| 1237 | if (!alg_mkey) { | ||
| 1238 | found = 0; | ||
| 1239 | break; | ||
| 1240 | } | ||
| 1241 | } else | ||
| 1242 | alg_mkey = ca_list[j]->algorithm_mkey; | ||
| 1243 | } | ||
| 1244 | |||
| 1245 | if (ca_list[j]->algorithm_auth) { | ||
| 1246 | if (alg_auth) { | ||
| 1247 | alg_auth &= ca_list[j]->algorithm_auth; | ||
| 1248 | if (!alg_auth) { | ||
| 1249 | found = 0; | ||
| 1250 | break; | ||
| 1251 | } | ||
| 1252 | } else | ||
| 1253 | alg_auth = ca_list[j]->algorithm_auth; | ||
| 1254 | } | ||
| 1255 | |||
| 1256 | if (ca_list[j]->algorithm_enc) { | ||
| 1257 | if (alg_enc) { | ||
| 1258 | alg_enc &= ca_list[j]->algorithm_enc; | ||
| 1259 | if (!alg_enc) { | ||
| 1260 | found = 0; | ||
| 1261 | break; | ||
| 1262 | } | ||
| 1263 | } else | ||
| 1264 | alg_enc = ca_list[j]->algorithm_enc; | ||
| 1265 | } | ||
| 1266 | |||
| 1267 | if (ca_list[j]->algorithm_mac) { | ||
| 1268 | if (alg_mac) { | ||
| 1269 | alg_mac &= ca_list[j]->algorithm_mac; | ||
| 1270 | if (!alg_mac) { | ||
| 1271 | found = 0; | ||
| 1272 | break; | ||
| 1273 | } | ||
| 1274 | } else | ||
| 1275 | alg_mac = ca_list[j]->algorithm_mac; | ||
| 1276 | } | ||
| 1277 | |||
| 1278 | if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { | ||
| 1279 | if (algo_strength & SSL_STRONG_MASK) { | ||
| 1280 | algo_strength &= | ||
| 1281 | (ca_list[j]->algo_strength & | ||
| 1282 | SSL_STRONG_MASK) | ~SSL_STRONG_MASK; | ||
| 1283 | if (!(algo_strength & | ||
| 1284 | SSL_STRONG_MASK)) { | ||
| 1285 | found = 0; | ||
| 1286 | break; | ||
| 1287 | } | ||
| 1288 | } else | ||
| 1289 | algo_strength |= | ||
| 1290 | ca_list[j]->algo_strength & | ||
| 1291 | SSL_STRONG_MASK; | ||
| 1292 | } | ||
| 1293 | |||
| 1294 | if (ca_list[j]->valid) { | ||
| 1295 | /* | ||
| 1296 | * explicit ciphersuite found; its protocol | ||
| 1297 | * version does not become part of the search | ||
| 1298 | * pattern! | ||
| 1299 | */ | ||
| 1300 | cipher_id = ca_list[j]->id; | ||
| 1301 | } else { | ||
| 1302 | /* | ||
| 1303 | * not an explicit ciphersuite; only in this | ||
| 1304 | * case, the protocol version is considered | ||
| 1305 | * part of the search pattern | ||
| 1306 | */ | ||
| 1307 | if (ca_list[j]->algorithm_ssl) { | ||
| 1308 | if (alg_ssl) { | ||
| 1309 | alg_ssl &= | ||
| 1310 | ca_list[j]->algorithm_ssl; | ||
| 1311 | if (!alg_ssl) { | ||
| 1312 | found = 0; | ||
| 1313 | break; | ||
| 1314 | } | ||
| 1315 | } else | ||
| 1316 | alg_ssl = | ||
| 1317 | ca_list[j]->algorithm_ssl; | ||
| 1318 | } | ||
| 1319 | } | ||
| 1320 | |||
| 1321 | if (!multi) | ||
| 1322 | break; | ||
| 1323 | } | ||
| 1324 | |||
| 1325 | /* | ||
| 1326 | * Ok, we have the rule, now apply it | ||
| 1327 | */ | ||
| 1328 | if (rule == CIPHER_SPECIAL) { | ||
| 1329 | /* special command */ | ||
| 1330 | ok = 0; | ||
| 1331 | if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) | ||
| 1332 | ok = ssl_cipher_strength_sort(head_p, tail_p); | ||
| 1333 | else | ||
| 1334 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | ||
| 1335 | SSL_R_INVALID_COMMAND); | ||
| 1336 | if (ok == 0) | ||
| 1337 | retval = 0; | ||
| 1338 | /* | ||
| 1339 | * We do not support any "multi" options | ||
| 1340 | * together with "@", so throw away the | ||
| 1341 | * rest of the command, if any left, until | ||
| 1342 | * end or ':' is found. | ||
| 1343 | */ | ||
| 1344 | while ((*l != '\0') && !ITEM_SEP(*l)) | ||
| 1345 | l++; | ||
| 1346 | } else if (found) { | ||
| 1347 | ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth, | ||
| 1348 | alg_enc, alg_mac, alg_ssl, algo_strength, rule, | ||
| 1349 | -1, head_p, tail_p); | ||
| 1350 | } else { | ||
| 1351 | while ((*l != '\0') && !ITEM_SEP(*l)) | ||
| 1352 | l++; | ||
| 1353 | } | ||
| 1354 | if (*l == '\0') | ||
| 1355 | break; /* done */ | ||
| 1356 | } | ||
| 1357 | |||
| 1358 | return (retval); | ||
| 1359 | } | ||
| 1360 | |||
| 1361 | STACK_OF(SSL_CIPHER) * | ||
| 1362 | ssl_create_cipher_list(const SSL_METHOD *ssl_method, | ||
| 1363 | STACK_OF(SSL_CIPHER) **cipher_list, | ||
| 1364 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | ||
| 1365 | const char *rule_str) | ||
| 1366 | { | ||
| 1367 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | ||
| 1368 | unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; | ||
| 1369 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | ||
| 1370 | const char *rule_p; | ||
| 1371 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; | ||
| 1372 | const SSL_CIPHER **ca_list = NULL; | ||
| 1373 | |||
| 1374 | /* | ||
| 1375 | * Return with error if nothing to do. | ||
| 1376 | */ | ||
| 1377 | if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL) | ||
| 1378 | return NULL; | ||
| 1379 | |||
| 1380 | /* | ||
| 1381 | * To reduce the work to do we only want to process the compiled | ||
| 1382 | * in algorithms, so we first get the mask of disabled ciphers. | ||
| 1383 | */ | ||
| 1384 | ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl); | ||
| 1385 | |||
| 1386 | /* | ||
| 1387 | * Now we have to collect the available ciphers from the compiled | ||
| 1388 | * in ciphers. We cannot get more than the number compiled in, so | ||
| 1389 | * it is used for allocation. | ||
| 1390 | */ | ||
| 1391 | num_of_ciphers = ssl_method->num_ciphers(); | ||
| 1392 | co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER)); | ||
| 1393 | if (co_list == NULL) { | ||
| 1394 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); | ||
| 1395 | return(NULL); /* Failure */ | ||
| 1396 | } | ||
| 1397 | |||
| 1398 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, | ||
| 1399 | disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl, | ||
| 1400 | co_list, &head, &tail); | ||
| 1401 | |||
| 1402 | |||
| 1403 | /* Now arrange all ciphers by preference: */ | ||
| 1404 | |||
| 1405 | /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ | ||
| 1406 | ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
| 1407 | ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | ||
| 1408 | |||
| 1409 | /* | ||
| 1410 | * CHACHA20 is fast and safe on all hardware and is thus our preferred | ||
| 1411 | * symmetric cipher, with AES second. | ||
| 1412 | */ | ||
| 1413 | ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
| 1414 | ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
| 1415 | |||
| 1416 | /* Temporarily enable everything else for sorting */ | ||
| 1417 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); | ||
| 1418 | |||
| 1419 | /* Low priority for MD5 */ | ||
| 1420 | ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
| 1421 | |||
| 1422 | /* Move anonymous ciphers to the end. Usually, these will remain disabled. | ||
| 1423 | * (For applications that allow them, they aren't too bad, but we prefer | ||
| 1424 | * authenticated ciphers.) */ | ||
| 1425 | ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
| 1426 | |||
| 1427 | /* Move ciphers without forward secrecy to the end */ | ||
| 1428 | ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
| 1429 | ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
| 1430 | |||
| 1431 | /* RC4 is sort-of broken -- move the the end */ | ||
| 1432 | ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); | ||
| 1433 | |||
| 1434 | /* Now sort by symmetric encryption strength. The above ordering remains | ||
| 1435 | * in force within each class */ | ||
| 1436 | if (!ssl_cipher_strength_sort(&head, &tail)) { | ||
| 1437 | free(co_list); | ||
| 1438 | return NULL; | ||
| 1439 | } | ||
| 1440 | |||
| 1441 | /* Now disable everything (maintaining the ordering!) */ | ||
| 1442 | ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | ||
| 1443 | |||
| 1444 | |||
| 1445 | /* | ||
| 1446 | * We also need cipher aliases for selecting based on the rule_str. | ||
| 1447 | * There might be two types of entries in the rule_str: 1) names | ||
| 1448 | * of ciphers themselves 2) aliases for groups of ciphers. | ||
| 1449 | * For 1) we need the available ciphers and for 2) the cipher | ||
| 1450 | * groups of cipher_aliases added together in one list (otherwise | ||
| 1451 | * we would be happy with just the cipher_aliases table). | ||
| 1452 | */ | ||
| 1453 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | ||
| 1454 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | ||
| 1455 | ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *)); | ||
| 1456 | if (ca_list == NULL) { | ||
| 1457 | free(co_list); | ||
| 1458 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); | ||
| 1459 | return(NULL); /* Failure */ | ||
| 1460 | } | ||
| 1461 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, | ||
| 1462 | disabled_mkey, disabled_auth, disabled_enc, | ||
| 1463 | disabled_mac, disabled_ssl, head); | ||
| 1464 | |||
| 1465 | /* | ||
| 1466 | * If the rule_string begins with DEFAULT, apply the default rule | ||
| 1467 | * before using the (possibly available) additional rules. | ||
| 1468 | */ | ||
| 1469 | ok = 1; | ||
| 1470 | rule_p = rule_str; | ||
| 1471 | if (strncmp(rule_str, "DEFAULT", 7) == 0) { | ||
| 1472 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | ||
| 1473 | &head, &tail, ca_list); | ||
| 1474 | rule_p += 7; | ||
| 1475 | if (*rule_p == ':') | ||
| 1476 | rule_p++; | ||
| 1477 | } | ||
| 1478 | |||
| 1479 | if (ok && (strlen(rule_p) > 0)) | ||
| 1480 | ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list); | ||
| 1481 | |||
| 1482 | free((void *)ca_list); /* Not needed anymore */ | ||
| 1483 | |||
| 1484 | if (!ok) { | ||
| 1485 | /* Rule processing failure */ | ||
| 1486 | free(co_list); | ||
| 1487 | return (NULL); | ||
| 1488 | } | ||
| 1489 | |||
| 1490 | /* | ||
| 1491 | * Allocate new "cipherstack" for the result, return with error | ||
| 1492 | * if we cannot get one. | ||
| 1493 | */ | ||
| 1494 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) { | ||
| 1495 | free(co_list); | ||
| 1496 | return (NULL); | ||
| 1497 | } | ||
| 1498 | |||
| 1499 | /* | ||
| 1500 | * The cipher selection for the list is done. The ciphers are added | ||
| 1501 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | ||
| 1502 | */ | ||
| 1503 | for (curr = head; curr != NULL; curr = curr->next) { | ||
| 1504 | if (curr->active) { | ||
| 1505 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); | ||
| 1506 | } | ||
| 1507 | } | ||
| 1508 | free(co_list); /* Not needed any longer */ | ||
| 1509 | |||
| 1510 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | ||
| 1511 | if (tmp_cipher_list == NULL) { | ||
| 1512 | sk_SSL_CIPHER_free(cipherstack); | ||
| 1513 | return NULL; | ||
| 1514 | } | ||
| 1515 | if (*cipher_list != NULL) | ||
| 1516 | sk_SSL_CIPHER_free(*cipher_list); | ||
| 1517 | *cipher_list = cipherstack; | ||
| 1518 | if (*cipher_list_by_id != NULL) | ||
| 1519 | sk_SSL_CIPHER_free(*cipher_list_by_id); | ||
| 1520 | *cipher_list_by_id = tmp_cipher_list; | ||
| 1521 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, | ||
| 1522 | ssl_cipher_ptr_id_cmp); | ||
| 1523 | |||
| 1524 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | ||
| 1525 | return (cipherstack); | ||
| 1526 | } | ||
| 1527 | |||
| 1528 | const SSL_CIPHER * | ||
| 1529 | SSL_CIPHER_get_by_id(unsigned int id) | ||
| 1530 | { | ||
| 1531 | return ssl3_get_cipher_by_id(id); | ||
| 1532 | } | ||
| 1533 | |||
| 1534 | const SSL_CIPHER * | ||
| 1535 | SSL_CIPHER_get_by_value(uint16_t value) | ||
| 1536 | { | ||
| 1537 | return ssl3_get_cipher_by_value(value); | ||
| 1538 | } | ||
| 1539 | |||
| 1540 | char * | ||
| 1541 | SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) | ||
| 1542 | { | ||
| 1543 | unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2; | ||
| 1544 | const char *ver, *kx, *au, *enc, *mac; | ||
| 1545 | char *ret; | ||
| 1546 | int l; | ||
| 1547 | |||
| 1548 | alg_mkey = cipher->algorithm_mkey; | ||
| 1549 | alg_auth = cipher->algorithm_auth; | ||
| 1550 | alg_enc = cipher->algorithm_enc; | ||
| 1551 | alg_mac = cipher->algorithm_mac; | ||
| 1552 | alg_ssl = cipher->algorithm_ssl; | ||
| 1553 | |||
| 1554 | alg2 = cipher->algorithm2; | ||
| 1555 | |||
| 1556 | if (alg_ssl & SSL_SSLV3) | ||
| 1557 | ver = "SSLv3"; | ||
| 1558 | else if (alg_ssl & SSL_TLSV1_2) | ||
| 1559 | ver = "TLSv1.2"; | ||
| 1560 | else | ||
| 1561 | ver = "unknown"; | ||
| 1562 | |||
| 1563 | switch (alg_mkey) { | ||
| 1564 | case SSL_kRSA: | ||
| 1565 | kx = "RSA"; | ||
| 1566 | break; | ||
| 1567 | case SSL_kDHE: | ||
| 1568 | kx = "DH"; | ||
| 1569 | break; | ||
| 1570 | case SSL_kECDHr: | ||
| 1571 | kx = "ECDH/RSA"; | ||
| 1572 | break; | ||
| 1573 | case SSL_kECDHe: | ||
| 1574 | kx = "ECDH/ECDSA"; | ||
| 1575 | break; | ||
| 1576 | case SSL_kECDHE: | ||
| 1577 | kx = "ECDH"; | ||
| 1578 | break; | ||
| 1579 | case SSL_kGOST: | ||
| 1580 | kx = "GOST"; | ||
| 1581 | break; | ||
| 1582 | default: | ||
| 1583 | kx = "unknown"; | ||
| 1584 | } | ||
| 1585 | |||
| 1586 | switch (alg_auth) { | ||
| 1587 | case SSL_aRSA: | ||
| 1588 | au = "RSA"; | ||
| 1589 | break; | ||
| 1590 | case SSL_aDSS: | ||
| 1591 | au = "DSS"; | ||
| 1592 | break; | ||
| 1593 | case SSL_aECDH: | ||
| 1594 | au = "ECDH"; | ||
| 1595 | break; | ||
| 1596 | case SSL_aNULL: | ||
| 1597 | au = "None"; | ||
| 1598 | break; | ||
| 1599 | case SSL_aECDSA: | ||
| 1600 | au = "ECDSA"; | ||
| 1601 | break; | ||
| 1602 | case SSL_aGOST01: | ||
| 1603 | au = "GOST01"; | ||
| 1604 | break; | ||
| 1605 | default: | ||
| 1606 | au = "unknown"; | ||
| 1607 | break; | ||
| 1608 | } | ||
| 1609 | |||
| 1610 | switch (alg_enc) { | ||
| 1611 | case SSL_DES: | ||
| 1612 | enc = "DES(56)"; | ||
| 1613 | break; | ||
| 1614 | case SSL_3DES: | ||
| 1615 | enc = "3DES(168)"; | ||
| 1616 | break; | ||
| 1617 | case SSL_RC4: | ||
| 1618 | enc = alg2 & SSL2_CF_8_BYTE_ENC ? "RC4(64)" : "RC4(128)"; | ||
| 1619 | break; | ||
| 1620 | case SSL_IDEA: | ||
| 1621 | enc = "IDEA(128)"; | ||
| 1622 | break; | ||
| 1623 | case SSL_eNULL: | ||
| 1624 | enc = "None"; | ||
| 1625 | break; | ||
| 1626 | case SSL_AES128: | ||
| 1627 | enc = "AES(128)"; | ||
| 1628 | break; | ||
| 1629 | case SSL_AES256: | ||
| 1630 | enc = "AES(256)"; | ||
| 1631 | break; | ||
| 1632 | case SSL_AES128GCM: | ||
| 1633 | enc = "AESGCM(128)"; | ||
| 1634 | break; | ||
| 1635 | case SSL_AES256GCM: | ||
| 1636 | enc = "AESGCM(256)"; | ||
| 1637 | break; | ||
| 1638 | case SSL_CAMELLIA128: | ||
| 1639 | enc = "Camellia(128)"; | ||
| 1640 | break; | ||
| 1641 | case SSL_CAMELLIA256: | ||
| 1642 | enc = "Camellia(256)"; | ||
| 1643 | break; | ||
| 1644 | case SSL_CHACHA20POLY1305: | ||
| 1645 | enc = "ChaCha20-Poly1305"; | ||
| 1646 | break; | ||
| 1647 | case SSL_eGOST2814789CNT: | ||
| 1648 | enc = "GOST-28178-89-CNT"; | ||
| 1649 | break; | ||
| 1650 | default: | ||
| 1651 | enc = "unknown"; | ||
| 1652 | break; | ||
| 1653 | } | ||
| 1654 | |||
| 1655 | switch (alg_mac) { | ||
| 1656 | case SSL_MD5: | ||
| 1657 | mac = "MD5"; | ||
| 1658 | break; | ||
| 1659 | case SSL_SHA1: | ||
| 1660 | mac = "SHA1"; | ||
| 1661 | break; | ||
| 1662 | case SSL_SHA256: | ||
| 1663 | mac = "SHA256"; | ||
| 1664 | break; | ||
| 1665 | case SSL_SHA384: | ||
| 1666 | mac = "SHA384"; | ||
| 1667 | break; | ||
| 1668 | case SSL_AEAD: | ||
| 1669 | mac = "AEAD"; | ||
| 1670 | break; | ||
| 1671 | case SSL_GOST94: | ||
| 1672 | mac = "GOST94"; | ||
| 1673 | break; | ||
| 1674 | case SSL_GOST89MAC: | ||
| 1675 | mac = "GOST89IMIT"; | ||
| 1676 | break; | ||
| 1677 | case SSL_STREEBOG256: | ||
| 1678 | mac = "STREEBOG256"; | ||
| 1679 | break; | ||
| 1680 | case SSL_STREEBOG512: | ||
| 1681 | mac = "STREEBOG512"; | ||
| 1682 | break; | ||
| 1683 | default: | ||
| 1684 | mac = "unknown"; | ||
| 1685 | break; | ||
| 1686 | } | ||
| 1687 | |||
| 1688 | if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n", | ||
| 1689 | cipher->name, ver, kx, au, enc, mac) == -1) | ||
| 1690 | return "OPENSSL_malloc Error"; | ||
| 1691 | |||
| 1692 | if (buf != NULL) { | ||
| 1693 | l = strlcpy(buf, ret, len); | ||
| 1694 | free(ret); | ||
| 1695 | ret = buf; | ||
| 1696 | if (l >= len) | ||
| 1697 | ret = "Buffer too small"; | ||
| 1698 | } | ||
| 1699 | |||
| 1700 | return (ret); | ||
| 1701 | } | ||
| 1702 | |||
| 1703 | char * | ||
| 1704 | SSL_CIPHER_get_version(const SSL_CIPHER *c) | ||
| 1705 | { | ||
| 1706 | if (c == NULL) | ||
| 1707 | return("(NONE)"); | ||
| 1708 | if ((c->id >> 24) == 3) | ||
| 1709 | return("TLSv1/SSLv3"); | ||
| 1710 | else | ||
| 1711 | return("unknown"); | ||
| 1712 | } | ||
| 1713 | |||
| 1714 | /* return the actual cipher being used */ | ||
| 1715 | const char * | ||
| 1716 | SSL_CIPHER_get_name(const SSL_CIPHER *c) | ||
| 1717 | { | ||
| 1718 | if (c != NULL) | ||
| 1719 | return (c->name); | ||
| 1720 | return("(NONE)"); | ||
| 1721 | } | ||
| 1722 | |||
| 1723 | /* number of bits for symmetric cipher */ | ||
| 1724 | int | ||
| 1725 | SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) | ||
| 1726 | { | ||
| 1727 | int ret = 0; | ||
| 1728 | |||
| 1729 | if (c != NULL) { | ||
| 1730 | if (alg_bits != NULL) | ||
| 1731 | *alg_bits = c->alg_bits; | ||
| 1732 | ret = c->strength_bits; | ||
| 1733 | } | ||
| 1734 | return (ret); | ||
| 1735 | } | ||
| 1736 | |||
| 1737 | unsigned long | ||
| 1738 | SSL_CIPHER_get_id(const SSL_CIPHER *c) | ||
| 1739 | { | ||
| 1740 | return c->id; | ||
| 1741 | } | ||
| 1742 | |||
| 1743 | uint16_t | ||
| 1744 | SSL_CIPHER_get_value(const SSL_CIPHER *c) | ||
| 1745 | { | ||
| 1746 | return ssl3_cipher_get_value(c); | ||
| 1747 | } | ||
| 1748 | |||
| 1749 | void * | ||
| 1750 | SSL_COMP_get_compression_methods(void) | ||
| 1751 | { | ||
| 1752 | return NULL; | ||
| 1753 | } | ||
| 1754 | |||
| 1755 | int | ||
| 1756 | SSL_COMP_add_compression_method(int id, void *cm) | ||
| 1757 | { | ||
| 1758 | return 1; | ||
| 1759 | } | ||
| 1760 | |||
| 1761 | const char * | ||
| 1762 | SSL_COMP_get_name(const void *comp) | ||
| 1763 | { | ||
| 1764 | return NULL; | ||
| 1765 | } | ||
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c deleted file mode 100644 index 04742b60ca..0000000000 --- a/src/lib/libssl/ssl_err.c +++ /dev/null | |||
| @@ -1,615 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_err.c,v 1.29 2015/02/22 15:54:27 jsing Exp $ */ | ||
| 2 | /* ==================================================================== | ||
| 3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. | ||
| 4 | * | ||
| 5 | * Redistribution and use in source and binary forms, with or without | ||
| 6 | * modification, are permitted provided that the following conditions | ||
| 7 | * are met: | ||
| 8 | * | ||
| 9 | * 1. Redistributions of source code must retain the above copyright | ||
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer in | ||
| 14 | * the documentation and/or other materials provided with the | ||
| 15 | * distribution. | ||
| 16 | * | ||
| 17 | * 3. All advertising materials mentioning features or use of this | ||
| 18 | * software must display the following acknowledgment: | ||
| 19 | * "This product includes software developed by the OpenSSL Project | ||
| 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 21 | * | ||
| 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 23 | * endorse or promote products derived from this software without | ||
| 24 | * prior written permission. For written permission, please contact | ||
| 25 | * openssl-core@OpenSSL.org. | ||
| 26 | * | ||
| 27 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 28 | * nor may "OpenSSL" appear in their names without prior written | ||
| 29 | * permission of the OpenSSL Project. | ||
| 30 | * | ||
| 31 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 32 | * acknowledgment: | ||
| 33 | * "This product includes software developed by the OpenSSL Project | ||
| 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 35 | * | ||
| 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 61 | #include <stdio.h> | ||
| 62 | |||
| 63 | #include <openssl/err.h> | ||
| 64 | #include <openssl/ssl.h> | ||
| 65 | |||
| 66 | /* BEGIN ERROR CODES */ | ||
| 67 | #ifndef OPENSSL_NO_ERR | ||
| 68 | |||
| 69 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0) | ||
| 70 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) | ||
| 71 | |||
| 72 | static ERR_STRING_DATA SSL_str_functs[]= { | ||
| 73 | {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"}, | ||
| 74 | {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"}, | ||
| 75 | {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"}, | ||
| 76 | {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"}, | ||
| 77 | {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, | ||
| 78 | {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, | ||
| 79 | {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, | ||
| 80 | {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, | ||
| 81 | {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"}, | ||
| 82 | {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, | ||
| 83 | {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"}, | ||
| 84 | {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, | ||
| 85 | {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, | ||
| 86 | {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, | ||
| 87 | {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, | ||
| 88 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, | ||
| 89 | {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, | ||
| 90 | {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, | ||
| 91 | {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"}, | ||
| 92 | {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"}, | ||
| 93 | {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, | ||
| 94 | {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, | ||
| 95 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, | ||
| 96 | {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"}, | ||
| 97 | {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"}, | ||
| 98 | {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"}, | ||
| 99 | {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"}, | ||
| 100 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"}, | ||
| 101 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"}, | ||
| 102 | {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"}, | ||
| 103 | {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, | ||
| 104 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"}, | ||
| 105 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"}, | ||
| 106 | {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"}, | ||
| 107 | {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"}, | ||
| 108 | {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"}, | ||
| 109 | {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"}, | ||
| 110 | {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, | ||
| 111 | {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, | ||
| 112 | {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, | ||
| 113 | {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, | ||
| 114 | {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, | ||
| 115 | {ERR_FUNC(SSL_F_READ_N), "READ_N"}, | ||
| 116 | {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"}, | ||
| 117 | {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"}, | ||
| 118 | {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"}, | ||
| 119 | {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"}, | ||
| 120 | {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"}, | ||
| 121 | {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, | ||
| 122 | {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"}, | ||
| 123 | {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, | ||
| 124 | {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, | ||
| 125 | {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"}, | ||
| 126 | {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"}, | ||
| 127 | {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"}, | ||
| 128 | {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"}, | ||
| 129 | {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"}, | ||
| 130 | {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"}, | ||
| 131 | {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"}, | ||
| 132 | {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"}, | ||
| 133 | {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"}, | ||
| 134 | {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"}, | ||
| 135 | {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, | ||
| 136 | {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, | ||
| 137 | {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, | ||
| 138 | {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, | ||
| 139 | {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, | ||
| 140 | {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, | ||
| 141 | {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | ||
| 142 | {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"}, | ||
| 143 | {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"}, | ||
| 144 | {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, | ||
| 145 | {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, | ||
| 146 | {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, | ||
| 147 | {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"}, | ||
| 148 | {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, | ||
| 149 | {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, | ||
| 150 | {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, | ||
| 151 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | ||
| 152 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | ||
| 153 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | ||
| 154 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | ||
| 155 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | ||
| 156 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, | ||
| 157 | {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"}, | ||
| 158 | {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | ||
| 159 | {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | ||
| 160 | {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | ||
| 161 | {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, | ||
| 162 | {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | ||
| 163 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | ||
| 164 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | ||
| 165 | {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, | ||
| 166 | {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"}, | ||
| 167 | {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, | ||
| 168 | {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, | ||
| 169 | {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, | ||
| 170 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | ||
| 171 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, | ||
| 172 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, | ||
| 173 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, | ||
| 174 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, | ||
| 175 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, | ||
| 176 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, | ||
| 177 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, | ||
| 178 | {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, | ||
| 179 | {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, | ||
| 180 | {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"}, | ||
| 181 | {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"}, | ||
| 182 | {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, | ||
| 183 | {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, | ||
| 184 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"}, | ||
| 185 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, | ||
| 186 | {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"}, | ||
| 187 | {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, | ||
| 188 | {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, | ||
| 189 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"}, | ||
| 190 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, | ||
| 191 | {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"}, | ||
| 192 | {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, | ||
| 193 | {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, | ||
| 194 | {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"}, | ||
| 195 | {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"}, | ||
| 196 | {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, | ||
| 197 | {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, | ||
| 198 | {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, | ||
| 199 | {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, | ||
| 200 | {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"}, | ||
| 201 | {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, | ||
| 202 | {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, | ||
| 203 | {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, | ||
| 204 | {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, | ||
| 205 | {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"}, | ||
| 206 | {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, | ||
| 207 | {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, | ||
| 208 | {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, | ||
| 209 | {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, | ||
| 210 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, | ||
| 211 | {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"}, | ||
| 212 | {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, | ||
| 213 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, | ||
| 214 | {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, | ||
| 215 | {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"}, | ||
| 216 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, | ||
| 217 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, | ||
| 218 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"}, | ||
| 219 | {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, | ||
| 220 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, | ||
| 221 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, | ||
| 222 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, | ||
| 223 | {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"}, | ||
| 224 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, | ||
| 225 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, | ||
| 226 | {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, | ||
| 227 | {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, | ||
| 228 | {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"}, | ||
| 229 | {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"}, | ||
| 230 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, | ||
| 231 | {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"}, | ||
| 232 | {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"}, | ||
| 233 | {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, | ||
| 234 | {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, | ||
| 235 | {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, | ||
| 236 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"}, | ||
| 237 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"}, | ||
| 238 | {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT), "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"}, | ||
| 239 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"}, | ||
| 240 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"}, | ||
| 241 | {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT), "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"}, | ||
| 242 | {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, | ||
| 243 | {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, | ||
| 244 | {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, | ||
| 245 | {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, | ||
| 246 | {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, | ||
| 247 | {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, | ||
| 248 | {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, | ||
| 249 | {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, | ||
| 250 | {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, | ||
| 251 | {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, | ||
| 252 | {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, | ||
| 253 | {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, | ||
| 254 | {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, | ||
| 255 | {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, | ||
| 256 | {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, | ||
| 257 | {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, | ||
| 258 | {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, | ||
| 259 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, | ||
| 260 | {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, | ||
| 261 | {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, | ||
| 262 | {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, | ||
| 263 | {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, | ||
| 264 | {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, | ||
| 265 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"}, | ||
| 266 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"}, | ||
| 267 | {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"}, | ||
| 268 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"}, | ||
| 269 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"}, | ||
| 270 | {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"}, | ||
| 271 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, | ||
| 272 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, | ||
| 273 | {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, | ||
| 274 | {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, | ||
| 275 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, | ||
| 276 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, | ||
| 277 | {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, | ||
| 278 | {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, | ||
| 279 | {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, | ||
| 280 | {ERR_FUNC(SSL_F_TLS1_AEAD_CTX_INIT), "TLS1_AEAD_CTX_INIT"}, | ||
| 281 | {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"}, | ||
| 282 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, | ||
| 283 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD), "TLS1_CHANGE_CIPHER_STATE_AEAD"}, | ||
| 284 | {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER), "TLS1_CHANGE_CIPHER_STATE_CIPHER"}, | ||
| 285 | {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"}, | ||
| 286 | {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, | ||
| 287 | {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "TLS1_EXPORT_KEYING_MATERIAL"}, | ||
| 288 | {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"}, | ||
| 289 | {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, | ||
| 290 | {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, | ||
| 291 | {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, | ||
| 292 | {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, | ||
| 293 | {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, | ||
| 294 | {0, NULL} | ||
| 295 | }; | ||
| 296 | |||
| 297 | static ERR_STRING_DATA SSL_str_reasons[]= { | ||
| 298 | {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"}, | ||
| 299 | {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"}, | ||
| 300 | {ERR_REASON(SSL_R_BAD_ALERT_RECORD) , "bad alert record"}, | ||
| 301 | {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"}, | ||
| 302 | {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"}, | ||
| 303 | {ERR_REASON(SSL_R_BAD_CHECKSUM) , "bad checksum"}, | ||
| 304 | {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"}, | ||
| 305 | {ERR_REASON(SSL_R_BAD_DECOMPRESSION) , "bad decompression"}, | ||
| 306 | {ERR_REASON(SSL_R_BAD_DH_G_LENGTH) , "bad dh g length"}, | ||
| 307 | {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"}, | ||
| 308 | {ERR_REASON(SSL_R_BAD_DH_P_LENGTH) , "bad dh p length"}, | ||
| 309 | {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) , "bad digest length"}, | ||
| 310 | {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) , "bad dsa signature"}, | ||
| 311 | {ERR_REASON(SSL_R_BAD_ECC_CERT) , "bad ecc cert"}, | ||
| 312 | {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) , "bad ecdsa signature"}, | ||
| 313 | {ERR_REASON(SSL_R_BAD_ECPOINT) , "bad ecpoint"}, | ||
| 314 | {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) , "bad handshake length"}, | ||
| 315 | {ERR_REASON(SSL_R_BAD_HELLO_REQUEST) , "bad hello request"}, | ||
| 316 | {ERR_REASON(SSL_R_BAD_LENGTH) , "bad length"}, | ||
| 317 | {ERR_REASON(SSL_R_BAD_MAC_DECODE) , "bad mac decode"}, | ||
| 318 | {ERR_REASON(SSL_R_BAD_MAC_LENGTH) , "bad mac length"}, | ||
| 319 | {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) , "bad message type"}, | ||
| 320 | {ERR_REASON(SSL_R_BAD_PACKET_LENGTH) , "bad packet length"}, | ||
| 321 | {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"}, | ||
| 322 | {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"}, | ||
| 323 | {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"}, | ||
| 324 | {ERR_REASON(SSL_R_BAD_RSA_DECRYPT) , "bad rsa decrypt"}, | ||
| 325 | {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) , "bad rsa encrypt"}, | ||
| 326 | {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) , "bad rsa e length"}, | ||
| 327 | {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"}, | ||
| 328 | {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) , "bad rsa signature"}, | ||
| 329 | {ERR_REASON(SSL_R_BAD_SIGNATURE) , "bad signature"}, | ||
| 330 | {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH) , "bad srp a length"}, | ||
| 331 | {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH) , "bad srp b length"}, | ||
| 332 | {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH) , "bad srp g length"}, | ||
| 333 | {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH) , "bad srp n length"}, | ||
| 334 | {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH) , "bad srp s length"}, | ||
| 335 | {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE) , "bad srtp mki value"}, | ||
| 336 | {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"}, | ||
| 337 | {ERR_REASON(SSL_R_BAD_SSL_FILETYPE) , "bad ssl filetype"}, | ||
| 338 | {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"}, | ||
| 339 | {ERR_REASON(SSL_R_BAD_STATE) , "bad state"}, | ||
| 340 | {ERR_REASON(SSL_R_BAD_WRITE_RETRY) , "bad write retry"}, | ||
| 341 | {ERR_REASON(SSL_R_BIO_NOT_SET) , "bio not set"}, | ||
| 342 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, | ||
| 343 | {ERR_REASON(SSL_R_BN_LIB) , "bn lib"}, | ||
| 344 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"}, | ||
| 345 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) , "ca dn too long"}, | ||
| 346 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) , "ccs received early"}, | ||
| 347 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, | ||
| 348 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) , "cert length mismatch"}, | ||
| 349 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"}, | ||
| 350 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, | ||
| 351 | {ERR_REASON(SSL_R_CIPHER_COMPRESSION_UNAVAILABLE), "cipher compression unavailable"}, | ||
| 352 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"}, | ||
| 353 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"}, | ||
| 354 | {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) , "clienthello tlsext"}, | ||
| 355 | {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"}, | ||
| 356 | {ERR_REASON(SSL_R_COMPRESSION_DISABLED) , "compression disabled"}, | ||
| 357 | {ERR_REASON(SSL_R_COMPRESSION_FAILURE) , "compression failure"}, | ||
| 358 | {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, | ||
| 359 | {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, | ||
| 360 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"}, | ||
| 361 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, | ||
| 362 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) , "cookie mismatch"}, | ||
| 363 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"}, | ||
| 364 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) , "data length too long"}, | ||
| 365 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) , "decryption failed"}, | ||
| 366 | {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, | ||
| 367 | {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, | ||
| 368 | {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) , "digest check failed"}, | ||
| 369 | {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) , "dtls message too big"}, | ||
| 370 | {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"}, | ||
| 371 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"}, | ||
| 372 | {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"}, | ||
| 373 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"}, | ||
| 374 | {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"}, | ||
| 375 | {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"}, | ||
| 376 | {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, | ||
| 377 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, | ||
| 378 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, | ||
| 379 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, | ||
| 380 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, | ||
| 381 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"}, | ||
| 382 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"}, | ||
| 383 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"}, | ||
| 384 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"}, | ||
| 385 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) , "https proxy request"}, | ||
| 386 | {ERR_REASON(SSL_R_HTTP_REQUEST) , "http request"}, | ||
| 387 | {ERR_REASON(SSL_R_ILLEGAL_PADDING) , "illegal padding"}, | ||
| 388 | {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"}, | ||
| 389 | {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, | ||
| 390 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"}, | ||
| 391 | {ERR_REASON(SSL_R_INVALID_COMMAND) , "invalid command"}, | ||
| 392 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, | ||
| 393 | {ERR_REASON(SSL_R_INVALID_PURPOSE) , "invalid purpose"}, | ||
| 394 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) , "invalid srp username"}, | ||
| 395 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"}, | ||
| 396 | {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, | ||
| 397 | {ERR_REASON(SSL_R_INVALID_TRUST) , "invalid trust"}, | ||
| 398 | {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) , "key arg too long"}, | ||
| 399 | {ERR_REASON(SSL_R_KRB5) , "krb5"}, | ||
| 400 | {ERR_REASON(SSL_R_KRB5_C_CC_PRINC) , "krb5 client cc principal (no tkt?)"}, | ||
| 401 | {ERR_REASON(SSL_R_KRB5_C_GET_CRED) , "krb5 client get cred"}, | ||
| 402 | {ERR_REASON(SSL_R_KRB5_C_INIT) , "krb5 client init"}, | ||
| 403 | {ERR_REASON(SSL_R_KRB5_C_MK_REQ) , "krb5 client mk_req (expired tkt?)"}, | ||
| 404 | {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) , "krb5 server bad ticket"}, | ||
| 405 | {ERR_REASON(SSL_R_KRB5_S_INIT) , "krb5 server init"}, | ||
| 406 | {ERR_REASON(SSL_R_KRB5_S_RD_REQ) , "krb5 server rd_req (keytab perms?)"}, | ||
| 407 | {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) , "krb5 server tkt expired"}, | ||
| 408 | {ERR_REASON(SSL_R_KRB5_S_TKT_NYV) , "krb5 server tkt not yet valid"}, | ||
| 409 | {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) , "krb5 server tkt skew"}, | ||
| 410 | {ERR_REASON(SSL_R_LENGTH_MISMATCH) , "length mismatch"}, | ||
| 411 | {ERR_REASON(SSL_R_LENGTH_TOO_SHORT) , "length too short"}, | ||
| 412 | {ERR_REASON(SSL_R_LIBRARY_BUG) , "library bug"}, | ||
| 413 | {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"}, | ||
| 414 | {ERR_REASON(SSL_R_MESSAGE_TOO_LONG) , "message too long"}, | ||
| 415 | {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) , "missing dh dsa cert"}, | ||
| 416 | {ERR_REASON(SSL_R_MISSING_DH_KEY) , "missing dh key"}, | ||
| 417 | {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) , "missing dh rsa cert"}, | ||
| 418 | {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"}, | ||
| 419 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, | ||
| 420 | {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, | ||
| 421 | {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, | ||
| 422 | {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, | ||
| 423 | {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"}, | ||
| 424 | {ERR_REASON(SSL_R_MISSING_SRP_PARAM) , "can't find SRP server param"}, | ||
| 425 | {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) , "missing tmp dh key"}, | ||
| 426 | {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) , "missing tmp ecdh key"}, | ||
| 427 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) , "missing tmp rsa key"}, | ||
| 428 | {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) , "missing tmp rsa pkey"}, | ||
| 429 | {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, | ||
| 430 | {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"}, | ||
| 431 | {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"}, | ||
| 432 | {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, | ||
| 433 | {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"}, | ||
| 434 | {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"}, | ||
| 435 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SET) , "no certificate set"}, | ||
| 436 | {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"}, | ||
| 437 | {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) , "no ciphers available"}, | ||
| 438 | {ERR_REASON(SSL_R_NO_CIPHERS_PASSED) , "no ciphers passed"}, | ||
| 439 | {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) , "no ciphers specified"}, | ||
| 440 | {ERR_REASON(SSL_R_NO_CIPHER_LIST) , "no cipher list"}, | ||
| 441 | {ERR_REASON(SSL_R_NO_CIPHER_MATCH) , "no cipher match"}, | ||
| 442 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, | ||
| 443 | {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, | ||
| 444 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, | ||
| 445 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, | ||
| 446 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, | ||
| 447 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, | ||
| 448 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, | ||
| 449 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"}, | ||
| 450 | {ERR_REASON(SSL_R_NO_PUBLICKEY) , "no publickey"}, | ||
| 451 | {ERR_REASON(SSL_R_NO_RENEGOTIATION) , "no renegotiation"}, | ||
| 452 | {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) , "digest requred for handshake isn't computed"}, | ||
| 453 | {ERR_REASON(SSL_R_NO_SHARED_CIPHER) , "no shared cipher"}, | ||
| 454 | {ERR_REASON(SSL_R_NO_SRTP_PROFILES) , "no srtp profiles"}, | ||
| 455 | {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) , "no verify callback"}, | ||
| 456 | {ERR_REASON(SSL_R_NULL_SSL_CTX) , "null ssl ctx"}, | ||
| 457 | {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, | ||
| 458 | {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"}, | ||
| 459 | {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"}, | ||
| 460 | {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, | ||
| 461 | {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, | ||
| 462 | {ERR_REASON(SSL_R_PARSE_TLSEXT) , "parse tlsext"}, | ||
| 463 | {ERR_REASON(SSL_R_PATH_TOO_LONG) , "path too long"}, | ||
| 464 | {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"}, | ||
| 465 | {ERR_REASON(SSL_R_PEER_ERROR) , "peer error"}, | ||
| 466 | {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"}, | ||
| 467 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"}, | ||
| 468 | {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) , "peer error no cipher"}, | ||
| 469 | {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"}, | ||
| 470 | {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"}, | ||
| 471 | {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"}, | ||
| 472 | {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) , "protocol is shutdown"}, | ||
| 473 | {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"}, | ||
| 474 | {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) , "psk no client cb"}, | ||
| 475 | {ERR_REASON(SSL_R_PSK_NO_SERVER_CB) , "psk no server cb"}, | ||
| 476 | {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"}, | ||
| 477 | {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"}, | ||
| 478 | {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, | ||
| 479 | {ERR_REASON(SSL_R_READ_BIO_NOT_SET) , "read bio not set"}, | ||
| 480 | {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) , "read timeout expired"}, | ||
| 481 | {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"}, | ||
| 482 | {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"}, | ||
| 483 | {ERR_REASON(SSL_R_RECORD_TOO_LARGE) , "record too large"}, | ||
| 484 | {ERR_REASON(SSL_R_RECORD_TOO_SMALL) , "record too small"}, | ||
| 485 | {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"}, | ||
| 486 | {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"}, | ||
| 487 | {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"}, | ||
| 488 | {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"}, | ||
| 489 | {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"}, | ||
| 490 | {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"}, | ||
| 491 | {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"}, | ||
| 492 | {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"}, | ||
| 493 | {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"}, | ||
| 494 | {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) , "serverhello tlsext"}, | ||
| 495 | {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"}, | ||
| 496 | {ERR_REASON(SSL_R_SHORT_READ) , "short read"}, | ||
| 497 | {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"}, | ||
| 498 | {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"}, | ||
| 499 | {ERR_REASON(SSL_R_SRP_A_CALC) , "error with the srp params"}, | ||
| 500 | {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"}, | ||
| 501 | {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"}, | ||
| 502 | {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, | ||
| 503 | {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"}, | ||
| 504 | {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"}, | ||
| 505 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, | ||
| 506 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"}, | ||
| 507 | {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, | ||
| 508 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, | ||
| 509 | {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, | ||
| 510 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, | ||
| 511 | {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"}, | ||
| 512 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"}, | ||
| 513 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"}, | ||
| 514 | {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"}, | ||
| 515 | {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"}, | ||
| 516 | {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"}, | ||
| 517 | {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"}, | ||
| 518 | {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"}, | ||
| 519 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"}, | ||
| 520 | {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"}, | ||
| 521 | {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"}, | ||
| 522 | {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"}, | ||
| 523 | {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"}, | ||
| 524 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"}, | ||
| 525 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"}, | ||
| 526 | {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"}, | ||
| 527 | {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, | ||
| 528 | {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"}, | ||
| 529 | {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, | ||
| 530 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, | ||
| 531 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, | ||
| 532 | {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, | ||
| 533 | {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, | ||
| 534 | {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"}, | ||
| 535 | {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"}, | ||
| 536 | {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"}, | ||
| 537 | {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"}, | ||
| 538 | {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"}, | ||
| 539 | {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"}, | ||
| 540 | {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"}, | ||
| 541 | {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"}, | ||
| 542 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"}, | ||
| 543 | {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"}, | ||
| 544 | {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"}, | ||
| 545 | {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"}, | ||
| 546 | {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"}, | ||
| 547 | {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"}, | ||
| 548 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbeats"}, | ||
| 549 | {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"}, | ||
| 550 | {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"}, | ||
| 551 | {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"}, | ||
| 552 | {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"}, | ||
| 553 | {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, | ||
| 554 | {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER), "tried to use unsupported cipher"}, | ||
| 555 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, | ||
| 556 | {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, | ||
| 557 | {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"}, | ||
| 558 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"}, | ||
| 559 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"}, | ||
| 560 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, | ||
| 561 | {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, | ||
| 562 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"}, | ||
| 563 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, | ||
| 564 | {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"}, | ||
| 565 | {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) , "unexpected message"}, | ||
| 566 | {ERR_REASON(SSL_R_UNEXPECTED_RECORD) , "unexpected record"}, | ||
| 567 | {ERR_REASON(SSL_R_UNINITIALIZED) , "uninitialized"}, | ||
| 568 | {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) , "unknown alert type"}, | ||
| 569 | {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"}, | ||
| 570 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"}, | ||
| 571 | {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) , "unknown cipher type"}, | ||
| 572 | {ERR_REASON(SSL_R_UNKNOWN_DIGEST) , "unknown digest"}, | ||
| 573 | {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, | ||
| 574 | {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) , "unknown pkey type"}, | ||
| 575 | {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) , "unknown protocol"}, | ||
| 576 | {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, | ||
| 577 | {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) , "unknown ssl version"}, | ||
| 578 | {ERR_REASON(SSL_R_UNKNOWN_STATE) , "unknown state"}, | ||
| 579 | {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"}, | ||
| 580 | {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, | ||
| 581 | {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, | ||
| 582 | {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"}, | ||
| 583 | {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"}, | ||
| 584 | {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) , "unsupported protocol"}, | ||
| 585 | {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"}, | ||
| 586 | {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"}, | ||
| 587 | {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"}, | ||
| 588 | {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) , "write bio not set"}, | ||
| 589 | {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"}, | ||
| 590 | {ERR_REASON(SSL_R_WRONG_CURVE) , "wrong curve"}, | ||
| 591 | {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) , "wrong message type"}, | ||
| 592 | {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"}, | ||
| 593 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, | ||
| 594 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"}, | ||
| 595 | {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"}, | ||
| 596 | {ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"}, | ||
| 597 | {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"}, | ||
| 598 | {ERR_REASON(SSL_R_X509_LIB) , "x509 lib"}, | ||
| 599 | {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"}, | ||
| 600 | {0, NULL} | ||
| 601 | }; | ||
| 602 | |||
| 603 | #endif | ||
| 604 | |||
| 605 | void | ||
| 606 | ERR_load_SSL_strings(void) | ||
| 607 | { | ||
| 608 | #ifndef OPENSSL_NO_ERR | ||
| 609 | |||
| 610 | if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) { | ||
| 611 | ERR_load_strings(0, SSL_str_functs); | ||
| 612 | ERR_load_strings(0, SSL_str_reasons); | ||
| 613 | } | ||
| 614 | #endif | ||
| 615 | } | ||
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c deleted file mode 100644 index 9aad13cdc5..0000000000 --- a/src/lib/libssl/ssl_err2.c +++ /dev/null | |||
| @@ -1,72 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_err2.c,v 1.7 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include <openssl/err.h> | ||
| 62 | #include <openssl/ssl.h> | ||
| 63 | |||
| 64 | void | ||
| 65 | SSL_load_error_strings(void) | ||
| 66 | { | ||
| 67 | #ifndef OPENSSL_NO_ERR | ||
| 68 | ERR_load_crypto_strings(); | ||
| 69 | ERR_load_SSL_strings(); | ||
| 70 | #endif | ||
| 71 | } | ||
| 72 | |||
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c deleted file mode 100644 index d7b5283501..0000000000 --- a/src/lib/libssl/ssl_lib.c +++ /dev/null | |||
| @@ -1,3121 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.101 2015/02/22 15:54:27 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | /* ==================================================================== | ||
| 117 | * Copyright 2005 Nokia. All rights reserved. | ||
| 118 | * | ||
| 119 | * The portions of the attached software ("Contribution") is developed by | ||
| 120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 121 | * license. | ||
| 122 | * | ||
| 123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 125 | * support (see RFC 4279) to OpenSSL. | ||
| 126 | * | ||
| 127 | * No patent licenses or other rights except those expressly stated in | ||
| 128 | * the OpenSSL open source license shall be deemed granted or received | ||
| 129 | * expressly, by implication, estoppel, or otherwise. | ||
| 130 | * | ||
| 131 | * No assurances are provided by Nokia that the Contribution does not | ||
| 132 | * infringe the patent or other intellectual property rights of any third | ||
| 133 | * party or that the license provides you with all the necessary rights | ||
| 134 | * to make use of the Contribution. | ||
| 135 | * | ||
| 136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 140 | * OTHERWISE. | ||
| 141 | */ | ||
| 142 | |||
| 143 | #include <stdio.h> | ||
| 144 | |||
| 145 | #include "ssl_locl.h" | ||
| 146 | |||
| 147 | #include <openssl/bn.h> | ||
| 148 | #include <openssl/dh.h> | ||
| 149 | #include <openssl/lhash.h> | ||
| 150 | #include <openssl/objects.h> | ||
| 151 | #include <openssl/ocsp.h> | ||
| 152 | #include <openssl/x509v3.h> | ||
| 153 | |||
| 154 | #ifndef OPENSSL_NO_ENGINE | ||
| 155 | #include <openssl/engine.h> | ||
| 156 | #endif | ||
| 157 | |||
| 158 | const char *SSL_version_str = OPENSSL_VERSION_TEXT; | ||
| 159 | |||
| 160 | SSL3_ENC_METHOD ssl3_undef_enc_method = { | ||
| 161 | /* | ||
| 162 | * Evil casts, but these functions are only called if there's a | ||
| 163 | * library bug. | ||
| 164 | */ | ||
| 165 | .enc = (int (*)(SSL *, int))ssl_undefined_function, | ||
| 166 | .mac = (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, | ||
| 167 | .setup_key_block = ssl_undefined_function, | ||
| 168 | .generate_master_secret = (int (*)(SSL *, unsigned char *, | ||
| 169 | unsigned char *, int))ssl_undefined_function, | ||
| 170 | .change_cipher_state = (int (*)(SSL*, int))ssl_undefined_function, | ||
| 171 | .final_finish_mac = (int (*)(SSL *, const char*, int, | ||
| 172 | unsigned char *))ssl_undefined_function, | ||
| 173 | .finish_mac_length = 0, | ||
| 174 | .cert_verify_mac = (int (*)(SSL *, int, | ||
| 175 | unsigned char *))ssl_undefined_function, | ||
| 176 | .client_finished_label = NULL, | ||
| 177 | .client_finished_label_len = 0, | ||
| 178 | .server_finished_label = NULL, | ||
| 179 | .server_finished_label_len = 0, | ||
| 180 | .alert_value = (int (*)(int))ssl_undefined_function, | ||
| 181 | .export_keying_material = (int (*)(SSL *, unsigned char *, size_t, | ||
| 182 | const char *, size_t, const unsigned char *, size_t, | ||
| 183 | int use_context))ssl_undefined_function, | ||
| 184 | .enc_flags = 0, | ||
| 185 | }; | ||
| 186 | |||
| 187 | int | ||
| 188 | SSL_clear(SSL *s) | ||
| 189 | { | ||
| 190 | if (s->method == NULL) { | ||
| 191 | SSLerr(SSL_F_SSL_CLEAR, | ||
| 192 | SSL_R_NO_METHOD_SPECIFIED); | ||
| 193 | return (0); | ||
| 194 | } | ||
| 195 | |||
| 196 | if (ssl_clear_bad_session(s)) { | ||
| 197 | SSL_SESSION_free(s->session); | ||
| 198 | s->session = NULL; | ||
| 199 | } | ||
| 200 | |||
| 201 | s->error = 0; | ||
| 202 | s->hit = 0; | ||
| 203 | s->shutdown = 0; | ||
| 204 | |||
| 205 | if (s->renegotiate) { | ||
| 206 | SSLerr(SSL_F_SSL_CLEAR, | ||
| 207 | ERR_R_INTERNAL_ERROR); | ||
| 208 | return (0); | ||
| 209 | } | ||
| 210 | |||
| 211 | s->type = 0; | ||
| 212 | |||
| 213 | s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); | ||
| 214 | |||
| 215 | s->version = s->method->version; | ||
| 216 | s->client_version = s->version; | ||
| 217 | s->rwstate = SSL_NOTHING; | ||
| 218 | s->rstate = SSL_ST_READ_HEADER; | ||
| 219 | |||
| 220 | if (s->init_buf != NULL) { | ||
| 221 | BUF_MEM_free(s->init_buf); | ||
| 222 | s->init_buf = NULL; | ||
| 223 | } | ||
| 224 | |||
| 225 | ssl_clear_cipher_ctx(s); | ||
| 226 | ssl_clear_hash_ctx(&s->read_hash); | ||
| 227 | ssl_clear_hash_ctx(&s->write_hash); | ||
| 228 | |||
| 229 | s->first_packet = 0; | ||
| 230 | |||
| 231 | /* | ||
| 232 | * Check to see if we were changed into a different method, if | ||
| 233 | * so, revert back if we are not doing session-id reuse. | ||
| 234 | */ | ||
| 235 | if (!s->in_handshake && (s->session == NULL) && | ||
| 236 | (s->method != s->ctx->method)) { | ||
| 237 | s->method->ssl_free(s); | ||
| 238 | s->method = s->ctx->method; | ||
| 239 | if (!s->method->ssl_new(s)) | ||
| 240 | return (0); | ||
| 241 | } else | ||
| 242 | s->method->ssl_clear(s); | ||
| 243 | return (1); | ||
| 244 | } | ||
| 245 | |||
| 246 | /* Used to change an SSL_CTXs default SSL method type */ | ||
| 247 | int | ||
| 248 | SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) | ||
| 249 | { | ||
| 250 | STACK_OF(SSL_CIPHER) *sk; | ||
| 251 | |||
| 252 | ctx->method = meth; | ||
| 253 | |||
| 254 | sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list), | ||
| 255 | &(ctx->cipher_list_by_id), SSL_DEFAULT_CIPHER_LIST); | ||
| 256 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { | ||
| 257 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, | ||
| 258 | SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | ||
| 259 | return (0); | ||
| 260 | } | ||
| 261 | return (1); | ||
| 262 | } | ||
| 263 | |||
| 264 | SSL * | ||
| 265 | SSL_new(SSL_CTX *ctx) | ||
| 266 | { | ||
| 267 | SSL *s; | ||
| 268 | |||
| 269 | if (ctx == NULL) { | ||
| 270 | SSLerr(SSL_F_SSL_NEW, | ||
| 271 | SSL_R_NULL_SSL_CTX); | ||
| 272 | return (NULL); | ||
| 273 | } | ||
| 274 | if (ctx->method == NULL) { | ||
| 275 | SSLerr(SSL_F_SSL_NEW, | ||
| 276 | SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION); | ||
| 277 | return (NULL); | ||
| 278 | } | ||
| 279 | |||
| 280 | s = calloc(1, sizeof(SSL)); | ||
| 281 | if (s == NULL) | ||
| 282 | goto err; | ||
| 283 | |||
| 284 | |||
| 285 | s->options = ctx->options; | ||
| 286 | s->mode = ctx->mode; | ||
| 287 | s->max_cert_list = ctx->max_cert_list; | ||
| 288 | |||
| 289 | if (ctx->cert != NULL) { | ||
| 290 | /* | ||
| 291 | * Earlier library versions used to copy the pointer to | ||
| 292 | * the CERT, not its contents; only when setting new | ||
| 293 | * parameters for the per-SSL copy, ssl_cert_new would be | ||
| 294 | * called (and the direct reference to the per-SSL_CTX | ||
| 295 | * settings would be lost, but those still were indirectly | ||
| 296 | * accessed for various purposes, and for that reason they | ||
| 297 | * used to be known as s->ctx->default_cert). | ||
| 298 | * Now we don't look at the SSL_CTX's CERT after having | ||
| 299 | * duplicated it once. | ||
| 300 | */ | ||
| 301 | s->cert = ssl_cert_dup(ctx->cert); | ||
| 302 | if (s->cert == NULL) | ||
| 303 | goto err; | ||
| 304 | } else | ||
| 305 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | ||
| 306 | |||
| 307 | s->read_ahead = ctx->read_ahead; | ||
| 308 | s->msg_callback = ctx->msg_callback; | ||
| 309 | s->msg_callback_arg = ctx->msg_callback_arg; | ||
| 310 | s->verify_mode = ctx->verify_mode; | ||
| 311 | s->sid_ctx_length = ctx->sid_ctx_length; | ||
| 312 | OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); | ||
| 313 | memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); | ||
| 314 | s->verify_callback = ctx->default_verify_callback; | ||
| 315 | s->generate_session_id = ctx->generate_session_id; | ||
| 316 | |||
| 317 | s->param = X509_VERIFY_PARAM_new(); | ||
| 318 | if (!s->param) | ||
| 319 | goto err; | ||
| 320 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); | ||
| 321 | s->quiet_shutdown = ctx->quiet_shutdown; | ||
| 322 | s->max_send_fragment = ctx->max_send_fragment; | ||
| 323 | |||
| 324 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); | ||
| 325 | s->ctx = ctx; | ||
| 326 | s->tlsext_debug_cb = 0; | ||
| 327 | s->tlsext_debug_arg = NULL; | ||
| 328 | s->tlsext_ticket_expected = 0; | ||
| 329 | s->tlsext_status_type = -1; | ||
| 330 | s->tlsext_status_expected = 0; | ||
| 331 | s->tlsext_ocsp_ids = NULL; | ||
| 332 | s->tlsext_ocsp_exts = NULL; | ||
| 333 | s->tlsext_ocsp_resp = NULL; | ||
| 334 | s->tlsext_ocsp_resplen = -1; | ||
| 335 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); | ||
| 336 | s->initial_ctx = ctx; | ||
| 337 | s->next_proto_negotiated = NULL; | ||
| 338 | |||
| 339 | if (s->ctx->alpn_client_proto_list != NULL) { | ||
| 340 | s->alpn_client_proto_list = | ||
| 341 | malloc(s->ctx->alpn_client_proto_list_len); | ||
| 342 | if (s->alpn_client_proto_list == NULL) | ||
| 343 | goto err; | ||
| 344 | memcpy(s->alpn_client_proto_list, | ||
| 345 | s->ctx->alpn_client_proto_list, | ||
| 346 | s->ctx->alpn_client_proto_list_len); | ||
| 347 | s->alpn_client_proto_list_len = | ||
| 348 | s->ctx->alpn_client_proto_list_len; | ||
| 349 | } | ||
| 350 | |||
| 351 | s->verify_result = X509_V_OK; | ||
| 352 | |||
| 353 | s->method = ctx->method; | ||
| 354 | |||
| 355 | if (!s->method->ssl_new(s)) | ||
| 356 | goto err; | ||
| 357 | |||
| 358 | s->references = 1; | ||
| 359 | s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1; | ||
| 360 | |||
| 361 | SSL_clear(s); | ||
| 362 | |||
| 363 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | ||
| 364 | |||
| 365 | |||
| 366 | return (s); | ||
| 367 | err: | ||
| 368 | if (s != NULL) { | ||
| 369 | if (s->cert != NULL) | ||
| 370 | ssl_cert_free(s->cert); | ||
| 371 | SSL_CTX_free(s->ctx); /* decrement reference count */ | ||
| 372 | free(s); | ||
| 373 | } | ||
| 374 | SSLerr(SSL_F_SSL_NEW, | ||
| 375 | ERR_R_MALLOC_FAILURE); | ||
| 376 | return (NULL); | ||
| 377 | } | ||
| 378 | |||
| 379 | int | ||
| 380 | SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, | ||
| 381 | unsigned int sid_ctx_len) | ||
| 382 | { | ||
| 383 | if (sid_ctx_len > sizeof ctx->sid_ctx) { | ||
| 384 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, | ||
| 385 | SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | ||
| 386 | return (0); | ||
| 387 | } | ||
| 388 | ctx->sid_ctx_length = sid_ctx_len; | ||
| 389 | memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len); | ||
| 390 | |||
| 391 | return (1); | ||
| 392 | } | ||
| 393 | |||
| 394 | int | ||
| 395 | SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, | ||
| 396 | unsigned int sid_ctx_len) | ||
| 397 | { | ||
| 398 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { | ||
| 399 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT, | ||
| 400 | SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | ||
| 401 | return (0); | ||
| 402 | } | ||
| 403 | ssl->sid_ctx_length = sid_ctx_len; | ||
| 404 | memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len); | ||
| 405 | |||
| 406 | return (1); | ||
| 407 | } | ||
| 408 | |||
| 409 | int | ||
| 410 | SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) | ||
| 411 | { | ||
| 412 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 413 | ctx->generate_session_id = cb; | ||
| 414 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 415 | return (1); | ||
| 416 | } | ||
| 417 | |||
| 418 | int | ||
| 419 | SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) | ||
| 420 | { | ||
| 421 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 422 | ssl->generate_session_id = cb; | ||
| 423 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 424 | return (1); | ||
| 425 | } | ||
| 426 | |||
| 427 | int | ||
| 428 | SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | ||
| 429 | unsigned int id_len) | ||
| 430 | { | ||
| 431 | /* | ||
| 432 | * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp | ||
| 433 | * shows how we can "construct" a session to give us the desired | ||
| 434 | * check - ie. to find if there's a session in the hash table | ||
| 435 | * that would conflict with any new session built out of this | ||
| 436 | * id/id_len and the ssl_version in use by this SSL. | ||
| 437 | */ | ||
| 438 | SSL_SESSION r, *p; | ||
| 439 | |||
| 440 | if (id_len > sizeof r.session_id) | ||
| 441 | return (0); | ||
| 442 | |||
| 443 | r.ssl_version = ssl->version; | ||
| 444 | r.session_id_length = id_len; | ||
| 445 | memcpy(r.session_id, id, id_len); | ||
| 446 | |||
| 447 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 448 | p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); | ||
| 449 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 450 | return (p != NULL); | ||
| 451 | } | ||
| 452 | |||
| 453 | int | ||
| 454 | SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | ||
| 455 | { | ||
| 456 | return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); | ||
| 457 | } | ||
| 458 | |||
| 459 | int | ||
| 460 | SSL_set_purpose(SSL *s, int purpose) | ||
| 461 | { | ||
| 462 | return (X509_VERIFY_PARAM_set_purpose(s->param, purpose)); | ||
| 463 | } | ||
| 464 | |||
| 465 | int | ||
| 466 | SSL_CTX_set_trust(SSL_CTX *s, int trust) | ||
| 467 | { | ||
| 468 | return (X509_VERIFY_PARAM_set_trust(s->param, trust)); | ||
| 469 | } | ||
| 470 | |||
| 471 | int | ||
| 472 | SSL_set_trust(SSL *s, int trust) | ||
| 473 | { | ||
| 474 | return (X509_VERIFY_PARAM_set_trust(s->param, trust)); | ||
| 475 | } | ||
| 476 | |||
| 477 | int | ||
| 478 | SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) | ||
| 479 | { | ||
| 480 | return (X509_VERIFY_PARAM_set1(ctx->param, vpm)); | ||
| 481 | } | ||
| 482 | |||
| 483 | int | ||
| 484 | SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) | ||
| 485 | { | ||
| 486 | return (X509_VERIFY_PARAM_set1(ssl->param, vpm)); | ||
| 487 | } | ||
| 488 | |||
| 489 | void | ||
| 490 | SSL_free(SSL *s) | ||
| 491 | { | ||
| 492 | int i; | ||
| 493 | |||
| 494 | if (s == NULL) | ||
| 495 | return; | ||
| 496 | |||
| 497 | i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL); | ||
| 498 | if (i > 0) | ||
| 499 | return; | ||
| 500 | |||
| 501 | if (s->param) | ||
| 502 | X509_VERIFY_PARAM_free(s->param); | ||
| 503 | |||
| 504 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | ||
| 505 | |||
| 506 | if (s->bbio != NULL) { | ||
| 507 | /* If the buffering BIO is in place, pop it off */ | ||
| 508 | if (s->bbio == s->wbio) { | ||
| 509 | s->wbio = BIO_pop(s->wbio); | ||
| 510 | } | ||
| 511 | BIO_free(s->bbio); | ||
| 512 | s->bbio = NULL; | ||
| 513 | } | ||
| 514 | if (s->rbio != NULL) | ||
| 515 | BIO_free_all(s->rbio); | ||
| 516 | if ((s->wbio != NULL) && (s->wbio != s->rbio)) | ||
| 517 | BIO_free_all(s->wbio); | ||
| 518 | |||
| 519 | if (s->init_buf != NULL) | ||
| 520 | BUF_MEM_free(s->init_buf); | ||
| 521 | |||
| 522 | /* add extra stuff */ | ||
| 523 | if (s->cipher_list != NULL) | ||
| 524 | sk_SSL_CIPHER_free(s->cipher_list); | ||
| 525 | if (s->cipher_list_by_id != NULL) | ||
| 526 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | ||
| 527 | |||
| 528 | /* Make the next call work :-) */ | ||
| 529 | if (s->session != NULL) { | ||
| 530 | ssl_clear_bad_session(s); | ||
| 531 | SSL_SESSION_free(s->session); | ||
| 532 | } | ||
| 533 | |||
| 534 | ssl_clear_cipher_ctx(s); | ||
| 535 | ssl_clear_hash_ctx(&s->read_hash); | ||
| 536 | ssl_clear_hash_ctx(&s->write_hash); | ||
| 537 | |||
| 538 | if (s->cert != NULL) | ||
| 539 | ssl_cert_free(s->cert); | ||
| 540 | /* Free up if allocated */ | ||
| 541 | |||
| 542 | free(s->tlsext_hostname); | ||
| 543 | SSL_CTX_free(s->initial_ctx); | ||
| 544 | free(s->tlsext_ecpointformatlist); | ||
| 545 | free(s->tlsext_ellipticcurvelist); | ||
| 546 | if (s->tlsext_ocsp_exts) | ||
| 547 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | ||
| 548 | X509_EXTENSION_free); | ||
| 549 | if (s->tlsext_ocsp_ids) | ||
| 550 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | ||
| 551 | free(s->tlsext_ocsp_resp); | ||
| 552 | |||
| 553 | if (s->client_CA != NULL) | ||
| 554 | sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); | ||
| 555 | |||
| 556 | if (s->method != NULL) | ||
| 557 | s->method->ssl_free(s); | ||
| 558 | |||
| 559 | SSL_CTX_free(s->ctx); | ||
| 560 | |||
| 561 | |||
| 562 | free(s->next_proto_negotiated); | ||
| 563 | free(s->alpn_client_proto_list); | ||
| 564 | |||
| 565 | #ifndef OPENSSL_NO_SRTP | ||
| 566 | if (s->srtp_profiles) | ||
| 567 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); | ||
| 568 | #endif | ||
| 569 | |||
| 570 | free(s); | ||
| 571 | } | ||
| 572 | |||
| 573 | void | ||
| 574 | SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) | ||
| 575 | { | ||
| 576 | /* If the output buffering BIO is still in place, remove it */ | ||
| 577 | if (s->bbio != NULL) { | ||
| 578 | if (s->wbio == s->bbio) { | ||
| 579 | s->wbio = s->wbio->next_bio; | ||
| 580 | s->bbio->next_bio = NULL; | ||
| 581 | } | ||
| 582 | } | ||
| 583 | if ((s->rbio != NULL) && (s->rbio != rbio)) | ||
| 584 | BIO_free_all(s->rbio); | ||
| 585 | if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) | ||
| 586 | BIO_free_all(s->wbio); | ||
| 587 | s->rbio = rbio; | ||
| 588 | s->wbio = wbio; | ||
| 589 | } | ||
| 590 | |||
| 591 | BIO * | ||
| 592 | SSL_get_rbio(const SSL *s) | ||
| 593 | { | ||
| 594 | return (s->rbio); | ||
| 595 | } | ||
| 596 | |||
| 597 | BIO * | ||
| 598 | SSL_get_wbio(const SSL *s) | ||
| 599 | { | ||
| 600 | return (s->wbio); | ||
| 601 | } | ||
| 602 | |||
| 603 | int | ||
| 604 | SSL_get_fd(const SSL *s) | ||
| 605 | { | ||
| 606 | return (SSL_get_rfd(s)); | ||
| 607 | } | ||
| 608 | |||
| 609 | int | ||
| 610 | SSL_get_rfd(const SSL *s) | ||
| 611 | { | ||
| 612 | int ret = -1; | ||
| 613 | BIO *b, *r; | ||
| 614 | |||
| 615 | b = SSL_get_rbio(s); | ||
| 616 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); | ||
| 617 | if (r != NULL) | ||
| 618 | BIO_get_fd(r, &ret); | ||
| 619 | return (ret); | ||
| 620 | } | ||
| 621 | |||
| 622 | int | ||
| 623 | SSL_get_wfd(const SSL *s) | ||
| 624 | { | ||
| 625 | int ret = -1; | ||
| 626 | BIO *b, *r; | ||
| 627 | |||
| 628 | b = SSL_get_wbio(s); | ||
| 629 | r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR); | ||
| 630 | if (r != NULL) | ||
| 631 | BIO_get_fd(r, &ret); | ||
| 632 | return (ret); | ||
| 633 | } | ||
| 634 | |||
| 635 | int | ||
| 636 | SSL_set_fd(SSL *s, int fd) | ||
| 637 | { | ||
| 638 | int ret = 0; | ||
| 639 | BIO *bio = NULL; | ||
| 640 | |||
| 641 | bio = BIO_new(BIO_s_socket()); | ||
| 642 | |||
| 643 | if (bio == NULL) { | ||
| 644 | SSLerr(SSL_F_SSL_SET_FD, | ||
| 645 | ERR_R_BUF_LIB); | ||
| 646 | goto err; | ||
| 647 | } | ||
| 648 | BIO_set_fd(bio, fd, BIO_NOCLOSE); | ||
| 649 | SSL_set_bio(s, bio, bio); | ||
| 650 | ret = 1; | ||
| 651 | err: | ||
| 652 | return (ret); | ||
| 653 | } | ||
| 654 | |||
| 655 | int | ||
| 656 | SSL_set_wfd(SSL *s, int fd) | ||
| 657 | { | ||
| 658 | int ret = 0; | ||
| 659 | BIO *bio = NULL; | ||
| 660 | |||
| 661 | if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET) | ||
| 662 | || ((int)BIO_get_fd(s->rbio, NULL) != fd)) { | ||
| 663 | bio = BIO_new(BIO_s_socket()); | ||
| 664 | |||
| 665 | if (bio == NULL) { | ||
| 666 | SSLerr(SSL_F_SSL_SET_WFD, | ||
| 667 | ERR_R_BUF_LIB); | ||
| 668 | goto err; | ||
| 669 | } | ||
| 670 | BIO_set_fd(bio, fd, BIO_NOCLOSE); | ||
| 671 | SSL_set_bio(s, SSL_get_rbio(s), bio); | ||
| 672 | } else | ||
| 673 | SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s)); | ||
| 674 | ret = 1; | ||
| 675 | err: | ||
| 676 | return (ret); | ||
| 677 | } | ||
| 678 | |||
| 679 | int | ||
| 680 | SSL_set_rfd(SSL *s, int fd) | ||
| 681 | { | ||
| 682 | int ret = 0; | ||
| 683 | BIO *bio = NULL; | ||
| 684 | |||
| 685 | if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET) | ||
| 686 | || ((int)BIO_get_fd(s->wbio, NULL) != fd)) { | ||
| 687 | bio = BIO_new(BIO_s_socket()); | ||
| 688 | |||
| 689 | if (bio == NULL) { | ||
| 690 | SSLerr(SSL_F_SSL_SET_RFD, | ||
| 691 | ERR_R_BUF_LIB); | ||
| 692 | goto err; | ||
| 693 | } | ||
| 694 | BIO_set_fd(bio, fd, BIO_NOCLOSE); | ||
| 695 | SSL_set_bio(s, bio, SSL_get_wbio(s)); | ||
| 696 | } else | ||
| 697 | SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s)); | ||
| 698 | ret = 1; | ||
| 699 | err: | ||
| 700 | return (ret); | ||
| 701 | } | ||
| 702 | |||
| 703 | |||
| 704 | /* return length of latest Finished message we sent, copy to 'buf' */ | ||
| 705 | size_t | ||
| 706 | SSL_get_finished(const SSL *s, void *buf, size_t count) | ||
| 707 | { | ||
| 708 | size_t ret = 0; | ||
| 709 | |||
| 710 | if (s->s3 != NULL) { | ||
| 711 | ret = s->s3->tmp.finish_md_len; | ||
| 712 | if (count > ret) | ||
| 713 | count = ret; | ||
| 714 | memcpy(buf, s->s3->tmp.finish_md, count); | ||
| 715 | } | ||
| 716 | return (ret); | ||
| 717 | } | ||
| 718 | |||
| 719 | /* return length of latest Finished message we expected, copy to 'buf' */ | ||
| 720 | size_t | ||
| 721 | SSL_get_peer_finished(const SSL *s, void *buf, size_t count) | ||
| 722 | { | ||
| 723 | size_t ret = 0; | ||
| 724 | |||
| 725 | if (s->s3 != NULL) { | ||
| 726 | ret = s->s3->tmp.peer_finish_md_len; | ||
| 727 | if (count > ret) | ||
| 728 | count = ret; | ||
| 729 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | ||
| 730 | } | ||
| 731 | return (ret); | ||
| 732 | } | ||
| 733 | |||
| 734 | |||
| 735 | int | ||
| 736 | SSL_get_verify_mode(const SSL *s) | ||
| 737 | { | ||
| 738 | return (s->verify_mode); | ||
| 739 | } | ||
| 740 | |||
| 741 | int | ||
| 742 | SSL_get_verify_depth(const SSL *s) | ||
| 743 | { | ||
| 744 | return (X509_VERIFY_PARAM_get_depth(s->param)); | ||
| 745 | } | ||
| 746 | |||
| 747 | int | ||
| 748 | (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *) | ||
| 749 | { | ||
| 750 | return (s->verify_callback); | ||
| 751 | } | ||
| 752 | |||
| 753 | int | ||
| 754 | SSL_CTX_get_verify_mode(const SSL_CTX *ctx) | ||
| 755 | { | ||
| 756 | return (ctx->verify_mode); | ||
| 757 | } | ||
| 758 | |||
| 759 | int | ||
| 760 | SSL_CTX_get_verify_depth(const SSL_CTX *ctx) | ||
| 761 | { | ||
| 762 | return (X509_VERIFY_PARAM_get_depth(ctx->param)); | ||
| 763 | } | ||
| 764 | |||
| 765 | int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *) | ||
| 766 | { | ||
| 767 | return (ctx->default_verify_callback); | ||
| 768 | } | ||
| 769 | |||
| 770 | void | ||
| 771 | SSL_set_verify(SSL *s, int mode, | ||
| 772 | int (*callback)(int ok, X509_STORE_CTX *ctx)) | ||
| 773 | { | ||
| 774 | s->verify_mode = mode; | ||
| 775 | if (callback != NULL) | ||
| 776 | s->verify_callback = callback; | ||
| 777 | } | ||
| 778 | |||
| 779 | void | ||
| 780 | SSL_set_verify_depth(SSL *s, int depth) | ||
| 781 | { | ||
| 782 | X509_VERIFY_PARAM_set_depth(s->param, depth); | ||
| 783 | } | ||
| 784 | |||
| 785 | void | ||
| 786 | SSL_set_read_ahead(SSL *s, int yes) | ||
| 787 | { | ||
| 788 | s->read_ahead = yes; | ||
| 789 | } | ||
| 790 | |||
| 791 | int | ||
| 792 | SSL_get_read_ahead(const SSL *s) | ||
| 793 | { | ||
| 794 | return (s->read_ahead); | ||
| 795 | } | ||
| 796 | |||
| 797 | int | ||
| 798 | SSL_pending(const SSL *s) | ||
| 799 | { | ||
| 800 | /* | ||
| 801 | * SSL_pending cannot work properly if read-ahead is enabled | ||
| 802 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), | ||
| 803 | * and it is impossible to fix since SSL_pending cannot report | ||
| 804 | * errors that may be observed while scanning the new data. | ||
| 805 | * (Note that SSL_pending() is often used as a boolean value, | ||
| 806 | * so we'd better not return -1.) | ||
| 807 | */ | ||
| 808 | return (s->method->ssl_pending(s)); | ||
| 809 | } | ||
| 810 | |||
| 811 | X509 * | ||
| 812 | SSL_get_peer_certificate(const SSL *s) | ||
| 813 | { | ||
| 814 | X509 *r; | ||
| 815 | |||
| 816 | if ((s == NULL) || (s->session == NULL)) | ||
| 817 | r = NULL; | ||
| 818 | else | ||
| 819 | r = s->session->peer; | ||
| 820 | |||
| 821 | if (r == NULL) | ||
| 822 | return (r); | ||
| 823 | |||
| 824 | CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509); | ||
| 825 | |||
| 826 | return (r); | ||
| 827 | } | ||
| 828 | |||
| 829 | STACK_OF(X509) * | ||
| 830 | SSL_get_peer_cert_chain(const SSL *s) | ||
| 831 | { | ||
| 832 | STACK_OF(X509) *r; | ||
| 833 | |||
| 834 | if ((s == NULL) || (s->session == NULL) || | ||
| 835 | (s->session->sess_cert == NULL)) | ||
| 836 | r = NULL; | ||
| 837 | else | ||
| 838 | r = s->session->sess_cert->cert_chain; | ||
| 839 | |||
| 840 | /* | ||
| 841 | * If we are a client, cert_chain includes the peer's own | ||
| 842 | * certificate; | ||
| 843 | * if we are a server, it does not. | ||
| 844 | */ | ||
| 845 | return (r); | ||
| 846 | } | ||
| 847 | |||
| 848 | /* | ||
| 849 | * Now in theory, since the calling process own 't' it should be safe to | ||
| 850 | * modify. We need to be able to read f without being hassled | ||
| 851 | */ | ||
| 852 | void | ||
| 853 | SSL_copy_session_id(SSL *t, const SSL *f) | ||
| 854 | { | ||
| 855 | CERT *tmp; | ||
| 856 | |||
| 857 | /* Do we need to to SSL locking? */ | ||
| 858 | SSL_set_session(t, SSL_get_session(f)); | ||
| 859 | |||
| 860 | /* | ||
| 861 | * What if we are setup as SSLv2 but want to talk SSLv3 or | ||
| 862 | * vice-versa. | ||
| 863 | */ | ||
| 864 | if (t->method != f->method) { | ||
| 865 | t->method->ssl_free(t); /* cleanup current */ | ||
| 866 | t->method=f->method; /* change method */ | ||
| 867 | t->method->ssl_new(t); /* setup new */ | ||
| 868 | } | ||
| 869 | |||
| 870 | tmp = t->cert; | ||
| 871 | if (f->cert != NULL) { | ||
| 872 | CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT); | ||
| 873 | t->cert = f->cert; | ||
| 874 | } else | ||
| 875 | t->cert = NULL; | ||
| 876 | if (tmp != NULL) | ||
| 877 | ssl_cert_free(tmp); | ||
| 878 | SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length); | ||
| 879 | } | ||
| 880 | |||
| 881 | /* Fix this so it checks all the valid key/cert options */ | ||
| 882 | int | ||
| 883 | SSL_CTX_check_private_key(const SSL_CTX *ctx) | ||
| 884 | { | ||
| 885 | if ((ctx == NULL) || (ctx->cert == NULL) || | ||
| 886 | (ctx->cert->key->x509 == NULL)) { | ||
| 887 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, | ||
| 888 | SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 889 | return (0); | ||
| 890 | } | ||
| 891 | if (ctx->cert->key->privatekey == NULL) { | ||
| 892 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, | ||
| 893 | SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 894 | return (0); | ||
| 895 | } | ||
| 896 | return (X509_check_private_key(ctx->cert->key->x509, | ||
| 897 | ctx->cert->key->privatekey)); | ||
| 898 | } | ||
| 899 | |||
| 900 | /* Fix this function so that it takes an optional type parameter */ | ||
| 901 | int | ||
| 902 | SSL_check_private_key(const SSL *ssl) | ||
| 903 | { | ||
| 904 | if (ssl == NULL) { | ||
| 905 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, | ||
| 906 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 907 | return (0); | ||
| 908 | } | ||
| 909 | if (ssl->cert == NULL) { | ||
| 910 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, | ||
| 911 | SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 912 | return (0); | ||
| 913 | } | ||
| 914 | if (ssl->cert->key->x509 == NULL) { | ||
| 915 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, | ||
| 916 | SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 917 | return (0); | ||
| 918 | } | ||
| 919 | if (ssl->cert->key->privatekey == NULL) { | ||
| 920 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, | ||
| 921 | SSL_R_NO_PRIVATE_KEY_ASSIGNED); | ||
| 922 | return (0); | ||
| 923 | } | ||
| 924 | return (X509_check_private_key(ssl->cert->key->x509, | ||
| 925 | ssl->cert->key->privatekey)); | ||
| 926 | } | ||
| 927 | |||
| 928 | int | ||
| 929 | SSL_accept(SSL *s) | ||
| 930 | { | ||
| 931 | if (s->handshake_func == 0) | ||
| 932 | SSL_set_accept_state(s); /* Not properly initialized yet */ | ||
| 933 | |||
| 934 | return (s->method->ssl_accept(s)); | ||
| 935 | } | ||
| 936 | |||
| 937 | int | ||
| 938 | SSL_connect(SSL *s) | ||
| 939 | { | ||
| 940 | if (s->handshake_func == 0) | ||
| 941 | SSL_set_connect_state(s); /* Not properly initialized yet */ | ||
| 942 | |||
| 943 | return (s->method->ssl_connect(s)); | ||
| 944 | } | ||
| 945 | |||
| 946 | long | ||
| 947 | SSL_get_default_timeout(const SSL *s) | ||
| 948 | { | ||
| 949 | return (s->method->get_timeout()); | ||
| 950 | } | ||
| 951 | |||
| 952 | int | ||
| 953 | SSL_read(SSL *s, void *buf, int num) | ||
| 954 | { | ||
| 955 | if (s->handshake_func == 0) { | ||
| 956 | SSLerr(SSL_F_SSL_READ, | ||
| 957 | SSL_R_UNINITIALIZED); | ||
| 958 | return (-1); | ||
| 959 | } | ||
| 960 | |||
| 961 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | ||
| 962 | s->rwstate = SSL_NOTHING; | ||
| 963 | return (0); | ||
| 964 | } | ||
| 965 | return (s->method->ssl_read(s, buf, num)); | ||
| 966 | } | ||
| 967 | |||
| 968 | int | ||
| 969 | SSL_peek(SSL *s, void *buf, int num) | ||
| 970 | { | ||
| 971 | if (s->handshake_func == 0) { | ||
| 972 | SSLerr(SSL_F_SSL_PEEK, | ||
| 973 | SSL_R_UNINITIALIZED); | ||
| 974 | return (-1); | ||
| 975 | } | ||
| 976 | |||
| 977 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | ||
| 978 | return (0); | ||
| 979 | } | ||
| 980 | return (s->method->ssl_peek(s, buf, num)); | ||
| 981 | } | ||
| 982 | |||
| 983 | int | ||
| 984 | SSL_write(SSL *s, const void *buf, int num) | ||
| 985 | { | ||
| 986 | if (s->handshake_func == 0) { | ||
| 987 | SSLerr(SSL_F_SSL_WRITE, | ||
| 988 | SSL_R_UNINITIALIZED); | ||
| 989 | return (-1); | ||
| 990 | } | ||
| 991 | |||
| 992 | if (s->shutdown & SSL_SENT_SHUTDOWN) { | ||
| 993 | s->rwstate = SSL_NOTHING; | ||
| 994 | SSLerr(SSL_F_SSL_WRITE, | ||
| 995 | SSL_R_PROTOCOL_IS_SHUTDOWN); | ||
| 996 | return (-1); | ||
| 997 | } | ||
| 998 | return (s->method->ssl_write(s, buf, num)); | ||
| 999 | } | ||
| 1000 | |||
| 1001 | int | ||
| 1002 | SSL_shutdown(SSL *s) | ||
| 1003 | { | ||
| 1004 | /* | ||
| 1005 | * Note that this function behaves differently from what one might | ||
| 1006 | * expect. Return values are 0 for no success (yet), | ||
| 1007 | * 1 for success; but calling it once is usually not enough, | ||
| 1008 | * even if blocking I/O is used (see ssl3_shutdown). | ||
| 1009 | */ | ||
| 1010 | |||
| 1011 | if (s->handshake_func == 0) { | ||
| 1012 | SSLerr(SSL_F_SSL_SHUTDOWN, | ||
| 1013 | SSL_R_UNINITIALIZED); | ||
| 1014 | return (-1); | ||
| 1015 | } | ||
| 1016 | |||
| 1017 | if ((s != NULL) && !SSL_in_init(s)) | ||
| 1018 | return (s->method->ssl_shutdown(s)); | ||
| 1019 | else | ||
| 1020 | return (1); | ||
| 1021 | } | ||
| 1022 | |||
| 1023 | int | ||
| 1024 | SSL_renegotiate(SSL *s) | ||
| 1025 | { | ||
| 1026 | if (s->renegotiate == 0) | ||
| 1027 | s->renegotiate = 1; | ||
| 1028 | |||
| 1029 | s->new_session = 1; | ||
| 1030 | |||
| 1031 | return (s->method->ssl_renegotiate(s)); | ||
| 1032 | } | ||
| 1033 | |||
| 1034 | int | ||
| 1035 | SSL_renegotiate_abbreviated(SSL *s) | ||
| 1036 | { | ||
| 1037 | if (s->renegotiate == 0) | ||
| 1038 | s->renegotiate = 1; | ||
| 1039 | |||
| 1040 | s->new_session = 0; | ||
| 1041 | |||
| 1042 | return (s->method->ssl_renegotiate(s)); | ||
| 1043 | } | ||
| 1044 | |||
| 1045 | int | ||
| 1046 | SSL_renegotiate_pending(SSL *s) | ||
| 1047 | { | ||
| 1048 | /* | ||
| 1049 | * Becomes true when negotiation is requested; | ||
| 1050 | * false again once a handshake has finished. | ||
| 1051 | */ | ||
| 1052 | return (s->renegotiate != 0); | ||
| 1053 | } | ||
| 1054 | |||
| 1055 | long | ||
| 1056 | SSL_ctrl(SSL *s, int cmd, long larg, void *parg) | ||
| 1057 | { | ||
| 1058 | long l; | ||
| 1059 | |||
| 1060 | switch (cmd) { | ||
| 1061 | case SSL_CTRL_GET_READ_AHEAD: | ||
| 1062 | return (s->read_ahead); | ||
| 1063 | case SSL_CTRL_SET_READ_AHEAD: | ||
| 1064 | l = s->read_ahead; | ||
| 1065 | s->read_ahead = larg; | ||
| 1066 | return (l); | ||
| 1067 | |||
| 1068 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | ||
| 1069 | s->msg_callback_arg = parg; | ||
| 1070 | return (1); | ||
| 1071 | |||
| 1072 | case SSL_CTRL_OPTIONS: | ||
| 1073 | return (s->options|=larg); | ||
| 1074 | case SSL_CTRL_CLEAR_OPTIONS: | ||
| 1075 | return (s->options&=~larg); | ||
| 1076 | case SSL_CTRL_MODE: | ||
| 1077 | return (s->mode|=larg); | ||
| 1078 | case SSL_CTRL_CLEAR_MODE: | ||
| 1079 | return (s->mode &=~larg); | ||
| 1080 | case SSL_CTRL_GET_MAX_CERT_LIST: | ||
| 1081 | return (s->max_cert_list); | ||
| 1082 | case SSL_CTRL_SET_MAX_CERT_LIST: | ||
| 1083 | l = s->max_cert_list; | ||
| 1084 | s->max_cert_list = larg; | ||
| 1085 | return (l); | ||
| 1086 | case SSL_CTRL_SET_MTU: | ||
| 1087 | #ifndef OPENSSL_NO_DTLS1 | ||
| 1088 | if (larg < (long)dtls1_min_mtu()) | ||
| 1089 | return (0); | ||
| 1090 | #endif | ||
| 1091 | if (SSL_IS_DTLS(s)) { | ||
| 1092 | s->d1->mtu = larg; | ||
| 1093 | return (larg); | ||
| 1094 | } | ||
| 1095 | return (0); | ||
| 1096 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | ||
| 1097 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | ||
| 1098 | return (0); | ||
| 1099 | s->max_send_fragment = larg; | ||
| 1100 | return (1); | ||
| 1101 | case SSL_CTRL_GET_RI_SUPPORT: | ||
| 1102 | if (s->s3) | ||
| 1103 | return (s->s3->send_connection_binding); | ||
| 1104 | else return (0); | ||
| 1105 | default: | ||
| 1106 | return (s->method->ssl_ctrl(s, cmd, larg, parg)); | ||
| 1107 | } | ||
| 1108 | } | ||
| 1109 | |||
| 1110 | long | ||
| 1111 | SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) | ||
| 1112 | { | ||
| 1113 | switch (cmd) { | ||
| 1114 | case SSL_CTRL_SET_MSG_CALLBACK: | ||
| 1115 | s->msg_callback = (void (*)(int write_p, int version, | ||
| 1116 | int content_type, const void *buf, size_t len, | ||
| 1117 | SSL *ssl, void *arg))(fp); | ||
| 1118 | return (1); | ||
| 1119 | |||
| 1120 | default: | ||
| 1121 | return (s->method->ssl_callback_ctrl(s, cmd, fp)); | ||
| 1122 | } | ||
| 1123 | } | ||
| 1124 | |||
| 1125 | LHASH_OF(SSL_SESSION) * | ||
| 1126 | SSL_CTX_sessions(SSL_CTX *ctx) | ||
| 1127 | { | ||
| 1128 | return (ctx->sessions); | ||
| 1129 | } | ||
| 1130 | |||
| 1131 | long | ||
| 1132 | SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | ||
| 1133 | { | ||
| 1134 | long l; | ||
| 1135 | |||
| 1136 | switch (cmd) { | ||
| 1137 | case SSL_CTRL_GET_READ_AHEAD: | ||
| 1138 | return (ctx->read_ahead); | ||
| 1139 | case SSL_CTRL_SET_READ_AHEAD: | ||
| 1140 | l = ctx->read_ahead; | ||
| 1141 | ctx->read_ahead = larg; | ||
| 1142 | return (l); | ||
| 1143 | |||
| 1144 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | ||
| 1145 | ctx->msg_callback_arg = parg; | ||
| 1146 | return (1); | ||
| 1147 | |||
| 1148 | case SSL_CTRL_GET_MAX_CERT_LIST: | ||
| 1149 | return (ctx->max_cert_list); | ||
| 1150 | case SSL_CTRL_SET_MAX_CERT_LIST: | ||
| 1151 | l = ctx->max_cert_list; | ||
| 1152 | ctx->max_cert_list = larg; | ||
| 1153 | return (l); | ||
| 1154 | |||
| 1155 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | ||
| 1156 | l = ctx->session_cache_size; | ||
| 1157 | ctx->session_cache_size = larg; | ||
| 1158 | return (l); | ||
| 1159 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | ||
| 1160 | return (ctx->session_cache_size); | ||
| 1161 | case SSL_CTRL_SET_SESS_CACHE_MODE: | ||
| 1162 | l = ctx->session_cache_mode; | ||
| 1163 | ctx->session_cache_mode = larg; | ||
| 1164 | return (l); | ||
| 1165 | case SSL_CTRL_GET_SESS_CACHE_MODE: | ||
| 1166 | return (ctx->session_cache_mode); | ||
| 1167 | |||
| 1168 | case SSL_CTRL_SESS_NUMBER: | ||
| 1169 | return (lh_SSL_SESSION_num_items(ctx->sessions)); | ||
| 1170 | case SSL_CTRL_SESS_CONNECT: | ||
| 1171 | return (ctx->stats.sess_connect); | ||
| 1172 | case SSL_CTRL_SESS_CONNECT_GOOD: | ||
| 1173 | return (ctx->stats.sess_connect_good); | ||
| 1174 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: | ||
| 1175 | return (ctx->stats.sess_connect_renegotiate); | ||
| 1176 | case SSL_CTRL_SESS_ACCEPT: | ||
| 1177 | return (ctx->stats.sess_accept); | ||
| 1178 | case SSL_CTRL_SESS_ACCEPT_GOOD: | ||
| 1179 | return (ctx->stats.sess_accept_good); | ||
| 1180 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: | ||
| 1181 | return (ctx->stats.sess_accept_renegotiate); | ||
| 1182 | case SSL_CTRL_SESS_HIT: | ||
| 1183 | return (ctx->stats.sess_hit); | ||
| 1184 | case SSL_CTRL_SESS_CB_HIT: | ||
| 1185 | return (ctx->stats.sess_cb_hit); | ||
| 1186 | case SSL_CTRL_SESS_MISSES: | ||
| 1187 | return (ctx->stats.sess_miss); | ||
| 1188 | case SSL_CTRL_SESS_TIMEOUTS: | ||
| 1189 | return (ctx->stats.sess_timeout); | ||
| 1190 | case SSL_CTRL_SESS_CACHE_FULL: | ||
| 1191 | return (ctx->stats.sess_cache_full); | ||
| 1192 | case SSL_CTRL_OPTIONS: | ||
| 1193 | return (ctx->options|=larg); | ||
| 1194 | case SSL_CTRL_CLEAR_OPTIONS: | ||
| 1195 | return (ctx->options&=~larg); | ||
| 1196 | case SSL_CTRL_MODE: | ||
| 1197 | return (ctx->mode|=larg); | ||
| 1198 | case SSL_CTRL_CLEAR_MODE: | ||
| 1199 | return (ctx->mode&=~larg); | ||
| 1200 | case SSL_CTRL_SET_MAX_SEND_FRAGMENT: | ||
| 1201 | if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH) | ||
| 1202 | return (0); | ||
| 1203 | ctx->max_send_fragment = larg; | ||
| 1204 | return (1); | ||
| 1205 | default: | ||
| 1206 | return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg)); | ||
| 1207 | } | ||
| 1208 | } | ||
| 1209 | |||
| 1210 | long | ||
| 1211 | SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) | ||
| 1212 | { | ||
| 1213 | switch (cmd) { | ||
| 1214 | case SSL_CTRL_SET_MSG_CALLBACK: | ||
| 1215 | ctx->msg_callback = (void (*)(int write_p, int version, | ||
| 1216 | int content_type, const void *buf, size_t len, SSL *ssl, | ||
| 1217 | void *arg))(fp); | ||
| 1218 | return (1); | ||
| 1219 | |||
| 1220 | default: | ||
| 1221 | return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp)); | ||
| 1222 | } | ||
| 1223 | } | ||
| 1224 | |||
| 1225 | int | ||
| 1226 | ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | ||
| 1227 | { | ||
| 1228 | long l; | ||
| 1229 | |||
| 1230 | l = a->id - b->id; | ||
| 1231 | if (l == 0L) | ||
| 1232 | return (0); | ||
| 1233 | else | ||
| 1234 | return ((l > 0) ? 1:-1); | ||
| 1235 | } | ||
| 1236 | |||
| 1237 | int | ||
| 1238 | ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | ||
| 1239 | const SSL_CIPHER * const *bp) | ||
| 1240 | { | ||
| 1241 | long l; | ||
| 1242 | |||
| 1243 | l = (*ap)->id - (*bp)->id; | ||
| 1244 | if (l == 0L) | ||
| 1245 | return (0); | ||
| 1246 | else | ||
| 1247 | return ((l > 0) ? 1:-1); | ||
| 1248 | } | ||
| 1249 | |||
| 1250 | /* | ||
| 1251 | * Return a STACK of the ciphers available for the SSL and in order of | ||
| 1252 | * preference. | ||
| 1253 | */ | ||
| 1254 | STACK_OF(SSL_CIPHER) * | ||
| 1255 | SSL_get_ciphers(const SSL *s) | ||
| 1256 | { | ||
| 1257 | if (s != NULL) { | ||
| 1258 | if (s->cipher_list != NULL) { | ||
| 1259 | return (s->cipher_list); | ||
| 1260 | } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) { | ||
| 1261 | return (s->ctx->cipher_list); | ||
| 1262 | } | ||
| 1263 | } | ||
| 1264 | return (NULL); | ||
| 1265 | } | ||
| 1266 | |||
| 1267 | /* | ||
| 1268 | * Return a STACK of the ciphers available for the SSL and in order of | ||
| 1269 | * algorithm id. | ||
| 1270 | */ | ||
| 1271 | STACK_OF(SSL_CIPHER) * | ||
| 1272 | ssl_get_ciphers_by_id(SSL *s) | ||
| 1273 | { | ||
| 1274 | if (s != NULL) { | ||
| 1275 | if (s->cipher_list_by_id != NULL) { | ||
| 1276 | return (s->cipher_list_by_id); | ||
| 1277 | } else if ((s->ctx != NULL) && | ||
| 1278 | (s->ctx->cipher_list_by_id != NULL)) { | ||
| 1279 | return (s->ctx->cipher_list_by_id); | ||
| 1280 | } | ||
| 1281 | } | ||
| 1282 | return (NULL); | ||
| 1283 | } | ||
| 1284 | |||
| 1285 | /* The old interface to get the same thing as SSL_get_ciphers(). */ | ||
| 1286 | const char * | ||
| 1287 | SSL_get_cipher_list(const SSL *s, int n) | ||
| 1288 | { | ||
| 1289 | SSL_CIPHER *c; | ||
| 1290 | STACK_OF(SSL_CIPHER) *sk; | ||
| 1291 | |||
| 1292 | if (s == NULL) | ||
| 1293 | return (NULL); | ||
| 1294 | sk = SSL_get_ciphers(s); | ||
| 1295 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) | ||
| 1296 | return (NULL); | ||
| 1297 | c = sk_SSL_CIPHER_value(sk, n); | ||
| 1298 | if (c == NULL) | ||
| 1299 | return (NULL); | ||
| 1300 | return (c->name); | ||
| 1301 | } | ||
| 1302 | |||
| 1303 | /* Specify the ciphers to be used by default by the SSL_CTX. */ | ||
| 1304 | int | ||
| 1305 | SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) | ||
| 1306 | { | ||
| 1307 | STACK_OF(SSL_CIPHER) *sk; | ||
| 1308 | |||
| 1309 | sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list, | ||
| 1310 | &ctx->cipher_list_by_id, str); | ||
| 1311 | /* | ||
| 1312 | * ssl_create_cipher_list may return an empty stack if it | ||
| 1313 | * was unable to find a cipher matching the given rule string | ||
| 1314 | * (for example if the rule string specifies a cipher which | ||
| 1315 | * has been disabled). This is not an error as far as | ||
| 1316 | * ssl_create_cipher_list is concerned, and hence | ||
| 1317 | * ctx->cipher_list and ctx->cipher_list_by_id has been | ||
| 1318 | * updated. | ||
| 1319 | */ | ||
| 1320 | if (sk == NULL) | ||
| 1321 | return (0); | ||
| 1322 | else if (sk_SSL_CIPHER_num(sk) == 0) { | ||
| 1323 | SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, | ||
| 1324 | SSL_R_NO_CIPHER_MATCH); | ||
| 1325 | return (0); | ||
| 1326 | } | ||
| 1327 | return (1); | ||
| 1328 | } | ||
| 1329 | |||
| 1330 | /* Specify the ciphers to be used by the SSL. */ | ||
| 1331 | int | ||
| 1332 | SSL_set_cipher_list(SSL *s, const char *str) | ||
| 1333 | { | ||
| 1334 | STACK_OF(SSL_CIPHER) *sk; | ||
| 1335 | |||
| 1336 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, | ||
| 1337 | &s->cipher_list_by_id, str); | ||
| 1338 | /* see comment in SSL_CTX_set_cipher_list */ | ||
| 1339 | if (sk == NULL) | ||
| 1340 | return (0); | ||
| 1341 | else if (sk_SSL_CIPHER_num(sk) == 0) { | ||
| 1342 | SSLerr(SSL_F_SSL_SET_CIPHER_LIST, | ||
| 1343 | SSL_R_NO_CIPHER_MATCH); | ||
| 1344 | return (0); | ||
| 1345 | } | ||
| 1346 | return (1); | ||
| 1347 | } | ||
| 1348 | |||
| 1349 | /* works well for SSLv2, not so good for SSLv3 */ | ||
| 1350 | char * | ||
| 1351 | SSL_get_shared_ciphers(const SSL *s, char *buf, int len) | ||
| 1352 | { | ||
| 1353 | char *end; | ||
| 1354 | STACK_OF(SSL_CIPHER) *sk; | ||
| 1355 | SSL_CIPHER *c; | ||
| 1356 | size_t curlen = 0; | ||
| 1357 | int i; | ||
| 1358 | |||
| 1359 | if (s->session == NULL || s->session->ciphers == NULL || len < 2) | ||
| 1360 | return (NULL); | ||
| 1361 | |||
| 1362 | sk = s->session->ciphers; | ||
| 1363 | if (sk_SSL_CIPHER_num(sk) == 0) | ||
| 1364 | return (NULL); | ||
| 1365 | |||
| 1366 | buf[0] = '\0'; | ||
| 1367 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | ||
| 1368 | c = sk_SSL_CIPHER_value(sk, i); | ||
| 1369 | end = buf + curlen; | ||
| 1370 | if (strlcat(buf, c->name, len) >= len || | ||
| 1371 | (curlen = strlcat(buf, ":", len)) >= len) { | ||
| 1372 | /* remove truncated cipher from list */ | ||
| 1373 | *end = '\0'; | ||
| 1374 | break; | ||
| 1375 | } | ||
| 1376 | } | ||
| 1377 | /* remove trailing colon */ | ||
| 1378 | if ((end = strrchr(buf, ':')) != NULL) | ||
| 1379 | *end = '\0'; | ||
| 1380 | return (buf); | ||
| 1381 | } | ||
| 1382 | |||
| 1383 | int | ||
| 1384 | ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p) | ||
| 1385 | { | ||
| 1386 | int i; | ||
| 1387 | SSL_CIPHER *c; | ||
| 1388 | unsigned char *q; | ||
| 1389 | |||
| 1390 | if (sk == NULL) | ||
| 1391 | return (0); | ||
| 1392 | q = p; | ||
| 1393 | |||
| 1394 | for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { | ||
| 1395 | c = sk_SSL_CIPHER_value(sk, i); | ||
| 1396 | |||
| 1397 | /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */ | ||
| 1398 | if ((c->algorithm_ssl & SSL_TLSV1_2) && | ||
| 1399 | (TLS1_get_client_version(s) < TLS1_2_VERSION)) | ||
| 1400 | continue; | ||
| 1401 | |||
| 1402 | s2n(ssl3_cipher_get_value(c), p); | ||
| 1403 | } | ||
| 1404 | |||
| 1405 | /* | ||
| 1406 | * If p == q, no ciphers and caller indicates an error. Otherwise | ||
| 1407 | * add SCSV if not renegotiating. | ||
| 1408 | */ | ||
| 1409 | if (p != q && !s->renegotiate) | ||
| 1410 | s2n(SSL3_CK_SCSV & SSL3_CK_VALUE_MASK, p); | ||
| 1411 | |||
| 1412 | return (p - q); | ||
| 1413 | } | ||
| 1414 | |||
| 1415 | STACK_OF(SSL_CIPHER) * | ||
| 1416 | ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, int num, | ||
| 1417 | STACK_OF(SSL_CIPHER) **skp) | ||
| 1418 | { | ||
| 1419 | const SSL_CIPHER *c; | ||
| 1420 | STACK_OF(SSL_CIPHER) *sk; | ||
| 1421 | int i; | ||
| 1422 | unsigned long cipher_id; | ||
| 1423 | uint16_t cipher_value; | ||
| 1424 | uint16_t max_version; | ||
| 1425 | |||
| 1426 | if (s->s3) | ||
| 1427 | s->s3->send_connection_binding = 0; | ||
| 1428 | |||
| 1429 | if ((num % SSL3_CIPHER_VALUE_SIZE) != 0) { | ||
| 1430 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1431 | SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); | ||
| 1432 | return (NULL); | ||
| 1433 | } | ||
| 1434 | if (skp == NULL || *skp == NULL) { | ||
| 1435 | sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ | ||
| 1436 | if (sk == NULL) | ||
| 1437 | goto err; | ||
| 1438 | } else { | ||
| 1439 | sk = *skp; | ||
| 1440 | sk_SSL_CIPHER_zero(sk); | ||
| 1441 | } | ||
| 1442 | |||
| 1443 | for (i = 0; i < num; i += SSL3_CIPHER_VALUE_SIZE) { | ||
| 1444 | n2s(p, cipher_value); | ||
| 1445 | cipher_id = SSL3_CK_ID | cipher_value; | ||
| 1446 | |||
| 1447 | if (s->s3 != NULL && cipher_id == SSL3_CK_SCSV) { | ||
| 1448 | /* | ||
| 1449 | * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if | ||
| 1450 | * renegotiating. | ||
| 1451 | */ | ||
| 1452 | if (s->renegotiate) { | ||
| 1453 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1454 | SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); | ||
| 1455 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1456 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 1457 | |||
| 1458 | goto err; | ||
| 1459 | } | ||
| 1460 | s->s3->send_connection_binding = 1; | ||
| 1461 | continue; | ||
| 1462 | } | ||
| 1463 | |||
| 1464 | if (cipher_id == SSL3_CK_FALLBACK_SCSV) { | ||
| 1465 | /* | ||
| 1466 | * TLS_FALLBACK_SCSV indicates that the client | ||
| 1467 | * previously tried a higher protocol version. | ||
| 1468 | * Fail if the current version is an unexpected | ||
| 1469 | * downgrade. | ||
| 1470 | */ | ||
| 1471 | max_version = ssl_max_server_version(s); | ||
| 1472 | if (max_version == 0 || s->version < max_version) { | ||
| 1473 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1474 | SSL_R_INAPPROPRIATE_FALLBACK); | ||
| 1475 | if (s->s3 != NULL) | ||
| 1476 | ssl3_send_alert(s, SSL3_AL_FATAL, | ||
| 1477 | SSL_AD_INAPPROPRIATE_FALLBACK); | ||
| 1478 | goto err; | ||
| 1479 | } | ||
| 1480 | continue; | ||
| 1481 | } | ||
| 1482 | |||
| 1483 | if ((c = ssl3_get_cipher_by_value(cipher_value)) != NULL) { | ||
| 1484 | if (!sk_SSL_CIPHER_push(sk, c)) { | ||
| 1485 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | ||
| 1486 | ERR_R_MALLOC_FAILURE); | ||
| 1487 | goto err; | ||
| 1488 | } | ||
| 1489 | } | ||
| 1490 | } | ||
| 1491 | |||
| 1492 | if (skp != NULL) | ||
| 1493 | *skp = sk; | ||
| 1494 | return (sk); | ||
| 1495 | |||
| 1496 | err: | ||
| 1497 | if (skp == NULL || *skp == NULL) | ||
| 1498 | sk_SSL_CIPHER_free(sk); | ||
| 1499 | return (NULL); | ||
| 1500 | } | ||
| 1501 | |||
| 1502 | |||
| 1503 | /* | ||
| 1504 | * Return a servername extension value if provided in Client Hello, or NULL. | ||
| 1505 | * So far, only host_name types are defined (RFC 3546). | ||
| 1506 | */ | ||
| 1507 | const char * | ||
| 1508 | SSL_get_servername(const SSL *s, const int type) | ||
| 1509 | { | ||
| 1510 | if (type != TLSEXT_NAMETYPE_host_name) | ||
| 1511 | return (NULL); | ||
| 1512 | |||
| 1513 | return (s->session && !s->tlsext_hostname ? | ||
| 1514 | s->session->tlsext_hostname : | ||
| 1515 | s->tlsext_hostname); | ||
| 1516 | } | ||
| 1517 | |||
| 1518 | int | ||
| 1519 | SSL_get_servername_type(const SSL *s) | ||
| 1520 | { | ||
| 1521 | if (s->session && | ||
| 1522 | (!s->tlsext_hostname ? | ||
| 1523 | s->session->tlsext_hostname : s->tlsext_hostname)) | ||
| 1524 | return (TLSEXT_NAMETYPE_host_name); | ||
| 1525 | return (-1); | ||
| 1526 | } | ||
| 1527 | |||
| 1528 | /* | ||
| 1529 | * SSL_select_next_proto implements the standard protocol selection. It is | ||
| 1530 | * expected that this function is called from the callback set by | ||
| 1531 | * SSL_CTX_set_next_proto_select_cb. | ||
| 1532 | * | ||
| 1533 | * The protocol data is assumed to be a vector of 8-bit, length prefixed byte | ||
| 1534 | * strings. The length byte itself is not included in the length. A byte | ||
| 1535 | * string of length 0 is invalid. No byte string may be truncated. | ||
| 1536 | * | ||
| 1537 | * The current, but experimental algorithm for selecting the protocol is: | ||
| 1538 | * | ||
| 1539 | * 1) If the server doesn't support NPN then this is indicated to the | ||
| 1540 | * callback. In this case, the client application has to abort the connection | ||
| 1541 | * or have a default application level protocol. | ||
| 1542 | * | ||
| 1543 | * 2) If the server supports NPN, but advertises an empty list then the | ||
| 1544 | * client selects the first protcol in its list, but indicates via the | ||
| 1545 | * API that this fallback case was enacted. | ||
| 1546 | * | ||
| 1547 | * 3) Otherwise, the client finds the first protocol in the server's list | ||
| 1548 | * that it supports and selects this protocol. This is because it's | ||
| 1549 | * assumed that the server has better information about which protocol | ||
| 1550 | * a client should use. | ||
| 1551 | * | ||
| 1552 | * 4) If the client doesn't support any of the server's advertised | ||
| 1553 | * protocols, then this is treated the same as case 2. | ||
| 1554 | * | ||
| 1555 | * It returns either | ||
| 1556 | * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or | ||
| 1557 | * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. | ||
| 1558 | */ | ||
| 1559 | int | ||
| 1560 | SSL_select_next_proto(unsigned char **out, unsigned char *outlen, | ||
| 1561 | const unsigned char *server, unsigned int server_len, | ||
| 1562 | const unsigned char *client, unsigned int client_len) | ||
| 1563 | { | ||
| 1564 | unsigned int i, j; | ||
| 1565 | const unsigned char *result; | ||
| 1566 | int status = OPENSSL_NPN_UNSUPPORTED; | ||
| 1567 | |||
| 1568 | /* | ||
| 1569 | * For each protocol in server preference order, | ||
| 1570 | * see if we support it. | ||
| 1571 | */ | ||
| 1572 | for (i = 0; i < server_len; ) { | ||
| 1573 | for (j = 0; j < client_len; ) { | ||
| 1574 | if (server[i] == client[j] && | ||
| 1575 | memcmp(&server[i + 1], | ||
| 1576 | &client[j + 1], server[i]) == 0) { | ||
| 1577 | /* We found a match */ | ||
| 1578 | result = &server[i]; | ||
| 1579 | status = OPENSSL_NPN_NEGOTIATED; | ||
| 1580 | goto found; | ||
| 1581 | } | ||
| 1582 | j += client[j]; | ||
| 1583 | j++; | ||
| 1584 | } | ||
| 1585 | i += server[i]; | ||
| 1586 | i++; | ||
| 1587 | } | ||
| 1588 | |||
| 1589 | /* There's no overlap between our protocols and the server's list. */ | ||
| 1590 | result = client; | ||
| 1591 | status = OPENSSL_NPN_NO_OVERLAP; | ||
| 1592 | |||
| 1593 | found: | ||
| 1594 | *out = (unsigned char *) result + 1; | ||
| 1595 | *outlen = result[0]; | ||
| 1596 | return (status); | ||
| 1597 | } | ||
| 1598 | |||
| 1599 | /* | ||
| 1600 | * SSL_get0_next_proto_negotiated sets *data and *len to point to the client's | ||
| 1601 | * requested protocol for this connection and returns 0. If the client didn't | ||
| 1602 | * request any protocol, then *data is set to NULL. | ||
| 1603 | * | ||
| 1604 | * Note that the client can request any protocol it chooses. The value returned | ||
| 1605 | * from this function need not be a member of the list of supported protocols | ||
| 1606 | * provided by the callback. | ||
| 1607 | */ | ||
| 1608 | void | ||
| 1609 | SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, | ||
| 1610 | unsigned *len) | ||
| 1611 | { | ||
| 1612 | *data = s->next_proto_negotiated; | ||
| 1613 | if (!*data) { | ||
| 1614 | *len = 0; | ||
| 1615 | } else { | ||
| 1616 | *len = s->next_proto_negotiated_len; | ||
| 1617 | } | ||
| 1618 | } | ||
| 1619 | |||
| 1620 | /* | ||
| 1621 | * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a | ||
| 1622 | * TLS server needs a list of supported protocols for Next Protocol | ||
| 1623 | * Negotiation. The returned list must be in wire format. The list is returned | ||
| 1624 | * by setting |out| to point to it and |outlen| to its length. This memory will | ||
| 1625 | * not be modified, but one should assume that the SSL* keeps a reference to | ||
| 1626 | * it. | ||
| 1627 | * | ||
| 1628 | * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. | ||
| 1629 | * Otherwise, no such extension will be included in the ServerHello. | ||
| 1630 | */ | ||
| 1631 | void | ||
| 1632 | SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, | ||
| 1633 | const unsigned char **out, unsigned int *outlen, void *arg), void *arg) | ||
| 1634 | { | ||
| 1635 | ctx->next_protos_advertised_cb = cb; | ||
| 1636 | ctx->next_protos_advertised_cb_arg = arg; | ||
| 1637 | } | ||
| 1638 | |||
| 1639 | /* | ||
| 1640 | * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a | ||
| 1641 | * client needs to select a protocol from the server's provided list. |out| | ||
| 1642 | * must be set to point to the selected protocol (which may be within |in|). | ||
| 1643 | * The length of the protocol name must be written into |outlen|. The server's | ||
| 1644 | * advertised protocols are provided in |in| and |inlen|. The callback can | ||
| 1645 | * assume that |in| is syntactically valid. | ||
| 1646 | * | ||
| 1647 | * The client must select a protocol. It is fatal to the connection if this | ||
| 1648 | * callback returns a value other than SSL_TLSEXT_ERR_OK. | ||
| 1649 | */ | ||
| 1650 | void | ||
| 1651 | SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, | ||
| 1652 | unsigned char **out, unsigned char *outlen, const unsigned char *in, | ||
| 1653 | unsigned int inlen, void *arg), void *arg) | ||
| 1654 | { | ||
| 1655 | ctx->next_proto_select_cb = cb; | ||
| 1656 | ctx->next_proto_select_cb_arg = arg; | ||
| 1657 | } | ||
| 1658 | |||
| 1659 | /* | ||
| 1660 | * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified | ||
| 1661 | * protocols, which must be in wire-format (i.e. a series of non-empty, | ||
| 1662 | * 8-bit length-prefixed strings). Returns 0 on success. | ||
| 1663 | */ | ||
| 1664 | int | ||
| 1665 | SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, | ||
| 1666 | unsigned int protos_len) | ||
| 1667 | { | ||
| 1668 | free(ctx->alpn_client_proto_list); | ||
| 1669 | if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL) | ||
| 1670 | return (1); | ||
| 1671 | memcpy(ctx->alpn_client_proto_list, protos, protos_len); | ||
| 1672 | ctx->alpn_client_proto_list_len = protos_len; | ||
| 1673 | |||
| 1674 | return (0); | ||
| 1675 | } | ||
| 1676 | |||
| 1677 | /* | ||
| 1678 | * SSL_set_alpn_protos sets the ALPN protocol list to the specified | ||
| 1679 | * protocols, which must be in wire-format (i.e. a series of non-empty, | ||
| 1680 | * 8-bit length-prefixed strings). Returns 0 on success. | ||
| 1681 | */ | ||
| 1682 | int | ||
| 1683 | SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos, | ||
| 1684 | unsigned int protos_len) | ||
| 1685 | { | ||
| 1686 | free(ssl->alpn_client_proto_list); | ||
| 1687 | if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL) | ||
| 1688 | return (1); | ||
| 1689 | memcpy(ssl->alpn_client_proto_list, protos, protos_len); | ||
| 1690 | ssl->alpn_client_proto_list_len = protos_len; | ||
| 1691 | |||
| 1692 | return (0); | ||
| 1693 | } | ||
| 1694 | |||
| 1695 | /* | ||
| 1696 | * SSL_CTX_set_alpn_select_cb sets a callback function that is called during | ||
| 1697 | * ClientHello processing in order to select an ALPN protocol from the | ||
| 1698 | * client's list of offered protocols. | ||
| 1699 | */ | ||
| 1700 | void | ||
| 1701 | SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx, | ||
| 1702 | int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen, | ||
| 1703 | const unsigned char *in, unsigned int inlen, void *arg), void *arg) | ||
| 1704 | { | ||
| 1705 | ctx->alpn_select_cb = cb; | ||
| 1706 | ctx->alpn_select_cb_arg = arg; | ||
| 1707 | } | ||
| 1708 | |||
| 1709 | /* | ||
| 1710 | * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return | ||
| 1711 | * it sets data to point to len bytes of protocol name (not including the | ||
| 1712 | * leading length-prefix byte). If the server didn't respond with* a negotiated | ||
| 1713 | * protocol then len will be zero. | ||
| 1714 | */ | ||
| 1715 | void | ||
| 1716 | SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, | ||
| 1717 | unsigned *len) | ||
| 1718 | { | ||
| 1719 | *data = NULL; | ||
| 1720 | *len = 0; | ||
| 1721 | |||
| 1722 | if (ssl->s3 != NULL) { | ||
| 1723 | *data = ssl->s3->alpn_selected; | ||
| 1724 | *len = ssl->s3->alpn_selected_len; | ||
| 1725 | } | ||
| 1726 | } | ||
| 1727 | |||
| 1728 | int | ||
| 1729 | SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | ||
| 1730 | const char *label, size_t llen, const unsigned char *p, size_t plen, | ||
| 1731 | int use_context) | ||
| 1732 | { | ||
| 1733 | if (s->version < TLS1_VERSION) | ||
| 1734 | return (-1); | ||
| 1735 | |||
| 1736 | return (s->method->ssl3_enc->export_keying_material(s, out, olen, | ||
| 1737 | label, llen, p, plen, use_context)); | ||
| 1738 | } | ||
| 1739 | |||
| 1740 | static unsigned long | ||
| 1741 | ssl_session_hash(const SSL_SESSION *a) | ||
| 1742 | { | ||
| 1743 | unsigned long l; | ||
| 1744 | |||
| 1745 | l = (unsigned long) | ||
| 1746 | ((unsigned int) a->session_id[0] )| | ||
| 1747 | ((unsigned int) a->session_id[1]<< 8L)| | ||
| 1748 | ((unsigned long)a->session_id[2]<<16L)| | ||
| 1749 | ((unsigned long)a->session_id[3]<<24L); | ||
| 1750 | return (l); | ||
| 1751 | } | ||
| 1752 | |||
| 1753 | /* | ||
| 1754 | * NB: If this function (or indeed the hash function which uses a sort of | ||
| 1755 | * coarser function than this one) is changed, ensure | ||
| 1756 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being | ||
| 1757 | * able to construct an SSL_SESSION that will collide with any existing session | ||
| 1758 | * with a matching session ID. | ||
| 1759 | */ | ||
| 1760 | static int | ||
| 1761 | ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) | ||
| 1762 | { | ||
| 1763 | if (a->ssl_version != b->ssl_version) | ||
| 1764 | return (1); | ||
| 1765 | if (a->session_id_length != b->session_id_length) | ||
| 1766 | return (1); | ||
| 1767 | if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0) | ||
| 1768 | return (1); | ||
| 1769 | return (0); | ||
| 1770 | } | ||
| 1771 | |||
| 1772 | /* | ||
| 1773 | * These wrapper functions should remain rather than redeclaring | ||
| 1774 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each | ||
| 1775 | * variable. The reason is that the functions aren't static, they're exposed via | ||
| 1776 | * ssl.h. | ||
| 1777 | */ | ||
| 1778 | static | ||
| 1779 | IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION) | ||
| 1780 | static | ||
| 1781 | IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION) | ||
| 1782 | |||
| 1783 | SSL_CTX * | ||
| 1784 | SSL_CTX_new(const SSL_METHOD *meth) | ||
| 1785 | { | ||
| 1786 | SSL_CTX *ret = NULL; | ||
| 1787 | |||
| 1788 | if (meth == NULL) { | ||
| 1789 | SSLerr(SSL_F_SSL_CTX_NEW, | ||
| 1790 | SSL_R_NULL_SSL_METHOD_PASSED); | ||
| 1791 | return (NULL); | ||
| 1792 | } | ||
| 1793 | |||
| 1794 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) { | ||
| 1795 | SSLerr(SSL_F_SSL_CTX_NEW, | ||
| 1796 | SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | ||
| 1797 | goto err; | ||
| 1798 | } | ||
| 1799 | ret = calloc(1, sizeof(SSL_CTX)); | ||
| 1800 | if (ret == NULL) | ||
| 1801 | goto err; | ||
| 1802 | |||
| 1803 | ret->method = meth; | ||
| 1804 | |||
| 1805 | ret->cert_store = NULL; | ||
| 1806 | ret->session_cache_mode = SSL_SESS_CACHE_SERVER; | ||
| 1807 | ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; | ||
| 1808 | ret->session_cache_head = NULL; | ||
| 1809 | ret->session_cache_tail = NULL; | ||
| 1810 | |||
| 1811 | /* We take the system default */ | ||
| 1812 | ret->session_timeout = meth->get_timeout(); | ||
| 1813 | |||
| 1814 | ret->new_session_cb = 0; | ||
| 1815 | ret->remove_session_cb = 0; | ||
| 1816 | ret->get_session_cb = 0; | ||
| 1817 | ret->generate_session_id = 0; | ||
| 1818 | |||
| 1819 | memset((char *)&ret->stats, 0, sizeof(ret->stats)); | ||
| 1820 | |||
| 1821 | ret->references = 1; | ||
| 1822 | ret->quiet_shutdown = 0; | ||
| 1823 | |||
| 1824 | ret->info_callback = NULL; | ||
| 1825 | |||
| 1826 | ret->app_verify_callback = 0; | ||
| 1827 | ret->app_verify_arg = NULL; | ||
| 1828 | |||
| 1829 | ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; | ||
| 1830 | ret->read_ahead = 0; | ||
| 1831 | ret->msg_callback = 0; | ||
| 1832 | ret->msg_callback_arg = NULL; | ||
| 1833 | ret->verify_mode = SSL_VERIFY_NONE; | ||
| 1834 | ret->sid_ctx_length = 0; | ||
| 1835 | ret->default_verify_callback = NULL; | ||
| 1836 | if ((ret->cert = ssl_cert_new()) == NULL) | ||
| 1837 | goto err; | ||
| 1838 | |||
| 1839 | ret->default_passwd_callback = 0; | ||
| 1840 | ret->default_passwd_callback_userdata = NULL; | ||
| 1841 | ret->client_cert_cb = 0; | ||
| 1842 | ret->app_gen_cookie_cb = 0; | ||
| 1843 | ret->app_verify_cookie_cb = 0; | ||
| 1844 | |||
| 1845 | ret->sessions = lh_SSL_SESSION_new(); | ||
| 1846 | if (ret->sessions == NULL) | ||
| 1847 | goto err; | ||
| 1848 | ret->cert_store = X509_STORE_new(); | ||
| 1849 | if (ret->cert_store == NULL) | ||
| 1850 | goto err; | ||
| 1851 | |||
| 1852 | ssl_create_cipher_list(ret->method, &ret->cipher_list, | ||
| 1853 | &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST); | ||
| 1854 | if (ret->cipher_list == NULL || | ||
| 1855 | sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { | ||
| 1856 | SSLerr(SSL_F_SSL_CTX_NEW, | ||
| 1857 | SSL_R_LIBRARY_HAS_NO_CIPHERS); | ||
| 1858 | goto err2; | ||
| 1859 | } | ||
| 1860 | |||
| 1861 | ret->param = X509_VERIFY_PARAM_new(); | ||
| 1862 | if (!ret->param) | ||
| 1863 | goto err; | ||
| 1864 | |||
| 1865 | if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { | ||
| 1866 | SSLerr(SSL_F_SSL_CTX_NEW, | ||
| 1867 | SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); | ||
| 1868 | goto err2; | ||
| 1869 | } | ||
| 1870 | if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) { | ||
| 1871 | SSLerr(SSL_F_SSL_CTX_NEW, | ||
| 1872 | SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES); | ||
| 1873 | goto err2; | ||
| 1874 | } | ||
| 1875 | |||
| 1876 | if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) | ||
| 1877 | goto err; | ||
| 1878 | |||
| 1879 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); | ||
| 1880 | |||
| 1881 | ret->extra_certs = NULL; | ||
| 1882 | |||
| 1883 | ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; | ||
| 1884 | |||
| 1885 | ret->tlsext_servername_callback = 0; | ||
| 1886 | ret->tlsext_servername_arg = NULL; | ||
| 1887 | |||
| 1888 | /* Setup RFC4507 ticket keys */ | ||
| 1889 | arc4random_buf(ret->tlsext_tick_key_name, 16); | ||
| 1890 | arc4random_buf(ret->tlsext_tick_hmac_key, 16); | ||
| 1891 | arc4random_buf(ret->tlsext_tick_aes_key, 16); | ||
| 1892 | |||
| 1893 | ret->tlsext_status_cb = 0; | ||
| 1894 | ret->tlsext_status_arg = NULL; | ||
| 1895 | |||
| 1896 | ret->next_protos_advertised_cb = 0; | ||
| 1897 | ret->next_proto_select_cb = 0; | ||
| 1898 | #ifndef OPENSSL_NO_ENGINE | ||
| 1899 | ret->client_cert_engine = NULL; | ||
| 1900 | #ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO | ||
| 1901 | #define eng_strx(x) #x | ||
| 1902 | #define eng_str(x) eng_strx(x) | ||
| 1903 | /* Use specific client engine automatically... ignore errors */ | ||
| 1904 | { | ||
| 1905 | ENGINE *eng; | ||
| 1906 | eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1907 | if (!eng) { | ||
| 1908 | ERR_clear_error(); | ||
| 1909 | ENGINE_load_builtin_engines(); | ||
| 1910 | eng = ENGINE_by_id(eng_str( | ||
| 1911 | OPENSSL_SSL_CLIENT_ENGINE_AUTO)); | ||
| 1912 | } | ||
| 1913 | if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) | ||
| 1914 | ERR_clear_error(); | ||
| 1915 | } | ||
| 1916 | #endif | ||
| 1917 | #endif | ||
| 1918 | /* | ||
| 1919 | * Default is to connect to non-RI servers. When RI is more widely | ||
| 1920 | * deployed might change this. | ||
| 1921 | */ | ||
| 1922 | ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; | ||
| 1923 | |||
| 1924 | /* Disable SSLv3 by default. */ | ||
| 1925 | ret->options |= SSL_OP_NO_SSLv3; | ||
| 1926 | |||
| 1927 | return (ret); | ||
| 1928 | err: | ||
| 1929 | SSLerr(SSL_F_SSL_CTX_NEW, | ||
| 1930 | ERR_R_MALLOC_FAILURE); | ||
| 1931 | err2: | ||
| 1932 | SSL_CTX_free(ret); | ||
| 1933 | return (NULL); | ||
| 1934 | } | ||
| 1935 | |||
| 1936 | void | ||
| 1937 | SSL_CTX_free(SSL_CTX *a) | ||
| 1938 | { | ||
| 1939 | int i; | ||
| 1940 | |||
| 1941 | if (a == NULL) | ||
| 1942 | return; | ||
| 1943 | |||
| 1944 | i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX); | ||
| 1945 | if (i > 0) | ||
| 1946 | return; | ||
| 1947 | |||
| 1948 | if (a->param) | ||
| 1949 | X509_VERIFY_PARAM_free(a->param); | ||
| 1950 | |||
| 1951 | /* | ||
| 1952 | * Free internal session cache. However: the remove_cb() may reference | ||
| 1953 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed | ||
| 1954 | * after the sessions were flushed. | ||
| 1955 | * As the ex_data handling routines might also touch the session cache, | ||
| 1956 | * the most secure solution seems to be: empty (flush) the cache, then | ||
| 1957 | * free ex_data, then finally free the cache. | ||
| 1958 | * (See ticket [openssl.org #212].) | ||
| 1959 | */ | ||
| 1960 | if (a->sessions != NULL) | ||
| 1961 | SSL_CTX_flush_sessions(a, 0); | ||
| 1962 | |||
| 1963 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
| 1964 | |||
| 1965 | if (a->sessions != NULL) | ||
| 1966 | lh_SSL_SESSION_free(a->sessions); | ||
| 1967 | |||
| 1968 | if (a->cert_store != NULL) | ||
| 1969 | X509_STORE_free(a->cert_store); | ||
| 1970 | if (a->cipher_list != NULL) | ||
| 1971 | sk_SSL_CIPHER_free(a->cipher_list); | ||
| 1972 | if (a->cipher_list_by_id != NULL) | ||
| 1973 | sk_SSL_CIPHER_free(a->cipher_list_by_id); | ||
| 1974 | if (a->cert != NULL) | ||
| 1975 | ssl_cert_free(a->cert); | ||
| 1976 | if (a->client_CA != NULL) | ||
| 1977 | sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); | ||
| 1978 | if (a->extra_certs != NULL) | ||
| 1979 | sk_X509_pop_free(a->extra_certs, X509_free); | ||
| 1980 | |||
| 1981 | #ifndef OPENSSL_NO_SRTP | ||
| 1982 | if (a->srtp_profiles) | ||
| 1983 | sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); | ||
| 1984 | #endif | ||
| 1985 | |||
| 1986 | #ifndef OPENSSL_NO_ENGINE | ||
| 1987 | if (a->client_cert_engine) | ||
| 1988 | ENGINE_finish(a->client_cert_engine); | ||
| 1989 | #endif | ||
| 1990 | |||
| 1991 | free(a->alpn_client_proto_list); | ||
| 1992 | |||
| 1993 | free(a); | ||
| 1994 | } | ||
| 1995 | |||
| 1996 | void | ||
| 1997 | SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) | ||
| 1998 | { | ||
| 1999 | ctx->default_passwd_callback = cb; | ||
| 2000 | } | ||
| 2001 | |||
| 2002 | void | ||
| 2003 | SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) | ||
| 2004 | { | ||
| 2005 | ctx->default_passwd_callback_userdata = u; | ||
| 2006 | } | ||
| 2007 | |||
| 2008 | void | ||
| 2009 | SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, | ||
| 2010 | void *), void *arg) | ||
| 2011 | { | ||
| 2012 | ctx->app_verify_callback = cb; | ||
| 2013 | ctx->app_verify_arg = arg; | ||
| 2014 | } | ||
| 2015 | |||
| 2016 | void | ||
| 2017 | SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *)) | ||
| 2018 | { | ||
| 2019 | ctx->verify_mode = mode; | ||
| 2020 | ctx->default_verify_callback = cb; | ||
| 2021 | } | ||
| 2022 | |||
| 2023 | void | ||
| 2024 | SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) | ||
| 2025 | { | ||
| 2026 | X509_VERIFY_PARAM_set_depth(ctx->param, depth); | ||
| 2027 | } | ||
| 2028 | |||
| 2029 | void | ||
| 2030 | ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) | ||
| 2031 | { | ||
| 2032 | CERT_PKEY *cpk; | ||
| 2033 | int rsa_enc, rsa_sign, dh_tmp, dsa_sign; | ||
| 2034 | unsigned long mask_k, mask_a; | ||
| 2035 | int have_ecc_cert, ecdh_ok, ecdsa_ok; | ||
| 2036 | int have_ecdh_tmp; | ||
| 2037 | X509 *x = NULL; | ||
| 2038 | EVP_PKEY *ecc_pkey = NULL; | ||
| 2039 | int signature_nid = 0, pk_nid = 0, md_nid = 0; | ||
| 2040 | |||
| 2041 | if (c == NULL) | ||
| 2042 | return; | ||
| 2043 | |||
| 2044 | dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || | ||
| 2045 | c->dh_tmp_auto != 0); | ||
| 2046 | |||
| 2047 | have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL || | ||
| 2048 | c->ecdh_tmp_auto != 0); | ||
| 2049 | cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); | ||
| 2050 | rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
| 2051 | cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); | ||
| 2052 | rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
| 2053 | cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); | ||
| 2054 | dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
| 2055 | /* FIX THIS EAY EAY EAY */ | ||
| 2056 | cpk = &(c->pkeys[SSL_PKEY_ECC]); | ||
| 2057 | have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); | ||
| 2058 | mask_k = 0; | ||
| 2059 | mask_a = 0; | ||
| 2060 | |||
| 2061 | cpk = &(c->pkeys[SSL_PKEY_GOST01]); | ||
| 2062 | if (cpk->x509 != NULL && cpk->privatekey !=NULL) { | ||
| 2063 | mask_k |= SSL_kGOST; | ||
| 2064 | mask_a |= SSL_aGOST01; | ||
| 2065 | } | ||
| 2066 | |||
| 2067 | if (rsa_enc) | ||
| 2068 | mask_k|=SSL_kRSA; | ||
| 2069 | |||
| 2070 | if (dh_tmp) | ||
| 2071 | mask_k|=SSL_kDHE; | ||
| 2072 | |||
| 2073 | if (rsa_enc || rsa_sign) | ||
| 2074 | mask_a|=SSL_aRSA; | ||
| 2075 | |||
| 2076 | if (dsa_sign) | ||
| 2077 | mask_a|=SSL_aDSS; | ||
| 2078 | |||
| 2079 | mask_a|=SSL_aNULL; | ||
| 2080 | |||
| 2081 | /* | ||
| 2082 | * An ECC certificate may be usable for ECDH and/or | ||
| 2083 | * ECDSA cipher suites depending on the key usage extension. | ||
| 2084 | */ | ||
| 2085 | if (have_ecc_cert) { | ||
| 2086 | /* This call populates extension flags (ex_flags) */ | ||
| 2087 | x = (c->pkeys[SSL_PKEY_ECC]).x509; | ||
| 2088 | X509_check_purpose(x, -1, 0); | ||
| 2089 | ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
| 2090 | (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; | ||
| 2091 | ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? | ||
| 2092 | (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; | ||
| 2093 | ecc_pkey = X509_get_pubkey(x); | ||
| 2094 | EVP_PKEY_free(ecc_pkey); | ||
| 2095 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { | ||
| 2096 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
| 2097 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | ||
| 2098 | } | ||
| 2099 | if (ecdh_ok) { | ||
| 2100 | if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { | ||
| 2101 | mask_k|=SSL_kECDHr; | ||
| 2102 | mask_a|=SSL_aECDH; | ||
| 2103 | } | ||
| 2104 | if (pk_nid == NID_X9_62_id_ecPublicKey) { | ||
| 2105 | mask_k|=SSL_kECDHe; | ||
| 2106 | mask_a|=SSL_aECDH; | ||
| 2107 | } | ||
| 2108 | } | ||
| 2109 | if (ecdsa_ok) | ||
| 2110 | mask_a|=SSL_aECDSA; | ||
| 2111 | } | ||
| 2112 | |||
| 2113 | if (have_ecdh_tmp) { | ||
| 2114 | mask_k|=SSL_kECDHE; | ||
| 2115 | } | ||
| 2116 | |||
| 2117 | |||
| 2118 | c->mask_k = mask_k; | ||
| 2119 | c->mask_a = mask_a; | ||
| 2120 | c->valid = 1; | ||
| 2121 | } | ||
| 2122 | |||
| 2123 | /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ | ||
| 2124 | #define ku_reject(x, usage) \ | ||
| 2125 | (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) | ||
| 2126 | |||
| 2127 | |||
| 2128 | int | ||
| 2129 | ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) | ||
| 2130 | { | ||
| 2131 | unsigned long alg_k, alg_a; | ||
| 2132 | int signature_nid = 0, md_nid = 0, pk_nid = 0; | ||
| 2133 | const SSL_CIPHER *cs = s->s3->tmp.new_cipher; | ||
| 2134 | |||
| 2135 | alg_k = cs->algorithm_mkey; | ||
| 2136 | alg_a = cs->algorithm_auth; | ||
| 2137 | |||
| 2138 | /* This call populates the ex_flags field correctly */ | ||
| 2139 | X509_check_purpose(x, -1, 0); | ||
| 2140 | if ((x->sig_alg) && (x->sig_alg->algorithm)) { | ||
| 2141 | signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); | ||
| 2142 | OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); | ||
| 2143 | } | ||
| 2144 | if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { | ||
| 2145 | /* key usage, if present, must allow key agreement */ | ||
| 2146 | if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) { | ||
| 2147 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, | ||
| 2148 | SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT); | ||
| 2149 | return (0); | ||
| 2150 | } | ||
| 2151 | if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < | ||
| 2152 | TLS1_2_VERSION) { | ||
| 2153 | /* signature alg must be ECDSA */ | ||
| 2154 | if (pk_nid != NID_X9_62_id_ecPublicKey) { | ||
| 2155 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, | ||
| 2156 | SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE); | ||
| 2157 | return (0); | ||
| 2158 | } | ||
| 2159 | } | ||
| 2160 | if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < | ||
| 2161 | TLS1_2_VERSION) { | ||
| 2162 | /* signature alg must be RSA */ | ||
| 2163 | if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) { | ||
| 2164 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, | ||
| 2165 | SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE); | ||
| 2166 | return (0); | ||
| 2167 | } | ||
| 2168 | } | ||
| 2169 | } | ||
| 2170 | if (alg_a & SSL_aECDSA) { | ||
| 2171 | /* key usage, if present, must allow signing */ | ||
| 2172 | if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) { | ||
| 2173 | SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, | ||
| 2174 | SSL_R_ECC_CERT_NOT_FOR_SIGNING); | ||
| 2175 | return (0); | ||
| 2176 | } | ||
| 2177 | } | ||
| 2178 | |||
| 2179 | return (1); | ||
| 2180 | /* all checks are ok */ | ||
| 2181 | } | ||
| 2182 | |||
| 2183 | |||
| 2184 | /* THIS NEEDS CLEANING UP */ | ||
| 2185 | CERT_PKEY * | ||
| 2186 | ssl_get_server_send_pkey(const SSL *s) | ||
| 2187 | { | ||
| 2188 | unsigned long alg_k, alg_a; | ||
| 2189 | CERT *c; | ||
| 2190 | int i; | ||
| 2191 | |||
| 2192 | c = s->cert; | ||
| 2193 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); | ||
| 2194 | |||
| 2195 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 2196 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 2197 | |||
| 2198 | if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { | ||
| 2199 | /* | ||
| 2200 | * We don't need to look at SSL_kECDHE | ||
| 2201 | * since no certificate is needed for | ||
| 2202 | * anon ECDH and for authenticated | ||
| 2203 | * ECDHE, the check for the auth | ||
| 2204 | * algorithm will set i correctly | ||
| 2205 | * NOTE: For ECDH-RSA, we need an ECC | ||
| 2206 | * not an RSA cert but for EECDH-RSA | ||
| 2207 | * we need an RSA cert. Placing the | ||
| 2208 | * checks for SSL_kECDH before RSA | ||
| 2209 | * checks ensures the correct cert is chosen. | ||
| 2210 | */ | ||
| 2211 | i = SSL_PKEY_ECC; | ||
| 2212 | } else if (alg_a & SSL_aECDSA) { | ||
| 2213 | i = SSL_PKEY_ECC; | ||
| 2214 | } else if (alg_a & SSL_aDSS) { | ||
| 2215 | i = SSL_PKEY_DSA_SIGN; | ||
| 2216 | } else if (alg_a & SSL_aRSA) { | ||
| 2217 | if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) | ||
| 2218 | i = SSL_PKEY_RSA_SIGN; | ||
| 2219 | else | ||
| 2220 | i = SSL_PKEY_RSA_ENC; | ||
| 2221 | } else if (alg_a & SSL_aGOST01) { | ||
| 2222 | i = SSL_PKEY_GOST01; | ||
| 2223 | } else { /* if (alg_a & SSL_aNULL) */ | ||
| 2224 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR); | ||
| 2225 | return (NULL); | ||
| 2226 | } | ||
| 2227 | |||
| 2228 | return (c->pkeys + i); | ||
| 2229 | } | ||
| 2230 | |||
| 2231 | X509 * | ||
| 2232 | ssl_get_server_send_cert(const SSL *s) | ||
| 2233 | { | ||
| 2234 | CERT_PKEY *cpk; | ||
| 2235 | |||
| 2236 | cpk = ssl_get_server_send_pkey(s); | ||
| 2237 | if (!cpk) | ||
| 2238 | return (NULL); | ||
| 2239 | return (cpk->x509); | ||
| 2240 | } | ||
| 2241 | |||
| 2242 | EVP_PKEY * | ||
| 2243 | ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd) | ||
| 2244 | { | ||
| 2245 | unsigned long alg_a; | ||
| 2246 | CERT *c; | ||
| 2247 | int idx = -1; | ||
| 2248 | |||
| 2249 | alg_a = cipher->algorithm_auth; | ||
| 2250 | c = s->cert; | ||
| 2251 | |||
| 2252 | if ((alg_a & SSL_aDSS) && | ||
| 2253 | (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) | ||
| 2254 | idx = SSL_PKEY_DSA_SIGN; | ||
| 2255 | else if (alg_a & SSL_aRSA) { | ||
| 2256 | if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) | ||
| 2257 | idx = SSL_PKEY_RSA_SIGN; | ||
| 2258 | else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL) | ||
| 2259 | idx = SSL_PKEY_RSA_ENC; | ||
| 2260 | } else if ((alg_a & SSL_aECDSA) && | ||
| 2261 | (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) | ||
| 2262 | idx = SSL_PKEY_ECC; | ||
| 2263 | if (idx == -1) { | ||
| 2264 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR); | ||
| 2265 | return (NULL); | ||
| 2266 | } | ||
| 2267 | if (pmd) | ||
| 2268 | *pmd = c->pkeys[idx].digest; | ||
| 2269 | return (c->pkeys[idx].privatekey); | ||
| 2270 | } | ||
| 2271 | |||
| 2272 | DH * | ||
| 2273 | ssl_get_auto_dh(SSL *s) | ||
| 2274 | { | ||
| 2275 | CERT_PKEY *cpk; | ||
| 2276 | int keylen; | ||
| 2277 | DH *dhp; | ||
| 2278 | |||
| 2279 | if (s->cert->dh_tmp_auto == 2) { | ||
| 2280 | keylen = 1024; | ||
| 2281 | } else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) { | ||
| 2282 | keylen = 1024; | ||
| 2283 | if (s->s3->tmp.new_cipher->strength_bits == 256) | ||
| 2284 | keylen = 3072; | ||
| 2285 | } else { | ||
| 2286 | if ((cpk = ssl_get_server_send_pkey(s)) == NULL) | ||
| 2287 | return (NULL); | ||
| 2288 | if (cpk->privatekey == NULL || cpk->privatekey->pkey.dh == NULL) | ||
| 2289 | return (NULL); | ||
| 2290 | keylen = EVP_PKEY_bits(cpk->privatekey); | ||
| 2291 | } | ||
| 2292 | |||
| 2293 | if ((dhp = DH_new()) == NULL) | ||
| 2294 | return (NULL); | ||
| 2295 | |||
| 2296 | dhp->g = BN_new(); | ||
| 2297 | if (dhp->g != NULL) | ||
| 2298 | BN_set_word(dhp->g, 2); | ||
| 2299 | |||
| 2300 | if (keylen >= 8192) | ||
| 2301 | dhp->p = get_rfc3526_prime_8192(NULL); | ||
| 2302 | else if (keylen >= 4096) | ||
| 2303 | dhp->p = get_rfc3526_prime_4096(NULL); | ||
| 2304 | else if (keylen >= 3072) | ||
| 2305 | dhp->p = get_rfc3526_prime_3072(NULL); | ||
| 2306 | else if (keylen >= 2048) | ||
| 2307 | dhp->p = get_rfc3526_prime_2048(NULL); | ||
| 2308 | else if (keylen >= 1536) | ||
| 2309 | dhp->p = get_rfc3526_prime_1536(NULL); | ||
| 2310 | else | ||
| 2311 | dhp->p = get_rfc2409_prime_1024(NULL); | ||
| 2312 | |||
| 2313 | if (dhp->p == NULL || dhp->g == NULL) { | ||
| 2314 | DH_free(dhp); | ||
| 2315 | return (NULL); | ||
| 2316 | } | ||
| 2317 | return (dhp); | ||
| 2318 | } | ||
| 2319 | |||
| 2320 | void | ||
| 2321 | ssl_update_cache(SSL *s, int mode) | ||
| 2322 | { | ||
| 2323 | int i; | ||
| 2324 | |||
| 2325 | /* | ||
| 2326 | * If the session_id_length is 0, we are not supposed to cache it, | ||
| 2327 | * and it would be rather hard to do anyway :-) | ||
| 2328 | */ | ||
| 2329 | if (s->session->session_id_length == 0) | ||
| 2330 | return; | ||
| 2331 | |||
| 2332 | i = s->session_ctx->session_cache_mode; | ||
| 2333 | if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | ||
| 2334 | || SSL_CTX_add_session(s->session_ctx, s->session)) | ||
| 2335 | && (s->session_ctx->new_session_cb != NULL)) { | ||
| 2336 | CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); | ||
| 2337 | if (!s->session_ctx->new_session_cb(s, s->session)) | ||
| 2338 | SSL_SESSION_free(s->session); | ||
| 2339 | } | ||
| 2340 | |||
| 2341 | /* auto flush every 255 connections */ | ||
| 2342 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && | ||
| 2343 | ((i & mode) == mode)) { | ||
| 2344 | if ((((mode & SSL_SESS_CACHE_CLIENT) ? | ||
| 2345 | s->session_ctx->stats.sess_connect_good : | ||
| 2346 | s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) { | ||
| 2347 | SSL_CTX_flush_sessions(s->session_ctx, time(NULL)); | ||
| 2348 | } | ||
| 2349 | } | ||
| 2350 | } | ||
| 2351 | |||
| 2352 | const SSL_METHOD * | ||
| 2353 | SSL_get_ssl_method(SSL *s) | ||
| 2354 | { | ||
| 2355 | return (s->method); | ||
| 2356 | } | ||
| 2357 | |||
| 2358 | int | ||
| 2359 | SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth) | ||
| 2360 | { | ||
| 2361 | int conn = -1; | ||
| 2362 | int ret = 1; | ||
| 2363 | |||
| 2364 | if (s->method != meth) { | ||
| 2365 | if (s->handshake_func != NULL) | ||
| 2366 | conn = (s->handshake_func == s->method->ssl_connect); | ||
| 2367 | |||
| 2368 | if (s->method->version == meth->version) | ||
| 2369 | s->method = meth; | ||
| 2370 | else { | ||
| 2371 | s->method->ssl_free(s); | ||
| 2372 | s->method = meth; | ||
| 2373 | ret = s->method->ssl_new(s); | ||
| 2374 | } | ||
| 2375 | |||
| 2376 | if (conn == 1) | ||
| 2377 | s->handshake_func = meth->ssl_connect; | ||
| 2378 | else if (conn == 0) | ||
| 2379 | s->handshake_func = meth->ssl_accept; | ||
| 2380 | } | ||
| 2381 | return (ret); | ||
| 2382 | } | ||
| 2383 | |||
| 2384 | int | ||
| 2385 | SSL_get_error(const SSL *s, int i) | ||
| 2386 | { | ||
| 2387 | int reason; | ||
| 2388 | unsigned long l; | ||
| 2389 | BIO *bio; | ||
| 2390 | |||
| 2391 | if (i > 0) | ||
| 2392 | return (SSL_ERROR_NONE); | ||
| 2393 | |||
| 2394 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake | ||
| 2395 | * etc, where we do encode the error */ | ||
| 2396 | if ((l = ERR_peek_error()) != 0) { | ||
| 2397 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) | ||
| 2398 | return (SSL_ERROR_SYSCALL); | ||
| 2399 | else | ||
| 2400 | return (SSL_ERROR_SSL); | ||
| 2401 | } | ||
| 2402 | |||
| 2403 | if ((i < 0) && SSL_want_read(s)) { | ||
| 2404 | bio = SSL_get_rbio(s); | ||
| 2405 | if (BIO_should_read(bio)) { | ||
| 2406 | return (SSL_ERROR_WANT_READ); | ||
| 2407 | } else if (BIO_should_write(bio)) { | ||
| 2408 | /* | ||
| 2409 | * This one doesn't make too much sense... We never | ||
| 2410 | * try to write to the rbio, and an application | ||
| 2411 | * program where rbio and wbio are separate couldn't | ||
| 2412 | * even know what it should wait for. However if we | ||
| 2413 | * ever set s->rwstate incorrectly (so that we have | ||
| 2414 | * SSL_want_read(s) instead of SSL_want_write(s)) | ||
| 2415 | * and rbio and wbio *are* the same, this test works | ||
| 2416 | * around that bug; so it might be safer to keep it. | ||
| 2417 | */ | ||
| 2418 | return (SSL_ERROR_WANT_WRITE); | ||
| 2419 | } else if (BIO_should_io_special(bio)) { | ||
| 2420 | reason = BIO_get_retry_reason(bio); | ||
| 2421 | if (reason == BIO_RR_CONNECT) | ||
| 2422 | return (SSL_ERROR_WANT_CONNECT); | ||
| 2423 | else if (reason == BIO_RR_ACCEPT) | ||
| 2424 | return (SSL_ERROR_WANT_ACCEPT); | ||
| 2425 | else | ||
| 2426 | return (SSL_ERROR_SYSCALL); /* unknown */ | ||
| 2427 | } | ||
| 2428 | } | ||
| 2429 | |||
| 2430 | if ((i < 0) && SSL_want_write(s)) { | ||
| 2431 | bio = SSL_get_wbio(s); | ||
| 2432 | if (BIO_should_write(bio)) { | ||
| 2433 | return (SSL_ERROR_WANT_WRITE); | ||
| 2434 | } else if (BIO_should_read(bio)) { | ||
| 2435 | /* | ||
| 2436 | * See above (SSL_want_read(s) with | ||
| 2437 | * BIO_should_write(bio)) | ||
| 2438 | */ | ||
| 2439 | return (SSL_ERROR_WANT_READ); | ||
| 2440 | } else if (BIO_should_io_special(bio)) { | ||
| 2441 | reason = BIO_get_retry_reason(bio); | ||
| 2442 | if (reason == BIO_RR_CONNECT) | ||
| 2443 | return (SSL_ERROR_WANT_CONNECT); | ||
| 2444 | else if (reason == BIO_RR_ACCEPT) | ||
| 2445 | return (SSL_ERROR_WANT_ACCEPT); | ||
| 2446 | else | ||
| 2447 | return (SSL_ERROR_SYSCALL); | ||
| 2448 | } | ||
| 2449 | } | ||
| 2450 | if ((i < 0) && SSL_want_x509_lookup(s)) { | ||
| 2451 | return (SSL_ERROR_WANT_X509_LOOKUP); | ||
| 2452 | } | ||
| 2453 | |||
| 2454 | if (i == 0) { | ||
| 2455 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | ||
| 2456 | (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY)) | ||
| 2457 | return (SSL_ERROR_ZERO_RETURN); | ||
| 2458 | } | ||
| 2459 | return (SSL_ERROR_SYSCALL); | ||
| 2460 | } | ||
| 2461 | |||
| 2462 | int | ||
| 2463 | SSL_do_handshake(SSL *s) | ||
| 2464 | { | ||
| 2465 | int ret = 1; | ||
| 2466 | |||
| 2467 | if (s->handshake_func == NULL) { | ||
| 2468 | SSLerr(SSL_F_SSL_DO_HANDSHAKE, | ||
| 2469 | SSL_R_CONNECTION_TYPE_NOT_SET); | ||
| 2470 | return (-1); | ||
| 2471 | } | ||
| 2472 | |||
| 2473 | s->method->ssl_renegotiate_check(s); | ||
| 2474 | |||
| 2475 | if (SSL_in_init(s) || SSL_in_before(s)) { | ||
| 2476 | ret = s->handshake_func(s); | ||
| 2477 | } | ||
| 2478 | return (ret); | ||
| 2479 | } | ||
| 2480 | |||
| 2481 | /* | ||
| 2482 | * For the next 2 functions, SSL_clear() sets shutdown and so | ||
| 2483 | * one of these calls will reset it | ||
| 2484 | */ | ||
| 2485 | void | ||
| 2486 | SSL_set_accept_state(SSL *s) | ||
| 2487 | { | ||
| 2488 | s->server = 1; | ||
| 2489 | s->shutdown = 0; | ||
| 2490 | s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; | ||
| 2491 | s->handshake_func = s->method->ssl_accept; | ||
| 2492 | /* clear the current cipher */ | ||
| 2493 | ssl_clear_cipher_ctx(s); | ||
| 2494 | ssl_clear_hash_ctx(&s->read_hash); | ||
| 2495 | ssl_clear_hash_ctx(&s->write_hash); | ||
| 2496 | } | ||
| 2497 | |||
| 2498 | void | ||
| 2499 | SSL_set_connect_state(SSL *s) | ||
| 2500 | { | ||
| 2501 | s->server = 0; | ||
| 2502 | s->shutdown = 0; | ||
| 2503 | s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; | ||
| 2504 | s->handshake_func = s->method->ssl_connect; | ||
| 2505 | /* clear the current cipher */ | ||
| 2506 | ssl_clear_cipher_ctx(s); | ||
| 2507 | ssl_clear_hash_ctx(&s->read_hash); | ||
| 2508 | ssl_clear_hash_ctx(&s->write_hash); | ||
| 2509 | } | ||
| 2510 | |||
| 2511 | int | ||
| 2512 | ssl_undefined_function(SSL *s) | ||
| 2513 | { | ||
| 2514 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, | ||
| 2515 | ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2516 | return (0); | ||
| 2517 | } | ||
| 2518 | |||
| 2519 | int | ||
| 2520 | ssl_undefined_void_function(void) | ||
| 2521 | { | ||
| 2522 | SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION, | ||
| 2523 | ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2524 | return (0); | ||
| 2525 | } | ||
| 2526 | |||
| 2527 | int | ||
| 2528 | ssl_undefined_const_function(const SSL *s) | ||
| 2529 | { | ||
| 2530 | SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION, | ||
| 2531 | ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2532 | return (0); | ||
| 2533 | } | ||
| 2534 | |||
| 2535 | SSL_METHOD * | ||
| 2536 | ssl_bad_method(int ver) | ||
| 2537 | { | ||
| 2538 | SSLerr(SSL_F_SSL_BAD_METHOD, | ||
| 2539 | ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 2540 | return (NULL); | ||
| 2541 | } | ||
| 2542 | |||
| 2543 | const char * | ||
| 2544 | ssl_version_string(int ver) | ||
| 2545 | { | ||
| 2546 | switch (ver) { | ||
| 2547 | case DTLS1_BAD_VER: | ||
| 2548 | return (SSL_TXT_DTLS1_BAD); | ||
| 2549 | case DTLS1_VERSION: | ||
| 2550 | return (SSL_TXT_DTLS1); | ||
| 2551 | case SSL3_VERSION: | ||
| 2552 | return (SSL_TXT_SSLV3); | ||
| 2553 | case TLS1_VERSION: | ||
| 2554 | return (SSL_TXT_TLSV1); | ||
| 2555 | case TLS1_1_VERSION: | ||
| 2556 | return (SSL_TXT_TLSV1_1); | ||
| 2557 | case TLS1_2_VERSION: | ||
| 2558 | return (SSL_TXT_TLSV1_2); | ||
| 2559 | default: | ||
| 2560 | return ("unknown"); | ||
| 2561 | } | ||
| 2562 | } | ||
| 2563 | |||
| 2564 | const char * | ||
| 2565 | SSL_get_version(const SSL *s) | ||
| 2566 | { | ||
| 2567 | return ssl_version_string(s->version); | ||
| 2568 | } | ||
| 2569 | |||
| 2570 | uint16_t | ||
| 2571 | ssl_max_server_version(SSL *s) | ||
| 2572 | { | ||
| 2573 | uint16_t max_version; | ||
| 2574 | |||
| 2575 | /* | ||
| 2576 | * The SSL method will be changed during version negotiation, as such | ||
| 2577 | * we want to use the SSL method from the context. | ||
| 2578 | */ | ||
| 2579 | max_version = s->ctx->method->version; | ||
| 2580 | |||
| 2581 | if (SSL_IS_DTLS(s)) | ||
| 2582 | return (DTLS1_VERSION); | ||
| 2583 | |||
| 2584 | if ((s->options & SSL_OP_NO_TLSv1_2) == 0 && | ||
| 2585 | max_version >= TLS1_2_VERSION) | ||
| 2586 | return (TLS1_2_VERSION); | ||
| 2587 | if ((s->options & SSL_OP_NO_TLSv1_1) == 0 && | ||
| 2588 | max_version >= TLS1_1_VERSION) | ||
| 2589 | return (TLS1_1_VERSION); | ||
| 2590 | if ((s->options & SSL_OP_NO_TLSv1) == 0 && | ||
| 2591 | max_version >= TLS1_VERSION) | ||
| 2592 | return (TLS1_VERSION); | ||
| 2593 | if ((s->options & SSL_OP_NO_SSLv3) == 0 && | ||
| 2594 | max_version >= SSL3_VERSION) | ||
| 2595 | return (SSL3_VERSION); | ||
| 2596 | |||
| 2597 | return (0); | ||
| 2598 | } | ||
| 2599 | |||
| 2600 | SSL * | ||
| 2601 | SSL_dup(SSL *s) | ||
| 2602 | { | ||
| 2603 | STACK_OF(X509_NAME) *sk; | ||
| 2604 | X509_NAME *xn; | ||
| 2605 | SSL *ret; | ||
| 2606 | int i; | ||
| 2607 | |||
| 2608 | if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL) | ||
| 2609 | return (NULL); | ||
| 2610 | |||
| 2611 | ret->version = s->version; | ||
| 2612 | ret->type = s->type; | ||
| 2613 | ret->method = s->method; | ||
| 2614 | |||
| 2615 | if (s->session != NULL) { | ||
| 2616 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ | ||
| 2617 | SSL_copy_session_id(ret, s); | ||
| 2618 | } else { | ||
| 2619 | /* | ||
| 2620 | * No session has been established yet, so we have to expect | ||
| 2621 | * that s->cert or ret->cert will be changed later -- | ||
| 2622 | * they should not both point to the same object, | ||
| 2623 | * and thus we can't use SSL_copy_session_id. | ||
| 2624 | */ | ||
| 2625 | |||
| 2626 | ret->method->ssl_free(ret); | ||
| 2627 | ret->method = s->method; | ||
| 2628 | ret->method->ssl_new(ret); | ||
| 2629 | |||
| 2630 | if (s->cert != NULL) { | ||
| 2631 | if (ret->cert != NULL) { | ||
| 2632 | ssl_cert_free(ret->cert); | ||
| 2633 | } | ||
| 2634 | ret->cert = ssl_cert_dup(s->cert); | ||
| 2635 | if (ret->cert == NULL) | ||
| 2636 | goto err; | ||
| 2637 | } | ||
| 2638 | |||
| 2639 | SSL_set_session_id_context(ret, | ||
| 2640 | s->sid_ctx, s->sid_ctx_length); | ||
| 2641 | } | ||
| 2642 | |||
| 2643 | ret->options = s->options; | ||
| 2644 | ret->mode = s->mode; | ||
| 2645 | SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); | ||
| 2646 | SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); | ||
| 2647 | ret->msg_callback = s->msg_callback; | ||
| 2648 | ret->msg_callback_arg = s->msg_callback_arg; | ||
| 2649 | SSL_set_verify(ret, SSL_get_verify_mode(s), | ||
| 2650 | SSL_get_verify_callback(s)); | ||
| 2651 | SSL_set_verify_depth(ret, SSL_get_verify_depth(s)); | ||
| 2652 | ret->generate_session_id = s->generate_session_id; | ||
| 2653 | |||
| 2654 | SSL_set_info_callback(ret, SSL_get_info_callback(s)); | ||
| 2655 | |||
| 2656 | ret->debug = s->debug; | ||
| 2657 | |||
| 2658 | /* copy app data, a little dangerous perhaps */ | ||
| 2659 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, | ||
| 2660 | &ret->ex_data, &s->ex_data)) | ||
| 2661 | goto err; | ||
| 2662 | |||
| 2663 | /* setup rbio, and wbio */ | ||
| 2664 | if (s->rbio != NULL) { | ||
| 2665 | if (!BIO_dup_state(s->rbio,(char *)&ret->rbio)) | ||
| 2666 | goto err; | ||
| 2667 | } | ||
| 2668 | if (s->wbio != NULL) { | ||
| 2669 | if (s->wbio != s->rbio) { | ||
| 2670 | if (!BIO_dup_state(s->wbio,(char *)&ret->wbio)) | ||
| 2671 | goto err; | ||
| 2672 | } else | ||
| 2673 | ret->wbio = ret->rbio; | ||
| 2674 | } | ||
| 2675 | ret->rwstate = s->rwstate; | ||
| 2676 | ret->in_handshake = s->in_handshake; | ||
| 2677 | ret->handshake_func = s->handshake_func; | ||
| 2678 | ret->server = s->server; | ||
| 2679 | ret->renegotiate = s->renegotiate; | ||
| 2680 | ret->new_session = s->new_session; | ||
| 2681 | ret->quiet_shutdown = s->quiet_shutdown; | ||
| 2682 | ret->shutdown = s->shutdown; | ||
| 2683 | /* SSL_dup does not really work at any state, though */ | ||
| 2684 | ret->state=s->state; | ||
| 2685 | ret->rstate = s->rstate; | ||
| 2686 | |||
| 2687 | /* | ||
| 2688 | * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, | ||
| 2689 | * ret->init_off | ||
| 2690 | */ | ||
| 2691 | ret->init_num = 0; | ||
| 2692 | |||
| 2693 | ret->hit = s->hit; | ||
| 2694 | |||
| 2695 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | ||
| 2696 | |||
| 2697 | /* dup the cipher_list and cipher_list_by_id stacks */ | ||
| 2698 | if (s->cipher_list != NULL) { | ||
| 2699 | if ((ret->cipher_list = | ||
| 2700 | sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | ||
| 2701 | goto err; | ||
| 2702 | } | ||
| 2703 | if (s->cipher_list_by_id != NULL) { | ||
| 2704 | if ((ret->cipher_list_by_id = | ||
| 2705 | sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) | ||
| 2706 | goto err; | ||
| 2707 | } | ||
| 2708 | |||
| 2709 | /* Dup the client_CA list */ | ||
| 2710 | if (s->client_CA != NULL) { | ||
| 2711 | if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; | ||
| 2712 | ret->client_CA = sk; | ||
| 2713 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { | ||
| 2714 | xn = sk_X509_NAME_value(sk, i); | ||
| 2715 | if (sk_X509_NAME_set(sk, i, | ||
| 2716 | X509_NAME_dup(xn)) == NULL) { | ||
| 2717 | X509_NAME_free(xn); | ||
| 2718 | goto err; | ||
| 2719 | } | ||
| 2720 | } | ||
| 2721 | } | ||
| 2722 | |||
| 2723 | if (0) { | ||
| 2724 | err: | ||
| 2725 | if (ret != NULL) | ||
| 2726 | SSL_free(ret); | ||
| 2727 | ret = NULL; | ||
| 2728 | } | ||
| 2729 | return (ret); | ||
| 2730 | } | ||
| 2731 | |||
| 2732 | void | ||
| 2733 | ssl_clear_cipher_ctx(SSL *s) | ||
| 2734 | { | ||
| 2735 | EVP_CIPHER_CTX_free(s->enc_read_ctx); | ||
| 2736 | s->enc_read_ctx = NULL; | ||
| 2737 | EVP_CIPHER_CTX_free(s->enc_write_ctx); | ||
| 2738 | s->enc_write_ctx = NULL; | ||
| 2739 | |||
| 2740 | if (s->aead_read_ctx != NULL) { | ||
| 2741 | EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx); | ||
| 2742 | free(s->aead_read_ctx); | ||
| 2743 | s->aead_read_ctx = NULL; | ||
| 2744 | } | ||
| 2745 | if (s->aead_write_ctx != NULL) { | ||
| 2746 | EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx); | ||
| 2747 | free(s->aead_write_ctx); | ||
| 2748 | s->aead_write_ctx = NULL; | ||
| 2749 | } | ||
| 2750 | |||
| 2751 | } | ||
| 2752 | |||
| 2753 | /* Fix this function so that it takes an optional type parameter */ | ||
| 2754 | X509 * | ||
| 2755 | SSL_get_certificate(const SSL *s) | ||
| 2756 | { | ||
| 2757 | if (s->cert != NULL) | ||
| 2758 | return (s->cert->key->x509); | ||
| 2759 | else | ||
| 2760 | return (NULL); | ||
| 2761 | } | ||
| 2762 | |||
| 2763 | /* Fix this function so that it takes an optional type parameter */ | ||
| 2764 | EVP_PKEY * | ||
| 2765 | SSL_get_privatekey(SSL *s) | ||
| 2766 | { | ||
| 2767 | if (s->cert != NULL) | ||
| 2768 | return (s->cert->key->privatekey); | ||
| 2769 | else | ||
| 2770 | return (NULL); | ||
| 2771 | } | ||
| 2772 | |||
| 2773 | const SSL_CIPHER * | ||
| 2774 | SSL_get_current_cipher(const SSL *s) | ||
| 2775 | { | ||
| 2776 | if ((s->session != NULL) && (s->session->cipher != NULL)) | ||
| 2777 | return (s->session->cipher); | ||
| 2778 | return (NULL); | ||
| 2779 | } | ||
| 2780 | const void * | ||
| 2781 | SSL_get_current_compression(SSL *s) | ||
| 2782 | { | ||
| 2783 | return (NULL); | ||
| 2784 | } | ||
| 2785 | |||
| 2786 | const void * | ||
| 2787 | SSL_get_current_expansion(SSL *s) | ||
| 2788 | { | ||
| 2789 | return (NULL); | ||
| 2790 | } | ||
| 2791 | |||
| 2792 | int | ||
| 2793 | ssl_init_wbio_buffer(SSL *s, int push) | ||
| 2794 | { | ||
| 2795 | BIO *bbio; | ||
| 2796 | |||
| 2797 | if (s->bbio == NULL) { | ||
| 2798 | bbio = BIO_new(BIO_f_buffer()); | ||
| 2799 | if (bbio == NULL) | ||
| 2800 | return (0); | ||
| 2801 | s->bbio = bbio; | ||
| 2802 | } else { | ||
| 2803 | bbio = s->bbio; | ||
| 2804 | if (s->bbio == s->wbio) | ||
| 2805 | s->wbio = BIO_pop(s->wbio); | ||
| 2806 | } | ||
| 2807 | (void)BIO_reset(bbio); | ||
| 2808 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ | ||
| 2809 | if (!BIO_set_read_buffer_size(bbio, 1)) { | ||
| 2810 | SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, | ||
| 2811 | ERR_R_BUF_LIB); | ||
| 2812 | return (0); | ||
| 2813 | } | ||
| 2814 | if (push) { | ||
| 2815 | if (s->wbio != bbio) | ||
| 2816 | s->wbio = BIO_push(bbio, s->wbio); | ||
| 2817 | } else { | ||
| 2818 | if (s->wbio == bbio) | ||
| 2819 | s->wbio = BIO_pop(bbio); | ||
| 2820 | } | ||
| 2821 | return (1); | ||
| 2822 | } | ||
| 2823 | |||
| 2824 | void | ||
| 2825 | ssl_free_wbio_buffer(SSL *s) | ||
| 2826 | { | ||
| 2827 | if (s->bbio == NULL) | ||
| 2828 | return; | ||
| 2829 | |||
| 2830 | if (s->bbio == s->wbio) { | ||
| 2831 | /* remove buffering */ | ||
| 2832 | s->wbio = BIO_pop(s->wbio); | ||
| 2833 | } | ||
| 2834 | BIO_free(s->bbio); | ||
| 2835 | s->bbio = NULL; | ||
| 2836 | } | ||
| 2837 | |||
| 2838 | void | ||
| 2839 | SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode) | ||
| 2840 | { | ||
| 2841 | ctx->quiet_shutdown = mode; | ||
| 2842 | } | ||
| 2843 | |||
| 2844 | int | ||
| 2845 | SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | ||
| 2846 | { | ||
| 2847 | return (ctx->quiet_shutdown); | ||
| 2848 | } | ||
| 2849 | |||
| 2850 | void | ||
| 2851 | SSL_set_quiet_shutdown(SSL *s, int mode) | ||
| 2852 | { | ||
| 2853 | s->quiet_shutdown = mode; | ||
| 2854 | } | ||
| 2855 | |||
| 2856 | int | ||
| 2857 | SSL_get_quiet_shutdown(const SSL *s) | ||
| 2858 | { | ||
| 2859 | return (s->quiet_shutdown); | ||
| 2860 | } | ||
| 2861 | |||
| 2862 | void | ||
| 2863 | SSL_set_shutdown(SSL *s, int mode) | ||
| 2864 | { | ||
| 2865 | s->shutdown = mode; | ||
| 2866 | } | ||
| 2867 | |||
| 2868 | int | ||
| 2869 | SSL_get_shutdown(const SSL *s) | ||
| 2870 | { | ||
| 2871 | return (s->shutdown); | ||
| 2872 | } | ||
| 2873 | |||
| 2874 | int | ||
| 2875 | SSL_version(const SSL *s) | ||
| 2876 | { | ||
| 2877 | return (s->version); | ||
| 2878 | } | ||
| 2879 | |||
| 2880 | SSL_CTX * | ||
| 2881 | SSL_get_SSL_CTX(const SSL *ssl) | ||
| 2882 | { | ||
| 2883 | return (ssl->ctx); | ||
| 2884 | } | ||
| 2885 | |||
| 2886 | SSL_CTX * | ||
| 2887 | SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) | ||
| 2888 | { | ||
| 2889 | if (ssl->ctx == ctx) | ||
| 2890 | return (ssl->ctx); | ||
| 2891 | if (ctx == NULL) | ||
| 2892 | ctx = ssl->initial_ctx; | ||
| 2893 | if (ssl->cert != NULL) | ||
| 2894 | ssl_cert_free(ssl->cert); | ||
| 2895 | ssl->cert = ssl_cert_dup(ctx->cert); | ||
| 2896 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); | ||
| 2897 | SSL_CTX_free(ssl->ctx); /* decrement reference count */ | ||
| 2898 | ssl->ctx = ctx; | ||
| 2899 | return (ssl->ctx); | ||
| 2900 | } | ||
| 2901 | |||
| 2902 | int | ||
| 2903 | SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) | ||
| 2904 | { | ||
| 2905 | return (X509_STORE_set_default_paths(ctx->cert_store)); | ||
| 2906 | } | ||
| 2907 | |||
| 2908 | int | ||
| 2909 | SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, | ||
| 2910 | const char *CApath) | ||
| 2911 | { | ||
| 2912 | return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath)); | ||
| 2913 | } | ||
| 2914 | |||
| 2915 | int | ||
| 2916 | SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len) | ||
| 2917 | { | ||
| 2918 | return (X509_STORE_load_mem(ctx->cert_store, buf, len)); | ||
| 2919 | } | ||
| 2920 | |||
| 2921 | void | ||
| 2922 | SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val)) | ||
| 2923 | { | ||
| 2924 | ssl->info_callback = cb; | ||
| 2925 | } | ||
| 2926 | |||
| 2927 | void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val) | ||
| 2928 | { | ||
| 2929 | return (ssl->info_callback); | ||
| 2930 | } | ||
| 2931 | |||
| 2932 | int | ||
| 2933 | SSL_state(const SSL *ssl) | ||
| 2934 | { | ||
| 2935 | return (ssl->state); | ||
| 2936 | } | ||
| 2937 | |||
| 2938 | void | ||
| 2939 | SSL_set_state(SSL *ssl, int state) | ||
| 2940 | { | ||
| 2941 | ssl->state = state; | ||
| 2942 | } | ||
| 2943 | |||
| 2944 | void | ||
| 2945 | SSL_set_verify_result(SSL *ssl, long arg) | ||
| 2946 | { | ||
| 2947 | ssl->verify_result = arg; | ||
| 2948 | } | ||
| 2949 | |||
| 2950 | long | ||
| 2951 | SSL_get_verify_result(const SSL *ssl) | ||
| 2952 | { | ||
| 2953 | return (ssl->verify_result); | ||
| 2954 | } | ||
| 2955 | |||
| 2956 | int | ||
| 2957 | SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 2958 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
| 2959 | { | ||
| 2960 | return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, | ||
| 2961 | new_func, dup_func, free_func)); | ||
| 2962 | } | ||
| 2963 | |||
| 2964 | int | ||
| 2965 | SSL_set_ex_data(SSL *s, int idx, void *arg) | ||
| 2966 | { | ||
| 2967 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); | ||
| 2968 | } | ||
| 2969 | |||
| 2970 | void * | ||
| 2971 | SSL_get_ex_data(const SSL *s, int idx) | ||
| 2972 | { | ||
| 2973 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); | ||
| 2974 | } | ||
| 2975 | |||
| 2976 | int | ||
| 2977 | SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 2978 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
| 2979 | { | ||
| 2980 | return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, | ||
| 2981 | new_func, dup_func, free_func)); | ||
| 2982 | } | ||
| 2983 | |||
| 2984 | int | ||
| 2985 | SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) | ||
| 2986 | { | ||
| 2987 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); | ||
| 2988 | } | ||
| 2989 | |||
| 2990 | void * | ||
| 2991 | SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) | ||
| 2992 | { | ||
| 2993 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); | ||
| 2994 | } | ||
| 2995 | |||
| 2996 | int | ||
| 2997 | ssl_ok(SSL *s) | ||
| 2998 | { | ||
| 2999 | return (1); | ||
| 3000 | } | ||
| 3001 | |||
| 3002 | X509_STORE * | ||
| 3003 | SSL_CTX_get_cert_store(const SSL_CTX *ctx) | ||
| 3004 | { | ||
| 3005 | return (ctx->cert_store); | ||
| 3006 | } | ||
| 3007 | |||
| 3008 | void | ||
| 3009 | SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) | ||
| 3010 | { | ||
| 3011 | if (ctx->cert_store != NULL) | ||
| 3012 | X509_STORE_free(ctx->cert_store); | ||
| 3013 | ctx->cert_store = store; | ||
| 3014 | } | ||
| 3015 | |||
| 3016 | int | ||
| 3017 | SSL_want(const SSL *s) | ||
| 3018 | { | ||
| 3019 | return (s->rwstate); | ||
| 3020 | } | ||
| 3021 | |||
| 3022 | void | ||
| 3023 | SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, | ||
| 3024 | int keylength)) | ||
| 3025 | { | ||
| 3026 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
| 3027 | } | ||
| 3028 | |||
| 3029 | void | ||
| 3030 | SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export, | ||
| 3031 | int keylength)) | ||
| 3032 | { | ||
| 3033 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb); | ||
| 3034 | } | ||
| 3035 | |||
| 3036 | void | ||
| 3037 | SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export, | ||
| 3038 | int keylength)) | ||
| 3039 | { | ||
| 3040 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | ||
| 3041 | } | ||
| 3042 | |||
| 3043 | void | ||
| 3044 | SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export, | ||
| 3045 | int keylength)) | ||
| 3046 | { | ||
| 3047 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); | ||
| 3048 | } | ||
| 3049 | |||
| 3050 | void | ||
| 3051 | SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl, | ||
| 3052 | int is_export, int keylength)) | ||
| 3053 | { | ||
| 3054 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, | ||
| 3055 | (void (*)(void))ecdh); | ||
| 3056 | } | ||
| 3057 | |||
| 3058 | void | ||
| 3059 | SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export, | ||
| 3060 | int keylength)) | ||
| 3061 | { | ||
| 3062 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); | ||
| 3063 | } | ||
| 3064 | |||
| 3065 | |||
| 3066 | void | ||
| 3067 | SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, | ||
| 3068 | int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 3069 | { | ||
| 3070 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, | ||
| 3071 | (void (*)(void))cb); | ||
| 3072 | } | ||
| 3073 | |||
| 3074 | void | ||
| 3075 | SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, | ||
| 3076 | int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 3077 | { | ||
| 3078 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); | ||
| 3079 | } | ||
| 3080 | |||
| 3081 | /* | ||
| 3082 | * Allocates new EVP_MD_CTX and sets pointer to it into given pointer | ||
| 3083 | * variable, freeing EVP_MD_CTX previously stored in that variable, if | ||
| 3084 | * any. If EVP_MD pointer is passed, initializes ctx with this md | ||
| 3085 | * Returns newly allocated ctx; | ||
| 3086 | */ | ||
| 3087 | EVP_MD_CTX * | ||
| 3088 | ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) | ||
| 3089 | { | ||
| 3090 | ssl_clear_hash_ctx(hash); | ||
| 3091 | *hash = EVP_MD_CTX_create(); | ||
| 3092 | if (*hash != NULL && md != NULL) { | ||
| 3093 | if (!EVP_DigestInit_ex(*hash, md, NULL)) { | ||
| 3094 | ssl_clear_hash_ctx(hash); | ||
| 3095 | return (NULL); | ||
| 3096 | } | ||
| 3097 | } | ||
| 3098 | return (*hash); | ||
| 3099 | } | ||
| 3100 | |||
| 3101 | void | ||
| 3102 | ssl_clear_hash_ctx(EVP_MD_CTX **hash) | ||
| 3103 | { | ||
| 3104 | if (*hash) | ||
| 3105 | EVP_MD_CTX_destroy(*hash); | ||
| 3106 | *hash = NULL; | ||
| 3107 | } | ||
| 3108 | |||
| 3109 | void | ||
| 3110 | SSL_set_debug(SSL *s, int debug) | ||
| 3111 | { | ||
| 3112 | s->debug = debug; | ||
| 3113 | } | ||
| 3114 | |||
| 3115 | int | ||
| 3116 | SSL_cache_hit(SSL *s) | ||
| 3117 | { | ||
| 3118 | return (s->hit); | ||
| 3119 | } | ||
| 3120 | |||
| 3121 | IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); | ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h deleted file mode 100644 index c38aa3a90d..0000000000 --- a/src/lib/libssl/ssl_locl.h +++ /dev/null | |||
| @@ -1,874 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.88 2015/02/22 15:54:27 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 116 | /* ==================================================================== | ||
| 117 | * Copyright 2005 Nokia. All rights reserved. | ||
| 118 | * | ||
| 119 | * The portions of the attached software ("Contribution") is developed by | ||
| 120 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 121 | * license. | ||
| 122 | * | ||
| 123 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 124 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 125 | * support (see RFC 4279) to OpenSSL. | ||
| 126 | * | ||
| 127 | * No patent licenses or other rights except those expressly stated in | ||
| 128 | * the OpenSSL open source license shall be deemed granted or received | ||
| 129 | * expressly, by implication, estoppel, or otherwise. | ||
| 130 | * | ||
| 131 | * No assurances are provided by Nokia that the Contribution does not | ||
| 132 | * infringe the patent or other intellectual property rights of any third | ||
| 133 | * party or that the license provides you with all the necessary rights | ||
| 134 | * to make use of the Contribution. | ||
| 135 | * | ||
| 136 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 137 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 138 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 139 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 140 | * OTHERWISE. | ||
| 141 | */ | ||
| 142 | |||
| 143 | #ifndef HEADER_SSL_LOCL_H | ||
| 144 | #define HEADER_SSL_LOCL_H | ||
| 145 | |||
| 146 | #include <sys/types.h> | ||
| 147 | |||
| 148 | #include <errno.h> | ||
| 149 | #include <stdlib.h> | ||
| 150 | #include <string.h> | ||
| 151 | #include <time.h> | ||
| 152 | #include <unistd.h> | ||
| 153 | |||
| 154 | #include <openssl/opensslconf.h> | ||
| 155 | #include <openssl/bio.h> | ||
| 156 | #include <openssl/buffer.h> | ||
| 157 | #include <openssl/dsa.h> | ||
| 158 | #include <openssl/err.h> | ||
| 159 | #include <openssl/rsa.h> | ||
| 160 | #include <openssl/ssl.h> | ||
| 161 | #include <openssl/stack.h> | ||
| 162 | |||
| 163 | #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ | ||
| 164 | l|=(((unsigned long)(*((c)++)))<< 8), \ | ||
| 165 | l|=(((unsigned long)(*((c)++)))<<16), \ | ||
| 166 | l|=(((unsigned long)(*((c)++)))<<24)) | ||
| 167 | |||
| 168 | /* NOTE - c is not incremented as per c2l */ | ||
| 169 | #define c2ln(c,l1,l2,n) { \ | ||
| 170 | c+=n; \ | ||
| 171 | l1=l2=0; \ | ||
| 172 | switch (n) { \ | ||
| 173 | case 8: l2 =((unsigned long)(*(--(c))))<<24; \ | ||
| 174 | case 7: l2|=((unsigned long)(*(--(c))))<<16; \ | ||
| 175 | case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 176 | case 5: l2|=((unsigned long)(*(--(c)))); \ | ||
| 177 | case 4: l1 =((unsigned long)(*(--(c))))<<24; \ | ||
| 178 | case 3: l1|=((unsigned long)(*(--(c))))<<16; \ | ||
| 179 | case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 180 | case 1: l1|=((unsigned long)(*(--(c)))); \ | ||
| 181 | } \ | ||
| 182 | } | ||
| 183 | |||
| 184 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | ||
| 185 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 186 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 187 | *((c)++)=(unsigned char)(((l)>>24)&0xff)) | ||
| 188 | |||
| 189 | #define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \ | ||
| 190 | l|=((unsigned long)(*((c)++)))<<16, \ | ||
| 191 | l|=((unsigned long)(*((c)++)))<< 8, \ | ||
| 192 | l|=((unsigned long)(*((c)++)))) | ||
| 193 | |||
| 194 | #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
| 195 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 196 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 197 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 198 | |||
| 199 | #define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ | ||
| 200 | *((c)++)=(unsigned char)(((l)>>48)&0xff), \ | ||
| 201 | *((c)++)=(unsigned char)(((l)>>40)&0xff), \ | ||
| 202 | *((c)++)=(unsigned char)(((l)>>32)&0xff), \ | ||
| 203 | *((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
| 204 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 205 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 206 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 207 | |||
| 208 | /* NOTE - c is not incremented as per l2c */ | ||
| 209 | #define l2cn(l1,l2,c,n) { \ | ||
| 210 | c+=n; \ | ||
| 211 | switch (n) { \ | ||
| 212 | case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ | ||
| 213 | case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ | ||
| 214 | case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ | ||
| 215 | case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | ||
| 216 | case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ | ||
| 217 | case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ | ||
| 218 | case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ | ||
| 219 | case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | ||
| 220 | } \ | ||
| 221 | } | ||
| 222 | |||
| 223 | #define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ | ||
| 224 | (((unsigned int)(c[1])) )),c+=2) | ||
| 225 | #define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ | ||
| 226 | c[1]=(unsigned char)(((s) )&0xff)),c+=2) | ||
| 227 | |||
| 228 | #define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ | ||
| 229 | (((unsigned long)(c[1]))<< 8)| \ | ||
| 230 | (((unsigned long)(c[2])) )),c+=3) | ||
| 231 | |||
| 232 | #define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ | ||
| 233 | c[1]=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 234 | c[2]=(unsigned char)(((l) )&0xff)),c+=3) | ||
| 235 | |||
| 236 | /* LOCAL STUFF */ | ||
| 237 | |||
| 238 | #define SSL_DECRYPT 0 | ||
| 239 | #define SSL_ENCRYPT 1 | ||
| 240 | |||
| 241 | /* | ||
| 242 | * Define the Bitmasks for SSL_CIPHER.algorithms. | ||
| 243 | * This bits are used packed as dense as possible. If new methods/ciphers | ||
| 244 | * etc will be added, the bits a likely to change, so this information | ||
| 245 | * is for internal library use only, even though SSL_CIPHER.algorithms | ||
| 246 | * can be publicly accessed. | ||
| 247 | * Use the according functions for cipher management instead. | ||
| 248 | * | ||
| 249 | * The bit mask handling in the selection and sorting scheme in | ||
| 250 | * ssl_create_cipher_list() has only limited capabilities, reflecting | ||
| 251 | * that the different entities within are mutually exclusive: | ||
| 252 | * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. | ||
| 253 | */ | ||
| 254 | |||
| 255 | /* Bits for algorithm_mkey (key exchange algorithm) */ | ||
| 256 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | ||
| 257 | #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ | ||
| 258 | #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ | ||
| 259 | #define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ | ||
| 260 | #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ | ||
| 261 | #define SSL_kGOST 0x00000200L /* GOST key exchange */ | ||
| 262 | |||
| 263 | /* Bits for algorithm_auth (server authentication) */ | ||
| 264 | #define SSL_aRSA 0x00000001L /* RSA auth */ | ||
| 265 | #define SSL_aDSS 0x00000002L /* DSS auth */ | ||
| 266 | #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ | ||
| 267 | #define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */ | ||
| 268 | #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ | ||
| 269 | #define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ | ||
| 270 | |||
| 271 | |||
| 272 | /* Bits for algorithm_enc (symmetric encryption) */ | ||
| 273 | #define SSL_DES 0x00000001L | ||
| 274 | #define SSL_3DES 0x00000002L | ||
| 275 | #define SSL_RC4 0x00000004L | ||
| 276 | #define SSL_IDEA 0x00000008L | ||
| 277 | #define SSL_eNULL 0x00000010L | ||
| 278 | #define SSL_AES128 0x00000020L | ||
| 279 | #define SSL_AES256 0x00000040L | ||
| 280 | #define SSL_CAMELLIA128 0x00000080L | ||
| 281 | #define SSL_CAMELLIA256 0x00000100L | ||
| 282 | #define SSL_eGOST2814789CNT 0x00000200L | ||
| 283 | #define SSL_AES128GCM 0x00000400L | ||
| 284 | #define SSL_AES256GCM 0x00000800L | ||
| 285 | #define SSL_CHACHA20POLY1305 0x00001000L | ||
| 286 | |||
| 287 | #define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) | ||
| 288 | #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) | ||
| 289 | |||
| 290 | |||
| 291 | /* Bits for algorithm_mac (symmetric authentication) */ | ||
| 292 | |||
| 293 | #define SSL_MD5 0x00000001L | ||
| 294 | #define SSL_SHA1 0x00000002L | ||
| 295 | #define SSL_GOST94 0x00000004L | ||
| 296 | #define SSL_GOST89MAC 0x00000008L | ||
| 297 | #define SSL_SHA256 0x00000010L | ||
| 298 | #define SSL_SHA384 0x00000020L | ||
| 299 | /* Not a real MAC, just an indication it is part of cipher */ | ||
| 300 | #define SSL_AEAD 0x00000040L | ||
| 301 | #define SSL_STREEBOG256 0x00000080L | ||
| 302 | #define SSL_STREEBOG512 0x00000100L | ||
| 303 | |||
| 304 | /* Bits for algorithm_ssl (protocol version) */ | ||
| 305 | #define SSL_SSLV3 0x00000002L | ||
| 306 | #define SSL_TLSV1 SSL_SSLV3 /* for now */ | ||
| 307 | #define SSL_TLSV1_2 0x00000004L | ||
| 308 | |||
| 309 | |||
| 310 | /* Bits for algorithm2 (handshake digests and other extra flags) */ | ||
| 311 | |||
| 312 | #define SSL_HANDSHAKE_MAC_MD5 0x10 | ||
| 313 | #define SSL_HANDSHAKE_MAC_SHA 0x20 | ||
| 314 | #define SSL_HANDSHAKE_MAC_GOST94 0x40 | ||
| 315 | #define SSL_HANDSHAKE_MAC_SHA256 0x80 | ||
| 316 | #define SSL_HANDSHAKE_MAC_SHA384 0x100 | ||
| 317 | #define SSL_HANDSHAKE_MAC_STREEBOG256 0x200 | ||
| 318 | #define SSL_HANDSHAKE_MAC_STREEBOG512 0x400 | ||
| 319 | #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) | ||
| 320 | |||
| 321 | /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX | ||
| 322 | * make sure to update this constant too */ | ||
| 323 | #define SSL_MAX_DIGEST 8 | ||
| 324 | |||
| 325 | #define SSL3_CK_ID 0x03000000 | ||
| 326 | #define SSL3_CK_VALUE_MASK 0x0000ffff | ||
| 327 | |||
| 328 | #define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) | ||
| 329 | |||
| 330 | #define TLS1_PRF_DGST_SHIFT 10 | ||
| 331 | #define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) | ||
| 332 | #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) | ||
| 333 | #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) | ||
| 334 | #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) | ||
| 335 | #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) | ||
| 336 | #define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT) | ||
| 337 | #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) | ||
| 338 | |||
| 339 | /* Stream MAC for GOST ciphersuites from cryptopro draft | ||
| 340 | * (currently this also goes into algorithm2) */ | ||
| 341 | #define TLS1_STREAM_MAC 0x04 | ||
| 342 | |||
| 343 | /* | ||
| 344 | * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that | ||
| 345 | * indicates that the variable part of the nonce is included as a prefix of | ||
| 346 | * the record (AES-GCM, for example, does this with an 8-byte variable nonce.) | ||
| 347 | */ | ||
| 348 | #define SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD (1 << 22) | ||
| 349 | |||
| 350 | /* | ||
| 351 | * SSL_CIPHER_ALGORITHM2_AEAD is an algorithm2 flag that indicates the cipher | ||
| 352 | * is implemented via an EVP_AEAD. | ||
| 353 | */ | ||
| 354 | #define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23) | ||
| 355 | |||
| 356 | /* | ||
| 357 | * SSL_CIPHER_AEAD_FIXED_NONCE_LEN returns the number of bytes of fixed nonce | ||
| 358 | * for an SSL_CIPHER with the SSL_CIPHER_ALGORITHM2_AEAD flag. | ||
| 359 | */ | ||
| 360 | #define SSL_CIPHER_AEAD_FIXED_NONCE_LEN(ssl_cipher) \ | ||
| 361 | (((ssl_cipher->algorithm2 >> 24) & 0xf) * 2) | ||
| 362 | |||
| 363 | /* | ||
| 364 | * Cipher strength information. | ||
| 365 | */ | ||
| 366 | #define SSL_STRONG_MASK 0x000001fcL | ||
| 367 | #define SSL_STRONG_NONE 0x00000004L | ||
| 368 | #define SSL_LOW 0x00000020L | ||
| 369 | #define SSL_MEDIUM 0x00000040L | ||
| 370 | #define SSL_HIGH 0x00000080L | ||
| 371 | |||
| 372 | /* | ||
| 373 | * The keylength (measured in RSA key bits, I guess) for temporary keys. | ||
| 374 | * Cipher argument is so that this can be variable in the future. | ||
| 375 | */ | ||
| 376 | #define SSL_C_PKEYLENGTH(c) 1024 | ||
| 377 | |||
| 378 | /* Check if an SSL structure is using DTLS. */ | ||
| 379 | #define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) | ||
| 380 | |||
| 381 | /* See if we need explicit IV. */ | ||
| 382 | #define SSL_USE_EXPLICIT_IV(s) \ | ||
| 383 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV) | ||
| 384 | |||
| 385 | /* See if we use signature algorithms extension. */ | ||
| 386 | #define SSL_USE_SIGALGS(s) \ | ||
| 387 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) | ||
| 388 | |||
| 389 | /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ | ||
| 390 | #define SSL_USE_TLS1_2_CIPHERS(s) \ | ||
| 391 | (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) | ||
| 392 | |||
| 393 | /* Mostly for SSLv3 */ | ||
| 394 | #define SSL_PKEY_RSA_ENC 0 | ||
| 395 | #define SSL_PKEY_RSA_SIGN 1 | ||
| 396 | #define SSL_PKEY_DSA_SIGN 2 | ||
| 397 | #define SSL_PKEY_DH_RSA 3 | ||
| 398 | #define SSL_PKEY_DH_DSA 4 | ||
| 399 | #define SSL_PKEY_ECC 5 | ||
| 400 | #define SSL_PKEY_GOST01 6 | ||
| 401 | #define SSL_PKEY_NUM 7 | ||
| 402 | |||
| 403 | /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | | ||
| 404 | * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) | ||
| 405 | * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) | ||
| 406 | * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN | ||
| 407 | * SSL_aRSA <- RSA_ENC | RSA_SIGN | ||
| 408 | * SSL_aDSS <- DSA_SIGN | ||
| 409 | */ | ||
| 410 | |||
| 411 | /* | ||
| 412 | #define CERT_INVALID 0 | ||
| 413 | #define CERT_PUBLIC_KEY 1 | ||
| 414 | #define CERT_PRIVATE_KEY 2 | ||
| 415 | */ | ||
| 416 | |||
| 417 | /* From ECC-TLS draft, used in encoding the curve type in | ||
| 418 | * ECParameters | ||
| 419 | */ | ||
| 420 | #define EXPLICIT_PRIME_CURVE_TYPE 1 | ||
| 421 | #define EXPLICIT_CHAR2_CURVE_TYPE 2 | ||
| 422 | #define NAMED_CURVE_TYPE 3 | ||
| 423 | |||
| 424 | typedef struct cert_pkey_st { | ||
| 425 | X509 *x509; | ||
| 426 | EVP_PKEY *privatekey; | ||
| 427 | /* Digest to use when signing */ | ||
| 428 | const EVP_MD *digest; | ||
| 429 | } CERT_PKEY; | ||
| 430 | |||
| 431 | typedef struct cert_st { | ||
| 432 | /* Current active set */ | ||
| 433 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array | ||
| 434 | * Probably it would make more sense to store | ||
| 435 | * an index, not a pointer. */ | ||
| 436 | |||
| 437 | /* The following masks are for the key and auth | ||
| 438 | * algorithms that are supported by the certs below */ | ||
| 439 | int valid; | ||
| 440 | unsigned long mask_k; | ||
| 441 | unsigned long mask_a; | ||
| 442 | |||
| 443 | DH *dh_tmp; | ||
| 444 | DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize); | ||
| 445 | int dh_tmp_auto; | ||
| 446 | |||
| 447 | EC_KEY *ecdh_tmp; | ||
| 448 | EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize); | ||
| 449 | int ecdh_tmp_auto; | ||
| 450 | |||
| 451 | CERT_PKEY pkeys[SSL_PKEY_NUM]; | ||
| 452 | |||
| 453 | int references; /* >1 only if SSL_copy_session_id is used */ | ||
| 454 | } CERT; | ||
| 455 | |||
| 456 | |||
| 457 | typedef struct sess_cert_st { | ||
| 458 | STACK_OF(X509) *cert_chain; /* as received from peer */ | ||
| 459 | |||
| 460 | /* The 'peer_...' members are used only by clients. */ | ||
| 461 | int peer_cert_type; | ||
| 462 | |||
| 463 | CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ | ||
| 464 | CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; | ||
| 465 | /* Obviously we don't have the private keys of these, | ||
| 466 | * so maybe we shouldn't even use the CERT_PKEY type here. */ | ||
| 467 | |||
| 468 | DH *peer_dh_tmp; | ||
| 469 | EC_KEY *peer_ecdh_tmp; | ||
| 470 | |||
| 471 | int references; /* actually always 1 at the moment */ | ||
| 472 | } SESS_CERT; | ||
| 473 | |||
| 474 | |||
| 475 | /*#define SSL_DEBUG */ | ||
| 476 | /*#define RSA_DEBUG */ | ||
| 477 | |||
| 478 | /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff | ||
| 479 | * It is a bit of a mess of functions, but hell, think of it as | ||
| 480 | * an opaque structure :-) */ | ||
| 481 | typedef struct ssl3_enc_method { | ||
| 482 | int (*enc)(SSL *, int); | ||
| 483 | int (*mac)(SSL *, unsigned char *, int); | ||
| 484 | int (*setup_key_block)(SSL *); | ||
| 485 | int (*generate_master_secret)(SSL *, unsigned char *, | ||
| 486 | unsigned char *, int); | ||
| 487 | int (*change_cipher_state)(SSL *, int); | ||
| 488 | int (*final_finish_mac)(SSL *, const char *, int, unsigned char *); | ||
| 489 | int finish_mac_length; | ||
| 490 | int (*cert_verify_mac)(SSL *, int, unsigned char *); | ||
| 491 | const char *client_finished_label; | ||
| 492 | int client_finished_label_len; | ||
| 493 | const char *server_finished_label; | ||
| 494 | int server_finished_label_len; | ||
| 495 | int (*alert_value)(int); | ||
| 496 | int (*export_keying_material)(SSL *, unsigned char *, size_t, | ||
| 497 | const char *, size_t, const unsigned char *, size_t, | ||
| 498 | int use_context); | ||
| 499 | /* Flags indicating protocol version requirements. */ | ||
| 500 | unsigned int enc_flags; | ||
| 501 | } SSL3_ENC_METHOD; | ||
| 502 | |||
| 503 | /* | ||
| 504 | * Flag values for enc_flags. | ||
| 505 | */ | ||
| 506 | |||
| 507 | /* Uses explicit IV. */ | ||
| 508 | #define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0) | ||
| 509 | |||
| 510 | /* Uses signature algorithms extension. */ | ||
| 511 | #define SSL_ENC_FLAG_SIGALGS (1 << 1) | ||
| 512 | |||
| 513 | /* Uses SHA256 default PRF. */ | ||
| 514 | #define SSL_ENC_FLAG_SHA256_PRF (1 << 2) | ||
| 515 | |||
| 516 | /* Is DTLS. */ | ||
| 517 | #define SSL_ENC_FLAG_DTLS (1 << 3) | ||
| 518 | |||
| 519 | /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ | ||
| 520 | #define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4) | ||
| 521 | |||
| 522 | /* | ||
| 523 | * ssl_aead_ctx_st contains information about an AEAD that is being used to | ||
| 524 | * encrypt an SSL connection. | ||
| 525 | */ | ||
| 526 | struct ssl_aead_ctx_st { | ||
| 527 | EVP_AEAD_CTX ctx; | ||
| 528 | /* | ||
| 529 | * fixed_nonce contains any bytes of the nonce that are fixed for all | ||
| 530 | * records. | ||
| 531 | */ | ||
| 532 | unsigned char fixed_nonce[8]; | ||
| 533 | unsigned char fixed_nonce_len; | ||
| 534 | unsigned char variable_nonce_len; | ||
| 535 | unsigned char tag_len; | ||
| 536 | /* | ||
| 537 | * variable_nonce_in_record is non-zero if the variable nonce | ||
| 538 | * for a record is included as a prefix before the ciphertext. | ||
| 539 | */ | ||
| 540 | char variable_nonce_in_record; | ||
| 541 | }; | ||
| 542 | |||
| 543 | extern SSL3_ENC_METHOD ssl3_undef_enc_method; | ||
| 544 | extern SSL_CIPHER ssl3_ciphers[]; | ||
| 545 | |||
| 546 | SSL_METHOD *ssl_bad_method(int ver); | ||
| 547 | const char *ssl_version_string(int ver); | ||
| 548 | uint16_t ssl_max_server_version(SSL *s); | ||
| 549 | |||
| 550 | extern SSL3_ENC_METHOD TLSv1_enc_data; | ||
| 551 | extern SSL3_ENC_METHOD TLSv1_1_enc_data; | ||
| 552 | extern SSL3_ENC_METHOD TLSv1_2_enc_data; | ||
| 553 | extern SSL3_ENC_METHOD SSLv3_enc_data; | ||
| 554 | extern SSL3_ENC_METHOD DTLSv1_enc_data; | ||
| 555 | |||
| 556 | void ssl_clear_cipher_ctx(SSL *s); | ||
| 557 | int ssl_clear_bad_session(SSL *s); | ||
| 558 | CERT *ssl_cert_new(void); | ||
| 559 | CERT *ssl_cert_dup(CERT *cert); | ||
| 560 | int ssl_cert_inst(CERT **o); | ||
| 561 | void ssl_cert_free(CERT *c); | ||
| 562 | SESS_CERT *ssl_sess_cert_new(void); | ||
| 563 | void ssl_sess_cert_free(SESS_CERT *sc); | ||
| 564 | int ssl_set_peer_cert_type(SESS_CERT *c, int type); | ||
| 565 | int ssl_get_new_session(SSL *s, int session); | ||
| 566 | int ssl_get_prev_session(SSL *s, unsigned char *session, int len, | ||
| 567 | const unsigned char *limit); | ||
| 568 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); | ||
| 569 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); | ||
| 570 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, | ||
| 571 | const SSL_CIPHER * const *bp); | ||
| 572 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, | ||
| 573 | int num, STACK_OF(SSL_CIPHER) **skp); | ||
| 574 | int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, | ||
| 575 | unsigned char *p); | ||
| 576 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | ||
| 577 | STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted, | ||
| 578 | const char *rule_str); | ||
| 579 | void ssl_update_cache(SSL *s, int mode); | ||
| 580 | int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, | ||
| 581 | const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size); | ||
| 582 | int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead); | ||
| 583 | int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md); | ||
| 584 | |||
| 585 | int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk); | ||
| 586 | int ssl_undefined_function(SSL *s); | ||
| 587 | int ssl_undefined_void_function(void); | ||
| 588 | int ssl_undefined_const_function(const SSL *s); | ||
| 589 | CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); | ||
| 590 | X509 *ssl_get_server_send_cert(const SSL *); | ||
| 591 | EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd); | ||
| 592 | DH *ssl_get_auto_dh(SSL *s); | ||
| 593 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey); | ||
| 594 | void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); | ||
| 595 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); | ||
| 596 | int ssl_verify_alarm_type(long type); | ||
| 597 | void ssl_load_ciphers(void); | ||
| 598 | |||
| 599 | const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); | ||
| 600 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); | ||
| 601 | int ssl3_init_finished_mac(SSL *s); | ||
| 602 | int ssl3_send_server_certificate(SSL *s); | ||
| 603 | int ssl3_send_newsession_ticket(SSL *s); | ||
| 604 | int ssl3_send_cert_status(SSL *s); | ||
| 605 | int ssl3_get_finished(SSL *s, int state_a, int state_b); | ||
| 606 | int ssl3_setup_key_block(SSL *s); | ||
| 607 | int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b); | ||
| 608 | int ssl3_change_cipher_state(SSL *s, int which); | ||
| 609 | void ssl3_cleanup_key_block(SSL *s); | ||
| 610 | int ssl3_do_write(SSL *s, int type); | ||
| 611 | int ssl3_send_alert(SSL *s, int level, int desc); | ||
| 612 | int ssl3_generate_master_secret(SSL *s, unsigned char *out, | ||
| 613 | unsigned char *p, int len); | ||
| 614 | int ssl3_get_req_cert_type(SSL *s, unsigned char *p); | ||
| 615 | long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | ||
| 616 | int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); | ||
| 617 | int ssl3_num_ciphers(void); | ||
| 618 | const SSL_CIPHER *ssl3_get_cipher(unsigned int u); | ||
| 619 | const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); | ||
| 620 | const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); | ||
| 621 | uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c); | ||
| 622 | int ssl3_renegotiate(SSL *ssl); | ||
| 623 | |||
| 624 | int ssl3_renegotiate_check(SSL *ssl); | ||
| 625 | |||
| 626 | int ssl3_dispatch_alert(SSL *s); | ||
| 627 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | ||
| 628 | int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); | ||
| 629 | int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, | ||
| 630 | unsigned char *p); | ||
| 631 | int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); | ||
| 632 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); | ||
| 633 | int ssl3_enc(SSL *s, int send_data); | ||
| 634 | int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data); | ||
| 635 | void ssl3_free_digest_list(SSL *s); | ||
| 636 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); | ||
| 637 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, | ||
| 638 | STACK_OF(SSL_CIPHER) *srvr); | ||
| 639 | int ssl3_setup_buffers(SSL *s); | ||
| 640 | int ssl3_setup_read_buffer(SSL *s); | ||
| 641 | int ssl3_setup_write_buffer(SSL *s); | ||
| 642 | int ssl3_release_read_buffer(SSL *s); | ||
| 643 | int ssl3_release_write_buffer(SSL *s); | ||
| 644 | int ssl3_digest_cached_records(SSL *s); | ||
| 645 | int ssl3_new(SSL *s); | ||
| 646 | void ssl3_free(SSL *s); | ||
| 647 | int ssl3_accept(SSL *s); | ||
| 648 | int ssl3_connect(SSL *s); | ||
| 649 | int ssl3_read(SSL *s, void *buf, int len); | ||
| 650 | int ssl3_peek(SSL *s, void *buf, int len); | ||
| 651 | int ssl3_write(SSL *s, const void *buf, int len); | ||
| 652 | int ssl3_shutdown(SSL *s); | ||
| 653 | void ssl3_clear(SSL *s); | ||
| 654 | long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); | ||
| 655 | long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); | ||
| 656 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); | ||
| 657 | long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); | ||
| 658 | int ssl3_pending(const SSL *s); | ||
| 659 | |||
| 660 | unsigned char *ssl3_handshake_msg_start(SSL *s, uint8_t htype); | ||
| 661 | void ssl3_handshake_msg_finish(SSL *s, unsigned int len); | ||
| 662 | int ssl3_handshake_write(SSL *s); | ||
| 663 | |||
| 664 | void ssl3_record_sequence_increment(unsigned char *seq); | ||
| 665 | int ssl3_do_change_cipher_spec(SSL *ssl); | ||
| 666 | long ssl3_default_timeout(void); | ||
| 667 | |||
| 668 | int ssl23_read(SSL *s, void *buf, int len); | ||
| 669 | int ssl23_peek(SSL *s, void *buf, int len); | ||
| 670 | int ssl23_write(SSL *s, const void *buf, int len); | ||
| 671 | long ssl23_default_timeout(void); | ||
| 672 | |||
| 673 | long tls1_default_timeout(void); | ||
| 674 | int dtls1_do_write(SSL *s, int type); | ||
| 675 | int ssl3_read_n(SSL *s, int n, int max, int extend); | ||
| 676 | int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); | ||
| 677 | int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, | ||
| 678 | unsigned int len); | ||
| 679 | unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p, | ||
| 680 | unsigned char mt, unsigned long len, unsigned long frag_off, | ||
| 681 | unsigned long frag_len); | ||
| 682 | |||
| 683 | int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); | ||
| 684 | int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); | ||
| 685 | |||
| 686 | int dtls1_send_change_cipher_spec(SSL *s, int a, int b); | ||
| 687 | int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); | ||
| 688 | unsigned long dtls1_output_cert_chain(SSL *s, X509 *x); | ||
| 689 | int dtls1_read_failed(SSL *s, int code); | ||
| 690 | int dtls1_buffer_message(SSL *s, int ccs); | ||
| 691 | int dtls1_retransmit_message(SSL *s, unsigned short seq, | ||
| 692 | unsigned long frag_off, int *found); | ||
| 693 | int dtls1_get_queue_priority(unsigned short seq, int is_ccs); | ||
| 694 | int dtls1_retransmit_buffered_messages(SSL *s); | ||
| 695 | void dtls1_clear_record_buffer(SSL *s); | ||
| 696 | void dtls1_get_message_header(unsigned char *data, | ||
| 697 | struct hm_header_st *msg_hdr); | ||
| 698 | void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); | ||
| 699 | void dtls1_reset_seq_numbers(SSL *s, int rw); | ||
| 700 | void dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq, | ||
| 701 | unsigned short epoch); | ||
| 702 | long dtls1_default_timeout(void); | ||
| 703 | struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft); | ||
| 704 | int dtls1_check_timeout_num(SSL *s); | ||
| 705 | int dtls1_handle_timeout(SSL *s); | ||
| 706 | const SSL_CIPHER *dtls1_get_cipher(unsigned int u); | ||
| 707 | void dtls1_start_timer(SSL *s); | ||
| 708 | void dtls1_stop_timer(SSL *s); | ||
| 709 | int dtls1_is_timer_expired(SSL *s); | ||
| 710 | void dtls1_double_timeout(SSL *s); | ||
| 711 | int dtls1_send_newsession_ticket(SSL *s); | ||
| 712 | unsigned int dtls1_min_mtu(void); | ||
| 713 | |||
| 714 | /* some client-only functions */ | ||
| 715 | int ssl3_client_hello(SSL *s); | ||
| 716 | int ssl3_get_server_hello(SSL *s); | ||
| 717 | int ssl3_get_certificate_request(SSL *s); | ||
| 718 | int ssl3_get_new_session_ticket(SSL *s); | ||
| 719 | int ssl3_get_cert_status(SSL *s); | ||
| 720 | int ssl3_get_server_done(SSL *s); | ||
| 721 | int ssl3_send_client_verify(SSL *s); | ||
| 722 | int ssl3_send_client_certificate(SSL *s); | ||
| 723 | int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); | ||
| 724 | int ssl3_send_client_key_exchange(SSL *s); | ||
| 725 | int ssl3_get_key_exchange(SSL *s); | ||
| 726 | int ssl3_get_server_certificate(SSL *s); | ||
| 727 | int ssl3_check_cert_and_algorithm(SSL *s); | ||
| 728 | int ssl3_check_finished(SSL *s); | ||
| 729 | int ssl3_send_next_proto(SSL *s); | ||
| 730 | |||
| 731 | int dtls1_client_hello(SSL *s); | ||
| 732 | int dtls1_send_client_certificate(SSL *s); | ||
| 733 | int dtls1_send_client_key_exchange(SSL *s); | ||
| 734 | int dtls1_send_client_verify(SSL *s); | ||
| 735 | |||
| 736 | /* some server-only functions */ | ||
| 737 | int ssl3_get_client_hello(SSL *s); | ||
| 738 | int ssl3_send_server_hello(SSL *s); | ||
| 739 | int ssl3_send_hello_request(SSL *s); | ||
| 740 | int ssl3_send_server_key_exchange(SSL *s); | ||
| 741 | int ssl3_send_certificate_request(SSL *s); | ||
| 742 | int ssl3_send_server_done(SSL *s); | ||
| 743 | int ssl3_check_client_hello(SSL *s); | ||
| 744 | int ssl3_get_client_certificate(SSL *s); | ||
| 745 | int ssl3_get_client_key_exchange(SSL *s); | ||
| 746 | int ssl3_get_cert_verify(SSL *s); | ||
| 747 | int ssl3_get_next_proto(SSL *s); | ||
| 748 | |||
| 749 | int dtls1_send_hello_request(SSL *s); | ||
| 750 | int dtls1_send_server_hello(SSL *s); | ||
| 751 | int dtls1_send_server_certificate(SSL *s); | ||
| 752 | int dtls1_send_server_key_exchange(SSL *s); | ||
| 753 | int dtls1_send_certificate_request(SSL *s); | ||
| 754 | int dtls1_send_server_done(SSL *s); | ||
| 755 | |||
| 756 | int ssl23_accept(SSL *s); | ||
| 757 | int ssl23_connect(SSL *s); | ||
| 758 | int ssl23_read_bytes(SSL *s, int n); | ||
| 759 | int ssl23_write_bytes(SSL *s); | ||
| 760 | |||
| 761 | int tls1_new(SSL *s); | ||
| 762 | void tls1_free(SSL *s); | ||
| 763 | void tls1_clear(SSL *s); | ||
| 764 | long tls1_ctrl(SSL *s, int cmd, long larg, void *parg); | ||
| 765 | long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); | ||
| 766 | |||
| 767 | int dtls1_new(SSL *s); | ||
| 768 | int dtls1_accept(SSL *s); | ||
| 769 | int dtls1_connect(SSL *s); | ||
| 770 | void dtls1_free(SSL *s); | ||
| 771 | void dtls1_clear(SSL *s); | ||
| 772 | long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); | ||
| 773 | int dtls1_shutdown(SSL *s); | ||
| 774 | |||
| 775 | long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | ||
| 776 | int dtls1_get_record(SSL *s); | ||
| 777 | int do_dtls1_write(SSL *s, int type, const unsigned char *buf, | ||
| 778 | unsigned int len); | ||
| 779 | int dtls1_dispatch_alert(SSL *s); | ||
| 780 | int dtls1_enc(SSL *s, int snd); | ||
| 781 | |||
| 782 | int ssl_init_wbio_buffer(SSL *s, int push); | ||
| 783 | void ssl_free_wbio_buffer(SSL *s); | ||
| 784 | |||
| 785 | int tls1_change_cipher_state(SSL *s, int which); | ||
| 786 | int tls1_setup_key_block(SSL *s); | ||
| 787 | int tls1_enc(SSL *s, int snd); | ||
| 788 | int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p); | ||
| 789 | int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); | ||
| 790 | int tls1_mac(SSL *ssl, unsigned char *md, int snd); | ||
| 791 | int tls1_generate_master_secret(SSL *s, unsigned char *out, | ||
| 792 | unsigned char *p, int len); | ||
| 793 | int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, | ||
| 794 | const char *label, size_t llen, const unsigned char *p, size_t plen, | ||
| 795 | int use_context); | ||
| 796 | int tls1_alert_code(int code); | ||
| 797 | int ssl3_alert_code(int code); | ||
| 798 | int ssl_ok(SSL *s); | ||
| 799 | |||
| 800 | int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); | ||
| 801 | |||
| 802 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); | ||
| 803 | |||
| 804 | int tls1_ec_curve_id2nid(uint16_t curve_id); | ||
| 805 | uint16_t tls1_ec_nid2curve_id(int nid); | ||
| 806 | int tls1_check_curve(SSL *s, const unsigned char *p, size_t len); | ||
| 807 | int tls1_get_shared_curve(SSL *s); | ||
| 808 | |||
| 809 | unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, | ||
| 810 | unsigned char *limit); | ||
| 811 | |||
| 812 | unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, | ||
| 813 | unsigned char *limit); | ||
| 814 | |||
| 815 | int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, | ||
| 816 | unsigned char *d, int n, int *al); | ||
| 817 | int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, | ||
| 818 | unsigned char *d, int n, int *al); | ||
| 819 | int ssl_prepare_clienthello_tlsext(SSL *s); | ||
| 820 | int ssl_prepare_serverhello_tlsext(SSL *s); | ||
| 821 | int ssl_check_clienthello_tlsext_early(SSL *s); | ||
| 822 | int ssl_check_clienthello_tlsext_late(SSL *s); | ||
| 823 | int ssl_check_serverhello_tlsext(SSL *s); | ||
| 824 | |||
| 825 | #define tlsext_tick_md EVP_sha256 | ||
| 826 | int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
| 827 | const unsigned char *limit, SSL_SESSION **ret); | ||
| 828 | |||
| 829 | int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, | ||
| 830 | const EVP_MD *md); | ||
| 831 | int tls12_get_sigid(const EVP_PKEY *pk); | ||
| 832 | const EVP_MD *tls12_get_hash(unsigned char hash_alg); | ||
| 833 | |||
| 834 | EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md); | ||
| 835 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash); | ||
| 836 | int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, | ||
| 837 | int *len, int maxlen); | ||
| 838 | int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, | ||
| 839 | int len, int *al); | ||
| 840 | int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, | ||
| 841 | int *len, int maxlen); | ||
| 842 | int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, | ||
| 843 | int len, int *al); | ||
| 844 | long ssl_get_algorithm2(SSL *s); | ||
| 845 | int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize); | ||
| 846 | int tls12_get_req_sig_algs(SSL *s, unsigned char *p); | ||
| 847 | |||
| 848 | int tls1_check_ec_server_key(SSL *s); | ||
| 849 | int tls1_check_ec_tmp_key(SSL *s); | ||
| 850 | |||
| 851 | int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, | ||
| 852 | int *len, int maxlen); | ||
| 853 | int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, | ||
| 854 | int len, int *al); | ||
| 855 | int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, | ||
| 856 | int *len, int maxlen); | ||
| 857 | int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, | ||
| 858 | int len, int *al); | ||
| 859 | |||
| 860 | /* s3_cbc.c */ | ||
| 861 | void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, | ||
| 862 | unsigned md_size, unsigned orig_len); | ||
| 863 | int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, | ||
| 864 | unsigned block_size, unsigned mac_size); | ||
| 865 | int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec, | ||
| 866 | unsigned block_size, unsigned mac_size); | ||
| 867 | char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); | ||
| 868 | int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, | ||
| 869 | size_t *md_out_size, const unsigned char header[13], | ||
| 870 | const unsigned char *data, size_t data_plus_mac_size, | ||
| 871 | size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, | ||
| 872 | unsigned mac_secret_length, char is_sslv3); | ||
| 873 | |||
| 874 | #endif | ||
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c deleted file mode 100644 index 039bee7952..0000000000 --- a/src/lib/libssl/ssl_rsa.c +++ /dev/null | |||
| @@ -1,755 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_rsa.c,v 1.20 2015/02/06 01:37:11 reyk Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include "ssl_locl.h" | ||
| 62 | |||
| 63 | #include <openssl/bio.h> | ||
| 64 | #include <openssl/evp.h> | ||
| 65 | #include <openssl/objects.h> | ||
| 66 | #include <openssl/pem.h> | ||
| 67 | #include <openssl/x509.h> | ||
| 68 | |||
| 69 | static int ssl_set_cert(CERT *c, X509 *x509); | ||
| 70 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | ||
| 71 | static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *); | ||
| 72 | |||
| 73 | int | ||
| 74 | SSL_use_certificate(SSL *ssl, X509 *x) | ||
| 75 | { | ||
| 76 | if (x == NULL) { | ||
| 77 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); | ||
| 78 | return (0); | ||
| 79 | } | ||
| 80 | if (!ssl_cert_inst(&ssl->cert)) { | ||
| 81 | SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); | ||
| 82 | return (0); | ||
| 83 | } | ||
| 84 | return (ssl_set_cert(ssl->cert, x)); | ||
| 85 | } | ||
| 86 | |||
| 87 | int | ||
| 88 | SSL_use_certificate_file(SSL *ssl, const char *file, int type) | ||
| 89 | { | ||
| 90 | int j; | ||
| 91 | BIO *in; | ||
| 92 | int ret = 0; | ||
| 93 | X509 *x = NULL; | ||
| 94 | |||
| 95 | in = BIO_new(BIO_s_file_internal()); | ||
| 96 | if (in == NULL) { | ||
| 97 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); | ||
| 98 | goto end; | ||
| 99 | } | ||
| 100 | |||
| 101 | if (BIO_read_filename(in, file) <= 0) { | ||
| 102 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); | ||
| 103 | goto end; | ||
| 104 | } | ||
| 105 | if (type == SSL_FILETYPE_ASN1) { | ||
| 106 | j = ERR_R_ASN1_LIB; | ||
| 107 | x = d2i_X509_bio(in, NULL); | ||
| 108 | } else if (type == SSL_FILETYPE_PEM) { | ||
| 109 | j = ERR_R_PEM_LIB; | ||
| 110 | x = PEM_read_bio_X509(in, NULL, | ||
| 111 | ssl->ctx->default_passwd_callback, | ||
| 112 | ssl->ctx->default_passwd_callback_userdata); | ||
| 113 | } else { | ||
| 114 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); | ||
| 115 | goto end; | ||
| 116 | } | ||
| 117 | |||
| 118 | if (x == NULL) { | ||
| 119 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); | ||
| 120 | goto end; | ||
| 121 | } | ||
| 122 | |||
| 123 | ret = SSL_use_certificate(ssl, x); | ||
| 124 | end: | ||
| 125 | if (x != NULL) | ||
| 126 | X509_free(x); | ||
| 127 | BIO_free(in); | ||
| 128 | return (ret); | ||
| 129 | } | ||
| 130 | |||
| 131 | int | ||
| 132 | SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len) | ||
| 133 | { | ||
| 134 | X509 *x; | ||
| 135 | int ret; | ||
| 136 | |||
| 137 | x = d2i_X509(NULL, &d,(long)len); | ||
| 138 | if (x == NULL) { | ||
| 139 | SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); | ||
| 140 | return (0); | ||
| 141 | } | ||
| 142 | |||
| 143 | ret = SSL_use_certificate(ssl, x); | ||
| 144 | X509_free(x); | ||
| 145 | return (ret); | ||
| 146 | } | ||
| 147 | |||
| 148 | int | ||
| 149 | SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) | ||
| 150 | { | ||
| 151 | EVP_PKEY *pkey; | ||
| 152 | int ret; | ||
| 153 | |||
| 154 | if (rsa == NULL) { | ||
| 155 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); | ||
| 156 | return (0); | ||
| 157 | } | ||
| 158 | if (!ssl_cert_inst(&ssl->cert)) { | ||
| 159 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 160 | return (0); | ||
| 161 | } | ||
| 162 | if ((pkey = EVP_PKEY_new()) == NULL) { | ||
| 163 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); | ||
| 164 | return (0); | ||
| 165 | } | ||
| 166 | |||
| 167 | RSA_up_ref(rsa); | ||
| 168 | EVP_PKEY_assign_RSA(pkey, rsa); | ||
| 169 | |||
| 170 | ret = ssl_set_pkey(ssl->cert, pkey); | ||
| 171 | EVP_PKEY_free(pkey); | ||
| 172 | return (ret); | ||
| 173 | } | ||
| 174 | |||
| 175 | static int | ||
| 176 | ssl_set_pkey(CERT *c, EVP_PKEY *pkey) | ||
| 177 | { | ||
| 178 | int i; | ||
| 179 | |||
| 180 | i = ssl_cert_type(NULL, pkey); | ||
| 181 | if (i < 0) { | ||
| 182 | SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 183 | return (0); | ||
| 184 | } | ||
| 185 | |||
| 186 | if (c->pkeys[i].x509 != NULL) { | ||
| 187 | EVP_PKEY *pktmp; | ||
| 188 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | ||
| 189 | EVP_PKEY_copy_parameters(pktmp, pkey); | ||
| 190 | EVP_PKEY_free(pktmp); | ||
| 191 | ERR_clear_error(); | ||
| 192 | |||
| 193 | /* | ||
| 194 | * Don't check the public/private key, this is mostly | ||
| 195 | * for smart cards. | ||
| 196 | */ | ||
| 197 | if ((pkey->type == EVP_PKEY_RSA) && | ||
| 198 | (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) | ||
| 199 | ; | ||
| 200 | else | ||
| 201 | if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { | ||
| 202 | X509_free(c->pkeys[i].x509); | ||
| 203 | c->pkeys[i].x509 = NULL; | ||
| 204 | return 0; | ||
| 205 | } | ||
| 206 | } | ||
| 207 | |||
| 208 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
| 209 | CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); | ||
| 210 | c->pkeys[i].privatekey = pkey; | ||
| 211 | c->key = &(c->pkeys[i]); | ||
| 212 | |||
| 213 | c->valid = 0; | ||
| 214 | return (1); | ||
| 215 | } | ||
| 216 | |||
| 217 | int | ||
| 218 | SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) | ||
| 219 | { | ||
| 220 | int j, ret = 0; | ||
| 221 | BIO *in; | ||
| 222 | RSA *rsa = NULL; | ||
| 223 | |||
| 224 | in = BIO_new(BIO_s_file_internal()); | ||
| 225 | if (in == NULL) { | ||
| 226 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); | ||
| 227 | goto end; | ||
| 228 | } | ||
| 229 | |||
| 230 | if (BIO_read_filename(in, file) <= 0) { | ||
| 231 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); | ||
| 232 | goto end; | ||
| 233 | } | ||
| 234 | if (type == SSL_FILETYPE_ASN1) { | ||
| 235 | j = ERR_R_ASN1_LIB; | ||
| 236 | rsa = d2i_RSAPrivateKey_bio(in, NULL); | ||
| 237 | } else if (type == SSL_FILETYPE_PEM) { | ||
| 238 | j = ERR_R_PEM_LIB; | ||
| 239 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, | ||
| 240 | ssl->ctx->default_passwd_callback, | ||
| 241 | ssl->ctx->default_passwd_callback_userdata); | ||
| 242 | } else { | ||
| 243 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); | ||
| 244 | goto end; | ||
| 245 | } | ||
| 246 | if (rsa == NULL) { | ||
| 247 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); | ||
| 248 | goto end; | ||
| 249 | } | ||
| 250 | ret = SSL_use_RSAPrivateKey(ssl, rsa); | ||
| 251 | RSA_free(rsa); | ||
| 252 | end: | ||
| 253 | BIO_free(in); | ||
| 254 | return (ret); | ||
| 255 | } | ||
| 256 | |||
| 257 | int | ||
| 258 | SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) | ||
| 259 | { | ||
| 260 | int ret; | ||
| 261 | const unsigned char *p; | ||
| 262 | RSA *rsa; | ||
| 263 | |||
| 264 | p = d; | ||
| 265 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { | ||
| 266 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); | ||
| 267 | return (0); | ||
| 268 | } | ||
| 269 | |||
| 270 | ret = SSL_use_RSAPrivateKey(ssl, rsa); | ||
| 271 | RSA_free(rsa); | ||
| 272 | return (ret); | ||
| 273 | } | ||
| 274 | |||
| 275 | int | ||
| 276 | SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) | ||
| 277 | { | ||
| 278 | int ret; | ||
| 279 | |||
| 280 | if (pkey == NULL) { | ||
| 281 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); | ||
| 282 | return (0); | ||
| 283 | } | ||
| 284 | if (!ssl_cert_inst(&ssl->cert)) { | ||
| 285 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 286 | return (0); | ||
| 287 | } | ||
| 288 | ret = ssl_set_pkey(ssl->cert, pkey); | ||
| 289 | return (ret); | ||
| 290 | } | ||
| 291 | |||
| 292 | int | ||
| 293 | SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) | ||
| 294 | { | ||
| 295 | int j, ret = 0; | ||
| 296 | BIO *in; | ||
| 297 | EVP_PKEY *pkey = NULL; | ||
| 298 | |||
| 299 | in = BIO_new(BIO_s_file_internal()); | ||
| 300 | if (in == NULL) { | ||
| 301 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); | ||
| 302 | goto end; | ||
| 303 | } | ||
| 304 | |||
| 305 | if (BIO_read_filename(in, file) <= 0) { | ||
| 306 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); | ||
| 307 | goto end; | ||
| 308 | } | ||
| 309 | if (type == SSL_FILETYPE_PEM) { | ||
| 310 | j = ERR_R_PEM_LIB; | ||
| 311 | pkey = PEM_read_bio_PrivateKey(in, NULL, | ||
| 312 | ssl->ctx->default_passwd_callback, | ||
| 313 | ssl->ctx->default_passwd_callback_userdata); | ||
| 314 | } else if (type == SSL_FILETYPE_ASN1) { | ||
| 315 | j = ERR_R_ASN1_LIB; | ||
| 316 | pkey = d2i_PrivateKey_bio(in, NULL); | ||
| 317 | } else { | ||
| 318 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); | ||
| 319 | goto end; | ||
| 320 | } | ||
| 321 | if (pkey == NULL) { | ||
| 322 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j); | ||
| 323 | goto end; | ||
| 324 | } | ||
| 325 | ret = SSL_use_PrivateKey(ssl, pkey); | ||
| 326 | EVP_PKEY_free(pkey); | ||
| 327 | end: | ||
| 328 | BIO_free(in); | ||
| 329 | return (ret); | ||
| 330 | } | ||
| 331 | |||
| 332 | int | ||
| 333 | SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len) | ||
| 334 | { | ||
| 335 | int ret; | ||
| 336 | const unsigned char *p; | ||
| 337 | EVP_PKEY *pkey; | ||
| 338 | |||
| 339 | p = d; | ||
| 340 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { | ||
| 341 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); | ||
| 342 | return (0); | ||
| 343 | } | ||
| 344 | |||
| 345 | ret = SSL_use_PrivateKey(ssl, pkey); | ||
| 346 | EVP_PKEY_free(pkey); | ||
| 347 | return (ret); | ||
| 348 | } | ||
| 349 | |||
| 350 | int | ||
| 351 | SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | ||
| 352 | { | ||
| 353 | if (x == NULL) { | ||
| 354 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); | ||
| 355 | return (0); | ||
| 356 | } | ||
| 357 | if (!ssl_cert_inst(&ctx->cert)) { | ||
| 358 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); | ||
| 359 | return (0); | ||
| 360 | } | ||
| 361 | return (ssl_set_cert(ctx->cert, x)); | ||
| 362 | } | ||
| 363 | |||
| 364 | static int | ||
| 365 | ssl_set_cert(CERT *c, X509 *x) | ||
| 366 | { | ||
| 367 | EVP_PKEY *pkey; | ||
| 368 | int i; | ||
| 369 | |||
| 370 | pkey = X509_get_pubkey(x); | ||
| 371 | if (pkey == NULL) { | ||
| 372 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB); | ||
| 373 | return (0); | ||
| 374 | } | ||
| 375 | |||
| 376 | i = ssl_cert_type(x, pkey); | ||
| 377 | if (i < 0) { | ||
| 378 | SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 379 | EVP_PKEY_free(pkey); | ||
| 380 | return (0); | ||
| 381 | } | ||
| 382 | |||
| 383 | if (c->pkeys[i].privatekey != NULL) { | ||
| 384 | EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); | ||
| 385 | ERR_clear_error(); | ||
| 386 | |||
| 387 | /* | ||
| 388 | * Don't check the public/private key, this is mostly | ||
| 389 | * for smart cards. | ||
| 390 | */ | ||
| 391 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | ||
| 392 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | ||
| 393 | RSA_METHOD_FLAG_NO_CHECK)) | ||
| 394 | ; | ||
| 395 | else | ||
| 396 | if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { | ||
| 397 | /* | ||
| 398 | * don't fail for a cert/key mismatch, just free | ||
| 399 | * current private key (when switching to a different | ||
| 400 | * cert & key, first this function should be used, | ||
| 401 | * then ssl_set_pkey | ||
| 402 | */ | ||
| 403 | EVP_PKEY_free(c->pkeys[i].privatekey); | ||
| 404 | c->pkeys[i].privatekey = NULL; | ||
| 405 | /* clear error queue */ | ||
| 406 | ERR_clear_error(); | ||
| 407 | } | ||
| 408 | } | ||
| 409 | |||
| 410 | EVP_PKEY_free(pkey); | ||
| 411 | |||
| 412 | if (c->pkeys[i].x509 != NULL) | ||
| 413 | X509_free(c->pkeys[i].x509); | ||
| 414 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | ||
| 415 | c->pkeys[i].x509 = x; | ||
| 416 | c->key = &(c->pkeys[i]); | ||
| 417 | |||
| 418 | c->valid = 0; | ||
| 419 | return (1); | ||
| 420 | } | ||
| 421 | |||
| 422 | int | ||
| 423 | SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) | ||
| 424 | { | ||
| 425 | int j; | ||
| 426 | BIO *in; | ||
| 427 | int ret = 0; | ||
| 428 | X509 *x = NULL; | ||
| 429 | |||
| 430 | in = BIO_new(BIO_s_file_internal()); | ||
| 431 | if (in == NULL) { | ||
| 432 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); | ||
| 433 | goto end; | ||
| 434 | } | ||
| 435 | |||
| 436 | if (BIO_read_filename(in, file) <= 0) { | ||
| 437 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); | ||
| 438 | goto end; | ||
| 439 | } | ||
| 440 | if (type == SSL_FILETYPE_ASN1) { | ||
| 441 | j = ERR_R_ASN1_LIB; | ||
| 442 | x = d2i_X509_bio(in, NULL); | ||
| 443 | } else if (type == SSL_FILETYPE_PEM) { | ||
| 444 | j = ERR_R_PEM_LIB; | ||
| 445 | x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, | ||
| 446 | ctx->default_passwd_callback_userdata); | ||
| 447 | } else { | ||
| 448 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); | ||
| 449 | goto end; | ||
| 450 | } | ||
| 451 | |||
| 452 | if (x == NULL) { | ||
| 453 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); | ||
| 454 | goto end; | ||
| 455 | } | ||
| 456 | |||
| 457 | ret = SSL_CTX_use_certificate(ctx, x); | ||
| 458 | end: | ||
| 459 | if (x != NULL) | ||
| 460 | X509_free(x); | ||
| 461 | BIO_free(in); | ||
| 462 | return (ret); | ||
| 463 | } | ||
| 464 | |||
| 465 | int | ||
| 466 | SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d) | ||
| 467 | { | ||
| 468 | X509 *x; | ||
| 469 | int ret; | ||
| 470 | |||
| 471 | x = d2i_X509(NULL, &d,(long)len); | ||
| 472 | if (x == NULL) { | ||
| 473 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB); | ||
| 474 | return (0); | ||
| 475 | } | ||
| 476 | |||
| 477 | ret = SSL_CTX_use_certificate(ctx, x); | ||
| 478 | X509_free(x); | ||
| 479 | return (ret); | ||
| 480 | } | ||
| 481 | |||
| 482 | int | ||
| 483 | SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) | ||
| 484 | { | ||
| 485 | int ret; | ||
| 486 | EVP_PKEY *pkey; | ||
| 487 | |||
| 488 | if (rsa == NULL) { | ||
| 489 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); | ||
| 490 | return (0); | ||
| 491 | } | ||
| 492 | if (!ssl_cert_inst(&ctx->cert)) { | ||
| 493 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 494 | return (0); | ||
| 495 | } | ||
| 496 | if ((pkey = EVP_PKEY_new()) == NULL) { | ||
| 497 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); | ||
| 498 | return (0); | ||
| 499 | } | ||
| 500 | |||
| 501 | RSA_up_ref(rsa); | ||
| 502 | EVP_PKEY_assign_RSA(pkey, rsa); | ||
| 503 | |||
| 504 | ret = ssl_set_pkey(ctx->cert, pkey); | ||
| 505 | EVP_PKEY_free(pkey); | ||
| 506 | return (ret); | ||
| 507 | } | ||
| 508 | |||
| 509 | int | ||
| 510 | SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) | ||
| 511 | { | ||
| 512 | int j, ret = 0; | ||
| 513 | BIO *in; | ||
| 514 | RSA *rsa = NULL; | ||
| 515 | |||
| 516 | in = BIO_new(BIO_s_file_internal()); | ||
| 517 | if (in == NULL) { | ||
| 518 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); | ||
| 519 | goto end; | ||
| 520 | } | ||
| 521 | |||
| 522 | if (BIO_read_filename(in, file) <= 0) { | ||
| 523 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); | ||
| 524 | goto end; | ||
| 525 | } | ||
| 526 | if (type == SSL_FILETYPE_ASN1) { | ||
| 527 | j = ERR_R_ASN1_LIB; | ||
| 528 | rsa = d2i_RSAPrivateKey_bio(in, NULL); | ||
| 529 | } else if (type == SSL_FILETYPE_PEM) { | ||
| 530 | j = ERR_R_PEM_LIB; | ||
| 531 | rsa = PEM_read_bio_RSAPrivateKey(in, NULL, | ||
| 532 | ctx->default_passwd_callback, | ||
| 533 | ctx->default_passwd_callback_userdata); | ||
| 534 | } else { | ||
| 535 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); | ||
| 536 | goto end; | ||
| 537 | } | ||
| 538 | if (rsa == NULL) { | ||
| 539 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j); | ||
| 540 | goto end; | ||
| 541 | } | ||
| 542 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); | ||
| 543 | RSA_free(rsa); | ||
| 544 | end: | ||
| 545 | BIO_free(in); | ||
| 546 | return (ret); | ||
| 547 | } | ||
| 548 | |||
| 549 | int | ||
| 550 | SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) | ||
| 551 | { | ||
| 552 | int ret; | ||
| 553 | const unsigned char *p; | ||
| 554 | RSA *rsa; | ||
| 555 | |||
| 556 | p = d; | ||
| 557 | if ((rsa = d2i_RSAPrivateKey(NULL, &p,(long)len)) == NULL) { | ||
| 558 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB); | ||
| 559 | return (0); | ||
| 560 | } | ||
| 561 | |||
| 562 | ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa); | ||
| 563 | RSA_free(rsa); | ||
| 564 | return (ret); | ||
| 565 | } | ||
| 566 | |||
| 567 | int | ||
| 568 | SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | ||
| 569 | { | ||
| 570 | if (pkey == NULL) { | ||
| 571 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, | ||
| 572 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 573 | return (0); | ||
| 574 | } | ||
| 575 | if (!ssl_cert_inst(&ctx->cert)) { | ||
| 576 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); | ||
| 577 | return (0); | ||
| 578 | } | ||
| 579 | return (ssl_set_pkey(ctx->cert, pkey)); | ||
| 580 | } | ||
| 581 | |||
| 582 | int | ||
| 583 | SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) | ||
| 584 | { | ||
| 585 | int j, ret = 0; | ||
| 586 | BIO *in; | ||
| 587 | EVP_PKEY *pkey = NULL; | ||
| 588 | |||
| 589 | in = BIO_new(BIO_s_file_internal()); | ||
| 590 | if (in == NULL) { | ||
| 591 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); | ||
| 592 | goto end; | ||
| 593 | } | ||
| 594 | |||
| 595 | if (BIO_read_filename(in, file) <= 0) { | ||
| 596 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); | ||
| 597 | goto end; | ||
| 598 | } | ||
| 599 | if (type == SSL_FILETYPE_PEM) { | ||
| 600 | j = ERR_R_PEM_LIB; | ||
| 601 | pkey = PEM_read_bio_PrivateKey(in, NULL, | ||
| 602 | ctx->default_passwd_callback, | ||
| 603 | ctx->default_passwd_callback_userdata); | ||
| 604 | } else if (type == SSL_FILETYPE_ASN1) { | ||
| 605 | j = ERR_R_ASN1_LIB; | ||
| 606 | pkey = d2i_PrivateKey_bio(in, NULL); | ||
| 607 | } else { | ||
| 608 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, | ||
| 609 | SSL_R_BAD_SSL_FILETYPE); | ||
| 610 | goto end; | ||
| 611 | } | ||
| 612 | if (pkey == NULL) { | ||
| 613 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); | ||
| 614 | goto end; | ||
| 615 | } | ||
| 616 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); | ||
| 617 | EVP_PKEY_free(pkey); | ||
| 618 | end: | ||
| 619 | BIO_free(in); | ||
| 620 | return (ret); | ||
| 621 | } | ||
| 622 | |||
| 623 | int | ||
| 624 | SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d, | ||
| 625 | long len) | ||
| 626 | { | ||
| 627 | int ret; | ||
| 628 | const unsigned char *p; | ||
| 629 | EVP_PKEY *pkey; | ||
| 630 | |||
| 631 | p = d; | ||
| 632 | if ((pkey = d2i_PrivateKey(type, NULL, &p,(long)len)) == NULL) { | ||
| 633 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB); | ||
| 634 | return (0); | ||
| 635 | } | ||
| 636 | |||
| 637 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); | ||
| 638 | EVP_PKEY_free(pkey); | ||
| 639 | return (ret); | ||
| 640 | } | ||
| 641 | |||
| 642 | |||
| 643 | /* | ||
| 644 | * Read a bio that contains our certificate in "PEM" format, | ||
| 645 | * possibly followed by a sequence of CA certificates that should be | ||
| 646 | * sent to the peer in the Certificate message. | ||
| 647 | */ | ||
| 648 | static int | ||
| 649 | ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in) | ||
| 650 | { | ||
| 651 | int ret = 0; | ||
| 652 | X509 *x = NULL; | ||
| 653 | |||
| 654 | ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */ | ||
| 655 | |||
| 656 | x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, | ||
| 657 | ctx->default_passwd_callback_userdata); | ||
| 658 | if (x == NULL) { | ||
| 659 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); | ||
| 660 | goto end; | ||
| 661 | } | ||
| 662 | |||
| 663 | ret = SSL_CTX_use_certificate(ctx, x); | ||
| 664 | |||
| 665 | if (ERR_peek_error() != 0) | ||
| 666 | ret = 0; | ||
| 667 | /* Key/certificate mismatch doesn't imply ret==0 ... */ | ||
| 668 | if (ret) { | ||
| 669 | /* | ||
| 670 | * If we could set up our certificate, now proceed to | ||
| 671 | * the CA certificates. | ||
| 672 | */ | ||
| 673 | X509 *ca; | ||
| 674 | int r; | ||
| 675 | unsigned long err; | ||
| 676 | |||
| 677 | if (ctx->extra_certs != NULL) { | ||
| 678 | sk_X509_pop_free(ctx->extra_certs, X509_free); | ||
| 679 | ctx->extra_certs = NULL; | ||
| 680 | } | ||
| 681 | |||
| 682 | while ((ca = PEM_read_bio_X509(in, NULL, | ||
| 683 | ctx->default_passwd_callback, | ||
| 684 | ctx->default_passwd_callback_userdata)) != NULL) { | ||
| 685 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | ||
| 686 | if (!r) { | ||
| 687 | X509_free(ca); | ||
| 688 | ret = 0; | ||
| 689 | goto end; | ||
| 690 | } | ||
| 691 | /* | ||
| 692 | * Note that we must not free r if it was successfully | ||
| 693 | * added to the chain (while we must free the main | ||
| 694 | * certificate, since its reference count is increased | ||
| 695 | * by SSL_CTX_use_certificate). | ||
| 696 | */ | ||
| 697 | } | ||
| 698 | |||
| 699 | /* When the while loop ends, it's usually just EOF. */ | ||
| 700 | err = ERR_peek_last_error(); | ||
| 701 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && | ||
| 702 | ERR_GET_REASON(err) == PEM_R_NO_START_LINE) | ||
| 703 | ERR_clear_error(); | ||
| 704 | else | ||
| 705 | ret = 0; /* some real error */ | ||
| 706 | } | ||
| 707 | |||
| 708 | end: | ||
| 709 | if (x != NULL) | ||
| 710 | X509_free(x); | ||
| 711 | return (ret); | ||
| 712 | } | ||
| 713 | |||
| 714 | int | ||
| 715 | SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | ||
| 716 | { | ||
| 717 | BIO *in; | ||
| 718 | int ret = 0; | ||
| 719 | |||
| 720 | in = BIO_new(BIO_s_file_internal()); | ||
| 721 | if (in == NULL) { | ||
| 722 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); | ||
| 723 | goto end; | ||
| 724 | } | ||
| 725 | |||
| 726 | if (BIO_read_filename(in, file) <= 0) { | ||
| 727 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); | ||
| 728 | goto end; | ||
| 729 | } | ||
| 730 | |||
| 731 | ret = ssl_ctx_use_certificate_chain_bio(ctx, in); | ||
| 732 | |||
| 733 | end: | ||
| 734 | BIO_free(in); | ||
| 735 | return (ret); | ||
| 736 | } | ||
| 737 | |||
| 738 | int | ||
| 739 | SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len) | ||
| 740 | { | ||
| 741 | BIO *in; | ||
| 742 | int ret = 0; | ||
| 743 | |||
| 744 | in = BIO_new_mem_buf(buf, len); | ||
| 745 | if (in == NULL) { | ||
| 746 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); | ||
| 747 | goto end; | ||
| 748 | } | ||
| 749 | |||
| 750 | ret = ssl_ctx_use_certificate_chain_bio(ctx, in); | ||
| 751 | |||
| 752 | end: | ||
| 753 | BIO_free(in); | ||
| 754 | return (ret); | ||
| 755 | } | ||
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c deleted file mode 100644 index 80b883f786..0000000000 --- a/src/lib/libssl/ssl_sess.c +++ /dev/null | |||
| @@ -1,1104 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.44 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2005 Nokia. All rights reserved. | ||
| 113 | * | ||
| 114 | * The portions of the attached software ("Contribution") is developed by | ||
| 115 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 116 | * license. | ||
| 117 | * | ||
| 118 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 119 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 120 | * support (see RFC 4279) to OpenSSL. | ||
| 121 | * | ||
| 122 | * No patent licenses or other rights except those expressly stated in | ||
| 123 | * the OpenSSL open source license shall be deemed granted or received | ||
| 124 | * expressly, by implication, estoppel, or otherwise. | ||
| 125 | * | ||
| 126 | * No assurances are provided by Nokia that the Contribution does not | ||
| 127 | * infringe the patent or other intellectual property rights of any third | ||
| 128 | * party or that the license provides you with all the necessary rights | ||
| 129 | * to make use of the Contribution. | ||
| 130 | * | ||
| 131 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 132 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 133 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 134 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 135 | * OTHERWISE. | ||
| 136 | */ | ||
| 137 | |||
| 138 | #include <openssl/lhash.h> | ||
| 139 | |||
| 140 | #ifndef OPENSSL_NO_ENGINE | ||
| 141 | #include <openssl/engine.h> | ||
| 142 | #endif | ||
| 143 | |||
| 144 | #include "ssl_locl.h" | ||
| 145 | |||
| 146 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | ||
| 147 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); | ||
| 148 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); | ||
| 149 | |||
| 150 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ | ||
| 151 | SSL_SESSION * | ||
| 152 | SSL_get_session(const SSL *ssl) | ||
| 153 | { | ||
| 154 | return (ssl->session); | ||
| 155 | } | ||
| 156 | |||
| 157 | /* variant of SSL_get_session: caller really gets something */ | ||
| 158 | SSL_SESSION * | ||
| 159 | SSL_get1_session(SSL *ssl) | ||
| 160 | { | ||
| 161 | SSL_SESSION *sess; | ||
| 162 | |||
| 163 | /* | ||
| 164 | * Need to lock this all up rather than just use CRYPTO_add so that | ||
| 165 | * somebody doesn't free ssl->session between when we check it's | ||
| 166 | * non-null and when we up the reference count. | ||
| 167 | */ | ||
| 168 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); | ||
| 169 | sess = ssl->session; | ||
| 170 | if (sess) | ||
| 171 | sess->references++; | ||
| 172 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); | ||
| 173 | |||
| 174 | return (sess); | ||
| 175 | } | ||
| 176 | |||
| 177 | int | ||
| 178 | SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 179 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
| 180 | { | ||
| 181 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, | ||
| 182 | argl, argp, new_func, dup_func, free_func); | ||
| 183 | } | ||
| 184 | |||
| 185 | int | ||
| 186 | SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | ||
| 187 | { | ||
| 188 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); | ||
| 189 | } | ||
| 190 | |||
| 191 | void * | ||
| 192 | SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx) | ||
| 193 | { | ||
| 194 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); | ||
| 195 | } | ||
| 196 | |||
| 197 | SSL_SESSION * | ||
| 198 | SSL_SESSION_new(void) | ||
| 199 | { | ||
| 200 | SSL_SESSION *ss; | ||
| 201 | |||
| 202 | ss = calloc(1, sizeof(SSL_SESSION)); | ||
| 203 | if (ss == NULL) { | ||
| 204 | SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); | ||
| 205 | return (0); | ||
| 206 | } | ||
| 207 | |||
| 208 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | ||
| 209 | ss->references = 1; | ||
| 210 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | ||
| 211 | ss->time = time(NULL); | ||
| 212 | ss->prev = NULL; | ||
| 213 | ss->next = NULL; | ||
| 214 | ss->tlsext_hostname = NULL; | ||
| 215 | |||
| 216 | ss->tlsext_ecpointformatlist_length = 0; | ||
| 217 | ss->tlsext_ecpointformatlist = NULL; | ||
| 218 | ss->tlsext_ellipticcurvelist_length = 0; | ||
| 219 | ss->tlsext_ellipticcurvelist = NULL; | ||
| 220 | |||
| 221 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | ||
| 222 | |||
| 223 | return (ss); | ||
| 224 | } | ||
| 225 | |||
| 226 | const unsigned char * | ||
| 227 | SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) | ||
| 228 | { | ||
| 229 | if (len) | ||
| 230 | *len = s->session_id_length; | ||
| 231 | return s->session_id; | ||
| 232 | } | ||
| 233 | |||
| 234 | unsigned int | ||
| 235 | SSL_SESSION_get_compress_id(const SSL_SESSION *s) | ||
| 236 | { | ||
| 237 | return 0; | ||
| 238 | } | ||
| 239 | |||
| 240 | /* | ||
| 241 | * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling | ||
| 242 | * the ID with random gunk repeatedly until we have no conflict is going to | ||
| 243 | * complete in one iteration pretty much "most" of the time (btw: | ||
| 244 | * understatement). So, if it takes us 10 iterations and we still can't avoid | ||
| 245 | * a conflict - well that's a reasonable point to call it quits. Either the | ||
| 246 | * arc4random code is broken or someone is trying to open roughly very close to | ||
| 247 | * 2^128 (or 2^256) SSL sessions to our server. How you might store that many | ||
| 248 | * sessions is perhaps a more interesting question... | ||
| 249 | */ | ||
| 250 | |||
| 251 | #define MAX_SESS_ID_ATTEMPTS 10 | ||
| 252 | |||
| 253 | static int | ||
| 254 | def_generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) | ||
| 255 | { | ||
| 256 | unsigned int retry = 0; | ||
| 257 | |||
| 258 | do { | ||
| 259 | arc4random_buf(id, *id_len); | ||
| 260 | } while (SSL_has_matching_session_id(ssl, id, *id_len) && | ||
| 261 | (++retry < MAX_SESS_ID_ATTEMPTS)); | ||
| 262 | |||
| 263 | if (retry < MAX_SESS_ID_ATTEMPTS) | ||
| 264 | return 1; | ||
| 265 | |||
| 266 | /* else - woops a session_id match */ | ||
| 267 | /* XXX We should also check the external cache -- | ||
| 268 | * but the probability of a collision is negligible, and | ||
| 269 | * we could not prevent the concurrent creation of sessions | ||
| 270 | * with identical IDs since we currently don't have means | ||
| 271 | * to atomically check whether a session ID already exists | ||
| 272 | * and make a reservation for it if it does not | ||
| 273 | * (this problem applies to the internal cache as well). | ||
| 274 | */ | ||
| 275 | return 0; | ||
| 276 | } | ||
| 277 | |||
| 278 | int | ||
| 279 | ssl_get_new_session(SSL *s, int session) | ||
| 280 | { | ||
| 281 | unsigned int tmp; | ||
| 282 | SSL_SESSION *ss = NULL; | ||
| 283 | GEN_SESSION_CB cb = def_generate_session_id; | ||
| 284 | |||
| 285 | /* This gets used by clients and servers. */ | ||
| 286 | |||
| 287 | if ((ss = SSL_SESSION_new()) == NULL) | ||
| 288 | return (0); | ||
| 289 | |||
| 290 | /* If the context has a default timeout, use it */ | ||
| 291 | if (s->session_ctx->session_timeout == 0) | ||
| 292 | ss->timeout = SSL_get_default_timeout(s); | ||
| 293 | else | ||
| 294 | ss->timeout = s->session_ctx->session_timeout; | ||
| 295 | |||
| 296 | if (s->session != NULL) { | ||
| 297 | SSL_SESSION_free(s->session); | ||
| 298 | s->session = NULL; | ||
| 299 | } | ||
| 300 | |||
| 301 | if (session) { | ||
| 302 | switch (s->version) { | ||
| 303 | case SSL3_VERSION: | ||
| 304 | case TLS1_VERSION: | ||
| 305 | case TLS1_1_VERSION: | ||
| 306 | case TLS1_2_VERSION: | ||
| 307 | case DTLS1_BAD_VER: | ||
| 308 | case DTLS1_VERSION: | ||
| 309 | ss->ssl_version = s->version; | ||
| 310 | ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; | ||
| 311 | break; | ||
| 312 | default: | ||
| 313 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
| 314 | SSL_R_UNSUPPORTED_SSL_VERSION); | ||
| 315 | SSL_SESSION_free(ss); | ||
| 316 | return (0); | ||
| 317 | } | ||
| 318 | |||
| 319 | /* If RFC4507 ticket use empty session ID. */ | ||
| 320 | if (s->tlsext_ticket_expected) { | ||
| 321 | ss->session_id_length = 0; | ||
| 322 | goto sess_id_done; | ||
| 323 | } | ||
| 324 | |||
| 325 | /* Choose which callback will set the session ID. */ | ||
| 326 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 327 | if (s->generate_session_id) | ||
| 328 | cb = s->generate_session_id; | ||
| 329 | else if (s->session_ctx->generate_session_id) | ||
| 330 | cb = s->session_ctx->generate_session_id; | ||
| 331 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 332 | |||
| 333 | /* Choose a session ID. */ | ||
| 334 | tmp = ss->session_id_length; | ||
| 335 | if (!cb(s, ss->session_id, &tmp)) { | ||
| 336 | /* The callback failed */ | ||
| 337 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
| 338 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); | ||
| 339 | SSL_SESSION_free(ss); | ||
| 340 | return (0); | ||
| 341 | } | ||
| 342 | |||
| 343 | /* | ||
| 344 | * Don't allow the callback to set the session length to zero. | ||
| 345 | * nor set it higher than it was. | ||
| 346 | */ | ||
| 347 | if (!tmp || (tmp > ss->session_id_length)) { | ||
| 348 | /* The callback set an illegal length */ | ||
| 349 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
| 350 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); | ||
| 351 | SSL_SESSION_free(ss); | ||
| 352 | return (0); | ||
| 353 | } | ||
| 354 | ss->session_id_length = tmp; | ||
| 355 | |||
| 356 | /* Finally, check for a conflict. */ | ||
| 357 | if (SSL_has_matching_session_id(s, ss->session_id, | ||
| 358 | ss->session_id_length)) { | ||
| 359 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
| 360 | SSL_R_SSL_SESSION_ID_CONFLICT); | ||
| 361 | SSL_SESSION_free(ss); | ||
| 362 | return (0); | ||
| 363 | } | ||
| 364 | |||
| 365 | sess_id_done: | ||
| 366 | if (s->tlsext_hostname) { | ||
| 367 | ss->tlsext_hostname = strdup(s->tlsext_hostname); | ||
| 368 | if (ss->tlsext_hostname == NULL) { | ||
| 369 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
| 370 | ERR_R_INTERNAL_ERROR); | ||
| 371 | SSL_SESSION_free(ss); | ||
| 372 | return 0; | ||
| 373 | } | ||
| 374 | } | ||
| 375 | } else { | ||
| 376 | ss->session_id_length = 0; | ||
| 377 | } | ||
| 378 | |||
| 379 | if (s->sid_ctx_length > sizeof ss->sid_ctx) { | ||
| 380 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); | ||
| 381 | SSL_SESSION_free(ss); | ||
| 382 | return 0; | ||
| 383 | } | ||
| 384 | |||
| 385 | memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length); | ||
| 386 | ss->sid_ctx_length = s->sid_ctx_length; | ||
| 387 | s->session = ss; | ||
| 388 | ss->ssl_version = s->version; | ||
| 389 | ss->verify_result = X509_V_OK; | ||
| 390 | |||
| 391 | return (1); | ||
| 392 | } | ||
| 393 | |||
| 394 | /* | ||
| 395 | * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this | ||
| 396 | * connection. It is only called by servers. | ||
| 397 | * | ||
| 398 | * session_id: points at the session ID in the ClientHello. This code will | ||
| 399 | * read past the end of this in order to parse out the session ticket | ||
| 400 | * extension, if any. | ||
| 401 | * len: the length of the session ID. | ||
| 402 | * limit: a pointer to the first byte after the ClientHello. | ||
| 403 | * | ||
| 404 | * Returns: | ||
| 405 | * -1: error | ||
| 406 | * 0: a session may have been found. | ||
| 407 | * | ||
| 408 | * Side effects: | ||
| 409 | * - If a session is found then s->session is pointed at it (after freeing | ||
| 410 | * an existing session if need be) and s->verify_result is set from the | ||
| 411 | * session. | ||
| 412 | * - Both for new and resumed sessions, s->tlsext_ticket_expected is set | ||
| 413 | * to 1 if the server should issue a new session ticket (to 0 otherwise). | ||
| 414 | */ | ||
| 415 | int | ||
| 416 | ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | ||
| 417 | const unsigned char *limit) | ||
| 418 | { | ||
| 419 | SSL_SESSION *ret = NULL; | ||
| 420 | int fatal = 0; | ||
| 421 | int try_session_cache = 1; | ||
| 422 | int r; | ||
| 423 | |||
| 424 | /* This is used only by servers. */ | ||
| 425 | |||
| 426 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) | ||
| 427 | goto err; | ||
| 428 | |||
| 429 | if (len == 0) | ||
| 430 | try_session_cache = 0; | ||
| 431 | |||
| 432 | /* Sets s->tlsext_ticket_expected. */ | ||
| 433 | r = tls1_process_ticket(s, session_id, len, limit, &ret); | ||
| 434 | switch (r) { | ||
| 435 | case -1: /* Error during processing */ | ||
| 436 | fatal = 1; | ||
| 437 | goto err; | ||
| 438 | case 0: /* No ticket found */ | ||
| 439 | case 1: /* Zero length ticket found */ | ||
| 440 | break; /* Ok to carry on processing session id. */ | ||
| 441 | case 2: /* Ticket found but not decrypted. */ | ||
| 442 | case 3: /* Ticket decrypted, *ret has been set. */ | ||
| 443 | try_session_cache = 0; | ||
| 444 | break; | ||
| 445 | default: | ||
| 446 | abort(); | ||
| 447 | } | ||
| 448 | |||
| 449 | if (try_session_cache && ret == NULL && | ||
| 450 | !(s->session_ctx->session_cache_mode & | ||
| 451 | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { | ||
| 452 | SSL_SESSION data; | ||
| 453 | data.ssl_version = s->version; | ||
| 454 | data.session_id_length = len; | ||
| 455 | if (len == 0) | ||
| 456 | return 0; | ||
| 457 | memcpy(data.session_id, session_id, len); | ||
| 458 | |||
| 459 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 460 | ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); | ||
| 461 | if (ret != NULL) { | ||
| 462 | /* Don't allow other threads to steal it. */ | ||
| 463 | CRYPTO_add(&ret->references, 1, | ||
| 464 | CRYPTO_LOCK_SSL_SESSION); | ||
| 465 | } | ||
| 466 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 467 | |||
| 468 | if (ret == NULL) | ||
| 469 | s->session_ctx->stats.sess_miss++; | ||
| 470 | } | ||
| 471 | |||
| 472 | if (try_session_cache && ret == NULL && | ||
| 473 | s->session_ctx->get_session_cb != NULL) { | ||
| 474 | int copy = 1; | ||
| 475 | |||
| 476 | if ((ret = s->session_ctx->get_session_cb(s, session_id, | ||
| 477 | len, ©))) { | ||
| 478 | s->session_ctx->stats.sess_cb_hit++; | ||
| 479 | |||
| 480 | /* | ||
| 481 | * Increment reference count now if the session | ||
| 482 | * callback asks us to do so (note that if the session | ||
| 483 | * structures returned by the callback are shared | ||
| 484 | * between threads, it must handle the reference count | ||
| 485 | * itself [i.e. copy == 0], or things won't be | ||
| 486 | * thread-safe). | ||
| 487 | */ | ||
| 488 | if (copy) | ||
| 489 | CRYPTO_add(&ret->references, 1, | ||
| 490 | CRYPTO_LOCK_SSL_SESSION); | ||
| 491 | |||
| 492 | /* | ||
| 493 | * Add the externally cached session to the internal | ||
| 494 | * cache as well if and only if we are supposed to. | ||
| 495 | */ | ||
| 496 | if (!(s->session_ctx->session_cache_mode & | ||
| 497 | SSL_SESS_CACHE_NO_INTERNAL_STORE)) | ||
| 498 | /* | ||
| 499 | * The following should not return 1, | ||
| 500 | * otherwise, things are very strange. | ||
| 501 | */ | ||
| 502 | SSL_CTX_add_session(s->session_ctx, ret); | ||
| 503 | } | ||
| 504 | } | ||
| 505 | |||
| 506 | if (ret == NULL) | ||
| 507 | goto err; | ||
| 508 | |||
| 509 | /* Now ret is non-NULL and we own one of its reference counts. */ | ||
| 510 | |||
| 511 | if (ret->sid_ctx_length != s->sid_ctx_length || | ||
| 512 | timingsafe_memcmp(ret->sid_ctx, | ||
| 513 | s->sid_ctx, ret->sid_ctx_length) != 0) { | ||
| 514 | /* We have the session requested by the client, but we don't | ||
| 515 | * want to use it in this context. */ | ||
| 516 | goto err; /* treat like cache miss */ | ||
| 517 | } | ||
| 518 | |||
| 519 | if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { | ||
| 520 | /* | ||
| 521 | * We can't be sure if this session is being used out of | ||
| 522 | * context, which is especially important for SSL_VERIFY_PEER. | ||
| 523 | * The application should have used | ||
| 524 | * SSL[_CTX]_set_session_id_context. | ||
| 525 | * | ||
| 526 | * For this error case, we generate an error instead of treating | ||
| 527 | * the event like a cache miss (otherwise it would be easy for | ||
| 528 | * applications to effectively disable the session cache by | ||
| 529 | * accident without anyone noticing). | ||
| 530 | */ | ||
| 531 | SSLerr(SSL_F_SSL_GET_PREV_SESSION, | ||
| 532 | SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
| 533 | fatal = 1; | ||
| 534 | goto err; | ||
| 535 | } | ||
| 536 | |||
| 537 | if (ret->cipher == NULL) { | ||
| 538 | ret->cipher = ssl3_get_cipher_by_id(ret->cipher_id); | ||
| 539 | if (ret->cipher == NULL) | ||
| 540 | goto err; | ||
| 541 | } | ||
| 542 | |||
| 543 | if (ret->timeout < (time(NULL) - ret->time)) { | ||
| 544 | /* timeout */ | ||
| 545 | s->session_ctx->stats.sess_timeout++; | ||
| 546 | if (try_session_cache) { | ||
| 547 | /* session was from the cache, so remove it */ | ||
| 548 | SSL_CTX_remove_session(s->session_ctx, ret); | ||
| 549 | } | ||
| 550 | goto err; | ||
| 551 | } | ||
| 552 | |||
| 553 | s->session_ctx->stats.sess_hit++; | ||
| 554 | |||
| 555 | if (s->session != NULL) | ||
| 556 | SSL_SESSION_free(s->session); | ||
| 557 | s->session = ret; | ||
| 558 | s->verify_result = s->session->verify_result; | ||
| 559 | return 1; | ||
| 560 | |||
| 561 | err: | ||
| 562 | if (ret != NULL) { | ||
| 563 | SSL_SESSION_free(ret); | ||
| 564 | if (!try_session_cache) { | ||
| 565 | /* | ||
| 566 | * The session was from a ticket, so we should | ||
| 567 | * issue a ticket for the new session. | ||
| 568 | */ | ||
| 569 | s->tlsext_ticket_expected = 1; | ||
| 570 | } | ||
| 571 | } | ||
| 572 | if (fatal) | ||
| 573 | return -1; | ||
| 574 | else | ||
| 575 | return 0; | ||
| 576 | } | ||
| 577 | |||
| 578 | int | ||
| 579 | SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
| 580 | { | ||
| 581 | int ret = 0; | ||
| 582 | SSL_SESSION *s; | ||
| 583 | |||
| 584 | /* | ||
| 585 | * Add just 1 reference count for the SSL_CTX's session cache | ||
| 586 | * even though it has two ways of access: each session is in a | ||
| 587 | * doubly linked list and an lhash. | ||
| 588 | */ | ||
| 589 | CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION); | ||
| 590 | |||
| 591 | /* | ||
| 592 | * If session c is in already in cache, we take back the increment | ||
| 593 | * later. | ||
| 594 | */ | ||
| 595 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 596 | s = lh_SSL_SESSION_insert(ctx->sessions, c); | ||
| 597 | |||
| 598 | /* | ||
| 599 | * s != NULL iff we already had a session with the given PID. | ||
| 600 | * In this case, s == c should hold (then we did not really modify | ||
| 601 | * ctx->sessions), or we're in trouble. | ||
| 602 | */ | ||
| 603 | if (s != NULL && s != c) { | ||
| 604 | /* We *are* in trouble ... */ | ||
| 605 | SSL_SESSION_list_remove(ctx, s); | ||
| 606 | SSL_SESSION_free(s); | ||
| 607 | /* | ||
| 608 | * ... so pretend the other session did not exist in cache | ||
| 609 | * (we cannot handle two SSL_SESSION structures with identical | ||
| 610 | * session ID in the same cache, which could happen e.g. when | ||
| 611 | * two threads concurrently obtain the same session from an | ||
| 612 | * external cache). | ||
| 613 | */ | ||
| 614 | s = NULL; | ||
| 615 | } | ||
| 616 | |||
| 617 | /* Put at the head of the queue unless it is already in the cache */ | ||
| 618 | if (s == NULL) | ||
| 619 | SSL_SESSION_list_add(ctx, c); | ||
| 620 | |||
| 621 | if (s != NULL) { | ||
| 622 | /* | ||
| 623 | * existing cache entry -- decrement previously incremented | ||
| 624 | * reference count because it already takes into account the | ||
| 625 | * cache. | ||
| 626 | */ | ||
| 627 | SSL_SESSION_free(s); /* s == c */ | ||
| 628 | ret = 0; | ||
| 629 | } else { | ||
| 630 | /* | ||
| 631 | * New cache entry -- remove old ones if cache has become | ||
| 632 | * too large. | ||
| 633 | */ | ||
| 634 | |||
| 635 | ret = 1; | ||
| 636 | |||
| 637 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) { | ||
| 638 | while (SSL_CTX_sess_number(ctx) > | ||
| 639 | SSL_CTX_sess_get_cache_size(ctx)) { | ||
| 640 | if (!remove_session_lock(ctx, | ||
| 641 | ctx->session_cache_tail, 0)) | ||
| 642 | break; | ||
| 643 | else | ||
| 644 | ctx->stats.sess_cache_full++; | ||
| 645 | } | ||
| 646 | } | ||
| 647 | } | ||
| 648 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 649 | return (ret); | ||
| 650 | } | ||
| 651 | |||
| 652 | int | ||
| 653 | SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) | ||
| 654 | { | ||
| 655 | return remove_session_lock(ctx, c, 1); | ||
| 656 | } | ||
| 657 | |||
| 658 | static int | ||
| 659 | remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | ||
| 660 | { | ||
| 661 | SSL_SESSION *r; | ||
| 662 | int ret = 0; | ||
| 663 | |||
| 664 | if ((c != NULL) && (c->session_id_length != 0)) { | ||
| 665 | if (lck) | ||
| 666 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 667 | if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) { | ||
| 668 | ret = 1; | ||
| 669 | r = lh_SSL_SESSION_delete(ctx->sessions, c); | ||
| 670 | SSL_SESSION_list_remove(ctx, c); | ||
| 671 | } | ||
| 672 | if (lck) | ||
| 673 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 674 | |||
| 675 | if (ret) { | ||
| 676 | r->not_resumable = 1; | ||
| 677 | if (ctx->remove_session_cb != NULL) | ||
| 678 | ctx->remove_session_cb(ctx, r); | ||
| 679 | SSL_SESSION_free(r); | ||
| 680 | } | ||
| 681 | } else | ||
| 682 | ret = 0; | ||
| 683 | return (ret); | ||
| 684 | } | ||
| 685 | |||
| 686 | void | ||
| 687 | SSL_SESSION_free(SSL_SESSION *ss) | ||
| 688 | { | ||
| 689 | int i; | ||
| 690 | |||
| 691 | if (ss == NULL) | ||
| 692 | return; | ||
| 693 | |||
| 694 | i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); | ||
| 695 | if (i > 0) | ||
| 696 | return; | ||
| 697 | |||
| 698 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | ||
| 699 | |||
| 700 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); | ||
| 701 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); | ||
| 702 | if (ss->sess_cert != NULL) | ||
| 703 | ssl_sess_cert_free(ss->sess_cert); | ||
| 704 | if (ss->peer != NULL) | ||
| 705 | X509_free(ss->peer); | ||
| 706 | if (ss->ciphers != NULL) | ||
| 707 | sk_SSL_CIPHER_free(ss->ciphers); | ||
| 708 | free(ss->tlsext_hostname); | ||
| 709 | free(ss->tlsext_tick); | ||
| 710 | ss->tlsext_ecpointformatlist_length = 0; | ||
| 711 | free(ss->tlsext_ecpointformatlist); | ||
| 712 | ss->tlsext_ellipticcurvelist_length = 0; | ||
| 713 | free(ss->tlsext_ellipticcurvelist); | ||
| 714 | OPENSSL_cleanse(ss, sizeof(*ss)); | ||
| 715 | free(ss); | ||
| 716 | } | ||
| 717 | |||
| 718 | int | ||
| 719 | SSL_set_session(SSL *s, SSL_SESSION *session) | ||
| 720 | { | ||
| 721 | int ret = 0; | ||
| 722 | const SSL_METHOD *meth; | ||
| 723 | |||
| 724 | if (session != NULL) { | ||
| 725 | meth = s->ctx->method->get_ssl_method(session->ssl_version); | ||
| 726 | if (meth == NULL) | ||
| 727 | meth = s->method->get_ssl_method(session->ssl_version); | ||
| 728 | if (meth == NULL) { | ||
| 729 | SSLerr(SSL_F_SSL_SET_SESSION, | ||
| 730 | SSL_R_UNABLE_TO_FIND_SSL_METHOD); | ||
| 731 | return (0); | ||
| 732 | } | ||
| 733 | |||
| 734 | if (meth != s->method) { | ||
| 735 | if (!SSL_set_ssl_method(s, meth)) | ||
| 736 | return (0); | ||
| 737 | } | ||
| 738 | |||
| 739 | |||
| 740 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | ||
| 741 | CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); | ||
| 742 | if (s->session != NULL) | ||
| 743 | SSL_SESSION_free(s->session); | ||
| 744 | s->session = session; | ||
| 745 | s->verify_result = s->session->verify_result; | ||
| 746 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | ||
| 747 | ret = 1; | ||
| 748 | } else { | ||
| 749 | if (s->session != NULL) { | ||
| 750 | SSL_SESSION_free(s->session); | ||
| 751 | s->session = NULL; | ||
| 752 | } | ||
| 753 | |||
| 754 | meth = s->ctx->method; | ||
| 755 | if (meth != s->method) { | ||
| 756 | if (!SSL_set_ssl_method(s, meth)) | ||
| 757 | return (0); | ||
| 758 | } | ||
| 759 | ret = 1; | ||
| 760 | } | ||
| 761 | return (ret); | ||
| 762 | } | ||
| 763 | |||
| 764 | long | ||
| 765 | SSL_SESSION_set_timeout(SSL_SESSION *s, long t) | ||
| 766 | { | ||
| 767 | if (s == NULL) | ||
| 768 | return (0); | ||
| 769 | s->timeout = t; | ||
| 770 | return (1); | ||
| 771 | } | ||
| 772 | |||
| 773 | long | ||
| 774 | SSL_SESSION_get_timeout(const SSL_SESSION *s) | ||
| 775 | { | ||
| 776 | if (s == NULL) | ||
| 777 | return (0); | ||
| 778 | return (s->timeout); | ||
| 779 | } | ||
| 780 | |||
| 781 | /* XXX 2038 */ | ||
| 782 | long | ||
| 783 | SSL_SESSION_get_time(const SSL_SESSION *s) | ||
| 784 | { | ||
| 785 | if (s == NULL) | ||
| 786 | return (0); | ||
| 787 | return (s->time); | ||
| 788 | } | ||
| 789 | |||
| 790 | /* XXX 2038 */ | ||
| 791 | long | ||
| 792 | SSL_SESSION_set_time(SSL_SESSION *s, long t) | ||
| 793 | { | ||
| 794 | if (s == NULL) | ||
| 795 | return (0); | ||
| 796 | s->time = t; | ||
| 797 | return (t); | ||
| 798 | } | ||
| 799 | |||
| 800 | X509 * | ||
| 801 | SSL_SESSION_get0_peer(SSL_SESSION *s) | ||
| 802 | { | ||
| 803 | return s->peer; | ||
| 804 | } | ||
| 805 | |||
| 806 | int | ||
| 807 | SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, | ||
| 808 | unsigned int sid_ctx_len) | ||
| 809 | { | ||
| 810 | if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) { | ||
| 811 | SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT, | ||
| 812 | SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | ||
| 813 | return 0; | ||
| 814 | } | ||
| 815 | s->sid_ctx_length = sid_ctx_len; | ||
| 816 | memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); | ||
| 817 | |||
| 818 | return 1; | ||
| 819 | } | ||
| 820 | |||
| 821 | long | ||
| 822 | SSL_CTX_set_timeout(SSL_CTX *s, long t) | ||
| 823 | { | ||
| 824 | long l; | ||
| 825 | |||
| 826 | if (s == NULL) | ||
| 827 | return (0); | ||
| 828 | l = s->session_timeout; | ||
| 829 | s->session_timeout = t; | ||
| 830 | |||
| 831 | return (l); | ||
| 832 | } | ||
| 833 | |||
| 834 | long | ||
| 835 | SSL_CTX_get_timeout(const SSL_CTX *s) | ||
| 836 | { | ||
| 837 | if (s == NULL) | ||
| 838 | return (0); | ||
| 839 | return (s->session_timeout); | ||
| 840 | } | ||
| 841 | |||
| 842 | int | ||
| 843 | SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, | ||
| 844 | void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, | ||
| 845 | SSL_CIPHER **cipher, void *arg), void *arg) | ||
| 846 | { | ||
| 847 | if (s == NULL) | ||
| 848 | return (0); | ||
| 849 | s->tls_session_secret_cb = tls_session_secret_cb; | ||
| 850 | s->tls_session_secret_cb_arg = arg; | ||
| 851 | return (1); | ||
| 852 | } | ||
| 853 | |||
| 854 | int | ||
| 855 | SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | ||
| 856 | void *arg) | ||
| 857 | { | ||
| 858 | if (s == NULL) | ||
| 859 | return (0); | ||
| 860 | s->tls_session_ticket_ext_cb = cb; | ||
| 861 | s->tls_session_ticket_ext_cb_arg = arg; | ||
| 862 | return (1); | ||
| 863 | } | ||
| 864 | |||
| 865 | int | ||
| 866 | SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) | ||
| 867 | { | ||
| 868 | if (s->version >= TLS1_VERSION) { | ||
| 869 | free(s->tlsext_session_ticket); | ||
| 870 | s->tlsext_session_ticket = | ||
| 871 | malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); | ||
| 872 | if (!s->tlsext_session_ticket) { | ||
| 873 | SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, | ||
| 874 | ERR_R_MALLOC_FAILURE); | ||
| 875 | return 0; | ||
| 876 | } | ||
| 877 | |||
| 878 | if (ext_data) { | ||
| 879 | s->tlsext_session_ticket->length = ext_len; | ||
| 880 | s->tlsext_session_ticket->data = | ||
| 881 | s->tlsext_session_ticket + 1; | ||
| 882 | memcpy(s->tlsext_session_ticket->data, | ||
| 883 | ext_data, ext_len); | ||
| 884 | } else { | ||
| 885 | s->tlsext_session_ticket->length = 0; | ||
| 886 | s->tlsext_session_ticket->data = NULL; | ||
| 887 | } | ||
| 888 | |||
| 889 | return 1; | ||
| 890 | } | ||
| 891 | |||
| 892 | return 0; | ||
| 893 | } | ||
| 894 | |||
| 895 | typedef struct timeout_param_st { | ||
| 896 | SSL_CTX *ctx; | ||
| 897 | long time; | ||
| 898 | LHASH_OF(SSL_SESSION) *cache; | ||
| 899 | } TIMEOUT_PARAM; | ||
| 900 | |||
| 901 | static void | ||
| 902 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | ||
| 903 | { | ||
| 904 | if ((p->time == 0) || (p->time > (s->time + s->timeout))) { | ||
| 905 | /* timeout */ | ||
| 906 | /* The reason we don't call SSL_CTX_remove_session() is to | ||
| 907 | * save on locking overhead */ | ||
| 908 | (void)lh_SSL_SESSION_delete(p->cache, s); | ||
| 909 | SSL_SESSION_list_remove(p->ctx, s); | ||
| 910 | s->not_resumable = 1; | ||
| 911 | if (p->ctx->remove_session_cb != NULL) | ||
| 912 | p->ctx->remove_session_cb(p->ctx, s); | ||
| 913 | SSL_SESSION_free(s); | ||
| 914 | } | ||
| 915 | } | ||
| 916 | |||
| 917 | static | ||
| 918 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | ||
| 919 | |||
| 920 | /* XXX 2038 */ | ||
| 921 | void | ||
| 922 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) | ||
| 923 | { | ||
| 924 | unsigned long i; | ||
| 925 | TIMEOUT_PARAM tp; | ||
| 926 | |||
| 927 | tp.ctx = s; | ||
| 928 | tp.cache = s->sessions; | ||
| 929 | if (tp.cache == NULL) | ||
| 930 | return; | ||
| 931 | tp.time = t; | ||
| 932 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 933 | i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | ||
| 934 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; | ||
| 935 | lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | ||
| 936 | TIMEOUT_PARAM, &tp); | ||
| 937 | CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; | ||
| 938 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 939 | } | ||
| 940 | |||
| 941 | int | ||
| 942 | ssl_clear_bad_session(SSL *s) | ||
| 943 | { | ||
| 944 | if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && | ||
| 945 | !(SSL_in_init(s) || SSL_in_before(s))) { | ||
| 946 | SSL_CTX_remove_session(s->ctx, s->session); | ||
| 947 | return (1); | ||
| 948 | } else | ||
| 949 | return (0); | ||
| 950 | } | ||
| 951 | |||
| 952 | /* locked by SSL_CTX in the calling function */ | ||
| 953 | static void | ||
| 954 | SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) | ||
| 955 | { | ||
| 956 | if ((s->next == NULL) || (s->prev == NULL)) | ||
| 957 | return; | ||
| 958 | |||
| 959 | if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) { | ||
| 960 | /* last element in list */ | ||
| 961 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { | ||
| 962 | /* only one element in list */ | ||
| 963 | ctx->session_cache_head = NULL; | ||
| 964 | ctx->session_cache_tail = NULL; | ||
| 965 | } else { | ||
| 966 | ctx->session_cache_tail = s->prev; | ||
| 967 | s->prev->next = | ||
| 968 | (SSL_SESSION *)&(ctx->session_cache_tail); | ||
| 969 | } | ||
| 970 | } else { | ||
| 971 | if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) { | ||
| 972 | /* first element in list */ | ||
| 973 | ctx->session_cache_head = s->next; | ||
| 974 | s->next->prev = | ||
| 975 | (SSL_SESSION *)&(ctx->session_cache_head); | ||
| 976 | } else { | ||
| 977 | /* middle of list */ | ||
| 978 | s->next->prev = s->prev; | ||
| 979 | s->prev->next = s->next; | ||
| 980 | } | ||
| 981 | } | ||
| 982 | s->prev = s->next = NULL; | ||
| 983 | } | ||
| 984 | |||
| 985 | static void | ||
| 986 | SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) | ||
| 987 | { | ||
| 988 | if ((s->next != NULL) && (s->prev != NULL)) | ||
| 989 | SSL_SESSION_list_remove(ctx, s); | ||
| 990 | |||
| 991 | if (ctx->session_cache_head == NULL) { | ||
| 992 | ctx->session_cache_head = s; | ||
| 993 | ctx->session_cache_tail = s; | ||
| 994 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); | ||
| 995 | s->next = (SSL_SESSION *)&(ctx->session_cache_tail); | ||
| 996 | } else { | ||
| 997 | s->next = ctx->session_cache_head; | ||
| 998 | s->next->prev = s; | ||
| 999 | s->prev = (SSL_SESSION *)&(ctx->session_cache_head); | ||
| 1000 | ctx->session_cache_head = s; | ||
| 1001 | } | ||
| 1002 | } | ||
| 1003 | |||
| 1004 | void | ||
| 1005 | SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, | ||
| 1006 | int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) { | ||
| 1007 | ctx->new_session_cb = cb; | ||
| 1008 | } | ||
| 1009 | |||
| 1010 | int | ||
| 1011 | (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess) | ||
| 1012 | { | ||
| 1013 | return ctx->new_session_cb; | ||
| 1014 | } | ||
| 1015 | |||
| 1016 | void | ||
| 1017 | SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, | ||
| 1018 | void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess)) | ||
| 1019 | { | ||
| 1020 | ctx->remove_session_cb = cb; | ||
| 1021 | } | ||
| 1022 | |||
| 1023 | void | ||
| 1024 | (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess) | ||
| 1025 | { | ||
| 1026 | return ctx->remove_session_cb; | ||
| 1027 | } | ||
| 1028 | |||
| 1029 | void | ||
| 1030 | SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl, | ||
| 1031 | unsigned char *data, int len, int *copy)) | ||
| 1032 | { | ||
| 1033 | ctx->get_session_cb = cb; | ||
| 1034 | } | ||
| 1035 | |||
| 1036 | SSL_SESSION * | ||
| 1037 | (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, | ||
| 1038 | int len, int *copy) | ||
| 1039 | { | ||
| 1040 | return ctx->get_session_cb; | ||
| 1041 | } | ||
| 1042 | |||
| 1043 | void | ||
| 1044 | SSL_CTX_set_info_callback(SSL_CTX *ctx, | ||
| 1045 | void (*cb)(const SSL *ssl, int type, int val)) | ||
| 1046 | { | ||
| 1047 | ctx->info_callback = cb; | ||
| 1048 | } | ||
| 1049 | |||
| 1050 | void | ||
| 1051 | (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val) | ||
| 1052 | { | ||
| 1053 | return ctx->info_callback; | ||
| 1054 | } | ||
| 1055 | |||
| 1056 | void | ||
| 1057 | SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, | ||
| 1058 | int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)) | ||
| 1059 | { | ||
| 1060 | ctx->client_cert_cb = cb; | ||
| 1061 | } | ||
| 1062 | |||
| 1063 | int | ||
| 1064 | (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509, | ||
| 1065 | EVP_PKEY **pkey) | ||
| 1066 | { | ||
| 1067 | return ctx->client_cert_cb; | ||
| 1068 | } | ||
| 1069 | |||
| 1070 | #ifndef OPENSSL_NO_ENGINE | ||
| 1071 | int | ||
| 1072 | SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | ||
| 1073 | { | ||
| 1074 | if (!ENGINE_init(e)) { | ||
| 1075 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, | ||
| 1076 | ERR_R_ENGINE_LIB); | ||
| 1077 | return 0; | ||
| 1078 | } | ||
| 1079 | if (!ENGINE_get_ssl_client_cert_function(e)) { | ||
| 1080 | SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, | ||
| 1081 | SSL_R_NO_CLIENT_CERT_METHOD); | ||
| 1082 | ENGINE_finish(e); | ||
| 1083 | return 0; | ||
| 1084 | } | ||
| 1085 | ctx->client_cert_engine = e; | ||
| 1086 | return 1; | ||
| 1087 | } | ||
| 1088 | #endif | ||
| 1089 | |||
| 1090 | void | ||
| 1091 | SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, | ||
| 1092 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) | ||
| 1093 | { | ||
| 1094 | ctx->app_gen_cookie_cb = cb; | ||
| 1095 | } | ||
| 1096 | |||
| 1097 | void | ||
| 1098 | SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, | ||
| 1099 | int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)) | ||
| 1100 | { | ||
| 1101 | ctx->app_verify_cookie_cb = cb; | ||
| 1102 | } | ||
| 1103 | |||
| 1104 | IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION) | ||
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c deleted file mode 100644 index 6d67d19c25..0000000000 --- a/src/lib/libssl/ssl_stat.c +++ /dev/null | |||
| @@ -1,801 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_stat.c,v 1.12 2014/11/16 14:12:47 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2005 Nokia. All rights reserved. | ||
| 60 | * | ||
| 61 | * The portions of the attached software ("Contribution") is developed by | ||
| 62 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 63 | * license. | ||
| 64 | * | ||
| 65 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 66 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 67 | * support (see RFC 4279) to OpenSSL. | ||
| 68 | * | ||
| 69 | * No patent licenses or other rights except those expressly stated in | ||
| 70 | * the OpenSSL open source license shall be deemed granted or received | ||
| 71 | * expressly, by implication, estoppel, or otherwise. | ||
| 72 | * | ||
| 73 | * No assurances are provided by Nokia that the Contribution does not | ||
| 74 | * infringe the patent or other intellectual property rights of any third | ||
| 75 | * party or that the license provides you with all the necessary rights | ||
| 76 | * to make use of the Contribution. | ||
| 77 | * | ||
| 78 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 79 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 80 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 81 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 82 | * OTHERWISE. | ||
| 83 | */ | ||
| 84 | |||
| 85 | #include <stdio.h> | ||
| 86 | |||
| 87 | #include "ssl_locl.h" | ||
| 88 | |||
| 89 | const char * | ||
| 90 | SSL_state_string_long(const SSL *s) | ||
| 91 | { | ||
| 92 | const char *str; | ||
| 93 | |||
| 94 | switch (s->state) { | ||
| 95 | case SSL_ST_BEFORE: | ||
| 96 | str = "before SSL initialization"; | ||
| 97 | break; | ||
| 98 | case SSL_ST_ACCEPT: | ||
| 99 | str = "before accept initialization"; | ||
| 100 | break; | ||
| 101 | case SSL_ST_CONNECT: | ||
| 102 | str = "before connect initialization"; | ||
| 103 | break; | ||
| 104 | case SSL_ST_OK: | ||
| 105 | str = "SSL negotiation finished successfully"; | ||
| 106 | break; | ||
| 107 | case SSL_ST_RENEGOTIATE: | ||
| 108 | str = "SSL renegotiate ciphers"; | ||
| 109 | break; | ||
| 110 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | ||
| 111 | str = "before/connect initialization"; | ||
| 112 | break; | ||
| 113 | case SSL_ST_OK|SSL_ST_CONNECT: | ||
| 114 | str = "ok/connect SSL initialization"; | ||
| 115 | break; | ||
| 116 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | ||
| 117 | str = "before/accept initialization"; | ||
| 118 | break; | ||
| 119 | case SSL_ST_OK|SSL_ST_ACCEPT: | ||
| 120 | str = "ok/accept SSL initialization"; | ||
| 121 | break; | ||
| 122 | |||
| 123 | /* SSLv3 additions */ | ||
| 124 | case SSL3_ST_CW_CLNT_HELLO_A: | ||
| 125 | str = "SSLv3 write client hello A"; | ||
| 126 | break; | ||
| 127 | case SSL3_ST_CW_CLNT_HELLO_B: | ||
| 128 | str = "SSLv3 write client hello B"; | ||
| 129 | break; | ||
| 130 | case SSL3_ST_CR_SRVR_HELLO_A: | ||
| 131 | str = "SSLv3 read server hello A"; | ||
| 132 | break; | ||
| 133 | case SSL3_ST_CR_SRVR_HELLO_B: | ||
| 134 | str = "SSLv3 read server hello B"; | ||
| 135 | break; | ||
| 136 | case SSL3_ST_CR_CERT_A: | ||
| 137 | str = "SSLv3 read server certificate A"; | ||
| 138 | break; | ||
| 139 | case SSL3_ST_CR_CERT_B: | ||
| 140 | str = "SSLv3 read server certificate B"; | ||
| 141 | break; | ||
| 142 | case SSL3_ST_CR_KEY_EXCH_A: | ||
| 143 | str = "SSLv3 read server key exchange A"; | ||
| 144 | break; | ||
| 145 | case SSL3_ST_CR_KEY_EXCH_B: | ||
| 146 | str = "SSLv3 read server key exchange B"; | ||
| 147 | break; | ||
| 148 | case SSL3_ST_CR_CERT_REQ_A: | ||
| 149 | str = "SSLv3 read server certificate request A"; | ||
| 150 | break; | ||
| 151 | case SSL3_ST_CR_CERT_REQ_B: | ||
| 152 | str = "SSLv3 read server certificate request B"; | ||
| 153 | break; | ||
| 154 | case SSL3_ST_CR_SESSION_TICKET_A: | ||
| 155 | str = "SSLv3 read server session ticket A"; | ||
| 156 | break; | ||
| 157 | case SSL3_ST_CR_SESSION_TICKET_B: | ||
| 158 | str = "SSLv3 read server session ticket B"; | ||
| 159 | break; | ||
| 160 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 161 | str = "SSLv3 read server done A"; | ||
| 162 | break; | ||
| 163 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 164 | str = "SSLv3 read server done B"; | ||
| 165 | break; | ||
| 166 | case SSL3_ST_CW_CERT_A: | ||
| 167 | str = "SSLv3 write client certificate A"; | ||
| 168 | break; | ||
| 169 | case SSL3_ST_CW_CERT_B: | ||
| 170 | str = "SSLv3 write client certificate B"; | ||
| 171 | break; | ||
| 172 | case SSL3_ST_CW_CERT_C: | ||
| 173 | str = "SSLv3 write client certificate C"; | ||
| 174 | break; | ||
| 175 | case SSL3_ST_CW_CERT_D: | ||
| 176 | str = "SSLv3 write client certificate D"; | ||
| 177 | break; | ||
| 178 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 179 | str = "SSLv3 write client key exchange A"; | ||
| 180 | break; | ||
| 181 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 182 | str = "SSLv3 write client key exchange B"; | ||
| 183 | break; | ||
| 184 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 185 | str = "SSLv3 write certificate verify A"; | ||
| 186 | break; | ||
| 187 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 188 | str = "SSLv3 write certificate verify B"; | ||
| 189 | break; | ||
| 190 | |||
| 191 | case SSL3_ST_CW_CHANGE_A: | ||
| 192 | case SSL3_ST_SW_CHANGE_A: | ||
| 193 | str = "SSLv3 write change cipher spec A"; | ||
| 194 | break; | ||
| 195 | case SSL3_ST_CW_CHANGE_B: | ||
| 196 | case SSL3_ST_SW_CHANGE_B: | ||
| 197 | str = "SSLv3 write change cipher spec B"; | ||
| 198 | break; | ||
| 199 | case SSL3_ST_CW_FINISHED_A: | ||
| 200 | case SSL3_ST_SW_FINISHED_A: | ||
| 201 | str = "SSLv3 write finished A"; | ||
| 202 | break; | ||
| 203 | case SSL3_ST_CW_FINISHED_B: | ||
| 204 | case SSL3_ST_SW_FINISHED_B: | ||
| 205 | str = "SSLv3 write finished B"; | ||
| 206 | break; | ||
| 207 | case SSL3_ST_CR_CHANGE_A: | ||
| 208 | case SSL3_ST_SR_CHANGE_A: | ||
| 209 | str = "SSLv3 read change cipher spec A"; | ||
| 210 | break; | ||
| 211 | case SSL3_ST_CR_CHANGE_B: | ||
| 212 | case SSL3_ST_SR_CHANGE_B: | ||
| 213 | str = "SSLv3 read change cipher spec B"; | ||
| 214 | break; | ||
| 215 | case SSL3_ST_CR_FINISHED_A: | ||
| 216 | case SSL3_ST_SR_FINISHED_A: | ||
| 217 | str = "SSLv3 read finished A"; | ||
| 218 | break; | ||
| 219 | case SSL3_ST_CR_FINISHED_B: | ||
| 220 | case SSL3_ST_SR_FINISHED_B: | ||
| 221 | str = "SSLv3 read finished B"; | ||
| 222 | break; | ||
| 223 | |||
| 224 | case SSL3_ST_CW_FLUSH: | ||
| 225 | case SSL3_ST_SW_FLUSH: | ||
| 226 | str = "SSLv3 flush data"; | ||
| 227 | break; | ||
| 228 | |||
| 229 | case SSL3_ST_SR_CLNT_HELLO_A: | ||
| 230 | str = "SSLv3 read client hello A"; | ||
| 231 | break; | ||
| 232 | case SSL3_ST_SR_CLNT_HELLO_B: | ||
| 233 | str = "SSLv3 read client hello B"; | ||
| 234 | break; | ||
| 235 | case SSL3_ST_SR_CLNT_HELLO_C: | ||
| 236 | str = "SSLv3 read client hello C"; | ||
| 237 | break; | ||
| 238 | case SSL3_ST_SW_HELLO_REQ_A: | ||
| 239 | str = "SSLv3 write hello request A"; | ||
| 240 | break; | ||
| 241 | case SSL3_ST_SW_HELLO_REQ_B: | ||
| 242 | str = "SSLv3 write hello request B"; | ||
| 243 | break; | ||
| 244 | case SSL3_ST_SW_HELLO_REQ_C: | ||
| 245 | str = "SSLv3 write hello request C"; | ||
| 246 | break; | ||
| 247 | case SSL3_ST_SW_SRVR_HELLO_A: | ||
| 248 | str = "SSLv3 write server hello A"; | ||
| 249 | break; | ||
| 250 | case SSL3_ST_SW_SRVR_HELLO_B: | ||
| 251 | str = "SSLv3 write server hello B"; | ||
| 252 | break; | ||
| 253 | case SSL3_ST_SW_CERT_A: | ||
| 254 | str = "SSLv3 write certificate A"; | ||
| 255 | break; | ||
| 256 | case SSL3_ST_SW_CERT_B: | ||
| 257 | str = "SSLv3 write certificate B"; | ||
| 258 | break; | ||
| 259 | case SSL3_ST_SW_KEY_EXCH_A: | ||
| 260 | str = "SSLv3 write key exchange A"; | ||
| 261 | break; | ||
| 262 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 263 | str = "SSLv3 write key exchange B"; | ||
| 264 | break; | ||
| 265 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 266 | str = "SSLv3 write certificate request A"; | ||
| 267 | break; | ||
| 268 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 269 | str = "SSLv3 write certificate request B"; | ||
| 270 | break; | ||
| 271 | case SSL3_ST_SW_SESSION_TICKET_A: | ||
| 272 | str = "SSLv3 write session ticket A"; | ||
| 273 | break; | ||
| 274 | case SSL3_ST_SW_SESSION_TICKET_B: | ||
| 275 | str = "SSLv3 write session ticket B"; | ||
| 276 | break; | ||
| 277 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 278 | str = "SSLv3 write server done A"; | ||
| 279 | break; | ||
| 280 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 281 | str = "SSLv3 write server done B"; | ||
| 282 | break; | ||
| 283 | case SSL3_ST_SR_CERT_A: | ||
| 284 | str = "SSLv3 read client certificate A"; | ||
| 285 | break; | ||
| 286 | case SSL3_ST_SR_CERT_B: | ||
| 287 | str = "SSLv3 read client certificate B"; | ||
| 288 | break; | ||
| 289 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 290 | str = "SSLv3 read client key exchange A"; | ||
| 291 | break; | ||
| 292 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 293 | str = "SSLv3 read client key exchange B"; | ||
| 294 | break; | ||
| 295 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 296 | str = "SSLv3 read certificate verify A"; | ||
| 297 | break; | ||
| 298 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 299 | str = "SSLv3 read certificate verify B"; | ||
| 300 | break; | ||
| 301 | |||
| 302 | /* DTLS */ | ||
| 303 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: | ||
| 304 | str = "DTLS1 read hello verify request A"; | ||
| 305 | break; | ||
| 306 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: | ||
| 307 | str = "DTLS1 read hello verify request B"; | ||
| 308 | break; | ||
| 309 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 310 | str = "DTLS1 write hello verify request A"; | ||
| 311 | break; | ||
| 312 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 313 | str = "DTLS1 write hello verify request B"; | ||
| 314 | break; | ||
| 315 | |||
| 316 | default: | ||
| 317 | str = "unknown state"; | ||
| 318 | break; | ||
| 319 | } | ||
| 320 | return (str); | ||
| 321 | } | ||
| 322 | |||
| 323 | const char * | ||
| 324 | SSL_rstate_string_long(const SSL *s) | ||
| 325 | { | ||
| 326 | const char *str; | ||
| 327 | |||
| 328 | switch (s->rstate) { | ||
| 329 | case SSL_ST_READ_HEADER: | ||
| 330 | str = "read header"; | ||
| 331 | break; | ||
| 332 | case SSL_ST_READ_BODY: | ||
| 333 | str = "read body"; | ||
| 334 | break; | ||
| 335 | case SSL_ST_READ_DONE: | ||
| 336 | str = "read done"; | ||
| 337 | break; | ||
| 338 | default: | ||
| 339 | str = "unknown"; | ||
| 340 | break; | ||
| 341 | } | ||
| 342 | return (str); | ||
| 343 | } | ||
| 344 | |||
| 345 | const char * | ||
| 346 | SSL_state_string(const SSL *s) | ||
| 347 | { | ||
| 348 | const char *str; | ||
| 349 | |||
| 350 | switch (s->state) { | ||
| 351 | case SSL_ST_BEFORE: | ||
| 352 | str = "PINIT "; | ||
| 353 | break; | ||
| 354 | case SSL_ST_ACCEPT: | ||
| 355 | str = "AINIT "; | ||
| 356 | break; | ||
| 357 | case SSL_ST_CONNECT: | ||
| 358 | str = "CINIT "; | ||
| 359 | break; | ||
| 360 | case SSL_ST_OK: | ||
| 361 | str = "SSLOK "; | ||
| 362 | break; | ||
| 363 | |||
| 364 | /* SSLv3 additions */ | ||
| 365 | case SSL3_ST_SW_FLUSH: | ||
| 366 | case SSL3_ST_CW_FLUSH: | ||
| 367 | str = "3FLUSH"; | ||
| 368 | break; | ||
| 369 | case SSL3_ST_CW_CLNT_HELLO_A: | ||
| 370 | str = "3WCH_A"; | ||
| 371 | break; | ||
| 372 | case SSL3_ST_CW_CLNT_HELLO_B: | ||
| 373 | str = "3WCH_B"; | ||
| 374 | break; | ||
| 375 | case SSL3_ST_CR_SRVR_HELLO_A: | ||
| 376 | str = "3RSH_A"; | ||
| 377 | break; | ||
| 378 | case SSL3_ST_CR_SRVR_HELLO_B: | ||
| 379 | str = "3RSH_B"; | ||
| 380 | break; | ||
| 381 | case SSL3_ST_CR_CERT_A: | ||
| 382 | str = "3RSC_A"; | ||
| 383 | break; | ||
| 384 | case SSL3_ST_CR_CERT_B: | ||
| 385 | str = "3RSC_B"; | ||
| 386 | break; | ||
| 387 | case SSL3_ST_CR_KEY_EXCH_A: | ||
| 388 | str = "3RSKEA"; | ||
| 389 | break; | ||
| 390 | case SSL3_ST_CR_KEY_EXCH_B: | ||
| 391 | str = "3RSKEB"; | ||
| 392 | break; | ||
| 393 | case SSL3_ST_CR_CERT_REQ_A: | ||
| 394 | str = "3RCR_A"; | ||
| 395 | break; | ||
| 396 | case SSL3_ST_CR_CERT_REQ_B: | ||
| 397 | str = "3RCR_B"; | ||
| 398 | break; | ||
| 399 | case SSL3_ST_CR_SRVR_DONE_A: | ||
| 400 | str = "3RSD_A"; | ||
| 401 | break; | ||
| 402 | case SSL3_ST_CR_SRVR_DONE_B: | ||
| 403 | str = "3RSD_B"; | ||
| 404 | break; | ||
| 405 | case SSL3_ST_CW_CERT_A: | ||
| 406 | str = "3WCC_A"; | ||
| 407 | break; | ||
| 408 | case SSL3_ST_CW_CERT_B: | ||
| 409 | str = "3WCC_B"; | ||
| 410 | break; | ||
| 411 | case SSL3_ST_CW_CERT_C: | ||
| 412 | str = "3WCC_C"; | ||
| 413 | break; | ||
| 414 | case SSL3_ST_CW_CERT_D: | ||
| 415 | str = "3WCC_D"; | ||
| 416 | break; | ||
| 417 | case SSL3_ST_CW_KEY_EXCH_A: | ||
| 418 | str = "3WCKEA"; | ||
| 419 | break; | ||
| 420 | case SSL3_ST_CW_KEY_EXCH_B: | ||
| 421 | str = "3WCKEB"; | ||
| 422 | break; | ||
| 423 | case SSL3_ST_CW_CERT_VRFY_A: | ||
| 424 | str = "3WCV_A"; | ||
| 425 | break; | ||
| 426 | case SSL3_ST_CW_CERT_VRFY_B: | ||
| 427 | str = "3WCV_B"; | ||
| 428 | break; | ||
| 429 | |||
| 430 | case SSL3_ST_SW_CHANGE_A: | ||
| 431 | case SSL3_ST_CW_CHANGE_A: | ||
| 432 | str = "3WCCSA"; | ||
| 433 | break; | ||
| 434 | case SSL3_ST_SW_CHANGE_B: | ||
| 435 | case SSL3_ST_CW_CHANGE_B: | ||
| 436 | str = "3WCCSB"; | ||
| 437 | break; | ||
| 438 | case SSL3_ST_SW_FINISHED_A: | ||
| 439 | case SSL3_ST_CW_FINISHED_A: | ||
| 440 | str = "3WFINA"; | ||
| 441 | break; | ||
| 442 | case SSL3_ST_SW_FINISHED_B: | ||
| 443 | case SSL3_ST_CW_FINISHED_B: | ||
| 444 | str = "3WFINB"; | ||
| 445 | break; | ||
| 446 | case SSL3_ST_SR_CHANGE_A: | ||
| 447 | case SSL3_ST_CR_CHANGE_A: | ||
| 448 | str = "3RCCSA"; | ||
| 449 | break; | ||
| 450 | case SSL3_ST_SR_CHANGE_B: | ||
| 451 | case SSL3_ST_CR_CHANGE_B: | ||
| 452 | str = "3RCCSB"; | ||
| 453 | break; | ||
| 454 | case SSL3_ST_SR_FINISHED_A: | ||
| 455 | case SSL3_ST_CR_FINISHED_A: | ||
| 456 | str = "3RFINA"; | ||
| 457 | break; | ||
| 458 | case SSL3_ST_SR_FINISHED_B: | ||
| 459 | case SSL3_ST_CR_FINISHED_B: | ||
| 460 | str = "3RFINB"; | ||
| 461 | break; | ||
| 462 | |||
| 463 | case SSL3_ST_SW_HELLO_REQ_A: | ||
| 464 | str = "3WHR_A"; | ||
| 465 | break; | ||
| 466 | case SSL3_ST_SW_HELLO_REQ_B: | ||
| 467 | str = "3WHR_B"; | ||
| 468 | break; | ||
| 469 | case SSL3_ST_SW_HELLO_REQ_C: | ||
| 470 | str = "3WHR_C"; | ||
| 471 | break; | ||
| 472 | case SSL3_ST_SR_CLNT_HELLO_A: | ||
| 473 | str = "3RCH_A"; | ||
| 474 | break; | ||
| 475 | case SSL3_ST_SR_CLNT_HELLO_B: | ||
| 476 | str = "3RCH_B"; | ||
| 477 | break; | ||
| 478 | case SSL3_ST_SR_CLNT_HELLO_C: | ||
| 479 | str = "3RCH_C"; | ||
| 480 | break; | ||
| 481 | case SSL3_ST_SW_SRVR_HELLO_A: | ||
| 482 | str = "3WSH_A"; | ||
| 483 | break; | ||
| 484 | case SSL3_ST_SW_SRVR_HELLO_B: | ||
| 485 | str = "3WSH_B"; | ||
| 486 | break; | ||
| 487 | case SSL3_ST_SW_CERT_A: | ||
| 488 | str = "3WSC_A"; | ||
| 489 | break; | ||
| 490 | case SSL3_ST_SW_CERT_B: | ||
| 491 | str = "3WSC_B"; | ||
| 492 | break; | ||
| 493 | case SSL3_ST_SW_KEY_EXCH_A: | ||
| 494 | str = "3WSKEA"; | ||
| 495 | break; | ||
| 496 | case SSL3_ST_SW_KEY_EXCH_B: | ||
| 497 | str = "3WSKEB"; | ||
| 498 | break; | ||
| 499 | case SSL3_ST_SW_CERT_REQ_A: | ||
| 500 | str = "3WCR_A"; | ||
| 501 | break; | ||
| 502 | case SSL3_ST_SW_CERT_REQ_B: | ||
| 503 | str = "3WCR_B"; | ||
| 504 | break; | ||
| 505 | case SSL3_ST_SW_SRVR_DONE_A: | ||
| 506 | str = "3WSD_A"; | ||
| 507 | break; | ||
| 508 | case SSL3_ST_SW_SRVR_DONE_B: | ||
| 509 | str = "3WSD_B"; | ||
| 510 | break; | ||
| 511 | case SSL3_ST_SR_CERT_A: | ||
| 512 | str = "3RCC_A"; | ||
| 513 | break; | ||
| 514 | case SSL3_ST_SR_CERT_B: | ||
| 515 | str = "3RCC_B"; | ||
| 516 | break; | ||
| 517 | case SSL3_ST_SR_KEY_EXCH_A: | ||
| 518 | str = "3RCKEA"; | ||
| 519 | break; | ||
| 520 | case SSL3_ST_SR_KEY_EXCH_B: | ||
| 521 | str = "3RCKEB"; | ||
| 522 | break; | ||
| 523 | case SSL3_ST_SR_CERT_VRFY_A: | ||
| 524 | str = "3RCV_A"; | ||
| 525 | break; | ||
| 526 | case SSL3_ST_SR_CERT_VRFY_B: | ||
| 527 | str = "3RCV_B"; | ||
| 528 | break; | ||
| 529 | |||
| 530 | /* DTLS */ | ||
| 531 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: | ||
| 532 | str = "DRCHVA"; | ||
| 533 | break; | ||
| 534 | case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: | ||
| 535 | str = "DRCHVB"; | ||
| 536 | break; | ||
| 537 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: | ||
| 538 | str = "DWCHVA"; | ||
| 539 | break; | ||
| 540 | case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: | ||
| 541 | str = "DWCHVB"; | ||
| 542 | break; | ||
| 543 | |||
| 544 | default: | ||
| 545 | str = "UNKWN "; | ||
| 546 | break; | ||
| 547 | } | ||
| 548 | return (str); | ||
| 549 | } | ||
| 550 | |||
| 551 | const char * | ||
| 552 | SSL_alert_type_string_long(int value) | ||
| 553 | { | ||
| 554 | value >>= 8; | ||
| 555 | if (value == SSL3_AL_WARNING) | ||
| 556 | return ("warning"); | ||
| 557 | else if (value == SSL3_AL_FATAL) | ||
| 558 | return ("fatal"); | ||
| 559 | else | ||
| 560 | return ("unknown"); | ||
| 561 | } | ||
| 562 | |||
| 563 | const char * | ||
| 564 | SSL_alert_type_string(int value) | ||
| 565 | { | ||
| 566 | value >>= 8; | ||
| 567 | if (value == SSL3_AL_WARNING) | ||
| 568 | return ("W"); | ||
| 569 | else if (value == SSL3_AL_FATAL) | ||
| 570 | return ("F"); | ||
| 571 | else | ||
| 572 | return ("U"); | ||
| 573 | } | ||
| 574 | |||
| 575 | const char * | ||
| 576 | SSL_alert_desc_string(int value) | ||
| 577 | { | ||
| 578 | const char *str; | ||
| 579 | |||
| 580 | switch (value & 0xff) { | ||
| 581 | case SSL3_AD_CLOSE_NOTIFY: | ||
| 582 | str = "CN"; | ||
| 583 | break; | ||
| 584 | case SSL3_AD_UNEXPECTED_MESSAGE: | ||
| 585 | str = "UM"; | ||
| 586 | break; | ||
| 587 | case SSL3_AD_BAD_RECORD_MAC: | ||
| 588 | str = "BM"; | ||
| 589 | break; | ||
| 590 | case SSL3_AD_DECOMPRESSION_FAILURE: | ||
| 591 | str = "DF"; | ||
| 592 | break; | ||
| 593 | case SSL3_AD_HANDSHAKE_FAILURE: | ||
| 594 | str = "HF"; | ||
| 595 | break; | ||
| 596 | case SSL3_AD_NO_CERTIFICATE: | ||
| 597 | str = "NC"; | ||
| 598 | break; | ||
| 599 | case SSL3_AD_BAD_CERTIFICATE: | ||
| 600 | str = "BC"; | ||
| 601 | break; | ||
| 602 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: | ||
| 603 | str = "UC"; | ||
| 604 | break; | ||
| 605 | case SSL3_AD_CERTIFICATE_REVOKED: | ||
| 606 | str = "CR"; | ||
| 607 | break; | ||
| 608 | case SSL3_AD_CERTIFICATE_EXPIRED: | ||
| 609 | str = "CE"; | ||
| 610 | break; | ||
| 611 | case SSL3_AD_CERTIFICATE_UNKNOWN: | ||
| 612 | str = "CU"; | ||
| 613 | break; | ||
| 614 | case SSL3_AD_ILLEGAL_PARAMETER: | ||
| 615 | str = "IP"; | ||
| 616 | break; | ||
| 617 | case TLS1_AD_DECRYPTION_FAILED: | ||
| 618 | str = "DC"; | ||
| 619 | break; | ||
| 620 | case TLS1_AD_RECORD_OVERFLOW: | ||
| 621 | str = "RO"; | ||
| 622 | break; | ||
| 623 | case TLS1_AD_UNKNOWN_CA: | ||
| 624 | str = "CA"; | ||
| 625 | break; | ||
| 626 | case TLS1_AD_ACCESS_DENIED: | ||
| 627 | str = "AD"; | ||
| 628 | break; | ||
| 629 | case TLS1_AD_DECODE_ERROR: | ||
| 630 | str = "DE"; | ||
| 631 | break; | ||
| 632 | case TLS1_AD_DECRYPT_ERROR: | ||
| 633 | str = "CY"; | ||
| 634 | break; | ||
| 635 | case TLS1_AD_EXPORT_RESTRICTION: | ||
| 636 | str = "ER"; | ||
| 637 | break; | ||
| 638 | case TLS1_AD_PROTOCOL_VERSION: | ||
| 639 | str = "PV"; | ||
| 640 | break; | ||
| 641 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
| 642 | str = "IS"; | ||
| 643 | break; | ||
| 644 | case TLS1_AD_INTERNAL_ERROR: | ||
| 645 | str = "IE"; | ||
| 646 | break; | ||
| 647 | case TLS1_AD_USER_CANCELLED: | ||
| 648 | str = "US"; | ||
| 649 | break; | ||
| 650 | case TLS1_AD_NO_RENEGOTIATION: | ||
| 651 | str = "NR"; | ||
| 652 | break; | ||
| 653 | case TLS1_AD_UNSUPPORTED_EXTENSION: | ||
| 654 | str = "UE"; | ||
| 655 | break; | ||
| 656 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: | ||
| 657 | str = "CO"; | ||
| 658 | break; | ||
| 659 | case TLS1_AD_UNRECOGNIZED_NAME: | ||
| 660 | str = "UN"; | ||
| 661 | break; | ||
| 662 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
| 663 | str = "BR"; | ||
| 664 | break; | ||
| 665 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
| 666 | str = "BH"; | ||
| 667 | break; | ||
| 668 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | ||
| 669 | str = "UP"; | ||
| 670 | break; | ||
| 671 | default: | ||
| 672 | str = "UK"; | ||
| 673 | break; | ||
| 674 | } | ||
| 675 | return (str); | ||
| 676 | } | ||
| 677 | |||
| 678 | const char * | ||
| 679 | SSL_alert_desc_string_long(int value) | ||
| 680 | { | ||
| 681 | const char *str; | ||
| 682 | |||
| 683 | switch (value & 0xff) { | ||
| 684 | case SSL3_AD_CLOSE_NOTIFY: | ||
| 685 | str = "close notify"; | ||
| 686 | break; | ||
| 687 | case SSL3_AD_UNEXPECTED_MESSAGE: | ||
| 688 | str = "unexpected_message"; | ||
| 689 | break; | ||
| 690 | case SSL3_AD_BAD_RECORD_MAC: | ||
| 691 | str = "bad record mac"; | ||
| 692 | break; | ||
| 693 | case SSL3_AD_DECOMPRESSION_FAILURE: | ||
| 694 | str = "decompression failure"; | ||
| 695 | break; | ||
| 696 | case SSL3_AD_HANDSHAKE_FAILURE: | ||
| 697 | str = "handshake failure"; | ||
| 698 | break; | ||
| 699 | case SSL3_AD_NO_CERTIFICATE: | ||
| 700 | str = "no certificate"; | ||
| 701 | break; | ||
| 702 | case SSL3_AD_BAD_CERTIFICATE: | ||
| 703 | str = "bad certificate"; | ||
| 704 | break; | ||
| 705 | case SSL3_AD_UNSUPPORTED_CERTIFICATE: | ||
| 706 | str = "unsupported certificate"; | ||
| 707 | break; | ||
| 708 | case SSL3_AD_CERTIFICATE_REVOKED: | ||
| 709 | str = "certificate revoked"; | ||
| 710 | break; | ||
| 711 | case SSL3_AD_CERTIFICATE_EXPIRED: | ||
| 712 | str = "certificate expired"; | ||
| 713 | break; | ||
| 714 | case SSL3_AD_CERTIFICATE_UNKNOWN: | ||
| 715 | str = "certificate unknown"; | ||
| 716 | break; | ||
| 717 | case SSL3_AD_ILLEGAL_PARAMETER: | ||
| 718 | str = "illegal parameter"; | ||
| 719 | break; | ||
| 720 | case TLS1_AD_DECRYPTION_FAILED: | ||
| 721 | str = "decryption failed"; | ||
| 722 | break; | ||
| 723 | case TLS1_AD_RECORD_OVERFLOW: | ||
| 724 | str = "record overflow"; | ||
| 725 | break; | ||
| 726 | case TLS1_AD_UNKNOWN_CA: | ||
| 727 | str = "unknown CA"; | ||
| 728 | break; | ||
| 729 | case TLS1_AD_ACCESS_DENIED: | ||
| 730 | str = "access denied"; | ||
| 731 | break; | ||
| 732 | case TLS1_AD_DECODE_ERROR: | ||
| 733 | str = "decode error"; | ||
| 734 | break; | ||
| 735 | case TLS1_AD_DECRYPT_ERROR: | ||
| 736 | str = "decrypt error"; | ||
| 737 | break; | ||
| 738 | case TLS1_AD_EXPORT_RESTRICTION: | ||
| 739 | str = "export restriction"; | ||
| 740 | break; | ||
| 741 | case TLS1_AD_PROTOCOL_VERSION: | ||
| 742 | str = "protocol version"; | ||
| 743 | break; | ||
| 744 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
| 745 | str = "insufficient security"; | ||
| 746 | break; | ||
| 747 | case TLS1_AD_INTERNAL_ERROR: | ||
| 748 | str = "internal error"; | ||
| 749 | break; | ||
| 750 | case TLS1_AD_USER_CANCELLED: | ||
| 751 | str = "user canceled"; | ||
| 752 | break; | ||
| 753 | case TLS1_AD_NO_RENEGOTIATION: | ||
| 754 | str = "no renegotiation"; | ||
| 755 | break; | ||
| 756 | case TLS1_AD_UNSUPPORTED_EXTENSION: | ||
| 757 | str = "unsupported extension"; | ||
| 758 | break; | ||
| 759 | case TLS1_AD_CERTIFICATE_UNOBTAINABLE: | ||
| 760 | str = "certificate unobtainable"; | ||
| 761 | break; | ||
| 762 | case TLS1_AD_UNRECOGNIZED_NAME: | ||
| 763 | str = "unrecognized name"; | ||
| 764 | break; | ||
| 765 | case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
| 766 | str = "bad certificate status response"; | ||
| 767 | break; | ||
| 768 | case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
| 769 | str = "bad certificate hash value"; | ||
| 770 | break; | ||
| 771 | case TLS1_AD_UNKNOWN_PSK_IDENTITY: | ||
| 772 | str = "unknown PSK identity"; | ||
| 773 | break; | ||
| 774 | default: | ||
| 775 | str = "unknown"; | ||
| 776 | break; | ||
| 777 | } | ||
| 778 | return (str); | ||
| 779 | } | ||
| 780 | |||
| 781 | const char * | ||
| 782 | SSL_rstate_string(const SSL *s) | ||
| 783 | { | ||
| 784 | const char *str; | ||
| 785 | |||
| 786 | switch (s->rstate) { | ||
| 787 | case SSL_ST_READ_HEADER: | ||
| 788 | str = "RH"; | ||
| 789 | break; | ||
| 790 | case SSL_ST_READ_BODY: | ||
| 791 | str = "RB"; | ||
| 792 | break; | ||
| 793 | case SSL_ST_READ_DONE: | ||
| 794 | str = "RD"; | ||
| 795 | break; | ||
| 796 | default: | ||
| 797 | str = "unknown"; | ||
| 798 | break; | ||
| 799 | } | ||
| 800 | return (str); | ||
| 801 | } | ||
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c deleted file mode 100644 index c3626dc03a..0000000000 --- a/src/lib/libssl/ssl_txt.c +++ /dev/null | |||
| @@ -1,187 +0,0 @@ | |||
| 1 | /* $OpenBSD: ssl_txt.c,v 1.26 2014/12/14 15:30:50 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright 2005 Nokia. All rights reserved. | ||
| 60 | * | ||
| 61 | * The portions of the attached software ("Contribution") is developed by | ||
| 62 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 63 | * license. | ||
| 64 | * | ||
| 65 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 66 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 67 | * support (see RFC 4279) to OpenSSL. | ||
| 68 | * | ||
| 69 | * No patent licenses or other rights except those expressly stated in | ||
| 70 | * the OpenSSL open source license shall be deemed granted or received | ||
| 71 | * expressly, by implication, estoppel, or otherwise. | ||
| 72 | * | ||
| 73 | * No assurances are provided by Nokia that the Contribution does not | ||
| 74 | * infringe the patent or other intellectual property rights of any third | ||
| 75 | * party or that the license provides you with all the necessary rights | ||
| 76 | * to make use of the Contribution. | ||
| 77 | * | ||
| 78 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 79 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 80 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 81 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 82 | * OTHERWISE. | ||
| 83 | */ | ||
| 84 | |||
| 85 | #include <stdio.h> | ||
| 86 | |||
| 87 | #include <openssl/buffer.h> | ||
| 88 | |||
| 89 | #include "ssl_locl.h" | ||
| 90 | |||
| 91 | int | ||
| 92 | SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) | ||
| 93 | { | ||
| 94 | BIO *b; | ||
| 95 | int ret; | ||
| 96 | |||
| 97 | if ((b = BIO_new(BIO_s_file_internal())) == NULL) { | ||
| 98 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB); | ||
| 99 | return (0); | ||
| 100 | } | ||
| 101 | BIO_set_fp(b, fp, BIO_NOCLOSE); | ||
| 102 | ret = SSL_SESSION_print(b, x); | ||
| 103 | BIO_free(b); | ||
| 104 | return (ret); | ||
| 105 | } | ||
| 106 | |||
| 107 | int | ||
| 108 | SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) | ||
| 109 | { | ||
| 110 | unsigned int i; | ||
| 111 | const char *s; | ||
| 112 | |||
| 113 | if (x == NULL) | ||
| 114 | goto err; | ||
| 115 | if (BIO_puts(bp, "SSL-Session:\n") <= 0) | ||
| 116 | goto err; | ||
| 117 | |||
| 118 | s = ssl_version_string(x->ssl_version); | ||
| 119 | if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) | ||
| 120 | goto err; | ||
| 121 | |||
| 122 | if (x->cipher == NULL) { | ||
| 123 | if (((x->cipher_id) & 0xff000000) == 0x02000000) { | ||
| 124 | if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) | ||
| 125 | goto err; | ||
| 126 | } else { | ||
| 127 | if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) | ||
| 128 | goto err; | ||
| 129 | } | ||
| 130 | } else { | ||
| 131 | if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) | ||
| 132 | goto err; | ||
| 133 | } | ||
| 134 | if (BIO_puts(bp, " Session-ID: ") <= 0) | ||
| 135 | goto err; | ||
| 136 | for (i = 0; i < x->session_id_length; i++) { | ||
| 137 | if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) | ||
| 138 | goto err; | ||
| 139 | } | ||
| 140 | if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) | ||
| 141 | goto err; | ||
| 142 | for (i = 0; i < x->sid_ctx_length; i++) { | ||
| 143 | if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) | ||
| 144 | goto err; | ||
| 145 | } | ||
| 146 | if (BIO_puts(bp, "\n Master-Key: ") <= 0) | ||
| 147 | goto err; | ||
| 148 | for (i = 0; i < (unsigned int)x->master_key_length; i++) { | ||
| 149 | if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) | ||
| 150 | goto err; | ||
| 151 | } | ||
| 152 | if (x->tlsext_tick_lifetime_hint) { | ||
| 153 | if (BIO_printf(bp, | ||
| 154 | "\n TLS session ticket lifetime hint: %ld (seconds)", | ||
| 155 | x->tlsext_tick_lifetime_hint) <= 0) | ||
| 156 | goto err; | ||
| 157 | } | ||
| 158 | if (x->tlsext_tick) { | ||
| 159 | if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) | ||
| 160 | goto err; | ||
| 161 | if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) | ||
| 162 | goto err; | ||
| 163 | } | ||
| 164 | |||
| 165 | if (x->time != 0) { | ||
| 166 | if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) | ||
| 167 | goto err; | ||
| 168 | } | ||
| 169 | if (x->timeout != 0L) { | ||
| 170 | if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) | ||
| 171 | goto err; | ||
| 172 | } | ||
| 173 | if (BIO_puts(bp, "\n") <= 0) | ||
| 174 | goto err; | ||
| 175 | |||
| 176 | if (BIO_puts(bp, " Verify return code: ") <= 0) | ||
| 177 | goto err; | ||
| 178 | |||
| 179 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, | ||
| 180 | X509_verify_cert_error_string(x->verify_result)) <= 0) | ||
| 181 | goto err; | ||
| 182 | |||
| 183 | return (1); | ||
| 184 | err: | ||
| 185 | return (0); | ||
| 186 | } | ||
| 187 | |||
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c deleted file mode 100644 index 0dc41af5b3..0000000000 --- a/src/lib/libssl/t1_clnt.c +++ /dev/null | |||
| @@ -1,193 +0,0 @@ | |||
| 1 | /* $OpenBSD: t1_clnt.c,v 1.17 2015/02/06 08:30:23 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include "ssl_locl.h" | ||
| 62 | |||
| 63 | #include <openssl/buffer.h> | ||
| 64 | #include <openssl/evp.h> | ||
| 65 | #include <openssl/objects.h> | ||
| 66 | |||
| 67 | static const SSL_METHOD *tls1_get_client_method(int ver); | ||
| 68 | |||
| 69 | const SSL_METHOD TLSv1_client_method_data = { | ||
| 70 | .version = TLS1_VERSION, | ||
| 71 | .ssl_new = tls1_new, | ||
| 72 | .ssl_clear = tls1_clear, | ||
| 73 | .ssl_free = tls1_free, | ||
| 74 | .ssl_accept = ssl_undefined_function, | ||
| 75 | .ssl_connect = ssl3_connect, | ||
| 76 | .ssl_read = ssl3_read, | ||
| 77 | .ssl_peek = ssl3_peek, | ||
| 78 | .ssl_write = ssl3_write, | ||
| 79 | .ssl_shutdown = ssl3_shutdown, | ||
| 80 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 81 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 82 | .ssl_get_message = ssl3_get_message, | ||
| 83 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 84 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 85 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 86 | .ssl_ctrl = ssl3_ctrl, | ||
| 87 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 88 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 89 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 90 | .ssl_pending = ssl3_pending, | ||
| 91 | .num_ciphers = ssl3_num_ciphers, | ||
| 92 | .get_cipher = ssl3_get_cipher, | ||
| 93 | .get_ssl_method = tls1_get_client_method, | ||
| 94 | .get_timeout = tls1_default_timeout, | ||
| 95 | .ssl3_enc = &TLSv1_enc_data, | ||
| 96 | .ssl_version = ssl_undefined_void_function, | ||
| 97 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 98 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 99 | }; | ||
| 100 | |||
| 101 | const SSL_METHOD TLSv1_1_client_method_data = { | ||
| 102 | .version = TLS1_1_VERSION, | ||
| 103 | .ssl_new = tls1_new, | ||
| 104 | .ssl_clear = tls1_clear, | ||
| 105 | .ssl_free = tls1_free, | ||
| 106 | .ssl_accept = ssl_undefined_function, | ||
| 107 | .ssl_connect = ssl3_connect, | ||
| 108 | .ssl_read = ssl3_read, | ||
| 109 | .ssl_peek = ssl3_peek, | ||
| 110 | .ssl_write = ssl3_write, | ||
| 111 | .ssl_shutdown = ssl3_shutdown, | ||
| 112 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 113 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 114 | .ssl_get_message = ssl3_get_message, | ||
| 115 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 116 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 117 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 118 | .ssl_ctrl = ssl3_ctrl, | ||
| 119 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 120 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 121 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 122 | .ssl_pending = ssl3_pending, | ||
| 123 | .num_ciphers = ssl3_num_ciphers, | ||
| 124 | .get_cipher = ssl3_get_cipher, | ||
| 125 | .get_ssl_method = tls1_get_client_method, | ||
| 126 | .get_timeout = tls1_default_timeout, | ||
| 127 | .ssl3_enc = &TLSv1_1_enc_data, | ||
| 128 | .ssl_version = ssl_undefined_void_function, | ||
| 129 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 130 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 131 | }; | ||
| 132 | |||
| 133 | const SSL_METHOD TLSv1_2_client_method_data = { | ||
| 134 | .version = TLS1_2_VERSION, | ||
| 135 | .ssl_new = tls1_new, | ||
| 136 | .ssl_clear = tls1_clear, | ||
| 137 | .ssl_free = tls1_free, | ||
| 138 | .ssl_accept = ssl_undefined_function, | ||
| 139 | .ssl_connect = ssl3_connect, | ||
| 140 | .ssl_read = ssl3_read, | ||
| 141 | .ssl_peek = ssl3_peek, | ||
| 142 | .ssl_write = ssl3_write, | ||
| 143 | .ssl_shutdown = ssl3_shutdown, | ||
| 144 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 145 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 146 | .ssl_get_message = ssl3_get_message, | ||
| 147 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 148 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 149 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 150 | .ssl_ctrl = ssl3_ctrl, | ||
| 151 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 152 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 153 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 154 | .ssl_pending = ssl3_pending, | ||
| 155 | .num_ciphers = ssl3_num_ciphers, | ||
| 156 | .get_cipher = ssl3_get_cipher, | ||
| 157 | .get_ssl_method = tls1_get_client_method, | ||
| 158 | .get_timeout = tls1_default_timeout, | ||
| 159 | .ssl3_enc = &TLSv1_2_enc_data, | ||
| 160 | .ssl_version = ssl_undefined_void_function, | ||
| 161 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 162 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 163 | }; | ||
| 164 | |||
| 165 | const SSL_METHOD * | ||
| 166 | TLSv1_client_method(void) | ||
| 167 | { | ||
| 168 | return &TLSv1_client_method_data; | ||
| 169 | } | ||
| 170 | |||
| 171 | const SSL_METHOD * | ||
| 172 | TLSv1_1_client_method(void) | ||
| 173 | { | ||
| 174 | return &TLSv1_1_client_method_data; | ||
| 175 | } | ||
| 176 | |||
| 177 | const SSL_METHOD * | ||
| 178 | TLSv1_2_client_method(void) | ||
| 179 | { | ||
| 180 | return &TLSv1_2_client_method_data; | ||
| 181 | } | ||
| 182 | |||
| 183 | static const SSL_METHOD * | ||
| 184 | tls1_get_client_method(int ver) | ||
| 185 | { | ||
| 186 | if (ver == TLS1_2_VERSION) | ||
| 187 | return (TLSv1_2_client_method()); | ||
| 188 | if (ver == TLS1_1_VERSION) | ||
| 189 | return (TLSv1_1_client_method()); | ||
| 190 | if (ver == TLS1_VERSION) | ||
| 191 | return (TLSv1_client_method()); | ||
| 192 | return (NULL); | ||
| 193 | } | ||
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c deleted file mode 100644 index 6e069edd4b..0000000000 --- a/src/lib/libssl/t1_enc.c +++ /dev/null | |||
| @@ -1,1248 +0,0 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.77 2015/02/22 15:54:27 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2005 Nokia. All rights reserved. | ||
| 113 | * | ||
| 114 | * The portions of the attached software ("Contribution") is developed by | ||
| 115 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 116 | * license. | ||
| 117 | * | ||
| 118 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 119 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 120 | * support (see RFC 4279) to OpenSSL. | ||
| 121 | * | ||
| 122 | * No patent licenses or other rights except those expressly stated in | ||
| 123 | * the OpenSSL open source license shall be deemed granted or received | ||
| 124 | * expressly, by implication, estoppel, or otherwise. | ||
| 125 | * | ||
| 126 | * No assurances are provided by Nokia that the Contribution does not | ||
| 127 | * infringe the patent or other intellectual property rights of any third | ||
| 128 | * party or that the license provides you with all the necessary rights | ||
| 129 | * to make use of the Contribution. | ||
| 130 | * | ||
| 131 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 132 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 133 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 134 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 135 | * OTHERWISE. | ||
| 136 | */ | ||
| 137 | |||
| 138 | #include <stdio.h> | ||
| 139 | |||
| 140 | #include "ssl_locl.h" | ||
| 141 | |||
| 142 | #include <openssl/evp.h> | ||
| 143 | #include <openssl/hmac.h> | ||
| 144 | #include <openssl/md5.h> | ||
| 145 | |||
| 146 | /* seed1 through seed5 are virtually concatenated */ | ||
| 147 | static int | ||
| 148 | tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, | ||
| 149 | const void *seed1, int seed1_len, const void *seed2, int seed2_len, | ||
| 150 | const void *seed3, int seed3_len, const void *seed4, int seed4_len, | ||
| 151 | const void *seed5, int seed5_len, unsigned char *out, int olen) | ||
| 152 | { | ||
| 153 | int chunk; | ||
| 154 | size_t j; | ||
| 155 | EVP_MD_CTX ctx, ctx_tmp; | ||
| 156 | EVP_PKEY *mac_key; | ||
| 157 | unsigned char A1[EVP_MAX_MD_SIZE]; | ||
| 158 | size_t A1_len; | ||
| 159 | int ret = 0; | ||
| 160 | |||
| 161 | chunk = EVP_MD_size(md); | ||
| 162 | OPENSSL_assert(chunk >= 0); | ||
| 163 | |||
| 164 | EVP_MD_CTX_init(&ctx); | ||
| 165 | EVP_MD_CTX_init(&ctx_tmp); | ||
| 166 | mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); | ||
| 167 | if (!mac_key) | ||
| 168 | goto err; | ||
| 169 | if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) | ||
| 170 | goto err; | ||
| 171 | if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key)) | ||
| 172 | goto err; | ||
| 173 | if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) | ||
| 174 | goto err; | ||
| 175 | if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) | ||
| 176 | goto err; | ||
| 177 | if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) | ||
| 178 | goto err; | ||
| 179 | if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) | ||
| 180 | goto err; | ||
| 181 | if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) | ||
| 182 | goto err; | ||
| 183 | if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) | ||
| 184 | goto err; | ||
| 185 | |||
| 186 | for (;;) { | ||
| 187 | /* Reinit mac contexts */ | ||
| 188 | if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key)) | ||
| 189 | goto err; | ||
| 190 | if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key)) | ||
| 191 | goto err; | ||
| 192 | if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) | ||
| 193 | goto err; | ||
| 194 | if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len)) | ||
| 195 | goto err; | ||
| 196 | if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) | ||
| 197 | goto err; | ||
| 198 | if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) | ||
| 199 | goto err; | ||
| 200 | if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) | ||
| 201 | goto err; | ||
| 202 | if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) | ||
| 203 | goto err; | ||
| 204 | if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) | ||
| 205 | goto err; | ||
| 206 | |||
| 207 | if (olen > chunk) { | ||
| 208 | if (!EVP_DigestSignFinal(&ctx, out, &j)) | ||
| 209 | goto err; | ||
| 210 | out += j; | ||
| 211 | olen -= j; | ||
| 212 | /* calc the next A1 value */ | ||
| 213 | if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len)) | ||
| 214 | goto err; | ||
| 215 | } else { | ||
| 216 | /* last one */ | ||
| 217 | if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) | ||
| 218 | goto err; | ||
| 219 | memcpy(out, A1, olen); | ||
| 220 | break; | ||
| 221 | } | ||
| 222 | } | ||
| 223 | ret = 1; | ||
| 224 | |||
| 225 | err: | ||
| 226 | EVP_PKEY_free(mac_key); | ||
| 227 | EVP_MD_CTX_cleanup(&ctx); | ||
| 228 | EVP_MD_CTX_cleanup(&ctx_tmp); | ||
| 229 | OPENSSL_cleanse(A1, sizeof(A1)); | ||
| 230 | return ret; | ||
| 231 | } | ||
| 232 | |||
| 233 | /* seed1 through seed5 are virtually concatenated */ | ||
| 234 | static int | ||
| 235 | tls1_PRF(long digest_mask, const void *seed1, int seed1_len, const void *seed2, | ||
| 236 | int seed2_len, const void *seed3, int seed3_len, const void *seed4, | ||
| 237 | int seed4_len, const void *seed5, int seed5_len, const unsigned char *sec, | ||
| 238 | int slen, unsigned char *out1, unsigned char *out2, int olen) | ||
| 239 | { | ||
| 240 | int len, i, idx, count; | ||
| 241 | const unsigned char *S1; | ||
| 242 | long m; | ||
| 243 | const EVP_MD *md; | ||
| 244 | int ret = 0; | ||
| 245 | |||
| 246 | /* Count number of digests and partition sec evenly */ | ||
| 247 | count = 0; | ||
| 248 | for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { | ||
| 249 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) | ||
| 250 | count++; | ||
| 251 | } | ||
| 252 | if (count == 0) { | ||
| 253 | SSLerr(SSL_F_TLS1_PRF, | ||
| 254 | SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 255 | goto err; | ||
| 256 | } | ||
| 257 | len = slen / count; | ||
| 258 | if (count == 1) | ||
| 259 | slen = 0; | ||
| 260 | S1 = sec; | ||
| 261 | memset(out1, 0, olen); | ||
| 262 | for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) { | ||
| 263 | if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) { | ||
| 264 | if (!md) { | ||
| 265 | SSLerr(SSL_F_TLS1_PRF, | ||
| 266 | SSL_R_UNSUPPORTED_DIGEST_TYPE); | ||
| 267 | goto err; | ||
| 268 | } | ||
| 269 | if (!tls1_P_hash(md , S1, len + (slen&1), seed1, | ||
| 270 | seed1_len, seed2, seed2_len, seed3, seed3_len, | ||
| 271 | seed4, seed4_len, seed5, seed5_len, out2, olen)) | ||
| 272 | goto err; | ||
| 273 | S1 += len; | ||
| 274 | for (i = 0; i < olen; i++) { | ||
| 275 | out1[i] ^= out2[i]; | ||
| 276 | } | ||
| 277 | } | ||
| 278 | } | ||
| 279 | ret = 1; | ||
| 280 | |||
| 281 | err: | ||
| 282 | return ret; | ||
| 283 | } | ||
| 284 | |||
| 285 | static int | ||
| 286 | tls1_generate_key_block(SSL *s, unsigned char *km, unsigned char *tmp, int num) | ||
| 287 | { | ||
| 288 | int ret; | ||
| 289 | |||
| 290 | ret = tls1_PRF(ssl_get_algorithm2(s), | ||
| 291 | TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE, | ||
| 292 | s->s3->server_random, SSL3_RANDOM_SIZE, | ||
| 293 | s->s3->client_random, SSL3_RANDOM_SIZE, | ||
| 294 | NULL, 0, NULL, 0, | ||
| 295 | s->session->master_key, s->session->master_key_length, | ||
| 296 | km, tmp, num); | ||
| 297 | return ret; | ||
| 298 | } | ||
| 299 | |||
| 300 | /* | ||
| 301 | * tls1_aead_ctx_init allocates aead_ctx, if needed. It returns 1 on success | ||
| 302 | * and 0 on failure. | ||
| 303 | */ | ||
| 304 | static int | ||
| 305 | tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) | ||
| 306 | { | ||
| 307 | if (*aead_ctx != NULL) { | ||
| 308 | EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx); | ||
| 309 | return (1); | ||
| 310 | } | ||
| 311 | |||
| 312 | *aead_ctx = malloc(sizeof(SSL_AEAD_CTX)); | ||
| 313 | if (*aead_ctx == NULL) { | ||
| 314 | SSLerr(SSL_F_TLS1_AEAD_CTX_INIT, ERR_R_MALLOC_FAILURE); | ||
| 315 | return (0); | ||
| 316 | } | ||
| 317 | |||
| 318 | return (1); | ||
| 319 | } | ||
| 320 | |||
| 321 | static int | ||
| 322 | tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | ||
| 323 | unsigned key_len, const unsigned char *iv, unsigned iv_len) | ||
| 324 | { | ||
| 325 | const EVP_AEAD *aead = s->s3->tmp.new_aead; | ||
| 326 | SSL_AEAD_CTX *aead_ctx; | ||
| 327 | |||
| 328 | if (is_read) { | ||
| 329 | if (!tls1_aead_ctx_init(&s->aead_read_ctx)) | ||
| 330 | return 0; | ||
| 331 | aead_ctx = s->aead_read_ctx; | ||
| 332 | } else { | ||
| 333 | if (!tls1_aead_ctx_init(&s->aead_write_ctx)) | ||
| 334 | return 0; | ||
| 335 | aead_ctx = s->aead_write_ctx; | ||
| 336 | } | ||
| 337 | |||
| 338 | if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len, | ||
| 339 | EVP_AEAD_DEFAULT_TAG_LENGTH, NULL)) | ||
| 340 | return (0); | ||
| 341 | if (iv_len > sizeof(aead_ctx->fixed_nonce)) { | ||
| 342 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, | ||
| 343 | ERR_R_INTERNAL_ERROR); | ||
| 344 | return (0); | ||
| 345 | } | ||
| 346 | memcpy(aead_ctx->fixed_nonce, iv, iv_len); | ||
| 347 | aead_ctx->fixed_nonce_len = iv_len; | ||
| 348 | aead_ctx->variable_nonce_len = 8; /* always the case, currently. */ | ||
| 349 | aead_ctx->variable_nonce_in_record = | ||
| 350 | (s->s3->tmp.new_cipher->algorithm2 & | ||
| 351 | SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD) != 0; | ||
| 352 | if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != | ||
| 353 | EVP_AEAD_nonce_length(aead)) { | ||
| 354 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD, | ||
| 355 | ERR_R_INTERNAL_ERROR); | ||
| 356 | return (0); | ||
| 357 | } | ||
| 358 | aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); | ||
| 359 | |||
| 360 | return (1); | ||
| 361 | } | ||
| 362 | |||
| 363 | /* | ||
| 364 | * tls1_change_cipher_state_cipher performs the work needed to switch cipher | ||
| 365 | * states when using EVP_CIPHER. The argument is_read is true iff this function | ||
| 366 | * is being called due to reading, as opposed to writing, a ChangeCipherSpec | ||
| 367 | * message. In order to support export ciphersuites, use_client_keys indicates | ||
| 368 | * whether the key material provided is in the "client write" direction. | ||
| 369 | */ | ||
| 370 | static int | ||
| 371 | tls1_change_cipher_state_cipher(SSL *s, char is_read, char use_client_keys, | ||
| 372 | const unsigned char *mac_secret, unsigned int mac_secret_size, | ||
| 373 | const unsigned char *key, unsigned int key_len, const unsigned char *iv, | ||
| 374 | unsigned int iv_len) | ||
| 375 | { | ||
| 376 | EVP_CIPHER_CTX *cipher_ctx; | ||
| 377 | const EVP_CIPHER *cipher; | ||
| 378 | EVP_MD_CTX *mac_ctx; | ||
| 379 | const EVP_MD *mac; | ||
| 380 | int mac_type; | ||
| 381 | |||
| 382 | cipher = s->s3->tmp.new_sym_enc; | ||
| 383 | mac = s->s3->tmp.new_hash; | ||
| 384 | mac_type = s->s3->tmp.new_mac_pkey_type; | ||
| 385 | |||
| 386 | if (is_read) { | ||
| 387 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | ||
| 388 | s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; | ||
| 389 | else | ||
| 390 | s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM; | ||
| 391 | |||
| 392 | EVP_CIPHER_CTX_free(s->enc_read_ctx); | ||
| 393 | s->enc_read_ctx = NULL; | ||
| 394 | EVP_MD_CTX_destroy(s->read_hash); | ||
| 395 | s->read_hash = NULL; | ||
| 396 | |||
| 397 | if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) | ||
| 398 | goto err; | ||
| 399 | s->enc_read_ctx = cipher_ctx; | ||
| 400 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | ||
| 401 | goto err; | ||
| 402 | s->read_hash = mac_ctx; | ||
| 403 | } else { | ||
| 404 | if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) | ||
| 405 | s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; | ||
| 406 | else | ||
| 407 | s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; | ||
| 408 | |||
| 409 | /* | ||
| 410 | * DTLS fragments retain a pointer to the compression, cipher | ||
| 411 | * and hash contexts, so that it can restore state in order | ||
| 412 | * to perform retransmissions. As such, we cannot free write | ||
| 413 | * contexts that are used for DTLS - these are instead freed | ||
| 414 | * by DTLS when its frees a ChangeCipherSpec fragment. | ||
| 415 | */ | ||
| 416 | if (!SSL_IS_DTLS(s)) { | ||
| 417 | EVP_CIPHER_CTX_free(s->enc_write_ctx); | ||
| 418 | s->enc_write_ctx = NULL; | ||
| 419 | EVP_MD_CTX_destroy(s->write_hash); | ||
| 420 | s->write_hash = NULL; | ||
| 421 | } | ||
| 422 | if ((cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) | ||
| 423 | goto err; | ||
| 424 | s->enc_write_ctx = cipher_ctx; | ||
| 425 | if ((mac_ctx = EVP_MD_CTX_create()) == NULL) | ||
| 426 | goto err; | ||
| 427 | s->write_hash = mac_ctx; | ||
| 428 | } | ||
| 429 | |||
| 430 | if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) { | ||
| 431 | EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, NULL, | ||
| 432 | !is_read); | ||
| 433 | EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GCM_SET_IV_FIXED, | ||
| 434 | iv_len, (unsigned char *)iv); | ||
| 435 | } else | ||
| 436 | EVP_CipherInit_ex(cipher_ctx, cipher, NULL, key, iv, !is_read); | ||
| 437 | |||
| 438 | if (!(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { | ||
| 439 | EVP_PKEY *mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, | ||
| 440 | mac_secret, mac_secret_size); | ||
| 441 | if (mac_key == NULL) | ||
| 442 | goto err; | ||
| 443 | EVP_DigestSignInit(mac_ctx, NULL, mac, NULL, mac_key); | ||
| 444 | EVP_PKEY_free(mac_key); | ||
| 445 | } else if (mac_secret_size > 0) { | ||
| 446 | /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ | ||
| 447 | EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_AEAD_SET_MAC_KEY, | ||
| 448 | mac_secret_size, (unsigned char *)mac_secret); | ||
| 449 | } | ||
| 450 | |||
| 451 | if (s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT) { | ||
| 452 | int nid; | ||
| 453 | if (s->s3->tmp.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) | ||
| 454 | nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; | ||
| 455 | else | ||
| 456 | nid = NID_id_tc26_gost_28147_param_Z; | ||
| 457 | |||
| 458 | EVP_CIPHER_CTX_ctrl(cipher_ctx, EVP_CTRL_GOST_SET_SBOX, nid, 0); | ||
| 459 | if (s->s3->tmp.new_cipher->algorithm_mac == SSL_GOST89MAC) | ||
| 460 | EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_GOST_SET_SBOX, nid, 0); | ||
| 461 | } | ||
| 462 | |||
| 463 | return (1); | ||
| 464 | |||
| 465 | err: | ||
| 466 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER, ERR_R_MALLOC_FAILURE); | ||
| 467 | return (0); | ||
| 468 | } | ||
| 469 | |||
| 470 | int | ||
| 471 | tls1_change_cipher_state(SSL *s, int which) | ||
| 472 | { | ||
| 473 | const unsigned char *client_write_mac_secret, *server_write_mac_secret; | ||
| 474 | const unsigned char *client_write_key, *server_write_key; | ||
| 475 | const unsigned char *client_write_iv, *server_write_iv; | ||
| 476 | const unsigned char *mac_secret, *key, *iv; | ||
| 477 | int mac_secret_size, key_len, iv_len; | ||
| 478 | unsigned char *key_block, *seq; | ||
| 479 | const EVP_CIPHER *cipher; | ||
| 480 | const EVP_AEAD *aead; | ||
| 481 | char is_read, use_client_keys; | ||
| 482 | |||
| 483 | |||
| 484 | cipher = s->s3->tmp.new_sym_enc; | ||
| 485 | aead = s->s3->tmp.new_aead; | ||
| 486 | |||
| 487 | /* | ||
| 488 | * is_read is true if we have just read a ChangeCipherSpec message, | ||
| 489 | * that is we need to update the read cipherspec. Otherwise we have | ||
| 490 | * just written one. | ||
| 491 | */ | ||
| 492 | is_read = (which & SSL3_CC_READ) != 0; | ||
| 493 | |||
| 494 | /* | ||
| 495 | * use_client_keys is true if we wish to use the keys for the "client | ||
| 496 | * write" direction. This is the case if we're a client sending a | ||
| 497 | * ChangeCipherSpec, or a server reading a client's ChangeCipherSpec. | ||
| 498 | */ | ||
| 499 | use_client_keys = ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | ||
| 500 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)); | ||
| 501 | |||
| 502 | |||
| 503 | /* | ||
| 504 | * Reset sequence number to zero - for DTLS this is handled in | ||
| 505 | * dtls1_reset_seq_numbers(). | ||
| 506 | */ | ||
| 507 | if (!SSL_IS_DTLS(s)) { | ||
| 508 | seq = is_read ? s->s3->read_sequence : s->s3->write_sequence; | ||
| 509 | memset(seq, 0, SSL3_SEQUENCE_SIZE); | ||
| 510 | } | ||
| 511 | |||
| 512 | if (aead != NULL) { | ||
| 513 | key_len = EVP_AEAD_key_length(aead); | ||
| 514 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->s3->tmp.new_cipher); | ||
| 515 | } else { | ||
| 516 | key_len = EVP_CIPHER_key_length(cipher); | ||
| 517 | iv_len = EVP_CIPHER_iv_length(cipher); | ||
| 518 | |||
| 519 | /* If GCM mode only part of IV comes from PRF. */ | ||
| 520 | if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) | ||
| 521 | iv_len = EVP_GCM_TLS_FIXED_IV_LEN; | ||
| 522 | } | ||
| 523 | |||
| 524 | mac_secret_size = s->s3->tmp.new_mac_secret_size; | ||
| 525 | |||
| 526 | key_block = s->s3->tmp.key_block; | ||
| 527 | client_write_mac_secret = key_block; | ||
| 528 | key_block += mac_secret_size; | ||
| 529 | server_write_mac_secret = key_block; | ||
| 530 | key_block += mac_secret_size; | ||
| 531 | client_write_key = key_block; | ||
| 532 | key_block += key_len; | ||
| 533 | server_write_key = key_block; | ||
| 534 | key_block += key_len; | ||
| 535 | client_write_iv = key_block; | ||
| 536 | key_block += iv_len; | ||
| 537 | server_write_iv = key_block; | ||
| 538 | key_block += iv_len; | ||
| 539 | |||
| 540 | if (use_client_keys) { | ||
| 541 | mac_secret = client_write_mac_secret; | ||
| 542 | key = client_write_key; | ||
| 543 | iv = client_write_iv; | ||
| 544 | } else { | ||
| 545 | mac_secret = server_write_mac_secret; | ||
| 546 | key = server_write_key; | ||
| 547 | iv = server_write_iv; | ||
| 548 | } | ||
| 549 | |||
| 550 | if (key_block - s->s3->tmp.key_block != s->s3->tmp.key_block_length) { | ||
| 551 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); | ||
| 552 | goto err2; | ||
| 553 | } | ||
| 554 | |||
| 555 | if (is_read) { | ||
| 556 | memcpy(s->s3->read_mac_secret, mac_secret, mac_secret_size); | ||
| 557 | s->s3->read_mac_secret_size = mac_secret_size; | ||
| 558 | } else { | ||
| 559 | memcpy(s->s3->write_mac_secret, mac_secret, mac_secret_size); | ||
| 560 | s->s3->write_mac_secret_size = mac_secret_size; | ||
| 561 | } | ||
| 562 | |||
| 563 | if (aead != NULL) { | ||
| 564 | return tls1_change_cipher_state_aead(s, is_read, key, key_len, | ||
| 565 | iv, iv_len); | ||
| 566 | } | ||
| 567 | |||
| 568 | return tls1_change_cipher_state_cipher(s, is_read, use_client_keys, | ||
| 569 | mac_secret, mac_secret_size, key, key_len, iv, iv_len); | ||
| 570 | |||
| 571 | err2: | ||
| 572 | return (0); | ||
| 573 | } | ||
| 574 | |||
| 575 | int | ||
| 576 | tls1_setup_key_block(SSL *s) | ||
| 577 | { | ||
| 578 | unsigned char *key_block, *tmp_block = NULL; | ||
| 579 | int mac_type = NID_undef, mac_secret_size = 0; | ||
| 580 | int key_block_len, key_len, iv_len; | ||
| 581 | const EVP_CIPHER *cipher = NULL; | ||
| 582 | const EVP_AEAD *aead = NULL; | ||
| 583 | const EVP_MD *mac = NULL; | ||
| 584 | int ret = 0; | ||
| 585 | |||
| 586 | if (s->s3->tmp.key_block_length != 0) | ||
| 587 | return (1); | ||
| 588 | |||
| 589 | if (s->session->cipher && | ||
| 590 | (s->session->cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_AEAD)) { | ||
| 591 | if (!ssl_cipher_get_evp_aead(s->session, &aead)) { | ||
| 592 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, | ||
| 593 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | ||
| 594 | return (0); | ||
| 595 | } | ||
| 596 | key_len = EVP_AEAD_key_length(aead); | ||
| 597 | iv_len = SSL_CIPHER_AEAD_FIXED_NONCE_LEN(s->session->cipher); | ||
| 598 | } else { | ||
| 599 | if (!ssl_cipher_get_evp(s->session, &cipher, &mac, &mac_type, | ||
| 600 | &mac_secret_size)) { | ||
| 601 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, | ||
| 602 | SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | ||
| 603 | return (0); | ||
| 604 | } | ||
| 605 | key_len = EVP_CIPHER_key_length(cipher); | ||
| 606 | iv_len = EVP_CIPHER_iv_length(cipher); | ||
| 607 | |||
| 608 | /* If GCM mode only part of IV comes from PRF. */ | ||
| 609 | if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) | ||
| 610 | iv_len = EVP_GCM_TLS_FIXED_IV_LEN; | ||
| 611 | } | ||
| 612 | |||
| 613 | s->s3->tmp.new_aead = aead; | ||
| 614 | s->s3->tmp.new_sym_enc = cipher; | ||
| 615 | s->s3->tmp.new_hash = mac; | ||
| 616 | s->s3->tmp.new_mac_pkey_type = mac_type; | ||
| 617 | s->s3->tmp.new_mac_secret_size = mac_secret_size; | ||
| 618 | |||
| 619 | ssl3_cleanup_key_block(s); | ||
| 620 | |||
| 621 | if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len, | ||
| 622 | 2)) == NULL) { | ||
| 623 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | ||
| 624 | goto err; | ||
| 625 | } | ||
| 626 | key_block_len = (mac_secret_size + key_len + iv_len) * 2; | ||
| 627 | |||
| 628 | s->s3->tmp.key_block_length = key_block_len; | ||
| 629 | s->s3->tmp.key_block = key_block; | ||
| 630 | |||
| 631 | if ((tmp_block = malloc(key_block_len)) == NULL) { | ||
| 632 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); | ||
| 633 | goto err; | ||
| 634 | } | ||
| 635 | |||
| 636 | if (!tls1_generate_key_block(s, key_block, tmp_block, key_block_len)) | ||
| 637 | goto err; | ||
| 638 | |||
| 639 | if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) && | ||
| 640 | s->method->version <= TLS1_VERSION) { | ||
| 641 | /* | ||
| 642 | * Enable vulnerability countermeasure for CBC ciphers with | ||
| 643 | * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) | ||
| 644 | */ | ||
| 645 | s->s3->need_empty_fragments = 1; | ||
| 646 | |||
| 647 | if (s->session->cipher != NULL) { | ||
| 648 | if (s->session->cipher->algorithm_enc == SSL_eNULL) | ||
| 649 | s->s3->need_empty_fragments = 0; | ||
| 650 | |||
| 651 | #ifndef OPENSSL_NO_RC4 | ||
| 652 | if (s->session->cipher->algorithm_enc == SSL_RC4) | ||
| 653 | s->s3->need_empty_fragments = 0; | ||
| 654 | #endif | ||
| 655 | } | ||
| 656 | } | ||
| 657 | |||
| 658 | ret = 1; | ||
| 659 | |||
| 660 | err: | ||
| 661 | if (tmp_block) { | ||
| 662 | OPENSSL_cleanse(tmp_block, key_block_len); | ||
| 663 | free(tmp_block); | ||
| 664 | } | ||
| 665 | return (ret); | ||
| 666 | } | ||
| 667 | |||
| 668 | /* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. | ||
| 669 | * | ||
| 670 | * Returns: | ||
| 671 | * 0: (in non-constant time) if the record is publically invalid (i.e. too | ||
| 672 | * short etc). | ||
| 673 | * 1: if the record's padding is valid / the encryption was successful. | ||
| 674 | * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, | ||
| 675 | * an internal error occured. | ||
| 676 | */ | ||
| 677 | int | ||
| 678 | tls1_enc(SSL *s, int send) | ||
| 679 | { | ||
| 680 | const SSL_AEAD_CTX *aead; | ||
| 681 | const EVP_CIPHER *enc; | ||
| 682 | EVP_CIPHER_CTX *ds; | ||
| 683 | SSL3_RECORD *rec; | ||
| 684 | unsigned char *seq; | ||
| 685 | unsigned long l; | ||
| 686 | int bs, i, j, k, pad = 0, ret, mac_size = 0; | ||
| 687 | |||
| 688 | if (send) { | ||
| 689 | aead = s->aead_write_ctx; | ||
| 690 | rec = &s->s3->wrec; | ||
| 691 | seq = s->s3->write_sequence; | ||
| 692 | } else { | ||
| 693 | aead = s->aead_read_ctx; | ||
| 694 | rec = &s->s3->rrec; | ||
| 695 | seq = s->s3->read_sequence; | ||
| 696 | } | ||
| 697 | |||
| 698 | if (aead) { | ||
| 699 | unsigned char ad[13], *in, *out, nonce[16]; | ||
| 700 | unsigned nonce_used; | ||
| 701 | ssize_t n; | ||
| 702 | |||
| 703 | if (SSL_IS_DTLS(s)) { | ||
| 704 | dtls1_build_sequence_number(ad, seq, | ||
| 705 | send ? s->d1->w_epoch : s->d1->r_epoch); | ||
| 706 | } else { | ||
| 707 | memcpy(ad, seq, SSL3_SEQUENCE_SIZE); | ||
| 708 | ssl3_record_sequence_increment(seq); | ||
| 709 | } | ||
| 710 | |||
| 711 | ad[8] = rec->type; | ||
| 712 | ad[9] = (unsigned char)(s->version >> 8); | ||
| 713 | ad[10] = (unsigned char)(s->version); | ||
| 714 | |||
| 715 | if (aead->fixed_nonce_len + | ||
| 716 | aead->variable_nonce_len > sizeof(nonce) || | ||
| 717 | aead->variable_nonce_len > 8) | ||
| 718 | return -1; /* internal error - should never happen. */ | ||
| 719 | |||
| 720 | memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); | ||
| 721 | nonce_used = aead->fixed_nonce_len; | ||
| 722 | |||
| 723 | if (send) { | ||
| 724 | size_t len = rec->length; | ||
| 725 | size_t eivlen = 0; | ||
| 726 | in = rec->input; | ||
| 727 | out = rec->data; | ||
| 728 | |||
| 729 | /* | ||
| 730 | * When sending we use the sequence number as the | ||
| 731 | * variable part of the nonce. | ||
| 732 | */ | ||
| 733 | if (aead->variable_nonce_len > 8) | ||
| 734 | return -1; | ||
| 735 | memcpy(nonce + nonce_used, ad, | ||
| 736 | aead->variable_nonce_len); | ||
| 737 | nonce_used += aead->variable_nonce_len; | ||
| 738 | |||
| 739 | /* | ||
| 740 | * In do_ssl3_write, rec->input is moved forward by | ||
| 741 | * variable_nonce_len in order to leave space for the | ||
| 742 | * variable nonce. Thus we can copy the sequence number | ||
| 743 | * bytes into place without overwriting any of the | ||
| 744 | * plaintext. | ||
| 745 | */ | ||
| 746 | if (aead->variable_nonce_in_record) { | ||
| 747 | memcpy(out, ad, aead->variable_nonce_len); | ||
| 748 | len -= aead->variable_nonce_len; | ||
| 749 | eivlen = aead->variable_nonce_len; | ||
| 750 | } | ||
| 751 | |||
| 752 | ad[11] = len >> 8; | ||
| 753 | ad[12] = len & 0xff; | ||
| 754 | |||
| 755 | if (!EVP_AEAD_CTX_seal(&aead->ctx, | ||
| 756 | out + eivlen, &n, len + aead->tag_len, nonce, | ||
| 757 | nonce_used, in + eivlen, len, ad, sizeof(ad))) | ||
| 758 | return -1; | ||
| 759 | if (n >= 0 && aead->variable_nonce_in_record) | ||
| 760 | n += aead->variable_nonce_len; | ||
| 761 | } else { | ||
| 762 | /* receive */ | ||
| 763 | size_t len = rec->length; | ||
| 764 | |||
| 765 | if (rec->data != rec->input) | ||
| 766 | return -1; /* internal error - should never happen. */ | ||
| 767 | out = in = rec->input; | ||
| 768 | |||
| 769 | if (len < aead->variable_nonce_len) | ||
| 770 | return 0; | ||
| 771 | memcpy(nonce + nonce_used, | ||
| 772 | aead->variable_nonce_in_record ? in : ad, | ||
| 773 | aead->variable_nonce_len); | ||
| 774 | nonce_used += aead->variable_nonce_len; | ||
| 775 | |||
| 776 | if (aead->variable_nonce_in_record) { | ||
| 777 | in += aead->variable_nonce_len; | ||
| 778 | len -= aead->variable_nonce_len; | ||
| 779 | out += aead->variable_nonce_len; | ||
| 780 | } | ||
| 781 | |||
| 782 | if (len < aead->tag_len) | ||
| 783 | return 0; | ||
| 784 | len -= aead->tag_len; | ||
| 785 | |||
| 786 | ad[11] = len >> 8; | ||
| 787 | ad[12] = len & 0xff; | ||
| 788 | |||
| 789 | if (!EVP_AEAD_CTX_open(&aead->ctx, out, &n, len, nonce, | ||
| 790 | nonce_used, in, len + aead->tag_len, ad, | ||
| 791 | sizeof(ad))) | ||
| 792 | return -1; | ||
| 793 | |||
| 794 | rec->data = rec->input = out; | ||
| 795 | } | ||
| 796 | |||
| 797 | if (n == -1) | ||
| 798 | return -1; | ||
| 799 | rec->length = n; | ||
| 800 | |||
| 801 | return 1; | ||
| 802 | } | ||
| 803 | |||
| 804 | if (send) { | ||
| 805 | if (EVP_MD_CTX_md(s->write_hash)) { | ||
| 806 | int n = EVP_MD_CTX_size(s->write_hash); | ||
| 807 | OPENSSL_assert(n >= 0); | ||
| 808 | } | ||
| 809 | ds = s->enc_write_ctx; | ||
| 810 | if (s->enc_write_ctx == NULL) | ||
| 811 | enc = NULL; | ||
| 812 | else { | ||
| 813 | int ivlen = 0; | ||
| 814 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | ||
| 815 | if (SSL_USE_EXPLICIT_IV(s) && | ||
| 816 | EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) | ||
| 817 | ivlen = EVP_CIPHER_iv_length(enc); | ||
| 818 | if (ivlen > 1) { | ||
| 819 | if (rec->data != rec->input) | ||
| 820 | /* we can't write into the input stream: | ||
| 821 | * Can this ever happen?? (steve) | ||
| 822 | */ | ||
| 823 | fprintf(stderr, | ||
| 824 | "%s:%d: rec->data != rec->input\n", | ||
| 825 | __FILE__, __LINE__); | ||
| 826 | else | ||
| 827 | arc4random_buf(rec->input, ivlen); | ||
| 828 | } | ||
| 829 | } | ||
| 830 | } else { | ||
| 831 | if (EVP_MD_CTX_md(s->read_hash)) { | ||
| 832 | int n = EVP_MD_CTX_size(s->read_hash); | ||
| 833 | OPENSSL_assert(n >= 0); | ||
| 834 | } | ||
| 835 | ds = s->enc_read_ctx; | ||
| 836 | if (s->enc_read_ctx == NULL) | ||
| 837 | enc = NULL; | ||
| 838 | else | ||
| 839 | enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | ||
| 840 | } | ||
| 841 | |||
| 842 | if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { | ||
| 843 | memmove(rec->data, rec->input, rec->length); | ||
| 844 | rec->input = rec->data; | ||
| 845 | ret = 1; | ||
| 846 | } else { | ||
| 847 | l = rec->length; | ||
| 848 | bs = EVP_CIPHER_block_size(ds->cipher); | ||
| 849 | |||
| 850 | if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { | ||
| 851 | unsigned char buf[13]; | ||
| 852 | |||
| 853 | if (SSL_IS_DTLS(s)) { | ||
| 854 | dtls1_build_sequence_number(buf, seq, | ||
| 855 | send ? s->d1->w_epoch : s->d1->r_epoch); | ||
| 856 | } else { | ||
| 857 | memcpy(buf, seq, SSL3_SEQUENCE_SIZE); | ||
| 858 | ssl3_record_sequence_increment(seq); | ||
| 859 | } | ||
| 860 | |||
| 861 | buf[8] = rec->type; | ||
| 862 | buf[9] = (unsigned char)(s->version >> 8); | ||
| 863 | buf[10] = (unsigned char)(s->version); | ||
| 864 | buf[11] = rec->length >> 8; | ||
| 865 | buf[12] = rec->length & 0xff; | ||
| 866 | pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf); | ||
| 867 | if (send) { | ||
| 868 | l += pad; | ||
| 869 | rec->length += pad; | ||
| 870 | } | ||
| 871 | } else if ((bs != 1) && send) { | ||
| 872 | i = bs - ((int)l % bs); | ||
| 873 | |||
| 874 | /* Add weird padding of upto 256 bytes */ | ||
| 875 | |||
| 876 | /* we need to add 'i' padding bytes of value j */ | ||
| 877 | j = i - 1; | ||
| 878 | if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { | ||
| 879 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | ||
| 880 | j++; | ||
| 881 | } | ||
| 882 | for (k = (int)l; k < (int)(l + i); k++) | ||
| 883 | rec->input[k] = j; | ||
| 884 | l += i; | ||
| 885 | rec->length += i; | ||
| 886 | } | ||
| 887 | |||
| 888 | if (!send) { | ||
| 889 | if (l == 0 || l % bs != 0) | ||
| 890 | return 0; | ||
| 891 | } | ||
| 892 | |||
| 893 | i = EVP_Cipher(ds, rec->data, rec->input, l); | ||
| 894 | if ((EVP_CIPHER_flags(ds->cipher) & | ||
| 895 | EVP_CIPH_FLAG_CUSTOM_CIPHER) ? (i < 0) : (i == 0)) | ||
| 896 | return -1; /* AEAD can fail to verify MAC */ | ||
| 897 | if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) { | ||
| 898 | rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
| 899 | rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
| 900 | rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; | ||
| 901 | } | ||
| 902 | |||
| 903 | ret = 1; | ||
| 904 | if (EVP_MD_CTX_md(s->read_hash) != NULL) | ||
| 905 | mac_size = EVP_MD_CTX_size(s->read_hash); | ||
| 906 | if ((bs != 1) && !send) | ||
| 907 | ret = tls1_cbc_remove_padding(s, rec, bs, mac_size); | ||
| 908 | if (pad && !send) | ||
| 909 | rec->length -= pad; | ||
| 910 | } | ||
| 911 | return ret; | ||
| 912 | } | ||
| 913 | |||
| 914 | int | ||
| 915 | tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) | ||
| 916 | { | ||
| 917 | EVP_MD_CTX ctx, *d = NULL; | ||
| 918 | unsigned int ret; | ||
| 919 | int i; | ||
| 920 | |||
| 921 | if (s->s3->handshake_buffer) | ||
| 922 | if (!ssl3_digest_cached_records(s)) | ||
| 923 | return 0; | ||
| 924 | |||
| 925 | for (i = 0; i < SSL_MAX_DIGEST; i++) { | ||
| 926 | if (s->s3->handshake_dgst[i] && | ||
| 927 | EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) { | ||
| 928 | d = s->s3->handshake_dgst[i]; | ||
| 929 | break; | ||
| 930 | } | ||
| 931 | } | ||
| 932 | if (d == NULL) { | ||
| 933 | SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST); | ||
| 934 | return 0; | ||
| 935 | } | ||
| 936 | |||
| 937 | EVP_MD_CTX_init(&ctx); | ||
| 938 | if (!EVP_MD_CTX_copy_ex(&ctx, d)) | ||
| 939 | return 0; | ||
| 940 | EVP_DigestFinal_ex(&ctx, out, &ret); | ||
| 941 | EVP_MD_CTX_cleanup(&ctx); | ||
| 942 | |||
| 943 | return ((int)ret); | ||
| 944 | } | ||
| 945 | |||
| 946 | int | ||
| 947 | tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) | ||
| 948 | { | ||
| 949 | unsigned int i; | ||
| 950 | EVP_MD_CTX ctx; | ||
| 951 | unsigned char buf[2*EVP_MAX_MD_SIZE]; | ||
| 952 | unsigned char *q, buf2[12]; | ||
| 953 | int idx; | ||
| 954 | long mask; | ||
| 955 | int err = 0; | ||
| 956 | const EVP_MD *md; | ||
| 957 | |||
| 958 | q = buf; | ||
| 959 | |||
| 960 | if (s->s3->handshake_buffer) | ||
| 961 | if (!ssl3_digest_cached_records(s)) | ||
| 962 | return 0; | ||
| 963 | |||
| 964 | EVP_MD_CTX_init(&ctx); | ||
| 965 | |||
| 966 | for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) { | ||
| 967 | if (ssl_get_algorithm2(s) & mask) { | ||
| 968 | int hashsize = EVP_MD_size(md); | ||
| 969 | EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; | ||
| 970 | if (!hdgst || hashsize < 0 || | ||
| 971 | hashsize > (int)(sizeof buf - (size_t)(q - buf))) { | ||
| 972 | /* internal error: 'buf' is too small for this cipersuite! */ | ||
| 973 | err = 1; | ||
| 974 | } else { | ||
| 975 | if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || | ||
| 976 | !EVP_DigestFinal_ex(&ctx, q, &i) || | ||
| 977 | (i != (unsigned int)hashsize)) | ||
| 978 | err = 1; | ||
| 979 | q += hashsize; | ||
| 980 | } | ||
| 981 | } | ||
| 982 | } | ||
| 983 | |||
| 984 | if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf), | ||
| 985 | NULL, 0, NULL, 0, NULL, 0, | ||
| 986 | s->session->master_key, s->session->master_key_length, | ||
| 987 | out, buf2, sizeof buf2)) | ||
| 988 | err = 1; | ||
| 989 | EVP_MD_CTX_cleanup(&ctx); | ||
| 990 | |||
| 991 | if (err) | ||
| 992 | return 0; | ||
| 993 | else | ||
| 994 | return sizeof buf2; | ||
| 995 | } | ||
| 996 | |||
| 997 | int | ||
| 998 | tls1_mac(SSL *ssl, unsigned char *md, int send) | ||
| 999 | { | ||
| 1000 | SSL3_RECORD *rec; | ||
| 1001 | unsigned char *seq; | ||
| 1002 | EVP_MD_CTX *hash; | ||
| 1003 | size_t md_size, orig_len; | ||
| 1004 | EVP_MD_CTX hmac, *mac_ctx; | ||
| 1005 | unsigned char header[13]; | ||
| 1006 | int stream_mac = (send ? | ||
| 1007 | (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : | ||
| 1008 | (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); | ||
| 1009 | int t; | ||
| 1010 | |||
| 1011 | if (send) { | ||
| 1012 | rec = &(ssl->s3->wrec); | ||
| 1013 | seq = &(ssl->s3->write_sequence[0]); | ||
| 1014 | hash = ssl->write_hash; | ||
| 1015 | } else { | ||
| 1016 | rec = &(ssl->s3->rrec); | ||
| 1017 | seq = &(ssl->s3->read_sequence[0]); | ||
| 1018 | hash = ssl->read_hash; | ||
| 1019 | } | ||
| 1020 | |||
| 1021 | t = EVP_MD_CTX_size(hash); | ||
| 1022 | OPENSSL_assert(t >= 0); | ||
| 1023 | md_size = t; | ||
| 1024 | |||
| 1025 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | ||
| 1026 | if (stream_mac) { | ||
| 1027 | mac_ctx = hash; | ||
| 1028 | } else { | ||
| 1029 | if (!EVP_MD_CTX_copy(&hmac, hash)) | ||
| 1030 | return -1; | ||
| 1031 | mac_ctx = &hmac; | ||
| 1032 | } | ||
| 1033 | |||
| 1034 | if (SSL_IS_DTLS(ssl)) | ||
| 1035 | dtls1_build_sequence_number(header, seq, | ||
| 1036 | send ? ssl->d1->w_epoch : ssl->d1->r_epoch); | ||
| 1037 | else | ||
| 1038 | memcpy(header, seq, SSL3_SEQUENCE_SIZE); | ||
| 1039 | |||
| 1040 | /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */ | ||
| 1041 | orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8); | ||
| 1042 | rec->type &= 0xff; | ||
| 1043 | |||
| 1044 | header[8] = rec->type; | ||
| 1045 | header[9] = (unsigned char)(ssl->version >> 8); | ||
| 1046 | header[10] = (unsigned char)(ssl->version); | ||
| 1047 | header[11] = (rec->length) >> 8; | ||
| 1048 | header[12] = (rec->length) & 0xff; | ||
| 1049 | |||
| 1050 | if (!send && | ||
| 1051 | EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && | ||
| 1052 | ssl3_cbc_record_digest_supported(mac_ctx)) { | ||
| 1053 | /* This is a CBC-encrypted record. We must avoid leaking any | ||
| 1054 | * timing-side channel information about how many blocks of | ||
| 1055 | * data we are hashing because that gives an attacker a | ||
| 1056 | * timing-oracle. */ | ||
| 1057 | if (!ssl3_cbc_digest_record(mac_ctx, | ||
| 1058 | md, &md_size, header, rec->input, | ||
| 1059 | rec->length + md_size, orig_len, | ||
| 1060 | ssl->s3->read_mac_secret, | ||
| 1061 | ssl->s3->read_mac_secret_size, | ||
| 1062 | 0 /* not SSLv3 */)) | ||
| 1063 | return -1; | ||
| 1064 | } else { | ||
| 1065 | EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); | ||
| 1066 | EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); | ||
| 1067 | t = EVP_DigestSignFinal(mac_ctx, md, &md_size); | ||
| 1068 | OPENSSL_assert(t > 0); | ||
| 1069 | } | ||
| 1070 | |||
| 1071 | if (!stream_mac) | ||
| 1072 | EVP_MD_CTX_cleanup(&hmac); | ||
| 1073 | |||
| 1074 | if (!SSL_IS_DTLS(ssl)) | ||
| 1075 | ssl3_record_sequence_increment(seq); | ||
| 1076 | |||
| 1077 | return (md_size); | ||
| 1078 | } | ||
| 1079 | |||
| 1080 | int | ||
| 1081 | tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, | ||
| 1082 | int len) | ||
| 1083 | { | ||
| 1084 | unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 1085 | |||
| 1086 | tls1_PRF(ssl_get_algorithm2(s), | ||
| 1087 | TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, | ||
| 1088 | s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, | ||
| 1089 | s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, | ||
| 1090 | p, len, s->session->master_key, buff, sizeof buff); | ||
| 1091 | |||
| 1092 | return (SSL3_MASTER_SECRET_SIZE); | ||
| 1093 | } | ||
| 1094 | |||
| 1095 | int | ||
| 1096 | tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, | ||
| 1097 | const char *label, size_t llen, const unsigned char *context, | ||
| 1098 | size_t contextlen, int use_context) | ||
| 1099 | { | ||
| 1100 | unsigned char *buff; | ||
| 1101 | unsigned char *val = NULL; | ||
| 1102 | size_t vallen, currentvalpos; | ||
| 1103 | int rv; | ||
| 1104 | |||
| 1105 | buff = malloc(olen); | ||
| 1106 | if (buff == NULL) | ||
| 1107 | goto err2; | ||
| 1108 | |||
| 1109 | /* construct PRF arguments | ||
| 1110 | * we construct the PRF argument ourself rather than passing separate | ||
| 1111 | * values into the TLS PRF to ensure that the concatenation of values | ||
| 1112 | * does not create a prohibited label. | ||
| 1113 | */ | ||
| 1114 | vallen = llen + SSL3_RANDOM_SIZE * 2; | ||
| 1115 | if (use_context) { | ||
| 1116 | vallen += 2 + contextlen; | ||
| 1117 | } | ||
| 1118 | |||
| 1119 | val = malloc(vallen); | ||
| 1120 | if (val == NULL) | ||
| 1121 | goto err2; | ||
| 1122 | currentvalpos = 0; | ||
| 1123 | memcpy(val + currentvalpos, (unsigned char *) label, llen); | ||
| 1124 | currentvalpos += llen; | ||
| 1125 | memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE); | ||
| 1126 | currentvalpos += SSL3_RANDOM_SIZE; | ||
| 1127 | memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE); | ||
| 1128 | currentvalpos += SSL3_RANDOM_SIZE; | ||
| 1129 | |||
| 1130 | if (use_context) { | ||
| 1131 | val[currentvalpos] = (contextlen >> 8) & 0xff; | ||
| 1132 | currentvalpos++; | ||
| 1133 | val[currentvalpos] = contextlen & 0xff; | ||
| 1134 | currentvalpos++; | ||
| 1135 | if ((contextlen > 0) || (context != NULL)) { | ||
| 1136 | memcpy(val + currentvalpos, context, contextlen); | ||
| 1137 | } | ||
| 1138 | } | ||
| 1139 | |||
| 1140 | /* disallow prohibited labels | ||
| 1141 | * note that SSL3_RANDOM_SIZE > max(prohibited label len) = | ||
| 1142 | * 15, so size of val > max(prohibited label len) = 15 and the | ||
| 1143 | * comparisons won't have buffer overflow | ||
| 1144 | */ | ||
| 1145 | if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST, | ||
| 1146 | TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) | ||
| 1147 | goto err1; | ||
| 1148 | if (memcmp(val, TLS_MD_SERVER_FINISH_CONST, | ||
| 1149 | TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) | ||
| 1150 | goto err1; | ||
| 1151 | if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, | ||
| 1152 | TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) | ||
| 1153 | goto err1; | ||
| 1154 | if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, | ||
| 1155 | TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) | ||
| 1156 | goto err1; | ||
| 1157 | |||
| 1158 | rv = tls1_PRF(ssl_get_algorithm2(s), | ||
| 1159 | val, vallen, NULL, 0, NULL, 0, NULL, 0, NULL, 0, | ||
| 1160 | s->session->master_key, s->session->master_key_length, | ||
| 1161 | out, buff, olen); | ||
| 1162 | |||
| 1163 | goto ret; | ||
| 1164 | err1: | ||
| 1165 | SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, | ||
| 1166 | SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); | ||
| 1167 | rv = 0; | ||
| 1168 | goto ret; | ||
| 1169 | err2: | ||
| 1170 | SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); | ||
| 1171 | rv = 0; | ||
| 1172 | ret: | ||
| 1173 | free(buff); | ||
| 1174 | free(val); | ||
| 1175 | |||
| 1176 | return (rv); | ||
| 1177 | } | ||
| 1178 | |||
| 1179 | int | ||
| 1180 | tls1_alert_code(int code) | ||
| 1181 | { | ||
| 1182 | switch (code) { | ||
| 1183 | case SSL_AD_CLOSE_NOTIFY: | ||
| 1184 | return (SSL3_AD_CLOSE_NOTIFY); | ||
| 1185 | case SSL_AD_UNEXPECTED_MESSAGE: | ||
| 1186 | return (SSL3_AD_UNEXPECTED_MESSAGE); | ||
| 1187 | case SSL_AD_BAD_RECORD_MAC: | ||
| 1188 | return (SSL3_AD_BAD_RECORD_MAC); | ||
| 1189 | case SSL_AD_DECRYPTION_FAILED: | ||
| 1190 | return (TLS1_AD_DECRYPTION_FAILED); | ||
| 1191 | case SSL_AD_RECORD_OVERFLOW: | ||
| 1192 | return (TLS1_AD_RECORD_OVERFLOW); | ||
| 1193 | case SSL_AD_DECOMPRESSION_FAILURE: | ||
| 1194 | return (SSL3_AD_DECOMPRESSION_FAILURE); | ||
| 1195 | case SSL_AD_HANDSHAKE_FAILURE: | ||
| 1196 | return (SSL3_AD_HANDSHAKE_FAILURE); | ||
| 1197 | case SSL_AD_NO_CERTIFICATE: | ||
| 1198 | return (-1); | ||
| 1199 | case SSL_AD_BAD_CERTIFICATE: | ||
| 1200 | return (SSL3_AD_BAD_CERTIFICATE); | ||
| 1201 | case SSL_AD_UNSUPPORTED_CERTIFICATE: | ||
| 1202 | return (SSL3_AD_UNSUPPORTED_CERTIFICATE); | ||
| 1203 | case SSL_AD_CERTIFICATE_REVOKED: | ||
| 1204 | return (SSL3_AD_CERTIFICATE_REVOKED); | ||
| 1205 | case SSL_AD_CERTIFICATE_EXPIRED: | ||
| 1206 | return (SSL3_AD_CERTIFICATE_EXPIRED); | ||
| 1207 | case SSL_AD_CERTIFICATE_UNKNOWN: | ||
| 1208 | return (SSL3_AD_CERTIFICATE_UNKNOWN); | ||
| 1209 | case SSL_AD_ILLEGAL_PARAMETER: | ||
| 1210 | return (SSL3_AD_ILLEGAL_PARAMETER); | ||
| 1211 | case SSL_AD_UNKNOWN_CA: | ||
| 1212 | return (TLS1_AD_UNKNOWN_CA); | ||
| 1213 | case SSL_AD_ACCESS_DENIED: | ||
| 1214 | return (TLS1_AD_ACCESS_DENIED); | ||
| 1215 | case SSL_AD_DECODE_ERROR: | ||
| 1216 | return (TLS1_AD_DECODE_ERROR); | ||
| 1217 | case SSL_AD_DECRYPT_ERROR: | ||
| 1218 | return (TLS1_AD_DECRYPT_ERROR); | ||
| 1219 | case SSL_AD_EXPORT_RESTRICTION: | ||
| 1220 | return (TLS1_AD_EXPORT_RESTRICTION); | ||
| 1221 | case SSL_AD_PROTOCOL_VERSION: | ||
| 1222 | return (TLS1_AD_PROTOCOL_VERSION); | ||
| 1223 | case SSL_AD_INSUFFICIENT_SECURITY: | ||
| 1224 | return (TLS1_AD_INSUFFICIENT_SECURITY); | ||
| 1225 | case SSL_AD_INTERNAL_ERROR: | ||
| 1226 | return (TLS1_AD_INTERNAL_ERROR); | ||
| 1227 | case SSL_AD_USER_CANCELLED: | ||
| 1228 | return (TLS1_AD_USER_CANCELLED); | ||
| 1229 | case SSL_AD_NO_RENEGOTIATION: | ||
| 1230 | return (TLS1_AD_NO_RENEGOTIATION); | ||
| 1231 | case SSL_AD_UNSUPPORTED_EXTENSION: | ||
| 1232 | return (TLS1_AD_UNSUPPORTED_EXTENSION); | ||
| 1233 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: | ||
| 1234 | return (TLS1_AD_CERTIFICATE_UNOBTAINABLE); | ||
| 1235 | case SSL_AD_UNRECOGNIZED_NAME: | ||
| 1236 | return (TLS1_AD_UNRECOGNIZED_NAME); | ||
| 1237 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | ||
| 1238 | return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); | ||
| 1239 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: | ||
| 1240 | return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); | ||
| 1241 | case SSL_AD_UNKNOWN_PSK_IDENTITY: | ||
| 1242 | return (TLS1_AD_UNKNOWN_PSK_IDENTITY); | ||
| 1243 | case SSL_AD_INAPPROPRIATE_FALLBACK: | ||
| 1244 | return(TLS1_AD_INAPPROPRIATE_FALLBACK); | ||
| 1245 | default: | ||
| 1246 | return (-1); | ||
| 1247 | } | ||
| 1248 | } | ||
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c deleted file mode 100644 index 9b7f54682b..0000000000 --- a/src/lib/libssl/t1_lib.c +++ /dev/null | |||
| @@ -1,2486 +0,0 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.75 2015/03/02 13:43:09 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 112 | #include <stdio.h> | ||
| 113 | |||
| 114 | #include <openssl/evp.h> | ||
| 115 | #include <openssl/hmac.h> | ||
| 116 | #include <openssl/objects.h> | ||
| 117 | #include <openssl/ocsp.h> | ||
| 118 | |||
| 119 | #include "ssl_locl.h" | ||
| 120 | |||
| 121 | static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, | ||
| 122 | const unsigned char *sess_id, int sesslen, | ||
| 123 | SSL_SESSION **psess); | ||
| 124 | |||
| 125 | SSL3_ENC_METHOD TLSv1_enc_data = { | ||
| 126 | .enc = tls1_enc, | ||
| 127 | .mac = tls1_mac, | ||
| 128 | .setup_key_block = tls1_setup_key_block, | ||
| 129 | .generate_master_secret = tls1_generate_master_secret, | ||
| 130 | .change_cipher_state = tls1_change_cipher_state, | ||
| 131 | .final_finish_mac = tls1_final_finish_mac, | ||
| 132 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 133 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 134 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 135 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 136 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 137 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 138 | .alert_value = tls1_alert_code, | ||
| 139 | .export_keying_material = tls1_export_keying_material, | ||
| 140 | .enc_flags = 0, | ||
| 141 | }; | ||
| 142 | |||
| 143 | SSL3_ENC_METHOD TLSv1_1_enc_data = { | ||
| 144 | .enc = tls1_enc, | ||
| 145 | .mac = tls1_mac, | ||
| 146 | .setup_key_block = tls1_setup_key_block, | ||
| 147 | .generate_master_secret = tls1_generate_master_secret, | ||
| 148 | .change_cipher_state = tls1_change_cipher_state, | ||
| 149 | .final_finish_mac = tls1_final_finish_mac, | ||
| 150 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 151 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 152 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 153 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 154 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 155 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 156 | .alert_value = tls1_alert_code, | ||
| 157 | .export_keying_material = tls1_export_keying_material, | ||
| 158 | .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, | ||
| 159 | }; | ||
| 160 | |||
| 161 | SSL3_ENC_METHOD TLSv1_2_enc_data = { | ||
| 162 | .enc = tls1_enc, | ||
| 163 | .mac = tls1_mac, | ||
| 164 | .setup_key_block = tls1_setup_key_block, | ||
| 165 | .generate_master_secret = tls1_generate_master_secret, | ||
| 166 | .change_cipher_state = tls1_change_cipher_state, | ||
| 167 | .final_finish_mac = tls1_final_finish_mac, | ||
| 168 | .finish_mac_length = TLS1_FINISH_MAC_LENGTH, | ||
| 169 | .cert_verify_mac = tls1_cert_verify_mac, | ||
| 170 | .client_finished_label = TLS_MD_CLIENT_FINISH_CONST, | ||
| 171 | .client_finished_label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE, | ||
| 172 | .server_finished_label = TLS_MD_SERVER_FINISH_CONST, | ||
| 173 | .server_finished_label_len = TLS_MD_SERVER_FINISH_CONST_SIZE, | ||
| 174 | .alert_value = tls1_alert_code, | ||
| 175 | .export_keying_material = tls1_export_keying_material, | ||
| 176 | .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS| | ||
| 177 | SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS, | ||
| 178 | }; | ||
| 179 | |||
| 180 | long | ||
| 181 | tls1_default_timeout(void) | ||
| 182 | { | ||
| 183 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | ||
| 184 | * is way too long for http, the cache would over fill */ | ||
| 185 | return (60 * 60 * 2); | ||
| 186 | } | ||
| 187 | |||
| 188 | int | ||
| 189 | tls1_new(SSL *s) | ||
| 190 | { | ||
| 191 | if (!ssl3_new(s)) | ||
| 192 | return (0); | ||
| 193 | s->method->ssl_clear(s); | ||
| 194 | return (1); | ||
| 195 | } | ||
| 196 | |||
| 197 | void | ||
| 198 | tls1_free(SSL *s) | ||
| 199 | { | ||
| 200 | free(s->tlsext_session_ticket); | ||
| 201 | ssl3_free(s); | ||
| 202 | } | ||
| 203 | |||
| 204 | void | ||
| 205 | tls1_clear(SSL *s) | ||
| 206 | { | ||
| 207 | ssl3_clear(s); | ||
| 208 | s->version = s->method->version; | ||
| 209 | } | ||
| 210 | |||
| 211 | |||
| 212 | static int nid_list[] = { | ||
| 213 | NID_sect163k1, /* sect163k1 (1) */ | ||
| 214 | NID_sect163r1, /* sect163r1 (2) */ | ||
| 215 | NID_sect163r2, /* sect163r2 (3) */ | ||
| 216 | NID_sect193r1, /* sect193r1 (4) */ | ||
| 217 | NID_sect193r2, /* sect193r2 (5) */ | ||
| 218 | NID_sect233k1, /* sect233k1 (6) */ | ||
| 219 | NID_sect233r1, /* sect233r1 (7) */ | ||
| 220 | NID_sect239k1, /* sect239k1 (8) */ | ||
| 221 | NID_sect283k1, /* sect283k1 (9) */ | ||
| 222 | NID_sect283r1, /* sect283r1 (10) */ | ||
| 223 | NID_sect409k1, /* sect409k1 (11) */ | ||
| 224 | NID_sect409r1, /* sect409r1 (12) */ | ||
| 225 | NID_sect571k1, /* sect571k1 (13) */ | ||
| 226 | NID_sect571r1, /* sect571r1 (14) */ | ||
| 227 | NID_secp160k1, /* secp160k1 (15) */ | ||
| 228 | NID_secp160r1, /* secp160r1 (16) */ | ||
| 229 | NID_secp160r2, /* secp160r2 (17) */ | ||
| 230 | NID_secp192k1, /* secp192k1 (18) */ | ||
| 231 | NID_X9_62_prime192v1, /* secp192r1 (19) */ | ||
| 232 | NID_secp224k1, /* secp224k1 (20) */ | ||
| 233 | NID_secp224r1, /* secp224r1 (21) */ | ||
| 234 | NID_secp256k1, /* secp256k1 (22) */ | ||
| 235 | NID_X9_62_prime256v1, /* secp256r1 (23) */ | ||
| 236 | NID_secp384r1, /* secp384r1 (24) */ | ||
| 237 | NID_secp521r1, /* secp521r1 (25) */ | ||
| 238 | NID_brainpoolP256r1, /* brainpoolP256r1 (26) */ | ||
| 239 | NID_brainpoolP384r1, /* brainpoolP384r1 (27) */ | ||
| 240 | NID_brainpoolP512r1 /* brainpoolP512r1 (28) */ | ||
| 241 | }; | ||
| 242 | |||
| 243 | static const uint8_t ecformats_default[] = { | ||
| 244 | TLSEXT_ECPOINTFORMAT_uncompressed, | ||
| 245 | TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime, | ||
| 246 | TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 | ||
| 247 | }; | ||
| 248 | |||
| 249 | static const uint16_t eccurves_default[] = { | ||
| 250 | 14, /* sect571r1 (14) */ | ||
| 251 | 13, /* sect571k1 (13) */ | ||
| 252 | 25, /* secp521r1 (25) */ | ||
| 253 | 28, /* brainpool512r1 (28) */ | ||
| 254 | 11, /* sect409k1 (11) */ | ||
| 255 | 12, /* sect409r1 (12) */ | ||
| 256 | 27, /* brainpoolP384r1 (27) */ | ||
| 257 | 24, /* secp384r1 (24) */ | ||
| 258 | 9, /* sect283k1 (9) */ | ||
| 259 | 10, /* sect283r1 (10) */ | ||
| 260 | 26, /* brainpoolP256r1 (26) */ | ||
| 261 | 22, /* secp256k1 (22) */ | ||
| 262 | 23, /* secp256r1 (23) */ | ||
| 263 | 8, /* sect239k1 (8) */ | ||
| 264 | 6, /* sect233k1 (6) */ | ||
| 265 | 7, /* sect233r1 (7) */ | ||
| 266 | 20, /* secp224k1 (20) */ | ||
| 267 | 21, /* secp224r1 (21) */ | ||
| 268 | 4, /* sect193r1 (4) */ | ||
| 269 | 5, /* sect193r2 (5) */ | ||
| 270 | 18, /* secp192k1 (18) */ | ||
| 271 | 19, /* secp192r1 (19) */ | ||
| 272 | 1, /* sect163k1 (1) */ | ||
| 273 | 2, /* sect163r1 (2) */ | ||
| 274 | 3, /* sect163r2 (3) */ | ||
| 275 | 15, /* secp160k1 (15) */ | ||
| 276 | 16, /* secp160r1 (16) */ | ||
| 277 | 17, /* secp160r2 (17) */ | ||
| 278 | }; | ||
| 279 | |||
| 280 | int | ||
| 281 | tls1_ec_curve_id2nid(uint16_t curve_id) | ||
| 282 | { | ||
| 283 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | ||
| 284 | if ((curve_id < 1) || | ||
| 285 | ((unsigned int)curve_id > sizeof(nid_list) / sizeof(nid_list[0]))) | ||
| 286 | return 0; | ||
| 287 | return nid_list[curve_id - 1]; | ||
| 288 | } | ||
| 289 | |||
| 290 | uint16_t | ||
| 291 | tls1_ec_nid2curve_id(int nid) | ||
| 292 | { | ||
| 293 | /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */ | ||
| 294 | switch (nid) { | ||
| 295 | case NID_sect163k1: /* sect163k1 (1) */ | ||
| 296 | return 1; | ||
| 297 | case NID_sect163r1: /* sect163r1 (2) */ | ||
| 298 | return 2; | ||
| 299 | case NID_sect163r2: /* sect163r2 (3) */ | ||
| 300 | return 3; | ||
| 301 | case NID_sect193r1: /* sect193r1 (4) */ | ||
| 302 | return 4; | ||
| 303 | case NID_sect193r2: /* sect193r2 (5) */ | ||
| 304 | return 5; | ||
| 305 | case NID_sect233k1: /* sect233k1 (6) */ | ||
| 306 | return 6; | ||
| 307 | case NID_sect233r1: /* sect233r1 (7) */ | ||
| 308 | return 7; | ||
| 309 | case NID_sect239k1: /* sect239k1 (8) */ | ||
| 310 | return 8; | ||
| 311 | case NID_sect283k1: /* sect283k1 (9) */ | ||
| 312 | return 9; | ||
| 313 | case NID_sect283r1: /* sect283r1 (10) */ | ||
| 314 | return 10; | ||
| 315 | case NID_sect409k1: /* sect409k1 (11) */ | ||
| 316 | return 11; | ||
| 317 | case NID_sect409r1: /* sect409r1 (12) */ | ||
| 318 | return 12; | ||
| 319 | case NID_sect571k1: /* sect571k1 (13) */ | ||
| 320 | return 13; | ||
| 321 | case NID_sect571r1: /* sect571r1 (14) */ | ||
| 322 | return 14; | ||
| 323 | case NID_secp160k1: /* secp160k1 (15) */ | ||
| 324 | return 15; | ||
| 325 | case NID_secp160r1: /* secp160r1 (16) */ | ||
| 326 | return 16; | ||
| 327 | case NID_secp160r2: /* secp160r2 (17) */ | ||
| 328 | return 17; | ||
| 329 | case NID_secp192k1: /* secp192k1 (18) */ | ||
| 330 | return 18; | ||
| 331 | case NID_X9_62_prime192v1: /* secp192r1 (19) */ | ||
| 332 | return 19; | ||
| 333 | case NID_secp224k1: /* secp224k1 (20) */ | ||
| 334 | return 20; | ||
| 335 | case NID_secp224r1: /* secp224r1 (21) */ | ||
| 336 | return 21; | ||
| 337 | case NID_secp256k1: /* secp256k1 (22) */ | ||
| 338 | return 22; | ||
| 339 | case NID_X9_62_prime256v1: /* secp256r1 (23) */ | ||
| 340 | return 23; | ||
| 341 | case NID_secp384r1: /* secp384r1 (24) */ | ||
| 342 | return 24; | ||
| 343 | case NID_secp521r1: /* secp521r1 (25) */ | ||
| 344 | return 25; | ||
| 345 | case NID_brainpoolP256r1: /* brainpoolP256r1 (26) */ | ||
| 346 | return 26; | ||
| 347 | case NID_brainpoolP384r1: /* brainpoolP384r1 (27) */ | ||
| 348 | return 27; | ||
| 349 | case NID_brainpoolP512r1: /* brainpoolP512r1 (28) */ | ||
| 350 | return 28; | ||
| 351 | default: | ||
| 352 | return 0; | ||
| 353 | } | ||
| 354 | } | ||
| 355 | |||
| 356 | /* | ||
| 357 | * Return the appropriate format list. If client_formats is non-zero, return | ||
| 358 | * the client/session formats. Otherwise return the custom format list if one | ||
| 359 | * exists, or the default formats if a custom list has not been specified. | ||
| 360 | */ | ||
| 361 | static void | ||
| 362 | tls1_get_formatlist(SSL *s, int client_formats, const uint8_t **pformats, | ||
| 363 | size_t *pformatslen) | ||
| 364 | { | ||
| 365 | if (client_formats != 0) { | ||
| 366 | *pformats = s->session->tlsext_ecpointformatlist; | ||
| 367 | *pformatslen = s->session->tlsext_ecpointformatlist_length; | ||
| 368 | return; | ||
| 369 | } | ||
| 370 | |||
| 371 | *pformats = s->tlsext_ecpointformatlist; | ||
| 372 | *pformatslen = s->tlsext_ecpointformatlist_length; | ||
| 373 | if (*pformats == NULL) { | ||
| 374 | *pformats = ecformats_default; | ||
| 375 | *pformatslen = sizeof(ecformats_default); | ||
| 376 | } | ||
| 377 | } | ||
| 378 | |||
| 379 | /* | ||
| 380 | * Return the appropriate curve list. If client_curves is non-zero, return | ||
| 381 | * the client/session curves. Otherwise return the custom curve list if one | ||
| 382 | * exists, or the default curves if a custom list has not been specified. | ||
| 383 | */ | ||
| 384 | static void | ||
| 385 | tls1_get_curvelist(SSL *s, int client_curves, const uint16_t **pcurves, | ||
| 386 | size_t *pcurveslen) | ||
| 387 | { | ||
| 388 | if (client_curves != 0) { | ||
| 389 | *pcurves = s->session->tlsext_ellipticcurvelist; | ||
| 390 | *pcurveslen = s->session->tlsext_ellipticcurvelist_length; | ||
| 391 | return; | ||
| 392 | } | ||
| 393 | |||
| 394 | *pcurves = s->tlsext_ellipticcurvelist; | ||
| 395 | *pcurveslen = s->tlsext_ellipticcurvelist_length; | ||
| 396 | if (*pcurves == NULL) { | ||
| 397 | *pcurves = eccurves_default; | ||
| 398 | *pcurveslen = sizeof(eccurves_default) / 2; | ||
| 399 | } | ||
| 400 | } | ||
| 401 | |||
| 402 | /* Check that a curve is one of our preferences. */ | ||
| 403 | int | ||
| 404 | tls1_check_curve(SSL *s, const unsigned char *p, size_t len) | ||
| 405 | { | ||
| 406 | const uint16_t *curves; | ||
| 407 | size_t curveslen, i; | ||
| 408 | uint16_t cid; | ||
| 409 | |||
| 410 | /* Only named curves are supported. */ | ||
| 411 | if (len != 3 || p[0] != NAMED_CURVE_TYPE) | ||
| 412 | return (0); | ||
| 413 | |||
| 414 | cid = (p[1] << 8) | p[2]; | ||
| 415 | |||
| 416 | tls1_get_curvelist(s, 0, &curves, &curveslen); | ||
| 417 | |||
| 418 | for (i = 0; i < curveslen; i++) { | ||
| 419 | if (curves[i] == cid) | ||
| 420 | return (1); | ||
| 421 | } | ||
| 422 | return (0); | ||
| 423 | } | ||
| 424 | |||
| 425 | int | ||
| 426 | tls1_get_shared_curve(SSL *s) | ||
| 427 | { | ||
| 428 | size_t preflen, supplen, i, j; | ||
| 429 | const uint16_t *pref, *supp; | ||
| 430 | unsigned long server_pref; | ||
| 431 | |||
| 432 | /* Cannot do anything on the client side. */ | ||
| 433 | if (s->server == 0) | ||
| 434 | return (NID_undef); | ||
| 435 | |||
| 436 | /* Return first preference shared curve. */ | ||
| 437 | server_pref = (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE); | ||
| 438 | tls1_get_curvelist(s, (server_pref == 0), &pref, &preflen); | ||
| 439 | tls1_get_curvelist(s, (server_pref != 0), &supp, &supplen); | ||
| 440 | |||
| 441 | for (i = 0; i < preflen; i++) { | ||
| 442 | for (j = 0; j < supplen; j++) { | ||
| 443 | if (pref[i] == supp[j]) | ||
| 444 | return (tls1_ec_curve_id2nid(pref[i])); | ||
| 445 | } | ||
| 446 | } | ||
| 447 | return (NID_undef); | ||
| 448 | } | ||
| 449 | |||
| 450 | /* For an EC key set TLS ID and required compression based on parameters. */ | ||
| 451 | static int | ||
| 452 | tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec) | ||
| 453 | { | ||
| 454 | const EC_GROUP *grp; | ||
| 455 | const EC_METHOD *meth; | ||
| 456 | int is_prime = 0; | ||
| 457 | int nid, id; | ||
| 458 | |||
| 459 | if (ec == NULL) | ||
| 460 | return (0); | ||
| 461 | |||
| 462 | /* Determine if it is a prime field. */ | ||
| 463 | if ((grp = EC_KEY_get0_group(ec)) == NULL) | ||
| 464 | return (0); | ||
| 465 | if ((meth = EC_GROUP_method_of(grp)) == NULL) | ||
| 466 | return (0); | ||
| 467 | if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field) | ||
| 468 | is_prime = 1; | ||
| 469 | |||
| 470 | /* Determine curve ID. */ | ||
| 471 | nid = EC_GROUP_get_curve_name(grp); | ||
| 472 | id = tls1_ec_nid2curve_id(nid); | ||
| 473 | |||
| 474 | /* If we have an ID set it, otherwise set arbitrary explicit curve. */ | ||
| 475 | if (id != 0) | ||
| 476 | *curve_id = id; | ||
| 477 | else | ||
| 478 | *curve_id = is_prime ? 0xff01 : 0xff02; | ||
| 479 | |||
| 480 | /* Specify the compression identifier. */ | ||
| 481 | if (comp_id != NULL) { | ||
| 482 | if (EC_KEY_get0_public_key(ec) == NULL) | ||
| 483 | return (0); | ||
| 484 | |||
| 485 | if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) { | ||
| 486 | *comp_id = is_prime ? | ||
| 487 | TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime : | ||
| 488 | TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; | ||
| 489 | } else { | ||
| 490 | *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; | ||
| 491 | } | ||
| 492 | } | ||
| 493 | return (1); | ||
| 494 | } | ||
| 495 | |||
| 496 | /* Check that an EC key is compatible with extensions. */ | ||
| 497 | static int | ||
| 498 | tls1_check_ec_key(SSL *s, const uint16_t *curve_id, const uint8_t *comp_id) | ||
| 499 | { | ||
| 500 | size_t curveslen, formatslen, i; | ||
| 501 | const uint16_t *curves; | ||
| 502 | const uint8_t *formats; | ||
| 503 | |||
| 504 | /* | ||
| 505 | * Check point formats extension if present, otherwise everything | ||
| 506 | * is supported (see RFC4492). | ||
| 507 | */ | ||
| 508 | tls1_get_formatlist(s, 1, &formats, &formatslen); | ||
| 509 | if (comp_id != NULL && formats != NULL) { | ||
| 510 | for (i = 0; i < formatslen; i++) { | ||
| 511 | if (formats[i] == *comp_id) | ||
| 512 | break; | ||
| 513 | } | ||
| 514 | if (i == formatslen) | ||
| 515 | return (0); | ||
| 516 | } | ||
| 517 | |||
| 518 | /* | ||
| 519 | * Check curve list if present, otherwise everything is supported. | ||
| 520 | */ | ||
| 521 | tls1_get_curvelist(s, 1, &curves, &curveslen); | ||
| 522 | if (curve_id != NULL && curves != NULL) { | ||
| 523 | for (i = 0; i < curveslen; i++) { | ||
| 524 | if (curves[i] == *curve_id) | ||
| 525 | break; | ||
| 526 | } | ||
| 527 | if (i == curveslen) | ||
| 528 | return (0); | ||
| 529 | } | ||
| 530 | |||
| 531 | return (1); | ||
| 532 | } | ||
| 533 | |||
| 534 | /* Check EC server key is compatible with client extensions. */ | ||
| 535 | int | ||
| 536 | tls1_check_ec_server_key(SSL *s) | ||
| 537 | { | ||
| 538 | CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; | ||
| 539 | uint16_t curve_id; | ||
| 540 | uint8_t comp_id; | ||
| 541 | EVP_PKEY *pkey; | ||
| 542 | int rv; | ||
| 543 | |||
| 544 | if (cpk->x509 == NULL || cpk->privatekey == NULL) | ||
| 545 | return (0); | ||
| 546 | if ((pkey = X509_get_pubkey(cpk->x509)) == NULL) | ||
| 547 | return (0); | ||
| 548 | rv = tls1_set_ec_id(&curve_id, &comp_id, pkey->pkey.ec); | ||
| 549 | EVP_PKEY_free(pkey); | ||
| 550 | if (rv != 1) | ||
| 551 | return (0); | ||
| 552 | |||
| 553 | return tls1_check_ec_key(s, &curve_id, &comp_id); | ||
| 554 | } | ||
| 555 | |||
| 556 | /* Check EC temporary key is compatible with client extensions. */ | ||
| 557 | int | ||
| 558 | tls1_check_ec_tmp_key(SSL *s) | ||
| 559 | { | ||
| 560 | EC_KEY *ec = s->cert->ecdh_tmp; | ||
| 561 | uint16_t curve_id; | ||
| 562 | |||
| 563 | if (s->cert->ecdh_tmp_auto != 0) { | ||
| 564 | /* Need a shared curve. */ | ||
| 565 | if (tls1_get_shared_curve(s) != NID_undef) | ||
| 566 | return (1); | ||
| 567 | return (0); | ||
| 568 | } | ||
| 569 | |||
| 570 | if (ec == NULL) { | ||
| 571 | if (s->cert->ecdh_tmp_cb != NULL) | ||
| 572 | return (1); | ||
| 573 | return (0); | ||
| 574 | } | ||
| 575 | if (tls1_set_ec_id(&curve_id, NULL, ec) != 1) | ||
| 576 | return (0); | ||
| 577 | |||
| 578 | return tls1_check_ec_key(s, &curve_id, NULL); | ||
| 579 | } | ||
| 580 | |||
| 581 | /* | ||
| 582 | * List of supported signature algorithms and hashes. Should make this | ||
| 583 | * customisable at some point, for now include everything we support. | ||
| 584 | */ | ||
| 585 | |||
| 586 | static unsigned char tls12_sigalgs[] = { | ||
| 587 | TLSEXT_hash_sha512, TLSEXT_signature_rsa, | ||
| 588 | TLSEXT_hash_sha512, TLSEXT_signature_dsa, | ||
| 589 | TLSEXT_hash_sha512, TLSEXT_signature_ecdsa, | ||
| 590 | #ifndef OPENSSL_NO_GOST | ||
| 591 | TLSEXT_hash_streebog_512, TLSEXT_signature_gostr12_512, | ||
| 592 | #endif | ||
| 593 | |||
| 594 | TLSEXT_hash_sha384, TLSEXT_signature_rsa, | ||
| 595 | TLSEXT_hash_sha384, TLSEXT_signature_dsa, | ||
| 596 | TLSEXT_hash_sha384, TLSEXT_signature_ecdsa, | ||
| 597 | |||
| 598 | TLSEXT_hash_sha256, TLSEXT_signature_rsa, | ||
| 599 | TLSEXT_hash_sha256, TLSEXT_signature_dsa, | ||
| 600 | TLSEXT_hash_sha256, TLSEXT_signature_ecdsa, | ||
| 601 | |||
| 602 | #ifndef OPENSSL_NO_GOST | ||
| 603 | TLSEXT_hash_streebog_256, TLSEXT_signature_gostr12_256, | ||
| 604 | TLSEXT_hash_gost94, TLSEXT_signature_gostr01, | ||
| 605 | #endif | ||
| 606 | |||
| 607 | TLSEXT_hash_sha224, TLSEXT_signature_rsa, | ||
| 608 | TLSEXT_hash_sha224, TLSEXT_signature_dsa, | ||
| 609 | TLSEXT_hash_sha224, TLSEXT_signature_ecdsa, | ||
| 610 | |||
| 611 | TLSEXT_hash_sha1, TLSEXT_signature_rsa, | ||
| 612 | TLSEXT_hash_sha1, TLSEXT_signature_dsa, | ||
| 613 | TLSEXT_hash_sha1, TLSEXT_signature_ecdsa, | ||
| 614 | }; | ||
| 615 | |||
| 616 | int | ||
| 617 | tls12_get_req_sig_algs(SSL *s, unsigned char *p) | ||
| 618 | { | ||
| 619 | size_t slen = sizeof(tls12_sigalgs); | ||
| 620 | |||
| 621 | if (p) | ||
| 622 | memcpy(p, tls12_sigalgs, slen); | ||
| 623 | return (int)slen; | ||
| 624 | } | ||
| 625 | |||
| 626 | unsigned char * | ||
| 627 | ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
| 628 | { | ||
| 629 | int extdatalen = 0; | ||
| 630 | unsigned char *ret = p; | ||
| 631 | int using_ecc = 0; | ||
| 632 | |||
| 633 | /* See if we support any ECC ciphersuites. */ | ||
| 634 | if (s->version != DTLS1_VERSION && s->version >= TLS1_VERSION) { | ||
| 635 | STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s); | ||
| 636 | unsigned long alg_k, alg_a; | ||
| 637 | int i; | ||
| 638 | |||
| 639 | for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) { | ||
| 640 | SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i); | ||
| 641 | |||
| 642 | alg_k = c->algorithm_mkey; | ||
| 643 | alg_a = c->algorithm_auth; | ||
| 644 | |||
| 645 | if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || | ||
| 646 | (alg_a & SSL_aECDSA))) { | ||
| 647 | using_ecc = 1; | ||
| 648 | break; | ||
| 649 | } | ||
| 650 | } | ||
| 651 | } | ||
| 652 | |||
| 653 | /* don't add extensions for SSLv3 unless doing secure renegotiation */ | ||
| 654 | if (s->client_version == SSL3_VERSION && | ||
| 655 | !s->s3->send_connection_binding) | ||
| 656 | return p; | ||
| 657 | |||
| 658 | ret += 2; | ||
| 659 | |||
| 660 | if (ret >= limit) | ||
| 661 | return NULL; /* this really never occurs, but ... */ | ||
| 662 | |||
| 663 | if (s->tlsext_hostname != NULL) { | ||
| 664 | /* Add TLS extension servername to the Client Hello message */ | ||
| 665 | size_t size_str, lenmax; | ||
| 666 | |||
| 667 | /* check for enough space. | ||
| 668 | 4 for the servername type and extension length | ||
| 669 | 2 for servernamelist length | ||
| 670 | 1 for the hostname type | ||
| 671 | 2 for hostname length | ||
| 672 | + hostname length | ||
| 673 | */ | ||
| 674 | |||
| 675 | if ((size_t)(limit - ret) < 9) | ||
| 676 | return NULL; | ||
| 677 | |||
| 678 | lenmax = limit - ret - 9; | ||
| 679 | if ((size_str = strlen(s->tlsext_hostname)) > lenmax) | ||
| 680 | return NULL; | ||
| 681 | |||
| 682 | /* extension type and length */ | ||
| 683 | s2n(TLSEXT_TYPE_server_name, ret); | ||
| 684 | |||
| 685 | s2n(size_str + 5, ret); | ||
| 686 | |||
| 687 | /* length of servername list */ | ||
| 688 | s2n(size_str + 3, ret); | ||
| 689 | |||
| 690 | /* hostname type, length and hostname */ | ||
| 691 | *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name; | ||
| 692 | s2n(size_str, ret); | ||
| 693 | memcpy(ret, s->tlsext_hostname, size_str); | ||
| 694 | ret += size_str; | ||
| 695 | } | ||
| 696 | |||
| 697 | /* Add RI if renegotiating */ | ||
| 698 | if (s->renegotiate) { | ||
| 699 | int el; | ||
| 700 | |||
| 701 | if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { | ||
| 702 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | ||
| 703 | ERR_R_INTERNAL_ERROR); | ||
| 704 | return NULL; | ||
| 705 | } | ||
| 706 | |||
| 707 | if ((size_t)(limit - ret) < 4 + el) | ||
| 708 | return NULL; | ||
| 709 | |||
| 710 | s2n(TLSEXT_TYPE_renegotiate, ret); | ||
| 711 | s2n(el, ret); | ||
| 712 | |||
| 713 | if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { | ||
| 714 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | ||
| 715 | ERR_R_INTERNAL_ERROR); | ||
| 716 | return NULL; | ||
| 717 | } | ||
| 718 | |||
| 719 | ret += el; | ||
| 720 | } | ||
| 721 | |||
| 722 | if (using_ecc) { | ||
| 723 | size_t curveslen, formatslen, lenmax; | ||
| 724 | const uint16_t *curves; | ||
| 725 | const uint8_t *formats; | ||
| 726 | int i; | ||
| 727 | |||
| 728 | /* | ||
| 729 | * Add TLS extension ECPointFormats to the ClientHello message. | ||
| 730 | */ | ||
| 731 | tls1_get_formatlist(s, 0, &formats, &formatslen); | ||
| 732 | |||
| 733 | if ((size_t)(limit - ret) < 5) | ||
| 734 | return NULL; | ||
| 735 | |||
| 736 | lenmax = limit - ret - 5; | ||
| 737 | if (formatslen > lenmax) | ||
| 738 | return NULL; | ||
| 739 | if (formatslen > 255) { | ||
| 740 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | ||
| 741 | ERR_R_INTERNAL_ERROR); | ||
| 742 | return NULL; | ||
| 743 | } | ||
| 744 | |||
| 745 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | ||
| 746 | s2n(formatslen + 1, ret); | ||
| 747 | *(ret++) = (unsigned char)formatslen; | ||
| 748 | memcpy(ret, formats, formatslen); | ||
| 749 | ret += formatslen; | ||
| 750 | |||
| 751 | /* | ||
| 752 | * Add TLS extension EllipticCurves to the ClientHello message. | ||
| 753 | */ | ||
| 754 | tls1_get_curvelist(s, 0, &curves, &curveslen); | ||
| 755 | |||
| 756 | if ((size_t)(limit - ret) < 6) | ||
| 757 | return NULL; | ||
| 758 | |||
| 759 | lenmax = limit - ret - 6; | ||
| 760 | if (curveslen > lenmax) | ||
| 761 | return NULL; | ||
| 762 | if (curveslen > 65532) { | ||
| 763 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | ||
| 764 | ERR_R_INTERNAL_ERROR); | ||
| 765 | return NULL; | ||
| 766 | } | ||
| 767 | |||
| 768 | s2n(TLSEXT_TYPE_elliptic_curves, ret); | ||
| 769 | s2n((curveslen * 2) + 2, ret); | ||
| 770 | |||
| 771 | /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for | ||
| 772 | * elliptic_curve_list, but the examples use two bytes. | ||
| 773 | * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html | ||
| 774 | * resolves this to two bytes. | ||
| 775 | */ | ||
| 776 | s2n(curveslen * 2, ret); | ||
| 777 | for (i = 0; i < curveslen; i++) | ||
| 778 | s2n(curves[i], ret); | ||
| 779 | } | ||
| 780 | |||
| 781 | if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | ||
| 782 | int ticklen; | ||
| 783 | if (!s->new_session && s->session && s->session->tlsext_tick) | ||
| 784 | ticklen = s->session->tlsext_ticklen; | ||
| 785 | else if (s->session && s->tlsext_session_ticket && | ||
| 786 | s->tlsext_session_ticket->data) { | ||
| 787 | ticklen = s->tlsext_session_ticket->length; | ||
| 788 | s->session->tlsext_tick = malloc(ticklen); | ||
| 789 | if (!s->session->tlsext_tick) | ||
| 790 | return NULL; | ||
| 791 | memcpy(s->session->tlsext_tick, | ||
| 792 | s->tlsext_session_ticket->data, ticklen); | ||
| 793 | s->session->tlsext_ticklen = ticklen; | ||
| 794 | } else | ||
| 795 | ticklen = 0; | ||
| 796 | if (ticklen == 0 && s->tlsext_session_ticket && | ||
| 797 | s->tlsext_session_ticket->data == NULL) | ||
| 798 | goto skip_ext; | ||
| 799 | /* Check for enough room 2 for extension type, 2 for len | ||
| 800 | * rest for ticket | ||
| 801 | */ | ||
| 802 | if ((size_t)(limit - ret) < 4 + ticklen) | ||
| 803 | return NULL; | ||
| 804 | s2n(TLSEXT_TYPE_session_ticket, ret); | ||
| 805 | |||
| 806 | s2n(ticklen, ret); | ||
| 807 | if (ticklen) { | ||
| 808 | memcpy(ret, s->session->tlsext_tick, ticklen); | ||
| 809 | ret += ticklen; | ||
| 810 | } | ||
| 811 | } | ||
| 812 | skip_ext: | ||
| 813 | |||
| 814 | if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { | ||
| 815 | if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) | ||
| 816 | return NULL; | ||
| 817 | |||
| 818 | s2n(TLSEXT_TYPE_signature_algorithms, ret); | ||
| 819 | s2n(sizeof(tls12_sigalgs) + 2, ret); | ||
| 820 | s2n(sizeof(tls12_sigalgs), ret); | ||
| 821 | memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs)); | ||
| 822 | ret += sizeof(tls12_sigalgs); | ||
| 823 | } | ||
| 824 | |||
| 825 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp && | ||
| 826 | s->version != DTLS1_VERSION) { | ||
| 827 | int i; | ||
| 828 | long extlen, idlen, itmp; | ||
| 829 | OCSP_RESPID *id; | ||
| 830 | |||
| 831 | idlen = 0; | ||
| 832 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { | ||
| 833 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
| 834 | itmp = i2d_OCSP_RESPID(id, NULL); | ||
| 835 | if (itmp <= 0) | ||
| 836 | return NULL; | ||
| 837 | idlen += itmp + 2; | ||
| 838 | } | ||
| 839 | |||
| 840 | if (s->tlsext_ocsp_exts) { | ||
| 841 | extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL); | ||
| 842 | if (extlen < 0) | ||
| 843 | return NULL; | ||
| 844 | } else | ||
| 845 | extlen = 0; | ||
| 846 | |||
| 847 | if ((size_t)(limit - ret) < 7 + extlen + idlen) | ||
| 848 | return NULL; | ||
| 849 | s2n(TLSEXT_TYPE_status_request, ret); | ||
| 850 | if (extlen + idlen > 0xFFF0) | ||
| 851 | return NULL; | ||
| 852 | s2n(extlen + idlen + 5, ret); | ||
| 853 | *(ret++) = TLSEXT_STATUSTYPE_ocsp; | ||
| 854 | s2n(idlen, ret); | ||
| 855 | for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) { | ||
| 856 | /* save position of id len */ | ||
| 857 | unsigned char *q = ret; | ||
| 858 | id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i); | ||
| 859 | /* skip over id len */ | ||
| 860 | ret += 2; | ||
| 861 | itmp = i2d_OCSP_RESPID(id, &ret); | ||
| 862 | /* write id len */ | ||
| 863 | s2n(itmp, q); | ||
| 864 | } | ||
| 865 | s2n(extlen, ret); | ||
| 866 | if (extlen > 0) | ||
| 867 | i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); | ||
| 868 | } | ||
| 869 | |||
| 870 | if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { | ||
| 871 | /* The client advertises an emtpy extension to indicate its | ||
| 872 | * support for Next Protocol Negotiation */ | ||
| 873 | if ((size_t)(limit - ret) < 4) | ||
| 874 | return NULL; | ||
| 875 | s2n(TLSEXT_TYPE_next_proto_neg, ret); | ||
| 876 | s2n(0, ret); | ||
| 877 | } | ||
| 878 | |||
| 879 | if (s->alpn_client_proto_list != NULL && | ||
| 880 | s->s3->tmp.finish_md_len == 0) { | ||
| 881 | if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len) | ||
| 882 | return (NULL); | ||
| 883 | s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); | ||
| 884 | s2n(2 + s->alpn_client_proto_list_len, ret); | ||
| 885 | s2n(s->alpn_client_proto_list_len, ret); | ||
| 886 | memcpy(ret, s->alpn_client_proto_list, | ||
| 887 | s->alpn_client_proto_list_len); | ||
| 888 | ret += s->alpn_client_proto_list_len; | ||
| 889 | } | ||
| 890 | |||
| 891 | #ifndef OPENSSL_NO_SRTP | ||
| 892 | if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { | ||
| 893 | int el; | ||
| 894 | |||
| 895 | ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); | ||
| 896 | |||
| 897 | if ((size_t)(limit - ret) < 4 + el) | ||
| 898 | return NULL; | ||
| 899 | |||
| 900 | s2n(TLSEXT_TYPE_use_srtp, ret); | ||
| 901 | s2n(el, ret); | ||
| 902 | |||
| 903 | if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { | ||
| 904 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, | ||
| 905 | ERR_R_INTERNAL_ERROR); | ||
| 906 | return NULL; | ||
| 907 | } | ||
| 908 | ret += el; | ||
| 909 | } | ||
| 910 | #endif | ||
| 911 | |||
| 912 | /* | ||
| 913 | * Add padding to workaround bugs in F5 terminators. | ||
| 914 | * See https://tools.ietf.org/html/draft-agl-tls-padding-03 | ||
| 915 | * | ||
| 916 | * Note that this seems to trigger issues with IronPort SMTP | ||
| 917 | * appliances. | ||
| 918 | * | ||
| 919 | * NB: because this code works out the length of all existing | ||
| 920 | * extensions it MUST always appear last. | ||
| 921 | */ | ||
| 922 | if (s->options & SSL_OP_TLSEXT_PADDING) { | ||
| 923 | int hlen = ret - (unsigned char *)s->init_buf->data; | ||
| 924 | |||
| 925 | /* | ||
| 926 | * The code in s23_clnt.c to build ClientHello messages | ||
| 927 | * includes the 5-byte record header in the buffer, while the | ||
| 928 | * code in s3_clnt.c does not. | ||
| 929 | */ | ||
| 930 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | ||
| 931 | hlen -= 5; | ||
| 932 | if (hlen > 0xff && hlen < 0x200) { | ||
| 933 | hlen = 0x200 - hlen; | ||
| 934 | if (hlen >= 4) | ||
| 935 | hlen -= 4; | ||
| 936 | else | ||
| 937 | hlen = 0; | ||
| 938 | |||
| 939 | s2n(TLSEXT_TYPE_padding, ret); | ||
| 940 | s2n(hlen, ret); | ||
| 941 | memset(ret, 0, hlen); | ||
| 942 | ret += hlen; | ||
| 943 | } | ||
| 944 | } | ||
| 945 | |||
| 946 | if ((extdatalen = ret - p - 2) == 0) | ||
| 947 | return p; | ||
| 948 | |||
| 949 | s2n(extdatalen, p); | ||
| 950 | return ret; | ||
| 951 | } | ||
| 952 | |||
| 953 | unsigned char * | ||
| 954 | ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) | ||
| 955 | { | ||
| 956 | int using_ecc, extdatalen = 0; | ||
| 957 | unsigned long alg_a, alg_k; | ||
| 958 | unsigned char *ret = p; | ||
| 959 | int next_proto_neg_seen; | ||
| 960 | |||
| 961 | alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 962 | alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 963 | using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || | ||
| 964 | alg_a & SSL_aECDSA) && | ||
| 965 | s->session->tlsext_ecpointformatlist != NULL; | ||
| 966 | |||
| 967 | /* don't add extensions for SSLv3, unless doing secure renegotiation */ | ||
| 968 | if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) | ||
| 969 | return p; | ||
| 970 | |||
| 971 | ret += 2; | ||
| 972 | if (ret >= limit) | ||
| 973 | return NULL; /* this really never occurs, but ... */ | ||
| 974 | |||
| 975 | if (!s->hit && s->servername_done == 1 && | ||
| 976 | s->session->tlsext_hostname != NULL) { | ||
| 977 | if ((size_t)(limit - ret) < 4) | ||
| 978 | return NULL; | ||
| 979 | |||
| 980 | s2n(TLSEXT_TYPE_server_name, ret); | ||
| 981 | s2n(0, ret); | ||
| 982 | } | ||
| 983 | |||
| 984 | if (s->s3->send_connection_binding) { | ||
| 985 | int el; | ||
| 986 | |||
| 987 | if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { | ||
| 988 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | ||
| 989 | ERR_R_INTERNAL_ERROR); | ||
| 990 | return NULL; | ||
| 991 | } | ||
| 992 | |||
| 993 | if ((size_t)(limit - ret) < 4 + el) | ||
| 994 | return NULL; | ||
| 995 | |||
| 996 | s2n(TLSEXT_TYPE_renegotiate, ret); | ||
| 997 | s2n(el, ret); | ||
| 998 | |||
| 999 | if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { | ||
| 1000 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | ||
| 1001 | ERR_R_INTERNAL_ERROR); | ||
| 1002 | return NULL; | ||
| 1003 | } | ||
| 1004 | |||
| 1005 | ret += el; | ||
| 1006 | } | ||
| 1007 | |||
| 1008 | if (using_ecc && s->version != DTLS1_VERSION) { | ||
| 1009 | const unsigned char *formats; | ||
| 1010 | size_t formatslen, lenmax; | ||
| 1011 | |||
| 1012 | /* | ||
| 1013 | * Add TLS extension ECPointFormats to the ServerHello message. | ||
| 1014 | */ | ||
| 1015 | tls1_get_formatlist(s, 0, &formats, &formatslen); | ||
| 1016 | |||
| 1017 | if ((size_t)(limit - ret) < 5) | ||
| 1018 | return NULL; | ||
| 1019 | |||
| 1020 | lenmax = limit - ret - 5; | ||
| 1021 | if (formatslen > lenmax) | ||
| 1022 | return NULL; | ||
| 1023 | if (formatslen > 255) { | ||
| 1024 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | ||
| 1025 | ERR_R_INTERNAL_ERROR); | ||
| 1026 | return NULL; | ||
| 1027 | } | ||
| 1028 | |||
| 1029 | s2n(TLSEXT_TYPE_ec_point_formats, ret); | ||
| 1030 | s2n(formatslen + 1, ret); | ||
| 1031 | *(ret++) = (unsigned char)formatslen; | ||
| 1032 | memcpy(ret, formats, formatslen); | ||
| 1033 | ret += formatslen; | ||
| 1034 | } | ||
| 1035 | |||
| 1036 | /* | ||
| 1037 | * Currently the server should not respond with a SupportedCurves | ||
| 1038 | * extension. | ||
| 1039 | */ | ||
| 1040 | |||
| 1041 | if (s->tlsext_ticket_expected && | ||
| 1042 | !(SSL_get_options(s) & SSL_OP_NO_TICKET)) { | ||
| 1043 | if ((size_t)(limit - ret) < 4) | ||
| 1044 | return NULL; | ||
| 1045 | |||
| 1046 | s2n(TLSEXT_TYPE_session_ticket, ret); | ||
| 1047 | s2n(0, ret); | ||
| 1048 | } | ||
| 1049 | |||
| 1050 | if (s->tlsext_status_expected) { | ||
| 1051 | if ((size_t)(limit - ret) < 4) | ||
| 1052 | return NULL; | ||
| 1053 | |||
| 1054 | s2n(TLSEXT_TYPE_status_request, ret); | ||
| 1055 | s2n(0, ret); | ||
| 1056 | } | ||
| 1057 | |||
| 1058 | #ifndef OPENSSL_NO_SRTP | ||
| 1059 | if (SSL_IS_DTLS(s) && s->srtp_profile) { | ||
| 1060 | int el; | ||
| 1061 | |||
| 1062 | ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); | ||
| 1063 | |||
| 1064 | if ((size_t)(limit - ret) < 4 + el) | ||
| 1065 | return NULL; | ||
| 1066 | |||
| 1067 | s2n(TLSEXT_TYPE_use_srtp, ret); | ||
| 1068 | s2n(el, ret); | ||
| 1069 | |||
| 1070 | if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { | ||
| 1071 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, | ||
| 1072 | ERR_R_INTERNAL_ERROR); | ||
| 1073 | return NULL; | ||
| 1074 | } | ||
| 1075 | ret += el; | ||
| 1076 | } | ||
| 1077 | #endif | ||
| 1078 | |||
| 1079 | if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || | ||
| 1080 | (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) && | ||
| 1081 | (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) { | ||
| 1082 | static const unsigned char cryptopro_ext[36] = { | ||
| 1083 | 0xfd, 0xe8, /*65000*/ | ||
| 1084 | 0x00, 0x20, /*32 bytes length*/ | ||
| 1085 | 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, | ||
| 1086 | 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, | ||
| 1087 | 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, | ||
| 1088 | 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17 | ||
| 1089 | }; | ||
| 1090 | if ((size_t)(limit - ret) < sizeof(cryptopro_ext)) | ||
| 1091 | return NULL; | ||
| 1092 | memcpy(ret, cryptopro_ext, sizeof(cryptopro_ext)); | ||
| 1093 | ret += sizeof(cryptopro_ext); | ||
| 1094 | } | ||
| 1095 | |||
| 1096 | next_proto_neg_seen = s->s3->next_proto_neg_seen; | ||
| 1097 | s->s3->next_proto_neg_seen = 0; | ||
| 1098 | if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) { | ||
| 1099 | const unsigned char *npa; | ||
| 1100 | unsigned int npalen; | ||
| 1101 | int r; | ||
| 1102 | |||
| 1103 | r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, | ||
| 1104 | s->ctx->next_protos_advertised_cb_arg); | ||
| 1105 | if (r == SSL_TLSEXT_ERR_OK) { | ||
| 1106 | if ((size_t)(limit - ret) < 4 + npalen) | ||
| 1107 | return NULL; | ||
| 1108 | s2n(TLSEXT_TYPE_next_proto_neg, ret); | ||
| 1109 | s2n(npalen, ret); | ||
| 1110 | memcpy(ret, npa, npalen); | ||
| 1111 | ret += npalen; | ||
| 1112 | s->s3->next_proto_neg_seen = 1; | ||
| 1113 | } | ||
| 1114 | } | ||
| 1115 | |||
| 1116 | if (s->s3->alpn_selected != NULL) { | ||
| 1117 | const unsigned char *selected = s->s3->alpn_selected; | ||
| 1118 | unsigned int len = s->s3->alpn_selected_len; | ||
| 1119 | |||
| 1120 | if ((long)(limit - ret - 4 - 2 - 1 - len) < 0) | ||
| 1121 | return (NULL); | ||
| 1122 | s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); | ||
| 1123 | s2n(3 + len, ret); | ||
| 1124 | s2n(1 + len, ret); | ||
| 1125 | *ret++ = len; | ||
| 1126 | memcpy(ret, selected, len); | ||
| 1127 | ret += len; | ||
| 1128 | } | ||
| 1129 | |||
| 1130 | if ((extdatalen = ret - p - 2) == 0) | ||
| 1131 | return p; | ||
| 1132 | |||
| 1133 | s2n(extdatalen, p); | ||
| 1134 | return ret; | ||
| 1135 | } | ||
| 1136 | |||
| 1137 | /* | ||
| 1138 | * tls1_alpn_handle_client_hello is called to process the ALPN extension in a | ||
| 1139 | * ClientHello. | ||
| 1140 | * data: the contents of the extension, not including the type and length. | ||
| 1141 | * data_len: the number of bytes in data. | ||
| 1142 | * al: a pointer to the alert value to send in the event of a non-zero | ||
| 1143 | * return. | ||
| 1144 | * returns: 1 on success. | ||
| 1145 | */ | ||
| 1146 | static int | ||
| 1147 | tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, | ||
| 1148 | unsigned int data_len, int *al) | ||
| 1149 | { | ||
| 1150 | const unsigned char *selected; | ||
| 1151 | unsigned char selected_len; | ||
| 1152 | unsigned int proto_len; | ||
| 1153 | unsigned int i; | ||
| 1154 | int r; | ||
| 1155 | |||
| 1156 | if (s->ctx->alpn_select_cb == NULL) | ||
| 1157 | return (1); | ||
| 1158 | |||
| 1159 | if (data_len < 2) | ||
| 1160 | goto parse_error; | ||
| 1161 | |||
| 1162 | /* | ||
| 1163 | * data should contain a uint16 length followed by a series of 8-bit, | ||
| 1164 | * length-prefixed strings. | ||
| 1165 | */ | ||
| 1166 | i = ((unsigned int)data[0]) << 8 | ((unsigned int)data[1]); | ||
| 1167 | data_len -= 2; | ||
| 1168 | data += 2; | ||
| 1169 | if (data_len != i) | ||
| 1170 | goto parse_error; | ||
| 1171 | |||
| 1172 | if (data_len < 2) | ||
| 1173 | goto parse_error; | ||
| 1174 | |||
| 1175 | for (i = 0; i < data_len; ) { | ||
| 1176 | proto_len = data[i]; | ||
| 1177 | i++; | ||
| 1178 | |||
| 1179 | if (proto_len == 0) | ||
| 1180 | goto parse_error; | ||
| 1181 | |||
| 1182 | if (i + proto_len < i || i + proto_len > data_len) | ||
| 1183 | goto parse_error; | ||
| 1184 | |||
| 1185 | i += proto_len; | ||
| 1186 | } | ||
| 1187 | |||
| 1188 | r = s->ctx->alpn_select_cb(s, &selected, &selected_len, | ||
| 1189 | data, data_len, s->ctx->alpn_select_cb_arg); | ||
| 1190 | if (r == SSL_TLSEXT_ERR_OK) { | ||
| 1191 | free(s->s3->alpn_selected); | ||
| 1192 | if ((s->s3->alpn_selected = malloc(selected_len)) == NULL) { | ||
| 1193 | *al = SSL_AD_INTERNAL_ERROR; | ||
| 1194 | return (-1); | ||
| 1195 | } | ||
| 1196 | memcpy(s->s3->alpn_selected, selected, selected_len); | ||
| 1197 | s->s3->alpn_selected_len = selected_len; | ||
| 1198 | } | ||
| 1199 | |||
| 1200 | return (1); | ||
| 1201 | |||
| 1202 | parse_error: | ||
| 1203 | *al = SSL_AD_DECODE_ERROR; | ||
| 1204 | return (0); | ||
| 1205 | } | ||
| 1206 | |||
| 1207 | /* ssl_check_for_safari attempts to fingerprint Safari using OS X | ||
| 1208 | * SecureTransport using the TLS extension block in |d|, of length |n|. | ||
| 1209 | * Safari, since 10.6, sends exactly these extensions, in this order: | ||
| 1210 | * SNI, | ||
| 1211 | * elliptic_curves | ||
| 1212 | * ec_point_formats | ||
| 1213 | * | ||
| 1214 | * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, | ||
| 1215 | * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. | ||
| 1216 | * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from | ||
| 1217 | * 10.8..10.8.3 (which don't work). | ||
| 1218 | */ | ||
| 1219 | static void | ||
| 1220 | ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, | ||
| 1221 | int n) | ||
| 1222 | { | ||
| 1223 | unsigned short type, size; | ||
| 1224 | static const unsigned char kSafariExtensionsBlock[] = { | ||
| 1225 | 0x00, 0x0a, /* elliptic_curves extension */ | ||
| 1226 | 0x00, 0x08, /* 8 bytes */ | ||
| 1227 | 0x00, 0x06, /* 6 bytes of curve ids */ | ||
| 1228 | 0x00, 0x17, /* P-256 */ | ||
| 1229 | 0x00, 0x18, /* P-384 */ | ||
| 1230 | 0x00, 0x19, /* P-521 */ | ||
| 1231 | |||
| 1232 | 0x00, 0x0b, /* ec_point_formats */ | ||
| 1233 | 0x00, 0x02, /* 2 bytes */ | ||
| 1234 | 0x01, /* 1 point format */ | ||
| 1235 | 0x00, /* uncompressed */ | ||
| 1236 | }; | ||
| 1237 | |||
| 1238 | /* The following is only present in TLS 1.2 */ | ||
| 1239 | static const unsigned char kSafariTLS12ExtensionsBlock[] = { | ||
| 1240 | 0x00, 0x0d, /* signature_algorithms */ | ||
| 1241 | 0x00, 0x0c, /* 12 bytes */ | ||
| 1242 | 0x00, 0x0a, /* 10 bytes */ | ||
| 1243 | 0x05, 0x01, /* SHA-384/RSA */ | ||
| 1244 | 0x04, 0x01, /* SHA-256/RSA */ | ||
| 1245 | 0x02, 0x01, /* SHA-1/RSA */ | ||
| 1246 | 0x04, 0x03, /* SHA-256/ECDSA */ | ||
| 1247 | 0x02, 0x03, /* SHA-1/ECDSA */ | ||
| 1248 | }; | ||
| 1249 | |||
| 1250 | if (data >= (d + n - 2)) | ||
| 1251 | return; | ||
| 1252 | data += 2; | ||
| 1253 | |||
| 1254 | if (data > (d + n - 4)) | ||
| 1255 | return; | ||
| 1256 | n2s(data, type); | ||
| 1257 | n2s(data, size); | ||
| 1258 | |||
| 1259 | if (type != TLSEXT_TYPE_server_name) | ||
| 1260 | return; | ||
| 1261 | |||
| 1262 | if (data + size > d + n) | ||
| 1263 | return; | ||
| 1264 | data += size; | ||
| 1265 | |||
| 1266 | if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { | ||
| 1267 | const size_t len1 = sizeof(kSafariExtensionsBlock); | ||
| 1268 | const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); | ||
| 1269 | |||
| 1270 | if (data + len1 + len2 != d + n) | ||
| 1271 | return; | ||
| 1272 | if (memcmp(data, kSafariExtensionsBlock, len1) != 0) | ||
| 1273 | return; | ||
| 1274 | if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) | ||
| 1275 | return; | ||
| 1276 | } else { | ||
| 1277 | const size_t len = sizeof(kSafariExtensionsBlock); | ||
| 1278 | |||
| 1279 | if (data + len != d + n) | ||
| 1280 | return; | ||
| 1281 | if (memcmp(data, kSafariExtensionsBlock, len) != 0) | ||
| 1282 | return; | ||
| 1283 | } | ||
| 1284 | |||
| 1285 | s->s3->is_probably_safari = 1; | ||
| 1286 | } | ||
| 1287 | |||
| 1288 | int | ||
| 1289 | ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | ||
| 1290 | int n, int *al) | ||
| 1291 | { | ||
| 1292 | unsigned short type; | ||
| 1293 | unsigned short size; | ||
| 1294 | unsigned short len; | ||
| 1295 | unsigned char *data = *p; | ||
| 1296 | int renegotiate_seen = 0; | ||
| 1297 | int sigalg_seen = 0; | ||
| 1298 | |||
| 1299 | s->servername_done = 0; | ||
| 1300 | s->tlsext_status_type = -1; | ||
| 1301 | s->s3->next_proto_neg_seen = 0; | ||
| 1302 | free(s->s3->alpn_selected); | ||
| 1303 | s->s3->alpn_selected = NULL; | ||
| 1304 | |||
| 1305 | if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) | ||
| 1306 | ssl_check_for_safari(s, data, d, n); | ||
| 1307 | |||
| 1308 | if (data >= (d + n - 2)) | ||
| 1309 | goto ri_check; | ||
| 1310 | n2s(data, len); | ||
| 1311 | |||
| 1312 | if (data > (d + n - len)) | ||
| 1313 | goto ri_check; | ||
| 1314 | |||
| 1315 | while (data <= (d + n - 4)) { | ||
| 1316 | n2s(data, type); | ||
| 1317 | n2s(data, size); | ||
| 1318 | |||
| 1319 | if (data + size > (d + n)) | ||
| 1320 | goto ri_check; | ||
| 1321 | if (s->tlsext_debug_cb) | ||
| 1322 | s->tlsext_debug_cb(s, 0, type, data, size, | ||
| 1323 | s->tlsext_debug_arg); | ||
| 1324 | /* The servername extension is treated as follows: | ||
| 1325 | |||
| 1326 | - Only the hostname type is supported with a maximum length of 255. | ||
| 1327 | - The servername is rejected if too long or if it contains zeros, | ||
| 1328 | in which case an fatal alert is generated. | ||
| 1329 | - The servername field is maintained together with the session cache. | ||
| 1330 | - When a session is resumed, the servername call back invoked in order | ||
| 1331 | to allow the application to position itself to the right context. | ||
| 1332 | - The servername is acknowledged if it is new for a session or when | ||
| 1333 | it is identical to a previously used for the same session. | ||
| 1334 | Applications can control the behaviour. They can at any time | ||
| 1335 | set a 'desirable' servername for a new SSL object. This can be the | ||
| 1336 | case for example with HTTPS when a Host: header field is received and | ||
| 1337 | a renegotiation is requested. In this case, a possible servername | ||
| 1338 | presented in the new client hello is only acknowledged if it matches | ||
| 1339 | the value of the Host: field. | ||
| 1340 | - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | ||
| 1341 | if they provide for changing an explicit servername context for the session, | ||
| 1342 | i.e. when the session has been established with a servername extension. | ||
| 1343 | - On session reconnect, the servername extension may be absent. | ||
| 1344 | |||
| 1345 | */ | ||
| 1346 | |||
| 1347 | if (type == TLSEXT_TYPE_server_name) { | ||
| 1348 | unsigned char *sdata; | ||
| 1349 | int servname_type; | ||
| 1350 | int dsize; | ||
| 1351 | |||
| 1352 | if (size < 2) { | ||
| 1353 | *al = SSL_AD_DECODE_ERROR; | ||
| 1354 | return 0; | ||
| 1355 | } | ||
| 1356 | n2s(data, dsize); | ||
| 1357 | |||
| 1358 | size -= 2; | ||
| 1359 | if (dsize > size) { | ||
| 1360 | *al = SSL_AD_DECODE_ERROR; | ||
| 1361 | return 0; | ||
| 1362 | } | ||
| 1363 | |||
| 1364 | sdata = data; | ||
| 1365 | while (dsize > 3) { | ||
| 1366 | servname_type = *(sdata++); | ||
| 1367 | |||
| 1368 | n2s(sdata, len); | ||
| 1369 | dsize -= 3; | ||
| 1370 | |||
| 1371 | if (len > dsize) { | ||
| 1372 | *al = SSL_AD_DECODE_ERROR; | ||
| 1373 | return 0; | ||
| 1374 | } | ||
| 1375 | if (s->servername_done == 0) | ||
| 1376 | switch (servname_type) { | ||
| 1377 | case TLSEXT_NAMETYPE_host_name: | ||
| 1378 | if (!s->hit) { | ||
| 1379 | if (s->session->tlsext_hostname) { | ||
| 1380 | *al = SSL_AD_DECODE_ERROR; | ||
| 1381 | return 0; | ||
| 1382 | } | ||
| 1383 | if (len > TLSEXT_MAXLEN_host_name) { | ||
| 1384 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 1385 | return 0; | ||
| 1386 | } | ||
| 1387 | if ((s->session->tlsext_hostname = | ||
| 1388 | malloc(len + 1)) == NULL) { | ||
| 1389 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1390 | return 0; | ||
| 1391 | } | ||
| 1392 | memcpy(s->session->tlsext_hostname, sdata, len); | ||
| 1393 | s->session->tlsext_hostname[len] = '\0'; | ||
| 1394 | if (strlen(s->session->tlsext_hostname) != len) { | ||
| 1395 | free(s->session->tlsext_hostname); | ||
| 1396 | s->session->tlsext_hostname = NULL; | ||
| 1397 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 1398 | return 0; | ||
| 1399 | } | ||
| 1400 | s->servername_done = 1; | ||
| 1401 | |||
| 1402 | |||
| 1403 | } else { | ||
| 1404 | s->servername_done = s->session->tlsext_hostname && | ||
| 1405 | strlen(s->session->tlsext_hostname) == len && | ||
| 1406 | strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; | ||
| 1407 | } | ||
| 1408 | break; | ||
| 1409 | |||
| 1410 | default: | ||
| 1411 | break; | ||
| 1412 | } | ||
| 1413 | |||
| 1414 | dsize -= len; | ||
| 1415 | } | ||
| 1416 | if (dsize != 0) { | ||
| 1417 | *al = SSL_AD_DECODE_ERROR; | ||
| 1418 | return 0; | ||
| 1419 | } | ||
| 1420 | |||
| 1421 | } | ||
| 1422 | |||
| 1423 | else if (type == TLSEXT_TYPE_ec_point_formats && | ||
| 1424 | s->version != DTLS1_VERSION) { | ||
| 1425 | unsigned char *sdata = data; | ||
| 1426 | size_t formatslen; | ||
| 1427 | uint8_t *formats; | ||
| 1428 | |||
| 1429 | if (size < 1) { | ||
| 1430 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1431 | return 0; | ||
| 1432 | } | ||
| 1433 | formatslen = *(sdata++); | ||
| 1434 | if (formatslen != size - 1) { | ||
| 1435 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1436 | return 0; | ||
| 1437 | } | ||
| 1438 | |||
| 1439 | if (!s->hit) { | ||
| 1440 | free(s->session->tlsext_ecpointformatlist); | ||
| 1441 | s->session->tlsext_ecpointformatlist = NULL; | ||
| 1442 | s->session->tlsext_ecpointformatlist_length = 0; | ||
| 1443 | |||
| 1444 | if ((formats = reallocarray(NULL, formatslen, | ||
| 1445 | sizeof(uint8_t))) == NULL) { | ||
| 1446 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1447 | return 0; | ||
| 1448 | } | ||
| 1449 | memcpy(formats, sdata, formatslen); | ||
| 1450 | s->session->tlsext_ecpointformatlist = formats; | ||
| 1451 | s->session->tlsext_ecpointformatlist_length = | ||
| 1452 | formatslen; | ||
| 1453 | } | ||
| 1454 | } else if (type == TLSEXT_TYPE_elliptic_curves && | ||
| 1455 | s->version != DTLS1_VERSION) { | ||
| 1456 | unsigned char *sdata = data; | ||
| 1457 | size_t curveslen, i; | ||
| 1458 | uint16_t *curves; | ||
| 1459 | |||
| 1460 | if (size < 2) { | ||
| 1461 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1462 | return 0; | ||
| 1463 | } | ||
| 1464 | n2s(sdata, curveslen); | ||
| 1465 | if (curveslen != size - 2 || curveslen % 2 != 0) { | ||
| 1466 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1467 | return 0; | ||
| 1468 | } | ||
| 1469 | curveslen /= 2; | ||
| 1470 | |||
| 1471 | if (!s->hit) { | ||
| 1472 | if (s->session->tlsext_ellipticcurvelist) { | ||
| 1473 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1474 | return 0; | ||
| 1475 | } | ||
| 1476 | s->session->tlsext_ellipticcurvelist_length = 0; | ||
| 1477 | if ((curves = reallocarray(NULL, curveslen, | ||
| 1478 | sizeof(uint16_t))) == NULL) { | ||
| 1479 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1480 | return 0; | ||
| 1481 | } | ||
| 1482 | for (i = 0; i < curveslen; i++) | ||
| 1483 | n2s(sdata, curves[i]); | ||
| 1484 | s->session->tlsext_ellipticcurvelist = curves; | ||
| 1485 | s->session->tlsext_ellipticcurvelist_length = curveslen; | ||
| 1486 | } | ||
| 1487 | } | ||
| 1488 | else if (type == TLSEXT_TYPE_session_ticket) { | ||
| 1489 | if (s->tls_session_ticket_ext_cb && | ||
| 1490 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | ||
| 1491 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1492 | return 0; | ||
| 1493 | } | ||
| 1494 | } else if (type == TLSEXT_TYPE_renegotiate) { | ||
| 1495 | if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) | ||
| 1496 | return 0; | ||
| 1497 | renegotiate_seen = 1; | ||
| 1498 | } else if (type == TLSEXT_TYPE_signature_algorithms) { | ||
| 1499 | int dsize; | ||
| 1500 | if (sigalg_seen || size < 2) { | ||
| 1501 | *al = SSL_AD_DECODE_ERROR; | ||
| 1502 | return 0; | ||
| 1503 | } | ||
| 1504 | sigalg_seen = 1; | ||
| 1505 | n2s(data, dsize); | ||
| 1506 | size -= 2; | ||
| 1507 | if (dsize != size || dsize & 1) { | ||
| 1508 | *al = SSL_AD_DECODE_ERROR; | ||
| 1509 | return 0; | ||
| 1510 | } | ||
| 1511 | if (!tls1_process_sigalgs(s, data, dsize)) { | ||
| 1512 | *al = SSL_AD_DECODE_ERROR; | ||
| 1513 | return 0; | ||
| 1514 | } | ||
| 1515 | } else if (type == TLSEXT_TYPE_status_request && | ||
| 1516 | s->version != DTLS1_VERSION) { | ||
| 1517 | |||
| 1518 | if (size < 5) { | ||
| 1519 | *al = SSL_AD_DECODE_ERROR; | ||
| 1520 | return 0; | ||
| 1521 | } | ||
| 1522 | |||
| 1523 | s->tlsext_status_type = *data++; | ||
| 1524 | size--; | ||
| 1525 | if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { | ||
| 1526 | const unsigned char *sdata; | ||
| 1527 | int dsize; | ||
| 1528 | /* Read in responder_id_list */ | ||
| 1529 | n2s(data, dsize); | ||
| 1530 | size -= 2; | ||
| 1531 | if (dsize > size ) { | ||
| 1532 | *al = SSL_AD_DECODE_ERROR; | ||
| 1533 | return 0; | ||
| 1534 | } | ||
| 1535 | while (dsize > 0) { | ||
| 1536 | OCSP_RESPID *id; | ||
| 1537 | int idsize; | ||
| 1538 | if (dsize < 4) { | ||
| 1539 | *al = SSL_AD_DECODE_ERROR; | ||
| 1540 | return 0; | ||
| 1541 | } | ||
| 1542 | n2s(data, idsize); | ||
| 1543 | dsize -= 2 + idsize; | ||
| 1544 | size -= 2 + idsize; | ||
| 1545 | if (dsize < 0) { | ||
| 1546 | *al = SSL_AD_DECODE_ERROR; | ||
| 1547 | return 0; | ||
| 1548 | } | ||
| 1549 | sdata = data; | ||
| 1550 | data += idsize; | ||
| 1551 | id = d2i_OCSP_RESPID(NULL, | ||
| 1552 | &sdata, idsize); | ||
| 1553 | if (!id) { | ||
| 1554 | *al = SSL_AD_DECODE_ERROR; | ||
| 1555 | return 0; | ||
| 1556 | } | ||
| 1557 | if (data != sdata) { | ||
| 1558 | OCSP_RESPID_free(id); | ||
| 1559 | *al = SSL_AD_DECODE_ERROR; | ||
| 1560 | return 0; | ||
| 1561 | } | ||
| 1562 | if (!s->tlsext_ocsp_ids && | ||
| 1563 | !(s->tlsext_ocsp_ids = | ||
| 1564 | sk_OCSP_RESPID_new_null())) { | ||
| 1565 | OCSP_RESPID_free(id); | ||
| 1566 | *al = SSL_AD_INTERNAL_ERROR; | ||
| 1567 | return 0; | ||
| 1568 | } | ||
| 1569 | if (!sk_OCSP_RESPID_push( | ||
| 1570 | s->tlsext_ocsp_ids, id)) { | ||
| 1571 | OCSP_RESPID_free(id); | ||
| 1572 | *al = SSL_AD_INTERNAL_ERROR; | ||
| 1573 | return 0; | ||
| 1574 | } | ||
| 1575 | } | ||
| 1576 | |||
| 1577 | /* Read in request_extensions */ | ||
| 1578 | if (size < 2) { | ||
| 1579 | *al = SSL_AD_DECODE_ERROR; | ||
| 1580 | return 0; | ||
| 1581 | } | ||
| 1582 | n2s(data, dsize); | ||
| 1583 | size -= 2; | ||
| 1584 | if (dsize != size) { | ||
| 1585 | *al = SSL_AD_DECODE_ERROR; | ||
| 1586 | return 0; | ||
| 1587 | } | ||
| 1588 | sdata = data; | ||
| 1589 | if (dsize > 0) { | ||
| 1590 | if (s->tlsext_ocsp_exts) { | ||
| 1591 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | ||
| 1592 | X509_EXTENSION_free); | ||
| 1593 | } | ||
| 1594 | |||
| 1595 | s->tlsext_ocsp_exts = | ||
| 1596 | d2i_X509_EXTENSIONS(NULL, | ||
| 1597 | &sdata, dsize); | ||
| 1598 | if (!s->tlsext_ocsp_exts || | ||
| 1599 | (data + dsize != sdata)) { | ||
| 1600 | *al = SSL_AD_DECODE_ERROR; | ||
| 1601 | return 0; | ||
| 1602 | } | ||
| 1603 | } | ||
| 1604 | } else { | ||
| 1605 | /* We don't know what to do with any other type | ||
| 1606 | * so ignore it. | ||
| 1607 | */ | ||
| 1608 | s->tlsext_status_type = -1; | ||
| 1609 | } | ||
| 1610 | } | ||
| 1611 | else if (type == TLSEXT_TYPE_next_proto_neg && | ||
| 1612 | s->s3->tmp.finish_md_len == 0 && | ||
| 1613 | s->s3->alpn_selected == NULL) { | ||
| 1614 | /* We shouldn't accept this extension on a | ||
| 1615 | * renegotiation. | ||
| 1616 | * | ||
| 1617 | * s->new_session will be set on renegotiation, but we | ||
| 1618 | * probably shouldn't rely that it couldn't be set on | ||
| 1619 | * the initial renegotation too in certain cases (when | ||
| 1620 | * there's some other reason to disallow resuming an | ||
| 1621 | * earlier session -- the current code won't be doing | ||
| 1622 | * anything like that, but this might change). | ||
| 1623 | |||
| 1624 | * A valid sign that there's been a previous handshake | ||
| 1625 | * in this connection is if s->s3->tmp.finish_md_len > | ||
| 1626 | * 0. (We are talking about a check that will happen | ||
| 1627 | * in the Hello protocol round, well before a new | ||
| 1628 | * Finished message could have been computed.) */ | ||
| 1629 | s->s3->next_proto_neg_seen = 1; | ||
| 1630 | } | ||
| 1631 | else if (type == | ||
| 1632 | TLSEXT_TYPE_application_layer_protocol_negotiation && | ||
| 1633 | s->ctx->alpn_select_cb != NULL && | ||
| 1634 | s->s3->tmp.finish_md_len == 0) { | ||
| 1635 | if (tls1_alpn_handle_client_hello(s, data, | ||
| 1636 | size, al) != 1) | ||
| 1637 | return (0); | ||
| 1638 | /* ALPN takes precedence over NPN. */ | ||
| 1639 | s->s3->next_proto_neg_seen = 0; | ||
| 1640 | } | ||
| 1641 | |||
| 1642 | /* session ticket processed earlier */ | ||
| 1643 | #ifndef OPENSSL_NO_SRTP | ||
| 1644 | else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { | ||
| 1645 | if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) | ||
| 1646 | return 0; | ||
| 1647 | } | ||
| 1648 | #endif | ||
| 1649 | |||
| 1650 | data += size; | ||
| 1651 | } | ||
| 1652 | |||
| 1653 | *p = data; | ||
| 1654 | |||
| 1655 | ri_check: | ||
| 1656 | |||
| 1657 | /* Need RI if renegotiating */ | ||
| 1658 | |||
| 1659 | if (!renegotiate_seen && s->renegotiate) { | ||
| 1660 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1661 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, | ||
| 1662 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | ||
| 1663 | return 0; | ||
| 1664 | } | ||
| 1665 | |||
| 1666 | return 1; | ||
| 1667 | } | ||
| 1668 | |||
| 1669 | /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No | ||
| 1670 | * elements of zero length are allowed and the set of elements must exactly fill | ||
| 1671 | * the length of the block. */ | ||
| 1672 | static char | ||
| 1673 | ssl_next_proto_validate(unsigned char *d, unsigned len) | ||
| 1674 | { | ||
| 1675 | unsigned int off = 0; | ||
| 1676 | |||
| 1677 | while (off < len) { | ||
| 1678 | if (d[off] == 0) | ||
| 1679 | return 0; | ||
| 1680 | off += d[off]; | ||
| 1681 | off++; | ||
| 1682 | } | ||
| 1683 | |||
| 1684 | return off == len; | ||
| 1685 | } | ||
| 1686 | |||
| 1687 | int | ||
| 1688 | ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | ||
| 1689 | int n, int *al) | ||
| 1690 | { | ||
| 1691 | unsigned short length; | ||
| 1692 | unsigned short type; | ||
| 1693 | unsigned short size; | ||
| 1694 | unsigned char *data = *p; | ||
| 1695 | int tlsext_servername = 0; | ||
| 1696 | int renegotiate_seen = 0; | ||
| 1697 | |||
| 1698 | s->s3->next_proto_neg_seen = 0; | ||
| 1699 | free(s->s3->alpn_selected); | ||
| 1700 | s->s3->alpn_selected = NULL; | ||
| 1701 | |||
| 1702 | if (data >= (d + n - 2)) | ||
| 1703 | goto ri_check; | ||
| 1704 | |||
| 1705 | n2s(data, length); | ||
| 1706 | if (data + length != d + n) { | ||
| 1707 | *al = SSL_AD_DECODE_ERROR; | ||
| 1708 | return 0; | ||
| 1709 | } | ||
| 1710 | |||
| 1711 | while (data <= (d + n - 4)) { | ||
| 1712 | n2s(data, type); | ||
| 1713 | n2s(data, size); | ||
| 1714 | |||
| 1715 | if (data + size > (d + n)) | ||
| 1716 | goto ri_check; | ||
| 1717 | |||
| 1718 | if (s->tlsext_debug_cb) | ||
| 1719 | s->tlsext_debug_cb(s, 1, type, data, size, | ||
| 1720 | s->tlsext_debug_arg); | ||
| 1721 | |||
| 1722 | if (type == TLSEXT_TYPE_server_name) { | ||
| 1723 | if (s->tlsext_hostname == NULL || size > 0) { | ||
| 1724 | *al = TLS1_AD_UNRECOGNIZED_NAME; | ||
| 1725 | return 0; | ||
| 1726 | } | ||
| 1727 | tlsext_servername = 1; | ||
| 1728 | |||
| 1729 | } | ||
| 1730 | else if (type == TLSEXT_TYPE_ec_point_formats && | ||
| 1731 | s->version != DTLS1_VERSION) { | ||
| 1732 | unsigned char *sdata = data; | ||
| 1733 | size_t formatslen; | ||
| 1734 | uint8_t *formats; | ||
| 1735 | |||
| 1736 | if (size < 1) { | ||
| 1737 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1738 | return 0; | ||
| 1739 | } | ||
| 1740 | formatslen = *(sdata++); | ||
| 1741 | if (formatslen != size - 1) { | ||
| 1742 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1743 | return 0; | ||
| 1744 | } | ||
| 1745 | |||
| 1746 | if (!s->hit) { | ||
| 1747 | free(s->session->tlsext_ecpointformatlist); | ||
| 1748 | s->session->tlsext_ecpointformatlist = NULL; | ||
| 1749 | s->session->tlsext_ecpointformatlist_length = 0; | ||
| 1750 | |||
| 1751 | if ((formats = reallocarray(NULL, formatslen, | ||
| 1752 | sizeof(uint8_t))) == NULL) { | ||
| 1753 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1754 | return 0; | ||
| 1755 | } | ||
| 1756 | memcpy(formats, sdata, formatslen); | ||
| 1757 | s->session->tlsext_ecpointformatlist = formats; | ||
| 1758 | s->session->tlsext_ecpointformatlist_length = | ||
| 1759 | formatslen; | ||
| 1760 | } | ||
| 1761 | } | ||
| 1762 | else if (type == TLSEXT_TYPE_session_ticket) { | ||
| 1763 | if (s->tls_session_ticket_ext_cb && | ||
| 1764 | !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg)) { | ||
| 1765 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1766 | return 0; | ||
| 1767 | } | ||
| 1768 | if ((SSL_get_options(s) & SSL_OP_NO_TICKET) || (size > 0)) { | ||
| 1769 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 1770 | return 0; | ||
| 1771 | } | ||
| 1772 | s->tlsext_ticket_expected = 1; | ||
| 1773 | } | ||
| 1774 | else if (type == TLSEXT_TYPE_status_request && | ||
| 1775 | s->version != DTLS1_VERSION) { | ||
| 1776 | /* MUST be empty and only sent if we've requested | ||
| 1777 | * a status request message. | ||
| 1778 | */ | ||
| 1779 | if ((s->tlsext_status_type == -1) || (size > 0)) { | ||
| 1780 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 1781 | return 0; | ||
| 1782 | } | ||
| 1783 | /* Set flag to expect CertificateStatus message */ | ||
| 1784 | s->tlsext_status_expected = 1; | ||
| 1785 | } | ||
| 1786 | else if (type == TLSEXT_TYPE_next_proto_neg && | ||
| 1787 | s->s3->tmp.finish_md_len == 0) { | ||
| 1788 | unsigned char *selected; | ||
| 1789 | unsigned char selected_len; | ||
| 1790 | |||
| 1791 | /* We must have requested it. */ | ||
| 1792 | if (s->ctx->next_proto_select_cb == NULL) { | ||
| 1793 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 1794 | return 0; | ||
| 1795 | } | ||
| 1796 | /* The data must be valid */ | ||
| 1797 | if (!ssl_next_proto_validate(data, size)) { | ||
| 1798 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1799 | return 0; | ||
| 1800 | } | ||
| 1801 | if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) { | ||
| 1802 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1803 | return 0; | ||
| 1804 | } | ||
| 1805 | s->next_proto_negotiated = malloc(selected_len); | ||
| 1806 | if (!s->next_proto_negotiated) { | ||
| 1807 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1808 | return 0; | ||
| 1809 | } | ||
| 1810 | memcpy(s->next_proto_negotiated, selected, selected_len); | ||
| 1811 | s->next_proto_negotiated_len = selected_len; | ||
| 1812 | s->s3->next_proto_neg_seen = 1; | ||
| 1813 | } | ||
| 1814 | else if (type == | ||
| 1815 | TLSEXT_TYPE_application_layer_protocol_negotiation) { | ||
| 1816 | unsigned int len; | ||
| 1817 | |||
| 1818 | /* We must have requested it. */ | ||
| 1819 | if (s->alpn_client_proto_list == NULL) { | ||
| 1820 | *al = TLS1_AD_UNSUPPORTED_EXTENSION; | ||
| 1821 | return 0; | ||
| 1822 | } | ||
| 1823 | if (size < 4) { | ||
| 1824 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1825 | return (0); | ||
| 1826 | } | ||
| 1827 | |||
| 1828 | /* The extension data consists of: | ||
| 1829 | * uint16 list_length | ||
| 1830 | * uint8 proto_length; | ||
| 1831 | * uint8 proto[proto_length]; */ | ||
| 1832 | len = ((unsigned int)data[0]) << 8 | | ||
| 1833 | ((unsigned int)data[1]); | ||
| 1834 | if (len != (unsigned int)size - 2) { | ||
| 1835 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1836 | return (0); | ||
| 1837 | } | ||
| 1838 | len = data[2]; | ||
| 1839 | if (len != (unsigned int)size - 3) { | ||
| 1840 | *al = TLS1_AD_DECODE_ERROR; | ||
| 1841 | return (0); | ||
| 1842 | } | ||
| 1843 | free(s->s3->alpn_selected); | ||
| 1844 | s->s3->alpn_selected = malloc(len); | ||
| 1845 | if (s->s3->alpn_selected == NULL) { | ||
| 1846 | *al = TLS1_AD_INTERNAL_ERROR; | ||
| 1847 | return (0); | ||
| 1848 | } | ||
| 1849 | memcpy(s->s3->alpn_selected, data + 3, len); | ||
| 1850 | s->s3->alpn_selected_len = len; | ||
| 1851 | |||
| 1852 | } else if (type == TLSEXT_TYPE_renegotiate) { | ||
| 1853 | if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) | ||
| 1854 | return 0; | ||
| 1855 | renegotiate_seen = 1; | ||
| 1856 | } | ||
| 1857 | #ifndef OPENSSL_NO_SRTP | ||
| 1858 | else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { | ||
| 1859 | if (ssl_parse_serverhello_use_srtp_ext(s, data, | ||
| 1860 | size, al)) | ||
| 1861 | return 0; | ||
| 1862 | } | ||
| 1863 | #endif | ||
| 1864 | |||
| 1865 | data += size; | ||
| 1866 | |||
| 1867 | } | ||
| 1868 | |||
| 1869 | if (data != d + n) { | ||
| 1870 | *al = SSL_AD_DECODE_ERROR; | ||
| 1871 | return 0; | ||
| 1872 | } | ||
| 1873 | |||
| 1874 | if (!s->hit && tlsext_servername == 1) { | ||
| 1875 | if (s->tlsext_hostname) { | ||
| 1876 | if (s->session->tlsext_hostname == NULL) { | ||
| 1877 | s->session->tlsext_hostname = | ||
| 1878 | strdup(s->tlsext_hostname); | ||
| 1879 | |||
| 1880 | if (!s->session->tlsext_hostname) { | ||
| 1881 | *al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 1882 | return 0; | ||
| 1883 | } | ||
| 1884 | } else { | ||
| 1885 | *al = SSL_AD_DECODE_ERROR; | ||
| 1886 | return 0; | ||
| 1887 | } | ||
| 1888 | } | ||
| 1889 | } | ||
| 1890 | |||
| 1891 | *p = data; | ||
| 1892 | |||
| 1893 | ri_check: | ||
| 1894 | |||
| 1895 | /* Determine if we need to see RI. Strictly speaking if we want to | ||
| 1896 | * avoid an attack we should *always* see RI even on initial server | ||
| 1897 | * hello because the client doesn't see any renegotiation during an | ||
| 1898 | * attack. However this would mean we could not connect to any server | ||
| 1899 | * which doesn't support RI so for the immediate future tolerate RI | ||
| 1900 | * absence on initial connect only. | ||
| 1901 | */ | ||
| 1902 | if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) { | ||
| 1903 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 1904 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, | ||
| 1905 | SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); | ||
| 1906 | return 0; | ||
| 1907 | } | ||
| 1908 | |||
| 1909 | return 1; | ||
| 1910 | } | ||
| 1911 | |||
| 1912 | int | ||
| 1913 | ssl_prepare_clienthello_tlsext(SSL *s) | ||
| 1914 | { | ||
| 1915 | return 1; | ||
| 1916 | } | ||
| 1917 | |||
| 1918 | int | ||
| 1919 | ssl_prepare_serverhello_tlsext(SSL *s) | ||
| 1920 | { | ||
| 1921 | return 1; | ||
| 1922 | } | ||
| 1923 | |||
| 1924 | int | ||
| 1925 | ssl_check_clienthello_tlsext_early(SSL *s) | ||
| 1926 | { | ||
| 1927 | int ret = SSL_TLSEXT_ERR_NOACK; | ||
| 1928 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 1929 | |||
| 1930 | /* The handling of the ECPointFormats extension is done elsewhere, namely in | ||
| 1931 | * ssl3_choose_cipher in s3_lib.c. | ||
| 1932 | */ | ||
| 1933 | /* The handling of the EllipticCurves extension is done elsewhere, namely in | ||
| 1934 | * ssl3_choose_cipher in s3_lib.c. | ||
| 1935 | */ | ||
| 1936 | |||
| 1937 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
| 1938 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
| 1939 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
| 1940 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
| 1941 | |||
| 1942 | switch (ret) { | ||
| 1943 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 1944 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 1945 | return -1; | ||
| 1946 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 1947 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | ||
| 1948 | return 1; | ||
| 1949 | case SSL_TLSEXT_ERR_NOACK: | ||
| 1950 | s->servername_done = 0; | ||
| 1951 | default: | ||
| 1952 | return 1; | ||
| 1953 | } | ||
| 1954 | } | ||
| 1955 | |||
| 1956 | int | ||
| 1957 | ssl_check_clienthello_tlsext_late(SSL *s) | ||
| 1958 | { | ||
| 1959 | int ret = SSL_TLSEXT_ERR_OK; | ||
| 1960 | int al = 0; /* XXX gcc3 */ | ||
| 1961 | |||
| 1962 | /* If status request then ask callback what to do. | ||
| 1963 | * Note: this must be called after servername callbacks in case | ||
| 1964 | * the certificate has changed, and must be called after the cipher | ||
| 1965 | * has been chosen because this may influence which certificate is sent | ||
| 1966 | */ | ||
| 1967 | if ((s->tlsext_status_type != -1) && | ||
| 1968 | s->ctx && s->ctx->tlsext_status_cb) { | ||
| 1969 | int r; | ||
| 1970 | CERT_PKEY *certpkey; | ||
| 1971 | certpkey = ssl_get_server_send_pkey(s); | ||
| 1972 | /* If no certificate can't return certificate status */ | ||
| 1973 | if (certpkey == NULL) { | ||
| 1974 | s->tlsext_status_expected = 0; | ||
| 1975 | return 1; | ||
| 1976 | } | ||
| 1977 | /* Set current certificate to one we will use so | ||
| 1978 | * SSL_get_certificate et al can pick it up. | ||
| 1979 | */ | ||
| 1980 | s->cert->key = certpkey; | ||
| 1981 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 1982 | switch (r) { | ||
| 1983 | /* We don't want to send a status request response */ | ||
| 1984 | case SSL_TLSEXT_ERR_NOACK: | ||
| 1985 | s->tlsext_status_expected = 0; | ||
| 1986 | break; | ||
| 1987 | /* status request response should be sent */ | ||
| 1988 | case SSL_TLSEXT_ERR_OK: | ||
| 1989 | if (s->tlsext_ocsp_resp) | ||
| 1990 | s->tlsext_status_expected = 1; | ||
| 1991 | else | ||
| 1992 | s->tlsext_status_expected = 0; | ||
| 1993 | break; | ||
| 1994 | /* something bad happened */ | ||
| 1995 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 1996 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 1997 | al = SSL_AD_INTERNAL_ERROR; | ||
| 1998 | goto err; | ||
| 1999 | } | ||
| 2000 | } else | ||
| 2001 | s->tlsext_status_expected = 0; | ||
| 2002 | |||
| 2003 | err: | ||
| 2004 | switch (ret) { | ||
| 2005 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 2006 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 2007 | return -1; | ||
| 2008 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 2009 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | ||
| 2010 | return 1; | ||
| 2011 | default: | ||
| 2012 | return 1; | ||
| 2013 | } | ||
| 2014 | } | ||
| 2015 | |||
| 2016 | int | ||
| 2017 | ssl_check_serverhello_tlsext(SSL *s) | ||
| 2018 | { | ||
| 2019 | int ret = SSL_TLSEXT_ERR_NOACK; | ||
| 2020 | int al = SSL_AD_UNRECOGNIZED_NAME; | ||
| 2021 | |||
| 2022 | /* If we are client and using an elliptic curve cryptography cipher | ||
| 2023 | * suite, then if server returns an EC point formats lists extension | ||
| 2024 | * it must contain uncompressed. | ||
| 2025 | */ | ||
| 2026 | unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; | ||
| 2027 | unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; | ||
| 2028 | if ((s->tlsext_ecpointformatlist != NULL) && | ||
| 2029 | (s->tlsext_ecpointformatlist_length > 0) && | ||
| 2030 | (s->session->tlsext_ecpointformatlist != NULL) && | ||
| 2031 | (s->session->tlsext_ecpointformatlist_length > 0) && | ||
| 2032 | ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { | ||
| 2033 | /* we are using an ECC cipher */ | ||
| 2034 | size_t i; | ||
| 2035 | unsigned char *list; | ||
| 2036 | int found_uncompressed = 0; | ||
| 2037 | list = s->session->tlsext_ecpointformatlist; | ||
| 2038 | for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) { | ||
| 2039 | if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) { | ||
| 2040 | found_uncompressed = 1; | ||
| 2041 | break; | ||
| 2042 | } | ||
| 2043 | } | ||
| 2044 | if (!found_uncompressed) { | ||
| 2045 | SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST); | ||
| 2046 | return -1; | ||
| 2047 | } | ||
| 2048 | } | ||
| 2049 | ret = SSL_TLSEXT_ERR_OK; | ||
| 2050 | |||
| 2051 | if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) | ||
| 2052 | ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); | ||
| 2053 | else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) | ||
| 2054 | ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); | ||
| 2055 | |||
| 2056 | /* If we've requested certificate status and we wont get one | ||
| 2057 | * tell the callback | ||
| 2058 | */ | ||
| 2059 | if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) && | ||
| 2060 | s->ctx && s->ctx->tlsext_status_cb) { | ||
| 2061 | int r; | ||
| 2062 | /* Set resp to NULL, resplen to -1 so callback knows | ||
| 2063 | * there is no response. | ||
| 2064 | */ | ||
| 2065 | free(s->tlsext_ocsp_resp); | ||
| 2066 | s->tlsext_ocsp_resp = NULL; | ||
| 2067 | s->tlsext_ocsp_resplen = -1; | ||
| 2068 | r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); | ||
| 2069 | if (r == 0) { | ||
| 2070 | al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE; | ||
| 2071 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 2072 | } | ||
| 2073 | if (r < 0) { | ||
| 2074 | al = SSL_AD_INTERNAL_ERROR; | ||
| 2075 | ret = SSL_TLSEXT_ERR_ALERT_FATAL; | ||
| 2076 | } | ||
| 2077 | } | ||
| 2078 | |||
| 2079 | switch (ret) { | ||
| 2080 | case SSL_TLSEXT_ERR_ALERT_FATAL: | ||
| 2081 | ssl3_send_alert(s, SSL3_AL_FATAL, al); | ||
| 2082 | |||
| 2083 | return -1; | ||
| 2084 | case SSL_TLSEXT_ERR_ALERT_WARNING: | ||
| 2085 | ssl3_send_alert(s, SSL3_AL_WARNING, al); | ||
| 2086 | |||
| 2087 | return 1; | ||
| 2088 | case SSL_TLSEXT_ERR_NOACK: | ||
| 2089 | s->servername_done = 0; | ||
| 2090 | default: | ||
| 2091 | return 1; | ||
| 2092 | } | ||
| 2093 | } | ||
| 2094 | |||
| 2095 | /* Since the server cache lookup is done early on in the processing of the | ||
| 2096 | * ClientHello, and other operations depend on the result, we need to handle | ||
| 2097 | * any TLS session ticket extension at the same time. | ||
| 2098 | * | ||
| 2099 | * session_id: points at the session ID in the ClientHello. This code will | ||
| 2100 | * read past the end of this in order to parse out the session ticket | ||
| 2101 | * extension, if any. | ||
| 2102 | * len: the length of the session ID. | ||
| 2103 | * limit: a pointer to the first byte after the ClientHello. | ||
| 2104 | * ret: (output) on return, if a ticket was decrypted, then this is set to | ||
| 2105 | * point to the resulting session. | ||
| 2106 | * | ||
| 2107 | * If s->tls_session_secret_cb is set then we are expecting a pre-shared key | ||
| 2108 | * ciphersuite, in which case we have no use for session tickets and one will | ||
| 2109 | * never be decrypted, nor will s->tlsext_ticket_expected be set to 1. | ||
| 2110 | * | ||
| 2111 | * Returns: | ||
| 2112 | * -1: fatal error, either from parsing or decrypting the ticket. | ||
| 2113 | * 0: no ticket was found (or was ignored, based on settings). | ||
| 2114 | * 1: a zero length extension was found, indicating that the client supports | ||
| 2115 | * session tickets but doesn't currently have one to offer. | ||
| 2116 | * 2: either s->tls_session_secret_cb was set, or a ticket was offered but | ||
| 2117 | * couldn't be decrypted because of a non-fatal error. | ||
| 2118 | * 3: a ticket was successfully decrypted and *ret was set. | ||
| 2119 | * | ||
| 2120 | * Side effects: | ||
| 2121 | * Sets s->tlsext_ticket_expected to 1 if the server will have to issue | ||
| 2122 | * a new session ticket to the client because the client indicated support | ||
| 2123 | * (and s->tls_session_secret_cb is NULL) but the client either doesn't have | ||
| 2124 | * a session ticket or we couldn't use the one it gave us, or if | ||
| 2125 | * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. | ||
| 2126 | * Otherwise, s->tlsext_ticket_expected is set to 0. | ||
| 2127 | */ | ||
| 2128 | int | ||
| 2129 | tls1_process_ticket(SSL *s, unsigned char *session_id, int len, | ||
| 2130 | const unsigned char *limit, SSL_SESSION **ret) | ||
| 2131 | { | ||
| 2132 | /* Point after session ID in client hello */ | ||
| 2133 | const unsigned char *p = session_id + len; | ||
| 2134 | unsigned short i; | ||
| 2135 | |||
| 2136 | *ret = NULL; | ||
| 2137 | s->tlsext_ticket_expected = 0; | ||
| 2138 | |||
| 2139 | /* If tickets disabled behave as if no ticket present | ||
| 2140 | * to permit stateful resumption. | ||
| 2141 | */ | ||
| 2142 | if (SSL_get_options(s) & SSL_OP_NO_TICKET) | ||
| 2143 | return 0; | ||
| 2144 | if ((s->version <= SSL3_VERSION) || !limit) | ||
| 2145 | return 0; | ||
| 2146 | if (p >= limit) | ||
| 2147 | return -1; | ||
| 2148 | /* Skip past DTLS cookie */ | ||
| 2149 | if (SSL_IS_DTLS(s)) { | ||
| 2150 | i = *(p++); | ||
| 2151 | p += i; | ||
| 2152 | if (p >= limit) | ||
| 2153 | return -1; | ||
| 2154 | } | ||
| 2155 | /* Skip past cipher list */ | ||
| 2156 | n2s(p, i); | ||
| 2157 | p += i; | ||
| 2158 | if (p >= limit) | ||
| 2159 | return -1; | ||
| 2160 | /* Skip past compression algorithm list */ | ||
| 2161 | i = *(p++); | ||
| 2162 | p += i; | ||
| 2163 | if (p > limit) | ||
| 2164 | return -1; | ||
| 2165 | /* Now at start of extensions */ | ||
| 2166 | if ((p + 2) >= limit) | ||
| 2167 | return 0; | ||
| 2168 | n2s(p, i); | ||
| 2169 | while ((p + 4) <= limit) { | ||
| 2170 | unsigned short type, size; | ||
| 2171 | n2s(p, type); | ||
| 2172 | n2s(p, size); | ||
| 2173 | if (p + size > limit) | ||
| 2174 | return 0; | ||
| 2175 | if (type == TLSEXT_TYPE_session_ticket) { | ||
| 2176 | int r; | ||
| 2177 | if (size == 0) { | ||
| 2178 | /* The client will accept a ticket but doesn't | ||
| 2179 | * currently have one. */ | ||
| 2180 | s->tlsext_ticket_expected = 1; | ||
| 2181 | return 1; | ||
| 2182 | } | ||
| 2183 | if (s->tls_session_secret_cb) { | ||
| 2184 | /* Indicate that the ticket couldn't be | ||
| 2185 | * decrypted rather than generating the session | ||
| 2186 | * from ticket now, trigger abbreviated | ||
| 2187 | * handshake based on external mechanism to | ||
| 2188 | * calculate the master secret later. */ | ||
| 2189 | return 2; | ||
| 2190 | } | ||
| 2191 | r = tls_decrypt_ticket(s, p, size, session_id, len, ret); | ||
| 2192 | switch (r) { | ||
| 2193 | case 2: /* ticket couldn't be decrypted */ | ||
| 2194 | s->tlsext_ticket_expected = 1; | ||
| 2195 | return 2; | ||
| 2196 | case 3: /* ticket was decrypted */ | ||
| 2197 | return r; | ||
| 2198 | case 4: /* ticket decrypted but need to renew */ | ||
| 2199 | s->tlsext_ticket_expected = 1; | ||
| 2200 | return 3; | ||
| 2201 | default: /* fatal error */ | ||
| 2202 | return -1; | ||
| 2203 | } | ||
| 2204 | } | ||
| 2205 | p += size; | ||
| 2206 | } | ||
| 2207 | return 0; | ||
| 2208 | } | ||
| 2209 | |||
| 2210 | /* tls_decrypt_ticket attempts to decrypt a session ticket. | ||
| 2211 | * | ||
| 2212 | * etick: points to the body of the session ticket extension. | ||
| 2213 | * eticklen: the length of the session tickets extenion. | ||
| 2214 | * sess_id: points at the session ID. | ||
| 2215 | * sesslen: the length of the session ID. | ||
| 2216 | * psess: (output) on return, if a ticket was decrypted, then this is set to | ||
| 2217 | * point to the resulting session. | ||
| 2218 | * | ||
| 2219 | * Returns: | ||
| 2220 | * -1: fatal error, either from parsing or decrypting the ticket. | ||
| 2221 | * 2: the ticket couldn't be decrypted. | ||
| 2222 | * 3: a ticket was successfully decrypted and *psess was set. | ||
| 2223 | * 4: same as 3, but the ticket needs to be renewed. | ||
| 2224 | */ | ||
| 2225 | static int | ||
| 2226 | tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, | ||
| 2227 | const unsigned char *sess_id, int sesslen, SSL_SESSION **psess) | ||
| 2228 | { | ||
| 2229 | SSL_SESSION *sess; | ||
| 2230 | unsigned char *sdec; | ||
| 2231 | const unsigned char *p; | ||
| 2232 | int slen, mlen, renew_ticket = 0; | ||
| 2233 | unsigned char tick_hmac[EVP_MAX_MD_SIZE]; | ||
| 2234 | HMAC_CTX hctx; | ||
| 2235 | EVP_CIPHER_CTX ctx; | ||
| 2236 | SSL_CTX *tctx = s->initial_ctx; | ||
| 2237 | /* Need at least keyname + iv + some encrypted data */ | ||
| 2238 | if (eticklen < 48) | ||
| 2239 | return 2; | ||
| 2240 | /* Initialize session ticket encryption and HMAC contexts */ | ||
| 2241 | HMAC_CTX_init(&hctx); | ||
| 2242 | EVP_CIPHER_CTX_init(&ctx); | ||
| 2243 | if (tctx->tlsext_ticket_key_cb) { | ||
| 2244 | unsigned char *nctick = (unsigned char *)etick; | ||
| 2245 | int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, | ||
| 2246 | &ctx, &hctx, 0); | ||
| 2247 | if (rv < 0) { | ||
| 2248 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2249 | return -1; | ||
| 2250 | } | ||
| 2251 | if (rv == 0) { | ||
| 2252 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2253 | return 2; | ||
| 2254 | } | ||
| 2255 | if (rv == 2) | ||
| 2256 | renew_ticket = 1; | ||
| 2257 | } else { | ||
| 2258 | /* Check key name matches */ | ||
| 2259 | if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16)) | ||
| 2260 | return 2; | ||
| 2261 | HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, | ||
| 2262 | tlsext_tick_md(), NULL); | ||
| 2263 | EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, | ||
| 2264 | tctx->tlsext_tick_aes_key, etick + 16); | ||
| 2265 | } | ||
| 2266 | /* Attempt to process session ticket, first conduct sanity and | ||
| 2267 | * integrity checks on ticket. | ||
| 2268 | */ | ||
| 2269 | mlen = HMAC_size(&hctx); | ||
| 2270 | if (mlen < 0) { | ||
| 2271 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2272 | return -1; | ||
| 2273 | } | ||
| 2274 | eticklen -= mlen; | ||
| 2275 | /* Check HMAC of encrypted ticket */ | ||
| 2276 | HMAC_Update(&hctx, etick, eticklen); | ||
| 2277 | HMAC_Final(&hctx, tick_hmac, NULL); | ||
| 2278 | HMAC_CTX_cleanup(&hctx); | ||
| 2279 | if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) { | ||
| 2280 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2281 | return 2; | ||
| 2282 | } | ||
| 2283 | /* Attempt to decrypt session data */ | ||
| 2284 | /* Move p after IV to start of encrypted ticket, update length */ | ||
| 2285 | p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 2286 | eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); | ||
| 2287 | sdec = malloc(eticklen); | ||
| 2288 | if (!sdec) { | ||
| 2289 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2290 | return -1; | ||
| 2291 | } | ||
| 2292 | EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); | ||
| 2293 | if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { | ||
| 2294 | free(sdec); | ||
| 2295 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2296 | return 2; | ||
| 2297 | } | ||
| 2298 | slen += mlen; | ||
| 2299 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 2300 | p = sdec; | ||
| 2301 | |||
| 2302 | sess = d2i_SSL_SESSION(NULL, &p, slen); | ||
| 2303 | free(sdec); | ||
| 2304 | if (sess) { | ||
| 2305 | /* The session ID, if non-empty, is used by some clients to | ||
| 2306 | * detect that the ticket has been accepted. So we copy it to | ||
| 2307 | * the session structure. If it is empty set length to zero | ||
| 2308 | * as required by standard. | ||
| 2309 | */ | ||
| 2310 | if (sesslen) | ||
| 2311 | memcpy(sess->session_id, sess_id, sesslen); | ||
| 2312 | sess->session_id_length = sesslen; | ||
| 2313 | *psess = sess; | ||
| 2314 | if (renew_ticket) | ||
| 2315 | return 4; | ||
| 2316 | else | ||
| 2317 | return 3; | ||
| 2318 | } | ||
| 2319 | ERR_clear_error(); | ||
| 2320 | /* For session parse failure, indicate that we need to send a new | ||
| 2321 | * ticket. */ | ||
| 2322 | return 2; | ||
| 2323 | } | ||
| 2324 | |||
| 2325 | /* Tables to translate from NIDs to TLS v1.2 ids */ | ||
| 2326 | |||
| 2327 | typedef struct { | ||
| 2328 | int nid; | ||
| 2329 | int id; | ||
| 2330 | } tls12_lookup; | ||
| 2331 | |||
| 2332 | static tls12_lookup tls12_md[] = { | ||
| 2333 | {NID_md5, TLSEXT_hash_md5}, | ||
| 2334 | {NID_sha1, TLSEXT_hash_sha1}, | ||
| 2335 | {NID_sha224, TLSEXT_hash_sha224}, | ||
| 2336 | {NID_sha256, TLSEXT_hash_sha256}, | ||
| 2337 | {NID_sha384, TLSEXT_hash_sha384}, | ||
| 2338 | {NID_sha512, TLSEXT_hash_sha512}, | ||
| 2339 | {NID_id_GostR3411_94, TLSEXT_hash_gost94}, | ||
| 2340 | {NID_id_tc26_gost3411_2012_256, TLSEXT_hash_streebog_256}, | ||
| 2341 | {NID_id_tc26_gost3411_2012_512, TLSEXT_hash_streebog_512} | ||
| 2342 | }; | ||
| 2343 | |||
| 2344 | static tls12_lookup tls12_sig[] = { | ||
| 2345 | {EVP_PKEY_RSA, TLSEXT_signature_rsa}, | ||
| 2346 | {EVP_PKEY_DSA, TLSEXT_signature_dsa}, | ||
| 2347 | {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, | ||
| 2348 | {EVP_PKEY_GOSTR01, TLSEXT_signature_gostr01}, | ||
| 2349 | }; | ||
| 2350 | |||
| 2351 | static int | ||
| 2352 | tls12_find_id(int nid, tls12_lookup *table, size_t tlen) | ||
| 2353 | { | ||
| 2354 | size_t i; | ||
| 2355 | for (i = 0; i < tlen; i++) { | ||
| 2356 | if (table[i].nid == nid) | ||
| 2357 | return table[i].id; | ||
| 2358 | } | ||
| 2359 | return -1; | ||
| 2360 | } | ||
| 2361 | |||
| 2362 | int | ||
| 2363 | tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md) | ||
| 2364 | { | ||
| 2365 | int sig_id, md_id; | ||
| 2366 | if (!md) | ||
| 2367 | return 0; | ||
| 2368 | md_id = tls12_find_id(EVP_MD_type(md), tls12_md, | ||
| 2369 | sizeof(tls12_md) / sizeof(tls12_lookup)); | ||
| 2370 | if (md_id == -1) | ||
| 2371 | return 0; | ||
| 2372 | sig_id = tls12_get_sigid(pk); | ||
| 2373 | if (sig_id == -1) | ||
| 2374 | return 0; | ||
| 2375 | p[0] = (unsigned char)md_id; | ||
| 2376 | p[1] = (unsigned char)sig_id; | ||
| 2377 | return 1; | ||
| 2378 | } | ||
| 2379 | |||
| 2380 | int | ||
| 2381 | tls12_get_sigid(const EVP_PKEY *pk) | ||
| 2382 | { | ||
| 2383 | return tls12_find_id(pk->type, tls12_sig, | ||
| 2384 | sizeof(tls12_sig) / sizeof(tls12_lookup)); | ||
| 2385 | } | ||
| 2386 | |||
| 2387 | const EVP_MD * | ||
| 2388 | tls12_get_hash(unsigned char hash_alg) | ||
| 2389 | { | ||
| 2390 | switch (hash_alg) { | ||
| 2391 | case TLSEXT_hash_sha1: | ||
| 2392 | return EVP_sha1(); | ||
| 2393 | case TLSEXT_hash_sha224: | ||
| 2394 | return EVP_sha224(); | ||
| 2395 | case TLSEXT_hash_sha256: | ||
| 2396 | return EVP_sha256(); | ||
| 2397 | case TLSEXT_hash_sha384: | ||
| 2398 | return EVP_sha384(); | ||
| 2399 | case TLSEXT_hash_sha512: | ||
| 2400 | return EVP_sha512(); | ||
| 2401 | #ifndef OPENSSL_NO_GOST | ||
| 2402 | case TLSEXT_hash_gost94: | ||
| 2403 | return EVP_gostr341194(); | ||
| 2404 | case TLSEXT_hash_streebog_256: | ||
| 2405 | return EVP_streebog256(); | ||
| 2406 | case TLSEXT_hash_streebog_512: | ||
| 2407 | return EVP_streebog512(); | ||
| 2408 | #endif | ||
| 2409 | default: | ||
| 2410 | return NULL; | ||
| 2411 | } | ||
| 2412 | } | ||
| 2413 | |||
| 2414 | /* Set preferred digest for each key type */ | ||
| 2415 | |||
| 2416 | int | ||
| 2417 | tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) | ||
| 2418 | { | ||
| 2419 | int i, idx; | ||
| 2420 | const EVP_MD *md; | ||
| 2421 | CERT *c = s->cert; | ||
| 2422 | |||
| 2423 | /* Extension ignored for inappropriate versions */ | ||
| 2424 | if (!SSL_USE_SIGALGS(s)) | ||
| 2425 | return 1; | ||
| 2426 | |||
| 2427 | /* Should never happen */ | ||
| 2428 | if (!c) | ||
| 2429 | return 0; | ||
| 2430 | |||
| 2431 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL; | ||
| 2432 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; | ||
| 2433 | c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; | ||
| 2434 | c->pkeys[SSL_PKEY_ECC].digest = NULL; | ||
| 2435 | c->pkeys[SSL_PKEY_GOST01].digest = NULL; | ||
| 2436 | |||
| 2437 | for (i = 0; i < dsize; i += 2) { | ||
| 2438 | unsigned char hash_alg = data[i], sig_alg = data[i + 1]; | ||
| 2439 | |||
| 2440 | switch (sig_alg) { | ||
| 2441 | case TLSEXT_signature_rsa: | ||
| 2442 | idx = SSL_PKEY_RSA_SIGN; | ||
| 2443 | break; | ||
| 2444 | case TLSEXT_signature_dsa: | ||
| 2445 | idx = SSL_PKEY_DSA_SIGN; | ||
| 2446 | break; | ||
| 2447 | case TLSEXT_signature_ecdsa: | ||
| 2448 | idx = SSL_PKEY_ECC; | ||
| 2449 | break; | ||
| 2450 | case TLSEXT_signature_gostr01: | ||
| 2451 | case TLSEXT_signature_gostr12_256: | ||
| 2452 | case TLSEXT_signature_gostr12_512: | ||
| 2453 | idx = SSL_PKEY_GOST01; | ||
| 2454 | break; | ||
| 2455 | default: | ||
| 2456 | continue; | ||
| 2457 | } | ||
| 2458 | |||
| 2459 | if (c->pkeys[idx].digest == NULL) { | ||
| 2460 | md = tls12_get_hash(hash_alg); | ||
| 2461 | if (md) { | ||
| 2462 | c->pkeys[idx].digest = md; | ||
| 2463 | if (idx == SSL_PKEY_RSA_SIGN) | ||
| 2464 | c->pkeys[SSL_PKEY_RSA_ENC].digest = md; | ||
| 2465 | } | ||
| 2466 | } | ||
| 2467 | |||
| 2468 | } | ||
| 2469 | |||
| 2470 | /* Set any remaining keys to default values. NOTE: if alg is not | ||
| 2471 | * supported it stays as NULL. | ||
| 2472 | */ | ||
| 2473 | if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) | ||
| 2474 | c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); | ||
| 2475 | if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { | ||
| 2476 | c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); | ||
| 2477 | c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); | ||
| 2478 | } | ||
| 2479 | if (!c->pkeys[SSL_PKEY_ECC].digest) | ||
| 2480 | c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); | ||
| 2481 | #ifndef OPENSSL_NO_GOST | ||
| 2482 | if (!c->pkeys[SSL_PKEY_GOST01].digest) | ||
| 2483 | c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); | ||
| 2484 | #endif | ||
| 2485 | return 1; | ||
| 2486 | } | ||
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c deleted file mode 100644 index 48341525d8..0000000000 --- a/src/lib/libssl/t1_meth.c +++ /dev/null | |||
| @@ -1,191 +0,0 @@ | |||
| 1 | /* $OpenBSD: t1_meth.c,v 1.16 2015/02/06 08:30:23 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include <openssl/objects.h> | ||
| 62 | |||
| 63 | #include "ssl_locl.h" | ||
| 64 | |||
| 65 | static const SSL_METHOD *tls1_get_method(int ver); | ||
| 66 | |||
| 67 | const SSL_METHOD TLSv1_method_data = { | ||
| 68 | .version = TLS1_VERSION, | ||
| 69 | .ssl_new = tls1_new, | ||
| 70 | .ssl_clear = tls1_clear, | ||
| 71 | .ssl_free = tls1_free, | ||
| 72 | .ssl_accept = ssl3_accept, | ||
| 73 | .ssl_connect = ssl3_connect, | ||
| 74 | .ssl_read = ssl3_read, | ||
| 75 | .ssl_peek = ssl3_peek, | ||
| 76 | .ssl_write = ssl3_write, | ||
| 77 | .ssl_shutdown = ssl3_shutdown, | ||
| 78 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 79 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 80 | .ssl_get_message = ssl3_get_message, | ||
| 81 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 82 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 83 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 84 | .ssl_ctrl = ssl3_ctrl, | ||
| 85 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 86 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 87 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 88 | .ssl_pending = ssl3_pending, | ||
| 89 | .num_ciphers = ssl3_num_ciphers, | ||
| 90 | .get_cipher = ssl3_get_cipher, | ||
| 91 | .get_ssl_method = tls1_get_method, | ||
| 92 | .get_timeout = tls1_default_timeout, | ||
| 93 | .ssl3_enc = &TLSv1_enc_data, | ||
| 94 | .ssl_version = ssl_undefined_void_function, | ||
| 95 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 96 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 97 | }; | ||
| 98 | |||
| 99 | const SSL_METHOD TLSv1_1_method_data = { | ||
| 100 | .version = TLS1_1_VERSION, | ||
| 101 | .ssl_new = tls1_new, | ||
| 102 | .ssl_clear = tls1_clear, | ||
| 103 | .ssl_free = tls1_free, | ||
| 104 | .ssl_accept = ssl3_accept, | ||
| 105 | .ssl_connect = ssl3_connect, | ||
| 106 | .ssl_read = ssl3_read, | ||
| 107 | .ssl_peek = ssl3_peek, | ||
| 108 | .ssl_write = ssl3_write, | ||
| 109 | .ssl_shutdown = ssl3_shutdown, | ||
| 110 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 111 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 112 | .ssl_get_message = ssl3_get_message, | ||
| 113 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 114 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 115 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 116 | .ssl_ctrl = ssl3_ctrl, | ||
| 117 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 118 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 119 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 120 | .ssl_pending = ssl3_pending, | ||
| 121 | .num_ciphers = ssl3_num_ciphers, | ||
| 122 | .get_cipher = ssl3_get_cipher, | ||
| 123 | .get_ssl_method = tls1_get_method, | ||
| 124 | .get_timeout = tls1_default_timeout, | ||
| 125 | .ssl3_enc = &TLSv1_1_enc_data, | ||
| 126 | .ssl_version = ssl_undefined_void_function, | ||
| 127 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 128 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 129 | }; | ||
| 130 | |||
| 131 | const SSL_METHOD TLSv1_2_method_data = { | ||
| 132 | .version = TLS1_2_VERSION, | ||
| 133 | .ssl_new = tls1_new, | ||
| 134 | .ssl_clear = tls1_clear, | ||
| 135 | .ssl_free = tls1_free, | ||
| 136 | .ssl_accept = ssl3_accept, | ||
| 137 | .ssl_connect = ssl3_connect, | ||
| 138 | .ssl_read = ssl3_read, | ||
| 139 | .ssl_peek = ssl3_peek, | ||
| 140 | .ssl_write = ssl3_write, | ||
| 141 | .ssl_shutdown = ssl3_shutdown, | ||
| 142 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 143 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 144 | .ssl_get_message = ssl3_get_message, | ||
| 145 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 146 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 147 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 148 | .ssl_ctrl = ssl3_ctrl, | ||
| 149 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 150 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 151 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 152 | .ssl_pending = ssl3_pending, | ||
| 153 | .num_ciphers = ssl3_num_ciphers, | ||
| 154 | .get_cipher = ssl3_get_cipher, | ||
| 155 | .get_ssl_method = tls1_get_method, | ||
| 156 | .get_timeout = tls1_default_timeout, | ||
| 157 | .ssl3_enc = &TLSv1_2_enc_data, | ||
| 158 | .ssl_version = ssl_undefined_void_function, | ||
| 159 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 160 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 161 | }; | ||
| 162 | |||
| 163 | const SSL_METHOD * | ||
| 164 | TLSv1_method(void) | ||
| 165 | { | ||
| 166 | return &TLSv1_method_data; | ||
| 167 | } | ||
| 168 | |||
| 169 | const SSL_METHOD * | ||
| 170 | TLSv1_1_method(void) | ||
| 171 | { | ||
| 172 | return &TLSv1_1_method_data; | ||
| 173 | } | ||
| 174 | |||
| 175 | const SSL_METHOD * | ||
| 176 | TLSv1_2_method(void) | ||
| 177 | { | ||
| 178 | return &TLSv1_2_method_data; | ||
| 179 | } | ||
| 180 | |||
| 181 | static const SSL_METHOD * | ||
| 182 | tls1_get_method(int ver) | ||
| 183 | { | ||
| 184 | if (ver == TLS1_2_VERSION) | ||
| 185 | return (TLSv1_2_method()); | ||
| 186 | if (ver == TLS1_1_VERSION) | ||
| 187 | return (TLSv1_1_method()); | ||
| 188 | if (ver == TLS1_VERSION) | ||
| 189 | return (TLSv1_method()); | ||
| 190 | return (NULL); | ||
| 191 | } | ||
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c deleted file mode 100644 index c93105ef4d..0000000000 --- a/src/lib/libssl/t1_reneg.c +++ /dev/null | |||
| @@ -1,285 +0,0 @@ | |||
| 1 | /* $OpenBSD: t1_reneg.c,v 1.9 2014/11/16 14:12:47 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 112 | #include <stdio.h> | ||
| 113 | |||
| 114 | #include <openssl/objects.h> | ||
| 115 | |||
| 116 | #include "ssl_locl.h" | ||
| 117 | |||
| 118 | /* Add the client's renegotiation binding */ | ||
| 119 | int | ||
| 120 | ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | ||
| 121 | int maxlen) | ||
| 122 | { | ||
| 123 | if (p) { | ||
| 124 | if ((s->s3->previous_client_finished_len + 1) > maxlen) { | ||
| 125 | SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, | ||
| 126 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
| 127 | return 0; | ||
| 128 | } | ||
| 129 | |||
| 130 | /* Length byte */ | ||
| 131 | *p = s->s3->previous_client_finished_len; | ||
| 132 | p++; | ||
| 133 | |||
| 134 | memcpy(p, s->s3->previous_client_finished, | ||
| 135 | s->s3->previous_client_finished_len); | ||
| 136 | |||
| 137 | } | ||
| 138 | |||
| 139 | *len = s->s3->previous_client_finished_len + 1; | ||
| 140 | |||
| 141 | return 1; | ||
| 142 | } | ||
| 143 | |||
| 144 | /* Parse the client's renegotiation binding and abort if it's not | ||
| 145 | right */ | ||
| 146 | int | ||
| 147 | ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, | ||
| 148 | int *al) | ||
| 149 | { | ||
| 150 | int ilen; | ||
| 151 | |||
| 152 | /* Parse the length byte */ | ||
| 153 | if (len < 1) { | ||
| 154 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | ||
| 155 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 156 | *al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 157 | return 0; | ||
| 158 | } | ||
| 159 | ilen = *d; | ||
| 160 | d++; | ||
| 161 | |||
| 162 | /* Consistency check */ | ||
| 163 | if ((ilen + 1) != len) { | ||
| 164 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | ||
| 165 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 166 | *al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 167 | return 0; | ||
| 168 | } | ||
| 169 | |||
| 170 | /* Check that the extension matches */ | ||
| 171 | if (ilen != s->s3->previous_client_finished_len) { | ||
| 172 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | ||
| 173 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 174 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 175 | return 0; | ||
| 176 | } | ||
| 177 | |||
| 178 | if (timingsafe_memcmp(d, s->s3->previous_client_finished, | ||
| 179 | s->s3->previous_client_finished_len) != 0) { | ||
| 180 | SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, | ||
| 181 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 182 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 183 | return 0; | ||
| 184 | } | ||
| 185 | |||
| 186 | |||
| 187 | s->s3->send_connection_binding = 1; | ||
| 188 | |||
| 189 | return 1; | ||
| 190 | } | ||
| 191 | |||
| 192 | /* Add the server's renegotiation binding */ | ||
| 193 | int | ||
| 194 | ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | ||
| 195 | int maxlen) | ||
| 196 | { | ||
| 197 | if (p) { | ||
| 198 | if ((s->s3->previous_client_finished_len + | ||
| 199 | s->s3->previous_server_finished_len + 1) > maxlen) { | ||
| 200 | SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, | ||
| 201 | SSL_R_RENEGOTIATE_EXT_TOO_LONG); | ||
| 202 | return 0; | ||
| 203 | } | ||
| 204 | |||
| 205 | /* Length byte */ | ||
| 206 | *p = s->s3->previous_client_finished_len + | ||
| 207 | s->s3->previous_server_finished_len; | ||
| 208 | p++; | ||
| 209 | |||
| 210 | memcpy(p, s->s3->previous_client_finished, | ||
| 211 | s->s3->previous_client_finished_len); | ||
| 212 | p += s->s3->previous_client_finished_len; | ||
| 213 | |||
| 214 | memcpy(p, s->s3->previous_server_finished, | ||
| 215 | s->s3->previous_server_finished_len); | ||
| 216 | |||
| 217 | } | ||
| 218 | |||
| 219 | *len = s->s3->previous_client_finished_len + | ||
| 220 | s->s3->previous_server_finished_len + 1; | ||
| 221 | |||
| 222 | return 1; | ||
| 223 | } | ||
| 224 | |||
| 225 | /* Parse the server's renegotiation binding and abort if it's not | ||
| 226 | right */ | ||
| 227 | int | ||
| 228 | ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, | ||
| 229 | int *al) | ||
| 230 | { | ||
| 231 | int expected_len = s->s3->previous_client_finished_len + | ||
| 232 | s->s3->previous_server_finished_len; | ||
| 233 | int ilen; | ||
| 234 | |||
| 235 | /* Check for logic errors */ | ||
| 236 | OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len); | ||
| 237 | OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len); | ||
| 238 | |||
| 239 | /* Parse the length byte */ | ||
| 240 | if (len < 1) { | ||
| 241 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | ||
| 242 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 243 | *al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 244 | return 0; | ||
| 245 | } | ||
| 246 | ilen = *d; | ||
| 247 | d++; | ||
| 248 | |||
| 249 | /* Consistency check */ | ||
| 250 | if (ilen + 1 != len) { | ||
| 251 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | ||
| 252 | SSL_R_RENEGOTIATION_ENCODING_ERR); | ||
| 253 | *al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 254 | return 0; | ||
| 255 | } | ||
| 256 | |||
| 257 | /* Check that the extension matches */ | ||
| 258 | if (ilen != expected_len) { | ||
| 259 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | ||
| 260 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 261 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 262 | return 0; | ||
| 263 | } | ||
| 264 | |||
| 265 | if (timingsafe_memcmp(d, s->s3->previous_client_finished, | ||
| 266 | s->s3->previous_client_finished_len) != 0) { | ||
| 267 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | ||
| 268 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 269 | *al = SSL_AD_HANDSHAKE_FAILURE; | ||
| 270 | return 0; | ||
| 271 | } | ||
| 272 | d += s->s3->previous_client_finished_len; | ||
| 273 | |||
| 274 | if (timingsafe_memcmp(d, s->s3->previous_server_finished, | ||
| 275 | s->s3->previous_server_finished_len)) { | ||
| 276 | SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, | ||
| 277 | SSL_R_RENEGOTIATION_MISMATCH); | ||
| 278 | *al = SSL_AD_ILLEGAL_PARAMETER; | ||
| 279 | return 0; | ||
| 280 | } | ||
| 281 | |||
| 282 | s->s3->send_connection_binding = 1; | ||
| 283 | |||
| 284 | return 1; | ||
| 285 | } | ||
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c deleted file mode 100644 index 3c6ac541f8..0000000000 --- a/src/lib/libssl/t1_srvr.c +++ /dev/null | |||
| @@ -1,194 +0,0 @@ | |||
| 1 | /* $OpenBSD: t1_srvr.c,v 1.18 2015/02/06 08:30:23 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | |||
| 61 | #include "ssl_locl.h" | ||
| 62 | |||
| 63 | #include <openssl/buffer.h> | ||
| 64 | #include <openssl/evp.h> | ||
| 65 | #include <openssl/objects.h> | ||
| 66 | #include <openssl/x509.h> | ||
| 67 | |||
| 68 | static const SSL_METHOD *tls1_get_server_method(int ver); | ||
| 69 | |||
| 70 | const SSL_METHOD TLSv1_server_method_data = { | ||
| 71 | .version = TLS1_VERSION, | ||
| 72 | .ssl_new = tls1_new, | ||
| 73 | .ssl_clear = tls1_clear, | ||
| 74 | .ssl_free = tls1_free, | ||
| 75 | .ssl_accept = ssl3_accept, | ||
| 76 | .ssl_connect = ssl_undefined_function, | ||
| 77 | .ssl_read = ssl3_read, | ||
| 78 | .ssl_peek = ssl3_peek, | ||
| 79 | .ssl_write = ssl3_write, | ||
| 80 | .ssl_shutdown = ssl3_shutdown, | ||
| 81 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 82 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 83 | .ssl_get_message = ssl3_get_message, | ||
| 84 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 85 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 86 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 87 | .ssl_ctrl = ssl3_ctrl, | ||
| 88 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 89 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 90 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 91 | .ssl_pending = ssl3_pending, | ||
| 92 | .num_ciphers = ssl3_num_ciphers, | ||
| 93 | .get_cipher = ssl3_get_cipher, | ||
| 94 | .get_ssl_method = tls1_get_server_method, | ||
| 95 | .get_timeout = tls1_default_timeout, | ||
| 96 | .ssl3_enc = &TLSv1_enc_data, | ||
| 97 | .ssl_version = ssl_undefined_void_function, | ||
| 98 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 99 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 100 | }; | ||
| 101 | |||
| 102 | const SSL_METHOD TLSv1_1_server_method_data = { | ||
| 103 | .version = TLS1_1_VERSION, | ||
| 104 | .ssl_new = tls1_new, | ||
| 105 | .ssl_clear = tls1_clear, | ||
| 106 | .ssl_free = tls1_free, | ||
| 107 | .ssl_accept = ssl3_accept, | ||
| 108 | .ssl_connect = ssl_undefined_function, | ||
| 109 | .ssl_read = ssl3_read, | ||
| 110 | .ssl_peek = ssl3_peek, | ||
| 111 | .ssl_write = ssl3_write, | ||
| 112 | .ssl_shutdown = ssl3_shutdown, | ||
| 113 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 114 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 115 | .ssl_get_message = ssl3_get_message, | ||
| 116 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 117 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 118 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 119 | .ssl_ctrl = ssl3_ctrl, | ||
| 120 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 121 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 122 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 123 | .ssl_pending = ssl3_pending, | ||
| 124 | .num_ciphers = ssl3_num_ciphers, | ||
| 125 | .get_cipher = ssl3_get_cipher, | ||
| 126 | .get_ssl_method = tls1_get_server_method, | ||
| 127 | .get_timeout = tls1_default_timeout, | ||
| 128 | .ssl3_enc = &TLSv1_1_enc_data, | ||
| 129 | .ssl_version = ssl_undefined_void_function, | ||
| 130 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 131 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 132 | }; | ||
| 133 | |||
| 134 | const SSL_METHOD TLSv1_2_server_method_data = { | ||
| 135 | .version = TLS1_2_VERSION, | ||
| 136 | .ssl_new = tls1_new, | ||
| 137 | .ssl_clear = tls1_clear, | ||
| 138 | .ssl_free = tls1_free, | ||
| 139 | .ssl_accept = ssl3_accept, | ||
| 140 | .ssl_connect = ssl_undefined_function, | ||
| 141 | .ssl_read = ssl3_read, | ||
| 142 | .ssl_peek = ssl3_peek, | ||
| 143 | .ssl_write = ssl3_write, | ||
| 144 | .ssl_shutdown = ssl3_shutdown, | ||
| 145 | .ssl_renegotiate = ssl3_renegotiate, | ||
| 146 | .ssl_renegotiate_check = ssl3_renegotiate_check, | ||
| 147 | .ssl_get_message = ssl3_get_message, | ||
| 148 | .ssl_read_bytes = ssl3_read_bytes, | ||
| 149 | .ssl_write_bytes = ssl3_write_bytes, | ||
| 150 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 151 | .ssl_ctrl = ssl3_ctrl, | ||
| 152 | .ssl_ctx_ctrl = ssl3_ctx_ctrl, | ||
| 153 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 154 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 155 | .ssl_pending = ssl3_pending, | ||
| 156 | .num_ciphers = ssl3_num_ciphers, | ||
| 157 | .get_cipher = ssl3_get_cipher, | ||
| 158 | .get_ssl_method = tls1_get_server_method, | ||
| 159 | .get_timeout = tls1_default_timeout, | ||
| 160 | .ssl3_enc = &TLSv1_2_enc_data, | ||
| 161 | .ssl_version = ssl_undefined_void_function, | ||
| 162 | .ssl_callback_ctrl = ssl3_callback_ctrl, | ||
| 163 | .ssl_ctx_callback_ctrl = ssl3_ctx_callback_ctrl, | ||
| 164 | }; | ||
| 165 | |||
| 166 | const SSL_METHOD * | ||
| 167 | TLSv1_server_method(void) | ||
| 168 | { | ||
| 169 | return &TLSv1_server_method_data; | ||
| 170 | } | ||
| 171 | |||
| 172 | const SSL_METHOD * | ||
| 173 | TLSv1_1_server_method(void) | ||
| 174 | { | ||
| 175 | return &TLSv1_1_server_method_data; | ||
| 176 | } | ||
| 177 | |||
| 178 | const SSL_METHOD * | ||
| 179 | TLSv1_2_server_method(void) | ||
| 180 | { | ||
| 181 | return &TLSv1_2_server_method_data; | ||
| 182 | } | ||
| 183 | |||
| 184 | static const SSL_METHOD * | ||
| 185 | tls1_get_server_method(int ver) | ||
| 186 | { | ||
| 187 | if (ver == TLS1_2_VERSION) | ||
| 188 | return (TLSv1_2_server_method()); | ||
| 189 | if (ver == TLS1_1_VERSION) | ||
| 190 | return (TLSv1_1_server_method()); | ||
| 191 | if (ver == TLS1_VERSION) | ||
| 192 | return (TLSv1_server_method()); | ||
| 193 | return (NULL); | ||
| 194 | } | ||
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf deleted file mode 100644 index 109bc8c10b..0000000000 --- a/src/lib/libssl/test/CAss.cnf +++ /dev/null | |||
| @@ -1,76 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | |||
| 6 | RANDFILE = ./.rnd | ||
| 7 | |||
| 8 | #################################################################### | ||
| 9 | [ req ] | ||
| 10 | default_bits = 2048 | ||
| 11 | default_keyfile = keySS.pem | ||
| 12 | distinguished_name = req_distinguished_name | ||
| 13 | encrypt_rsa_key = no | ||
| 14 | default_md = sha1 | ||
| 15 | |||
| 16 | [ req_distinguished_name ] | ||
| 17 | countryName = Country Name (2 letter code) | ||
| 18 | countryName_default = AU | ||
| 19 | countryName_value = AU | ||
| 20 | |||
| 21 | organizationName = Organization Name (eg, company) | ||
| 22 | organizationName_value = Dodgy Brothers | ||
| 23 | |||
| 24 | commonName = Common Name (eg, YOUR name) | ||
| 25 | commonName_value = Dodgy CA | ||
| 26 | |||
| 27 | #################################################################### | ||
| 28 | [ ca ] | ||
| 29 | default_ca = CA_default # The default ca section | ||
| 30 | |||
| 31 | #################################################################### | ||
| 32 | [ CA_default ] | ||
| 33 | |||
| 34 | dir = ./demoCA # Where everything is kept | ||
| 35 | certs = $dir/certs # Where the issued certs are kept | ||
| 36 | crl_dir = $dir/crl # Where the issued crl are kept | ||
| 37 | database = $dir/index.txt # database index file. | ||
| 38 | #unique_subject = no # Set to 'no' to allow creation of | ||
| 39 | # several ctificates with same subject. | ||
| 40 | new_certs_dir = $dir/newcerts # default place for new certs. | ||
| 41 | |||
| 42 | certificate = $dir/cacert.pem # The CA certificate | ||
| 43 | serial = $dir/serial # The current serial number | ||
| 44 | crl = $dir/crl.pem # The current CRL | ||
| 45 | private_key = $dir/private/cakey.pem# The private key | ||
| 46 | RANDFILE = $dir/private/.rand # private random number file | ||
| 47 | |||
| 48 | x509_extensions = v3_ca # The extentions to add to the cert | ||
| 49 | |||
| 50 | name_opt = ca_default # Subject Name options | ||
| 51 | cert_opt = ca_default # Certificate field options | ||
| 52 | |||
| 53 | default_days = 365 # how long to certify for | ||
| 54 | default_crl_days= 30 # how long before next CRL | ||
| 55 | default_md = md5 # which md to use. | ||
| 56 | preserve = no # keep passed DN ordering | ||
| 57 | |||
| 58 | policy = policy_anything | ||
| 59 | |||
| 60 | [ policy_anything ] | ||
| 61 | countryName = optional | ||
| 62 | stateOrProvinceName = optional | ||
| 63 | localityName = optional | ||
| 64 | organizationName = optional | ||
| 65 | organizationalUnitName = optional | ||
| 66 | commonName = supplied | ||
| 67 | emailAddress = optional | ||
| 68 | |||
| 69 | |||
| 70 | |||
| 71 | [ v3_ca ] | ||
| 72 | subjectKeyIdentifier=hash | ||
| 73 | authorityKeyIdentifier=keyid:always,issuer:always | ||
| 74 | basicConstraints = CA:true,pathlen:1 | ||
| 75 | keyUsage = cRLSign, keyCertSign | ||
| 76 | issuerAltName=issuer:copy | ||
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf deleted file mode 100644 index 4e0a908679..0000000000 --- a/src/lib/libssl/test/CAssdh.cnf +++ /dev/null | |||
| @@ -1,24 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | # hacked by iang to do DH certs - CA | ||
| 6 | |||
| 7 | RANDFILE = ./.rnd | ||
| 8 | |||
| 9 | #################################################################### | ||
| 10 | [ req ] | ||
| 11 | distinguished_name = req_distinguished_name | ||
| 12 | encrypt_rsa_key = no | ||
| 13 | |||
| 14 | [ req_distinguished_name ] | ||
| 15 | countryName = Country Name (2 letter code) | ||
| 16 | countryName_default = CU | ||
| 17 | countryName_value = CU | ||
| 18 | |||
| 19 | organizationName = Organization Name (eg, company) | ||
| 20 | organizationName_value = La Junta de la Revolucion | ||
| 21 | |||
| 22 | commonName = Common Name (eg, YOUR name) | ||
| 23 | commonName_value = Junta | ||
| 24 | |||
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf deleted file mode 100644 index a6b4d1810c..0000000000 --- a/src/lib/libssl/test/CAssdsa.cnf +++ /dev/null | |||
| @@ -1,23 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | # hacked by iang to do DSA certs - CA | ||
| 6 | |||
| 7 | RANDFILE = ./.rnd | ||
| 8 | |||
| 9 | #################################################################### | ||
| 10 | [ req ] | ||
| 11 | distinguished_name = req_distinguished_name | ||
| 12 | encrypt_rsa_key = no | ||
| 13 | |||
| 14 | [ req_distinguished_name ] | ||
| 15 | countryName = Country Name (2 letter code) | ||
| 16 | countryName_default = ES | ||
| 17 | countryName_value = ES | ||
| 18 | |||
| 19 | organizationName = Organization Name (eg, company) | ||
| 20 | organizationName_value = Hermanos Locos | ||
| 21 | |||
| 22 | commonName = Common Name (eg, YOUR name) | ||
| 23 | commonName_value = Hermanos Locos CA | ||
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf deleted file mode 100644 index eb24a6dfc0..0000000000 --- a/src/lib/libssl/test/CAssrsa.cnf +++ /dev/null | |||
| @@ -1,24 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | # create RSA certs - CA | ||
| 6 | |||
| 7 | RANDFILE = ./.rnd | ||
| 8 | |||
| 9 | #################################################################### | ||
| 10 | [ req ] | ||
| 11 | distinguished_name = req_distinguished_name | ||
| 12 | encrypt_key = no | ||
| 13 | |||
| 14 | [ req_distinguished_name ] | ||
| 15 | countryName = Country Name (2 letter code) | ||
| 16 | countryName_default = ES | ||
| 17 | countryName_value = ES | ||
| 18 | |||
| 19 | organizationName = Organization Name (eg, company) | ||
| 20 | organizationName_value = Hermanos Locos | ||
| 21 | |||
| 22 | commonName = Common Name (eg, YOUR name) | ||
| 23 | commonName_value = Hermanos Locos CA | ||
| 24 | |||
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf deleted file mode 100644 index f5a275bfc2..0000000000 --- a/src/lib/libssl/test/CAtsa.cnf +++ /dev/null | |||
| @@ -1,163 +0,0 @@ | |||
| 1 | |||
| 2 | # | ||
| 3 | # This config is used by the Time Stamp Authority tests. | ||
| 4 | # | ||
| 5 | |||
| 6 | RANDFILE = ./.rnd | ||
| 7 | |||
| 8 | # Extra OBJECT IDENTIFIER info: | ||
| 9 | oid_section = new_oids | ||
| 10 | |||
| 11 | TSDNSECT = ts_cert_dn | ||
| 12 | INDEX = 1 | ||
| 13 | |||
| 14 | [ new_oids ] | ||
| 15 | |||
| 16 | # Policies used by the TSA tests. | ||
| 17 | tsa_policy1 = 1.2.3.4.1 | ||
| 18 | tsa_policy2 = 1.2.3.4.5.6 | ||
| 19 | tsa_policy3 = 1.2.3.4.5.7 | ||
| 20 | |||
| 21 | #---------------------------------------------------------------------- | ||
| 22 | [ ca ] | ||
| 23 | default_ca = CA_default # The default ca section | ||
| 24 | |||
| 25 | [ CA_default ] | ||
| 26 | |||
| 27 | dir = ./demoCA | ||
| 28 | certs = $dir/certs # Where the issued certs are kept | ||
| 29 | database = $dir/index.txt # database index file. | ||
| 30 | new_certs_dir = $dir/newcerts # default place for new certs. | ||
| 31 | |||
| 32 | certificate = $dir/cacert.pem # The CA certificate | ||
| 33 | serial = $dir/serial # The current serial number | ||
| 34 | private_key = $dir/private/cakey.pem# The private key | ||
| 35 | RANDFILE = $dir/private/.rand # private random number file | ||
| 36 | |||
| 37 | default_days = 365 # how long to certify for | ||
| 38 | default_md = sha1 # which md to use. | ||
| 39 | preserve = no # keep passed DN ordering | ||
| 40 | |||
| 41 | policy = policy_match | ||
| 42 | |||
| 43 | # For the CA policy | ||
| 44 | [ policy_match ] | ||
| 45 | countryName = supplied | ||
| 46 | stateOrProvinceName = supplied | ||
| 47 | organizationName = supplied | ||
| 48 | organizationalUnitName = optional | ||
| 49 | commonName = supplied | ||
| 50 | emailAddress = optional | ||
| 51 | |||
| 52 | #---------------------------------------------------------------------- | ||
| 53 | [ req ] | ||
| 54 | default_bits = 1024 | ||
| 55 | default_md = sha1 | ||
| 56 | distinguished_name = $ENV::TSDNSECT | ||
| 57 | encrypt_rsa_key = no | ||
| 58 | prompt = no | ||
| 59 | # attributes = req_attributes | ||
| 60 | x509_extensions = v3_ca # The extentions to add to the self signed cert | ||
| 61 | |||
| 62 | string_mask = nombstr | ||
| 63 | |||
| 64 | [ ts_ca_dn ] | ||
| 65 | countryName = HU | ||
| 66 | stateOrProvinceName = Budapest | ||
| 67 | localityName = Budapest | ||
| 68 | organizationName = Gov-CA Ltd. | ||
| 69 | commonName = ca1 | ||
| 70 | |||
| 71 | [ ts_cert_dn ] | ||
| 72 | countryName = HU | ||
| 73 | stateOrProvinceName = Budapest | ||
| 74 | localityName = Buda | ||
| 75 | organizationName = Hun-TSA Ltd. | ||
| 76 | commonName = tsa$ENV::INDEX | ||
| 77 | |||
| 78 | [ tsa_cert ] | ||
| 79 | |||
| 80 | # TSA server cert is not a CA cert. | ||
| 81 | basicConstraints=CA:FALSE | ||
| 82 | |||
| 83 | # The following key usage flags are needed for TSA server certificates. | ||
| 84 | keyUsage = nonRepudiation, digitalSignature | ||
| 85 | extendedKeyUsage = critical,timeStamping | ||
| 86 | |||
| 87 | # PKIX recommendations harmless if included in all certificates. | ||
| 88 | subjectKeyIdentifier=hash | ||
| 89 | authorityKeyIdentifier=keyid,issuer:always | ||
| 90 | |||
| 91 | [ non_tsa_cert ] | ||
| 92 | |||
| 93 | # This is not a CA cert and not a TSA cert, either (timeStamping usage missing) | ||
| 94 | basicConstraints=CA:FALSE | ||
| 95 | |||
| 96 | # The following key usage flags are needed for TSA server certificates. | ||
| 97 | keyUsage = nonRepudiation, digitalSignature | ||
| 98 | # timeStamping is not supported by this certificate | ||
| 99 | # extendedKeyUsage = critical,timeStamping | ||
| 100 | |||
| 101 | # PKIX recommendations harmless if included in all certificates. | ||
| 102 | subjectKeyIdentifier=hash | ||
| 103 | authorityKeyIdentifier=keyid,issuer:always | ||
| 104 | |||
| 105 | [ v3_req ] | ||
| 106 | |||
| 107 | # Extensions to add to a certificate request | ||
| 108 | basicConstraints = CA:FALSE | ||
| 109 | keyUsage = nonRepudiation, digitalSignature | ||
| 110 | |||
| 111 | [ v3_ca ] | ||
| 112 | |||
| 113 | # Extensions for a typical CA | ||
| 114 | |||
| 115 | subjectKeyIdentifier=hash | ||
| 116 | authorityKeyIdentifier=keyid:always,issuer:always | ||
| 117 | basicConstraints = critical,CA:true | ||
| 118 | keyUsage = cRLSign, keyCertSign | ||
| 119 | |||
| 120 | #---------------------------------------------------------------------- | ||
| 121 | [ tsa ] | ||
| 122 | |||
| 123 | default_tsa = tsa_config1 # the default TSA section | ||
| 124 | |||
| 125 | [ tsa_config1 ] | ||
| 126 | |||
| 127 | # These are used by the TSA reply generation only. | ||
| 128 | dir = . # TSA root directory | ||
| 129 | serial = $dir/tsa_serial # The current serial number (mandatory) | ||
| 130 | signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate | ||
| 131 | # (optional) | ||
| 132 | certs = $dir/tsaca.pem # Certificate chain to include in reply | ||
| 133 | # (optional) | ||
| 134 | signer_key = $dir/tsa_key1.pem # The TSA private key (optional) | ||
| 135 | |||
| 136 | default_policy = tsa_policy1 # Policy if request did not specify it | ||
| 137 | # (optional) | ||
| 138 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) | ||
| 139 | digests = md5, sha1 # Acceptable message digests (mandatory) | ||
| 140 | accuracy = secs:1, millisecs:500, microsecs:100 # (optional) | ||
| 141 | ordering = yes # Is ordering defined for timestamps? | ||
| 142 | # (optional, default: no) | ||
| 143 | tsa_name = yes # Must the TSA name be included in the reply? | ||
| 144 | # (optional, default: no) | ||
| 145 | ess_cert_id_chain = yes # Must the ESS cert id chain be included? | ||
| 146 | # (optional, default: no) | ||
| 147 | |||
| 148 | [ tsa_config2 ] | ||
| 149 | |||
| 150 | # This configuration uses a certificate which doesn't have timeStamping usage. | ||
| 151 | # These are used by the TSA reply generation only. | ||
| 152 | dir = . # TSA root directory | ||
| 153 | serial = $dir/tsa_serial # The current serial number (mandatory) | ||
| 154 | signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate | ||
| 155 | # (optional) | ||
| 156 | certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply | ||
| 157 | # (optional) | ||
| 158 | signer_key = $dir/tsa_key2.pem # The TSA private key (optional) | ||
| 159 | |||
| 160 | default_policy = tsa_policy1 # Policy if request did not specify it | ||
| 161 | # (optional) | ||
| 162 | other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) | ||
| 163 | digests = md5, sha1 # Acceptable message digests (mandatory) | ||
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf deleted file mode 100644 index 326cce2ba8..0000000000 --- a/src/lib/libssl/test/P1ss.cnf +++ /dev/null | |||
| @@ -1,37 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | |||
| 6 | RANDFILE = ./.rnd | ||
| 7 | |||
| 8 | #################################################################### | ||
| 9 | [ req ] | ||
| 10 | default_bits = 1024 | ||
| 11 | default_keyfile = keySS.pem | ||
| 12 | distinguished_name = req_distinguished_name | ||
| 13 | encrypt_rsa_key = no | ||
| 14 | default_md = md2 | ||
| 15 | |||
| 16 | [ req_distinguished_name ] | ||
| 17 | countryName = Country Name (2 letter code) | ||
| 18 | countryName_default = AU | ||
| 19 | countryName_value = AU | ||
| 20 | |||
| 21 | organizationName = Organization Name (eg, company) | ||
| 22 | organizationName_value = Dodgy Brothers | ||
| 23 | |||
| 24 | 0.commonName = Common Name (eg, YOUR name) | ||
| 25 | 0.commonName_value = Brother 1 | ||
| 26 | |||
| 27 | 1.commonName = Common Name (eg, YOUR name) | ||
| 28 | 1.commonName_value = Brother 2 | ||
| 29 | |||
| 30 | 2.commonName = Common Name (eg, YOUR name) | ||
| 31 | 2.commonName_value = Proxy 1 | ||
| 32 | |||
| 33 | [ v3_proxy ] | ||
| 34 | basicConstraints=CA:FALSE | ||
| 35 | subjectKeyIdentifier=hash | ||
| 36 | authorityKeyIdentifier=keyid,issuer:always | ||
| 37 | proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB | ||
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf deleted file mode 100644 index 8b502321b8..0000000000 --- a/src/lib/libssl/test/P2ss.cnf +++ /dev/null | |||
| @@ -1,45 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | |||
| 6 | RANDFILE = ./.rnd | ||
| 7 | |||
| 8 | #################################################################### | ||
| 9 | [ req ] | ||
| 10 | default_bits = 1024 | ||
| 11 | default_keyfile = keySS.pem | ||
| 12 | distinguished_name = req_distinguished_name | ||
| 13 | encrypt_rsa_key = no | ||
| 14 | default_md = md2 | ||
| 15 | |||
| 16 | [ req_distinguished_name ] | ||
| 17 | countryName = Country Name (2 letter code) | ||
| 18 | countryName_default = AU | ||
| 19 | countryName_value = AU | ||
| 20 | |||
| 21 | organizationName = Organization Name (eg, company) | ||
| 22 | organizationName_value = Dodgy Brothers | ||
| 23 | |||
| 24 | 0.commonName = Common Name (eg, YOUR name) | ||
| 25 | 0.commonName_value = Brother 1 | ||
| 26 | |||
| 27 | 1.commonName = Common Name (eg, YOUR name) | ||
| 28 | 1.commonName_value = Brother 2 | ||
| 29 | |||
| 30 | 2.commonName = Common Name (eg, YOUR name) | ||
| 31 | 2.commonName_value = Proxy 1 | ||
| 32 | |||
| 33 | 3.commonName = Common Name (eg, YOUR name) | ||
| 34 | 3.commonName_value = Proxy 2 | ||
| 35 | |||
| 36 | [ v3_proxy ] | ||
| 37 | basicConstraints=CA:FALSE | ||
| 38 | subjectKeyIdentifier=hash | ||
| 39 | authorityKeyIdentifier=keyid,issuer:always | ||
| 40 | proxyCertInfo=critical,@proxy_ext | ||
| 41 | |||
| 42 | [ proxy_ext ] | ||
| 43 | language=id-ppl-anyLanguage | ||
| 44 | pathlen=0 | ||
| 45 | policy=text:BC | ||
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf deleted file mode 100644 index 8e170a28ef..0000000000 --- a/src/lib/libssl/test/Sssdsa.cnf +++ /dev/null | |||
| @@ -1,27 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | # hacked by iang to do DSA certs - Server | ||
| 6 | |||
| 7 | RANDFILE = ./.rnd | ||
| 8 | |||
| 9 | #################################################################### | ||
| 10 | [ req ] | ||
| 11 | distinguished_name = req_distinguished_name | ||
| 12 | encrypt_rsa_key = no | ||
| 13 | |||
| 14 | [ req_distinguished_name ] | ||
| 15 | countryName = Country Name (2 letter code) | ||
| 16 | countryName_default = ES | ||
| 17 | countryName_value = ES | ||
| 18 | |||
| 19 | organizationName = Organization Name (eg, company) | ||
| 20 | organizationName_value = Tortilleras S.A. | ||
| 21 | |||
| 22 | 0.commonName = Common Name (eg, YOUR name) | ||
| 23 | 0.commonName_value = Torti | ||
| 24 | |||
| 25 | 1.commonName = Common Name (eg, YOUR name) | ||
| 26 | 1.commonName_value = Gordita | ||
| 27 | |||
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf deleted file mode 100644 index 8c79a03fca..0000000000 --- a/src/lib/libssl/test/Sssrsa.cnf +++ /dev/null | |||
| @@ -1,26 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | # create RSA certs - Server | ||
| 6 | |||
| 7 | RANDFILE = ./.rnd | ||
| 8 | |||
| 9 | #################################################################### | ||
| 10 | [ req ] | ||
| 11 | distinguished_name = req_distinguished_name | ||
| 12 | encrypt_key = no | ||
| 13 | |||
| 14 | [ req_distinguished_name ] | ||
| 15 | countryName = Country Name (2 letter code) | ||
| 16 | countryName_default = ES | ||
| 17 | countryName_value = ES | ||
| 18 | |||
| 19 | organizationName = Organization Name (eg, company) | ||
| 20 | organizationName_value = Tortilleras S.A. | ||
| 21 | |||
| 22 | 0.commonName = Common Name (eg, YOUR name) | ||
| 23 | 0.commonName_value = Torti | ||
| 24 | |||
| 25 | 1.commonName = Common Name (eg, YOUR name) | ||
| 26 | 1.commonName_value = Gordita | ||
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf deleted file mode 100644 index 58ac0ca54d..0000000000 --- a/src/lib/libssl/test/Uss.cnf +++ /dev/null | |||
| @@ -1,36 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | |||
| 6 | RANDFILE = ./.rnd | ||
| 7 | |||
| 8 | #################################################################### | ||
| 9 | [ req ] | ||
| 10 | default_bits = 2048 | ||
| 11 | default_keyfile = keySS.pem | ||
| 12 | distinguished_name = req_distinguished_name | ||
| 13 | encrypt_rsa_key = no | ||
| 14 | default_md = sha256 | ||
| 15 | |||
| 16 | [ req_distinguished_name ] | ||
| 17 | countryName = Country Name (2 letter code) | ||
| 18 | countryName_default = AU | ||
| 19 | countryName_value = AU | ||
| 20 | |||
| 21 | organizationName = Organization Name (eg, company) | ||
| 22 | organizationName_value = Dodgy Brothers | ||
| 23 | |||
| 24 | 0.commonName = Common Name (eg, YOUR name) | ||
| 25 | 0.commonName_value = Brother 1 | ||
| 26 | |||
| 27 | 1.commonName = Common Name (eg, YOUR name) | ||
| 28 | 1.commonName_value = Brother 2 | ||
| 29 | |||
| 30 | [ v3_ee ] | ||
| 31 | subjectKeyIdentifier=hash | ||
| 32 | authorityKeyIdentifier=keyid,issuer:always | ||
| 33 | basicConstraints = CA:false | ||
| 34 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
| 35 | issuerAltName=issuer:copy | ||
| 36 | |||
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1 deleted file mode 100644 index 8b13789179..0000000000 --- a/src/lib/libssl/test/VMSca-response.1 +++ /dev/null | |||
| @@ -1 +0,0 @@ | |||
| 1 | |||
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2 deleted file mode 100644 index 9b48ee4cf9..0000000000 --- a/src/lib/libssl/test/VMSca-response.2 +++ /dev/null | |||
| @@ -1,2 +0,0 @@ | |||
| 1 | y | ||
| 2 | y | ||
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c deleted file mode 100755 index 6e6f91f81b..0000000000 --- a/src/lib/libssl/test/asn1test.c +++ /dev/null | |||
| @@ -1,23 +0,0 @@ | |||
| 1 | /* $OpenBSD: asn1test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */ | ||
| 2 | #include <openssl/x509.h> | ||
| 3 | #include <openssl/asn1_mac.h> | ||
| 4 | |||
| 5 | typedef struct X | ||
| 6 | { | ||
| 7 | STACK_OF(X509_EXTENSION) *ext; | ||
| 8 | } X; | ||
| 9 | |||
| 10 | /* This isn't meant to run particularly, it's just to test type checking */ | ||
| 11 | int main(int argc, char **argv) | ||
| 12 | { | ||
| 13 | X *x = NULL; | ||
| 14 | unsigned char **pp = NULL; | ||
| 15 | |||
| 16 | M_ASN1_I2D_vars(x); | ||
| 17 | M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext, | ||
| 18 | i2d_X509_EXTENSION); | ||
| 19 | M_ASN1_I2D_seq_total(); | ||
| 20 | M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext, | ||
| 21 | i2d_X509_EXTENSION); | ||
| 22 | M_ASN1_I2D_finish(); | ||
| 23 | } | ||
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest deleted file mode 100644 index bdb3218f7a..0000000000 --- a/src/lib/libssl/test/bctest +++ /dev/null | |||
| @@ -1,111 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | # This script is used by test/Makefile.ssl to check whether a sane 'bc' | ||
| 4 | # is installed. | ||
| 5 | # ('make test_bn' should not try to run 'bc' if it does not exist or if | ||
| 6 | # it is a broken 'bc' version that is known to cause trouble.) | ||
| 7 | # | ||
| 8 | # If 'bc' works, we also test if it knows the 'print' command. | ||
| 9 | # | ||
| 10 | # In any case, output an appropriate command line for running (or not | ||
| 11 | # running) bc. | ||
| 12 | |||
| 13 | |||
| 14 | IFS=: | ||
| 15 | try_without_dir=true | ||
| 16 | # First we try "bc", then "$dir/bc" for each item in $PATH. | ||
| 17 | for dir in dummy:$PATH; do | ||
| 18 | if [ "$try_without_dir" = true ]; then | ||
| 19 | # first iteration | ||
| 20 | bc=bc | ||
| 21 | try_without_dir=false | ||
| 22 | else | ||
| 23 | # second and later iterations | ||
| 24 | bc="$dir/bc" | ||
| 25 | if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix | ||
| 26 | bc='' | ||
| 27 | fi | ||
| 28 | fi | ||
| 29 | |||
| 30 | if [ ! "$bc" = '' ]; then | ||
| 31 | failure=none | ||
| 32 | |||
| 33 | |||
| 34 | # Test for SunOS 5.[78] bc bug | ||
| 35 | "$bc" >tmp.bctest <<\EOF | ||
| 36 | obase=16 | ||
| 37 | ibase=16 | ||
| 38 | a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ | ||
| 39 | CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ | ||
| 40 | 10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ | ||
| 41 | C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ | ||
| 42 | 3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ | ||
| 43 | 4FC3CADF855448B24A9D7640BCF473E | ||
| 44 | b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ | ||
| 45 | 9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ | ||
| 46 | 8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ | ||
| 47 | 3ED0E2017D60A68775B75481449 | ||
| 48 | (a/b)*b + (a%b) - a | ||
| 49 | EOF | ||
| 50 | if [ 0 != "`cat tmp.bctest`" ]; then | ||
| 51 | failure=SunOStest | ||
| 52 | fi | ||
| 53 | |||
| 54 | |||
| 55 | if [ "$failure" = none ]; then | ||
| 56 | # Test for SCO bc bug. | ||
| 57 | "$bc" >tmp.bctest <<\EOF | ||
| 58 | obase=16 | ||
| 59 | ibase=16 | ||
| 60 | -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ | ||
| 61 | 9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ | ||
| 62 | 11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ | ||
| 63 | 1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ | ||
| 64 | AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ | ||
| 65 | F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ | ||
| 66 | B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ | ||
| 67 | 02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ | ||
| 68 | 85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ | ||
| 69 | A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ | ||
| 70 | E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ | ||
| 71 | 8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ | ||
| 72 | 04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ | ||
| 73 | 89C8D71 | ||
| 74 | AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ | ||
| 75 | 928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ | ||
| 76 | 8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ | ||
| 77 | 37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ | ||
| 78 | E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ | ||
| 79 | F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ | ||
| 80 | 9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ | ||
| 81 | D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ | ||
| 82 | 5296964 | ||
| 83 | EOF | ||
| 84 | if [ "0 | ||
| 85 | 0" != "`cat tmp.bctest`" ]; then | ||
| 86 | failure=SCOtest | ||
| 87 | fi | ||
| 88 | fi | ||
| 89 | |||
| 90 | |||
| 91 | if [ "$failure" = none ]; then | ||
| 92 | # bc works; now check if it knows the 'print' command. | ||
| 93 | if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] | ||
| 94 | then | ||
| 95 | echo "$bc" | ||
| 96 | else | ||
| 97 | echo "sed 's/print.*//' | $bc" | ||
| 98 | fi | ||
| 99 | exit 0 | ||
| 100 | fi | ||
| 101 | |||
| 102 | echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 | ||
| 103 | fi | ||
| 104 | done | ||
| 105 | |||
| 106 | echo "No working bc found. Consider installing GNU bc." >&2 | ||
| 107 | if [ "$1" = ignore ]; then | ||
| 108 | echo "cat >/dev/null" | ||
| 109 | exit 0 | ||
| 110 | fi | ||
| 111 | exit 1 | ||
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl deleted file mode 100644 index 2e95b48ba4..0000000000 --- a/src/lib/libssl/test/cms-examples.pl +++ /dev/null | |||
| @@ -1,409 +0,0 @@ | |||
| 1 | # test/cms-examples.pl | ||
| 2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | # project. | ||
| 4 | # | ||
| 5 | # ==================================================================== | ||
| 6 | # Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
| 7 | # | ||
| 8 | # Redistribution and use in source and binary forms, with or without | ||
| 9 | # modification, are permitted provided that the following conditions | ||
| 10 | # are met: | ||
| 11 | # | ||
| 12 | # 1. Redistributions of source code must retain the above copyright | ||
| 13 | # notice, this list of conditions and the following disclaimer. | ||
| 14 | # | ||
| 15 | # 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | # notice, this list of conditions and the following disclaimer in | ||
| 17 | # the documentation and/or other materials provided with the | ||
| 18 | # distribution. | ||
| 19 | # | ||
| 20 | # 3. All advertising materials mentioning features or use of this | ||
| 21 | # software must display the following acknowledgment: | ||
| 22 | # "This product includes software developed by the OpenSSL Project | ||
| 23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | # | ||
| 25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | # endorse or promote products derived from this software without | ||
| 27 | # prior written permission. For written permission, please contact | ||
| 28 | # licensing@OpenSSL.org. | ||
| 29 | # | ||
| 30 | # 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | # nor may "OpenSSL" appear in their names without prior written | ||
| 32 | # permission of the OpenSSL Project. | ||
| 33 | # | ||
| 34 | # 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | # acknowledgment: | ||
| 36 | # "This product includes software developed by the OpenSSL Project | ||
| 37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | # | ||
| 39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | # ==================================================================== | ||
| 52 | |||
| 53 | # Perl script to run tests against S/MIME examples in RFC4134 | ||
| 54 | # Assumes RFC is in current directory and called "rfc4134.txt" | ||
| 55 | |||
| 56 | use MIME::Base64; | ||
| 57 | |||
| 58 | my $badttest = 0; | ||
| 59 | my $verbose = 1; | ||
| 60 | |||
| 61 | my $cmscmd; | ||
| 62 | my $exdir = "./"; | ||
| 63 | my $exfile = "./rfc4134.txt"; | ||
| 64 | |||
| 65 | if (-f "../apps/openssl") | ||
| 66 | { | ||
| 67 | $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; | ||
| 68 | } | ||
| 69 | elsif (-f "..\\out32dll\\openssl.exe") | ||
| 70 | { | ||
| 71 | $cmscmd = "..\\out32dll\\openssl.exe cms"; | ||
| 72 | } | ||
| 73 | elsif (-f "..\\out32\\openssl.exe") | ||
| 74 | { | ||
| 75 | $cmscmd = "..\\out32\\openssl.exe cms"; | ||
| 76 | } | ||
| 77 | |||
| 78 | my @test_list = ( | ||
| 79 | [ "3.1.bin" => "dataout" ], | ||
| 80 | [ "3.2.bin" => "encode, dataout" ], | ||
| 81 | [ "4.1.bin" => "encode, verifyder, cont, dss" ], | ||
| 82 | [ "4.2.bin" => "encode, verifyder, cont, rsa" ], | ||
| 83 | [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], | ||
| 84 | [ "4.4.bin" => "encode, verifyder, cont, dss" ], | ||
| 85 | [ "4.5.bin" => "verifyder, cont, rsa" ], | ||
| 86 | [ "4.6.bin" => "encode, verifyder, cont, dss" ], | ||
| 87 | [ "4.7.bin" => "encode, verifyder, cont, dss" ], | ||
| 88 | [ "4.8.eml" => "verifymime, dss" ], | ||
| 89 | [ "4.9.eml" => "verifymime, dss" ], | ||
| 90 | [ "4.10.bin" => "encode, verifyder, cont, dss" ], | ||
| 91 | [ "4.11.bin" => "encode, certsout" ], | ||
| 92 | [ "5.1.bin" => "encode, envelopeder, cont" ], | ||
| 93 | [ "5.2.bin" => "encode, envelopeder, cont" ], | ||
| 94 | [ "5.3.eml" => "envelopemime, cont" ], | ||
| 95 | [ "6.0.bin" => "encode, digest, cont" ], | ||
| 96 | [ "7.1.bin" => "encode, encrypted, cont" ], | ||
| 97 | [ "7.2.bin" => "encode, encrypted, cont" ] | ||
| 98 | ); | ||
| 99 | |||
| 100 | # Extract examples from RFC4134 text. | ||
| 101 | # Base64 decode all examples, certificates and | ||
| 102 | # private keys are converted to PEM format. | ||
| 103 | |||
| 104 | my ( $filename, $data ); | ||
| 105 | |||
| 106 | my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); | ||
| 107 | |||
| 108 | $data = ""; | ||
| 109 | |||
| 110 | open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; | ||
| 111 | |||
| 112 | while (<IN>) { | ||
| 113 | next unless (/^\|/); | ||
| 114 | s/^\|//; | ||
| 115 | next if (/^\*/); | ||
| 116 | if (/^>(.*)$/) { | ||
| 117 | $filename = $1; | ||
| 118 | next; | ||
| 119 | } | ||
| 120 | if (/^</) { | ||
| 121 | $filename = "$exdir/$filename"; | ||
| 122 | if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) { | ||
| 123 | $data = decode_base64($data); | ||
| 124 | open OUT, ">$filename"; | ||
| 125 | binmode OUT; | ||
| 126 | print OUT $data; | ||
| 127 | close OUT; | ||
| 128 | push @cleanup, $filename; | ||
| 129 | } | ||
| 130 | elsif ( $filename =~ /\.cer$/ ) { | ||
| 131 | write_pem( $filename, "CERTIFICATE", $data ); | ||
| 132 | } | ||
| 133 | elsif ( $filename =~ /\.pri$/ ) { | ||
| 134 | write_pem( $filename, "PRIVATE KEY", $data ); | ||
| 135 | } | ||
| 136 | $data = ""; | ||
| 137 | $filename = ""; | ||
| 138 | } | ||
| 139 | else { | ||
| 140 | $data .= $_; | ||
| 141 | } | ||
| 142 | |||
| 143 | } | ||
| 144 | |||
| 145 | my $secretkey = | ||
| 146 | "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; | ||
| 147 | |||
| 148 | foreach (@test_list) { | ||
| 149 | my ( $file, $tlist ) = @$_; | ||
| 150 | print "Example file $file:\n"; | ||
| 151 | if ( $tlist =~ /encode/ ) { | ||
| 152 | run_reencode_test( $exdir, $file ); | ||
| 153 | } | ||
| 154 | if ( $tlist =~ /certsout/ ) { | ||
| 155 | run_certsout_test( $exdir, $file ); | ||
| 156 | } | ||
| 157 | if ( $tlist =~ /dataout/ ) { | ||
| 158 | run_dataout_test( $exdir, $file ); | ||
| 159 | } | ||
| 160 | if ( $tlist =~ /verify/ ) { | ||
| 161 | run_verify_test( $exdir, $tlist, $file ); | ||
| 162 | } | ||
| 163 | if ( $tlist =~ /digest/ ) { | ||
| 164 | run_digest_test( $exdir, $tlist, $file ); | ||
| 165 | } | ||
| 166 | if ( $tlist =~ /encrypted/ ) { | ||
| 167 | run_encrypted_test( $exdir, $tlist, $file, $secretkey ); | ||
| 168 | } | ||
| 169 | if ( $tlist =~ /envelope/ ) { | ||
| 170 | run_envelope_test( $exdir, $tlist, $file ); | ||
| 171 | } | ||
| 172 | |||
| 173 | } | ||
| 174 | |||
| 175 | foreach (@cleanup) { | ||
| 176 | unlink $_; | ||
| 177 | } | ||
| 178 | |||
| 179 | if ($badtest) { | ||
| 180 | print "\n$badtest TESTS FAILED!!\n"; | ||
| 181 | } | ||
| 182 | else { | ||
| 183 | print "\n***All tests successful***\n"; | ||
| 184 | } | ||
| 185 | |||
| 186 | sub write_pem { | ||
| 187 | my ( $filename, $str, $data ) = @_; | ||
| 188 | |||
| 189 | $filename =~ s/\.[^.]*$/.pem/; | ||
| 190 | |||
| 191 | push @cleanup, $filename; | ||
| 192 | |||
| 193 | open OUT, ">$filename"; | ||
| 194 | |||
| 195 | print OUT "-----BEGIN $str-----\n"; | ||
| 196 | print OUT $data; | ||
| 197 | print OUT "-----END $str-----\n"; | ||
| 198 | |||
| 199 | close OUT; | ||
| 200 | } | ||
| 201 | |||
| 202 | sub run_reencode_test { | ||
| 203 | my ( $cmsdir, $tfile ) = @_; | ||
| 204 | unlink "tmp.der"; | ||
| 205 | |||
| 206 | system( "$cmscmd -cmsout -inform DER -outform DER" | ||
| 207 | . " -in $cmsdir/$tfile -out tmp.der" ); | ||
| 208 | |||
| 209 | if ($?) { | ||
| 210 | print "\tReencode command FAILED!!\n"; | ||
| 211 | $badtest++; | ||
| 212 | } | ||
| 213 | elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { | ||
| 214 | print "\tReencode FAILED!!\n"; | ||
| 215 | $badtest++; | ||
| 216 | } | ||
| 217 | else { | ||
| 218 | print "\tReencode passed\n" if $verbose; | ||
| 219 | } | ||
| 220 | } | ||
| 221 | |||
| 222 | sub run_certsout_test { | ||
| 223 | my ( $cmsdir, $tfile ) = @_; | ||
| 224 | unlink "tmp.der"; | ||
| 225 | unlink "tmp.pem"; | ||
| 226 | |||
| 227 | system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" | ||
| 228 | . " -in $cmsdir/$tfile -out tmp.der" ); | ||
| 229 | |||
| 230 | if ($?) { | ||
| 231 | print "\tCertificate output command FAILED!!\n"; | ||
| 232 | $badtest++; | ||
| 233 | } | ||
| 234 | else { | ||
| 235 | print "\tCertificate output passed\n" if $verbose; | ||
| 236 | } | ||
| 237 | } | ||
| 238 | |||
| 239 | sub run_dataout_test { | ||
| 240 | my ( $cmsdir, $tfile ) = @_; | ||
| 241 | unlink "tmp.txt"; | ||
| 242 | |||
| 243 | system( | ||
| 244 | "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); | ||
| 245 | |||
| 246 | if ($?) { | ||
| 247 | print "\tDataout command FAILED!!\n"; | ||
| 248 | $badtest++; | ||
| 249 | } | ||
| 250 | elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { | ||
| 251 | print "\tDataout compare FAILED!!\n"; | ||
| 252 | $badtest++; | ||
| 253 | } | ||
| 254 | else { | ||
| 255 | print "\tDataout passed\n" if $verbose; | ||
| 256 | } | ||
| 257 | } | ||
| 258 | |||
| 259 | sub run_verify_test { | ||
| 260 | my ( $cmsdir, $tlist, $tfile ) = @_; | ||
| 261 | unlink "tmp.txt"; | ||
| 262 | |||
| 263 | $form = "DER" if $tlist =~ /verifyder/; | ||
| 264 | $form = "SMIME" if $tlist =~ /verifymime/; | ||
| 265 | $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; | ||
| 266 | $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; | ||
| 267 | |||
| 268 | $cmd = | ||
| 269 | "$cmscmd -verify -inform $form" | ||
| 270 | . " -CAfile $cafile" | ||
| 271 | . " -in $cmsdir/$tfile -out tmp.txt"; | ||
| 272 | |||
| 273 | $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; | ||
| 274 | |||
| 275 | system("$cmd 2>cms.err 1>cms.out"); | ||
| 276 | |||
| 277 | if ($?) { | ||
| 278 | print "\tVerify command FAILED!!\n"; | ||
| 279 | $badtest++; | ||
| 280 | } | ||
| 281 | elsif ( $tlist =~ /cont/ | ||
| 282 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
| 283 | { | ||
| 284 | print "\tVerify content compare FAILED!!\n"; | ||
| 285 | $badtest++; | ||
| 286 | } | ||
| 287 | else { | ||
| 288 | print "\tVerify passed\n" if $verbose; | ||
| 289 | } | ||
| 290 | } | ||
| 291 | |||
| 292 | sub run_envelope_test { | ||
| 293 | my ( $cmsdir, $tlist, $tfile ) = @_; | ||
| 294 | unlink "tmp.txt"; | ||
| 295 | |||
| 296 | $form = "DER" if $tlist =~ /envelopeder/; | ||
| 297 | $form = "SMIME" if $tlist =~ /envelopemime/; | ||
| 298 | |||
| 299 | $cmd = | ||
| 300 | "$cmscmd -decrypt -inform $form" | ||
| 301 | . " -recip $cmsdir/BobRSASignByCarl.pem" | ||
| 302 | . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" | ||
| 303 | . " -in $cmsdir/$tfile -out tmp.txt"; | ||
| 304 | |||
| 305 | system("$cmd 2>cms.err 1>cms.out"); | ||
| 306 | |||
| 307 | if ($?) { | ||
| 308 | print "\tDecrypt command FAILED!!\n"; | ||
| 309 | $badtest++; | ||
| 310 | } | ||
| 311 | elsif ( $tlist =~ /cont/ | ||
| 312 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
| 313 | { | ||
| 314 | print "\tDecrypt content compare FAILED!!\n"; | ||
| 315 | $badtest++; | ||
| 316 | } | ||
| 317 | else { | ||
| 318 | print "\tDecrypt passed\n" if $verbose; | ||
| 319 | } | ||
| 320 | } | ||
| 321 | |||
| 322 | sub run_digest_test { | ||
| 323 | my ( $cmsdir, $tlist, $tfile ) = @_; | ||
| 324 | unlink "tmp.txt"; | ||
| 325 | |||
| 326 | my $cmd = | ||
| 327 | "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; | ||
| 328 | |||
| 329 | system("$cmd 2>cms.err 1>cms.out"); | ||
| 330 | |||
| 331 | if ($?) { | ||
| 332 | print "\tDigest verify command FAILED!!\n"; | ||
| 333 | $badtest++; | ||
| 334 | } | ||
| 335 | elsif ( $tlist =~ /cont/ | ||
| 336 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
| 337 | { | ||
| 338 | print "\tDigest verify content compare FAILED!!\n"; | ||
| 339 | $badtest++; | ||
| 340 | } | ||
| 341 | else { | ||
| 342 | print "\tDigest verify passed\n" if $verbose; | ||
| 343 | } | ||
| 344 | } | ||
| 345 | |||
| 346 | sub run_encrypted_test { | ||
| 347 | my ( $cmsdir, $tlist, $tfile, $key ) = @_; | ||
| 348 | unlink "tmp.txt"; | ||
| 349 | |||
| 350 | system( "$cmscmd -EncryptedData_decrypt -inform DER" | ||
| 351 | . " -secretkey $key" | ||
| 352 | . " -in $cmsdir/$tfile -out tmp.txt" ); | ||
| 353 | |||
| 354 | if ($?) { | ||
| 355 | print "\tEncrypted Data command FAILED!!\n"; | ||
| 356 | $badtest++; | ||
| 357 | } | ||
| 358 | elsif ( $tlist =~ /cont/ | ||
| 359 | && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) | ||
| 360 | { | ||
| 361 | print "\tEncrypted Data content compare FAILED!!\n"; | ||
| 362 | $badtest++; | ||
| 363 | } | ||
| 364 | else { | ||
| 365 | print "\tEncryptedData verify passed\n" if $verbose; | ||
| 366 | } | ||
| 367 | } | ||
| 368 | |||
| 369 | sub cmp_files { | ||
| 370 | my ( $f1, $f2 ) = @_; | ||
| 371 | my ( $fp1, $fp2 ); | ||
| 372 | |||
| 373 | my ( $rd1, $rd2 ); | ||
| 374 | |||
| 375 | if ( !open( $fp1, "<$f1" ) ) { | ||
| 376 | print STDERR "Can't Open file $f1\n"; | ||
| 377 | return 0; | ||
| 378 | } | ||
| 379 | |||
| 380 | if ( !open( $fp2, "<$f2" ) ) { | ||
| 381 | print STDERR "Can't Open file $f2\n"; | ||
| 382 | return 0; | ||
| 383 | } | ||
| 384 | |||
| 385 | binmode $fp1; | ||
| 386 | binmode $fp2; | ||
| 387 | |||
| 388 | my $ret = 0; | ||
| 389 | |||
| 390 | for ( ; ; ) { | ||
| 391 | $n1 = sysread $fp1, $rd1, 4096; | ||
| 392 | $n2 = sysread $fp2, $rd2, 4096; | ||
| 393 | last if ( $n1 != $n2 ); | ||
| 394 | last if ( $rd1 ne $rd2 ); | ||
| 395 | |||
| 396 | if ( $n1 == 0 ) { | ||
| 397 | $ret = 1; | ||
| 398 | last; | ||
| 399 | } | ||
| 400 | |||
| 401 | } | ||
| 402 | |||
| 403 | close $fp1; | ||
| 404 | close $fp2; | ||
| 405 | |||
| 406 | return $ret; | ||
| 407 | |||
| 408 | } | ||
| 409 | |||
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl deleted file mode 100644 index dfef799be2..0000000000 --- a/src/lib/libssl/test/cms-test.pl +++ /dev/null | |||
| @@ -1,459 +0,0 @@ | |||
| 1 | # test/cms-test.pl | ||
| 2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | # project. | ||
| 4 | # | ||
| 5 | # ==================================================================== | ||
| 6 | # Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
| 7 | # | ||
| 8 | # Redistribution and use in source and binary forms, with or without | ||
| 9 | # modification, are permitted provided that the following conditions | ||
| 10 | # are met: | ||
| 11 | # | ||
| 12 | # 1. Redistributions of source code must retain the above copyright | ||
| 13 | # notice, this list of conditions and the following disclaimer. | ||
| 14 | # | ||
| 15 | # 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | # notice, this list of conditions and the following disclaimer in | ||
| 17 | # the documentation and/or other materials provided with the | ||
| 18 | # distribution. | ||
| 19 | # | ||
| 20 | # 3. All advertising materials mentioning features or use of this | ||
| 21 | # software must display the following acknowledgment: | ||
| 22 | # "This product includes software developed by the OpenSSL Project | ||
| 23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | # | ||
| 25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | # endorse or promote products derived from this software without | ||
| 27 | # prior written permission. For written permission, please contact | ||
| 28 | # licensing@OpenSSL.org. | ||
| 29 | # | ||
| 30 | # 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | # nor may "OpenSSL" appear in their names without prior written | ||
| 32 | # permission of the OpenSSL Project. | ||
| 33 | # | ||
| 34 | # 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | # acknowledgment: | ||
| 36 | # "This product includes software developed by the OpenSSL Project | ||
| 37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | # | ||
| 39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | # ==================================================================== | ||
| 52 | |||
| 53 | # CMS, PKCS7 consistency test script. Run extensive tests on | ||
| 54 | # OpenSSL PKCS#7 and CMS implementations. | ||
| 55 | |||
| 56 | my $ossl_path; | ||
| 57 | my $redir = " 2> cms.err > cms.out"; | ||
| 58 | # Make VMS work | ||
| 59 | if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { | ||
| 60 | $ossl_path = "pipe mcr OSSLX:openssl"; | ||
| 61 | } | ||
| 62 | # Make MSYS work | ||
| 63 | elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { | ||
| 64 | $ossl_path = "cmd /c ..\\apps\\openssl"; | ||
| 65 | } | ||
| 66 | elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { | ||
| 67 | $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; | ||
| 68 | } | ||
| 69 | elsif ( -f "..\\out32dll\\openssl.exe" ) { | ||
| 70 | $ossl_path = "..\\out32dll\\openssl.exe"; | ||
| 71 | } | ||
| 72 | elsif ( -f "..\\out32\\openssl.exe" ) { | ||
| 73 | $ossl_path = "..\\out32\\openssl.exe"; | ||
| 74 | } | ||
| 75 | else { | ||
| 76 | die "Can't find OpenSSL executable"; | ||
| 77 | } | ||
| 78 | |||
| 79 | my $pk7cmd = "$ossl_path smime "; | ||
| 80 | my $cmscmd = "$ossl_path cms "; | ||
| 81 | my $smdir = "smime-certs"; | ||
| 82 | my $halt_err = 1; | ||
| 83 | |||
| 84 | my $badcmd = 0; | ||
| 85 | my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; | ||
| 86 | |||
| 87 | my @smime_pkcs7_tests = ( | ||
| 88 | |||
| 89 | [ | ||
| 90 | "signed content DER format, RSA key", | ||
| 91 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
| 92 | . " -certfile $smdir/smroot.pem" | ||
| 93 | . " -signer $smdir/smrsa1.pem -out test.cms", | ||
| 94 | "-verify -in test.cms -inform \"DER\" " | ||
| 95 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 96 | ], | ||
| 97 | |||
| 98 | [ | ||
| 99 | "signed detached content DER format, RSA key", | ||
| 100 | "-sign -in smcont.txt -outform \"DER\"" | ||
| 101 | . " -signer $smdir/smrsa1.pem -out test.cms", | ||
| 102 | "-verify -in test.cms -inform \"DER\" " | ||
| 103 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
| 104 | ], | ||
| 105 | |||
| 106 | [ | ||
| 107 | "signed content test streaming BER format, RSA", | ||
| 108 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
| 109 | . " -stream -signer $smdir/smrsa1.pem -out test.cms", | ||
| 110 | "-verify -in test.cms -inform \"DER\" " | ||
| 111 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 112 | ], | ||
| 113 | |||
| 114 | [ | ||
| 115 | "signed content DER format, DSA key", | ||
| 116 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
| 117 | . " -signer $smdir/smdsa1.pem -out test.cms", | ||
| 118 | "-verify -in test.cms -inform \"DER\" " | ||
| 119 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 120 | ], | ||
| 121 | |||
| 122 | [ | ||
| 123 | "signed detached content DER format, DSA key", | ||
| 124 | "-sign -in smcont.txt -outform \"DER\"" | ||
| 125 | . " -signer $smdir/smdsa1.pem -out test.cms", | ||
| 126 | "-verify -in test.cms -inform \"DER\" " | ||
| 127 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
| 128 | ], | ||
| 129 | |||
| 130 | [ | ||
| 131 | "signed detached content DER format, add RSA signer", | ||
| 132 | "-resign -inform \"DER\" -in test.cms -outform \"DER\"" | ||
| 133 | . " -signer $smdir/smrsa1.pem -out test2.cms", | ||
| 134 | "-verify -in test2.cms -inform \"DER\" " | ||
| 135 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
| 136 | ], | ||
| 137 | |||
| 138 | [ | ||
| 139 | "signed content test streaming BER format, DSA key", | ||
| 140 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
| 141 | . " -stream -signer $smdir/smdsa1.pem -out test.cms", | ||
| 142 | "-verify -in test.cms -inform \"DER\" " | ||
| 143 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 144 | ], | ||
| 145 | |||
| 146 | [ | ||
| 147 | "signed content test streaming BER format, 2 DSA and 2 RSA keys", | ||
| 148 | "-sign -in smcont.txt -outform \"DER\" -nodetach" | ||
| 149 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
| 150 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
| 151 | . " -stream -out test.cms", | ||
| 152 | "-verify -in test.cms -inform \"DER\" " | ||
| 153 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 154 | ], | ||
| 155 | |||
| 156 | [ | ||
| 157 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", | ||
| 158 | "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" | ||
| 159 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
| 160 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
| 161 | . " -stream -out test.cms", | ||
| 162 | "-verify -in test.cms -inform \"DER\" " | ||
| 163 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 164 | ], | ||
| 165 | |||
| 166 | [ | ||
| 167 | "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", | ||
| 168 | "-sign -in smcont.txt -nodetach" | ||
| 169 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
| 170 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
| 171 | . " -stream -out test.cms", | ||
| 172 | "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 173 | ], | ||
| 174 | |||
| 175 | [ | ||
| 176 | "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", | ||
| 177 | "-sign -in smcont.txt" | ||
| 178 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
| 179 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
| 180 | . " -stream -out test.cms", | ||
| 181 | "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 182 | ], | ||
| 183 | |||
| 184 | [ | ||
| 185 | "enveloped content test streaming S/MIME format, 3 recipients", | ||
| 186 | "-encrypt -in smcont.txt" | ||
| 187 | . " -stream -out test.cms" | ||
| 188 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
| 189 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
| 190 | ], | ||
| 191 | |||
| 192 | [ | ||
| 193 | "enveloped content test streaming S/MIME format, 3 recipients, 3rd used", | ||
| 194 | "-encrypt -in smcont.txt" | ||
| 195 | . " -stream -out test.cms" | ||
| 196 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
| 197 | "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" | ||
| 198 | ], | ||
| 199 | |||
| 200 | [ | ||
| 201 | "enveloped content test streaming S/MIME format, 3 recipients, key only used", | ||
| 202 | "-encrypt -in smcont.txt" | ||
| 203 | . " -stream -out test.cms" | ||
| 204 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
| 205 | "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" | ||
| 206 | ], | ||
| 207 | |||
| 208 | [ | ||
| 209 | "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", | ||
| 210 | "-encrypt -in smcont.txt" | ||
| 211 | . " -aes256 -stream -out test.cms" | ||
| 212 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
| 213 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
| 214 | ], | ||
| 215 | |||
| 216 | ); | ||
| 217 | |||
| 218 | my @smime_cms_tests = ( | ||
| 219 | |||
| 220 | [ | ||
| 221 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", | ||
| 222 | "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" | ||
| 223 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
| 224 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
| 225 | . " -stream -out test.cms", | ||
| 226 | "-verify -in test.cms -inform \"DER\" " | ||
| 227 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 228 | ], | ||
| 229 | |||
| 230 | [ | ||
| 231 | "signed content test streaming PEM format, 2 DSA and 2 RSA keys", | ||
| 232 | "-sign -in smcont.txt -outform PEM -nodetach" | ||
| 233 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
| 234 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
| 235 | . " -stream -out test.cms", | ||
| 236 | "-verify -in test.cms -inform PEM " | ||
| 237 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 238 | ], | ||
| 239 | |||
| 240 | [ | ||
| 241 | "signed content MIME format, RSA key, signed receipt request", | ||
| 242 | "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" | ||
| 243 | . " -receipt_request_to test\@openssl.org -receipt_request_all" | ||
| 244 | . " -out test.cms", | ||
| 245 | "-verify -in test.cms " | ||
| 246 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | ||
| 247 | ], | ||
| 248 | |||
| 249 | [ | ||
| 250 | "signed receipt MIME format, RSA key", | ||
| 251 | "-sign_receipt -in test.cms" | ||
| 252 | . " -signer $smdir/smrsa2.pem" | ||
| 253 | . " -out test2.cms", | ||
| 254 | "-verify_receipt test2.cms -in test.cms" | ||
| 255 | . " \"-CAfile\" $smdir/smroot.pem" | ||
| 256 | ], | ||
| 257 | |||
| 258 | [ | ||
| 259 | "enveloped content test streaming S/MIME format, 3 recipients, keyid", | ||
| 260 | "-encrypt -in smcont.txt" | ||
| 261 | . " -stream -out test.cms -keyid" | ||
| 262 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
| 263 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
| 264 | ], | ||
| 265 | |||
| 266 | [ | ||
| 267 | "enveloped content test streaming PEM format, KEK", | ||
| 268 | "-encrypt -in smcont.txt -outform PEM -aes128" | ||
| 269 | . " -stream -out test.cms " | ||
| 270 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
| 271 | . " -secretkeyid C0FEE0", | ||
| 272 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | ||
| 273 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
| 274 | . " -secretkeyid C0FEE0" | ||
| 275 | ], | ||
| 276 | |||
| 277 | [ | ||
| 278 | "enveloped content test streaming PEM format, KEK, key only", | ||
| 279 | "-encrypt -in smcont.txt -outform PEM -aes128" | ||
| 280 | . " -stream -out test.cms " | ||
| 281 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
| 282 | . " -secretkeyid C0FEE0", | ||
| 283 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | ||
| 284 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
| 285 | ], | ||
| 286 | |||
| 287 | [ | ||
| 288 | "data content test streaming PEM format", | ||
| 289 | "-data_create -in smcont.txt -outform PEM -nodetach" | ||
| 290 | . " -stream -out test.cms", | ||
| 291 | "-data_out -in test.cms -inform PEM -out smtst.txt" | ||
| 292 | ], | ||
| 293 | |||
| 294 | [ | ||
| 295 | "encrypted content test streaming PEM format, 128 bit RC2 key", | ||
| 296 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
| 297 | . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" | ||
| 298 | . " -stream -out test.cms", | ||
| 299 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
| 300 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" | ||
| 301 | ], | ||
| 302 | |||
| 303 | [ | ||
| 304 | "encrypted content test streaming PEM format, 40 bit RC2 key", | ||
| 305 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
| 306 | . " -rc2 -secretkey 0001020304" | ||
| 307 | . " -stream -out test.cms", | ||
| 308 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
| 309 | . " -secretkey 0001020304 -out smtst.txt" | ||
| 310 | ], | ||
| 311 | |||
| 312 | [ | ||
| 313 | "encrypted content test streaming PEM format, triple DES key", | ||
| 314 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
| 315 | . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" | ||
| 316 | . " -stream -out test.cms", | ||
| 317 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
| 318 | . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" | ||
| 319 | . " -out smtst.txt" | ||
| 320 | ], | ||
| 321 | |||
| 322 | [ | ||
| 323 | "encrypted content test streaming PEM format, 128 bit AES key", | ||
| 324 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" | ||
| 325 | . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" | ||
| 326 | . " -stream -out test.cms", | ||
| 327 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " | ||
| 328 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" | ||
| 329 | ], | ||
| 330 | |||
| 331 | ); | ||
| 332 | |||
| 333 | my @smime_cms_comp_tests = ( | ||
| 334 | |||
| 335 | [ | ||
| 336 | "compressed content test streaming PEM format", | ||
| 337 | "-compress -in smcont.txt -outform PEM -nodetach" | ||
| 338 | . " -stream -out test.cms", | ||
| 339 | "-uncompress -in test.cms -inform PEM -out smtst.txt" | ||
| 340 | ] | ||
| 341 | |||
| 342 | ); | ||
| 343 | |||
| 344 | print "CMS => PKCS#7 compatibility tests\n"; | ||
| 345 | |||
| 346 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); | ||
| 347 | |||
| 348 | print "CMS <= PKCS#7 compatibility tests\n"; | ||
| 349 | |||
| 350 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); | ||
| 351 | |||
| 352 | print "CMS <=> CMS consistency tests\n"; | ||
| 353 | |||
| 354 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); | ||
| 355 | run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); | ||
| 356 | |||
| 357 | if ( `$ossl_path version -f` =~ /ZLIB/ ) { | ||
| 358 | run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); | ||
| 359 | } | ||
| 360 | else { | ||
| 361 | print "Zlib not supported: compression tests skipped\n"; | ||
| 362 | } | ||
| 363 | |||
| 364 | print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); | ||
| 365 | |||
| 366 | if ($badcmd) { | ||
| 367 | print "$badcmd TESTS FAILED!!\n"; | ||
| 368 | } | ||
| 369 | else { | ||
| 370 | print "ALL TESTS SUCCESSFUL.\n"; | ||
| 371 | } | ||
| 372 | |||
| 373 | unlink "test.cms"; | ||
| 374 | unlink "test2.cms"; | ||
| 375 | unlink "smtst.txt"; | ||
| 376 | unlink "cms.out"; | ||
| 377 | unlink "cms.err"; | ||
| 378 | |||
| 379 | sub run_smime_tests { | ||
| 380 | my ( $rv, $aref, $scmd, $vcmd ) = @_; | ||
| 381 | |||
| 382 | foreach $smtst (@$aref) { | ||
| 383 | my ( $tnam, $rscmd, $rvcmd ) = @$smtst; | ||
| 384 | if ($ossl8) | ||
| 385 | { | ||
| 386 | # Skip smime resign: 0.9.8 smime doesn't support -resign | ||
| 387 | next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); | ||
| 388 | # Disable streaming: option not supported in 0.9.8 | ||
| 389 | $tnam =~ s/streaming//; | ||
| 390 | $rscmd =~ s/-stream//; | ||
| 391 | $rvcmd =~ s/-stream//; | ||
| 392 | } | ||
| 393 | system("$scmd$rscmd$redir"); | ||
| 394 | if ($?) { | ||
| 395 | print "$tnam: generation error\n"; | ||
| 396 | $$rv++; | ||
| 397 | exit 1 if $halt_err; | ||
| 398 | next; | ||
| 399 | } | ||
| 400 | system("$vcmd$rvcmd$redir"); | ||
| 401 | if ($?) { | ||
| 402 | print "$tnam: verify error\n"; | ||
| 403 | $$rv++; | ||
| 404 | exit 1 if $halt_err; | ||
| 405 | next; | ||
| 406 | } | ||
| 407 | if (!cmp_files("smtst.txt", "smcont.txt")) { | ||
| 408 | print "$tnam: content verify error\n"; | ||
| 409 | $$rv++; | ||
| 410 | exit 1 if $halt_err; | ||
| 411 | next; | ||
| 412 | } | ||
| 413 | print "$tnam: OK\n"; | ||
| 414 | } | ||
| 415 | } | ||
| 416 | |||
| 417 | sub cmp_files { | ||
| 418 | use FileHandle; | ||
| 419 | my ( $f1, $f2 ) = @_; | ||
| 420 | my $fp1 = FileHandle->new(); | ||
| 421 | my $fp2 = FileHandle->new(); | ||
| 422 | |||
| 423 | my ( $rd1, $rd2 ); | ||
| 424 | |||
| 425 | if ( !open( $fp1, "<$f1" ) ) { | ||
| 426 | print STDERR "Can't Open file $f1\n"; | ||
| 427 | return 0; | ||
| 428 | } | ||
| 429 | |||
| 430 | if ( !open( $fp2, "<$f2" ) ) { | ||
| 431 | print STDERR "Can't Open file $f2\n"; | ||
| 432 | return 0; | ||
| 433 | } | ||
| 434 | |||
| 435 | binmode $fp1; | ||
| 436 | binmode $fp2; | ||
| 437 | |||
| 438 | my $ret = 0; | ||
| 439 | |||
| 440 | for ( ; ; ) { | ||
| 441 | $n1 = sysread $fp1, $rd1, 4096; | ||
| 442 | $n2 = sysread $fp2, $rd2, 4096; | ||
| 443 | last if ( $n1 != $n2 ); | ||
| 444 | last if ( $rd1 ne $rd2 ); | ||
| 445 | |||
| 446 | if ( $n1 == 0 ) { | ||
| 447 | $ret = 1; | ||
| 448 | last; | ||
| 449 | } | ||
| 450 | |||
| 451 | } | ||
| 452 | |||
| 453 | close $fp1; | ||
| 454 | close $fp2; | ||
| 455 | |||
| 456 | return $ret; | ||
| 457 | |||
| 458 | } | ||
| 459 | |||
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c deleted file mode 100644 index 1e65ccf99c..0000000000 --- a/src/lib/libssl/test/methtest.c +++ /dev/null | |||
| @@ -1,105 +0,0 @@ | |||
| 1 | /* $OpenBSD: methtest.c,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <stdlib.h> | ||
| 61 | #include <openssl/rsa.h> | ||
| 62 | #include <openssl/x509.h> | ||
| 63 | #include "meth.h" | ||
| 64 | #include <openssl/err.h> | ||
| 65 | |||
| 66 | int main(argc,argv) | ||
| 67 | int argc; | ||
| 68 | char *argv[]; | ||
| 69 | { | ||
| 70 | METHOD_CTX *top,*tmp1,*tmp2; | ||
| 71 | |||
| 72 | top=METH_new(x509_lookup()); /* get a top level context */ | ||
| 73 | if (top == NULL) goto err; | ||
| 74 | |||
| 75 | tmp1=METH_new(x509_by_file()); | ||
| 76 | if (top == NULL) goto err; | ||
| 77 | METH_arg(tmp1,METH_TYPE_FILE,"cafile1"); | ||
| 78 | METH_arg(tmp1,METH_TYPE_FILE,"cafile2"); | ||
| 79 | METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1); | ||
| 80 | |||
| 81 | tmp2=METH_new(x509_by_dir()); | ||
| 82 | METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts"); | ||
| 83 | METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs"); | ||
| 84 | METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs"); | ||
| 85 | METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2); | ||
| 86 | |||
| 87 | /* tmp=METH_new(x509_by_issuer_dir); | ||
| 88 | METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts"); | ||
| 89 | METH_push(top,METH_X509_BY_ISSUER,tmp); | ||
| 90 | |||
| 91 | tmp=METH_new(x509_by_issuer_primary); | ||
| 92 | METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem"); | ||
| 93 | METH_push(top,METH_X509_BY_ISSUER,tmp); | ||
| 94 | */ | ||
| 95 | |||
| 96 | METH_init(top); | ||
| 97 | METH_control(tmp1,METH_CONTROL_DUMP,stdout); | ||
| 98 | METH_control(tmp2,METH_CONTROL_DUMP,stdout); | ||
| 99 | EXIT(0); | ||
| 100 | err: | ||
| 101 | ERR_load_crypto_strings(); | ||
| 102 | ERR_print_errors_fp(stderr); | ||
| 103 | EXIT(1); | ||
| 104 | return(0); | ||
| 105 | } | ||
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem deleted file mode 100644 index c47b27af88..0000000000 --- a/src/lib/libssl/test/pkcs7-1.pem +++ /dev/null | |||
| @@ -1,15 +0,0 @@ | |||
| 1 | -----BEGIN PKCS7----- | ||
| 2 | MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG | ||
| 3 | SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE | ||
| 4 | AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF | ||
| 5 | eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4 | ||
| 6 | MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv | ||
| 7 | bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK | ||
| 8 | ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB | ||
| 9 | FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N | ||
| 10 | 9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8 | ||
| 11 | BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w | ||
| 12 | bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB | ||
| 13 | BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C | ||
| 14 | j7Kie1x339mxW/w9VZNTUDQQweHh | ||
| 15 | -----END PKCS7----- | ||
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem deleted file mode 100644 index d55c60b94e..0000000000 --- a/src/lib/libssl/test/pkcs7.pem +++ /dev/null | |||
| @@ -1,54 +0,0 @@ | |||
| 1 | MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg | ||
| 2 | AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH | ||
| 3 | EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl | ||
| 4 | cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw | ||
| 5 | ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0 | ||
| 6 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh | ||
| 7 | c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh | ||
| 8 | bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE | ||
| 9 | CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl | ||
| 10 | Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G | ||
| 11 | CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK | ||
| 12 | ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0 | ||
| 13 | l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC | ||
| 14 | HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg | ||
| 15 | Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1 | ||
| 16 | c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj | ||
| 17 | YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0 | ||
| 18 | dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx | ||
| 19 | dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu | ||
| 20 | LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU | ||
| 21 | ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln | ||
| 22 | biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT | ||
| 23 | IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB | ||
| 24 | AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t | ||
| 25 | L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL | ||
| 26 | HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF | ||
| 27 | slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7 | ||
| 28 | ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR | ||
| 29 | /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT | ||
| 30 | aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp | ||
| 31 | ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1 | ||
| 32 | OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu | ||
| 33 | MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz | ||
| 34 | Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv | ||
| 35 | qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy | ||
| 36 | sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb | ||
| 37 | P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG | ||
| 38 | A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA | ||
| 39 | KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7 | ||
| 40 | Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4 | ||
| 41 | Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq | ||
| 42 | hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp | ||
| 43 | Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk | ||
| 44 | dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ | ||
| 45 | KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30 | ||
| 46 | dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW | ||
| 47 | I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow | ||
| 48 | ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W | ||
| 49 | ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD | ||
| 50 | ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw | ||
| 51 | MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK | ||
| 52 | /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/ | ||
| 53 | DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP | ||
| 54 | b+xSu/jH0gAAMYAAAAAAAAAAAA== | ||
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl deleted file mode 100644 index 5c6b89fcdb..0000000000 --- a/src/lib/libssl/test/pkits-test.pl +++ /dev/null | |||
| @@ -1,949 +0,0 @@ | |||
| 1 | # test/pkits-test.pl | ||
| 2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
| 3 | # project. | ||
| 4 | # | ||
| 5 | # ==================================================================== | ||
| 6 | # Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
| 7 | # | ||
| 8 | # Redistribution and use in source and binary forms, with or without | ||
| 9 | # modification, are permitted provided that the following conditions | ||
| 10 | # are met: | ||
| 11 | # | ||
| 12 | # 1. Redistributions of source code must retain the above copyright | ||
| 13 | # notice, this list of conditions and the following disclaimer. | ||
| 14 | # | ||
| 15 | # 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | # notice, this list of conditions and the following disclaimer in | ||
| 17 | # the documentation and/or other materials provided with the | ||
| 18 | # distribution. | ||
| 19 | # | ||
| 20 | # 3. All advertising materials mentioning features or use of this | ||
| 21 | # software must display the following acknowledgment: | ||
| 22 | # "This product includes software developed by the OpenSSL Project | ||
| 23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | # | ||
| 25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | # endorse or promote products derived from this software without | ||
| 27 | # prior written permission. For written permission, please contact | ||
| 28 | # licensing@OpenSSL.org. | ||
| 29 | # | ||
| 30 | # 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | # nor may "OpenSSL" appear in their names without prior written | ||
| 32 | # permission of the OpenSSL Project. | ||
| 33 | # | ||
| 34 | # 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | # acknowledgment: | ||
| 36 | # "This product includes software developed by the OpenSSL Project | ||
| 37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | # | ||
| 39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | # ==================================================================== | ||
| 52 | |||
| 53 | # Perl utility to run PKITS tests for RFC3280 compliance. | ||
| 54 | |||
| 55 | my $ossl_path; | ||
| 56 | |||
| 57 | if ( -f "../apps/openssl" ) { | ||
| 58 | $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; | ||
| 59 | } | ||
| 60 | elsif ( -f "..\\out32dll\\openssl.exe" ) { | ||
| 61 | $ossl_path = "..\\out32dll\\openssl.exe"; | ||
| 62 | } | ||
| 63 | elsif ( -f "..\\out32\\openssl.exe" ) { | ||
| 64 | $ossl_path = "..\\out32\\openssl.exe"; | ||
| 65 | } | ||
| 66 | else { | ||
| 67 | die "Can't find OpenSSL executable"; | ||
| 68 | } | ||
| 69 | |||
| 70 | my $pkitsdir = "pkits/smime"; | ||
| 71 | my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt"; | ||
| 72 | |||
| 73 | die "Can't find PKITS test data" if !-d $pkitsdir; | ||
| 74 | |||
| 75 | my $nist1 = "2.16.840.1.101.3.2.1.48.1"; | ||
| 76 | my $nist2 = "2.16.840.1.101.3.2.1.48.2"; | ||
| 77 | my $nist3 = "2.16.840.1.101.3.2.1.48.3"; | ||
| 78 | my $nist4 = "2.16.840.1.101.3.2.1.48.4"; | ||
| 79 | my $nist5 = "2.16.840.1.101.3.2.1.48.5"; | ||
| 80 | my $nist6 = "2.16.840.1.101.3.2.1.48.6"; | ||
| 81 | |||
| 82 | my $apolicy = "X509v3 Any Policy"; | ||
| 83 | |||
| 84 | # This table contains the chapter headings of the accompanying PKITS | ||
| 85 | # document. They provide useful informational output and their names | ||
| 86 | # can be converted into the filename to test. | ||
| 87 | |||
| 88 | my @testlists = ( | ||
| 89 | [ "4.1", "Signature Verification" ], | ||
| 90 | [ "4.1.1", "Valid Signatures Test1", 0 ], | ||
| 91 | [ "4.1.2", "Invalid CA Signature Test2", 7 ], | ||
| 92 | [ "4.1.3", "Invalid EE Signature Test3", 7 ], | ||
| 93 | [ "4.1.4", "Valid DSA Signatures Test4", 0 ], | ||
| 94 | [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ], | ||
| 95 | [ "4.1.6", "Invalid DSA Signature Test6", 7 ], | ||
| 96 | [ "4.2", "Validity Periods" ], | ||
| 97 | [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ], | ||
| 98 | [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ], | ||
| 99 | [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ], | ||
| 100 | [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ], | ||
| 101 | [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ], | ||
| 102 | [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ], | ||
| 103 | [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ], | ||
| 104 | [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ], | ||
| 105 | [ "4.3", "Verifying Name Chaining" ], | ||
| 106 | [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ], | ||
| 107 | [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ], | ||
| 108 | [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ], | ||
| 109 | [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ], | ||
| 110 | [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ], | ||
| 111 | [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ], | ||
| 112 | [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ], | ||
| 113 | [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ], | ||
| 114 | [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ], | ||
| 115 | [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ], | ||
| 116 | [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ], | ||
| 117 | [ "4.4", "Basic Certificate Revocation Tests" ], | ||
| 118 | [ "4.4.1", "Missing CRL Test1", 3 ], | ||
| 119 | [ "4.4.2", "Invalid Revoked CA Test2", 23 ], | ||
| 120 | [ "4.4.3", "Invalid Revoked EE Test3", 23 ], | ||
| 121 | [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ], | ||
| 122 | [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ], | ||
| 123 | [ "4.4.6", "Invalid Wrong CRL Test6", 3 ], | ||
| 124 | [ "4.4.7", "Valid Two CRLs Test7", 0 ], | ||
| 125 | |||
| 126 | # The test document suggests these should return certificate revoked... | ||
| 127 | # Subsquent discussion has concluded they should not due to unhandle | ||
| 128 | # critical CRL extensions. | ||
| 129 | [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ], | ||
| 130 | [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ], | ||
| 131 | |||
| 132 | [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ], | ||
| 133 | [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ], | ||
| 134 | [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ], | ||
| 135 | [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ], | ||
| 136 | [ "4.4.14", "Valid Negative Serial Number Test14", 0 ], | ||
| 137 | [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ], | ||
| 138 | [ "4.4.16", "Valid Long Serial Number Test16", 0 ], | ||
| 139 | [ "4.4.17", "Valid Long Serial Number Test17", 0 ], | ||
| 140 | [ "4.4.18", "Invalid Long Serial Number Test18", 23 ], | ||
| 141 | [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ], | ||
| 142 | [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ], | ||
| 143 | |||
| 144 | # CRL path is revoked so get a CRL path validation error | ||
| 145 | [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ], | ||
| 146 | [ "4.5", "Verifying Paths with Self-Issued Certificates" ], | ||
| 147 | [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ], | ||
| 148 | [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ], | ||
| 149 | [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ], | ||
| 150 | [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ], | ||
| 151 | [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ], | ||
| 152 | [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ], | ||
| 153 | [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ], | ||
| 154 | [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ], | ||
| 155 | [ "4.6", "Verifying Basic Constraints" ], | ||
| 156 | [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ], | ||
| 157 | [ "4.6.2", "Invalid cA False Test2", 24 ], | ||
| 158 | [ "4.6.3", "Invalid cA False Test3", 24 ], | ||
| 159 | [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ], | ||
| 160 | [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ], | ||
| 161 | [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ], | ||
| 162 | [ "4.6.7", "Valid pathLenConstraint Test7", 0 ], | ||
| 163 | [ "4.6.8", "Valid pathLenConstraint Test8", 0 ], | ||
| 164 | [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ], | ||
| 165 | [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ], | ||
| 166 | [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ], | ||
| 167 | [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ], | ||
| 168 | [ "4.6.13", "Valid pathLenConstraint Test13", 0 ], | ||
| 169 | [ "4.6.14", "Valid pathLenConstraint Test14", 0 ], | ||
| 170 | [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ], | ||
| 171 | [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ], | ||
| 172 | [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ], | ||
| 173 | [ "4.7", "Key Usage" ], | ||
| 174 | [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ], | ||
| 175 | [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ], | ||
| 176 | [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ], | ||
| 177 | [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ], | ||
| 178 | [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ], | ||
| 179 | |||
| 180 | # Certificate policy tests need special handling. They can have several | ||
| 181 | # sub tests and we need to check the outputs are correct. | ||
| 182 | |||
| 183 | [ "4.8", "Certificate Policies" ], | ||
| 184 | [ | ||
| 185 | "4.8.1.1", | ||
| 186 | "All Certificates Same Policy Test1", | ||
| 187 | "-policy anyPolicy -explicit_policy", | ||
| 188 | "True", $nist1, $nist1, 0 | ||
| 189 | ], | ||
| 190 | [ | ||
| 191 | "4.8.1.2", | ||
| 192 | "All Certificates Same Policy Test1", | ||
| 193 | "-policy $nist1 -explicit_policy", | ||
| 194 | "True", $nist1, $nist1, 0 | ||
| 195 | ], | ||
| 196 | [ | ||
| 197 | "4.8.1.3", | ||
| 198 | "All Certificates Same Policy Test1", | ||
| 199 | "-policy $nist2 -explicit_policy", | ||
| 200 | "True", $nist1, "<empty>", 43 | ||
| 201 | ], | ||
| 202 | [ | ||
| 203 | "4.8.1.4", | ||
| 204 | "All Certificates Same Policy Test1", | ||
| 205 | "-policy $nist1 -policy $nist2 -explicit_policy", | ||
| 206 | "True", $nist1, $nist1, 0 | ||
| 207 | ], | ||
| 208 | [ | ||
| 209 | "4.8.2.1", | ||
| 210 | "All Certificates No Policies Test2", | ||
| 211 | "-policy anyPolicy", | ||
| 212 | "False", "<empty>", "<empty>", 0 | ||
| 213 | ], | ||
| 214 | [ | ||
| 215 | "4.8.2.2", | ||
| 216 | "All Certificates No Policies Test2", | ||
| 217 | "-policy anyPolicy -explicit_policy", | ||
| 218 | "True", "<empty>", "<empty>", 43 | ||
| 219 | ], | ||
| 220 | [ | ||
| 221 | "4.8.3.1", | ||
| 222 | "Different Policies Test3", | ||
| 223 | "-policy anyPolicy", | ||
| 224 | "False", "<empty>", "<empty>", 0 | ||
| 225 | ], | ||
| 226 | [ | ||
| 227 | "4.8.3.2", | ||
| 228 | "Different Policies Test3", | ||
| 229 | "-policy anyPolicy -explicit_policy", | ||
| 230 | "True", "<empty>", "<empty>", 43 | ||
| 231 | ], | ||
| 232 | [ | ||
| 233 | "4.8.3.3", | ||
| 234 | "Different Policies Test3", | ||
| 235 | "-policy $nist1 -policy $nist2 -explicit_policy", | ||
| 236 | "True", "<empty>", "<empty>", 43 | ||
| 237 | ], | ||
| 238 | |||
| 239 | [ | ||
| 240 | "4.8.4", | ||
| 241 | "Different Policies Test4", | ||
| 242 | "-policy anyPolicy", | ||
| 243 | "True", "<empty>", "<empty>", 43 | ||
| 244 | ], | ||
| 245 | [ | ||
| 246 | "4.8.5", | ||
| 247 | "Different Policies Test5", | ||
| 248 | "-policy anyPolicy", | ||
| 249 | "True", "<empty>", "<empty>", 43 | ||
| 250 | ], | ||
| 251 | [ | ||
| 252 | "4.8.6.1", | ||
| 253 | "Overlapping Policies Test6", | ||
| 254 | "-policy anyPolicy", | ||
| 255 | "True", $nist1, $nist1, 0 | ||
| 256 | ], | ||
| 257 | [ | ||
| 258 | "4.8.6.2", | ||
| 259 | "Overlapping Policies Test6", | ||
| 260 | "-policy $nist1", | ||
| 261 | "True", $nist1, $nist1, 0 | ||
| 262 | ], | ||
| 263 | [ | ||
| 264 | "4.8.6.3", | ||
| 265 | "Overlapping Policies Test6", | ||
| 266 | "-policy $nist2", | ||
| 267 | "True", $nist1, "<empty>", 43 | ||
| 268 | ], | ||
| 269 | [ | ||
| 270 | "4.8.7", | ||
| 271 | "Different Policies Test7", | ||
| 272 | "-policy anyPolicy", | ||
| 273 | "True", "<empty>", "<empty>", 43 | ||
| 274 | ], | ||
| 275 | [ | ||
| 276 | "4.8.8", | ||
| 277 | "Different Policies Test8", | ||
| 278 | "-policy anyPolicy", | ||
| 279 | "True", "<empty>", "<empty>", 43 | ||
| 280 | ], | ||
| 281 | [ | ||
| 282 | "4.8.9", | ||
| 283 | "Different Policies Test9", | ||
| 284 | "-policy anyPolicy", | ||
| 285 | "True", "<empty>", "<empty>", 43 | ||
| 286 | ], | ||
| 287 | [ | ||
| 288 | "4.8.10.1", | ||
| 289 | "All Certificates Same Policies Test10", | ||
| 290 | "-policy $nist1", | ||
| 291 | "True", "$nist1:$nist2", "$nist1", 0 | ||
| 292 | ], | ||
| 293 | [ | ||
| 294 | "4.8.10.2", | ||
| 295 | "All Certificates Same Policies Test10", | ||
| 296 | "-policy $nist2", | ||
| 297 | "True", "$nist1:$nist2", "$nist2", 0 | ||
| 298 | ], | ||
| 299 | [ | ||
| 300 | "4.8.10.3", | ||
| 301 | "All Certificates Same Policies Test10", | ||
| 302 | "-policy anyPolicy", | ||
| 303 | "True", "$nist1:$nist2", "$nist1:$nist2", 0 | ||
| 304 | ], | ||
| 305 | [ | ||
| 306 | "4.8.11.1", | ||
| 307 | "All Certificates AnyPolicy Test11", | ||
| 308 | "-policy anyPolicy", | ||
| 309 | "True", "$apolicy", "$apolicy", 0 | ||
| 310 | ], | ||
| 311 | [ | ||
| 312 | "4.8.11.2", | ||
| 313 | "All Certificates AnyPolicy Test11", | ||
| 314 | "-policy $nist1", | ||
| 315 | "True", "$apolicy", "$nist1", 0 | ||
| 316 | ], | ||
| 317 | [ | ||
| 318 | "4.8.12", | ||
| 319 | "Different Policies Test12", | ||
| 320 | "-policy anyPolicy", | ||
| 321 | "True", "<empty>", "<empty>", 43 | ||
| 322 | ], | ||
| 323 | [ | ||
| 324 | "4.8.13.1", | ||
| 325 | "All Certificates Same Policies Test13", | ||
| 326 | "-policy $nist1", | ||
| 327 | "True", "$nist1:$nist2:$nist3", "$nist1", 0 | ||
| 328 | ], | ||
| 329 | [ | ||
| 330 | "4.8.13.2", | ||
| 331 | "All Certificates Same Policies Test13", | ||
| 332 | "-policy $nist2", | ||
| 333 | "True", "$nist1:$nist2:$nist3", "$nist2", 0 | ||
| 334 | ], | ||
| 335 | [ | ||
| 336 | "4.8.13.3", | ||
| 337 | "All Certificates Same Policies Test13", | ||
| 338 | "-policy $nist3", | ||
| 339 | "True", "$nist1:$nist2:$nist3", "$nist3", 0 | ||
| 340 | ], | ||
| 341 | [ | ||
| 342 | "4.8.14.1", "AnyPolicy Test14", | ||
| 343 | "-policy $nist1", "True", | ||
| 344 | "$nist1", "$nist1", | ||
| 345 | 0 | ||
| 346 | ], | ||
| 347 | [ | ||
| 348 | "4.8.14.2", "AnyPolicy Test14", | ||
| 349 | "-policy $nist2", "True", | ||
| 350 | "$nist1", "<empty>", | ||
| 351 | 43 | ||
| 352 | ], | ||
| 353 | [ | ||
| 354 | "4.8.15", | ||
| 355 | "User Notice Qualifier Test15", | ||
| 356 | "-policy anyPolicy", | ||
| 357 | "False", "$nist1", "$nist1", 0 | ||
| 358 | ], | ||
| 359 | [ | ||
| 360 | "4.8.16", | ||
| 361 | "User Notice Qualifier Test16", | ||
| 362 | "-policy anyPolicy", | ||
| 363 | "False", "$nist1", "$nist1", 0 | ||
| 364 | ], | ||
| 365 | [ | ||
| 366 | "4.8.17", | ||
| 367 | "User Notice Qualifier Test17", | ||
| 368 | "-policy anyPolicy", | ||
| 369 | "False", "$nist1", "$nist1", 0 | ||
| 370 | ], | ||
| 371 | [ | ||
| 372 | "4.8.18.1", | ||
| 373 | "User Notice Qualifier Test18", | ||
| 374 | "-policy $nist1", | ||
| 375 | "True", "$nist1:$nist2", "$nist1", 0 | ||
| 376 | ], | ||
| 377 | [ | ||
| 378 | "4.8.18.2", | ||
| 379 | "User Notice Qualifier Test18", | ||
| 380 | "-policy $nist2", | ||
| 381 | "True", "$nist1:$nist2", "$nist2", 0 | ||
| 382 | ], | ||
| 383 | [ | ||
| 384 | "4.8.19", | ||
| 385 | "User Notice Qualifier Test19", | ||
| 386 | "-policy anyPolicy", | ||
| 387 | "False", "$nist1", "$nist1", 0 | ||
| 388 | ], | ||
| 389 | [ | ||
| 390 | "4.8.20", | ||
| 391 | "CPS Pointer Qualifier Test20", | ||
| 392 | "-policy anyPolicy -explicit_policy", | ||
| 393 | "True", "$nist1", "$nist1", 0 | ||
| 394 | ], | ||
| 395 | [ "4.9", "Require Explicit Policy" ], | ||
| 396 | [ | ||
| 397 | "4.9.1", | ||
| 398 | "Valid RequireExplicitPolicy Test1", | ||
| 399 | "-policy anyPolicy", | ||
| 400 | "False", "<empty>", "<empty>", 0 | ||
| 401 | ], | ||
| 402 | [ | ||
| 403 | "4.9.2", | ||
| 404 | "Valid RequireExplicitPolicy Test2", | ||
| 405 | "-policy anyPolicy", | ||
| 406 | "False", "<empty>", "<empty>", 0 | ||
| 407 | ], | ||
| 408 | [ | ||
| 409 | "4.9.3", | ||
| 410 | "Invalid RequireExplicitPolicy Test3", | ||
| 411 | "-policy anyPolicy", | ||
| 412 | "True", "<empty>", "<empty>", 43 | ||
| 413 | ], | ||
| 414 | [ | ||
| 415 | "4.9.4", | ||
| 416 | "Valid RequireExplicitPolicy Test4", | ||
| 417 | "-policy anyPolicy", | ||
| 418 | "True", "$nist1", "$nist1", 0 | ||
| 419 | ], | ||
| 420 | [ | ||
| 421 | "4.9.5", | ||
| 422 | "Invalid RequireExplicitPolicy Test5", | ||
| 423 | "-policy anyPolicy", | ||
| 424 | "True", "<empty>", "<empty>", 43 | ||
| 425 | ], | ||
| 426 | [ | ||
| 427 | "4.9.6", | ||
| 428 | "Valid Self-Issued requireExplicitPolicy Test6", | ||
| 429 | "-policy anyPolicy", | ||
| 430 | "False", "<empty>", "<empty>", 0 | ||
| 431 | ], | ||
| 432 | [ | ||
| 433 | "4.9.7", | ||
| 434 | "Invalid Self-Issued requireExplicitPolicy Test7", | ||
| 435 | "-policy anyPolicy", | ||
| 436 | "True", "<empty>", "<empty>", 43 | ||
| 437 | ], | ||
| 438 | [ | ||
| 439 | "4.9.8", | ||
| 440 | "Invalid Self-Issued requireExplicitPolicy Test8", | ||
| 441 | "-policy anyPolicy", | ||
| 442 | "True", "<empty>", "<empty>", 43 | ||
| 443 | ], | ||
| 444 | [ "4.10", "Policy Mappings" ], | ||
| 445 | [ | ||
| 446 | "4.10.1.1", | ||
| 447 | "Valid Policy Mapping Test1", | ||
| 448 | "-policy $nist1", | ||
| 449 | "True", "$nist1", "$nist1", 0 | ||
| 450 | ], | ||
| 451 | [ | ||
| 452 | "4.10.1.2", | ||
| 453 | "Valid Policy Mapping Test1", | ||
| 454 | "-policy $nist2", | ||
| 455 | "True", "$nist1", "<empty>", 43 | ||
| 456 | ], | ||
| 457 | [ | ||
| 458 | "4.10.1.3", | ||
| 459 | "Valid Policy Mapping Test1", | ||
| 460 | "-policy anyPolicy -inhibit_map", | ||
| 461 | "True", "<empty>", "<empty>", 43 | ||
| 462 | ], | ||
| 463 | [ | ||
| 464 | "4.10.2.1", | ||
| 465 | "Invalid Policy Mapping Test2", | ||
| 466 | "-policy anyPolicy", | ||
| 467 | "True", "<empty>", "<empty>", 43 | ||
| 468 | ], | ||
| 469 | [ | ||
| 470 | "4.10.2.2", | ||
| 471 | "Invalid Policy Mapping Test2", | ||
| 472 | "-policy anyPolicy -inhibit_map", | ||
| 473 | "True", "<empty>", "<empty>", 43 | ||
| 474 | ], | ||
| 475 | [ | ||
| 476 | "4.10.3.1", | ||
| 477 | "Valid Policy Mapping Test3", | ||
| 478 | "-policy $nist1", | ||
| 479 | "True", "$nist2", "<empty>", 43 | ||
| 480 | ], | ||
| 481 | [ | ||
| 482 | "4.10.3.2", | ||
| 483 | "Valid Policy Mapping Test3", | ||
| 484 | "-policy $nist2", | ||
| 485 | "True", "$nist2", "$nist2", 0 | ||
| 486 | ], | ||
| 487 | [ | ||
| 488 | "4.10.4", | ||
| 489 | "Invalid Policy Mapping Test4", | ||
| 490 | "-policy anyPolicy", | ||
| 491 | "True", "<empty>", "<empty>", 43 | ||
| 492 | ], | ||
| 493 | [ | ||
| 494 | "4.10.5.1", | ||
| 495 | "Valid Policy Mapping Test5", | ||
| 496 | "-policy $nist1", | ||
| 497 | "True", "$nist1", "$nist1", 0 | ||
| 498 | ], | ||
| 499 | [ | ||
| 500 | "4.10.5.2", | ||
| 501 | "Valid Policy Mapping Test5", | ||
| 502 | "-policy $nist6", | ||
| 503 | "True", "$nist1", "<empty>", 43 | ||
| 504 | ], | ||
| 505 | [ | ||
| 506 | "4.10.6.1", | ||
| 507 | "Valid Policy Mapping Test6", | ||
| 508 | "-policy $nist1", | ||
| 509 | "True", "$nist1", "$nist1", 0 | ||
| 510 | ], | ||
| 511 | [ | ||
| 512 | "4.10.6.2", | ||
| 513 | "Valid Policy Mapping Test6", | ||
| 514 | "-policy $nist6", | ||
| 515 | "True", "$nist1", "<empty>", 43 | ||
| 516 | ], | ||
| 517 | [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ], | ||
| 518 | [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ], | ||
| 519 | [ | ||
| 520 | "4.10.9", | ||
| 521 | "Valid Policy Mapping Test9", | ||
| 522 | "-policy anyPolicy", | ||
| 523 | "True", "$nist1", "$nist1", 0 | ||
| 524 | ], | ||
| 525 | [ | ||
| 526 | "4.10.10", | ||
| 527 | "Invalid Policy Mapping Test10", | ||
| 528 | "-policy anyPolicy", | ||
| 529 | "True", "<empty>", "<empty>", 43 | ||
| 530 | ], | ||
| 531 | [ | ||
| 532 | "4.10.11", | ||
| 533 | "Valid Policy Mapping Test11", | ||
| 534 | "-policy anyPolicy", | ||
| 535 | "True", "$nist1", "$nist1", 0 | ||
| 536 | ], | ||
| 537 | |||
| 538 | # TODO: check notice display | ||
| 539 | [ | ||
| 540 | "4.10.12.1", | ||
| 541 | "Valid Policy Mapping Test12", | ||
| 542 | "-policy $nist1", | ||
| 543 | "True", "$nist1:$nist2", "$nist1", 0 | ||
| 544 | ], | ||
| 545 | |||
| 546 | # TODO: check notice display | ||
| 547 | [ | ||
| 548 | "4.10.12.2", | ||
| 549 | "Valid Policy Mapping Test12", | ||
| 550 | "-policy $nist2", | ||
| 551 | "True", "$nist1:$nist2", "$nist2", 0 | ||
| 552 | ], | ||
| 553 | [ | ||
| 554 | "4.10.13", | ||
| 555 | "Valid Policy Mapping Test13", | ||
| 556 | "-policy anyPolicy", | ||
| 557 | "True", "$nist1", "$nist1", 0 | ||
| 558 | ], | ||
| 559 | |||
| 560 | # TODO: check notice display | ||
| 561 | [ | ||
| 562 | "4.10.14", | ||
| 563 | "Valid Policy Mapping Test14", | ||
| 564 | "-policy anyPolicy", | ||
| 565 | "True", "$nist1", "$nist1", 0 | ||
| 566 | ], | ||
| 567 | [ "4.11", "Inhibit Policy Mapping" ], | ||
| 568 | [ | ||
| 569 | "4.11.1", | ||
| 570 | "Invalid inhibitPolicyMapping Test1", | ||
| 571 | "-policy anyPolicy", | ||
| 572 | "True", "<empty>", "<empty>", 43 | ||
| 573 | ], | ||
| 574 | [ | ||
| 575 | "4.11.2", | ||
| 576 | "Valid inhibitPolicyMapping Test2", | ||
| 577 | "-policy anyPolicy", | ||
| 578 | "True", "$nist1", "$nist1", 0 | ||
| 579 | ], | ||
| 580 | [ | ||
| 581 | "4.11.3", | ||
| 582 | "Invalid inhibitPolicyMapping Test3", | ||
| 583 | "-policy anyPolicy", | ||
| 584 | "True", "<empty>", "<empty>", 43 | ||
| 585 | ], | ||
| 586 | [ | ||
| 587 | "4.11.4", | ||
| 588 | "Valid inhibitPolicyMapping Test4", | ||
| 589 | "-policy anyPolicy", | ||
| 590 | "True", "$nist2", "$nist2", 0 | ||
| 591 | ], | ||
| 592 | [ | ||
| 593 | "4.11.5", | ||
| 594 | "Invalid inhibitPolicyMapping Test5", | ||
| 595 | "-policy anyPolicy", | ||
| 596 | "True", "<empty>", "<empty>", 43 | ||
| 597 | ], | ||
| 598 | [ | ||
| 599 | "4.11.6", | ||
| 600 | "Invalid inhibitPolicyMapping Test6", | ||
| 601 | "-policy anyPolicy", | ||
| 602 | "True", "<empty>", "<empty>", 43 | ||
| 603 | ], | ||
| 604 | [ | ||
| 605 | "4.11.7", | ||
| 606 | "Valid Self-Issued inhibitPolicyMapping Test7", | ||
| 607 | "-policy anyPolicy", | ||
| 608 | "True", "$nist1", "$nist1", 0 | ||
| 609 | ], | ||
| 610 | [ | ||
| 611 | "4.11.8", | ||
| 612 | "Invalid Self-Issued inhibitPolicyMapping Test8", | ||
| 613 | "-policy anyPolicy", | ||
| 614 | "True", "<empty>", "<empty>", 43 | ||
| 615 | ], | ||
| 616 | [ | ||
| 617 | "4.11.9", | ||
| 618 | "Invalid Self-Issued inhibitPolicyMapping Test9", | ||
| 619 | "-policy anyPolicy", | ||
| 620 | "True", "<empty>", "<empty>", 43 | ||
| 621 | ], | ||
| 622 | [ | ||
| 623 | "4.11.10", | ||
| 624 | "Invalid Self-Issued inhibitPolicyMapping Test10", | ||
| 625 | "-policy anyPolicy", | ||
| 626 | "True", "<empty>", "<empty>", 43 | ||
| 627 | ], | ||
| 628 | [ | ||
| 629 | "4.11.11", | ||
| 630 | "Invalid Self-Issued inhibitPolicyMapping Test11", | ||
| 631 | "-policy anyPolicy", | ||
| 632 | "True", "<empty>", "<empty>", 43 | ||
| 633 | ], | ||
| 634 | [ "4.12", "Inhibit Any Policy" ], | ||
| 635 | [ | ||
| 636 | "4.12.1", | ||
| 637 | "Invalid inhibitAnyPolicy Test1", | ||
| 638 | "-policy anyPolicy", | ||
| 639 | "True", "<empty>", "<empty>", 43 | ||
| 640 | ], | ||
| 641 | [ | ||
| 642 | "4.12.2", | ||
| 643 | "Valid inhibitAnyPolicy Test2", | ||
| 644 | "-policy anyPolicy", | ||
| 645 | "True", "$nist1", "$nist1", 0 | ||
| 646 | ], | ||
| 647 | [ | ||
| 648 | "4.12.3.1", | ||
| 649 | "inhibitAnyPolicy Test3", | ||
| 650 | "-policy anyPolicy", | ||
| 651 | "True", "$nist1", "$nist1", 0 | ||
| 652 | ], | ||
| 653 | [ | ||
| 654 | "4.12.3.2", | ||
| 655 | "inhibitAnyPolicy Test3", | ||
| 656 | "-policy anyPolicy -inhibit_any", | ||
| 657 | "True", "<empty>", "<empty>", 43 | ||
| 658 | ], | ||
| 659 | [ | ||
| 660 | "4.12.4", | ||
| 661 | "Invalid inhibitAnyPolicy Test4", | ||
| 662 | "-policy anyPolicy", | ||
| 663 | "True", "<empty>", "<empty>", 43 | ||
| 664 | ], | ||
| 665 | [ | ||
| 666 | "4.12.5", | ||
| 667 | "Invalid inhibitAnyPolicy Test5", | ||
| 668 | "-policy anyPolicy", | ||
| 669 | "True", "<empty>", "<empty>", 43 | ||
| 670 | ], | ||
| 671 | [ | ||
| 672 | "4.12.6", | ||
| 673 | "Invalid inhibitAnyPolicy Test6", | ||
| 674 | "-policy anyPolicy", | ||
| 675 | "True", "<empty>", "<empty>", 43 | ||
| 676 | ], | ||
| 677 | [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ], | ||
| 678 | [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ], | ||
| 679 | [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ], | ||
| 680 | [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ], | ||
| 681 | [ "4.13", "Name Constraints" ], | ||
| 682 | [ "4.13.1", "Valid DN nameConstraints Test1", 0 ], | ||
| 683 | [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ], | ||
| 684 | [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ], | ||
| 685 | [ "4.13.4", "Valid DN nameConstraints Test4", 0 ], | ||
| 686 | [ "4.13.5", "Valid DN nameConstraints Test5", 0 ], | ||
| 687 | [ "4.13.6", "Valid DN nameConstraints Test6", 0 ], | ||
| 688 | [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ], | ||
| 689 | [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ], | ||
| 690 | [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ], | ||
| 691 | [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ], | ||
| 692 | [ "4.13.11", "Valid DN nameConstraints Test11", 0 ], | ||
| 693 | [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ], | ||
| 694 | [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ], | ||
| 695 | [ "4.13.14", "Valid DN nameConstraints Test14", 0 ], | ||
| 696 | [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ], | ||
| 697 | [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ], | ||
| 698 | [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ], | ||
| 699 | [ "4.13.18", "Valid DN nameConstraints Test18", 0 ], | ||
| 700 | [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ], | ||
| 701 | [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ], | ||
| 702 | [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ], | ||
| 703 | [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ], | ||
| 704 | [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ], | ||
| 705 | [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ], | ||
| 706 | [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ], | ||
| 707 | [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ], | ||
| 708 | [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ], | ||
| 709 | [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ], | ||
| 710 | [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ], | ||
| 711 | [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ], | ||
| 712 | [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ], | ||
| 713 | [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ], | ||
| 714 | [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ], | ||
| 715 | [ "4.13.34", "Valid URI nameConstraints Test34", 0 ], | ||
| 716 | [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ], | ||
| 717 | [ "4.13.36", "Valid URI nameConstraints Test36", 0 ], | ||
| 718 | [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ], | ||
| 719 | [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ], | ||
| 720 | [ "4.14", "Distribution Points" ], | ||
| 721 | [ "4.14.1", "Valid distributionPoint Test1", 0 ], | ||
| 722 | [ "4.14.2", "Invalid distributionPoint Test2", 23 ], | ||
| 723 | [ "4.14.3", "Invalid distributionPoint Test3", 44 ], | ||
| 724 | [ "4.14.4", "Valid distributionPoint Test4", 0 ], | ||
| 725 | [ "4.14.5", "Valid distributionPoint Test5", 0 ], | ||
| 726 | [ "4.14.6", "Invalid distributionPoint Test6", 23 ], | ||
| 727 | [ "4.14.7", "Valid distributionPoint Test7", 0 ], | ||
| 728 | [ "4.14.8", "Invalid distributionPoint Test8", 44 ], | ||
| 729 | [ "4.14.9", "Invalid distributionPoint Test9", 44 ], | ||
| 730 | [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ], | ||
| 731 | [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ], | ||
| 732 | [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ], | ||
| 733 | [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ], | ||
| 734 | [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ], | ||
| 735 | [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ], | ||
| 736 | [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ], | ||
| 737 | [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ], | ||
| 738 | [ "4.14.18", "Valid onlySomeReasons Test18", 0 ], | ||
| 739 | [ "4.14.19", "Valid onlySomeReasons Test19", 0 ], | ||
| 740 | [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ], | ||
| 741 | [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ], | ||
| 742 | [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ], | ||
| 743 | [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ], | ||
| 744 | [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ], | ||
| 745 | [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ], | ||
| 746 | [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ], | ||
| 747 | [ "4.14.27", "Invalid cRLIssuer Test27", 3 ], | ||
| 748 | [ "4.14.28", "Valid cRLIssuer Test28", 0 ], | ||
| 749 | [ "4.14.29", "Valid cRLIssuer Test29", 0 ], | ||
| 750 | |||
| 751 | # Although this test is valid it has a circular dependency. As a result | ||
| 752 | # an attempt is made to reursively checks a CRL path and rejected due to | ||
| 753 | # a CRL path validation error. PKITS notes suggest this test does not | ||
| 754 | # need to be run due to this issue. | ||
| 755 | [ "4.14.30", "Valid cRLIssuer Test30", 54 ], | ||
| 756 | [ "4.14.31", "Invalid cRLIssuer Test31", 23 ], | ||
| 757 | [ "4.14.32", "Invalid cRLIssuer Test32", 23 ], | ||
| 758 | [ "4.14.33", "Valid cRLIssuer Test33", 0 ], | ||
| 759 | [ "4.14.34", "Invalid cRLIssuer Test34", 23 ], | ||
| 760 | [ "4.14.35", "Invalid cRLIssuer Test35", 44 ], | ||
| 761 | [ "4.15", "Delta-CRLs" ], | ||
| 762 | [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ], | ||
| 763 | [ "4.15.2", "Valid delta-CRL Test2", 0 ], | ||
| 764 | [ "4.15.3", "Invalid delta-CRL Test3", 23 ], | ||
| 765 | [ "4.15.4", "Invalid delta-CRL Test4", 23 ], | ||
| 766 | [ "4.15.5", "Valid delta-CRL Test5", 0 ], | ||
| 767 | [ "4.15.6", "Invalid delta-CRL Test6", 23 ], | ||
| 768 | [ "4.15.7", "Valid delta-CRL Test7", 0 ], | ||
| 769 | [ "4.15.8", "Valid delta-CRL Test8", 0 ], | ||
| 770 | [ "4.15.9", "Invalid delta-CRL Test9", 23 ], | ||
| 771 | [ "4.15.10", "Invalid delta-CRL Test10", 12 ], | ||
| 772 | [ "4.16", "Private Certificate Extensions" ], | ||
| 773 | [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ], | ||
| 774 | [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ], | ||
| 775 | ); | ||
| 776 | |||
| 777 | |||
| 778 | my $verbose = 1; | ||
| 779 | |||
| 780 | my $numtest = 0; | ||
| 781 | my $numfail = 0; | ||
| 782 | |||
| 783 | my $ossl = "ossl/apps/openssl"; | ||
| 784 | |||
| 785 | my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; | ||
| 786 | $ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; | ||
| 787 | |||
| 788 | # Check for expiry of trust anchor | ||
| 789 | system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; | ||
| 790 | if ($? == 256) | ||
| 791 | { | ||
| 792 | print STDERR "WARNING: using older expired data\n"; | ||
| 793 | $ossl_cmd .= "-attime 1291940972 "; | ||
| 794 | } | ||
| 795 | |||
| 796 | $ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; | ||
| 797 | |||
| 798 | system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; | ||
| 799 | |||
| 800 | die "Can't create trust anchor file" if $?; | ||
| 801 | |||
| 802 | print "Running PKITS tests:\n" if $verbose; | ||
| 803 | |||
| 804 | foreach (@testlists) { | ||
| 805 | my $argnum = @$_; | ||
| 806 | if ( $argnum == 2 ) { | ||
| 807 | my ( $tnum, $title ) = @$_; | ||
| 808 | print "$tnum $title\n" if $verbose; | ||
| 809 | } | ||
| 810 | elsif ( $argnum == 3 ) { | ||
| 811 | my ( $tnum, $title, $exp_ret ) = @$_; | ||
| 812 | my $filename = $title; | ||
| 813 | $exp_ret += 32 if $exp_ret; | ||
| 814 | $filename =~ tr/ -//d; | ||
| 815 | $filename = "Signed${filename}.eml"; | ||
| 816 | if ( !-f "$pkitsdir/$filename" ) { | ||
| 817 | print "\"$filename\" not found\n"; | ||
| 818 | } | ||
| 819 | else { | ||
| 820 | my $ret; | ||
| 821 | my $test_fail = 0; | ||
| 822 | my $errmsg = ""; | ||
| 823 | my $cmd = $ossl_cmd; | ||
| 824 | $cmd .= "-in $pkitsdir/$filename -policy anyPolicy"; | ||
| 825 | my $cmdout = `$cmd`; | ||
| 826 | $ret = $? >> 8; | ||
| 827 | if ( $? & 0xff ) { | ||
| 828 | $errmsg .= "Abnormal OpenSSL termination\n"; | ||
| 829 | $test_fail = 1; | ||
| 830 | } | ||
| 831 | if ( $exp_ret != $ret ) { | ||
| 832 | $errmsg .= "Return code:$ret, "; | ||
| 833 | $errmsg .= "expected $exp_ret\n"; | ||
| 834 | $test_fail = 1; | ||
| 835 | } | ||
| 836 | if ($test_fail) { | ||
| 837 | print "$tnum $title : Failed!\n"; | ||
| 838 | print "Filename: $pkitsdir/$filename\n"; | ||
| 839 | print $errmsg; | ||
| 840 | print "Command output:\n$cmdout\n"; | ||
| 841 | $numfail++; | ||
| 842 | } | ||
| 843 | $numtest++; | ||
| 844 | } | ||
| 845 | } | ||
| 846 | elsif ( $argnum == 7 ) { | ||
| 847 | my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret ) | ||
| 848 | = @$_; | ||
| 849 | my $filename = $title; | ||
| 850 | $exp_ret += 32 if $exp_ret; | ||
| 851 | $filename =~ tr/ -//d; | ||
| 852 | $filename = "Signed${filename}.eml"; | ||
| 853 | if ( !-f "$pkitsdir/$filename" ) { | ||
| 854 | print "\"$filename\" not found\n"; | ||
| 855 | } | ||
| 856 | else { | ||
| 857 | my $ret; | ||
| 858 | my $cmdout = ""; | ||
| 859 | my $errmsg = ""; | ||
| 860 | my $epol = ""; | ||
| 861 | my $aset = ""; | ||
| 862 | my $uset = ""; | ||
| 863 | my $pol = -1; | ||
| 864 | my $test_fail = 0; | ||
| 865 | my $cmd = $ossl_cmd; | ||
| 866 | $cmd .= "-in $pkitsdir/$filename $exargs -policy_print"; | ||
| 867 | @oparr = `$cmd`; | ||
| 868 | $ret = $? >> 8; | ||
| 869 | |||
| 870 | if ( $? & 0xff ) { | ||
| 871 | $errmsg .= "Abnormal OpenSSL termination\n"; | ||
| 872 | $test_fail = 1; | ||
| 873 | } | ||
| 874 | foreach (@oparr) { | ||
| 875 | my $test_failed = 0; | ||
| 876 | $cmdout .= $_; | ||
| 877 | if (/^Require explicit Policy: (.*)$/) { | ||
| 878 | $epol = $1; | ||
| 879 | } | ||
| 880 | if (/^Authority Policies/) { | ||
| 881 | if (/empty/) { | ||
| 882 | $aset = "<empty>"; | ||
| 883 | } | ||
| 884 | else { | ||
| 885 | $pol = 1; | ||
| 886 | } | ||
| 887 | } | ||
| 888 | $test_fail = 1 if (/leak/i); | ||
| 889 | if (/^User Policies/) { | ||
| 890 | if (/empty/) { | ||
| 891 | $uset = "<empty>"; | ||
| 892 | } | ||
| 893 | else { | ||
| 894 | $pol = 2; | ||
| 895 | } | ||
| 896 | } | ||
| 897 | if (/\s+Policy: (.*)$/) { | ||
| 898 | if ( $pol == 1 ) { | ||
| 899 | $aset .= ":" if $aset ne ""; | ||
| 900 | $aset .= $1; | ||
| 901 | } | ||
| 902 | elsif ( $pol == 2 ) { | ||
| 903 | $uset .= ":" if $uset ne ""; | ||
| 904 | $uset .= $1; | ||
| 905 | } | ||
| 906 | } | ||
| 907 | } | ||
| 908 | |||
| 909 | if ( $epol ne $exp_epol ) { | ||
| 910 | $errmsg .= "Explicit policy:$epol, "; | ||
| 911 | $errmsg .= "expected $exp_epol\n"; | ||
| 912 | $test_fail = 1; | ||
| 913 | } | ||
| 914 | if ( $aset ne $exp_aset ) { | ||
| 915 | $errmsg .= "Authority policy set :$aset, "; | ||
| 916 | $errmsg .= "expected $exp_aset\n"; | ||
| 917 | $test_fail = 1; | ||
| 918 | } | ||
| 919 | if ( $uset ne $exp_uset ) { | ||
| 920 | $errmsg .= "User policy set :$uset, "; | ||
| 921 | $errmsg .= "expected $exp_uset\n"; | ||
| 922 | $test_fail = 1; | ||
| 923 | } | ||
| 924 | |||
| 925 | if ( $exp_ret != $ret ) { | ||
| 926 | print "Return code:$ret, expected $exp_ret\n"; | ||
| 927 | $test_fail = 1; | ||
| 928 | } | ||
| 929 | |||
| 930 | if ($test_fail) { | ||
| 931 | print "$tnum $title : Failed!\n"; | ||
| 932 | print "Filename: $pkitsdir/$filename\n"; | ||
| 933 | print "Command output:\n$cmdout\n"; | ||
| 934 | $numfail++; | ||
| 935 | } | ||
| 936 | $numtest++; | ||
| 937 | } | ||
| 938 | } | ||
| 939 | } | ||
| 940 | |||
| 941 | if ($numfail) { | ||
| 942 | print "$numfail tests failed out of $numtest\n"; | ||
| 943 | } | ||
| 944 | else { | ||
| 945 | print "All Tests Successful.\n"; | ||
| 946 | } | ||
| 947 | |||
| 948 | unlink "pkitsta.pem"; | ||
| 949 | |||
diff --git a/src/lib/libssl/test/r160test.c b/src/lib/libssl/test/r160test.c deleted file mode 100644 index 0aadcdac16..0000000000 --- a/src/lib/libssl/test/r160test.c +++ /dev/null | |||
| @@ -1,57 +0,0 @@ | |||
| 1 | /* $OpenBSD: r160test.c,v 1.2 2014/06/12 15:49:31 deraadt Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt deleted file mode 100644 index e837c0b75b..0000000000 --- a/src/lib/libssl/test/smcont.txt +++ /dev/null | |||
| @@ -1 +0,0 @@ | |||
| 1 | Some test content for OpenSSL CMS \ No newline at end of file | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem deleted file mode 100644 index d5677dbfbe..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa1.pem +++ /dev/null | |||
| @@ -1,34 +0,0 @@ | |||
| 1 | -----BEGIN DSA PRIVATE KEY----- | ||
| 2 | MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 | ||
| 3 | OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt | ||
| 4 | GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J | ||
| 5 | jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt | ||
| 6 | wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK | ||
| 7 | +FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z | ||
| 8 | SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd | ||
| 9 | YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9 | ||
| 10 | C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx | ||
| 11 | 9fMUZq1v0ePD4Wo0Xkxo | ||
| 12 | -----END DSA PRIVATE KEY----- | ||
| 13 | -----BEGIN CERTIFICATE----- | ||
| 14 | MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
| 15 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
| 16 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
| 17 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
| 18 | ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 | ||
| 19 | CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ | ||
| 20 | mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 | ||
| 21 | jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB | ||
| 22 | CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV | ||
| 23 | kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D | ||
| 24 | xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN | ||
| 25 | CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M | ||
| 26 | 7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG | ||
| 27 | h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU | ||
| 28 | 4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput | ||
| 29 | aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV | ||
| 30 | c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO | ||
| 31 | kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8 | ||
| 32 | phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n | ||
| 33 | hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv | ||
| 34 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem deleted file mode 100644 index ef86c115d7..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa2.pem +++ /dev/null | |||
| @@ -1,34 +0,0 @@ | |||
| 1 | -----BEGIN DSA PRIVATE KEY----- | ||
| 2 | MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 | ||
| 3 | OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt | ||
| 4 | GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J | ||
| 5 | jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt | ||
| 6 | wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK | ||
| 7 | +FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z | ||
| 8 | SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v | ||
| 9 | It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ | ||
| 10 | VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2 | ||
| 11 | Nf8SimTZYB0/CKje6M5ufA== | ||
| 12 | -----END DSA PRIVATE KEY----- | ||
| 13 | -----BEGIN CERTIFICATE----- | ||
| 14 | MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
| 15 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
| 16 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
| 17 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
| 18 | ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 | ||
| 19 | CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ | ||
| 20 | mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 | ||
| 21 | jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB | ||
| 22 | CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV | ||
| 23 | kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D | ||
| 24 | xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA | ||
| 25 | g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm | ||
| 26 | 6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs | ||
| 27 | j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE | ||
| 28 | FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab | ||
| 29 | rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB | ||
| 30 | FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF | ||
| 31 | FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l | ||
| 32 | 6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0 | ||
| 33 | jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A== | ||
| 34 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem deleted file mode 100644 index eeb848dabc..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsa3.pem +++ /dev/null | |||
| @@ -1,34 +0,0 @@ | |||
| 1 | -----BEGIN DSA PRIVATE KEY----- | ||
| 2 | MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3 | ||
| 3 | OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt | ||
| 4 | GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J | ||
| 5 | jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt | ||
| 6 | wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK | ||
| 7 | +FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z | ||
| 8 | SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7 | ||
| 9 | GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju | ||
| 10 | TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g | ||
| 11 | Y+XZd0Sv69CatDIRYWvaIA== | ||
| 12 | -----END DSA PRIVATE KEY----- | ||
| 13 | -----BEGIN CERTIFICATE----- | ||
| 14 | MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
| 15 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
| 16 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
| 17 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
| 18 | ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7 | ||
| 19 | CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ | ||
| 20 | mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2 | ||
| 21 | jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB | ||
| 22 | CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV | ||
| 23 | kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D | ||
| 24 | xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj | ||
| 25 | M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz | ||
| 26 | aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/ | ||
| 27 | pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU | ||
| 28 | VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput | ||
| 29 | aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV | ||
| 30 | c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m | ||
| 31 | k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu | ||
| 32 | rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25 | ||
| 33 | OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x | ||
| 34 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem deleted file mode 100644 index 249706c8c7..0000000000 --- a/src/lib/libssl/test/smime-certs/smdsap.pem +++ /dev/null | |||
| @@ -1,9 +0,0 @@ | |||
| 1 | -----BEGIN DSA PARAMETERS----- | ||
| 2 | MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG | ||
| 3 | Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA | ||
| 4 | gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d | ||
| 5 | qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv | ||
| 6 | Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO | ||
| 7 | GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB | ||
| 8 | Qw5z | ||
| 9 | -----END DSA PARAMETERS----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem deleted file mode 100644 index a59eb2684c..0000000000 --- a/src/lib/libssl/test/smime-certs/smroot.pem +++ /dev/null | |||
| @@ -1,30 +0,0 @@ | |||
| 1 | -----BEGIN RSA PRIVATE KEY----- | ||
| 2 | MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki | ||
| 3 | 9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ | ||
| 4 | speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB | ||
| 5 | AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY | ||
| 6 | JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0 | ||
| 7 | xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ | ||
| 8 | U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS | ||
| 9 | Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO | ||
| 10 | 1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3 | ||
| 11 | 3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a | ||
| 12 | 3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN | ||
| 13 | U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8 | ||
| 14 | 0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc= | ||
| 15 | -----END RSA PRIVATE KEY----- | ||
| 16 | -----BEGIN CERTIFICATE----- | ||
| 17 | MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
| 18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
| 19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx | ||
| 20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU | ||
| 21 | ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA | ||
| 22 | wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF | ||
| 23 | 9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk | ||
| 24 | 81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O | ||
| 25 | BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX | ||
| 26 | dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG | ||
| 27 | SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS | ||
| 28 | l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp | ||
| 29 | r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG | ||
| 30 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem deleted file mode 100644 index 2cf3148e33..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa1.pem +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | -----BEGIN RSA PRIVATE KEY----- | ||
| 2 | MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E | ||
| 3 | ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7 | ||
| 4 | JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB | ||
| 5 | AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i | ||
| 6 | KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl | ||
| 7 | JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn | ||
| 8 | xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf | ||
| 9 | KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY | ||
| 10 | Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW | ||
| 11 | h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg | ||
| 12 | oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f | ||
| 13 | QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1 | ||
| 14 | SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA== | ||
| 15 | -----END RSA PRIVATE KEY----- | ||
| 16 | -----BEGIN CERTIFICATE----- | ||
| 17 | MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
| 18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
| 19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx | ||
| 20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
| 21 | ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB | ||
| 22 | ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl | ||
| 23 | ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ | ||
| 24 | yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD | ||
| 25 | VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z | ||
| 26 | OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud | ||
| 27 | EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi | ||
| 28 | O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj | ||
| 29 | 9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC | ||
| 30 | I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw== | ||
| 31 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem deleted file mode 100644 index d41f69c82f..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa2.pem +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | -----BEGIN RSA PRIVATE KEY----- | ||
| 2 | MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe | ||
| 3 | 59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT | ||
| 4 | WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB | ||
| 5 | AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551 | ||
| 6 | +rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q | ||
| 7 | dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx | ||
| 8 | bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6 | ||
| 9 | QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS | ||
| 10 | M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY | ||
| 11 | iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex | ||
| 12 | A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07 | ||
| 13 | jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG | ||
| 14 | 6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA== | ||
| 15 | -----END RSA PRIVATE KEY----- | ||
| 16 | -----BEGIN CERTIFICATE----- | ||
| 17 | MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
| 18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
| 19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx | ||
| 20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
| 21 | ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB | ||
| 22 | ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ | ||
| 23 | eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5 | ||
| 24 | 00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD | ||
| 25 | VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z | ||
| 26 | OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud | ||
| 27 | EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2 | ||
| 28 | rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe | ||
| 29 | ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2 | ||
| 30 | YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw== | ||
| 31 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem deleted file mode 100644 index c8cbe55151..0000000000 --- a/src/lib/libssl/test/smime-certs/smrsa3.pem +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | -----BEGIN RSA PRIVATE KEY----- | ||
| 2 | MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy | ||
| 3 | ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM | ||
| 4 | h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB | ||
| 5 | AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi | ||
| 6 | iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT | ||
| 7 | /1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p | ||
| 8 | ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC | ||
| 9 | hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs | ||
| 10 | OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj | ||
| 11 | RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T | ||
| 12 | 9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5 | ||
| 13 | GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd | ||
| 14 | VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc= | ||
| 15 | -----END RSA PRIVATE KEY----- | ||
| 16 | -----BEGIN CERTIFICATE----- | ||
| 17 | MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV | ||
| 18 | BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv | ||
| 19 | TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx | ||
| 20 | CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU | ||
| 21 | ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB | ||
| 22 | ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z | ||
| 23 | Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H | ||
| 24 | Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD | ||
| 25 | VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z | ||
| 26 | OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud | ||
| 27 | EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE | ||
| 28 | tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq | ||
| 29 | jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ | ||
| 30 | PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA== | ||
| 31 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl deleted file mode 100644 index 055269eab8..0000000000 --- a/src/lib/libssl/test/tcrl +++ /dev/null | |||
| @@ -1,78 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | cmd='../util/shlib_wrap.sh ../apps/openssl crl' | ||
| 4 | |||
| 5 | if [ "$1"x != "x" ]; then | ||
| 6 | t=$1 | ||
| 7 | else | ||
| 8 | t=testcrl.pem | ||
| 9 | fi | ||
| 10 | |||
| 11 | echo testing crl conversions | ||
| 12 | cp $t fff.p | ||
| 13 | |||
| 14 | echo "p -> d" | ||
| 15 | $cmd -in fff.p -inform p -outform d >f.d | ||
| 16 | if [ $? != 0 ]; then exit 1; fi | ||
| 17 | #echo "p -> t" | ||
| 18 | #$cmd -in fff.p -inform p -outform t >f.t | ||
| 19 | #if [ $? != 0 ]; then exit 1; fi | ||
| 20 | echo "p -> p" | ||
| 21 | $cmd -in fff.p -inform p -outform p >f.p | ||
| 22 | if [ $? != 0 ]; then exit 1; fi | ||
| 23 | |||
| 24 | echo "d -> d" | ||
| 25 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
| 26 | if [ $? != 0 ]; then exit 1; fi | ||
| 27 | #echo "t -> d" | ||
| 28 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
| 29 | #if [ $? != 0 ]; then exit 1; fi | ||
| 30 | echo "p -> d" | ||
| 31 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
| 32 | if [ $? != 0 ]; then exit 1; fi | ||
| 33 | |||
| 34 | #echo "d -> t" | ||
| 35 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
| 36 | #if [ $? != 0 ]; then exit 1; fi | ||
| 37 | #echo "t -> t" | ||
| 38 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
| 39 | #if [ $? != 0 ]; then exit 1; fi | ||
| 40 | #echo "p -> t" | ||
| 41 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
| 42 | #if [ $? != 0 ]; then exit 1; fi | ||
| 43 | |||
| 44 | echo "d -> p" | ||
| 45 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
| 46 | if [ $? != 0 ]; then exit 1; fi | ||
| 47 | #echo "t -> p" | ||
| 48 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
| 49 | #if [ $? != 0 ]; then exit 1; fi | ||
| 50 | echo "p -> p" | ||
| 51 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
| 52 | if [ $? != 0 ]; then exit 1; fi | ||
| 53 | |||
| 54 | cmp fff.p f.p | ||
| 55 | if [ $? != 0 ]; then exit 1; fi | ||
| 56 | cmp fff.p ff.p1 | ||
| 57 | if [ $? != 0 ]; then exit 1; fi | ||
| 58 | #cmp fff.p ff.p2 | ||
| 59 | #if [ $? != 0 ]; then exit 1; fi | ||
| 60 | cmp fff.p ff.p3 | ||
| 61 | if [ $? != 0 ]; then exit 1; fi | ||
| 62 | |||
| 63 | #cmp f.t ff.t1 | ||
| 64 | #if [ $? != 0 ]; then exit 1; fi | ||
| 65 | #cmp f.t ff.t2 | ||
| 66 | #if [ $? != 0 ]; then exit 1; fi | ||
| 67 | #cmp f.t ff.t3 | ||
| 68 | #if [ $? != 0 ]; then exit 1; fi | ||
| 69 | |||
| 70 | cmp f.p ff.p1 | ||
| 71 | if [ $? != 0 ]; then exit 1; fi | ||
| 72 | #cmp f.p ff.p2 | ||
| 73 | #if [ $? != 0 ]; then exit 1; fi | ||
| 74 | cmp f.p ff.p3 | ||
| 75 | if [ $? != 0 ]; then exit 1; fi | ||
| 76 | |||
| 77 | /bin/rm -f f.* ff.* fff.* | ||
| 78 | exit 0 | ||
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf deleted file mode 100644 index 10834442a1..0000000000 --- a/src/lib/libssl/test/test.cnf +++ /dev/null | |||
| @@ -1,88 +0,0 @@ | |||
| 1 | # | ||
| 2 | # SSLeay example configuration file. | ||
| 3 | # This is mostly being used for generation of certificate requests. | ||
| 4 | # | ||
| 5 | |||
| 6 | RANDFILE = ./.rnd | ||
| 7 | |||
| 8 | #################################################################### | ||
| 9 | [ ca ] | ||
| 10 | default_ca = CA_default # The default ca section | ||
| 11 | |||
| 12 | #################################################################### | ||
| 13 | [ CA_default ] | ||
| 14 | |||
| 15 | dir = ./demoCA # Where everything is kept | ||
| 16 | certs = $dir/certs # Where the issued certs are kept | ||
| 17 | crl_dir = $dir/crl # Where the issued crl are kept | ||
| 18 | database = $dir/index.txt # database index file. | ||
| 19 | new_certs_dir = $dir/new_certs # default place for new certs. | ||
| 20 | |||
| 21 | certificate = $dir/CAcert.pem # The CA certificate | ||
| 22 | serial = $dir/serial # The current serial number | ||
| 23 | crl = $dir/crl.pem # The current CRL | ||
| 24 | private_key = $dir/private/CAkey.pem# The private key | ||
| 25 | RANDFILE = $dir/private/.rand # private random number file | ||
| 26 | |||
| 27 | default_days = 365 # how long to certify for | ||
| 28 | default_crl_days= 30 # how long before next CRL | ||
| 29 | default_md = md5 # which md to use. | ||
| 30 | |||
| 31 | # A few difference way of specifying how similar the request should look | ||
| 32 | # For type CA, the listed attributes must be the same, and the optional | ||
| 33 | # and supplied fields are just that :-) | ||
| 34 | policy = policy_match | ||
| 35 | |||
| 36 | # For the CA policy | ||
| 37 | [ policy_match ] | ||
| 38 | countryName = match | ||
| 39 | stateOrProvinceName = match | ||
| 40 | organizationName = match | ||
| 41 | organizationalUnitName = optional | ||
| 42 | commonName = supplied | ||
| 43 | emailAddress = optional | ||
| 44 | |||
| 45 | # For the 'anything' policy | ||
| 46 | # At this point in time, you must list all acceptable 'object' | ||
| 47 | # types. | ||
| 48 | [ policy_anything ] | ||
| 49 | countryName = optional | ||
| 50 | stateOrProvinceName = optional | ||
| 51 | localityName = optional | ||
| 52 | organizationName = optional | ||
| 53 | organizationalUnitName = optional | ||
| 54 | commonName = supplied | ||
| 55 | emailAddress = optional | ||
| 56 | |||
| 57 | #################################################################### | ||
| 58 | [ req ] | ||
| 59 | default_bits = 1024 | ||
| 60 | default_keyfile = testkey.pem | ||
| 61 | distinguished_name = req_distinguished_name | ||
| 62 | encrypt_rsa_key = no | ||
| 63 | |||
| 64 | [ req_distinguished_name ] | ||
| 65 | countryName = Country Name (2 letter code) | ||
| 66 | countryName_default = AU | ||
| 67 | countryName_value = AU | ||
| 68 | |||
| 69 | stateOrProvinceName = State or Province Name (full name) | ||
| 70 | stateOrProvinceName_default = Queensland | ||
| 71 | stateOrProvinceName_value = | ||
| 72 | |||
| 73 | localityName = Locality Name (eg, city) | ||
| 74 | localityName_value = Brisbane | ||
| 75 | |||
| 76 | organizationName = Organization Name (eg, company) | ||
| 77 | organizationName_default = | ||
| 78 | organizationName_value = CryptSoft Pty Ltd | ||
| 79 | |||
| 80 | organizationalUnitName = Organizational Unit Name (eg, section) | ||
| 81 | organizationalUnitName_default = | ||
| 82 | organizationalUnitName_value = . | ||
| 83 | |||
| 84 | commonName = Common Name (eg, YOUR name) | ||
| 85 | commonName_value = Eric Young | ||
| 86 | |||
| 87 | emailAddress = Email Address | ||
| 88 | emailAddress_value = eay@mincom.oz.au | ||
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni deleted file mode 100644 index e8fb63ee2b..0000000000 --- a/src/lib/libssl/test/test_aesni +++ /dev/null | |||
| @@ -1,69 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | PROG=$1 | ||
| 4 | |||
| 5 | if [ -x $PROG ]; then | ||
| 6 | if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then | ||
| 7 | : | ||
| 8 | else | ||
| 9 | echo "$PROG is not OpenSSL executable" | ||
| 10 | exit 1 | ||
| 11 | fi | ||
| 12 | else | ||
| 13 | echo "$PROG is not executable" | ||
| 14 | exit 1; | ||
| 15 | fi | ||
| 16 | |||
| 17 | if $PROG engine aesni | grep -v no-aesni; then | ||
| 18 | |||
| 19 | HASH=`cat $PROG | $PROG dgst -hex` | ||
| 20 | |||
| 21 | AES_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ | ||
| 22 | aes-128-cbc aes-192-cbc aes-256-cbc \ | ||
| 23 | aes-128-cfb aes-192-cfb aes-256-cfb \ | ||
| 24 | aes-128-ofb aes-192-ofb aes-256-ofb" | ||
| 25 | BUFSIZE="16 32 48 64 80 96 128 144 999" | ||
| 26 | |||
| 27 | nerr=0 | ||
| 28 | |||
| 29 | for alg in $AES_ALGS; do | ||
| 30 | echo $alg | ||
| 31 | for bufsize in $BUFSIZE; do | ||
| 32 | TEST=`( cat $PROG | \ | ||
| 33 | $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ | ||
| 34 | $PROG enc -d -k "$HASH" -$alg | \ | ||
| 35 | $PROG dgst -hex ) 2>/dev/null` | ||
| 36 | if [ "$TEST" != "$HASH" ]; then | ||
| 37 | echo "-$alg/$bufsize encrypt test failed" | ||
| 38 | nerr=`expr $nerr + 1` | ||
| 39 | fi | ||
| 40 | done | ||
| 41 | for bufsize in $BUFSIZE; do | ||
| 42 | TEST=`( cat $PROG | \ | ||
| 43 | $PROG enc -e -k "$HASH" -$alg | \ | ||
| 44 | $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \ | ||
| 45 | $PROG dgst -hex ) 2>/dev/null` | ||
| 46 | if [ "$TEST" != "$HASH" ]; then | ||
| 47 | echo "-$alg/$bufsize decrypt test failed" | ||
| 48 | nerr=`expr $nerr + 1` | ||
| 49 | fi | ||
| 50 | done | ||
| 51 | TEST=`( cat $PROG | \ | ||
| 52 | $PROG enc -e -k "$HASH" -$alg -engine aesni | \ | ||
| 53 | $PROG enc -d -k "$HASH" -$alg -engine aesni | \ | ||
| 54 | $PROG dgst -hex ) 2>/dev/null` | ||
| 55 | if [ "$TEST" != "$HASH" ]; then | ||
| 56 | echo "-$alg en/decrypt test failed" | ||
| 57 | nerr=`expr $nerr + 1` | ||
| 58 | fi | ||
| 59 | done | ||
| 60 | |||
| 61 | if [ $nerr -gt 0 ]; then | ||
| 62 | echo "AESNI engine test failed." | ||
| 63 | exit 1; | ||
| 64 | fi | ||
| 65 | else | ||
| 66 | echo "AESNI engine is not available" | ||
| 67 | fi | ||
| 68 | |||
| 69 | exit 0 | ||
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock deleted file mode 100755 index 5c0f21043c..0000000000 --- a/src/lib/libssl/test/test_padlock +++ /dev/null | |||
| @@ -1,64 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | PROG=$1 | ||
| 4 | |||
| 5 | if [ -x $PROG ]; then | ||
| 6 | if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then | ||
| 7 | : | ||
| 8 | else | ||
| 9 | echo "$PROG is not OpenSSL executable" | ||
| 10 | exit 1 | ||
| 11 | fi | ||
| 12 | else | ||
| 13 | echo "$PROG is not executable" | ||
| 14 | exit 1; | ||
| 15 | fi | ||
| 16 | |||
| 17 | if $PROG engine padlock | grep -v no-ACE; then | ||
| 18 | |||
| 19 | HASH=`cat $PROG | $PROG dgst -hex` | ||
| 20 | |||
| 21 | ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \ | ||
| 22 | aes-128-cbc aes-192-cbc aes-256-cbc \ | ||
| 23 | aes-128-cfb aes-192-cfb aes-256-cfb \ | ||
| 24 | aes-128-ofb aes-192-ofb aes-256-ofb" | ||
| 25 | |||
| 26 | nerr=0 | ||
| 27 | |||
| 28 | for alg in $ACE_ALGS; do | ||
| 29 | echo $alg | ||
| 30 | TEST=`( cat $PROG | \ | ||
| 31 | $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \ | ||
| 32 | $PROG enc -d -k "$HASH" -$alg | \ | ||
| 33 | $PROG dgst -hex ) 2>/dev/null` | ||
| 34 | if [ "$TEST" != "$HASH" ]; then | ||
| 35 | echo "-$alg encrypt test failed" | ||
| 36 | nerr=`expr $nerr + 1` | ||
| 37 | fi | ||
| 38 | TEST=`( cat $PROG | \ | ||
| 39 | $PROG enc -e -k "$HASH" -$alg | \ | ||
| 40 | $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \ | ||
| 41 | $PROG dgst -hex ) 2>/dev/null` | ||
| 42 | if [ "$TEST" != "$HASH" ]; then | ||
| 43 | echo "-$alg decrypt test failed" | ||
| 44 | nerr=`expr $nerr + 1` | ||
| 45 | fi | ||
| 46 | TEST=`( cat $PROG | \ | ||
| 47 | $PROG enc -e -k "$HASH" -$alg -engine padlock | \ | ||
| 48 | $PROG enc -d -k "$HASH" -$alg -engine padlock | \ | ||
| 49 | $PROG dgst -hex ) 2>/dev/null` | ||
| 50 | if [ "$TEST" != "$HASH" ]; then | ||
| 51 | echo "-$alg en/decrypt test failed" | ||
| 52 | nerr=`expr $nerr + 1` | ||
| 53 | fi | ||
| 54 | done | ||
| 55 | |||
| 56 | if [ $nerr -gt 0 ]; then | ||
| 57 | echo "PadLock ACE test failed." | ||
| 58 | exit 1; | ||
| 59 | fi | ||
| 60 | else | ||
| 61 | echo "PadLock ACE is not available" | ||
| 62 | fi | ||
| 63 | |||
| 64 | exit 0 | ||
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca deleted file mode 100644 index b109cfe271..0000000000 --- a/src/lib/libssl/test/testca +++ /dev/null | |||
| @@ -1,51 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | SH="/bin/sh" | ||
| 4 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 5 | PATH="../apps\;$PATH" | ||
| 6 | else | ||
| 7 | PATH="../apps:$PATH" | ||
| 8 | fi | ||
| 9 | export SH PATH | ||
| 10 | |||
| 11 | SSLEAY_CONFIG="-config CAss.cnf" | ||
| 12 | export SSLEAY_CONFIG | ||
| 13 | |||
| 14 | OPENSSL="`pwd`/../util/opensslwrap.sh" | ||
| 15 | export OPENSSL | ||
| 16 | |||
| 17 | /bin/rm -fr demoCA | ||
| 18 | $SH ../apps/CA.sh -newca <<EOF | ||
| 19 | EOF | ||
| 20 | |||
| 21 | if [ $? != 0 ]; then | ||
| 22 | exit 1; | ||
| 23 | fi | ||
| 24 | |||
| 25 | SSLEAY_CONFIG="-config Uss.cnf" | ||
| 26 | export SSLEAY_CONFIG | ||
| 27 | $SH ../apps/CA.sh -newreq | ||
| 28 | if [ $? != 0 ]; then | ||
| 29 | exit 1; | ||
| 30 | fi | ||
| 31 | |||
| 32 | |||
| 33 | SSLEAY_CONFIG="-config ../apps/openssl.cnf" | ||
| 34 | export SSLEAY_CONFIG | ||
| 35 | $SH ../apps/CA.sh -sign <<EOF | ||
| 36 | y | ||
| 37 | y | ||
| 38 | EOF | ||
| 39 | if [ $? != 0 ]; then | ||
| 40 | exit 1; | ||
| 41 | fi | ||
| 42 | |||
| 43 | |||
| 44 | $SH ../apps/CA.sh -verify newcert.pem | ||
| 45 | if [ $? != 0 ]; then | ||
| 46 | exit 1; | ||
| 47 | fi | ||
| 48 | |||
| 49 | /bin/rm -fr demoCA newcert.pem newreq.pem | ||
| 50 | #usage: CA -newcert|-newreq|-newca|-sign|-verify | ||
| 51 | |||
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem deleted file mode 100644 index 0989788354..0000000000 --- a/src/lib/libssl/test/testcrl.pem +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | -----BEGIN X509 CRL----- | ||
| 2 | MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT | ||
| 3 | F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy | ||
| 4 | IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw | ||
| 5 | MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw | ||
| 6 | MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw | ||
| 7 | MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw | ||
| 8 | MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw | ||
| 9 | MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw | ||
| 10 | MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw | ||
| 11 | NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw | ||
| 12 | NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF | ||
| 13 | AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ | ||
| 14 | wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt | ||
| 15 | JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v | ||
| 16 | -----END X509 CRL----- | ||
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc deleted file mode 100644 index f5ce7c0c45..0000000000 --- a/src/lib/libssl/test/testenc +++ /dev/null | |||
| @@ -1,54 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | testsrc=Makefile | ||
| 4 | test=./p | ||
| 5 | cmd="../util/shlib_wrap.sh ../apps/openssl" | ||
| 6 | |||
| 7 | cat $testsrc >$test; | ||
| 8 | |||
| 9 | echo cat | ||
| 10 | $cmd enc < $test > $test.cipher | ||
| 11 | $cmd enc < $test.cipher >$test.clear | ||
| 12 | cmp $test $test.clear | ||
| 13 | if [ $? != 0 ] | ||
| 14 | then | ||
| 15 | exit 1 | ||
| 16 | else | ||
| 17 | /bin/rm $test.cipher $test.clear | ||
| 18 | fi | ||
| 19 | echo base64 | ||
| 20 | $cmd enc -a -e < $test > $test.cipher | ||
| 21 | $cmd enc -a -d < $test.cipher >$test.clear | ||
| 22 | cmp $test $test.clear | ||
| 23 | if [ $? != 0 ] | ||
| 24 | then | ||
| 25 | exit 1 | ||
| 26 | else | ||
| 27 | /bin/rm $test.cipher $test.clear | ||
| 28 | fi | ||
| 29 | |||
| 30 | for i in `$cmd list-cipher-commands` | ||
| 31 | do | ||
| 32 | echo $i | ||
| 33 | $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher | ||
| 34 | $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear | ||
| 35 | cmp $test $test.$i.clear | ||
| 36 | if [ $? != 0 ] | ||
| 37 | then | ||
| 38 | exit 1 | ||
| 39 | else | ||
| 40 | /bin/rm $test.$i.cipher $test.$i.clear | ||
| 41 | fi | ||
| 42 | |||
| 43 | echo $i base64 | ||
| 44 | $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher | ||
| 45 | $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear | ||
| 46 | cmp $test $test.$i.clear | ||
| 47 | if [ $? != 0 ] | ||
| 48 | then | ||
| 49 | exit 1 | ||
| 50 | else | ||
| 51 | /bin/rm $test.$i.cipher $test.$i.clear | ||
| 52 | fi | ||
| 53 | done | ||
| 54 | rm -f $test | ||
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen deleted file mode 100644 index 524c0d134c..0000000000 --- a/src/lib/libssl/test/testgen +++ /dev/null | |||
| @@ -1,44 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | T=testcert | ||
| 4 | KEY=512 | ||
| 5 | CA=../certs/testca.pem | ||
| 6 | |||
| 7 | /bin/rm -f $T.1 $T.2 $T.key | ||
| 8 | |||
| 9 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 10 | PATH=../apps\;$PATH; | ||
| 11 | else | ||
| 12 | PATH=../apps:$PATH; | ||
| 13 | fi | ||
| 14 | export PATH | ||
| 15 | |||
| 16 | echo "generating certificate request" | ||
| 17 | |||
| 18 | echo "string to make the random number generator think it has entropy" >> ./.rnd | ||
| 19 | |||
| 20 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
| 21 | req_new='-newkey dsa:../apps/dsa512.pem' | ||
| 22 | else | ||
| 23 | req_new='-new' | ||
| 24 | echo "There should be a 2 sequences of .'s and some +'s." | ||
| 25 | echo "There should not be more that at most 80 per line" | ||
| 26 | fi | ||
| 27 | |||
| 28 | echo "This could take some time." | ||
| 29 | |||
| 30 | rm -f testkey.pem testreq.pem | ||
| 31 | |||
| 32 | ../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem | ||
| 33 | if [ $? != 0 ]; then | ||
| 34 | echo problems creating request | ||
| 35 | exit 1 | ||
| 36 | fi | ||
| 37 | |||
| 38 | ../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout | ||
| 39 | if [ $? != 0 ]; then | ||
| 40 | echo signature on req is wrong | ||
| 41 | exit 1 | ||
| 42 | fi | ||
| 43 | |||
| 44 | exit 0 | ||
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem deleted file mode 100644 index e5b7866c31..0000000000 --- a/src/lib/libssl/test/testp7.pem +++ /dev/null | |||
| @@ -1,46 +0,0 @@ | |||
| 1 | -----BEGIN PKCS7----- | ||
| 2 | MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE | ||
| 3 | cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw | ||
| 4 | DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV | ||
| 5 | BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw | ||
| 6 | HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 | ||
| 7 | ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln | ||
| 8 | biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E | ||
| 9 | aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy | ||
| 10 | aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M | ||
| 11 | VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq | ||
| 12 | UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC | ||
| 13 | AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR | ||
| 14 | BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 | ||
| 15 | ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 | ||
| 16 | IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l | ||
| 17 | bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t | ||
| 18 | L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t | ||
| 19 | OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s | ||
| 20 | IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 | ||
| 21 | ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 | ||
| 22 | cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ | ||
| 23 | QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC | ||
| 24 | MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu | ||
| 25 | AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr | ||
| 26 | cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC | ||
| 27 | AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | ||
| 28 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | ||
| 29 | QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu | ||
| 30 | dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp | ||
| 31 | Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 | ||
| 32 | DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES | ||
| 33 | TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE | ||
| 34 | AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD | ||
| 35 | 2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU | ||
| 36 | 47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | ||
| 37 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | ||
| 38 | QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB | ||
| 39 | AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl | ||
| 40 | ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE | ||
| 41 | BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW | ||
| 42 | ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 | ||
| 43 | MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW | ||
| 44 | sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 | ||
| 45 | XfZsaiiIgotQHjEA | ||
| 46 | -----END PKCS7----- | ||
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem deleted file mode 100644 index c3cdcffcbc..0000000000 --- a/src/lib/libssl/test/testreq2.pem +++ /dev/null | |||
| @@ -1,7 +0,0 @@ | |||
| 1 | -----BEGIN CERTIFICATE REQUEST----- | ||
| 2 | MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC | ||
| 3 | QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG | ||
| 4 | DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq | ||
| 5 | hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi | ||
| 6 | gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U= | ||
| 7 | -----END CERTIFICATE REQUEST----- | ||
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem deleted file mode 100644 index aad21067a8..0000000000 --- a/src/lib/libssl/test/testrsa.pem +++ /dev/null | |||
| @@ -1,9 +0,0 @@ | |||
| 1 | -----BEGIN RSA PRIVATE KEY----- | ||
| 2 | MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I | ||
| 3 | Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R | ||
| 4 | rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy | ||
| 5 | oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S | ||
| 6 | mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz | ||
| 7 | rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA | ||
| 8 | mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= | ||
| 9 | -----END RSA PRIVATE KEY----- | ||
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem deleted file mode 100644 index 7ffd008f66..0000000000 --- a/src/lib/libssl/test/testsid.pem +++ /dev/null | |||
| @@ -1,12 +0,0 @@ | |||
| 1 | -----BEGIN SSL SESSION PARAMETERS----- | ||
| 2 | MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV | ||
| 3 | bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw | ||
| 4 | ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz | ||
| 5 | YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG | ||
| 6 | A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk | ||
| 7 | LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G | ||
| 8 | CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD | ||
| 9 | TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI | ||
| 10 | hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L | ||
| 11 | CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0 | ||
| 12 | -----END SSL SESSION PARAMETERS----- | ||
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss deleted file mode 100644 index 1a426857d3..0000000000 --- a/src/lib/libssl/test/testss +++ /dev/null | |||
| @@ -1,163 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | digest='-sha1' | ||
| 4 | reqcmd="../util/shlib_wrap.sh ../apps/openssl req" | ||
| 5 | x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" | ||
| 6 | verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" | ||
| 7 | dummycnf="../apps/openssl.cnf" | ||
| 8 | |||
| 9 | CAkey="keyCA.ss" | ||
| 10 | CAcert="certCA.ss" | ||
| 11 | CAreq="reqCA.ss" | ||
| 12 | CAconf="CAss.cnf" | ||
| 13 | CAreq2="req2CA.ss" # temp | ||
| 14 | |||
| 15 | Uconf="Uss.cnf" | ||
| 16 | Ukey="keyU.ss" | ||
| 17 | Ureq="reqU.ss" | ||
| 18 | Ucert="certU.ss" | ||
| 19 | |||
| 20 | P1conf="P1ss.cnf" | ||
| 21 | P1key="keyP1.ss" | ||
| 22 | P1req="reqP1.ss" | ||
| 23 | P1cert="certP1.ss" | ||
| 24 | P1intermediate="tmp_intP1.ss" | ||
| 25 | |||
| 26 | P2conf="P2ss.cnf" | ||
| 27 | P2key="keyP2.ss" | ||
| 28 | P2req="reqP2.ss" | ||
| 29 | P2cert="certP2.ss" | ||
| 30 | P2intermediate="tmp_intP2.ss" | ||
| 31 | |||
| 32 | echo | ||
| 33 | echo "make a certificate request using 'req'" | ||
| 34 | |||
| 35 | echo "string to make the random number generator think it has entropy" >> ./.rnd | ||
| 36 | |||
| 37 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
| 38 | req_new='-newkey dsa:../apps/dsa512.pem' | ||
| 39 | else | ||
| 40 | req_new='-new' | ||
| 41 | fi | ||
| 42 | |||
| 43 | $reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss | ||
| 44 | if [ $? != 0 ]; then | ||
| 45 | echo "error using 'req' to generate a certificate request" | ||
| 46 | exit 1 | ||
| 47 | fi | ||
| 48 | echo | ||
| 49 | echo "convert the certificate request into a self signed certificate using 'x509'" | ||
| 50 | $x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss | ||
| 51 | if [ $? != 0 ]; then | ||
| 52 | echo "error using 'x509' to self sign a certificate request" | ||
| 53 | exit 1 | ||
| 54 | fi | ||
| 55 | |||
| 56 | echo | ||
| 57 | echo "convert a certificate into a certificate request using 'x509'" | ||
| 58 | $x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss | ||
| 59 | if [ $? != 0 ]; then | ||
| 60 | echo "error using 'x509' convert a certificate to a certificate request" | ||
| 61 | exit 1 | ||
| 62 | fi | ||
| 63 | |||
| 64 | $reqcmd -config $dummycnf -verify -in $CAreq -noout | ||
| 65 | if [ $? != 0 ]; then | ||
| 66 | echo first generated request is invalid | ||
| 67 | exit 1 | ||
| 68 | fi | ||
| 69 | |||
| 70 | $reqcmd -config $dummycnf -verify -in $CAreq2 -noout | ||
| 71 | if [ $? != 0 ]; then | ||
| 72 | echo second generated request is invalid | ||
| 73 | exit 1 | ||
| 74 | fi | ||
| 75 | |||
| 76 | $verifycmd -CAfile $CAcert $CAcert | ||
| 77 | if [ $? != 0 ]; then | ||
| 78 | echo first generated cert is invalid | ||
| 79 | exit 1 | ||
| 80 | fi | ||
| 81 | |||
| 82 | echo | ||
| 83 | echo "make a user certificate request using 'req'" | ||
| 84 | $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss | ||
| 85 | if [ $? != 0 ]; then | ||
| 86 | echo "error using 'req' to generate a user certificate request" | ||
| 87 | exit 1 | ||
| 88 | fi | ||
| 89 | |||
| 90 | echo | ||
| 91 | echo "sign user certificate request with the just created CA via 'x509'" | ||
| 92 | $x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss | ||
| 93 | if [ $? != 0 ]; then | ||
| 94 | echo "error using 'x509' to sign a user certificate request" | ||
| 95 | exit 1 | ||
| 96 | fi | ||
| 97 | |||
| 98 | $verifycmd -CAfile $CAcert $Ucert | ||
| 99 | echo | ||
| 100 | echo "Certificate details" | ||
| 101 | $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert | ||
| 102 | |||
| 103 | echo | ||
| 104 | echo "make a proxy certificate request using 'req'" | ||
| 105 | $reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss | ||
| 106 | if [ $? != 0 ]; then | ||
| 107 | echo "error using 'req' to generate a proxy certificate request" | ||
| 108 | exit 1 | ||
| 109 | fi | ||
| 110 | |||
| 111 | echo | ||
| 112 | echo "sign proxy certificate request with the just created user certificate via 'x509'" | ||
| 113 | $x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss | ||
| 114 | if [ $? != 0 ]; then | ||
| 115 | echo "error using 'x509' to sign a proxy certificate request" | ||
| 116 | exit 1 | ||
| 117 | fi | ||
| 118 | |||
| 119 | cat $Ucert > $P1intermediate | ||
| 120 | $verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert | ||
| 121 | echo | ||
| 122 | echo "Certificate details" | ||
| 123 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert | ||
| 124 | |||
| 125 | echo | ||
| 126 | echo "make another proxy certificate request using 'req'" | ||
| 127 | $reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss | ||
| 128 | if [ $? != 0 ]; then | ||
| 129 | echo "error using 'req' to generate another proxy certificate request" | ||
| 130 | exit 1 | ||
| 131 | fi | ||
| 132 | |||
| 133 | echo | ||
| 134 | echo "sign second proxy certificate request with the first proxy certificate via 'x509'" | ||
| 135 | $x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss | ||
| 136 | if [ $? != 0 ]; then | ||
| 137 | echo "error using 'x509' to sign a second proxy certificate request" | ||
| 138 | exit 1 | ||
| 139 | fi | ||
| 140 | |||
| 141 | cat $Ucert $P1cert > $P2intermediate | ||
| 142 | $verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert | ||
| 143 | echo | ||
| 144 | echo "Certificate details" | ||
| 145 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert | ||
| 146 | |||
| 147 | echo | ||
| 148 | echo The generated CA certificate is $CAcert | ||
| 149 | echo The generated CA private key is $CAkey | ||
| 150 | |||
| 151 | echo The generated user certificate is $Ucert | ||
| 152 | echo The generated user private key is $Ukey | ||
| 153 | |||
| 154 | echo The first generated proxy certificate is $P1cert | ||
| 155 | echo The first generated proxy private key is $P1key | ||
| 156 | |||
| 157 | echo The second generated proxy certificate is $P2cert | ||
| 158 | echo The second generated proxy private key is $P2key | ||
| 159 | |||
| 160 | /bin/rm err.ss | ||
| 161 | #/bin/rm $P1intermediate | ||
| 162 | #/bin/rm $P2intermediate | ||
| 163 | exit 0 | ||
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl deleted file mode 100644 index 4e8542b556..0000000000 --- a/src/lib/libssl/test/testssl +++ /dev/null | |||
| @@ -1,178 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | if [ "$1" = "" ]; then | ||
| 4 | key=../apps/server.pem | ||
| 5 | else | ||
| 6 | key="$1" | ||
| 7 | fi | ||
| 8 | if [ "$2" = "" ]; then | ||
| 9 | cert=../apps/server.pem | ||
| 10 | else | ||
| 11 | cert="$2" | ||
| 12 | fi | ||
| 13 | ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" | ||
| 14 | |||
| 15 | if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then | ||
| 16 | dsa_cert=YES | ||
| 17 | else | ||
| 18 | dsa_cert=NO | ||
| 19 | fi | ||
| 20 | |||
| 21 | if [ "$3" = "" ]; then | ||
| 22 | CA="-CApath ../certs" | ||
| 23 | else | ||
| 24 | CA="-CAfile $3" | ||
| 25 | fi | ||
| 26 | |||
| 27 | if [ "$4" = "" ]; then | ||
| 28 | extra="" | ||
| 29 | else | ||
| 30 | extra="$4" | ||
| 31 | fi | ||
| 32 | |||
| 33 | ############################################################################# | ||
| 34 | |||
| 35 | echo test sslv2 | ||
| 36 | $ssltest -ssl2 $extra || exit 1 | ||
| 37 | |||
| 38 | echo test sslv2 with server authentication | ||
| 39 | $ssltest -ssl2 -server_auth $CA $extra || exit 1 | ||
| 40 | |||
| 41 | if [ $dsa_cert = NO ]; then | ||
| 42 | echo test sslv2 with client authentication | ||
| 43 | $ssltest -ssl2 -client_auth $CA $extra || exit 1 | ||
| 44 | |||
| 45 | echo test sslv2 with both client and server authentication | ||
| 46 | $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 | ||
| 47 | fi | ||
| 48 | |||
| 49 | echo test sslv3 | ||
| 50 | $ssltest -ssl3 $extra || exit 1 | ||
| 51 | |||
| 52 | echo test sslv3 with server authentication | ||
| 53 | $ssltest -ssl3 -server_auth $CA $extra || exit 1 | ||
| 54 | |||
| 55 | echo test sslv3 with client authentication | ||
| 56 | $ssltest -ssl3 -client_auth $CA $extra || exit 1 | ||
| 57 | |||
| 58 | echo test sslv3 with both client and server authentication | ||
| 59 | $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 | ||
| 60 | |||
| 61 | echo test sslv2/sslv3 | ||
| 62 | $ssltest $extra || exit 1 | ||
| 63 | |||
| 64 | echo test sslv2/sslv3 with server authentication | ||
| 65 | $ssltest -server_auth $CA $extra || exit 1 | ||
| 66 | |||
| 67 | echo test sslv2/sslv3 with client authentication | ||
| 68 | $ssltest -client_auth $CA $extra || exit 1 | ||
| 69 | |||
| 70 | echo test sslv2/sslv3 with both client and server authentication | ||
| 71 | $ssltest -server_auth -client_auth $CA $extra || exit 1 | ||
| 72 | |||
| 73 | echo test sslv2 via BIO pair | ||
| 74 | $ssltest -bio_pair -ssl2 $extra || exit 1 | ||
| 75 | |||
| 76 | echo test sslv2 with server authentication via BIO pair | ||
| 77 | $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 | ||
| 78 | |||
| 79 | if [ $dsa_cert = NO ]; then | ||
| 80 | echo test sslv2 with client authentication via BIO pair | ||
| 81 | $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 | ||
| 82 | |||
| 83 | echo test sslv2 with both client and server authentication via BIO pair | ||
| 84 | $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 | ||
| 85 | fi | ||
| 86 | |||
| 87 | echo test sslv3 via BIO pair | ||
| 88 | $ssltest -bio_pair -ssl3 $extra || exit 1 | ||
| 89 | |||
| 90 | echo test sslv3 with server authentication via BIO pair | ||
| 91 | $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 | ||
| 92 | |||
| 93 | echo test sslv3 with client authentication via BIO pair | ||
| 94 | $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 | ||
| 95 | |||
| 96 | echo test sslv3 with both client and server authentication via BIO pair | ||
| 97 | $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 | ||
| 98 | |||
| 99 | echo test sslv2/sslv3 via BIO pair | ||
| 100 | $ssltest $extra || exit 1 | ||
| 101 | |||
| 102 | if [ $dsa_cert = NO ]; then | ||
| 103 | echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' | ||
| 104 | $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 | ||
| 105 | fi | ||
| 106 | |||
| 107 | echo test sslv2/sslv3 with 1024bit DHE via BIO pair | ||
| 108 | $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 | ||
| 109 | |||
| 110 | echo test sslv2/sslv3 with server authentication | ||
| 111 | $ssltest -bio_pair -server_auth $CA $extra || exit 1 | ||
| 112 | |||
| 113 | echo test sslv2/sslv3 with client authentication via BIO pair | ||
| 114 | $ssltest -bio_pair -client_auth $CA $extra || exit 1 | ||
| 115 | |||
| 116 | echo test sslv2/sslv3 with both client and server authentication via BIO pair | ||
| 117 | $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 | ||
| 118 | |||
| 119 | echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify | ||
| 120 | $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 | ||
| 121 | |||
| 122 | echo "Testing ciphersuites" | ||
| 123 | for protocol in TLSv1.2 SSLv3; do | ||
| 124 | echo "Testing ciphersuites for $protocol" | ||
| 125 | for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do | ||
| 126 | echo "Testing $cipher" | ||
| 127 | prot="" | ||
| 128 | if [ $protocol = "SSLv3" ] ; then | ||
| 129 | prot="-ssl3" | ||
| 130 | fi | ||
| 131 | $ssltest -cipher $cipher $prot | ||
| 132 | if [ $? -ne 0 ] ; then | ||
| 133 | echo "Failed $cipher" | ||
| 134 | exit 1 | ||
| 135 | fi | ||
| 136 | done | ||
| 137 | done | ||
| 138 | |||
| 139 | ############################################################################# | ||
| 140 | |||
| 141 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then | ||
| 142 | echo skipping anonymous DH tests | ||
| 143 | else | ||
| 144 | echo test tls1 with 1024bit anonymous DH, multiple handshakes | ||
| 145 | $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 | ||
| 146 | fi | ||
| 147 | |||
| 148 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
| 149 | echo skipping RSA tests | ||
| 150 | else | ||
| 151 | echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' | ||
| 152 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 | ||
| 153 | |||
| 154 | if ../util/shlib_wrap.sh ../apps/openssl no-dh; then | ||
| 155 | echo skipping RSA+DHE tests | ||
| 156 | else | ||
| 157 | echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes | ||
| 158 | ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 | ||
| 159 | fi | ||
| 160 | fi | ||
| 161 | |||
| 162 | echo test tls1 with PSK | ||
| 163 | $ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 | ||
| 164 | |||
| 165 | echo test tls1 with PSK via BIO pair | ||
| 166 | $ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 | ||
| 167 | |||
| 168 | if ../util/shlib_wrap.sh ../apps/openssl no-srp; then | ||
| 169 | echo skipping SRP tests | ||
| 170 | else | ||
| 171 | echo test tls1 with SRP | ||
| 172 | $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 | ||
| 173 | |||
| 174 | echo test tls1 with SRP via BIO pair | ||
| 175 | $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 | ||
| 176 | fi | ||
| 177 | |||
| 178 | exit 0 | ||
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy deleted file mode 100644 index 58bbda8ab7..0000000000 --- a/src/lib/libssl/test/testsslproxy +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | #! /bin/sh | ||
| 2 | |||
| 3 | echo 'Testing a lot of proxy conditions.' | ||
| 4 | echo 'Some of them may turn out being invalid, which is fine.' | ||
| 5 | for auth in A B C BC; do | ||
| 6 | for cond in A B C 'A|B&!C'; do | ||
| 7 | sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond" | ||
| 8 | if [ $? = 3 ]; then exit 1; fi | ||
| 9 | done | ||
| 10 | done | ||
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa deleted file mode 100644 index bb653b5f73..0000000000 --- a/src/lib/libssl/test/testtsa +++ /dev/null | |||
| @@ -1,238 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | # | ||
| 4 | # A few very basic tests for the 'ts' time stamping authority command. | ||
| 5 | # | ||
| 6 | |||
| 7 | SH="/bin/sh" | ||
| 8 | if test "$OSTYPE" = msdosdjgpp; then | ||
| 9 | PATH="../apps\;$PATH" | ||
| 10 | else | ||
| 11 | PATH="../apps:$PATH" | ||
| 12 | fi | ||
| 13 | export SH PATH | ||
| 14 | |||
| 15 | OPENSSL_CONF="../CAtsa.cnf" | ||
| 16 | export OPENSSL_CONF | ||
| 17 | # Because that's what ../apps/CA.sh really looks at | ||
| 18 | SSLEAY_CONFIG="-config $OPENSSL_CONF" | ||
| 19 | export SSLEAY_CONFIG | ||
| 20 | |||
| 21 | OPENSSL="`pwd`/../util/opensslwrap.sh" | ||
| 22 | export OPENSSL | ||
| 23 | |||
| 24 | error () { | ||
| 25 | |||
| 26 | echo "TSA test failed!" >&2 | ||
| 27 | exit 1 | ||
| 28 | } | ||
| 29 | |||
| 30 | setup_dir () { | ||
| 31 | |||
| 32 | rm -rf tsa 2>/dev/null | ||
| 33 | mkdir tsa | ||
| 34 | cd ./tsa | ||
| 35 | } | ||
| 36 | |||
| 37 | clean_up_dir () { | ||
| 38 | |||
| 39 | cd .. | ||
| 40 | rm -rf tsa | ||
| 41 | } | ||
| 42 | |||
| 43 | create_ca () { | ||
| 44 | |||
| 45 | echo "Creating a new CA for the TSA tests..." | ||
| 46 | TSDNSECT=ts_ca_dn | ||
| 47 | export TSDNSECT | ||
| 48 | ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \ | ||
| 49 | -out tsaca.pem -keyout tsacakey.pem | ||
| 50 | test $? != 0 && error | ||
| 51 | } | ||
| 52 | |||
| 53 | create_tsa_cert () { | ||
| 54 | |||
| 55 | INDEX=$1 | ||
| 56 | export INDEX | ||
| 57 | EXT=$2 | ||
| 58 | TSDNSECT=ts_cert_dn | ||
| 59 | export TSDNSECT | ||
| 60 | |||
| 61 | ../../util/shlib_wrap.sh ../../apps/openssl req -new \ | ||
| 62 | -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem | ||
| 63 | test $? != 0 && error | ||
| 64 | echo Using extension $EXT | ||
| 65 | ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \ | ||
| 66 | -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ | ||
| 67 | -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ | ||
| 68 | -extfile $OPENSSL_CONF -extensions $EXT | ||
| 69 | test $? != 0 && error | ||
| 70 | } | ||
| 71 | |||
| 72 | print_request () { | ||
| 73 | |||
| 74 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text | ||
| 75 | } | ||
| 76 | |||
| 77 | create_time_stamp_request1 () { | ||
| 78 | |||
| 79 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq | ||
| 80 | test $? != 0 && error | ||
| 81 | } | ||
| 82 | |||
| 83 | create_time_stamp_request2 () { | ||
| 84 | |||
| 85 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \ | ||
| 86 | -out req2.tsq | ||
| 87 | test $? != 0 && error | ||
| 88 | } | ||
| 89 | |||
| 90 | create_time_stamp_request3 () { | ||
| 91 | |||
| 92 | ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq | ||
| 93 | test $? != 0 && error | ||
| 94 | } | ||
| 95 | |||
| 96 | print_response () { | ||
| 97 | |||
| 98 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text | ||
| 99 | test $? != 0 && error | ||
| 100 | } | ||
| 101 | |||
| 102 | create_time_stamp_response () { | ||
| 103 | |||
| 104 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2 | ||
| 105 | test $? != 0 && error | ||
| 106 | } | ||
| 107 | |||
| 108 | time_stamp_response_token_test () { | ||
| 109 | |||
| 110 | RESPONSE2=$2.copy.tsr | ||
| 111 | TOKEN_DER=$2.token.der | ||
| 112 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out | ||
| 113 | test $? != 0 && error | ||
| 114 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2 | ||
| 115 | test $? != 0 && error | ||
| 116 | cmp $RESPONSE2 $2 | ||
| 117 | test $? != 0 && error | ||
| 118 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out | ||
| 119 | test $? != 0 && error | ||
| 120 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out | ||
| 121 | test $? != 0 && error | ||
| 122 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out | ||
| 123 | test $? != 0 && error | ||
| 124 | } | ||
| 125 | |||
| 126 | verify_time_stamp_response () { | ||
| 127 | |||
| 128 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ | ||
| 129 | -untrusted tsa_cert1.pem | ||
| 130 | test $? != 0 && error | ||
| 131 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \ | ||
| 132 | -untrusted tsa_cert1.pem | ||
| 133 | test $? != 0 && error | ||
| 134 | } | ||
| 135 | |||
| 136 | verify_time_stamp_token () { | ||
| 137 | |||
| 138 | # create the token from the response first | ||
| 139 | ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out | ||
| 140 | test $? != 0 && error | ||
| 141 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \ | ||
| 142 | -CAfile tsaca.pem -untrusted tsa_cert1.pem | ||
| 143 | test $? != 0 && error | ||
| 144 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \ | ||
| 145 | -CAfile tsaca.pem -untrusted tsa_cert1.pem | ||
| 146 | test $? != 0 && error | ||
| 147 | } | ||
| 148 | |||
| 149 | verify_time_stamp_response_fail () { | ||
| 150 | |||
| 151 | ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \ | ||
| 152 | -untrusted tsa_cert1.pem | ||
| 153 | # Checks if the verification failed, as it should have. | ||
| 154 | test $? = 0 && error | ||
| 155 | echo Ok | ||
| 156 | } | ||
| 157 | |||
| 158 | # main functions | ||
| 159 | |||
| 160 | echo "Setting up TSA test directory..." | ||
| 161 | setup_dir | ||
| 162 | |||
| 163 | echo "Creating CA for TSA tests..." | ||
| 164 | create_ca | ||
| 165 | |||
| 166 | echo "Creating tsa_cert1.pem TSA server cert..." | ||
| 167 | create_tsa_cert 1 tsa_cert | ||
| 168 | |||
| 169 | echo "Creating tsa_cert2.pem non-TSA server cert..." | ||
| 170 | create_tsa_cert 2 non_tsa_cert | ||
| 171 | |||
| 172 | echo "Creating req1.req time stamp request for file testtsa..." | ||
| 173 | create_time_stamp_request1 | ||
| 174 | |||
| 175 | echo "Printing req1.req..." | ||
| 176 | print_request req1.tsq | ||
| 177 | |||
| 178 | echo "Generating valid response for req1.req..." | ||
| 179 | create_time_stamp_response req1.tsq resp1.tsr tsa_config1 | ||
| 180 | |||
| 181 | echo "Printing response..." | ||
| 182 | print_response resp1.tsr | ||
| 183 | |||
| 184 | echo "Verifying valid response..." | ||
| 185 | verify_time_stamp_response req1.tsq resp1.tsr ../testtsa | ||
| 186 | |||
| 187 | echo "Verifying valid token..." | ||
| 188 | verify_time_stamp_token req1.tsq resp1.tsr ../testtsa | ||
| 189 | |||
| 190 | # The tests below are commented out, because invalid signer certificates | ||
| 191 | # can no longer be specified in the config file. | ||
| 192 | |||
| 193 | # echo "Generating _invalid_ response for req1.req..." | ||
| 194 | # create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2 | ||
| 195 | |||
| 196 | # echo "Printing response..." | ||
| 197 | # print_response resp1_bad.tsr | ||
| 198 | |||
| 199 | # echo "Verifying invalid response, it should fail..." | ||
| 200 | # verify_time_stamp_response_fail req1.tsq resp1_bad.tsr | ||
| 201 | |||
| 202 | echo "Creating req2.req time stamp request for file testtsa..." | ||
| 203 | create_time_stamp_request2 | ||
| 204 | |||
| 205 | echo "Printing req2.req..." | ||
| 206 | print_request req2.tsq | ||
| 207 | |||
| 208 | echo "Generating valid response for req2.req..." | ||
| 209 | create_time_stamp_response req2.tsq resp2.tsr tsa_config1 | ||
| 210 | |||
| 211 | echo "Checking '-token_in' and '-token_out' options with '-reply'..." | ||
| 212 | time_stamp_response_token_test req2.tsq resp2.tsr | ||
| 213 | |||
| 214 | echo "Printing response..." | ||
| 215 | print_response resp2.tsr | ||
| 216 | |||
| 217 | echo "Verifying valid response..." | ||
| 218 | verify_time_stamp_response req2.tsq resp2.tsr ../testtsa | ||
| 219 | |||
| 220 | echo "Verifying response against wrong request, it should fail..." | ||
| 221 | verify_time_stamp_response_fail req1.tsq resp2.tsr | ||
| 222 | |||
| 223 | echo "Verifying response against wrong request, it should fail..." | ||
| 224 | verify_time_stamp_response_fail req2.tsq resp1.tsr | ||
| 225 | |||
| 226 | echo "Creating req3.req time stamp request for file CAtsa.cnf..." | ||
| 227 | create_time_stamp_request3 | ||
| 228 | |||
| 229 | echo "Printing req3.req..." | ||
| 230 | print_request req3.tsq | ||
| 231 | |||
| 232 | echo "Verifying response against wrong request, it should fail..." | ||
| 233 | verify_time_stamp_response_fail req3.tsq resp1.tsr | ||
| 234 | |||
| 235 | echo "Cleaning up..." | ||
| 236 | clean_up_dir | ||
| 237 | |||
| 238 | exit 0 | ||
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem deleted file mode 100644 index 8a85d14964..0000000000 --- a/src/lib/libssl/test/testx509.pem +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV | ||
| 3 | BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz | ||
| 4 | MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM | ||
| 5 | RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF | ||
| 6 | AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO | ||
| 7 | /Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE | ||
| 8 | Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ | ||
| 9 | zl9HYIMxATFyqSiD9jsx | ||
| 10 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times deleted file mode 100644 index 6b66eb342e..0000000000 --- a/src/lib/libssl/test/times +++ /dev/null | |||
| @@ -1,113 +0,0 @@ | |||
| 1 | |||
| 2 | More number for the questions about SSL overheads.... | ||
| 3 | |||
| 4 | The following numbers were generated on a Pentium pro 200, running Linux. | ||
| 5 | They give an indication of the SSL protocol and encryption overheads. | ||
| 6 | |||
| 7 | The program that generated them is an unreleased version of ssl/ssltest.c | ||
| 8 | which is the SSLeay ssl protocol testing program. It is a single process that | ||
| 9 | talks both sides of the SSL protocol via a non-blocking memory buffer | ||
| 10 | interface. | ||
| 11 | |||
| 12 | How do I read this? The protocol and cipher are reasonable obvious. | ||
| 13 | The next number is the number of connections being made. The next is the | ||
| 14 | number of bytes exchanged between the client and server side of the protocol. | ||
| 15 | This is the number of bytes that the client sends to the server, and then | ||
| 16 | the server sends back. Because this is all happening in one process, | ||
| 17 | the data is being encrypted, decrypted, encrypted and then decrypted again. | ||
| 18 | It is a round trip of that many bytes. Because the one process performs | ||
| 19 | both the client and server sides of the protocol and it sends this many bytes | ||
| 20 | each direction, multiply this number by 4 to generate the number | ||
| 21 | of bytes encrypted/decrypted/MACed. The first time value is how many seconds | ||
| 22 | elapsed doing a full SSL handshake, the second is the cost of one | ||
| 23 | full handshake and the rest being session-id reuse. | ||
| 24 | |||
| 25 | SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s | ||
| 26 | SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s | ||
| 27 | SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s | ||
| 28 | SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA | ||
| 29 | SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s | ||
| 30 | SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s | ||
| 31 | SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s | ||
| 32 | |||
| 33 | SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s | ||
| 34 | SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s | ||
| 35 | SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA | ||
| 36 | SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s | ||
| 37 | SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s | ||
| 38 | SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s | ||
| 39 | |||
| 40 | SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s | ||
| 41 | SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s | ||
| 42 | SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s | ||
| 43 | SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA | ||
| 44 | SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s | ||
| 45 | SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s | ||
| 46 | SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s | ||
| 47 | |||
| 48 | SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s | ||
| 49 | SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s | ||
| 50 | SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s | ||
| 51 | SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA | ||
| 52 | SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s | ||
| 53 | SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s | ||
| 54 | SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s | ||
| 55 | |||
| 56 | What does this all mean? Well for a server, with no session-id reuse, with | ||
| 57 | a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, | ||
| 58 | a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of | ||
| 59 | about 49 connections a second. Reality will be quite different :-). | ||
| 60 | |||
| 61 | Remember the first number is 1000 full ssl handshakes, the second is | ||
| 62 | 1 full and 999 with session-id reuse. The RSA overheads for each exchange | ||
| 63 | would be one public and one private operation, but the protocol/MAC/cipher | ||
| 64 | cost would be quite similar in both the client and server. | ||
| 65 | |||
| 66 | eric (adding numbers to speculation) | ||
| 67 | |||
| 68 | --- Appendix --- | ||
| 69 | - The time measured is user time but these number a very rough. | ||
| 70 | - Remember this is the cost of both client and server sides of the protocol. | ||
| 71 | - The TCP/kernel overhead of connection establishment is normally the | ||
| 72 | killer in SSL. Often delays in the TCP protocol will make session-id | ||
| 73 | reuse look slower that new sessions, but this would not be the case on | ||
| 74 | a loaded server. | ||
| 75 | - The TCP round trip latencies, while slowing individual connections, | ||
| 76 | would have minimal impact on throughput. | ||
| 77 | - Instead of sending one 102400 byte buffer, one 8k buffer is sent until | ||
| 78 | - the required number of bytes are processed. | ||
| 79 | - The SSLv3 connections were actually SSLv2 compatible SSLv3 headers. | ||
| 80 | - A 512bit server key was being used except where noted. | ||
| 81 | - No server key verification was being performed on the client side of the | ||
| 82 | protocol. This would slow things down very little. | ||
| 83 | - The library being used is SSLeay 0.8.x. | ||
| 84 | - The normal measuring system was commands of the form | ||
| 85 | time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse | ||
| 86 | This modified version of ssltest should be in the next public release of | ||
| 87 | SSLeay. | ||
| 88 | |||
| 89 | The general cipher performance number for this platform are | ||
| 90 | |||
| 91 | SSLeay 0.8.2a 04-Sep-1997 | ||
| 92 | built on Fri Sep 5 17:37:05 EST 1997 | ||
| 93 | options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) | ||
| 94 | C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized | ||
| 95 | The 'numbers' are in 1000s of bytes per second processed. | ||
| 96 | type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes | ||
| 97 | md2 131.02k 368.41k 500.57k 549.21k 566.09k | ||
| 98 | mdc2 535.60k 589.10k 595.88k 595.97k 594.54k | ||
| 99 | md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k | ||
| 100 | sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k | ||
| 101 | sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k | ||
| 102 | rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k | ||
| 103 | des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k | ||
| 104 | des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k | ||
| 105 | idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k | ||
| 106 | rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k | ||
| 107 | blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k | ||
| 108 | sign verify | ||
| 109 | rsa 512 bits 0.0100s 0.0011s | ||
| 110 | rsa 1024 bits 0.0451s 0.0012s | ||
| 111 | rsa 2048 bits 0.2605s 0.0086s | ||
| 112 | rsa 4096 bits 1.6883s 0.0302s | ||
| 113 | |||
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7 deleted file mode 100644 index 3e435ffbf9..0000000000 --- a/src/lib/libssl/test/tpkcs7 +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | ||
| 4 | |||
| 5 | if [ "$1"x != "x" ]; then | ||
| 6 | t=$1 | ||
| 7 | else | ||
| 8 | t=testp7.pem | ||
| 9 | fi | ||
| 10 | |||
| 11 | echo testing pkcs7 conversions | ||
| 12 | cp $t fff.p | ||
| 13 | |||
| 14 | echo "p -> d" | ||
| 15 | $cmd -in fff.p -inform p -outform d >f.d | ||
| 16 | if [ $? != 0 ]; then exit 1; fi | ||
| 17 | echo "p -> p" | ||
| 18 | $cmd -in fff.p -inform p -outform p >f.p | ||
| 19 | if [ $? != 0 ]; then exit 1; fi | ||
| 20 | |||
| 21 | echo "d -> d" | ||
| 22 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
| 23 | if [ $? != 0 ]; then exit 1; fi | ||
| 24 | echo "p -> d" | ||
| 25 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
| 26 | if [ $? != 0 ]; then exit 1; fi | ||
| 27 | |||
| 28 | echo "d -> p" | ||
| 29 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
| 30 | if [ $? != 0 ]; then exit 1; fi | ||
| 31 | echo "p -> p" | ||
| 32 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
| 33 | if [ $? != 0 ]; then exit 1; fi | ||
| 34 | |||
| 35 | cmp fff.p f.p | ||
| 36 | if [ $? != 0 ]; then exit 1; fi | ||
| 37 | cmp fff.p ff.p1 | ||
| 38 | if [ $? != 0 ]; then exit 1; fi | ||
| 39 | cmp fff.p ff.p3 | ||
| 40 | if [ $? != 0 ]; then exit 1; fi | ||
| 41 | |||
| 42 | cmp f.p ff.p1 | ||
| 43 | if [ $? != 0 ]; then exit 1; fi | ||
| 44 | cmp f.p ff.p3 | ||
| 45 | if [ $? != 0 ]; then exit 1; fi | ||
| 46 | |||
| 47 | /bin/rm -f f.* ff.* fff.* | ||
| 48 | exit 0 | ||
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d deleted file mode 100644 index 64fc28e88f..0000000000 --- a/src/lib/libssl/test/tpkcs7d +++ /dev/null | |||
| @@ -1,41 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' | ||
| 4 | |||
| 5 | if [ "$1"x != "x" ]; then | ||
| 6 | t=$1 | ||
| 7 | else | ||
| 8 | t=pkcs7-1.pem | ||
| 9 | fi | ||
| 10 | |||
| 11 | echo "testing pkcs7 conversions (2)" | ||
| 12 | cp $t fff.p | ||
| 13 | |||
| 14 | echo "p -> d" | ||
| 15 | $cmd -in fff.p -inform p -outform d >f.d | ||
| 16 | if [ $? != 0 ]; then exit 1; fi | ||
| 17 | echo "p -> p" | ||
| 18 | $cmd -in fff.p -inform p -outform p >f.p | ||
| 19 | if [ $? != 0 ]; then exit 1; fi | ||
| 20 | |||
| 21 | echo "d -> d" | ||
| 22 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
| 23 | if [ $? != 0 ]; then exit 1; fi | ||
| 24 | echo "p -> d" | ||
| 25 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
| 26 | if [ $? != 0 ]; then exit 1; fi | ||
| 27 | |||
| 28 | echo "d -> p" | ||
| 29 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
| 30 | if [ $? != 0 ]; then exit 1; fi | ||
| 31 | echo "p -> p" | ||
| 32 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
| 33 | if [ $? != 0 ]; then exit 1; fi | ||
| 34 | |||
| 35 | cmp f.p ff.p1 | ||
| 36 | if [ $? != 0 ]; then exit 1; fi | ||
| 37 | cmp f.p ff.p3 | ||
| 38 | if [ $? != 0 ]; then exit 1; fi | ||
| 39 | |||
| 40 | /bin/rm -f f.* ff.* fff.* | ||
| 41 | exit 0 | ||
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq deleted file mode 100644 index 77f37dcf3a..0000000000 --- a/src/lib/libssl/test/treq +++ /dev/null | |||
| @@ -1,83 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' | ||
| 4 | |||
| 5 | if [ "$1"x != "x" ]; then | ||
| 6 | t=$1 | ||
| 7 | else | ||
| 8 | t=testreq.pem | ||
| 9 | fi | ||
| 10 | |||
| 11 | if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then | ||
| 12 | echo "skipping req conversion test for $t" | ||
| 13 | exit 0 | ||
| 14 | fi | ||
| 15 | |||
| 16 | echo testing req conversions | ||
| 17 | cp $t fff.p | ||
| 18 | |||
| 19 | echo "p -> d" | ||
| 20 | $cmd -in fff.p -inform p -outform d >f.d | ||
| 21 | if [ $? != 0 ]; then exit 1; fi | ||
| 22 | #echo "p -> t" | ||
| 23 | #$cmd -in fff.p -inform p -outform t >f.t | ||
| 24 | #if [ $? != 0 ]; then exit 1; fi | ||
| 25 | echo "p -> p" | ||
| 26 | $cmd -in fff.p -inform p -outform p >f.p | ||
| 27 | if [ $? != 0 ]; then exit 1; fi | ||
| 28 | |||
| 29 | echo "d -> d" | ||
| 30 | $cmd -verify -in f.d -inform d -outform d >ff.d1 | ||
| 31 | if [ $? != 0 ]; then exit 1; fi | ||
| 32 | #echo "t -> d" | ||
| 33 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
| 34 | #if [ $? != 0 ]; then exit 1; fi | ||
| 35 | echo "p -> d" | ||
| 36 | $cmd -verify -in f.p -inform p -outform d >ff.d3 | ||
| 37 | if [ $? != 0 ]; then exit 1; fi | ||
| 38 | |||
| 39 | #echo "d -> t" | ||
| 40 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
| 41 | #if [ $? != 0 ]; then exit 1; fi | ||
| 42 | #echo "t -> t" | ||
| 43 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
| 44 | #if [ $? != 0 ]; then exit 1; fi | ||
| 45 | #echo "p -> t" | ||
| 46 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
| 47 | #if [ $? != 0 ]; then exit 1; fi | ||
| 48 | |||
| 49 | echo "d -> p" | ||
| 50 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
| 51 | if [ $? != 0 ]; then exit 1; fi | ||
| 52 | #echo "t -> p" | ||
| 53 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
| 54 | #if [ $? != 0 ]; then exit 1; fi | ||
| 55 | echo "p -> p" | ||
| 56 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
| 57 | if [ $? != 0 ]; then exit 1; fi | ||
| 58 | |||
| 59 | cmp fff.p f.p | ||
| 60 | if [ $? != 0 ]; then exit 1; fi | ||
| 61 | cmp fff.p ff.p1 | ||
| 62 | if [ $? != 0 ]; then exit 1; fi | ||
| 63 | #cmp fff.p ff.p2 | ||
| 64 | #if [ $? != 0 ]; then exit 1; fi | ||
| 65 | cmp fff.p ff.p3 | ||
| 66 | if [ $? != 0 ]; then exit 1; fi | ||
| 67 | |||
| 68 | #cmp f.t ff.t1 | ||
| 69 | #if [ $? != 0 ]; then exit 1; fi | ||
| 70 | #cmp f.t ff.t2 | ||
| 71 | #if [ $? != 0 ]; then exit 1; fi | ||
| 72 | #cmp f.t ff.t3 | ||
| 73 | #if [ $? != 0 ]; then exit 1; fi | ||
| 74 | |||
| 75 | cmp f.p ff.p1 | ||
| 76 | if [ $? != 0 ]; then exit 1; fi | ||
| 77 | #cmp f.p ff.p2 | ||
| 78 | #if [ $? != 0 ]; then exit 1; fi | ||
| 79 | cmp f.p ff.p3 | ||
| 80 | if [ $? != 0 ]; then exit 1; fi | ||
| 81 | |||
| 82 | /bin/rm -f f.* ff.* fff.* | ||
| 83 | exit 0 | ||
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa deleted file mode 100644 index 249ac1ddcc..0000000000 --- a/src/lib/libssl/test/trsa +++ /dev/null | |||
| @@ -1,83 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then | ||
| 4 | echo skipping rsa conversion test | ||
| 5 | exit 0 | ||
| 6 | fi | ||
| 7 | |||
| 8 | cmd='../util/shlib_wrap.sh ../apps/openssl rsa' | ||
| 9 | |||
| 10 | if [ "$1"x != "x" ]; then | ||
| 11 | t=$1 | ||
| 12 | else | ||
| 13 | t=testrsa.pem | ||
| 14 | fi | ||
| 15 | |||
| 16 | echo testing rsa conversions | ||
| 17 | cp $t fff.p | ||
| 18 | |||
| 19 | echo "p -> d" | ||
| 20 | $cmd -in fff.p -inform p -outform d >f.d | ||
| 21 | if [ $? != 0 ]; then exit 1; fi | ||
| 22 | #echo "p -> t" | ||
| 23 | #$cmd -in fff.p -inform p -outform t >f.t | ||
| 24 | #if [ $? != 0 ]; then exit 1; fi | ||
| 25 | echo "p -> p" | ||
| 26 | $cmd -in fff.p -inform p -outform p >f.p | ||
| 27 | if [ $? != 0 ]; then exit 1; fi | ||
| 28 | |||
| 29 | echo "d -> d" | ||
| 30 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
| 31 | if [ $? != 0 ]; then exit 1; fi | ||
| 32 | #echo "t -> d" | ||
| 33 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
| 34 | #if [ $? != 0 ]; then exit 1; fi | ||
| 35 | echo "p -> d" | ||
| 36 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
| 37 | if [ $? != 0 ]; then exit 1; fi | ||
| 38 | |||
| 39 | #echo "d -> t" | ||
| 40 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
| 41 | #if [ $? != 0 ]; then exit 1; fi | ||
| 42 | #echo "t -> t" | ||
| 43 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
| 44 | #if [ $? != 0 ]; then exit 1; fi | ||
| 45 | #echo "p -> t" | ||
| 46 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
| 47 | #if [ $? != 0 ]; then exit 1; fi | ||
| 48 | |||
| 49 | echo "d -> p" | ||
| 50 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
| 51 | if [ $? != 0 ]; then exit 1; fi | ||
| 52 | #echo "t -> p" | ||
| 53 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
| 54 | #if [ $? != 0 ]; then exit 1; fi | ||
| 55 | echo "p -> p" | ||
| 56 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
| 57 | if [ $? != 0 ]; then exit 1; fi | ||
| 58 | |||
| 59 | cmp fff.p f.p | ||
| 60 | if [ $? != 0 ]; then exit 1; fi | ||
| 61 | cmp fff.p ff.p1 | ||
| 62 | if [ $? != 0 ]; then exit 1; fi | ||
| 63 | #cmp fff.p ff.p2 | ||
| 64 | #if [ $? != 0 ]; then exit 1; fi | ||
| 65 | cmp fff.p ff.p3 | ||
| 66 | if [ $? != 0 ]; then exit 1; fi | ||
| 67 | |||
| 68 | #cmp f.t ff.t1 | ||
| 69 | #if [ $? != 0 ]; then exit 1; fi | ||
| 70 | #cmp f.t ff.t2 | ||
| 71 | #if [ $? != 0 ]; then exit 1; fi | ||
| 72 | #cmp f.t ff.t3 | ||
| 73 | #if [ $? != 0 ]; then exit 1; fi | ||
| 74 | |||
| 75 | cmp f.p ff.p1 | ||
| 76 | if [ $? != 0 ]; then exit 1; fi | ||
| 77 | #cmp f.p ff.p2 | ||
| 78 | #if [ $? != 0 ]; then exit 1; fi | ||
| 79 | cmp f.p ff.p3 | ||
| 80 | if [ $? != 0 ]; then exit 1; fi | ||
| 81 | |||
| 82 | /bin/rm -f f.* ff.* fff.* | ||
| 83 | exit 0 | ||
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid deleted file mode 100644 index 6adbd531ce..0000000000 --- a/src/lib/libssl/test/tsid +++ /dev/null | |||
| @@ -1,78 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' | ||
| 4 | |||
| 5 | if [ "$1"x != "x" ]; then | ||
| 6 | t=$1 | ||
| 7 | else | ||
| 8 | t=testsid.pem | ||
| 9 | fi | ||
| 10 | |||
| 11 | echo testing session-id conversions | ||
| 12 | cp $t fff.p | ||
| 13 | |||
| 14 | echo "p -> d" | ||
| 15 | $cmd -in fff.p -inform p -outform d >f.d | ||
| 16 | if [ $? != 0 ]; then exit 1; fi | ||
| 17 | #echo "p -> t" | ||
| 18 | #$cmd -in fff.p -inform p -outform t >f.t | ||
| 19 | #if [ $? != 0 ]; then exit 1; fi | ||
| 20 | echo "p -> p" | ||
| 21 | $cmd -in fff.p -inform p -outform p >f.p | ||
| 22 | if [ $? != 0 ]; then exit 1; fi | ||
| 23 | |||
| 24 | echo "d -> d" | ||
| 25 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
| 26 | if [ $? != 0 ]; then exit 1; fi | ||
| 27 | #echo "t -> d" | ||
| 28 | #$cmd -in f.t -inform t -outform d >ff.d2 | ||
| 29 | #if [ $? != 0 ]; then exit 1; fi | ||
| 30 | echo "p -> d" | ||
| 31 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
| 32 | if [ $? != 0 ]; then exit 1; fi | ||
| 33 | |||
| 34 | #echo "d -> t" | ||
| 35 | #$cmd -in f.d -inform d -outform t >ff.t1 | ||
| 36 | #if [ $? != 0 ]; then exit 1; fi | ||
| 37 | #echo "t -> t" | ||
| 38 | #$cmd -in f.t -inform t -outform t >ff.t2 | ||
| 39 | #if [ $? != 0 ]; then exit 1; fi | ||
| 40 | #echo "p -> t" | ||
| 41 | #$cmd -in f.p -inform p -outform t >ff.t3 | ||
| 42 | #if [ $? != 0 ]; then exit 1; fi | ||
| 43 | |||
| 44 | echo "d -> p" | ||
| 45 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
| 46 | if [ $? != 0 ]; then exit 1; fi | ||
| 47 | #echo "t -> p" | ||
| 48 | #$cmd -in f.t -inform t -outform p >ff.p2 | ||
| 49 | #if [ $? != 0 ]; then exit 1; fi | ||
| 50 | echo "p -> p" | ||
| 51 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
| 52 | if [ $? != 0 ]; then exit 1; fi | ||
| 53 | |||
| 54 | cmp fff.p f.p | ||
| 55 | if [ $? != 0 ]; then exit 1; fi | ||
| 56 | cmp fff.p ff.p1 | ||
| 57 | if [ $? != 0 ]; then exit 1; fi | ||
| 58 | #cmp fff.p ff.p2 | ||
| 59 | #if [ $? != 0 ]; then exit 1; fi | ||
| 60 | cmp fff.p ff.p3 | ||
| 61 | if [ $? != 0 ]; then exit 1; fi | ||
| 62 | |||
| 63 | #cmp f.t ff.t1 | ||
| 64 | #if [ $? != 0 ]; then exit 1; fi | ||
| 65 | #cmp f.t ff.t2 | ||
| 66 | #if [ $? != 0 ]; then exit 1; fi | ||
| 67 | #cmp f.t ff.t3 | ||
| 68 | #if [ $? != 0 ]; then exit 1; fi | ||
| 69 | |||
| 70 | cmp f.p ff.p1 | ||
| 71 | if [ $? != 0 ]; then exit 1; fi | ||
| 72 | #cmp f.p ff.p2 | ||
| 73 | #if [ $? != 0 ]; then exit 1; fi | ||
| 74 | cmp f.p ff.p3 | ||
| 75 | if [ $? != 0 ]; then exit 1; fi | ||
| 76 | |||
| 77 | /bin/rm -f f.* ff.* fff.* | ||
| 78 | exit 0 | ||
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509 deleted file mode 100644 index 4a15b98d17..0000000000 --- a/src/lib/libssl/test/tx509 +++ /dev/null | |||
| @@ -1,78 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | cmd='../util/shlib_wrap.sh ../apps/openssl x509' | ||
| 4 | |||
| 5 | if [ "$1"x != "x" ]; then | ||
| 6 | t=$1 | ||
| 7 | else | ||
| 8 | t=testx509.pem | ||
| 9 | fi | ||
| 10 | |||
| 11 | echo testing X509 conversions | ||
| 12 | cp $t fff.p | ||
| 13 | |||
| 14 | echo "p -> d" | ||
| 15 | $cmd -in fff.p -inform p -outform d >f.d | ||
| 16 | if [ $? != 0 ]; then exit 1; fi | ||
| 17 | echo "p -> n" | ||
| 18 | $cmd -in fff.p -inform p -outform n >f.n | ||
| 19 | if [ $? != 0 ]; then exit 1; fi | ||
| 20 | echo "p -> p" | ||
| 21 | $cmd -in fff.p -inform p -outform p >f.p | ||
| 22 | if [ $? != 0 ]; then exit 1; fi | ||
| 23 | |||
| 24 | echo "d -> d" | ||
| 25 | $cmd -in f.d -inform d -outform d >ff.d1 | ||
| 26 | if [ $? != 0 ]; then exit 1; fi | ||
| 27 | echo "n -> d" | ||
| 28 | $cmd -in f.n -inform n -outform d >ff.d2 | ||
| 29 | if [ $? != 0 ]; then exit 1; fi | ||
| 30 | echo "p -> d" | ||
| 31 | $cmd -in f.p -inform p -outform d >ff.d3 | ||
| 32 | if [ $? != 0 ]; then exit 1; fi | ||
| 33 | |||
| 34 | echo "d -> n" | ||
| 35 | $cmd -in f.d -inform d -outform n >ff.n1 | ||
| 36 | if [ $? != 0 ]; then exit 1; fi | ||
| 37 | echo "n -> n" | ||
| 38 | $cmd -in f.n -inform n -outform n >ff.n2 | ||
| 39 | if [ $? != 0 ]; then exit 1; fi | ||
| 40 | echo "p -> n" | ||
| 41 | $cmd -in f.p -inform p -outform n >ff.n3 | ||
| 42 | if [ $? != 0 ]; then exit 1; fi | ||
| 43 | |||
| 44 | echo "d -> p" | ||
| 45 | $cmd -in f.d -inform d -outform p >ff.p1 | ||
| 46 | if [ $? != 0 ]; then exit 1; fi | ||
| 47 | echo "n -> p" | ||
| 48 | $cmd -in f.n -inform n -outform p >ff.p2 | ||
| 49 | if [ $? != 0 ]; then exit 1; fi | ||
| 50 | echo "p -> p" | ||
| 51 | $cmd -in f.p -inform p -outform p >ff.p3 | ||
| 52 | if [ $? != 0 ]; then exit 1; fi | ||
| 53 | |||
| 54 | cmp fff.p f.p | ||
| 55 | if [ $? != 0 ]; then exit 1; fi | ||
| 56 | cmp fff.p ff.p1 | ||
| 57 | if [ $? != 0 ]; then exit 1; fi | ||
| 58 | cmp fff.p ff.p2 | ||
| 59 | if [ $? != 0 ]; then exit 1; fi | ||
| 60 | cmp fff.p ff.p3 | ||
| 61 | if [ $? != 0 ]; then exit 1; fi | ||
| 62 | |||
| 63 | cmp f.n ff.n1 | ||
| 64 | if [ $? != 0 ]; then exit 1; fi | ||
| 65 | cmp f.n ff.n2 | ||
| 66 | if [ $? != 0 ]; then exit 1; fi | ||
| 67 | cmp f.n ff.n3 | ||
| 68 | if [ $? != 0 ]; then exit 1; fi | ||
| 69 | |||
| 70 | cmp f.p ff.p1 | ||
| 71 | if [ $? != 0 ]; then exit 1; fi | ||
| 72 | cmp f.p ff.p2 | ||
| 73 | if [ $? != 0 ]; then exit 1; fi | ||
| 74 | cmp f.p ff.p3 | ||
| 75 | if [ $? != 0 ]; then exit 1; fi | ||
| 76 | |||
| 77 | /bin/rm -f f.* ff.* fff.* | ||
| 78 | exit 0 | ||
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem deleted file mode 100644 index 0da253d5c3..0000000000 --- a/src/lib/libssl/test/v3-cert1.pem +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx | ||
| 3 | NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz | ||
| 4 | dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw | ||
| 5 | ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu | ||
| 6 | ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2 | ||
| 7 | ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp | ||
| 8 | miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C | ||
| 9 | AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK | ||
| 10 | Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x | ||
| 11 | DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR | ||
| 12 | MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB | ||
| 13 | AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21 | ||
| 14 | X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3 | ||
| 15 | WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO | ||
| 16 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem deleted file mode 100644 index de0723ff8d..0000000000 --- a/src/lib/libssl/test/v3-cert2.pem +++ /dev/null | |||
| @@ -1,16 +0,0 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD | ||
| 3 | YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0 | ||
| 4 | ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu | ||
| 5 | dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1 | ||
| 6 | WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV | ||
| 7 | BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx | ||
| 8 | FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA | ||
| 9 | 6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT | ||
| 10 | G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ | ||
| 11 | YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm | ||
| 12 | b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc | ||
| 13 | F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz | ||
| 14 | lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap | ||
| 15 | jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU= | ||
| 16 | -----END CERTIFICATE----- | ||
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h deleted file mode 100644 index 3dffb97b5c..0000000000 --- a/src/lib/libssl/tls1.h +++ /dev/null | |||
| @@ -1,744 +0,0 @@ | |||
| 1 | /* $OpenBSD: tls1.h,v 1.25 2015/02/22 15:54:27 jsing Exp $ */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * | ||
| 114 | * Portions of the attached software ("Contribution") are developed by | ||
| 115 | * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. | ||
| 116 | * | ||
| 117 | * The Contribution is licensed pursuant to the OpenSSL open source | ||
| 118 | * license provided above. | ||
| 119 | * | ||
| 120 | * ECC cipher suite support in OpenSSL originally written by | ||
| 121 | * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. | ||
| 122 | * | ||
| 123 | */ | ||
| 124 | /* ==================================================================== | ||
| 125 | * Copyright 2005 Nokia. All rights reserved. | ||
| 126 | * | ||
| 127 | * The portions of the attached software ("Contribution") is developed by | ||
| 128 | * Nokia Corporation and is licensed pursuant to the OpenSSL open source | ||
| 129 | * license. | ||
| 130 | * | ||
| 131 | * The Contribution, originally written by Mika Kousa and Pasi Eronen of | ||
| 132 | * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites | ||
| 133 | * support (see RFC 4279) to OpenSSL. | ||
| 134 | * | ||
| 135 | * No patent licenses or other rights except those expressly stated in | ||
| 136 | * the OpenSSL open source license shall be deemed granted or received | ||
| 137 | * expressly, by implication, estoppel, or otherwise. | ||
| 138 | * | ||
| 139 | * No assurances are provided by Nokia that the Contribution does not | ||
| 140 | * infringe the patent or other intellectual property rights of any third | ||
| 141 | * party or that the license provides you with all the necessary rights | ||
| 142 | * to make use of the Contribution. | ||
| 143 | * | ||
| 144 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN | ||
| 145 | * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA | ||
| 146 | * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY | ||
| 147 | * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR | ||
| 148 | * OTHERWISE. | ||
| 149 | */ | ||
| 150 | |||
| 151 | #ifndef HEADER_TLS1_H | ||
| 152 | #define HEADER_TLS1_H | ||
| 153 | |||
| 154 | #include <openssl/buffer.h> | ||
| 155 | |||
| 156 | #ifdef __cplusplus | ||
| 157 | extern "C" { | ||
| 158 | #endif | ||
| 159 | |||
| 160 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 | ||
| 161 | |||
| 162 | #define TLS1_2_VERSION 0x0303 | ||
| 163 | #define TLS1_2_VERSION_MAJOR 0x03 | ||
| 164 | #define TLS1_2_VERSION_MINOR 0x03 | ||
| 165 | |||
| 166 | #define TLS1_1_VERSION 0x0302 | ||
| 167 | #define TLS1_1_VERSION_MAJOR 0x03 | ||
| 168 | #define TLS1_1_VERSION_MINOR 0x02 | ||
| 169 | |||
| 170 | #define TLS1_VERSION 0x0301 | ||
| 171 | #define TLS1_VERSION_MAJOR 0x03 | ||
| 172 | #define TLS1_VERSION_MINOR 0x01 | ||
| 173 | |||
| 174 | #define TLS1_get_version(s) \ | ||
| 175 | ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) | ||
| 176 | |||
| 177 | #define TLS1_get_client_version(s) \ | ||
| 178 | ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) | ||
| 179 | |||
| 180 | #define TLS1_AD_DECRYPTION_FAILED 21 | ||
| 181 | #define TLS1_AD_RECORD_OVERFLOW 22 | ||
| 182 | #define TLS1_AD_UNKNOWN_CA 48 /* fatal */ | ||
| 183 | #define TLS1_AD_ACCESS_DENIED 49 /* fatal */ | ||
| 184 | #define TLS1_AD_DECODE_ERROR 50 /* fatal */ | ||
| 185 | #define TLS1_AD_DECRYPT_ERROR 51 | ||
| 186 | #define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ | ||
| 187 | #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ | ||
| 188 | #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ | ||
| 189 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ | ||
| 190 | #define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ | ||
| 191 | #define TLS1_AD_USER_CANCELLED 90 | ||
| 192 | #define TLS1_AD_NO_RENEGOTIATION 100 | ||
| 193 | /* Codes 110-114 are from RFC 3546. */ | ||
| 194 | #define TLS1_AD_UNSUPPORTED_EXTENSION 110 | ||
| 195 | #define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 | ||
| 196 | #define TLS1_AD_UNRECOGNIZED_NAME 112 | ||
| 197 | #define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 | ||
| 198 | #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 | ||
| 199 | #define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ | ||
| 200 | |||
| 201 | /* | ||
| 202 | * TLS ExtensionType values. | ||
| 203 | * | ||
| 204 | * http://www.iana.org/assignments/tls-extensiontype-values/ | ||
| 205 | */ | ||
| 206 | |||
| 207 | /* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */ | ||
| 208 | #define TLSEXT_TYPE_server_name 0 | ||
| 209 | #define TLSEXT_TYPE_max_fragment_length 1 | ||
| 210 | #define TLSEXT_TYPE_client_certificate_url 2 | ||
| 211 | #define TLSEXT_TYPE_trusted_ca_keys 3 | ||
| 212 | #define TLSEXT_TYPE_truncated_hmac 4 | ||
| 213 | #define TLSEXT_TYPE_status_request 5 | ||
| 214 | |||
| 215 | /* ExtensionType values from RFC 4681. */ | ||
| 216 | #define TLSEXT_TYPE_user_mapping 6 | ||
| 217 | |||
| 218 | /* ExtensionType values from RFC 5878. */ | ||
| 219 | #define TLSEXT_TYPE_client_authz 7 | ||
| 220 | #define TLSEXT_TYPE_server_authz 8 | ||
| 221 | |||
| 222 | /* ExtensionType values from RFC 6091. */ | ||
| 223 | #define TLSEXT_TYPE_cert_type 9 | ||
| 224 | |||
| 225 | /* ExtensionType values from RFC 4492. */ | ||
| 226 | #define TLSEXT_TYPE_elliptic_curves 10 | ||
| 227 | #define TLSEXT_TYPE_ec_point_formats 11 | ||
| 228 | |||
| 229 | /* ExtensionType value from RFC 5054. */ | ||
| 230 | #define TLSEXT_TYPE_srp 12 | ||
| 231 | |||
| 232 | /* ExtensionType values from RFC 5246. */ | ||
| 233 | #define TLSEXT_TYPE_signature_algorithms 13 | ||
| 234 | |||
| 235 | /* ExtensionType value from RFC 5764. */ | ||
| 236 | #define TLSEXT_TYPE_use_srtp 14 | ||
| 237 | |||
| 238 | /* ExtensionType value from RFC 5620. */ | ||
| 239 | #define TLSEXT_TYPE_heartbeat 15 | ||
| 240 | |||
| 241 | /* ExtensionType value from RFC 7301. */ | ||
| 242 | #define TLSEXT_TYPE_application_layer_protocol_negotiation 16 | ||
| 243 | |||
| 244 | /* ExtensionType value for TLS padding extension. | ||
| 245 | * (TEMPORARY - registered 2014-03-12, expires 2015-03-12) | ||
| 246 | * http://tools.ietf.org/html/draft-agl-tls-padding-03 | ||
| 247 | */ | ||
| 248 | #define TLSEXT_TYPE_padding 21 | ||
| 249 | |||
| 250 | /* ExtensionType value from RFC 4507. */ | ||
| 251 | #define TLSEXT_TYPE_session_ticket 35 | ||
| 252 | |||
| 253 | /* Temporary extension type */ | ||
| 254 | #define TLSEXT_TYPE_renegotiate 0xff01 | ||
| 255 | |||
| 256 | /* This is not an IANA defined extension number */ | ||
| 257 | #define TLSEXT_TYPE_next_proto_neg 13172 | ||
| 258 | |||
| 259 | /* NameType value from RFC 3546. */ | ||
| 260 | #define TLSEXT_NAMETYPE_host_name 0 | ||
| 261 | /* status request value from RFC 3546 */ | ||
| 262 | #define TLSEXT_STATUSTYPE_ocsp 1 | ||
| 263 | |||
| 264 | /* ECPointFormat values from RFC 4492. */ | ||
| 265 | #define TLSEXT_ECPOINTFORMAT_first 0 | ||
| 266 | #define TLSEXT_ECPOINTFORMAT_uncompressed 0 | ||
| 267 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 | ||
| 268 | #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 | ||
| 269 | #define TLSEXT_ECPOINTFORMAT_last 2 | ||
| 270 | |||
| 271 | /* Signature and hash algorithms from RFC 5246. */ | ||
| 272 | |||
| 273 | #define TLSEXT_signature_anonymous 0 | ||
| 274 | #define TLSEXT_signature_rsa 1 | ||
| 275 | #define TLSEXT_signature_dsa 2 | ||
| 276 | #define TLSEXT_signature_ecdsa 3 | ||
| 277 | /* FIXME IANA */ | ||
| 278 | #define TLSEXT_signature_gostr01 237 | ||
| 279 | #define TLSEXT_signature_gostr12_256 238 | ||
| 280 | #define TLSEXT_signature_gostr12_512 239 | ||
| 281 | |||
| 282 | #define TLSEXT_hash_none 0 | ||
| 283 | #define TLSEXT_hash_md5 1 | ||
| 284 | #define TLSEXT_hash_sha1 2 | ||
| 285 | #define TLSEXT_hash_sha224 3 | ||
| 286 | #define TLSEXT_hash_sha256 4 | ||
| 287 | #define TLSEXT_hash_sha384 5 | ||
| 288 | #define TLSEXT_hash_sha512 6 | ||
| 289 | /* FIXME IANA */ | ||
| 290 | #define TLSEXT_hash_gost94 237 | ||
| 291 | #define TLSEXT_hash_streebog_256 238 | ||
| 292 | #define TLSEXT_hash_streebog_512 239 | ||
| 293 | |||
| 294 | #define TLSEXT_MAXLEN_host_name 255 | ||
| 295 | |||
| 296 | const char *SSL_get_servername(const SSL *s, const int type); | ||
| 297 | int SSL_get_servername_type(const SSL *s); | ||
| 298 | /* SSL_export_keying_material exports a value derived from the master secret, | ||
| 299 | * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and | ||
| 300 | * optional context. (Since a zero length context is allowed, the |use_context| | ||
| 301 | * flag controls whether a context is included.) | ||
| 302 | * | ||
| 303 | * It returns 1 on success and zero otherwise. | ||
| 304 | */ | ||
| 305 | int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, | ||
| 306 | const char *label, size_t llen, const unsigned char *p, size_t plen, | ||
| 307 | int use_context); | ||
| 308 | |||
| 309 | #define SSL_set_tlsext_host_name(s,name) \ | ||
| 310 | SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) | ||
| 311 | |||
| 312 | #define SSL_set_tlsext_debug_callback(ssl, cb) \ | ||
| 313 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) | ||
| 314 | |||
| 315 | #define SSL_set_tlsext_debug_arg(ssl, arg) \ | ||
| 316 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) | ||
| 317 | |||
| 318 | #define SSL_set_tlsext_status_type(ssl, type) \ | ||
| 319 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) | ||
| 320 | |||
| 321 | #define SSL_get_tlsext_status_exts(ssl, arg) \ | ||
| 322 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
| 323 | |||
| 324 | #define SSL_set_tlsext_status_exts(ssl, arg) \ | ||
| 325 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) | ||
| 326 | |||
| 327 | #define SSL_get_tlsext_status_ids(ssl, arg) \ | ||
| 328 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
| 329 | |||
| 330 | #define SSL_set_tlsext_status_ids(ssl, arg) \ | ||
| 331 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) | ||
| 332 | |||
| 333 | #define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ | ||
| 334 | SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) | ||
| 335 | |||
| 336 | #define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ | ||
| 337 | SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) | ||
| 338 | |||
| 339 | #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ | ||
| 340 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) | ||
| 341 | |||
| 342 | #define SSL_TLSEXT_ERR_OK 0 | ||
| 343 | #define SSL_TLSEXT_ERR_ALERT_WARNING 1 | ||
| 344 | #define SSL_TLSEXT_ERR_ALERT_FATAL 2 | ||
| 345 | #define SSL_TLSEXT_ERR_NOACK 3 | ||
| 346 | |||
| 347 | #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ | ||
| 348 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) | ||
| 349 | |||
| 350 | #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
| 351 | SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) | ||
| 352 | #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ | ||
| 353 | SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) | ||
| 354 | |||
| 355 | #define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ | ||
| 356 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) | ||
| 357 | |||
| 358 | #define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ | ||
| 359 | SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) | ||
| 360 | |||
| 361 | #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ | ||
| 362 | SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) | ||
| 363 | |||
| 364 | /* PSK ciphersuites from RFC 4279. */ | ||
| 365 | #define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A | ||
| 366 | #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B | ||
| 367 | #define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C | ||
| 368 | #define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D | ||
| 369 | |||
| 370 | /* Additional TLS ciphersuites from expired Internet Draft | ||
| 371 | * draft-ietf-tls-56-bit-ciphersuites-01.txt | ||
| 372 | * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see | ||
| 373 | * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably | ||
| 374 | * shouldn't. Note that the first two are actually not in the IDs. */ | ||
| 375 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ | ||
| 376 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ | ||
| 377 | #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 | ||
| 378 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 | ||
| 379 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 | ||
| 380 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 | ||
| 381 | #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 | ||
| 382 | |||
| 383 | /* AES ciphersuites from RFC 3268. */ | ||
| 384 | |||
| 385 | #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F | ||
| 386 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 | ||
| 387 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 | ||
| 388 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 | ||
| 389 | #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 | ||
| 390 | #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 | ||
| 391 | |||
| 392 | #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 | ||
| 393 | #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 | ||
| 394 | #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 | ||
| 395 | #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 | ||
| 396 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 | ||
| 397 | #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A | ||
| 398 | |||
| 399 | /* TLS v1.2 ciphersuites */ | ||
| 400 | #define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B | ||
| 401 | #define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C | ||
| 402 | #define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D | ||
| 403 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E | ||
| 404 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F | ||
| 405 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 | ||
| 406 | |||
| 407 | /* Camellia ciphersuites from RFC 4132. */ | ||
| 408 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 | ||
| 409 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 | ||
| 410 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 | ||
| 411 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 | ||
| 412 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 | ||
| 413 | #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 | ||
| 414 | |||
| 415 | /* TLS v1.2 ciphersuites */ | ||
| 416 | #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 | ||
| 417 | #define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 | ||
| 418 | #define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 | ||
| 419 | #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A | ||
| 420 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B | ||
| 421 | #define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C | ||
| 422 | #define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D | ||
| 423 | |||
| 424 | /* Camellia ciphersuites from RFC 4132. */ | ||
| 425 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 | ||
| 426 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 | ||
| 427 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 | ||
| 428 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 | ||
| 429 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 | ||
| 430 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 | ||
| 431 | |||
| 432 | /* SEED ciphersuites from RFC 4162. */ | ||
| 433 | #define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 | ||
| 434 | #define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 | ||
| 435 | #define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 | ||
| 436 | #define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 | ||
| 437 | #define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A | ||
| 438 | #define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B | ||
| 439 | |||
| 440 | /* TLS v1.2 GCM ciphersuites from RFC 5288. */ | ||
| 441 | #define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C | ||
| 442 | #define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D | ||
| 443 | #define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E | ||
| 444 | #define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F | ||
| 445 | #define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 | ||
| 446 | #define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 | ||
| 447 | #define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 | ||
| 448 | #define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 | ||
| 449 | #define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 | ||
| 450 | #define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 | ||
| 451 | #define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 | ||
| 452 | #define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 | ||
| 453 | |||
| 454 | /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ | ||
| 455 | #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA | ||
| 456 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB | ||
| 457 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC | ||
| 458 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD | ||
| 459 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE | ||
| 460 | #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF | ||
| 461 | |||
| 462 | #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 | ||
| 463 | #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 | ||
| 464 | #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 | ||
| 465 | #define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 | ||
| 466 | #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 | ||
| 467 | #define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 | ||
| 468 | |||
| 469 | /* ECC ciphersuites from RFC 4492. */ | ||
| 470 | #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 | ||
| 471 | #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 | ||
| 472 | #define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 | ||
| 473 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 | ||
| 474 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 | ||
| 475 | |||
| 476 | #define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 | ||
| 477 | #define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 | ||
| 478 | #define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 | ||
| 479 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 | ||
| 480 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A | ||
| 481 | |||
| 482 | #define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B | ||
| 483 | #define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C | ||
| 484 | #define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D | ||
| 485 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E | ||
| 486 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F | ||
| 487 | |||
| 488 | #define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 | ||
| 489 | #define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 | ||
| 490 | #define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 | ||
| 491 | #define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 | ||
| 492 | #define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 | ||
| 493 | |||
| 494 | #define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 | ||
| 495 | #define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 | ||
| 496 | #define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 | ||
| 497 | #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 | ||
| 498 | #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 | ||
| 499 | |||
| 500 | /* SRP ciphersuites from RFC 5054. */ | ||
| 501 | #define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A | ||
| 502 | #define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B | ||
| 503 | #define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C | ||
| 504 | #define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D | ||
| 505 | #define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E | ||
| 506 | #define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F | ||
| 507 | #define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 | ||
| 508 | #define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 | ||
| 509 | #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 | ||
| 510 | |||
| 511 | /* ECDH HMAC based ciphersuites from RFC 5289. */ | ||
| 512 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 | ||
| 513 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 | ||
| 514 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 | ||
| 515 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 | ||
| 516 | #define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 | ||
| 517 | #define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 | ||
| 518 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 | ||
| 519 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A | ||
| 520 | |||
| 521 | /* ECDH GCM based ciphersuites from RFC 5289. */ | ||
| 522 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B | ||
| 523 | #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C | ||
| 524 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D | ||
| 525 | #define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E | ||
| 526 | #define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F | ||
| 527 | #define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 | ||
| 528 | #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 | ||
| 529 | #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 | ||
| 530 | |||
| 531 | /* ChaCha20-Poly1305 based ciphersuites. */ | ||
| 532 | #define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13 | ||
| 533 | #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14 | ||
| 534 | #define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15 | ||
| 535 | |||
| 536 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" | ||
| 537 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" | ||
| 538 | #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" | ||
| 539 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" | ||
| 540 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" | ||
| 541 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" | ||
| 542 | #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" | ||
| 543 | |||
| 544 | /* AES ciphersuites from RFC 3268. */ | ||
| 545 | #define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" | ||
| 546 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" | ||
| 547 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" | ||
| 548 | #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" | ||
| 549 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" | ||
| 550 | #define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" | ||
| 551 | |||
| 552 | #define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" | ||
| 553 | #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" | ||
| 554 | #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" | ||
| 555 | #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" | ||
| 556 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" | ||
| 557 | #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" | ||
| 558 | |||
| 559 | /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ | ||
| 560 | #define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" | ||
| 561 | #define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" | ||
| 562 | #define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" | ||
| 563 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" | ||
| 564 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" | ||
| 565 | |||
| 566 | #define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" | ||
| 567 | #define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" | ||
| 568 | #define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" | ||
| 569 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" | ||
| 570 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" | ||
| 571 | |||
| 572 | #define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" | ||
| 573 | #define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" | ||
| 574 | #define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" | ||
| 575 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" | ||
| 576 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" | ||
| 577 | |||
| 578 | #define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" | ||
| 579 | #define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" | ||
| 580 | #define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" | ||
| 581 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" | ||
| 582 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" | ||
| 583 | |||
| 584 | #define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" | ||
| 585 | #define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" | ||
| 586 | #define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" | ||
| 587 | #define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" | ||
| 588 | #define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" | ||
| 589 | |||
| 590 | /* PSK ciphersuites from RFC 4279. */ | ||
| 591 | #define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" | ||
| 592 | #define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" | ||
| 593 | #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" | ||
| 594 | #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" | ||
| 595 | |||
| 596 | /* SRP ciphersuite from RFC 5054. */ | ||
| 597 | #define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" | ||
| 598 | #define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" | ||
| 599 | #define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" | ||
| 600 | #define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" | ||
| 601 | #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" | ||
| 602 | #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" | ||
| 603 | #define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" | ||
| 604 | #define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" | ||
| 605 | #define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" | ||
| 606 | |||
| 607 | /* Camellia ciphersuites from RFC 4132. */ | ||
| 608 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" | ||
| 609 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" | ||
| 610 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" | ||
| 611 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" | ||
| 612 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" | ||
| 613 | #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" | ||
| 614 | |||
| 615 | #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" | ||
| 616 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" | ||
| 617 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" | ||
| 618 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" | ||
| 619 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" | ||
| 620 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" | ||
| 621 | |||
| 622 | /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ | ||
| 623 | #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" | ||
| 624 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" | ||
| 625 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" | ||
| 626 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" | ||
| 627 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" | ||
| 628 | #define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" | ||
| 629 | |||
| 630 | #define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" | ||
| 631 | #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" | ||
| 632 | #define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" | ||
| 633 | #define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" | ||
| 634 | #define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" | ||
| 635 | #define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" | ||
| 636 | |||
| 637 | /* SEED ciphersuites from RFC 4162. */ | ||
| 638 | #define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" | ||
| 639 | #define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" | ||
| 640 | #define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" | ||
| 641 | #define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" | ||
| 642 | #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" | ||
| 643 | #define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" | ||
| 644 | |||
| 645 | /* TLS v1.2 ciphersuites. */ | ||
| 646 | #define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" | ||
| 647 | #define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" | ||
| 648 | #define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" | ||
| 649 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" | ||
| 650 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" | ||
| 651 | #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" | ||
| 652 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" | ||
| 653 | #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" | ||
| 654 | #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" | ||
| 655 | #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" | ||
| 656 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" | ||
| 657 | #define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" | ||
| 658 | #define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" | ||
| 659 | |||
| 660 | /* TLS v1.2 GCM ciphersuites from RFC 5288. */ | ||
| 661 | #define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" | ||
| 662 | #define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" | ||
| 663 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" | ||
| 664 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" | ||
| 665 | #define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" | ||
| 666 | #define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" | ||
| 667 | #define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" | ||
| 668 | #define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" | ||
| 669 | #define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" | ||
| 670 | #define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" | ||
| 671 | #define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" | ||
| 672 | #define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" | ||
| 673 | |||
| 674 | /* ECDH HMAC based ciphersuites from RFC 5289. */ | ||
| 675 | |||
| 676 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" | ||
| 677 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" | ||
| 678 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" | ||
| 679 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" | ||
| 680 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" | ||
| 681 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" | ||
| 682 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" | ||
| 683 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" | ||
| 684 | |||
| 685 | /* ECDH GCM based ciphersuites from RFC 5289. */ | ||
| 686 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" | ||
| 687 | #define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" | ||
| 688 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" | ||
| 689 | #define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" | ||
| 690 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" | ||
| 691 | #define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" | ||
| 692 | #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" | ||
| 693 | #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" | ||
| 694 | |||
| 695 | /* ChaCha20-Poly1305 based ciphersuites. */ | ||
| 696 | #define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" | ||
| 697 | #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" | ||
| 698 | #define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" | ||
| 699 | |||
| 700 | #define TLS_CT_RSA_SIGN 1 | ||
| 701 | #define TLS_CT_DSS_SIGN 2 | ||
| 702 | #define TLS_CT_RSA_FIXED_DH 3 | ||
| 703 | #define TLS_CT_DSS_FIXED_DH 4 | ||
| 704 | #define TLS_CT_ECDSA_SIGN 64 | ||
| 705 | #define TLS_CT_RSA_FIXED_ECDH 65 | ||
| 706 | #define TLS_CT_ECDSA_FIXED_ECDH 66 | ||
| 707 | #define TLS_CT_GOST94_SIGN 21 | ||
| 708 | #define TLS_CT_GOST01_SIGN 22 | ||
| 709 | #define TLS_CT_GOST12_256_SIGN 238 /* FIXME: IANA */ | ||
| 710 | #define TLS_CT_GOST12_512_SIGN 239 /* FIXME: IANA */ | ||
| 711 | /* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see | ||
| 712 | * comment there) */ | ||
| 713 | #define TLS_CT_NUMBER 11 | ||
| 714 | |||
| 715 | #define TLS1_FINISH_MAC_LENGTH 12 | ||
| 716 | |||
| 717 | #define TLS_MD_MAX_CONST_SIZE 20 | ||
| 718 | #define TLS_MD_CLIENT_FINISH_CONST "client finished" | ||
| 719 | #define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 | ||
| 720 | #define TLS_MD_SERVER_FINISH_CONST "server finished" | ||
| 721 | #define TLS_MD_SERVER_FINISH_CONST_SIZE 15 | ||
| 722 | #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" | ||
| 723 | #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 | ||
| 724 | #define TLS_MD_KEY_EXPANSION_CONST "key expansion" | ||
| 725 | #define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 | ||
| 726 | #define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" | ||
| 727 | #define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 | ||
| 728 | #define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" | ||
| 729 | #define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 | ||
| 730 | #define TLS_MD_IV_BLOCK_CONST "IV block" | ||
| 731 | #define TLS_MD_IV_BLOCK_CONST_SIZE 8 | ||
| 732 | #define TLS_MD_MASTER_SECRET_CONST "master secret" | ||
| 733 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 | ||
| 734 | |||
| 735 | /* TLS Session Ticket extension struct. */ | ||
| 736 | struct tls_session_ticket_ext_st { | ||
| 737 | unsigned short length; | ||
| 738 | void *data; | ||
| 739 | }; | ||
| 740 | |||
| 741 | #ifdef __cplusplus | ||
| 742 | } | ||
| 743 | #endif | ||
| 744 | #endif | ||