summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/bio_ssl.c21
-rw-r--r--src/lib/libssl/d1_both.c627
-rw-r--r--src/lib/libssl/d1_clnt.c451
-rw-r--r--src/lib/libssl/d1_enc.c31
-rw-r--r--src/lib/libssl/d1_lib.c235
-rw-r--r--src/lib/libssl/d1_meth.c4
-rw-r--r--src/lib/libssl/d1_pkt.c543
-rw-r--r--src/lib/libssl/d1_srvr.c540
-rw-r--r--src/lib/libssl/doc/openssl.cnf57
-rw-r--r--src/lib/libssl/doc/standards.txt4
-rw-r--r--src/lib/libssl/dtls1.h61
-rw-r--r--src/lib/libssl/s23_clnt.c221
-rw-r--r--src/lib/libssl/s23_lib.c12
-rw-r--r--src/lib/libssl/s23_srvr.c41
-rw-r--r--src/lib/libssl/s3_both.c315
-rw-r--r--src/lib/libssl/s3_clnt.c624
-rw-r--r--src/lib/libssl/s3_lib.c2244
-rw-r--r--src/lib/libssl/s3_pkt.c282
-rw-r--r--src/lib/libssl/s3_srvr.c855
-rw-r--r--src/lib/libssl/ssl.h539
-rw-r--r--src/lib/libssl/ssl3.h124
-rw-r--r--src/lib/libssl/ssl_algs.c18
-rw-r--r--src/lib/libssl/ssl_asn1.c167
-rw-r--r--src/lib/libssl/ssl_cert.c17
-rw-r--r--src/lib/libssl/ssl_ciph.c1019
-rw-r--r--src/lib/libssl/ssl_err.c57
-rw-r--r--src/lib/libssl/ssl_lib.c614
-rw-r--r--src/lib/libssl/ssl_locl.h300
-rw-r--r--src/lib/libssl/ssl_rsa.c2
-rw-r--r--src/lib/libssl/ssl_sess.c253
-rw-r--r--src/lib/libssl/ssl_stat.c61
-rw-r--r--src/lib/libssl/ssl_txt.c43
-rw-r--r--src/lib/libssl/t1_clnt.c4
-rw-r--r--src/lib/libssl/t1_enc.c509
-rw-r--r--src/lib/libssl/t1_lib.c917
-rw-r--r--src/lib/libssl/t1_meth.c4
-rw-r--r--src/lib/libssl/t1_reneg.c292
-rw-r--r--src/lib/libssl/t1_srvr.c4
-rw-r--r--src/lib/libssl/test/CAss.cnf2
-rw-r--r--src/lib/libssl/test/CAtsa.cnf163
-rw-r--r--src/lib/libssl/test/Uss.cnf2
-rwxr-xr-xsrc/lib/libssl/test/asn1test.c22
-rw-r--r--src/lib/libssl/test/cms-test.pl18
-rw-r--r--src/lib/libssl/test/pkits-test.pl940
-rwxr-xr-xsrc/lib/libssl/test/test_padlock64
-rw-r--r--src/lib/libssl/test/testssl6
-rw-r--r--src/lib/libssl/test/testtsa238
-rw-r--r--src/lib/libssl/test/times16
-rw-r--r--src/lib/libssl/tls1.h147
49 files changed, 10589 insertions, 3141 deletions
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index 420deb7fc9..af319af302 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -398,17 +398,19 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
398 } 398 }
399 break; 399 break;
400 case BIO_CTRL_POP: 400 case BIO_CTRL_POP:
401 /* ugly bit of a hack */ 401 /* Only detach if we are the BIO explicitly being popped */
402 if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */ 402 if (b == ptr)
403 { 403 {
404 BIO_free_all(ssl->wbio); 404 /* Shouldn't happen in practice because the
405 } 405 * rbio and wbio are the same when pushed.
406 if (b->next_bio != NULL) 406 */
407 { 407 if (ssl->rbio != ssl->wbio)
408 CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); 408 BIO_free_all(ssl->wbio);
409 if (b->next_bio != NULL)
410 CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
411 ssl->wbio=NULL;
412 ssl->rbio=NULL;
409 } 413 }
410 ssl->wbio=NULL;
411 ssl->rbio=NULL;
412 break; 414 break;
413 case BIO_C_DO_STATE_MACHINE: 415 case BIO_C_DO_STATE_MACHINE:
414 BIO_clear_retry_flags(b); 416 BIO_clear_retry_flags(b);
@@ -543,7 +545,6 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
543 return(ret); 545 return(ret);
544err: 546err:
545 if (con != NULL) BIO_free(con); 547 if (con != NULL) BIO_free(con);
546 if (ret != NULL) BIO_free(ret);
547 return(NULL); 548 return(NULL);
548 } 549 }
549 550
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 15a201a25c..4ce4064cc9 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -123,6 +123,37 @@
123#include <openssl/evp.h> 123#include <openssl/evp.h>
124#include <openssl/x509.h> 124#include <openssl/x509.h>
125 125
126#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
127
128#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
129 if ((end) - (start) <= 8) { \
130 long ii; \
131 for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
132 } else { \
133 long ii; \
134 bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
135 for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
136 bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
137 } }
138
139#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
140 long ii; \
141 OPENSSL_assert((msg_len) > 0); \
142 is_complete = 1; \
143 if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
144 if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
145 if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
146
147#if 0
148#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
149 long ii; \
150 printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
151 printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
152 printf("\n"); }
153#endif
154
155static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
156static unsigned char bitmask_end_values[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
126 157
127/* XDTLS: figure out the right values */ 158/* XDTLS: figure out the right values */
128static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -136,15 +167,15 @@ static unsigned char *dtls1_write_message_header(SSL *s,
136static void dtls1_set_message_header_int(SSL *s, unsigned char mt, 167static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
137 unsigned long len, unsigned short seq_num, unsigned long frag_off, 168 unsigned long len, unsigned short seq_num, unsigned long frag_off,
138 unsigned long frag_len); 169 unsigned long frag_len);
139static int dtls1_retransmit_buffered_messages(SSL *s);
140static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 170static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
141 long max, int *ok); 171 long max, int *ok);
142 172
143static hm_fragment * 173static hm_fragment *
144dtls1_hm_fragment_new(unsigned long frag_len) 174dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
145 { 175 {
146 hm_fragment *frag = NULL; 176 hm_fragment *frag = NULL;
147 unsigned char *buf = NULL; 177 unsigned char *buf = NULL;
178 unsigned char *bitmask = NULL;
148 179
149 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); 180 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
150 if ( frag == NULL) 181 if ( frag == NULL)
@@ -163,6 +194,21 @@ dtls1_hm_fragment_new(unsigned long frag_len)
163 /* zero length fragment gets zero frag->fragment */ 194 /* zero length fragment gets zero frag->fragment */
164 frag->fragment = buf; 195 frag->fragment = buf;
165 196
197 /* Initialize reassembly bitmask if necessary */
198 if (reassembly)
199 {
200 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
201 if (bitmask == NULL)
202 {
203 if (buf != NULL) OPENSSL_free(buf);
204 OPENSSL_free(frag);
205 return NULL;
206 }
207 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
208 }
209
210 frag->reassembly = bitmask;
211
166 return frag; 212 return frag;
167 } 213 }
168 214
@@ -170,6 +216,7 @@ static void
170dtls1_hm_fragment_free(hm_fragment *frag) 216dtls1_hm_fragment_free(hm_fragment *frag)
171 { 217 {
172 if (frag->fragment) OPENSSL_free(frag->fragment); 218 if (frag->fragment) OPENSSL_free(frag->fragment);
219 if (frag->reassembly) OPENSSL_free(frag->reassembly);
173 OPENSSL_free(frag); 220 OPENSSL_free(frag);
174 } 221 }
175 222
@@ -178,7 +225,7 @@ int dtls1_do_write(SSL *s, int type)
178 { 225 {
179 int ret; 226 int ret;
180 int curr_mtu; 227 int curr_mtu;
181 unsigned int len, frag_off; 228 unsigned int len, frag_off, mac_size, blocksize;
182 229
183 /* AHA! Figure out the MTU, and stick to the right size */ 230 /* AHA! Figure out the MTU, and stick to the right size */
184 if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) 231 if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
@@ -226,11 +273,22 @@ int dtls1_do_write(SSL *s, int type)
226 OPENSSL_assert(s->init_num == 273 OPENSSL_assert(s->init_num ==
227 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 274 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
228 275
276 if (s->write_hash)
277 mac_size = EVP_MD_CTX_size(s->write_hash);
278 else
279 mac_size = 0;
280
281 if (s->enc_write_ctx &&
282 (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
283 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
284 else
285 blocksize = 0;
286
229 frag_off = 0; 287 frag_off = 0;
230 while( s->init_num) 288 while( s->init_num)
231 { 289 {
232 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) - 290 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
233 DTLS1_RT_HEADER_LENGTH; 291 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
234 292
235 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH) 293 if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
236 { 294 {
@@ -238,7 +296,8 @@ int dtls1_do_write(SSL *s, int type)
238 ret = BIO_flush(SSL_get_wbio(s)); 296 ret = BIO_flush(SSL_get_wbio(s));
239 if ( ret <= 0) 297 if ( ret <= 0)
240 return ret; 298 return ret;
241 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH; 299 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
300 mac_size - blocksize;
242 } 301 }
243 302
244 if ( s->init_num > curr_mtu) 303 if ( s->init_num > curr_mtu)
@@ -280,7 +339,7 @@ int dtls1_do_write(SSL *s, int type)
280 * retransmit 339 * retransmit
281 */ 340 */
282 if ( BIO_ctrl(SSL_get_wbio(s), 341 if ( BIO_ctrl(SSL_get_wbio(s),
283 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL)) 342 BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
284 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), 343 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
285 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); 344 BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
286 else 345 else
@@ -301,7 +360,7 @@ int dtls1_do_write(SSL *s, int type)
301 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr; 360 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
302 int xlen; 361 int xlen;
303 362
304 if (frag_off == 0 && s->client_version != DTLS1_BAD_VER) 363 if (frag_off == 0 && s->version != DTLS1_BAD_VER)
305 { 364 {
306 /* reconstruct message header is if it 365 /* reconstruct message header is if it
307 * is being sent in single fragment */ 366 * is being sent in single fragment */
@@ -352,6 +411,8 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
352 { 411 {
353 int i, al; 412 int i, al;
354 struct hm_header_st *msg_hdr; 413 struct hm_header_st *msg_hdr;
414 unsigned char *p;
415 unsigned long msg_len;
355 416
356 /* s3->tmp is used to store messages that are unexpected, caused 417 /* s3->tmp is used to store messages that are unexpected, caused
357 * by the absence of an optional handshake message */ 418 * by the absence of an optional handshake message */
@@ -371,76 +432,55 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
371 } 432 }
372 433
373 msg_hdr = &s->d1->r_msg_hdr; 434 msg_hdr = &s->d1->r_msg_hdr;
374 do 435 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
375 {
376 if ( msg_hdr->frag_off == 0)
377 {
378 /* s->d1->r_message_header.msg_len = 0; */
379 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
380 }
381 436
382 i = dtls1_get_message_fragment(s, st1, stn, max, ok); 437again:
383 if ( i == DTLS1_HM_BAD_FRAGMENT || 438 i = dtls1_get_message_fragment(s, st1, stn, max, ok);
384 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ 439 if ( i == DTLS1_HM_BAD_FRAGMENT ||
385 continue; 440 i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
386 else if ( i <= 0 && !*ok) 441 goto again;
387 return i; 442 else if ( i <= 0 && !*ok)
443 return i;
388 444
389 /* Note that s->init_sum is used as a counter summing 445 p = (unsigned char *)s->init_buf->data;
390 * up fragments' lengths: as soon as they sum up to 446 msg_len = msg_hdr->msg_len;
391 * handshake packet length, we assume we have got all 447
392 * the fragments. Overlapping fragments would cause 448 /* reconstruct message header */
393 * premature termination, so we don't expect overlaps. 449 *(p++) = msg_hdr->type;
394 * Well, handling overlaps would require something more 450 l2n3(msg_len,p);
395 * drastic. Indeed, as it is now there is no way to 451 s2n (msg_hdr->seq,p);
396 * tell if out-of-order fragment from the middle was 452 l2n3(0,p);
397 * the last. '>=' is the best/least we can do to control 453 l2n3(msg_len,p);
398 * the potential damage caused by malformed overlaps. */ 454 if (s->version != DTLS1_BAD_VER) {
399 if ((unsigned int)s->init_num >= msg_hdr->msg_len) 455 p -= DTLS1_HM_HEADER_LENGTH;
400 { 456 msg_len += DTLS1_HM_HEADER_LENGTH;
401 unsigned char *p = (unsigned char *)s->init_buf->data; 457 }
402 unsigned long msg_len = msg_hdr->msg_len; 458
403 459 ssl3_finish_mac(s, p, msg_len);
404 /* reconstruct message header as if it was 460 if (s->msg_callback)
405 * sent in single fragment */ 461 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
406 *(p++) = msg_hdr->type; 462 p, msg_len,
407 l2n3(msg_len,p); 463 s, s->msg_callback_arg);
408 s2n (msg_hdr->seq,p); 464
409 l2n3(0,p); 465 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
410 l2n3(msg_len,p); 466
411 if (s->client_version != DTLS1_BAD_VER) 467 s->d1->handshake_read_seq++;
412 p -= DTLS1_HM_HEADER_LENGTH, 468 /* we just read a handshake message from the other side:
413 msg_len += DTLS1_HM_HEADER_LENGTH; 469 * this means that we don't need to retransmit of the
414 470 * buffered messages.
415 ssl3_finish_mac(s, p, msg_len); 471 * XDTLS: may be able clear out this
416 if (s->msg_callback) 472 * buffer a little sooner (i.e if an out-of-order
417 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 473 * handshake message/record is received at the record
418 p, msg_len, 474 * layer.
419 s, s->msg_callback_arg); 475 * XDTLS: exception is that the server needs to
420 476 * know that change cipher spec and finished messages
421 memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 477 * have been received by the client before clearing this
422 478 * buffer. this can simply be done by waiting for the
423 s->d1->handshake_read_seq++; 479 * first data segment, but is there a better way? */
424 /* we just read a handshake message from the other side: 480 dtls1_clear_record_buffer(s);
425 * this means that we don't need to retransmit of the 481
426 * buffered messages. 482 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
427 * XDTLS: may be able clear out this 483 return s->init_num;
428 * buffer a little sooner (i.e if an out-of-order
429 * handshake message/record is received at the record
430 * layer.
431 * XDTLS: exception is that the server needs to
432 * know that change cipher spec and finished messages
433 * have been received by the client before clearing this
434 * buffer. this can simply be done by waiting for the
435 * first data segment, but is there a better way? */
436 dtls1_clear_record_buffer(s);
437
438 s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
439 return s->init_num;
440 }
441 else
442 msg_hdr->frag_off = i;
443 } while(1) ;
444 484
445f_err: 485f_err:
446 ssl3_send_alert(s,SSL3_AL_FATAL,al); 486 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -474,7 +514,7 @@ static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max
474 { 514 {
475 /* msg_len is limited to 2^24, but is effectively checked 515 /* msg_len is limited to 2^24, but is effectively checked
476 * against max above */ 516 * against max above */
477 if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH)) 517 if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH))
478 { 518 {
479 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB); 519 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
480 return SSL_AD_INTERNAL_ERROR; 520 return SSL_AD_INTERNAL_ERROR;
@@ -516,9 +556,14 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
516 return 0; 556 return 0;
517 557
518 frag = (hm_fragment *)item->data; 558 frag = (hm_fragment *)item->data;
559
560 /* Don't return if reassembly still in progress */
561 if (frag->reassembly != NULL)
562 return 0;
519 563
520 if ( s->d1->handshake_read_seq == frag->msg_header.seq) 564 if ( s->d1->handshake_read_seq == frag->msg_header.seq)
521 { 565 {
566 unsigned long frag_len = frag->msg_header.frag_len;
522 pqueue_pop(s->d1->buffered_messages); 567 pqueue_pop(s->d1->buffered_messages);
523 568
524 al=dtls1_preprocess_fragment(s,&frag->msg_header,max); 569 al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +581,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
536 if (al==0) 581 if (al==0)
537 { 582 {
538 *ok = 1; 583 *ok = 1;
539 return frag->msg_header.frag_len; 584 return frag_len;
540 } 585 }
541 586
542 ssl3_send_alert(s,SSL3_AL_FATAL,al); 587 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -550,18 +595,50 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
550 595
551 596
552static int 597static int
553dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) 598dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
554{ 599 {
555 int i=-1;
556 hm_fragment *frag = NULL; 600 hm_fragment *frag = NULL;
557 pitem *item = NULL; 601 pitem *item = NULL;
558 PQ_64BIT seq64; 602 int i = -1, is_complete;
559 unsigned long frag_len = msg_hdr->frag_len; 603 unsigned char seq64be[8];
604 unsigned long frag_len = msg_hdr->frag_len, max_len;
560 605
561 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) 606 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
562 goto err; 607 goto err;
563 608
564 if (msg_hdr->seq <= s->d1->handshake_read_seq) 609 /* Determine maximum allowed message size. Depends on (user set)
610 * maximum certificate length, but 16k is minimum.
611 */
612 if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH < s->max_cert_list)
613 max_len = s->max_cert_list;
614 else
615 max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
616
617 if ((msg_hdr->frag_off+frag_len) > max_len)
618 goto err;
619
620 /* Try to find item in queue */
621 memset(seq64be,0,sizeof(seq64be));
622 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
623 seq64be[7] = (unsigned char) msg_hdr->seq;
624 item = pqueue_find(s->d1->buffered_messages, seq64be);
625
626 if (item == NULL)
627 {
628 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
629 if ( frag == NULL)
630 goto err;
631 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
632 frag->msg_header.frag_len = frag->msg_header.msg_len;
633 frag->msg_header.frag_off = 0;
634 }
635 else
636 frag = (hm_fragment*) item->data;
637
638 /* If message is already reassembled, this must be a
639 * retransmit and can be dropped.
640 */
641 if (frag->reassembly == NULL)
565 { 642 {
566 unsigned char devnull [256]; 643 unsigned char devnull [256];
567 644
@@ -573,32 +650,128 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
573 if (i<=0) goto err; 650 if (i<=0) goto err;
574 frag_len -= i; 651 frag_len -= i;
575 } 652 }
653 return DTLS1_HM_FRAGMENT_RETRY;
576 } 654 }
577 655
578 frag = dtls1_hm_fragment_new(frag_len); 656 /* read the body of the fragment (header has already been read */
579 if ( frag == NULL) 657 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
658 frag->fragment + msg_hdr->frag_off,frag_len,0);
659 if (i<=0 || (unsigned long)i!=frag_len)
580 goto err; 660 goto err;
581 661
582 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); 662 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
663 (long)(msg_hdr->frag_off + frag_len));
583 664
584 if (frag_len) 665 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
666 is_complete);
667
668 if (is_complete)
669 {
670 OPENSSL_free(frag->reassembly);
671 frag->reassembly = NULL;
672 }
673
674 if (item == NULL)
585 { 675 {
586 /* read the body of the fragment (header has already been read */ 676 memset(seq64be,0,sizeof(seq64be));
587 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE, 677 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
588 frag->fragment,frag_len,0); 678 seq64be[7] = (unsigned char)(msg_hdr->seq);
589 if (i<=0 || (unsigned long)i!=frag_len) 679
680 item = pitem_new(seq64be, frag);
681 if (item == NULL)
682 {
590 goto err; 683 goto err;
684 i = -1;
685 }
686
687 pqueue_insert(s->d1->buffered_messages, item);
591 } 688 }
592 689
593 pq_64bit_init(&seq64); 690 return DTLS1_HM_FRAGMENT_RETRY;
594 pq_64bit_assign_word(&seq64, msg_hdr->seq); 691
692err:
693 if (frag != NULL) dtls1_hm_fragment_free(frag);
694 if (item != NULL) OPENSSL_free(item);
695 *ok = 0;
696 return i;
697 }
698
595 699
596 item = pitem_new(seq64, frag); 700static int
597 pq_64bit_free(&seq64); 701dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
598 if ( item == NULL) 702{
703 int i=-1;
704 hm_fragment *frag = NULL;
705 pitem *item = NULL;
706 unsigned char seq64be[8];
707 unsigned long frag_len = msg_hdr->frag_len;
708
709 if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
599 goto err; 710 goto err;
600 711
601 pqueue_insert(s->d1->buffered_messages, item); 712 /* Try to find item in queue, to prevent duplicate entries */
713 memset(seq64be,0,sizeof(seq64be));
714 seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
715 seq64be[7] = (unsigned char) msg_hdr->seq;
716 item = pqueue_find(s->d1->buffered_messages, seq64be);
717
718 /* If we already have an entry and this one is a fragment,
719 * don't discard it and rather try to reassemble it.
720 */
721 if (item != NULL && frag_len < msg_hdr->msg_len)
722 item = NULL;
723
724 /* Discard the message if sequence number was already there, is
725 * too far in the future, already in the queue or if we received
726 * a FINISHED before the SERVER_HELLO, which then must be a stale
727 * retransmit.
728 */
729 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
730 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
731 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
732 {
733 unsigned char devnull [256];
734
735 while (frag_len)
736 {
737 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
738 devnull,
739 frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
740 if (i<=0) goto err;
741 frag_len -= i;
742 }
743 }
744 else
745 {
746 if (frag_len && frag_len < msg_hdr->msg_len)
747 return dtls1_reassemble_fragment(s, msg_hdr, ok);
748
749 frag = dtls1_hm_fragment_new(frag_len, 0);
750 if ( frag == NULL)
751 goto err;
752
753 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
754
755 if (frag_len)
756 {
757 /* read the body of the fragment (header has already been read */
758 i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
759 frag->fragment,frag_len,0);
760 if (i<=0 || (unsigned long)i!=frag_len)
761 goto err;
762 }
763
764 memset(seq64be,0,sizeof(seq64be));
765 seq64be[6] = (unsigned char)(msg_hdr->seq>>8);
766 seq64be[7] = (unsigned char)(msg_hdr->seq);
767
768 item = pitem_new(seq64be, frag);
769 if ( item == NULL)
770 goto err;
771
772 pqueue_insert(s->d1->buffered_messages, item);
773 }
774
602 return DTLS1_HM_FRAGMENT_RETRY; 775 return DTLS1_HM_FRAGMENT_RETRY;
603 776
604err: 777err:
@@ -613,14 +786,14 @@ static long
613dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) 786dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
614 { 787 {
615 unsigned char wire[DTLS1_HM_HEADER_LENGTH]; 788 unsigned char wire[DTLS1_HM_HEADER_LENGTH];
616 unsigned long l, frag_off, frag_len; 789 unsigned long len, frag_off, frag_len;
617 int i,al; 790 int i,al;
618 struct hm_header_st msg_hdr; 791 struct hm_header_st msg_hdr;
619 792
620 /* see if we have the required fragment already */ 793 /* see if we have the required fragment already */
621 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) 794 if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
622 { 795 {
623 if (*ok) s->init_num += frag_len; 796 if (*ok) s->init_num = frag_len;
624 return frag_len; 797 return frag_len;
625 } 798 }
626 799
@@ -645,10 +818,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
645 if ( msg_hdr.seq != s->d1->handshake_read_seq) 818 if ( msg_hdr.seq != s->d1->handshake_read_seq)
646 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 819 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
647 820
648 l = msg_hdr.msg_len; 821 len = msg_hdr.msg_len;
649 frag_off = msg_hdr.frag_off; 822 frag_off = msg_hdr.frag_off;
650 frag_len = msg_hdr.frag_len; 823 frag_len = msg_hdr.frag_len;
651 824
825 if (frag_len && frag_len < len)
826 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
827
652 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 && 828 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
653 wire[0] == SSL3_MT_HELLO_REQUEST) 829 wire[0] == SSL3_MT_HELLO_REQUEST)
654 { 830 {
@@ -708,7 +884,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
708 * s->init_buf->data, but as a counter summing up fragments' 884 * s->init_buf->data, but as a counter summing up fragments'
709 * lengths: as soon as they sum up to handshake packet 885 * lengths: as soon as they sum up to handshake packet
710 * length, we assume we have got all the fragments. */ 886 * length, we assume we have got all the fragments. */
711 s->init_num += frag_len; 887 s->init_num = frag_len;
712 return frag_len; 888 return frag_len;
713 889
714f_err: 890f_err:
@@ -731,14 +907,30 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
731 p= &(d[DTLS1_HM_HEADER_LENGTH]); 907 p= &(d[DTLS1_HM_HEADER_LENGTH]);
732 908
733 i=s->method->ssl3_enc->final_finish_mac(s, 909 i=s->method->ssl3_enc->final_finish_mac(s,
734 &(s->s3->finish_dgst1),
735 &(s->s3->finish_dgst2),
736 sender,slen,s->s3->tmp.finish_md); 910 sender,slen,s->s3->tmp.finish_md);
737 s->s3->tmp.finish_md_len = i; 911 s->s3->tmp.finish_md_len = i;
738 memcpy(p, s->s3->tmp.finish_md, i); 912 memcpy(p, s->s3->tmp.finish_md, i);
739 p+=i; 913 p+=i;
740 l=i; 914 l=i;
741 915
916 /* Copy the finished so we can use it for
917 * renegotiation checks
918 */
919 if(s->type == SSL_ST_CONNECT)
920 {
921 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
922 memcpy(s->s3->previous_client_finished,
923 s->s3->tmp.finish_md, i);
924 s->s3->previous_client_finished_len=i;
925 }
926 else
927 {
928 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
929 memcpy(s->s3->previous_server_finished,
930 s->s3->tmp.finish_md, i);
931 s->s3->previous_server_finished_len=i;
932 }
933
742#ifdef OPENSSL_SYS_WIN16 934#ifdef OPENSSL_SYS_WIN16
743 /* MSVC 1.5 does not clear the top bytes of the word unless 935 /* MSVC 1.5 does not clear the top bytes of the word unless
744 * I do this. 936 * I do this.
@@ -779,12 +971,11 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
779 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; 971 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
780 s->init_num=DTLS1_CCS_HEADER_LENGTH; 972 s->init_num=DTLS1_CCS_HEADER_LENGTH;
781 973
782 if (s->client_version == DTLS1_BAD_VER) 974 if (s->version == DTLS1_BAD_VER) {
783 {
784 s->d1->next_handshake_write_seq++; 975 s->d1->next_handshake_write_seq++;
785 s2n(s->d1->handshake_write_seq,p); 976 s2n(s->d1->handshake_write_seq,p);
786 s->init_num+=2; 977 s->init_num+=2;
787 } 978 }
788 979
789 s->init_off=0; 980 s->init_off=0;
790 981
@@ -801,14 +992,30 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
801 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 992 return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
802 } 993 }
803 994
995static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
996 {
997 int n;
998 unsigned char *p;
999
1000 n=i2d_X509(x,NULL);
1001 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
1002 {
1003 SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
1004 return 0;
1005 }
1006 p=(unsigned char *)&(buf->data[*l]);
1007 l2n3(n,p);
1008 i2d_X509(x,&p);
1009 *l+=n+3;
1010
1011 return 1;
1012 }
804unsigned long dtls1_output_cert_chain(SSL *s, X509 *x) 1013unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
805 { 1014 {
806 unsigned char *p; 1015 unsigned char *p;
807 int n,i; 1016 int i;
808 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH; 1017 unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
809 BUF_MEM *buf; 1018 BUF_MEM *buf;
810 X509_STORE_CTX xs_ctx;
811 X509_OBJECT obj;
812 1019
813 /* TLSv1 sends a chain with nothing in it, instead of an alert */ 1020 /* TLSv1 sends a chain with nothing in it, instead of an alert */
814 buf=s->init_buf; 1021 buf=s->init_buf;
@@ -819,54 +1026,35 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
819 } 1026 }
820 if (x != NULL) 1027 if (x != NULL)
821 { 1028 {
822 if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) 1029 X509_STORE_CTX xs_ctx;
823 { 1030
824 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 1031 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
825 return(0); 1032 {
826 } 1033 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
827 1034 return(0);
828 for (;;) 1035 }
829 { 1036
830 n=i2d_X509(x,NULL); 1037 X509_verify_cert(&xs_ctx);
831 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) 1038 /* Don't leave errors in the queue */
832 { 1039 ERR_clear_error();
833 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 1040 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
834 return(0); 1041 {
835 } 1042 x = sk_X509_value(xs_ctx.chain, i);
836 p=(unsigned char *)&(buf->data[l]); 1043
837 l2n3(n,p); 1044 if (!dtls1_add_cert_to_buf(buf, &l, x))
838 i2d_X509(x,&p); 1045 {
839 l+=n+3; 1046 X509_STORE_CTX_cleanup(&xs_ctx);
840 if (X509_NAME_cmp(X509_get_subject_name(x), 1047 return 0;
841 X509_get_issuer_name(x)) == 0) break; 1048 }
842 1049 }
843 i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, 1050 X509_STORE_CTX_cleanup(&xs_ctx);
844 X509_get_issuer_name(x),&obj); 1051 }
845 if (i <= 0) break; 1052 /* Thawte special :-) */
846 x=obj.data.x509;
847 /* Count is one too high since the X509_STORE_get uped the
848 * ref count */
849 X509_free(x);
850 }
851
852 X509_STORE_CTX_cleanup(&xs_ctx);
853 }
854
855 /* Thawte special :-) */
856 if (s->ctx->extra_certs != NULL)
857 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 1053 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
858 { 1054 {
859 x=sk_X509_value(s->ctx->extra_certs,i); 1055 x=sk_X509_value(s->ctx->extra_certs,i);
860 n=i2d_X509(x,NULL); 1056 if (!dtls1_add_cert_to_buf(buf, &l, x))
861 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) 1057 return 0;
862 {
863 SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
864 return(0);
865 }
866 p=(unsigned char *)&(buf->data[l]);
867 l2n3(n,p);
868 i2d_X509(x,&p);
869 l+=n+3;
870 } 1058 }
871 1059
872 l-= (3 + DTLS1_HM_HEADER_LENGTH); 1060 l-= (3 + DTLS1_HM_HEADER_LENGTH);
@@ -883,18 +1071,13 @@ unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
883 1071
884int dtls1_read_failed(SSL *s, int code) 1072int dtls1_read_failed(SSL *s, int code)
885 { 1073 {
886 DTLS1_STATE *state;
887 BIO *bio;
888 int send_alert = 0;
889
890 if ( code > 0) 1074 if ( code > 0)
891 { 1075 {
892 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__); 1076 fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
893 return 1; 1077 return 1;
894 } 1078 }
895 1079
896 bio = SSL_get_rbio(s); 1080 if (!dtls1_is_timer_expired(s))
897 if ( ! BIO_dgram_recv_timedout(bio))
898 { 1081 {
899 /* not a timeout, none of our business, 1082 /* not a timeout, none of our business,
900 let higher layers handle this. in fact it's probably an error */ 1083 let higher layers handle this. in fact it's probably an error */
@@ -907,23 +1090,6 @@ int dtls1_read_failed(SSL *s, int code)
907 return code; 1090 return code;
908 } 1091 }
909 1092
910 state = s->d1;
911 state->timeout.num_alerts++;
912 if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
913 {
914 /* fail the connection, enough alerts have been sent */
915 SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED);
916 return 0;
917 }
918
919 state->timeout.read_timeouts++;
920 if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
921 {
922 send_alert = 1;
923 state->timeout.read_timeouts = 1;
924 }
925
926
927#if 0 /* for now, each alert contains only one record number */ 1093#if 0 /* for now, each alert contains only one record number */
928 item = pqueue_peek(state->rcvd_records); 1094 item = pqueue_peek(state->rcvd_records);
929 if ( item ) 1095 if ( item )
@@ -934,16 +1100,29 @@ int dtls1_read_failed(SSL *s, int code)
934#endif 1100#endif
935 1101
936#if 0 /* no more alert sending, just retransmit the last set of messages */ 1102#if 0 /* no more alert sending, just retransmit the last set of messages */
937 if ( send_alert) 1103 if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
938 ssl3_send_alert(s,SSL3_AL_WARNING, 1104 ssl3_send_alert(s,SSL3_AL_WARNING,
939 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1105 DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
940#endif 1106#endif
941 1107
942 return dtls1_retransmit_buffered_messages(s) ; 1108 return dtls1_handle_timeout(s);
943 } 1109 }
944 1110
1111int
1112dtls1_get_queue_priority(unsigned short seq, int is_ccs)
1113 {
1114 /* The index of the retransmission queue actually is the message sequence number,
1115 * since the queue only contains messages of a single handshake. However, the
1116 * ChangeCipherSpec has no message sequence number and so using only the sequence
1117 * will result in the CCS and Finished having the same index. To prevent this,
1118 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
1119 * This does not only differ CSS and Finished, it also maintains the order of the
1120 * index (important for priority queues) and fits in the unsigned short variable.
1121 */
1122 return seq * 2 - is_ccs;
1123 }
945 1124
946static int 1125int
947dtls1_retransmit_buffered_messages(SSL *s) 1126dtls1_retransmit_buffered_messages(SSL *s)
948 { 1127 {
949 pqueue sent = s->d1->sent_messages; 1128 pqueue sent = s->d1->sent_messages;
@@ -957,8 +1136,9 @@ dtls1_retransmit_buffered_messages(SSL *s)
957 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) 1136 for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
958 { 1137 {
959 frag = (hm_fragment *)item->data; 1138 frag = (hm_fragment *)item->data;
960 if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 && 1139 if ( dtls1_retransmit_message(s,
961 found) 1140 (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
1141 0, &found) <= 0 && found)
962 { 1142 {
963 fprintf(stderr, "dtls1_retransmit_message() failed\n"); 1143 fprintf(stderr, "dtls1_retransmit_message() failed\n");
964 return -1; 1144 return -1;
@@ -973,22 +1153,20 @@ dtls1_buffer_message(SSL *s, int is_ccs)
973 { 1153 {
974 pitem *item; 1154 pitem *item;
975 hm_fragment *frag; 1155 hm_fragment *frag;
976 PQ_64BIT seq64; 1156 unsigned char seq64be[8];
977 unsigned int epoch = s->d1->w_epoch;
978 1157
979 /* this function is called immediately after a message has 1158 /* this function is called immediately after a message has
980 * been serialized */ 1159 * been serialized */
981 OPENSSL_assert(s->init_off == 0); 1160 OPENSSL_assert(s->init_off == 0);
982 1161
983 frag = dtls1_hm_fragment_new(s->init_num); 1162 frag = dtls1_hm_fragment_new(s->init_num, 0);
984 1163
985 memcpy(frag->fragment, s->init_buf->data, s->init_num); 1164 memcpy(frag->fragment, s->init_buf->data, s->init_num);
986 1165
987 if ( is_ccs) 1166 if ( is_ccs)
988 { 1167 {
989 OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 1168 OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
990 DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num); 1169 ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
991 epoch++;
992 } 1170 }
993 else 1171 else
994 { 1172 {
@@ -1003,11 +1181,20 @@ dtls1_buffer_message(SSL *s, int is_ccs)
1003 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len; 1181 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
1004 frag->msg_header.is_ccs = is_ccs; 1182 frag->msg_header.is_ccs = is_ccs;
1005 1183
1006 pq_64bit_init(&seq64); 1184 /* save current state*/
1007 pq_64bit_assign_word(&seq64, epoch<<16 | frag->msg_header.seq); 1185 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
1008 1186 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
1009 item = pitem_new(seq64, frag); 1187 frag->msg_header.saved_retransmit_state.compress = s->compress;
1010 pq_64bit_free(&seq64); 1188 frag->msg_header.saved_retransmit_state.session = s->session;
1189 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
1190
1191 memset(seq64be,0,sizeof(seq64be));
1192 seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1193 frag->msg_header.is_ccs)>>8);
1194 seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
1195 frag->msg_header.is_ccs));
1196
1197 item = pitem_new(seq64be, frag);
1011 if ( item == NULL) 1198 if ( item == NULL)
1012 { 1199 {
1013 dtls1_hm_fragment_free(frag); 1200 dtls1_hm_fragment_free(frag);
@@ -1033,7 +1220,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1033 pitem *item; 1220 pitem *item;
1034 hm_fragment *frag ; 1221 hm_fragment *frag ;
1035 unsigned long header_length; 1222 unsigned long header_length;
1036 PQ_64BIT seq64; 1223 unsigned char seq64be[8];
1224 struct dtls1_retransmit_state saved_state;
1225 unsigned char save_write_sequence[8];
1037 1226
1038 /* 1227 /*
1039 OPENSSL_assert(s->init_num == 0); 1228 OPENSSL_assert(s->init_num == 0);
@@ -1041,11 +1230,11 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1041 */ 1230 */
1042 1231
1043 /* XDTLS: the requested message ought to be found, otherwise error */ 1232 /* XDTLS: the requested message ought to be found, otherwise error */
1044 pq_64bit_init(&seq64); 1233 memset(seq64be,0,sizeof(seq64be));
1045 pq_64bit_assign_word(&seq64, seq); 1234 seq64be[6] = (unsigned char)(seq>>8);
1235 seq64be[7] = (unsigned char)seq;
1046 1236
1047 item = pqueue_find(s->d1->sent_messages, seq64); 1237 item = pqueue_find(s->d1->sent_messages, seq64be);
1048 pq_64bit_free(&seq64);
1049 if ( item == NULL) 1238 if ( item == NULL)
1050 { 1239 {
1051 fprintf(stderr, "retransmit: message %d non-existant\n", seq); 1240 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
@@ -1069,9 +1258,45 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1069 frag->msg_header.msg_len, frag->msg_header.seq, 0, 1258 frag->msg_header.msg_len, frag->msg_header.seq, 0,
1070 frag->msg_header.frag_len); 1259 frag->msg_header.frag_len);
1071 1260
1261 /* save current state */
1262 saved_state.enc_write_ctx = s->enc_write_ctx;
1263 saved_state.write_hash = s->write_hash;
1264 saved_state.compress = s->compress;
1265 saved_state.session = s->session;
1266 saved_state.epoch = s->d1->w_epoch;
1267 saved_state.epoch = s->d1->w_epoch;
1268
1072 s->d1->retransmitting = 1; 1269 s->d1->retransmitting = 1;
1270
1271 /* restore state in which the message was originally sent */
1272 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1273 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1274 s->compress = frag->msg_header.saved_retransmit_state.compress;
1275 s->session = frag->msg_header.saved_retransmit_state.session;
1276 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1277
1278 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1279 {
1280 memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1281 memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
1282 }
1283
1073 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 1284 ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
1074 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); 1285 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
1286
1287 /* restore current state */
1288 s->enc_write_ctx = saved_state.enc_write_ctx;
1289 s->write_hash = saved_state.write_hash;
1290 s->compress = saved_state.compress;
1291 s->session = saved_state.session;
1292 s->d1->w_epoch = saved_state.epoch;
1293
1294 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
1295 {
1296 memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
1297 memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
1298 }
1299
1075 s->d1->retransmitting = 0; 1300 s->d1->retransmitting = 0;
1076 1301
1077 (void)BIO_flush(SSL_get_wbio(s)); 1302 (void)BIO_flush(SSL_get_wbio(s));
@@ -1160,7 +1385,7 @@ dtls1_min_mtu(void)
1160static unsigned int 1385static unsigned int
1161dtls1_guess_mtu(unsigned int curr_mtu) 1386dtls1_guess_mtu(unsigned int curr_mtu)
1162 { 1387 {
1163 size_t i; 1388 unsigned int i;
1164 1389
1165 if ( curr_mtu == 0 ) 1390 if ( curr_mtu == 0 )
1166 return g_probable_mtu[0] ; 1391 return g_probable_mtu[0] ;
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 49c6760d19..5bc9eb6603 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -4,7 +4,7 @@
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */ 5 */
6/* ==================================================================== 6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
@@ -115,22 +115,25 @@
115 115
116#include <stdio.h> 116#include <stdio.h>
117#include "ssl_locl.h" 117#include "ssl_locl.h"
118#ifndef OPENSSL_NO_KRB5
118#include "kssl_lcl.h" 119#include "kssl_lcl.h"
120#endif
119#include <openssl/buffer.h> 121#include <openssl/buffer.h>
120#include <openssl/rand.h> 122#include <openssl/rand.h>
121#include <openssl/objects.h> 123#include <openssl/objects.h>
122#include <openssl/evp.h> 124#include <openssl/evp.h>
123#include <openssl/md5.h> 125#include <openssl/md5.h>
126#include <openssl/bn.h>
124#ifndef OPENSSL_NO_DH 127#ifndef OPENSSL_NO_DH
125#include <openssl/dh.h> 128#include <openssl/dh.h>
126#endif 129#endif
127 130
128static SSL_METHOD *dtls1_get_client_method(int ver); 131static const SSL_METHOD *dtls1_get_client_method(int ver);
129static int dtls1_get_hello_verify(SSL *s); 132static int dtls1_get_hello_verify(SSL *s);
130 133
131static SSL_METHOD *dtls1_get_client_method(int ver) 134static const SSL_METHOD *dtls1_get_client_method(int ver)
132 { 135 {
133 if (ver == DTLS1_VERSION) 136 if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
134 return(DTLSv1_client_method()); 137 return(DTLSv1_client_method());
135 else 138 else
136 return(NULL); 139 return(NULL);
@@ -144,8 +147,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
144int dtls1_connect(SSL *s) 147int dtls1_connect(SSL *s)
145 { 148 {
146 BUF_MEM *buf=NULL; 149 BUF_MEM *buf=NULL;
147 unsigned long Time=(unsigned long)time(NULL),l; 150 unsigned long Time=(unsigned long)time(NULL);
148 long num1;
149 void (*cb)(const SSL *ssl,int type,int val)=NULL; 151 void (*cb)(const SSL *ssl,int type,int val)=NULL;
150 int ret= -1; 152 int ret= -1;
151 int new_state,state,skip=0;; 153 int new_state,state,skip=0;;
@@ -181,7 +183,8 @@ int dtls1_connect(SSL *s)
181 s->server=0; 183 s->server=0;
182 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); 184 if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
183 185
184 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00)) 186 if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
187 (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
185 { 188 {
186 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); 189 SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
187 ret = -1; 190 ret = -1;
@@ -219,6 +222,8 @@ int dtls1_connect(SSL *s)
219 s->init_num=0; 222 s->init_num=0;
220 /* mark client_random uninitialized */ 223 /* mark client_random uninitialized */
221 memset(s->s3->client_random,0,sizeof(s->s3->client_random)); 224 memset(s->s3->client_random,0,sizeof(s->s3->client_random));
225 s->d1->send_cookie = 0;
226 s->hit = 0;
222 break; 227 break;
223 228
224 case SSL3_ST_CW_CLNT_HELLO_A: 229 case SSL3_ST_CW_CLNT_HELLO_A:
@@ -229,6 +234,7 @@ int dtls1_connect(SSL *s)
229 /* every DTLS ClientHello resets Finished MAC */ 234 /* every DTLS ClientHello resets Finished MAC */
230 ssl3_init_finished_mac(s); 235 ssl3_init_finished_mac(s);
231 236
237 dtls1_start_timer(s);
232 ret=dtls1_client_hello(s); 238 ret=dtls1_client_hello(s);
233 if (ret <= 0) goto end; 239 if (ret <= 0) goto end;
234 240
@@ -254,6 +260,7 @@ int dtls1_connect(SSL *s)
254 if (ret <= 0) goto end; 260 if (ret <= 0) goto end;
255 else 261 else
256 { 262 {
263 dtls1_stop_timer(s);
257 if (s->hit) 264 if (s->hit)
258 s->state=SSL3_ST_CR_FINISHED_A; 265 s->state=SSL3_ST_CR_FINISHED_A;
259 else 266 else
@@ -268,6 +275,7 @@ int dtls1_connect(SSL *s)
268 ret = dtls1_get_hello_verify(s); 275 ret = dtls1_get_hello_verify(s);
269 if ( ret <= 0) 276 if ( ret <= 0)
270 goto end; 277 goto end;
278 dtls1_stop_timer(s);
271 if ( s->d1->send_cookie) /* start again, with a cookie */ 279 if ( s->d1->send_cookie) /* start again, with a cookie */
272 s->state=SSL3_ST_CW_CLNT_HELLO_A; 280 s->state=SSL3_ST_CW_CLNT_HELLO_A;
273 else 281 else
@@ -277,15 +285,44 @@ int dtls1_connect(SSL *s)
277 285
278 case SSL3_ST_CR_CERT_A: 286 case SSL3_ST_CR_CERT_A:
279 case SSL3_ST_CR_CERT_B: 287 case SSL3_ST_CR_CERT_B:
280 /* Check if it is anon DH */ 288#ifndef OPENSSL_NO_TLSEXT
281 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 289 ret=ssl3_check_finished(s);
290 if (ret <= 0) goto end;
291 if (ret == 2)
292 {
293 s->hit = 1;
294 if (s->tlsext_ticket_expected)
295 s->state=SSL3_ST_CR_SESSION_TICKET_A;
296 else
297 s->state=SSL3_ST_CR_FINISHED_A;
298 s->init_num=0;
299 break;
300 }
301#endif
302 /* Check if it is anon DH or PSK */
303 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
304 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
282 { 305 {
283 ret=ssl3_get_server_certificate(s); 306 ret=ssl3_get_server_certificate(s);
284 if (ret <= 0) goto end; 307 if (ret <= 0) goto end;
308#ifndef OPENSSL_NO_TLSEXT
309 if (s->tlsext_status_expected)
310 s->state=SSL3_ST_CR_CERT_STATUS_A;
311 else
312 s->state=SSL3_ST_CR_KEY_EXCH_A;
313 }
314 else
315 {
316 skip = 1;
317 s->state=SSL3_ST_CR_KEY_EXCH_A;
318 }
319#else
285 } 320 }
286 else 321 else
287 skip=1; 322 skip=1;
323
288 s->state=SSL3_ST_CR_KEY_EXCH_A; 324 s->state=SSL3_ST_CR_KEY_EXCH_A;
325#endif
289 s->init_num=0; 326 s->init_num=0;
290 break; 327 break;
291 328
@@ -329,6 +366,7 @@ int dtls1_connect(SSL *s)
329 case SSL3_ST_CW_CERT_B: 366 case SSL3_ST_CW_CERT_B:
330 case SSL3_ST_CW_CERT_C: 367 case SSL3_ST_CW_CERT_C:
331 case SSL3_ST_CW_CERT_D: 368 case SSL3_ST_CW_CERT_D:
369 dtls1_start_timer(s);
332 ret=dtls1_send_client_certificate(s); 370 ret=dtls1_send_client_certificate(s);
333 if (ret <= 0) goto end; 371 if (ret <= 0) goto end;
334 s->state=SSL3_ST_CW_KEY_EXCH_A; 372 s->state=SSL3_ST_CW_KEY_EXCH_A;
@@ -337,9 +375,9 @@ int dtls1_connect(SSL *s)
337 375
338 case SSL3_ST_CW_KEY_EXCH_A: 376 case SSL3_ST_CW_KEY_EXCH_A:
339 case SSL3_ST_CW_KEY_EXCH_B: 377 case SSL3_ST_CW_KEY_EXCH_B:
378 dtls1_start_timer(s);
340 ret=dtls1_send_client_key_exchange(s); 379 ret=dtls1_send_client_key_exchange(s);
341 if (ret <= 0) goto end; 380 if (ret <= 0) goto end;
342 l=s->s3->tmp.new_cipher->algorithms;
343 /* EAY EAY EAY need to check for DH fix cert 381 /* EAY EAY EAY need to check for DH fix cert
344 * sent back */ 382 * sent back */
345 /* For TLS, cert_req is set to 2, so a cert chain 383 /* For TLS, cert_req is set to 2, so a cert chain
@@ -359,6 +397,7 @@ int dtls1_connect(SSL *s)
359 397
360 case SSL3_ST_CW_CERT_VRFY_A: 398 case SSL3_ST_CW_CERT_VRFY_A:
361 case SSL3_ST_CW_CERT_VRFY_B: 399 case SSL3_ST_CW_CERT_VRFY_B:
400 dtls1_start_timer(s);
362 ret=dtls1_send_client_verify(s); 401 ret=dtls1_send_client_verify(s);
363 if (ret <= 0) goto end; 402 if (ret <= 0) goto end;
364 s->state=SSL3_ST_CW_CHANGE_A; 403 s->state=SSL3_ST_CW_CHANGE_A;
@@ -368,6 +407,7 @@ int dtls1_connect(SSL *s)
368 407
369 case SSL3_ST_CW_CHANGE_A: 408 case SSL3_ST_CW_CHANGE_A:
370 case SSL3_ST_CW_CHANGE_B: 409 case SSL3_ST_CW_CHANGE_B:
410 dtls1_start_timer(s);
371 ret=dtls1_send_change_cipher_spec(s, 411 ret=dtls1_send_change_cipher_spec(s,
372 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); 412 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
373 if (ret <= 0) goto end; 413 if (ret <= 0) goto end;
@@ -402,6 +442,7 @@ int dtls1_connect(SSL *s)
402 442
403 case SSL3_ST_CW_FINISHED_A: 443 case SSL3_ST_CW_FINISHED_A:
404 case SSL3_ST_CW_FINISHED_B: 444 case SSL3_ST_CW_FINISHED_B:
445 dtls1_start_timer(s);
405 ret=dtls1_send_finished(s, 446 ret=dtls1_send_finished(s,
406 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, 447 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
407 s->method->ssl3_enc->client_finished_label, 448 s->method->ssl3_enc->client_finished_label,
@@ -423,20 +464,43 @@ int dtls1_connect(SSL *s)
423 } 464 }
424 else 465 else
425 { 466 {
467#ifndef OPENSSL_NO_TLSEXT
468 /* Allow NewSessionTicket if ticket expected */
469 if (s->tlsext_ticket_expected)
470 s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
471 else
472#endif
473
426 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; 474 s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
427 } 475 }
428 s->init_num=0; 476 s->init_num=0;
429 /* mark client_random uninitialized */
430 memset (s->s3->client_random,0,sizeof(s->s3->client_random));
431
432 break; 477 break;
433 478
479#ifndef OPENSSL_NO_TLSEXT
480 case SSL3_ST_CR_SESSION_TICKET_A:
481 case SSL3_ST_CR_SESSION_TICKET_B:
482 ret=ssl3_get_new_session_ticket(s);
483 if (ret <= 0) goto end;
484 s->state=SSL3_ST_CR_FINISHED_A;
485 s->init_num=0;
486 break;
487
488 case SSL3_ST_CR_CERT_STATUS_A:
489 case SSL3_ST_CR_CERT_STATUS_B:
490 ret=ssl3_get_cert_status(s);
491 if (ret <= 0) goto end;
492 s->state=SSL3_ST_CR_KEY_EXCH_A;
493 s->init_num=0;
494 break;
495#endif
496
434 case SSL3_ST_CR_FINISHED_A: 497 case SSL3_ST_CR_FINISHED_A:
435 case SSL3_ST_CR_FINISHED_B: 498 case SSL3_ST_CR_FINISHED_B:
436 499 s->d1->change_cipher_spec_ok = 1;
437 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, 500 ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
438 SSL3_ST_CR_FINISHED_B); 501 SSL3_ST_CR_FINISHED_B);
439 if (ret <= 0) goto end; 502 if (ret <= 0) goto end;
503 dtls1_stop_timer(s);
440 504
441 if (s->hit) 505 if (s->hit)
442 s->state=SSL3_ST_CW_CHANGE_A; 506 s->state=SSL3_ST_CW_CHANGE_A;
@@ -446,16 +510,13 @@ int dtls1_connect(SSL *s)
446 break; 510 break;
447 511
448 case SSL3_ST_CW_FLUSH: 512 case SSL3_ST_CW_FLUSH:
449 /* number of bytes to be flushed */ 513 s->rwstate=SSL_WRITING;
450 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); 514 if (BIO_flush(s->wbio) <= 0)
451 if (num1 > 0)
452 { 515 {
453 s->rwstate=SSL_WRITING; 516 ret= -1;
454 num1=BIO_flush(s->wbio); 517 goto end;
455 if (num1 <= 0) { ret= -1; goto end; }
456 s->rwstate=SSL_NOTHING;
457 } 518 }
458 519 s->rwstate=SSL_NOTHING;
459 s->state=s->s3->tmp.next_state; 520 s->state=s->s3->tmp.next_state;
460 break; 521 break;
461 522
@@ -492,6 +553,7 @@ int dtls1_connect(SSL *s)
492 553
493 /* done with handshaking */ 554 /* done with handshaking */
494 s->d1->handshake_read_seq = 0; 555 s->d1->handshake_read_seq = 0;
556 s->d1->next_handshake_write_seq = 0;
495 goto end; 557 goto end;
496 /* break; */ 558 /* break; */
497 559
@@ -541,8 +603,14 @@ int dtls1_client_hello(SSL *s)
541 buf=(unsigned char *)s->init_buf->data; 603 buf=(unsigned char *)s->init_buf->data;
542 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 604 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
543 { 605 {
606 SSL_SESSION *sess = s->session;
544 if ((s->session == NULL) || 607 if ((s->session == NULL) ||
545 (s->session->ssl_version != s->version) || 608 (s->session->ssl_version != s->version) ||
609#ifdef OPENSSL_NO_TLSEXT
610 !sess->session_id_length ||
611#else
612 (!sess->session_id_length && !sess->tlsext_tick) ||
613#endif
546 (s->session->not_resumable)) 614 (s->session->not_resumable))
547 { 615 {
548 if (!ssl_get_new_session(s,0)) 616 if (!ssl_get_new_session(s,0))
@@ -551,6 +619,7 @@ int dtls1_client_hello(SSL *s)
551 /* else use the pre-loaded session */ 619 /* else use the pre-loaded session */
552 620
553 p=s->s3->client_random; 621 p=s->s3->client_random;
622
554 /* if client_random is initialized, reuse it, we are 623 /* if client_random is initialized, reuse it, we are
555 * required to use same upon reply to HelloVerify */ 624 * required to use same upon reply to HelloVerify */
556 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ; 625 for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
@@ -558,7 +627,7 @@ int dtls1_client_hello(SSL *s)
558 { 627 {
559 Time=(unsigned long)time(NULL); /* Time */ 628 Time=(unsigned long)time(NULL); /* Time */
560 l2n(Time,p); 629 l2n(Time,p);
561 RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4); 630 RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
562 } 631 }
563 632
564 /* Do the message type and length last */ 633 /* Do the message type and length last */
@@ -621,7 +690,15 @@ int dtls1_client_hello(SSL *s)
621 *(p++)=comp->id; 690 *(p++)=comp->id;
622 } 691 }
623 *(p++)=0; /* Add the NULL method */ 692 *(p++)=0; /* Add the NULL method */
624 693
694#ifndef OPENSSL_NO_TLSEXT
695 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
696 {
697 SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
698 goto err;
699 }
700#endif
701
625 l=(p-d); 702 l=(p-d);
626 d=buf; 703 d=buf;
627 704
@@ -697,7 +774,7 @@ int dtls1_send_client_key_exchange(SSL *s)
697 { 774 {
698 unsigned char *p,*d; 775 unsigned char *p,*d;
699 int n; 776 int n;
700 unsigned long l; 777 unsigned long alg_k;
701#ifndef OPENSSL_NO_RSA 778#ifndef OPENSSL_NO_RSA
702 unsigned char *q; 779 unsigned char *q;
703 EVP_PKEY *pkey=NULL; 780 EVP_PKEY *pkey=NULL;
@@ -705,18 +782,26 @@ int dtls1_send_client_key_exchange(SSL *s)
705#ifndef OPENSSL_NO_KRB5 782#ifndef OPENSSL_NO_KRB5
706 KSSL_ERR kssl_err; 783 KSSL_ERR kssl_err;
707#endif /* OPENSSL_NO_KRB5 */ 784#endif /* OPENSSL_NO_KRB5 */
785#ifndef OPENSSL_NO_ECDH
786 EC_KEY *clnt_ecdh = NULL;
787 const EC_POINT *srvr_ecpoint = NULL;
788 EVP_PKEY *srvr_pub_pkey = NULL;
789 unsigned char *encodedPoint = NULL;
790 int encoded_pt_len = 0;
791 BN_CTX * bn_ctx = NULL;
792#endif
708 793
709 if (s->state == SSL3_ST_CW_KEY_EXCH_A) 794 if (s->state == SSL3_ST_CW_KEY_EXCH_A)
710 { 795 {
711 d=(unsigned char *)s->init_buf->data; 796 d=(unsigned char *)s->init_buf->data;
712 p= &(d[DTLS1_HM_HEADER_LENGTH]); 797 p= &(d[DTLS1_HM_HEADER_LENGTH]);
713 798
714 l=s->s3->tmp.new_cipher->algorithms; 799 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
715 800
716 /* Fool emacs indentation */ 801 /* Fool emacs indentation */
717 if (0) {} 802 if (0) {}
718#ifndef OPENSSL_NO_RSA 803#ifndef OPENSSL_NO_RSA
719 else if (l & SSL_kRSA) 804 else if (alg_k & SSL_kRSA)
720 { 805 {
721 RSA *rsa; 806 RSA *rsa;
722 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 807 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -775,7 +860,7 @@ int dtls1_send_client_key_exchange(SSL *s)
775 } 860 }
776#endif 861#endif
777#ifndef OPENSSL_NO_KRB5 862#ifndef OPENSSL_NO_KRB5
778 else if (l & SSL_kKRB5) 863 else if (alg_k & SSL_kKRB5)
779 { 864 {
780 krb5_error_code krb5rc; 865 krb5_error_code krb5rc;
781 KSSL_CTX *kssl_ctx = s->kssl_ctx; 866 KSSL_CTX *kssl_ctx = s->kssl_ctx;
@@ -783,7 +868,7 @@ int dtls1_send_client_key_exchange(SSL *s)
783 krb5_data *enc_ticket; 868 krb5_data *enc_ticket;
784 krb5_data authenticator, *authp = NULL; 869 krb5_data authenticator, *authp = NULL;
785 EVP_CIPHER_CTX ciph_ctx; 870 EVP_CIPHER_CTX ciph_ctx;
786 EVP_CIPHER *enc = NULL; 871 const EVP_CIPHER *enc = NULL;
787 unsigned char iv[EVP_MAX_IV_LENGTH]; 872 unsigned char iv[EVP_MAX_IV_LENGTH];
788 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 873 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
789 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 874 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
@@ -794,7 +879,7 @@ int dtls1_send_client_key_exchange(SSL *s)
794 879
795#ifdef KSSL_DEBUG 880#ifdef KSSL_DEBUG
796 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 881 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
797 l, SSL_kKRB5); 882 alg_k, SSL_kKRB5);
798#endif /* KSSL_DEBUG */ 883#endif /* KSSL_DEBUG */
799 884
800 authp = NULL; 885 authp = NULL;
@@ -884,7 +969,7 @@ int dtls1_send_client_key_exchange(SSL *s)
884 sizeof tmp_buf); 969 sizeof tmp_buf);
885 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 970 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
886 outl += padl; 971 outl += padl;
887 if (outl > sizeof epms) 972 if (outl > (int)sizeof epms)
888 { 973 {
889 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 974 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
890 goto err; 975 goto err;
@@ -907,7 +992,7 @@ int dtls1_send_client_key_exchange(SSL *s)
907 } 992 }
908#endif 993#endif
909#ifndef OPENSSL_NO_DH 994#ifndef OPENSSL_NO_DH
910 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 995 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
911 { 996 {
912 DH *dh_srvr,*dh_clnt; 997 DH *dh_srvr,*dh_clnt;
913 998
@@ -962,6 +1047,274 @@ int dtls1_send_client_key_exchange(SSL *s)
962 /* perhaps clean things up a bit EAY EAY EAY EAY*/ 1047 /* perhaps clean things up a bit EAY EAY EAY EAY*/
963 } 1048 }
964#endif 1049#endif
1050#ifndef OPENSSL_NO_ECDH
1051 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
1052 {
1053 const EC_GROUP *srvr_group = NULL;
1054 EC_KEY *tkey;
1055 int ecdh_clnt_cert = 0;
1056 int field_size = 0;
1057
1058 /* Did we send out the client's
1059 * ECDH share for use in premaster
1060 * computation as part of client certificate?
1061 * If so, set ecdh_clnt_cert to 1.
1062 */
1063 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
1064 {
1065 /* XXX: For now, we do not support client
1066 * authentication using ECDH certificates.
1067 * To add such support, one needs to add
1068 * code that checks for appropriate
1069 * conditions and sets ecdh_clnt_cert to 1.
1070 * For example, the cert have an ECC
1071 * key on the same curve as the server's
1072 * and the key should be authorized for
1073 * key agreement.
1074 *
1075 * One also needs to add code in ssl3_connect
1076 * to skip sending the certificate verify
1077 * message.
1078 *
1079 * if ((s->cert->key->privatekey != NULL) &&
1080 * (s->cert->key->privatekey->type ==
1081 * EVP_PKEY_EC) && ...)
1082 * ecdh_clnt_cert = 1;
1083 */
1084 }
1085
1086 if (s->session->sess_cert->peer_ecdh_tmp != NULL)
1087 {
1088 tkey = s->session->sess_cert->peer_ecdh_tmp;
1089 }
1090 else
1091 {
1092 /* Get the Server Public Key from Cert */
1093 srvr_pub_pkey = X509_get_pubkey(s->session-> \
1094 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1095 if ((srvr_pub_pkey == NULL) ||
1096 (srvr_pub_pkey->type != EVP_PKEY_EC) ||
1097 (srvr_pub_pkey->pkey.ec == NULL))
1098 {
1099 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1100 ERR_R_INTERNAL_ERROR);
1101 goto err;
1102 }
1103
1104 tkey = srvr_pub_pkey->pkey.ec;
1105 }
1106
1107 srvr_group = EC_KEY_get0_group(tkey);
1108 srvr_ecpoint = EC_KEY_get0_public_key(tkey);
1109
1110 if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
1111 {
1112 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1113 ERR_R_INTERNAL_ERROR);
1114 goto err;
1115 }
1116
1117 if ((clnt_ecdh=EC_KEY_new()) == NULL)
1118 {
1119 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1120 goto err;
1121 }
1122
1123 if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
1124 {
1125 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1126 goto err;
1127 }
1128 if (ecdh_clnt_cert)
1129 {
1130 /* Reuse key info from our certificate
1131 * We only need our private key to perform
1132 * the ECDH computation.
1133 */
1134 const BIGNUM *priv_key;
1135 tkey = s->cert->key->privatekey->pkey.ec;
1136 priv_key = EC_KEY_get0_private_key(tkey);
1137 if (priv_key == NULL)
1138 {
1139 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1140 goto err;
1141 }
1142 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
1143 {
1144 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
1145 goto err;
1146 }
1147 }
1148 else
1149 {
1150 /* Generate a new ECDH key pair */
1151 if (!(EC_KEY_generate_key(clnt_ecdh)))
1152 {
1153 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
1154 goto err;
1155 }
1156 }
1157
1158 /* use the 'p' output buffer for the ECDH key, but
1159 * make sure to clear it out afterwards
1160 */
1161
1162 field_size = EC_GROUP_get_degree(srvr_group);
1163 if (field_size <= 0)
1164 {
1165 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1166 ERR_R_ECDH_LIB);
1167 goto err;
1168 }
1169 n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
1170 if (n <= 0)
1171 {
1172 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1173 ERR_R_ECDH_LIB);
1174 goto err;
1175 }
1176
1177 /* generate master key from the result */
1178 s->session->master_key_length = s->method->ssl3_enc \
1179 -> generate_master_secret(s,
1180 s->session->master_key,
1181 p, n);
1182
1183 memset(p, 0, n); /* clean up */
1184
1185 if (ecdh_clnt_cert)
1186 {
1187 /* Send empty client key exch message */
1188 n = 0;
1189 }
1190 else
1191 {
1192 /* First check the size of encoding and
1193 * allocate memory accordingly.
1194 */
1195 encoded_pt_len =
1196 EC_POINT_point2oct(srvr_group,
1197 EC_KEY_get0_public_key(clnt_ecdh),
1198 POINT_CONVERSION_UNCOMPRESSED,
1199 NULL, 0, NULL);
1200
1201 encodedPoint = (unsigned char *)
1202 OPENSSL_malloc(encoded_pt_len *
1203 sizeof(unsigned char));
1204 bn_ctx = BN_CTX_new();
1205 if ((encodedPoint == NULL) ||
1206 (bn_ctx == NULL))
1207 {
1208 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1209 goto err;
1210 }
1211
1212 /* Encode the public key */
1213 n = EC_POINT_point2oct(srvr_group,
1214 EC_KEY_get0_public_key(clnt_ecdh),
1215 POINT_CONVERSION_UNCOMPRESSED,
1216 encodedPoint, encoded_pt_len, bn_ctx);
1217
1218 *p = n; /* length of encoded point */
1219 /* Encoded point will be copied here */
1220 p += 1;
1221 /* copy the point */
1222 memcpy((unsigned char *)p, encodedPoint, n);
1223 /* increment n to account for length field */
1224 n += 1;
1225 }
1226
1227 /* Free allocated memory */
1228 BN_CTX_free(bn_ctx);
1229 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1230 if (clnt_ecdh != NULL)
1231 EC_KEY_free(clnt_ecdh);
1232 EVP_PKEY_free(srvr_pub_pkey);
1233 }
1234#endif /* !OPENSSL_NO_ECDH */
1235
1236#ifndef OPENSSL_NO_PSK
1237 else if (alg_k & SSL_kPSK)
1238 {
1239 char identity[PSK_MAX_IDENTITY_LEN];
1240 unsigned char *t = NULL;
1241 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
1242 unsigned int pre_ms_len = 0, psk_len = 0;
1243 int psk_err = 1;
1244
1245 n = 0;
1246 if (s->psk_client_callback == NULL)
1247 {
1248 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1249 SSL_R_PSK_NO_CLIENT_CB);
1250 goto err;
1251 }
1252
1253 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
1254 identity, PSK_MAX_IDENTITY_LEN,
1255 psk_or_pre_ms, sizeof(psk_or_pre_ms));
1256 if (psk_len > PSK_MAX_PSK_LEN)
1257 {
1258 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1259 ERR_R_INTERNAL_ERROR);
1260 goto psk_err;
1261 }
1262 else if (psk_len == 0)
1263 {
1264 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1265 SSL_R_PSK_IDENTITY_NOT_FOUND);
1266 goto psk_err;
1267 }
1268
1269 /* create PSK pre_master_secret */
1270 pre_ms_len = 2+psk_len+2+psk_len;
1271 t = psk_or_pre_ms;
1272 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
1273 s2n(psk_len, t);
1274 memset(t, 0, psk_len);
1275 t+=psk_len;
1276 s2n(psk_len, t);
1277
1278 if (s->session->psk_identity_hint != NULL)
1279 OPENSSL_free(s->session->psk_identity_hint);
1280 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
1281 if (s->ctx->psk_identity_hint != NULL &&
1282 s->session->psk_identity_hint == NULL)
1283 {
1284 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1285 ERR_R_MALLOC_FAILURE);
1286 goto psk_err;
1287 }
1288
1289 if (s->session->psk_identity != NULL)
1290 OPENSSL_free(s->session->psk_identity);
1291 s->session->psk_identity = BUF_strdup(identity);
1292 if (s->session->psk_identity == NULL)
1293 {
1294 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1295 ERR_R_MALLOC_FAILURE);
1296 goto psk_err;
1297 }
1298
1299 s->session->master_key_length =
1300 s->method->ssl3_enc->generate_master_secret(s,
1301 s->session->master_key,
1302 psk_or_pre_ms, pre_ms_len);
1303 n = strlen(identity);
1304 s2n(n, p);
1305 memcpy(p, identity, n);
1306 n+=2;
1307 psk_err = 0;
1308 psk_err:
1309 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
1310 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
1311 if (psk_err != 0)
1312 {
1313 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
1314 goto err;
1315 }
1316 }
1317#endif
965 else 1318 else
966 { 1319 {
967 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 1320 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
@@ -990,6 +1343,13 @@ int dtls1_send_client_key_exchange(SSL *s)
990 /* SSL3_ST_CW_KEY_EXCH_B */ 1343 /* SSL3_ST_CW_KEY_EXCH_B */
991 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1344 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
992err: 1345err:
1346#ifndef OPENSSL_NO_ECDH
1347 BN_CTX_free(bn_ctx);
1348 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1349 if (clnt_ecdh != NULL)
1350 EC_KEY_free(clnt_ecdh);
1351 EVP_PKEY_free(srvr_pub_pkey);
1352#endif
993 return(-1); 1353 return(-1);
994 } 1354 }
995 1355
@@ -1002,7 +1362,7 @@ int dtls1_send_client_verify(SSL *s)
1002 unsigned u=0; 1362 unsigned u=0;
1003#endif 1363#endif
1004 unsigned long n; 1364 unsigned long n;
1005#ifndef OPENSSL_NO_DSA 1365#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
1006 int j; 1366 int j;
1007#endif 1367#endif
1008 1368
@@ -1012,14 +1372,16 @@ int dtls1_send_client_verify(SSL *s)
1012 p= &(d[DTLS1_HM_HEADER_LENGTH]); 1372 p= &(d[DTLS1_HM_HEADER_LENGTH]);
1013 pkey=s->cert->key->privatekey; 1373 pkey=s->cert->key->privatekey;
1014 1374
1015 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), 1375 s->method->ssl3_enc->cert_verify_mac(s,
1376 NID_sha1,
1016 &(data[MD5_DIGEST_LENGTH])); 1377 &(data[MD5_DIGEST_LENGTH]));
1017 1378
1018#ifndef OPENSSL_NO_RSA 1379#ifndef OPENSSL_NO_RSA
1019 if (pkey->type == EVP_PKEY_RSA) 1380 if (pkey->type == EVP_PKEY_RSA)
1020 { 1381 {
1021 s->method->ssl3_enc->cert_verify_mac(s, 1382 s->method->ssl3_enc->cert_verify_mac(s,
1022 &(s->s3->finish_dgst1),&(data[0])); 1383 NID_md5,
1384 &(data[0]));
1023 if (RSA_sign(NID_md5_sha1, data, 1385 if (RSA_sign(NID_md5_sha1, data,
1024 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 1386 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
1025 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 1387 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
@@ -1048,6 +1410,23 @@ int dtls1_send_client_verify(SSL *s)
1048 } 1410 }
1049 else 1411 else
1050#endif 1412#endif
1413#ifndef OPENSSL_NO_ECDSA
1414 if (pkey->type == EVP_PKEY_EC)
1415 {
1416 if (!ECDSA_sign(pkey->save_type,
1417 &(data[MD5_DIGEST_LENGTH]),
1418 SHA_DIGEST_LENGTH,&(p[2]),
1419 (unsigned int *)&j,pkey->pkey.ec))
1420 {
1421 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
1422 ERR_R_ECDSA_LIB);
1423 goto err;
1424 }
1425 s2n(j,p);
1426 n=j+2;
1427 }
1428 else
1429#endif
1051 { 1430 {
1052 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 1431 SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
1053 goto err; 1432 goto err;
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index cf3332e4e4..8fa57347a9 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -136,8 +136,12 @@ int dtls1_enc(SSL *s, int send)
136 136
137 if (send) 137 if (send)
138 { 138 {
139 if (s->write_hash != NULL) 139 if (EVP_MD_CTX_md(s->write_hash))
140 n=EVP_MD_size(s->write_hash); 140 {
141 n=EVP_MD_CTX_size(s->write_hash);
142 if (n < 0)
143 return -1;
144 }
141 ds=s->enc_write_ctx; 145 ds=s->enc_write_ctx;
142 rec= &(s->s3->wrec); 146 rec= &(s->s3->wrec);
143 if (s->enc_write_ctx == NULL) 147 if (s->enc_write_ctx == NULL)
@@ -151,15 +155,19 @@ int dtls1_enc(SSL *s, int send)
151 __FILE__, __LINE__); 155 __FILE__, __LINE__);
152 else if ( EVP_CIPHER_block_size(ds->cipher) > 1) 156 else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
153 { 157 {
154 if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) 158 if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
155 return -1; 159 return -1;
156 } 160 }
157 } 161 }
158 } 162 }
159 else 163 else
160 { 164 {
161 if (s->read_hash != NULL) 165 if (EVP_MD_CTX_md(s->read_hash))
162 n=EVP_MD_size(s->read_hash); 166 {
167 n=EVP_MD_CTX_size(s->read_hash);
168 if (n < 0)
169 return -1;
170 }
163 ds=s->enc_read_ctx; 171 ds=s->enc_read_ctx;
164 rec= &(s->s3->rrec); 172 rec= &(s->s3->rrec);
165 if (s->enc_read_ctx == NULL) 173 if (s->enc_read_ctx == NULL)
@@ -206,11 +214,10 @@ int dtls1_enc(SSL *s, int send)
206 { 214 {
207 unsigned long ui; 215 unsigned long ui;
208 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 216 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
209 (void *)ds,rec->data,rec->input,l); 217 ds,rec->data,rec->input,l);
210 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", 218 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
211 ds->buf_len, ds->cipher->key_len, 219 ds->buf_len, ds->cipher->key_len,
212 (unsigned long)DES_KEY_SZ, 220 DES_KEY_SZ, DES_SCHEDULE_SZ,
213 (unsigned long)DES_SCHEDULE_SZ,
214 ds->cipher->iv_len); 221 ds->cipher->iv_len);
215 printf("\t\tIV: "); 222 printf("\t\tIV: ");
216 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 223 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -235,10 +242,10 @@ int dtls1_enc(SSL *s, int send)
235 242
236#ifdef KSSL_DEBUG 243#ifdef KSSL_DEBUG
237 { 244 {
238 unsigned long ki; 245 unsigned long i;
239 printf("\trec->data="); 246 printf("\trec->data=");
240 for (ki=0; ki<l; ki++) 247 for (i=0; i<l; i++)
241 printf(" %02x", rec->data[ki]); printf("\n"); 248 printf(" %02x", rec->data[i]); printf("\n");
242 } 249 }
243#endif /* KSSL_DEBUG */ 250#endif /* KSSL_DEBUG */
244 251
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 3568e97a87..96b220e87c 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -58,10 +58,17 @@
58 */ 58 */
59 59
60#include <stdio.h> 60#include <stdio.h>
61#define USE_SOCKETS
61#include <openssl/objects.h> 62#include <openssl/objects.h>
62#include "ssl_locl.h" 63#include "ssl_locl.h"
63 64
65#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
66#include <sys/timeb.h>
67#endif
68
69static void get_current_time(struct timeval *t);
64const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT; 70const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
71int dtls1_listen(SSL *s, struct sockaddr *client);
65 72
66SSL3_ENC_METHOD DTLSv1_enc_data={ 73SSL3_ENC_METHOD DTLSv1_enc_data={
67 dtls1_enc, 74 dtls1_enc,
@@ -84,11 +91,6 @@ long dtls1_default_timeout(void)
84 return(60*60*2); 91 return(60*60*2);
85 } 92 }
86 93
87IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
88 ssl_undefined_function,
89 ssl_undefined_function,
90 ssl_bad_method)
91
92int dtls1_new(SSL *s) 94int dtls1_new(SSL *s)
93 { 95 {
94 DTLS1_STATE *d1; 96 DTLS1_STATE *d1;
@@ -98,22 +100,12 @@ int dtls1_new(SSL *s)
98 memset(d1,0, sizeof *d1); 100 memset(d1,0, sizeof *d1);
99 101
100 /* d1->handshake_epoch=0; */ 102 /* d1->handshake_epoch=0; */
101#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
102 d1->bitmap.length=64;
103#else
104 d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
105#endif
106 pq_64bit_init(&(d1->bitmap.map));
107 pq_64bit_init(&(d1->bitmap.max_seq_num));
108
109 d1->next_bitmap.length = d1->bitmap.length;
110 pq_64bit_init(&(d1->next_bitmap.map));
111 pq_64bit_init(&(d1->next_bitmap.max_seq_num));
112 103
113 d1->unprocessed_rcds.q=pqueue_new(); 104 d1->unprocessed_rcds.q=pqueue_new();
114 d1->processed_rcds.q=pqueue_new(); 105 d1->processed_rcds.q=pqueue_new();
115 d1->buffered_messages = pqueue_new(); 106 d1->buffered_messages = pqueue_new();
116 d1->sent_messages=pqueue_new(); 107 d1->sent_messages=pqueue_new();
108 d1->buffered_app_data.q=pqueue_new();
117 109
118 if ( s->server) 110 if ( s->server)
119 { 111 {
@@ -121,12 +113,13 @@ int dtls1_new(SSL *s)
121 } 113 }
122 114
123 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 115 if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
124 || ! d1->buffered_messages || ! d1->sent_messages) 116 || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
125 { 117 {
126 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q); 118 if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
127 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q); 119 if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
128 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages); 120 if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
129 if ( d1->sent_messages) pqueue_free(d1->sent_messages); 121 if ( d1->sent_messages) pqueue_free(d1->sent_messages);
122 if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
130 OPENSSL_free(d1); 123 OPENSSL_free(d1);
131 return (0); 124 return (0);
132 } 125 }
@@ -175,11 +168,14 @@ void dtls1_free(SSL *s)
175 } 168 }
176 pqueue_free(s->d1->sent_messages); 169 pqueue_free(s->d1->sent_messages);
177 170
178 pq_64bit_free(&(s->d1->bitmap.map)); 171 while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
179 pq_64bit_free(&(s->d1->bitmap.max_seq_num)); 172 {
180 173 frag = (hm_fragment *)item->data;
181 pq_64bit_free(&(s->d1->next_bitmap.map)); 174 OPENSSL_free(frag->fragment);
182 pq_64bit_free(&(s->d1->next_bitmap.max_seq_num)); 175 OPENSSL_free(frag);
176 pitem_free(item);
177 }
178 pqueue_free(s->d1->buffered_app_data.q);
183 179
184 OPENSSL_free(s->d1); 180 OPENSSL_free(s->d1);
185 } 181 }
@@ -187,7 +183,36 @@ void dtls1_free(SSL *s)
187void dtls1_clear(SSL *s) 183void dtls1_clear(SSL *s)
188 { 184 {
189 ssl3_clear(s); 185 ssl3_clear(s);
190 s->version=DTLS1_VERSION; 186 if (s->options & SSL_OP_CISCO_ANYCONNECT)
187 s->version=DTLS1_BAD_VER;
188 else
189 s->version=DTLS1_VERSION;
190 }
191
192long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
193 {
194 int ret=0;
195
196 switch (cmd)
197 {
198 case DTLS_CTRL_GET_TIMEOUT:
199 if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
200 {
201 ret = 1;
202 }
203 break;
204 case DTLS_CTRL_HANDLE_TIMEOUT:
205 ret = dtls1_handle_timeout(s);
206 break;
207 case DTLS_CTRL_LISTEN:
208 ret = dtls1_listen(s, parg);
209 break;
210
211 default:
212 ret = ssl3_ctrl(s, cmd, larg, parg);
213 break;
214 }
215 return(ret);
191 } 216 }
192 217
193/* 218/*
@@ -197,15 +222,173 @@ void dtls1_clear(SSL *s)
197 * to explicitly list their SSL_* codes. Currently RC4 is the only one 222 * to explicitly list their SSL_* codes. Currently RC4 is the only one
198 * available, but if new ones emerge, they will have to be added... 223 * available, but if new ones emerge, they will have to be added...
199 */ 224 */
200SSL_CIPHER *dtls1_get_cipher(unsigned int u) 225const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
201 { 226 {
202 SSL_CIPHER *ciph = ssl3_get_cipher(u); 227 const SSL_CIPHER *ciph = ssl3_get_cipher(u);
203 228
204 if (ciph != NULL) 229 if (ciph != NULL)
205 { 230 {
206 if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4) 231 if (ciph->algorithm_enc == SSL_RC4)
207 return NULL; 232 return NULL;
208 } 233 }
209 234
210 return ciph; 235 return ciph;
211 } 236 }
237
238void dtls1_start_timer(SSL *s)
239 {
240 /* If timer is not set, initialize duration with 1 second */
241 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
242 {
243 s->d1->timeout_duration = 1;
244 }
245
246 /* Set timeout to current time */
247 get_current_time(&(s->d1->next_timeout));
248
249 /* Add duration to current time */
250 s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
251 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
252 }
253
254struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
255 {
256 struct timeval timenow;
257
258 /* If no timeout is set, just return NULL */
259 if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
260 {
261 return NULL;
262 }
263
264 /* Get current time */
265 get_current_time(&timenow);
266
267 /* If timer already expired, set remaining time to 0 */
268 if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
269 (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
270 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
271 {
272 memset(timeleft, 0, sizeof(struct timeval));
273 return timeleft;
274 }
275
276 /* Calculate time left until timer expires */
277 memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
278 timeleft->tv_sec -= timenow.tv_sec;
279 timeleft->tv_usec -= timenow.tv_usec;
280 if (timeleft->tv_usec < 0)
281 {
282 timeleft->tv_sec--;
283 timeleft->tv_usec += 1000000;
284 }
285
286 /* If remaining time is less than 15 ms, set it to 0
287 * to prevent issues because of small devergences with
288 * socket timeouts.
289 */
290 if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
291 {
292 memset(timeleft, 0, sizeof(struct timeval));
293 }
294
295
296 return timeleft;
297 }
298
299int dtls1_is_timer_expired(SSL *s)
300 {
301 struct timeval timeleft;
302
303 /* Get time left until timeout, return false if no timer running */
304 if (dtls1_get_timeout(s, &timeleft) == NULL)
305 {
306 return 0;
307 }
308
309 /* Return false if timer is not expired yet */
310 if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
311 {
312 return 0;
313 }
314
315 /* Timer expired, so return true */
316 return 1;
317 }
318
319void dtls1_double_timeout(SSL *s)
320 {
321 s->d1->timeout_duration *= 2;
322 if (s->d1->timeout_duration > 60)
323 s->d1->timeout_duration = 60;
324 dtls1_start_timer(s);
325 }
326
327void dtls1_stop_timer(SSL *s)
328 {
329 /* Reset everything */
330 memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
331 s->d1->timeout_duration = 1;
332 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
333 }
334
335int dtls1_handle_timeout(SSL *s)
336 {
337 DTLS1_STATE *state;
338
339 /* if no timer is expired, don't do anything */
340 if (!dtls1_is_timer_expired(s))
341 {
342 return 0;
343 }
344
345 dtls1_double_timeout(s);
346 state = s->d1;
347 state->timeout.num_alerts++;
348 if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
349 {
350 /* fail the connection, enough alerts have been sent */
351 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
352 return 0;
353 }
354
355 state->timeout.read_timeouts++;
356 if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
357 {
358 state->timeout.read_timeouts = 1;
359 }
360
361 dtls1_start_timer(s);
362 return dtls1_retransmit_buffered_messages(s);
363 }
364
365static void get_current_time(struct timeval *t)
366{
367#ifdef OPENSSL_SYS_WIN32
368 struct _timeb tb;
369 _ftime(&tb);
370 t->tv_sec = (long)tb.time;
371 t->tv_usec = (long)tb.millitm * 1000;
372#elif defined(OPENSSL_SYS_VMS)
373 struct timeb tb;
374 ftime(&tb);
375 t->tv_sec = (long)tb.time;
376 t->tv_usec = (long)tb.millitm * 1000;
377#else
378 gettimeofday(t, NULL);
379#endif
380}
381
382int dtls1_listen(SSL *s, struct sockaddr *client)
383 {
384 int ret;
385
386 SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
387 s->d1->listen = 1;
388
389 ret = SSL_accept(s);
390 if (ret <= 0) return ret;
391
392 (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
393 return 1;
394 }
diff --git a/src/lib/libssl/d1_meth.c b/src/lib/libssl/d1_meth.c
index 8a6cf31947..5c4004bfe3 100644
--- a/src/lib/libssl/d1_meth.c
+++ b/src/lib/libssl/d1_meth.c
@@ -61,8 +61,8 @@
61#include <openssl/objects.h> 61#include <openssl/objects.h>
62#include "ssl_locl.h" 62#include "ssl_locl.h"
63 63
64static SSL_METHOD *dtls1_get_method(int ver); 64static const SSL_METHOD *dtls1_get_method(int ver);
65static SSL_METHOD *dtls1_get_method(int ver) 65static const SSL_METHOD *dtls1_get_method(int ver)
66 { 66 {
67 if (ver == DTLS1_VERSION) 67 if (ver == DTLS1_VERSION)
68 return(DTLSv1_method()); 68 return(DTLSv1_method());
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index eb56cf987b..a5439d544f 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -122,10 +122,53 @@
122#include <openssl/pqueue.h> 122#include <openssl/pqueue.h>
123#include <openssl/rand.h> 123#include <openssl/rand.h>
124 124
125/* mod 128 saturating subtract of two 64-bit values in big-endian order */
126static int satsub64be(const unsigned char *v1,const unsigned char *v2)
127{ int ret,sat,brw,i;
128
129 if (sizeof(long) == 8) do
130 { const union { long one; char little; } is_endian = {1};
131 long l;
132
133 if (is_endian.little) break;
134 /* not reached on little-endians */
135 /* following test is redundant, because input is
136 * always aligned, but I take no chances... */
137 if (((size_t)v1|(size_t)v2)&0x7) break;
138
139 l = *((long *)v1);
140 l -= *((long *)v2);
141 if (l>128) return 128;
142 else if (l<-128) return -128;
143 else return (int)l;
144 } while (0);
145
146 ret = (int)v1[7]-(int)v2[7];
147 sat = 0;
148 brw = ret>>8; /* brw is either 0 or -1 */
149 if (ret & 0x80)
150 { for (i=6;i>=0;i--)
151 { brw += (int)v1[i]-(int)v2[i];
152 sat |= ~brw;
153 brw >>= 8;
154 }
155 }
156 else
157 { for (i=6;i>=0;i--)
158 { brw += (int)v1[i]-(int)v2[i];
159 sat |= brw;
160 brw >>= 8;
161 }
162 }
163 brw <<= 8; /* brw is either 0 or -256 */
164
165 if (sat&0xff) return brw | 0x80;
166 else return brw + (ret&0xFF);
167}
168
125static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 169static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
126 int len, int peek); 170 int len, int peek);
127static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, 171static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
128 PQ_64BIT *seq_num);
129static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); 172static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
130static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 173static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
131 unsigned int *is_next_epoch); 174 unsigned int *is_next_epoch);
@@ -134,11 +177,8 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
134 unsigned short *priority, unsigned long *offset); 177 unsigned short *priority, unsigned long *offset);
135#endif 178#endif
136static int dtls1_buffer_record(SSL *s, record_pqueue *q, 179static int dtls1_buffer_record(SSL *s, record_pqueue *q,
137 PQ_64BIT priority); 180 unsigned char *priority);
138static int dtls1_process_record(SSL *s); 181static int dtls1_process_record(SSL *s);
139#if PQ_64BIT_IS_INTEGER
140static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
141#endif
142static void dtls1_clear_timeouts(SSL *s); 182static void dtls1_clear_timeouts(SSL *s);
143 183
144/* copy buffered record into SSL structure */ 184/* copy buffered record into SSL structure */
@@ -156,17 +196,24 @@ dtls1_copy_record(SSL *s, pitem *item)
156 s->packet_length = rdata->packet_length; 196 s->packet_length = rdata->packet_length;
157 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); 197 memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
158 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); 198 memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
199
200 /* Set proper sequence number for mac calculation */
201 memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
159 202
160 return(1); 203 return(1);
161 } 204 }
162 205
163 206
164static int 207static int
165dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority) 208dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
166{ 209 {
167 DTLS1_RECORD_DATA *rdata; 210 DTLS1_RECORD_DATA *rdata;
168 pitem *item; 211 pitem *item;
169 212
213 /* Limit the size of the queue to prevent DOS attacks */
214 if (pqueue_size(queue->q) >= 100)
215 return 0;
216
170 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); 217 rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
171 item = pitem_new(priority, rdata); 218 item = pitem_new(priority, rdata);
172 if (rdata == NULL || item == NULL) 219 if (rdata == NULL || item == NULL)
@@ -207,7 +254,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
207 } 254 }
208 255
209 return(1); 256 return(1);
210 } 257 }
211 258
212 259
213static int 260static int
@@ -324,17 +371,17 @@ dtls1_get_buffered_record(SSL *s)
324static int 371static int
325dtls1_process_record(SSL *s) 372dtls1_process_record(SSL *s)
326{ 373{
327 int i,al; 374 int i,al;
328 int clear=0; 375 int clear=0;
329 int enc_err; 376 int enc_err;
330 SSL_SESSION *sess; 377 SSL_SESSION *sess;
331 SSL3_RECORD *rr; 378 SSL3_RECORD *rr;
332 unsigned int mac_size; 379 unsigned int mac_size;
333 unsigned char md[EVP_MAX_MD_SIZE]; 380 unsigned char md[EVP_MAX_MD_SIZE];
334 381
335 382
336 rr= &(s->s3->rrec); 383 rr= &(s->s3->rrec);
337 sess = s->session; 384 sess = s->session;
338 385
339 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, 386 /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
340 * and we have that many bytes in s->packet 387 * and we have that many bytes in s->packet
@@ -370,7 +417,7 @@ dtls1_process_record(SSL *s)
370 goto err; 417 goto err;
371 418
372 /* otherwise enc_err == -1 */ 419 /* otherwise enc_err == -1 */
373 goto decryption_failed_or_bad_record_mac; 420 goto err;
374 } 421 }
375 422
376#ifdef TLS_DEBUG 423#ifdef TLS_DEBUG
@@ -380,14 +427,18 @@ printf("\n");
380#endif 427#endif
381 428
382 /* r->length is now the compressed data plus mac */ 429 /* r->length is now the compressed data plus mac */
383if ( (sess == NULL) || 430 if ( (sess == NULL) ||
384 (s->enc_read_ctx == NULL) || 431 (s->enc_read_ctx == NULL) ||
385 (s->read_hash == NULL)) 432 (s->read_hash == NULL))
386 clear=1; 433 clear=1;
387 434
388 if (!clear) 435 if (!clear)
389 { 436 {
390 mac_size=EVP_MD_size(s->read_hash); 437 /* !clear => s->read_hash != NULL => mac_size != -1 */
438 int t;
439 t=EVP_MD_CTX_size(s->read_hash);
440 OPENSSL_assert(t >= 0);
441 mac_size=t;
391 442
392 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size) 443 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
393 { 444 {
@@ -396,7 +447,7 @@ if ( (sess == NULL) ||
396 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 447 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
397 goto f_err; 448 goto f_err;
398#else 449#else
399 goto decryption_failed_or_bad_record_mac; 450 goto err;
400#endif 451#endif
401 } 452 }
402 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 453 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -407,14 +458,14 @@ if ( (sess == NULL) ||
407 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); 458 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
408 goto f_err; 459 goto f_err;
409#else 460#else
410 goto decryption_failed_or_bad_record_mac; 461 goto err;
411#endif 462#endif
412 } 463 }
413 rr->length-=mac_size; 464 rr->length-=mac_size;
414 i=s->method->ssl3_enc->mac(s,md,0); 465 i=s->method->ssl3_enc->mac(s,md,0);
415 if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) 466 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
416 { 467 {
417 goto decryption_failed_or_bad_record_mac; 468 goto err;
418 } 469 }
419 } 470 }
420 471
@@ -453,17 +504,9 @@ if ( (sess == NULL) ||
453 504
454 /* we have pulled in a full packet so zero things */ 505 /* we have pulled in a full packet so zero things */
455 s->packet_length=0; 506 s->packet_length=0;
456 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ 507 dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
457 return(1); 508 return(1);
458 509
459decryption_failed_or_bad_record_mac:
460 /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
461 * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
462 * failure is directly visible from the ciphertext anyway,
463 * we should not reveal which kind of error occured -- this
464 * might become visible to an attacker (e.g. via logfile) */
465 al=SSL_AD_BAD_RECORD_MAC;
466 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
467f_err: 510f_err:
468 ssl3_send_alert(s,SSL3_AL_FATAL,al); 511 ssl3_send_alert(s,SSL3_AL_FATAL,al);
469err: 512err:
@@ -482,11 +525,11 @@ err:
482/* used only by dtls1_read_bytes */ 525/* used only by dtls1_read_bytes */
483int dtls1_get_record(SSL *s) 526int dtls1_get_record(SSL *s)
484 { 527 {
485 int ssl_major,ssl_minor,al; 528 int ssl_major,ssl_minor;
486 int i,n; 529 int i,n;
487 SSL3_RECORD *rr; 530 SSL3_RECORD *rr;
488 SSL_SESSION *sess; 531 SSL_SESSION *sess;
489 unsigned char *p; 532 unsigned char *p = NULL;
490 unsigned short version; 533 unsigned short version;
491 DTLS1_BITMAP *bitmap; 534 DTLS1_BITMAP *bitmap;
492 unsigned int is_next_epoch; 535 unsigned int is_next_epoch;
@@ -494,10 +537,9 @@ int dtls1_get_record(SSL *s)
494 rr= &(s->s3->rrec); 537 rr= &(s->s3->rrec);
495 sess=s->session; 538 sess=s->session;
496 539
497 /* The epoch may have changed. If so, process all the 540 /* The epoch may have changed. If so, process all the
498 * pending records. This is a non-blocking operation. */ 541 * pending records. This is a non-blocking operation. */
499 if ( ! dtls1_process_buffered_records(s)) 542 dtls1_process_buffered_records(s);
500 return 0;
501 543
502 /* if we're renegotiating, then there may be buffered records */ 544 /* if we're renegotiating, then there may be buffered records */
503 if (dtls1_get_processed_record(s)) 545 if (dtls1_get_processed_record(s))
@@ -513,7 +555,12 @@ again:
513 /* read timeout is handled by dtls1_read_bytes */ 555 /* read timeout is handled by dtls1_read_bytes */
514 if (n <= 0) return(n); /* error or non-blocking */ 556 if (n <= 0) return(n); /* error or non-blocking */
515 557
516 OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH); 558 /* this packet contained a partial record, dump it */
559 if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
560 {
561 s->packet_length = 0;
562 goto again;
563 }
517 564
518 s->rstate=SSL_ST_READ_BODY; 565 s->rstate=SSL_ST_READ_BODY;
519 566
@@ -536,32 +583,31 @@ again:
536 /* Lets check version */ 583 /* Lets check version */
537 if (!s->first_packet) 584 if (!s->first_packet)
538 { 585 {
539 if (version != s->version && version != DTLS1_BAD_VER) 586 if (version != s->version)
540 { 587 {
541 SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 588 /* unexpected version, silently discard */
542 /* Send back error using their 589 rr->length = 0;
543 * version number :-) */ 590 s->packet_length = 0;
544 s->version=version; 591 goto again;
545 al=SSL_AD_PROTOCOL_VERSION;
546 goto f_err;
547 } 592 }
548 } 593 }
549 594
550 if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) && 595 if ((version & 0xff00) != (s->version & 0xff00))
551 (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
552 { 596 {
553 SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 597 /* wrong version, silently discard record */
554 goto err; 598 rr->length = 0;
599 s->packet_length = 0;
600 goto again;
555 } 601 }
556 602
557 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) 603 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
558 { 604 {
559 al=SSL_AD_RECORD_OVERFLOW; 605 /* record too long, silently discard it */
560 SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); 606 rr->length = 0;
561 goto f_err; 607 s->packet_length = 0;
608 goto again;
562 } 609 }
563 610
564 s->client_version = version;
565 /* now s->rstate == SSL_ST_READ_BODY */ 611 /* now s->rstate == SSL_ST_READ_BODY */
566 } 612 }
567 613
@@ -577,6 +623,7 @@ again:
577 /* this packet contained a partial record, dump it */ 623 /* this packet contained a partial record, dump it */
578 if ( n != i) 624 if ( n != i)
579 { 625 {
626 rr->length = 0;
580 s->packet_length = 0; 627 s->packet_length = 0;
581 goto again; 628 goto again;
582 } 629 }
@@ -589,13 +636,21 @@ again:
589 /* match epochs. NULL means the packet is dropped on the floor */ 636 /* match epochs. NULL means the packet is dropped on the floor */
590 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); 637 bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
591 if ( bitmap == NULL) 638 if ( bitmap == NULL)
592 { 639 {
593 s->packet_length = 0; /* dump this record */ 640 rr->length = 0;
594 goto again; /* get another record */ 641 s->packet_length = 0; /* dump this record */
642 goto again; /* get another record */
595 } 643 }
596 644
597 /* check whether this is a repeat, or aged record */ 645 /* Check whether this is a repeat, or aged record.
598 if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) 646 * Don't check if we're listening and this message is
647 * a ClientHello. They can look as if they're replayed,
648 * since they arrive from different connections and
649 * would be dropped unnecessarily.
650 */
651 if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
652 *p == SSL3_MT_CLIENT_HELLO) &&
653 !dtls1_record_replay_check(s, bitmap))
599 { 654 {
600 rr->length = 0; 655 rr->length = 0;
601 s->packet_length=0; /* dump this record */ 656 s->packet_length=0; /* dump this record */
@@ -605,28 +660,30 @@ again:
605 /* just read a 0 length packet */ 660 /* just read a 0 length packet */
606 if (rr->length == 0) goto again; 661 if (rr->length == 0) goto again;
607 662
608 /* If this record is from the next epoch (either HM or ALERT), buffer it 663 /* If this record is from the next epoch (either HM or ALERT),
609 * since it cannot be processed at this time. 664 * and a handshake is currently in progress, buffer it since it
610 * Records from the next epoch are marked as received even though they are 665 * cannot be processed at this time. */
611 * not processed, so as to prevent any potential resource DoS attack */ 666 if (is_next_epoch)
612 if (is_next_epoch) 667 {
613 { 668 if (SSL_in_init(s) || s->in_handshake)
614 dtls1_record_bitmap_update(s, bitmap); 669 {
615 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); 670 dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
616 s->packet_length = 0; 671 }
617 goto again; 672 rr->length = 0;
618 } 673 s->packet_length = 0;
674 goto again;
675 }
619 676
620 if ( ! dtls1_process_record(s)) 677 if (!dtls1_process_record(s))
621 return(0); 678 {
679 rr->length = 0;
680 s->packet_length = 0; /* dump this record */
681 goto again; /* get another record */
682 }
622 683
623 dtls1_clear_timeouts(s); /* done waiting */ 684 dtls1_clear_timeouts(s); /* done waiting */
624 return(1); 685 return(1);
625 686
626f_err:
627 ssl3_send_alert(s,SSL3_AL_FATAL,al);
628err:
629 return(0);
630 } 687 }
631 688
632/* Return up to 'len' payload bytes received in 'type' records. 689/* Return up to 'len' payload bytes received in 'type' records.
@@ -703,6 +760,27 @@ start:
703 * s->s3->rrec.length, - number of bytes. */ 760 * s->s3->rrec.length, - number of bytes. */
704 rr = &(s->s3->rrec); 761 rr = &(s->s3->rrec);
705 762
763 /* We are not handshaking and have no data yet,
764 * so process data buffered during the last handshake
765 * in advance, if any.
766 */
767 if (s->state == SSL_ST_OK && rr->length == 0)
768 {
769 pitem *item;
770 item = pqueue_pop(s->d1->buffered_app_data.q);
771 if (item)
772 {
773 dtls1_copy_record(s, item);
774
775 OPENSSL_free(item->data);
776 pitem_free(item);
777 }
778 }
779
780 /* Check for timeout */
781 if (dtls1_handle_timeout(s) > 0)
782 goto start;
783
706 /* get new packet if necessary */ 784 /* get new packet if necessary */
707 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) 785 if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
708 { 786 {
@@ -724,9 +802,14 @@ start:
724 * reset by ssl3_get_finished */ 802 * reset by ssl3_get_finished */
725 && (rr->type != SSL3_RT_HANDSHAKE)) 803 && (rr->type != SSL3_RT_HANDSHAKE))
726 { 804 {
727 al=SSL_AD_UNEXPECTED_MESSAGE; 805 /* We now have application data between CCS and Finished.
728 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); 806 * Most likely the packets were reordered on their way, so
729 goto err; 807 * buffer the application data for later processing rather
808 * than dropping the connection.
809 */
810 dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
811 rr->length = 0;
812 goto start;
730 } 813 }
731 814
732 /* If the other end has shut down, throw anything we read away 815 /* If the other end has shut down, throw anything we read away
@@ -796,15 +879,28 @@ start:
796 dest = s->d1->alert_fragment; 879 dest = s->d1->alert_fragment;
797 dest_len = &s->d1->alert_fragment_len; 880 dest_len = &s->d1->alert_fragment_len;
798 } 881 }
799 /* else it's a CCS message, or it's wrong */ 882 /* else it's a CCS message, or application data or wrong */
800 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) 883 else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
801 { 884 {
802 /* Not certain if this is the right error handling */ 885 /* Application data while renegotiating
803 al=SSL_AD_UNEXPECTED_MESSAGE; 886 * is allowed. Try again reading.
804 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 887 */
805 goto f_err; 888 if (rr->type == SSL3_RT_APPLICATION_DATA)
806 } 889 {
890 BIO *bio;
891 s->s3->in_read_app_data=2;
892 bio=SSL_get_rbio(s);
893 s->rwstate=SSL_READING;
894 BIO_clear_retry_flags(bio);
895 BIO_set_retry_read(bio);
896 return(-1);
897 }
807 898
899 /* Not certain if this is the right error handling */
900 al=SSL_AD_UNEXPECTED_MESSAGE;
901 SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
902 goto f_err;
903 }
808 904
809 if (dest_maxlen > 0) 905 if (dest_maxlen > 0)
810 { 906 {
@@ -942,7 +1038,9 @@ start:
942 n2s(p, seq); 1038 n2s(p, seq);
943 n2l3(p, frag_off); 1039 n2l3(p, frag_off);
944 1040
945 dtls1_retransmit_message(s, seq, frag_off, &found); 1041 dtls1_retransmit_message(s,
1042 dtls1_get_queue_priority(frag->msg_header.seq, 0),
1043 frag_off, &found);
946 if ( ! found && SSL_in_init(s)) 1044 if ( ! found && SSL_in_init(s))
947 { 1045 {
948 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */ 1046 /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
@@ -987,14 +1085,17 @@ start:
987 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) 1085 if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
988 { 1086 {
989 struct ccs_header_st ccs_hdr; 1087 struct ccs_header_st ccs_hdr;
1088 unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
990 1089
991 dtls1_get_ccs_header(rr->data, &ccs_hdr); 1090 dtls1_get_ccs_header(rr->data, &ccs_hdr);
992 1091
1092 if (s->version == DTLS1_BAD_VER)
1093 ccs_hdr_len = 3;
1094
993 /* 'Change Cipher Spec' is just a single byte, so we know 1095 /* 'Change Cipher Spec' is just a single byte, so we know
994 * exactly what the record payload has to look like */ 1096 * exactly what the record payload has to look like */
995 /* XDTLS: check that epoch is consistent */ 1097 /* XDTLS: check that epoch is consistent */
996 if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) || 1098 if ( (rr->length != ccs_hdr_len) ||
997 (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
998 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) 1099 (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
999 { 1100 {
1000 i=SSL_AD_ILLEGAL_PARAMETER; 1101 i=SSL_AD_ILLEGAL_PARAMETER;
@@ -1008,6 +1109,16 @@ start:
1008 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 1109 s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
1009 rr->data, 1, s, s->msg_callback_arg); 1110 rr->data, 1, s, s->msg_callback_arg);
1010 1111
1112 /* We can't process a CCS now, because previous handshake
1113 * messages are still missing, so just drop it.
1114 */
1115 if (!s->d1->change_cipher_spec_ok)
1116 {
1117 goto start;
1118 }
1119
1120 s->d1->change_cipher_spec_ok = 0;
1121
1011 s->s3->change_cipher_spec=1; 1122 s->s3->change_cipher_spec=1;
1012 if (!ssl3_do_change_cipher_spec(s)) 1123 if (!ssl3_do_change_cipher_spec(s))
1013 goto err; 1124 goto err;
@@ -1015,7 +1126,7 @@ start:
1015 /* do this whenever CCS is processed */ 1126 /* do this whenever CCS is processed */
1016 dtls1_reset_seq_numbers(s, SSL3_CC_READ); 1127 dtls1_reset_seq_numbers(s, SSL3_CC_READ);
1017 1128
1018 if (s->client_version == DTLS1_BAD_VER) 1129 if (s->version == DTLS1_BAD_VER)
1019 s->d1->handshake_read_seq++; 1130 s->d1->handshake_read_seq++;
1020 1131
1021 goto start; 1132 goto start;
@@ -1035,6 +1146,16 @@ start:
1035 goto start; 1146 goto start;
1036 } 1147 }
1037 1148
1149 /* If we are server, we may have a repeated FINISHED of the
1150 * client here, then retransmit our CCS and FINISHED.
1151 */
1152 if (msg_hdr.type == SSL3_MT_FINISHED)
1153 {
1154 dtls1_retransmit_buffered_messages(s);
1155 rr->length = 0;
1156 goto start;
1157 }
1158
1038 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && 1159 if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
1039 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) 1160 !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
1040 { 1161 {
@@ -1141,7 +1262,6 @@ err:
1141int 1262int
1142dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) 1263dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1143 { 1264 {
1144 unsigned int n,tot;
1145 int i; 1265 int i;
1146 1266
1147 if (SSL_in_init(s) && !s->in_handshake) 1267 if (SSL_in_init(s) && !s->in_handshake)
@@ -1155,31 +1275,14 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
1155 } 1275 }
1156 } 1276 }
1157 1277
1158 tot = s->s3->wnum; 1278 if (len > SSL3_RT_MAX_PLAIN_LENGTH)
1159 n = len - tot;
1160
1161 while( n)
1162 { 1279 {
1163 /* dtls1_write_bytes sends one record at a time, sized according to 1280 SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG);
1164 * the currently known MTU */ 1281 return -1;
1165 i = dtls1_write_bytes(s, type, buf_, len);
1166 if (i <= 0) return i;
1167
1168 if ((i == (int)n) ||
1169 (type == SSL3_RT_APPLICATION_DATA &&
1170 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
1171 {
1172 /* next chunk of data should get another prepended empty fragment
1173 * in ciphersuites with known-IV weakness: */
1174 s->s3->empty_fragment_done = 0;
1175 return tot+i;
1176 }
1177
1178 tot += i;
1179 n-=i;
1180 } 1282 }
1181 1283
1182 return tot; 1284 i = dtls1_write_bytes(s, type, buf_, len);
1285 return i;
1183 } 1286 }
1184 1287
1185 1288
@@ -1220,46 +1323,13 @@ have_handshake_fragment(SSL *s, int type, unsigned char *buf,
1220/* Call this to write data in records of type 'type' 1323/* Call this to write data in records of type 'type'
1221 * It will return <= 0 if not all data has been sent or non-blocking IO. 1324 * It will return <= 0 if not all data has been sent or non-blocking IO.
1222 */ 1325 */
1223int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len) 1326int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
1224 { 1327 {
1225 const unsigned char *buf=buf_;
1226 unsigned int tot,n,nw;
1227 int i; 1328 int i;
1228 unsigned int mtu;
1229 1329
1330 OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
1230 s->rwstate=SSL_NOTHING; 1331 s->rwstate=SSL_NOTHING;
1231 tot=s->s3->wnum; 1332 i=do_dtls1_write(s, type, buf, len, 0);
1232
1233 n=(len-tot);
1234
1235 /* handshake layer figures out MTU for itself, but data records
1236 * are also sent through this interface, so need to figure out MTU */
1237#if 0
1238 mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_MTU, 0, NULL);
1239 mtu += DTLS1_HM_HEADER_LENGTH; /* HM already inserted */
1240#endif
1241 mtu = s->d1->mtu;
1242
1243 if (mtu > SSL3_RT_MAX_PLAIN_LENGTH)
1244 mtu = SSL3_RT_MAX_PLAIN_LENGTH;
1245
1246 if (n > mtu)
1247 nw=mtu;
1248 else
1249 nw=n;
1250
1251 i=do_dtls1_write(s, type, &(buf[tot]), nw, 0);
1252 if (i <= 0)
1253 {
1254 s->s3->wnum=tot;
1255 return i;
1256 }
1257
1258 if ( (int)s->s3->wnum + i == len)
1259 s->s3->wnum = 0;
1260 else
1261 s->s3->wnum += i;
1262
1263 return i; 1333 return i;
1264 } 1334 }
1265 1335
@@ -1299,19 +1369,23 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1299 1369
1300 if ( (sess == NULL) || 1370 if ( (sess == NULL) ||
1301 (s->enc_write_ctx == NULL) || 1371 (s->enc_write_ctx == NULL) ||
1302 (s->write_hash == NULL)) 1372 (EVP_MD_CTX_md(s->write_hash) == NULL))
1303 clear=1; 1373 clear=1;
1304 1374
1305 if (clear) 1375 if (clear)
1306 mac_size=0; 1376 mac_size=0;
1307 else 1377 else
1308 mac_size=EVP_MD_size(s->write_hash); 1378 {
1379 mac_size=EVP_MD_CTX_size(s->write_hash);
1380 if (mac_size < 0)
1381 goto err;
1382 }
1309 1383
1310 /* DTLS implements explicit IV, so no need for empty fragments */ 1384 /* DTLS implements explicit IV, so no need for empty fragments */
1311#if 0 1385#if 0
1312 /* 'create_empty_fragment' is true only when this function calls itself */ 1386 /* 'create_empty_fragment' is true only when this function calls itself */
1313 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done 1387 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
1314 && SSL_version(s) != DTLS1_VERSION) 1388 && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
1315 { 1389 {
1316 /* countermeasure against known-IV weakness in CBC ciphersuites 1390 /* countermeasure against known-IV weakness in CBC ciphersuites
1317 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 1391 * (see http://www.openssl.org/~bodo/tls-cbc.txt)
@@ -1338,7 +1412,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1338 s->s3->empty_fragment_done = 1; 1412 s->s3->empty_fragment_done = 1;
1339 } 1413 }
1340#endif 1414#endif
1341
1342 p = wb->buf + prefix_len; 1415 p = wb->buf + prefix_len;
1343 1416
1344 /* write the header */ 1417 /* write the header */
@@ -1346,12 +1419,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1346 *(p++)=type&0xff; 1419 *(p++)=type&0xff;
1347 wr->type=type; 1420 wr->type=type;
1348 1421
1349 if (s->client_version == DTLS1_BAD_VER) 1422 *(p++)=(s->version>>8);
1350 *(p++) = DTLS1_BAD_VER>>8, 1423 *(p++)=s->version&0xff;
1351 *(p++) = DTLS1_BAD_VER&0xff;
1352 else
1353 *(p++)=(s->version>>8),
1354 *(p++)=s->version&0xff;
1355 1424
1356 /* field where we are to write out packet epoch, seq num and len */ 1425 /* field where we are to write out packet epoch, seq num and len */
1357 pseq=p; 1426 pseq=p;
@@ -1396,7 +1465,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
1396 1465
1397 if (mac_size != 0) 1466 if (mac_size != 0)
1398 { 1467 {
1399 s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1); 1468 if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
1469 goto err;
1400 wr->length+=mac_size; 1470 wr->length+=mac_size;
1401 } 1471 }
1402 1472
@@ -1473,111 +1543,50 @@ err:
1473 1543
1474 1544
1475 1545
1476static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap, 1546static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
1477 PQ_64BIT *seq_num)
1478 { 1547 {
1479#if PQ_64BIT_IS_INTEGER 1548 int cmp;
1480 PQ_64BIT mask = 0x0000000000000001L; 1549 unsigned int shift;
1481#endif 1550 const unsigned char *seq = s->s3->read_sequence;
1482 PQ_64BIT rcd_num, tmp;
1483
1484 pq_64bit_init(&rcd_num);
1485 pq_64bit_init(&tmp);
1486
1487 /* this is the sequence number for the record just read */
1488 pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
1489
1490
1491 if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
1492 pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
1493 {
1494 pq_64bit_assign(seq_num, &rcd_num);
1495 pq_64bit_free(&rcd_num);
1496 pq_64bit_free(&tmp);
1497 return 1; /* this record is new */
1498 }
1499
1500 pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
1501
1502 if ( pq_64bit_get_word(&tmp) > bitmap->length)
1503 {
1504 pq_64bit_free(&rcd_num);
1505 pq_64bit_free(&tmp);
1506 return 0; /* stale, outside the window */
1507 }
1508 1551
1509#if PQ_64BIT_IS_BIGNUM 1552 cmp = satsub64be(seq,bitmap->max_seq_num);
1510 { 1553 if (cmp > 0)
1511 int offset;
1512 pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
1513 pq_64bit_sub_word(&tmp, 1);
1514 offset = pq_64bit_get_word(&tmp);
1515 if ( pq_64bit_is_bit_set(&(bitmap->map), offset))
1516 { 1554 {
1517 pq_64bit_free(&rcd_num); 1555 memcpy (s->s3->rrec.seq_num,seq,8);
1518 pq_64bit_free(&tmp); 1556 return 1; /* this record in new */
1519 return 0;
1520 } 1557 }
1521 } 1558 shift = -cmp;
1522#else 1559 if (shift >= sizeof(bitmap->map)*8)
1523 mask <<= (bitmap->max_seq_num - rcd_num - 1); 1560 return 0; /* stale, outside the window */
1524 if (bitmap->map & mask) 1561 else if (bitmap->map & (1UL<<shift))
1525 return 0; /* record previously received */ 1562 return 0; /* record previously received */
1526#endif 1563
1527 1564 memcpy (s->s3->rrec.seq_num,seq,8);
1528 pq_64bit_assign(seq_num, &rcd_num);
1529 pq_64bit_free(&rcd_num);
1530 pq_64bit_free(&tmp);
1531 return 1; 1565 return 1;
1532 } 1566 }
1533 1567
1534 1568
1535static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) 1569static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
1536 { 1570 {
1571 int cmp;
1537 unsigned int shift; 1572 unsigned int shift;
1538 PQ_64BIT rcd_num; 1573 const unsigned char *seq = s->s3->read_sequence;
1539 PQ_64BIT tmp;
1540 PQ_64BIT_CTX *ctx;
1541 1574
1542 pq_64bit_init(&rcd_num); 1575 cmp = satsub64be(seq,bitmap->max_seq_num);
1543 pq_64bit_init(&tmp); 1576 if (cmp > 0)
1544
1545 pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
1546
1547 /* unfortunate code complexity due to 64-bit manipulation support
1548 * on 32-bit machines */
1549 if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
1550 pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
1551 { 1577 {
1552 pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num)); 1578 shift = cmp;
1553 pq_64bit_add_word(&tmp, 1); 1579 if (shift < sizeof(bitmap->map)*8)
1554 1580 bitmap->map <<= shift, bitmap->map |= 1UL;
1555 shift = (unsigned int)pq_64bit_get_word(&tmp); 1581 else
1556 1582 bitmap->map = 1UL;
1557 pq_64bit_lshift(&(tmp), &(bitmap->map), shift); 1583 memcpy(bitmap->max_seq_num,seq,8);
1558 pq_64bit_assign(&(bitmap->map), &tmp);
1559
1560 pq_64bit_set_bit(&(bitmap->map), 0);
1561 pq_64bit_add_word(&rcd_num, 1);
1562 pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
1563
1564 pq_64bit_assign_word(&tmp, 1);
1565 pq_64bit_lshift(&tmp, &tmp, bitmap->length);
1566 ctx = pq_64bit_ctx_new(&ctx);
1567 pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
1568 pq_64bit_ctx_free(ctx);
1569 } 1584 }
1570 else 1585 else {
1571 { 1586 shift = -cmp;
1572 pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num); 1587 if (shift < sizeof(bitmap->map)*8)
1573 pq_64bit_sub_word(&tmp, 1); 1588 bitmap->map |= 1UL<<shift;
1574 shift = (unsigned int)pq_64bit_get_word(&tmp);
1575
1576 pq_64bit_set_bit(&(bitmap->map), shift);
1577 } 1589 }
1578
1579 pq_64bit_free(&rcd_num);
1580 pq_64bit_free(&tmp);
1581 } 1590 }
1582 1591
1583 1592
@@ -1624,7 +1633,7 @@ int dtls1_dispatch_alert(SSL *s)
1624#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1633#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1625 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1634 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1626#endif 1635#endif
1627 ) 1636 )
1628 (void)BIO_flush(s->wbio); 1637 (void)BIO_flush(s->wbio);
1629 1638
1630 if (s->msg_callback) 1639 if (s->msg_callback)
@@ -1743,47 +1752,19 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
1743 { 1752 {
1744 seq = s->s3->read_sequence; 1753 seq = s->s3->read_sequence;
1745 s->d1->r_epoch++; 1754 s->d1->r_epoch++;
1746 1755 memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
1747 pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));
1748 s->d1->bitmap.length = s->d1->next_bitmap.length;
1749 pq_64bit_assign(&(s->d1->bitmap.max_seq_num),
1750 &(s->d1->next_bitmap.max_seq_num));
1751
1752 pq_64bit_free(&(s->d1->next_bitmap.map));
1753 pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
1754 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); 1756 memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
1755 pq_64bit_init(&(s->d1->next_bitmap.map));
1756 pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
1757 } 1757 }
1758 else 1758 else
1759 { 1759 {
1760 seq = s->s3->write_sequence; 1760 seq = s->s3->write_sequence;
1761 memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
1761 s->d1->w_epoch++; 1762 s->d1->w_epoch++;
1762 } 1763 }
1763 1764
1764 memset(seq, 0x00, seq_bytes); 1765 memset(seq, 0x00, seq_bytes);
1765 } 1766 }
1766 1767
1767#if PQ_64BIT_IS_INTEGER
1768static PQ_64BIT
1769bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
1770 {
1771 PQ_64BIT _num;
1772
1773 _num = (((PQ_64BIT)bytes[0]) << 56) |
1774 (((PQ_64BIT)bytes[1]) << 48) |
1775 (((PQ_64BIT)bytes[2]) << 40) |
1776 (((PQ_64BIT)bytes[3]) << 32) |
1777 (((PQ_64BIT)bytes[4]) << 24) |
1778 (((PQ_64BIT)bytes[5]) << 16) |
1779 (((PQ_64BIT)bytes[6]) << 8) |
1780 (((PQ_64BIT)bytes[7]) );
1781
1782 *num = _num ;
1783 return _num;
1784 }
1785#endif
1786
1787 1768
1788static void 1769static void
1789dtls1_clear_timeouts(SSL *s) 1770dtls1_clear_timeouts(SSL *s)
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 0bbf8ae7f3..301ceda7a5 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -4,7 +4,7 @@
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */ 5 */
6/* ==================================================================== 6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 7 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
@@ -121,14 +121,15 @@
121#include <openssl/evp.h> 121#include <openssl/evp.h>
122#include <openssl/x509.h> 122#include <openssl/x509.h>
123#include <openssl/md5.h> 123#include <openssl/md5.h>
124#include <openssl/bn.h>
124#ifndef OPENSSL_NO_DH 125#ifndef OPENSSL_NO_DH
125#include <openssl/dh.h> 126#include <openssl/dh.h>
126#endif 127#endif
127 128
128static SSL_METHOD *dtls1_get_server_method(int ver); 129static const SSL_METHOD *dtls1_get_server_method(int ver);
129static int dtls1_send_hello_verify_request(SSL *s); 130static int dtls1_send_hello_verify_request(SSL *s);
130 131
131static SSL_METHOD *dtls1_get_server_method(int ver) 132static const SSL_METHOD *dtls1_get_server_method(int ver)
132 { 133 {
133 if (ver == DTLS1_VERSION) 134 if (ver == DTLS1_VERSION)
134 return(DTLSv1_server_method()); 135 return(DTLSv1_server_method());
@@ -144,9 +145,9 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
144int dtls1_accept(SSL *s) 145int dtls1_accept(SSL *s)
145 { 146 {
146 BUF_MEM *buf; 147 BUF_MEM *buf;
147 unsigned long l,Time=(unsigned long)time(NULL); 148 unsigned long Time=(unsigned long)time(NULL);
148 void (*cb)(const SSL *ssl,int type,int val)=NULL; 149 void (*cb)(const SSL *ssl,int type,int val)=NULL;
149 long num1; 150 unsigned long alg_k;
150 int ret= -1; 151 int ret= -1;
151 int new_state,state,skip=0; 152 int new_state,state,skip=0;
152 153
@@ -236,17 +237,13 @@ int dtls1_accept(SSL *s)
236 s->state=SSL3_ST_SW_HELLO_REQ_A; 237 s->state=SSL3_ST_SW_HELLO_REQ_A;
237 } 238 }
238 239
239 if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
240 s->d1->send_cookie = 1;
241 else
242 s->d1->send_cookie = 0;
243
244 break; 240 break;
245 241
246 case SSL3_ST_SW_HELLO_REQ_A: 242 case SSL3_ST_SW_HELLO_REQ_A:
247 case SSL3_ST_SW_HELLO_REQ_B: 243 case SSL3_ST_SW_HELLO_REQ_B:
248 244
249 s->shutdown=0; 245 s->shutdown=0;
246 dtls1_start_timer(s);
250 ret=dtls1_send_hello_request(s); 247 ret=dtls1_send_hello_request(s);
251 if (ret <= 0) goto end; 248 if (ret <= 0) goto end;
252 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; 249 s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
@@ -267,37 +264,58 @@ int dtls1_accept(SSL *s)
267 s->shutdown=0; 264 s->shutdown=0;
268 ret=ssl3_get_client_hello(s); 265 ret=ssl3_get_client_hello(s);
269 if (ret <= 0) goto end; 266 if (ret <= 0) goto end;
270 s->new_session = 2; 267 dtls1_stop_timer(s);
271 268
272 if ( s->d1->send_cookie) 269 if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
273 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; 270 s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
274 else 271 else
275 s->state = SSL3_ST_SW_SRVR_HELLO_A; 272 s->state = SSL3_ST_SW_SRVR_HELLO_A;
276 273
277 s->init_num=0; 274 s->init_num=0;
275
276 /* If we're just listening, stop here */
277 if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
278 {
279 ret = 2;
280 s->d1->listen = 0;
281 goto end;
282 }
283
278 break; 284 break;
279 285
280 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: 286 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
281 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: 287 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
282 288
289 dtls1_start_timer(s);
283 ret = dtls1_send_hello_verify_request(s); 290 ret = dtls1_send_hello_verify_request(s);
284 if ( ret <= 0) goto end; 291 if ( ret <= 0) goto end;
285 s->d1->send_cookie = 0;
286 s->state=SSL3_ST_SW_FLUSH; 292 s->state=SSL3_ST_SW_FLUSH;
287 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A; 293 s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
288 294
289 /* HelloVerifyRequests resets Finished MAC */ 295 /* HelloVerifyRequest resets Finished MAC */
290 if (s->client_version != DTLS1_BAD_VER) 296 if (s->version != DTLS1_BAD_VER)
291 ssl3_init_finished_mac(s); 297 ssl3_init_finished_mac(s);
292 break; 298 break;
293 299
294 case SSL3_ST_SW_SRVR_HELLO_A: 300 case SSL3_ST_SW_SRVR_HELLO_A:
295 case SSL3_ST_SW_SRVR_HELLO_B: 301 case SSL3_ST_SW_SRVR_HELLO_B:
302 s->new_session = 2;
303 dtls1_start_timer(s);
296 ret=dtls1_send_server_hello(s); 304 ret=dtls1_send_server_hello(s);
297 if (ret <= 0) goto end; 305 if (ret <= 0) goto end;
298 306
307#ifndef OPENSSL_NO_TLSEXT
299 if (s->hit) 308 if (s->hit)
300 s->state=SSL3_ST_SW_CHANGE_A; 309 {
310 if (s->tlsext_ticket_expected)
311 s->state=SSL3_ST_SW_SESSION_TICKET_A;
312 else
313 s->state=SSL3_ST_SW_CHANGE_A;
314 }
315#else
316 if (s->hit)
317 s->state=SSL3_ST_SW_CHANGE_A;
318#endif
301 else 319 else
302 s->state=SSL3_ST_SW_CERT_A; 320 s->state=SSL3_ST_SW_CERT_A;
303 s->init_num=0; 321 s->init_num=0;
@@ -305,27 +323,43 @@ int dtls1_accept(SSL *s)
305 323
306 case SSL3_ST_SW_CERT_A: 324 case SSL3_ST_SW_CERT_A:
307 case SSL3_ST_SW_CERT_B: 325 case SSL3_ST_SW_CERT_B:
308 /* Check if it is anon DH */ 326 /* Check if it is anon DH or normal PSK */
309 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 327 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
328 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
310 { 329 {
330 dtls1_start_timer(s);
311 ret=dtls1_send_server_certificate(s); 331 ret=dtls1_send_server_certificate(s);
312 if (ret <= 0) goto end; 332 if (ret <= 0) goto end;
333#ifndef OPENSSL_NO_TLSEXT
334 if (s->tlsext_status_expected)
335 s->state=SSL3_ST_SW_CERT_STATUS_A;
336 else
337 s->state=SSL3_ST_SW_KEY_EXCH_A;
338 }
339 else
340 {
341 skip = 1;
342 s->state=SSL3_ST_SW_KEY_EXCH_A;
343 }
344#else
313 } 345 }
314 else 346 else
315 skip=1; 347 skip=1;
348
316 s->state=SSL3_ST_SW_KEY_EXCH_A; 349 s->state=SSL3_ST_SW_KEY_EXCH_A;
350#endif
317 s->init_num=0; 351 s->init_num=0;
318 break; 352 break;
319 353
320 case SSL3_ST_SW_KEY_EXCH_A: 354 case SSL3_ST_SW_KEY_EXCH_A:
321 case SSL3_ST_SW_KEY_EXCH_B: 355 case SSL3_ST_SW_KEY_EXCH_B:
322 l=s->s3->tmp.new_cipher->algorithms; 356 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
323 357
324 /* clear this, it may get reset by 358 /* clear this, it may get reset by
325 * send_server_key_exchange */ 359 * send_server_key_exchange */
326 if ((s->options & SSL_OP_EPHEMERAL_RSA) 360 if ((s->options & SSL_OP_EPHEMERAL_RSA)
327#ifndef OPENSSL_NO_KRB5 361#ifndef OPENSSL_NO_KRB5
328 && !(l & SSL_KRB5) 362 && !(alg_k & SSL_kKRB5)
329#endif /* OPENSSL_NO_KRB5 */ 363#endif /* OPENSSL_NO_KRB5 */
330 ) 364 )
331 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key 365 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
@@ -336,11 +370,17 @@ int dtls1_accept(SSL *s)
336 else 370 else
337 s->s3->tmp.use_rsa_tmp=0; 371 s->s3->tmp.use_rsa_tmp=0;
338 372
339 /* only send if a DH key exchange, fortezza or 373 /* only send if a DH key exchange or
340 * RSA but we have a sign only certificate */ 374 * RSA but we have a sign only certificate */
341 if (s->s3->tmp.use_rsa_tmp 375 if (s->s3->tmp.use_rsa_tmp
342 || (l & (SSL_DH|SSL_kFZA)) 376 /* PSK: send ServerKeyExchange if PSK identity
343 || ((l & SSL_kRSA) 377 * hint if provided */
378#ifndef OPENSSL_NO_PSK
379 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
380#endif
381 || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
382 || (alg_k & SSL_kEECDH)
383 || ((alg_k & SSL_kRSA)
344 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 384 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
345 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) 385 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
346 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) 386 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
@@ -349,6 +389,7 @@ int dtls1_accept(SSL *s)
349 ) 389 )
350 ) 390 )
351 { 391 {
392 dtls1_start_timer(s);
352 ret=dtls1_send_server_key_exchange(s); 393 ret=dtls1_send_server_key_exchange(s);
353 if (ret <= 0) goto end; 394 if (ret <= 0) goto end;
354 } 395 }
@@ -370,12 +411,15 @@ int dtls1_accept(SSL *s)
370 /* never request cert in anonymous ciphersuites 411 /* never request cert in anonymous ciphersuites
371 * (see section "Certificate request" in SSL 3 drafts 412 * (see section "Certificate request" in SSL 3 drafts
372 * and in RFC 2246): */ 413 * and in RFC 2246): */
373 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) && 414 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
374 /* ... except when the application insists on verification 415 /* ... except when the application insists on verification
375 * (against the specs, but s3_clnt.c accepts this for SSL 3) */ 416 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
376 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || 417 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
377 /* never request cert in Kerberos ciphersuites */ 418 /* never request cert in Kerberos ciphersuites */
378 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) 419 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
420 /* With normal PSK Certificates and
421 * Certificate Requests are omitted */
422 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
379 { 423 {
380 /* no cert request */ 424 /* no cert request */
381 skip=1; 425 skip=1;
@@ -385,6 +429,7 @@ int dtls1_accept(SSL *s)
385 else 429 else
386 { 430 {
387 s->s3->tmp.cert_request=1; 431 s->s3->tmp.cert_request=1;
432 dtls1_start_timer(s);
388 ret=dtls1_send_certificate_request(s); 433 ret=dtls1_send_certificate_request(s);
389 if (ret <= 0) goto end; 434 if (ret <= 0) goto end;
390#ifndef NETSCAPE_HANG_BUG 435#ifndef NETSCAPE_HANG_BUG
@@ -399,6 +444,7 @@ int dtls1_accept(SSL *s)
399 444
400 case SSL3_ST_SW_SRVR_DONE_A: 445 case SSL3_ST_SW_SRVR_DONE_A:
401 case SSL3_ST_SW_SRVR_DONE_B: 446 case SSL3_ST_SW_SRVR_DONE_B:
447 dtls1_start_timer(s);
402 ret=dtls1_send_server_done(s); 448 ret=dtls1_send_server_done(s);
403 if (ret <= 0) goto end; 449 if (ret <= 0) goto end;
404 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; 450 s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
@@ -407,16 +453,13 @@ int dtls1_accept(SSL *s)
407 break; 453 break;
408 454
409 case SSL3_ST_SW_FLUSH: 455 case SSL3_ST_SW_FLUSH:
410 /* number of bytes to be flushed */ 456 s->rwstate=SSL_WRITING;
411 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); 457 if (BIO_flush(s->wbio) <= 0)
412 if (num1 > 0)
413 { 458 {
414 s->rwstate=SSL_WRITING; 459 ret= -1;
415 num1=BIO_flush(s->wbio); 460 goto end;
416 if (num1 <= 0) { ret= -1; goto end; }
417 s->rwstate=SSL_NOTHING;
418 } 461 }
419 462 s->rwstate=SSL_NOTHING;
420 s->state=s->s3->tmp.next_state; 463 s->state=s->s3->tmp.next_state;
421 break; 464 break;
422 465
@@ -426,6 +469,7 @@ int dtls1_accept(SSL *s)
426 ret = ssl3_check_client_hello(s); 469 ret = ssl3_check_client_hello(s);
427 if (ret <= 0) 470 if (ret <= 0)
428 goto end; 471 goto end;
472 dtls1_stop_timer(s);
429 if (ret == 2) 473 if (ret == 2)
430 s->state = SSL3_ST_SR_CLNT_HELLO_C; 474 s->state = SSL3_ST_SR_CLNT_HELLO_C;
431 else { 475 else {
@@ -433,6 +477,7 @@ int dtls1_accept(SSL *s)
433 * have not asked for it :-) */ 477 * have not asked for it :-) */
434 ret=ssl3_get_client_certificate(s); 478 ret=ssl3_get_client_certificate(s);
435 if (ret <= 0) goto end; 479 if (ret <= 0) goto end;
480 dtls1_stop_timer(s);
436 s->init_num=0; 481 s->init_num=0;
437 s->state=SSL3_ST_SR_KEY_EXCH_A; 482 s->state=SSL3_ST_SR_KEY_EXCH_A;
438 } 483 }
@@ -442,26 +487,44 @@ int dtls1_accept(SSL *s)
442 case SSL3_ST_SR_KEY_EXCH_B: 487 case SSL3_ST_SR_KEY_EXCH_B:
443 ret=ssl3_get_client_key_exchange(s); 488 ret=ssl3_get_client_key_exchange(s);
444 if (ret <= 0) goto end; 489 if (ret <= 0) goto end;
490 dtls1_stop_timer(s);
445 s->state=SSL3_ST_SR_CERT_VRFY_A; 491 s->state=SSL3_ST_SR_CERT_VRFY_A;
446 s->init_num=0; 492 s->init_num=0;
447 493
448 /* We need to get hashes here so if there is 494 if (ret == 2)
449 * a client cert, it can be verified */ 495 {
450 s->method->ssl3_enc->cert_verify_mac(s, 496 /* For the ECDH ciphersuites when
451 &(s->s3->finish_dgst1), 497 * the client sends its ECDH pub key in
452 &(s->s3->tmp.cert_verify_md[0])); 498 * a certificate, the CertificateVerify
453 s->method->ssl3_enc->cert_verify_mac(s, 499 * message is not sent.
454 &(s->s3->finish_dgst2), 500 */
455 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); 501 s->state=SSL3_ST_SR_FINISHED_A;
502 s->init_num = 0;
503 }
504 else
505 {
506 s->state=SSL3_ST_SR_CERT_VRFY_A;
507 s->init_num=0;
456 508
509 /* We need to get hashes here so if there is
510 * a client cert, it can be verified */
511 s->method->ssl3_enc->cert_verify_mac(s,
512 NID_md5,
513 &(s->s3->tmp.cert_verify_md[0]));
514 s->method->ssl3_enc->cert_verify_mac(s,
515 NID_sha1,
516 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
517 }
457 break; 518 break;
458 519
459 case SSL3_ST_SR_CERT_VRFY_A: 520 case SSL3_ST_SR_CERT_VRFY_A:
460 case SSL3_ST_SR_CERT_VRFY_B: 521 case SSL3_ST_SR_CERT_VRFY_B:
461 522
523 s->d1->change_cipher_spec_ok = 1;
462 /* we should decide if we expected this one */ 524 /* we should decide if we expected this one */
463 ret=ssl3_get_cert_verify(s); 525 ret=ssl3_get_cert_verify(s);
464 if (ret <= 0) goto end; 526 if (ret <= 0) goto end;
527 dtls1_stop_timer(s);
465 528
466 s->state=SSL3_ST_SR_FINISHED_A; 529 s->state=SSL3_ST_SR_FINISHED_A;
467 s->init_num=0; 530 s->init_num=0;
@@ -469,16 +532,41 @@ int dtls1_accept(SSL *s)
469 532
470 case SSL3_ST_SR_FINISHED_A: 533 case SSL3_ST_SR_FINISHED_A:
471 case SSL3_ST_SR_FINISHED_B: 534 case SSL3_ST_SR_FINISHED_B:
535 s->d1->change_cipher_spec_ok = 1;
472 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, 536 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
473 SSL3_ST_SR_FINISHED_B); 537 SSL3_ST_SR_FINISHED_B);
474 if (ret <= 0) goto end; 538 if (ret <= 0) goto end;
539 dtls1_stop_timer(s);
475 if (s->hit) 540 if (s->hit)
476 s->state=SSL_ST_OK; 541 s->state=SSL_ST_OK;
542#ifndef OPENSSL_NO_TLSEXT
543 else if (s->tlsext_ticket_expected)
544 s->state=SSL3_ST_SW_SESSION_TICKET_A;
545#endif
477 else 546 else
478 s->state=SSL3_ST_SW_CHANGE_A; 547 s->state=SSL3_ST_SW_CHANGE_A;
479 s->init_num=0; 548 s->init_num=0;
480 break; 549 break;
481 550
551#ifndef OPENSSL_NO_TLSEXT
552 case SSL3_ST_SW_SESSION_TICKET_A:
553 case SSL3_ST_SW_SESSION_TICKET_B:
554 ret=dtls1_send_newsession_ticket(s);
555 if (ret <= 0) goto end;
556 s->state=SSL3_ST_SW_CHANGE_A;
557 s->init_num=0;
558 break;
559
560 case SSL3_ST_SW_CERT_STATUS_A:
561 case SSL3_ST_SW_CERT_STATUS_B:
562 ret=ssl3_send_cert_status(s);
563 if (ret <= 0) goto end;
564 s->state=SSL3_ST_SW_KEY_EXCH_A;
565 s->init_num=0;
566 break;
567
568#endif
569
482 case SSL3_ST_SW_CHANGE_A: 570 case SSL3_ST_SW_CHANGE_A:
483 case SSL3_ST_SW_CHANGE_B: 571 case SSL3_ST_SW_CHANGE_B:
484 572
@@ -554,6 +642,7 @@ int dtls1_accept(SSL *s)
554 s->d1->handshake_read_seq = 0; 642 s->d1->handshake_read_seq = 0;
555 /* next message is server hello */ 643 /* next message is server hello */
556 s->d1->handshake_write_seq = 0; 644 s->d1->handshake_write_seq = 0;
645 s->d1->next_handshake_write_seq = 0;
557 goto end; 646 goto end;
558 /* break; */ 647 /* break; */
559 648
@@ -624,22 +713,16 @@ int dtls1_send_hello_verify_request(SSL *s)
624 buf = (unsigned char *)s->init_buf->data; 713 buf = (unsigned char *)s->init_buf->data;
625 714
626 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]); 715 msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
627 if (s->client_version == DTLS1_BAD_VER) 716 *(p++) = s->version >> 8;
628 *(p++) = DTLS1_BAD_VER>>8, 717 *(p++) = s->version & 0xFF;
629 *(p++) = DTLS1_BAD_VER&0xff;
630 else
631 *(p++) = s->version >> 8,
632 *(p++) = s->version & 0xFF;
633 718
634 if (s->ctx->app_gen_cookie_cb != NULL && 719 if (s->ctx->app_gen_cookie_cb == NULL ||
635 s->ctx->app_gen_cookie_cb(s, s->d1->cookie, 720 s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
636 &(s->d1->cookie_len)) == 0) 721 &(s->d1->cookie_len)) == 0)
637 { 722 {
638 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR); 723 SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
639 return 0; 724 return 0;
640 } 725 }
641 /* else the cookie is assumed to have
642 * been initialized by the application */
643 726
644 *(p++) = (unsigned char) s->d1->cookie_len; 727 *(p++) = (unsigned char) s->d1->cookie_len;
645 memcpy(p, s->d1->cookie, s->d1->cookie_len); 728 memcpy(p, s->d1->cookie, s->d1->cookie_len);
@@ -680,12 +763,8 @@ int dtls1_send_server_hello(SSL *s)
680 /* Do the message type and length last */ 763 /* Do the message type and length last */
681 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]); 764 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
682 765
683 if (s->client_version == DTLS1_BAD_VER) 766 *(p++)=s->version>>8;
684 *(p++)=DTLS1_BAD_VER>>8, 767 *(p++)=s->version&0xff;
685 *(p++)=DTLS1_BAD_VER&0xff;
686 else
687 *(p++)=s->version>>8,
688 *(p++)=s->version&0xff;
689 768
690 /* Random stuff */ 769 /* Random stuff */
691 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); 770 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
@@ -713,6 +792,8 @@ int dtls1_send_server_hello(SSL *s)
713 p+=sl; 792 p+=sl;
714 793
715 /* put the cipher */ 794 /* put the cipher */
795 if (s->s3->tmp.new_cipher == NULL)
796 return -1;
716 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); 797 i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
717 p+=i; 798 p+=i;
718 799
@@ -726,6 +807,14 @@ int dtls1_send_server_hello(SSL *s)
726 *(p++)=s->s3->tmp.new_compression->id; 807 *(p++)=s->s3->tmp.new_compression->id;
727#endif 808#endif
728 809
810#ifndef OPENSSL_NO_TLSEXT
811 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
812 {
813 SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
814 return -1;
815 }
816#endif
817
729 /* do the header */ 818 /* do the header */
730 l=(p-d); 819 l=(p-d);
731 d=buf; 820 d=buf;
@@ -781,6 +870,13 @@ int dtls1_send_server_key_exchange(SSL *s)
781#ifndef OPENSSL_NO_DH 870#ifndef OPENSSL_NO_DH
782 DH *dh=NULL,*dhp; 871 DH *dh=NULL,*dhp;
783#endif 872#endif
873#ifndef OPENSSL_NO_ECDH
874 EC_KEY *ecdh=NULL, *ecdhp;
875 unsigned char *encodedPoint = NULL;
876 int encodedlen = 0;
877 int curve_id = 0;
878 BN_CTX *bn_ctx = NULL;
879#endif
784 EVP_PKEY *pkey; 880 EVP_PKEY *pkey;
785 unsigned char *p,*d; 881 unsigned char *p,*d;
786 int al,i; 882 int al,i;
@@ -795,7 +891,7 @@ int dtls1_send_server_key_exchange(SSL *s)
795 EVP_MD_CTX_init(&md_ctx); 891 EVP_MD_CTX_init(&md_ctx);
796 if (s->state == SSL3_ST_SW_KEY_EXCH_A) 892 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
797 { 893 {
798 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; 894 type=s->s3->tmp.new_cipher->algorithm_mkey;
799 cert=s->cert; 895 cert=s->cert;
800 896
801 buf=s->init_buf; 897 buf=s->init_buf;
@@ -889,6 +985,142 @@ int dtls1_send_server_key_exchange(SSL *s)
889 } 985 }
890 else 986 else
891#endif 987#endif
988#ifndef OPENSSL_NO_ECDH
989 if (type & SSL_kEECDH)
990 {
991 const EC_GROUP *group;
992
993 ecdhp=cert->ecdh_tmp;
994 if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
995 {
996 ecdhp=s->cert->ecdh_tmp_cb(s,
997 SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
998 SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
999 }
1000 if (ecdhp == NULL)
1001 {
1002 al=SSL_AD_HANDSHAKE_FAILURE;
1003 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
1004 goto f_err;
1005 }
1006
1007 if (s->s3->tmp.ecdh != NULL)
1008 {
1009 EC_KEY_free(s->s3->tmp.ecdh);
1010 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
1011 goto err;
1012 }
1013
1014 /* Duplicate the ECDH structure. */
1015 if (ecdhp == NULL)
1016 {
1017 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1018 goto err;
1019 }
1020 if (!EC_KEY_up_ref(ecdhp))
1021 {
1022 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1023 goto err;
1024 }
1025 ecdh = ecdhp;
1026
1027 s->s3->tmp.ecdh=ecdh;
1028 if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
1029 (EC_KEY_get0_private_key(ecdh) == NULL) ||
1030 (s->options & SSL_OP_SINGLE_ECDH_USE))
1031 {
1032 if(!EC_KEY_generate_key(ecdh))
1033 {
1034 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1035 goto err;
1036 }
1037 }
1038
1039 if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
1040 (EC_KEY_get0_public_key(ecdh) == NULL) ||
1041 (EC_KEY_get0_private_key(ecdh) == NULL))
1042 {
1043 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1044 goto err;
1045 }
1046
1047 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
1048 (EC_GROUP_get_degree(group) > 163))
1049 {
1050 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
1051 goto err;
1052 }
1053
1054 /* XXX: For now, we only support ephemeral ECDH
1055 * keys over named (not generic) curves. For
1056 * supported named curves, curve_id is non-zero.
1057 */
1058 if ((curve_id =
1059 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1060 == 0)
1061 {
1062 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
1063 goto err;
1064 }
1065
1066 /* Encode the public key.
1067 * First check the size of encoding and
1068 * allocate memory accordingly.
1069 */
1070 encodedlen = EC_POINT_point2oct(group,
1071 EC_KEY_get0_public_key(ecdh),
1072 POINT_CONVERSION_UNCOMPRESSED,
1073 NULL, 0, NULL);
1074
1075 encodedPoint = (unsigned char *)
1076 OPENSSL_malloc(encodedlen*sizeof(unsigned char));
1077 bn_ctx = BN_CTX_new();
1078 if ((encodedPoint == NULL) || (bn_ctx == NULL))
1079 {
1080 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
1081 goto err;
1082 }
1083
1084
1085 encodedlen = EC_POINT_point2oct(group,
1086 EC_KEY_get0_public_key(ecdh),
1087 POINT_CONVERSION_UNCOMPRESSED,
1088 encodedPoint, encodedlen, bn_ctx);
1089
1090 if (encodedlen == 0)
1091 {
1092 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
1093 goto err;
1094 }
1095
1096 BN_CTX_free(bn_ctx); bn_ctx=NULL;
1097
1098 /* XXX: For now, we only support named (not
1099 * generic) curves in ECDH ephemeral key exchanges.
1100 * In this situation, we need four additional bytes
1101 * to encode the entire ServerECDHParams
1102 * structure.
1103 */
1104 n = 4 + encodedlen;
1105
1106 /* We'll generate the serverKeyExchange message
1107 * explicitly so we can set these to NULLs
1108 */
1109 r[0]=NULL;
1110 r[1]=NULL;
1111 r[2]=NULL;
1112 r[3]=NULL;
1113 }
1114 else
1115#endif /* !OPENSSL_NO_ECDH */
1116#ifndef OPENSSL_NO_PSK
1117 if (type & SSL_kPSK)
1118 {
1119 /* reserve size for record length and PSK identity hint*/
1120 n+=2+strlen(s->ctx->psk_identity_hint);
1121 }
1122 else
1123#endif /* !OPENSSL_NO_PSK */
892 { 1124 {
893 al=SSL_AD_HANDSHAKE_FAILURE; 1125 al=SSL_AD_HANDSHAKE_FAILURE;
894 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1126 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -900,7 +1132,8 @@ int dtls1_send_server_key_exchange(SSL *s)
900 n+=2+nr[i]; 1132 n+=2+nr[i];
901 } 1133 }
902 1134
903 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 1135 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1136 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
904 { 1137 {
905 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) 1138 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
906 == NULL) 1139 == NULL)
@@ -931,6 +1164,41 @@ int dtls1_send_server_key_exchange(SSL *s)
931 p+=nr[i]; 1164 p+=nr[i];
932 } 1165 }
933 1166
1167#ifndef OPENSSL_NO_ECDH
1168 if (type & SSL_kEECDH)
1169 {
1170 /* XXX: For now, we only support named (not generic) curves.
1171 * In this situation, the serverKeyExchange message has:
1172 * [1 byte CurveType], [2 byte CurveName]
1173 * [1 byte length of encoded point], followed by
1174 * the actual encoded point itself
1175 */
1176 *p = NAMED_CURVE_TYPE;
1177 p += 1;
1178 *p = 0;
1179 p += 1;
1180 *p = curve_id;
1181 p += 1;
1182 *p = encodedlen;
1183 p += 1;
1184 memcpy((unsigned char*)p,
1185 (unsigned char *)encodedPoint,
1186 encodedlen);
1187 OPENSSL_free(encodedPoint);
1188 p += encodedlen;
1189 }
1190#endif
1191
1192#ifndef OPENSSL_NO_PSK
1193 if (type & SSL_kPSK)
1194 {
1195 /* copy PSK identity hint */
1196 s2n(strlen(s->ctx->psk_identity_hint), p);
1197 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1198 p+=strlen(s->ctx->psk_identity_hint);
1199 }
1200#endif
1201
934 /* not anonymous */ 1202 /* not anonymous */
935 if (pkey != NULL) 1203 if (pkey != NULL)
936 { 1204 {
@@ -984,6 +1252,25 @@ int dtls1_send_server_key_exchange(SSL *s)
984 } 1252 }
985 else 1253 else
986#endif 1254#endif
1255#if !defined(OPENSSL_NO_ECDSA)
1256 if (pkey->type == EVP_PKEY_EC)
1257 {
1258 /* let's do ECDSA */
1259 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1260 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1261 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1262 EVP_SignUpdate(&md_ctx,&(d[4]),n);
1263 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1264 (unsigned int *)&i,pkey))
1265 {
1266 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
1267 goto err;
1268 }
1269 s2n(i,p);
1270 n+=i+2;
1271 }
1272 else
1273#endif
987 { 1274 {
988 /* Is this error check actually needed? */ 1275 /* Is this error check actually needed? */
989 al=SSL_AD_HANDSHAKE_FAILURE; 1276 al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1010,6 +1297,10 @@ int dtls1_send_server_key_exchange(SSL *s)
1010f_err: 1297f_err:
1011 ssl3_send_alert(s,SSL3_AL_FATAL,al); 1298 ssl3_send_alert(s,SSL3_AL_FATAL,al);
1012err: 1299err:
1300#ifndef OPENSSL_NO_ECDH
1301 if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
1302 BN_CTX_free(bn_ctx);
1303#endif
1013 EVP_MD_CTX_cleanup(&md_ctx); 1304 EVP_MD_CTX_cleanup(&md_ctx);
1014 return(-1); 1305 return(-1);
1015 } 1306 }
@@ -1123,14 +1414,15 @@ int dtls1_send_server_certificate(SSL *s)
1123 if (s->state == SSL3_ST_SW_CERT_A) 1414 if (s->state == SSL3_ST_SW_CERT_A)
1124 { 1415 {
1125 x=ssl_get_server_send_cert(s); 1416 x=ssl_get_server_send_cert(s);
1126 if (x == NULL && 1417 if (x == NULL)
1127 /* VRS: allow null cert if auth == KRB5 */
1128 (s->s3->tmp.new_cipher->algorithms
1129 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
1130 != (SSL_aKRB5|SSL_kKRB5))
1131 { 1418 {
1132 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); 1419 /* VRS: allow null cert if auth == KRB5 */
1133 return(0); 1420 if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
1421 (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
1422 {
1423 SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
1424 return(0);
1425 }
1134 } 1426 }
1135 1427
1136 l=dtls1_output_cert_chain(s,x); 1428 l=dtls1_output_cert_chain(s,x);
@@ -1145,3 +1437,115 @@ int dtls1_send_server_certificate(SSL *s)
1145 /* SSL3_ST_SW_CERT_B */ 1437 /* SSL3_ST_SW_CERT_B */
1146 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 1438 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1147 } 1439 }
1440
1441#ifndef OPENSSL_NO_TLSEXT
1442int dtls1_send_newsession_ticket(SSL *s)
1443 {
1444 if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
1445 {
1446 unsigned char *p, *senc, *macstart;
1447 int len, slen;
1448 unsigned int hlen, msg_len;
1449 EVP_CIPHER_CTX ctx;
1450 HMAC_CTX hctx;
1451 SSL_CTX *tctx = s->initial_ctx;
1452 unsigned char iv[EVP_MAX_IV_LENGTH];
1453 unsigned char key_name[16];
1454
1455 /* get session encoding length */
1456 slen = i2d_SSL_SESSION(s->session, NULL);
1457 /* Some length values are 16 bits, so forget it if session is
1458 * too long
1459 */
1460 if (slen > 0xFF00)
1461 return -1;
1462 /* Grow buffer if need be: the length calculation is as
1463 * follows 12 (DTLS handshake message header) +
1464 * 4 (ticket lifetime hint) + 2 (ticket length) +
1465 * 16 (key name) + max_iv_len (iv length) +
1466 * session_length + max_enc_block_size (max encrypted session
1467 * length) + max_md_size (HMAC).
1468 */
1469 if (!BUF_MEM_grow(s->init_buf,
1470 DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
1471 EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
1472 return -1;
1473 senc = OPENSSL_malloc(slen);
1474 if (!senc)
1475 return -1;
1476 p = senc;
1477 i2d_SSL_SESSION(s->session, &p);
1478
1479 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
1480 EVP_CIPHER_CTX_init(&ctx);
1481 HMAC_CTX_init(&hctx);
1482 /* Initialize HMAC and cipher contexts. If callback present
1483 * it does all the work otherwise use generated values
1484 * from parent ctx.
1485 */
1486 if (tctx->tlsext_ticket_key_cb)
1487 {
1488 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
1489 &hctx, 1) < 0)
1490 {
1491 OPENSSL_free(senc);
1492 return -1;
1493 }
1494 }
1495 else
1496 {
1497 RAND_pseudo_bytes(iv, 16);
1498 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
1499 tctx->tlsext_tick_aes_key, iv);
1500 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
1501 tlsext_tick_md(), NULL);
1502 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
1503 }
1504 l2n(s->session->tlsext_tick_lifetime_hint, p);
1505 /* Skip ticket length for now */
1506 p += 2;
1507 /* Output key name */
1508 macstart = p;
1509 memcpy(p, key_name, 16);
1510 p += 16;
1511 /* output IV */
1512 memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
1513 p += EVP_CIPHER_CTX_iv_length(&ctx);
1514 /* Encrypt session data */
1515 EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
1516 p += len;
1517 EVP_EncryptFinal(&ctx, p, &len);
1518 p += len;
1519 EVP_CIPHER_CTX_cleanup(&ctx);
1520
1521 HMAC_Update(&hctx, macstart, p - macstart);
1522 HMAC_Final(&hctx, p, &hlen);
1523 HMAC_CTX_cleanup(&hctx);
1524
1525 p += hlen;
1526 /* Now write out lengths: p points to end of data written */
1527 /* Total length */
1528 len = p - (unsigned char *)(s->init_buf->data);
1529 /* Ticket length */
1530 p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
1531 s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
1532
1533 /* number of bytes to write */
1534 s->init_num= len;
1535 s->state=SSL3_ST_SW_SESSION_TICKET_B;
1536 s->init_off=0;
1537 OPENSSL_free(senc);
1538
1539 /* XDTLS: set message header ? */
1540 msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
1541 dtls1_set_message_header(s, (void *)s->init_buf->data,
1542 SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
1543
1544 /* buffer the message to handle re-xmits */
1545 dtls1_buffer_message(s, 0);
1546 }
1547
1548 /* SSL3_ST_SW_SESSION_TICKET_B */
1549 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
1550 }
1551#endif
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
index 9e59020c17..9d2cd5bfa5 100644
--- a/src/lib/libssl/doc/openssl.cnf
+++ b/src/lib/libssl/doc/openssl.cnf
@@ -21,12 +21,17 @@ oid_section = new_oids
21 21
22[ new_oids ] 22[ new_oids ]
23 23
24# We can add new OIDs in here for use by 'ca' and 'req'. 24# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
25# Add a simple OID like this: 25# Add a simple OID like this:
26# testoid1=1.2.3.4 26# testoid1=1.2.3.4
27# Or use config file substitution like this: 27# Or use config file substitution like this:
28# testoid2=${testoid1}.5.6 28# testoid2=${testoid1}.5.6
29 29
30# Policies used by the TSA examples.
31tsa_policy1 = 1.2.3.4.1
32tsa_policy2 = 1.2.3.4.5.6
33tsa_policy3 = 1.2.3.4.5.7
34
30#################################################################### 35####################################################################
31[ ca ] 36[ ca ]
32default_ca = CA_default # The default ca section 37default_ca = CA_default # The default ca section
@@ -67,7 +72,7 @@ cert_opt = ca_default # Certificate field options
67 72
68default_days = 365 # how long to certify for 73default_days = 365 # how long to certify for
69default_crl_days= 30 # how long before next CRL 74default_crl_days= 30 # how long before next CRL
70default_md = sha1 # which md to use. 75default_md = default # use public key default MD
71preserve = no # keep passed DN ordering 76preserve = no # keep passed DN ordering
72 77
73# A few difference way of specifying how similar the request should look 78# A few difference way of specifying how similar the request should look
@@ -110,13 +115,12 @@ x509_extensions = v3_ca # The extentions to add to the self signed cert
110 115
111# This sets a mask for permitted string types. There are several options. 116# This sets a mask for permitted string types. There are several options.
112# default: PrintableString, T61String, BMPString. 117# default: PrintableString, T61String, BMPString.
113# pkix : PrintableString, BMPString. 118# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
114# utf8only: only UTF8Strings. 119# utf8only: only UTF8Strings (PKIX recommendation after 2004).
115# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 120# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
116# MASK:XXXX a literal mask value. 121# MASK:XXXX a literal mask value.
117# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings 122# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
118# so use this option with caution! 123string_mask = utf8only
119string_mask = nombstr
120 124
121# req_extensions = v3_req # The extensions to add to a certificate request 125# req_extensions = v3_req # The extensions to add to a certificate request
122 126
@@ -207,6 +211,9 @@ authorityKeyIdentifier=keyid,issuer
207#nsCaPolicyUrl 211#nsCaPolicyUrl
208#nsSslServerName 212#nsSslServerName
209 213
214# This is required for TSA certificates.
215# extendedKeyUsage = critical,timeStamping
216
210[ v3_req ] 217[ v3_req ]
211 218
212# Extensions to add to a certificate request 219# Extensions to add to a certificate request
@@ -224,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
224 231
225subjectKeyIdentifier=hash 232subjectKeyIdentifier=hash
226 233
227authorityKeyIdentifier=keyid:always,issuer:always 234authorityKeyIdentifier=keyid:always,issuer
228 235
229# This is what PKIX recommends but some broken software chokes on critical 236# This is what PKIX recommends but some broken software chokes on critical
230# extensions. 237# extensions.
@@ -257,7 +264,7 @@ basicConstraints = CA:true
257# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 264# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
258 265
259# issuerAltName=issuer:copy 266# issuerAltName=issuer:copy
260authorityKeyIdentifier=keyid:always,issuer:always 267authorityKeyIdentifier=keyid:always
261 268
262[ proxy_cert_ext ] 269[ proxy_cert_ext ]
263# These extensions should be added when creating a proxy certificate 270# These extensions should be added when creating a proxy certificate
@@ -290,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate"
290 297
291# PKIX recommendations harmless if included in all certificates. 298# PKIX recommendations harmless if included in all certificates.
292subjectKeyIdentifier=hash 299subjectKeyIdentifier=hash
293authorityKeyIdentifier=keyid,issuer:always 300authorityKeyIdentifier=keyid,issuer
294 301
295# This stuff is for subjectAltName and issuerAltname. 302# This stuff is for subjectAltName and issuerAltname.
296# Import the email address. 303# Import the email address.
@@ -311,3 +318,33 @@ authorityKeyIdentifier=keyid,issuer:always
311 318
312# This really needs to be in place for it to be a proxy certificate. 319# This really needs to be in place for it to be a proxy certificate.
313proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo 320proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
321
322####################################################################
323[ tsa ]
324
325default_tsa = tsa_config1 # the default TSA section
326
327[ tsa_config1 ]
328
329# These are used by the TSA reply generation only.
330dir = ./demoCA # TSA root directory
331serial = $dir/tsaserial # The current serial number (mandatory)
332crypto_device = builtin # OpenSSL engine to use for signing
333signer_cert = $dir/tsacert.pem # The TSA signing certificate
334 # (optional)
335certs = $dir/cacert.pem # Certificate chain to include in reply
336 # (optional)
337signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
338
339default_policy = tsa_policy1 # Policy if request did not specify it
340 # (optional)
341other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
342digests = md5, sha1 # Acceptable message digests (mandatory)
343accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
344clock_precision_digits = 0 # number of digits after dot. (optional)
345ordering = yes # Is ordering defined for timestamps?
346 # (optional, default: no)
347tsa_name = yes # Must the TSA name be included in the reply?
348 # (optional, default: no)
349ess_cert_id_chain = no # Must the ESS cert id chain be included?
350 # (optional, default: no)
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
index a5ce778f8e..7bada8d35f 100644
--- a/src/lib/libssl/doc/standards.txt
+++ b/src/lib/libssl/doc/standards.txt
@@ -69,6 +69,10 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. 693174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) 70 September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
71 71
723161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
73 C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
74 (Status: PROPOSED STANDARD)
75
723268 Advanced Encryption Standard (AES) Ciphersuites for Transport 763268 Advanced Encryption Standard (AES) Ciphersuites for Transport
73 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) 77 Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
74 (Status: PROPOSED STANDARD) 78 (Status: PROPOSED STANDARD)
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index f159d37110..2900d1d8ae 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -62,6 +62,18 @@
62 62
63#include <openssl/buffer.h> 63#include <openssl/buffer.h>
64#include <openssl/pqueue.h> 64#include <openssl/pqueue.h>
65#ifdef OPENSSL_SYS_VMS
66#include <resource.h>
67#include <sys/timeb.h>
68#endif
69#ifdef OPENSSL_SYS_WIN32
70/* Needed for struct timeval */
71#include <winsock.h>
72#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
73#include <sys/timeval.h>
74#else
75#include <sys/time.h>
76#endif
65 77
66#ifdef __cplusplus 78#ifdef __cplusplus
67extern "C" { 79extern "C" {
@@ -76,7 +88,7 @@ extern "C" {
76#endif 88#endif
77 89
78/* lengths of messages */ 90/* lengths of messages */
79#define DTLS1_COOKIE_LENGTH 32 91#define DTLS1_COOKIE_LENGTH 256
80 92
81#define DTLS1_RT_HEADER_LENGTH 13 93#define DTLS1_RT_HEADER_LENGTH 13
82 94
@@ -96,11 +108,26 @@ extern "C" {
96 108
97typedef struct dtls1_bitmap_st 109typedef struct dtls1_bitmap_st
98 { 110 {
99 PQ_64BIT map; 111 unsigned long map; /* track 32 packets on 32-bit systems
100 unsigned long length; /* sizeof the bitmap in bits */ 112 and 64 - on 64-bit systems */
101 PQ_64BIT max_seq_num; /* max record number seen so far */ 113 unsigned char max_seq_num[8]; /* max record number seen so far,
114 64-bit value in big-endian
115 encoding */
102 } DTLS1_BITMAP; 116 } DTLS1_BITMAP;
103 117
118struct dtls1_retransmit_state
119 {
120 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
121 EVP_MD_CTX *write_hash; /* used for mac generation */
122#ifndef OPENSSL_NO_COMP
123 COMP_CTX *compress; /* compression */
124#else
125 char *compress;
126#endif
127 SSL_SESSION *session;
128 unsigned short epoch;
129 };
130
104struct hm_header_st 131struct hm_header_st
105 { 132 {
106 unsigned char type; 133 unsigned char type;
@@ -109,6 +136,7 @@ struct hm_header_st
109 unsigned long frag_off; 136 unsigned long frag_off;
110 unsigned long frag_len; 137 unsigned long frag_len;
111 unsigned int is_ccs; 138 unsigned int is_ccs;
139 struct dtls1_retransmit_state saved_retransmit_state;
112 }; 140 };
113 141
114struct ccs_header_st 142struct ccs_header_st
@@ -139,6 +167,7 @@ typedef struct hm_fragment_st
139 { 167 {
140 struct hm_header_st msg_header; 168 struct hm_header_st msg_header;
141 unsigned char *fragment; 169 unsigned char *fragment;
170 unsigned char *reassembly;
142 } hm_fragment; 171 } hm_fragment;
143 172
144typedef struct dtls1_state_st 173typedef struct dtls1_state_st
@@ -168,6 +197,9 @@ typedef struct dtls1_state_st
168 197
169 unsigned short handshake_read_seq; 198 unsigned short handshake_read_seq;
170 199
200 /* save last sequence number for retransmissions */
201 unsigned char last_write_sequence[8];
202
171 /* Received handshake records (processed and unprocessed) */ 203 /* Received handshake records (processed and unprocessed) */
172 record_pqueue unprocessed_rcds; 204 record_pqueue unprocessed_rcds;
173 record_pqueue processed_rcds; 205 record_pqueue processed_rcds;
@@ -178,13 +210,29 @@ typedef struct dtls1_state_st
178 /* Buffered (sent) handshake records */ 210 /* Buffered (sent) handshake records */
179 pqueue sent_messages; 211 pqueue sent_messages;
180 212
181 unsigned int mtu; /* max wire packet size */ 213 /* Buffered application records.
214 * Only for records between CCS and Finished
215 * to prevent either protocol violation or
216 * unnecessary message loss.
217 */
218 record_pqueue buffered_app_data;
219
220 /* Is set when listening for new connections with dtls1_listen() */
221 unsigned int listen;
222
223 unsigned int mtu; /* max DTLS packet size */
182 224
183 struct hm_header_st w_msg_hdr; 225 struct hm_header_st w_msg_hdr;
184 struct hm_header_st r_msg_hdr; 226 struct hm_header_st r_msg_hdr;
185 227
186 struct dtls1_timeout_st timeout; 228 struct dtls1_timeout_st timeout;
187 229
230 /* Indicates when the last handshake msg sent will timeout */
231 struct timeval next_timeout;
232
233 /* Timeout duration */
234 unsigned short timeout_duration;
235
188 /* storage for Alert/Handshake protocol data received but not 236 /* storage for Alert/Handshake protocol data received but not
189 * yet processed by ssl3_read_bytes: */ 237 * yet processed by ssl3_read_bytes: */
190 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; 238 unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
@@ -193,6 +241,7 @@ typedef struct dtls1_state_st
193 unsigned int handshake_fragment_len; 241 unsigned int handshake_fragment_len;
194 242
195 unsigned int retransmitting; 243 unsigned int retransmitting;
244 unsigned int change_cipher_spec_ok;
196 245
197 } DTLS1_STATE; 246 } DTLS1_STATE;
198 247
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index bc918170e1..c4d8bf2eb3 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include "ssl_locl.h" 113#include "ssl_locl.h"
@@ -63,10 +116,10 @@
63#include <openssl/objects.h> 116#include <openssl/objects.h>
64#include <openssl/evp.h> 117#include <openssl/evp.h>
65 118
66static SSL_METHOD *ssl23_get_client_method(int ver); 119static const SSL_METHOD *ssl23_get_client_method(int ver);
67static int ssl23_client_hello(SSL *s); 120static int ssl23_client_hello(SSL *s);
68static int ssl23_get_server_hello(SSL *s); 121static int ssl23_get_server_hello(SSL *s);
69static SSL_METHOD *ssl23_get_client_method(int ver) 122static const SSL_METHOD *ssl23_get_client_method(int ver)
70 { 123 {
71#ifndef OPENSSL_NO_SSL2 124#ifndef OPENSSL_NO_SSL2
72 if (ver == SSL2_VERSION) 125 if (ver == SSL2_VERSION)
@@ -197,20 +250,40 @@ end:
197 return(ret); 250 return(ret);
198 } 251 }
199 252
253static int ssl23_no_ssl2_ciphers(SSL *s)
254 {
255 SSL_CIPHER *cipher;
256 STACK_OF(SSL_CIPHER) *ciphers;
257 int i;
258 ciphers = SSL_get_ciphers(s);
259 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
260 {
261 cipher = sk_SSL_CIPHER_value(ciphers, i);
262 if (cipher->algorithm_ssl == SSL_SSLV2)
263 return 0;
264 }
265 return 1;
266 }
200 267
201static int ssl23_client_hello(SSL *s) 268static int ssl23_client_hello(SSL *s)
202 { 269 {
203 unsigned char *buf; 270 unsigned char *buf;
204 unsigned char *p,*d; 271 unsigned char *p,*d;
205 int i,j,ch_len; 272 int i,ch_len;
206 unsigned long Time,l; 273 unsigned long Time,l;
207 int ssl2_compat; 274 int ssl2_compat;
208 int version = 0, version_major, version_minor; 275 int version = 0, version_major, version_minor;
276#ifndef OPENSSL_NO_COMP
277 int j;
209 SSL_COMP *comp; 278 SSL_COMP *comp;
279#endif
210 int ret; 280 int ret;
211 281
212 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1; 282 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
213 283
284 if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
285 ssl2_compat = 0;
286
214 if (!(s->options & SSL_OP_NO_TLSv1)) 287 if (!(s->options & SSL_OP_NO_TLSv1))
215 { 288 {
216 version = TLS1_VERSION; 289 version = TLS1_VERSION;
@@ -223,7 +296,7 @@ static int ssl23_client_hello(SSL *s)
223 { 296 {
224 version = SSL2_VERSION; 297 version = SSL2_VERSION;
225 } 298 }
226#ifndef OPENSSL_NO_TLSEXT 299#ifndef OPENSSL_NO_TLSEXT
227 if (version != SSL2_VERSION) 300 if (version != SSL2_VERSION)
228 { 301 {
229 /* have to disable SSL 2.0 compatibility if we need TLS extensions */ 302 /* have to disable SSL 2.0 compatibility if we need TLS extensions */
@@ -232,6 +305,10 @@ static int ssl23_client_hello(SSL *s)
232 ssl2_compat = 0; 305 ssl2_compat = 0;
233 if (s->tlsext_status_type != -1) 306 if (s->tlsext_status_type != -1)
234 ssl2_compat = 0; 307 ssl2_compat = 0;
308#ifdef TLSEXT_TYPE_opaque_prf_input
309 if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
310 ssl2_compat = 0;
311#endif
235 } 312 }
236#endif 313#endif
237 314
@@ -257,14 +334,6 @@ static int ssl23_client_hello(SSL *s)
257 version_major = TLS1_VERSION_MAJOR; 334 version_major = TLS1_VERSION_MAJOR;
258 version_minor = TLS1_VERSION_MINOR; 335 version_minor = TLS1_VERSION_MINOR;
259 } 336 }
260#ifdef OPENSSL_FIPS
261 else if(FIPS_mode())
262 {
263 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
264 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
265 return -1;
266 }
267#endif
268 else if (version == SSL3_VERSION) 337 else if (version == SSL3_VERSION)
269 { 338 {
270 version_major = SSL3_VERSION_MAJOR; 339 version_major = SSL3_VERSION_MAJOR;
@@ -318,6 +387,10 @@ static int ssl23_client_hello(SSL *s)
318 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 387 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
319 388
320 /* write out sslv2 challenge */ 389 /* write out sslv2 challenge */
390 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
391 because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
392 or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
393 check in for futurproofing */
321 if (SSL3_RANDOM_SIZE < ch_len) 394 if (SSL3_RANDOM_SIZE < ch_len)
322 i=SSL3_RANDOM_SIZE; 395 i=SSL3_RANDOM_SIZE;
323 else 396 else
@@ -368,7 +441,11 @@ static int ssl23_client_hello(SSL *s)
368 p+=i; 441 p+=i;
369 442
370 /* COMPRESSION */ 443 /* COMPRESSION */
371 if (s->ctx->comp_methods == NULL) 444#ifdef OPENSSL_NO_COMP
445 *(p++)=1;
446#else
447 if ((s->options & SSL_OP_NO_COMPRESSION)
448 || !s->ctx->comp_methods)
372 j=0; 449 j=0;
373 else 450 else
374 j=sk_SSL_COMP_num(s->ctx->comp_methods); 451 j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -378,8 +455,16 @@ static int ssl23_client_hello(SSL *s)
378 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); 455 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
379 *(p++)=comp->id; 456 *(p++)=comp->id;
380 } 457 }
458#endif
381 *(p++)=0; /* Add the NULL method */ 459 *(p++)=0; /* Add the NULL method */
460
382#ifndef OPENSSL_NO_TLSEXT 461#ifndef OPENSSL_NO_TLSEXT
462 /* TLS extensions*/
463 if (ssl_prepare_clienthello_tlsext(s) <= 0)
464 {
465 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
466 return -1;
467 }
383 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 468 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
384 { 469 {
385 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 470 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
@@ -388,7 +473,6 @@ static int ssl23_client_hello(SSL *s)
388#endif 473#endif
389 474
390 l = p-d; 475 l = p-d;
391 *p = 42;
392 476
393 /* fill in 4-byte handshake header */ 477 /* fill in 4-byte handshake header */
394 d=&(buf[5]); 478 d=&(buf[5]);
@@ -483,6 +567,10 @@ static int ssl23_get_server_hello(SSL *s)
483 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 567 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
484 568
485 /* write out sslv2 challenge */ 569 /* write out sslv2 challenge */
570 /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
571 it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
572 SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
573 futurproofing */
486 i=(SSL3_RANDOM_SIZE < ch_len) 574 i=(SSL3_RANDOM_SIZE < ch_len)
487 ?SSL3_RANDOM_SIZE:ch_len; 575 ?SSL3_RANDOM_SIZE:ch_len;
488 s->s2->challenge_length=i; 576 s->s2->challenge_length=i;
@@ -503,7 +591,7 @@ static int ssl23_get_server_hello(SSL *s)
503 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ 591 /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
504 s->s2->ssl2_rollback=1; 592 s->s2->ssl2_rollback=1;
505 593
506 /* setup the 5 bytes we have read so we get them from 594 /* setup the 7 bytes we have read so we get them from
507 * the sslv2 buffer */ 595 * the sslv2 buffer */
508 s->rstate=SSL_ST_READ_HEADER; 596 s->rstate=SSL_ST_READ_HEADER;
509 s->packet_length=n; 597 s->packet_length=n;
@@ -519,39 +607,16 @@ static int ssl23_get_server_hello(SSL *s)
519 s->handshake_func=s->method->ssl_connect; 607 s->handshake_func=s->method->ssl_connect;
520#endif 608#endif
521 } 609 }
522 else if ((p[0] == SSL3_RT_HANDSHAKE) && 610 else if (p[1] == SSL3_VERSION_MAJOR &&
523 (p[1] == SSL3_VERSION_MAJOR) && 611 (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&
524 ((p[2] == SSL3_VERSION_MINOR) || 612 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
525 (p[2] == TLS1_VERSION_MINOR)) && 613 (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
526 (p[5] == SSL3_MT_SERVER_HELLO))
527 { 614 {
528 /* we have sslv3 or tls1 */ 615 /* we have sslv3 or tls1 (server hello or alert) */
529
530 if (!ssl_init_wbio_buffer(s,1)) goto err;
531
532 /* we are in this state */
533 s->state=SSL3_ST_CR_SRVR_HELLO_A;
534
535 /* put the 5 bytes we have read into the input buffer
536 * for SSLv3 */
537 s->rstate=SSL_ST_READ_HEADER;
538 s->packet_length=n;
539 s->packet= &(s->s3->rbuf.buf[0]);
540 memcpy(s->packet,buf,n);
541 s->s3->rbuf.left=n;
542 s->s3->rbuf.offset=0;
543 616
544 if ((p[2] == SSL3_VERSION_MINOR) && 617 if ((p[2] == SSL3_VERSION_MINOR) &&
545 !(s->options & SSL_OP_NO_SSLv3)) 618 !(s->options & SSL_OP_NO_SSLv3))
546 { 619 {
547#ifdef OPENSSL_FIPS
548 if(FIPS_mode())
549 {
550 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
551 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
552 goto err;
553 }
554#endif
555 s->version=SSL3_VERSION; 620 s->version=SSL3_VERSION;
556 s->method=SSLv3_client_method(); 621 s->method=SSLv3_client_method();
557 } 622 }
@@ -566,35 +631,52 @@ static int ssl23_get_server_hello(SSL *s)
566 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); 631 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
567 goto err; 632 goto err;
568 } 633 }
569 634
570 s->handshake_func=s->method->ssl_connect; 635 if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
571 }
572 else if ((p[0] == SSL3_RT_ALERT) &&
573 (p[1] == SSL3_VERSION_MAJOR) &&
574 ((p[2] == SSL3_VERSION_MINOR) ||
575 (p[2] == TLS1_VERSION_MINOR)) &&
576 (p[3] == 0) &&
577 (p[4] == 2))
578 {
579 void (*cb)(const SSL *ssl,int type,int val)=NULL;
580 int j;
581
582 /* An alert */
583 if (s->info_callback != NULL)
584 cb=s->info_callback;
585 else if (s->ctx->info_callback != NULL)
586 cb=s->ctx->info_callback;
587
588 i=p[5];
589 if (cb != NULL)
590 { 636 {
591 j=(i<<8)|p[6]; 637 /* fatal alert */
592 cb(s,SSL_CB_READ_ALERT,j); 638
639 void (*cb)(const SSL *ssl,int type,int val)=NULL;
640 int j;
641
642 if (s->info_callback != NULL)
643 cb=s->info_callback;
644 else if (s->ctx->info_callback != NULL)
645 cb=s->ctx->info_callback;
646
647 i=p[5];
648 if (cb != NULL)
649 {
650 j=(i<<8)|p[6];
651 cb(s,SSL_CB_READ_ALERT,j);
652 }
653
654 if (s->msg_callback)
655 s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
656
657 s->rwstate=SSL_NOTHING;
658 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
659 goto err;
593 } 660 }
594 661
595 s->rwstate=SSL_NOTHING; 662 if (!ssl_init_wbio_buffer(s,1)) goto err;
596 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); 663
597 goto err; 664 /* we are in this state */
665 s->state=SSL3_ST_CR_SRVR_HELLO_A;
666
667 /* put the 7 bytes we have read into the input buffer
668 * for SSLv3 */
669 s->rstate=SSL_ST_READ_HEADER;
670 s->packet_length=n;
671 if (s->s3->rbuf.buf == NULL)
672 if (!ssl3_setup_read_buffer(s))
673 goto err;
674 s->packet= &(s->s3->rbuf.buf[0]);
675 memcpy(s->packet,buf,n);
676 s->s3->rbuf.left=n;
677 s->s3->rbuf.offset=0;
678
679 s->handshake_func=s->method->ssl_connect;
598 } 680 }
599 else 681 else
600 { 682 {
@@ -612,4 +694,3 @@ static int ssl23_get_server_hello(SSL *s)
612err: 694err:
613 return(-1); 695 return(-1);
614 } 696 }
615
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c
index fc2981308d..e3fce53430 100644
--- a/src/lib/libssl/s23_lib.c
+++ b/src/lib/libssl/s23_lib.c
@@ -65,11 +65,6 @@ long ssl23_default_timeout(void)
65 return(300); 65 return(300);
66 } 66 }
67 67
68IMPLEMENT_ssl23_meth_func(sslv23_base_method,
69 ssl_undefined_function,
70 ssl_undefined_function,
71 ssl_bad_method)
72
73int ssl23_num_ciphers(void) 68int ssl23_num_ciphers(void)
74 { 69 {
75 return(ssl3_num_ciphers() 70 return(ssl3_num_ciphers()
@@ -79,7 +74,7 @@ int ssl23_num_ciphers(void)
79 ); 74 );
80 } 75 }
81 76
82SSL_CIPHER *ssl23_get_cipher(unsigned int u) 77const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
83 { 78 {
84 unsigned int uu=ssl3_num_ciphers(); 79 unsigned int uu=ssl3_num_ciphers();
85 80
@@ -95,9 +90,10 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u)
95 90
96/* This function needs to check if the ciphers required are actually 91/* This function needs to check if the ciphers required are actually
97 * available */ 92 * available */
98SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) 93const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
99 { 94 {
100 SSL_CIPHER c,*cp; 95 SSL_CIPHER c;
96 const SSL_CIPHER *cp;
101 unsigned long id; 97 unsigned long id;
102 int n; 98 int n;
103 99
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index ba06e7ae2e..836dd1f1cf 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -116,9 +116,9 @@
116#include <openssl/objects.h> 116#include <openssl/objects.h>
117#include <openssl/evp.h> 117#include <openssl/evp.h>
118 118
119static SSL_METHOD *ssl23_get_server_method(int ver); 119static const SSL_METHOD *ssl23_get_server_method(int ver);
120int ssl23_get_client_hello(SSL *s); 120int ssl23_get_client_hello(SSL *s);
121static SSL_METHOD *ssl23_get_server_method(int ver) 121static const SSL_METHOD *ssl23_get_server_method(int ver)
122 { 122 {
123#ifndef OPENSSL_NO_SSL2 123#ifndef OPENSSL_NO_SSL2
124 if (ver == SSL2_VERSION) 124 if (ver == SSL2_VERSION)
@@ -315,7 +315,7 @@ int ssl23_get_client_hello(SSL *s)
315 (p[1] == SSL3_VERSION_MAJOR) && 315 (p[1] == SSL3_VERSION_MAJOR) &&
316 (p[5] == SSL3_MT_CLIENT_HELLO) && 316 (p[5] == SSL3_MT_CLIENT_HELLO) &&
317 ((p[3] == 0 && p[4] < 5 /* silly record length? */) 317 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
318 || (p[9] == p[1]))) 318 || (p[9] >= p[1])))
319 { 319 {
320 /* 320 /*
321 * SSLv3 or tls1 header 321 * SSLv3 or tls1 header
@@ -339,6 +339,13 @@ int ssl23_get_client_hello(SSL *s)
339 v[1] = TLS1_VERSION_MINOR; 339 v[1] = TLS1_VERSION_MINOR;
340#endif 340#endif
341 } 341 }
342 /* if major version number > 3 set minor to a value
343 * which will use the highest version 3 we support.
344 * If TLS 2.0 ever appears we will need to revise
345 * this....
346 */
347 else if (p[9] > SSL3_VERSION_MAJOR)
348 v[1]=0xff;
342 else 349 else
343 v[1]=p[10]; /* minor version according to client_version */ 350 v[1]=p[10]; /* minor version according to client_version */
344 if (v[1] >= TLS1_VERSION_MINOR) 351 if (v[1] >= TLS1_VERSION_MINOR)
@@ -386,15 +393,6 @@ int ssl23_get_client_hello(SSL *s)
386 } 393 }
387 } 394 }
388 395
389#ifdef OPENSSL_FIPS
390 if (FIPS_mode() && (s->version < TLS1_VERSION))
391 {
392 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
393 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
394 goto err;
395 }
396#endif
397
398 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) 396 if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
399 { 397 {
400 /* we have SSLv3/TLSv1 in an SSLv2 header 398 /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -425,7 +423,9 @@ int ssl23_get_client_hello(SSL *s)
425 n2s(p,sil); 423 n2s(p,sil);
426 n2s(p,cl); 424 n2s(p,cl);
427 d=(unsigned char *)s->init_buf->data; 425 d=(unsigned char *)s->init_buf->data;
428 if ((csl+sil+cl+11) != s->packet_length) 426 if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
427 * Client Hello, can we? Error condition should be
428 * '>' otherweise */
429 { 429 {
430 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); 430 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
431 goto err; 431 goto err;
@@ -468,6 +468,15 @@ int ssl23_get_client_hello(SSL *s)
468 *(d++)=1; 468 *(d++)=1;
469 *(d++)=0; 469 *(d++)=0;
470 470
471#if 0
472 /* copy any remaining data with may be extensions */
473 p = p+csl+sil+cl;
474 while (p < s->packet+s->packet_length)
475 {
476 *(d++)=*(p++);
477 }
478#endif
479
471 i = (d-(unsigned char *)s->init_buf->data) - 4; 480 i = (d-(unsigned char *)s->init_buf->data) - 4;
472 l2n3((long)i, d_len); 481 l2n3((long)i, d_len);
473 482
@@ -543,6 +552,10 @@ int ssl23_get_client_hello(SSL *s)
543 * for SSLv3 */ 552 * for SSLv3 */
544 s->rstate=SSL_ST_READ_HEADER; 553 s->rstate=SSL_ST_READ_HEADER;
545 s->packet_length=n; 554 s->packet_length=n;
555 if (s->s3->rbuf.buf == NULL)
556 if (!ssl3_setup_read_buffer(s))
557 goto err;
558
546 s->packet= &(s->s3->rbuf.buf[0]); 559 s->packet= &(s->s3->rbuf.buf[0]);
547 memcpy(s->packet,buf,n); 560 memcpy(s->packet,buf,n);
548 s->s3->rbuf.left=n; 561 s->s3->rbuf.left=n;
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index 2ecfbb77cb..a6d869df59 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -160,14 +160,29 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
160 p= &(d[4]); 160 p= &(d[4]);
161 161
162 i=s->method->ssl3_enc->final_finish_mac(s, 162 i=s->method->ssl3_enc->final_finish_mac(s,
163 &(s->s3->finish_dgst1),
164 &(s->s3->finish_dgst2),
165 sender,slen,s->s3->tmp.finish_md); 163 sender,slen,s->s3->tmp.finish_md);
166 s->s3->tmp.finish_md_len = i; 164 s->s3->tmp.finish_md_len = i;
167 memcpy(p, s->s3->tmp.finish_md, i); 165 memcpy(p, s->s3->tmp.finish_md, i);
168 p+=i; 166 p+=i;
169 l=i; 167 l=i;
170 168
169 /* Copy the finished so we can use it for
170 renegotiation checks */
171 if(s->type == SSL_ST_CONNECT)
172 {
173 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
174 memcpy(s->s3->previous_client_finished,
175 s->s3->tmp.finish_md, i);
176 s->s3->previous_client_finished_len=i;
177 }
178 else
179 {
180 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
181 memcpy(s->s3->previous_server_finished,
182 s->s3->tmp.finish_md, i);
183 s->s3->previous_server_finished_len=i;
184 }
185
171#ifdef OPENSSL_SYS_WIN16 186#ifdef OPENSSL_SYS_WIN16
172 /* MSVC 1.5 does not clear the top bytes of the word unless 187 /* MSVC 1.5 does not clear the top bytes of the word unless
173 * I do this. 188 * I do this.
@@ -232,6 +247,23 @@ int ssl3_get_finished(SSL *s, int a, int b)
232 goto f_err; 247 goto f_err;
233 } 248 }
234 249
250 /* Copy the finished so we can use it for
251 renegotiation checks */
252 if(s->type == SSL_ST_ACCEPT)
253 {
254 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
255 memcpy(s->s3->previous_client_finished,
256 s->s3->tmp.peer_finish_md, i);
257 s->s3->previous_client_finished_len=i;
258 }
259 else
260 {
261 OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
262 memcpy(s->s3->previous_server_finished,
263 s->s3->tmp.peer_finish_md, i);
264 s->s3->previous_server_finished_len=i;
265 }
266
235 return(1); 267 return(1);
236f_err: 268f_err:
237 ssl3_send_alert(s,SSL3_AL_FATAL,al); 269 ssl3_send_alert(s,SSL3_AL_FATAL,al);
@@ -264,15 +296,31 @@ int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
264 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); 296 return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
265 } 297 }
266 298
299static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
300 {
301 int n;
302 unsigned char *p;
303
304 n=i2d_X509(x,NULL);
305 if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
306 {
307 SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
308 return(-1);
309 }
310 p=(unsigned char *)&(buf->data[*l]);
311 l2n3(n,p);
312 i2d_X509(x,&p);
313 *l+=n+3;
314
315 return(0);
316 }
317
267unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) 318unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
268 { 319 {
269 unsigned char *p; 320 unsigned char *p;
270 int n,i; 321 int i;
271 unsigned long l=7; 322 unsigned long l=7;
272 BUF_MEM *buf; 323 BUF_MEM *buf;
273 X509_STORE_CTX xs_ctx;
274 X509_OBJECT obj;
275
276 int no_chain; 324 int no_chain;
277 325
278 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) 326 if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
@@ -289,58 +337,42 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
289 } 337 }
290 if (x != NULL) 338 if (x != NULL)
291 { 339 {
292 if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) 340 if (no_chain)
293 { 341 {
294 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); 342 if (ssl3_add_cert_to_buf(buf, &l, x))
295 return(0); 343 return(0);
296 } 344 }
297 345 else
298 for (;;)
299 { 346 {
300 n=i2d_X509(x,NULL); 347 X509_STORE_CTX xs_ctx;
301 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3))) 348
349 if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
302 { 350 {
303 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); 351 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
304 return(0); 352 return(0);
305 } 353 }
306 p=(unsigned char *)&(buf->data[l]); 354 X509_verify_cert(&xs_ctx);
307 l2n3(n,p); 355 /* Don't leave errors in the queue */
308 i2d_X509(x,&p); 356 ERR_clear_error();
309 l+=n+3; 357 for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
310 358 {
311 if (no_chain) 359 x = sk_X509_value(xs_ctx.chain, i);
312 break; 360
313 361 if (ssl3_add_cert_to_buf(buf, &l, x))
314 if (X509_NAME_cmp(X509_get_subject_name(x), 362 {
315 X509_get_issuer_name(x)) == 0) break; 363 X509_STORE_CTX_cleanup(&xs_ctx);
316 364 return 0;
317 i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, 365 }
318 X509_get_issuer_name(x),&obj); 366 }
319 if (i <= 0) break;
320 x=obj.data.x509;
321 /* Count is one too high since the X509_STORE_get uped the
322 * ref count */
323 X509_free(x);
324 }
325 if (!no_chain)
326 X509_STORE_CTX_cleanup(&xs_ctx); 367 X509_STORE_CTX_cleanup(&xs_ctx);
368 }
327 } 369 }
328
329 /* Thawte special :-) */ 370 /* Thawte special :-) */
330 if (s->ctx->extra_certs != NULL)
331 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) 371 for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
332 { 372 {
333 x=sk_X509_value(s->ctx->extra_certs,i); 373 x=sk_X509_value(s->ctx->extra_certs,i);
334 n=i2d_X509(x,NULL); 374 if (ssl3_add_cert_to_buf(buf, &l, x))
335 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
336 {
337 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
338 return(0); 375 return(0);
339 }
340 p=(unsigned char *)&(buf->data[l]);
341 l2n3(n,p);
342 i2d_X509(x,&p);
343 l+=n+3;
344 } 376 }
345 377
346 l-=7; 378 l-=7;
@@ -518,9 +550,16 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
518 else if (i == EVP_PKEY_EC) 550 else if (i == EVP_PKEY_EC)
519 { 551 {
520 ret = SSL_PKEY_ECC; 552 ret = SSL_PKEY_ECC;
521 } 553 }
522#endif 554#endif
523 555 else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc)
556 {
557 ret = SSL_PKEY_GOST94;
558 }
559 else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc)
560 {
561 ret = SSL_PKEY_GOST01;
562 }
524err: 563err:
525 if(!pkey) EVP_PKEY_free(pk); 564 if(!pkey) EVP_PKEY_free(pk);
526 return(ret); 565 return(ret);
@@ -586,37 +625,189 @@ int ssl_verify_alarm_type(long type)
586 return(al); 625 return(al);
587 } 626 }
588 627
589int ssl3_setup_buffers(SSL *s) 628#ifndef OPENSSL_NO_BUF_FREELISTS
629/* On some platforms, malloc() performance is bad enough that you can't just
630 * free() and malloc() buffers all the time, so we need to use freelists from
631 * unused buffers. Currently, each freelist holds memory chunks of only a
632 * given size (list->chunklen); other sized chunks are freed and malloced.
633 * This doesn't help much if you're using many different SSL option settings
634 * with a given context. (The options affecting buffer size are
635 * max_send_fragment, read buffer vs write buffer,
636 * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
637 * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
638 * possible size is not an option, since max_send_fragment can take on many
639 * different values.
640 *
641 * If you are on a platform with a slow malloc(), and you're using SSL
642 * connections with many different settings for these options, and you need to
643 * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
644 * - Link against a faster malloc implementation.
645 * - Use a separate SSL_CTX for each option set.
646 * - Improve this code.
647 */
648static void *
649freelist_extract(SSL_CTX *ctx, int for_read, int sz)
650 {
651 SSL3_BUF_FREELIST *list;
652 SSL3_BUF_FREELIST_ENTRY *ent = NULL;
653 void *result = NULL;
654
655 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
656 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
657 if (list != NULL && sz == (int)list->chunklen)
658 ent = list->head;
659 if (ent != NULL)
660 {
661 list->head = ent->next;
662 result = ent;
663 if (--list->len == 0)
664 list->chunklen = 0;
665 }
666 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
667 if (!result)
668 result = OPENSSL_malloc(sz);
669 return result;
670}
671
672static void
673freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
674 {
675 SSL3_BUF_FREELIST *list;
676 SSL3_BUF_FREELIST_ENTRY *ent;
677
678 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
679 list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
680 if (list != NULL &&
681 (sz == list->chunklen || list->chunklen == 0) &&
682 list->len < ctx->freelist_max_len &&
683 sz >= sizeof(*ent))
684 {
685 list->chunklen = sz;
686 ent = mem;
687 ent->next = list->head;
688 list->head = ent;
689 ++list->len;
690 mem = NULL;
691 }
692
693 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
694 if (mem)
695 OPENSSL_free(mem);
696 }
697#else
698#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
699#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
700#endif
701
702int ssl3_setup_read_buffer(SSL *s)
590 { 703 {
591 unsigned char *p; 704 unsigned char *p;
592 unsigned int extra; 705 size_t len,align=0,headerlen;
593 size_t len; 706
707 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
708 headerlen = DTLS1_RT_HEADER_LENGTH;
709 else
710 headerlen = SSL3_RT_HEADER_LENGTH;
711
712#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
713 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
714#endif
594 715
595 if (s->s3->rbuf.buf == NULL) 716 if (s->s3->rbuf.buf == NULL)
596 { 717 {
718 len = SSL3_RT_MAX_PLAIN_LENGTH
719 + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
720 + headerlen + align;
597 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 721 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
598 extra=SSL3_RT_MAX_EXTRA; 722 {
599 else 723 s->s3->init_extra = 1;
600 extra=0; 724 len += SSL3_RT_MAX_EXTRA;
601 len = SSL3_RT_MAX_PACKET_SIZE + extra; 725 }
602 if ((p=OPENSSL_malloc(len)) == NULL) 726#ifndef OPENSSL_NO_COMP
727 if (!(s->options & SSL_OP_NO_COMPRESSION))
728 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
729#endif
730 if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
603 goto err; 731 goto err;
604 s->s3->rbuf.buf = p; 732 s->s3->rbuf.buf = p;
605 s->s3->rbuf.len = len; 733 s->s3->rbuf.len = len;
606 } 734 }
607 735
736 s->packet= &(s->s3->rbuf.buf[0]);
737 return 1;
738
739err:
740 SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
741 return 0;
742 }
743
744int ssl3_setup_write_buffer(SSL *s)
745 {
746 unsigned char *p;
747 size_t len,align=0,headerlen;
748
749 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
750 headerlen = DTLS1_RT_HEADER_LENGTH + 1;
751 else
752 headerlen = SSL3_RT_HEADER_LENGTH;
753
754#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
755 align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
756#endif
757
608 if (s->s3->wbuf.buf == NULL) 758 if (s->s3->wbuf.buf == NULL)
609 { 759 {
610 len = SSL3_RT_MAX_PACKET_SIZE; 760 len = s->max_send_fragment
611 len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */ 761 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
612 if ((p=OPENSSL_malloc(len)) == NULL) 762 + headerlen + align;
763#ifndef OPENSSL_NO_COMP
764 if (!(s->options & SSL_OP_NO_COMPRESSION))
765 len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
766#endif
767 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
768 len += headerlen + align
769 + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
770
771 if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
613 goto err; 772 goto err;
614 s->s3->wbuf.buf = p; 773 s->s3->wbuf.buf = p;
615 s->s3->wbuf.len = len; 774 s->s3->wbuf.len = len;
616 } 775 }
617 s->packet= &(s->s3->rbuf.buf[0]); 776
618 return(1); 777 return 1;
778
619err: 779err:
620 SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE); 780 SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
621 return(0); 781 return 0;
782 }
783
784
785int ssl3_setup_buffers(SSL *s)
786 {
787 if (!ssl3_setup_read_buffer(s))
788 return 0;
789 if (!ssl3_setup_write_buffer(s))
790 return 0;
791 return 1;
622 } 792 }
793
794int ssl3_release_write_buffer(SSL *s)
795 {
796 if (s->s3->wbuf.buf != NULL)
797 {
798 freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
799 s->s3->wbuf.buf = NULL;
800 }
801 return 1;
802 }
803
804int ssl3_release_read_buffer(SSL *s)
805 {
806 if (s->s3->rbuf.buf != NULL)
807 {
808 freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
809 s->s3->rbuf.buf = NULL;
810 }
811 return 1;
812 }
813
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 50308487aa..41769febab 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -121,6 +121,32 @@
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
124 150
125#include <stdio.h> 151#include <stdio.h>
126#include "ssl_locl.h" 152#include "ssl_locl.h"
@@ -130,10 +156,6 @@
130#include <openssl/objects.h> 156#include <openssl/objects.h>
131#include <openssl/evp.h> 157#include <openssl/evp.h>
132#include <openssl/md5.h> 158#include <openssl/md5.h>
133#ifdef OPENSSL_FIPS
134#include <openssl/fips.h>
135#endif
136
137#ifndef OPENSSL_NO_DH 159#ifndef OPENSSL_NO_DH
138#include <openssl/dh.h> 160#include <openssl/dh.h>
139#endif 161#endif
@@ -142,18 +164,10 @@
142#include <openssl/engine.h> 164#include <openssl/engine.h>
143#endif 165#endif
144 166
145static SSL_METHOD *ssl3_get_client_method(int ver); 167static const SSL_METHOD *ssl3_get_client_method(int ver);
146static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 168static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
147#ifndef OPENSSL_NO_TLSEXT
148static int ssl3_check_finished(SSL *s);
149#endif
150 169
151#ifndef OPENSSL_NO_ECDH 170static const SSL_METHOD *ssl3_get_client_method(int ver)
152static int curve_id2nid(int curve_id);
153int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
154#endif
155
156static SSL_METHOD *ssl3_get_client_method(int ver)
157 { 171 {
158 if (ver == SSL3_VERSION) 172 if (ver == SSL3_VERSION)
159 return(SSLv3_client_method()); 173 return(SSLv3_client_method());
@@ -169,8 +183,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
169int ssl3_connect(SSL *s) 183int ssl3_connect(SSL *s)
170 { 184 {
171 BUF_MEM *buf=NULL; 185 BUF_MEM *buf=NULL;
172 unsigned long Time=(unsigned long)time(NULL),l; 186 unsigned long Time=(unsigned long)time(NULL);
173 long num1;
174 void (*cb)(const SSL *ssl,int type,int val)=NULL; 187 void (*cb)(const SSL *ssl,int type,int val)=NULL;
175 int ret= -1; 188 int ret= -1;
176 int new_state,state,skip=0; 189 int new_state,state,skip=0;
@@ -265,6 +278,7 @@ int ssl3_connect(SSL *s)
265 case SSL3_ST_CR_SRVR_HELLO_B: 278 case SSL3_ST_CR_SRVR_HELLO_B:
266 ret=ssl3_get_server_hello(s); 279 ret=ssl3_get_server_hello(s);
267 if (ret <= 0) goto end; 280 if (ret <= 0) goto end;
281
268 if (s->hit) 282 if (s->hit)
269 s->state=SSL3_ST_CR_FINISHED_A; 283 s->state=SSL3_ST_CR_FINISHED_A;
270 else 284 else
@@ -289,7 +303,9 @@ int ssl3_connect(SSL *s)
289 } 303 }
290#endif 304#endif
291 /* Check if it is anon DH/ECDH */ 305 /* Check if it is anon DH/ECDH */
292 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 306 /* or PSK */
307 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
308 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
293 { 309 {
294 ret=ssl3_get_server_certificate(s); 310 ret=ssl3_get_server_certificate(s);
295 if (ret <= 0) goto end; 311 if (ret <= 0) goto end;
@@ -364,7 +380,6 @@ int ssl3_connect(SSL *s)
364 case SSL3_ST_CW_KEY_EXCH_B: 380 case SSL3_ST_CW_KEY_EXCH_B:
365 ret=ssl3_send_client_key_exchange(s); 381 ret=ssl3_send_client_key_exchange(s);
366 if (ret <= 0) goto end; 382 if (ret <= 0) goto end;
367 l=s->s3->tmp.new_cipher->algorithms;
368 /* EAY EAY EAY need to check for DH fix cert 383 /* EAY EAY EAY need to check for DH fix cert
369 * sent back */ 384 * sent back */
370 /* For TLS, cert_req is set to 2, so a cert chain 385 /* For TLS, cert_req is set to 2, so a cert chain
@@ -385,6 +400,11 @@ int ssl3_connect(SSL *s)
385 s->state=SSL3_ST_CW_CHANGE_A; 400 s->state=SSL3_ST_CW_CHANGE_A;
386 s->s3->change_cipher_spec=0; 401 s->s3->change_cipher_spec=0;
387 } 402 }
403 if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
404 {
405 s->state=SSL3_ST_CW_CHANGE_A;
406 s->s3->change_cipher_spec=0;
407 }
388 408
389 s->init_num=0; 409 s->init_num=0;
390 break; 410 break;
@@ -499,16 +519,13 @@ int ssl3_connect(SSL *s)
499 break; 519 break;
500 520
501 case SSL3_ST_CW_FLUSH: 521 case SSL3_ST_CW_FLUSH:
502 /* number of bytes to be flushed */ 522 s->rwstate=SSL_WRITING;
503 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); 523 if (BIO_flush(s->wbio) <= 0)
504 if (num1 > 0)
505 { 524 {
506 s->rwstate=SSL_WRITING; 525 ret= -1;
507 num1=BIO_flush(s->wbio); 526 goto end;
508 if (num1 <= 0) { ret= -1; goto end; }
509 s->rwstate=SSL_NOTHING;
510 } 527 }
511 528 s->rwstate=SSL_NOTHING;
512 s->state=s->s3->tmp.next_state; 529 s->state=s->s3->tmp.next_state;
513 break; 530 break;
514 531
@@ -594,9 +611,15 @@ int ssl3_client_hello(SSL *s)
594 buf=(unsigned char *)s->init_buf->data; 611 buf=(unsigned char *)s->init_buf->data;
595 if (s->state == SSL3_ST_CW_CLNT_HELLO_A) 612 if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
596 { 613 {
597 if ((s->session == NULL) || 614 SSL_SESSION *sess = s->session;
598 (s->session->ssl_version != s->version) || 615 if ((sess == NULL) ||
599 (s->session->not_resumable)) 616 (sess->ssl_version != s->version) ||
617#ifdef OPENSSL_NO_TLSEXT
618 !sess->session_id_length ||
619#else
620 (!sess->session_id_length && !sess->tlsext_tick) ||
621#endif
622 (sess->not_resumable))
600 { 623 {
601 if (!ssl_get_new_session(s,0)) 624 if (!ssl_get_new_session(s,0))
602 goto err; 625 goto err;
@@ -651,7 +674,9 @@ int ssl3_client_hello(SSL *s)
651#ifdef OPENSSL_NO_COMP 674#ifdef OPENSSL_NO_COMP
652 *(p++)=1; 675 *(p++)=1;
653#else 676#else
654 if (s->ctx->comp_methods == NULL) 677
678 if ((s->options & SSL_OP_NO_COMPRESSION)
679 || !s->ctx->comp_methods)
655 j=0; 680 j=0;
656 else 681 else
657 j=sk_SSL_COMP_num(s->ctx->comp_methods); 682 j=sk_SSL_COMP_num(s->ctx->comp_methods);
@@ -663,13 +688,21 @@ int ssl3_client_hello(SSL *s)
663 } 688 }
664#endif 689#endif
665 *(p++)=0; /* Add the NULL method */ 690 *(p++)=0; /* Add the NULL method */
691
666#ifndef OPENSSL_NO_TLSEXT 692#ifndef OPENSSL_NO_TLSEXT
693 /* TLS extensions*/
694 if (ssl_prepare_clienthello_tlsext(s) <= 0)
695 {
696 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
697 goto err;
698 }
667 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 699 if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
668 { 700 {
669 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR); 701 SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
670 goto err; 702 goto err;
671 } 703 }
672#endif 704#endif
705
673 l=(p-d); 706 l=(p-d);
674 d=buf; 707 d=buf;
675 *(d++)=SSL3_MT_CLIENT_HELLO; 708 *(d++)=SSL3_MT_CLIENT_HELLO;
@@ -690,7 +723,7 @@ err:
690int ssl3_get_server_hello(SSL *s) 723int ssl3_get_server_hello(SSL *s)
691 { 724 {
692 STACK_OF(SSL_CIPHER) *sk; 725 STACK_OF(SSL_CIPHER) *sk;
693 SSL_CIPHER *c; 726 const SSL_CIPHER *c;
694 unsigned char *p,*d; 727 unsigned char *p,*d;
695 int i,al,ok; 728 int i,al,ok;
696 unsigned int j; 729 unsigned int j;
@@ -708,7 +741,7 @@ int ssl3_get_server_hello(SSL *s)
708 741
709 if (!ok) return((int)n); 742 if (!ok) return((int)n);
710 743
711 if ( SSL_version(s) == DTLS1_VERSION) 744 if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
712 { 745 {
713 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) 746 if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
714 { 747 {
@@ -759,6 +792,23 @@ int ssl3_get_server_hello(SSL *s)
759 goto f_err; 792 goto f_err;
760 } 793 }
761 794
795#ifndef OPENSSL_NO_TLSEXT
796 /* check if we want to resume the session based on external pre-shared secret */
797 if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
798 {
799 SSL_CIPHER *pref_cipher=NULL;
800 s->session->master_key_length=sizeof(s->session->master_key);
801 if (s->tls_session_secret_cb(s, s->session->master_key,
802 &s->session->master_key_length,
803 NULL, &pref_cipher,
804 s->tls_session_secret_cb_arg))
805 {
806 s->session->cipher = pref_cipher ?
807 pref_cipher : ssl_get_cipher_by_char(s, p+j);
808 }
809 }
810#endif /* OPENSSL_NO_TLSEXT */
811
762 if (j != 0 && j == s->session->session_id_length 812 if (j != 0 && j == s->session->session_id_length
763 && memcmp(p,s->session->session_id,j) == 0) 813 && memcmp(p,s->session->session_id,j) == 0)
764 { 814 {
@@ -825,6 +875,8 @@ int ssl3_get_server_hello(SSL *s)
825 } 875 }
826 } 876 }
827 s->s3->tmp.new_cipher=c; 877 s->s3->tmp.new_cipher=c;
878 if (!ssl3_digest_cached_records(s))
879 goto f_err;
828 880
829 /* lets get the compression algorithm */ 881 /* lets get the compression algorithm */
830 /* COMPRESSION */ 882 /* COMPRESSION */
@@ -835,10 +887,31 @@ int ssl3_get_server_hello(SSL *s)
835 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 887 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
836 goto f_err; 888 goto f_err;
837 } 889 }
890 /* If compression is disabled we'd better not try to resume a session
891 * using compression.
892 */
893 if (s->session->compress_meth != 0)
894 {
895 al=SSL_AD_INTERNAL_ERROR;
896 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
897 goto f_err;
898 }
838#else 899#else
839 j= *(p++); 900 j= *(p++);
901 if (s->hit && j != s->session->compress_meth)
902 {
903 al=SSL_AD_ILLEGAL_PARAMETER;
904 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
905 goto f_err;
906 }
840 if (j == 0) 907 if (j == 0)
841 comp=NULL; 908 comp=NULL;
909 else if (s->options & SSL_OP_NO_COMPRESSION)
910 {
911 al=SSL_AD_ILLEGAL_PARAMETER;
912 SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
913 goto f_err;
914 }
842 else 915 else
843 comp=ssl3_comp_find(s->ctx->comp_methods,j); 916 comp=ssl3_comp_find(s->ctx->comp_methods,j);
844 917
@@ -853,9 +926,10 @@ int ssl3_get_server_hello(SSL *s)
853 s->s3->tmp.new_compression=comp; 926 s->s3->tmp.new_compression=comp;
854 } 927 }
855#endif 928#endif
929
856#ifndef OPENSSL_NO_TLSEXT 930#ifndef OPENSSL_NO_TLSEXT
857 /* TLS extensions*/ 931 /* TLS extensions*/
858 if (s->version > SSL3_VERSION) 932 if (s->version >= SSL3_VERSION)
859 { 933 {
860 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al)) 934 if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
861 { 935 {
@@ -871,7 +945,6 @@ int ssl3_get_server_hello(SSL *s)
871 } 945 }
872#endif 946#endif
873 947
874
875 if (p != (d+n)) 948 if (p != (d+n))
876 { 949 {
877 /* wrong packet length */ 950 /* wrong packet length */
@@ -909,7 +982,7 @@ int ssl3_get_server_certificate(SSL *s)
909 if (!ok) return((int)n); 982 if (!ok) return((int)n);
910 983
911 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || 984 if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
912 ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && 985 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
913 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) 986 (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
914 { 987 {
915 s->s3->tmp.reuse_message=1; 988 s->s3->tmp.reuse_message=1;
@@ -974,10 +1047,10 @@ int ssl3_get_server_certificate(SSL *s)
974 i=ssl_verify_cert_chain(s,sk); 1047 i=ssl_verify_cert_chain(s,sk);
975 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) 1048 if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
976#ifndef OPENSSL_NO_KRB5 1049#ifndef OPENSSL_NO_KRB5
977 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 1050 && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
978 != (SSL_aKRB5|SSL_kKRB5) 1051 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
979#endif /* OPENSSL_NO_KRB5 */ 1052#endif /* OPENSSL_NO_KRB5 */
980 ) 1053 )
981 { 1054 {
982 al=ssl_verify_alarm_type(s->verify_result); 1055 al=ssl_verify_alarm_type(s->verify_result);
983 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); 1056 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
@@ -1001,15 +1074,15 @@ int ssl3_get_server_certificate(SSL *s)
1001 pkey=X509_get_pubkey(x); 1074 pkey=X509_get_pubkey(x);
1002 1075
1003 /* VRS: allow null cert if auth == KRB5 */ 1076 /* VRS: allow null cert if auth == KRB5 */
1004 need_cert = ((s->s3->tmp.new_cipher->algorithms 1077 need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
1005 & (SSL_MKEY_MASK|SSL_AUTH_MASK)) 1078 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
1006 == (SSL_aKRB5|SSL_kKRB5))? 0: 1; 1079 ? 0 : 1;
1007 1080
1008#ifdef KSSL_DEBUG 1081#ifdef KSSL_DEBUG
1009 printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x); 1082 printf("pkey,x = %p, %p\n", pkey,x);
1010 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); 1083 printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1011 printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, 1084 printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
1012 s->s3->tmp.new_cipher->algorithms, need_cert); 1085 s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
1013#endif /* KSSL_DEBUG */ 1086#endif /* KSSL_DEBUG */
1014 1087
1015 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) 1088 if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
@@ -1081,7 +1154,7 @@ int ssl3_get_key_exchange(SSL *s)
1081 EVP_MD_CTX md_ctx; 1154 EVP_MD_CTX md_ctx;
1082 unsigned char *param,*p; 1155 unsigned char *param,*p;
1083 int al,i,j,param_len,ok; 1156 int al,i,j,param_len,ok;
1084 long n,alg; 1157 long n,alg_k,alg_a;
1085 EVP_PKEY *pkey=NULL; 1158 EVP_PKEY *pkey=NULL;
1086#ifndef OPENSSL_NO_RSA 1159#ifndef OPENSSL_NO_RSA
1087 RSA *rsa=NULL; 1160 RSA *rsa=NULL;
@@ -1105,17 +1178,28 @@ int ssl3_get_key_exchange(SSL *s)
1105 -1, 1178 -1,
1106 s->max_cert_list, 1179 s->max_cert_list,
1107 &ok); 1180 &ok);
1108
1109 if (!ok) return((int)n); 1181 if (!ok) return((int)n);
1110 1182
1111 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) 1183 if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
1112 { 1184 {
1185#ifndef OPENSSL_NO_PSK
1186 /* In plain PSK ciphersuite, ServerKeyExchange can be
1187 omitted if no identity hint is sent. Set
1188 session->sess_cert anyway to avoid problems
1189 later.*/
1190 if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
1191 {
1192 s->session->sess_cert=ssl_sess_cert_new();
1193 if (s->ctx->psk_identity_hint)
1194 OPENSSL_free(s->ctx->psk_identity_hint);
1195 s->ctx->psk_identity_hint = NULL;
1196 }
1197#endif
1113 s->s3->tmp.reuse_message=1; 1198 s->s3->tmp.reuse_message=1;
1114 return(1); 1199 return(1);
1115 } 1200 }
1116 1201
1117 param=p=(unsigned char *)s->init_msg; 1202 param=p=(unsigned char *)s->init_msg;
1118
1119 if (s->session->sess_cert != NULL) 1203 if (s->session->sess_cert != NULL)
1120 { 1204 {
1121#ifndef OPENSSL_NO_RSA 1205#ifndef OPENSSL_NO_RSA
@@ -1146,11 +1230,57 @@ int ssl3_get_key_exchange(SSL *s)
1146 } 1230 }
1147 1231
1148 param_len=0; 1232 param_len=0;
1149 alg=s->s3->tmp.new_cipher->algorithms; 1233 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1234 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
1150 EVP_MD_CTX_init(&md_ctx); 1235 EVP_MD_CTX_init(&md_ctx);
1151 1236
1237#ifndef OPENSSL_NO_PSK
1238 if (alg_k & SSL_kPSK)
1239 {
1240 char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
1241
1242 al=SSL_AD_HANDSHAKE_FAILURE;
1243 n2s(p,i);
1244 param_len=i+2;
1245 /* Store PSK identity hint for later use, hint is used
1246 * in ssl3_send_client_key_exchange. Assume that the
1247 * maximum length of a PSK identity hint can be as
1248 * long as the maximum length of a PSK identity. */
1249 if (i > PSK_MAX_IDENTITY_LEN)
1250 {
1251 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1252 SSL_R_DATA_LENGTH_TOO_LONG);
1253 goto f_err;
1254 }
1255 if (param_len > n)
1256 {
1257 al=SSL_AD_DECODE_ERROR;
1258 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1259 SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
1260 goto f_err;
1261 }
1262 /* If received PSK identity hint contains NULL
1263 * characters, the hint is truncated from the first
1264 * NULL. p may not be ending with NULL, so create a
1265 * NULL-terminated string. */
1266 memcpy(tmp_id_hint, p, i);
1267 memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
1268 if (s->ctx->psk_identity_hint != NULL)
1269 OPENSSL_free(s->ctx->psk_identity_hint);
1270 s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
1271 if (s->ctx->psk_identity_hint == NULL)
1272 {
1273 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
1274 goto f_err;
1275 }
1276
1277 p+=i;
1278 n-=param_len;
1279 }
1280 else
1281#endif /* !OPENSSL_NO_PSK */
1152#ifndef OPENSSL_NO_RSA 1282#ifndef OPENSSL_NO_RSA
1153 if (alg & SSL_kRSA) 1283 if (alg_k & SSL_kRSA)
1154 { 1284 {
1155 if ((rsa=RSA_new()) == NULL) 1285 if ((rsa=RSA_new()) == NULL)
1156 { 1286 {
@@ -1189,7 +1319,7 @@ int ssl3_get_key_exchange(SSL *s)
1189 n-=param_len; 1319 n-=param_len;
1190 1320
1191 /* this should be because we are using an export cipher */ 1321 /* this should be because we are using an export cipher */
1192 if (alg & SSL_aRSA) 1322 if (alg_a & SSL_aRSA)
1193 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1323 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1194 else 1324 else
1195 { 1325 {
@@ -1204,7 +1334,7 @@ int ssl3_get_key_exchange(SSL *s)
1204 ; 1334 ;
1205#endif 1335#endif
1206#ifndef OPENSSL_NO_DH 1336#ifndef OPENSSL_NO_DH
1207 else if (alg & SSL_kEDH) 1337 else if (alg_k & SSL_kEDH)
1208 { 1338 {
1209 if ((dh=DH_new()) == NULL) 1339 if ((dh=DH_new()) == NULL)
1210 { 1340 {
@@ -1258,14 +1388,14 @@ int ssl3_get_key_exchange(SSL *s)
1258 n-=param_len; 1388 n-=param_len;
1259 1389
1260#ifndef OPENSSL_NO_RSA 1390#ifndef OPENSSL_NO_RSA
1261 if (alg & SSL_aRSA) 1391 if (alg_a & SSL_aRSA)
1262 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1392 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1263#else 1393#else
1264 if (0) 1394 if (0)
1265 ; 1395 ;
1266#endif 1396#endif
1267#ifndef OPENSSL_NO_DSA 1397#ifndef OPENSSL_NO_DSA
1268 else if (alg & SSL_aDSS) 1398 else if (alg_a & SSL_aDSS)
1269 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); 1399 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
1270#endif 1400#endif
1271 /* else anonymous DH, so no certificate or pkey. */ 1401 /* else anonymous DH, so no certificate or pkey. */
@@ -1273,7 +1403,7 @@ int ssl3_get_key_exchange(SSL *s)
1273 s->session->sess_cert->peer_dh_tmp=dh; 1403 s->session->sess_cert->peer_dh_tmp=dh;
1274 dh=NULL; 1404 dh=NULL;
1275 } 1405 }
1276 else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) 1406 else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
1277 { 1407 {
1278 al=SSL_AD_ILLEGAL_PARAMETER; 1408 al=SSL_AD_ILLEGAL_PARAMETER;
1279 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); 1409 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
@@ -1282,7 +1412,7 @@ int ssl3_get_key_exchange(SSL *s)
1282#endif /* !OPENSSL_NO_DH */ 1412#endif /* !OPENSSL_NO_DH */
1283 1413
1284#ifndef OPENSSL_NO_ECDH 1414#ifndef OPENSSL_NO_ECDH
1285 else if (alg & SSL_kECDHE) 1415 else if (alg_k & SSL_kEECDH)
1286 { 1416 {
1287 EC_GROUP *ngroup; 1417 EC_GROUP *ngroup;
1288 const EC_GROUP *group; 1418 const EC_GROUP *group;
@@ -1305,7 +1435,7 @@ int ssl3_get_key_exchange(SSL *s)
1305 param_len=3; 1435 param_len=3;
1306 if ((param_len > n) || 1436 if ((param_len > n) ||
1307 (*p != NAMED_CURVE_TYPE) || 1437 (*p != NAMED_CURVE_TYPE) ||
1308 ((curve_nid = curve_id2nid(*(p + 2))) == 0)) 1438 ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
1309 { 1439 {
1310 al=SSL_AD_INTERNAL_ERROR; 1440 al=SSL_AD_INTERNAL_ERROR;
1311 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); 1441 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
@@ -1366,11 +1496,11 @@ int ssl3_get_key_exchange(SSL *s)
1366 */ 1496 */
1367 if (0) ; 1497 if (0) ;
1368#ifndef OPENSSL_NO_RSA 1498#ifndef OPENSSL_NO_RSA
1369 else if (alg & SSL_aRSA) 1499 else if (alg_a & SSL_aRSA)
1370 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); 1500 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
1371#endif 1501#endif
1372#ifndef OPENSSL_NO_ECDSA 1502#ifndef OPENSSL_NO_ECDSA
1373 else if (alg & SSL_aECDSA) 1503 else if (alg_a & SSL_aECDSA)
1374 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509); 1504 pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
1375#endif 1505#endif
1376 /* else anonymous ECDH, so no certificate or pkey. */ 1506 /* else anonymous ECDH, so no certificate or pkey. */
@@ -1381,19 +1511,13 @@ int ssl3_get_key_exchange(SSL *s)
1381 EC_POINT_free(srvr_ecpoint); 1511 EC_POINT_free(srvr_ecpoint);
1382 srvr_ecpoint = NULL; 1512 srvr_ecpoint = NULL;
1383 } 1513 }
1384 else if (alg & SSL_kECDH) 1514 else if (alg_k)
1385 { 1515 {
1386 al=SSL_AD_UNEXPECTED_MESSAGE; 1516 al=SSL_AD_UNEXPECTED_MESSAGE;
1387 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 1517 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
1388 goto f_err; 1518 goto f_err;
1389 } 1519 }
1390#endif /* !OPENSSL_NO_ECDH */ 1520#endif /* !OPENSSL_NO_ECDH */
1391 if (alg & SSL_aFZA)
1392 {
1393 al=SSL_AD_HANDSHAKE_FAILURE;
1394 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1395 goto f_err;
1396 }
1397 1521
1398 1522
1399 /* p points to the next byte, there are 'n' bytes left */ 1523 /* p points to the next byte, there are 'n' bytes left */
@@ -1422,8 +1546,6 @@ int ssl3_get_key_exchange(SSL *s)
1422 q=md_buf; 1546 q=md_buf;
1423 for (num=2; num > 0; num--) 1547 for (num=2; num > 0; num--)
1424 { 1548 {
1425 EVP_MD_CTX_set_flags(&md_ctx,
1426 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1427 EVP_DigestInit_ex(&md_ctx,(num == 2) 1549 EVP_DigestInit_ex(&md_ctx,(num == 2)
1428 ?s->ctx->md5:s->ctx->sha1, NULL); 1550 ?s->ctx->md5:s->ctx->sha1, NULL);
1429 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1551 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1494,12 +1616,13 @@ int ssl3_get_key_exchange(SSL *s)
1494 } 1616 }
1495 else 1617 else
1496 { 1618 {
1497 /* still data left over */ 1619 if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK))
1498 if (!(alg & SSL_aNULL)) 1620 /* aNULL or kPSK do not need public keys */
1499 { 1621 {
1500 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); 1622 SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
1501 goto err; 1623 goto err;
1502 } 1624 }
1625 /* still data left over */
1503 if (n != 0) 1626 if (n != 0)
1504 { 1627 {
1505 al=SSL_AD_DECODE_ERROR; 1628 al=SSL_AD_DECODE_ERROR;
@@ -1569,8 +1692,7 @@ int ssl3_get_certificate_request(SSL *s)
1569 /* TLS does not like anon-DH with client cert */ 1692 /* TLS does not like anon-DH with client cert */
1570 if (s->version > SSL3_VERSION) 1693 if (s->version > SSL3_VERSION)
1571 { 1694 {
1572 l=s->s3->tmp.new_cipher->algorithms; 1695 if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1573 if (l & SSL_aNULL)
1574 { 1696 {
1575 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 1697 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
1576 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); 1698 SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
@@ -1715,6 +1837,7 @@ int ssl3_get_new_session_ticket(SSL *s)
1715 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH); 1837 SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
1716 goto f_err; 1838 goto f_err;
1717 } 1839 }
1840
1718 p=d=(unsigned char *)s->init_msg; 1841 p=d=(unsigned char *)s->init_msg;
1719 n2l(p, s->session->tlsext_tick_lifetime_hint); 1842 n2l(p, s->session->tlsext_tick_lifetime_hint);
1720 n2s(p, ticklen); 1843 n2s(p, ticklen);
@@ -1738,7 +1861,28 @@ int ssl3_get_new_session_ticket(SSL *s)
1738 } 1861 }
1739 memcpy(s->session->tlsext_tick, p, ticklen); 1862 memcpy(s->session->tlsext_tick, p, ticklen);
1740 s->session->tlsext_ticklen = ticklen; 1863 s->session->tlsext_ticklen = ticklen;
1741 1864 /* There are two ways to detect a resumed ticket sesion.
1865 * One is to set an appropriate session ID and then the server
1866 * must return a match in ServerHello. This allows the normal
1867 * client session ID matching to work and we know much
1868 * earlier that the ticket has been accepted.
1869 *
1870 * The other way is to set zero length session ID when the
1871 * ticket is presented and rely on the handshake to determine
1872 * session resumption.
1873 *
1874 * We choose the former approach because this fits in with
1875 * assumptions elsewhere in OpenSSL. The session ID is set
1876 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
1877 * ticket.
1878 */
1879 EVP_Digest(p, ticklen,
1880 s->session->session_id, &s->session->session_id_length,
1881#ifndef OPENSSL_NO_SHA256
1882 EVP_sha256(), NULL);
1883#else
1884 EVP_sha1(), NULL);
1885#endif
1742 ret=1; 1886 ret=1;
1743 return(ret); 1887 return(ret);
1744f_err: 1888f_err:
@@ -1750,8 +1894,7 @@ err:
1750int ssl3_get_cert_status(SSL *s) 1894int ssl3_get_cert_status(SSL *s)
1751 { 1895 {
1752 int ok, al; 1896 int ok, al;
1753 unsigned long resplen; 1897 unsigned long resplen,n;
1754 long n;
1755 const unsigned char *p; 1898 const unsigned char *p;
1756 1899
1757 n=s->method->ssl_get_message(s, 1900 n=s->method->ssl_get_message(s,
@@ -1777,7 +1920,7 @@ int ssl3_get_cert_status(SSL *s)
1777 goto f_err; 1920 goto f_err;
1778 } 1921 }
1779 n2l3(p, resplen); 1922 n2l3(p, resplen);
1780 if (resplen + 4 != (unsigned long)n) 1923 if (resplen + 4 != n)
1781 { 1924 {
1782 al = SSL_AD_DECODE_ERROR; 1925 al = SSL_AD_DECODE_ERROR;
1783 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); 1926 SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
@@ -1846,7 +1989,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1846 { 1989 {
1847 unsigned char *p,*d; 1990 unsigned char *p,*d;
1848 int n; 1991 int n;
1849 unsigned long l; 1992 unsigned long alg_k;
1850#ifndef OPENSSL_NO_RSA 1993#ifndef OPENSSL_NO_RSA
1851 unsigned char *q; 1994 unsigned char *q;
1852 EVP_PKEY *pkey=NULL; 1995 EVP_PKEY *pkey=NULL;
@@ -1868,12 +2011,12 @@ int ssl3_send_client_key_exchange(SSL *s)
1868 d=(unsigned char *)s->init_buf->data; 2011 d=(unsigned char *)s->init_buf->data;
1869 p= &(d[4]); 2012 p= &(d[4]);
1870 2013
1871 l=s->s3->tmp.new_cipher->algorithms; 2014 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1872 2015
1873 /* Fool emacs indentation */ 2016 /* Fool emacs indentation */
1874 if (0) {} 2017 if (0) {}
1875#ifndef OPENSSL_NO_RSA 2018#ifndef OPENSSL_NO_RSA
1876 else if (l & SSL_kRSA) 2019 else if (alg_k & SSL_kRSA)
1877 { 2020 {
1878 RSA *rsa; 2021 RSA *rsa;
1879 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2022 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
@@ -1932,7 +2075,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1932 } 2075 }
1933#endif 2076#endif
1934#ifndef OPENSSL_NO_KRB5 2077#ifndef OPENSSL_NO_KRB5
1935 else if (l & SSL_kKRB5) 2078 else if (alg_k & SSL_kKRB5)
1936 { 2079 {
1937 krb5_error_code krb5rc; 2080 krb5_error_code krb5rc;
1938 KSSL_CTX *kssl_ctx = s->kssl_ctx; 2081 KSSL_CTX *kssl_ctx = s->kssl_ctx;
@@ -1940,7 +2083,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1940 krb5_data *enc_ticket; 2083 krb5_data *enc_ticket;
1941 krb5_data authenticator, *authp = NULL; 2084 krb5_data authenticator, *authp = NULL;
1942 EVP_CIPHER_CTX ciph_ctx; 2085 EVP_CIPHER_CTX ciph_ctx;
1943 EVP_CIPHER *enc = NULL; 2086 const EVP_CIPHER *enc = NULL;
1944 unsigned char iv[EVP_MAX_IV_LENGTH]; 2087 unsigned char iv[EVP_MAX_IV_LENGTH];
1945 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; 2088 unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
1946 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH 2089 unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
@@ -1951,7 +2094,7 @@ int ssl3_send_client_key_exchange(SSL *s)
1951 2094
1952#ifdef KSSL_DEBUG 2095#ifdef KSSL_DEBUG
1953 printf("ssl3_send_client_key_exchange(%lx & %lx)\n", 2096 printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
1954 l, SSL_kKRB5); 2097 alg_k, SSL_kKRB5);
1955#endif /* KSSL_DEBUG */ 2098#endif /* KSSL_DEBUG */
1956 2099
1957 authp = NULL; 2100 authp = NULL;
@@ -2043,7 +2186,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2043 sizeof tmp_buf); 2186 sizeof tmp_buf);
2044 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); 2187 EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
2045 outl += padl; 2188 outl += padl;
2046 if (outl > sizeof epms) 2189 if (outl > (int)sizeof epms)
2047 { 2190 {
2048 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); 2191 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
2049 goto err; 2192 goto err;
@@ -2057,7 +2200,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2057 n+=outl + 2; 2200 n+=outl + 2;
2058 2201
2059 s->session->master_key_length= 2202 s->session->master_key_length=
2060 s->method->ssl3_enc->generate_master_secret(s, 2203 s->method->ssl3_enc->generate_master_secret(s,
2061 s->session->master_key, 2204 s->session->master_key,
2062 tmp_buf, sizeof tmp_buf); 2205 tmp_buf, sizeof tmp_buf);
2063 2206
@@ -2066,7 +2209,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2066 } 2209 }
2067#endif 2210#endif
2068#ifndef OPENSSL_NO_DH 2211#ifndef OPENSSL_NO_DH
2069 else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2212 else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2070 { 2213 {
2071 DH *dh_srvr,*dh_clnt; 2214 DH *dh_srvr,*dh_clnt;
2072 2215
@@ -2075,7 +2218,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2075 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2218 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2076 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 2219 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2077 goto err; 2220 goto err;
2078 } 2221 }
2079 2222
2080 if (s->session->sess_cert->peer_dh_tmp != NULL) 2223 if (s->session->sess_cert->peer_dh_tmp != NULL)
2081 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2224 dh_srvr=s->session->sess_cert->peer_dh_tmp;
@@ -2130,7 +2273,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2130#endif 2273#endif
2131 2274
2132#ifndef OPENSSL_NO_ECDH 2275#ifndef OPENSSL_NO_ECDH
2133 else if ((l & SSL_kECDH) || (l & SSL_kECDHE)) 2276 else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2134 { 2277 {
2135 const EC_GROUP *srvr_group = NULL; 2278 const EC_GROUP *srvr_group = NULL;
2136 EC_KEY *tkey; 2279 EC_KEY *tkey;
@@ -2142,7 +2285,7 @@ int ssl3_send_client_key_exchange(SSL *s)
2142 * computation as part of client certificate? 2285 * computation as part of client certificate?
2143 * If so, set ecdh_clnt_cert to 1. 2286 * If so, set ecdh_clnt_cert to 1.
2144 */ 2287 */
2145 if ((l & SSL_kECDH) && (s->cert != NULL)) 2288 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL))
2146 { 2289 {
2147 /* XXX: For now, we do not support client 2290 /* XXX: For now, we do not support client
2148 * authentication using ECDH certificates. 2291 * authentication using ECDH certificates.
@@ -2314,6 +2457,178 @@ int ssl3_send_client_key_exchange(SSL *s)
2314 EVP_PKEY_free(srvr_pub_pkey); 2457 EVP_PKEY_free(srvr_pub_pkey);
2315 } 2458 }
2316#endif /* !OPENSSL_NO_ECDH */ 2459#endif /* !OPENSSL_NO_ECDH */
2460 else if (alg_k & SSL_kGOST)
2461 {
2462 /* GOST key exchange message creation */
2463 EVP_PKEY_CTX *pkey_ctx;
2464 X509 *peer_cert;
2465 size_t msglen;
2466 unsigned int md_len;
2467 int keytype;
2468 unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
2469 EVP_MD_CTX *ukm_hash;
2470 EVP_PKEY *pub_key;
2471
2472 /* Get server sertificate PKEY and create ctx from it */
2473 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
2474 if (!peer_cert)
2475 peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
2476 if (!peer_cert) {
2477 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
2478 goto err;
2479 }
2480
2481 pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
2482 /* If we have send a certificate, and certificate key
2483
2484 * parameters match those of server certificate, use
2485 * certificate key for key exchange
2486 */
2487
2488 /* Otherwise, generate ephemeral key pair */
2489
2490 EVP_PKEY_encrypt_init(pkey_ctx);
2491 /* Generate session key */
2492 RAND_bytes(premaster_secret,32);
2493 /* If we have client certificate, use its secret as peer key */
2494 if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
2495 if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
2496 /* If there was an error - just ignore it. Ephemeral key
2497 * would be used
2498 */
2499 ERR_clear_error();
2500 }
2501 }
2502 /* Compute shared IV and store it in algorithm-specific
2503 * context data */
2504 ukm_hash = EVP_MD_CTX_create();
2505 EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
2506 EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
2507 EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
2508 EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
2509 EVP_MD_CTX_destroy(ukm_hash);
2510 if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
2511 8,shared_ukm)<0) {
2512 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2513 SSL_R_LIBRARY_BUG);
2514 goto err;
2515 }
2516 /* Make GOST keytransport blob message */
2517 /*Encapsulate it into sequence */
2518 *(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
2519 msglen=255;
2520 if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
2521 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2522 SSL_R_LIBRARY_BUG);
2523 goto err;
2524 }
2525 if (msglen >= 0x80)
2526 {
2527 *(p++)=0x81;
2528 *(p++)= msglen & 0xff;
2529 n=msglen+3;
2530 }
2531 else
2532 {
2533 *(p++)= msglen & 0xff;
2534 n=msglen+2;
2535 }
2536 memcpy(p, tmp, msglen);
2537 /* Check if pubkey from client certificate was used */
2538 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2539 {
2540 /* Set flag "skip certificate verify" */
2541 s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
2542 }
2543 EVP_PKEY_CTX_free(pkey_ctx);
2544 s->session->master_key_length=
2545 s->method->ssl3_enc->generate_master_secret(s,
2546 s->session->master_key,premaster_secret,32);
2547 EVP_PKEY_free(pub_key);
2548
2549 }
2550#ifndef OPENSSL_NO_PSK
2551 else if (alg_k & SSL_kPSK)
2552 {
2553 char identity[PSK_MAX_IDENTITY_LEN];
2554 unsigned char *t = NULL;
2555 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2556 unsigned int pre_ms_len = 0, psk_len = 0;
2557 int psk_err = 1;
2558
2559 n = 0;
2560 if (s->psk_client_callback == NULL)
2561 {
2562 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2563 SSL_R_PSK_NO_CLIENT_CB);
2564 goto err;
2565 }
2566
2567 psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
2568 identity, PSK_MAX_IDENTITY_LEN,
2569 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2570 if (psk_len > PSK_MAX_PSK_LEN)
2571 {
2572 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2573 ERR_R_INTERNAL_ERROR);
2574 goto psk_err;
2575 }
2576 else if (psk_len == 0)
2577 {
2578 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2579 SSL_R_PSK_IDENTITY_NOT_FOUND);
2580 goto psk_err;
2581 }
2582
2583 /* create PSK pre_master_secret */
2584 pre_ms_len = 2+psk_len+2+psk_len;
2585 t = psk_or_pre_ms;
2586 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2587 s2n(psk_len, t);
2588 memset(t, 0, psk_len);
2589 t+=psk_len;
2590 s2n(psk_len, t);
2591
2592 if (s->session->psk_identity_hint != NULL)
2593 OPENSSL_free(s->session->psk_identity_hint);
2594 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2595 if (s->ctx->psk_identity_hint != NULL &&
2596 s->session->psk_identity_hint == NULL)
2597 {
2598 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2599 ERR_R_MALLOC_FAILURE);
2600 goto psk_err;
2601 }
2602
2603 if (s->session->psk_identity != NULL)
2604 OPENSSL_free(s->session->psk_identity);
2605 s->session->psk_identity = BUF_strdup(identity);
2606 if (s->session->psk_identity == NULL)
2607 {
2608 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2609 ERR_R_MALLOC_FAILURE);
2610 goto psk_err;
2611 }
2612
2613 s->session->master_key_length =
2614 s->method->ssl3_enc->generate_master_secret(s,
2615 s->session->master_key,
2616 psk_or_pre_ms, pre_ms_len);
2617 n = strlen(identity);
2618 s2n(n, p);
2619 memcpy(p, identity, n);
2620 n+=2;
2621 psk_err = 0;
2622 psk_err:
2623 OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
2624 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2625 if (psk_err != 0)
2626 {
2627 ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
2628 goto err;
2629 }
2630 }
2631#endif
2317 else 2632 else
2318 { 2633 {
2319 ssl3_send_alert(s, SSL3_AL_FATAL, 2634 ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2350,28 +2665,37 @@ int ssl3_send_client_verify(SSL *s)
2350 unsigned char *p,*d; 2665 unsigned char *p,*d;
2351 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 2666 unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
2352 EVP_PKEY *pkey; 2667 EVP_PKEY *pkey;
2668 EVP_PKEY_CTX *pctx=NULL;
2353#ifndef OPENSSL_NO_RSA 2669#ifndef OPENSSL_NO_RSA
2354 unsigned u=0; 2670 unsigned u=0;
2355#endif 2671#endif
2356 unsigned long n; 2672 unsigned long n;
2357#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
2358 int j; 2673 int j;
2359#endif
2360 2674
2361 if (s->state == SSL3_ST_CW_CERT_VRFY_A) 2675 if (s->state == SSL3_ST_CW_CERT_VRFY_A)
2362 { 2676 {
2363 d=(unsigned char *)s->init_buf->data; 2677 d=(unsigned char *)s->init_buf->data;
2364 p= &(d[4]); 2678 p= &(d[4]);
2365 pkey=s->cert->key->privatekey; 2679 pkey=s->cert->key->privatekey;
2366 2680/* Create context from key and test if sha1 is allowed as digest */
2367 s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), 2681 pctx = EVP_PKEY_CTX_new(pkey,NULL);
2368 &(data[MD5_DIGEST_LENGTH])); 2682 EVP_PKEY_sign_init(pctx);
2369 2683 if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
2684 {
2685 s->method->ssl3_enc->cert_verify_mac(s,
2686 NID_sha1,
2687 &(data[MD5_DIGEST_LENGTH]));
2688 }
2689 else
2690 {
2691 ERR_clear_error();
2692 }
2370#ifndef OPENSSL_NO_RSA 2693#ifndef OPENSSL_NO_RSA
2371 if (pkey->type == EVP_PKEY_RSA) 2694 if (pkey->type == EVP_PKEY_RSA)
2372 { 2695 {
2373 s->method->ssl3_enc->cert_verify_mac(s, 2696 s->method->ssl3_enc->cert_verify_mac(s,
2374 &(s->s3->finish_dgst1),&(data[0])); 2697 NID_md5,
2698 &(data[0]));
2375 if (RSA_sign(NID_md5_sha1, data, 2699 if (RSA_sign(NID_md5_sha1, data,
2376 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, 2700 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
2377 &(p[2]), &u, pkey->pkey.rsa) <= 0 ) 2701 &(p[2]), &u, pkey->pkey.rsa) <= 0 )
@@ -2417,10 +2741,30 @@ int ssl3_send_client_verify(SSL *s)
2417 } 2741 }
2418 else 2742 else
2419#endif 2743#endif
2420 { 2744 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
2745 {
2746 unsigned char signbuf[64];
2747 int i;
2748 size_t sigsize=64;
2749 s->method->ssl3_enc->cert_verify_mac(s,
2750 NID_id_GostR3411_94,
2751 data);
2752 if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
2753 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
2754 ERR_R_INTERNAL_ERROR);
2755 goto err;
2756 }
2757 for (i=63,j=0; i>=0; j++, i--) {
2758 p[2+j]=signbuf[i];
2759 }
2760 s2n(j,p);
2761 n=j+2;
2762 }
2763 else
2764 {
2421 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); 2765 SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
2422 goto err; 2766 goto err;
2423 } 2767 }
2424 *(d++)=SSL3_MT_CERTIFICATE_VERIFY; 2768 *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
2425 l2n3(n,d); 2769 l2n3(n,d);
2426 2770
@@ -2428,8 +2772,10 @@ int ssl3_send_client_verify(SSL *s)
2428 s->init_num=(int)n+4; 2772 s->init_num=(int)n+4;
2429 s->init_off=0; 2773 s->init_off=0;
2430 } 2774 }
2775 EVP_PKEY_CTX_free(pctx);
2431 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 2776 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2432err: 2777err:
2778 EVP_PKEY_CTX_free(pctx);
2433 return(-1); 2779 return(-1);
2434 } 2780 }
2435 2781
@@ -2514,7 +2860,7 @@ int ssl3_send_client_certificate(SSL *s)
2514int ssl3_check_cert_and_algorithm(SSL *s) 2860int ssl3_check_cert_and_algorithm(SSL *s)
2515 { 2861 {
2516 int i,idx; 2862 int i,idx;
2517 long algs; 2863 long alg_k,alg_a;
2518 EVP_PKEY *pkey=NULL; 2864 EVP_PKEY *pkey=NULL;
2519 SESS_CERT *sc; 2865 SESS_CERT *sc;
2520#ifndef OPENSSL_NO_RSA 2866#ifndef OPENSSL_NO_RSA
@@ -2524,14 +2870,14 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2524 DH *dh; 2870 DH *dh;
2525#endif 2871#endif
2526 2872
2527 sc=s->session->sess_cert; 2873 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
2528 2874 alg_a=s->s3->tmp.new_cipher->algorithm_auth;
2529 algs=s->s3->tmp.new_cipher->algorithms;
2530 2875
2531 /* we don't have a certificate */ 2876 /* we don't have a certificate */
2532 if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) 2877 if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
2533 return(1); 2878 return(1);
2534 2879
2880 sc=s->session->sess_cert;
2535 if (sc == NULL) 2881 if (sc == NULL)
2536 { 2882 {
2537 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); 2883 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
@@ -2551,11 +2897,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2551#ifndef OPENSSL_NO_ECDH 2897#ifndef OPENSSL_NO_ECDH
2552 if (idx == SSL_PKEY_ECC) 2898 if (idx == SSL_PKEY_ECC)
2553 { 2899 {
2554 if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, 2900 if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
2555 s->s3->tmp.new_cipher) == 0) 2901 s->s3->tmp.new_cipher) == 0)
2556 { /* check failed */ 2902 { /* check failed */
2557 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT); 2903 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
2558 goto f_err; 2904 goto f_err;
2559 } 2905 }
2560 else 2906 else
2561 { 2907 {
@@ -2569,20 +2915,20 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2569 2915
2570 2916
2571 /* Check that we have a certificate if we require one */ 2917 /* Check that we have a certificate if we require one */
2572 if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) 2918 if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
2573 { 2919 {
2574 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); 2920 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
2575 goto f_err; 2921 goto f_err;
2576 } 2922 }
2577#ifndef OPENSSL_NO_DSA 2923#ifndef OPENSSL_NO_DSA
2578 else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) 2924 else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
2579 { 2925 {
2580 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); 2926 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
2581 goto f_err; 2927 goto f_err;
2582 } 2928 }
2583#endif 2929#endif
2584#ifndef OPENSSL_NO_RSA 2930#ifndef OPENSSL_NO_RSA
2585 if ((algs & SSL_kRSA) && 2931 if ((alg_k & SSL_kRSA) &&
2586 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) 2932 !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
2587 { 2933 {
2588 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); 2934 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
@@ -2590,19 +2936,19 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2590 } 2936 }
2591#endif 2937#endif
2592#ifndef OPENSSL_NO_DH 2938#ifndef OPENSSL_NO_DH
2593 if ((algs & SSL_kEDH) && 2939 if ((alg_k & SSL_kEDH) &&
2594 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) 2940 !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
2595 { 2941 {
2596 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); 2942 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
2597 goto f_err; 2943 goto f_err;
2598 } 2944 }
2599 else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) 2945 else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
2600 { 2946 {
2601 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); 2947 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
2602 goto f_err; 2948 goto f_err;
2603 } 2949 }
2604#ifndef OPENSSL_NO_DSA 2950#ifndef OPENSSL_NO_DSA
2605 else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) 2951 else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
2606 { 2952 {
2607 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); 2953 SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
2608 goto f_err; 2954 goto f_err;
@@ -2613,7 +2959,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2613 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) 2959 if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
2614 { 2960 {
2615#ifndef OPENSSL_NO_RSA 2961#ifndef OPENSSL_NO_RSA
2616 if (algs & SSL_kRSA) 2962 if (alg_k & SSL_kRSA)
2617 { 2963 {
2618 if (rsa == NULL 2964 if (rsa == NULL
2619 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 2965 || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2625,7 +2971,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
2625 else 2971 else
2626#endif 2972#endif
2627#ifndef OPENSSL_NO_DH 2973#ifndef OPENSSL_NO_DH
2628 if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2974 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
2629 { 2975 {
2630 if (dh == NULL 2976 if (dh == NULL
2631 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) 2977 || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
@@ -2648,64 +2994,18 @@ err:
2648 return(0); 2994 return(0);
2649 } 2995 }
2650 2996
2651
2652#ifndef OPENSSL_NO_ECDH
2653/* This is the complement of nid2curve_id in s3_srvr.c. */
2654static int curve_id2nid(int curve_id)
2655{
2656 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2657 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2658 static int nid_list[26] =
2659 {
2660 0,
2661 NID_sect163k1, /* sect163k1 (1) */
2662 NID_sect163r1, /* sect163r1 (2) */
2663 NID_sect163r2, /* sect163r2 (3) */
2664 NID_sect193r1, /* sect193r1 (4) */
2665 NID_sect193r2, /* sect193r2 (5) */
2666 NID_sect233k1, /* sect233k1 (6) */
2667 NID_sect233r1, /* sect233r1 (7) */
2668 NID_sect239k1, /* sect239k1 (8) */
2669 NID_sect283k1, /* sect283k1 (9) */
2670 NID_sect283r1, /* sect283r1 (10) */
2671 NID_sect409k1, /* sect409k1 (11) */
2672 NID_sect409r1, /* sect409r1 (12) */
2673 NID_sect571k1, /* sect571k1 (13) */
2674 NID_sect571r1, /* sect571r1 (14) */
2675 NID_secp160k1, /* secp160k1 (15) */
2676 NID_secp160r1, /* secp160r1 (16) */
2677 NID_secp160r2, /* secp160r2 (17) */
2678 NID_secp192k1, /* secp192k1 (18) */
2679 NID_X9_62_prime192v1, /* secp192r1 (19) */
2680 NID_secp224k1, /* secp224k1 (20) */
2681 NID_secp224r1, /* secp224r1 (21) */
2682 NID_secp256k1, /* secp256k1 (22) */
2683 NID_X9_62_prime256v1, /* secp256r1 (23) */
2684 NID_secp384r1, /* secp384r1 (24) */
2685 NID_secp521r1 /* secp521r1 (25) */
2686 };
2687
2688 if ((curve_id < 1) || (curve_id > 25)) return 0;
2689
2690 return nid_list[curve_id];
2691}
2692#endif
2693
2694/* Check to see if handshake is full or resumed. Usually this is just a 2997/* Check to see if handshake is full or resumed. Usually this is just a
2695 * case of checking to see if a cache hit has occurred. In the case of 2998 * case of checking to see if a cache hit has occurred. In the case of
2696 * session tickets we have to check the next message to be sure. 2999 * session tickets we have to check the next message to be sure.
2697 */ 3000 */
2698 3001
2699#ifndef OPENSSL_NO_TLSEXT 3002#ifndef OPENSSL_NO_TLSEXT
2700static int ssl3_check_finished(SSL *s) 3003int ssl3_check_finished(SSL *s)
2701 { 3004 {
2702 int ok; 3005 int ok;
2703 long n; 3006 long n;
2704 /* If we have no ticket or session ID is non-zero length (a match of 3007 /* If we have no ticket it cannot be a resumed session. */
2705 * a non-zero session length would never reach here) it cannot be a 3008 if (!s->session->tlsext_tick)
2706 * resumed session.
2707 */
2708 if (!s->session->tlsext_tick || s->session->session_id_length)
2709 return 1; 3009 return 1;
2710 /* this function is called when we really expect a Certificate 3010 /* this function is called when we really expect a Certificate
2711 * message, so permit appropriate message length */ 3011 * message, so permit appropriate message length */
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 8916a0b1b3..d6b047c995 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -121,16 +121,46 @@
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
124 150
125#include <stdio.h> 151#include <stdio.h>
126#include <openssl/objects.h> 152#include <openssl/objects.h>
127#include "ssl_locl.h" 153#include "ssl_locl.h"
128#include "kssl_lcl.h" 154#include "kssl_lcl.h"
155#ifndef OPENSSL_NO_TLSEXT
156#ifndef OPENSSL_NO_EC
157#include "../crypto/ec/ec_lcl.h"
158#endif /* OPENSSL_NO_EC */
159#endif /* OPENSSL_NO_TLSEXT */
129#include <openssl/md5.h> 160#include <openssl/md5.h>
130#ifndef OPENSSL_NO_DH 161#ifndef OPENSSL_NO_DH
131#include <openssl/dh.h> 162#include <openssl/dh.h>
132#endif 163#endif
133#include <openssl/pq_compat.h>
134 164
135const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT; 165const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
136 166
@@ -138,217 +168,265 @@ const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
138 168
139/* list of available SSLv3 ciphers (sorted by id) */ 169/* list of available SSLv3 ciphers (sorted by id) */
140OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 170OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
171
141/* The RSA ciphers */ 172/* The RSA ciphers */
142/* Cipher 01 */ 173/* Cipher 01 */
143 { 174 {
144 1, 175 1,
145 SSL3_TXT_RSA_NULL_MD5, 176 SSL3_TXT_RSA_NULL_MD5,
146 SSL3_CK_RSA_NULL_MD5, 177 SSL3_CK_RSA_NULL_MD5,
147 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, 178 SSL_kRSA,
179 SSL_aRSA,
180 SSL_eNULL,
181 SSL_MD5,
182 SSL_SSLV3,
148 SSL_NOT_EXP|SSL_STRONG_NONE, 183 SSL_NOT_EXP|SSL_STRONG_NONE,
184 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
149 0, 185 0,
150 0, 186 0,
151 0,
152 SSL_ALL_CIPHERS,
153 SSL_ALL_STRENGTHS,
154 }, 187 },
188
155/* Cipher 02 */ 189/* Cipher 02 */
156 { 190 {
157 1, 191 1,
158 SSL3_TXT_RSA_NULL_SHA, 192 SSL3_TXT_RSA_NULL_SHA,
159 SSL3_CK_RSA_NULL_SHA, 193 SSL3_CK_RSA_NULL_SHA,
160 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, 194 SSL_kRSA,
195 SSL_aRSA,
196 SSL_eNULL,
197 SSL_SHA1,
198 SSL_SSLV3,
161 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS, 199 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
200 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
162 0, 201 0,
163 0, 202 0,
164 0,
165 SSL_ALL_CIPHERS,
166 SSL_ALL_STRENGTHS,
167 }, 203 },
204
168/* Cipher 03 */ 205/* Cipher 03 */
169 { 206 {
170 1, 207 1,
171 SSL3_TXT_RSA_RC4_40_MD5, 208 SSL3_TXT_RSA_RC4_40_MD5,
172 SSL3_CK_RSA_RC4_40_MD5, 209 SSL3_CK_RSA_RC4_40_MD5,
173 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 210 SSL_kRSA,
211 SSL_aRSA,
212 SSL_RC4,
213 SSL_MD5,
214 SSL_SSLV3,
174 SSL_EXPORT|SSL_EXP40, 215 SSL_EXPORT|SSL_EXP40,
175 0, 216 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
176 40, 217 40,
177 128, 218 128,
178 SSL_ALL_CIPHERS,
179 SSL_ALL_STRENGTHS,
180 }, 219 },
220
181/* Cipher 04 */ 221/* Cipher 04 */
182 { 222 {
183 1, 223 1,
184 SSL3_TXT_RSA_RC4_128_MD5, 224 SSL3_TXT_RSA_RC4_128_MD5,
185 SSL3_CK_RSA_RC4_128_MD5, 225 SSL3_CK_RSA_RC4_128_MD5,
186 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, 226 SSL_kRSA,
227 SSL_aRSA,
228 SSL_RC4,
229 SSL_MD5,
230 SSL_SSLV3,
187 SSL_NOT_EXP|SSL_MEDIUM, 231 SSL_NOT_EXP|SSL_MEDIUM,
188 0, 232 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
189 128, 233 128,
190 128, 234 128,
191 SSL_ALL_CIPHERS,
192 SSL_ALL_STRENGTHS,
193 }, 235 },
236
194/* Cipher 05 */ 237/* Cipher 05 */
195 { 238 {
196 1, 239 1,
197 SSL3_TXT_RSA_RC4_128_SHA, 240 SSL3_TXT_RSA_RC4_128_SHA,
198 SSL3_CK_RSA_RC4_128_SHA, 241 SSL3_CK_RSA_RC4_128_SHA,
199 SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, 242 SSL_kRSA,
243 SSL_aRSA,
244 SSL_RC4,
245 SSL_SHA1,
246 SSL_SSLV3,
200 SSL_NOT_EXP|SSL_MEDIUM, 247 SSL_NOT_EXP|SSL_MEDIUM,
201 0, 248 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
202 128, 249 128,
203 128, 250 128,
204 SSL_ALL_CIPHERS,
205 SSL_ALL_STRENGTHS,
206 }, 251 },
252
207/* Cipher 06 */ 253/* Cipher 06 */
208 { 254 {
209 1, 255 1,
210 SSL3_TXT_RSA_RC2_40_MD5, 256 SSL3_TXT_RSA_RC2_40_MD5,
211 SSL3_CK_RSA_RC2_40_MD5, 257 SSL3_CK_RSA_RC2_40_MD5,
212 SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, 258 SSL_kRSA,
259 SSL_aRSA,
260 SSL_RC2,
261 SSL_MD5,
262 SSL_SSLV3,
213 SSL_EXPORT|SSL_EXP40, 263 SSL_EXPORT|SSL_EXP40,
214 0, 264 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
215 40, 265 40,
216 128, 266 128,
217 SSL_ALL_CIPHERS,
218 SSL_ALL_STRENGTHS,
219 }, 267 },
268
220/* Cipher 07 */ 269/* Cipher 07 */
221#ifndef OPENSSL_NO_IDEA 270#ifndef OPENSSL_NO_IDEA
222 { 271 {
223 1, 272 1,
224 SSL3_TXT_RSA_IDEA_128_SHA, 273 SSL3_TXT_RSA_IDEA_128_SHA,
225 SSL3_CK_RSA_IDEA_128_SHA, 274 SSL3_CK_RSA_IDEA_128_SHA,
226 SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, 275 SSL_kRSA,
276 SSL_aRSA,
277 SSL_IDEA,
278 SSL_SHA1,
279 SSL_SSLV3,
227 SSL_NOT_EXP|SSL_MEDIUM, 280 SSL_NOT_EXP|SSL_MEDIUM,
228 0, 281 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
229 128, 282 128,
230 128, 283 128,
231 SSL_ALL_CIPHERS,
232 SSL_ALL_STRENGTHS,
233 }, 284 },
234#endif 285#endif
286
235/* Cipher 08 */ 287/* Cipher 08 */
236 { 288 {
237 1, 289 1,
238 SSL3_TXT_RSA_DES_40_CBC_SHA, 290 SSL3_TXT_RSA_DES_40_CBC_SHA,
239 SSL3_CK_RSA_DES_40_CBC_SHA, 291 SSL3_CK_RSA_DES_40_CBC_SHA,
240 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 292 SSL_kRSA,
293 SSL_aRSA,
294 SSL_DES,
295 SSL_SHA1,
296 SSL_SSLV3,
241 SSL_EXPORT|SSL_EXP40, 297 SSL_EXPORT|SSL_EXP40,
242 0, 298 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
243 40, 299 40,
244 56, 300 56,
245 SSL_ALL_CIPHERS,
246 SSL_ALL_STRENGTHS,
247 }, 301 },
302
248/* Cipher 09 */ 303/* Cipher 09 */
249 { 304 {
250 1, 305 1,
251 SSL3_TXT_RSA_DES_64_CBC_SHA, 306 SSL3_TXT_RSA_DES_64_CBC_SHA,
252 SSL3_CK_RSA_DES_64_CBC_SHA, 307 SSL3_CK_RSA_DES_64_CBC_SHA,
253 SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 308 SSL_kRSA,
309 SSL_aRSA,
310 SSL_DES,
311 SSL_SHA1,
312 SSL_SSLV3,
254 SSL_NOT_EXP|SSL_LOW, 313 SSL_NOT_EXP|SSL_LOW,
255 0, 314 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
256 56, 315 56,
257 56, 316 56,
258 SSL_ALL_CIPHERS,
259 SSL_ALL_STRENGTHS,
260 }, 317 },
318
261/* Cipher 0A */ 319/* Cipher 0A */
262 { 320 {
263 1, 321 1,
264 SSL3_TXT_RSA_DES_192_CBC3_SHA, 322 SSL3_TXT_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_RSA_DES_192_CBC3_SHA, 323 SSL3_CK_RSA_DES_192_CBC3_SHA,
266 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 324 SSL_kRSA,
325 SSL_aRSA,
326 SSL_3DES,
327 SSL_SHA1,
328 SSL_SSLV3,
267 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 329 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
268 0, 330 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
269 168, 331 168,
270 168, 332 168,
271 SSL_ALL_CIPHERS,
272 SSL_ALL_STRENGTHS,
273 }, 333 },
334
274/* The DH ciphers */ 335/* The DH ciphers */
275/* Cipher 0B */ 336/* Cipher 0B */
276 { 337 {
277 0, 338 0,
278 SSL3_TXT_DH_DSS_DES_40_CBC_SHA, 339 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
279 SSL3_CK_DH_DSS_DES_40_CBC_SHA, 340 SSL3_CK_DH_DSS_DES_40_CBC_SHA,
280 SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 341 SSL_kDHd,
342 SSL_aDH,
343 SSL_DES,
344 SSL_SHA1,
345 SSL_SSLV3,
281 SSL_EXPORT|SSL_EXP40, 346 SSL_EXPORT|SSL_EXP40,
282 0, 347 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
283 40, 348 40,
284 56, 349 56,
285 SSL_ALL_CIPHERS,
286 SSL_ALL_STRENGTHS,
287 }, 350 },
351
288/* Cipher 0C */ 352/* Cipher 0C */
289 { 353 {
290 0, 354 0, /* not implemented (non-ephemeral DH) */
291 SSL3_TXT_DH_DSS_DES_64_CBC_SHA, 355 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
292 SSL3_CK_DH_DSS_DES_64_CBC_SHA, 356 SSL3_CK_DH_DSS_DES_64_CBC_SHA,
293 SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 357 SSL_kDHd,
358 SSL_aDH,
359 SSL_DES,
360 SSL_SHA1,
361 SSL_SSLV3,
294 SSL_NOT_EXP|SSL_LOW, 362 SSL_NOT_EXP|SSL_LOW,
295 0, 363 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
296 56, 364 56,
297 56, 365 56,
298 SSL_ALL_CIPHERS,
299 SSL_ALL_STRENGTHS,
300 }, 366 },
367
301/* Cipher 0D */ 368/* Cipher 0D */
302 { 369 {
303 0, 370 0, /* not implemented (non-ephemeral DH) */
304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 371 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 372 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
306 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 373 SSL_kDHd,
374 SSL_aDH,
375 SSL_3DES,
376 SSL_SHA1,
377 SSL_SSLV3,
307 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 378 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
308 0, 379 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
309 168, 380 168,
310 168, 381 168,
311 SSL_ALL_CIPHERS,
312 SSL_ALL_STRENGTHS,
313 }, 382 },
383
314/* Cipher 0E */ 384/* Cipher 0E */
315 { 385 {
316 0, 386 0, /* not implemented (non-ephemeral DH) */
317 SSL3_TXT_DH_RSA_DES_40_CBC_SHA, 387 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
318 SSL3_CK_DH_RSA_DES_40_CBC_SHA, 388 SSL3_CK_DH_RSA_DES_40_CBC_SHA,
319 SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, 389 SSL_kDHr,
390 SSL_aDH,
391 SSL_DES,
392 SSL_SHA1,
393 SSL_SSLV3,
320 SSL_EXPORT|SSL_EXP40, 394 SSL_EXPORT|SSL_EXP40,
321 0, 395 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
322 40, 396 40,
323 56, 397 56,
324 SSL_ALL_CIPHERS,
325 SSL_ALL_STRENGTHS,
326 }, 398 },
399
327/* Cipher 0F */ 400/* Cipher 0F */
328 { 401 {
329 0, 402 0, /* not implemented (non-ephemeral DH) */
330 SSL3_TXT_DH_RSA_DES_64_CBC_SHA, 403 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
331 SSL3_CK_DH_RSA_DES_64_CBC_SHA, 404 SSL3_CK_DH_RSA_DES_64_CBC_SHA,
332 SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, 405 SSL_kDHr,
406 SSL_aDH,
407 SSL_DES,
408 SSL_SHA1,
409 SSL_SSLV3,
333 SSL_NOT_EXP|SSL_LOW, 410 SSL_NOT_EXP|SSL_LOW,
334 0, 411 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
335 56, 412 56,
336 56, 413 56,
337 SSL_ALL_CIPHERS,
338 SSL_ALL_STRENGTHS,
339 }, 414 },
415
340/* Cipher 10 */ 416/* Cipher 10 */
341 { 417 {
342 0, 418 0, /* not implemented (non-ephemeral DH) */
343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 419 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 420 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
345 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 421 SSL_kDHr,
422 SSL_aDH,
423 SSL_3DES,
424 SSL_SHA1,
425 SSL_SSLV3,
346 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
347 0, 427 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
348 168, 428 168,
349 168, 429 168,
350 SSL_ALL_CIPHERS,
351 SSL_ALL_STRENGTHS,
352 }, 430 },
353 431
354/* The Ephemeral DH ciphers */ 432/* The Ephemeral DH ciphers */
@@ -357,158 +435,193 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
357 1, 435 1,
358 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 436 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
359 SSL3_CK_EDH_DSS_DES_40_CBC_SHA, 437 SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
360 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, 438 SSL_kEDH,
439 SSL_aDSS,
440 SSL_DES,
441 SSL_SHA1,
442 SSL_SSLV3,
361 SSL_EXPORT|SSL_EXP40, 443 SSL_EXPORT|SSL_EXP40,
362 0, 444 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
363 40, 445 40,
364 56, 446 56,
365 SSL_ALL_CIPHERS,
366 SSL_ALL_STRENGTHS,
367 }, 447 },
448
368/* Cipher 12 */ 449/* Cipher 12 */
369 { 450 {
370 1, 451 1,
371 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 452 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
372 SSL3_CK_EDH_DSS_DES_64_CBC_SHA, 453 SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
373 SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, 454 SSL_kEDH,
455 SSL_aDSS,
456 SSL_DES,
457 SSL_SHA1,
458 SSL_SSLV3,
374 SSL_NOT_EXP|SSL_LOW, 459 SSL_NOT_EXP|SSL_LOW,
375 0, 460 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
376 56, 461 56,
377 56, 462 56,
378 SSL_ALL_CIPHERS,
379 SSL_ALL_STRENGTHS,
380 }, 463 },
464
381/* Cipher 13 */ 465/* Cipher 13 */
382 { 466 {
383 1, 467 1,
384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 468 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 469 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
386 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, 470 SSL_kEDH,
471 SSL_aDSS,
472 SSL_3DES,
473 SSL_SHA1,
474 SSL_SSLV3,
387 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 475 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
388 0, 476 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
389 168, 477 168,
390 168, 478 168,
391 SSL_ALL_CIPHERS,
392 SSL_ALL_STRENGTHS,
393 }, 479 },
480
394/* Cipher 14 */ 481/* Cipher 14 */
395 { 482 {
396 1, 483 1,
397 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 484 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
398 SSL3_CK_EDH_RSA_DES_40_CBC_SHA, 485 SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
399 SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, 486 SSL_kEDH,
487 SSL_aRSA,
488 SSL_DES,
489 SSL_SHA1,
490 SSL_SSLV3,
400 SSL_EXPORT|SSL_EXP40, 491 SSL_EXPORT|SSL_EXP40,
401 0, 492 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
402 40, 493 40,
403 56, 494 56,
404 SSL_ALL_CIPHERS,
405 SSL_ALL_STRENGTHS,
406 }, 495 },
496
407/* Cipher 15 */ 497/* Cipher 15 */
408 { 498 {
409 1, 499 1,
410 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 500 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
411 SSL3_CK_EDH_RSA_DES_64_CBC_SHA, 501 SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
412 SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, 502 SSL_kEDH,
503 SSL_aRSA,
504 SSL_DES,
505 SSL_SHA1,
506 SSL_SSLV3,
413 SSL_NOT_EXP|SSL_LOW, 507 SSL_NOT_EXP|SSL_LOW,
414 0, 508 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
415 56, 509 56,
416 56, 510 56,
417 SSL_ALL_CIPHERS,
418 SSL_ALL_STRENGTHS,
419 }, 511 },
512
420/* Cipher 16 */ 513/* Cipher 16 */
421 { 514 {
422 1, 515 1,
423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 516 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 517 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
425 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 518 SSL_kEDH,
519 SSL_aRSA,
520 SSL_3DES,
521 SSL_SHA1,
522 SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 523 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 0, 524 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
428 168, 525 168,
429 168, 526 168,
430 SSL_ALL_CIPHERS,
431 SSL_ALL_STRENGTHS,
432 }, 527 },
528
433/* Cipher 17 */ 529/* Cipher 17 */
434 { 530 {
435 1, 531 1,
436 SSL3_TXT_ADH_RC4_40_MD5, 532 SSL3_TXT_ADH_RC4_40_MD5,
437 SSL3_CK_ADH_RC4_40_MD5, 533 SSL3_CK_ADH_RC4_40_MD5,
438 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 534 SSL_kEDH,
535 SSL_aNULL,
536 SSL_RC4,
537 SSL_MD5,
538 SSL_SSLV3,
439 SSL_EXPORT|SSL_EXP40, 539 SSL_EXPORT|SSL_EXP40,
440 0, 540 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
441 40, 541 40,
442 128, 542 128,
443 SSL_ALL_CIPHERS,
444 SSL_ALL_STRENGTHS,
445 }, 543 },
544
446/* Cipher 18 */ 545/* Cipher 18 */
447 { 546 {
448 1, 547 1,
449 SSL3_TXT_ADH_RC4_128_MD5, 548 SSL3_TXT_ADH_RC4_128_MD5,
450 SSL3_CK_ADH_RC4_128_MD5, 549 SSL3_CK_ADH_RC4_128_MD5,
451 SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, 550 SSL_kEDH,
551 SSL_aNULL,
552 SSL_RC4,
553 SSL_MD5,
554 SSL_SSLV3,
452 SSL_NOT_EXP|SSL_MEDIUM, 555 SSL_NOT_EXP|SSL_MEDIUM,
453 0, 556 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
454 128, 557 128,
455 128, 558 128,
456 SSL_ALL_CIPHERS,
457 SSL_ALL_STRENGTHS,
458 }, 559 },
560
459/* Cipher 19 */ 561/* Cipher 19 */
460 { 562 {
461 1, 563 1,
462 SSL3_TXT_ADH_DES_40_CBC_SHA, 564 SSL3_TXT_ADH_DES_40_CBC_SHA,
463 SSL3_CK_ADH_DES_40_CBC_SHA, 565 SSL3_CK_ADH_DES_40_CBC_SHA,
464 SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, 566 SSL_kEDH,
567 SSL_aNULL,
568 SSL_DES,
569 SSL_SHA1,
570 SSL_SSLV3,
465 SSL_EXPORT|SSL_EXP40, 571 SSL_EXPORT|SSL_EXP40,
466 0, 572 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
467 40, 573 40,
468 128, 574 128,
469 SSL_ALL_CIPHERS,
470 SSL_ALL_STRENGTHS,
471 }, 575 },
576
472/* Cipher 1A */ 577/* Cipher 1A */
473 { 578 {
474 1, 579 1,
475 SSL3_TXT_ADH_DES_64_CBC_SHA, 580 SSL3_TXT_ADH_DES_64_CBC_SHA,
476 SSL3_CK_ADH_DES_64_CBC_SHA, 581 SSL3_CK_ADH_DES_64_CBC_SHA,
477 SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, 582 SSL_kEDH,
583 SSL_aNULL,
584 SSL_DES,
585 SSL_SHA1,
586 SSL_SSLV3,
478 SSL_NOT_EXP|SSL_LOW, 587 SSL_NOT_EXP|SSL_LOW,
479 0, 588 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
480 56, 589 56,
481 56, 590 56,
482 SSL_ALL_CIPHERS,
483 SSL_ALL_STRENGTHS,
484 }, 591 },
592
485/* Cipher 1B */ 593/* Cipher 1B */
486 { 594 {
487 1, 595 1,
488 SSL3_TXT_ADH_DES_192_CBC_SHA, 596 SSL3_TXT_ADH_DES_192_CBC_SHA,
489 SSL3_CK_ADH_DES_192_CBC_SHA, 597 SSL3_CK_ADH_DES_192_CBC_SHA,
490 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, 598 SSL_kEDH,
599 SSL_aNULL,
600 SSL_3DES,
601 SSL_SHA1,
602 SSL_SSLV3,
491 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 603 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
492 0, 604 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
493 168, 605 168,
494 168, 606 168,
495 SSL_ALL_CIPHERS,
496 SSL_ALL_STRENGTHS,
497 }, 607 },
498 608
499/* Fortezza */ 609/* Fortezza ciphersuite from SSL 3.0 spec */
610#if 0
500/* Cipher 1C */ 611/* Cipher 1C */
501 { 612 {
502 0, 613 0,
503 SSL3_TXT_FZA_DMS_NULL_SHA, 614 SSL3_TXT_FZA_DMS_NULL_SHA,
504 SSL3_CK_FZA_DMS_NULL_SHA, 615 SSL3_CK_FZA_DMS_NULL_SHA,
505 SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, 616 SSL_kFZA,
617 SSL_aFZA,
618 SSL_eNULL,
619 SSL_SHA1,
620 SSL_SSLV3,
506 SSL_NOT_EXP|SSL_STRONG_NONE, 621 SSL_NOT_EXP|SSL_STRONG_NONE,
622 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
507 0, 623 0,
508 0, 624 0,
509 0,
510 SSL_ALL_CIPHERS,
511 SSL_ALL_STRENGTHS,
512 }, 625 },
513 626
514/* Cipher 1D */ 627/* Cipher 1D */
@@ -516,45 +629,50 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
516 0, 629 0,
517 SSL3_TXT_FZA_DMS_FZA_SHA, 630 SSL3_TXT_FZA_DMS_FZA_SHA,
518 SSL3_CK_FZA_DMS_FZA_SHA, 631 SSL3_CK_FZA_DMS_FZA_SHA,
519 SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, 632 SSL_kFZA,
633 SSL_aFZA,
634 SSL_eFZA,
635 SSL_SHA1,
636 SSL_SSLV3,
520 SSL_NOT_EXP|SSL_STRONG_NONE, 637 SSL_NOT_EXP|SSL_STRONG_NONE,
638 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
521 0, 639 0,
522 0, 640 0,
523 0,
524 SSL_ALL_CIPHERS,
525 SSL_ALL_STRENGTHS,
526 }, 641 },
527 642
528#if 0
529/* Cipher 1E */ 643/* Cipher 1E */
530 { 644 {
531 0, 645 0,
532 SSL3_TXT_FZA_DMS_RC4_SHA, 646 SSL3_TXT_FZA_DMS_RC4_SHA,
533 SSL3_CK_FZA_DMS_RC4_SHA, 647 SSL3_CK_FZA_DMS_RC4_SHA,
534 SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, 648 SSL_kFZA,
649 SSL_aFZA,
650 SSL_RC4,
651 SSL_SHA1,
652 SSL_SSLV3,
535 SSL_NOT_EXP|SSL_MEDIUM, 653 SSL_NOT_EXP|SSL_MEDIUM,
536 0, 654 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
537 128, 655 128,
538 128, 656 128,
539 SSL_ALL_CIPHERS,
540 SSL_ALL_STRENGTHS,
541 }, 657 },
542#endif 658#endif
543 659
544#ifndef OPENSSL_NO_KRB5 660#ifndef OPENSSL_NO_KRB5
545/* The Kerberos ciphers */ 661/* The Kerberos ciphers*/
546/* Cipher 1E */ 662/* Cipher 1E */
547 { 663 {
548 1, 664 1,
549 SSL3_TXT_KRB5_DES_64_CBC_SHA, 665 SSL3_TXT_KRB5_DES_64_CBC_SHA,
550 SSL3_CK_KRB5_DES_64_CBC_SHA, 666 SSL3_CK_KRB5_DES_64_CBC_SHA,
551 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 667 SSL_kKRB5,
668 SSL_aKRB5,
669 SSL_DES,
670 SSL_SHA1,
671 SSL_SSLV3,
552 SSL_NOT_EXP|SSL_LOW, 672 SSL_NOT_EXP|SSL_LOW,
553 0, 673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
554 56, 674 56,
555 56, 675 56,
556 SSL_ALL_CIPHERS,
557 SSL_ALL_STRENGTHS,
558 }, 676 },
559 677
560/* Cipher 1F */ 678/* Cipher 1F */
@@ -562,13 +680,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
562 1, 680 1,
563 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 681 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
564 SSL3_CK_KRB5_DES_192_CBC3_SHA, 682 SSL3_CK_KRB5_DES_192_CBC3_SHA,
565 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, 683 SSL_kKRB5,
684 SSL_aKRB5,
685 SSL_3DES,
686 SSL_SHA1,
687 SSL_SSLV3,
566 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 688 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
567 0, 689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
568 168, 690 168,
569 168, 691 168,
570 SSL_ALL_CIPHERS,
571 SSL_ALL_STRENGTHS,
572 }, 692 },
573 693
574/* Cipher 20 */ 694/* Cipher 20 */
@@ -576,13 +696,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
576 1, 696 1,
577 SSL3_TXT_KRB5_RC4_128_SHA, 697 SSL3_TXT_KRB5_RC4_128_SHA,
578 SSL3_CK_KRB5_RC4_128_SHA, 698 SSL3_CK_KRB5_RC4_128_SHA,
579 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 699 SSL_kKRB5,
700 SSL_aKRB5,
701 SSL_RC4,
702 SSL_SHA1,
703 SSL_SSLV3,
580 SSL_NOT_EXP|SSL_MEDIUM, 704 SSL_NOT_EXP|SSL_MEDIUM,
581 0, 705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
582 128, 706 128,
583 128, 707 128,
584 SSL_ALL_CIPHERS,
585 SSL_ALL_STRENGTHS,
586 }, 708 },
587 709
588/* Cipher 21 */ 710/* Cipher 21 */
@@ -590,13 +712,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
590 1, 712 1,
591 SSL3_TXT_KRB5_IDEA_128_CBC_SHA, 713 SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
592 SSL3_CK_KRB5_IDEA_128_CBC_SHA, 714 SSL3_CK_KRB5_IDEA_128_CBC_SHA,
593 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3, 715 SSL_kKRB5,
716 SSL_aKRB5,
717 SSL_IDEA,
718 SSL_SHA1,
719 SSL_SSLV3,
594 SSL_NOT_EXP|SSL_MEDIUM, 720 SSL_NOT_EXP|SSL_MEDIUM,
595 0, 721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
596 128, 722 128,
597 128, 723 128,
598 SSL_ALL_CIPHERS,
599 SSL_ALL_STRENGTHS,
600 }, 724 },
601 725
602/* Cipher 22 */ 726/* Cipher 22 */
@@ -604,13 +728,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
604 1, 728 1,
605 SSL3_TXT_KRB5_DES_64_CBC_MD5, 729 SSL3_TXT_KRB5_DES_64_CBC_MD5,
606 SSL3_CK_KRB5_DES_64_CBC_MD5, 730 SSL3_CK_KRB5_DES_64_CBC_MD5,
607 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, 731 SSL_kKRB5,
732 SSL_aKRB5,
733 SSL_DES,
734 SSL_MD5,
735 SSL_SSLV3,
608 SSL_NOT_EXP|SSL_LOW, 736 SSL_NOT_EXP|SSL_LOW,
609 0, 737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
610 56, 738 56,
611 56, 739 56,
612 SSL_ALL_CIPHERS,
613 SSL_ALL_STRENGTHS,
614 }, 740 },
615 741
616/* Cipher 23 */ 742/* Cipher 23 */
@@ -618,13 +744,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
618 1, 744 1,
619 SSL3_TXT_KRB5_DES_192_CBC3_MD5, 745 SSL3_TXT_KRB5_DES_192_CBC3_MD5,
620 SSL3_CK_KRB5_DES_192_CBC3_MD5, 746 SSL3_CK_KRB5_DES_192_CBC3_MD5,
621 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, 747 SSL_kKRB5,
748 SSL_aKRB5,
749 SSL_3DES,
750 SSL_MD5,
751 SSL_SSLV3,
622 SSL_NOT_EXP|SSL_HIGH, 752 SSL_NOT_EXP|SSL_HIGH,
623 0, 753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
624 168, 754 168,
625 168, 755 168,
626 SSL_ALL_CIPHERS,
627 SSL_ALL_STRENGTHS,
628 }, 756 },
629 757
630/* Cipher 24 */ 758/* Cipher 24 */
@@ -632,13 +760,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
632 1, 760 1,
633 SSL3_TXT_KRB5_RC4_128_MD5, 761 SSL3_TXT_KRB5_RC4_128_MD5,
634 SSL3_CK_KRB5_RC4_128_MD5, 762 SSL3_CK_KRB5_RC4_128_MD5,
635 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 763 SSL_kKRB5,
764 SSL_aKRB5,
765 SSL_RC4,
766 SSL_MD5,
767 SSL_SSLV3,
636 SSL_NOT_EXP|SSL_MEDIUM, 768 SSL_NOT_EXP|SSL_MEDIUM,
637 0, 769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
638 128, 770 128,
639 128, 771 128,
640 SSL_ALL_CIPHERS,
641 SSL_ALL_STRENGTHS,
642 }, 772 },
643 773
644/* Cipher 25 */ 774/* Cipher 25 */
@@ -646,13 +776,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
646 1, 776 1,
647 SSL3_TXT_KRB5_IDEA_128_CBC_MD5, 777 SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
648 SSL3_CK_KRB5_IDEA_128_CBC_MD5, 778 SSL3_CK_KRB5_IDEA_128_CBC_MD5,
649 SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3, 779 SSL_kKRB5,
780 SSL_aKRB5,
781 SSL_IDEA,
782 SSL_MD5,
783 SSL_SSLV3,
650 SSL_NOT_EXP|SSL_MEDIUM, 784 SSL_NOT_EXP|SSL_MEDIUM,
651 0, 785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
652 128, 786 128,
653 128, 787 128,
654 SSL_ALL_CIPHERS,
655 SSL_ALL_STRENGTHS,
656 }, 788 },
657 789
658/* Cipher 26 */ 790/* Cipher 26 */
@@ -660,13 +792,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
660 1, 792 1,
661 SSL3_TXT_KRB5_DES_40_CBC_SHA, 793 SSL3_TXT_KRB5_DES_40_CBC_SHA,
662 SSL3_CK_KRB5_DES_40_CBC_SHA, 794 SSL3_CK_KRB5_DES_40_CBC_SHA,
663 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, 795 SSL_kKRB5,
796 SSL_aKRB5,
797 SSL_DES,
798 SSL_SHA1,
799 SSL_SSLV3,
664 SSL_EXPORT|SSL_EXP40, 800 SSL_EXPORT|SSL_EXP40,
665 0, 801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
666 40, 802 40,
667 56, 803 56,
668 SSL_ALL_CIPHERS,
669 SSL_ALL_STRENGTHS,
670 }, 804 },
671 805
672/* Cipher 27 */ 806/* Cipher 27 */
@@ -674,13 +808,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
674 1, 808 1,
675 SSL3_TXT_KRB5_RC2_40_CBC_SHA, 809 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
676 SSL3_CK_KRB5_RC2_40_CBC_SHA, 810 SSL3_CK_KRB5_RC2_40_CBC_SHA,
677 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3, 811 SSL_kKRB5,
812 SSL_aKRB5,
813 SSL_RC2,
814 SSL_SHA1,
815 SSL_SSLV3,
678 SSL_EXPORT|SSL_EXP40, 816 SSL_EXPORT|SSL_EXP40,
679 0, 817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
680 40, 818 40,
681 128, 819 128,
682 SSL_ALL_CIPHERS,
683 SSL_ALL_STRENGTHS,
684 }, 820 },
685 821
686/* Cipher 28 */ 822/* Cipher 28 */
@@ -688,13 +824,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
688 1, 824 1,
689 SSL3_TXT_KRB5_RC4_40_SHA, 825 SSL3_TXT_KRB5_RC4_40_SHA,
690 SSL3_CK_KRB5_RC4_40_SHA, 826 SSL3_CK_KRB5_RC4_40_SHA,
691 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3, 827 SSL_kKRB5,
828 SSL_aKRB5,
829 SSL_RC4,
830 SSL_SHA1,
831 SSL_SSLV3,
692 SSL_EXPORT|SSL_EXP40, 832 SSL_EXPORT|SSL_EXP40,
693 0, 833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
694 40, 834 40,
695 128, 835 128,
696 SSL_ALL_CIPHERS,
697 SSL_ALL_STRENGTHS,
698 }, 836 },
699 837
700/* Cipher 29 */ 838/* Cipher 29 */
@@ -702,13 +840,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
702 1, 840 1,
703 SSL3_TXT_KRB5_DES_40_CBC_MD5, 841 SSL3_TXT_KRB5_DES_40_CBC_MD5,
704 SSL3_CK_KRB5_DES_40_CBC_MD5, 842 SSL3_CK_KRB5_DES_40_CBC_MD5,
705 SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, 843 SSL_kKRB5,
844 SSL_aKRB5,
845 SSL_DES,
846 SSL_MD5,
847 SSL_SSLV3,
706 SSL_EXPORT|SSL_EXP40, 848 SSL_EXPORT|SSL_EXP40,
707 0, 849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
708 40, 850 40,
709 56, 851 56,
710 SSL_ALL_CIPHERS,
711 SSL_ALL_STRENGTHS,
712 }, 852 },
713 853
714/* Cipher 2A */ 854/* Cipher 2A */
@@ -716,13 +856,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
716 1, 856 1,
717 SSL3_TXT_KRB5_RC2_40_CBC_MD5, 857 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
718 SSL3_CK_KRB5_RC2_40_CBC_MD5, 858 SSL3_CK_KRB5_RC2_40_CBC_MD5,
719 SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3, 859 SSL_kKRB5,
860 SSL_aKRB5,
861 SSL_RC2,
862 SSL_MD5,
863 SSL_SSLV3,
720 SSL_EXPORT|SSL_EXP40, 864 SSL_EXPORT|SSL_EXP40,
721 0, 865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
722 40, 866 40,
723 128, 867 128,
724 SSL_ALL_CIPHERS,
725 SSL_ALL_STRENGTHS,
726 }, 868 },
727 869
728/* Cipher 2B */ 870/* Cipher 2B */
@@ -730,13 +872,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
730 1, 872 1,
731 SSL3_TXT_KRB5_RC4_40_MD5, 873 SSL3_TXT_KRB5_RC4_40_MD5,
732 SSL3_CK_KRB5_RC4_40_MD5, 874 SSL3_CK_KRB5_RC4_40_MD5,
733 SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3, 875 SSL_kKRB5,
876 SSL_aKRB5,
877 SSL_RC4,
878 SSL_MD5,
879 SSL_SSLV3,
734 SSL_EXPORT|SSL_EXP40, 880 SSL_EXPORT|SSL_EXP40,
735 0, 881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
736 40, 882 40,
737 128, 883 128,
738 SSL_ALL_CIPHERS,
739 SSL_ALL_STRENGTHS,
740 }, 884 },
741#endif /* OPENSSL_NO_KRB5 */ 885#endif /* OPENSSL_NO_KRB5 */
742 886
@@ -746,78 +890,90 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
746 1, 890 1,
747 TLS1_TXT_RSA_WITH_AES_128_SHA, 891 TLS1_TXT_RSA_WITH_AES_128_SHA,
748 TLS1_CK_RSA_WITH_AES_128_SHA, 892 TLS1_CK_RSA_WITH_AES_128_SHA,
749 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 893 SSL_kRSA,
894 SSL_aRSA,
895 SSL_AES128,
896 SSL_SHA1,
897 SSL_TLSV1,
750 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 898 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
751 0, 899 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
752 128, 900 128,
753 128, 901 128,
754 SSL_ALL_CIPHERS,
755 SSL_ALL_STRENGTHS,
756 }, 902 },
757/* Cipher 30 */ 903/* Cipher 30 */
758 { 904 {
759 0, 905 0,
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 906 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 907 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
762 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 908 SSL_kDHd,
909 SSL_aDH,
910 SSL_AES128,
911 SSL_SHA1,
912 SSL_TLSV1,
763 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 913 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
764 0, 914 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
765 128, 915 128,
766 128, 916 128,
767 SSL_ALL_CIPHERS,
768 SSL_ALL_STRENGTHS,
769 }, 917 },
770/* Cipher 31 */ 918/* Cipher 31 */
771 { 919 {
772 0, 920 0,
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 921 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 922 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
775 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 923 SSL_kDHr,
924 SSL_aDH,
925 SSL_AES128,
926 SSL_SHA1,
927 SSL_TLSV1,
776 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 928 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
777 0, 929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
778 128, 930 128,
779 128, 931 128,
780 SSL_ALL_CIPHERS,
781 SSL_ALL_STRENGTHS,
782 }, 932 },
783/* Cipher 32 */ 933/* Cipher 32 */
784 { 934 {
785 1, 935 1,
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 936 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 937 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
788 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 938 SSL_kEDH,
939 SSL_aDSS,
940 SSL_AES128,
941 SSL_SHA1,
942 SSL_TLSV1,
789 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 943 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
790 0, 944 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
791 128, 945 128,
792 128, 946 128,
793 SSL_ALL_CIPHERS,
794 SSL_ALL_STRENGTHS,
795 }, 947 },
796/* Cipher 33 */ 948/* Cipher 33 */
797 { 949 {
798 1, 950 1,
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 951 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 952 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
801 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 953 SSL_kEDH,
954 SSL_aRSA,
955 SSL_AES128,
956 SSL_SHA1,
957 SSL_TLSV1,
802 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 958 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
803 0, 959 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
804 128, 960 128,
805 128, 961 128,
806 SSL_ALL_CIPHERS,
807 SSL_ALL_STRENGTHS,
808 }, 962 },
809/* Cipher 34 */ 963/* Cipher 34 */
810 { 964 {
811 1, 965 1,
812 TLS1_TXT_ADH_WITH_AES_128_SHA, 966 TLS1_TXT_ADH_WITH_AES_128_SHA,
813 TLS1_CK_ADH_WITH_AES_128_SHA, 967 TLS1_CK_ADH_WITH_AES_128_SHA,
814 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 968 SSL_kEDH,
969 SSL_aNULL,
970 SSL_AES128,
971 SSL_SHA1,
972 SSL_TLSV1,
815 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 973 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
816 0, 974 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
817 128, 975 128,
818 128, 976 128,
819 SSL_ALL_CIPHERS,
820 SSL_ALL_STRENGTHS,
821 }, 977 },
822 978
823/* Cipher 35 */ 979/* Cipher 35 */
@@ -825,78 +981,94 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
825 1, 981 1,
826 TLS1_TXT_RSA_WITH_AES_256_SHA, 982 TLS1_TXT_RSA_WITH_AES_256_SHA,
827 TLS1_CK_RSA_WITH_AES_256_SHA, 983 TLS1_CK_RSA_WITH_AES_256_SHA,
828 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 984 SSL_kRSA,
985 SSL_aRSA,
986 SSL_AES256,
987 SSL_SHA1,
988 SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 989 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
830 0, 990 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
831 256, 991 256,
832 256, 992 256,
833 SSL_ALL_CIPHERS,
834 SSL_ALL_STRENGTHS,
835 }, 993 },
836/* Cipher 36 */ 994/* Cipher 36 */
837 { 995 {
838 0, 996 0,
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 997 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 998 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
841 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 999 SSL_kDHd,
1000 SSL_aDH,
1001 SSL_AES256,
1002 SSL_SHA1,
1003 SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1004 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
843 0, 1005 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
844 256, 1006 256,
845 256, 1007 256,
846 SSL_ALL_CIPHERS,
847 SSL_ALL_STRENGTHS,
848 }, 1008 },
1009
849/* Cipher 37 */ 1010/* Cipher 37 */
850 { 1011 {
851 0, 1012 0, /* not implemented (non-ephemeral DH) */
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 1013 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 1014 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
854 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 1015 SSL_kDHr,
1016 SSL_aDH,
1017 SSL_AES256,
1018 SSL_SHA1,
1019 SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1020 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
856 0, 1021 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
857 256, 1022 256,
858 256, 1023 256,
859 SSL_ALL_CIPHERS,
860 SSL_ALL_STRENGTHS,
861 }, 1024 },
1025
862/* Cipher 38 */ 1026/* Cipher 38 */
863 { 1027 {
864 1, 1028 1,
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 1029 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 1030 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
867 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 1031 SSL_kEDH,
1032 SSL_aDSS,
1033 SSL_AES256,
1034 SSL_SHA1,
1035 SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1036 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
869 0, 1037 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
870 256, 1038 256,
871 256, 1039 256,
872 SSL_ALL_CIPHERS,
873 SSL_ALL_STRENGTHS,
874 }, 1040 },
1041
875/* Cipher 39 */ 1042/* Cipher 39 */
876 { 1043 {
877 1, 1044 1,
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 1045 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 1046 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
880 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1047 SSL_kEDH,
1048 SSL_aRSA,
1049 SSL_AES256,
1050 SSL_SHA1,
1051 SSL_TLSV1,
881 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1052 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
882 0, 1053 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
883 256, 1054 256,
884 256, 1055 256,
885 SSL_ALL_CIPHERS,
886 SSL_ALL_STRENGTHS,
887 }, 1056 },
1057
888 /* Cipher 3A */ 1058 /* Cipher 3A */
889 { 1059 {
890 1, 1060 1,
891 TLS1_TXT_ADH_WITH_AES_256_SHA, 1061 TLS1_TXT_ADH_WITH_AES_256_SHA,
892 TLS1_CK_ADH_WITH_AES_256_SHA, 1062 TLS1_CK_ADH_WITH_AES_256_SHA,
893 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1063 SSL_kEDH,
1064 SSL_aNULL,
1065 SSL_AES256,
1066 SSL_SHA1,
1067 SSL_TLSV1,
894 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, 1068 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
895 0, 1069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
896 256, 1070 256,
897 256, 1071 256,
898 SSL_ALL_CIPHERS,
899 SSL_ALL_STRENGTHS,
900 }, 1072 },
901 1073
902#ifndef OPENSSL_NO_CAMELLIA 1074#ifndef OPENSSL_NO_CAMELLIA
@@ -907,78 +1079,95 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
907 1, 1079 1,
908 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, 1080 TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
909 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, 1081 TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
910 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1082 SSL_kRSA,
1083 SSL_aRSA,
1084 SSL_CAMELLIA128,
1085 SSL_SHA1,
1086 SSL_TLSV1,
911 SSL_NOT_EXP|SSL_HIGH, 1087 SSL_NOT_EXP|SSL_HIGH,
912 0, 1088 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
913 128, 1089 128,
914 128, 1090 128,
915 SSL_ALL_CIPHERS,
916 SSL_ALL_STRENGTHS
917 }, 1091 },
1092
918 /* Cipher 42 */ 1093 /* Cipher 42 */
919 { 1094 {
920 0, /* not implemented (non-ephemeral DH) */ 1095 0, /* not implemented (non-ephemeral DH) */
921 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1096 TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
922 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, 1097 TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
923 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1098 SSL_kDHd,
1099 SSL_aDH,
1100 SSL_CAMELLIA128,
1101 SSL_SHA1,
1102 SSL_TLSV1,
924 SSL_NOT_EXP|SSL_HIGH, 1103 SSL_NOT_EXP|SSL_HIGH,
925 0, 1104 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
926 128, 1105 128,
927 128, 1106 128,
928 SSL_ALL_CIPHERS,
929 SSL_ALL_STRENGTHS
930 }, 1107 },
1108
931 /* Cipher 43 */ 1109 /* Cipher 43 */
932 { 1110 {
933 0, /* not implemented (non-ephemeral DH) */ 1111 0, /* not implemented (non-ephemeral DH) */
934 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1112 TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
935 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, 1113 TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
936 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1114 SSL_kDHr,
1115 SSL_aDH,
1116 SSL_CAMELLIA128,
1117 SSL_SHA1,
1118 SSL_TLSV1,
937 SSL_NOT_EXP|SSL_HIGH, 1119 SSL_NOT_EXP|SSL_HIGH,
938 0, 1120 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
939 128, 1121 128,
940 128, 1122 128,
941 SSL_ALL_CIPHERS,
942 SSL_ALL_STRENGTHS
943 }, 1123 },
1124
944 /* Cipher 44 */ 1125 /* Cipher 44 */
945 { 1126 {
946 1, 1127 1,
947 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1128 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
948 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, 1129 TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
949 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1130 SSL_kEDH,
1131 SSL_aDSS,
1132 SSL_CAMELLIA128,
1133 SSL_SHA1,
1134 SSL_TLSV1,
950 SSL_NOT_EXP|SSL_HIGH, 1135 SSL_NOT_EXP|SSL_HIGH,
951 0, 1136 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
952 128, 1137 128,
953 128, 1138 128,
954 SSL_ALL_CIPHERS,
955 SSL_ALL_STRENGTHS
956 }, 1139 },
1140
957 /* Cipher 45 */ 1141 /* Cipher 45 */
958 { 1142 {
959 1, 1143 1,
960 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1144 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
961 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, 1145 TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
962 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1146 SSL_kEDH,
1147 SSL_aRSA,
1148 SSL_CAMELLIA128,
1149 SSL_SHA1,
1150 SSL_TLSV1,
963 SSL_NOT_EXP|SSL_HIGH, 1151 SSL_NOT_EXP|SSL_HIGH,
964 0, 1152 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
965 128, 1153 128,
966 128, 1154 128,
967 SSL_ALL_CIPHERS,
968 SSL_ALL_STRENGTHS
969 }, 1155 },
1156
970 /* Cipher 46 */ 1157 /* Cipher 46 */
971 { 1158 {
972 1, 1159 1,
973 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, 1160 TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
974 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, 1161 TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
975 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1162 SSL_kEDH,
1163 SSL_aNULL,
1164 SSL_CAMELLIA128,
1165 SSL_SHA1,
1166 SSL_TLSV1,
976 SSL_NOT_EXP|SSL_HIGH, 1167 SSL_NOT_EXP|SSL_HIGH,
977 0, 1168 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
978 128, 1169 128,
979 128, 1170 128,
980 SSL_ALL_CIPHERS,
981 SSL_ALL_STRENGTHS
982 }, 1171 },
983#endif /* OPENSSL_NO_CAMELLIA */ 1172#endif /* OPENSSL_NO_CAMELLIA */
984 1173
@@ -986,98 +1175,174 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
986 /* New TLS Export CipherSuites from expired ID */ 1175 /* New TLS Export CipherSuites from expired ID */
987#if 0 1176#if 0
988 /* Cipher 60 */ 1177 /* Cipher 60 */
989 { 1178 {
990 1, 1179 1,
991 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, 1180 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
992 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, 1181 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
993 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, 1182 SSL_kRSA,
994 SSL_EXPORT|SSL_EXP56, 1183 SSL_aRSA,
995 0, 1184 SSL_RC4,
996 56, 1185 SSL_MD5,
997 128, 1186 SSL_TLSV1,
998 SSL_ALL_CIPHERS, 1187 SSL_EXPORT|SSL_EXP56,
999 SSL_ALL_STRENGTHS, 1188 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1000 }, 1189 56,
1190 128,
1191 },
1192
1001 /* Cipher 61 */ 1193 /* Cipher 61 */
1002 { 1194 {
1003 1, 1195 1,
1004 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1196 TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1005 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, 1197 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
1006 SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, 1198 SSL_kRSA,
1007 SSL_EXPORT|SSL_EXP56, 1199 SSL_aRSA,
1008 0, 1200 SSL_RC2,
1009 56, 1201 SSL_MD5,
1010 128, 1202 SSL_TLSV1,
1011 SSL_ALL_CIPHERS, 1203 SSL_EXPORT|SSL_EXP56,
1012 SSL_ALL_STRENGTHS, 1204 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1013 }, 1205 56,
1206 128,
1207 },
1014#endif 1208#endif
1209
1015 /* Cipher 62 */ 1210 /* Cipher 62 */
1016 { 1211 {
1017 1, 1212 1,
1018 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1213 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1019 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, 1214 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
1020 SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, 1215 SSL_kRSA,
1021 SSL_EXPORT|SSL_EXP56, 1216 SSL_aRSA,
1022 0, 1217 SSL_DES,
1023 56, 1218 SSL_SHA1,
1024 56, 1219 SSL_TLSV1,
1025 SSL_ALL_CIPHERS, 1220 SSL_EXPORT|SSL_EXP56,
1026 SSL_ALL_STRENGTHS, 1221 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1027 }, 1222 56,
1223 56,
1224 },
1225
1028 /* Cipher 63 */ 1226 /* Cipher 63 */
1029 { 1227 {
1030 1, 1228 1,
1031 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1229 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1032 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, 1230 TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
1033 SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, 1231 SSL_kEDH,
1034 SSL_EXPORT|SSL_EXP56, 1232 SSL_aDSS,
1035 0, 1233 SSL_DES,
1036 56, 1234 SSL_SHA1,
1037 56, 1235 SSL_TLSV1,
1038 SSL_ALL_CIPHERS, 1236 SSL_EXPORT|SSL_EXP56,
1039 SSL_ALL_STRENGTHS, 1237 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1040 }, 1238 56,
1239 56,
1240 },
1241
1041 /* Cipher 64 */ 1242 /* Cipher 64 */
1042 { 1243 {
1043 1, 1244 1,
1044 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, 1245 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
1045 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, 1246 TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
1046 SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1247 SSL_kRSA,
1047 SSL_EXPORT|SSL_EXP56, 1248 SSL_aRSA,
1048 0, 1249 SSL_RC4,
1049 56, 1250 SSL_SHA1,
1050 128, 1251 SSL_TLSV1,
1051 SSL_ALL_CIPHERS, 1252 SSL_EXPORT|SSL_EXP56,
1052 SSL_ALL_STRENGTHS, 1253 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1053 }, 1254 56,
1255 128,
1256 },
1257
1054 /* Cipher 65 */ 1258 /* Cipher 65 */
1055 { 1259 {
1056 1, 1260 1,
1057 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1261 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1058 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, 1262 TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
1059 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 1263 SSL_kEDH,
1060 SSL_EXPORT|SSL_EXP56, 1264 SSL_aDSS,
1061 0, 1265 SSL_RC4,
1062 56, 1266 SSL_SHA1,
1063 128, 1267 SSL_TLSV1,
1064 SSL_ALL_CIPHERS, 1268 SSL_EXPORT|SSL_EXP56,
1065 SSL_ALL_STRENGTHS, 1269 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1066 }, 1270 56,
1271 128,
1272 },
1273
1067 /* Cipher 66 */ 1274 /* Cipher 66 */
1068 { 1275 {
1069 1, 1276 1,
1070 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, 1277 TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
1071 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, 1278 TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
1072 SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, 1279 SSL_kEDH,
1073 SSL_NOT_EXP|SSL_MEDIUM, 1280 SSL_aDSS,
1074 0, 1281 SSL_RC4,
1075 128, 1282 SSL_SHA1,
1076 128, 1283 SSL_TLSV1,
1077 SSL_ALL_CIPHERS, 1284 SSL_NOT_EXP|SSL_MEDIUM,
1078 SSL_ALL_STRENGTHS 1285 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1079 }, 1286 128,
1287 128,
1288 },
1080#endif 1289#endif
1290 {
1291 1,
1292 "GOST94-GOST89-GOST89",
1293 0x3000080,
1294 SSL_kGOST,
1295 SSL_aGOST94,
1296 SSL_eGOST2814789CNT,
1297 SSL_GOST89MAC,
1298 SSL_TLSV1,
1299 SSL_NOT_EXP|SSL_HIGH,
1300 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1301 256,
1302 256
1303 },
1304 {
1305 1,
1306 "GOST2001-GOST89-GOST89",
1307 0x3000081,
1308 SSL_kGOST,
1309 SSL_aGOST01,
1310 SSL_eGOST2814789CNT,
1311 SSL_GOST89MAC,
1312 SSL_TLSV1,
1313 SSL_NOT_EXP|SSL_HIGH,
1314 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
1315 256,
1316 256
1317 },
1318 {
1319 1,
1320 "GOST94-NULL-GOST94",
1321 0x3000082,
1322 SSL_kGOST,
1323 SSL_aGOST94,
1324 SSL_eNULL,
1325 SSL_GOST94,
1326 SSL_TLSV1,
1327 SSL_NOT_EXP|SSL_STRONG_NONE,
1328 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1329 0,
1330 0
1331 },
1332 {
1333 1,
1334 "GOST2001-NULL-GOST94",
1335 0x3000083,
1336 SSL_kGOST,
1337 SSL_aGOST01,
1338 SSL_eNULL,
1339 SSL_GOST94,
1340 SSL_TLSV1,
1341 SSL_NOT_EXP|SSL_STRONG_NONE,
1342 SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
1343 0,
1344 0
1345 },
1081 1346
1082#ifndef OPENSSL_NO_CAMELLIA 1347#ifndef OPENSSL_NO_CAMELLIA
1083 /* Camellia ciphersuites from RFC4132 (256-bit portion) */ 1348 /* Camellia ciphersuites from RFC4132 (256-bit portion) */
@@ -1087,81 +1352,163 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1087 1, 1352 1,
1088 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, 1353 TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
1089 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, 1354 TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
1090 SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1355 SSL_kRSA,
1356 SSL_aRSA,
1357 SSL_CAMELLIA256,
1358 SSL_SHA1,
1359 SSL_TLSV1,
1091 SSL_NOT_EXP|SSL_HIGH, 1360 SSL_NOT_EXP|SSL_HIGH,
1092 0, 1361 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1093 256, 1362 256,
1094 256, 1363 256,
1095 SSL_ALL_CIPHERS,
1096 SSL_ALL_STRENGTHS
1097 }, 1364 },
1098 /* Cipher 85 */ 1365 /* Cipher 85 */
1099 { 1366 {
1100 0, /* not implemented (non-ephemeral DH) */ 1367 0, /* not implemented (non-ephemeral DH) */
1101 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1368 TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1102 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, 1369 TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
1103 SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1370 SSL_kDHd,
1371 SSL_aDH,
1372 SSL_CAMELLIA256,
1373 SSL_SHA1,
1374 SSL_TLSV1,
1104 SSL_NOT_EXP|SSL_HIGH, 1375 SSL_NOT_EXP|SSL_HIGH,
1105 0, 1376 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1106 256, 1377 256,
1107 256, 1378 256,
1108 SSL_ALL_CIPHERS,
1109 SSL_ALL_STRENGTHS
1110 }, 1379 },
1380
1111 /* Cipher 86 */ 1381 /* Cipher 86 */
1112 { 1382 {
1113 0, /* not implemented (non-ephemeral DH) */ 1383 0, /* not implemented (non-ephemeral DH) */
1114 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1384 TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1115 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, 1385 TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
1116 SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1386 SSL_kDHr,
1387 SSL_aDH,
1388 SSL_CAMELLIA256,
1389 SSL_SHA1,
1390 SSL_TLSV1,
1117 SSL_NOT_EXP|SSL_HIGH, 1391 SSL_NOT_EXP|SSL_HIGH,
1118 0, 1392 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1119 256, 1393 256,
1120 256, 1394 256,
1121 SSL_ALL_CIPHERS,
1122 SSL_ALL_STRENGTHS
1123 }, 1395 },
1396
1124 /* Cipher 87 */ 1397 /* Cipher 87 */
1125 { 1398 {
1126 1, 1399 1,
1127 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1400 TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1128 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, 1401 TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
1129 SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1402 SSL_kEDH,
1403 SSL_aDSS,
1404 SSL_CAMELLIA256,
1405 SSL_SHA1,
1406 SSL_TLSV1,
1130 SSL_NOT_EXP|SSL_HIGH, 1407 SSL_NOT_EXP|SSL_HIGH,
1131 0, 1408 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1132 256, 1409 256,
1133 256, 1410 256,
1134 SSL_ALL_CIPHERS,
1135 SSL_ALL_STRENGTHS
1136 }, 1411 },
1412
1137 /* Cipher 88 */ 1413 /* Cipher 88 */
1138 { 1414 {
1139 1, 1415 1,
1140 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1416 TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1141 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, 1417 TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
1142 SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1418 SSL_kEDH,
1419 SSL_aRSA,
1420 SSL_CAMELLIA256,
1421 SSL_SHA1,
1422 SSL_TLSV1,
1143 SSL_NOT_EXP|SSL_HIGH, 1423 SSL_NOT_EXP|SSL_HIGH,
1144 0, 1424 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1145 256, 1425 256,
1146 256, 1426 256,
1147 SSL_ALL_CIPHERS,
1148 SSL_ALL_STRENGTHS
1149 }, 1427 },
1428
1150 /* Cipher 89 */ 1429 /* Cipher 89 */
1151 { 1430 {
1152 1, 1431 1,
1153 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, 1432 TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
1154 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, 1433 TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
1155 SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1, 1434 SSL_kEDH,
1435 SSL_aNULL,
1436 SSL_CAMELLIA256,
1437 SSL_SHA1,
1438 SSL_TLSV1,
1156 SSL_NOT_EXP|SSL_HIGH, 1439 SSL_NOT_EXP|SSL_HIGH,
1157 0, 1440 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1158 256, 1441 256,
1159 256, 1442 256,
1160 SSL_ALL_CIPHERS,
1161 SSL_ALL_STRENGTHS
1162 }, 1443 },
1163#endif /* OPENSSL_NO_CAMELLIA */ 1444#endif /* OPENSSL_NO_CAMELLIA */
1164 1445
1446#ifndef OPENSSL_NO_PSK
1447 /* Cipher 8A */
1448 {
1449 1,
1450 TLS1_TXT_PSK_WITH_RC4_128_SHA,
1451 TLS1_CK_PSK_WITH_RC4_128_SHA,
1452 SSL_kPSK,
1453 SSL_aPSK,
1454 SSL_RC4,
1455 SSL_SHA1,
1456 SSL_TLSV1,
1457 SSL_NOT_EXP|SSL_MEDIUM,
1458 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1459 128,
1460 128,
1461 },
1462
1463 /* Cipher 8B */
1464 {
1465 1,
1466 TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
1467 TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
1468 SSL_kPSK,
1469 SSL_aPSK,
1470 SSL_3DES,
1471 SSL_SHA1,
1472 SSL_TLSV1,
1473 SSL_NOT_EXP|SSL_HIGH,
1474 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1475 168,
1476 168,
1477 },
1478
1479 /* Cipher 8C */
1480 {
1481 1,
1482 TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
1483 TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
1484 SSL_kPSK,
1485 SSL_aPSK,
1486 SSL_AES128,
1487 SSL_SHA1,
1488 SSL_TLSV1,
1489 SSL_NOT_EXP|SSL_HIGH,
1490 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 128,
1492 128,
1493 },
1494
1495 /* Cipher 8D */
1496 {
1497 1,
1498 TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
1499 TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
1500 SSL_kPSK,
1501 SSL_aPSK,
1502 SSL_AES256,
1503 SSL_SHA1,
1504 SSL_TLSV1,
1505 SSL_NOT_EXP|SSL_HIGH,
1506 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1507 256,
1508 256,
1509 },
1510#endif /* OPENSSL_NO_PSK */
1511
1165#ifndef OPENSSL_NO_SEED 1512#ifndef OPENSSL_NO_SEED
1166 /* SEED ciphersuites from RFC4162 */ 1513 /* SEED ciphersuites from RFC4162 */
1167 1514
@@ -1170,13 +1517,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1170 1, 1517 1,
1171 TLS1_TXT_RSA_WITH_SEED_SHA, 1518 TLS1_TXT_RSA_WITH_SEED_SHA,
1172 TLS1_CK_RSA_WITH_SEED_SHA, 1519 TLS1_CK_RSA_WITH_SEED_SHA,
1173 SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1520 SSL_kRSA,
1521 SSL_aRSA,
1522 SSL_SEED,
1523 SSL_SHA1,
1524 SSL_TLSV1,
1174 SSL_NOT_EXP|SSL_MEDIUM, 1525 SSL_NOT_EXP|SSL_MEDIUM,
1175 0, 1526 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1176 128, 1527 128,
1177 128, 1528 128,
1178 SSL_ALL_CIPHERS,
1179 SSL_ALL_STRENGTHS,
1180 }, 1529 },
1181 1530
1182 /* Cipher 97 */ 1531 /* Cipher 97 */
@@ -1184,13 +1533,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1184 0, /* not implemented (non-ephemeral DH) */ 1533 0, /* not implemented (non-ephemeral DH) */
1185 TLS1_TXT_DH_DSS_WITH_SEED_SHA, 1534 TLS1_TXT_DH_DSS_WITH_SEED_SHA,
1186 TLS1_CK_DH_DSS_WITH_SEED_SHA, 1535 TLS1_CK_DH_DSS_WITH_SEED_SHA,
1187 SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1536 SSL_kDHd,
1537 SSL_aDH,
1538 SSL_SEED,
1539 SSL_SHA1,
1540 SSL_TLSV1,
1188 SSL_NOT_EXP|SSL_MEDIUM, 1541 SSL_NOT_EXP|SSL_MEDIUM,
1189 0, 1542 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1190 128, 1543 128,
1191 128, 1544 128,
1192 SSL_ALL_CIPHERS,
1193 SSL_ALL_STRENGTHS,
1194 }, 1545 },
1195 1546
1196 /* Cipher 98 */ 1547 /* Cipher 98 */
@@ -1198,13 +1549,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1198 0, /* not implemented (non-ephemeral DH) */ 1549 0, /* not implemented (non-ephemeral DH) */
1199 TLS1_TXT_DH_RSA_WITH_SEED_SHA, 1550 TLS1_TXT_DH_RSA_WITH_SEED_SHA,
1200 TLS1_CK_DH_RSA_WITH_SEED_SHA, 1551 TLS1_CK_DH_RSA_WITH_SEED_SHA,
1201 SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1552 SSL_kDHr,
1553 SSL_aDH,
1554 SSL_SEED,
1555 SSL_SHA1,
1556 SSL_TLSV1,
1202 SSL_NOT_EXP|SSL_MEDIUM, 1557 SSL_NOT_EXP|SSL_MEDIUM,
1203 0, 1558 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1204 128, 1559 128,
1205 128, 1560 128,
1206 SSL_ALL_CIPHERS,
1207 SSL_ALL_STRENGTHS,
1208 }, 1561 },
1209 1562
1210 /* Cipher 99 */ 1563 /* Cipher 99 */
@@ -1212,13 +1565,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1212 1, 1565 1,
1213 TLS1_TXT_DHE_DSS_WITH_SEED_SHA, 1566 TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
1214 TLS1_CK_DHE_DSS_WITH_SEED_SHA, 1567 TLS1_CK_DHE_DSS_WITH_SEED_SHA,
1215 SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1568 SSL_kEDH,
1569 SSL_aDSS,
1570 SSL_SEED,
1571 SSL_SHA1,
1572 SSL_TLSV1,
1216 SSL_NOT_EXP|SSL_MEDIUM, 1573 SSL_NOT_EXP|SSL_MEDIUM,
1217 0, 1574 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1218 128, 1575 128,
1219 128, 1576 128,
1220 SSL_ALL_CIPHERS,
1221 SSL_ALL_STRENGTHS,
1222 }, 1577 },
1223 1578
1224 /* Cipher 9A */ 1579 /* Cipher 9A */
@@ -1226,13 +1581,15 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1226 1, 1581 1,
1227 TLS1_TXT_DHE_RSA_WITH_SEED_SHA, 1582 TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
1228 TLS1_CK_DHE_RSA_WITH_SEED_SHA, 1583 TLS1_CK_DHE_RSA_WITH_SEED_SHA,
1229 SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1584 SSL_kEDH,
1585 SSL_aRSA,
1586 SSL_SEED,
1587 SSL_SHA1,
1588 SSL_TLSV1,
1230 SSL_NOT_EXP|SSL_MEDIUM, 1589 SSL_NOT_EXP|SSL_MEDIUM,
1231 0, 1590 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1232 128, 1591 128,
1233 128, 1592 128,
1234 SSL_ALL_CIPHERS,
1235 SSL_ALL_STRENGTHS,
1236 }, 1593 },
1237 1594
1238 /* Cipher 9B */ 1595 /* Cipher 9B */
@@ -1240,376 +1597,487 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1240 1, 1597 1,
1241 TLS1_TXT_ADH_WITH_SEED_SHA, 1598 TLS1_TXT_ADH_WITH_SEED_SHA,
1242 TLS1_CK_ADH_WITH_SEED_SHA, 1599 TLS1_CK_ADH_WITH_SEED_SHA,
1243 SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1, 1600 SSL_kEDH,
1601 SSL_aNULL,
1602 SSL_SEED,
1603 SSL_SHA1,
1604 SSL_TLSV1,
1244 SSL_NOT_EXP|SSL_MEDIUM, 1605 SSL_NOT_EXP|SSL_MEDIUM,
1245 0, 1606 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1246 128, 1607 128,
1247 128, 1608 128,
1248 SSL_ALL_CIPHERS,
1249 SSL_ALL_STRENGTHS,
1250 }, 1609 },
1251 1610
1252#endif /* OPENSSL_NO_SEED */ 1611#endif /* OPENSSL_NO_SEED */
1253 1612
1254#ifndef OPENSSL_NO_ECDH 1613#ifndef OPENSSL_NO_ECDH
1255 /* Cipher C001 */ 1614 /* Cipher C001 */
1256 { 1615 {
1257 1, 1616 1,
1258 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA, 1617 TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
1259 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA, 1618 TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
1260 SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1619 SSL_kECDHe,
1261 SSL_NOT_EXP, 1620 SSL_aECDH,
1262 0, 1621 SSL_eNULL,
1263 0, 1622 SSL_SHA1,
1264 0, 1623 SSL_TLSV1,
1265 SSL_ALL_CIPHERS, 1624 SSL_NOT_EXP|SSL_STRONG_NONE,
1266 SSL_ALL_STRENGTHS, 1625 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1267 }, 1626 0,
1627 0,
1628 },
1268 1629
1269 /* Cipher C002 */ 1630 /* Cipher C002 */
1270 { 1631 {
1271 1, 1632 1,
1272 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, 1633 TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
1273 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA, 1634 TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
1274 SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1635 SSL_kECDHe,
1275 SSL_NOT_EXP, 1636 SSL_aECDH,
1276 0, 1637 SSL_RC4,
1277 128, 1638 SSL_SHA1,
1278 128, 1639 SSL_TLSV1,
1279 SSL_ALL_CIPHERS, 1640 SSL_NOT_EXP|SSL_MEDIUM,
1280 SSL_ALL_STRENGTHS, 1641 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1281 }, 1642 128,
1643 128,
1644 },
1282 1645
1283 /* Cipher C003 */ 1646 /* Cipher C003 */
1284 { 1647 {
1285 1, 1648 1,
1286 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1649 TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1287 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, 1650 TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
1288 SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1651 SSL_kECDHe,
1289 SSL_NOT_EXP|SSL_HIGH, 1652 SSL_aECDH,
1290 0, 1653 SSL_3DES,
1291 168, 1654 SSL_SHA1,
1292 168, 1655 SSL_TLSV1,
1293 SSL_ALL_CIPHERS, 1656 SSL_NOT_EXP|SSL_HIGH,
1294 SSL_ALL_STRENGTHS, 1657 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1295 }, 1658 168,
1659 168,
1660 },
1296 1661
1297 /* Cipher C004 */ 1662 /* Cipher C004 */
1298 { 1663 {
1299 1, 1664 1,
1300 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1665 TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1301 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA, 1666 TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
1302 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1667 SSL_kECDHe,
1303 SSL_NOT_EXP|SSL_HIGH, 1668 SSL_aECDH,
1304 0, 1669 SSL_AES128,
1305 128, 1670 SSL_SHA1,
1306 128, 1671 SSL_TLSV1,
1307 SSL_ALL_CIPHERS, 1672 SSL_NOT_EXP|SSL_HIGH,
1308 SSL_ALL_STRENGTHS, 1673 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1309 }, 1674 128,
1675 128,
1676 },
1310 1677
1311 /* Cipher C005 */ 1678 /* Cipher C005 */
1312 { 1679 {
1313 1, 1680 1,
1314 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1681 TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1315 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA, 1682 TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
1316 SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1683 SSL_kECDHe,
1317 SSL_NOT_EXP|SSL_HIGH, 1684 SSL_aECDH,
1318 0, 1685 SSL_AES256,
1319 256, 1686 SSL_SHA1,
1320 256, 1687 SSL_TLSV1,
1321 SSL_ALL_CIPHERS, 1688 SSL_NOT_EXP|SSL_HIGH,
1322 SSL_ALL_STRENGTHS, 1689 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1323 }, 1690 256,
1691 256,
1692 },
1324 1693
1325 /* Cipher C006 */ 1694 /* Cipher C006 */
1326 { 1695 {
1327 1, 1696 1,
1328 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, 1697 TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
1329 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, 1698 TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
1330 SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1699 SSL_kEECDH,
1331 SSL_NOT_EXP, 1700 SSL_aECDSA,
1332 0, 1701 SSL_eNULL,
1333 0, 1702 SSL_SHA1,
1334 0, 1703 SSL_TLSV1,
1335 SSL_ALL_CIPHERS, 1704 SSL_NOT_EXP|SSL_STRONG_NONE,
1336 SSL_ALL_STRENGTHS, 1705 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1337 }, 1706 0,
1707 0,
1708 },
1338 1709
1339 /* Cipher C007 */ 1710 /* Cipher C007 */
1340 { 1711 {
1341 1, 1712 1,
1342 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, 1713 TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
1343 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, 1714 TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
1344 SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1715 SSL_kEECDH,
1345 SSL_NOT_EXP, 1716 SSL_aECDSA,
1346 0, 1717 SSL_RC4,
1347 128, 1718 SSL_SHA1,
1348 128, 1719 SSL_TLSV1,
1349 SSL_ALL_CIPHERS, 1720 SSL_NOT_EXP|SSL_MEDIUM,
1350 SSL_ALL_STRENGTHS, 1721 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1351 }, 1722 128,
1723 128,
1724 },
1352 1725
1353 /* Cipher C008 */ 1726 /* Cipher C008 */
1354 { 1727 {
1355 1, 1728 1,
1356 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1729 TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1357 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, 1730 TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
1358 SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1731 SSL_kEECDH,
1359 SSL_NOT_EXP|SSL_HIGH, 1732 SSL_aECDSA,
1360 0, 1733 SSL_3DES,
1361 168, 1734 SSL_SHA1,
1362 168, 1735 SSL_TLSV1,
1363 SSL_ALL_CIPHERS, 1736 SSL_NOT_EXP|SSL_HIGH,
1364 SSL_ALL_STRENGTHS, 1737 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1365 }, 1738 168,
1739 168,
1740 },
1366 1741
1367 /* Cipher C009 */ 1742 /* Cipher C009 */
1368 { 1743 {
1369 1, 1744 1,
1370 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1745 TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1371 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 1746 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
1372 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1747 SSL_kEECDH,
1373 SSL_NOT_EXP|SSL_HIGH, 1748 SSL_aECDSA,
1374 0, 1749 SSL_AES128,
1375 128, 1750 SSL_SHA1,
1376 128, 1751 SSL_TLSV1,
1377 SSL_ALL_CIPHERS, 1752 SSL_NOT_EXP|SSL_HIGH,
1378 SSL_ALL_STRENGTHS, 1753 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1379 }, 1754 128,
1755 128,
1756 },
1380 1757
1381 /* Cipher C00A */ 1758 /* Cipher C00A */
1382 { 1759 {
1383 1, 1760 1,
1384 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1761 TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1385 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 1762 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
1386 SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1763 SSL_kEECDH,
1387 SSL_NOT_EXP|SSL_HIGH, 1764 SSL_aECDSA,
1388 0, 1765 SSL_AES256,
1389 256, 1766 SSL_SHA1,
1390 256, 1767 SSL_TLSV1,
1391 SSL_ALL_CIPHERS, 1768 SSL_NOT_EXP|SSL_HIGH,
1392 SSL_ALL_STRENGTHS, 1769 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1393 }, 1770 256,
1771 256,
1772 },
1394 1773
1395 /* Cipher C00B */ 1774 /* Cipher C00B */
1396 { 1775 {
1397 1, 1776 1,
1398 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA, 1777 TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
1399 TLS1_CK_ECDH_RSA_WITH_NULL_SHA, 1778 TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
1400 SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1779 SSL_kECDHr,
1401 SSL_NOT_EXP, 1780 SSL_aECDH,
1402 0, 1781 SSL_eNULL,
1403 0, 1782 SSL_SHA1,
1404 0, 1783 SSL_TLSV1,
1405 SSL_ALL_CIPHERS, 1784 SSL_NOT_EXP|SSL_STRONG_NONE,
1406 SSL_ALL_STRENGTHS, 1785 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1407 }, 1786 0,
1787 0,
1788 },
1408 1789
1409 /* Cipher C00C */ 1790 /* Cipher C00C */
1410 { 1791 {
1411 1, 1792 1,
1412 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, 1793 TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
1413 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA, 1794 TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
1414 SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1795 SSL_kECDHr,
1415 SSL_NOT_EXP, 1796 SSL_aECDH,
1416 0, 1797 SSL_RC4,
1417 128, 1798 SSL_SHA1,
1418 128, 1799 SSL_TLSV1,
1419 SSL_ALL_CIPHERS, 1800 SSL_NOT_EXP|SSL_MEDIUM,
1420 SSL_ALL_STRENGTHS, 1801 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1421 }, 1802 128,
1803 128,
1804 },
1422 1805
1423 /* Cipher C00D */ 1806 /* Cipher C00D */
1424 { 1807 {
1425 1, 1808 1,
1426 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1809 TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1427 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA, 1810 TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
1428 SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1811 SSL_kECDHr,
1429 SSL_NOT_EXP|SSL_HIGH, 1812 SSL_aECDH,
1430 0, 1813 SSL_3DES,
1431 168, 1814 SSL_SHA1,
1432 168, 1815 SSL_TLSV1,
1433 SSL_ALL_CIPHERS, 1816 SSL_NOT_EXP|SSL_HIGH,
1434 SSL_ALL_STRENGTHS, 1817 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1435 }, 1818 168,
1819 168,
1820 },
1436 1821
1437 /* Cipher C00E */ 1822 /* Cipher C00E */
1438 { 1823 {
1439 1, 1824 1,
1440 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA, 1825 TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
1441 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA, 1826 TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
1442 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1827 SSL_kECDHr,
1443 SSL_NOT_EXP|SSL_HIGH, 1828 SSL_aECDH,
1444 0, 1829 SSL_AES128,
1445 128, 1830 SSL_SHA1,
1446 128, 1831 SSL_TLSV1,
1447 SSL_ALL_CIPHERS, 1832 SSL_NOT_EXP|SSL_HIGH,
1448 SSL_ALL_STRENGTHS, 1833 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1449 }, 1834 128,
1835 128,
1836 },
1450 1837
1451 /* Cipher C00F */ 1838 /* Cipher C00F */
1452 { 1839 {
1453 1, 1840 1,
1454 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA, 1841 TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
1455 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA, 1842 TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
1456 SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1843 SSL_kECDHr,
1457 SSL_NOT_EXP|SSL_HIGH, 1844 SSL_aECDH,
1458 0, 1845 SSL_AES256,
1459 256, 1846 SSL_SHA1,
1460 256, 1847 SSL_TLSV1,
1461 SSL_ALL_CIPHERS, 1848 SSL_NOT_EXP|SSL_HIGH,
1462 SSL_ALL_STRENGTHS, 1849 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1463 }, 1850 256,
1851 256,
1852 },
1464 1853
1465 /* Cipher C010 */ 1854 /* Cipher C010 */
1466 { 1855 {
1467 1, 1856 1,
1468 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, 1857 TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
1469 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, 1858 TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
1470 SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1859 SSL_kEECDH,
1471 SSL_NOT_EXP, 1860 SSL_aRSA,
1472 0, 1861 SSL_eNULL,
1473 0, 1862 SSL_SHA1,
1474 0, 1863 SSL_TLSV1,
1475 SSL_ALL_CIPHERS, 1864 SSL_NOT_EXP|SSL_STRONG_NONE,
1476 SSL_ALL_STRENGTHS, 1865 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1477 }, 1866 0,
1867 0,
1868 },
1478 1869
1479 /* Cipher C011 */ 1870 /* Cipher C011 */
1480 { 1871 {
1481 1, 1872 1,
1482 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, 1873 TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
1483 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, 1874 TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
1484 SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, 1875 SSL_kEECDH,
1485 SSL_NOT_EXP, 1876 SSL_aRSA,
1486 0, 1877 SSL_RC4,
1487 128, 1878 SSL_SHA1,
1488 128, 1879 SSL_TLSV1,
1489 SSL_ALL_CIPHERS, 1880 SSL_NOT_EXP|SSL_MEDIUM,
1490 SSL_ALL_STRENGTHS, 1881 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1491 }, 1882 128,
1883 128,
1884 },
1492 1885
1493 /* Cipher C012 */ 1886 /* Cipher C012 */
1494 { 1887 {
1495 1, 1888 1,
1496 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1889 TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1497 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, 1890 TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
1498 SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1, 1891 SSL_kEECDH,
1499 SSL_NOT_EXP|SSL_HIGH, 1892 SSL_aRSA,
1500 0, 1893 SSL_3DES,
1501 168, 1894 SSL_SHA1,
1502 168, 1895 SSL_TLSV1,
1503 SSL_ALL_CIPHERS, 1896 SSL_NOT_EXP|SSL_HIGH,
1504 SSL_ALL_STRENGTHS, 1897 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1505 }, 1898 168,
1899 168,
1900 },
1506 1901
1507 /* Cipher C013 */ 1902 /* Cipher C013 */
1508 { 1903 {
1509 1, 1904 1,
1510 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1905 TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1511 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, 1906 TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
1512 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1907 SSL_kEECDH,
1513 SSL_NOT_EXP|SSL_HIGH, 1908 SSL_aRSA,
1514 0, 1909 SSL_AES128,
1515 128, 1910 SSL_SHA1,
1516 128, 1911 SSL_TLSV1,
1517 SSL_ALL_CIPHERS, 1912 SSL_NOT_EXP|SSL_HIGH,
1518 SSL_ALL_STRENGTHS, 1913 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1519 }, 1914 128,
1915 128,
1916 },
1520 1917
1521 /* Cipher C014 */ 1918 /* Cipher C014 */
1522 { 1919 {
1523 1, 1920 1,
1524 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1921 TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1525 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, 1922 TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
1526 SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 1923 SSL_kEECDH,
1527 SSL_NOT_EXP|SSL_HIGH, 1924 SSL_aRSA,
1528 0, 1925 SSL_AES256,
1529 256, 1926 SSL_SHA1,
1530 256, 1927 SSL_TLSV1,
1531 SSL_ALL_CIPHERS, 1928 SSL_NOT_EXP|SSL_HIGH,
1532 SSL_ALL_STRENGTHS, 1929 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1533 }, 1930 256,
1931 256,
1932 },
1534 1933
1535 /* Cipher C015 */ 1934 /* Cipher C015 */
1536 { 1935 {
1537 1, 1936 1,
1538 TLS1_TXT_ECDH_anon_WITH_NULL_SHA, 1937 TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
1539 TLS1_CK_ECDH_anon_WITH_NULL_SHA, 1938 TLS1_CK_ECDH_anon_WITH_NULL_SHA,
1540 SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1, 1939 SSL_kEECDH,
1541 SSL_NOT_EXP, 1940 SSL_aNULL,
1542 0, 1941 SSL_eNULL,
1543 0, 1942 SSL_SHA1,
1544 0, 1943 SSL_TLSV1,
1545 SSL_ALL_CIPHERS, 1944 SSL_NOT_EXP|SSL_STRONG_NONE,
1546 SSL_ALL_STRENGTHS, 1945 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1547 }, 1946 0,
1947 0,
1948 },
1548 1949
1549 /* Cipher C016 */ 1950 /* Cipher C016 */
1550 { 1951 {
1551 1, 1952 1,
1552 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, 1953 TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
1553 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, 1954 TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
1554 SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1, 1955 SSL_kEECDH,
1555 SSL_NOT_EXP, 1956 SSL_aNULL,
1556 0, 1957 SSL_RC4,
1557 128, 1958 SSL_SHA1,
1558 128, 1959 SSL_TLSV1,
1559 SSL_ALL_CIPHERS, 1960 SSL_NOT_EXP|SSL_MEDIUM,
1560 SSL_ALL_STRENGTHS, 1961 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1561 }, 1962 128,
1963 128,
1964 },
1562 1965
1563 /* Cipher C017 */ 1966 /* Cipher C017 */
1564 { 1967 {
1565 1, 1968 1,
1566 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, 1969 TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
1567 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, 1970 TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
1568 SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1, 1971 SSL_kEECDH,
1569 SSL_NOT_EXP|SSL_HIGH, 1972 SSL_aNULL,
1570 0, 1973 SSL_3DES,
1571 168, 1974 SSL_SHA1,
1572 168, 1975 SSL_TLSV1,
1573 SSL_ALL_CIPHERS, 1976 SSL_NOT_EXP|SSL_HIGH,
1574 SSL_ALL_STRENGTHS, 1977 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1575 }, 1978 168,
1979 168,
1980 },
1576 1981
1577 /* Cipher C018 */ 1982 /* Cipher C018 */
1578 { 1983 {
1579 1, 1984 1,
1580 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, 1985 TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
1581 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, 1986 TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
1582 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 1987 SSL_kEECDH,
1583 SSL_NOT_EXP|SSL_HIGH, 1988 SSL_aNULL,
1584 0, 1989 SSL_AES128,
1585 128, 1990 SSL_SHA1,
1586 128, 1991 SSL_TLSV1,
1587 SSL_ALL_CIPHERS, 1992 SSL_NOT_EXP|SSL_HIGH,
1588 SSL_ALL_STRENGTHS, 1993 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1589 }, 1994 128,
1995 128,
1996 },
1590 1997
1591 /* Cipher C019 */ 1998 /* Cipher C019 */
1592 { 1999 {
1593 1, 2000 1,
1594 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, 2001 TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
1595 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, 2002 TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
1596 SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 2003 SSL_kEECDH,
1597 SSL_NOT_EXP|SSL_HIGH, 2004 SSL_aNULL,
1598 0, 2005 SSL_AES256,
1599 256, 2006 SSL_SHA1,
1600 256, 2007 SSL_TLSV1,
1601 SSL_ALL_CIPHERS, 2008 SSL_NOT_EXP|SSL_HIGH,
1602 SSL_ALL_STRENGTHS, 2009 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
1603 }, 2010 256,
2011 256,
2012 },
1604#endif /* OPENSSL_NO_ECDH */ 2013#endif /* OPENSSL_NO_ECDH */
1605 2014
2015#ifdef TEMP_GOST_TLS
2016/* Cipher FF00 */
2017 {
2018 1,
2019 "GOST-MD5",
2020 0x0300ff00,
2021 SSL_kRSA,
2022 SSL_aRSA,
2023 SSL_eGOST2814789CNT,
2024 SSL_MD5,
2025 SSL_TLSV1,
2026 SSL_NOT_EXP|SSL_HIGH,
2027 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2028 256,
2029 256,
2030 },
2031 {
2032 1,
2033 "GOST-GOST94",
2034 0x0300ff01,
2035 SSL_kRSA,
2036 SSL_aRSA,
2037 SSL_eGOST2814789CNT,
2038 SSL_GOST94,
2039 SSL_TLSV1,
2040 SSL_NOT_EXP|SSL_HIGH,
2041 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2042 256,
2043 256
2044 },
2045 {
2046 1,
2047 "GOST-GOST89MAC",
2048 0x0300ff02,
2049 SSL_kRSA,
2050 SSL_aRSA,
2051 SSL_eGOST2814789CNT,
2052 SSL_GOST89MAC,
2053 SSL_TLSV1,
2054 SSL_NOT_EXP|SSL_HIGH,
2055 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
2056 256,
2057 256
2058 },
2059 {
2060 1,
2061 "GOST-GOST89STREAM",
2062 0x0300ff03,
2063 SSL_kRSA,
2064 SSL_aRSA,
2065 SSL_eGOST2814789CNT,
2066 SSL_GOST89MAC,
2067 SSL_TLSV1,
2068 SSL_NOT_EXP|SSL_HIGH,
2069 SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
2070 256,
2071 256
2072 },
2073#endif
1606 2074
1607/* end of list */ 2075/* end of list */
1608 }; 2076 };
1609 2077
1610SSL3_ENC_METHOD SSLv3_enc_data={ 2078SSL3_ENC_METHOD SSLv3_enc_data={
1611 ssl3_enc, 2079 ssl3_enc,
1612 ssl3_mac, 2080 n_ssl3_mac,
1613 ssl3_setup_key_block, 2081 ssl3_setup_key_block,
1614 ssl3_generate_master_secret, 2082 ssl3_generate_master_secret,
1615 ssl3_change_cipher_state, 2083 ssl3_change_cipher_state,
@@ -1628,17 +2096,12 @@ long ssl3_default_timeout(void)
1628 return(60*60*2); 2096 return(60*60*2);
1629 } 2097 }
1630 2098
1631IMPLEMENT_ssl3_meth_func(sslv3_base_method,
1632 ssl_undefined_function,
1633 ssl_undefined_function,
1634 ssl_bad_method)
1635
1636int ssl3_num_ciphers(void) 2099int ssl3_num_ciphers(void)
1637 { 2100 {
1638 return(SSL3_NUM_CIPHERS); 2101 return(SSL3_NUM_CIPHERS);
1639 } 2102 }
1640 2103
1641SSL_CIPHER *ssl3_get_cipher(unsigned int u) 2104const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
1642 { 2105 {
1643 if (u < SSL3_NUM_CIPHERS) 2106 if (u < SSL3_NUM_CIPHERS)
1644 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); 2107 return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -1660,10 +2123,8 @@ int ssl3_new(SSL *s)
1660 2123
1661 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; 2124 if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
1662 memset(s3,0,sizeof *s3); 2125 memset(s3,0,sizeof *s3);
1663 EVP_MD_CTX_init(&s3->finish_dgst1); 2126 memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
1664 EVP_MD_CTX_init(&s3->finish_dgst2); 2127 memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
1665 pq_64bit_init(&(s3->rrec.seq_num));
1666 pq_64bit_init(&(s3->wrec.seq_num));
1667 2128
1668 s->s3=s3; 2129 s->s3=s3;
1669 2130
@@ -1678,11 +2139,18 @@ void ssl3_free(SSL *s)
1678 if(s == NULL) 2139 if(s == NULL)
1679 return; 2140 return;
1680 2141
2142#ifdef TLSEXT_TYPE_opaque_prf_input
2143 if (s->s3->client_opaque_prf_input != NULL)
2144 OPENSSL_free(s->s3->client_opaque_prf_input);
2145 if (s->s3->server_opaque_prf_input != NULL)
2146 OPENSSL_free(s->s3->server_opaque_prf_input);
2147#endif
2148
1681 ssl3_cleanup_key_block(s); 2149 ssl3_cleanup_key_block(s);
1682 if (s->s3->rbuf.buf != NULL) 2150 if (s->s3->rbuf.buf != NULL)
1683 OPENSSL_free(s->s3->rbuf.buf); 2151 ssl3_release_read_buffer(s);
1684 if (s->s3->wbuf.buf != NULL) 2152 if (s->s3->wbuf.buf != NULL)
1685 OPENSSL_free(s->s3->wbuf.buf); 2153 ssl3_release_write_buffer(s);
1686 if (s->s3->rrec.comp != NULL) 2154 if (s->s3->rrec.comp != NULL)
1687 OPENSSL_free(s->s3->rrec.comp); 2155 OPENSSL_free(s->s3->rrec.comp);
1688#ifndef OPENSSL_NO_DH 2156#ifndef OPENSSL_NO_DH
@@ -1696,11 +2164,10 @@ void ssl3_free(SSL *s)
1696 2164
1697 if (s->s3->tmp.ca_names != NULL) 2165 if (s->s3->tmp.ca_names != NULL)
1698 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2166 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
1699 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 2167 if (s->s3->handshake_buffer) {
1700 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 2168 BIO_free(s->s3->handshake_buffer);
1701 pq_64bit_free(&(s->s3->rrec.seq_num)); 2169 }
1702 pq_64bit_free(&(s->s3->wrec.seq_num)); 2170 if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
1703
1704 OPENSSL_cleanse(s->s3,sizeof *s->s3); 2171 OPENSSL_cleanse(s->s3,sizeof *s->s3);
1705 OPENSSL_free(s->s3); 2172 OPENSSL_free(s->s3);
1706 s->s3=NULL; 2173 s->s3=NULL;
@@ -1711,6 +2178,15 @@ void ssl3_clear(SSL *s)
1711 unsigned char *rp,*wp; 2178 unsigned char *rp,*wp;
1712 size_t rlen, wlen; 2179 size_t rlen, wlen;
1713 2180
2181#ifdef TLSEXT_TYPE_opaque_prf_input
2182 if (s->s3->client_opaque_prf_input != NULL)
2183 OPENSSL_free(s->s3->client_opaque_prf_input);
2184 s->s3->client_opaque_prf_input = NULL;
2185 if (s->s3->server_opaque_prf_input != NULL)
2186 OPENSSL_free(s->s3->server_opaque_prf_input);
2187 s->s3->server_opaque_prf_input = NULL;
2188#endif
2189
1714 ssl3_cleanup_key_block(s); 2190 ssl3_cleanup_key_block(s);
1715 if (s->s3->tmp.ca_names != NULL) 2191 if (s->s3->tmp.ca_names != NULL)
1716 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); 2192 sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
@@ -1733,10 +2209,13 @@ void ssl3_clear(SSL *s)
1733 wp = s->s3->wbuf.buf; 2209 wp = s->s3->wbuf.buf;
1734 rlen = s->s3->rbuf.len; 2210 rlen = s->s3->rbuf.len;
1735 wlen = s->s3->wbuf.len; 2211 wlen = s->s3->wbuf.len;
1736 2212 if (s->s3->handshake_buffer) {
1737 EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); 2213 BIO_free(s->s3->handshake_buffer);
1738 EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); 2214 s->s3->handshake_buffer = NULL;
1739 2215 }
2216 if (s->s3->handshake_dgst) {
2217 ssl3_free_digest_list(s);
2218 }
1740 memset(s->s3,0,sizeof *s->s3); 2219 memset(s->s3,0,sizeof *s->s3);
1741 s->s3->rbuf.buf = rp; 2220 s->s3->rbuf.buf = rp;
1742 s->s3->wbuf.buf = wp; 2221 s->s3->wbuf.buf = wp;
@@ -1936,7 +2415,31 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
1936 s->tlsext_debug_arg=parg; 2415 s->tlsext_debug_arg=parg;
1937 ret = 1; 2416 ret = 1;
1938 break; 2417 break;
1939 2418
2419#ifdef TLSEXT_TYPE_opaque_prf_input
2420 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
2421 if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
2422 * (including the cert chain and everything) */
2423 {
2424 SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
2425 break;
2426 }
2427 if (s->tlsext_opaque_prf_input != NULL)
2428 OPENSSL_free(s->tlsext_opaque_prf_input);
2429 if ((size_t)larg == 0)
2430 s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
2431 else
2432 s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
2433 if (s->tlsext_opaque_prf_input != NULL)
2434 {
2435 s->tlsext_opaque_prf_input_len = (size_t)larg;
2436 ret = 1;
2437 }
2438 else
2439 s->tlsext_opaque_prf_input_len = 0;
2440 break;
2441#endif
2442
1940 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: 2443 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
1941 s->tlsext_status_type=larg; 2444 s->tlsext_status_type=larg;
1942 ret = 1; 2445 ret = 1;
@@ -2194,13 +2697,20 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
2194 } 2697 }
2195 return 1; 2698 return 1;
2196 } 2699 }
2197 2700
2701#ifdef TLSEXT_TYPE_opaque_prf_input
2702 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
2703 ctx->tlsext_opaque_prf_input_callback_arg = parg;
2704 return 1;
2705#endif
2706
2198 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: 2707 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
2199 ctx->tlsext_status_arg=parg; 2708 ctx->tlsext_status_arg=parg;
2200 return 1; 2709 return 1;
2201 break; 2710 break;
2202 2711
2203#endif /* !OPENSSL_NO_TLSEXT */ 2712#endif /* !OPENSSL_NO_TLSEXT */
2713
2204 /* A Thawte special :-) */ 2714 /* A Thawte special :-) */
2205 case SSL_CTRL_EXTRA_CHAIN_CERT: 2715 case SSL_CTRL_EXTRA_CHAIN_CERT:
2206 if (ctx->extra_certs == NULL) 2716 if (ctx->extra_certs == NULL)
@@ -2250,7 +2760,13 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2250 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: 2760 case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
2251 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp; 2761 ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
2252 break; 2762 break;
2253 2763
2764#ifdef TLSEXT_TYPE_opaque_prf_input
2765 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
2766 ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
2767 break;
2768#endif
2769
2254 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: 2770 case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
2255 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp; 2771 ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
2256 break; 2772 break;
@@ -2271,17 +2787,15 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
2271 2787
2272/* This function needs to check if the ciphers required are actually 2788/* This function needs to check if the ciphers required are actually
2273 * available */ 2789 * available */
2274SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) 2790const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
2275 { 2791 {
2276 SSL_CIPHER c,*cp; 2792 SSL_CIPHER c;
2793 const SSL_CIPHER *cp;
2277 unsigned long id; 2794 unsigned long id;
2278 2795
2279 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; 2796 id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
2280 c.id=id; 2797 c.id=id;
2281 cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c, 2798 cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
2282 (char *)ssl3_ciphers,
2283 SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
2284 FP_ICC ssl_cipher_id_cmp);
2285 if (cp == NULL || cp->valid == 0) 2799 if (cp == NULL || cp->valid == 0)
2286 return NULL; 2800 return NULL;
2287 else 2801 else
@@ -2307,10 +2821,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2307 { 2821 {
2308 SSL_CIPHER *c,*ret=NULL; 2822 SSL_CIPHER *c,*ret=NULL;
2309 STACK_OF(SSL_CIPHER) *prio, *allow; 2823 STACK_OF(SSL_CIPHER) *prio, *allow;
2310 int i,j,ok; 2824 int i,ii,ok;
2311 2825#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
2826 unsigned int j;
2827 int ec_ok, ec_nid;
2828 unsigned char ec_search1 = 0, ec_search2 = 0;
2829#endif
2312 CERT *cert; 2830 CERT *cert;
2313 unsigned long alg,mask,emask; 2831 unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
2314 2832
2315 /* Let's see which ciphers we can support */ 2833 /* Let's see which ciphers we can support */
2316 cert=s->cert; 2834 cert=s->cert;
@@ -2326,73 +2844,237 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2326#endif 2844#endif
2327 2845
2328#ifdef CIPHER_DEBUG 2846#ifdef CIPHER_DEBUG
2329 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); 2847 printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
2330 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) 2848 for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
2331 { 2849 {
2332 c=sk_SSL_CIPHER_value(srvr,i); 2850 c=sk_SSL_CIPHER_value(srvr,i);
2333 printf("%p:%s\n",c,c->name); 2851 printf("%p:%s\n",(void *)c,c->name);
2334 } 2852 }
2335 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); 2853 printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
2336 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) 2854 for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
2337 { 2855 {
2338 c=sk_SSL_CIPHER_value(clnt,i); 2856 c=sk_SSL_CIPHER_value(clnt,i);
2339 printf("%p:%s\n",c,c->name); 2857 printf("%p:%s\n",(void *)c,c->name);
2340 } 2858 }
2341#endif 2859#endif
2342 2860
2343 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) 2861 if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
2344 { 2862 {
2345 prio = srvr; 2863 prio = srvr;
2346 allow = clnt; 2864 allow = clnt;
2347 } 2865 }
2348 else 2866 else
2349 { 2867 {
2350 prio = clnt; 2868 prio = clnt;
2351 allow = srvr; 2869 allow = srvr;
2352 } 2870 }
2353 2871
2354 for (i=0; i<sk_SSL_CIPHER_num(prio); i++) 2872 for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
2355 { 2873 {
2356 c=sk_SSL_CIPHER_value(prio,i); 2874 c=sk_SSL_CIPHER_value(prio,i);
2357 2875
2358 ssl_set_cert_masks(cert,c); 2876 ssl_set_cert_masks(cert,c);
2359 mask=cert->mask; 2877 mask_k = cert->mask_k;
2360 emask=cert->export_mask; 2878 mask_a = cert->mask_a;
2879 emask_k = cert->export_mask_k;
2880 emask_a = cert->export_mask_a;
2361 2881
2362#ifdef KSSL_DEBUG 2882#ifdef KSSL_DEBUG
2363 printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); 2883/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
2364#endif /* KSSL_DEBUG */ 2884#endif /* KSSL_DEBUG */
2365 2885
2366 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); 2886 alg_k=c->algorithm_mkey;
2887 alg_a=c->algorithm_auth;
2888
2367#ifndef OPENSSL_NO_KRB5 2889#ifndef OPENSSL_NO_KRB5
2368 if (alg & SSL_KRB5) 2890 if (alg_k & SSL_kKRB5)
2369 { 2891 {
2370 if ( !kssl_keytab_is_available(s->kssl_ctx) ) 2892 if ( !kssl_keytab_is_available(s->kssl_ctx) )
2371 continue; 2893 continue;
2372 } 2894 }
2373#endif /* OPENSSL_NO_KRB5 */ 2895#endif /* OPENSSL_NO_KRB5 */
2896#ifndef OPENSSL_NO_PSK
2897 /* with PSK there must be server callback set */
2898 if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
2899 continue;
2900#endif /* OPENSSL_NO_PSK */
2901
2374 if (SSL_C_IS_EXPORT(c)) 2902 if (SSL_C_IS_EXPORT(c))
2375 { 2903 {
2376 ok=((alg & emask) == alg)?1:0; 2904 ok = (alg_k & emask_k) && (alg_a & emask_a);
2377#ifdef CIPHER_DEBUG 2905#ifdef CIPHER_DEBUG
2378 printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, 2906 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
2379 c,c->name); 2907 (void *)c,c->name);
2380#endif 2908#endif
2381 } 2909 }
2382 else 2910 else
2383 { 2911 {
2384 ok=((alg & mask) == alg)?1:0; 2912 ok = (alg_k & mask_k) && (alg_a & mask_a);
2385#ifdef CIPHER_DEBUG 2913#ifdef CIPHER_DEBUG
2386 printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, 2914 printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
2387 c->name); 2915 c->name);
2388#endif 2916#endif
2389 } 2917 }
2390 2918
2919#ifndef OPENSSL_NO_TLSEXT
2920#ifndef OPENSSL_NO_EC
2921 if (
2922 /* if we are considering an ECC cipher suite that uses our certificate */
2923 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2924 /* and we have an ECC certificate */
2925 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2926 /* and the client specified a Supported Point Formats extension */
2927 && ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
2928 /* and our certificate's point is compressed */
2929 && (
2930 (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
2931 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
2932 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
2933 && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
2934 && (
2935 (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
2936 || (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
2937 )
2938 )
2939 )
2940 {
2941 ec_ok = 0;
2942 /* if our certificate's curve is over a field type that the client does not support
2943 * then do not allow this cipher suite to be negotiated */
2944 if (
2945 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2946 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2947 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2948 && (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2949 )
2950 {
2951 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2952 {
2953 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
2954 {
2955 ec_ok = 1;
2956 break;
2957 }
2958 }
2959 }
2960 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2961 {
2962 for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
2963 {
2964 if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
2965 {
2966 ec_ok = 1;
2967 break;
2968 }
2969 }
2970 }
2971 ok = ok && ec_ok;
2972 }
2973 if (
2974 /* if we are considering an ECC cipher suite that uses our certificate */
2975 (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
2976 /* and we have an ECC certificate */
2977 && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
2978 /* and the client specified an EllipticCurves extension */
2979 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
2980 )
2981 {
2982 ec_ok = 0;
2983 if (
2984 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
2985 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
2986 )
2987 {
2988 ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
2989 if ((ec_nid == 0)
2990 && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
2991 )
2992 {
2993 if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
2994 {
2995 ec_search1 = 0xFF;
2996 ec_search2 = 0x01;
2997 }
2998 else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
2999 {
3000 ec_search1 = 0xFF;
3001 ec_search2 = 0x02;
3002 }
3003 }
3004 else
3005 {
3006 ec_search1 = 0x00;
3007 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3008 }
3009 if ((ec_search1 != 0) || (ec_search2 != 0))
3010 {
3011 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3012 {
3013 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3014 {
3015 ec_ok = 1;
3016 break;
3017 }
3018 }
3019 }
3020 }
3021 ok = ok && ec_ok;
3022 }
3023 if (
3024 /* if we are considering an ECC cipher suite that uses an ephemeral EC key */
3025 (alg_k & SSL_kEECDH)
3026 /* and we have an ephemeral EC key */
3027 && (s->cert->ecdh_tmp != NULL)
3028 /* and the client specified an EllipticCurves extension */
3029 && ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
3030 )
3031 {
3032 ec_ok = 0;
3033 if (s->cert->ecdh_tmp->group != NULL)
3034 {
3035 ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
3036 if ((ec_nid == 0)
3037 && (s->cert->ecdh_tmp->group->meth != NULL)
3038 )
3039 {
3040 if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
3041 {
3042 ec_search1 = 0xFF;
3043 ec_search2 = 0x01;
3044 }
3045 else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
3046 {
3047 ec_search1 = 0xFF;
3048 ec_search2 = 0x02;
3049 }
3050 }
3051 else
3052 {
3053 ec_search1 = 0x00;
3054 ec_search2 = tls1_ec_nid2curve_id(ec_nid);
3055 }
3056 if ((ec_search1 != 0) || (ec_search2 != 0))
3057 {
3058 for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
3059 {
3060 if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
3061 {
3062 ec_ok = 1;
3063 break;
3064 }
3065 }
3066 }
3067 }
3068 ok = ok && ec_ok;
3069 }
3070#endif /* OPENSSL_NO_EC */
3071#endif /* OPENSSL_NO_TLSEXT */
3072
2391 if (!ok) continue; 3073 if (!ok) continue;
2392 j=sk_SSL_CIPHER_find(allow,c); 3074 ii=sk_SSL_CIPHER_find(allow,c);
2393 if (j >= 0) 3075 if (ii >= 0)
2394 { 3076 {
2395 ret=sk_SSL_CIPHER_value(allow,j); 3077 ret=sk_SSL_CIPHER_value(allow,ii);
2396 break; 3078 break;
2397 } 3079 }
2398 } 3080 }
@@ -2402,12 +3084,24 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
2402int ssl3_get_req_cert_type(SSL *s, unsigned char *p) 3084int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2403 { 3085 {
2404 int ret=0; 3086 int ret=0;
2405 unsigned long alg; 3087 unsigned long alg_k;
3088
3089 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2406 3090
2407 alg=s->s3->tmp.new_cipher->algorithms; 3091#ifndef OPENSSL_NO_GOST
3092 if (s->version >= TLS1_VERSION)
3093 {
3094 if (alg_k & SSL_kGOST)
3095 {
3096 p[ret++]=TLS_CT_GOST94_SIGN;
3097 p[ret++]=TLS_CT_GOST01_SIGN;
3098 return(ret);
3099 }
3100 }
3101#endif
2408 3102
2409#ifndef OPENSSL_NO_DH 3103#ifndef OPENSSL_NO_DH
2410 if (alg & (SSL_kDHr|SSL_kEDH)) 3104 if (alg_k & (SSL_kDHr|SSL_kEDH))
2411 { 3105 {
2412# ifndef OPENSSL_NO_RSA 3106# ifndef OPENSSL_NO_RSA
2413 p[ret++]=SSL3_CT_RSA_FIXED_DH; 3107 p[ret++]=SSL3_CT_RSA_FIXED_DH;
@@ -2417,7 +3111,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2417# endif 3111# endif
2418 } 3112 }
2419 if ((s->version == SSL3_VERSION) && 3113 if ((s->version == SSL3_VERSION) &&
2420 (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) 3114 (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
2421 { 3115 {
2422# ifndef OPENSSL_NO_RSA 3116# ifndef OPENSSL_NO_RSA
2423 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; 3117 p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
@@ -2434,10 +3128,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2434 p[ret++]=SSL3_CT_DSS_SIGN; 3128 p[ret++]=SSL3_CT_DSS_SIGN;
2435#endif 3129#endif
2436#ifndef OPENSSL_NO_ECDH 3130#ifndef OPENSSL_NO_ECDH
2437 /* We should ask for fixed ECDH certificates only 3131 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
2438 * for SSL_kECDH (and not SSL_kECDHE)
2439 */
2440 if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
2441 { 3132 {
2442 p[ret++]=TLS_CT_RSA_FIXED_ECDH; 3133 p[ret++]=TLS_CT_RSA_FIXED_ECDH;
2443 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH; 3134 p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
@@ -2446,7 +3137,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2446 3137
2447#ifndef OPENSSL_NO_ECDSA 3138#ifndef OPENSSL_NO_ECDSA
2448 /* ECDSA certs can be used with RSA cipher suites as well 3139 /* ECDSA certs can be used with RSA cipher suites as well
2449 * so we don't need to check for SSL_kECDH or SSL_kECDHE 3140 * so we don't need to check for SSL_kECDH or SSL_kEECDH
2450 */ 3141 */
2451 if (s->version >= TLS1_VERSION) 3142 if (s->version >= TLS1_VERSION)
2452 { 3143 {
@@ -2458,6 +3149,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
2458 3149
2459int ssl3_shutdown(SSL *s) 3150int ssl3_shutdown(SSL *s)
2460 { 3151 {
3152 int ret;
2461 3153
2462 /* Don't do anything much if we have not done the handshake or 3154 /* Don't do anything much if we have not done the handshake or
2463 * we don't want to send messages :-) */ 3155 * we don't want to send messages :-) */
@@ -2475,18 +3167,32 @@ int ssl3_shutdown(SSL *s)
2475#endif 3167#endif
2476 /* our shutdown alert has been sent now, and if it still needs 3168 /* our shutdown alert has been sent now, and if it still needs
2477 * to be written, s->s3->alert_dispatch will be true */ 3169 * to be written, s->s3->alert_dispatch will be true */
3170 if (s->s3->alert_dispatch)
3171 return(-1); /* return WANT_WRITE */
2478 } 3172 }
2479 else if (s->s3->alert_dispatch) 3173 else if (s->s3->alert_dispatch)
2480 { 3174 {
2481 /* resend it if not sent */ 3175 /* resend it if not sent */
2482#if 1 3176#if 1
2483 s->method->ssl_dispatch_alert(s); 3177 ret=s->method->ssl_dispatch_alert(s);
3178 if(ret == -1)
3179 {
3180 /* we only get to return -1 here the 2nd/Nth
3181 * invocation, we must have already signalled
3182 * return 0 upon a previous invoation,
3183 * return WANT_WRITE */
3184 return(ret);
3185 }
2484#endif 3186#endif
2485 } 3187 }
2486 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) 3188 else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
2487 { 3189 {
2488 /* If we are waiting for a close from our peer, we are closed */ 3190 /* If we are waiting for a close from our peer, we are closed */
2489 s->method->ssl_read_bytes(s,0,NULL,0,0); 3191 s->method->ssl_read_bytes(s,0,NULL,0,0);
3192 if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
3193 {
3194 return(-1); /* return WANT_READ */
3195 }
2490 } 3196 }
2491 3197
2492 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && 3198 if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 9476dcddf6..e3f6050a26 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -129,73 +129,113 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf 129 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
130 * [plus s->packet_length bytes if extend == 1].) 130 * [plus s->packet_length bytes if extend == 1].)
131 */ 131 */
132 int i,off,newb; 132 int i,len,left;
133 long align=0;
134 unsigned char *pkt;
135 SSL3_BUFFER *rb;
136
137 if (n <= 0) return n;
138
139 rb = &(s->s3->rbuf);
140 if (rb->buf == NULL)
141 if (!ssl3_setup_read_buffer(s))
142 return -1;
143
144 left = rb->left;
145#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
146 align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
147 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
148#endif
133 149
134 if (!extend) 150 if (!extend)
135 { 151 {
136 /* start with empty packet ... */ 152 /* start with empty packet ... */
137 if (s->s3->rbuf.left == 0) 153 if (left == 0)
138 s->s3->rbuf.offset = 0; 154 rb->offset = align;
139 s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset; 155 else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
156 {
157 /* check if next packet length is large
158 * enough to justify payload alignment... */
159 pkt = rb->buf + rb->offset;
160 if (pkt[0] == SSL3_RT_APPLICATION_DATA
161 && (pkt[3]<<8|pkt[4]) >= 128)
162 {
163 /* Note that even if packet is corrupted
164 * and its length field is insane, we can
165 * only be led to wrong decision about
166 * whether memmove will occur or not.
167 * Header values has no effect on memmove
168 * arguments and therefore no buffer
169 * overrun can be triggered. */
170 memmove (rb->buf+align,pkt,left);
171 rb->offset = align;
172 }
173 }
174 s->packet = rb->buf + rb->offset;
140 s->packet_length = 0; 175 s->packet_length = 0;
141 /* ... now we can act as if 'extend' was set */ 176 /* ... now we can act as if 'extend' was set */
142 } 177 }
143 178
144 /* extend reads should not span multiple packets for DTLS */ 179 /* For DTLS/UDP reads should not span multiple packets
145 if ( SSL_version(s) == DTLS1_VERSION && 180 * because the read operation returns the whole packet
146 extend) 181 * at once (as long as it fits into the buffer). */
182 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
147 { 183 {
148 if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) 184 if (left > 0 && n > left)
149 n = s->s3->rbuf.left; 185 n = left;
150 } 186 }
151 187
152 /* if there is enough in the buffer from a previous read, take some */ 188 /* if there is enough in the buffer from a previous read, take some */
153 if (s->s3->rbuf.left >= (int)n) 189 if (left >= n)
154 { 190 {
155 s->packet_length+=n; 191 s->packet_length+=n;
156 s->s3->rbuf.left-=n; 192 rb->left=left-n;
157 s->s3->rbuf.offset+=n; 193 rb->offset+=n;
158 return(n); 194 return(n);
159 } 195 }
160 196
161 /* else we need to read more data */ 197 /* else we need to read more data */
162 if (!s->read_ahead)
163 max=n;
164 198
165 { 199 len = s->packet_length;
166 /* avoid buffer overflow */ 200 pkt = rb->buf+align;
167 int max_max = s->s3->rbuf.len - s->packet_length; 201 /* Move any available bytes to front of buffer:
168 if (max > max_max) 202 * 'len' bytes already pointed to by 'packet',
169 max = max_max; 203 * 'left' extra ones at the end */
170 } 204 if (s->packet != pkt) /* len > 0 */
171 if (n > max) /* does not happen */ 205 {
206 memmove(pkt, s->packet, len+left);
207 s->packet = pkt;
208 rb->offset = len + align;
209 }
210
211 if (n > (int)(rb->len - rb->offset)) /* does not happen */
172 { 212 {
173 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); 213 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
174 return -1; 214 return -1;
175 } 215 }
176 216
177 off = s->packet_length; 217 if (!s->read_ahead)
178 newb = s->s3->rbuf.left; 218 /* ignore max parameter */
179 /* Move any available bytes to front of buffer: 219 max = n;
180 * 'off' bytes already pointed to by 'packet', 220 else
181 * 'newb' extra ones at the end */
182 if (s->packet != s->s3->rbuf.buf)
183 { 221 {
184 /* off > 0 */ 222 if (max < n)
185 memmove(s->s3->rbuf.buf, s->packet, off+newb); 223 max = n;
186 s->packet = s->s3->rbuf.buf; 224 if (max > (int)(rb->len - rb->offset))
225 max = rb->len - rb->offset;
187 } 226 }
188 227
189 while (newb < n) 228 while (left < n)
190 { 229 {
191 /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need 230 /* Now we have len+left bytes at the front of s->s3->rbuf.buf
192 * to read in more until we have off+n (up to off+max if possible) */ 231 * and need to read in more until we have len+n (up to
232 * len+max if possible) */
193 233
194 clear_sys_error(); 234 clear_sys_error();
195 if (s->rbio != NULL) 235 if (s->rbio != NULL)
196 { 236 {
197 s->rwstate=SSL_READING; 237 s->rwstate=SSL_READING;
198 i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb); 238 i=BIO_read(s->rbio,pkt+len+left, max-left);
199 } 239 }
200 else 240 else
201 { 241 {
@@ -205,15 +245,26 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
205 245
206 if (i <= 0) 246 if (i <= 0)
207 { 247 {
208 s->s3->rbuf.left = newb; 248 rb->left = left;
249 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
250 if (len+left == 0)
251 ssl3_release_read_buffer(s);
209 return(i); 252 return(i);
210 } 253 }
211 newb+=i; 254 left+=i;
255 /* reads should *never* span multiple packets for DTLS because
256 * the underlying transport protocol is message oriented as opposed
257 * to byte oriented as in the TLS case. */
258 if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
259 {
260 if (n > left)
261 n = left; /* makes the while condition false */
262 }
212 } 263 }
213 264
214 /* done reading, now the book-keeping */ 265 /* done reading, now the book-keeping */
215 s->s3->rbuf.offset = off + n; 266 rb->offset += n;
216 s->s3->rbuf.left = newb - n; 267 rb->left = left - n;
217 s->packet_length += n; 268 s->packet_length += n;
218 s->rwstate=SSL_NOTHING; 269 s->rwstate=SSL_NOTHING;
219 return(n); 270 return(n);
@@ -237,7 +288,7 @@ static int ssl3_get_record(SSL *s)
237 unsigned char *p; 288 unsigned char *p;
238 unsigned char md[EVP_MAX_MD_SIZE]; 289 unsigned char md[EVP_MAX_MD_SIZE];
239 short version; 290 short version;
240 unsigned int mac_size; 291 int mac_size;
241 int clear=0; 292 int clear=0;
242 size_t extra; 293 size_t extra;
243 int decryption_failed_or_bad_record_mac = 0; 294 int decryption_failed_or_bad_record_mac = 0;
@@ -250,9 +301,9 @@ static int ssl3_get_record(SSL *s)
250 extra=SSL3_RT_MAX_EXTRA; 301 extra=SSL3_RT_MAX_EXTRA;
251 else 302 else
252 extra=0; 303 extra=0;
253 if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE) 304 if (extra && !s->s3->init_extra)
254 { 305 {
255 /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER 306 /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
256 * set after ssl3_setup_buffers() was done */ 307 * set after ssl3_setup_buffers() was done */
257 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); 308 SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
258 return -1; 309 return -1;
@@ -275,6 +326,9 @@ again:
275 ssl_minor= *(p++); 326 ssl_minor= *(p++);
276 version=(ssl_major<<8)|ssl_minor; 327 version=(ssl_major<<8)|ssl_minor;
277 n2s(p,rr->length); 328 n2s(p,rr->length);
329#if 0
330fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
331#endif
278 332
279 /* Lets check version */ 333 /* Lets check version */
280 if (!s->first_packet) 334 if (!s->first_packet)
@@ -282,9 +336,9 @@ again:
282 if (version != s->version) 336 if (version != s->version)
283 { 337 {
284 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 338 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
285 /* Send back error using their 339 if ((s->version & 0xFF00) == (version & 0xFF00))
286 * version number :-) */ 340 /* Send back error using their minor version number :-) */
287 s->version=version; 341 s->version = (unsigned short)version;
288 al=SSL_AD_PROTOCOL_VERSION; 342 al=SSL_AD_PROTOCOL_VERSION;
289 goto f_err; 343 goto f_err;
290 } 344 }
@@ -296,7 +350,7 @@ again:
296 goto err; 350 goto err;
297 } 351 }
298 352
299 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) 353 if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
300 { 354 {
301 al=SSL_AD_RECORD_OVERFLOW; 355 al=SSL_AD_RECORD_OVERFLOW;
302 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); 356 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
@@ -369,12 +423,14 @@ printf("\n");
369 /* r->length is now the compressed data plus mac */ 423 /* r->length is now the compressed data plus mac */
370 if ( (sess == NULL) || 424 if ( (sess == NULL) ||
371 (s->enc_read_ctx == NULL) || 425 (s->enc_read_ctx == NULL) ||
372 (s->read_hash == NULL)) 426 (EVP_MD_CTX_md(s->read_hash) == NULL))
373 clear=1; 427 clear=1;
374 428
375 if (!clear) 429 if (!clear)
376 { 430 {
377 mac_size=EVP_MD_size(s->read_hash); 431 /* !clear => s->read_hash != NULL => mac_size != -1 */
432 mac_size=EVP_MD_CTX_size(s->read_hash);
433 OPENSSL_assert(mac_size >= 0);
378 434
379 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) 435 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
380 { 436 {
@@ -387,7 +443,7 @@ printf("\n");
387#endif 443#endif
388 } 444 }
389 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 445 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
390 if (rr->length >= mac_size) 446 if (rr->length >= (unsigned int)mac_size)
391 { 447 {
392 rr->length -= mac_size; 448 rr->length -= mac_size;
393 mac = &rr->data[rr->length]; 449 mac = &rr->data[rr->length];
@@ -405,7 +461,7 @@ printf("\n");
405#endif 461#endif
406 } 462 }
407 i=s->method->ssl3_enc->mac(s,md,0); 463 i=s->method->ssl3_enc->mac(s,md,0);
408 if (mac == NULL || memcmp(md, mac, mac_size) != 0) 464 if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0)
409 { 465 {
410 decryption_failed_or_bad_record_mac = 1; 466 decryption_failed_or_bad_record_mac = 1;
411 } 467 }
@@ -462,6 +518,10 @@ printf("\n");
462 /* just read a 0 length packet */ 518 /* just read a 0 length packet */
463 if (rr->length == 0) goto again; 519 if (rr->length == 0) goto again;
464 520
521#if 0
522fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
523#endif
524
465 return(1); 525 return(1);
466 526
467f_err: 527f_err:
@@ -535,8 +595,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
535 n=(len-tot); 595 n=(len-tot);
536 for (;;) 596 for (;;)
537 { 597 {
538 if (n > SSL3_RT_MAX_PLAIN_LENGTH) 598 if (n > s->max_send_fragment)
539 nw=SSL3_RT_MAX_PLAIN_LENGTH; 599 nw=s->max_send_fragment;
540 else 600 else
541 nw=n; 601 nw=n;
542 602
@@ -568,14 +628,19 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
568 { 628 {
569 unsigned char *p,*plen; 629 unsigned char *p,*plen;
570 int i,mac_size,clear=0; 630 int i,mac_size,clear=0;
571 int prefix_len = 0; 631 int prefix_len=0;
632 long align=0;
572 SSL3_RECORD *wr; 633 SSL3_RECORD *wr;
573 SSL3_BUFFER *wb; 634 SSL3_BUFFER *wb=&(s->s3->wbuf);
574 SSL_SESSION *sess; 635 SSL_SESSION *sess;
575 636
637 if (wb->buf == NULL)
638 if (!ssl3_setup_write_buffer(s))
639 return -1;
640
576 /* first check if there is a SSL3_BUFFER still being written 641 /* first check if there is a SSL3_BUFFER still being written
577 * out. This will happen with non blocking IO */ 642 * out. This will happen with non blocking IO */
578 if (s->s3->wbuf.left != 0) 643 if (wb->left != 0)
579 return(ssl3_write_pending(s,type,buf,len)); 644 return(ssl3_write_pending(s,type,buf,len));
580 645
581 /* If we have an alert to send, lets send it */ 646 /* If we have an alert to send, lets send it */
@@ -591,18 +656,21 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
591 return 0; 656 return 0;
592 657
593 wr= &(s->s3->wrec); 658 wr= &(s->s3->wrec);
594 wb= &(s->s3->wbuf);
595 sess=s->session; 659 sess=s->session;
596 660
597 if ( (sess == NULL) || 661 if ( (sess == NULL) ||
598 (s->enc_write_ctx == NULL) || 662 (s->enc_write_ctx == NULL) ||
599 (s->write_hash == NULL)) 663 (EVP_MD_CTX_md(s->write_hash) == NULL))
600 clear=1; 664 clear=1;
601 665
602 if (clear) 666 if (clear)
603 mac_size=0; 667 mac_size=0;
604 else 668 else
605 mac_size=EVP_MD_size(s->write_hash); 669 {
670 mac_size=EVP_MD_CTX_size(s->write_hash);
671 if (mac_size < 0)
672 goto err;
673 }
606 674
607 /* 'create_empty_fragment' is true only when this function calls itself */ 675 /* 'create_empty_fragment' is true only when this function calls itself */
608 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) 676 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
@@ -620,7 +688,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
620 if (prefix_len <= 0) 688 if (prefix_len <= 0)
621 goto err; 689 goto err;
622 690
623 if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) 691 if (prefix_len >
692 (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
624 { 693 {
625 /* insufficient space */ 694 /* insufficient space */
626 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); 695 SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
@@ -631,7 +700,32 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
631 s->s3->empty_fragment_done = 1; 700 s->s3->empty_fragment_done = 1;
632 } 701 }
633 702
634 p = wb->buf + prefix_len; 703 if (create_empty_fragment)
704 {
705#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
706 /* extra fragment would be couple of cipher blocks,
707 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
708 * if we want to align the real payload, then we can
709 * just pretent we simply have two headers. */
710 align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
711 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
712#endif
713 p = wb->buf + align;
714 wb->offset = align;
715 }
716 else if (prefix_len)
717 {
718 p = wb->buf + wb->offset + prefix_len;
719 }
720 else
721 {
722#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
723 align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
724 align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
725#endif
726 p = wb->buf + align;
727 wb->offset = align;
728 }
635 729
636 /* write the header */ 730 /* write the header */
637 731
@@ -674,7 +768,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
674 768
675 if (mac_size != 0) 769 if (mac_size != 0)
676 { 770 {
677 s->method->ssl3_enc->mac(s,&(p[wr->length]),1); 771 if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
772 goto err;
678 wr->length+=mac_size; 773 wr->length+=mac_size;
679 wr->input=p; 774 wr->input=p;
680 wr->data=p; 775 wr->data=p;
@@ -702,7 +797,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
702 797
703 /* now let's set up wb */ 798 /* now let's set up wb */
704 wb->left = prefix_len + wr->length; 799 wb->left = prefix_len + wr->length;
705 wb->offset = 0;
706 800
707 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ 801 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
708 s->s3->wpend_tot=len; 802 s->s3->wpend_tot=len;
@@ -721,6 +815,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
721 unsigned int len) 815 unsigned int len)
722 { 816 {
723 int i; 817 int i;
818 SSL3_BUFFER *wb=&(s->s3->wbuf);
724 819
725/* XXXX */ 820/* XXXX */
726 if ((s->s3->wpend_tot > (int)len) 821 if ((s->s3->wpend_tot > (int)len)
@@ -739,17 +834,20 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
739 { 834 {
740 s->rwstate=SSL_WRITING; 835 s->rwstate=SSL_WRITING;
741 i=BIO_write(s->wbio, 836 i=BIO_write(s->wbio,
742 (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]), 837 (char *)&(wb->buf[wb->offset]),
743 (unsigned int)s->s3->wbuf.left); 838 (unsigned int)wb->left);
744 } 839 }
745 else 840 else
746 { 841 {
747 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); 842 SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
748 i= -1; 843 i= -1;
749 } 844 }
750 if (i == s->s3->wbuf.left) 845 if (i == wb->left)
751 { 846 {
752 s->s3->wbuf.left=0; 847 wb->left=0;
848 wb->offset+=i;
849 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
850 ssl3_release_write_buffer(s);
753 s->rwstate=SSL_NOTHING; 851 s->rwstate=SSL_NOTHING;
754 return(s->s3->wpend_ret); 852 return(s->s3->wpend_ret);
755 } 853 }
@@ -758,12 +856,12 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
758 s->version == DTLS1_BAD_VER) { 856 s->version == DTLS1_BAD_VER) {
759 /* For DTLS, just drop it. That's kind of the whole 857 /* For DTLS, just drop it. That's kind of the whole
760 point in using a datagram service */ 858 point in using a datagram service */
761 s->s3->wbuf.left = 0; 859 wb->left = 0;
762 } 860 }
763 return(i); 861 return(i);
764 } 862 }
765 s->s3->wbuf.offset+=i; 863 wb->offset+=i;
766 s->s3->wbuf.left-=i; 864 wb->left-=i;
767 } 865 }
768 } 866 }
769 867
@@ -802,7 +900,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
802 void (*cb)(const SSL *ssl,int type2,int val)=NULL; 900 void (*cb)(const SSL *ssl,int type2,int val)=NULL;
803 901
804 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ 902 if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
805 if (!ssl3_setup_buffers(s)) 903 if (!ssl3_setup_read_buffer(s))
806 return(-1); 904 return(-1);
807 905
808 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || 906 if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
@@ -911,6 +1009,8 @@ start:
911 { 1009 {
912 s->rstate=SSL_ST_READ_HEADER; 1010 s->rstate=SSL_ST_READ_HEADER;
913 rr->off=0; 1011 rr->off=0;
1012 if (s->mode & SSL_MODE_RELEASE_BUFFERS)
1013 ssl3_release_read_buffer(s);
914 } 1014 }
915 } 1015 }
916 return(n); 1016 return(n);
@@ -1020,7 +1120,25 @@ start:
1020 * now try again to obtain the (application) data we were asked for */ 1120 * now try again to obtain the (application) data we were asked for */
1021 goto start; 1121 goto start;
1022 } 1122 }
1023 1123 /* If we are a server and get a client hello when renegotiation isn't
1124 * allowed send back a no renegotiation alert and carry on.
1125 * WARNING: experimental code, needs reviewing (steve)
1126 */
1127 if (s->server &&
1128 SSL_is_init_finished(s) &&
1129 !s->s3->send_connection_binding &&
1130 (s->version > SSL3_VERSION) &&
1131 (s->s3->handshake_fragment_len >= 4) &&
1132 (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
1133 (s->session != NULL) && (s->session->cipher != NULL) &&
1134 !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1135
1136 {
1137 /*s->s3->handshake_fragment_len = 0;*/
1138 rr->length = 0;
1139 ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
1140 goto start;
1141 }
1024 if (s->s3->alert_fragment_len >= 2) 1142 if (s->s3->alert_fragment_len >= 2)
1025 { 1143 {
1026 int alert_level = s->s3->alert_fragment[0]; 1144 int alert_level = s->s3->alert_fragment[0];
@@ -1050,6 +1168,21 @@ start:
1050 s->shutdown |= SSL_RECEIVED_SHUTDOWN; 1168 s->shutdown |= SSL_RECEIVED_SHUTDOWN;
1051 return(0); 1169 return(0);
1052 } 1170 }
1171 /* This is a warning but we receive it if we requested
1172 * renegotiation and the peer denied it. Terminate with
1173 * a fatal alert because if application tried to
1174 * renegotiatie it presumably had a good reason and
1175 * expects it to succeed.
1176 *
1177 * In future we might have a renegotiation where we
1178 * don't care if the peer refused it where we carry on.
1179 */
1180 else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
1181 {
1182 al = SSL_AD_HANDSHAKE_FAILURE;
1183 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
1184 goto f_err;
1185 }
1053 } 1186 }
1054 else if (alert_level == 2) /* fatal */ 1187 else if (alert_level == 2) /* fatal */
1055 { 1188 {
@@ -1261,20 +1394,18 @@ int ssl3_do_change_cipher_spec(SSL *s)
1261 } 1394 }
1262 1395
1263 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, 1396 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
1264 &(s->s3->finish_dgst1),
1265 &(s->s3->finish_dgst2),
1266 sender,slen,s->s3->tmp.peer_finish_md); 1397 sender,slen,s->s3->tmp.peer_finish_md);
1267 1398
1268 return(1); 1399 return(1);
1269 } 1400 }
1270 1401
1271void ssl3_send_alert(SSL *s, int level, int desc) 1402int ssl3_send_alert(SSL *s, int level, int desc)
1272 { 1403 {
1273 /* Map tls/ssl alert value to correct one */ 1404 /* Map tls/ssl alert value to correct one */
1274 desc=s->method->ssl3_enc->alert_value(desc); 1405 desc=s->method->ssl3_enc->alert_value(desc);
1275 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) 1406 if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
1276 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ 1407 desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
1277 if (desc < 0) return; 1408 if (desc < 0) return -1;
1278 /* If a fatal one, remove from cache */ 1409 /* If a fatal one, remove from cache */
1279 if ((level == 2) && (s->session != NULL)) 1410 if ((level == 2) && (s->session != NULL))
1280 SSL_CTX_remove_session(s->ctx,s->session); 1411 SSL_CTX_remove_session(s->ctx,s->session);
@@ -1283,9 +1414,10 @@ void ssl3_send_alert(SSL *s, int level, int desc)
1283 s->s3->send_alert[0]=level; 1414 s->s3->send_alert[0]=level;
1284 s->s3->send_alert[1]=desc; 1415 s->s3->send_alert[1]=desc;
1285 if (s->s3->wbuf.left == 0) /* data still being written out? */ 1416 if (s->s3->wbuf.left == 0) /* data still being written out? */
1286 s->method->ssl_dispatch_alert(s); 1417 return s->method->ssl_dispatch_alert(s);
1287 /* else data is still being written out, we will get written 1418 /* else data is still being written out, we will get written
1288 * some time in the future */ 1419 * some time in the future */
1420 return -1;
1289 } 1421 }
1290 1422
1291int ssl3_dispatch_alert(SSL *s) 1423int ssl3_dispatch_alert(SSL *s)
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 80b45eb86f..92f73b6681 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1/* ssl/s3_srvr.c */ 1/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -121,6 +121,32 @@
121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
122 * 122 *
123 */ 123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
124 150
125#define REUSE_CIPHER_BUG 151#define REUSE_CIPHER_BUG
126#define NETSCAPE_HANG_BUG 152#define NETSCAPE_HANG_BUG
@@ -143,12 +169,9 @@
143#endif 169#endif
144#include <openssl/md5.h> 170#include <openssl/md5.h>
145 171
146static SSL_METHOD *ssl3_get_server_method(int ver); 172static const SSL_METHOD *ssl3_get_server_method(int ver);
147#ifndef OPENSSL_NO_ECDH
148static int nid2curve_id(int nid);
149#endif
150 173
151static SSL_METHOD *ssl3_get_server_method(int ver) 174static const SSL_METHOD *ssl3_get_server_method(int ver)
152 { 175 {
153 if (ver == SSL3_VERSION) 176 if (ver == SSL3_VERSION)
154 return(SSLv3_server_method()); 177 return(SSLv3_server_method());
@@ -164,9 +187,8 @@ IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
164int ssl3_accept(SSL *s) 187int ssl3_accept(SSL *s)
165 { 188 {
166 BUF_MEM *buf; 189 BUF_MEM *buf;
167 unsigned long l,Time=(unsigned long)time(NULL); 190 unsigned long alg_k,Time=(unsigned long)time(NULL);
168 void (*cb)(const SSL *ssl,int type,int val)=NULL; 191 void (*cb)(const SSL *ssl,int type,int val)=NULL;
169 long num1;
170 int ret= -1; 192 int ret= -1;
171 int new_state,state,skip=0; 193 int new_state,state,skip=0;
172 194
@@ -248,6 +270,18 @@ int ssl3_accept(SSL *s)
248 s->state=SSL3_ST_SR_CLNT_HELLO_A; 270 s->state=SSL3_ST_SR_CLNT_HELLO_A;
249 s->ctx->stats.sess_accept++; 271 s->ctx->stats.sess_accept++;
250 } 272 }
273 else if (!s->s3->send_connection_binding &&
274 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
275 {
276 /* Server attempting to renegotiate with
277 * client that doesn't support secure
278 * renegotiation.
279 */
280 SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
281 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
282 ret = -1;
283 goto end;
284 }
251 else 285 else
252 { 286 {
253 /* s->state == SSL_ST_RENEGOTIATE, 287 /* s->state == SSL_ST_RENEGOTIATE,
@@ -281,6 +315,7 @@ int ssl3_accept(SSL *s)
281 s->shutdown=0; 315 s->shutdown=0;
282 ret=ssl3_get_client_hello(s); 316 ret=ssl3_get_client_hello(s);
283 if (ret <= 0) goto end; 317 if (ret <= 0) goto end;
318
284 s->new_session = 2; 319 s->new_session = 2;
285 s->state=SSL3_ST_SW_SRVR_HELLO_A; 320 s->state=SSL3_ST_SW_SRVR_HELLO_A;
286 s->init_num=0; 321 s->init_num=0;
@@ -309,9 +344,11 @@ int ssl3_accept(SSL *s)
309 344
310 case SSL3_ST_SW_CERT_A: 345 case SSL3_ST_SW_CERT_A:
311 case SSL3_ST_SW_CERT_B: 346 case SSL3_ST_SW_CERT_B:
312 /* Check if it is anon DH or anon ECDH or KRB5 */ 347 /* Check if it is anon DH or anon ECDH, */
313 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL) 348 /* normal PSK or KRB5 */
314 && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) 349 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
350 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
351 && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
315 { 352 {
316 ret=ssl3_send_server_certificate(s); 353 ret=ssl3_send_server_certificate(s);
317 if (ret <= 0) goto end; 354 if (ret <= 0) goto end;
@@ -338,13 +375,13 @@ int ssl3_accept(SSL *s)
338 375
339 case SSL3_ST_SW_KEY_EXCH_A: 376 case SSL3_ST_SW_KEY_EXCH_A:
340 case SSL3_ST_SW_KEY_EXCH_B: 377 case SSL3_ST_SW_KEY_EXCH_B:
341 l=s->s3->tmp.new_cipher->algorithms; 378 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
342 379
343 /* clear this, it may get reset by 380 /* clear this, it may get reset by
344 * send_server_key_exchange */ 381 * send_server_key_exchange */
345 if ((s->options & SSL_OP_EPHEMERAL_RSA) 382 if ((s->options & SSL_OP_EPHEMERAL_RSA)
346#ifndef OPENSSL_NO_KRB5 383#ifndef OPENSSL_NO_KRB5
347 && !(l & SSL_KRB5) 384 && !(alg_k & SSL_kKRB5)
348#endif /* OPENSSL_NO_KRB5 */ 385#endif /* OPENSSL_NO_KRB5 */
349 ) 386 )
350 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key 387 /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
@@ -359,16 +396,23 @@ int ssl3_accept(SSL *s)
359 /* only send if a DH key exchange, fortezza or 396 /* only send if a DH key exchange, fortezza or
360 * RSA but we have a sign only certificate 397 * RSA but we have a sign only certificate
361 * 398 *
399 * PSK: may send PSK identity hints
400 *
362 * For ECC ciphersuites, we send a serverKeyExchange 401 * For ECC ciphersuites, we send a serverKeyExchange
363 * message only if the cipher suite is either 402 * message only if the cipher suite is either
364 * ECDH-anon or ECDHE. In other cases, the 403 * ECDH-anon or ECDHE. In other cases, the
365 * server certificate contains the server's 404 * server certificate contains the server's
366 * public key for key exchange. 405 * public key for key exchange.
367 */ 406 */
368 if (s->s3->tmp.use_rsa_tmp 407 if (s->s3->tmp.use_rsa_tmp
369 || (l & SSL_kECDHE) 408 /* PSK: send ServerKeyExchange if PSK identity
370 || (l & (SSL_DH|SSL_kFZA)) 409 * hint if provided */
371 || ((l & SSL_kRSA) 410#ifndef OPENSSL_NO_PSK
411 || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
412#endif
413 || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
414 || (alg_k & SSL_kEECDH)
415 || ((alg_k & SSL_kRSA)
372 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL 416 && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
373 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) 417 || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
374 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) 418 && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
@@ -398,12 +442,15 @@ int ssl3_accept(SSL *s)
398 /* never request cert in anonymous ciphersuites 442 /* never request cert in anonymous ciphersuites
399 * (see section "Certificate request" in SSL 3 drafts 443 * (see section "Certificate request" in SSL 3 drafts
400 * and in RFC 2246): */ 444 * and in RFC 2246): */
401 ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) && 445 ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
402 /* ... except when the application insists on verification 446 /* ... except when the application insists on verification
403 * (against the specs, but s3_clnt.c accepts this for SSL 3) */ 447 * (against the specs, but s3_clnt.c accepts this for SSL 3) */
404 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || 448 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
405 /* never request cert in Kerberos ciphersuites */ 449 /* never request cert in Kerberos ciphersuites */
406 (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) 450 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
451 /* With normal PSK Certificates and
452 * Certificate Requests are omitted */
453 || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
407 { 454 {
408 /* no cert request */ 455 /* no cert request */
409 skip=1; 456 skip=1;
@@ -435,15 +482,24 @@ int ssl3_accept(SSL *s)
435 break; 482 break;
436 483
437 case SSL3_ST_SW_FLUSH: 484 case SSL3_ST_SW_FLUSH:
438 /* number of bytes to be flushed */ 485
439 num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); 486 /* This code originally checked to see if
440 if (num1 > 0) 487 * any data was pending using BIO_CTRL_INFO
488 * and then flushed. This caused problems
489 * as documented in PR#1939. The proposed
490 * fix doesn't completely resolve this issue
491 * as buggy implementations of BIO_CTRL_PENDING
492 * still exist. So instead we just flush
493 * unconditionally.
494 */
495
496 s->rwstate=SSL_WRITING;
497 if (BIO_flush(s->wbio) <= 0)
441 { 498 {
442 s->rwstate=SSL_WRITING; 499 ret= -1;
443 num1=BIO_flush(s->wbio); 500 goto end;
444 if (num1 <= 0) { ret= -1; goto end; }
445 s->rwstate=SSL_NOTHING;
446 } 501 }
502 s->rwstate=SSL_NOTHING;
447 503
448 s->state=s->s3->tmp.next_state; 504 s->state=s->s3->tmp.next_state;
449 break; 505 break;
@@ -470,7 +526,7 @@ int ssl3_accept(SSL *s)
470 case SSL3_ST_SR_KEY_EXCH_A: 526 case SSL3_ST_SR_KEY_EXCH_A:
471 case SSL3_ST_SR_KEY_EXCH_B: 527 case SSL3_ST_SR_KEY_EXCH_B:
472 ret=ssl3_get_client_key_exchange(s); 528 ret=ssl3_get_client_key_exchange(s);
473 if (ret <= 0) 529 if (ret <= 0)
474 goto end; 530 goto end;
475 if (ret == 2) 531 if (ret == 2)
476 { 532 {
@@ -478,24 +534,43 @@ int ssl3_accept(SSL *s)
478 * the client sends its ECDH pub key in 534 * the client sends its ECDH pub key in
479 * a certificate, the CertificateVerify 535 * a certificate, the CertificateVerify
480 * message is not sent. 536 * message is not sent.
537 * Also for GOST ciphersuites when
538 * the client uses its key from the certificate
539 * for key exchange.
481 */ 540 */
482 s->state=SSL3_ST_SR_FINISHED_A; 541 s->state=SSL3_ST_SR_FINISHED_A;
483 s->init_num = 0; 542 s->init_num = 0;
484 } 543 }
485 else 544 else
486 { 545 {
546 int offset=0;
547 int dgst_num;
548
487 s->state=SSL3_ST_SR_CERT_VRFY_A; 549 s->state=SSL3_ST_SR_CERT_VRFY_A;
488 s->init_num=0; 550 s->init_num=0;
489 551
490 /* We need to get hashes here so if there is 552 /* We need to get hashes here so if there is
491 * a client cert, it can be verified 553 * a client cert, it can be verified
492 */ 554 * FIXME - digest processing for CertificateVerify
493 s->method->ssl3_enc->cert_verify_mac(s, 555 * should be generalized. But it is next step
494 &(s->s3->finish_dgst1), 556 */
495 &(s->s3->tmp.cert_verify_md[0])); 557 if (s->s3->handshake_buffer)
496 s->method->ssl3_enc->cert_verify_mac(s, 558 if (!ssl3_digest_cached_records(s))
497 &(s->s3->finish_dgst2), 559 return -1;
498 &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); 560 for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)
561 if (s->s3->handshake_dgst[dgst_num])
562 {
563 int dgst_size;
564
565 s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
566 dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
567 if (dgst_size < 0)
568 {
569 ret = -1;
570 goto end;
571 }
572 offset+=dgst_size;
573 }
499 } 574 }
500 break; 575 break;
501 576
@@ -515,11 +590,14 @@ int ssl3_accept(SSL *s)
515 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, 590 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
516 SSL3_ST_SR_FINISHED_B); 591 SSL3_ST_SR_FINISHED_B);
517 if (ret <= 0) goto end; 592 if (ret <= 0) goto end;
518 if (s->hit)
519 s->state=SSL_ST_OK;
520#ifndef OPENSSL_NO_TLSEXT 593#ifndef OPENSSL_NO_TLSEXT
521 else if (s->tlsext_ticket_expected) 594 if (s->tlsext_ticket_expected)
522 s->state=SSL3_ST_SW_SESSION_TICKET_A; 595 s->state=SSL3_ST_SW_SESSION_TICKET_A;
596 else if (s->hit)
597 s->state=SSL_ST_OK;
598#else
599 if (s->hit)
600 s->state=SSL_ST_OK;
523#endif 601#endif
524 else 602 else
525 s->state=SSL3_ST_SW_CHANGE_A; 603 s->state=SSL3_ST_SW_CHANGE_A;
@@ -749,7 +827,7 @@ int ssl3_get_client_hello(SSL *s)
749 (s->version != DTLS1_VERSION && s->client_version < s->version)) 827 (s->version != DTLS1_VERSION && s->client_version < s->version))
750 { 828 {
751 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); 829 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
752 if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 830 if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
753 { 831 {
754 /* similar to ssl3_get_record, send alert using remote version number */ 832 /* similar to ssl3_get_record, send alert using remote version number */
755 s->version = s->client_version; 833 s->version = s->client_version;
@@ -758,6 +836,21 @@ int ssl3_get_client_hello(SSL *s)
758 goto f_err; 836 goto f_err;
759 } 837 }
760 838
839 /* If we require cookies and this ClientHello doesn't
840 * contain one, just return since we do not want to
841 * allocate any memory yet. So check cookie length...
842 */
843 if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
844 {
845 unsigned int session_length, cookie_length;
846
847 session_length = *(p + SSL3_RANDOM_SIZE);
848 cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
849
850 if (cookie_length == 0)
851 return 1;
852 }
853
761 /* load the client random */ 854 /* load the client random */
762 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); 855 memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
763 p+=SSL3_RANDOM_SIZE; 856 p+=SSL3_RANDOM_SIZE;
@@ -797,23 +890,11 @@ int ssl3_get_client_hello(SSL *s)
797 890
798 p+=j; 891 p+=j;
799 892
800 if (s->version == DTLS1_VERSION) 893 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
801 { 894 {
802 /* cookie stuff */ 895 /* cookie stuff */
803 cookie_len = *(p++); 896 cookie_len = *(p++);
804 897
805 if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
806 s->d1->send_cookie == 0)
807 {
808 /* HelloVerifyMessage has already been sent */
809 if ( cookie_len != s->d1->cookie_len)
810 {
811 al = SSL_AD_HANDSHAKE_FAILURE;
812 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
813 goto f_err;
814 }
815 }
816
817 /* 898 /*
818 * The ClientHello may contain a cookie even if the 899 * The ClientHello may contain a cookie even if the
819 * HelloVerify message has not been sent--make sure that it 900 * HelloVerify message has not been sent--make sure that it
@@ -828,7 +909,7 @@ int ssl3_get_client_hello(SSL *s)
828 } 909 }
829 910
830 /* verify the cookie if appropriate option is set. */ 911 /* verify the cookie if appropriate option is set. */
831 if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && 912 if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
832 cookie_len > 0) 913 cookie_len > 0)
833 { 914 {
834 memcpy(s->d1->rcvd_cookie, p, cookie_len); 915 memcpy(s->d1->rcvd_cookie, p, cookie_len);
@@ -853,6 +934,8 @@ int ssl3_get_client_hello(SSL *s)
853 SSL_R_COOKIE_MISMATCH); 934 SSL_R_COOKIE_MISMATCH);
854 goto f_err; 935 goto f_err;
855 } 936 }
937
938 ret = 2;
856 } 939 }
857 940
858 p += cookie_len; 941 p += cookie_len;
@@ -952,7 +1035,7 @@ int ssl3_get_client_hello(SSL *s)
952 1035
953#ifndef OPENSSL_NO_TLSEXT 1036#ifndef OPENSSL_NO_TLSEXT
954 /* TLS extensions*/ 1037 /* TLS extensions*/
955 if (s->version > SSL3_VERSION) 1038 if (s->version >= SSL3_VERSION)
956 { 1039 {
957 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al)) 1040 if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
958 { 1041 {
@@ -965,13 +1048,110 @@ int ssl3_get_client_hello(SSL *s)
965 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT); 1048 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
966 goto err; 1049 goto err;
967 } 1050 }
1051
1052 /* Check if we want to use external pre-shared secret for this
1053 * handshake for not reused session only. We need to generate
1054 * server_random before calling tls_session_secret_cb in order to allow
1055 * SessionTicket processing to use it in key derivation. */
1056 {
1057 unsigned long Time;
1058 unsigned char *pos;
1059 Time=(unsigned long)time(NULL); /* Time */
1060 pos=s->s3->server_random;
1061 l2n(Time,pos);
1062 if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
1063 {
1064 al=SSL_AD_INTERNAL_ERROR;
1065 goto f_err;
1066 }
1067 }
1068
1069 if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
1070 {
1071 SSL_CIPHER *pref_cipher=NULL;
1072
1073 s->session->master_key_length=sizeof(s->session->master_key);
1074 if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
1075 ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
1076 {
1077 s->hit=1;
1078 s->session->ciphers=ciphers;
1079 s->session->verify_result=X509_V_OK;
1080
1081 ciphers=NULL;
1082
1083 /* check if some cipher was preferred by call back */
1084 pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
1085 if (pref_cipher == NULL)
1086 {
1087 al=SSL_AD_HANDSHAKE_FAILURE;
1088 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
1089 goto f_err;
1090 }
1091
1092 s->session->cipher=pref_cipher;
1093
1094 if (s->cipher_list)
1095 sk_SSL_CIPHER_free(s->cipher_list);
1096
1097 if (s->cipher_list_by_id)
1098 sk_SSL_CIPHER_free(s->cipher_list_by_id);
1099
1100 s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
1101 s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1102 }
1103 }
968#endif 1104#endif
1105
969 /* Worst case, we will use the NULL compression, but if we have other 1106 /* Worst case, we will use the NULL compression, but if we have other
970 * options, we will now look for them. We have i-1 compression 1107 * options, we will now look for them. We have i-1 compression
971 * algorithms from the client, starting at q. */ 1108 * algorithms from the client, starting at q. */
972 s->s3->tmp.new_compression=NULL; 1109 s->s3->tmp.new_compression=NULL;
973#ifndef OPENSSL_NO_COMP 1110#ifndef OPENSSL_NO_COMP
974 if (s->ctx->comp_methods != NULL) 1111 /* This only happens if we have a cache hit */
1112 if (s->session->compress_meth != 0)
1113 {
1114 int m, comp_id = s->session->compress_meth;
1115 /* Perform sanity checks on resumed compression algorithm */
1116 /* Can't disable compression */
1117 if (s->options & SSL_OP_NO_COMPRESSION)
1118 {
1119 al=SSL_AD_INTERNAL_ERROR;
1120 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1121 goto f_err;
1122 }
1123 /* Look for resumed compression method */
1124 for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
1125 {
1126 comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
1127 if (comp_id == comp->id)
1128 {
1129 s->s3->tmp.new_compression=comp;
1130 break;
1131 }
1132 }
1133 if (s->s3->tmp.new_compression == NULL)
1134 {
1135 al=SSL_AD_INTERNAL_ERROR;
1136 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
1137 goto f_err;
1138 }
1139 /* Look for resumed method in compression list */
1140 for (m = 0; m < i; m++)
1141 {
1142 if (q[m] == comp_id)
1143 break;
1144 }
1145 if (m >= i)
1146 {
1147 al=SSL_AD_ILLEGAL_PARAMETER;
1148 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
1149 goto f_err;
1150 }
1151 }
1152 else if (s->hit)
1153 comp = NULL;
1154 else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
975 { /* See if we have a match */ 1155 { /* See if we have a match */
976 int m,nn,o,v,done=0; 1156 int m,nn,o,v,done=0;
977 1157
@@ -995,22 +1175,15 @@ int ssl3_get_client_hello(SSL *s)
995 else 1175 else
996 comp=NULL; 1176 comp=NULL;
997 } 1177 }
998#endif 1178#else
999 1179 /* If compression is disabled we'd better not try to resume a session
1000 /* TLS does not mind if there is extra stuff */ 1180 * using compression.
1001#if 0 /* SSL 3.0 does not mind either, so we should disable this test 1181 */
1002 * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, 1182 if (s->session->compress_meth != 0)
1003 * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
1004 if (s->version == SSL3_VERSION)
1005 { 1183 {
1006 if (p < (d+n)) 1184 al=SSL_AD_INTERNAL_ERROR;
1007 { 1185 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
1008 /* wrong number of bytes, 1186 goto f_err;
1009 * there could be more to follow */
1010 al=SSL_AD_DECODE_ERROR;
1011 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
1012 goto f_err;
1013 }
1014 } 1187 }
1015#endif 1188#endif
1016 1189
@@ -1059,7 +1232,7 @@ int ssl3_get_client_hello(SSL *s)
1059 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 1232 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
1060 { 1233 {
1061 c=sk_SSL_CIPHER_value(sk,i); 1234 c=sk_SSL_CIPHER_value(sk,i);
1062 if (c->algorithms & SSL_eNULL) 1235 if (c->algorithm_enc & SSL_eNULL)
1063 nc=c; 1236 nc=c;
1064 if (SSL_C_IS_EXPORT(c)) 1237 if (SSL_C_IS_EXPORT(c))
1065 ec=c; 1238 ec=c;
@@ -1075,6 +1248,9 @@ int ssl3_get_client_hello(SSL *s)
1075#endif 1248#endif
1076 s->s3->tmp.new_cipher=s->session->cipher; 1249 s->s3->tmp.new_cipher=s->session->cipher;
1077 } 1250 }
1251
1252 if (!ssl3_digest_cached_records(s))
1253 goto f_err;
1078 1254
1079 /* we now have the following setup. 1255 /* we now have the following setup.
1080 * client_random 1256 * client_random
@@ -1087,7 +1263,7 @@ int ssl3_get_client_hello(SSL *s)
1087 * s->tmp.new_cipher - the new cipher to use. 1263 * s->tmp.new_cipher - the new cipher to use.
1088 */ 1264 */
1089 1265
1090 ret=1; 1266 if (ret < 0) ret=1;
1091 if (0) 1267 if (0)
1092 { 1268 {
1093f_err: 1269f_err:
@@ -1103,16 +1279,22 @@ int ssl3_send_server_hello(SSL *s)
1103 unsigned char *buf; 1279 unsigned char *buf;
1104 unsigned char *p,*d; 1280 unsigned char *p,*d;
1105 int i,sl; 1281 int i,sl;
1106 unsigned long l,Time; 1282 unsigned long l;
1283#ifdef OPENSSL_NO_TLSEXT
1284 unsigned long Time;
1285#endif
1107 1286
1108 if (s->state == SSL3_ST_SW_SRVR_HELLO_A) 1287 if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
1109 { 1288 {
1110 buf=(unsigned char *)s->init_buf->data; 1289 buf=(unsigned char *)s->init_buf->data;
1290#ifdef OPENSSL_NO_TLSEXT
1111 p=s->s3->server_random; 1291 p=s->s3->server_random;
1292 /* Generate server_random if it was not needed previously */
1112 Time=(unsigned long)time(NULL); /* Time */ 1293 Time=(unsigned long)time(NULL); /* Time */
1113 l2n(Time,p); 1294 l2n(Time,p);
1114 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 1295 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
1115 return -1; 1296 return -1;
1297#endif
1116 /* Do the message type and length last */ 1298 /* Do the message type and length last */
1117 d=p= &(buf[4]); 1299 d=p= &(buf[4]);
1118 1300
@@ -1166,6 +1348,11 @@ int ssl3_send_server_hello(SSL *s)
1166 *(p++)=s->s3->tmp.new_compression->id; 1348 *(p++)=s->s3->tmp.new_compression->id;
1167#endif 1349#endif
1168#ifndef OPENSSL_NO_TLSEXT 1350#ifndef OPENSSL_NO_TLSEXT
1351 if (ssl_prepare_serverhello_tlsext(s) <= 0)
1352 {
1353 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
1354 return -1;
1355 }
1169 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) 1356 if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
1170 { 1357 {
1171 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR); 1358 SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
@@ -1245,7 +1432,7 @@ int ssl3_send_server_key_exchange(SSL *s)
1245 EVP_MD_CTX_init(&md_ctx); 1432 EVP_MD_CTX_init(&md_ctx);
1246 if (s->state == SSL3_ST_SW_KEY_EXCH_A) 1433 if (s->state == SSL3_ST_SW_KEY_EXCH_A)
1247 { 1434 {
1248 type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; 1435 type=s->s3->tmp.new_cipher->algorithm_mkey;
1249 cert=s->cert; 1436 cert=s->cert;
1250 1437
1251 buf=s->init_buf; 1438 buf=s->init_buf;
@@ -1340,7 +1527,7 @@ int ssl3_send_server_key_exchange(SSL *s)
1340 else 1527 else
1341#endif 1528#endif
1342#ifndef OPENSSL_NO_ECDH 1529#ifndef OPENSSL_NO_ECDH
1343 if (type & SSL_kECDHE) 1530 if (type & SSL_kEECDH)
1344 { 1531 {
1345 const EC_GROUP *group; 1532 const EC_GROUP *group;
1346 1533
@@ -1410,7 +1597,7 @@ int ssl3_send_server_key_exchange(SSL *s)
1410 * supported named curves, curve_id is non-zero. 1597 * supported named curves, curve_id is non-zero.
1411 */ 1598 */
1412 if ((curve_id = 1599 if ((curve_id =
1413 nid2curve_id(EC_GROUP_get_curve_name(group))) 1600 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
1414 == 0) 1601 == 0)
1415 { 1602 {
1416 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE); 1603 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
@@ -1467,6 +1654,14 @@ int ssl3_send_server_key_exchange(SSL *s)
1467 } 1654 }
1468 else 1655 else
1469#endif /* !OPENSSL_NO_ECDH */ 1656#endif /* !OPENSSL_NO_ECDH */
1657#ifndef OPENSSL_NO_PSK
1658 if (type & SSL_kPSK)
1659 {
1660 /* reserve size for record length and PSK identity hint*/
1661 n+=2+strlen(s->ctx->psk_identity_hint);
1662 }
1663 else
1664#endif /* !OPENSSL_NO_PSK */
1470 { 1665 {
1471 al=SSL_AD_HANDSHAKE_FAILURE; 1666 al=SSL_AD_HANDSHAKE_FAILURE;
1472 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); 1667 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1478,7 +1673,8 @@ int ssl3_send_server_key_exchange(SSL *s)
1478 n+=2+nr[i]; 1673 n+=2+nr[i];
1479 } 1674 }
1480 1675
1481 if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) 1676 if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
1677 && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
1482 { 1678 {
1483 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) 1679 if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
1484 == NULL) 1680 == NULL)
@@ -1510,7 +1706,7 @@ int ssl3_send_server_key_exchange(SSL *s)
1510 } 1706 }
1511 1707
1512#ifndef OPENSSL_NO_ECDH 1708#ifndef OPENSSL_NO_ECDH
1513 if (type & SSL_kECDHE) 1709 if (type & SSL_kEECDH)
1514 { 1710 {
1515 /* XXX: For now, we only support named (not generic) curves. 1711 /* XXX: For now, we only support named (not generic) curves.
1516 * In this situation, the serverKeyExchange message has: 1712 * In this situation, the serverKeyExchange message has:
@@ -1534,6 +1730,16 @@ int ssl3_send_server_key_exchange(SSL *s)
1534 } 1730 }
1535#endif 1731#endif
1536 1732
1733#ifndef OPENSSL_NO_PSK
1734 if (type & SSL_kPSK)
1735 {
1736 /* copy PSK identity hint */
1737 s2n(strlen(s->ctx->psk_identity_hint), p);
1738 strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
1739 p+=strlen(s->ctx->psk_identity_hint);
1740 }
1741#endif
1742
1537 /* not anonymous */ 1743 /* not anonymous */
1538 if (pkey != NULL) 1744 if (pkey != NULL)
1539 { 1745 {
@@ -1546,8 +1752,6 @@ int ssl3_send_server_key_exchange(SSL *s)
1546 j=0; 1752 j=0;
1547 for (num=2; num > 0; num--) 1753 for (num=2; num > 0; num--)
1548 { 1754 {
1549 EVP_MD_CTX_set_flags(&md_ctx,
1550 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1551 EVP_DigestInit_ex(&md_ctx,(num == 2) 1755 EVP_DigestInit_ex(&md_ctx,(num == 2)
1552 ?s->ctx->md5:s->ctx->sha1, NULL); 1756 ?s->ctx->md5:s->ctx->sha1, NULL);
1553 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1757 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1731,7 +1935,7 @@ int ssl3_get_client_key_exchange(SSL *s)
1731 { 1935 {
1732 int i,al,ok; 1936 int i,al,ok;
1733 long n; 1937 long n;
1734 unsigned long l; 1938 unsigned long alg_k;
1735 unsigned char *p; 1939 unsigned char *p;
1736#ifndef OPENSSL_NO_RSA 1940#ifndef OPENSSL_NO_RSA
1737 RSA *rsa=NULL; 1941 RSA *rsa=NULL;
@@ -1742,7 +1946,7 @@ int ssl3_get_client_key_exchange(SSL *s)
1742 DH *dh_srvr; 1946 DH *dh_srvr;
1743#endif 1947#endif
1744#ifndef OPENSSL_NO_KRB5 1948#ifndef OPENSSL_NO_KRB5
1745 KSSL_ERR kssl_err; 1949 KSSL_ERR kssl_err;
1746#endif /* OPENSSL_NO_KRB5 */ 1950#endif /* OPENSSL_NO_KRB5 */
1747 1951
1748#ifndef OPENSSL_NO_ECDH 1952#ifndef OPENSSL_NO_ECDH
@@ -1762,10 +1966,10 @@ int ssl3_get_client_key_exchange(SSL *s)
1762 if (!ok) return((int)n); 1966 if (!ok) return((int)n);
1763 p=(unsigned char *)s->init_msg; 1967 p=(unsigned char *)s->init_msg;
1764 1968
1765 l=s->s3->tmp.new_cipher->algorithms; 1969 alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
1766 1970
1767#ifndef OPENSSL_NO_RSA 1971#ifndef OPENSSL_NO_RSA
1768 if (l & SSL_kRSA) 1972 if (alg_k & SSL_kRSA)
1769 { 1973 {
1770 /* FIX THIS UP EAY EAY EAY EAY */ 1974 /* FIX THIS UP EAY EAY EAY EAY */
1771 if (s->s3->tmp.use_rsa_tmp) 1975 if (s->s3->tmp.use_rsa_tmp)
@@ -1796,9 +2000,8 @@ int ssl3_get_client_key_exchange(SSL *s)
1796 rsa=pkey->pkey.rsa; 2000 rsa=pkey->pkey.rsa;
1797 } 2001 }
1798 2002
1799 /* TLS and [incidentally] DTLS, including pre-0.9.8f */ 2003 /* TLS and [incidentally] DTLS{0xFEFF} */
1800 if (s->version > SSL3_VERSION && 2004 if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
1801 s->client_version != DTLS1_BAD_VER)
1802 { 2005 {
1803 n2s(p,i); 2006 n2s(p,i);
1804 if (n != i+2) 2007 if (n != i+2)
@@ -1872,7 +2075,7 @@ int ssl3_get_client_key_exchange(SSL *s)
1872 else 2075 else
1873#endif 2076#endif
1874#ifndef OPENSSL_NO_DH 2077#ifndef OPENSSL_NO_DH
1875 if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) 2078 if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
1876 { 2079 {
1877 n2s(p,i); 2080 n2s(p,i);
1878 if (n != i+2) 2081 if (n != i+2)
@@ -1935,30 +2138,30 @@ int ssl3_get_client_key_exchange(SSL *s)
1935 else 2138 else
1936#endif 2139#endif
1937#ifndef OPENSSL_NO_KRB5 2140#ifndef OPENSSL_NO_KRB5
1938 if (l & SSL_kKRB5) 2141 if (alg_k & SSL_kKRB5)
1939 { 2142 {
1940 krb5_error_code krb5rc; 2143 krb5_error_code krb5rc;
1941 krb5_data enc_ticket; 2144 krb5_data enc_ticket;
1942 krb5_data authenticator; 2145 krb5_data authenticator;
1943 krb5_data enc_pms; 2146 krb5_data enc_pms;
1944 KSSL_CTX *kssl_ctx = s->kssl_ctx; 2147 KSSL_CTX *kssl_ctx = s->kssl_ctx;
1945 EVP_CIPHER_CTX ciph_ctx; 2148 EVP_CIPHER_CTX ciph_ctx;
1946 EVP_CIPHER *enc = NULL; 2149 const EVP_CIPHER *enc = NULL;
1947 unsigned char iv[EVP_MAX_IV_LENGTH]; 2150 unsigned char iv[EVP_MAX_IV_LENGTH];
1948 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH 2151 unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
1949 + EVP_MAX_BLOCK_LENGTH]; 2152 + EVP_MAX_BLOCK_LENGTH];
1950 int padl, outl; 2153 int padl, outl;
1951 krb5_timestamp authtime = 0; 2154 krb5_timestamp authtime = 0;
1952 krb5_ticket_times ttimes; 2155 krb5_ticket_times ttimes;
1953 2156
1954 EVP_CIPHER_CTX_init(&ciph_ctx); 2157 EVP_CIPHER_CTX_init(&ciph_ctx);
1955 2158
1956 if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); 2159 if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
1957 2160
1958 n2s(p,i); 2161 n2s(p,i);
1959 enc_ticket.length = i; 2162 enc_ticket.length = i;
1960 2163
1961 if (n < (int)enc_ticket.length + 6) 2164 if (n < (long)(enc_ticket.length + 6))
1962 { 2165 {
1963 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2166 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1964 SSL_R_DATA_LENGTH_TOO_LONG); 2167 SSL_R_DATA_LENGTH_TOO_LONG);
@@ -1971,7 +2174,7 @@ int ssl3_get_client_key_exchange(SSL *s)
1971 n2s(p,i); 2174 n2s(p,i);
1972 authenticator.length = i; 2175 authenticator.length = i;
1973 2176
1974 if (n < (int)(enc_ticket.length + authenticator.length) + 6) 2177 if (n < (long)(enc_ticket.length + authenticator.length + 6))
1975 { 2178 {
1976 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2179 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
1977 SSL_R_DATA_LENGTH_TOO_LONG); 2180 SSL_R_DATA_LENGTH_TOO_LONG);
@@ -2004,19 +2207,19 @@ int ssl3_get_client_key_exchange(SSL *s)
2004 goto err; 2207 goto err;
2005 } 2208 }
2006 2209
2007 if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, 2210 if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
2008 &kssl_err)) != 0) 2211 &kssl_err)) != 0)
2009 { 2212 {
2010#ifdef KSSL_DEBUG 2213#ifdef KSSL_DEBUG
2011 printf("kssl_sget_tkt rtn %d [%d]\n", 2214 printf("kssl_sget_tkt rtn %d [%d]\n",
2012 krb5rc, kssl_err.reason); 2215 krb5rc, kssl_err.reason);
2013 if (kssl_err.text) 2216 if (kssl_err.text)
2014 printf("kssl_err text= %s\n", kssl_err.text); 2217 printf("kssl_err text= %s\n", kssl_err.text);
2015#endif /* KSSL_DEBUG */ 2218#endif /* KSSL_DEBUG */
2016 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2219 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2017 kssl_err.reason); 2220 kssl_err.reason);
2018 goto err; 2221 goto err;
2019 } 2222 }
2020 2223
2021 /* Note: no authenticator is not considered an error, 2224 /* Note: no authenticator is not considered an error,
2022 ** but will return authtime == 0. 2225 ** but will return authtime == 0.
@@ -2025,29 +2228,29 @@ int ssl3_get_client_key_exchange(SSL *s)
2025 &authtime, &kssl_err)) != 0) 2228 &authtime, &kssl_err)) != 0)
2026 { 2229 {
2027#ifdef KSSL_DEBUG 2230#ifdef KSSL_DEBUG
2028 printf("kssl_check_authent rtn %d [%d]\n", 2231 printf("kssl_check_authent rtn %d [%d]\n",
2029 krb5rc, kssl_err.reason); 2232 krb5rc, kssl_err.reason);
2030 if (kssl_err.text) 2233 if (kssl_err.text)
2031 printf("kssl_err text= %s\n", kssl_err.text); 2234 printf("kssl_err text= %s\n", kssl_err.text);
2032#endif /* KSSL_DEBUG */ 2235#endif /* KSSL_DEBUG */
2033 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2236 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2034 kssl_err.reason); 2237 kssl_err.reason);
2035 goto err; 2238 goto err;
2036 } 2239 }
2037 2240
2038 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) 2241 if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
2039 { 2242 {
2040 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); 2243 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
2041 goto err; 2244 goto err;
2042 } 2245 }
2043 2246
2044#ifdef KSSL_DEBUG 2247#ifdef KSSL_DEBUG
2045 kssl_ctx_show(kssl_ctx); 2248 kssl_ctx_show(kssl_ctx);
2046#endif /* KSSL_DEBUG */ 2249#endif /* KSSL_DEBUG */
2047 2250
2048 enc = kssl_map_enc(kssl_ctx->enctype); 2251 enc = kssl_map_enc(kssl_ctx->enctype);
2049 if (enc == NULL) 2252 if (enc == NULL)
2050 goto err; 2253 goto err;
2051 2254
2052 memset(iv, 0, sizeof iv); /* per RFC 1510 */ 2255 memset(iv, 0, sizeof iv); /* per RFC 1510 */
2053 2256
@@ -2094,7 +2297,7 @@ int ssl3_get_client_key_exchange(SSL *s)
2094 * (Perhaps we should have a separate BUG value for the Kerberos cipher) 2297 * (Perhaps we should have a separate BUG value for the Kerberos cipher)
2095 */ 2298 */
2096 if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) 2299 if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
2097 { 2300 {
2098 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2301 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2099 SSL_AD_DECODE_ERROR); 2302 SSL_AD_DECODE_ERROR);
2100 goto err; 2303 goto err;
@@ -2103,32 +2306,32 @@ int ssl3_get_client_key_exchange(SSL *s)
2103 2306
2104 EVP_CIPHER_CTX_cleanup(&ciph_ctx); 2307 EVP_CIPHER_CTX_cleanup(&ciph_ctx);
2105 2308
2106 s->session->master_key_length= 2309 s->session->master_key_length=
2107 s->method->ssl3_enc->generate_master_secret(s, 2310 s->method->ssl3_enc->generate_master_secret(s,
2108 s->session->master_key, pms, outl); 2311 s->session->master_key, pms, outl);
2109 2312
2110 if (kssl_ctx->client_princ) 2313 if (kssl_ctx->client_princ)
2111 { 2314 {
2112 size_t len = strlen(kssl_ctx->client_princ); 2315 size_t len = strlen(kssl_ctx->client_princ);
2113 if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 2316 if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
2114 { 2317 {
2115 s->session->krb5_client_princ_len = len; 2318 s->session->krb5_client_princ_len = len;
2116 memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len); 2319 memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
2117 } 2320 }
2118 } 2321 }
2119 2322
2120 2323
2121 /* Was doing kssl_ctx_free() here, 2324 /* Was doing kssl_ctx_free() here,
2122 ** but it caused problems for apache. 2325 ** but it caused problems for apache.
2123 ** kssl_ctx = kssl_ctx_free(kssl_ctx); 2326 ** kssl_ctx = kssl_ctx_free(kssl_ctx);
2124 ** if (s->kssl_ctx) s->kssl_ctx = NULL; 2327 ** if (s->kssl_ctx) s->kssl_ctx = NULL;
2125 */ 2328 */
2126 } 2329 }
2127 else 2330 else
2128#endif /* OPENSSL_NO_KRB5 */ 2331#endif /* OPENSSL_NO_KRB5 */
2129 2332
2130#ifndef OPENSSL_NO_ECDH 2333#ifndef OPENSSL_NO_ECDH
2131 if ((l & SSL_kECDH) || (l & SSL_kECDHE)) 2334 if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
2132 { 2335 {
2133 int ret = 1; 2336 int ret = 1;
2134 int field_size = 0; 2337 int field_size = 0;
@@ -2136,18 +2339,18 @@ int ssl3_get_client_key_exchange(SSL *s)
2136 const EC_GROUP *group; 2339 const EC_GROUP *group;
2137 const BIGNUM *priv_key; 2340 const BIGNUM *priv_key;
2138 2341
2139 /* initialize structures for server's ECDH key pair */ 2342 /* initialize structures for server's ECDH key pair */
2140 if ((srvr_ecdh = EC_KEY_new()) == NULL) 2343 if ((srvr_ecdh = EC_KEY_new()) == NULL)
2141 { 2344 {
2142 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2345 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2143 ERR_R_MALLOC_FAILURE); 2346 ERR_R_MALLOC_FAILURE);
2144 goto err; 2347 goto err;
2145 } 2348 }
2146 2349
2147 /* Let's get server private key and group information */ 2350 /* Let's get server private key and group information */
2148 if (l & SSL_kECDH) 2351 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
2149 { 2352 {
2150 /* use the certificate */ 2353 /* use the certificate */
2151 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec; 2354 tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
2152 } 2355 }
2153 else 2356 else
@@ -2177,20 +2380,20 @@ int ssl3_get_client_key_exchange(SSL *s)
2177 goto err; 2380 goto err;
2178 } 2381 }
2179 2382
2180 if (n == 0L) 2383 if (n == 0L)
2181 { 2384 {
2182 /* Client Publickey was in Client Certificate */ 2385 /* Client Publickey was in Client Certificate */
2183 2386
2184 if (l & SSL_kECDHE) 2387 if (alg_k & SSL_kEECDH)
2185 { 2388 {
2186 al=SSL_AD_HANDSHAKE_FAILURE; 2389 al=SSL_AD_HANDSHAKE_FAILURE;
2187 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); 2390 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
2188 goto f_err; 2391 goto f_err;
2189 } 2392 }
2190 if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer)) 2393 if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
2191 == NULL) || 2394 == NULL) ||
2192 (clnt_pub_pkey->type != EVP_PKEY_EC)) 2395 (clnt_pub_pkey->type != EVP_PKEY_EC))
2193 { 2396 {
2194 /* XXX: For now, we do not support client 2397 /* XXX: For now, we do not support client
2195 * authentication using ECDH certificates 2398 * authentication using ECDH certificates
2196 * so this branch (n == 0L) of the code is 2399 * so this branch (n == 0L) of the code is
@@ -2202,11 +2405,11 @@ int ssl3_get_client_key_exchange(SSL *s)
2202 * the two ECDH shares are for the same 2405 * the two ECDH shares are for the same
2203 * group. 2406 * group.
2204 */ 2407 */
2205 al=SSL_AD_HANDSHAKE_FAILURE; 2408 al=SSL_AD_HANDSHAKE_FAILURE;
2206 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2409 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2207 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS); 2410 SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
2208 goto f_err; 2411 goto f_err;
2209 } 2412 }
2210 2413
2211 if (EC_POINT_copy(clnt_ecpoint, 2414 if (EC_POINT_copy(clnt_ecpoint,
2212 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0) 2415 EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
@@ -2215,10 +2418,10 @@ int ssl3_get_client_key_exchange(SSL *s)
2215 ERR_R_EC_LIB); 2418 ERR_R_EC_LIB);
2216 goto err; 2419 goto err;
2217 } 2420 }
2218 ret = 2; /* Skip certificate verify processing */ 2421 ret = 2; /* Skip certificate verify processing */
2219 } 2422 }
2220 else 2423 else
2221 { 2424 {
2222 /* Get client's public key from encoded point 2425 /* Get client's public key from encoded point
2223 * in the ClientKeyExchange message. 2426 * in the ClientKeyExchange message.
2224 */ 2427 */
@@ -2229,21 +2432,21 @@ int ssl3_get_client_key_exchange(SSL *s)
2229 goto err; 2432 goto err;
2230 } 2433 }
2231 2434
2232 /* Get encoded point length */ 2435 /* Get encoded point length */
2233 i = *p; 2436 i = *p;
2234 p += 1; 2437 p += 1;
2235 if (EC_POINT_oct2point(group, 2438 if (EC_POINT_oct2point(group,
2236 clnt_ecpoint, p, i, bn_ctx) == 0) 2439 clnt_ecpoint, p, i, bn_ctx) == 0)
2237 { 2440 {
2238 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2441 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2239 ERR_R_EC_LIB); 2442 ERR_R_EC_LIB);
2240 goto err; 2443 goto err;
2241 } 2444 }
2242 /* p is pointing to somewhere in the buffer 2445 /* p is pointing to somewhere in the buffer
2243 * currently, so set it to the start 2446 * currently, so set it to the start
2244 */ 2447 */
2245 p=(unsigned char *)s->init_buf->data; 2448 p=(unsigned char *)s->init_buf->data;
2246 } 2449 }
2247 2450
2248 /* Compute the shared pre-master secret */ 2451 /* Compute the shared pre-master secret */
2249 field_size = EC_GROUP_get_degree(group); 2452 field_size = EC_GROUP_get_degree(group);
@@ -2254,28 +2457,190 @@ int ssl3_get_client_key_exchange(SSL *s)
2254 goto err; 2457 goto err;
2255 } 2458 }
2256 i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); 2459 i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
2257 if (i <= 0) 2460 if (i <= 0)
2258 { 2461 {
2259 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2462 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2260 ERR_R_ECDH_LIB); 2463 ERR_R_ECDH_LIB);
2261 goto err; 2464 goto err;
2262 } 2465 }
2263 2466
2264 EVP_PKEY_free(clnt_pub_pkey); 2467 EVP_PKEY_free(clnt_pub_pkey);
2265 EC_POINT_free(clnt_ecpoint); 2468 EC_POINT_free(clnt_ecpoint);
2266 if (srvr_ecdh != NULL) 2469 EC_KEY_free(srvr_ecdh);
2267 EC_KEY_free(srvr_ecdh);
2268 BN_CTX_free(bn_ctx); 2470 BN_CTX_free(bn_ctx);
2471 EC_KEY_free(s->s3->tmp.ecdh);
2472 s->s3->tmp.ecdh = NULL;
2269 2473
2270 /* Compute the master secret */ 2474 /* Compute the master secret */
2271 s->session->master_key_length = s->method->ssl3_enc-> \ 2475 s->session->master_key_length = s->method->ssl3_enc-> \
2272 generate_master_secret(s, s->session->master_key, p, i); 2476 generate_master_secret(s, s->session->master_key, p, i);
2273 2477
2274 OPENSSL_cleanse(p, i); 2478 OPENSSL_cleanse(p, i);
2275 return (ret); 2479 return (ret);
2276 } 2480 }
2277 else 2481 else
2278#endif 2482#endif
2483#ifndef OPENSSL_NO_PSK
2484 if (alg_k & SSL_kPSK)
2485 {
2486 unsigned char *t = NULL;
2487 unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
2488 unsigned int pre_ms_len = 0, psk_len = 0;
2489 int psk_err = 1;
2490 char tmp_id[PSK_MAX_IDENTITY_LEN+1];
2491
2492 al=SSL_AD_HANDSHAKE_FAILURE;
2493
2494 n2s(p,i);
2495 if (n != i+2)
2496 {
2497 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2498 SSL_R_LENGTH_MISMATCH);
2499 goto psk_err;
2500 }
2501 if (i > PSK_MAX_IDENTITY_LEN)
2502 {
2503 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2504 SSL_R_DATA_LENGTH_TOO_LONG);
2505 goto psk_err;
2506 }
2507 if (s->psk_server_callback == NULL)
2508 {
2509 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2510 SSL_R_PSK_NO_SERVER_CB);
2511 goto psk_err;
2512 }
2513
2514 /* Create guaranteed NULL-terminated identity
2515 * string for the callback */
2516 memcpy(tmp_id, p, i);
2517 memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
2518 psk_len = s->psk_server_callback(s, tmp_id,
2519 psk_or_pre_ms, sizeof(psk_or_pre_ms));
2520 OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
2521
2522 if (psk_len > PSK_MAX_PSK_LEN)
2523 {
2524 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2525 ERR_R_INTERNAL_ERROR);
2526 goto psk_err;
2527 }
2528 else if (psk_len == 0)
2529 {
2530 /* PSK related to the given identity not found */
2531 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2532 SSL_R_PSK_IDENTITY_NOT_FOUND);
2533 al=SSL_AD_UNKNOWN_PSK_IDENTITY;
2534 goto psk_err;
2535 }
2536
2537 /* create PSK pre_master_secret */
2538 pre_ms_len=2+psk_len+2+psk_len;
2539 t = psk_or_pre_ms;
2540 memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
2541 s2n(psk_len, t);
2542 memset(t, 0, psk_len);
2543 t+=psk_len;
2544 s2n(psk_len, t);
2545
2546 if (s->session->psk_identity != NULL)
2547 OPENSSL_free(s->session->psk_identity);
2548 s->session->psk_identity = BUF_strdup((char *)p);
2549 if (s->session->psk_identity == NULL)
2550 {
2551 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2552 ERR_R_MALLOC_FAILURE);
2553 goto psk_err;
2554 }
2555
2556 if (s->session->psk_identity_hint != NULL)
2557 OPENSSL_free(s->session->psk_identity_hint);
2558 s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
2559 if (s->ctx->psk_identity_hint != NULL &&
2560 s->session->psk_identity_hint == NULL)
2561 {
2562 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
2563 ERR_R_MALLOC_FAILURE);
2564 goto psk_err;
2565 }
2566
2567 s->session->master_key_length=
2568 s->method->ssl3_enc->generate_master_secret(s,
2569 s->session->master_key, psk_or_pre_ms, pre_ms_len);
2570 psk_err = 0;
2571 psk_err:
2572 OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
2573 if (psk_err != 0)
2574 goto f_err;
2575 }
2576 else
2577#endif
2578 if (alg_k & SSL_kGOST)
2579 {
2580 int ret = 0;
2581 EVP_PKEY_CTX *pkey_ctx;
2582 EVP_PKEY *client_pub_pkey = NULL;
2583 unsigned char premaster_secret[32], *start;
2584 size_t outlen=32, inlen;
2585
2586 /* Get our certificate private key*/
2587 pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL);
2588 EVP_PKEY_decrypt_init(pkey_ctx);
2589 /* If client certificate is present and is of the same type, maybe
2590 * use it for key exchange. Don't mind errors from
2591 * EVP_PKEY_derive_set_peer, because it is completely valid to use
2592 * a client certificate for authorization only. */
2593 client_pub_pkey = X509_get_pubkey(s->session->peer);
2594 if (client_pub_pkey)
2595 {
2596 if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
2597 ERR_clear_error();
2598 }
2599 /* Decrypt session key */
2600 if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED)))
2601 {
2602 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2603 goto gerr;
2604 }
2605 if (p[1] == 0x81)
2606 {
2607 start = p+3;
2608 inlen = p[2];
2609 }
2610 else if (p[1] < 0x80)
2611 {
2612 start = p+2;
2613 inlen = p[1];
2614 }
2615 else
2616 {
2617 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2618 goto gerr;
2619 }
2620 if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0)
2621
2622 {
2623 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
2624 goto gerr;
2625 }
2626 /* Generate master secret */
2627 s->session->master_key_length=
2628 s->method->ssl3_enc->generate_master_secret(s,
2629 s->session->master_key,premaster_secret,32);
2630 /* Check if pubkey from client certificate was used */
2631 if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
2632 ret = 2;
2633 else
2634 ret = 1;
2635 gerr:
2636 EVP_PKEY_free(client_pub_pkey);
2637 EVP_PKEY_CTX_free(pkey_ctx);
2638 if (ret)
2639 return ret;
2640 else
2641 goto err;
2642 }
2643 else
2279 { 2644 {
2280 al=SSL_AD_HANDSHAKE_FAILURE; 2645 al=SSL_AD_HANDSHAKE_FAILURE;
2281 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 2646 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2365,15 +2730,25 @@ int ssl3_get_cert_verify(SSL *s)
2365 2730
2366 /* we now have a signature that we need to verify */ 2731 /* we now have a signature that we need to verify */
2367 p=(unsigned char *)s->init_msg; 2732 p=(unsigned char *)s->init_msg;
2368 n2s(p,i); 2733 /* Check for broken implementations of GOST ciphersuites */
2369 n-=2; 2734 /* If key is GOST and n is exactly 64, it is bare
2370 if (i > n) 2735 * signature without length field */
2736 if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
2737 pkey->type == NID_id_GostR3410_2001) )
2371 { 2738 {
2372 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH); 2739 i=64;
2373 al=SSL_AD_DECODE_ERROR; 2740 }
2374 goto f_err; 2741 else
2375 } 2742 {
2376 2743 n2s(p,i);
2744 n-=2;
2745 if (i > n)
2746 {
2747 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
2748 al=SSL_AD_DECODE_ERROR;
2749 goto f_err;
2750 }
2751 }
2377 j=EVP_PKEY_size(pkey); 2752 j=EVP_PKEY_size(pkey);
2378 if ((i > j) || (n > j) || (n <= 0)) 2753 if ((i > j) || (n > j) || (n <= 0))
2379 { 2754 {
@@ -2436,6 +2811,28 @@ int ssl3_get_cert_verify(SSL *s)
2436 } 2811 }
2437 else 2812 else
2438#endif 2813#endif
2814 if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
2815 { unsigned char signature[64];
2816 int idx;
2817 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
2818 EVP_PKEY_verify_init(pctx);
2819 if (i!=64) {
2820 fprintf(stderr,"GOST signature length is %d",i);
2821 }
2822 for (idx=0;idx<64;idx++) {
2823 signature[63-idx]=p[idx];
2824 }
2825 j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
2826 EVP_PKEY_CTX_free(pctx);
2827 if (j<=0)
2828 {
2829 al=SSL_AD_DECRYPT_ERROR;
2830 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2831 SSL_R_BAD_ECDSA_SIGNATURE);
2832 goto f_err;
2833 }
2834 }
2835 else
2439 { 2836 {
2440 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); 2837 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
2441 al=SSL_AD_UNSUPPORTED_CERTIFICATE; 2838 al=SSL_AD_UNSUPPORTED_CERTIFICATE;
@@ -2618,14 +3015,15 @@ int ssl3_send_server_certificate(SSL *s)
2618 if (s->state == SSL3_ST_SW_CERT_A) 3015 if (s->state == SSL3_ST_SW_CERT_A)
2619 { 3016 {
2620 x=ssl_get_server_send_cert(s); 3017 x=ssl_get_server_send_cert(s);
2621 if (x == NULL && 3018 if (x == NULL)
2622 /* VRS: allow null cert if auth == KRB5 */
2623 (s->s3->tmp.new_cipher->algorithms
2624 & (SSL_MKEY_MASK|SSL_AUTH_MASK))
2625 != (SSL_aKRB5|SSL_kKRB5))
2626 { 3019 {
2627 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); 3020 /* VRS: allow null cert if auth == KRB5 */
2628 return(0); 3021 if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
3022 (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
3023 {
3024 SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
3025 return(0);
3026 }
2629 } 3027 }
2630 3028
2631 l=ssl3_output_cert_chain(s,x); 3029 l=ssl3_output_cert_chain(s,x);
@@ -2637,70 +3035,6 @@ int ssl3_send_server_certificate(SSL *s)
2637 /* SSL3_ST_SW_CERT_B */ 3035 /* SSL3_ST_SW_CERT_B */
2638 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 3036 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
2639 } 3037 }
2640
2641
2642#ifndef OPENSSL_NO_ECDH
2643/* This is the complement of curve_id2nid in s3_clnt.c. */
2644static int nid2curve_id(int nid)
2645{
2646 /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
2647 * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
2648 switch (nid) {
2649 case NID_sect163k1: /* sect163k1 (1) */
2650 return 1;
2651 case NID_sect163r1: /* sect163r1 (2) */
2652 return 2;
2653 case NID_sect163r2: /* sect163r2 (3) */
2654 return 3;
2655 case NID_sect193r1: /* sect193r1 (4) */
2656 return 4;
2657 case NID_sect193r2: /* sect193r2 (5) */
2658 return 5;
2659 case NID_sect233k1: /* sect233k1 (6) */
2660 return 6;
2661 case NID_sect233r1: /* sect233r1 (7) */
2662 return 7;
2663 case NID_sect239k1: /* sect239k1 (8) */
2664 return 8;
2665 case NID_sect283k1: /* sect283k1 (9) */
2666 return 9;
2667 case NID_sect283r1: /* sect283r1 (10) */
2668 return 10;
2669 case NID_sect409k1: /* sect409k1 (11) */
2670 return 11;
2671 case NID_sect409r1: /* sect409r1 (12) */
2672 return 12;
2673 case NID_sect571k1: /* sect571k1 (13) */
2674 return 13;
2675 case NID_sect571r1: /* sect571r1 (14) */
2676 return 14;
2677 case NID_secp160k1: /* secp160k1 (15) */
2678 return 15;
2679 case NID_secp160r1: /* secp160r1 (16) */
2680 return 16;
2681 case NID_secp160r2: /* secp160r2 (17) */
2682 return 17;
2683 case NID_secp192k1: /* secp192k1 (18) */
2684 return 18;
2685 case NID_X9_62_prime192v1: /* secp192r1 (19) */
2686 return 19;
2687 case NID_secp224k1: /* secp224k1 (20) */
2688 return 20;
2689 case NID_secp224r1: /* secp224r1 (21) */
2690 return 21;
2691 case NID_secp256k1: /* secp256k1 (22) */
2692 return 22;
2693 case NID_X9_62_prime256v1: /* secp256r1 (23) */
2694 return 23;
2695 case NID_secp384r1: /* secp384r1 (24) */
2696 return 24;
2697 case NID_secp521r1: /* secp521r1 (25) */
2698 return 25;
2699 default:
2700 return 0;
2701 }
2702}
2703#endif
2704#ifndef OPENSSL_NO_TLSEXT 3038#ifndef OPENSSL_NO_TLSEXT
2705int ssl3_send_newsession_ticket(SSL *s) 3039int ssl3_send_newsession_ticket(SSL *s)
2706 { 3040 {
@@ -2711,6 +3045,7 @@ int ssl3_send_newsession_ticket(SSL *s)
2711 unsigned int hlen; 3045 unsigned int hlen;
2712 EVP_CIPHER_CTX ctx; 3046 EVP_CIPHER_CTX ctx;
2713 HMAC_CTX hctx; 3047 HMAC_CTX hctx;
3048 SSL_CTX *tctx = s->initial_ctx;
2714 unsigned char iv[EVP_MAX_IV_LENGTH]; 3049 unsigned char iv[EVP_MAX_IV_LENGTH];
2715 unsigned char key_name[16]; 3050 unsigned char key_name[16];
2716 3051
@@ -2749,9 +3084,9 @@ int ssl3_send_newsession_ticket(SSL *s)
2749 * it does all the work otherwise use generated values 3084 * it does all the work otherwise use generated values
2750 * from parent ctx. 3085 * from parent ctx.
2751 */ 3086 */
2752 if (s->ctx->tlsext_ticket_key_cb) 3087 if (tctx->tlsext_ticket_key_cb)
2753 { 3088 {
2754 if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, 3089 if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
2755 &hctx, 1) < 0) 3090 &hctx, 1) < 0)
2756 { 3091 {
2757 OPENSSL_free(senc); 3092 OPENSSL_free(senc);
@@ -2762,10 +3097,10 @@ int ssl3_send_newsession_ticket(SSL *s)
2762 { 3097 {
2763 RAND_pseudo_bytes(iv, 16); 3098 RAND_pseudo_bytes(iv, 16);
2764 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 3099 EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
2765 s->ctx->tlsext_tick_aes_key, iv); 3100 tctx->tlsext_tick_aes_key, iv);
2766 HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, 3101 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2767 tlsext_tick_md(), NULL); 3102 tlsext_tick_md(), NULL);
2768 memcpy(key_name, s->ctx->tlsext_tick_key_name, 16); 3103 memcpy(key_name, tctx->tlsext_tick_key_name, 16);
2769 } 3104 }
2770 l2n(s->session->tlsext_tick_lifetime_hint, p); 3105 l2n(s->session->tlsext_tick_lifetime_hint, p);
2771 /* Skip ticket length for now */ 3106 /* Skip ticket length for now */
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index ff8a128d3c..e4c3f65010 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -109,62 +109,35 @@
109 * 109 *
110 */ 110 */
111/* ==================================================================== 111/* ====================================================================
112 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
113 * 118 *
114 * Redistribution and use in source and binary forms, with or without 119 * The portions of the attached software ("Contribution") is developed by
115 * modification, are permitted provided that the following conditions 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * are met: 121 * license.
117 * 122 *
118 * 1. Redistributions of source code must retain the above copyright 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * notice, this list of conditions and the following disclaimer. 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
120 * 126 *
121 * 2. Redistributions in binary form must reproduce the above copyright 127 * No patent licenses or other rights except those expressly stated in
122 * notice, this list of conditions and the following disclaimer in 128 * the OpenSSL open source license shall be deemed granted or received
123 * the documentation and/or other materials provided with the 129 * expressly, by implication, estoppel, or otherwise.
124 * distribution.
125 * 130 *
126 * 3. All advertising materials mentioning features or use of this 131 * No assurances are provided by Nokia that the Contribution does not
127 * software must display the following acknowledgment: 132 * infringe the patent or other intellectual property rights of any third
128 * "This product includes software developed by the OpenSSL Project 133 * party or that the license provides you with all the necessary rights
129 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 134 * to make use of the Contribution.
130 *
131 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
132 * endorse or promote products derived from this software without
133 * prior written permission. For written permission, please contact
134 * openssl-core@openssl.org.
135 *
136 * 5. Products derived from this software may not be called "OpenSSL"
137 * nor may "OpenSSL" appear in their names without prior written
138 * permission of the OpenSSL Project.
139 *
140 * 6. Redistributions of any form whatsoever must retain the following
141 * acknowledgment:
142 * "This product includes software developed by the OpenSSL Project
143 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
144 *
145 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
146 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
147 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
148 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
149 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
150 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
151 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
152 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
153 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
154 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
155 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
156 * OF THE POSSIBILITY OF SUCH DAMAGE.
157 * ====================================================================
158 *
159 * This product includes cryptographic software written by Eric Young
160 * (eay@cryptsoft.com). This product includes software written by Tim
161 * Hudson (tjh@cryptsoft.com).
162 * 135 *
163 */ 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
164/* ==================================================================== 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
165 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
166 * ECC cipher suite support in OpenSSL originally developed by 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
167 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 140 * OTHERWISE.
168 */ 141 */
169 142
170#ifndef HEADER_SSL_H 143#ifndef HEADER_SSL_H
@@ -248,56 +221,88 @@ extern "C" {
248#define SSL_MAX_KEY_ARG_LENGTH 8 221#define SSL_MAX_KEY_ARG_LENGTH 8
249#define SSL_MAX_MASTER_KEY_LENGTH 48 222#define SSL_MAX_MASTER_KEY_LENGTH 48
250 223
224
251/* These are used to specify which ciphers to use and not to use */ 225/* These are used to specify which ciphers to use and not to use */
226
227#define SSL_TXT_EXP40 "EXPORT40"
228#define SSL_TXT_EXP56 "EXPORT56"
252#define SSL_TXT_LOW "LOW" 229#define SSL_TXT_LOW "LOW"
253#define SSL_TXT_MEDIUM "MEDIUM" 230#define SSL_TXT_MEDIUM "MEDIUM"
254#define SSL_TXT_HIGH "HIGH" 231#define SSL_TXT_HIGH "HIGH"
255#define SSL_TXT_FIPS "FIPS" 232#define SSL_TXT_FIPS "FIPS"
256#define SSL_TXT_kFZA "kFZA" 233
257#define SSL_TXT_aFZA "aFZA" 234#define SSL_TXT_kFZA "kFZA" /* unused! */
258#define SSL_TXT_eFZA "eFZA" 235#define SSL_TXT_aFZA "aFZA" /* unused! */
259#define SSL_TXT_FZA "FZA" 236#define SSL_TXT_eFZA "eFZA" /* unused! */
237#define SSL_TXT_FZA "FZA" /* unused! */
260 238
261#define SSL_TXT_aNULL "aNULL" 239#define SSL_TXT_aNULL "aNULL"
262#define SSL_TXT_eNULL "eNULL" 240#define SSL_TXT_eNULL "eNULL"
263#define SSL_TXT_NULL "NULL" 241#define SSL_TXT_NULL "NULL"
264 242
265#define SSL_TXT_kKRB5 "kKRB5"
266#define SSL_TXT_aKRB5 "aKRB5"
267#define SSL_TXT_KRB5 "KRB5"
268
269#define SSL_TXT_kRSA "kRSA" 243#define SSL_TXT_kRSA "kRSA"
270#define SSL_TXT_kDHr "kDHr" 244#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
271#define SSL_TXT_kDHd "kDHd" 245#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
246#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
272#define SSL_TXT_kEDH "kEDH" 247#define SSL_TXT_kEDH "kEDH"
248#define SSL_TXT_kKRB5 "kKRB5"
249#define SSL_TXT_kECDHr "kECDHr"
250#define SSL_TXT_kECDHe "kECDHe"
251#define SSL_TXT_kECDH "kECDH"
252#define SSL_TXT_kEECDH "kEECDH"
253#define SSL_TXT_kPSK "kPSK"
254#define SSL_TXT_kGOST "kGOST"
255
273#define SSL_TXT_aRSA "aRSA" 256#define SSL_TXT_aRSA "aRSA"
274#define SSL_TXT_aDSS "aDSS" 257#define SSL_TXT_aDSS "aDSS"
275#define SSL_TXT_aDH "aDH" 258#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
259#define SSL_TXT_aECDH "aECDH"
260#define SSL_TXT_aKRB5 "aKRB5"
261#define SSL_TXT_aECDSA "aECDSA"
262#define SSL_TXT_aPSK "aPSK"
263#define SSL_TXT_aGOST94 "aGOST94"
264#define SSL_TXT_aGOST01 "aGOST01"
265#define SSL_TXT_aGOST "aGOST"
266
276#define SSL_TXT_DSS "DSS" 267#define SSL_TXT_DSS "DSS"
277#define SSL_TXT_DH "DH" 268#define SSL_TXT_DH "DH"
278#define SSL_TXT_EDH "EDH" 269#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */
279#define SSL_TXT_ADH "ADH" 270#define SSL_TXT_ADH "ADH"
280#define SSL_TXT_RSA "RSA" 271#define SSL_TXT_RSA "RSA"
272#define SSL_TXT_ECDH "ECDH"
273#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
274#define SSL_TXT_AECDH "AECDH"
275#define SSL_TXT_ECDSA "ECDSA"
276#define SSL_TXT_KRB5 "KRB5"
277#define SSL_TXT_PSK "PSK"
278
281#define SSL_TXT_DES "DES" 279#define SSL_TXT_DES "DES"
282#define SSL_TXT_3DES "3DES" 280#define SSL_TXT_3DES "3DES"
283#define SSL_TXT_RC4 "RC4" 281#define SSL_TXT_RC4 "RC4"
284#define SSL_TXT_RC2 "RC2" 282#define SSL_TXT_RC2 "RC2"
285#define SSL_TXT_IDEA "IDEA" 283#define SSL_TXT_IDEA "IDEA"
286#define SSL_TXT_SEED "SEED" 284#define SSL_TXT_SEED "SEED"
285#define SSL_TXT_AES128 "AES128"
286#define SSL_TXT_AES256 "AES256"
287#define SSL_TXT_AES "AES" 287#define SSL_TXT_AES "AES"
288#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
289#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
288#define SSL_TXT_CAMELLIA "CAMELLIA" 290#define SSL_TXT_CAMELLIA "CAMELLIA"
291
289#define SSL_TXT_MD5 "MD5" 292#define SSL_TXT_MD5 "MD5"
290#define SSL_TXT_SHA1 "SHA1" 293#define SSL_TXT_SHA1 "SHA1"
291#define SSL_TXT_SHA "SHA" 294#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
292#define SSL_TXT_EXP "EXP" 295#define SSL_TXT_GOST94 "GOST94"
293#define SSL_TXT_EXPORT "EXPORT" 296#define SSL_TXT_GOST89MAC "GOST89MAC"
294#define SSL_TXT_EXP40 "EXPORT40" 297
295#define SSL_TXT_EXP56 "EXPORT56"
296#define SSL_TXT_SSLV2 "SSLv2" 298#define SSL_TXT_SSLV2 "SSLv2"
297#define SSL_TXT_SSLV3 "SSLv3" 299#define SSL_TXT_SSLV3 "SSLv3"
298#define SSL_TXT_TLSV1 "TLSv1" 300#define SSL_TXT_TLSV1 "TLSv1"
301
302#define SSL_TXT_EXP "EXP"
303#define SSL_TXT_EXPORT "EXPORT"
304
299#define SSL_TXT_ALL "ALL" 305#define SSL_TXT_ALL "ALL"
300#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */
301 306
302/* 307/*
303 * COMPLEMENTOF* definitions. These identifiers are used to (de-select) 308 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
@@ -319,7 +324,13 @@ extern "C" {
319/* The following cipher list is used by default. 324/* The following cipher list is used by default.
320 * It also is substituted when an application-defined cipher list string 325 * It also is substituted when an application-defined cipher list string
321 * starts with 'DEFAULT'. */ 326 * starts with 'DEFAULT'. */
322#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ 327#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
328/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
329 * starts with a reasonable order, and all we have to do for DEFAULT is
330 * throwing out anonymous and unencrypted ciphersuites!
331 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
332 * some of them.)
333 */
323 334
324/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 335/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
325#define SSL_SENT_SHUTDOWN 1 336#define SSL_SENT_SHUTDOWN 1
@@ -344,6 +355,7 @@ extern "C" {
344 * 'struct ssl_st *' function parameters used to prototype callbacks 355 * 'struct ssl_st *' function parameters used to prototype callbacks
345 * in SSL_CTX. */ 356 * in SSL_CTX. */
346typedef struct ssl_st *ssl_crock_st; 357typedef struct ssl_st *ssl_crock_st;
358typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
347 359
348/* used to hold info on the particular ciphers used */ 360/* used to hold info on the particular ciphers used */
349typedef struct ssl_cipher_st 361typedef struct ssl_cipher_st
@@ -351,17 +363,25 @@ typedef struct ssl_cipher_st
351 int valid; 363 int valid;
352 const char *name; /* text name */ 364 const char *name; /* text name */
353 unsigned long id; /* id, 4 bytes, first is version */ 365 unsigned long id; /* id, 4 bytes, first is version */
354 unsigned long algorithms; /* what ciphers are used */ 366
367 /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
368 unsigned long algorithm_mkey; /* key exchange algorithm */
369 unsigned long algorithm_auth; /* server authentication */
370 unsigned long algorithm_enc; /* symmetric encryption */
371 unsigned long algorithm_mac; /* symmetric authentication */
372 unsigned long algorithm_ssl; /* (major) protocol version */
373
355 unsigned long algo_strength; /* strength and export flags */ 374 unsigned long algo_strength; /* strength and export flags */
356 unsigned long algorithm2; /* Extra flags */ 375 unsigned long algorithm2; /* Extra flags */
357 int strength_bits; /* Number of bits really used */ 376 int strength_bits; /* Number of bits really used */
358 int alg_bits; /* Number of bits for algorithm */ 377 int alg_bits; /* Number of bits for algorithm */
359 unsigned long mask; /* used for matching */
360 unsigned long mask_strength; /* also used for matching */
361 } SSL_CIPHER; 378 } SSL_CIPHER;
362 379
363DECLARE_STACK_OF(SSL_CIPHER) 380DECLARE_STACK_OF(SSL_CIPHER)
364 381
382typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
383typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
384
365/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 385/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
366typedef struct ssl_method_st 386typedef struct ssl_method_st
367 { 387 {
@@ -385,12 +405,12 @@ typedef struct ssl_method_st
385 int (*ssl_dispatch_alert)(SSL *s); 405 int (*ssl_dispatch_alert)(SSL *s);
386 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); 406 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
387 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); 407 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
388 SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); 408 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
389 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); 409 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
390 int (*ssl_pending)(const SSL *s); 410 int (*ssl_pending)(const SSL *s);
391 int (*num_ciphers)(void); 411 int (*num_ciphers)(void);
392 SSL_CIPHER *(*get_cipher)(unsigned ncipher); 412 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
393 struct ssl_method_st *(*get_ssl_method)(int version); 413 const struct ssl_method_st *(*get_ssl_method)(int version);
394 long (*get_timeout)(void); 414 long (*get_timeout)(void);
395 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 415 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
396 int (*ssl_version)(void); 416 int (*ssl_version)(void);
@@ -402,17 +422,20 @@ typedef struct ssl_method_st
402 * SSL_SESSION_ID ::= SEQUENCE { 422 * SSL_SESSION_ID ::= SEQUENCE {
403 * version INTEGER, -- structure version number 423 * version INTEGER, -- structure version number
404 * SSLversion INTEGER, -- SSL version number 424 * SSLversion INTEGER, -- SSL version number
405 * Cipher OCTET_STRING, -- the 3 byte cipher ID 425 * Cipher OCTET STRING, -- the 3 byte cipher ID
406 * Session_ID OCTET_STRING, -- the Session ID 426 * Session_ID OCTET STRING, -- the Session ID
407 * Master_key OCTET_STRING, -- the master key 427 * Master_key OCTET STRING, -- the master key
408 * KRB5_principal OCTET_STRING -- optional Kerberos principal 428 * KRB5_principal OCTET STRING -- optional Kerberos principal
409 * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument 429 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
410 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time 430 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
411 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds 431 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
412 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate 432 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
413 * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context 433 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
414 * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' 434 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
415 * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX 435 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
436 * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension
437 * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
438 * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
416 * } 439 * }
417 * Look in ssl/ssl_asn1.c for more details 440 * Look in ssl/ssl_asn1.c for more details
418 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 441 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -440,7 +463,10 @@ typedef struct ssl_session_st
440 unsigned int krb5_client_princ_len; 463 unsigned int krb5_client_princ_len;
441 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 464 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
442#endif /* OPENSSL_NO_KRB5 */ 465#endif /* OPENSSL_NO_KRB5 */
443 466#ifndef OPENSSL_NO_PSK
467 char *psk_identity_hint;
468 char *psk_identity;
469#endif
444 int not_resumable; 470 int not_resumable;
445 471
446 /* The cert is the certificate used to establish this connection */ 472 /* The cert is the certificate used to establish this connection */
@@ -459,9 +485,9 @@ typedef struct ssl_session_st
459 long timeout; 485 long timeout;
460 long time; 486 long time;
461 487
462 int compress_meth; /* Need to lookup the method */ 488 unsigned int compress_meth; /* Need to lookup the method */
463 489
464 SSL_CIPHER *cipher; 490 const SSL_CIPHER *cipher;
465 unsigned long cipher_id; /* when ASN.1 loaded, this 491 unsigned long cipher_id; /* when ASN.1 loaded, this
466 * needs to be used to load 492 * needs to be used to load
467 * the 'cipher' structure */ 493 * the 'cipher' structure */
@@ -475,6 +501,12 @@ typedef struct ssl_session_st
475 struct ssl_session_st *prev,*next; 501 struct ssl_session_st *prev,*next;
476#ifndef OPENSSL_NO_TLSEXT 502#ifndef OPENSSL_NO_TLSEXT
477 char *tlsext_hostname; 503 char *tlsext_hostname;
504#ifndef OPENSSL_NO_EC
505 size_t tlsext_ecpointformatlist_length;
506 unsigned char *tlsext_ecpointformatlist; /* peer's list */
507 size_t tlsext_ellipticcurvelist_length;
508 unsigned char *tlsext_ellipticcurvelist; /* peer's list */
509#endif /* OPENSSL_NO_EC */
478 /* RFC4507 info */ 510 /* RFC4507 info */
479 unsigned char *tlsext_tick; /* Session ticket */ 511 unsigned char *tlsext_tick; /* Session ticket */
480 size_t tlsext_ticklen; /* Session ticket length */ 512 size_t tlsext_ticklen; /* Session ticket length */
@@ -485,6 +517,8 @@ typedef struct ssl_session_st
485 517
486#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 518#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
487#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 519#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
520/* Allow initial connection to servers that don't support RI */
521#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
488#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 522#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
489#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L 523#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
490#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 524#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
@@ -502,7 +536,7 @@ typedef struct ssl_session_st
502 536
503/* SSL_OP_ALL: various bug workarounds that should be rather harmless. 537/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
504 * This used to be 0x000FFFFFL before 0.9.7. */ 538 * This used to be 0x000FFFFFL before 0.9.7. */
505#define SSL_OP_ALL 0x00000FFFL 539#define SSL_OP_ALL 0x80000FFFL
506 540
507/* DTLS options */ 541/* DTLS options */
508#define SSL_OP_NO_QUERY_MTU 0x00001000L 542#define SSL_OP_NO_QUERY_MTU 0x00001000L
@@ -510,9 +544,15 @@ typedef struct ssl_session_st
510#define SSL_OP_COOKIE_EXCHANGE 0x00002000L 544#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
511/* Don't use RFC4507 ticket extension */ 545/* Don't use RFC4507 ticket extension */
512#define SSL_OP_NO_TICKET 0x00004000L 546#define SSL_OP_NO_TICKET 0x00004000L
547/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
548#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
513 549
514/* As server, disallow session resumption on renegotiation */ 550/* As server, disallow session resumption on renegotiation */
515#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L 551#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
552/* Don't use compression even if supported */
553#define SSL_OP_NO_COMPRESSION 0x00020000L
554/* Permit unsafe legacy renegotiation */
555#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
516/* If set, always create a new key when using tmp_ecdh parameters */ 556/* If set, always create a new key when using tmp_ecdh parameters */
517#define SSL_OP_SINGLE_ECDH_USE 0x00080000L 557#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
518/* If set, always create a new key when using tmp_dh parameters */ 558/* If set, always create a new key when using tmp_dh parameters */
@@ -539,7 +579,11 @@ typedef struct ssl_session_st
539#define SSL_OP_PKCS1_CHECK_2 0x10000000L 579#define SSL_OP_PKCS1_CHECK_2 0x10000000L
540#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 580#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
541#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L 581#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
542 582/* Make server add server-hello extension from early version of
583 * cryptopro draft, when GOST ciphersuite is negotiated.
584 * Required for interoperability with CryptoPro CSP 3.x
585 */
586#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
543 587
544/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 588/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
545 * when just a single record has been written): */ 589 * when just a single record has been written): */
@@ -554,24 +598,35 @@ typedef struct ssl_session_st
554#define SSL_MODE_AUTO_RETRY 0x00000004L 598#define SSL_MODE_AUTO_RETRY 0x00000004L
555/* Don't attempt to automatically build certificate chain */ 599/* Don't attempt to automatically build certificate chain */
556#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L 600#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
557 601/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
602 * TLS only.) "Released" buffers are put onto a free-list in the context
603 * or just freed (depending on the context's setting for freelist_max_len). */
604#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
558 605
559/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, 606/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
560 * they cannot be used to clear bits. */ 607 * they cannot be used to clear bits. */
561 608
562#define SSL_CTX_set_options(ctx,op) \ 609#define SSL_CTX_set_options(ctx,op) \
563 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) 610 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
611#define SSL_CTX_clear_options(ctx,op) \
612 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
564#define SSL_CTX_get_options(ctx) \ 613#define SSL_CTX_get_options(ctx) \
565 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) 614 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
566#define SSL_set_options(ssl,op) \ 615#define SSL_set_options(ssl,op) \
567 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) 616 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
617#define SSL_clear_options(ssl,op) \
618 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
568#define SSL_get_options(ssl) \ 619#define SSL_get_options(ssl) \
569 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) 620 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
570 621
571#define SSL_CTX_set_mode(ctx,op) \ 622#define SSL_CTX_set_mode(ctx,op) \
572 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) 623 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
624#define SSL_CTX_clear_mode(ctx,op) \
625 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
573#define SSL_CTX_get_mode(ctx) \ 626#define SSL_CTX_get_mode(ctx) \
574 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) 627 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
628#define SSL_clear_mode(ssl,op) \
629 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
575#define SSL_set_mode(ssl,op) \ 630#define SSL_set_mode(ssl,op) \
576 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) 631 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
577#define SSL_get_mode(ssl) \ 632#define SSL_get_mode(ssl) \
@@ -579,6 +634,8 @@ typedef struct ssl_session_st
579#define SSL_set_mtu(ssl, mtu) \ 634#define SSL_set_mtu(ssl, mtu) \
580 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) 635 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
581 636
637#define SSL_get_secure_renegotiation_support(ssl) \
638 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
582 639
583void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 640void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
584void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 641void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -623,17 +680,18 @@ typedef struct ssl_comp_st
623 } SSL_COMP; 680 } SSL_COMP;
624 681
625DECLARE_STACK_OF(SSL_COMP) 682DECLARE_STACK_OF(SSL_COMP)
683DECLARE_LHASH_OF(SSL_SESSION);
626 684
627struct ssl_ctx_st 685struct ssl_ctx_st
628 { 686 {
629 SSL_METHOD *method; 687 const SSL_METHOD *method;
630 688
631 STACK_OF(SSL_CIPHER) *cipher_list; 689 STACK_OF(SSL_CIPHER) *cipher_list;
632 /* same as above but sorted for lookup */ 690 /* same as above but sorted for lookup */
633 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 691 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
634 692
635 struct x509_store_st /* X509_STORE */ *cert_store; 693 struct x509_store_st /* X509_STORE */ *cert_store;
636 struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ 694 LHASH_OF(SSL_SESSION) *sessions;
637 /* Most session-ids that will be cached, default is 695 /* Most session-ids that will be cached, default is
638 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ 696 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
639 unsigned long session_cache_size; 697 unsigned long session_cache_size;
@@ -758,6 +816,12 @@ struct ssl_ctx_st
758 816
759 int quiet_shutdown; 817 int quiet_shutdown;
760 818
819 /* Maximum amount of data to send in one fragment.
820 * actual record size can be more than this due to
821 * padding and MAC overheads.
822 */
823 unsigned int max_send_fragment;
824
761#ifndef OPENSSL_ENGINE 825#ifndef OPENSSL_ENGINE
762 /* Engine to pass requests for client certs to 826 /* Engine to pass requests for client certs to
763 */ 827 */
@@ -776,14 +840,33 @@ struct ssl_ctx_st
776 int (*tlsext_ticket_key_cb)(SSL *ssl, 840 int (*tlsext_ticket_key_cb)(SSL *ssl,
777 unsigned char *name, unsigned char *iv, 841 unsigned char *name, unsigned char *iv,
778 EVP_CIPHER_CTX *ectx, 842 EVP_CIPHER_CTX *ectx,
779 HMAC_CTX *hctx, int enc); 843 HMAC_CTX *hctx, int enc);
780 844
781 /* certificate status request info */ 845 /* certificate status request info */
782 /* Callback for status request */ 846 /* Callback for status request */
783 int (*tlsext_status_cb)(SSL *ssl, void *arg); 847 int (*tlsext_status_cb)(SSL *ssl, void *arg);
784 void *tlsext_status_arg; 848 void *tlsext_status_arg;
849
850 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
851 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
852 void *tlsext_opaque_prf_input_callback_arg;
853#endif
854
855#ifndef OPENSSL_NO_PSK
856 char *psk_identity_hint;
857 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
858 unsigned int max_identity_len, unsigned char *psk,
859 unsigned int max_psk_len);
860 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
861 unsigned char *psk, unsigned int max_psk_len);
785#endif 862#endif
786 863
864#ifndef OPENSSL_NO_BUF_FREELISTS
865#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
866 unsigned int freelist_max_len;
867 struct ssl3_buf_freelist_st *wbuf_freelist;
868 struct ssl3_buf_freelist_st *rbuf_freelist;
869#endif
787 }; 870 };
788 871
789#define SSL_SESS_CACHE_OFF 0x0000 872#define SSL_SESS_CACHE_OFF 0x0000
@@ -797,7 +880,7 @@ struct ssl_ctx_st
797#define SSL_SESS_CACHE_NO_INTERNAL \ 880#define SSL_SESS_CACHE_NO_INTERNAL \
798 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) 881 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
799 882
800 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); 883LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
801#define SSL_CTX_sess_number(ctx) \ 884#define SSL_CTX_sess_number(ctx) \
802 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 885 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
803#define SSL_CTX_sess_connect(ctx) \ 886#define SSL_CTX_sess_connect(ctx) \
@@ -839,6 +922,31 @@ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
839void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); 922void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
840void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); 923void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
841 924
925#ifndef OPENSSL_NO_PSK
926/* the maximum length of the buffer given to callbacks containing the
927 * resulting identity/psk */
928#define PSK_MAX_IDENTITY_LEN 128
929#define PSK_MAX_PSK_LEN 256
930void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
931 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
932 char *identity, unsigned int max_identity_len, unsigned char *psk,
933 unsigned int max_psk_len));
934void SSL_set_psk_client_callback(SSL *ssl,
935 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
936 char *identity, unsigned int max_identity_len, unsigned char *psk,
937 unsigned int max_psk_len));
938void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
939 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
940 unsigned char *psk, unsigned int max_psk_len));
941void SSL_set_psk_server_callback(SSL *ssl,
942 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
943 unsigned char *psk, unsigned int max_psk_len));
944int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
945int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
946const char *SSL_get_psk_identity_hint(const SSL *s);
947const char *SSL_get_psk_identity(const SSL *s);
948#endif
949
842#define SSL_NOTHING 1 950#define SSL_NOTHING 1
843#define SSL_WRITING 2 951#define SSL_WRITING 2
844#define SSL_READING 3 952#define SSL_READING 3
@@ -850,6 +958,9 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL
850#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 958#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
851#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 959#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
852 960
961#define SSL_MAC_FLAG_READ_MAC_STREAM 1
962#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
963
853struct ssl_st 964struct ssl_st
854 { 965 {
855 /* protocol version 966 /* protocol version
@@ -858,7 +969,7 @@ struct ssl_st
858 int version; 969 int version;
859 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ 970 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
860 971
861 SSL_METHOD *method; /* SSLv3 */ 972 const SSL_METHOD *method; /* SSLv3 */
862 973
863 /* There are 2 BIO's even though they are normally both the 974 /* There are 2 BIO's even though they are normally both the
864 * same. This is so data can be read and written to different 975 * same. This is so data can be read and written to different
@@ -941,9 +1052,9 @@ struct ssl_st
941 1052
942 /* These are the ones being used, the ones in SSL_SESSION are 1053 /* These are the ones being used, the ones in SSL_SESSION are
943 * the ones to be 'copied' into these ones */ 1054 * the ones to be 'copied' into these ones */
944 1055 int mac_flags;
945 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1056 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
946 const EVP_MD *read_hash; /* used for mac generation */ 1057 EVP_MD_CTX *read_hash; /* used for mac generation */
947#ifndef OPENSSL_NO_COMP 1058#ifndef OPENSSL_NO_COMP
948 COMP_CTX *expand; /* uncompress */ 1059 COMP_CTX *expand; /* uncompress */
949#else 1060#else
@@ -951,7 +1062,7 @@ struct ssl_st
951#endif 1062#endif
952 1063
953 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1064 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
954 const EVP_MD *write_hash; /* used for mac generation */ 1065 EVP_MD_CTX *write_hash; /* used for mac generation */
955#ifndef OPENSSL_NO_COMP 1066#ifndef OPENSSL_NO_COMP
956 COMP_CTX *compress; /* compression */ 1067 COMP_CTX *compress; /* compression */
957#else 1068#else
@@ -989,6 +1100,14 @@ struct ssl_st
989 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ 1100 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
990#endif /* OPENSSL_NO_KRB5 */ 1101#endif /* OPENSSL_NO_KRB5 */
991 1102
1103#ifndef OPENSSL_NO_PSK
1104 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
1105 unsigned int max_identity_len, unsigned char *psk,
1106 unsigned int max_psk_len);
1107 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1108 unsigned char *psk, unsigned int max_psk_len);
1109#endif
1110
992 SSL_CTX *ctx; 1111 SSL_CTX *ctx;
993 /* set this flag to 1 and a sleep(1) is put into all SSL_read() 1112 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
994 * and SSL_write() calls, good for nbio debuging :-) */ 1113 * and SSL_write() calls, good for nbio debuging :-) */
@@ -1008,6 +1127,7 @@ struct ssl_st
1008 int first_packet; 1127 int first_packet;
1009 int client_version; /* what was passed, used for 1128 int client_version; /* what was passed, used for
1010 * SSLv3/TLS rollback check */ 1129 * SSLv3/TLS rollback check */
1130 unsigned int max_send_fragment;
1011#ifndef OPENSSL_NO_TLSEXT 1131#ifndef OPENSSL_NO_TLSEXT
1012 /* TLS extension debug callback */ 1132 /* TLS extension debug callback */
1013 void (*tlsext_debug_cb)(SSL *s, int client_server, int type, 1133 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
@@ -1034,11 +1154,33 @@ struct ssl_st
1034 1154
1035 /* RFC4507 session ticket expected to be received or sent */ 1155 /* RFC4507 session ticket expected to be received or sent */
1036 int tlsext_ticket_expected; 1156 int tlsext_ticket_expected;
1157#ifndef OPENSSL_NO_EC
1158 size_t tlsext_ecpointformatlist_length;
1159 unsigned char *tlsext_ecpointformatlist; /* our list */
1160 size_t tlsext_ellipticcurvelist_length;
1161 unsigned char *tlsext_ellipticcurvelist; /* our list */
1162#endif /* OPENSSL_NO_EC */
1163
1164 /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
1165 void *tlsext_opaque_prf_input;
1166 size_t tlsext_opaque_prf_input_len;
1167
1168 /* TLS Session Ticket extension override */
1169 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1170
1171 /* TLS Session Ticket extension callback */
1172 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
1173 void *tls_session_ticket_ext_cb_arg;
1174
1175 /* TLS pre-shared secret session resumption */
1176 tls_session_secret_cb_fn tls_session_secret_cb;
1177 void *tls_session_secret_cb_arg;
1178
1037 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ 1179 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1038#define session_ctx initial_ctx 1180#define session_ctx initial_ctx
1039#else 1181#else
1040#define session_ctx ctx 1182#define session_ctx ctx
1041#endif 1183#endif /* OPENSSL_NO_TLSEXT */
1042 }; 1184 };
1043 1185
1044#ifdef __cplusplus 1186#ifdef __cplusplus
@@ -1145,20 +1287,13 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1145#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) 1287#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1146#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) 1288#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1147 1289
1148#if 1 /*SSLEAY_MACROS*/
1149#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) 1290#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1150#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) 1291#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1151#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
1152 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
1153#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
1154#define PEM_write_SSL_SESSION(fp,x) \
1155 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
1156 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
1157#define PEM_write_bio_SSL_SESSION(bp,x) \
1158 PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
1159#endif
1160 1292
1161#define SSL_AD_REASON_OFFSET 1000 1293DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1294
1295#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
1296
1162/* These alert types are for SSLv3 and TLSv1 */ 1297/* These alert types are for SSLv3 and TLSv1 */
1163#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 1298#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1164#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ 1299#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
@@ -1188,6 +1323,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1188#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 1323#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1189#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 1324#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1190#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 1325#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1326#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1327#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1191 1328
1192#define SSL_ERROR_NONE 0 1329#define SSL_ERROR_NONE 0
1193#define SSL_ERROR_SSL 1 1330#define SSL_ERROR_SSL 1
@@ -1246,6 +1383,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1246#define SSL_CTRL_GET_MAX_CERT_LIST 50 1383#define SSL_CTRL_GET_MAX_CERT_LIST 50
1247#define SSL_CTRL_SET_MAX_CERT_LIST 51 1384#define SSL_CTRL_SET_MAX_CERT_LIST 51
1248 1385
1386#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1387
1249/* see tls1.h for macros based on these */ 1388/* see tls1.h for macros based on these */
1250#ifndef OPENSSL_NO_TLSEXT 1389#ifndef OPENSSL_NO_TLSEXT
1251#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1390#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
@@ -1255,7 +1394,9 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1255#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1394#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1256#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1395#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1257#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1396#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1258 1397#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
1398#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
1399#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1259#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1400#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1260#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1401#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1261#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1402#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
@@ -1269,6 +1410,21 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1269#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 1410#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1270#endif 1411#endif
1271 1412
1413#define DTLS_CTRL_GET_TIMEOUT 73
1414#define DTLS_CTRL_HANDLE_TIMEOUT 74
1415#define DTLS_CTRL_LISTEN 75
1416
1417#define SSL_CTRL_GET_RI_SUPPORT 76
1418#define SSL_CTRL_CLEAR_OPTIONS 77
1419#define SSL_CTRL_CLEAR_MODE 78
1420
1421#define DTLSv1_get_timeout(ssl, arg) \
1422 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1423#define DTLSv1_handle_timeout(ssl) \
1424 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1425#define DTLSv1_listen(ssl, peer) \
1426 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
1427
1272#define SSL_session_reused(ssl) \ 1428#define SSL_session_reused(ssl) \
1273 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) 1429 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1274#define SSL_num_renegotiations(ssl) \ 1430#define SSL_num_renegotiations(ssl) \
@@ -1310,7 +1466,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
1310#endif 1466#endif
1311 1467
1312int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); 1468int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
1313SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); 1469SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1314void SSL_CTX_free(SSL_CTX *); 1470void SSL_CTX_free(SSL_CTX *);
1315long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); 1471long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
1316long SSL_CTX_get_timeout(const SSL_CTX *ctx); 1472long SSL_CTX_get_timeout(const SSL_CTX *ctx);
@@ -1321,7 +1477,7 @@ int SSL_clear(SSL *s);
1321 1477
1322void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); 1478void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
1323 1479
1324SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 1480const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1325int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); 1481int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
1326char * SSL_CIPHER_get_version(const SSL_CIPHER *c); 1482char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1327const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); 1483const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
@@ -1392,9 +1548,8 @@ long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1392void SSL_copy_session_id(SSL *to,const SSL *from); 1548void SSL_copy_session_id(SSL *to,const SSL *from);
1393 1549
1394SSL_SESSION *SSL_SESSION_new(void); 1550SSL_SESSION *SSL_SESSION_new(void);
1395unsigned long SSL_SESSION_hash(const SSL_SESSION *a); 1551const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1396int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); 1552 unsigned int *len);
1397const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
1398#ifndef OPENSSL_NO_FP_API 1553#ifndef OPENSSL_NO_FP_API
1399int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); 1554int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1400#endif 1555#endif
@@ -1454,6 +1609,9 @@ int SSL_set_purpose(SSL *s, int purpose);
1454int SSL_CTX_set_trust(SSL_CTX *s, int trust); 1609int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1455int SSL_set_trust(SSL *s, int trust); 1610int SSL_set_trust(SSL *s, int trust);
1456 1611
1612int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1613int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1614
1457void SSL_free(SSL *ssl); 1615void SSL_free(SSL *ssl);
1458int SSL_accept(SSL *ssl); 1616int SSL_accept(SSL *ssl);
1459int SSL_connect(SSL *ssl); 1617int SSL_connect(SSL *ssl);
@@ -1469,27 +1627,29 @@ int SSL_get_error(const SSL *s,int ret_code);
1469const char *SSL_get_version(const SSL *s); 1627const char *SSL_get_version(const SSL *s);
1470 1628
1471/* This sets the 'default' SSL version that SSL_new() will create */ 1629/* This sets the 'default' SSL version that SSL_new() will create */
1472int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); 1630int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1473 1631
1474SSL_METHOD *SSLv2_method(void); /* SSLv2 */ 1632#ifndef OPENSSL_NO_SSL2
1475SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ 1633const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1476SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ 1634const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1635const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1636#endif
1477 1637
1478SSL_METHOD *SSLv3_method(void); /* SSLv3 */ 1638const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1479SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ 1639const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1480SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ 1640const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1481 1641
1482SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ 1642const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1483SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ 1643const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1484SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ 1644const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1485 1645
1486SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ 1646const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1487SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ 1647const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1488SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ 1648const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1489 1649
1490SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 1650const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1491SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ 1651const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1492SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ 1652const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1493 1653
1494STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); 1654STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1495 1655
@@ -1498,8 +1658,8 @@ int SSL_renegotiate(SSL *s);
1498int SSL_renegotiate_pending(SSL *s); 1658int SSL_renegotiate_pending(SSL *s);
1499int SSL_shutdown(SSL *s); 1659int SSL_shutdown(SSL *s);
1500 1660
1501SSL_METHOD *SSL_get_ssl_method(SSL *s); 1661const SSL_METHOD *SSL_get_ssl_method(SSL *s);
1502int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); 1662int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
1503const char *SSL_alert_type_string_long(int value); 1663const char *SSL_alert_type_string_long(int value);
1504const char *SSL_alert_type_string(int value); 1664const char *SSL_alert_type_string(int value);
1505const char *SSL_alert_desc_string_long(int value); 1665const char *SSL_alert_desc_string_long(int value);
@@ -1519,7 +1679,7 @@ long SSL_get_default_timeout(const SSL *s);
1519 1679
1520int SSL_library_init(void ); 1680int SSL_library_init(void );
1521 1681
1522char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); 1682char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
1523STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); 1683STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1524 1684
1525SSL *SSL_dup(SSL *ssl); 1685SSL *SSL_dup(SSL *ssl);
@@ -1591,6 +1751,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1591#define SSL_set_max_cert_list(ssl,m) \ 1751#define SSL_set_max_cert_list(ssl,m) \
1592 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 1752 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1593 1753
1754#define SSL_CTX_set_max_send_fragment(ctx,m) \
1755 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1756#define SSL_set_max_send_fragment(ssl,m) \
1757 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1758
1594 /* NB: the keylength is only applicable when is_export is true */ 1759 /* NB: the keylength is only applicable when is_export is true */
1595#ifndef OPENSSL_NO_RSA 1760#ifndef OPENSSL_NO_RSA
1596void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 1761void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
@@ -1632,6 +1797,15 @@ void *SSL_COMP_get_compression_methods(void);
1632int SSL_COMP_add_compression_method(int id,void *cm); 1797int SSL_COMP_add_compression_method(int id,void *cm);
1633#endif 1798#endif
1634 1799
1800/* TLS extensions functions */
1801int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1802
1803int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1804 void *arg);
1805
1806/* Pre-shared secret session resumption functions */
1807int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
1808
1635/* BEGIN ERROR CODES */ 1809/* BEGIN ERROR CODES */
1636/* The following lines are auto generated by the script mkerr.pl. Any changes 1810/* The following lines are auto generated by the script mkerr.pl. Any changes
1637 * made after this point may be overwritten when the script is next run. 1811 * made after this point may be overwritten when the script is next run.
@@ -1649,6 +1823,7 @@ void ERR_load_SSL_strings(void);
1649#define SSL_F_DO_DTLS1_WRITE 245 1823#define SSL_F_DO_DTLS1_WRITE 245
1650#define SSL_F_DO_SSL3_WRITE 104 1824#define SSL_F_DO_SSL3_WRITE 104
1651#define SSL_F_DTLS1_ACCEPT 246 1825#define SSL_F_DTLS1_ACCEPT 246
1826#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
1652#define SSL_F_DTLS1_BUFFER_RECORD 247 1827#define SSL_F_DTLS1_BUFFER_RECORD 247
1653#define SSL_F_DTLS1_CLIENT_HELLO 248 1828#define SSL_F_DTLS1_CLIENT_HELLO 248
1654#define SSL_F_DTLS1_CONNECT 249 1829#define SSL_F_DTLS1_CONNECT 249
@@ -1657,8 +1832,9 @@ void ERR_load_SSL_strings(void);
1657#define SSL_F_DTLS1_GET_MESSAGE 252 1832#define SSL_F_DTLS1_GET_MESSAGE 252
1658#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 1833#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1659#define SSL_F_DTLS1_GET_RECORD 254 1834#define SSL_F_DTLS1_GET_RECORD 254
1835#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
1660#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 1836#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1661#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 1837#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
1662#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 1838#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
1663#define SSL_F_DTLS1_PROCESS_RECORD 257 1839#define SSL_F_DTLS1_PROCESS_RECORD 257
1664#define SSL_F_DTLS1_READ_BYTES 258 1840#define SSL_F_DTLS1_READ_BYTES 258
@@ -1702,6 +1878,7 @@ void ERR_load_SSL_strings(void);
1702#define SSL_F_SSL2_SET_CERTIFICATE 126 1878#define SSL_F_SSL2_SET_CERTIFICATE 126
1703#define SSL_F_SSL2_WRITE 127 1879#define SSL_F_SSL2_WRITE 127
1704#define SSL_F_SSL3_ACCEPT 128 1880#define SSL_F_SSL3_ACCEPT 128
1881#define SSL_F_SSL3_ADD_CERT_TO_BUF 296
1705#define SSL_F_SSL3_CALLBACK_CTRL 233 1882#define SSL_F_SSL3_CALLBACK_CTRL 233
1706#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 1883#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1707#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 1884#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
@@ -1709,11 +1886,12 @@ void ERR_load_SSL_strings(void);
1709#define SSL_F_SSL3_CONNECT 132 1886#define SSL_F_SSL3_CONNECT 132
1710#define SSL_F_SSL3_CTRL 213 1887#define SSL_F_SSL3_CTRL 213
1711#define SSL_F_SSL3_CTX_CTRL 133 1888#define SSL_F_SSL3_CTX_CTRL 133
1712#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 1889#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
1890#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
1713#define SSL_F_SSL3_ENC 134 1891#define SSL_F_SSL3_ENC 134
1714#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 1892#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1715#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 1893#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1716#define SSL_F_SSL3_GET_CERT_STATUS 288 1894#define SSL_F_SSL3_GET_CERT_STATUS 289
1717#define SSL_F_SSL3_GET_CERT_VERIFY 136 1895#define SSL_F_SSL3_GET_CERT_VERIFY 136
1718#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 1896#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1719#define SSL_F_SSL3_GET_CLIENT_HELLO 138 1897#define SSL_F_SSL3_GET_CLIENT_HELLO 138
@@ -1726,7 +1904,8 @@ void ERR_load_SSL_strings(void);
1726#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 1904#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1727#define SSL_F_SSL3_GET_SERVER_DONE 145 1905#define SSL_F_SSL3_GET_SERVER_DONE 145
1728#define SSL_F_SSL3_GET_SERVER_HELLO 146 1906#define SSL_F_SSL3_GET_SERVER_HELLO 146
1729#define SSL_F_SSL3_NEW_SESSION_TICKET 284 1907#define SSL_F_SSL3_HANDSHAKE_MAC 285
1908#define SSL_F_SSL3_NEW_SESSION_TICKET 287
1730#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 1909#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1731#define SSL_F_SSL3_PEEK 235 1910#define SSL_F_SSL3_PEEK 235
1732#define SSL_F_SSL3_READ_BYTES 148 1911#define SSL_F_SSL3_READ_BYTES 148
@@ -1738,14 +1917,17 @@ void ERR_load_SSL_strings(void);
1738#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 1917#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1739#define SSL_F_SSL3_SEND_SERVER_HELLO 242 1918#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1740#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 1919#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1741#define SSL_F_SSL3_SETUP_BUFFERS 156
1742#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 1920#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1921#define SSL_F_SSL3_SETUP_READ_BUFFER 156
1922#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
1743#define SSL_F_SSL3_WRITE_BYTES 158 1923#define SSL_F_SSL3_WRITE_BYTES 158
1744#define SSL_F_SSL3_WRITE_PENDING 159 1924#define SSL_F_SSL3_WRITE_PENDING 159
1745#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 1925#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
1926#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
1746#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 1927#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1747#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 1928#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1748#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 1929#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
1930#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
1749#define SSL_F_SSL_BAD_METHOD 160 1931#define SSL_F_SSL_BAD_METHOD 160
1750#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 1932#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1751#define SSL_F_SSL_CERT_DUP 221 1933#define SSL_F_SSL_CERT_DUP 221
@@ -1753,7 +1935,8 @@ void ERR_load_SSL_strings(void);
1753#define SSL_F_SSL_CERT_INSTANTIATE 214 1935#define SSL_F_SSL_CERT_INSTANTIATE 214
1754#define SSL_F_SSL_CERT_NEW 162 1936#define SSL_F_SSL_CERT_NEW 162
1755#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 1937#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1756#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 1938#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
1939#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
1757#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 1940#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1758#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 1941#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1759#define SSL_F_SSL_CLEAR 164 1942#define SSL_F_SSL_CLEAR 164
@@ -1763,7 +1946,7 @@ void ERR_load_SSL_strings(void);
1763#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 1946#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1764#define SSL_F_SSL_CTX_NEW 169 1947#define SSL_F_SSL_CTX_NEW 169
1765#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 1948#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1766#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 1949#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
1767#define SSL_F_SSL_CTX_SET_PURPOSE 226 1950#define SSL_F_SSL_CTX_SET_PURPOSE 226
1768#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 1951#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1769#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 1952#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
@@ -1775,6 +1958,7 @@ void ERR_load_SSL_strings(void);
1775#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 1958#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
1776#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 1959#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
1777#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 1960#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
1961#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
1778#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 1962#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
1779#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 1963#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
1780#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 1964#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
@@ -1786,9 +1970,13 @@ void ERR_load_SSL_strings(void);
1786#define SSL_F_SSL_INIT_WBIO_BUFFER 184 1970#define SSL_F_SSL_INIT_WBIO_BUFFER 184
1787#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 1971#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
1788#define SSL_F_SSL_NEW 186 1972#define SSL_F_SSL_NEW 186
1973#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
1974#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
1975#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
1976#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
1789#define SSL_F_SSL_PEEK 270 1977#define SSL_F_SSL_PEEK 270
1790#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 1978#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
1791#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 1979#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
1792#define SSL_F_SSL_READ 223 1980#define SSL_F_SSL_READ 223
1793#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 1981#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
1794#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 1982#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
@@ -1803,6 +1991,7 @@ void ERR_load_SSL_strings(void);
1803#define SSL_F_SSL_SET_RFD 194 1991#define SSL_F_SSL_SET_RFD 194
1804#define SSL_F_SSL_SET_SESSION 195 1992#define SSL_F_SSL_SET_SESSION 195
1805#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 1993#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1994#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
1806#define SSL_F_SSL_SET_TRUST 228 1995#define SSL_F_SSL_SET_TRUST 228
1807#define SSL_F_SSL_SET_WFD 196 1996#define SSL_F_SSL_SET_WFD 196
1808#define SSL_F_SSL_SHUTDOWN 224 1997#define SSL_F_SSL_SHUTDOWN 224
@@ -1815,13 +2004,19 @@ void ERR_load_SSL_strings(void);
1815#define SSL_F_SSL_USE_PRIVATEKEY 201 2004#define SSL_F_SSL_USE_PRIVATEKEY 201
1816#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 2005#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
1817#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 2006#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
2007#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
1818#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 2008#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
1819#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 2009#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
1820#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 2010#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
1821#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 2011#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
1822#define SSL_F_SSL_WRITE 208 2012#define SSL_F_SSL_WRITE 208
2013#define SSL_F_TLS1_CERT_VERIFY_MAC 286
1823#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 2014#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2015#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
1824#define SSL_F_TLS1_ENC 210 2016#define SSL_F_TLS1_ENC 210
2017#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2018#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2019#define SSL_F_TLS1_PRF 284
1825#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 2020#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
1826#define SSL_F_WRITE_PENDING 212 2021#define SSL_F_WRITE_PENDING 212
1827 2022
@@ -1842,12 +2037,15 @@ void ERR_load_SSL_strings(void);
1842#define SSL_R_BAD_ECC_CERT 304 2037#define SSL_R_BAD_ECC_CERT 304
1843#define SSL_R_BAD_ECDSA_SIGNATURE 305 2038#define SSL_R_BAD_ECDSA_SIGNATURE 305
1844#define SSL_R_BAD_ECPOINT 306 2039#define SSL_R_BAD_ECPOINT 306
2040#define SSL_R_BAD_HANDSHAKE_LENGTH 332
1845#define SSL_R_BAD_HELLO_REQUEST 105 2041#define SSL_R_BAD_HELLO_REQUEST 105
1846#define SSL_R_BAD_LENGTH 271 2042#define SSL_R_BAD_LENGTH 271
1847#define SSL_R_BAD_MAC_DECODE 113 2043#define SSL_R_BAD_MAC_DECODE 113
2044#define SSL_R_BAD_MAC_LENGTH 333
1848#define SSL_R_BAD_MESSAGE_TYPE 114 2045#define SSL_R_BAD_MESSAGE_TYPE 114
1849#define SSL_R_BAD_PACKET_LENGTH 115 2046#define SSL_R_BAD_PACKET_LENGTH 115
1850#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 2047#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
2048#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
1851#define SSL_R_BAD_RESPONSE_ARGUMENT 117 2049#define SSL_R_BAD_RESPONSE_ARGUMENT 117
1852#define SSL_R_BAD_RSA_DECRYPT 118 2050#define SSL_R_BAD_RSA_DECRYPT 118
1853#define SSL_R_BAD_RSA_ENCRYPT 119 2051#define SSL_R_BAD_RSA_ENCRYPT 119
@@ -1871,8 +2069,9 @@ void ERR_load_SSL_strings(void);
1871#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 2069#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
1872#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 2070#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
1873#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 2071#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
1874#define SSL_R_CLIENTHELLO_TLSEXT 157 2072#define SSL_R_CLIENTHELLO_TLSEXT 226
1875#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 2073#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
2074#define SSL_R_COMPRESSION_DISABLED 343
1876#define SSL_R_COMPRESSION_FAILURE 141 2075#define SSL_R_COMPRESSION_FAILURE 141
1877#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 2076#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
1878#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 2077#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
@@ -1885,7 +2084,12 @@ void ERR_load_SSL_strings(void);
1885#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 2084#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
1886#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 2085#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1887#define SSL_R_DIGEST_CHECK_FAILED 149 2086#define SSL_R_DIGEST_CHECK_FAILED 149
2087#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
1888#define SSL_R_DUPLICATE_COMPRESSION_ID 309 2088#define SSL_R_DUPLICATE_COMPRESSION_ID 309
2089#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
2090#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
2091#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2092#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
1889#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 2093#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
1890#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 2094#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1891#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 2095#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
@@ -1896,11 +2100,13 @@ void ERR_load_SSL_strings(void);
1896#define SSL_R_HTTPS_PROXY_REQUEST 155 2100#define SSL_R_HTTPS_PROXY_REQUEST 155
1897#define SSL_R_HTTP_REQUEST 156 2101#define SSL_R_HTTP_REQUEST 156
1898#define SSL_R_ILLEGAL_PADDING 283 2102#define SSL_R_ILLEGAL_PADDING 283
2103#define SSL_R_INCONSISTENT_COMPRESSION 340
1899#define SSL_R_INVALID_CHALLENGE_LENGTH 158 2104#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1900#define SSL_R_INVALID_COMMAND 280 2105#define SSL_R_INVALID_COMMAND 280
2106#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
1901#define SSL_R_INVALID_PURPOSE 278 2107#define SSL_R_INVALID_PURPOSE 278
1902#define SSL_R_INVALID_STATUS_RESPONSE 316 2108#define SSL_R_INVALID_STATUS_RESPONSE 328
1903#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 2109#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
1904#define SSL_R_INVALID_TRUST 279 2110#define SSL_R_INVALID_TRUST 279
1905#define SSL_R_KEY_ARG_TOO_LONG 284 2111#define SSL_R_KEY_ARG_TOO_LONG 284
1906#define SSL_R_KRB5 285 2112#define SSL_R_KRB5 285
@@ -1944,22 +2150,27 @@ void ERR_load_SSL_strings(void);
1944#define SSL_R_NO_CIPHERS_SPECIFIED 183 2150#define SSL_R_NO_CIPHERS_SPECIFIED 183
1945#define SSL_R_NO_CIPHER_LIST 184 2151#define SSL_R_NO_CIPHER_LIST 184
1946#define SSL_R_NO_CIPHER_MATCH 185 2152#define SSL_R_NO_CIPHER_MATCH 185
1947#define SSL_R_NO_CLIENT_CERT_METHOD 317 2153#define SSL_R_NO_CLIENT_CERT_METHOD 331
1948#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 2154#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
1949#define SSL_R_NO_COMPRESSION_SPECIFIED 187 2155#define SSL_R_NO_COMPRESSION_SPECIFIED 187
2156#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
1950#define SSL_R_NO_METHOD_SPECIFIED 188 2157#define SSL_R_NO_METHOD_SPECIFIED 188
1951#define SSL_R_NO_PRIVATEKEY 189 2158#define SSL_R_NO_PRIVATEKEY 189
1952#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 2159#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
1953#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 2160#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
1954#define SSL_R_NO_PUBLICKEY 192 2161#define SSL_R_NO_PUBLICKEY 192
2162#define SSL_R_NO_RENEGOTIATION 339
2163#define SSL_R_NO_REQUIRED_DIGEST 324
1955#define SSL_R_NO_SHARED_CIPHER 193 2164#define SSL_R_NO_SHARED_CIPHER 193
1956#define SSL_R_NO_VERIFY_CALLBACK 194 2165#define SSL_R_NO_VERIFY_CALLBACK 194
1957#define SSL_R_NULL_SSL_CTX 195 2166#define SSL_R_NULL_SSL_CTX 195
1958#define SSL_R_NULL_SSL_METHOD_PASSED 196 2167#define SSL_R_NULL_SSL_METHOD_PASSED 196
1959#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 2168#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2169#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
1960#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 2170#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2171#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
1961#define SSL_R_PACKET_LENGTH_TOO_LONG 198 2172#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1962#define SSL_R_PARSE_TLSEXT 223 2173#define SSL_R_PARSE_TLSEXT 227
1963#define SSL_R_PATH_TOO_LONG 270 2174#define SSL_R_PATH_TOO_LONG 270
1964#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 2175#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
1965#define SSL_R_PEER_ERROR 200 2176#define SSL_R_PEER_ERROR 200
@@ -1970,6 +2181,9 @@ void ERR_load_SSL_strings(void);
1970#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 2181#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
1971#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 2182#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
1972#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 2183#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
2184#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
2185#define SSL_R_PSK_NO_CLIENT_CB 224
2186#define SSL_R_PSK_NO_SERVER_CB 225
1973#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 2187#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
1974#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 2188#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
1975#define SSL_R_PUBLIC_KEY_NOT_RSA 210 2189#define SSL_R_PUBLIC_KEY_NOT_RSA 210
@@ -1979,18 +2193,24 @@ void ERR_load_SSL_strings(void);
1979#define SSL_R_RECORD_LENGTH_MISMATCH 213 2193#define SSL_R_RECORD_LENGTH_MISMATCH 213
1980#define SSL_R_RECORD_TOO_LARGE 214 2194#define SSL_R_RECORD_TOO_LARGE 214
1981#define SSL_R_RECORD_TOO_SMALL 298 2195#define SSL_R_RECORD_TOO_SMALL 298
2196#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
2197#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
2198#define SSL_R_RENEGOTIATION_MISMATCH 337
1982#define SSL_R_REQUIRED_CIPHER_MISSING 215 2199#define SSL_R_REQUIRED_CIPHER_MISSING 215
2200#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
1983#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 2201#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1984#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 2202#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
1985#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 2203#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
1986#define SSL_R_SERVERHELLO_TLSEXT 224 2204#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
2205#define SSL_R_SERVERHELLO_TLSEXT 275
1987#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 2206#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
1988#define SSL_R_SHORT_READ 219 2207#define SSL_R_SHORT_READ 219
1989#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 2208#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1990#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 2209#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1991#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 2210#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
1992#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 2211#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
1993#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 2212#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
2213#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
1994#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 2214#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
1995#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 2215#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1996#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 2216#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
@@ -2024,8 +2244,13 @@ void ERR_load_SSL_strings(void);
2024#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 2244#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2025#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 2245#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2026#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 2246#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2247#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
2248#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
2249#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
2250#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2251#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2027#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 2252#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2028#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 2253#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2029#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 2254#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2030#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 2255#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2031#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 2256#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
@@ -2052,8 +2277,10 @@ void ERR_load_SSL_strings(void);
2052#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 2277#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2053#define SSL_R_UNKNOWN_SSL_VERSION 254 2278#define SSL_R_UNKNOWN_SSL_VERSION 254
2054#define SSL_R_UNKNOWN_STATE 255 2279#define SSL_R_UNKNOWN_STATE 255
2280#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
2055#define SSL_R_UNSUPPORTED_CIPHER 256 2281#define SSL_R_UNSUPPORTED_CIPHER 256
2056#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 2282#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2283#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
2057#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 2284#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2058#define SSL_R_UNSUPPORTED_PROTOCOL 258 2285#define SSL_R_UNSUPPORTED_PROTOCOL 258
2059#define SSL_R_UNSUPPORTED_SSL_VERSION 259 2286#define SSL_R_UNSUPPORTED_SSL_VERSION 259
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 4b1e2e9834..baaa89e717 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -123,12 +123,14 @@
123#include <openssl/buffer.h> 123#include <openssl/buffer.h>
124#include <openssl/evp.h> 124#include <openssl/evp.h>
125#include <openssl/ssl.h> 125#include <openssl/ssl.h>
126#include <openssl/pq_compat.h>
127 126
128#ifdef __cplusplus 127#ifdef __cplusplus
129extern "C" { 128extern "C" {
130#endif 129#endif
131 130
131/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
132#define SSL3_CK_SCSV 0x030000FF
133
132#define SSL3_CK_RSA_NULL_MD5 0x03000001 134#define SSL3_CK_RSA_NULL_MD5 0x03000001
133#define SSL3_CK_RSA_NULL_SHA 0x03000002 135#define SSL3_CK_RSA_NULL_SHA 0x03000002
134#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 136#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
@@ -160,12 +162,14 @@ extern "C" {
160#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A 162#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
161#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B 163#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
162 164
163#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C 165#if 0
164#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D 166 #define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
165#if 0 /* Because it clashes with KRB5, is never used any more, and is safe 167 #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
166 to remove according to David Hopwood <david.hopwood@zetnet.co.uk> 168 #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
167 of the ietf-tls list */ 169 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
168#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E 170 of the ietf-tls list */
171 #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
172 #endif
169#endif 173#endif
170 174
171/* VRS Additional Kerberos5 entries 175/* VRS Additional Kerberos5 entries
@@ -217,9 +221,11 @@ extern "C" {
217#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" 221#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
218#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" 222#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
219 223
220#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" 224#if 0
221#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" 225 #define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
222#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" 226 #define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
227 #define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
228#endif
223 229
224#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" 230#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
225#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" 231#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
@@ -245,23 +251,65 @@ extern "C" {
245#define SSL3_SESSION_ID_SIZE 32 251#define SSL3_SESSION_ID_SIZE 32
246#define SSL3_RT_HEADER_LENGTH 5 252#define SSL3_RT_HEADER_LENGTH 5
247 253
248/* Due to MS stuffing up, this can change.... */ 254#ifndef SSL3_ALIGN_PAYLOAD
249#if defined(OPENSSL_SYS_WIN16) || \ 255 /* Some will argue that this increases memory footprint, but it's
250 (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) 256 * not actually true. Point is that malloc has to return at least
251#define SSL3_RT_MAX_EXTRA (14000) 257 * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
258 * 3 bytes in either case. Suggested pre-gaping simply moves these
259 * wasted bytes from the end of allocated region to its front,
260 * but makes data payload aligned, which improves performance:-) */
261# define SSL3_ALIGN_PAYLOAD 8
252#else 262#else
253#define SSL3_RT_MAX_EXTRA (16384) 263# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
264# error "insane SSL3_ALIGN_PAYLOAD"
265# undef SSL3_ALIGN_PAYLOAD
266# endif
254#endif 267#endif
255 268
269/* This is the maximum MAC (digest) size used by the SSL library.
270 * Currently maximum of 20 is used by SHA1, but we reserve for
271 * future extension for 512-bit hashes.
272 */
273
274#define SSL3_RT_MAX_MD_SIZE 64
275
276/* Maximum block size used in all ciphersuites. Currently 16 for AES.
277 */
278
279#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
280
281#define SSL3_RT_MAX_EXTRA (16384)
282
283/* Maximum plaintext length: defined by SSL/TLS standards */
256#define SSL3_RT_MAX_PLAIN_LENGTH 16384 284#define SSL3_RT_MAX_PLAIN_LENGTH 16384
285/* Maximum compression overhead: defined by SSL/TLS standards */
286#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024
287
288/* The standards give a maximum encryption overhead of 1024 bytes.
289 * In practice the value is lower than this. The overhead is the maximum
290 * number of padding bytes (256) plus the mac size.
291 */
292#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE)
293
294/* OpenSSL currently only uses a padding length of at most one block so
295 * the send overhead is smaller.
296 */
297
298#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
299 (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
300
301/* If compression isn't used don't include the compression overhead */
302
257#ifdef OPENSSL_NO_COMP 303#ifdef OPENSSL_NO_COMP
258#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH 304#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
259#else 305#else
260#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) 306#define SSL3_RT_MAX_COMPRESSED_LENGTH \
307 (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
261#endif 308#endif
262#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) 309#define SSL3_RT_MAX_ENCRYPTED_LENGTH \
263#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) 310 (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
264#define SSL3_RT_MAX_DATA_SIZE (1024*1024) 311#define SSL3_RT_MAX_PACKET_SIZE \
312 (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
265 313
266#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" 314#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
267#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" 315#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
@@ -300,7 +348,7 @@ typedef struct ssl3_record_st
300/*rw*/ unsigned char *input; /* where the decode bytes are */ 348/*rw*/ unsigned char *input; /* where the decode bytes are */
301/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ 349/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
302/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ 350/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
303/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ 351/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
304 } SSL3_RECORD; 352 } SSL3_RECORD;
305 353
306typedef struct ssl3_buffer_st 354typedef struct ssl3_buffer_st
@@ -323,13 +371,14 @@ typedef struct ssl3_buffer_st
323 * enough to contain all of the cert types defined either for 371 * enough to contain all of the cert types defined either for
324 * SSLv3 and TLSv1. 372 * SSLv3 and TLSv1.
325 */ 373 */
326#define SSL3_CT_NUMBER 7 374#define SSL3_CT_NUMBER 9
327 375
328 376
329#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 377#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
330#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 378#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
331#define SSL3_FLAGS_POP_BUFFER 0x0004 379#define SSL3_FLAGS_POP_BUFFER 0x0004
332#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 380#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
381#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
333 382
334typedef struct ssl3_state_st 383typedef struct ssl3_state_st
335 { 384 {
@@ -337,8 +386,10 @@ typedef struct ssl3_state_st
337 int delay_buf_pop_ret; 386 int delay_buf_pop_ret;
338 387
339 unsigned char read_sequence[8]; 388 unsigned char read_sequence[8];
389 int read_mac_secret_size;
340 unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; 390 unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
341 unsigned char write_sequence[8]; 391 unsigned char write_sequence[8];
392 int write_mac_secret_size;
342 unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; 393 unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
343 394
344 unsigned char server_random[SSL3_RANDOM_SIZE]; 395 unsigned char server_random[SSL3_RANDOM_SIZE];
@@ -348,6 +399,9 @@ typedef struct ssl3_state_st
348 int need_empty_fragments; 399 int need_empty_fragments;
349 int empty_fragment_done; 400 int empty_fragment_done;
350 401
402 /* The value of 'extra' when the buffers were initialized */
403 int init_extra;
404
351 SSL3_BUFFER rbuf; /* read IO goes into here */ 405 SSL3_BUFFER rbuf; /* read IO goes into here */
352 SSL3_BUFFER wbuf; /* write IO goes into here */ 406 SSL3_BUFFER wbuf; /* write IO goes into here */
353 407
@@ -369,9 +423,11 @@ typedef struct ssl3_state_st
369 const unsigned char *wpend_buf; 423 const unsigned char *wpend_buf;
370 424
371 /* used during startup, digest all incoming/outgoing packets */ 425 /* used during startup, digest all incoming/outgoing packets */
372 EVP_MD_CTX finish_dgst1; 426 BIO *handshake_buffer;
373 EVP_MD_CTX finish_dgst2; 427 /* When set of handshake digests is determined, buffer is hashed
374 428 * and freed and MD_CTX-es for all required digests are stored in
429 * this array */
430 EVP_MD_CTX **handshake_dgst;
375 /* this is set whenerver we see a change_cipher_spec message 431 /* this is set whenerver we see a change_cipher_spec message
376 * come in when we are not looking for one */ 432 * come in when we are not looking for one */
377 int change_cipher_spec; 433 int change_cipher_spec;
@@ -391,6 +447,14 @@ typedef struct ssl3_state_st
391 447
392 int in_read_app_data; 448 int in_read_app_data;
393 449
450 /* Opaque PRF input as used for the current handshake.
451 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
452 * (otherwise, they are merely present to improve binary compatibility) */
453 void *client_opaque_prf_input;
454 size_t client_opaque_prf_input_len;
455 void *server_opaque_prf_input;
456 size_t server_opaque_prf_input_len;
457
394 struct { 458 struct {
395 /* actually only needs to be 16+20 */ 459 /* actually only needs to be 16+20 */
396 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; 460 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -405,7 +469,7 @@ typedef struct ssl3_state_st
405 int message_type; 469 int message_type;
406 470
407 /* used to hold the new cipher we are going to use */ 471 /* used to hold the new cipher we are going to use */
408 SSL_CIPHER *new_cipher; 472 const SSL_CIPHER *new_cipher;
409#ifndef OPENSSL_NO_DH 473#ifndef OPENSSL_NO_DH
410 DH *dh; 474 DH *dh;
411#endif 475#endif
@@ -432,6 +496,8 @@ typedef struct ssl3_state_st
432 496
433 const EVP_CIPHER *new_sym_enc; 497 const EVP_CIPHER *new_sym_enc;
434 const EVP_MD *new_hash; 498 const EVP_MD *new_hash;
499 int new_mac_pkey_type;
500 int new_mac_secret_size;
435#ifndef OPENSSL_NO_COMP 501#ifndef OPENSSL_NO_COMP
436 const SSL_COMP *new_compression; 502 const SSL_COMP *new_compression;
437#else 503#else
@@ -440,6 +506,12 @@ typedef struct ssl3_state_st
440 int cert_request; 506 int cert_request;
441 } tmp; 507 } tmp;
442 508
509 /* Connection binding to prevent renegotiation attacks */
510 unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
511 unsigned char previous_client_finished_len;
512 unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
513 unsigned char previous_server_finished_len;
514 int send_connection_binding; /* TODOEKR */
443 } SSL3_STATE; 515 } SSL3_STATE;
444 516
445 517
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
index 4717c0e6e1..0967b2dfe4 100644
--- a/src/lib/libssl/ssl_algs.c
+++ b/src/lib/libssl/ssl_algs.c
@@ -76,13 +76,16 @@ int SSL_library_init(void)
76#endif 76#endif
77#ifndef OPENSSL_NO_RC2 77#ifndef OPENSSL_NO_RC2
78 EVP_add_cipher(EVP_rc2_cbc()); 78 EVP_add_cipher(EVP_rc2_cbc());
79 /* Not actually used for SSL/TLS but this makes PKCS#12 work
80 * if an application only calls SSL_library_init().
81 */
82 EVP_add_cipher(EVP_rc2_40_cbc());
79#endif 83#endif
80#ifndef OPENSSL_NO_AES 84#ifndef OPENSSL_NO_AES
81 EVP_add_cipher(EVP_aes_128_cbc()); 85 EVP_add_cipher(EVP_aes_128_cbc());
82 EVP_add_cipher(EVP_aes_192_cbc()); 86 EVP_add_cipher(EVP_aes_192_cbc());
83 EVP_add_cipher(EVP_aes_256_cbc()); 87 EVP_add_cipher(EVP_aes_256_cbc());
84#endif 88#endif
85
86#ifndef OPENSSL_NO_CAMELLIA 89#ifndef OPENSSL_NO_CAMELLIA
87 EVP_add_cipher(EVP_camellia_128_cbc()); 90 EVP_add_cipher(EVP_camellia_128_cbc());
88 EVP_add_cipher(EVP_camellia_256_cbc()); 91 EVP_add_cipher(EVP_camellia_256_cbc());
@@ -91,10 +94,7 @@ int SSL_library_init(void)
91#ifndef OPENSSL_NO_SEED 94#ifndef OPENSSL_NO_SEED
92 EVP_add_cipher(EVP_seed_cbc()); 95 EVP_add_cipher(EVP_seed_cbc());
93#endif 96#endif
94 97
95#ifndef OPENSSL_NO_MD2
96 EVP_add_digest(EVP_md2());
97#endif
98#ifndef OPENSSL_NO_MD5 98#ifndef OPENSSL_NO_MD5
99 EVP_add_digest(EVP_md5()); 99 EVP_add_digest(EVP_md5());
100 EVP_add_digest_alias(SN_md5,"ssl2-md5"); 100 EVP_add_digest_alias(SN_md5,"ssl2-md5");
@@ -105,6 +105,14 @@ int SSL_library_init(void)
105 EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); 105 EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
106 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); 106 EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
107#endif 107#endif
108#ifndef OPENSSL_NO_SHA256
109 EVP_add_digest(EVP_sha224());
110 EVP_add_digest(EVP_sha256());
111#endif
112#ifndef OPENSSL_NO_SHA512
113 EVP_add_digest(EVP_sha384());
114 EVP_add_digest(EVP_sha512());
115#endif
108#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) 116#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
109 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ 117 EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
110 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); 118 EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 0f9a3489dd..28709978b5 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -55,6 +55,32 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
58 84
59#include <stdio.h> 85#include <stdio.h>
60#include <stdlib.h> 86#include <stdlib.h>
@@ -68,6 +94,7 @@ typedef struct ssl_session_asn1_st
68 ASN1_INTEGER version; 94 ASN1_INTEGER version;
69 ASN1_INTEGER ssl_version; 95 ASN1_INTEGER ssl_version;
70 ASN1_OCTET_STRING cipher; 96 ASN1_OCTET_STRING cipher;
97 ASN1_OCTET_STRING comp_id;
71 ASN1_OCTET_STRING master_key; 98 ASN1_OCTET_STRING master_key;
72 ASN1_OCTET_STRING session_id; 99 ASN1_OCTET_STRING session_id;
73 ASN1_OCTET_STRING session_id_context; 100 ASN1_OCTET_STRING session_id_context;
@@ -83,18 +110,26 @@ typedef struct ssl_session_asn1_st
83 ASN1_INTEGER tlsext_tick_lifetime; 110 ASN1_INTEGER tlsext_tick_lifetime;
84 ASN1_OCTET_STRING tlsext_tick; 111 ASN1_OCTET_STRING tlsext_tick;
85#endif /* OPENSSL_NO_TLSEXT */ 112#endif /* OPENSSL_NO_TLSEXT */
113#ifndef OPENSSL_NO_PSK
114 ASN1_OCTET_STRING psk_identity_hint;
115 ASN1_OCTET_STRING psk_identity;
116#endif /* OPENSSL_NO_PSK */
86 } SSL_SESSION_ASN1; 117 } SSL_SESSION_ASN1;
87 118
88int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) 119int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
89 { 120 {
90#define LSIZE2 (sizeof(long)*2) 121#define LSIZE2 (sizeof(long)*2)
91 int v1=0,v2=0,v3=0,v4=0,v5=0; 122 int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
92 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; 123 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
93 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; 124 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
94#ifndef OPENSSL_NO_TLSEXT 125#ifndef OPENSSL_NO_TLSEXT
95 int v6=0,v9=0,v10=0; 126 int v6=0,v9=0,v10=0;
96 unsigned char ibuf6[LSIZE2]; 127 unsigned char ibuf6[LSIZE2];
97#endif 128#endif
129#ifndef OPENSSL_NO_COMP
130 unsigned char cbuf;
131 int v11=0;
132#endif
98 long l; 133 long l;
99 SSL_SESSION_ASN1 a; 134 SSL_SESSION_ASN1 a;
100 M_ASN1_I2D_vars(in); 135 M_ASN1_I2D_vars(in);
@@ -138,6 +173,16 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
138 buf[1]=((unsigned char)(l ))&0xff; 173 buf[1]=((unsigned char)(l ))&0xff;
139 } 174 }
140 175
176#ifndef OPENSSL_NO_COMP
177 if (in->compress_meth)
178 {
179 cbuf = (unsigned char)in->compress_meth;
180 a.comp_id.length = 1;
181 a.comp_id.type = V_ASN1_OCTET_STRING;
182 a.comp_id.data = &cbuf;
183 }
184#endif
185
141 a.master_key.length=in->master_key_length; 186 a.master_key.length=in->master_key_length;
142 a.master_key.type=V_ASN1_OCTET_STRING; 187 a.master_key.type=V_ASN1_OCTET_STRING;
143 a.master_key.data=in->master_key; 188 a.master_key.data=in->master_key;
@@ -162,7 +207,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
162 a.krb5_princ.data=in->krb5_client_princ; 207 a.krb5_princ.data=in->krb5_client_princ;
163 } 208 }
164#endif /* OPENSSL_NO_KRB5 */ 209#endif /* OPENSSL_NO_KRB5 */
165 210
166 if (in->time != 0L) 211 if (in->time != 0L)
167 { 212 {
168 a.time.length=LSIZE2; 213 a.time.length=LSIZE2;
@@ -199,12 +244,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
199 a.tlsext_tick.length= in->tlsext_ticklen; 244 a.tlsext_tick.length= in->tlsext_ticklen;
200 a.tlsext_tick.type=V_ASN1_OCTET_STRING; 245 a.tlsext_tick.type=V_ASN1_OCTET_STRING;
201 a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; 246 a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
202 /* If we have a ticket set session ID to empty because
203 * it will be bogus. If liftime hint is -1 treat as a special
204 * case because the session is being used as a container
205 */
206 if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))
207 a.session_id.length=0;
208 } 247 }
209 if (in->tlsext_tick_lifetime_hint > 0) 248 if (in->tlsext_tick_lifetime_hint > 0)
210 { 249 {
@@ -214,6 +253,21 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
214 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint); 253 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
215 } 254 }
216#endif /* OPENSSL_NO_TLSEXT */ 255#endif /* OPENSSL_NO_TLSEXT */
256#ifndef OPENSSL_NO_PSK
257 if (in->psk_identity_hint)
258 {
259 a.psk_identity_hint.length=strlen(in->psk_identity_hint);
260 a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
261 a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
262 }
263 if (in->psk_identity)
264 {
265 a.psk_identity.length=strlen(in->psk_identity);
266 a.psk_identity.type=V_ASN1_OCTET_STRING;
267 a.psk_identity.data=(unsigned char *)(in->psk_identity);
268 }
269#endif /* OPENSSL_NO_PSK */
270
217 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); 271 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
218 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); 272 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
219 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); 273 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
@@ -242,7 +296,18 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
242 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); 296 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
243 if (in->tlsext_hostname) 297 if (in->tlsext_hostname)
244 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); 298 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
299#ifndef OPENSSL_NO_COMP
300 if (in->compress_meth)
301 M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
302#endif
245#endif /* OPENSSL_NO_TLSEXT */ 303#endif /* OPENSSL_NO_TLSEXT */
304#ifndef OPENSSL_NO_PSK
305 if (in->psk_identity_hint)
306 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
307 if (in->psk_identity)
308 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
309#endif /* OPENSSL_NO_PSK */
310
246 M_ASN1_I2D_seq_total(); 311 M_ASN1_I2D_seq_total();
247 312
248 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER); 313 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
@@ -269,16 +334,28 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
269#ifndef OPENSSL_NO_TLSEXT 334#ifndef OPENSSL_NO_TLSEXT
270 if (in->tlsext_hostname) 335 if (in->tlsext_hostname)
271 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); 336 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
337#endif /* OPENSSL_NO_TLSEXT */
338#ifndef OPENSSL_NO_PSK
339 if (in->psk_identity_hint)
340 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
341 if (in->psk_identity)
342 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
343#endif /* OPENSSL_NO_PSK */
344#ifndef OPENSSL_NO_TLSEXT
272 if (in->tlsext_tick_lifetime_hint > 0) 345 if (in->tlsext_tick_lifetime_hint > 0)
273 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); 346 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
274 if (in->tlsext_tick) 347 if (in->tlsext_tick)
275 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); 348 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
276#endif /* OPENSSL_NO_TLSEXT */ 349#endif /* OPENSSL_NO_TLSEXT */
350#ifndef OPENSSL_NO_COMP
351 if (in->compress_meth)
352 M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
353#endif
277 M_ASN1_I2D_finish(); 354 M_ASN1_I2D_finish();
278 } 355 }
279 356
280SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 357SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
281 long length) 358 long length)
282 { 359 {
283 int version,ssl_version=0,i; 360 int version,ssl_version=0,i;
284 long id; 361 long id;
@@ -317,7 +394,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
317 ((unsigned long)os.data[1]<< 8L)| 394 ((unsigned long)os.data[1]<< 8L)|
318 (unsigned long)os.data[2]; 395 (unsigned long)os.data[2];
319 } 396 }
320 else if ((ssl_version>>8) == SSL3_VERSION_MAJOR) 397 else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
321 { 398 {
322 if (os.length != 2) 399 if (os.length != 2)
323 { 400 {
@@ -330,15 +407,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
330 } 407 }
331 else 408 else
332 { 409 {
333 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION); 410 c.error=SSL_R_UNKNOWN_SSL_VERSION;
334 return(NULL); 411 goto err;
335 } 412 }
336 413
337 ret->cipher=NULL; 414 ret->cipher=NULL;
338 ret->cipher_id=id; 415 ret->cipher_id=id;
339 416
340 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); 417 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
341 if ((ssl_version>>8) == SSL3_VERSION_MAJOR) 418 if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
342 i=SSL3_MAX_SSL_SESSION_ID_LENGTH; 419 i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
343 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */ 420 else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
344 i=SSL2_MAX_SSL_SESSION_ID_LENGTH; 421 i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
@@ -422,8 +499,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
422 { 499 {
423 if (os.length > SSL_MAX_SID_CTX_LENGTH) 500 if (os.length > SSL_MAX_SID_CTX_LENGTH)
424 { 501 {
425 ret->sid_ctx_length=os.length; 502 c.error=SSL_R_BAD_LENGTH;
426 SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); 503 goto err;
427 } 504 }
428 else 505 else
429 { 506 {
@@ -458,6 +535,24 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
458 } 535 }
459 else 536 else
460 ret->tlsext_hostname=NULL; 537 ret->tlsext_hostname=NULL;
538#endif /* OPENSSL_NO_TLSEXT */
539
540#ifndef OPENSSL_NO_PSK
541 os.length=0;
542 os.data=NULL;
543 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
544 if (os.data)
545 {
546 ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
547 OPENSSL_free(os.data);
548 os.data = NULL;
549 os.length = 0;
550 }
551 else
552 ret->psk_identity_hint=NULL;
553#endif /* OPENSSL_NO_PSK */
554
555#ifndef OPENSSL_NO_TLSEXT
461 ai.length=0; 556 ai.length=0;
462 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9); 557 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
463 if (ai.data != NULL) 558 if (ai.data != NULL)
@@ -468,33 +563,31 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
468 else if (ret->tlsext_ticklen && ret->session_id_length) 563 else if (ret->tlsext_ticklen && ret->session_id_length)
469 ret->tlsext_tick_lifetime_hint = -1; 564 ret->tlsext_tick_lifetime_hint = -1;
470 else 565 else
471 ret->tlsext_tick_lifetime_hint = 0; 566 ret->tlsext_tick_lifetime_hint=0;
472 os.length=0; 567 os.length=0;
473 os.data=NULL; 568 os.data=NULL;
474 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); 569 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
475 if (os.data) 570 if (os.data)
476 { 571 {
477 ret->tlsext_tick = os.data; 572 ret->tlsext_tick = os.data;
478 ret->tlsext_ticklen = os.length; 573 ret->tlsext_ticklen = os.length;
479 os.data = NULL; 574 os.data = NULL;
480 os.length = 0; 575 os.length = 0;
481#if 0 576 }
482 /* There are two ways to detect a resumed ticket sesion.
483 * One is to set a random session ID and then the server
484 * must return a match in ServerHello. This allows the normal
485 * client session ID matching to work.
486 */
487 if (ret->session_id_length == 0)
488 {
489 ret->session_id_length=SSL3_MAX_SSL_SESSION_ID_LENGTH;
490 RAND_pseudo_bytes(ret->session_id,
491 ret->session_id_length);
492 }
493#endif
494 }
495 else 577 else
496 ret->tlsext_tick=NULL; 578 ret->tlsext_tick=NULL;
497#endif /* OPENSSL_NO_TLSEXT */ 579#endif /* OPENSSL_NO_TLSEXT */
580#ifndef OPENSSL_NO_COMP
581 os.length=0;
582 os.data=NULL;
583 M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
584 if (os.data)
585 {
586 ret->compress_meth = os.data[0];
587 OPENSSL_free(os.data);
588 os.data = NULL;
589 }
590#endif
498 591
499 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); 592 M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
500 } 593 }
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index a32b2d4446..27256eea81 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -197,8 +197,10 @@ CERT *ssl_cert_dup(CERT *cert)
197 * if you find that more readable */ 197 * if you find that more readable */
198 198
199 ret->valid = cert->valid; 199 ret->valid = cert->valid;
200 ret->mask = cert->mask; 200 ret->mask_k = cert->mask_k;
201 ret->export_mask = cert->export_mask; 201 ret->mask_a = cert->mask_a;
202 ret->export_mask_k = cert->export_mask_k;
203 ret->export_mask_a = cert->export_mask_a;
202 204
203#ifndef OPENSSL_NO_RSA 205#ifndef OPENSSL_NO_RSA
204 if (cert->rsa_tmp != NULL) 206 if (cert->rsa_tmp != NULL)
@@ -500,9 +502,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
500 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); 502 SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
501 return(0); 503 return(0);
502 } 504 }
503 if (s->param)
504 X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
505 s->param);
506#if 0 505#if 0
507 if (SSL_get_verify_depth(s) >= 0) 506 if (SSL_get_verify_depth(s) >= 0)
508 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); 507 X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
@@ -516,6 +515,10 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
516 515
517 X509_STORE_CTX_set_default(&ctx, 516 X509_STORE_CTX_set_default(&ctx,
518 s->server ? "ssl_client" : "ssl_server"); 517 s->server ? "ssl_client" : "ssl_server");
518 /* Anything non-default in "param" should overwrite anything in the
519 * ctx.
520 */
521 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
519 522
520 if (s->verify_callback) 523 if (s->verify_callback)
521 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); 524 X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
@@ -752,6 +755,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
752 sk_X509_NAME_push(stack,xn); 755 sk_X509_NAME_push(stack,xn);
753 } 756 }
754 757
758 ERR_clear_error();
759
755 if (0) 760 if (0)
756 { 761 {
757err: 762err:
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 52f91cfe60..bee3507ea1 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -113,12 +113,41 @@
113 * ECC cipher suite support in OpenSSL originally developed by 113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */ 115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
116#include <stdio.h> 143#include <stdio.h>
117#include <openssl/objects.h> 144#include <openssl/objects.h>
118#ifndef OPENSSL_NO_COMP 145#ifndef OPENSSL_NO_COMP
119#include <openssl/comp.h> 146#include <openssl/comp.h>
120#endif 147#endif
121 148#ifndef OPENSSL_NO_ENGINE
149#include <openssl/engine.h>
150#endif
122#include "ssl_locl.h" 151#include "ssl_locl.h"
123 152
124#define SSL_ENC_DES_IDX 0 153#define SSL_ENC_DES_IDX 0
@@ -126,18 +155,18 @@
126#define SSL_ENC_RC4_IDX 2 155#define SSL_ENC_RC4_IDX 2
127#define SSL_ENC_RC2_IDX 3 156#define SSL_ENC_RC2_IDX 3
128#define SSL_ENC_IDEA_IDX 4 157#define SSL_ENC_IDEA_IDX 4
129#define SSL_ENC_eFZA_IDX 5 158#define SSL_ENC_NULL_IDX 5
130#define SSL_ENC_NULL_IDX 6 159#define SSL_ENC_AES128_IDX 6
131#define SSL_ENC_AES128_IDX 7 160#define SSL_ENC_AES256_IDX 7
132#define SSL_ENC_AES256_IDX 8 161#define SSL_ENC_CAMELLIA128_IDX 8
133#define SSL_ENC_CAMELLIA128_IDX 9 162#define SSL_ENC_CAMELLIA256_IDX 9
134#define SSL_ENC_CAMELLIA256_IDX 10 163#define SSL_ENC_GOST89_IDX 10
135#define SSL_ENC_SEED_IDX 11 164#define SSL_ENC_SEED_IDX 11
136#define SSL_ENC_NUM_IDX 12 165#define SSL_ENC_NUM_IDX 12
137 166
138 167
139static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ 168static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
140 NULL,NULL,NULL,NULL,NULL,NULL, 169 NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
141 }; 170 };
142 171
143#define SSL_COMP_NULL_IDX 0 172#define SSL_COMP_NULL_IDX 0
@@ -148,9 +177,30 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
148 177
149#define SSL_MD_MD5_IDX 0 178#define SSL_MD_MD5_IDX 0
150#define SSL_MD_SHA1_IDX 1 179#define SSL_MD_SHA1_IDX 1
151#define SSL_MD_NUM_IDX 2 180#define SSL_MD_GOST94_IDX 2
181#define SSL_MD_GOST89MAC_IDX 3
182/*Constant SSL_MAX_DIGEST equal to size of digests array should be
183 * defined in the
184 * ssl_locl.h */
185#define SSL_MD_NUM_IDX SSL_MAX_DIGEST
152static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ 186static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
153 NULL,NULL, 187 NULL,NULL,NULL,NULL
188 };
189/* PKEY_TYPE for GOST89MAC is known in advance, but, because
190 * implementation is engine-provided, we'll fill it only if
191 * corresponding EVP_PKEY_METHOD is found
192 */
193static int ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
194 EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
195 };
196
197static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
198 0,0,0,0
199 };
200
201static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
202 SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
203 SSL_HANDSHAKE_MAC_GOST94,0
154 }; 204 };
155 205
156#define CIPHER_ADD 1 206#define CIPHER_ADD 1
@@ -161,72 +211,144 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
161 211
162typedef struct cipher_order_st 212typedef struct cipher_order_st
163 { 213 {
164 SSL_CIPHER *cipher; 214 const SSL_CIPHER *cipher;
165 int active; 215 int active;
166 int dead; 216 int dead;
167 struct cipher_order_st *next,*prev; 217 struct cipher_order_st *next,*prev;
168 } CIPHER_ORDER; 218 } CIPHER_ORDER;
169 219
170static const SSL_CIPHER cipher_aliases[]={ 220static const SSL_CIPHER cipher_aliases[]={
171 /* Don't include eNULL unless specifically enabled. */ 221 /* "ALL" doesn't include eNULL (must be specifically enabled) */
172 /* Don't include ECC in ALL because these ciphers are not yet official. */ 222 {0,SSL_TXT_ALL,0, 0,0,~SSL_eNULL,0,0,0,0,0,0},
173 {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ 223 /* "COMPLEMENTOFALL" */
174 /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */ 224 {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
175 {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ 225
176 {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, 226 /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
177 {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ 227 {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
178 {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, 228
179 {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, 229 /* key exchange aliases
180 {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, 230 * (some of those using only a single bit here combine
181 {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, 231 * multiple key exchange algs according to the RFCs,
182 {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, 232 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
183 {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, 233 {0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
184 {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0}, 234
185 {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, 235 {0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
186 {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ 236 {0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
187 {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, 237 {0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
188 {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, 238 {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
189 {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, 239 {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
190 {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, 240
191 {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, 241 {0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
192 {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, 242
193 243 {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
194 {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, 244 {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
195 {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, 245 {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
196 {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, 246 {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
197 {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, 247 {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
198#ifndef OPENSSL_NO_IDEA 248
199 {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, 249 {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
200#endif 250 {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
201 {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0}, 251
202 {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, 252 /* server authentication aliases */
203 {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, 253 {0,SSL_TXT_aRSA,0, 0,SSL_aRSA, 0,0,0,0,0,0,0},
204 {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, 254 {0,SSL_TXT_aDSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
205 {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0}, 255 {0,SSL_TXT_DSS,0, 0,SSL_aDSS, 0,0,0,0,0,0,0},
206 256 {0,SSL_TXT_aKRB5,0, 0,SSL_aKRB5, 0,0,0,0,0,0,0},
207 {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, 257 {0,SSL_TXT_aNULL,0, 0,SSL_aNULL, 0,0,0,0,0,0,0},
208 {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, 258 {0,SSL_TXT_aDH,0, 0,SSL_aDH, 0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
209 {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, 259 {0,SSL_TXT_aECDH,0, 0,SSL_aECDH, 0,0,0,0,0,0,0},
210 260 {0,SSL_TXT_aECDSA,0, 0,SSL_aECDSA,0,0,0,0,0,0,0},
211 {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, 261 {0,SSL_TXT_ECDSA,0, 0,SSL_aECDSA, 0,0,0,0,0,0,0},
212 {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 262 {0,SSL_TXT_aPSK,0, 0,SSL_aPSK, 0,0,0,0,0,0,0},
213 {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 263 {0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
214 {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, 264 {0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
215 {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, 265 {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
216 266
217 {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, 267 /* aliases combining key exchange and server authentication */
218 {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0}, 268 {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
219 {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0}, 269 {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
220 270 {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
221 {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 271 {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
222 {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, 272 {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
223 {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK}, 273 {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
224 {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK}, 274 {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
225 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, 275 {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
226 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, 276
227 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, 277
228 {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE}, 278 /* symmetric encryption aliases */
279 {0,SSL_TXT_DES,0, 0,0,SSL_DES, 0,0,0,0,0,0},
280 {0,SSL_TXT_3DES,0, 0,0,SSL_3DES, 0,0,0,0,0,0},
281 {0,SSL_TXT_RC4,0, 0,0,SSL_RC4, 0,0,0,0,0,0},
282 {0,SSL_TXT_RC2,0, 0,0,SSL_RC2, 0,0,0,0,0,0},
283 {0,SSL_TXT_IDEA,0, 0,0,SSL_IDEA, 0,0,0,0,0,0},
284 {0,SSL_TXT_SEED,0, 0,0,SSL_SEED, 0,0,0,0,0,0},
285 {0,SSL_TXT_eNULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
286 {0,SSL_TXT_AES128,0, 0,0,SSL_AES128,0,0,0,0,0,0},
287 {0,SSL_TXT_AES256,0, 0,0,SSL_AES256,0,0,0,0,0,0},
288 {0,SSL_TXT_AES,0, 0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
289 {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
290 {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
291 {0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
292
293 /* MAC aliases */
294 {0,SSL_TXT_MD5,0, 0,0,0,SSL_MD5, 0,0,0,0,0},
295 {0,SSL_TXT_SHA1,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
296 {0,SSL_TXT_SHA,0, 0,0,0,SSL_SHA1, 0,0,0,0,0},
297 {0,SSL_TXT_GOST94,0, 0,0,0,SSL_GOST94, 0,0,0,0,0},
298 {0,SSL_TXT_GOST89MAC,0, 0,0,0,SSL_GOST89MAC, 0,0,0,0,0},
299
300 /* protocol version aliases */
301 {0,SSL_TXT_SSLV2,0, 0,0,0,0,SSL_SSLV2, 0,0,0,0},
302 {0,SSL_TXT_SSLV3,0, 0,0,0,0,SSL_SSLV3, 0,0,0,0},
303 {0,SSL_TXT_TLSV1,0, 0,0,0,0,SSL_TLSV1, 0,0,0,0},
304
305 /* export flag */
306 {0,SSL_TXT_EXP,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
307 {0,SSL_TXT_EXPORT,0, 0,0,0,0,0,SSL_EXPORT,0,0,0},
308
309 /* strength classes */
310 {0,SSL_TXT_EXP40,0, 0,0,0,0,0,SSL_EXP40, 0,0,0},
311 {0,SSL_TXT_EXP56,0, 0,0,0,0,0,SSL_EXP56, 0,0,0},
312 {0,SSL_TXT_LOW,0, 0,0,0,0,0,SSL_LOW, 0,0,0},
313 {0,SSL_TXT_MEDIUM,0, 0,0,0,0,0,SSL_MEDIUM,0,0,0},
314 {0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
315 /* FIPS 140-2 approved ciphersuite */
316 {0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
229 }; 317 };
318/* Search for public key algorithm with given name and
319 * return its pkey_id if it is available. Otherwise return 0
320 */
321#ifdef OPENSSL_NO_ENGINE
322
323static int get_optional_pkey_id(const char *pkey_name)
324 {
325 const EVP_PKEY_ASN1_METHOD *ameth;
326 int pkey_id=0;
327 ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
328 if (ameth)
329 {
330 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
331 }
332 return pkey_id;
333 }
334
335#else
336
337static int get_optional_pkey_id(const char *pkey_name)
338 {
339 const EVP_PKEY_ASN1_METHOD *ameth;
340 ENGINE *tmpeng = NULL;
341 int pkey_id=0;
342 ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
343 if (ameth)
344 {
345 EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
346 }
347 if (tmpeng) ENGINE_finish(tmpeng);
348 return pkey_id;
349 }
350
351#endif
230 352
231void ssl_load_ciphers(void) 353void ssl_load_ciphers(void)
232 { 354 {
@@ -252,16 +374,37 @@ void ssl_load_ciphers(void)
252 EVP_get_cipherbyname(SN_camellia_128_cbc); 374 EVP_get_cipherbyname(SN_camellia_128_cbc);
253 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]= 375 ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
254 EVP_get_cipherbyname(SN_camellia_256_cbc); 376 EVP_get_cipherbyname(SN_camellia_256_cbc);
377 ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
378 EVP_get_cipherbyname(SN_gost89_cnt);
255 ssl_cipher_methods[SSL_ENC_SEED_IDX]= 379 ssl_cipher_methods[SSL_ENC_SEED_IDX]=
256 EVP_get_cipherbyname(SN_seed_cbc); 380 EVP_get_cipherbyname(SN_seed_cbc);
257 381
258 ssl_digest_methods[SSL_MD_MD5_IDX]= 382 ssl_digest_methods[SSL_MD_MD5_IDX]=
259 EVP_get_digestbyname(SN_md5); 383 EVP_get_digestbyname(SN_md5);
384 ssl_mac_secret_size[SSL_MD_MD5_IDX]=
385 EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
386 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
260 ssl_digest_methods[SSL_MD_SHA1_IDX]= 387 ssl_digest_methods[SSL_MD_SHA1_IDX]=
261 EVP_get_digestbyname(SN_sha1); 388 EVP_get_digestbyname(SN_sha1);
262 } 389 ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
263 390 EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
391 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
392 ssl_digest_methods[SSL_MD_GOST94_IDX]=
393 EVP_get_digestbyname(SN_id_GostR3411_94);
394 if (ssl_digest_methods[SSL_MD_GOST94_IDX])
395 {
396 ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
397 EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
398 OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
399 }
400 ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
401 EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
402 ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
403 if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
404 ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
405 }
264 406
407 }
265#ifndef OPENSSL_NO_COMP 408#ifndef OPENSSL_NO_COMP
266 409
267static int sk_comp_cmp(const SSL_COMP * const *a, 410static int sk_comp_cmp(const SSL_COMP * const *a,
@@ -316,10 +459,10 @@ static void load_builtin_compressions(void)
316#endif 459#endif
317 460
318int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, 461int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
319 const EVP_MD **md, SSL_COMP **comp) 462 const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
320 { 463 {
321 int i; 464 int i;
322 SSL_CIPHER *c; 465 const SSL_CIPHER *c;
323 466
324 c=s->cipher; 467 c=s->cipher;
325 if (c == NULL) return(0); 468 if (c == NULL) return(0);
@@ -344,7 +487,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
344 487
345 if ((enc == NULL) || (md == NULL)) return(0); 488 if ((enc == NULL) || (md == NULL)) return(0);
346 489
347 switch (c->algorithms & SSL_ENC_MASK) 490 switch (c->algorithm_enc)
348 { 491 {
349 case SSL_DES: 492 case SSL_DES:
350 i=SSL_ENC_DES_IDX; 493 i=SSL_ENC_DES_IDX;
@@ -364,26 +507,24 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
364 case SSL_eNULL: 507 case SSL_eNULL:
365 i=SSL_ENC_NULL_IDX; 508 i=SSL_ENC_NULL_IDX;
366 break; 509 break;
367 case SSL_AES: 510 case SSL_AES128:
368 switch(c->alg_bits) 511 i=SSL_ENC_AES128_IDX;
369 {
370 case 128: i=SSL_ENC_AES128_IDX; break;
371 case 256: i=SSL_ENC_AES256_IDX; break;
372 default: i=-1; break;
373 }
374 break; 512 break;
375 case SSL_CAMELLIA: 513 case SSL_AES256:
376 switch(c->alg_bits) 514 i=SSL_ENC_AES256_IDX;
377 { 515 break;
378 case 128: i=SSL_ENC_CAMELLIA128_IDX; break; 516 case SSL_CAMELLIA128:
379 case 256: i=SSL_ENC_CAMELLIA256_IDX; break; 517 i=SSL_ENC_CAMELLIA128_IDX;
380 default: i=-1; break; 518 break;
381 } 519 case SSL_CAMELLIA256:
520 i=SSL_ENC_CAMELLIA256_IDX;
521 break;
522 case SSL_eGOST2814789CNT:
523 i=SSL_ENC_GOST89_IDX;
382 break; 524 break;
383 case SSL_SEED: 525 case SSL_SEED:
384 i=SSL_ENC_SEED_IDX; 526 i=SSL_ENC_SEED_IDX;
385 break; 527 break;
386
387 default: 528 default:
388 i= -1; 529 i= -1;
389 break; 530 break;
@@ -399,7 +540,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
399 *enc=ssl_cipher_methods[i]; 540 *enc=ssl_cipher_methods[i];
400 } 541 }
401 542
402 switch (c->algorithms & SSL_MAC_MASK) 543 switch (c->algorithm_mac)
403 { 544 {
404 case SSL_MD5: 545 case SSL_MD5:
405 i=SSL_MD_MD5_IDX; 546 i=SSL_MD_MD5_IDX;
@@ -407,21 +548,48 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
407 case SSL_SHA1: 548 case SSL_SHA1:
408 i=SSL_MD_SHA1_IDX; 549 i=SSL_MD_SHA1_IDX;
409 break; 550 break;
551 case SSL_GOST94:
552 i = SSL_MD_GOST94_IDX;
553 break;
554 case SSL_GOST89MAC:
555 i = SSL_MD_GOST89MAC_IDX;
556 break;
410 default: 557 default:
411 i= -1; 558 i= -1;
412 break; 559 break;
413 } 560 }
414 if ((i < 0) || (i > SSL_MD_NUM_IDX)) 561 if ((i < 0) || (i > SSL_MD_NUM_IDX))
415 *md=NULL; 562 {
563 *md=NULL;
564 if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
565 if (mac_secret_size!=NULL) *mac_secret_size = 0;
566
567 }
416 else 568 else
569 {
417 *md=ssl_digest_methods[i]; 570 *md=ssl_digest_methods[i];
571 if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
572 if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
573 }
418 574
419 if ((*enc != NULL) && (*md != NULL)) 575 if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
420 return(1); 576 return(1);
421 else 577 else
422 return(0); 578 return(0);
423 } 579 }
424 580
581int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
582{
583 if (idx <0||idx>=SSL_MD_NUM_IDX)
584 {
585 return 0;
586 }
587 if (ssl_handshake_digest_flag[idx]==0) return 0;
588 *mask = ssl_handshake_digest_flag[idx];
589 *md = ssl_digest_methods[idx];
590 return 1;
591}
592
425#define ITEM_SEP(a) \ 593#define ITEM_SEP(a) \
426 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) 594 (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
427 595
@@ -433,7 +601,7 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
433 *head=curr->next; 601 *head=curr->next;
434 if (curr->prev != NULL) 602 if (curr->prev != NULL)
435 curr->prev->next=curr->next; 603 curr->prev->next=curr->next;
436 if (curr->next != NULL) /* should always be true */ 604 if (curr->next != NULL)
437 curr->next->prev=curr->prev; 605 curr->next->prev=curr->prev;
438 (*tail)->next=curr; 606 (*tail)->next=curr;
439 curr->prev= *tail; 607 curr->prev= *tail;
@@ -441,69 +609,105 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
441 *tail=curr; 609 *tail=curr;
442 } 610 }
443 611
444struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9, 612static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
445 * where 128-bit and 256-bit algorithms simply will get 613 CIPHER_ORDER **tail)
446 * separate bits. */ 614 {
447 unsigned long mask; /* everything except m256 */ 615 if (curr == *head) return;
448 unsigned long m256; /* applies to 256-bit algorithms only */ 616 if (curr == *tail)
449}; 617 *tail=curr->prev;
618 if (curr->next != NULL)
619 curr->next->prev=curr->prev;
620 if (curr->prev != NULL)
621 curr->prev->next=curr->next;
622 (*head)->prev=curr;
623 curr->next= *head;
624 curr->prev=NULL;
625 *head=curr;
626 }
450 627
451static struct disabled_masks ssl_cipher_get_disabled(void) 628static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
452 { 629 {
453 unsigned long mask; 630 *mkey = 0;
454 unsigned long m256; 631 *auth = 0;
455 struct disabled_masks ret; 632 *enc = 0;
633 *mac = 0;
634 *ssl = 0;
456 635
457 mask = SSL_kFZA;
458#ifdef OPENSSL_NO_RSA 636#ifdef OPENSSL_NO_RSA
459 mask |= SSL_aRSA|SSL_kRSA; 637 *mkey |= SSL_kRSA;
638 *auth |= SSL_aRSA;
460#endif 639#endif
461#ifdef OPENSSL_NO_DSA 640#ifdef OPENSSL_NO_DSA
462 mask |= SSL_aDSS; 641 *auth |= SSL_aDSS;
463#endif 642#endif
643 *mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
644 *auth |= SSL_aDH;
464#ifdef OPENSSL_NO_DH 645#ifdef OPENSSL_NO_DH
465 mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; 646 *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
647 *auth |= SSL_aDH;
466#endif 648#endif
467#ifdef OPENSSL_NO_KRB5 649#ifdef OPENSSL_NO_KRB5
468 mask |= SSL_kKRB5|SSL_aKRB5; 650 *mkey |= SSL_kKRB5;
651 *auth |= SSL_aKRB5;
652#endif
653#ifdef OPENSSL_NO_ECDSA
654 *auth |= SSL_aECDSA;
469#endif 655#endif
470#ifdef OPENSSL_NO_ECDH 656#ifdef OPENSSL_NO_ECDH
471 mask |= SSL_kECDH|SSL_kECDHE; 657 *mkey |= SSL_kECDHe|SSL_kECDHr;
658 *auth |= SSL_aECDH;
472#endif 659#endif
660#ifdef OPENSSL_NO_PSK
661 *mkey |= SSL_kPSK;
662 *auth |= SSL_aPSK;
663#endif
664 /* Check for presence of GOST 34.10 algorithms, and if they
665 * do not present, disable appropriate auth and key exchange */
666 if (!get_optional_pkey_id("gost94")) {
667 *auth |= SSL_aGOST94;
668 }
669 if (!get_optional_pkey_id("gost2001")) {
670 *auth |= SSL_aGOST01;
671 }
672 /* Disable GOST key exchange if no GOST signature algs are available * */
673 if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
674 *mkey |= SSL_kGOST;
675 }
473#ifdef SSL_FORBID_ENULL 676#ifdef SSL_FORBID_ENULL
474 mask |= SSL_eNULL; 677 *enc |= SSL_eNULL;
475#endif 678#endif
679
680
681
682 *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
683 *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
684 *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
685 *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
686 *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
687 *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
688 *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
689 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
690 *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
691 *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
692 *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
693
694 *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
695 *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
696 *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
697 *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
476 698
477 mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
478 mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
479 mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
480 mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
481 mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
482 mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
483 mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
484
485 mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
486 mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
487
488 /* finally consider algorithms where mask and m256 differ */
489 m256 = mask;
490 mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
491 mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
492 m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
493 m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
494
495 ret.mask = mask;
496 ret.m256 = m256;
497 return ret;
498 } 699 }
499 700
500static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, 701static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
501 int num_of_ciphers, unsigned long mask, unsigned long m256, 702 int num_of_ciphers,
502 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 703 unsigned long disabled_mkey, unsigned long disabled_auth,
503 CIPHER_ORDER **tail_p) 704 unsigned long disabled_enc, unsigned long disabled_mac,
705 unsigned long disabled_ssl,
706 CIPHER_ORDER *co_list,
707 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
504 { 708 {
505 int i, co_list_num; 709 int i, co_list_num;
506 SSL_CIPHER *c; 710 const SSL_CIPHER *c;
507 711
508 /* 712 /*
509 * We have num_of_ciphers descriptions compiled in, depending on the 713 * We have num_of_ciphers descriptions compiled in, depending on the
@@ -517,14 +721,13 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
517 for (i = 0; i < num_of_ciphers; i++) 721 for (i = 0; i < num_of_ciphers; i++)
518 { 722 {
519 c = ssl_method->get_cipher(i); 723 c = ssl_method->get_cipher(i);
520#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
521 /* drop those that use any of that is not available */ 724 /* drop those that use any of that is not available */
522#ifdef OPENSSL_FIPS 725 if ((c != NULL) && c->valid &&
523 if ((c != NULL) && c->valid && !IS_MASKED(c) 726 !(c->algorithm_mkey & disabled_mkey) &&
524 && (!FIPS_mode() || (c->algo_strength & SSL_FIPS))) 727 !(c->algorithm_auth & disabled_auth) &&
525#else 728 !(c->algorithm_enc & disabled_enc) &&
526 if ((c != NULL) && c->valid && !IS_MASKED(c)) 729 !(c->algorithm_mac & disabled_mac) &&
527#endif 730 !(c->algorithm_ssl & disabled_ssl))
528 { 731 {
529 co_list[co_list_num].cipher = c; 732 co_list[co_list_num].cipher = c;
530 co_list[co_list_num].next = NULL; 733 co_list[co_list_num].next = NULL;
@@ -532,7 +735,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
532 co_list[co_list_num].active = 0; 735 co_list[co_list_num].active = 0;
533 co_list_num++; 736 co_list_num++;
534#ifdef KSSL_DEBUG 737#ifdef KSSL_DEBUG
535 printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); 738 printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
536#endif /* KSSL_DEBUG */ 739#endif /* KSSL_DEBUG */
537 /* 740 /*
538 if (!sk_push(ca_list,(char *)c)) goto err; 741 if (!sk_push(ca_list,(char *)c)) goto err;
@@ -543,29 +746,45 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
543 /* 746 /*
544 * Prepare linked list from list entries 747 * Prepare linked list from list entries
545 */ 748 */
546 for (i = 1; i < co_list_num - 1; i++)
547 {
548 co_list[i].prev = &(co_list[i-1]);
549 co_list[i].next = &(co_list[i+1]);
550 }
551 if (co_list_num > 0) 749 if (co_list_num > 0)
552 { 750 {
553 (*head_p) = &(co_list[0]); 751 co_list[0].prev = NULL;
554 (*head_p)->prev = NULL; 752
555 (*head_p)->next = &(co_list[1]); 753 if (co_list_num > 1)
556 (*tail_p) = &(co_list[co_list_num - 1]); 754 {
557 (*tail_p)->prev = &(co_list[co_list_num - 2]); 755 co_list[0].next = &co_list[1];
558 (*tail_p)->next = NULL; 756
757 for (i = 1; i < co_list_num - 1; i++)
758 {
759 co_list[i].prev = &co_list[i - 1];
760 co_list[i].next = &co_list[i + 1];
761 }
762
763 co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
764 }
765
766 co_list[co_list_num - 1].next = NULL;
767
768 *head_p = &co_list[0];
769 *tail_p = &co_list[co_list_num - 1];
559 } 770 }
560 } 771 }
561 772
562static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, 773static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
563 int num_of_group_aliases, unsigned long mask, 774 int num_of_group_aliases,
775 unsigned long disabled_mkey, unsigned long disabled_auth,
776 unsigned long disabled_enc, unsigned long disabled_mac,
777 unsigned long disabled_ssl,
564 CIPHER_ORDER *head) 778 CIPHER_ORDER *head)
565 { 779 {
566 CIPHER_ORDER *ciph_curr; 780 CIPHER_ORDER *ciph_curr;
567 SSL_CIPHER **ca_curr; 781 const SSL_CIPHER **ca_curr;
568 int i; 782 int i;
783 unsigned long mask_mkey = ~disabled_mkey;
784 unsigned long mask_auth = ~disabled_auth;
785 unsigned long mask_enc = ~disabled_enc;
786 unsigned long mask_mac = ~disabled_mac;
787 unsigned long mask_ssl = ~disabled_ssl;
569 788
570 /* 789 /*
571 * First, add the real ciphers as already collected 790 * First, add the real ciphers as already collected
@@ -581,84 +800,118 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
581 800
582 /* 801 /*
583 * Now we add the available ones from the cipher_aliases[] table. 802 * Now we add the available ones from the cipher_aliases[] table.
584 * They represent either an algorithm, that must be fully 803 * They represent either one or more algorithms, some of which
585 * supported (not match any bit in mask) or represent a cipher 804 * in any affected category must be supported (set in enabled_mask),
586 * strength value (will be added in any case because algorithms=0). 805 * or represent a cipher strength value (will be added in any case because algorithms=0).
587 */ 806 */
588 for (i = 0; i < num_of_group_aliases; i++) 807 for (i = 0; i < num_of_group_aliases; i++)
589 { 808 {
590 if ((i == 0) || /* always fetch "ALL" */ 809 unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
591 !(cipher_aliases[i].algorithms & mask)) 810 unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
592 { 811 unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
593 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); 812 unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
594 ca_curr++; 813 unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
595 } 814
815 if (algorithm_mkey)
816 if ((algorithm_mkey & mask_mkey) == 0)
817 continue;
818
819 if (algorithm_auth)
820 if ((algorithm_auth & mask_auth) == 0)
821 continue;
822
823 if (algorithm_enc)
824 if ((algorithm_enc & mask_enc) == 0)
825 continue;
826
827 if (algorithm_mac)
828 if ((algorithm_mac & mask_mac) == 0)
829 continue;
830
831 if (algorithm_ssl)
832 if ((algorithm_ssl & mask_ssl) == 0)
833 continue;
834
835 *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
836 ca_curr++;
596 } 837 }
597 838
598 *ca_curr = NULL; /* end of list */ 839 *ca_curr = NULL; /* end of list */
599 } 840 }
600 841
601static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version, 842static void ssl_cipher_apply_rule(unsigned long cipher_id,
602 unsigned long algorithms, unsigned long mask, 843 unsigned long alg_mkey, unsigned long alg_auth,
603 unsigned long algo_strength, unsigned long mask_strength, 844 unsigned long alg_enc, unsigned long alg_mac,
604 int rule, int strength_bits, CIPHER_ORDER *co_list, 845 unsigned long alg_ssl,
846 unsigned long algo_strength,
847 int rule, int strength_bits,
605 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) 848 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
606 { 849 {
607 CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; 850 CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
608 SSL_CIPHER *cp; 851 const SSL_CIPHER *cp;
609 unsigned long ma, ma_s; 852 int reverse = 0;
610 853
611#ifdef CIPHER_DEBUG 854#ifdef CIPHER_DEBUG
612 printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n", 855 printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
613 rule, algorithms, mask, algo_strength, mask_strength, 856 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
614 strength_bits);
615#endif 857#endif
616 858
617 curr = head = *head_p; 859 if (rule == CIPHER_DEL)
618 curr2 = head; 860 reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
619 tail2 = tail = *tail_p; 861
862 head = *head_p;
863 tail = *tail_p;
864
865 if (reverse)
866 {
867 curr = tail;
868 last = head;
869 }
870 else
871 {
872 curr = head;
873 last = tail;
874 }
875
876 curr2 = curr;
620 for (;;) 877 for (;;)
621 { 878 {
622 if ((curr == NULL) || (curr == tail2)) break; 879 if ((curr == NULL) || (curr == last)) break;
623 curr = curr2; 880 curr = curr2;
624 curr2 = curr->next; 881 curr2 = reverse ? curr->prev : curr->next;
625 882
626 cp = curr->cipher; 883 cp = curr->cipher;
627 884
628 /* If explicit cipher suite, match only that one for its own protocol version. 885 /*
629 * Usual selection criteria will be used for similar ciphersuites from other version! */ 886 * Selection criteria is either the value of strength_bits
630 887 * or the algorithms used.
631 if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) 888 */
889 if (strength_bits >= 0)
632 { 890 {
633 if (cp->id != cipher_id) 891 if (strength_bits != cp->strength_bits)
634 continue; 892 continue;
635 } 893 }
636 894 else
637 /*
638 * Selection criteria is either the number of strength_bits
639 * or the algorithm used.
640 */
641 else if (strength_bits == -1)
642 { 895 {
643 ma = mask & cp->algorithms;
644 ma_s = mask_strength & cp->algo_strength;
645
646#ifdef CIPHER_DEBUG 896#ifdef CIPHER_DEBUG
647 printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength); 897 printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
648 printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
649#endif 898#endif
650 /* 899
651 * Select: if none of the mask bit was met from the 900 if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
652 * cipher or not all of the bits were met, the 901 continue;
653 * selection does not apply. 902 if (alg_auth && !(alg_auth & cp->algorithm_auth))
654 */ 903 continue;
655 if (((ma == 0) && (ma_s == 0)) || 904 if (alg_enc && !(alg_enc & cp->algorithm_enc))
656 ((ma & algorithms) != ma) || 905 continue;
657 ((ma_s & algo_strength) != ma_s)) 906 if (alg_mac && !(alg_mac & cp->algorithm_mac))
658 continue; /* does not apply */ 907 continue;
908 if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
909 continue;
910 if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
911 continue;
912 if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
913 continue;
659 } 914 }
660 else if (strength_bits != cp->strength_bits)
661 continue; /* does not apply */
662 915
663#ifdef CIPHER_DEBUG 916#ifdef CIPHER_DEBUG
664 printf("Action = %d\n", rule); 917 printf("Action = %d\n", rule);
@@ -667,38 +920,37 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_ver
667 /* add the cipher if it has not been added yet. */ 920 /* add the cipher if it has not been added yet. */
668 if (rule == CIPHER_ADD) 921 if (rule == CIPHER_ADD)
669 { 922 {
923 /* reverse == 0 */
670 if (!curr->active) 924 if (!curr->active)
671 { 925 {
672 int add_this_cipher = 1; 926 ll_append_tail(&head, curr, &tail);
673 927 curr->active = 1;
674 if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
675 {
676 /* Make sure "ECCdraft" ciphersuites are activated only if
677 * *explicitly* requested, but not implicitly (such as
678 * as part of the "AES" alias). */
679
680 add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
681 }
682
683 if (add_this_cipher)
684 {
685 ll_append_tail(&head, curr, &tail);
686 curr->active = 1;
687 }
688 } 928 }
689 } 929 }
690 /* Move the added cipher to this location */ 930 /* Move the added cipher to this location */
691 else if (rule == CIPHER_ORD) 931 else if (rule == CIPHER_ORD)
692 { 932 {
933 /* reverse == 0 */
693 if (curr->active) 934 if (curr->active)
694 { 935 {
695 ll_append_tail(&head, curr, &tail); 936 ll_append_tail(&head, curr, &tail);
696 } 937 }
697 } 938 }
698 else if (rule == CIPHER_DEL) 939 else if (rule == CIPHER_DEL)
699 curr->active = 0; 940 {
941 /* reverse == 1 */
942 if (curr->active)
943 {
944 /* most recently deleted ciphersuites get best positions
945 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
946 * works in reverse to maintain the order) */
947 ll_append_head(&head, curr, &tail);
948 curr->active = 0;
949 }
950 }
700 else if (rule == CIPHER_KILL) 951 else if (rule == CIPHER_KILL)
701 { 952 {
953 /* reverse == 0 */
702 if (head == curr) 954 if (head == curr)
703 head = curr->next; 955 head = curr->next;
704 else 956 else
@@ -719,8 +971,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_ver
719 *tail_p = tail; 971 *tail_p = tail;
720 } 972 }
721 973
722static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list, 974static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
723 CIPHER_ORDER **head_p,
724 CIPHER_ORDER **tail_p) 975 CIPHER_ORDER **tail_p)
725 { 976 {
726 int max_strength_bits, i, *number_uses; 977 int max_strength_bits, i, *number_uses;
@@ -743,10 +994,10 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
743 994
744 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); 995 number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
745 if (!number_uses) 996 if (!number_uses)
746 { 997 {
747 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); 998 SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
748 return(0); 999 return(0);
749 } 1000 }
750 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); 1001 memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
751 1002
752 /* 1003 /*
@@ -765,21 +1016,20 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
765 */ 1016 */
766 for (i = max_strength_bits; i >= 0; i--) 1017 for (i = max_strength_bits; i >= 0; i--)
767 if (number_uses[i] > 0) 1018 if (number_uses[i] > 0)
768 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 1019 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
769 co_list, head_p, tail_p);
770 1020
771 OPENSSL_free(number_uses); 1021 OPENSSL_free(number_uses);
772 return(1); 1022 return(1);
773 } 1023 }
774 1024
775static int ssl_cipher_process_rulestr(const char *rule_str, 1025static int ssl_cipher_process_rulestr(const char *rule_str,
776 CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, 1026 CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
777 CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) 1027 const SSL_CIPHER **ca_list)
778 { 1028 {
779 unsigned long algorithms, mask, algo_strength, mask_strength; 1029 unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
780 const char *l, *start, *buf; 1030 const char *l, *start, *buf;
781 int j, multi, found, rule, retval, ok, buflen; 1031 int j, multi, found, rule, retval, ok, buflen;
782 unsigned long cipher_id = 0, ssl_version = 0; 1032 unsigned long cipher_id = 0;
783 char ch; 1033 char ch;
784 1034
785 retval = 1; 1035 retval = 1;
@@ -807,7 +1057,12 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
807 continue; 1057 continue;
808 } 1058 }
809 1059
810 algorithms = mask = algo_strength = mask_strength = 0; 1060 alg_mkey = 0;
1061 alg_auth = 0;
1062 alg_enc = 0;
1063 alg_mac = 0;
1064 alg_ssl = 0;
1065 algo_strength = 0;
811 1066
812 start=l; 1067 start=l;
813 for (;;) 1068 for (;;)
@@ -868,10 +1123,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
868 * sufficient, we have to strncmp() anyway. (We cannot 1123 * sufficient, we have to strncmp() anyway. (We cannot
869 * use strcmp(), because buf is not '\0' terminated.) 1124 * use strcmp(), because buf is not '\0' terminated.)
870 */ 1125 */
871 j = found = 0; 1126 j = found = 0;
872 cipher_id = 0; 1127 cipher_id = 0;
873 ssl_version = 0; 1128 while (ca_list[j])
874 while (ca_list[j])
875 { 1129 {
876 if (!strncmp(buf, ca_list[j]->name, buflen) && 1130 if (!strncmp(buf, ca_list[j]->name, buflen) &&
877 (ca_list[j]->name[buflen] == '\0')) 1131 (ca_list[j]->name[buflen] == '\0'))
@@ -882,31 +1136,100 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
882 else 1136 else
883 j++; 1137 j++;
884 } 1138 }
1139
885 if (!found) 1140 if (!found)
886 break; /* ignore this entry */ 1141 break; /* ignore this entry */
887 1142
888 /* New algorithms: 1143 if (ca_list[j]->algorithm_mkey)
889 * 1 - any old restrictions apply outside new mask 1144 {
890 * 2 - any new restrictions apply outside old mask 1145 if (alg_mkey)
891 * 3 - enforce old & new where masks intersect 1146 {
892 */ 1147 alg_mkey &= ca_list[j]->algorithm_mkey;
893 algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */ 1148 if (!alg_mkey) { found = 0; break; }
894 (ca_list[j]->algorithms & ~mask) | /* 2 */ 1149 }
895 (algorithms & ca_list[j]->algorithms); /* 3 */ 1150 else
896 mask |= ca_list[j]->mask; 1151 alg_mkey = ca_list[j]->algorithm_mkey;
897 algo_strength = (algo_strength & ~ca_list[j]->mask_strength) | 1152 }
898 (ca_list[j]->algo_strength & ~mask_strength) | 1153
899 (algo_strength & ca_list[j]->algo_strength); 1154 if (ca_list[j]->algorithm_auth)
900 mask_strength |= ca_list[j]->mask_strength; 1155 {
901 1156 if (alg_auth)
902 /* explicit ciphersuite found */ 1157 {
1158 alg_auth &= ca_list[j]->algorithm_auth;
1159 if (!alg_auth) { found = 0; break; }
1160 }
1161 else
1162 alg_auth = ca_list[j]->algorithm_auth;
1163 }
1164
1165 if (ca_list[j]->algorithm_enc)
1166 {
1167 if (alg_enc)
1168 {
1169 alg_enc &= ca_list[j]->algorithm_enc;
1170 if (!alg_enc) { found = 0; break; }
1171 }
1172 else
1173 alg_enc = ca_list[j]->algorithm_enc;
1174 }
1175
1176 if (ca_list[j]->algorithm_mac)
1177 {
1178 if (alg_mac)
1179 {
1180 alg_mac &= ca_list[j]->algorithm_mac;
1181 if (!alg_mac) { found = 0; break; }
1182 }
1183 else
1184 alg_mac = ca_list[j]->algorithm_mac;
1185 }
1186
1187 if (ca_list[j]->algo_strength & SSL_EXP_MASK)
1188 {
1189 if (algo_strength & SSL_EXP_MASK)
1190 {
1191 algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
1192 if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
1193 }
1194 else
1195 algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
1196 }
1197
1198 if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
1199 {
1200 if (algo_strength & SSL_STRONG_MASK)
1201 {
1202 algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
1203 if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
1204 }
1205 else
1206 algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
1207 }
1208
903 if (ca_list[j]->valid) 1209 if (ca_list[j]->valid)
904 { 1210 {
1211 /* explicit ciphersuite found; its protocol version
1212 * does not become part of the search pattern!*/
1213
905 cipher_id = ca_list[j]->id; 1214 cipher_id = ca_list[j]->id;
906 ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
907 break;
908 } 1215 }
1216 else
1217 {
1218 /* not an explicit ciphersuite; only in this case, the
1219 * protocol version is considered part of the search pattern */
909 1220
1221 if (ca_list[j]->algorithm_ssl)
1222 {
1223 if (alg_ssl)
1224 {
1225 alg_ssl &= ca_list[j]->algorithm_ssl;
1226 if (!alg_ssl) { found = 0; break; }
1227 }
1228 else
1229 alg_ssl = ca_list[j]->algorithm_ssl;
1230 }
1231 }
1232
910 if (!multi) break; 1233 if (!multi) break;
911 } 1234 }
912 1235
@@ -918,8 +1241,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
918 ok = 0; 1241 ok = 0;
919 if ((buflen == 8) && 1242 if ((buflen == 8) &&
920 !strncmp(buf, "STRENGTH", 8)) 1243 !strncmp(buf, "STRENGTH", 8))
921 ok = ssl_cipher_strength_sort(co_list, 1244 ok = ssl_cipher_strength_sort(head_p, tail_p);
922 head_p, tail_p);
923 else 1245 else
924 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, 1246 SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
925 SSL_R_INVALID_COMMAND); 1247 SSL_R_INVALID_COMMAND);
@@ -936,9 +1258,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
936 } 1258 }
937 else if (found) 1259 else if (found)
938 { 1260 {
939 ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask, 1261 ssl_cipher_apply_rule(cipher_id,
940 algo_strength, mask_strength, rule, -1, 1262 alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
941 co_list, head_p, tail_p); 1263 rule, -1, head_p, tail_p);
942 } 1264 }
943 else 1265 else
944 { 1266 {
@@ -957,12 +1279,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
957 const char *rule_str) 1279 const char *rule_str)
958 { 1280 {
959 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 1281 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
960 unsigned long disabled_mask; 1282 unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
961 unsigned long disabled_m256;
962 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; 1283 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
963 const char *rule_p; 1284 const char *rule_p;
964 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 1285 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
965 SSL_CIPHER **ca_list = NULL; 1286 const SSL_CIPHER **ca_list = NULL;
966 1287
967 /* 1288 /*
968 * Return with error if nothing to do. 1289 * Return with error if nothing to do.
@@ -974,12 +1295,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
974 * To reduce the work to do we only want to process the compiled 1295 * To reduce the work to do we only want to process the compiled
975 * in algorithms, so we first get the mask of disabled ciphers. 1296 * in algorithms, so we first get the mask of disabled ciphers.
976 */ 1297 */
977 { 1298 ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
978 struct disabled_masks d;
979 d = ssl_cipher_get_disabled();
980 disabled_mask = d.mask;
981 disabled_m256 = d.m256;
982 }
983 1299
984 /* 1300 /*
985 * Now we have to collect the available ciphers from the compiled 1301 * Now we have to collect the available ciphers from the compiled
@@ -997,8 +1313,52 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
997 return(NULL); /* Failure */ 1313 return(NULL); /* Failure */
998 } 1314 }
999 1315
1000 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, 1316 ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
1001 disabled_m256, co_list, &head, &tail); 1317 disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
1318 co_list, &head, &tail);
1319
1320
1321 /* Now arrange all ciphers by preference: */
1322
1323 /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1324 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1325 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1326
1327 /* AES is our preferred symmetric cipher */
1328 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1329
1330 /* Temporarily enable everything else for sorting */
1331 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1332
1333 /* Low priority for MD5 */
1334 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
1335
1336 /* Move anonymous ciphers to the end. Usually, these will remain disabled.
1337 * (For applications that allow them, they aren't too bad, but we prefer
1338 * authenticated ciphers.) */
1339 ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1340
1341 /* Move ciphers without forward secrecy to the end */
1342 ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1343 /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
1344 ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1345 ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1346 ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1347
1348 /* RC4 is sort-of broken -- move the the end */
1349 ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
1350
1351 /* Now sort by symmetric encryption strength. The above ordering remains
1352 * in force within each class */
1353 if (!ssl_cipher_strength_sort(&head, &tail))
1354 {
1355 OPENSSL_free(co_list);
1356 return NULL;
1357 }
1358
1359 /* Now disable everything (maintaining the ordering!) */
1360 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1361
1002 1362
1003 /* 1363 /*
1004 * We also need cipher aliases for selecting based on the rule_str. 1364 * We also need cipher aliases for selecting based on the rule_str.
@@ -1010,8 +1370,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1010 */ 1370 */
1011 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); 1371 num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
1012 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; 1372 num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
1013 ca_list = 1373 ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1014 (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
1015 if (ca_list == NULL) 1374 if (ca_list == NULL)
1016 { 1375 {
1017 OPENSSL_free(co_list); 1376 OPENSSL_free(co_list);
@@ -1019,7 +1378,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1019 return(NULL); /* Failure */ 1378 return(NULL); /* Failure */
1020 } 1379 }
1021 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, 1380 ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
1022 (disabled_mask & disabled_m256), head); 1381 disabled_mkey, disabled_auth, disabled_enc,
1382 disabled_mac, disabled_ssl, head);
1023 1383
1024 /* 1384 /*
1025 * If the rule_string begins with DEFAULT, apply the default rule 1385 * If the rule_string begins with DEFAULT, apply the default rule
@@ -1030,23 +1390,23 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1030 if (strncmp(rule_str,"DEFAULT",7) == 0) 1390 if (strncmp(rule_str,"DEFAULT",7) == 0)
1031 { 1391 {
1032 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, 1392 ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
1033 co_list, &head, &tail, ca_list); 1393 &head, &tail, ca_list);
1034 rule_p += 7; 1394 rule_p += 7;
1035 if (*rule_p == ':') 1395 if (*rule_p == ':')
1036 rule_p++; 1396 rule_p++;
1037 } 1397 }
1038 1398
1039 if (ok && (strlen(rule_p) > 0)) 1399 if (ok && (strlen(rule_p) > 0))
1040 ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail, 1400 ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
1041 ca_list);
1042 1401
1043 OPENSSL_free(ca_list); /* Not needed anymore */ 1402 OPENSSL_free((void *)ca_list); /* Not needed anymore */
1044 1403
1045 if (!ok) 1404 if (!ok)
1046 { /* Rule processing failure */ 1405 { /* Rule processing failure */
1047 OPENSSL_free(co_list); 1406 OPENSSL_free(co_list);
1048 return(NULL); 1407 return(NULL);
1049 } 1408 }
1409
1050 /* 1410 /*
1051 * Allocate new "cipherstack" for the result, return with error 1411 * Allocate new "cipherstack" for the result, return with error
1052 * if we cannot get one. 1412 * if we cannot get one.
@@ -1063,11 +1423,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1063 */ 1423 */
1064 for (curr = head; curr != NULL; curr = curr->next) 1424 for (curr = head; curr != NULL; curr = curr->next)
1065 { 1425 {
1066#ifdef OPENSSL_FIPS
1067 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1068#else
1069 if (curr->active) 1426 if (curr->active)
1070#endif
1071 { 1427 {
1072 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1428 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1073#ifdef CIPHER_DEBUG 1429#ifdef CIPHER_DEBUG
@@ -1091,22 +1447,28 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1091 *cipher_list_by_id = tmp_cipher_list; 1447 *cipher_list_by_id = tmp_cipher_list;
1092 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 1448 (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
1093 1449
1450 sk_SSL_CIPHER_sort(*cipher_list_by_id);
1094 return(cipherstack); 1451 return(cipherstack);
1095 } 1452 }
1096 1453
1097char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) 1454char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
1098 { 1455 {
1099 int is_export,pkl,kl; 1456 int is_export,pkl,kl;
1100 const char *ver,*exp_str; 1457 const char *ver,*exp_str;
1101 const char *kx,*au,*enc,*mac; 1458 const char *kx,*au,*enc,*mac;
1102 unsigned long alg,alg2,alg_s; 1459 unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2,alg_s;
1103#ifdef KSSL_DEBUG 1460#ifdef KSSL_DEBUG
1104 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; 1461 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
1105#else 1462#else
1106 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; 1463 static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
1107#endif /* KSSL_DEBUG */ 1464#endif /* KSSL_DEBUG */
1108 1465
1109 alg=cipher->algorithms; 1466 alg_mkey = cipher->algorithm_mkey;
1467 alg_auth = cipher->algorithm_auth;
1468 alg_enc = cipher->algorithm_enc;
1469 alg_mac = cipher->algorithm_mac;
1470 alg_ssl = cipher->algorithm_ssl;
1471
1110 alg_s=cipher->algo_strength; 1472 alg_s=cipher->algo_strength;
1111 alg2=cipher->algorithm2; 1473 alg2=cipher->algorithm2;
1112 1474
@@ -1115,14 +1477,14 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1115 kl=SSL_C_EXPORT_KEYLENGTH(cipher); 1477 kl=SSL_C_EXPORT_KEYLENGTH(cipher);
1116 exp_str=is_export?" export":""; 1478 exp_str=is_export?" export":"";
1117 1479
1118 if (alg & SSL_SSLV2) 1480 if (alg_ssl & SSL_SSLV2)
1119 ver="SSLv2"; 1481 ver="SSLv2";
1120 else if (alg & SSL_SSLV3) 1482 else if (alg_ssl & SSL_SSLV3)
1121 ver="SSLv3"; 1483 ver="SSLv3";
1122 else 1484 else
1123 ver="unknown"; 1485 ver="unknown";
1124 1486
1125 switch (alg&SSL_MKEY_MASK) 1487 switch (alg_mkey)
1126 { 1488 {
1127 case SSL_kRSA: 1489 case SSL_kRSA:
1128 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; 1490 kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
@@ -1133,25 +1495,29 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1133 case SSL_kDHd: 1495 case SSL_kDHd:
1134 kx="DH/DSS"; 1496 kx="DH/DSS";
1135 break; 1497 break;
1136 case SSL_kKRB5: /* VRS */ 1498 case SSL_kKRB5:
1137 case SSL_KRB5: /* VRS */ 1499 kx="KRB5";
1138 kx="KRB5";
1139 break;
1140 case SSL_kFZA:
1141 kx="Fortezza";
1142 break; 1500 break;
1143 case SSL_kEDH: 1501 case SSL_kEDH:
1144 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; 1502 kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
1145 break; 1503 break;
1146 case SSL_kECDH: 1504 case SSL_kECDHr:
1147 case SSL_kECDHE: 1505 kx="ECDH/RSA";
1148 kx=is_export?"ECDH(<=163)":"ECDH"; 1506 break;
1507 case SSL_kECDHe:
1508 kx="ECDH/ECDSA";
1509 break;
1510 case SSL_kEECDH:
1511 kx="ECDH";
1512 break;
1513 case SSL_kPSK:
1514 kx="PSK";
1149 break; 1515 break;
1150 default: 1516 default:
1151 kx="unknown"; 1517 kx="unknown";
1152 } 1518 }
1153 1519
1154 switch (alg&SSL_AUTH_MASK) 1520 switch (alg_auth)
1155 { 1521 {
1156 case SSL_aRSA: 1522 case SSL_aRSA:
1157 au="RSA"; 1523 au="RSA";
@@ -1162,23 +1528,27 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1162 case SSL_aDH: 1528 case SSL_aDH:
1163 au="DH"; 1529 au="DH";
1164 break; 1530 break;
1165 case SSL_aKRB5: /* VRS */ 1531 case SSL_aKRB5:
1166 case SSL_KRB5: /* VRS */ 1532 au="KRB5";
1167 au="KRB5"; 1533 break;
1168 break; 1534 case SSL_aECDH:
1169 case SSL_aFZA: 1535 au="ECDH";
1536 break;
1170 case SSL_aNULL: 1537 case SSL_aNULL:
1171 au="None"; 1538 au="None";
1172 break; 1539 break;
1173 case SSL_aECDSA: 1540 case SSL_aECDSA:
1174 au="ECDSA"; 1541 au="ECDSA";
1175 break; 1542 break;
1543 case SSL_aPSK:
1544 au="PSK";
1545 break;
1176 default: 1546 default:
1177 au="unknown"; 1547 au="unknown";
1178 break; 1548 break;
1179 } 1549 }
1180 1550
1181 switch (alg&SSL_ENC_MASK) 1551 switch (alg_enc)
1182 { 1552 {
1183 case SSL_DES: 1553 case SSL_DES:
1184 enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; 1554 enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
@@ -1196,39 +1566,30 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1196 case SSL_IDEA: 1566 case SSL_IDEA:
1197 enc="IDEA(128)"; 1567 enc="IDEA(128)";
1198 break; 1568 break;
1199 case SSL_eFZA:
1200 enc="Fortezza";
1201 break;
1202 case SSL_eNULL: 1569 case SSL_eNULL:
1203 enc="None"; 1570 enc="None";
1204 break; 1571 break;
1205 case SSL_AES: 1572 case SSL_AES128:
1206 switch(cipher->strength_bits) 1573 enc="AES(128)";
1207 {
1208 case 128: enc="AES(128)"; break;
1209 case 192: enc="AES(192)"; break;
1210 case 256: enc="AES(256)"; break;
1211 default: enc="AES(?""?""?)"; break;
1212 }
1213 break; 1574 break;
1214 case SSL_CAMELLIA: 1575 case SSL_AES256:
1215 switch(cipher->strength_bits) 1576 enc="AES(256)";
1216 { 1577 break;
1217 case 128: enc="Camellia(128)"; break; 1578 case SSL_CAMELLIA128:
1218 case 256: enc="Camellia(256)"; break; 1579 enc="Camellia(128)";
1219 default: enc="Camellia(?""?""?)"; break; 1580 break;
1220 } 1581 case SSL_CAMELLIA256:
1582 enc="Camellia(256)";
1221 break; 1583 break;
1222 case SSL_SEED: 1584 case SSL_SEED:
1223 enc="SEED(128)"; 1585 enc="SEED(128)";
1224 break; 1586 break;
1225
1226 default: 1587 default:
1227 enc="unknown"; 1588 enc="unknown";
1228 break; 1589 break;
1229 } 1590 }
1230 1591
1231 switch (alg&SSL_MAC_MASK) 1592 switch (alg_mac)
1232 { 1593 {
1233 case SSL_MD5: 1594 case SSL_MD5:
1234 mac="MD5"; 1595 mac="MD5";
@@ -1251,7 +1612,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
1251 return("Buffer too small"); 1612 return("Buffer too small");
1252 1613
1253#ifdef KSSL_DEBUG 1614#ifdef KSSL_DEBUG
1254 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg); 1615 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
1255#else 1616#else
1256 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str); 1617 BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
1257#endif /* KSSL_DEBUG */ 1618#endif /* KSSL_DEBUG */
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 24a994fe01..0eed464749 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -1,6 +1,6 @@
1/* ssl/ssl_err.c */ 1/* ssl/ssl_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -78,6 +78,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
78{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"}, 78{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
79{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, 79{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
80{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"}, 80{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
81{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
81{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"}, 82{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
82{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"}, 83{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
83{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"}, 84{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
@@ -86,6 +87,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
86{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"}, 87{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
87{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, 88{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
88{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"}, 89{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
90{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
89{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"}, 91{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
90{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, 92{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
91{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"}, 93{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
@@ -131,6 +133,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
131{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"}, 133{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
132{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"}, 134{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
133{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"}, 135{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
136{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
134{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"}, 137{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
135{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"}, 138{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
136{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"}, 139{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
@@ -138,6 +141,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
138{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, 141{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
139{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, 142{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
140{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, 143{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
144{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "SSL3_DIGEST_CACHED_RECORDS"},
141{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, 145{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
142{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, 146{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
143{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, 147{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
@@ -155,6 +159,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
155{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, 159{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
156{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, 160{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
157{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"}, 161{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
162{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
158{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"}, 163{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
159{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"}, 164{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
160{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"}, 165{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
@@ -167,13 +172,16 @@ static ERR_STRING_DATA SSL_str_functs[]=
167{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"}, 172{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
168{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"}, 173{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
169{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, 174{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
170{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
171{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"}, 175{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
176{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
177{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
172{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"}, 178{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
173{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"}, 179{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
180{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
174{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"}, 181{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
175{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"}, 182{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
176{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"}, 183{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
184{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
177{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"}, 185{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
178{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"}, 186{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
179{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"}, 187{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
@@ -183,6 +191,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
183{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"}, 191{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
184{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, 192{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
185{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"}, 193{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
194{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
186{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, 195{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
187{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, 196{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
188{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, 197{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
@@ -204,6 +213,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
204{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, 213{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
205{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"}, 214{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
206{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"}, 215{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
216{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT), "SSL_CTX_use_psk_identity_hint"},
207{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"}, 217{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
208{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"}, 218{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
209{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"}, 219{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
@@ -215,6 +225,10 @@ static ERR_STRING_DATA SSL_str_functs[]=
215{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"}, 225{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
216{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"}, 226{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
217{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"}, 227{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
228{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
229{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
230{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
231{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
218{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"}, 232{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
219{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"}, 233{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
220{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"}, 234{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
@@ -232,6 +246,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
232{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, 246{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
233{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, 247{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
234{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, 248{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
249{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
235{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, 250{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
236{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, 251{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
237{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, 252{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
@@ -244,13 +259,19 @@ static ERR_STRING_DATA SSL_str_functs[]=
244{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"}, 259{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
245{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"}, 260{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
246{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, 261{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
262{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
247{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, 263{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
248{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, 264{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
249{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, 265{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
250{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"}, 266{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
251{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, 267{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
268{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
252{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"}, 269{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
270{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT), "TLS1_CHECK_SERVERHELLO_TLSEXT"},
253{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"}, 271{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
272{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
273{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
274{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
254{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"}, 275{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
255{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"}, 276{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
256{0,NULL} 277{0,NULL}
@@ -274,12 +295,15 @@ static ERR_STRING_DATA SSL_str_reasons[]=
274{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"}, 295{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
275{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"}, 296{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
276{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"}, 297{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
298{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH) ,"bad handshake length"},
277{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"}, 299{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
278{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"}, 300{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
279{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"}, 301{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
302{ERR_REASON(SSL_R_BAD_MAC_LENGTH) ,"bad mac length"},
280{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"}, 303{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
281{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"}, 304{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
282{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"}, 305{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
306{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"},
283{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"}, 307{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
284{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"}, 308{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
285{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"}, 309{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
@@ -305,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
305{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, 329{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
306{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"}, 330{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
307{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"}, 331{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
332{ERR_REASON(SSL_R_COMPRESSION_DISABLED) ,"compression disabled"},
308{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"}, 333{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
309{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"}, 334{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
310{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"}, 335{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
@@ -317,7 +342,12 @@ static ERR_STRING_DATA SSL_str_reasons[]=
317{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"}, 342{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
318{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"}, 343{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
319{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"}, 344{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
345{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"},
320{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"}, 346{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
347{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},
348{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
349{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
350{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
321{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, 351{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
322{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, 352{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
323{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, 353{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
@@ -328,8 +358,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
328{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, 358{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
329{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, 359{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
330{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, 360{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
361{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
331{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, 362{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
332{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, 363{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
364{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
333{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, 365{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
334{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, 366{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
335{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"}, 367{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
@@ -379,17 +411,22 @@ static ERR_STRING_DATA SSL_str_reasons[]=
379{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"}, 411{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
380{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, 412{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
381{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, 413{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
414{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
382{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, 415{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
383{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, 416{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
384{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, 417{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
385{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, 418{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
386{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"}, 419{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
420{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"},
421{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST) ,"digest requred for handshake isn't computed"},
387{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"}, 422{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
388{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"}, 423{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
389{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"}, 424{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
390{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"}, 425{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
391{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"}, 426{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
427{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
392{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"}, 428{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
429{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
393{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"}, 430{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
394{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"}, 431{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"},
395{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"}, 432{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
@@ -402,6 +439,9 @@ static ERR_STRING_DATA SSL_str_reasons[]=
402{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"}, 439{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
403{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"}, 440{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
404{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"}, 441{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
442{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"},
443{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB) ,"psk no client cb"},
444{ERR_REASON(SSL_R_PSK_NO_SERVER_CB) ,"psk no server cb"},
405{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"}, 445{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
406{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"}, 446{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
407{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, 447{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
@@ -411,16 +451,22 @@ static ERR_STRING_DATA SSL_str_reasons[]=
411{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"}, 451{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
412{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"}, 452{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
413{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"}, 453{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
454{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"},
455{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
456{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
414{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"}, 457{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
458{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
415{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"}, 459{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
416{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"}, 460{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
417{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"}, 461{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
462{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
418{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, 463{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
419{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, 464{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
420{ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, 465{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
421{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, 466{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
422{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, 467{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
423{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"}, 468{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
469{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"},
424{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"}, 470{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
425{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"}, 471{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
426{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"}, 472{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
@@ -456,6 +502,11 @@ static ERR_STRING_DATA SSL_str_reasons[]=
456{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"}, 502{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
457{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"}, 503{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
458{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"}, 504{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
505{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
506{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
507{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
508{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
509{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
459{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"}, 510{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
460{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"}, 511{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
461{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"}, 512{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
@@ -484,8 +535,10 @@ static ERR_STRING_DATA SSL_str_reasons[]=
484{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"}, 535{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
485{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"}, 536{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
486{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"}, 537{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
538{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
487{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, 539{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
488{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, 540{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
541{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
489{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"}, 542{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
490{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"}, 543{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
491{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"}, 544{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 893abff1f4..3157f20eac 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -58,7 +58,7 @@
58 * [including the GNU Public Licence.] 58 * [including the GNU Public Licence.]
59 */ 59 */
60/* ==================================================================== 60/* ====================================================================
61 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 61 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
62 * 62 *
63 * Redistribution and use in source and binary forms, with or without 63 * Redistribution and use in source and binary forms, with or without
64 * modification, are permitted provided that the following conditions 64 * modification, are permitted provided that the following conditions
@@ -115,6 +115,32 @@
115 * ECC cipher suite support in OpenSSL originally developed by 115 * ECC cipher suite support in OpenSSL originally developed by
116 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 116 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
117 */ 117 */
118/* ====================================================================
119 * Copyright 2005 Nokia. All rights reserved.
120 *
121 * The portions of the attached software ("Contribution") is developed by
122 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * license.
124 *
125 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
126 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
127 * support (see RFC 4279) to OpenSSL.
128 *
129 * No patent licenses or other rights except those expressly stated in
130 * the OpenSSL open source license shall be deemed granted or received
131 * expressly, by implication, estoppel, or otherwise.
132 *
133 * No assurances are provided by Nokia that the Contribution does not
134 * infringe the patent or other intellectual property rights of any third
135 * party or that the license provides you with all the necessary rights
136 * to make use of the Contribution.
137 *
138 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
139 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
140 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
141 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
142 * OTHERWISE.
143 */
118 144
119#ifdef REF_CHECK 145#ifdef REF_CHECK
120# include <assert.h> 146# include <assert.h>
@@ -143,9 +169,9 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
143 ssl_undefined_function, 169 ssl_undefined_function,
144 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, 170 (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
145 (int (*)(SSL*, int))ssl_undefined_function, 171 (int (*)(SSL*, int))ssl_undefined_function,
146 (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function, 172 (int (*)(SSL *, const char*, int, unsigned char *))ssl_undefined_function,
147 0, /* finish_mac_length */ 173 0, /* finish_mac_length */
148 (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function, 174 (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
149 NULL, /* client_finished_label */ 175 NULL, /* client_finished_label */
150 0, /* client_finished_label_len */ 176 0, /* client_finished_label_len */
151 NULL, /* server_finished_label */ 177 NULL, /* server_finished_label */
@@ -204,6 +230,8 @@ int SSL_clear(SSL *s)
204 } 230 }
205 231
206 ssl_clear_cipher_ctx(s); 232 ssl_clear_cipher_ctx(s);
233 ssl_clear_hash_ctx(&s->read_hash);
234 ssl_clear_hash_ctx(&s->write_hash);
207 235
208 s->first_packet=0; 236 s->first_packet=0;
209 237
@@ -224,14 +252,15 @@ int SSL_clear(SSL *s)
224 } 252 }
225 253
226/** Used to change an SSL_CTXs default SSL method type */ 254/** Used to change an SSL_CTXs default SSL method type */
227int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth) 255int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
228 { 256 {
229 STACK_OF(SSL_CIPHER) *sk; 257 STACK_OF(SSL_CIPHER) *sk;
230 258
231 ctx->method=meth; 259 ctx->method=meth;
232 260
233 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), 261 sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
234 &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); 262 &(ctx->cipher_list_by_id),
263 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
235 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) 264 if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
236 { 265 {
237 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); 266 SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -308,6 +337,7 @@ SSL *SSL_new(SSL_CTX *ctx)
308 s->trust = ctx->trust; 337 s->trust = ctx->trust;
309#endif 338#endif
310 s->quiet_shutdown=ctx->quiet_shutdown; 339 s->quiet_shutdown=ctx->quiet_shutdown;
340 s->max_send_fragment = ctx->max_send_fragment;
311 341
312 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 342 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
313 s->ctx=ctx; 343 s->ctx=ctx;
@@ -324,6 +354,7 @@ SSL *SSL_new(SSL_CTX *ctx)
324 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); 354 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
325 s->initial_ctx=ctx; 355 s->initial_ctx=ctx;
326#endif 356#endif
357
327 s->verify_result=X509_V_OK; 358 s->verify_result=X509_V_OK;
328 359
329 s->method=ctx->method; 360 s->method=ctx->method;
@@ -338,6 +369,11 @@ SSL *SSL_new(SSL_CTX *ctx)
338 369
339 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); 370 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
340 371
372#ifndef OPENSSL_NO_PSK
373 s->psk_client_callback=ctx->psk_client_callback;
374 s->psk_server_callback=ctx->psk_server_callback;
375#endif
376
341 return(s); 377 return(s);
342err: 378err:
343 if (s != NULL) 379 if (s != NULL)
@@ -425,7 +461,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
425 } 461 }
426 462
427 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 463 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
428 p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r); 464 p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
429 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 465 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
430 return (p != NULL); 466 return (p != NULL);
431 } 467 }
@@ -450,6 +486,16 @@ int SSL_set_trust(SSL *s, int trust)
450 return X509_VERIFY_PARAM_set_trust(s->param, trust); 486 return X509_VERIFY_PARAM_set_trust(s->param, trust);
451 } 487 }
452 488
489int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
490 {
491 return X509_VERIFY_PARAM_set1(ctx->param, vpm);
492 }
493
494int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
495 {
496 return X509_VERIFY_PARAM_set1(ssl->param, vpm);
497 }
498
453void SSL_free(SSL *s) 499void SSL_free(SSL *s)
454 { 500 {
455 int i; 501 int i;
@@ -504,15 +550,21 @@ void SSL_free(SSL *s)
504 } 550 }
505 551
506 ssl_clear_cipher_ctx(s); 552 ssl_clear_cipher_ctx(s);
553 ssl_clear_hash_ctx(&s->read_hash);
554 ssl_clear_hash_ctx(&s->write_hash);
507 555
508 if (s->cert != NULL) ssl_cert_free(s->cert); 556 if (s->cert != NULL) ssl_cert_free(s->cert);
509 /* Free up if allocated */ 557 /* Free up if allocated */
510 558
511 if (s->ctx) SSL_CTX_free(s->ctx);
512#ifndef OPENSSL_NO_TLSEXT 559#ifndef OPENSSL_NO_TLSEXT
513 if (s->tlsext_hostname) 560 if (s->tlsext_hostname)
514 OPENSSL_free(s->tlsext_hostname); 561 OPENSSL_free(s->tlsext_hostname);
515 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); 562 if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
563#ifndef OPENSSL_NO_EC
564 if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
565 if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
566#endif /* OPENSSL_NO_EC */
567 if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
516 if (s->tlsext_ocsp_exts) 568 if (s->tlsext_ocsp_exts)
517 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, 569 sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
518 X509_EXTENSION_free); 570 X509_EXTENSION_free);
@@ -521,11 +573,14 @@ void SSL_free(SSL *s)
521 if (s->tlsext_ocsp_resp) 573 if (s->tlsext_ocsp_resp)
522 OPENSSL_free(s->tlsext_ocsp_resp); 574 OPENSSL_free(s->tlsext_ocsp_resp);
523#endif 575#endif
576
524 if (s->client_CA != NULL) 577 if (s->client_CA != NULL)
525 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); 578 sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
526 579
527 if (s->method != NULL) s->method->ssl_free(s); 580 if (s->method != NULL) s->method->ssl_free(s);
528 581
582 if (s->ctx) SSL_CTX_free(s->ctx);
583
529#ifndef OPENSSL_NO_KRB5 584#ifndef OPENSSL_NO_KRB5
530 if (s->kssl_ctx != NULL) 585 if (s->kssl_ctx != NULL)
531 kssl_ctx_free(s->kssl_ctx); 586 kssl_ctx_free(s->kssl_ctx);
@@ -843,7 +898,7 @@ int SSL_check_private_key(const SSL *ssl)
843 } 898 }
844 if (ssl->cert == NULL) 899 if (ssl->cert == NULL)
845 { 900 {
846 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); 901 SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
847 return 0; 902 return 0;
848 } 903 }
849 if (ssl->cert->key->x509 == NULL) 904 if (ssl->cert->key->x509 == NULL)
@@ -986,8 +1041,12 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
986 1041
987 case SSL_CTRL_OPTIONS: 1042 case SSL_CTRL_OPTIONS:
988 return(s->options|=larg); 1043 return(s->options|=larg);
1044 case SSL_CTRL_CLEAR_OPTIONS:
1045 return(s->options&=~larg);
989 case SSL_CTRL_MODE: 1046 case SSL_CTRL_MODE:
990 return(s->mode|=larg); 1047 return(s->mode|=larg);
1048 case SSL_CTRL_CLEAR_MODE:
1049 return(s->mode &=~larg);
991 case SSL_CTRL_GET_MAX_CERT_LIST: 1050 case SSL_CTRL_GET_MAX_CERT_LIST:
992 return(s->max_cert_list); 1051 return(s->max_cert_list);
993 case SSL_CTRL_SET_MAX_CERT_LIST: 1052 case SSL_CTRL_SET_MAX_CERT_LIST:
@@ -995,12 +1054,22 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
995 s->max_cert_list=larg; 1054 s->max_cert_list=larg;
996 return(l); 1055 return(l);
997 case SSL_CTRL_SET_MTU: 1056 case SSL_CTRL_SET_MTU:
998 if (SSL_version(s) == DTLS1_VERSION) 1057 if (SSL_version(s) == DTLS1_VERSION ||
1058 SSL_version(s) == DTLS1_BAD_VER)
999 { 1059 {
1000 s->d1->mtu = larg; 1060 s->d1->mtu = larg;
1001 return larg; 1061 return larg;
1002 } 1062 }
1003 return 0; 1063 return 0;
1064 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1065 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1066 return 0;
1067 s->max_send_fragment = larg;
1068 return 1;
1069 case SSL_CTRL_GET_RI_SUPPORT:
1070 if (s->s3)
1071 return s->s3->send_connection_binding;
1072 else return 0;
1004 default: 1073 default:
1005 return(s->method->ssl_ctrl(s,cmd,larg,parg)); 1074 return(s->method->ssl_ctrl(s,cmd,larg,parg));
1006 } 1075 }
@@ -1019,7 +1088,7 @@ long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
1019 } 1088 }
1020 } 1089 }
1021 1090
1022struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx) 1091LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
1023 { 1092 {
1024 return ctx->sessions; 1093 return ctx->sessions;
1025 } 1094 }
@@ -1062,7 +1131,7 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1062 return(ctx->session_cache_mode); 1131 return(ctx->session_cache_mode);
1063 1132
1064 case SSL_CTRL_SESS_NUMBER: 1133 case SSL_CTRL_SESS_NUMBER:
1065 return(ctx->sessions->num_items); 1134 return(lh_SSL_SESSION_num_items(ctx->sessions));
1066 case SSL_CTRL_SESS_CONNECT: 1135 case SSL_CTRL_SESS_CONNECT:
1067 return(ctx->stats.sess_connect); 1136 return(ctx->stats.sess_connect);
1068 case SSL_CTRL_SESS_CONNECT_GOOD: 1137 case SSL_CTRL_SESS_CONNECT_GOOD:
@@ -1087,8 +1156,17 @@ long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
1087 return(ctx->stats.sess_cache_full); 1156 return(ctx->stats.sess_cache_full);
1088 case SSL_CTRL_OPTIONS: 1157 case SSL_CTRL_OPTIONS:
1089 return(ctx->options|=larg); 1158 return(ctx->options|=larg);
1159 case SSL_CTRL_CLEAR_OPTIONS:
1160 return(ctx->options&=~larg);
1090 case SSL_CTRL_MODE: 1161 case SSL_CTRL_MODE:
1091 return(ctx->mode|=larg); 1162 return(ctx->mode|=larg);
1163 case SSL_CTRL_CLEAR_MODE:
1164 return(ctx->mode&=~larg);
1165 case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
1166 if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
1167 return 0;
1168 ctx->max_send_fragment = larg;
1169 return 1;
1092 default: 1170 default:
1093 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); 1171 return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
1094 } 1172 }
@@ -1193,8 +1271,8 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1193 /* ssl_create_cipher_list may return an empty stack if it 1271 /* ssl_create_cipher_list may return an empty stack if it
1194 * was unable to find a cipher matching the given rule string 1272 * was unable to find a cipher matching the given rule string
1195 * (for example if the rule string specifies a cipher which 1273 * (for example if the rule string specifies a cipher which
1196 * has been disabled). This is not an error as far as 1274 * has been disabled). This is not an error as far as
1197 * ssl_create_cipher_list is concerned, and hence 1275 * ssl_create_cipher_list is concerned, and hence
1198 * ctx->cipher_list and ctx->cipher_list_by_id has been 1276 * ctx->cipher_list and ctx->cipher_list_by_id has been
1199 * updated. */ 1277 * updated. */
1200 if (sk == NULL) 1278 if (sk == NULL)
@@ -1262,13 +1340,13 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1262 } 1340 }
1263 1341
1264int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, 1342int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1265 int (*put_cb)(const SSL_CIPHER *, unsigned char *)) 1343 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1266 { 1344 {
1267 int i,j=0; 1345 int i,j=0;
1268 SSL_CIPHER *c; 1346 SSL_CIPHER *c;
1269 unsigned char *q; 1347 unsigned char *q;
1270#ifndef OPENSSL_NO_KRB5 1348#ifndef OPENSSL_NO_KRB5
1271 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); 1349 int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
1272#endif /* OPENSSL_NO_KRB5 */ 1350#endif /* OPENSSL_NO_KRB5 */
1273 1351
1274 if (sk == NULL) return(0); 1352 if (sk == NULL) return(0);
@@ -1278,22 +1356,46 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1278 { 1356 {
1279 c=sk_SSL_CIPHER_value(sk,i); 1357 c=sk_SSL_CIPHER_value(sk,i);
1280#ifndef OPENSSL_NO_KRB5 1358#ifndef OPENSSL_NO_KRB5
1281 if ((c->algorithms & SSL_KRB5) && nokrb5) 1359 if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
1282 continue; 1360 nokrb5)
1283#endif /* OPENSSL_NO_KRB5 */ 1361 continue;
1284 1362#endif /* OPENSSL_NO_KRB5 */
1363#ifndef OPENSSL_NO_PSK
1364 /* with PSK there must be client callback set */
1365 if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
1366 s->psk_client_callback == NULL)
1367 continue;
1368#endif /* OPENSSL_NO_PSK */
1285 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); 1369 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1286 p+=j; 1370 p+=j;
1287 } 1371 }
1372 /* If p == q, no ciphers and caller indicates an error. Otherwise
1373 * add SCSV if not renegotiating.
1374 */
1375 if (p != q && !s->new_session)
1376 {
1377 static SSL_CIPHER scsv =
1378 {
1379 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
1380 };
1381 j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p);
1382 p+=j;
1383#ifdef OPENSSL_RI_DEBUG
1384 fprintf(stderr, "SCSV sent by client\n");
1385#endif
1386 }
1387
1288 return(p-q); 1388 return(p-q);
1289 } 1389 }
1290 1390
1291STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 1391STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1292 STACK_OF(SSL_CIPHER) **skp) 1392 STACK_OF(SSL_CIPHER) **skp)
1293 { 1393 {
1294 SSL_CIPHER *c; 1394 const SSL_CIPHER *c;
1295 STACK_OF(SSL_CIPHER) *sk; 1395 STACK_OF(SSL_CIPHER) *sk;
1296 int i,n; 1396 int i,n;
1397 if (s->s3)
1398 s->s3->send_connection_binding = 0;
1297 1399
1298 n=ssl_put_cipher_by_char(s,NULL,NULL); 1400 n=ssl_put_cipher_by_char(s,NULL,NULL);
1299 if ((num%n) != 0) 1401 if ((num%n) != 0)
@@ -1311,6 +1413,26 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
1311 1413
1312 for (i=0; i<num; i+=n) 1414 for (i=0; i<num; i+=n)
1313 { 1415 {
1416 /* Check for SCSV */
1417 if (s->s3 && (n != 3 || !p[0]) &&
1418 (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
1419 (p[n-1] == (SSL3_CK_SCSV & 0xff)))
1420 {
1421 /* SCSV fatal if renegotiating */
1422 if (s->new_session)
1423 {
1424 SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
1425 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
1426 goto err;
1427 }
1428 s->s3->send_connection_binding = 1;
1429 p += n;
1430#ifdef OPENSSL_RI_DEBUG
1431 fprintf(stderr, "SCSV received by server\n");
1432#endif
1433 continue;
1434 }
1435
1314 c=ssl_get_cipher_by_char(s,p); 1436 c=ssl_get_cipher_by_char(s,p);
1315 p+=n; 1437 p+=n;
1316 if (c != NULL) 1438 if (c != NULL)
@@ -1332,6 +1454,7 @@ err:
1332 return(NULL); 1454 return(NULL);
1333 } 1455 }
1334 1456
1457
1335#ifndef OPENSSL_NO_TLSEXT 1458#ifndef OPENSSL_NO_TLSEXT
1336/** return a servername extension value if provided in Client Hello, or NULL. 1459/** return a servername extension value if provided in Client Hello, or NULL.
1337 * So far, only host_name types are defined (RFC 3546). 1460 * So far, only host_name types are defined (RFC 3546).
@@ -1355,7 +1478,7 @@ int SSL_get_servername_type(const SSL *s)
1355 } 1478 }
1356#endif 1479#endif
1357 1480
1358unsigned long SSL_SESSION_hash(const SSL_SESSION *a) 1481static unsigned long ssl_session_hash(const SSL_SESSION *a)
1359 { 1482 {
1360 unsigned long l; 1483 unsigned long l;
1361 1484
@@ -1372,7 +1495,7 @@ unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
1372 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being 1495 * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
1373 * able to construct an SSL_SESSION that will collide with any existing session 1496 * able to construct an SSL_SESSION that will collide with any existing session
1374 * with a matching session ID. */ 1497 * with a matching session ID. */
1375int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) 1498static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
1376 { 1499 {
1377 if (a->ssl_version != b->ssl_version) 1500 if (a->ssl_version != b->ssl_version)
1378 return(1); 1501 return(1);
@@ -1385,27 +1508,19 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
1385 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each 1508 * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
1386 * variable. The reason is that the functions aren't static, they're exposed via 1509 * variable. The reason is that the functions aren't static, they're exposed via
1387 * ssl.h. */ 1510 * ssl.h. */
1388static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *) 1511static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
1389static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *) 1512static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
1390 1513
1391SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) 1514SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
1392 { 1515 {
1393 SSL_CTX *ret=NULL; 1516 SSL_CTX *ret=NULL;
1394 1517
1395 if (meth == NULL) 1518 if (meth == NULL)
1396 { 1519 {
1397 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); 1520 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
1398 return(NULL); 1521 return(NULL);
1399 } 1522 }
1400 1523
1401#ifdef OPENSSL_FIPS
1402 if (FIPS_mode() && (meth->version < TLS1_VERSION))
1403 {
1404 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1405 return NULL;
1406 }
1407#endif
1408
1409 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) 1524 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1410 { 1525 {
1411 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1526 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1468,15 +1583,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1468 ret->app_gen_cookie_cb=0; 1583 ret->app_gen_cookie_cb=0;
1469 ret->app_verify_cookie_cb=0; 1584 ret->app_verify_cookie_cb=0;
1470 1585
1471 ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), 1586 ret->sessions=lh_SSL_SESSION_new();
1472 LHASH_COMP_FN(SSL_SESSION_cmp));
1473 if (ret->sessions == NULL) goto err; 1587 if (ret->sessions == NULL) goto err;
1474 ret->cert_store=X509_STORE_new(); 1588 ret->cert_store=X509_STORE_new();
1475 if (ret->cert_store == NULL) goto err; 1589 if (ret->cert_store == NULL) goto err;
1476 1590
1477 ssl_create_cipher_list(ret->method, 1591 ssl_create_cipher_list(ret->method,
1478 &ret->cipher_list,&ret->cipher_list_by_id, 1592 &ret->cipher_list,&ret->cipher_list_by_id,
1479 SSL_DEFAULT_CIPHER_LIST); 1593 meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
1480 if (ret->cipher_list == NULL 1594 if (ret->cipher_list == NULL
1481 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) 1595 || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
1482 { 1596 {
@@ -1512,6 +1626,8 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1512 ret->extra_certs=NULL; 1626 ret->extra_certs=NULL;
1513 ret->comp_methods=SSL_COMP_get_compression_methods(); 1627 ret->comp_methods=SSL_COMP_get_compression_methods();
1514 1628
1629 ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
1630
1515#ifndef OPENSSL_NO_TLSEXT 1631#ifndef OPENSSL_NO_TLSEXT
1516 ret->tlsext_servername_callback = 0; 1632 ret->tlsext_servername_callback = 0;
1517 ret->tlsext_servername_arg = NULL; 1633 ret->tlsext_servername_arg = NULL;
@@ -1525,7 +1641,29 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1525 ret->tlsext_status_arg = NULL; 1641 ret->tlsext_status_arg = NULL;
1526 1642
1527#endif 1643#endif
1528 1644#ifndef OPENSSL_NO_PSK
1645 ret->psk_identity_hint=NULL;
1646 ret->psk_client_callback=NULL;
1647 ret->psk_server_callback=NULL;
1648#endif
1649#ifndef OPENSSL_NO_BUF_FREELISTS
1650 ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
1651 ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1652 if (!ret->rbuf_freelist)
1653 goto err;
1654 ret->rbuf_freelist->chunklen = 0;
1655 ret->rbuf_freelist->len = 0;
1656 ret->rbuf_freelist->head = NULL;
1657 ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
1658 if (!ret->wbuf_freelist)
1659 {
1660 OPENSSL_free(ret->rbuf_freelist);
1661 goto err;
1662 }
1663 ret->wbuf_freelist->chunklen = 0;
1664 ret->wbuf_freelist->len = 0;
1665 ret->wbuf_freelist->head = NULL;
1666#endif
1529#ifndef OPENSSL_NO_ENGINE 1667#ifndef OPENSSL_NO_ENGINE
1530 ret->client_cert_engine = NULL; 1668 ret->client_cert_engine = NULL;
1531#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO 1669#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -1546,6 +1684,10 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1546 } 1684 }
1547#endif 1685#endif
1548#endif 1686#endif
1687 /* Default is to connect to non-RI servers. When RI is more widely
1688 * deployed might change this.
1689 */
1690 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
1549 1691
1550 return(ret); 1692 return(ret);
1551err: 1693err:
@@ -1560,6 +1702,20 @@ static void SSL_COMP_free(SSL_COMP *comp)
1560 { OPENSSL_free(comp); } 1702 { OPENSSL_free(comp); }
1561#endif 1703#endif
1562 1704
1705#ifndef OPENSSL_NO_BUF_FREELISTS
1706static void
1707ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
1708 {
1709 SSL3_BUF_FREELIST_ENTRY *ent, *next;
1710 for (ent = list->head; ent; ent = next)
1711 {
1712 next = ent->next;
1713 OPENSSL_free(ent);
1714 }
1715 OPENSSL_free(list);
1716 }
1717#endif
1718
1563void SSL_CTX_free(SSL_CTX *a) 1719void SSL_CTX_free(SSL_CTX *a)
1564 { 1720 {
1565 int i; 1721 int i;
@@ -1597,7 +1753,7 @@ void SSL_CTX_free(SSL_CTX *a)
1597 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); 1753 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1598 1754
1599 if (a->sessions != NULL) 1755 if (a->sessions != NULL)
1600 lh_free(a->sessions); 1756 lh_SSL_SESSION_free(a->sessions);
1601 1757
1602 if (a->cert_store != NULL) 1758 if (a->cert_store != NULL)
1603 X509_STORE_free(a->cert_store); 1759 X509_STORE_free(a->cert_store);
@@ -1617,10 +1773,23 @@ void SSL_CTX_free(SSL_CTX *a)
1617#else 1773#else
1618 a->comp_methods = NULL; 1774 a->comp_methods = NULL;
1619#endif 1775#endif
1776
1777#ifndef OPENSSL_NO_PSK
1778 if (a->psk_identity_hint)
1779 OPENSSL_free(a->psk_identity_hint);
1780#endif
1620#ifndef OPENSSL_NO_ENGINE 1781#ifndef OPENSSL_NO_ENGINE
1621 if (a->client_cert_engine) 1782 if (a->client_cert_engine)
1622 ENGINE_finish(a->client_cert_engine); 1783 ENGINE_finish(a->client_cert_engine);
1623#endif 1784#endif
1785
1786#ifndef OPENSSL_NO_BUF_FREELISTS
1787 if (a->wbuf_freelist)
1788 ssl_buf_freelist_free(a->wbuf_freelist);
1789 if (a->rbuf_freelist)
1790 ssl_buf_freelist_free(a->rbuf_freelist);
1791#endif
1792
1624 OPENSSL_free(a); 1793 OPENSSL_free(a);
1625 } 1794 }
1626 1795
@@ -1651,13 +1820,13 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
1651 X509_VERIFY_PARAM_set_depth(ctx->param, depth); 1820 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
1652 } 1821 }
1653 1822
1654void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) 1823void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
1655 { 1824 {
1656 CERT_PKEY *cpk; 1825 CERT_PKEY *cpk;
1657 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; 1826 int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
1658 int rsa_enc_export,dh_rsa_export,dh_dsa_export; 1827 int rsa_enc_export,dh_rsa_export,dh_dsa_export;
1659 int rsa_tmp_export,dh_tmp_export,kl; 1828 int rsa_tmp_export,dh_tmp_export,kl;
1660 unsigned long mask,emask; 1829 unsigned long mask_k,mask_a,emask_k,emask_a;
1661 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; 1830 int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
1662#ifndef OPENSSL_NO_ECDH 1831#ifndef OPENSSL_NO_ECDH
1663 int have_ecdh_tmp; 1832 int have_ecdh_tmp;
@@ -1704,60 +1873,77 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1704 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); 1873 dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
1705 cpk= &(c->pkeys[SSL_PKEY_ECC]); 1874 cpk= &(c->pkeys[SSL_PKEY_ECC]);
1706 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL); 1875 have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
1707 mask=0; 1876 mask_k=0;
1708 emask=0; 1877 mask_a=0;
1878 emask_k=0;
1879 emask_a=0;
1880
1881
1709 1882
1710#ifdef CIPHER_DEBUG 1883#ifdef CIPHER_DEBUG
1711 printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", 1884 printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
1712 rsa_tmp,rsa_tmp_export,dh_tmp, 1885 rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
1713 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); 1886 rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
1714#endif 1887#endif
1888
1889 cpk = &(c->pkeys[SSL_PKEY_GOST01]);
1890 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
1891 mask_k |= SSL_kGOST;
1892 mask_a |= SSL_aGOST01;
1893 }
1894 cpk = &(c->pkeys[SSL_PKEY_GOST94]);
1895 if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
1896 mask_k |= SSL_kGOST;
1897 mask_a |= SSL_aGOST94;
1898 }
1715 1899
1716 if (rsa_enc || (rsa_tmp && rsa_sign)) 1900 if (rsa_enc || (rsa_tmp && rsa_sign))
1717 mask|=SSL_kRSA; 1901 mask_k|=SSL_kRSA;
1718 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) 1902 if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
1719 emask|=SSL_kRSA; 1903 emask_k|=SSL_kRSA;
1720 1904
1721#if 0 1905#if 0
1722 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */ 1906 /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
1723 if ( (dh_tmp || dh_rsa || dh_dsa) && 1907 if ( (dh_tmp || dh_rsa || dh_dsa) &&
1724 (rsa_enc || rsa_sign || dsa_sign)) 1908 (rsa_enc || rsa_sign || dsa_sign))
1725 mask|=SSL_kEDH; 1909 mask_k|=SSL_kEDH;
1726 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && 1910 if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
1727 (rsa_enc || rsa_sign || dsa_sign)) 1911 (rsa_enc || rsa_sign || dsa_sign))
1728 emask|=SSL_kEDH; 1912 emask_k|=SSL_kEDH;
1729#endif 1913#endif
1730 1914
1731 if (dh_tmp_export) 1915 if (dh_tmp_export)
1732 emask|=SSL_kEDH; 1916 emask_k|=SSL_kEDH;
1733 1917
1734 if (dh_tmp) 1918 if (dh_tmp)
1735 mask|=SSL_kEDH; 1919 mask_k|=SSL_kEDH;
1736 1920
1737 if (dh_rsa) mask|=SSL_kDHr; 1921 if (dh_rsa) mask_k|=SSL_kDHr;
1738 if (dh_rsa_export) emask|=SSL_kDHr; 1922 if (dh_rsa_export) emask_k|=SSL_kDHr;
1739 1923
1740 if (dh_dsa) mask|=SSL_kDHd; 1924 if (dh_dsa) mask_k|=SSL_kDHd;
1741 if (dh_dsa_export) emask|=SSL_kDHd; 1925 if (dh_dsa_export) emask_k|=SSL_kDHd;
1742 1926
1743 if (rsa_enc || rsa_sign) 1927 if (rsa_enc || rsa_sign)
1744 { 1928 {
1745 mask|=SSL_aRSA; 1929 mask_a|=SSL_aRSA;
1746 emask|=SSL_aRSA; 1930 emask_a|=SSL_aRSA;
1747 } 1931 }
1748 1932
1749 if (dsa_sign) 1933 if (dsa_sign)
1750 { 1934 {
1751 mask|=SSL_aDSS; 1935 mask_a|=SSL_aDSS;
1752 emask|=SSL_aDSS; 1936 emask_a|=SSL_aDSS;
1753 } 1937 }
1754 1938
1755 mask|=SSL_aNULL; 1939 mask_a|=SSL_aNULL;
1756 emask|=SSL_aNULL; 1940 emask_a|=SSL_aNULL;
1757 1941
1758#ifndef OPENSSL_NO_KRB5 1942#ifndef OPENSSL_NO_KRB5
1759 mask|=SSL_kKRB5|SSL_aKRB5; 1943 mask_k|=SSL_kKRB5;
1760 emask|=SSL_kKRB5|SSL_aKRB5; 1944 mask_a|=SSL_aKRB5;
1945 emask_k|=SSL_kKRB5;
1946 emask_a|=SSL_aKRB5;
1761#endif 1947#endif
1762 1948
1763 /* An ECC certificate may be usable for ECDH and/or 1949 /* An ECC certificate may be usable for ECDH and/or
@@ -1765,7 +1951,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1765 */ 1951 */
1766 if (have_ecc_cert) 1952 if (have_ecc_cert)
1767 { 1953 {
1768 /* This call populates extension flags (ex_flags) */ 1954 /* This call populates extension flags (ex_flags) */
1769 x = (c->pkeys[SSL_PKEY_ECC]).x509; 1955 x = (c->pkeys[SSL_PKEY_ECC]).x509;
1770 X509_check_purpose(x, -1, 0); 1956 X509_check_purpose(x, -1, 0);
1771 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 1957 ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
@@ -1773,7 +1959,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1773 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? 1959 ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
1774 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; 1960 (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
1775 ecc_pkey = X509_get_pubkey(x); 1961 ecc_pkey = X509_get_pubkey(x);
1776 ecc_pkey_size = (ecc_pkey != NULL) ? 1962 ecc_pkey_size = (ecc_pkey != NULL) ?
1777 EVP_PKEY_bits(ecc_pkey) : 0; 1963 EVP_PKEY_bits(ecc_pkey) : 0;
1778 EVP_PKEY_free(ecc_pkey); 1964 EVP_PKEY_free(ecc_pkey);
1779 if ((x->sig_alg) && (x->sig_alg->algorithm)) 1965 if ((x->sig_alg) && (x->sig_alg->algorithm))
@@ -1781,27 +1967,41 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1781#ifndef OPENSSL_NO_ECDH 1967#ifndef OPENSSL_NO_ECDH
1782 if (ecdh_ok) 1968 if (ecdh_ok)
1783 { 1969 {
1784 if ((signature_nid == NID_md5WithRSAEncryption) || 1970 const char *sig = OBJ_nid2ln(signature_nid);
1785 (signature_nid == NID_md4WithRSAEncryption) || 1971 if (sig == NULL)
1786 (signature_nid == NID_md2WithRSAEncryption)) 1972 {
1973 ERR_clear_error();
1974 sig = "unknown";
1975 }
1976
1977 if (strstr(sig, "WithRSA"))
1787 { 1978 {
1788 mask|=SSL_kECDH|SSL_aRSA; 1979 mask_k|=SSL_kECDHr;
1980 mask_a|=SSL_aECDH;
1789 if (ecc_pkey_size <= 163) 1981 if (ecc_pkey_size <= 163)
1790 emask|=SSL_kECDH|SSL_aRSA; 1982 {
1983 emask_k|=SSL_kECDHr;
1984 emask_a|=SSL_aECDH;
1985 }
1791 } 1986 }
1987
1792 if (signature_nid == NID_ecdsa_with_SHA1) 1988 if (signature_nid == NID_ecdsa_with_SHA1)
1793 { 1989 {
1794 mask|=SSL_kECDH|SSL_aECDSA; 1990 mask_k|=SSL_kECDHe;
1991 mask_a|=SSL_aECDH;
1795 if (ecc_pkey_size <= 163) 1992 if (ecc_pkey_size <= 163)
1796 emask|=SSL_kECDH|SSL_aECDSA; 1993 {
1994 emask_k|=SSL_kECDHe;
1995 emask_a|=SSL_aECDH;
1996 }
1797 } 1997 }
1798 } 1998 }
1799#endif 1999#endif
1800#ifndef OPENSSL_NO_ECDSA 2000#ifndef OPENSSL_NO_ECDSA
1801 if (ecdsa_ok) 2001 if (ecdsa_ok)
1802 { 2002 {
1803 mask|=SSL_aECDSA; 2003 mask_a|=SSL_aECDSA;
1804 emask|=SSL_aECDSA; 2004 emask_a|=SSL_aECDSA;
1805 } 2005 }
1806#endif 2006#endif
1807 } 2007 }
@@ -1809,12 +2009,22 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1809#ifndef OPENSSL_NO_ECDH 2009#ifndef OPENSSL_NO_ECDH
1810 if (have_ecdh_tmp) 2010 if (have_ecdh_tmp)
1811 { 2011 {
1812 mask|=SSL_kECDHE; 2012 mask_k|=SSL_kEECDH;
1813 emask|=SSL_kECDHE; 2013 emask_k|=SSL_kEECDH;
1814 } 2014 }
1815#endif 2015#endif
1816 c->mask=mask; 2016
1817 c->export_mask=emask; 2017#ifndef OPENSSL_NO_PSK
2018 mask_k |= SSL_kPSK;
2019 mask_a |= SSL_aPSK;
2020 emask_k |= SSL_kPSK;
2021 emask_a |= SSL_aPSK;
2022#endif
2023
2024 c->mask_k=mask_k;
2025 c->mask_a=mask_a;
2026 c->export_mask_k=emask_k;
2027 c->export_mask_a=emask_a;
1818 c->valid=1; 2028 c->valid=1;
1819 } 2029 }
1820 2030
@@ -1822,13 +2032,18 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
1822#define ku_reject(x, usage) \ 2032#define ku_reject(x, usage) \
1823 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) 2033 (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
1824 2034
1825int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs) 2035#ifndef OPENSSL_NO_EC
2036
2037int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
1826 { 2038 {
1827 unsigned long alg = cs->algorithms; 2039 unsigned long alg_k, alg_a;
1828 EVP_PKEY *pkey = NULL; 2040 EVP_PKEY *pkey = NULL;
1829 int keysize = 0; 2041 int keysize = 0;
1830 int signature_nid = 0; 2042 int signature_nid = 0;
1831 2043
2044 alg_k = cs->algorithm_mkey;
2045 alg_a = cs->algorithm_auth;
2046
1832 if (SSL_C_IS_EXPORT(cs)) 2047 if (SSL_C_IS_EXPORT(cs))
1833 { 2048 {
1834 /* ECDH key length in export ciphers must be <= 163 bits */ 2049 /* ECDH key length in export ciphers must be <= 163 bits */
@@ -1843,37 +2058,46 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
1843 X509_check_purpose(x, -1, 0); 2058 X509_check_purpose(x, -1, 0);
1844 if ((x->sig_alg) && (x->sig_alg->algorithm)) 2059 if ((x->sig_alg) && (x->sig_alg->algorithm))
1845 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); 2060 signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
1846 if (alg & SSL_kECDH) 2061 if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
1847 { 2062 {
1848 /* key usage, if present, must allow key agreement */ 2063 /* key usage, if present, must allow key agreement */
1849 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) 2064 if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
1850 { 2065 {
2066 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
1851 return 0; 2067 return 0;
1852 } 2068 }
1853 if (alg & SSL_aECDSA) 2069 if (alg_k & SSL_kECDHe)
1854 { 2070 {
1855 /* signature alg must be ECDSA */ 2071 /* signature alg must be ECDSA */
1856 if (signature_nid != NID_ecdsa_with_SHA1) 2072 if (signature_nid != NID_ecdsa_with_SHA1)
1857 { 2073 {
2074 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
1858 return 0; 2075 return 0;
1859 } 2076 }
1860 } 2077 }
1861 if (alg & SSL_aRSA) 2078 if (alg_k & SSL_kECDHr)
1862 { 2079 {
1863 /* signature alg must be RSA */ 2080 /* signature alg must be RSA */
1864 if ((signature_nid != NID_md5WithRSAEncryption) && 2081
1865 (signature_nid != NID_md4WithRSAEncryption) && 2082 const char *sig = OBJ_nid2ln(signature_nid);
1866 (signature_nid != NID_md2WithRSAEncryption)) 2083 if (sig == NULL)
1867 { 2084 {
2085 ERR_clear_error();
2086 sig = "unknown";
2087 }
2088 if (strstr(sig, "WithRSA") == NULL)
2089 {
2090 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
1868 return 0; 2091 return 0;
1869 } 2092 }
1870 } 2093 }
1871 } 2094 }
1872 else if (alg & SSL_aECDSA) 2095 if (alg_a & SSL_aECDSA)
1873 { 2096 {
1874 /* key usage, if present, must allow signing */ 2097 /* key usage, if present, must allow signing */
1875 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) 2098 if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
1876 { 2099 {
2100 SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
1877 return 0; 2101 return 0;
1878 } 2102 }
1879 } 2103 }
@@ -1881,58 +2105,74 @@ int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
1881 return 1; /* all checks are ok */ 2105 return 1; /* all checks are ok */
1882 } 2106 }
1883 2107
2108#endif
2109
1884/* THIS NEEDS CLEANING UP */ 2110/* THIS NEEDS CLEANING UP */
1885X509 *ssl_get_server_send_cert(SSL *s) 2111X509 *ssl_get_server_send_cert(SSL *s)
1886 { 2112 {
1887 unsigned long alg,mask,kalg; 2113 unsigned long alg_k,alg_a,mask_k,mask_a;
1888 CERT *c; 2114 CERT *c;
1889 int i,is_export; 2115 int i,is_export;
1890 2116
1891 c=s->cert; 2117 c=s->cert;
1892 ssl_set_cert_masks(c, s->s3->tmp.new_cipher); 2118 ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
1893 alg=s->s3->tmp.new_cipher->algorithms;
1894 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 2119 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
1895 mask=is_export?c->export_mask:c->mask; 2120 if (is_export)
1896 kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); 2121 {
2122 mask_k = c->export_mask_k;
2123 mask_a = c->export_mask_a;
2124 }
2125 else
2126 {
2127 mask_k = c->mask_k;
2128 mask_a = c->mask_a;
2129 }
2130
2131 alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
2132 alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1897 2133
1898 if (kalg & SSL_kECDH) 2134 if (alg_k & (SSL_kECDHr|SSL_kECDHe))
1899 { 2135 {
1900 /* we don't need to look at SSL_kECDHE 2136 /* we don't need to look at SSL_kEECDH
1901 * since no certificate is needed for 2137 * since no certificate is needed for
1902 * anon ECDH and for authenticated 2138 * anon ECDH and for authenticated
1903 * ECDHE, the check for the auth 2139 * EECDH, the check for the auth
1904 * algorithm will set i correctly 2140 * algorithm will set i correctly
1905 * NOTE: For ECDH-RSA, we need an ECC 2141 * NOTE: For ECDH-RSA, we need an ECC
1906 * not an RSA cert but for ECDHE-RSA 2142 * not an RSA cert but for EECDH-RSA
1907 * we need an RSA cert. Placing the 2143 * we need an RSA cert. Placing the
1908 * checks for SSL_kECDH before RSA 2144 * checks for SSL_kECDH before RSA
1909 * checks ensures the correct cert is chosen. 2145 * checks ensures the correct cert is chosen.
1910 */ 2146 */
1911 i=SSL_PKEY_ECC; 2147 i=SSL_PKEY_ECC;
1912 } 2148 }
1913 else if (kalg & SSL_aECDSA) 2149 else if (alg_a & SSL_aECDSA)
1914 { 2150 {
1915 i=SSL_PKEY_ECC; 2151 i=SSL_PKEY_ECC;
1916 } 2152 }
1917 else if (kalg & SSL_kDHr) 2153 else if (alg_k & SSL_kDHr)
1918 i=SSL_PKEY_DH_RSA; 2154 i=SSL_PKEY_DH_RSA;
1919 else if (kalg & SSL_kDHd) 2155 else if (alg_k & SSL_kDHd)
1920 i=SSL_PKEY_DH_DSA; 2156 i=SSL_PKEY_DH_DSA;
1921 else if (kalg & SSL_aDSS) 2157 else if (alg_a & SSL_aDSS)
1922 i=SSL_PKEY_DSA_SIGN; 2158 i=SSL_PKEY_DSA_SIGN;
1923 else if (kalg & SSL_aRSA) 2159 else if (alg_a & SSL_aRSA)
1924 { 2160 {
1925 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL) 2161 if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
1926 i=SSL_PKEY_RSA_SIGN; 2162 i=SSL_PKEY_RSA_SIGN;
1927 else 2163 else
1928 i=SSL_PKEY_RSA_ENC; 2164 i=SSL_PKEY_RSA_ENC;
1929 } 2165 }
1930 else if (kalg & SSL_aKRB5) 2166 else if (alg_a & SSL_aKRB5)
1931 { 2167 {
1932 /* VRS something else here? */ 2168 /* VRS something else here? */
1933 return(NULL); 2169 return(NULL);
1934 } 2170 }
1935 else /* if (kalg & SSL_aNULL) */ 2171 else if (alg_a & SSL_aGOST94)
2172 i=SSL_PKEY_GOST94;
2173 else if (alg_a & SSL_aGOST01)
2174 i=SSL_PKEY_GOST01;
2175 else /* if (alg_a & SSL_aNULL) */
1936 { 2176 {
1937 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); 2177 SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
1938 return(NULL); 2178 return(NULL);
@@ -1942,18 +2182,18 @@ X509 *ssl_get_server_send_cert(SSL *s)
1942 return(c->pkeys[i].x509); 2182 return(c->pkeys[i].x509);
1943 } 2183 }
1944 2184
1945EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) 2185EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
1946 { 2186 {
1947 unsigned long alg; 2187 unsigned long alg_a;
1948 CERT *c; 2188 CERT *c;
1949 2189
1950 alg=cipher->algorithms; 2190 alg_a = cipher->algorithm_auth;
1951 c=s->cert; 2191 c=s->cert;
1952 2192
1953 if ((alg & SSL_aDSS) && 2193 if ((alg_a & SSL_aDSS) &&
1954 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL)) 2194 (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
1955 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey); 2195 return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
1956 else if (alg & SSL_aRSA) 2196 else if (alg_a & SSL_aRSA)
1957 { 2197 {
1958 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL) 2198 if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
1959 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey); 2199 return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
@@ -1962,10 +2202,10 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
1962 else 2202 else
1963 return(NULL); 2203 return(NULL);
1964 } 2204 }
1965 else if ((alg & SSL_aECDSA) && 2205 else if ((alg_a & SSL_aECDSA) &&
1966 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) 2206 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
1967 return(c->pkeys[SSL_PKEY_ECC].privatekey); 2207 return(c->pkeys[SSL_PKEY_ECC].privatekey);
1968 else /* if (alg & SSL_aNULL) */ 2208 else /* if (alg_a & SSL_aNULL) */
1969 { 2209 {
1970 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); 2210 SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
1971 return(NULL); 2211 return(NULL);
@@ -1980,14 +2220,14 @@ void ssl_update_cache(SSL *s,int mode)
1980 * and it would be rather hard to do anyway :-) */ 2220 * and it would be rather hard to do anyway :-) */
1981 if (s->session->session_id_length == 0) return; 2221 if (s->session->session_id_length == 0) return;
1982 2222
1983 i=s->ctx->session_cache_mode; 2223 i=s->session_ctx->session_cache_mode;
1984 if ((i & mode) && (!s->hit) 2224 if ((i & mode) && (!s->hit)
1985 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) 2225 && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
1986 || SSL_CTX_add_session(s->ctx,s->session)) 2226 || SSL_CTX_add_session(s->session_ctx,s->session))
1987 && (s->ctx->new_session_cb != NULL)) 2227 && (s->session_ctx->new_session_cb != NULL))
1988 { 2228 {
1989 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); 2229 CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
1990 if (!s->ctx->new_session_cb(s,s->session)) 2230 if (!s->session_ctx->new_session_cb(s,s->session))
1991 SSL_SESSION_free(s->session); 2231 SSL_SESSION_free(s->session);
1992 } 2232 }
1993 2233
@@ -1996,20 +2236,20 @@ void ssl_update_cache(SSL *s,int mode)
1996 ((i & mode) == mode)) 2236 ((i & mode) == mode))
1997 { 2237 {
1998 if ( (((mode & SSL_SESS_CACHE_CLIENT) 2238 if ( (((mode & SSL_SESS_CACHE_CLIENT)
1999 ?s->ctx->stats.sess_connect_good 2239 ?s->session_ctx->stats.sess_connect_good
2000 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) 2240 :s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
2001 { 2241 {
2002 SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL)); 2242 SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
2003 } 2243 }
2004 } 2244 }
2005 } 2245 }
2006 2246
2007SSL_METHOD *SSL_get_ssl_method(SSL *s) 2247const SSL_METHOD *SSL_get_ssl_method(SSL *s)
2008 { 2248 {
2009 return(s->method); 2249 return(s->method);
2010 } 2250 }
2011 2251
2012int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth) 2252int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
2013 { 2253 {
2014 int conn= -1; 2254 int conn= -1;
2015 int ret=1; 2255 int ret=1;
@@ -2152,6 +2392,8 @@ void SSL_set_accept_state(SSL *s)
2152 s->handshake_func=s->method->ssl_accept; 2392 s->handshake_func=s->method->ssl_accept;
2153 /* clear the current cipher */ 2393 /* clear the current cipher */
2154 ssl_clear_cipher_ctx(s); 2394 ssl_clear_cipher_ctx(s);
2395 ssl_clear_hash_ctx(&s->read_hash);
2396 ssl_clear_hash_ctx(&s->write_hash);
2155 } 2397 }
2156 2398
2157void SSL_set_connect_state(SSL *s) 2399void SSL_set_connect_state(SSL *s)
@@ -2162,6 +2404,8 @@ void SSL_set_connect_state(SSL *s)
2162 s->handshake_func=s->method->ssl_connect; 2404 s->handshake_func=s->method->ssl_connect;
2163 /* clear the current cipher */ 2405 /* clear the current cipher */
2164 ssl_clear_cipher_ctx(s); 2406 ssl_clear_cipher_ctx(s);
2407 ssl_clear_hash_ctx(&s->read_hash);
2408 ssl_clear_hash_ctx(&s->write_hash);
2165 } 2409 }
2166 2410
2167int ssl_undefined_function(SSL *s) 2411int ssl_undefined_function(SSL *s)
@@ -2206,7 +2450,7 @@ SSL *SSL_dup(SSL *s)
2206 X509_NAME *xn; 2450 X509_NAME *xn;
2207 SSL *ret; 2451 SSL *ret;
2208 int i; 2452 int i;
2209 2453
2210 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) 2454 if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2211 return(NULL); 2455 return(NULL);
2212 2456
@@ -2376,7 +2620,7 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
2376 return(NULL); 2620 return(NULL);
2377 } 2621 }
2378 2622
2379SSL_CIPHER *SSL_get_current_cipher(const SSL *s) 2623const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
2380 { 2624 {
2381 if ((s->session != NULL) && (s->session->cipher != NULL)) 2625 if ((s->session != NULL) && (s->session->cipher != NULL))
2382 return(s->session->cipher); 2626 return(s->session->cipher);
@@ -2454,7 +2698,7 @@ void ssl_free_wbio_buffer(SSL *s)
2454 s->wbio=BIO_pop(s->wbio); 2698 s->wbio=BIO_pop(s->wbio);
2455#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ 2699#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
2456 assert(s->wbio != NULL); 2700 assert(s->wbio != NULL);
2457#endif 2701#endif
2458 } 2702 }
2459 BIO_free(s->bbio); 2703 BIO_free(s->bbio);
2460 s->bbio=NULL; 2704 s->bbio=NULL;
@@ -2539,7 +2783,7 @@ void SSL_set_info_callback(SSL *ssl,
2539 2783
2540/* One compiler (Diab DCC) doesn't like argument names in returned 2784/* One compiler (Diab DCC) doesn't like argument names in returned
2541 function pointer. */ 2785 function pointer. */
2542void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/) 2786void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
2543 { 2787 {
2544 return ssl->info_callback; 2788 return ssl->info_callback;
2545 } 2789 }
@@ -2660,13 +2904,13 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
2660 2904
2661#ifndef OPENSSL_NO_DH 2905#ifndef OPENSSL_NO_DH
2662void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, 2906void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
2663 int keylength)) 2907 int keylength))
2664 { 2908 {
2665 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 2909 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2666 } 2910 }
2667 2911
2668void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, 2912void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2669 int keylength)) 2913 int keylength))
2670 { 2914 {
2671 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh); 2915 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
2672 } 2916 }
@@ -2674,18 +2918,109 @@ void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
2674 2918
2675#ifndef OPENSSL_NO_ECDH 2919#ifndef OPENSSL_NO_ECDH
2676void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 2920void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2677 int keylength)) 2921 int keylength))
2678 { 2922 {
2679 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 2923 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2680 } 2924 }
2681 2925
2682void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export, 2926void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
2683 int keylength)) 2927 int keylength))
2684 { 2928 {
2685 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh); 2929 SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
2686 } 2930 }
2687#endif 2931#endif
2688 2932
2933#ifndef OPENSSL_NO_PSK
2934int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
2935 {
2936 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
2937 {
2938 SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
2939 return 0;
2940 }
2941 if (ctx->psk_identity_hint != NULL)
2942 OPENSSL_free(ctx->psk_identity_hint);
2943 if (identity_hint != NULL)
2944 {
2945 ctx->psk_identity_hint = BUF_strdup(identity_hint);
2946 if (ctx->psk_identity_hint == NULL)
2947 return 0;
2948 }
2949 else
2950 ctx->psk_identity_hint = NULL;
2951 return 1;
2952 }
2953
2954int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
2955 {
2956 if (s == NULL)
2957 return 0;
2958
2959 if (s->session == NULL)
2960 return 1; /* session not created yet, ignored */
2961
2962 if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
2963 {
2964 SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
2965 return 0;
2966 }
2967 if (s->session->psk_identity_hint != NULL)
2968 OPENSSL_free(s->session->psk_identity_hint);
2969 if (identity_hint != NULL)
2970 {
2971 s->session->psk_identity_hint = BUF_strdup(identity_hint);
2972 if (s->session->psk_identity_hint == NULL)
2973 return 0;
2974 }
2975 else
2976 s->session->psk_identity_hint = NULL;
2977 return 1;
2978 }
2979
2980const char *SSL_get_psk_identity_hint(const SSL *s)
2981 {
2982 if (s == NULL || s->session == NULL)
2983 return NULL;
2984 return(s->session->psk_identity_hint);
2985 }
2986
2987const char *SSL_get_psk_identity(const SSL *s)
2988 {
2989 if (s == NULL || s->session == NULL)
2990 return NULL;
2991 return(s->session->psk_identity);
2992 }
2993
2994void SSL_set_psk_client_callback(SSL *s,
2995 unsigned int (*cb)(SSL *ssl, const char *hint,
2996 char *identity, unsigned int max_identity_len, unsigned char *psk,
2997 unsigned int max_psk_len))
2998 {
2999 s->psk_client_callback = cb;
3000 }
3001
3002void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
3003 unsigned int (*cb)(SSL *ssl, const char *hint,
3004 char *identity, unsigned int max_identity_len, unsigned char *psk,
3005 unsigned int max_psk_len))
3006 {
3007 ctx->psk_client_callback = cb;
3008 }
3009
3010void SSL_set_psk_server_callback(SSL *s,
3011 unsigned int (*cb)(SSL *ssl, const char *identity,
3012 unsigned char *psk, unsigned int max_psk_len))
3013 {
3014 s->psk_server_callback = cb;
3015 }
3016
3017void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
3018 unsigned int (*cb)(SSL *ssl, const char *identity,
3019 unsigned char *psk, unsigned int max_psk_len))
3020 {
3021 ctx->psk_server_callback = cb;
3022 }
3023#endif
2689 3024
2690void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) 3025void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
2691 { 3026 {
@@ -2696,7 +3031,25 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
2696 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); 3031 SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
2697 } 3032 }
2698 3033
3034/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
3035 * vairable, freeing EVP_MD_CTX previously stored in that variable, if
3036 * any. If EVP_MD pointer is passed, initializes ctx with this md
3037 * Returns newly allocated ctx;
3038 */
3039
3040EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md)
3041{
3042 ssl_clear_hash_ctx(hash);
3043 *hash = EVP_MD_CTX_create();
3044 if (md) EVP_DigestInit_ex(*hash,md,NULL);
3045 return *hash;
3046}
3047void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
3048{
2699 3049
3050 if (*hash) EVP_MD_CTX_destroy(*hash);
3051 *hash=NULL;
3052}
2700 3053
2701#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) 3054#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
2702#include "../crypto/bio/bss_file.c" 3055#include "../crypto/bio/bss_file.c"
@@ -2704,3 +3057,6 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
2704 3057
2705IMPLEMENT_STACK_OF(SSL_CIPHER) 3058IMPLEMENT_STACK_OF(SSL_CIPHER)
2706IMPLEMENT_STACK_OF(SSL_COMP) 3059IMPLEMENT_STACK_OF(SSL_COMP)
3060IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
3061 ssl_cipher_id);
3062
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index ed4ddbbae6..4c78393f3f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -113,6 +113,32 @@
113 * ECC cipher suite support in OpenSSL originally developed by 113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */ 115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
116 142
117#ifndef HEADER_SSL_LOCL_H 143#ifndef HEADER_SSL_LOCL_H
118#define HEADER_SSL_LOCL_H 144#define HEADER_SSL_LOCL_H
@@ -251,58 +277,84 @@
251 * that the different entities within are mutually exclusive: 277 * that the different entities within are mutually exclusive:
252 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. 278 * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
253 */ 279 */
254#define SSL_MKEY_MASK 0x000000FFL 280
281/* Bits for algorithm_mkey (key exchange algorithm) */
255#define SSL_kRSA 0x00000001L /* RSA key exchange */ 282#define SSL_kRSA 0x00000001L /* RSA key exchange */
256#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ 283#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
257#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ 284#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
258#define SSL_kFZA 0x00000008L 285#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
259#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ 286#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
260#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ 287#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
261#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */ 288#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
262#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ 289#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
263#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) 290#define SSL_kPSK 0x00000100L /* PSK */
264 291#define SSL_kGOST 0x00000200L /* GOST key exchange */
265#define SSL_AUTH_MASK 0x00007F00L 292
266#define SSL_aRSA 0x00000100L /* Authenticate with RSA */ 293/* Bits for algorithm_auth (server authentication) */
267#define SSL_aDSS 0x00000200L /* Authenticate with DSS */ 294#define SSL_aRSA 0x00000001L /* RSA auth */
268#define SSL_DSS SSL_aDSS 295#define SSL_aDSS 0x00000002L /* DSS auth */
269#define SSL_aFZA 0x00000400L 296#define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */
270#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */ 297#define SSL_aDH 0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
271#define SSL_aDH 0x00001000L /* no Authenticate, ADH */ 298#define SSL_aECDH 0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
272#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */ 299#define SSL_aKRB5 0x00000020L /* KRB5 auth */
273#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */ 300#define SSL_aECDSA 0x00000040L /* ECDSA auth*/
274 301#define SSL_aPSK 0x00000080L /* PSK auth */
275#define SSL_NULL (SSL_eNULL) 302#define SSL_aGOST94 0x00000100L /* GOST R 34.10-94 signature auth */
276#define SSL_ADH (SSL_kEDH|SSL_aNULL) 303#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */
277#define SSL_RSA (SSL_kRSA|SSL_aRSA) 304
278#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) 305
279#define SSL_ECDH (SSL_kECDH|SSL_kECDHE) 306/* Bits for algorithm_enc (symmetric encryption) */
280#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) 307#define SSL_DES 0x00000001L
281#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) 308#define SSL_3DES 0x00000002L
282 309#define SSL_RC4 0x00000004L
283#define SSL_ENC_MASK 0x1C3F8000L 310#define SSL_RC2 0x00000008L
284#define SSL_DES 0x00008000L 311#define SSL_IDEA 0x00000010L
285#define SSL_3DES 0x00010000L 312#define SSL_eNULL 0x00000020L
286#define SSL_RC4 0x00020000L 313#define SSL_AES128 0x00000040L
287#define SSL_RC2 0x00040000L 314#define SSL_AES256 0x00000080L
288#define SSL_IDEA 0x00080000L 315#define SSL_CAMELLIA128 0x00000100L
289#define SSL_eFZA 0x00100000L 316#define SSL_CAMELLIA256 0x00000200L
290#define SSL_eNULL 0x00200000L 317#define SSL_eGOST2814789CNT 0x00000400L
291#define SSL_AES 0x04000000L 318#define SSL_SEED 0x00000800L
292#define SSL_CAMELLIA 0x08000000L 319
293#define SSL_SEED 0x10000000L 320#define SSL_AES (SSL_AES128|SSL_AES256)
294 321#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
295#define SSL_MAC_MASK 0x00c00000L 322
296#define SSL_MD5 0x00400000L 323
297#define SSL_SHA1 0x00800000L 324/* Bits for algorithm_mac (symmetric authentication) */
298#define SSL_SHA (SSL_SHA1) 325#define SSL_MD5 0x00000001L
299 326#define SSL_SHA1 0x00000002L
300#define SSL_SSL_MASK 0x03000000L 327#define SSL_GOST94 0x00000004L
301#define SSL_SSLV2 0x01000000L 328#define SSL_GOST89MAC 0x00000008L
302#define SSL_SSLV3 0x02000000L 329
330/* Bits for algorithm_ssl (protocol version) */
331#define SSL_SSLV2 0x00000001L
332#define SSL_SSLV3 0x00000002L
303#define SSL_TLSV1 SSL_SSLV3 /* for now */ 333#define SSL_TLSV1 SSL_SSLV3 /* for now */
304 334
305/* we have used 1fffffff - 3 bits left to go. */ 335
336/* Bits for algorithm2 (handshake digests and other extra flags) */
337
338#define SSL_HANDSHAKE_MAC_MD5 0x10
339#define SSL_HANDSHAKE_MAC_SHA 0x20
340#define SSL_HANDSHAKE_MAC_GOST94 0x40
341#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
342
343/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
344 * make sure to update this constant too */
345#define SSL_MAX_DIGEST 4
346
347#define TLS1_PRF_DGST_SHIFT 8
348#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
349#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
350#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
351#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
352
353/* Stream MAC for GOST ciphersuites from cryptopro draft
354 * (currently this also goes into algorithm2) */
355#define TLS1_STREAM_MAC 0x04
356
357
306 358
307/* 359/*
308 * Export and cipher strength information. For each cipher we have to decide 360 * Export and cipher strength information. For each cipher we have to decide
@@ -320,10 +372,11 @@
320 * be possible. 372 * be possible.
321 */ 373 */
322#define SSL_EXP_MASK 0x00000003L 374#define SSL_EXP_MASK 0x00000003L
375#define SSL_STRONG_MASK 0x000001fcL
376
323#define SSL_NOT_EXP 0x00000001L 377#define SSL_NOT_EXP 0x00000001L
324#define SSL_EXPORT 0x00000002L 378#define SSL_EXPORT 0x00000002L
325 379
326#define SSL_STRONG_MASK 0x000000fcL
327#define SSL_STRONG_NONE 0x00000004L 380#define SSL_STRONG_NONE 0x00000004L
328#define SSL_EXP40 0x00000008L 381#define SSL_EXP40 0x00000008L
329#define SSL_MICRO (SSL_EXP40) 382#define SSL_MICRO (SSL_EXP40)
@@ -357,17 +410,14 @@
357#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) 410#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
358 411
359#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ 412#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
360 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7) 413 (a) == SSL_DES ? 8 : 7)
361#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) 414#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
362#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \ 415#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
363 (c)->algo_strength) 416 (c)->algo_strength)
364#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) 417#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
365 418
366 419
367#define SSL_ALL 0xffffffffL 420
368#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
369 SSL_MAC_MASK)
370#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
371 421
372/* Mostly for SSLv3 */ 422/* Mostly for SSLv3 */
373#define SSL_PKEY_RSA_ENC 0 423#define SSL_PKEY_RSA_ENC 0
@@ -376,7 +426,9 @@
376#define SSL_PKEY_DH_RSA 3 426#define SSL_PKEY_DH_RSA 3
377#define SSL_PKEY_DH_DSA 4 427#define SSL_PKEY_DH_DSA 4
378#define SSL_PKEY_ECC 5 428#define SSL_PKEY_ECC 5
379#define SSL_PKEY_NUM 6 429#define SSL_PKEY_GOST94 6
430#define SSL_PKEY_GOST01 7
431#define SSL_PKEY_NUM 8
380 432
381/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | 433/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
382 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) 434 * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@@ -417,8 +469,10 @@ typedef struct cert_st
417 /* The following masks are for the key and auth 469 /* The following masks are for the key and auth
418 * algorithms that are supported by the certs below */ 470 * algorithms that are supported by the certs below */
419 int valid; 471 int valid;
420 unsigned long mask; 472 unsigned long mask_k;
421 unsigned long export_mask; 473 unsigned long mask_a;
474 unsigned long export_mask_k;
475 unsigned long export_mask_a;
422#ifndef OPENSSL_NO_RSA 476#ifndef OPENSSL_NO_RSA
423 RSA *rsa_tmp; 477 RSA *rsa_tmp;
424 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); 478 RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
@@ -492,9 +546,9 @@ typedef struct ssl3_enc_method
492 int (*setup_key_block)(SSL *); 546 int (*setup_key_block)(SSL *);
493 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int); 547 int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
494 int (*change_cipher_state)(SSL *, int); 548 int (*change_cipher_state)(SSL *, int);
495 int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *); 549 int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
496 int finish_mac_length; 550 int finish_mac_length;
497 int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *); 551 int (*cert_verify_mac)(SSL *, int, unsigned char *);
498 const char *client_finished_label; 552 const char *client_finished_label;
499 int client_finished_label_len; 553 int client_finished_label_len;
500 const char *server_finished_label; 554 const char *server_finished_label;
@@ -512,24 +566,35 @@ typedef struct ssl3_comp_st
512 } SSL3_COMP; 566 } SSL3_COMP;
513#endif 567#endif
514 568
569#ifndef OPENSSL_NO_BUF_FREELISTS
570typedef struct ssl3_buf_freelist_st
571 {
572 size_t chunklen;
573 unsigned int len;
574 struct ssl3_buf_freelist_entry_st *head;
575 } SSL3_BUF_FREELIST;
576
577typedef struct ssl3_buf_freelist_entry_st
578 {
579 struct ssl3_buf_freelist_entry_st *next;
580 } SSL3_BUF_FREELIST_ENTRY;
581#endif
582
515extern SSL3_ENC_METHOD ssl3_undef_enc_method; 583extern SSL3_ENC_METHOD ssl3_undef_enc_method;
516OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; 584OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
517OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; 585OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
518 586
519 587
520SSL_METHOD *ssl_bad_method(int ver); 588SSL_METHOD *ssl_bad_method(int ver);
521SSL_METHOD *sslv2_base_method(void);
522SSL_METHOD *sslv23_base_method(void);
523SSL_METHOD *sslv3_base_method(void);
524 589
525extern SSL3_ENC_METHOD TLSv1_enc_data; 590extern SSL3_ENC_METHOD TLSv1_enc_data;
526extern SSL3_ENC_METHOD SSLv3_enc_data; 591extern SSL3_ENC_METHOD SSLv3_enc_data;
527extern SSL3_ENC_METHOD DTLSv1_enc_data; 592extern SSL3_ENC_METHOD DTLSv1_enc_data;
528 593
529#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 594#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
530SSL_METHOD *func_name(void) \ 595const SSL_METHOD *func_name(void) \
531 { \ 596 { \
532 static SSL_METHOD func_name##_data= { \ 597 static const SSL_METHOD func_name##_data= { \
533 TLS1_VERSION, \ 598 TLS1_VERSION, \
534 tls1_new, \ 599 tls1_new, \
535 tls1_clear, \ 600 tls1_clear, \
@@ -564,9 +629,9 @@ SSL_METHOD *func_name(void) \
564 } 629 }
565 630
566#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 631#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
567SSL_METHOD *func_name(void) \ 632const SSL_METHOD *func_name(void) \
568 { \ 633 { \
569 static SSL_METHOD func_name##_data= { \ 634 static const SSL_METHOD func_name##_data= { \
570 SSL3_VERSION, \ 635 SSL3_VERSION, \
571 ssl3_new, \ 636 ssl3_new, \
572 ssl3_clear, \ 637 ssl3_clear, \
@@ -601,9 +666,9 @@ SSL_METHOD *func_name(void) \
601 } 666 }
602 667
603#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 668#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
604SSL_METHOD *func_name(void) \ 669const SSL_METHOD *func_name(void) \
605 { \ 670 { \
606 static SSL_METHOD func_name##_data= { \ 671 static const SSL_METHOD func_name##_data= { \
607 TLS1_VERSION, \ 672 TLS1_VERSION, \
608 tls1_new, \ 673 tls1_new, \
609 tls1_clear, \ 674 tls1_clear, \
@@ -638,9 +703,9 @@ SSL_METHOD *func_name(void) \
638 } 703 }
639 704
640#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 705#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
641SSL_METHOD *func_name(void) \ 706const SSL_METHOD *func_name(void) \
642 { \ 707 { \
643 static SSL_METHOD func_name##_data= { \ 708 static const SSL_METHOD func_name##_data= { \
644 SSL2_VERSION, \ 709 SSL2_VERSION, \
645 ssl2_new, /* local */ \ 710 ssl2_new, /* local */ \
646 ssl2_clear, /* local */ \ 711 ssl2_clear, /* local */ \
@@ -675,9 +740,9 @@ SSL_METHOD *func_name(void) \
675 } 740 }
676 741
677#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \ 742#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
678SSL_METHOD *func_name(void) \ 743const SSL_METHOD *func_name(void) \
679 { \ 744 { \
680 static SSL_METHOD func_name##_data= { \ 745 static const SSL_METHOD func_name##_data= { \
681 DTLS1_VERSION, \ 746 DTLS1_VERSION, \
682 dtls1_new, \ 747 dtls1_new, \
683 dtls1_clear, \ 748 dtls1_clear, \
@@ -694,7 +759,7 @@ SSL_METHOD *func_name(void) \
694 dtls1_read_bytes, \ 759 dtls1_read_bytes, \
695 dtls1_write_app_data_bytes, \ 760 dtls1_write_app_data_bytes, \
696 dtls1_dispatch_alert, \ 761 dtls1_dispatch_alert, \
697 ssl3_ctrl, \ 762 dtls1_ctrl, \
698 ssl3_ctx_ctrl, \ 763 ssl3_ctx_ctrl, \
699 ssl3_get_cipher_by_char, \ 764 ssl3_get_cipher_by_char, \
700 ssl3_put_cipher_by_char, \ 765 ssl3_put_cipher_by_char, \
@@ -723,6 +788,8 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
723int ssl_get_new_session(SSL *s, int session); 788int ssl_get_new_session(SSL *s, int session);
724int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit); 789int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
725int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); 790int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
791DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
792 ssl_cipher_id);
726int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, 793int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
727 const SSL_CIPHER * const *bp); 794 const SSL_CIPHER * const *bp);
728STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 795STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
@@ -735,15 +802,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
735 const char *rule_str); 802 const char *rule_str);
736void ssl_update_cache(SSL *s, int mode); 803void ssl_update_cache(SSL *s, int mode);
737int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc, 804int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
738 const EVP_MD **md,SSL_COMP **comp); 805 const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
806int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);
739int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); 807int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
740int ssl_undefined_function(SSL *s); 808int ssl_undefined_function(SSL *s);
741int ssl_undefined_void_function(void); 809int ssl_undefined_void_function(void);
742int ssl_undefined_const_function(const SSL *s); 810int ssl_undefined_const_function(const SSL *s);
743X509 *ssl_get_server_send_cert(SSL *); 811X509 *ssl_get_server_send_cert(SSL *);
744EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); 812EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
745int ssl_cert_type(X509 *x,EVP_PKEY *pkey); 813int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
746void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); 814void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
747STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); 815STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
748int ssl_verify_alarm_type(long type); 816int ssl_verify_alarm_type(long type);
749void ssl_load_ciphers(void); 817void ssl_load_ciphers(void);
@@ -752,7 +820,7 @@ int ssl2_enc_init(SSL *s, int client);
752int ssl2_generate_key_material(SSL *s); 820int ssl2_generate_key_material(SSL *s);
753void ssl2_enc(SSL *s,int send_data); 821void ssl2_enc(SSL *s,int send_data);
754void ssl2_mac(SSL *s,unsigned char *mac,int send_data); 822void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
755SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); 823const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
756int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); 824int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
757int ssl2_part_read(SSL *s, unsigned long f, int i); 825int ssl2_part_read(SSL *s, unsigned long f, int i);
758int ssl2_do_write(SSL *s); 826int ssl2_do_write(SSL *s);
@@ -760,7 +828,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
760void ssl2_return_error(SSL *s,int reason); 828void ssl2_return_error(SSL *s,int reason);
761void ssl2_write_error(SSL *s); 829void ssl2_write_error(SSL *s);
762int ssl2_num_ciphers(void); 830int ssl2_num_ciphers(void);
763SSL_CIPHER *ssl2_get_cipher(unsigned int u); 831const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
764int ssl2_new(SSL *s); 832int ssl2_new(SSL *s);
765void ssl2_free(SSL *s); 833void ssl2_free(SSL *s);
766int ssl2_accept(SSL *s); 834int ssl2_accept(SSL *s);
@@ -777,7 +845,7 @@ long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
777int ssl2_pending(const SSL *s); 845int ssl2_pending(const SSL *s);
778long ssl2_default_timeout(void ); 846long ssl2_default_timeout(void );
779 847
780SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); 848const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
781int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); 849int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
782void ssl3_init_finished_mac(SSL *s); 850void ssl3_init_finished_mac(SSL *s);
783int ssl3_send_server_certificate(SSL *s); 851int ssl3_send_server_certificate(SSL *s);
@@ -789,29 +857,34 @@ int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
789int ssl3_change_cipher_state(SSL *s,int which); 857int ssl3_change_cipher_state(SSL *s,int which);
790void ssl3_cleanup_key_block(SSL *s); 858void ssl3_cleanup_key_block(SSL *s);
791int ssl3_do_write(SSL *s,int type); 859int ssl3_do_write(SSL *s,int type);
792void ssl3_send_alert(SSL *s,int level, int desc); 860int ssl3_send_alert(SSL *s,int level, int desc);
793int ssl3_generate_master_secret(SSL *s, unsigned char *out, 861int ssl3_generate_master_secret(SSL *s, unsigned char *out,
794 unsigned char *p, int len); 862 unsigned char *p, int len);
795int ssl3_get_req_cert_type(SSL *s,unsigned char *p); 863int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
796long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 864long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
797int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); 865int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
798int ssl3_num_ciphers(void); 866int ssl3_num_ciphers(void);
799SSL_CIPHER *ssl3_get_cipher(unsigned int u); 867const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
800int ssl3_renegotiate(SSL *ssl); 868int ssl3_renegotiate(SSL *ssl);
801int ssl3_renegotiate_check(SSL *ssl); 869int ssl3_renegotiate_check(SSL *ssl);
802int ssl3_dispatch_alert(SSL *s); 870int ssl3_dispatch_alert(SSL *s);
803int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); 871int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
804int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); 872int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
805int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, 873int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
806 const char *sender, int slen,unsigned char *p); 874int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
807int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
808void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); 875void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
809int ssl3_enc(SSL *s, int send_data); 876int ssl3_enc(SSL *s, int send_data);
810int ssl3_mac(SSL *ssl, unsigned char *md, int send_data); 877int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
878void ssl3_free_digest_list(SSL *s);
811unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); 879unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
812SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, 880SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
813 STACK_OF(SSL_CIPHER) *srvr); 881 STACK_OF(SSL_CIPHER) *srvr);
814int ssl3_setup_buffers(SSL *s); 882int ssl3_setup_buffers(SSL *s);
883int ssl3_setup_read_buffer(SSL *s);
884int ssl3_setup_write_buffer(SSL *s);
885int ssl3_release_read_buffer(SSL *s);
886int ssl3_release_write_buffer(SSL *s);
887int ssl3_digest_cached_records(SSL *s);
815int ssl3_new(SSL *s); 888int ssl3_new(SSL *s);
816void ssl3_free(SSL *s); 889void ssl3_free(SSL *s);
817int ssl3_accept(SSL *s); 890int ssl3_accept(SSL *s);
@@ -832,12 +905,12 @@ int ssl3_do_change_cipher_spec(SSL *ssl);
832long ssl3_default_timeout(void ); 905long ssl3_default_timeout(void );
833 906
834int ssl23_num_ciphers(void ); 907int ssl23_num_ciphers(void );
835SSL_CIPHER *ssl23_get_cipher(unsigned int u); 908const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
836int ssl23_read(SSL *s, void *buf, int len); 909int ssl23_read(SSL *s, void *buf, int len);
837int ssl23_peek(SSL *s, void *buf, int len); 910int ssl23_peek(SSL *s, void *buf, int len);
838int ssl23_write(SSL *s, const void *buf, int len); 911int ssl23_write(SSL *s, const void *buf, int len);
839int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 912int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
840SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); 913const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
841long ssl23_default_timeout(void ); 914long ssl23_default_timeout(void );
842 915
843long tls1_default_timeout(void); 916long tls1_default_timeout(void);
@@ -862,14 +935,21 @@ int dtls1_read_failed(SSL *s, int code);
862int dtls1_buffer_message(SSL *s, int ccs); 935int dtls1_buffer_message(SSL *s, int ccs);
863int dtls1_retransmit_message(SSL *s, unsigned short seq, 936int dtls1_retransmit_message(SSL *s, unsigned short seq,
864 unsigned long frag_off, int *found); 937 unsigned long frag_off, int *found);
938int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
939int dtls1_retransmit_buffered_messages(SSL *s);
865void dtls1_clear_record_buffer(SSL *s); 940void dtls1_clear_record_buffer(SSL *s);
866void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); 941void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
867void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); 942void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
868void dtls1_reset_seq_numbers(SSL *s, int rw); 943void dtls1_reset_seq_numbers(SSL *s, int rw);
869long dtls1_default_timeout(void); 944long dtls1_default_timeout(void);
870SSL_CIPHER *dtls1_get_cipher(unsigned int u); 945struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
871 946int dtls1_handle_timeout(SSL *s);
872 947const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
948void dtls1_start_timer(SSL *s);
949void dtls1_stop_timer(SSL *s);
950int dtls1_is_timer_expired(SSL *s);
951void dtls1_double_timeout(SSL *s);
952int dtls1_send_newsession_ticket(SSL *s);
873 953
874/* some client-only functions */ 954/* some client-only functions */
875int ssl3_client_hello(SSL *s); 955int ssl3_client_hello(SSL *s);
@@ -879,12 +959,15 @@ int ssl3_get_new_session_ticket(SSL *s);
879int ssl3_get_cert_status(SSL *s); 959int ssl3_get_cert_status(SSL *s);
880int ssl3_get_server_done(SSL *s); 960int ssl3_get_server_done(SSL *s);
881int ssl3_send_client_verify(SSL *s); 961int ssl3_send_client_verify(SSL *s);
882int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
883int ssl3_send_client_certificate(SSL *s); 962int ssl3_send_client_certificate(SSL *s);
963int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
884int ssl3_send_client_key_exchange(SSL *s); 964int ssl3_send_client_key_exchange(SSL *s);
885int ssl3_get_key_exchange(SSL *s); 965int ssl3_get_key_exchange(SSL *s);
886int ssl3_get_server_certificate(SSL *s); 966int ssl3_get_server_certificate(SSL *s);
887int ssl3_check_cert_and_algorithm(SSL *s); 967int ssl3_check_cert_and_algorithm(SSL *s);
968#ifndef OPENSSL_NO_TLSEXT
969int ssl3_check_finished(SSL *s);
970#endif
888 971
889int dtls1_client_hello(SSL *s); 972int dtls1_client_hello(SSL *s);
890int dtls1_send_client_certificate(SSL *s); 973int dtls1_send_client_certificate(SSL *s);
@@ -922,7 +1005,6 @@ void tls1_free(SSL *s);
922void tls1_clear(SSL *s); 1005void tls1_clear(SSL *s);
923long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); 1006long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
924long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void)); 1007long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
925SSL_METHOD *tlsv1_base_method(void );
926 1008
927int dtls1_new(SSL *s); 1009int dtls1_new(SSL *s);
928int dtls1_accept(SSL *s); 1010int dtls1_accept(SSL *s);
@@ -930,7 +1012,6 @@ int dtls1_connect(SSL *s);
930void dtls1_free(SSL *s); 1012void dtls1_free(SSL *s);
931void dtls1_clear(SSL *s); 1013void dtls1_clear(SSL *s);
932long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg); 1014long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
933SSL_METHOD *dtlsv1_base_method(void );
934 1015
935long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); 1016long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
936int dtls1_get_record(SSL *s); 1017int dtls1_get_record(SSL *s);
@@ -945,9 +1026,9 @@ void ssl_free_wbio_buffer(SSL *s);
945int tls1_change_cipher_state(SSL *s, int which); 1026int tls1_change_cipher_state(SSL *s, int which);
946int tls1_setup_key_block(SSL *s); 1027int tls1_setup_key_block(SSL *s);
947int tls1_enc(SSL *s, int snd); 1028int tls1_enc(SSL *s, int snd);
948int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, 1029int tls1_final_finish_mac(SSL *s,
949 const char *str, int slen, unsigned char *p); 1030 const char *str, int slen, unsigned char *p);
950int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); 1031int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
951int tls1_mac(SSL *ssl, unsigned char *md, int snd); 1032int tls1_mac(SSL *ssl, unsigned char *md, int snd);
952int tls1_generate_master_secret(SSL *s, unsigned char *out, 1033int tls1_generate_master_secret(SSL *s, unsigned char *out,
953 unsigned char *p, int len); 1034 unsigned char *p, int len);
@@ -955,10 +1036,17 @@ int tls1_alert_code(int code);
955int ssl3_alert_code(int code); 1036int ssl3_alert_code(int code);
956int ssl_ok(SSL *s); 1037int ssl_ok(SSL *s);
957 1038
958int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs); 1039#ifndef OPENSSL_NO_ECDH
1040int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
1041#endif
959 1042
960SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); 1043SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
961 1044
1045#ifndef OPENSSL_NO_EC
1046int tls1_ec_curve_id2nid(int curve_id);
1047int tls1_ec_nid2curve_id(int nid);
1048#endif /* OPENSSL_NO_EC */
1049
962#ifndef OPENSSL_NO_TLSEXT 1050#ifndef OPENSSL_NO_TLSEXT
963unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 1051unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
964unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 1052unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
@@ -968,6 +1056,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s);
968int ssl_prepare_serverhello_tlsext(SSL *s); 1056int ssl_prepare_serverhello_tlsext(SSL *s);
969int ssl_check_clienthello_tlsext(SSL *s); 1057int ssl_check_clienthello_tlsext(SSL *s);
970int ssl_check_serverhello_tlsext(SSL *s); 1058int ssl_check_serverhello_tlsext(SSL *s);
1059
971#ifdef OPENSSL_NO_SHA256 1060#ifdef OPENSSL_NO_SHA256
972#define tlsext_tick_md EVP_sha1 1061#define tlsext_tick_md EVP_sha1
973#else 1062#else
@@ -975,8 +1064,15 @@ int ssl_check_serverhello_tlsext(SSL *s);
975#endif 1064#endif
976int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, 1065int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
977 const unsigned char *limit, SSL_SESSION **ret); 1066 const unsigned char *limit, SSL_SESSION **ret);
1067#endif
978EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; 1068EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
979void ssl_clear_hash_ctx(EVP_MD_CTX **hash); 1069void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
980#endif 1070int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
981 1071 int maxlen);
1072int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1073 int *al);
1074int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
1075 int maxlen);
1076int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
1077 int *al);
982#endif 1078#endif
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 27113eba50..c0960b5712 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -723,7 +723,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
723 goto end; 723 goto end;
724 } 724 }
725 725
726 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); 726 x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
727 if (x == NULL) 727 if (x == NULL)
728 { 728 {
729 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); 729 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 8391d62212..8e5d8a0972 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -55,6 +55,85 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
58 137
59#include <stdio.h> 138#include <stdio.h>
60#include <openssl/lhash.h> 139#include <openssl/lhash.h>
@@ -127,8 +206,18 @@ SSL_SESSION *SSL_SESSION_new(void)
127 ss->compress_meth=0; 206 ss->compress_meth=0;
128#ifndef OPENSSL_NO_TLSEXT 207#ifndef OPENSSL_NO_TLSEXT
129 ss->tlsext_hostname = NULL; 208 ss->tlsext_hostname = NULL;
209#ifndef OPENSSL_NO_EC
210 ss->tlsext_ecpointformatlist_length = 0;
211 ss->tlsext_ecpointformatlist = NULL;
212 ss->tlsext_ellipticcurvelist_length = 0;
213 ss->tlsext_ellipticcurvelist = NULL;
214#endif
130#endif 215#endif
131 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); 216 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
217#ifndef OPENSSL_NO_PSK
218 ss->psk_identity_hint=NULL;
219 ss->psk_identity=NULL;
220#endif
132 return(ss); 221 return(ss);
133 } 222 }
134 223
@@ -183,10 +272,10 @@ int ssl_get_new_session(SSL *s, int session)
183 if ((ss=SSL_SESSION_new()) == NULL) return(0); 272 if ((ss=SSL_SESSION_new()) == NULL) return(0);
184 273
185 /* If the context has a default timeout, use it */ 274 /* If the context has a default timeout, use it */
186 if (s->ctx->session_timeout == 0) 275 if (s->session_ctx->session_timeout == 0)
187 ss->timeout=SSL_get_default_timeout(s); 276 ss->timeout=SSL_get_default_timeout(s);
188 else 277 else
189 ss->timeout=s->ctx->session_timeout; 278 ss->timeout=s->session_ctx->session_timeout;
190 279
191 if (s->session != NULL) 280 if (s->session != NULL)
192 { 281 {
@@ -211,6 +300,11 @@ int ssl_get_new_session(SSL *s, int session)
211 ss->ssl_version=TLS1_VERSION; 300 ss->ssl_version=TLS1_VERSION;
212 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH; 301 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
213 } 302 }
303 else if (s->version == DTLS1_BAD_VER)
304 {
305 ss->ssl_version=DTLS1_BAD_VER;
306 ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
307 }
214 else if (s->version == DTLS1_VERSION) 308 else if (s->version == DTLS1_VERSION)
215 { 309 {
216 ss->ssl_version=DTLS1_VERSION; 310 ss->ssl_version=DTLS1_VERSION;
@@ -234,8 +328,8 @@ int ssl_get_new_session(SSL *s, int session)
234 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 328 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
235 if(s->generate_session_id) 329 if(s->generate_session_id)
236 cb = s->generate_session_id; 330 cb = s->generate_session_id;
237 else if(s->ctx->generate_session_id) 331 else if(s->session_ctx->generate_session_id)
238 cb = s->ctx->generate_session_id; 332 cb = s->session_ctx->generate_session_id;
239 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); 333 CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
240 /* Choose a session ID */ 334 /* Choose a session ID */
241 tmp = ss->session_id_length; 335 tmp = ss->session_id_length;
@@ -281,6 +375,32 @@ int ssl_get_new_session(SSL *s, int session)
281 return 0; 375 return 0;
282 } 376 }
283 } 377 }
378#ifndef OPENSSL_NO_EC
379 if (s->tlsext_ecpointformatlist)
380 {
381 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
382 if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
383 {
384 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
385 SSL_SESSION_free(ss);
386 return 0;
387 }
388 ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
389 memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
390 }
391 if (s->tlsext_ellipticcurvelist)
392 {
393 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
394 if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
395 {
396 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
397 SSL_SESSION_free(ss);
398 return 0;
399 }
400 ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
401 memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
402 }
403#endif
284#endif 404#endif
285 } 405 }
286 else 406 else
@@ -313,15 +433,15 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
313#ifndef OPENSSL_NO_TLSEXT 433#ifndef OPENSSL_NO_TLSEXT
314 int r; 434 int r;
315#endif 435#endif
316 436
317 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) 437 if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
318 goto err; 438 goto err;
319#ifndef OPENSSL_NO_TLSEXT 439#ifndef OPENSSL_NO_TLSEXT
320 r = tls1_process_ticket(s, session_id, len, limit, &ret); 440 r = tls1_process_ticket(s, session_id, len, limit, &ret);
321 if (r == -1) 441 if (r == -1)
322 { 442 {
323 fatal = 1; 443 fatal = 1;
324 goto err; 444 goto err;
325 } 445 }
326 else if (r == 0 || (!ret && !len)) 446 else if (r == 0 || (!ret && !len))
327 goto err; 447 goto err;
@@ -329,7 +449,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
329#else 449#else
330 if (len == 0) 450 if (len == 0)
331 goto err; 451 goto err;
332 if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) 452 if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
333#endif 453#endif
334 { 454 {
335 SSL_SESSION data; 455 SSL_SESSION data;
@@ -337,9 +457,9 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
337 data.session_id_length=len; 457 data.session_id_length=len;
338 if (len == 0) 458 if (len == 0)
339 return 0; 459 return 0;
340 memcpy(data.session_id,session_id,len); 460 memcpy(data.session_id,session_id,len);
341 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); 461 CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
342 ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data); 462 ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data);
343 if (ret != NULL) 463 if (ret != NULL)
344 /* don't allow other threads to steal it: */ 464 /* don't allow other threads to steal it: */
345 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 465 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -350,13 +470,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
350 { 470 {
351 int copy=1; 471 int copy=1;
352 472
353 s->ctx->stats.sess_miss++; 473 s->session_ctx->stats.sess_miss++;
354 ret=NULL; 474 ret=NULL;
355 if (s->ctx->get_session_cb != NULL 475 if (s->session_ctx->get_session_cb != NULL
356 && (ret=s->ctx->get_session_cb(s,session_id,len,&copy)) 476 && (ret=s->session_ctx->get_session_cb(s,session_id,len,&copy))
357 != NULL) 477 != NULL)
358 { 478 {
359 s->ctx->stats.sess_cb_hit++; 479 s->session_ctx->stats.sess_cb_hit++;
360 480
361 /* Increment reference count now if the session callback 481 /* Increment reference count now if the session callback
362 * asks us to do so (note that if the session structures 482 * asks us to do so (note that if the session structures
@@ -368,10 +488,10 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
368 488
369 /* Add the externally cached session to the internal 489 /* Add the externally cached session to the internal
370 * cache as well if and only if we are supposed to. */ 490 * cache as well if and only if we are supposed to. */
371 if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE)) 491 if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
372 /* The following should not return 1, otherwise, 492 /* The following should not return 1, otherwise,
373 * things are very strange */ 493 * things are very strange */
374 SSL_CTX_add_session(s->ctx,ret); 494 SSL_CTX_add_session(s->session_ctx,ret);
375 } 495 }
376 if (ret == NULL) 496 if (ret == NULL)
377 goto err; 497 goto err;
@@ -418,7 +538,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
418 p=buf; 538 p=buf;
419 l=ret->cipher_id; 539 l=ret->cipher_id;
420 l2n(l,p); 540 l2n(l,p);
421 if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR) 541 if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
422 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2])); 542 ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
423 else 543 else
424 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); 544 ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
@@ -438,13 +558,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
438 558
439 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ 559 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
440 { 560 {
441 s->ctx->stats.sess_timeout++; 561 s->session_ctx->stats.sess_timeout++;
442 /* remove it from the cache */ 562 /* remove it from the cache */
443 SSL_CTX_remove_session(s->ctx,ret); 563 SSL_CTX_remove_session(s->session_ctx,ret);
444 goto err; 564 goto err;
445 } 565 }
446 566
447 s->ctx->stats.sess_hit++; 567 s->session_ctx->stats.sess_hit++;
448 568
449 /* ret->time=time(NULL); */ /* rezero timeout? */ 569 /* ret->time=time(NULL); */ /* rezero timeout? */
450 /* again, just leave the session 570 /* again, just leave the session
@@ -477,7 +597,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
477 /* if session c is in already in cache, we take back the increment later */ 597 /* if session c is in already in cache, we take back the increment later */
478 598
479 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 599 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
480 s=(SSL_SESSION *)lh_insert(ctx->sessions,c); 600 s=lh_SSL_SESSION_insert(ctx->sessions,c);
481 601
482 /* s != NULL iff we already had a session with the given PID. 602 /* s != NULL iff we already had a session with the given PID.
483 * In this case, s == c should hold (then we did not really modify 603 * In this case, s == c should hold (then we did not really modify
@@ -543,10 +663,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
543 if ((c != NULL) && (c->session_id_length != 0)) 663 if ((c != NULL) && (c->session_id_length != 0))
544 { 664 {
545 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 665 if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
546 if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c) 666 if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c)
547 { 667 {
548 ret=1; 668 ret=1;
549 r=(SSL_SESSION *)lh_delete(ctx->sessions,c); 669 r=lh_SSL_SESSION_delete(ctx->sessions,c);
550 SSL_SESSION_list_remove(ctx,c); 670 SSL_SESSION_list_remove(ctx,c);
551 } 671 }
552 672
@@ -596,6 +716,18 @@ void SSL_SESSION_free(SSL_SESSION *ss)
596#ifndef OPENSSL_NO_TLSEXT 716#ifndef OPENSSL_NO_TLSEXT
597 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname); 717 if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
598 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick); 718 if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
719#ifndef OPENSSL_NO_EC
720 ss->tlsext_ecpointformatlist_length = 0;
721 if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
722 ss->tlsext_ellipticcurvelist_length = 0;
723 if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
724#endif /* OPENSSL_NO_EC */
725#endif
726#ifndef OPENSSL_NO_PSK
727 if (ss->psk_identity_hint != NULL)
728 OPENSSL_free(ss->psk_identity_hint);
729 if (ss->psk_identity != NULL)
730 OPENSSL_free(ss->psk_identity);
599#endif 731#endif
600 OPENSSL_cleanse(ss,sizeof(*ss)); 732 OPENSSL_cleanse(ss,sizeof(*ss));
601 OPENSSL_free(ss); 733 OPENSSL_free(ss);
@@ -604,7 +736,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
604int SSL_set_session(SSL *s, SSL_SESSION *session) 736int SSL_set_session(SSL *s, SSL_SESSION *session)
605 { 737 {
606 int ret=0; 738 int ret=0;
607 SSL_METHOD *meth; 739 const SSL_METHOD *meth;
608 740
609 if (session != NULL) 741 if (session != NULL)
610 { 742 {
@@ -707,20 +839,75 @@ long SSL_CTX_get_timeout(const SSL_CTX *s)
707 return(s->session_timeout); 839 return(s->session_timeout);
708 } 840 }
709 841
842#ifndef OPENSSL_NO_TLSEXT
843int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
844 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
845 {
846 if (s == NULL) return(0);
847 s->tls_session_secret_cb = tls_session_secret_cb;
848 s->tls_session_secret_cb_arg = arg;
849 return(1);
850 }
851
852int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
853 void *arg)
854 {
855 if (s == NULL) return(0);
856 s->tls_session_ticket_ext_cb = cb;
857 s->tls_session_ticket_ext_cb_arg = arg;
858 return(1);
859 }
860
861int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
862 {
863 if (s->version >= TLS1_VERSION)
864 {
865 if (s->tlsext_session_ticket)
866 {
867 OPENSSL_free(s->tlsext_session_ticket);
868 s->tlsext_session_ticket = NULL;
869 }
870
871 s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
872 if (!s->tlsext_session_ticket)
873 {
874 SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
875 return 0;
876 }
877
878 if (ext_data)
879 {
880 s->tlsext_session_ticket->length = ext_len;
881 s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
882 memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
883 }
884 else
885 {
886 s->tlsext_session_ticket->length = 0;
887 s->tlsext_session_ticket->data = NULL;
888 }
889
890 return 1;
891 }
892
893 return 0;
894 }
895#endif /* OPENSSL_NO_TLSEXT */
896
710typedef struct timeout_param_st 897typedef struct timeout_param_st
711 { 898 {
712 SSL_CTX *ctx; 899 SSL_CTX *ctx;
713 long time; 900 long time;
714 LHASH *cache; 901 LHASH_OF(SSL_SESSION) *cache;
715 } TIMEOUT_PARAM; 902 } TIMEOUT_PARAM;
716 903
717static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p) 904static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
718 { 905 {
719 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ 906 if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
720 { 907 {
721 /* The reason we don't call SSL_CTX_remove_session() is to 908 /* The reason we don't call SSL_CTX_remove_session() is to
722 * save on locking overhead */ 909 * save on locking overhead */
723 lh_delete(p->cache,s); 910 (void)lh_SSL_SESSION_delete(p->cache,s);
724 SSL_SESSION_list_remove(p->ctx,s); 911 SSL_SESSION_list_remove(p->ctx,s);
725 s->not_resumable=1; 912 s->not_resumable=1;
726 if (p->ctx->remove_session_cb != NULL) 913 if (p->ctx->remove_session_cb != NULL)
@@ -729,7 +916,7 @@ static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
729 } 916 }
730 } 917 }
731 918
732static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *) 919static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
733 920
734void SSL_CTX_flush_sessions(SSL_CTX *s, long t) 921void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
735 { 922 {
@@ -741,10 +928,11 @@ void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
741 if (tp.cache == NULL) return; 928 if (tp.cache == NULL) return;
742 tp.time=t; 929 tp.time=t;
743 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 930 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
744 i=tp.cache->down_load; 931 i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
745 tp.cache->down_load=0; 932 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
746 lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp); 933 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
747 tp.cache->down_load=i; 934 TIMEOUT_PARAM, &tp);
935 CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
748 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); 936 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
749 } 937 }
750 938
@@ -904,3 +1092,4 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
904 ctx->app_verify_cookie_cb=cb; 1092 ctx->app_verify_cookie_cb=cb;
905 } 1093 }
906 1094
1095IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
index 73b02509d4..144b81e55f 100644
--- a/src/lib/libssl/ssl_stat.c
+++ b/src/lib/libssl/ssl_stat.c
@@ -55,6 +55,32 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
58 84
59#include <stdio.h> 85#include <stdio.h>
60#include "ssl_locl.h" 86#include "ssl_locl.h"
@@ -198,6 +224,12 @@ case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
198case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; 224case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
199#endif 225#endif
200 226
227/* DTLS */
228case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
229case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
230case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
231case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
232
201default: str="unknown state"; break; 233default: str="unknown state"; break;
202 } 234 }
203 return(str); 235 return(str);
@@ -345,6 +377,11 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
345case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; 377case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
346case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; 378case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
347#endif 379#endif
380/* DTLS */
381case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
382case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
383case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
384case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
348 385
349default: str="UNKWN "; break; 386default: str="UNKWN "; break;
350 } 387 }
@@ -403,6 +440,12 @@ const char *SSL_alert_desc_string(int value)
403 case TLS1_AD_INTERNAL_ERROR: str="IE"; break; 440 case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
404 case TLS1_AD_USER_CANCELLED: str="US"; break; 441 case TLS1_AD_USER_CANCELLED: str="US"; break;
405 case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; 442 case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
443 case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break;
444 case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break;
445 case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break;
446 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
447 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
448 case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break;
406 default: str="UK"; break; 449 default: str="UK"; break;
407 } 450 }
408 return(str); 451 return(str);
@@ -486,6 +529,24 @@ const char *SSL_alert_desc_string_long(int value)
486 case TLS1_AD_NO_RENEGOTIATION: 529 case TLS1_AD_NO_RENEGOTIATION:
487 str="no renegotiation"; 530 str="no renegotiation";
488 break; 531 break;
532 case TLS1_AD_UNSUPPORTED_EXTENSION:
533 str="unsupported extension";
534 break;
535 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
536 str="certificate unobtainable";
537 break;
538 case TLS1_AD_UNRECOGNIZED_NAME:
539 str="unrecognized name";
540 break;
541 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
542 str="bad certificate status response";
543 break;
544 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
545 str="bad certificate hash value";
546 break;
547 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
548 str="unknown PSK identity";
549 break;
489 default: str="unknown"; break; 550 default: str="unknown"; break;
490 } 551 }
491 return(str); 552 return(str);
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
index 06b86750fd..3122440e26 100644
--- a/src/lib/libssl/ssl_txt.c
+++ b/src/lib/libssl/ssl_txt.c
@@ -55,6 +55,32 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
60 *
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
63 * license.
64 *
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
68 *
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
72 *
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
77 *
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
82 * OTHERWISE.
83 */
58 84
59#include <stdio.h> 85#include <stdio.h>
60#include <openssl/buffer.h> 86#include <openssl/buffer.h>
@@ -91,6 +117,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
91 s="SSLv3"; 117 s="SSLv3";
92 else if (x->ssl_version == TLS1_VERSION) 118 else if (x->ssl_version == TLS1_VERSION)
93 s="TLSv1"; 119 s="TLSv1";
120 else if (x->ssl_version == DTLS1_VERSION)
121 s="DTLSv1";
122 else if (x->ssl_version == DTLS1_BAD_VER)
123 s="DTLSv1-bad";
94 else 124 else
95 s="unknown"; 125 s="unknown";
96 if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; 126 if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
@@ -151,6 +181,12 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
151 if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; 181 if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
152 } 182 }
153#endif /* OPENSSL_NO_KRB5 */ 183#endif /* OPENSSL_NO_KRB5 */
184#ifndef OPENSSL_NO_PSK
185 if (BIO_puts(bp,"\n PSK identity: ") <= 0) goto err;
186 if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
187 if (BIO_puts(bp,"\n PSK identity hint: ") <= 0) goto err;
188 if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
189#endif
154#ifndef OPENSSL_NO_TLSEXT 190#ifndef OPENSSL_NO_TLSEXT
155 if (x->tlsext_tick_lifetime_hint) 191 if (x->tlsext_tick_lifetime_hint)
156 { 192 {
@@ -166,19 +202,20 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
166 goto err; 202 goto err;
167 } 203 }
168#endif 204#endif
205
169#ifndef OPENSSL_NO_COMP 206#ifndef OPENSSL_NO_COMP
170 if (x->compress_meth != 0) 207 if (x->compress_meth != 0)
171 { 208 {
172 SSL_COMP *comp = NULL; 209 SSL_COMP *comp = NULL;
173 210
174 ssl_cipher_get_evp(x,NULL,NULL,&comp); 211 ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp);
175 if (comp == NULL) 212 if (comp == NULL)
176 { 213 {
177 if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; 214 if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
178 } 215 }
179 else 216 else
180 { 217 {
181 if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; 218 if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
182 } 219 }
183 } 220 }
184#endif 221#endif
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c
index 4d1e198cdc..c87af17712 100644
--- a/src/lib/libssl/t1_clnt.c
+++ b/src/lib/libssl/t1_clnt.c
@@ -63,8 +63,8 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65 65
66static SSL_METHOD *tls1_get_client_method(int ver); 66static const SSL_METHOD *tls1_get_client_method(int ver);
67static SSL_METHOD *tls1_get_client_method(int ver) 67static const SSL_METHOD *tls1_get_client_method(int ver)
68 { 68 {
69 if (ver == TLS1_VERSION) 69 if (ver == TLS1_VERSION)
70 return(TLSv1_client_method()); 70 return(TLSv1_client_method());
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 7cb3e29a41..9719541f2b 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -108,6 +108,32 @@
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111/* ====================================================================
112 * Copyright 2005 Nokia. All rights reserved.
113 *
114 * The portions of the attached software ("Contribution") is developed by
115 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * license.
117 *
118 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
120 * support (see RFC 4279) to OpenSSL.
121 *
122 * No patent licenses or other rights except those expressly stated in
123 * the OpenSSL open source license shall be deemed granted or received
124 * expressly, by implication, estoppel, or otherwise.
125 *
126 * No assurances are provided by Nokia that the Contribution does not
127 * infringe the patent or other intellectual property rights of any third
128 * party or that the license provides you with all the necessary rights
129 * to make use of the Contribution.
130 *
131 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
132 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
133 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
134 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
135 * OTHERWISE.
136 */
111 137
112#include <stdio.h> 138#include <stdio.h>
113#include "ssl_locl.h" 139#include "ssl_locl.h"
@@ -121,8 +147,14 @@
121#include <openssl/des.h> 147#include <openssl/des.h>
122#endif 148#endif
123 149
124static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, 150/* seed1 through seed5 are virtually concatenated */
125 int sec_len, unsigned char *seed, int seed_len, 151static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
152 int sec_len,
153 const void *seed1, int seed1_len,
154 const void *seed2, int seed2_len,
155 const void *seed3, int seed3_len,
156 const void *seed4, int seed4_len,
157 const void *seed5, int seed5_len,
126 unsigned char *out, int olen) 158 unsigned char *out, int olen)
127 { 159 {
128 int chunk,n; 160 int chunk,n;
@@ -131,84 +163,133 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
131 HMAC_CTX ctx_tmp; 163 HMAC_CTX ctx_tmp;
132 unsigned char A1[EVP_MAX_MD_SIZE]; 164 unsigned char A1[EVP_MAX_MD_SIZE];
133 unsigned int A1_len; 165 unsigned int A1_len;
166 int ret = 0;
134 167
135 chunk=EVP_MD_size(md); 168 chunk=EVP_MD_size(md);
169 OPENSSL_assert(chunk >= 0);
136 170
137 HMAC_CTX_init(&ctx); 171 HMAC_CTX_init(&ctx);
138 HMAC_CTX_init(&ctx_tmp); 172 HMAC_CTX_init(&ctx_tmp);
139 HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 173 if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
140 HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 174 goto err;
141 HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); 175 if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
142 HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); 176 goto err;
143 HMAC_Update(&ctx,seed,seed_len); 177 if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
144 HMAC_Final(&ctx,A1,&A1_len); 178 goto err;
179 if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
180 goto err;
181 if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
182 goto err;
183 if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
184 goto err;
185 if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
186 goto err;
187 if (!HMAC_Final(&ctx,A1,&A1_len))
188 goto err;
145 189
146 n=0; 190 n=0;
147 for (;;) 191 for (;;)
148 { 192 {
149 HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ 193 if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
150 HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ 194 goto err;
151 HMAC_Update(&ctx,A1,A1_len); 195 if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
152 HMAC_Update(&ctx_tmp,A1,A1_len); 196 goto err;
153 HMAC_Update(&ctx,seed,seed_len); 197 if (!HMAC_Update(&ctx,A1,A1_len))
198 goto err;
199 if (!HMAC_Update(&ctx_tmp,A1,A1_len))
200 goto err;
201 if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
202 goto err;
203 if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
204 goto err;
205 if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
206 goto err;
207 if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
208 goto err;
209 if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
210 goto err;
154 211
155 if (olen > chunk) 212 if (olen > chunk)
156 { 213 {
157 HMAC_Final(&ctx,out,&j); 214 if (!HMAC_Final(&ctx,out,&j))
215 goto err;
158 out+=j; 216 out+=j;
159 olen-=j; 217 olen-=j;
160 HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */ 218 if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
219 goto err;
161 } 220 }
162 else /* last one */ 221 else /* last one */
163 { 222 {
164 HMAC_Final(&ctx,A1,&A1_len); 223 if (!HMAC_Final(&ctx,A1,&A1_len))
224 goto err;
165 memcpy(out,A1,olen); 225 memcpy(out,A1,olen);
166 break; 226 break;
167 } 227 }
168 } 228 }
229 ret = 1;
230err:
169 HMAC_CTX_cleanup(&ctx); 231 HMAC_CTX_cleanup(&ctx);
170 HMAC_CTX_cleanup(&ctx_tmp); 232 HMAC_CTX_cleanup(&ctx_tmp);
171 OPENSSL_cleanse(A1,sizeof(A1)); 233 OPENSSL_cleanse(A1,sizeof(A1));
234 return ret;
172 } 235 }
173 236
174static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, 237/* seed1 through seed5 are virtually concatenated */
175 unsigned char *label, int label_len, 238static int tls1_PRF(long digest_mask,
176 const unsigned char *sec, int slen, unsigned char *out1, 239 const void *seed1, int seed1_len,
240 const void *seed2, int seed2_len,
241 const void *seed3, int seed3_len,
242 const void *seed4, int seed4_len,
243 const void *seed5, int seed5_len,
244 const unsigned char *sec, int slen,
245 unsigned char *out1,
177 unsigned char *out2, int olen) 246 unsigned char *out2, int olen)
178 { 247 {
179 int len,i; 248 int len,i,idx,count;
180 const unsigned char *S1,*S2; 249 const unsigned char *S1;
181 250 long m;
182 len=slen/2; 251 const EVP_MD *md;
252 int ret = 0;
253
254 /* Count number of digests and partition sec evenly */
255 count=0;
256 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
257 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
258 }
259 len=slen/count;
183 S1=sec; 260 S1=sec;
184 S2= &(sec[len]); 261 memset(out1,0,olen);
185 len+=(slen&1); /* add for odd, make longer */ 262 for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
186 263 if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
187 264 if (!md) {
188 tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen); 265 SSLerr(SSL_F_TLS1_PRF,
189 tls1_P_hash(sha1,S2,len,label,label_len,out2,olen); 266 SSL_R_UNSUPPORTED_DIGEST_TYPE);
190 267 goto err;
191 for (i=0; i<olen; i++) 268 }
192 out1[i]^=out2[i]; 269 if (!tls1_P_hash(md ,S1,len+(slen&1),
270 seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
271 out2,olen))
272 goto err;
273 S1+=len;
274 for (i=0; i<olen; i++)
275 {
276 out1[i]^=out2[i];
277 }
278 }
193 } 279 }
194 280 ret = 1;
195static void tls1_generate_key_block(SSL *s, unsigned char *km, 281err:
282 return ret;
283}
284static int tls1_generate_key_block(SSL *s, unsigned char *km,
196 unsigned char *tmp, int num) 285 unsigned char *tmp, int num)
197 { 286 {
198 unsigned char *p; 287 int ret;
199 unsigned char buf[SSL3_RANDOM_SIZE*2+ 288 ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
200 TLS_MD_MAX_CONST_SIZE]; 289 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
201 p=buf; 290 s->s3->server_random,SSL3_RANDOM_SIZE,
202 291 s->s3->client_random,SSL3_RANDOM_SIZE,
203 memcpy(p,TLS_MD_KEY_EXPANSION_CONST, 292 NULL,0,NULL,0,
204 TLS_MD_KEY_EXPANSION_CONST_SIZE);
205 p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
206 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
207 p+=SSL3_RANDOM_SIZE;
208 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
209 p+=SSL3_RANDOM_SIZE;
210
211 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
212 s->session->master_key,s->session->master_key_length, 293 s->session->master_key,s->session->master_key_length,
213 km,tmp,num); 294 km,tmp,num);
214#ifdef KSSL_DEBUG 295#ifdef KSSL_DEBUG
@@ -222,14 +303,14 @@ static void tls1_generate_key_block(SSL *s, unsigned char *km,
222 } 303 }
223 printf("\n"); } 304 printf("\n"); }
224#endif /* KSSL_DEBUG */ 305#endif /* KSSL_DEBUG */
306 return ret;
225 } 307 }
226 308
227int tls1_change_cipher_state(SSL *s, int which) 309int tls1_change_cipher_state(SSL *s, int which)
228 { 310 {
229 static const unsigned char empty[]=""; 311 static const unsigned char empty[]="";
230 unsigned char *p,*key_block,*mac_secret; 312 unsigned char *p,*key_block,*mac_secret;
231 unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ 313 unsigned char *exp_label;
232 SSL3_RANDOM_SIZE*2];
233 unsigned char tmp1[EVP_MAX_KEY_LENGTH]; 314 unsigned char tmp1[EVP_MAX_KEY_LENGTH];
234 unsigned char tmp2[EVP_MAX_KEY_LENGTH]; 315 unsigned char tmp2[EVP_MAX_KEY_LENGTH];
235 unsigned char iv1[EVP_MAX_IV_LENGTH*2]; 316 unsigned char iv1[EVP_MAX_IV_LENGTH*2];
@@ -242,12 +323,17 @@ int tls1_change_cipher_state(SSL *s, int which)
242 const SSL_COMP *comp; 323 const SSL_COMP *comp;
243#endif 324#endif
244 const EVP_MD *m; 325 const EVP_MD *m;
326 int mac_type;
327 int *mac_secret_size;
328 EVP_MD_CTX *mac_ctx;
329 EVP_PKEY *mac_key;
245 int is_export,n,i,j,k,exp_label_len,cl; 330 int is_export,n,i,j,k,exp_label_len,cl;
246 int reuse_dd = 0; 331 int reuse_dd = 0;
247 332
248 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); 333 is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
249 c=s->s3->tmp.new_sym_enc; 334 c=s->s3->tmp.new_sym_enc;
250 m=s->s3->tmp.new_hash; 335 m=s->s3->tmp.new_hash;
336 mac_type = s->s3->tmp.new_mac_pkey_type;
251#ifndef OPENSSL_NO_COMP 337#ifndef OPENSSL_NO_COMP
252 comp=s->s3->tmp.new_compression; 338 comp=s->s3->tmp.new_compression;
253#endif 339#endif
@@ -255,21 +341,28 @@ int tls1_change_cipher_state(SSL *s, int which)
255 341
256#ifdef KSSL_DEBUG 342#ifdef KSSL_DEBUG
257 printf("tls1_change_cipher_state(which= %d) w/\n", which); 343 printf("tls1_change_cipher_state(which= %d) w/\n", which);
258 printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, 344 printf("\talg= %ld/%ld, comp= %p\n",
259 (void *)comp); 345 s->s3->tmp.new_cipher->algorithm_mkey,
260 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); 346 s->s3->tmp.new_cipher->algorithm_auth,
347 comp);
348 printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
261 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", 349 printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
262 c->nid,c->block_size,c->key_len,c->iv_len); 350 c->nid,c->block_size,c->key_len,c->iv_len);
263 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); 351 printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
264 { 352 {
265 int ki; 353 int i;
266 for (ki=0; ki<s->s3->tmp.key_block_length; ki++) 354 for (i=0; i<s->s3->tmp.key_block_length; i++)
267 printf("%02x", key_block[ki]); printf("\n"); 355 printf("%02x", key_block[i]); printf("\n");
268 } 356 }
269#endif /* KSSL_DEBUG */ 357#endif /* KSSL_DEBUG */
270 358
271 if (which & SSL3_CC_READ) 359 if (which & SSL3_CC_READ)
272 { 360 {
361 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
362 s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
363 else
364 s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
365
273 if (s->enc_read_ctx != NULL) 366 if (s->enc_read_ctx != NULL)
274 reuse_dd = 1; 367 reuse_dd = 1;
275 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) 368 else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -278,7 +371,7 @@ int tls1_change_cipher_state(SSL *s, int which)
278 /* make sure it's intialized in case we exit later with an error */ 371 /* make sure it's intialized in case we exit later with an error */
279 EVP_CIPHER_CTX_init(s->enc_read_ctx); 372 EVP_CIPHER_CTX_init(s->enc_read_ctx);
280 dd= s->enc_read_ctx; 373 dd= s->enc_read_ctx;
281 s->read_hash=m; 374 mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
282#ifndef OPENSSL_NO_COMP 375#ifndef OPENSSL_NO_COMP
283 if (s->expand != NULL) 376 if (s->expand != NULL)
284 { 377 {
@@ -304,9 +397,14 @@ int tls1_change_cipher_state(SSL *s, int which)
304 if (s->version != DTLS1_VERSION) 397 if (s->version != DTLS1_VERSION)
305 memset(&(s->s3->read_sequence[0]),0,8); 398 memset(&(s->s3->read_sequence[0]),0,8);
306 mac_secret= &(s->s3->read_mac_secret[0]); 399 mac_secret= &(s->s3->read_mac_secret[0]);
400 mac_secret_size=&(s->s3->read_mac_secret_size);
307 } 401 }
308 else 402 else
309 { 403 {
404 if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
405 s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
406 else
407 s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
310 if (s->enc_write_ctx != NULL) 408 if (s->enc_write_ctx != NULL)
311 reuse_dd = 1; 409 reuse_dd = 1;
312 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) 410 else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
@@ -315,7 +413,7 @@ int tls1_change_cipher_state(SSL *s, int which)
315 /* make sure it's intialized in case we exit later with an error */ 413 /* make sure it's intialized in case we exit later with an error */
316 EVP_CIPHER_CTX_init(s->enc_write_ctx); 414 EVP_CIPHER_CTX_init(s->enc_write_ctx);
317 dd= s->enc_write_ctx; 415 dd= s->enc_write_ctx;
318 s->write_hash=m; 416 mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
319#ifndef OPENSSL_NO_COMP 417#ifndef OPENSSL_NO_COMP
320 if (s->compress != NULL) 418 if (s->compress != NULL)
321 { 419 {
@@ -336,13 +434,15 @@ int tls1_change_cipher_state(SSL *s, int which)
336 if (s->version != DTLS1_VERSION) 434 if (s->version != DTLS1_VERSION)
337 memset(&(s->s3->write_sequence[0]),0,8); 435 memset(&(s->s3->write_sequence[0]),0,8);
338 mac_secret= &(s->s3->write_mac_secret[0]); 436 mac_secret= &(s->s3->write_mac_secret[0]);
437 mac_secret_size = &(s->s3->write_mac_secret_size);
339 } 438 }
340 439
341 if (reuse_dd) 440 if (reuse_dd)
342 EVP_CIPHER_CTX_cleanup(dd); 441 EVP_CIPHER_CTX_cleanup(dd);
343 442
344 p=s->s3->tmp.key_block; 443 p=s->s3->tmp.key_block;
345 i=EVP_MD_size(m); 444 i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
445
346 cl=EVP_CIPHER_key_length(c); 446 cl=EVP_CIPHER_key_length(c);
347 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? 447 j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
348 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; 448 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
@@ -378,6 +478,10 @@ int tls1_change_cipher_state(SSL *s, int which)
378 } 478 }
379 479
380 memcpy(mac_secret,ms,i); 480 memcpy(mac_secret,ms,i);
481 mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
482 mac_secret,*mac_secret_size);
483 EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
484 EVP_PKEY_free(mac_key);
381#ifdef TLS_DEBUG 485#ifdef TLS_DEBUG
382printf("which = %04X\nmac key=",which); 486printf("which = %04X\nmac key=",which);
383{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } 487{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
@@ -387,29 +491,24 @@ printf("which = %04X\nmac key=",which);
387 /* In here I set both the read and write key/iv to the 491 /* In here I set both the read and write key/iv to the
388 * same value since only the correct one will be used :-). 492 * same value since only the correct one will be used :-).
389 */ 493 */
390 p=buf; 494 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
391 memcpy(p,exp_label,exp_label_len); 495 exp_label,exp_label_len,
392 p+=exp_label_len; 496 s->s3->client_random,SSL3_RANDOM_SIZE,
393 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 497 s->s3->server_random,SSL3_RANDOM_SIZE,
394 p+=SSL3_RANDOM_SIZE; 498 NULL,0,NULL,0,
395 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); 499 key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
396 p+=SSL3_RANDOM_SIZE; 500 goto err2;
397 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
398 tmp1,tmp2,EVP_CIPHER_key_length(c));
399 key=tmp1; 501 key=tmp1;
400 502
401 if (k > 0) 503 if (k > 0)
402 { 504 {
403 p=buf; 505 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
404 memcpy(p,TLS_MD_IV_BLOCK_CONST, 506 TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
405 TLS_MD_IV_BLOCK_CONST_SIZE); 507 s->s3->client_random,SSL3_RANDOM_SIZE,
406 p+=TLS_MD_IV_BLOCK_CONST_SIZE; 508 s->s3->server_random,SSL3_RANDOM_SIZE,
407 memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); 509 NULL,0,NULL,0,
408 p+=SSL3_RANDOM_SIZE; 510 empty,0,iv1,iv2,k*2))
409 memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); 511 goto err2;
410 p+=SSL3_RANDOM_SIZE;
411 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
412 iv1,iv2,k*2);
413 if (client_write) 512 if (client_write)
414 iv=iv1; 513 iv=iv1;
415 else 514 else
@@ -420,13 +519,11 @@ printf("which = %04X\nmac key=",which);
420 s->session->key_arg_length=0; 519 s->session->key_arg_length=0;
421#ifdef KSSL_DEBUG 520#ifdef KSSL_DEBUG
422 { 521 {
423 int ki; 522 int i;
424 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); 523 printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
425 printf("\tkey= "); 524 printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
426 for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]);
427 printf("\n"); 525 printf("\n");
428 printf("\t iv= "); 526 printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
429 for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]);
430 printf("\n"); 527 printf("\n");
431 } 528 }
432#endif /* KSSL_DEBUG */ 529#endif /* KSSL_DEBUG */
@@ -453,11 +550,13 @@ err2:
453 550
454int tls1_setup_key_block(SSL *s) 551int tls1_setup_key_block(SSL *s)
455 { 552 {
456 unsigned char *p1,*p2; 553 unsigned char *p1,*p2=NULL;
457 const EVP_CIPHER *c; 554 const EVP_CIPHER *c;
458 const EVP_MD *hash; 555 const EVP_MD *hash;
459 int num; 556 int num;
460 SSL_COMP *comp; 557 SSL_COMP *comp;
558 int mac_type= NID_undef,mac_secret_size=0;
559 int ret=0;
461 560
462#ifdef KSSL_DEBUG 561#ifdef KSSL_DEBUG
463 printf ("tls1_setup_key_block()\n"); 562 printf ("tls1_setup_key_block()\n");
@@ -466,7 +565,7 @@ int tls1_setup_key_block(SSL *s)
466 if (s->s3->tmp.key_block_length != 0) 565 if (s->s3->tmp.key_block_length != 0)
467 return(1); 566 return(1);
468 567
469 if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp)) 568 if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp))
470 { 569 {
471 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); 570 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
472 return(0); 571 return(0);
@@ -474,20 +573,27 @@ int tls1_setup_key_block(SSL *s)
474 573
475 s->s3->tmp.new_sym_enc=c; 574 s->s3->tmp.new_sym_enc=c;
476 s->s3->tmp.new_hash=hash; 575 s->s3->tmp.new_hash=hash;
477 576 s->s3->tmp.new_mac_pkey_type = mac_type;
478 num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); 577 s->s3->tmp.new_mac_secret_size = mac_secret_size;
578 num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
479 num*=2; 579 num*=2;
480 580
481 ssl3_cleanup_key_block(s); 581 ssl3_cleanup_key_block(s);
482 582
483 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) 583 if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
584 {
585 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
484 goto err; 586 goto err;
485 if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) 587 }
486 goto err;
487 588
488 s->s3->tmp.key_block_length=num; 589 s->s3->tmp.key_block_length=num;
489 s->s3->tmp.key_block=p1; 590 s->s3->tmp.key_block=p1;
490 591
592 if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
593 {
594 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
595 goto err;
596 }
491 597
492#ifdef TLS_DEBUG 598#ifdef TLS_DEBUG
493printf("client random\n"); 599printf("client random\n");
@@ -497,9 +603,8 @@ printf("server random\n");
497printf("pre-master\n"); 603printf("pre-master\n");
498{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); } 604{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
499#endif 605#endif
500 tls1_generate_key_block(s,p1,p2,num); 606 if (!tls1_generate_key_block(s,p1,p2,num))
501 OPENSSL_cleanse(p2,num); 607 goto err;
502 OPENSSL_free(p2);
503#ifdef TLS_DEBUG 608#ifdef TLS_DEBUG
504printf("\nkey block\n"); 609printf("\nkey block\n");
505{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } 610{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
@@ -514,20 +619,24 @@ printf("\nkey block\n");
514 619
515 if (s->session->cipher != NULL) 620 if (s->session->cipher != NULL)
516 { 621 {
517 if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) 622 if (s->session->cipher->algorithm_enc == SSL_eNULL)
518 s->s3->need_empty_fragments = 0; 623 s->s3->need_empty_fragments = 0;
519 624
520#ifndef OPENSSL_NO_RC4 625#ifndef OPENSSL_NO_RC4
521 if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) 626 if (s->session->cipher->algorithm_enc == SSL_RC4)
522 s->s3->need_empty_fragments = 0; 627 s->s3->need_empty_fragments = 0;
523#endif 628#endif
524 } 629 }
525 } 630 }
526 631
527 return(1); 632 ret = 1;
528err: 633err:
529 SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); 634 if (p2)
530 return(0); 635 {
636 OPENSSL_cleanse(p2,num);
637 OPENSSL_free(p2);
638 }
639 return(ret);
531 } 640 }
532 641
533int tls1_enc(SSL *s, int send) 642int tls1_enc(SSL *s, int send)
@@ -540,8 +649,11 @@ int tls1_enc(SSL *s, int send)
540 649
541 if (send) 650 if (send)
542 { 651 {
543 if (s->write_hash != NULL) 652 if (EVP_MD_CTX_md(s->write_hash))
544 n=EVP_MD_size(s->write_hash); 653 {
654 n=EVP_MD_CTX_size(s->write_hash);
655 OPENSSL_assert(n >= 0);
656 }
545 ds=s->enc_write_ctx; 657 ds=s->enc_write_ctx;
546 rec= &(s->s3->wrec); 658 rec= &(s->s3->wrec);
547 if (s->enc_write_ctx == NULL) 659 if (s->enc_write_ctx == NULL)
@@ -551,8 +663,11 @@ int tls1_enc(SSL *s, int send)
551 } 663 }
552 else 664 else
553 { 665 {
554 if (s->read_hash != NULL) 666 if (EVP_MD_CTX_md(s->read_hash))
555 n=EVP_MD_size(s->read_hash); 667 {
668 n=EVP_MD_CTX_size(s->read_hash);
669 OPENSSL_assert(n >= 0);
670 }
556 ds=s->enc_read_ctx; 671 ds=s->enc_read_ctx;
557 rec= &(s->s3->rrec); 672 rec= &(s->s3->rrec);
558 if (s->enc_read_ctx == NULL) 673 if (s->enc_read_ctx == NULL)
@@ -599,11 +714,10 @@ int tls1_enc(SSL *s, int send)
599 { 714 {
600 unsigned long ui; 715 unsigned long ui;
601 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 716 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
602 (void *)ds,rec->data,rec->input,l); 717 ds,rec->data,rec->input,l);
603 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", 718 printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
604 ds->buf_len, ds->cipher->key_len, 719 ds->buf_len, ds->cipher->key_len,
605 (unsigned long)DES_KEY_SZ, 720 DES_KEY_SZ, DES_SCHEDULE_SZ,
606 (unsigned long)DES_SCHEDULE_SZ,
607 ds->cipher->iv_len); 721 ds->cipher->iv_len);
608 printf("\t\tIV: "); 722 printf("\t\tIV: ");
609 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 723 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -628,10 +742,10 @@ int tls1_enc(SSL *s, int send)
628 742
629#ifdef KSSL_DEBUG 743#ifdef KSSL_DEBUG
630 { 744 {
631 unsigned long ki; 745 unsigned long i;
632 printf("\trec->data="); 746 printf("\trec->data=");
633 for (ki=0; ki<l; i++) 747 for (i=0; i<l; i++)
634 printf(" %02x", rec->data[ki]); printf("\n"); 748 printf(" %02x", rec->data[i]); printf("\n");
635 } 749 }
636#endif /* KSSL_DEBUG */ 750#endif /* KSSL_DEBUG */
637 751
@@ -679,56 +793,101 @@ int tls1_enc(SSL *s, int send)
679 } 793 }
680 return(1); 794 return(1);
681 } 795 }
682 796int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
683int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
684 { 797 {
685 unsigned int ret; 798 unsigned int ret;
686 EVP_MD_CTX ctx; 799 EVP_MD_CTX ctx, *d=NULL;
800 int i;
801
802 if (s->s3->handshake_buffer)
803 if (!ssl3_digest_cached_records(s))
804 return 0;
805
806 for (i=0;i<SSL_MAX_DIGEST;i++)
807 {
808 if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid)
809 {
810 d=s->s3->handshake_dgst[i];
811 break;
812 }
813 }
814 if (!d) {
815 SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
816 return 0;
817 }
687 818
688 EVP_MD_CTX_init(&ctx); 819 EVP_MD_CTX_init(&ctx);
689 EVP_MD_CTX_copy_ex(&ctx,in_ctx); 820 EVP_MD_CTX_copy_ex(&ctx,d);
690 EVP_DigestFinal_ex(&ctx,out,&ret); 821 EVP_DigestFinal_ex(&ctx,out,&ret);
691 EVP_MD_CTX_cleanup(&ctx); 822 EVP_MD_CTX_cleanup(&ctx);
692 return((int)ret); 823 return((int)ret);
693 } 824 }
694 825
695int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, 826int tls1_final_finish_mac(SSL *s,
696 const char *str, int slen, unsigned char *out) 827 const char *str, int slen, unsigned char *out)
697 { 828 {
698 unsigned int i; 829 unsigned int i;
699 EVP_MD_CTX ctx; 830 EVP_MD_CTX ctx;
700 unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; 831 unsigned char buf[2*EVP_MAX_MD_SIZE];
701 unsigned char *q,buf2[12]; 832 unsigned char *q,buf2[12];
833 int idx;
834 long mask;
835 int err=0;
836 const EVP_MD *md;
702 837
703 q=buf; 838 q=buf;
704 memcpy(q,str,slen); 839
705 q+=slen; 840 if (s->s3->handshake_buffer)
841 if (!ssl3_digest_cached_records(s))
842 return 0;
706 843
707 EVP_MD_CTX_init(&ctx); 844 EVP_MD_CTX_init(&ctx);
708 EVP_MD_CTX_copy_ex(&ctx,in1_ctx); 845
709 EVP_DigestFinal_ex(&ctx,q,&i); 846 for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
710 q+=i; 847 {
711 EVP_MD_CTX_copy_ex(&ctx,in2_ctx); 848 if (mask & s->s3->tmp.new_cipher->algorithm2)
712 EVP_DigestFinal_ex(&ctx,q,&i); 849 {
713 q+=i; 850 int hashsize = EVP_MD_size(md);
714 851 if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
715 tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), 852 {
716 s->session->master_key,s->session->master_key_length, 853 /* internal error: 'buf' is too small for this cipersuite! */
717 out,buf2,sizeof buf2); 854 err = 1;
855 }
856 else
857 {
858 EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
859 EVP_DigestFinal_ex(&ctx,q,&i);
860 if (i != (unsigned int)hashsize) /* can't really happen */
861 err = 1;
862 q+=i;
863 }
864 }
865 }
866
867 if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
868 str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
869 s->session->master_key,s->session->master_key_length,
870 out,buf2,sizeof buf2))
871 err = 1;
718 EVP_MD_CTX_cleanup(&ctx); 872 EVP_MD_CTX_cleanup(&ctx);
719 873
720 return sizeof buf2; 874 if (err)
875 return 0;
876 else
877 return sizeof buf2;
721 } 878 }
722 879
723int tls1_mac(SSL *ssl, unsigned char *md, int send) 880int tls1_mac(SSL *ssl, unsigned char *md, int send)
724 { 881 {
725 SSL3_RECORD *rec; 882 SSL3_RECORD *rec;
726 unsigned char *mac_sec,*seq; 883 unsigned char *mac_sec,*seq;
727 const EVP_MD *hash; 884 EVP_MD_CTX *hash;
728 unsigned int md_size; 885 size_t md_size;
729 int i; 886 int i;
730 HMAC_CTX hmac; 887 EVP_MD_CTX hmac, *mac_ctx;
731 unsigned char buf[5]; 888 unsigned char buf[5];
889 int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
890 int t;
732 891
733 if (send) 892 if (send)
734 { 893 {
@@ -745,43 +904,45 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
745 hash=ssl->read_hash; 904 hash=ssl->read_hash;
746 } 905 }
747 906
748 md_size=EVP_MD_size(hash); 907 t=EVP_MD_CTX_size(hash);
908 OPENSSL_assert(t >= 0);
909 md_size=t;
749 910
750 buf[0]=rec->type; 911 buf[0]=rec->type;
751 if (ssl->version == DTLS1_VERSION && ssl->client_version == DTLS1_BAD_VER) 912 buf[1]=(unsigned char)(ssl->version>>8);
752 { 913 buf[2]=(unsigned char)(ssl->version);
753 buf[1]=TLS1_VERSION_MAJOR;
754 buf[2]=TLS1_VERSION_MINOR;
755 }
756 else {
757 buf[1]=(unsigned char)(ssl->version>>8);
758 buf[2]=(unsigned char)(ssl->version);
759 }
760
761 buf[3]=rec->length>>8; 914 buf[3]=rec->length>>8;
762 buf[4]=rec->length&0xff; 915 buf[4]=rec->length&0xff;
763 916
764 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ 917 /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
765 HMAC_CTX_init(&hmac); 918 if (stream_mac)
766 HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); 919 {
920 mac_ctx = hash;
921 }
922 else
923 {
924 EVP_MD_CTX_copy(&hmac,hash);
925 mac_ctx = &hmac;
926 }
767 927
768 if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER) 928 if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
769 { 929 {
770 unsigned char dtlsseq[8],*p=dtlsseq; 930 unsigned char dtlsseq[8],*p=dtlsseq;
771 931
772 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p); 932 s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
773 memcpy (p,&seq[2],6); 933 memcpy (p,&seq[2],6);
774 934
775 HMAC_Update(&hmac,dtlsseq,8); 935 EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
776 } 936 }
777 else 937 else
778 HMAC_Update(&hmac,seq,8); 938 EVP_DigestSignUpdate(mac_ctx,seq,8);
779
780 HMAC_Update(&hmac,buf,5);
781 HMAC_Update(&hmac,rec->input,rec->length);
782 HMAC_Final(&hmac,md,&md_size);
783 HMAC_CTX_cleanup(&hmac);
784 939
940 EVP_DigestSignUpdate(mac_ctx,buf,5);
941 EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
942 t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
943 OPENSSL_assert(t > 0);
944
945 if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
785#ifdef TLS_DEBUG 946#ifdef TLS_DEBUG
786printf("sec="); 947printf("sec=");
787{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } 948{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
@@ -793,7 +954,7 @@ printf("rec=");
793{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } 954{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
794#endif 955#endif
795 956
796 if ( SSL_version(ssl) != DTLS1_VERSION) 957 if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
797 { 958 {
798 for (i=7; i>=0; i--) 959 for (i=7; i>=0; i--)
799 { 960 {
@@ -811,23 +972,35 @@ printf("rec=");
811int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, 972int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
812 int len) 973 int len)
813 { 974 {
814 unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
815 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; 975 unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
976 const void *co = NULL, *so = NULL;
977 int col = 0, sol = 0;
816 978
817#ifdef KSSL_DEBUG 979#ifdef KSSL_DEBUG
818 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len); 980 printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
819#endif /* KSSL_DEBUG */ 981#endif /* KSSL_DEBUG */
820 982
821 /* Setup the stuff to munge */ 983#ifdef TLSEXT_TYPE_opaque_prf_input
822 memcpy(buf,TLS_MD_MASTER_SECRET_CONST, 984 if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
823 TLS_MD_MASTER_SECRET_CONST_SIZE); 985 s->s3->client_opaque_prf_input_len > 0 &&
824 memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]), 986 s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
825 s->s3->client_random,SSL3_RANDOM_SIZE); 987 {
826 memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]), 988 co = s->s3->client_opaque_prf_input;
827 s->s3->server_random,SSL3_RANDOM_SIZE); 989 col = s->s3->server_opaque_prf_input_len;
828 tls1_PRF(s->ctx->md5,s->ctx->sha1, 990 so = s->s3->server_opaque_prf_input;
829 buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, 991 sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
992 }
993#endif
994
995 tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
996 TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
997 s->s3->client_random,SSL3_RANDOM_SIZE,
998 co, col,
999 s->s3->server_random,SSL3_RANDOM_SIZE,
1000 so, sol,
1001 p,len,
830 s->session->master_key,buff,sizeof buff); 1002 s->session->master_key,buff,sizeof buff);
1003
831#ifdef KSSL_DEBUG 1004#ifdef KSSL_DEBUG
832 printf ("tls1_generate_master_secret() complete\n"); 1005 printf ("tls1_generate_master_secret() complete\n");
833#endif /* KSSL_DEBUG */ 1006#endif /* KSSL_DEBUG */
@@ -862,7 +1035,13 @@ int tls1_alert_code(int code)
862 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); 1035 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
863 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); 1036 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
864 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); 1037 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
865#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 1038 case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
1039 case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
1040 case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
1041 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
1042 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
1043 case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
1044#if 0 /* not appropriate for TLS, not used for DTLS */
866 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 1045 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
867 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 1046 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
868#endif 1047#endif
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 9ce726996d..e8bc34c111 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include <openssl/objects.h> 113#include <openssl/objects.h>
@@ -92,11 +145,6 @@ long tls1_default_timeout(void)
92 return(60*60*2); 145 return(60*60*2);
93 } 146 }
94 147
95IMPLEMENT_tls1_meth_func(tlsv1_base_method,
96 ssl_undefined_function,
97 ssl_undefined_function,
98 ssl_bad_method)
99
100int tls1_new(SSL *s) 148int tls1_new(SSL *s)
101 { 149 {
102 if (!ssl3_new(s)) return(0); 150 if (!ssl3_new(s)) return(0);
@@ -106,6 +154,12 @@ int tls1_new(SSL *s)
106 154
107void tls1_free(SSL *s) 155void tls1_free(SSL *s)
108 { 156 {
157#ifndef OPENSSL_NO_TLSEXT
158 if (s->tlsext_session_ticket)
159 {
160 OPENSSL_free(s->tlsext_session_ticket);
161 }
162#endif /* OPENSSL_NO_TLSEXT */
109 ssl3_free(s); 163 ssl3_free(s);
110 } 164 }
111 165
@@ -115,17 +169,105 @@ void tls1_clear(SSL *s)
115 s->version=TLS1_VERSION; 169 s->version=TLS1_VERSION;
116 } 170 }
117 171
118#if 0 172#ifndef OPENSSL_NO_EC
119long tls1_ctrl(SSL *s, int cmd, long larg, char *parg) 173static int nid_list[] =
120 { 174 {
121 return(0); 175 NID_sect163k1, /* sect163k1 (1) */
176 NID_sect163r1, /* sect163r1 (2) */
177 NID_sect163r2, /* sect163r2 (3) */
178 NID_sect193r1, /* sect193r1 (4) */
179 NID_sect193r2, /* sect193r2 (5) */
180 NID_sect233k1, /* sect233k1 (6) */
181 NID_sect233r1, /* sect233r1 (7) */
182 NID_sect239k1, /* sect239k1 (8) */
183 NID_sect283k1, /* sect283k1 (9) */
184 NID_sect283r1, /* sect283r1 (10) */
185 NID_sect409k1, /* sect409k1 (11) */
186 NID_sect409r1, /* sect409r1 (12) */
187 NID_sect571k1, /* sect571k1 (13) */
188 NID_sect571r1, /* sect571r1 (14) */
189 NID_secp160k1, /* secp160k1 (15) */
190 NID_secp160r1, /* secp160r1 (16) */
191 NID_secp160r2, /* secp160r2 (17) */
192 NID_secp192k1, /* secp192k1 (18) */
193 NID_X9_62_prime192v1, /* secp192r1 (19) */
194 NID_secp224k1, /* secp224k1 (20) */
195 NID_secp224r1, /* secp224r1 (21) */
196 NID_secp256k1, /* secp256k1 (22) */
197 NID_X9_62_prime256v1, /* secp256r1 (23) */
198 NID_secp384r1, /* secp384r1 (24) */
199 NID_secp521r1 /* secp521r1 (25) */
200 };
201
202int tls1_ec_curve_id2nid(int curve_id)
203 {
204 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
205 if ((curve_id < 1) || ((unsigned int)curve_id >
206 sizeof(nid_list)/sizeof(nid_list[0])))
207 return 0;
208 return nid_list[curve_id-1];
122 } 209 }
123 210
124long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)()) 211int tls1_ec_nid2curve_id(int nid)
125 { 212 {
126 return(0); 213 /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
214 switch (nid)
215 {
216 case NID_sect163k1: /* sect163k1 (1) */
217 return 1;
218 case NID_sect163r1: /* sect163r1 (2) */
219 return 2;
220 case NID_sect163r2: /* sect163r2 (3) */
221 return 3;
222 case NID_sect193r1: /* sect193r1 (4) */
223 return 4;
224 case NID_sect193r2: /* sect193r2 (5) */
225 return 5;
226 case NID_sect233k1: /* sect233k1 (6) */
227 return 6;
228 case NID_sect233r1: /* sect233r1 (7) */
229 return 7;
230 case NID_sect239k1: /* sect239k1 (8) */
231 return 8;
232 case NID_sect283k1: /* sect283k1 (9) */
233 return 9;
234 case NID_sect283r1: /* sect283r1 (10) */
235 return 10;
236 case NID_sect409k1: /* sect409k1 (11) */
237 return 11;
238 case NID_sect409r1: /* sect409r1 (12) */
239 return 12;
240 case NID_sect571k1: /* sect571k1 (13) */
241 return 13;
242 case NID_sect571r1: /* sect571r1 (14) */
243 return 14;
244 case NID_secp160k1: /* secp160k1 (15) */
245 return 15;
246 case NID_secp160r1: /* secp160r1 (16) */
247 return 16;
248 case NID_secp160r2: /* secp160r2 (17) */
249 return 17;
250 case NID_secp192k1: /* secp192k1 (18) */
251 return 18;
252 case NID_X9_62_prime192v1: /* secp192r1 (19) */
253 return 19;
254 case NID_secp224k1: /* secp224k1 (20) */
255 return 20;
256 case NID_secp224r1: /* secp224r1 (21) */
257 return 21;
258 case NID_secp256k1: /* secp256k1 (22) */
259 return 22;
260 case NID_X9_62_prime256v1: /* secp256r1 (23) */
261 return 23;
262 case NID_secp384r1: /* secp384r1 (24) */
263 return 24;
264 case NID_secp521r1: /* secp521r1 (25) */
265 return 25;
266 default:
267 return 0;
268 }
127 } 269 }
128#endif 270#endif /* OPENSSL_NO_EC */
129 271
130#ifndef OPENSSL_NO_TLSEXT 272#ifndef OPENSSL_NO_TLSEXT
131unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 273unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
@@ -133,6 +275,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
133 int extdatalen=0; 275 int extdatalen=0;
134 unsigned char *ret = p; 276 unsigned char *ret = p;
135 277
278 /* don't add extensions for SSLv3 unless doing secure renegotiation */
279 if (s->client_version == SSL3_VERSION
280 && !s->s3->send_connection_binding)
281 return p;
282
136 ret+=2; 283 ret+=2;
137 284
138 if (ret>=limit) return NULL; /* this really never occurs, but ... */ 285 if (ret>=limit) return NULL; /* this really never occurs, but ... */
@@ -152,7 +299,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
152 */ 299 */
153 300
154 if ((lenmax = limit - ret - 9) < 0 301 if ((lenmax = limit - ret - 9) < 0
155 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 302 || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
156 return NULL; 303 return NULL;
157 304
158 /* extension type and length */ 305 /* extension type and length */
@@ -167,21 +314,108 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
167 s2n(size_str,ret); 314 s2n(size_str,ret);
168 memcpy(ret, s->tlsext_hostname, size_str); 315 memcpy(ret, s->tlsext_hostname, size_str);
169 ret+=size_str; 316 ret+=size_str;
317 }
170 318
319 /* Add RI if renegotiating */
320 if (s->new_session)
321 {
322 int el;
323
324 if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
325 {
326 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
327 return NULL;
328 }
329
330 if((limit - p - 4 - el) < 0) return NULL;
331
332 s2n(TLSEXT_TYPE_renegotiate,ret);
333 s2n(el,ret);
334
335 if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
336 {
337 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
338 return NULL;
339 }
340
341 ret += el;
342 }
343
344#ifndef OPENSSL_NO_EC
345 if (s->tlsext_ecpointformatlist != NULL &&
346 s->version != DTLS1_VERSION)
347 {
348 /* Add TLS extension ECPointFormats to the ClientHello message */
349 long lenmax;
350
351 if ((lenmax = limit - ret - 5) < 0) return NULL;
352 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
353 if (s->tlsext_ecpointformatlist_length > 255)
354 {
355 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
356 return NULL;
357 }
358
359 s2n(TLSEXT_TYPE_ec_point_formats,ret);
360 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
361 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
362 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
363 ret+=s->tlsext_ecpointformatlist_length;
364 }
365 if (s->tlsext_ellipticcurvelist != NULL &&
366 s->version != DTLS1_VERSION)
367 {
368 /* Add TLS extension EllipticCurves to the ClientHello message */
369 long lenmax;
370
371 if ((lenmax = limit - ret - 6) < 0) return NULL;
372 if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
373 if (s->tlsext_ellipticcurvelist_length > 65532)
374 {
375 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
376 return NULL;
377 }
378
379 s2n(TLSEXT_TYPE_elliptic_curves,ret);
380 s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
381
382 /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
383 * elliptic_curve_list, but the examples use two bytes.
384 * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
385 * resolves this to two bytes.
386 */
387 s2n(s->tlsext_ellipticcurvelist_length, ret);
388 memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
389 ret+=s->tlsext_ellipticcurvelist_length;
171 } 390 }
391#endif /* OPENSSL_NO_EC */
172 392
173 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) 393 if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
174 { 394 {
175 int ticklen; 395 int ticklen;
176 if (s->session && s->session->tlsext_tick) 396 if (!s->new_session && s->session && s->session->tlsext_tick)
177 ticklen = s->session->tlsext_ticklen; 397 ticklen = s->session->tlsext_ticklen;
398 else if (s->session && s->tlsext_session_ticket &&
399 s->tlsext_session_ticket->data)
400 {
401 ticklen = s->tlsext_session_ticket->length;
402 s->session->tlsext_tick = OPENSSL_malloc(ticklen);
403 if (!s->session->tlsext_tick)
404 return NULL;
405 memcpy(s->session->tlsext_tick,
406 s->tlsext_session_ticket->data,
407 ticklen);
408 s->session->tlsext_ticklen = ticklen;
409 }
178 else 410 else
179 ticklen = 0; 411 ticklen = 0;
412 if (ticklen == 0 && s->tlsext_session_ticket &&
413 s->tlsext_session_ticket->data == NULL)
414 goto skip_ext;
180 /* Check for enough room 2 for extension type, 2 for len 415 /* Check for enough room 2 for extension type, 2 for len
181 * rest for ticket 416 * rest for ticket
182 */ 417 */
183 if (limit - ret - 4 - ticklen < 0) 418 if ((long)(limit - ret - 4 - ticklen) < 0) return NULL;
184 return NULL;
185 s2n(TLSEXT_TYPE_session_ticket,ret); 419 s2n(TLSEXT_TYPE_session_ticket,ret);
186 s2n(ticklen,ret); 420 s2n(ticklen,ret);
187 if (ticklen) 421 if (ticklen)
@@ -190,8 +424,29 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
190 ret += ticklen; 424 ret += ticklen;
191 } 425 }
192 } 426 }
427 skip_ext:
193 428
194 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) 429#ifdef TLSEXT_TYPE_opaque_prf_input
430 if (s->s3->client_opaque_prf_input != NULL &&
431 s->version != DTLS1_VERSION)
432 {
433 size_t col = s->s3->client_opaque_prf_input_len;
434
435 if ((long)(limit - ret - 6 - col < 0))
436 return NULL;
437 if (col > 0xFFFD) /* can't happen */
438 return NULL;
439
440 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
441 s2n(col + 2, ret);
442 s2n(col, ret);
443 memcpy(ret, s->s3->client_opaque_prf_input, col);
444 ret += col;
445 }
446#endif
447
448 if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
449 s->version != DTLS1_VERSION)
195 { 450 {
196 int i; 451 int i;
197 long extlen, idlen, itmp; 452 long extlen, idlen, itmp;
@@ -251,21 +506,74 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
251 int extdatalen=0; 506 int extdatalen=0;
252 unsigned char *ret = p; 507 unsigned char *ret = p;
253 508
509 /* don't add extensions for SSLv3, unless doing secure renegotiation */
510 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
511 return p;
512
254 ret+=2; 513 ret+=2;
255 if (ret>=limit) return NULL; /* this really never occurs, but ... */ 514 if (ret>=limit) return NULL; /* this really never occurs, but ... */
256 515
257 if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL) 516 if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
258 { 517 {
259 if (limit - ret - 4 < 0) return NULL; 518 if ((long)(limit - ret - 4) < 0) return NULL;
260 519
261 s2n(TLSEXT_TYPE_server_name,ret); 520 s2n(TLSEXT_TYPE_server_name,ret);
262 s2n(0,ret); 521 s2n(0,ret);
263 } 522 }
264 523
524 if(s->s3->send_connection_binding)
525 {
526 int el;
527
528 if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
529 {
530 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
531 return NULL;
532 }
533
534 if((limit - p - 4 - el) < 0) return NULL;
535
536 s2n(TLSEXT_TYPE_renegotiate,ret);
537 s2n(el,ret);
538
539 if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
540 {
541 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
542 return NULL;
543 }
544
545 ret += el;
546 }
547
548#ifndef OPENSSL_NO_EC
549 if (s->tlsext_ecpointformatlist != NULL &&
550 s->version != DTLS1_VERSION)
551 {
552 /* Add TLS extension ECPointFormats to the ServerHello message */
553 long lenmax;
554
555 if ((lenmax = limit - ret - 5) < 0) return NULL;
556 if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
557 if (s->tlsext_ecpointformatlist_length > 255)
558 {
559 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
560 return NULL;
561 }
562
563 s2n(TLSEXT_TYPE_ec_point_formats,ret);
564 s2n(s->tlsext_ecpointformatlist_length + 1,ret);
565 *(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
566 memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
567 ret+=s->tlsext_ecpointformatlist_length;
568
569 }
570 /* Currently the server should not respond with a SupportedCurves extension */
571#endif /* OPENSSL_NO_EC */
572
265 if (s->tlsext_ticket_expected 573 if (s->tlsext_ticket_expected
266 && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 574 && !(SSL_get_options(s) & SSL_OP_NO_TICKET))
267 { 575 {
268 if (limit - ret - 4 < 0) return NULL; 576 if ((long)(limit - ret - 4) < 0) return NULL;
269 s2n(TLSEXT_TYPE_session_ticket,ret); 577 s2n(TLSEXT_TYPE_session_ticket,ret);
270 s2n(0,ret); 578 s2n(0,ret);
271 } 579 }
@@ -277,6 +585,39 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
277 s2n(0,ret); 585 s2n(0,ret);
278 } 586 }
279 587
588#ifdef TLSEXT_TYPE_opaque_prf_input
589 if (s->s3->server_opaque_prf_input != NULL &&
590 s->version != DTLS1_VERSION)
591 {
592 size_t sol = s->s3->server_opaque_prf_input_len;
593
594 if ((long)(limit - ret - 6 - sol) < 0)
595 return NULL;
596 if (sol > 0xFFFD) /* can't happen */
597 return NULL;
598
599 s2n(TLSEXT_TYPE_opaque_prf_input, ret);
600 s2n(sol + 2, ret);
601 s2n(sol, ret);
602 memcpy(ret, s->s3->server_opaque_prf_input, sol);
603 ret += sol;
604 }
605#endif
606 if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81)
607 && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
608 { const unsigned char cryptopro_ext[36] = {
609 0xfd, 0xe8, /*65000*/
610 0x00, 0x20, /*32 bytes length*/
611 0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
612 0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
613 0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
614 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17};
615 if (limit-ret<36) return NULL;
616 memcpy(ret,cryptopro_ext,36);
617 ret+=36;
618
619 }
620
280 if ((extdatalen = ret-p-2)== 0) 621 if ((extdatalen = ret-p-2)== 0)
281 return p; 622 return p;
282 623
@@ -290,15 +631,17 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
290 unsigned short size; 631 unsigned short size;
291 unsigned short len; 632 unsigned short len;
292 unsigned char *data = *p; 633 unsigned char *data = *p;
634 int renegotiate_seen = 0;
635
293 s->servername_done = 0; 636 s->servername_done = 0;
294 s->tlsext_status_type = -1; 637 s->tlsext_status_type = -1;
295 638
296 if (data >= (d+n-2)) 639 if (data >= (d+n-2))
297 return 1; 640 goto ri_check;
298 n2s(data,len); 641 n2s(data,len);
299 642
300 if (data > (d+n-len)) 643 if (data > (d+n-len))
301 return 1; 644 goto ri_check;
302 645
303 while (data <= (d+n-4)) 646 while (data <= (d+n-4))
304 { 647 {
@@ -306,8 +649,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
306 n2s(data,size); 649 n2s(data,size);
307 650
308 if (data+size > (d+n)) 651 if (data+size > (d+n))
309 return 1; 652 goto ri_check;
310 653#if 0
654 fprintf(stderr,"Received extension type %d size %d\n",type,size);
655#endif
311 if (s->tlsext_debug_cb) 656 if (s->tlsext_debug_cb)
312 s->tlsext_debug_cb(s, 0, type, data, size, 657 s->tlsext_debug_cb(s, 0, type, data, size,
313 s->tlsext_debug_arg); 658 s->tlsext_debug_arg);
@@ -407,8 +752,114 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
407 } 752 }
408 753
409 } 754 }
410 else if (type == TLSEXT_TYPE_status_request 755
411 && s->ctx->tlsext_status_cb) 756#ifndef OPENSSL_NO_EC
757 else if (type == TLSEXT_TYPE_ec_point_formats &&
758 s->version != DTLS1_VERSION)
759 {
760 unsigned char *sdata = data;
761 int ecpointformatlist_length = *(sdata++);
762
763 if (ecpointformatlist_length != size - 1)
764 {
765 *al = TLS1_AD_DECODE_ERROR;
766 return 0;
767 }
768 s->session->tlsext_ecpointformatlist_length = 0;
769 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
770 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
771 {
772 *al = TLS1_AD_INTERNAL_ERROR;
773 return 0;
774 }
775 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
776 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
777#if 0
778 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
779 sdata = s->session->tlsext_ecpointformatlist;
780 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
781 fprintf(stderr,"%i ",*(sdata++));
782 fprintf(stderr,"\n");
783#endif
784 }
785 else if (type == TLSEXT_TYPE_elliptic_curves &&
786 s->version != DTLS1_VERSION)
787 {
788 unsigned char *sdata = data;
789 int ellipticcurvelist_length = (*(sdata++) << 8);
790 ellipticcurvelist_length += (*(sdata++));
791
792 if (ellipticcurvelist_length != size - 2)
793 {
794 *al = TLS1_AD_DECODE_ERROR;
795 return 0;
796 }
797 s->session->tlsext_ellipticcurvelist_length = 0;
798 if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
799 if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
800 {
801 *al = TLS1_AD_INTERNAL_ERROR;
802 return 0;
803 }
804 s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
805 memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
806#if 0
807 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
808 sdata = s->session->tlsext_ellipticcurvelist;
809 for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
810 fprintf(stderr,"%i ",*(sdata++));
811 fprintf(stderr,"\n");
812#endif
813 }
814#endif /* OPENSSL_NO_EC */
815#ifdef TLSEXT_TYPE_opaque_prf_input
816 else if (type == TLSEXT_TYPE_opaque_prf_input &&
817 s->version != DTLS1_VERSION)
818 {
819 unsigned char *sdata = data;
820
821 if (size < 2)
822 {
823 *al = SSL_AD_DECODE_ERROR;
824 return 0;
825 }
826 n2s(sdata, s->s3->client_opaque_prf_input_len);
827 if (s->s3->client_opaque_prf_input_len != size - 2)
828 {
829 *al = SSL_AD_DECODE_ERROR;
830 return 0;
831 }
832
833 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
834 OPENSSL_free(s->s3->client_opaque_prf_input);
835 if (s->s3->client_opaque_prf_input_len == 0)
836 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
837 else
838 s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
839 if (s->s3->client_opaque_prf_input == NULL)
840 {
841 *al = TLS1_AD_INTERNAL_ERROR;
842 return 0;
843 }
844 }
845#endif
846 else if (type == TLSEXT_TYPE_session_ticket)
847 {
848 if (s->tls_session_ticket_ext_cb &&
849 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
850 {
851 *al = TLS1_AD_INTERNAL_ERROR;
852 return 0;
853 }
854 }
855 else if (type == TLSEXT_TYPE_renegotiate)
856 {
857 if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
858 return 0;
859 renegotiate_seen = 1;
860 }
861 else if (type == TLSEXT_TYPE_status_request &&
862 s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
412 { 863 {
413 864
414 if (size < 5) 865 if (size < 5)
@@ -507,12 +958,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
507 else 958 else
508 s->tlsext_status_type = -1; 959 s->tlsext_status_type = -1;
509 } 960 }
961
510 /* session ticket processed earlier */ 962 /* session ticket processed earlier */
963 data+=size;
964 }
965
966 *p = data;
511 967
512 data+=size; 968 ri_check:
969
970 /* Need RI if renegotiating */
971
972 if (!renegotiate_seen && s->new_session &&
973 !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
974 {
975 *al = SSL_AD_HANDSHAKE_FAILURE;
976 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
977 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
978 return 0;
513 } 979 }
514 980
515 *p = data;
516 return 1; 981 return 1;
517 } 982 }
518 983
@@ -522,11 +987,11 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
522 unsigned short size; 987 unsigned short size;
523 unsigned short len; 988 unsigned short len;
524 unsigned char *data = *p; 989 unsigned char *data = *p;
525
526 int tlsext_servername = 0; 990 int tlsext_servername = 0;
991 int renegotiate_seen = 0;
527 992
528 if (data >= (d+n-2)) 993 if (data >= (d+n-2))
529 return 1; 994 goto ri_check;
530 995
531 n2s(data,len); 996 n2s(data,len);
532 997
@@ -536,7 +1001,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
536 n2s(data,size); 1001 n2s(data,size);
537 1002
538 if (data+size > (d+n)) 1003 if (data+size > (d+n))
539 return 1; 1004 goto ri_check;
540 1005
541 if (s->tlsext_debug_cb) 1006 if (s->tlsext_debug_cb)
542 s->tlsext_debug_cb(s, 1, type, data, size, 1007 s->tlsext_debug_cb(s, 1, type, data, size,
@@ -551,8 +1016,46 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
551 } 1016 }
552 tlsext_servername = 1; 1017 tlsext_servername = 1;
553 } 1018 }
1019
1020#ifndef OPENSSL_NO_EC
1021 else if (type == TLSEXT_TYPE_ec_point_formats &&
1022 s->version != DTLS1_VERSION)
1023 {
1024 unsigned char *sdata = data;
1025 int ecpointformatlist_length = *(sdata++);
1026
1027 if (ecpointformatlist_length != size - 1)
1028 {
1029 *al = TLS1_AD_DECODE_ERROR;
1030 return 0;
1031 }
1032 s->session->tlsext_ecpointformatlist_length = 0;
1033 if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
1034 if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
1035 {
1036 *al = TLS1_AD_INTERNAL_ERROR;
1037 return 0;
1038 }
1039 s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
1040 memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
1041#if 0
1042 fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
1043 sdata = s->session->tlsext_ecpointformatlist;
1044 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1045 fprintf(stderr,"%i ",*(sdata++));
1046 fprintf(stderr,"\n");
1047#endif
1048 }
1049#endif /* OPENSSL_NO_EC */
1050
554 else if (type == TLSEXT_TYPE_session_ticket) 1051 else if (type == TLSEXT_TYPE_session_ticket)
555 { 1052 {
1053 if (s->tls_session_ticket_ext_cb &&
1054 !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
1055 {
1056 *al = TLS1_AD_INTERNAL_ERROR;
1057 return 0;
1058 }
556 if ((SSL_get_options(s) & SSL_OP_NO_TICKET) 1059 if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
557 || (size > 0)) 1060 || (size > 0))
558 { 1061 {
@@ -561,7 +1064,40 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
561 } 1064 }
562 s->tlsext_ticket_expected = 1; 1065 s->tlsext_ticket_expected = 1;
563 } 1066 }
564 else if (type == TLSEXT_TYPE_status_request) 1067#ifdef TLSEXT_TYPE_opaque_prf_input
1068 else if (type == TLSEXT_TYPE_opaque_prf_input &&
1069 s->version != DTLS1_VERSION)
1070 {
1071 unsigned char *sdata = data;
1072
1073 if (size < 2)
1074 {
1075 *al = SSL_AD_DECODE_ERROR;
1076 return 0;
1077 }
1078 n2s(sdata, s->s3->server_opaque_prf_input_len);
1079 if (s->s3->server_opaque_prf_input_len != size - 2)
1080 {
1081 *al = SSL_AD_DECODE_ERROR;
1082 return 0;
1083 }
1084
1085 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1086 OPENSSL_free(s->s3->server_opaque_prf_input);
1087 if (s->s3->server_opaque_prf_input_len == 0)
1088 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1089 else
1090 s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
1091
1092 if (s->s3->server_opaque_prf_input == NULL)
1093 {
1094 *al = TLS1_AD_INTERNAL_ERROR;
1095 return 0;
1096 }
1097 }
1098#endif
1099 else if (type == TLSEXT_TYPE_status_request &&
1100 s->version != DTLS1_VERSION)
565 { 1101 {
566 /* MUST be empty and only sent if we've requested 1102 /* MUST be empty and only sent if we've requested
567 * a status request message. 1103 * a status request message.
@@ -574,7 +1110,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
574 /* Set flag to expect CertificateStatus message */ 1110 /* Set flag to expect CertificateStatus message */
575 s->tlsext_status_expected = 1; 1111 s->tlsext_status_expected = 1;
576 } 1112 }
577 1113 else if (type == TLSEXT_TYPE_renegotiate)
1114 {
1115 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1116 return 0;
1117 renegotiate_seen = 1;
1118 }
578 data+=size; 1119 data+=size;
579 } 1120 }
580 1121
@@ -606,6 +1147,148 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
606 } 1147 }
607 1148
608 *p = data; 1149 *p = data;
1150
1151 ri_check:
1152
1153 /* Determine if we need to see RI. Strictly speaking if we want to
1154 * avoid an attack we should *always* see RI even on initial server
1155 * hello because the client doesn't see any renegotiation during an
1156 * attack. However this would mean we could not connect to any server
1157 * which doesn't support RI so for the immediate future tolerate RI
1158 * absence on initial connect only.
1159 */
1160 if (!renegotiate_seen
1161 && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
1162 && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
1163 {
1164 *al = SSL_AD_HANDSHAKE_FAILURE;
1165 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
1166 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
1167 return 0;
1168 }
1169
1170 return 1;
1171 }
1172
1173
1174int ssl_prepare_clienthello_tlsext(SSL *s)
1175 {
1176#ifndef OPENSSL_NO_EC
1177 /* If we are client and using an elliptic curve cryptography cipher suite, send the point formats
1178 * and elliptic curves we support.
1179 */
1180 int using_ecc = 0;
1181 int i;
1182 unsigned char *j;
1183 unsigned long alg_k, alg_a;
1184 STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
1185
1186 for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
1187 {
1188 SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
1189
1190 alg_k = c->algorithm_mkey;
1191 alg_a = c->algorithm_auth;
1192 if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA)))
1193 {
1194 using_ecc = 1;
1195 break;
1196 }
1197 }
1198 using_ecc = using_ecc && (s->version == TLS1_VERSION);
1199 if (using_ecc)
1200 {
1201 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1202 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1203 {
1204 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1205 return -1;
1206 }
1207 s->tlsext_ecpointformatlist_length = 3;
1208 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1209 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1210 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1211
1212 /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1213 if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
1214 s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2;
1215 if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
1216 {
1217 s->tlsext_ellipticcurvelist_length = 0;
1218 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1219 return -1;
1220 }
1221 for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=
1222 sizeof(nid_list)/sizeof(nid_list[0]); i++)
1223 s2n(i,j);
1224 }
1225#endif /* OPENSSL_NO_EC */
1226
1227#ifdef TLSEXT_TYPE_opaque_prf_input
1228 {
1229 int r = 1;
1230
1231 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1232 {
1233 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1234 if (!r)
1235 return -1;
1236 }
1237
1238 if (s->tlsext_opaque_prf_input != NULL)
1239 {
1240 if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1241 OPENSSL_free(s->s3->client_opaque_prf_input);
1242
1243 if (s->tlsext_opaque_prf_input_len == 0)
1244 s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1245 else
1246 s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1247 if (s->s3->client_opaque_prf_input == NULL)
1248 {
1249 SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1250 return -1;
1251 }
1252 s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1253 }
1254
1255 if (r == 2)
1256 /* at callback's request, insist on receiving an appropriate server opaque PRF input */
1257 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1258 }
1259#endif
1260
1261 return 1;
1262 }
1263
1264int ssl_prepare_serverhello_tlsext(SSL *s)
1265 {
1266#ifndef OPENSSL_NO_EC
1267 /* If we are server and using an ECC cipher suite, send the point formats we support
1268 * if the client sent us an ECPointsFormat extension. Note that the server is not
1269 * supposed to send an EllipticCurves extension.
1270 */
1271
1272 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1273 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1274 int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
1275 using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1276
1277 if (using_ecc)
1278 {
1279 if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
1280 if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
1281 {
1282 SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
1283 return -1;
1284 }
1285 s->tlsext_ecpointformatlist_length = 3;
1286 s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
1287 s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1288 s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1289 }
1290#endif /* OPENSSL_NO_EC */
1291
609 return 1; 1292 return 1;
610 } 1293 }
611 1294
@@ -614,6 +1297,15 @@ int ssl_check_clienthello_tlsext(SSL *s)
614 int ret=SSL_TLSEXT_ERR_NOACK; 1297 int ret=SSL_TLSEXT_ERR_NOACK;
615 int al = SSL_AD_UNRECOGNIZED_NAME; 1298 int al = SSL_AD_UNRECOGNIZED_NAME;
616 1299
1300#ifndef OPENSSL_NO_EC
1301 /* The handling of the ECPointFormats extension is done elsewhere, namely in
1302 * ssl3_choose_cipher in s3_lib.c.
1303 */
1304 /* The handling of the EllipticCurves extension is done elsewhere, namely in
1305 * ssl3_choose_cipher in s3_lib.c.
1306 */
1307#endif
1308
617 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1309 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
618 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1310 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
619 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1311 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
@@ -623,7 +1315,7 @@ int ssl_check_clienthello_tlsext(SSL *s)
623 * Note: this must be called after servername callbacks in case 1315 * Note: this must be called after servername callbacks in case
624 * the certificate has changed. 1316 * the certificate has changed.
625 */ 1317 */
626 if ((s->tlsext_status_type != -1) && s->ctx->tlsext_status_cb) 1318 if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
627 { 1319 {
628 int r; 1320 int r;
629 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); 1321 r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
@@ -649,7 +1341,65 @@ int ssl_check_clienthello_tlsext(SSL *s)
649 } 1341 }
650 else 1342 else
651 s->tlsext_status_expected = 0; 1343 s->tlsext_status_expected = 0;
652 err: 1344
1345#ifdef TLSEXT_TYPE_opaque_prf_input
1346 {
1347 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
1348 * but we might be sending an alert in response to the client hello,
1349 * so this has to happen here in ssl_check_clienthello_tlsext(). */
1350
1351 int r = 1;
1352
1353 if (s->ctx->tlsext_opaque_prf_input_callback != 0)
1354 {
1355 r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
1356 if (!r)
1357 {
1358 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1359 al = SSL_AD_INTERNAL_ERROR;
1360 goto err;
1361 }
1362 }
1363
1364 if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1365 OPENSSL_free(s->s3->server_opaque_prf_input);
1366 s->s3->server_opaque_prf_input = NULL;
1367
1368 if (s->tlsext_opaque_prf_input != NULL)
1369 {
1370 if (s->s3->client_opaque_prf_input != NULL &&
1371 s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len)
1372 {
1373 /* can only use this extension if we have a server opaque PRF input
1374 * of the same length as the client opaque PRF input! */
1375
1376 if (s->tlsext_opaque_prf_input_len == 0)
1377 s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
1378 else
1379 s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
1380 if (s->s3->server_opaque_prf_input == NULL)
1381 {
1382 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1383 al = SSL_AD_INTERNAL_ERROR;
1384 goto err;
1385 }
1386 s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1387 }
1388 }
1389
1390 if (r == 2 && s->s3->server_opaque_prf_input == NULL)
1391 {
1392 /* The callback wants to enforce use of the extension,
1393 * but we can't do that with the client opaque PRF input;
1394 * abort the handshake.
1395 */
1396 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1397 al = SSL_AD_HANDSHAKE_FAILURE;
1398 }
1399 }
1400
1401#endif
1402 err:
653 switch (ret) 1403 switch (ret)
654 { 1404 {
655 case SSL_TLSEXT_ERR_ALERT_FATAL: 1405 case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -672,16 +1422,75 @@ int ssl_check_serverhello_tlsext(SSL *s)
672 int ret=SSL_TLSEXT_ERR_NOACK; 1422 int ret=SSL_TLSEXT_ERR_NOACK;
673 int al = SSL_AD_UNRECOGNIZED_NAME; 1423 int al = SSL_AD_UNRECOGNIZED_NAME;
674 1424
1425#ifndef OPENSSL_NO_EC
1426 /* If we are client and using an elliptic curve cryptography cipher suite, then server
1427 * must return a an EC point formats lists containing uncompressed.
1428 */
1429 unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
1430 unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
1431 if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
1432 ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
1433 {
1434 /* we are using an ECC cipher */
1435 size_t i;
1436 unsigned char *list;
1437 int found_uncompressed = 0;
1438 if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
1439 {
1440 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1441 return -1;
1442 }
1443 list = s->session->tlsext_ecpointformatlist;
1444 for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
1445 {
1446 if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed)
1447 {
1448 found_uncompressed = 1;
1449 break;
1450 }
1451 }
1452 if (!found_uncompressed)
1453 {
1454 SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
1455 return -1;
1456 }
1457 }
1458 ret = SSL_TLSEXT_ERR_OK;
1459#endif /* OPENSSL_NO_EC */
1460
675 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 1461 if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
676 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg); 1462 ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
677 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 1463 else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
678 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg); 1464 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
679 1465
1466#ifdef TLSEXT_TYPE_opaque_prf_input
1467 if (s->s3->server_opaque_prf_input_len > 0)
1468 {
1469 /* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
1470 * So first verify that we really have a value from the server too. */
1471
1472 if (s->s3->server_opaque_prf_input == NULL)
1473 {
1474 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1475 al = SSL_AD_HANDSHAKE_FAILURE;
1476 }
1477
1478 /* Anytime the server *has* sent an opaque PRF input, we need to check
1479 * that we have a client opaque PRF input of the same size. */
1480 if (s->s3->client_opaque_prf_input == NULL ||
1481 s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len)
1482 {
1483 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1484 al = SSL_AD_ILLEGAL_PARAMETER;
1485 }
1486 }
1487#endif
1488
680 /* If we've requested certificate status and we wont get one 1489 /* If we've requested certificate status and we wont get one
681 * tell the callback 1490 * tell the callback
682 */ 1491 */
683 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) 1492 if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
684 && s->ctx->tlsext_status_cb) 1493 && s->ctx && s->ctx->tlsext_status_cb)
685 { 1494 {
686 int r; 1495 int r;
687 /* Set resp to NULL, resplen to -1 so callback knows 1496 /* Set resp to NULL, resplen to -1 so callback knows
@@ -745,6 +1554,14 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
745 return 1; 1554 return 1;
746 if (p >= limit) 1555 if (p >= limit)
747 return -1; 1556 return -1;
1557 /* Skip past DTLS cookie */
1558 if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
1559 {
1560 i = *(p++);
1561 p+= i;
1562 if (p >= limit)
1563 return -1;
1564 }
748 /* Skip past cipher list */ 1565 /* Skip past cipher list */
749 n2s(p, i); 1566 n2s(p, i);
750 p+= i; 1567 p+= i;
@@ -768,6 +1585,11 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
768 return 1; 1585 return 1;
769 if (type == TLSEXT_TYPE_session_ticket) 1586 if (type == TLSEXT_TYPE_session_ticket)
770 { 1587 {
1588 /* If tickets disabled indicate cache miss which will
1589 * trigger a full handshake
1590 */
1591 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
1592 return 1;
771 /* If zero length note client will accept a ticket 1593 /* If zero length note client will accept a ticket
772 * and indicate cache miss to trigger full handshake 1594 * and indicate cache miss to trigger full handshake
773 */ 1595 */
@@ -776,6 +1598,15 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
776 s->tlsext_ticket_expected = 1; 1598 s->tlsext_ticket_expected = 1;
777 return 0; /* Cache miss */ 1599 return 0; /* Cache miss */
778 } 1600 }
1601 if (s->tls_session_secret_cb)
1602 {
1603 /* Indicate cache miss here and instead of
1604 * generating the session from ticket now,
1605 * trigger abbreviated handshake based on
1606 * external mechanism to calculate the master
1607 * secret later. */
1608 return 0;
1609 }
779 return tls_decrypt_ticket(s, p, size, session_id, len, 1610 return tls_decrypt_ticket(s, p, size, session_id, len,
780 ret); 1611 ret);
781 } 1612 }
@@ -795,16 +1626,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
795 unsigned char tick_hmac[EVP_MAX_MD_SIZE]; 1626 unsigned char tick_hmac[EVP_MAX_MD_SIZE];
796 HMAC_CTX hctx; 1627 HMAC_CTX hctx;
797 EVP_CIPHER_CTX ctx; 1628 EVP_CIPHER_CTX ctx;
1629 SSL_CTX *tctx = s->initial_ctx;
798 /* Need at least keyname + iv + some encrypted data */ 1630 /* Need at least keyname + iv + some encrypted data */
799 if (eticklen < 48) 1631 if (eticklen < 48)
800 goto tickerr; 1632 goto tickerr;
801 /* Initialize session ticket encryption and HMAC contexts */ 1633 /* Initialize session ticket encryption and HMAC contexts */
802 HMAC_CTX_init(&hctx); 1634 HMAC_CTX_init(&hctx);
803 EVP_CIPHER_CTX_init(&ctx); 1635 EVP_CIPHER_CTX_init(&ctx);
804 if (s->ctx->tlsext_ticket_key_cb) 1636 if (tctx->tlsext_ticket_key_cb)
805 { 1637 {
806 unsigned char *nctick = (unsigned char *)etick; 1638 unsigned char *nctick = (unsigned char *)etick;
807 int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, 1639 int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
808 &ctx, &hctx, 0); 1640 &ctx, &hctx, 0);
809 if (rv < 0) 1641 if (rv < 0)
810 return -1; 1642 return -1;
@@ -816,17 +1648,22 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
816 else 1648 else
817 { 1649 {
818 /* Check key name matches */ 1650 /* Check key name matches */
819 if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16)) 1651 if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
820 goto tickerr; 1652 goto tickerr;
821 HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16, 1653 HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
822 tlsext_tick_md(), NULL); 1654 tlsext_tick_md(), NULL);
823 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, 1655 EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
824 s->ctx->tlsext_tick_aes_key, etick + 16); 1656 tctx->tlsext_tick_aes_key, etick + 16);
825 } 1657 }
826 /* Attempt to process session ticket, first conduct sanity and 1658 /* Attempt to process session ticket, first conduct sanity and
827 * integrity checks on ticket. 1659 * integrity checks on ticket.
828 */ 1660 */
829 mlen = HMAC_size(&hctx); 1661 mlen = HMAC_size(&hctx);
1662 if (mlen < 0)
1663 {
1664 EVP_CIPHER_CTX_cleanup(&ctx);
1665 return -1;
1666 }
830 eticklen -= mlen; 1667 eticklen -= mlen;
831 /* Check HMAC of encrypted ticket */ 1668 /* Check HMAC of encrypted ticket */
832 HMAC_Update(&hctx, etick, eticklen); 1669 HMAC_Update(&hctx, etick, eticklen);
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c
index f5d8df634e..6ce7c0bbf5 100644
--- a/src/lib/libssl/t1_meth.c
+++ b/src/lib/libssl/t1_meth.c
@@ -60,8 +60,8 @@
60#include <openssl/objects.h> 60#include <openssl/objects.h>
61#include "ssl_locl.h" 61#include "ssl_locl.h"
62 62
63static SSL_METHOD *tls1_get_method(int ver); 63static const SSL_METHOD *tls1_get_method(int ver);
64static SSL_METHOD *tls1_get_method(int ver) 64static const SSL_METHOD *tls1_get_method(int ver)
65 { 65 {
66 if (ver == TLS1_VERSION) 66 if (ver == TLS1_VERSION)
67 return(TLSv1_method()); 67 return(TLSv1_method());
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
new file mode 100644
index 0000000000..9c2cc3c712
--- /dev/null
+++ b/src/lib/libssl/t1_reneg.c
@@ -0,0 +1,292 @@
1/* ssl/t1_reneg.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111#include <stdio.h>
112#include <openssl/objects.h>
113#include "ssl_locl.h"
114
115/* Add the client's renegotiation binding */
116int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
117 int maxlen)
118 {
119 if(p)
120 {
121 if((s->s3->previous_client_finished_len+1) > maxlen)
122 {
123 SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
124 return 0;
125 }
126
127 /* Length byte */
128 *p = s->s3->previous_client_finished_len;
129 p++;
130
131 memcpy(p, s->s3->previous_client_finished,
132 s->s3->previous_client_finished_len);
133#ifdef OPENSSL_RI_DEBUG
134 fprintf(stderr, "%s RI extension sent by client\n",
135 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
136#endif
137 }
138
139 *len=s->s3->previous_client_finished_len + 1;
140
141
142 return 1;
143 }
144
145/* Parse the client's renegotiation binding and abort if it's not
146 right */
147int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
148 int *al)
149 {
150 int ilen;
151
152 /* Parse the length byte */
153 if(len < 1)
154 {
155 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
156 *al=SSL_AD_ILLEGAL_PARAMETER;
157 return 0;
158 }
159 ilen = *d;
160 d++;
161
162 /* Consistency check */
163 if((ilen+1) != len)
164 {
165 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
166 *al=SSL_AD_ILLEGAL_PARAMETER;
167 return 0;
168 }
169
170 /* Check that the extension matches */
171 if(ilen != s->s3->previous_client_finished_len)
172 {
173 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
174 *al=SSL_AD_HANDSHAKE_FAILURE;
175 return 0;
176 }
177
178 if(memcmp(d, s->s3->previous_client_finished,
179 s->s3->previous_client_finished_len))
180 {
181 SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
182 *al=SSL_AD_HANDSHAKE_FAILURE;
183 return 0;
184 }
185#ifdef OPENSSL_RI_DEBUG
186 fprintf(stderr, "%s RI extension received by server\n",
187 ilen ? "Non-empty" : "Empty");
188#endif
189
190 s->s3->send_connection_binding=1;
191
192 return 1;
193 }
194
195/* Add the server's renegotiation binding */
196int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
197 int maxlen)
198 {
199 if(p)
200 {
201 if((s->s3->previous_client_finished_len +
202 s->s3->previous_server_finished_len + 1) > maxlen)
203 {
204 SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
205 return 0;
206 }
207
208 /* Length byte */
209 *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
210 p++;
211
212 memcpy(p, s->s3->previous_client_finished,
213 s->s3->previous_client_finished_len);
214 p += s->s3->previous_client_finished_len;
215
216 memcpy(p, s->s3->previous_server_finished,
217 s->s3->previous_server_finished_len);
218#ifdef OPENSSL_RI_DEBUG
219 fprintf(stderr, "%s RI extension sent by server\n",
220 s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
221#endif
222 }
223
224 *len=s->s3->previous_client_finished_len
225 + s->s3->previous_server_finished_len + 1;
226
227 return 1;
228 }
229
230/* Parse the server's renegotiation binding and abort if it's not
231 right */
232int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
233 int *al)
234 {
235 int expected_len=s->s3->previous_client_finished_len
236 + s->s3->previous_server_finished_len;
237 int ilen;
238
239 /* Check for logic errors */
240 OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
241 OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
242
243 /* Parse the length byte */
244 if(len < 1)
245 {
246 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
247 *al=SSL_AD_ILLEGAL_PARAMETER;
248 return 0;
249 }
250 ilen = *d;
251 d++;
252
253 /* Consistency check */
254 if(ilen+1 != len)
255 {
256 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
257 *al=SSL_AD_ILLEGAL_PARAMETER;
258 return 0;
259 }
260
261 /* Check that the extension matches */
262 if(ilen != expected_len)
263 {
264 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
265 *al=SSL_AD_HANDSHAKE_FAILURE;
266 return 0;
267 }
268
269 if(memcmp(d, s->s3->previous_client_finished,
270 s->s3->previous_client_finished_len))
271 {
272 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
273 *al=SSL_AD_HANDSHAKE_FAILURE;
274 return 0;
275 }
276 d += s->s3->previous_client_finished_len;
277
278 if(memcmp(d, s->s3->previous_server_finished,
279 s->s3->previous_server_finished_len))
280 {
281 SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
282 *al=SSL_AD_ILLEGAL_PARAMETER;
283 return 0;
284 }
285#ifdef OPENSSL_RI_DEBUG
286 fprintf(stderr, "%s RI extension received by client\n",
287 ilen ? "Non-empty" : "Empty");
288#endif
289 s->s3->send_connection_binding=1;
290
291 return 1;
292 }
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c
index b75636abba..42525e9e89 100644
--- a/src/lib/libssl/t1_srvr.c
+++ b/src/lib/libssl/t1_srvr.c
@@ -64,8 +64,8 @@
64#include <openssl/evp.h> 64#include <openssl/evp.h>
65#include <openssl/x509.h> 65#include <openssl/x509.h>
66 66
67static SSL_METHOD *tls1_get_server_method(int ver); 67static const SSL_METHOD *tls1_get_server_method(int ver);
68static SSL_METHOD *tls1_get_server_method(int ver) 68static const SSL_METHOD *tls1_get_server_method(int ver)
69 { 69 {
70 if (ver == TLS1_VERSION) 70 if (ver == TLS1_VERSION)
71 return(TLSv1_server_method()); 71 return(TLSv1_server_method());
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
index 546e660626..20f8f05e3d 100644
--- a/src/lib/libssl/test/CAss.cnf
+++ b/src/lib/libssl/test/CAss.cnf
@@ -7,7 +7,7 @@ RANDFILE = ./.rnd
7 7
8#################################################################### 8####################################################################
9[ req ] 9[ req ]
10default_bits = 1024 10default_bits = 512
11default_keyfile = keySS.pem 11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name 12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no 13encrypt_rsa_key = no
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
new file mode 100644
index 0000000000..f5a275bfc2
--- /dev/null
+++ b/src/lib/libssl/test/CAtsa.cnf
@@ -0,0 +1,163 @@
1
2#
3# This config is used by the Time Stamp Authority tests.
4#
5
6RANDFILE = ./.rnd
7
8# Extra OBJECT IDENTIFIER info:
9oid_section = new_oids
10
11TSDNSECT = ts_cert_dn
12INDEX = 1
13
14[ new_oids ]
15
16# Policies used by the TSA tests.
17tsa_policy1 = 1.2.3.4.1
18tsa_policy2 = 1.2.3.4.5.6
19tsa_policy3 = 1.2.3.4.5.7
20
21#----------------------------------------------------------------------
22[ ca ]
23default_ca = CA_default # The default ca section
24
25[ CA_default ]
26
27dir = ./demoCA
28certs = $dir/certs # Where the issued certs are kept
29database = $dir/index.txt # database index file.
30new_certs_dir = $dir/newcerts # default place for new certs.
31
32certificate = $dir/cacert.pem # The CA certificate
33serial = $dir/serial # The current serial number
34private_key = $dir/private/cakey.pem# The private key
35RANDFILE = $dir/private/.rand # private random number file
36
37default_days = 365 # how long to certify for
38default_md = sha1 # which md to use.
39preserve = no # keep passed DN ordering
40
41policy = policy_match
42
43# For the CA policy
44[ policy_match ]
45countryName = supplied
46stateOrProvinceName = supplied
47organizationName = supplied
48organizationalUnitName = optional
49commonName = supplied
50emailAddress = optional
51
52#----------------------------------------------------------------------
53[ req ]
54default_bits = 1024
55default_md = sha1
56distinguished_name = $ENV::TSDNSECT
57encrypt_rsa_key = no
58prompt = no
59# attributes = req_attributes
60x509_extensions = v3_ca # The extentions to add to the self signed cert
61
62string_mask = nombstr
63
64[ ts_ca_dn ]
65countryName = HU
66stateOrProvinceName = Budapest
67localityName = Budapest
68organizationName = Gov-CA Ltd.
69commonName = ca1
70
71[ ts_cert_dn ]
72countryName = HU
73stateOrProvinceName = Budapest
74localityName = Buda
75organizationName = Hun-TSA Ltd.
76commonName = tsa$ENV::INDEX
77
78[ tsa_cert ]
79
80# TSA server cert is not a CA cert.
81basicConstraints=CA:FALSE
82
83# The following key usage flags are needed for TSA server certificates.
84keyUsage = nonRepudiation, digitalSignature
85extendedKeyUsage = critical,timeStamping
86
87# PKIX recommendations harmless if included in all certificates.
88subjectKeyIdentifier=hash
89authorityKeyIdentifier=keyid,issuer:always
90
91[ non_tsa_cert ]
92
93# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
94basicConstraints=CA:FALSE
95
96# The following key usage flags are needed for TSA server certificates.
97keyUsage = nonRepudiation, digitalSignature
98# timeStamping is not supported by this certificate
99# extendedKeyUsage = critical,timeStamping
100
101# PKIX recommendations harmless if included in all certificates.
102subjectKeyIdentifier=hash
103authorityKeyIdentifier=keyid,issuer:always
104
105[ v3_req ]
106
107# Extensions to add to a certificate request
108basicConstraints = CA:FALSE
109keyUsage = nonRepudiation, digitalSignature
110
111[ v3_ca ]
112
113# Extensions for a typical CA
114
115subjectKeyIdentifier=hash
116authorityKeyIdentifier=keyid:always,issuer:always
117basicConstraints = critical,CA:true
118keyUsage = cRLSign, keyCertSign
119
120#----------------------------------------------------------------------
121[ tsa ]
122
123default_tsa = tsa_config1 # the default TSA section
124
125[ tsa_config1 ]
126
127# These are used by the TSA reply generation only.
128dir = . # TSA root directory
129serial = $dir/tsa_serial # The current serial number (mandatory)
130signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
131 # (optional)
132certs = $dir/tsaca.pem # Certificate chain to include in reply
133 # (optional)
134signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
135
136default_policy = tsa_policy1 # Policy if request did not specify it
137 # (optional)
138other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
139digests = md5, sha1 # Acceptable message digests (mandatory)
140accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
141ordering = yes # Is ordering defined for timestamps?
142 # (optional, default: no)
143tsa_name = yes # Must the TSA name be included in the reply?
144 # (optional, default: no)
145ess_cert_id_chain = yes # Must the ESS cert id chain be included?
146 # (optional, default: no)
147
148[ tsa_config2 ]
149
150# This configuration uses a certificate which doesn't have timeStamping usage.
151# These are used by the TSA reply generation only.
152dir = . # TSA root directory
153serial = $dir/tsa_serial # The current serial number (mandatory)
154signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
155 # (optional)
156certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
157 # (optional)
158signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
159
160default_policy = tsa_policy1 # Policy if request did not specify it
161 # (optional)
162other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
163digests = md5, sha1 # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
index 98b2e054b7..0c0ebb5f67 100644
--- a/src/lib/libssl/test/Uss.cnf
+++ b/src/lib/libssl/test/Uss.cnf
@@ -7,7 +7,7 @@ RANDFILE = ./.rnd
7 7
8#################################################################### 8####################################################################
9[ req ] 9[ req ]
10default_bits = 1024 10default_bits = 512
11default_keyfile = keySS.pem 11default_keyfile = keySS.pem
12distinguished_name = req_distinguished_name 12distinguished_name = req_distinguished_name
13encrypt_rsa_key = no 13encrypt_rsa_key = no
diff --git a/src/lib/libssl/test/asn1test.c b/src/lib/libssl/test/asn1test.c
new file mode 100755
index 0000000000..9f53d80344
--- /dev/null
+++ b/src/lib/libssl/test/asn1test.c
@@ -0,0 +1,22 @@
1#include <openssl/x509.h>
2#include <openssl/asn1_mac.h>
3
4typedef struct X
5 {
6 STACK_OF(X509_EXTENSION) *ext;
7 } X;
8
9/* This isn't meant to run particularly, it's just to test type checking */
10int main(int argc, char **argv)
11 {
12 X *x = NULL;
13 unsigned char **pp = NULL;
14
15 M_ASN1_I2D_vars(x);
16 M_ASN1_I2D_len_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
17 i2d_X509_EXTENSION);
18 M_ASN1_I2D_seq_total();
19 M_ASN1_I2D_put_SEQUENCE_opt_type(X509_EXTENSION, x->ext,
20 i2d_X509_EXTENSION);
21 M_ASN1_I2D_finish();
22 }
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
index a84e089ddc..9c50dff3e9 100644
--- a/src/lib/libssl/test/cms-test.pl
+++ b/src/lib/libssl/test/cms-test.pl
@@ -54,8 +54,12 @@
54# OpenSSL PKCS#7 and CMS implementations. 54# OpenSSL PKCS#7 and CMS implementations.
55 55
56my $ossl_path; 56my $ossl_path;
57 57my $redir = " 2>cms.err 1>cms.out";
58if ( -f "../apps/openssl" ) { 58# Make MSYS work
59if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
60 $ossl_path = "cmd /c ..\\apps\\openssl";
61}
62elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
59 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; 63 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
60} 64}
61elsif ( -f "..\\out32dll\\openssl.exe" ) { 65elsif ( -f "..\\out32dll\\openssl.exe" ) {
@@ -232,7 +236,7 @@ my @smime_cms_tests = (
232 [ 236 [
233 "signed content MIME format, RSA key, signed receipt request", 237 "signed content MIME format, RSA key, signed receipt request",
234 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" 238 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
235 . " -receipt_request_to test@openssl.org -receipt_request_all" 239 . " -receipt_request_to test\@openssl.org -receipt_request_all"
236 . " -out test.cms", 240 . " -out test.cms",
237 "-verify -in test.cms " 241 "-verify -in test.cms "
238 . " -CAfile $smdir/smroot.pem -out smtst.txt" 242 . " -CAfile $smdir/smroot.pem -out smtst.txt"
@@ -333,10 +337,6 @@ my @smime_cms_comp_tests = (
333 337
334); 338);
335 339
336print "PKCS#7 <=> PKCS#7 consistency tests\n";
337
338run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd );
339
340print "CMS => PKCS#7 compatibility tests\n"; 340print "CMS => PKCS#7 compatibility tests\n";
341 341
342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); 342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
@@ -386,14 +386,14 @@ sub run_smime_tests {
386 $rscmd =~ s/-stream//; 386 $rscmd =~ s/-stream//;
387 $rvcmd =~ s/-stream//; 387 $rvcmd =~ s/-stream//;
388 } 388 }
389 system("$scmd$rscmd 2>cms.err 1>cms.out"); 389 system("$scmd$rscmd$redir");
390 if ($?) { 390 if ($?) {
391 print "$tnam: generation error\n"; 391 print "$tnam: generation error\n";
392 $$rv++; 392 $$rv++;
393 exit 1 if $halt_err; 393 exit 1 if $halt_err;
394 next; 394 next;
395 } 395 }
396 system("$vcmd$rvcmd 2>cms.err 1>cms.out"); 396 system("$vcmd$rvcmd$redir");
397 if ($?) { 397 if ($?) {
398 print "$tnam: verify error\n"; 398 print "$tnam: verify error\n";
399 $$rv++; 399 $$rv++;
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
new file mode 100644
index 0000000000..69dffa16f9
--- /dev/null
+++ b/src/lib/libssl/test/pkits-test.pl
@@ -0,0 +1,940 @@
1# test/pkits-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# Perl utility to run PKITS tests for RFC3280 compliance.
54
55my $ossl_path;
56
57if ( -f "../apps/openssl" ) {
58 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
59}
60elsif ( -f "..\\out32dll\\openssl.exe" ) {
61 $ossl_path = "..\\out32dll\\openssl.exe";
62}
63elsif ( -f "..\\out32\\openssl.exe" ) {
64 $ossl_path = "..\\out32\\openssl.exe";
65}
66else {
67 die "Can't find OpenSSL executable";
68}
69
70my $pkitsdir = "pkits/smime";
71my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
72
73die "Can't find PKITS test data" if !-d $pkitsdir;
74
75my $nist1 = "2.16.840.1.101.3.2.1.48.1";
76my $nist2 = "2.16.840.1.101.3.2.1.48.2";
77my $nist3 = "2.16.840.1.101.3.2.1.48.3";
78my $nist4 = "2.16.840.1.101.3.2.1.48.4";
79my $nist5 = "2.16.840.1.101.3.2.1.48.5";
80my $nist6 = "2.16.840.1.101.3.2.1.48.6";
81
82my $apolicy = "X509v3 Any Policy";
83
84# This table contains the chapter headings of the accompanying PKITS
85# document. They provide useful informational output and their names
86# can be converted into the filename to test.
87
88my @testlists = (
89 [ "4.1", "Signature Verification" ],
90 [ "4.1.1", "Valid Signatures Test1", 0 ],
91 [ "4.1.2", "Invalid CA Signature Test2", 7 ],
92 [ "4.1.3", "Invalid EE Signature Test3", 7 ],
93 [ "4.1.4", "Valid DSA Signatures Test4", 0 ],
94 [ "4.1.5", "Valid DSA Parameter Inheritance Test5", 0 ],
95 [ "4.1.6", "Invalid DSA Signature Test6", 7 ],
96 [ "4.2", "Validity Periods" ],
97 [ "4.2.1", "Invalid CA notBefore Date Test1", 9 ],
98 [ "4.2.2", "Invalid EE notBefore Date Test2", 9 ],
99 [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3", 0 ],
100 [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4", 0 ],
101 [ "4.2.5", "Invalid CA notAfter Date Test5", 10 ],
102 [ "4.2.6", "Invalid EE notAfter Date Test6", 10 ],
103 [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7", 10 ],
104 [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8", 0 ],
105 [ "4.3", "Verifying Name Chaining" ],
106 [ "4.3.1", "Invalid Name Chaining EE Test1", 20 ],
107 [ "4.3.2", "Invalid Name Chaining Order Test2", 20 ],
108 [ "4.3.3", "Valid Name Chaining Whitespace Test3", 0 ],
109 [ "4.3.4", "Valid Name Chaining Whitespace Test4", 0 ],
110 [ "4.3.5", "Valid Name Chaining Capitalization Test5", 0 ],
111 [ "4.3.6", "Valid Name Chaining UIDs Test6", 0 ],
112 [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
113 [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8", 0 ],
114 [ "4.3.9", "Valid UTF8String Encoded Names Test9", 0 ],
115 [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
116 [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11", 0 ],
117 [ "4.4", "Basic Certificate Revocation Tests" ],
118 [ "4.4.1", "Missing CRL Test1", 3 ],
119 [ "4.4.2", "Invalid Revoked CA Test2", 23 ],
120 [ "4.4.3", "Invalid Revoked EE Test3", 23 ],
121 [ "4.4.4", "Invalid Bad CRL Signature Test4", 8 ],
122 [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
123 [ "4.4.6", "Invalid Wrong CRL Test6", 3 ],
124 [ "4.4.7", "Valid Two CRLs Test7", 0 ],
125
126 # The test document suggests these should return certificate revoked...
127 # Subsquent discussion has concluded they should not due to unhandle
128 # critical CRL extensions.
129 [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
130 [ "4.4.9", "Invalid Unknown CRL Extension Test9", 36 ],
131
132 [ "4.4.10", "Invalid Unknown CRL Extension Test10", 36 ],
133 [ "4.4.11", "Invalid Old CRL nextUpdate Test11", 12 ],
134 [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12", 12 ],
135 [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13", 0 ],
136 [ "4.4.14", "Valid Negative Serial Number Test14", 0 ],
137 [ "4.4.15", "Invalid Negative Serial Number Test15", 23 ],
138 [ "4.4.16", "Valid Long Serial Number Test16", 0 ],
139 [ "4.4.17", "Valid Long Serial Number Test17", 0 ],
140 [ "4.4.18", "Invalid Long Serial Number Test18", 23 ],
141 [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19", 0 ],
142 [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
143
144 # CRL path is revoked so get a CRL path validation error
145 [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21", 54 ],
146 [ "4.5", "Verifying Paths with Self-Issued Certificates" ],
147 [ "4.5.1", "Valid Basic Self-Issued Old With New Test1", 0 ],
148 [ "4.5.2", "Invalid Basic Self-Issued Old With New Test2", 23 ],
149 [ "4.5.3", "Valid Basic Self-Issued New With Old Test3", 0 ],
150 [ "4.5.4", "Valid Basic Self-Issued New With Old Test4", 0 ],
151 [ "4.5.5", "Invalid Basic Self-Issued New With Old Test5", 23 ],
152 [ "4.5.6", "Valid Basic Self-Issued CRL Signing Key Test6", 0 ],
153 [ "4.5.7", "Invalid Basic Self-Issued CRL Signing Key Test7", 23 ],
154 [ "4.5.8", "Invalid Basic Self-Issued CRL Signing Key Test8", 20 ],
155 [ "4.6", "Verifying Basic Constraints" ],
156 [ "4.6.1", "Invalid Missing basicConstraints Test1", 24 ],
157 [ "4.6.2", "Invalid cA False Test2", 24 ],
158 [ "4.6.3", "Invalid cA False Test3", 24 ],
159 [ "4.6.4", "Valid basicConstraints Not Critical Test4", 0 ],
160 [ "4.6.5", "Invalid pathLenConstraint Test5", 25 ],
161 [ "4.6.6", "Invalid pathLenConstraint Test6", 25 ],
162 [ "4.6.7", "Valid pathLenConstraint Test7", 0 ],
163 [ "4.6.8", "Valid pathLenConstraint Test8", 0 ],
164 [ "4.6.9", "Invalid pathLenConstraint Test9", 25 ],
165 [ "4.6.10", "Invalid pathLenConstraint Test10", 25 ],
166 [ "4.6.11", "Invalid pathLenConstraint Test11", 25 ],
167 [ "4.6.12", "Invalid pathLenConstraint Test12", 25 ],
168 [ "4.6.13", "Valid pathLenConstraint Test13", 0 ],
169 [ "4.6.14", "Valid pathLenConstraint Test14", 0 ],
170 [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15", 0 ],
171 [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16", 25 ],
172 [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17", 0 ],
173 [ "4.7", "Key Usage" ],
174 [ "4.7.1", "Invalid keyUsage Critical keyCertSign False Test1", 20 ],
175 [ "4.7.2", "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
176 [ "4.7.3", "Valid keyUsage Not Critical Test3", 0 ],
177 [ "4.7.4", "Invalid keyUsage Critical cRLSign False Test4", 35 ],
178 [ "4.7.5", "Invalid keyUsage Not Critical cRLSign False Test5", 35 ],
179
180 # Certificate policy tests need special handling. They can have several
181 # sub tests and we need to check the outputs are correct.
182
183 [ "4.8", "Certificate Policies" ],
184 [
185 "4.8.1.1",
186 "All Certificates Same Policy Test1",
187 "-policy anyPolicy -explicit_policy",
188 "True", $nist1, $nist1, 0
189 ],
190 [
191 "4.8.1.2",
192 "All Certificates Same Policy Test1",
193 "-policy $nist1 -explicit_policy",
194 "True", $nist1, $nist1, 0
195 ],
196 [
197 "4.8.1.3",
198 "All Certificates Same Policy Test1",
199 "-policy $nist2 -explicit_policy",
200 "True", $nist1, "<empty>", 43
201 ],
202 [
203 "4.8.1.4",
204 "All Certificates Same Policy Test1",
205 "-policy $nist1 -policy $nist2 -explicit_policy",
206 "True", $nist1, $nist1, 0
207 ],
208 [
209 "4.8.2.1",
210 "All Certificates No Policies Test2",
211 "-policy anyPolicy",
212 "False", "<empty>", "<empty>", 0
213 ],
214 [
215 "4.8.2.2",
216 "All Certificates No Policies Test2",
217 "-policy anyPolicy -explicit_policy",
218 "True", "<empty>", "<empty>", 43
219 ],
220 [
221 "4.8.3.1",
222 "Different Policies Test3",
223 "-policy anyPolicy",
224 "False", "<empty>", "<empty>", 0
225 ],
226 [
227 "4.8.3.2",
228 "Different Policies Test3",
229 "-policy anyPolicy -explicit_policy",
230 "True", "<empty>", "<empty>", 43
231 ],
232 [
233 "4.8.3.3",
234 "Different Policies Test3",
235 "-policy $nist1 -policy $nist2 -explicit_policy",
236 "True", "<empty>", "<empty>", 43
237 ],
238
239 [
240 "4.8.4",
241 "Different Policies Test4",
242 "-policy anyPolicy",
243 "True", "<empty>", "<empty>", 43
244 ],
245 [
246 "4.8.5",
247 "Different Policies Test5",
248 "-policy anyPolicy",
249 "True", "<empty>", "<empty>", 43
250 ],
251 [
252 "4.8.6.1",
253 "Overlapping Policies Test6",
254 "-policy anyPolicy",
255 "True", $nist1, $nist1, 0
256 ],
257 [
258 "4.8.6.2",
259 "Overlapping Policies Test6",
260 "-policy $nist1",
261 "True", $nist1, $nist1, 0
262 ],
263 [
264 "4.8.6.3",
265 "Overlapping Policies Test6",
266 "-policy $nist2",
267 "True", $nist1, "<empty>", 43
268 ],
269 [
270 "4.8.7",
271 "Different Policies Test7",
272 "-policy anyPolicy",
273 "True", "<empty>", "<empty>", 43
274 ],
275 [
276 "4.8.8",
277 "Different Policies Test8",
278 "-policy anyPolicy",
279 "True", "<empty>", "<empty>", 43
280 ],
281 [
282 "4.8.9",
283 "Different Policies Test9",
284 "-policy anyPolicy",
285 "True", "<empty>", "<empty>", 43
286 ],
287 [
288 "4.8.10.1",
289 "All Certificates Same Policies Test10",
290 "-policy $nist1",
291 "True", "$nist1:$nist2", "$nist1", 0
292 ],
293 [
294 "4.8.10.2",
295 "All Certificates Same Policies Test10",
296 "-policy $nist2",
297 "True", "$nist1:$nist2", "$nist2", 0
298 ],
299 [
300 "4.8.10.3",
301 "All Certificates Same Policies Test10",
302 "-policy anyPolicy",
303 "True", "$nist1:$nist2", "$nist1:$nist2", 0
304 ],
305 [
306 "4.8.11.1",
307 "All Certificates AnyPolicy Test11",
308 "-policy anyPolicy",
309 "True", "$apolicy", "$apolicy", 0
310 ],
311 [
312 "4.8.11.2",
313 "All Certificates AnyPolicy Test11",
314 "-policy $nist1",
315 "True", "$apolicy", "$nist1", 0
316 ],
317 [
318 "4.8.12",
319 "Different Policies Test12",
320 "-policy anyPolicy",
321 "True", "<empty>", "<empty>", 43
322 ],
323 [
324 "4.8.13.1",
325 "All Certificates Same Policies Test13",
326 "-policy $nist1",
327 "True", "$nist1:$nist2:$nist3", "$nist1", 0
328 ],
329 [
330 "4.8.13.2",
331 "All Certificates Same Policies Test13",
332 "-policy $nist2",
333 "True", "$nist1:$nist2:$nist3", "$nist2", 0
334 ],
335 [
336 "4.8.13.3",
337 "All Certificates Same Policies Test13",
338 "-policy $nist3",
339 "True", "$nist1:$nist2:$nist3", "$nist3", 0
340 ],
341 [
342 "4.8.14.1", "AnyPolicy Test14",
343 "-policy $nist1", "True",
344 "$nist1", "$nist1",
345 0
346 ],
347 [
348 "4.8.14.2", "AnyPolicy Test14",
349 "-policy $nist2", "True",
350 "$nist1", "<empty>",
351 43
352 ],
353 [
354 "4.8.15",
355 "User Notice Qualifier Test15",
356 "-policy anyPolicy",
357 "False", "$nist1", "$nist1", 0
358 ],
359 [
360 "4.8.16",
361 "User Notice Qualifier Test16",
362 "-policy anyPolicy",
363 "False", "$nist1", "$nist1", 0
364 ],
365 [
366 "4.8.17",
367 "User Notice Qualifier Test17",
368 "-policy anyPolicy",
369 "False", "$nist1", "$nist1", 0
370 ],
371 [
372 "4.8.18.1",
373 "User Notice Qualifier Test18",
374 "-policy $nist1",
375 "True", "$nist1:$nist2", "$nist1", 0
376 ],
377 [
378 "4.8.18.2",
379 "User Notice Qualifier Test18",
380 "-policy $nist2",
381 "True", "$nist1:$nist2", "$nist2", 0
382 ],
383 [
384 "4.8.19",
385 "User Notice Qualifier Test19",
386 "-policy anyPolicy",
387 "False", "$nist1", "$nist1", 0
388 ],
389 [
390 "4.8.20",
391 "CPS Pointer Qualifier Test20",
392 "-policy anyPolicy -explicit_policy",
393 "True", "$nist1", "$nist1", 0
394 ],
395 [ "4.9", "Require Explicit Policy" ],
396 [
397 "4.9.1",
398 "Valid RequireExplicitPolicy Test1",
399 "-policy anyPolicy",
400 "False", "<empty>", "<empty>", 0
401 ],
402 [
403 "4.9.2",
404 "Valid RequireExplicitPolicy Test2",
405 "-policy anyPolicy",
406 "False", "<empty>", "<empty>", 0
407 ],
408 [
409 "4.9.3",
410 "Invalid RequireExplicitPolicy Test3",
411 "-policy anyPolicy",
412 "True", "<empty>", "<empty>", 43
413 ],
414 [
415 "4.9.4",
416 "Valid RequireExplicitPolicy Test4",
417 "-policy anyPolicy",
418 "True", "$nist1", "$nist1", 0
419 ],
420 [
421 "4.9.5",
422 "Invalid RequireExplicitPolicy Test5",
423 "-policy anyPolicy",
424 "True", "<empty>", "<empty>", 43
425 ],
426 [
427 "4.9.6",
428 "Valid Self-Issued requireExplicitPolicy Test6",
429 "-policy anyPolicy",
430 "False", "<empty>", "<empty>", 0
431 ],
432 [
433 "4.9.7",
434 "Invalid Self-Issued requireExplicitPolicy Test7",
435 "-policy anyPolicy",
436 "True", "<empty>", "<empty>", 43
437 ],
438 [
439 "4.9.8",
440 "Invalid Self-Issued requireExplicitPolicy Test8",
441 "-policy anyPolicy",
442 "True", "<empty>", "<empty>", 43
443 ],
444 [ "4.10", "Policy Mappings" ],
445 [
446 "4.10.1.1",
447 "Valid Policy Mapping Test1",
448 "-policy $nist1",
449 "True", "$nist1", "$nist1", 0
450 ],
451 [
452 "4.10.1.2",
453 "Valid Policy Mapping Test1",
454 "-policy $nist2",
455 "True", "$nist1", "<empty>", 43
456 ],
457 [
458 "4.10.1.3",
459 "Valid Policy Mapping Test1",
460 "-policy anyPolicy -inhibit_map",
461 "True", "<empty>", "<empty>", 43
462 ],
463 [
464 "4.10.2.1",
465 "Invalid Policy Mapping Test2",
466 "-policy anyPolicy",
467 "True", "<empty>", "<empty>", 43
468 ],
469 [
470 "4.10.2.2",
471 "Invalid Policy Mapping Test2",
472 "-policy anyPolicy -inhibit_map",
473 "True", "<empty>", "<empty>", 43
474 ],
475 [
476 "4.10.3.1",
477 "Valid Policy Mapping Test3",
478 "-policy $nist1",
479 "True", "$nist2", "<empty>", 43
480 ],
481 [
482 "4.10.3.2",
483 "Valid Policy Mapping Test3",
484 "-policy $nist2",
485 "True", "$nist2", "$nist2", 0
486 ],
487 [
488 "4.10.4",
489 "Invalid Policy Mapping Test4",
490 "-policy anyPolicy",
491 "True", "<empty>", "<empty>", 43
492 ],
493 [
494 "4.10.5.1",
495 "Valid Policy Mapping Test5",
496 "-policy $nist1",
497 "True", "$nist1", "$nist1", 0
498 ],
499 [
500 "4.10.5.2",
501 "Valid Policy Mapping Test5",
502 "-policy $nist6",
503 "True", "$nist1", "<empty>", 43
504 ],
505 [
506 "4.10.6.1",
507 "Valid Policy Mapping Test6",
508 "-policy $nist1",
509 "True", "$nist1", "$nist1", 0
510 ],
511 [
512 "4.10.6.2",
513 "Valid Policy Mapping Test6",
514 "-policy $nist6",
515 "True", "$nist1", "<empty>", 43
516 ],
517 [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
518 [ "4.10.8", "Invalid Mapping To anyPolicy Test8", 42 ],
519 [
520 "4.10.9",
521 "Valid Policy Mapping Test9",
522 "-policy anyPolicy",
523 "True", "$nist1", "$nist1", 0
524 ],
525 [
526 "4.10.10",
527 "Invalid Policy Mapping Test10",
528 "-policy anyPolicy",
529 "True", "<empty>", "<empty>", 43
530 ],
531 [
532 "4.10.11",
533 "Valid Policy Mapping Test11",
534 "-policy anyPolicy",
535 "True", "$nist1", "$nist1", 0
536 ],
537
538 # TODO: check notice display
539 [
540 "4.10.12.1",
541 "Valid Policy Mapping Test12",
542 "-policy $nist1",
543 "True", "$nist1:$nist2", "$nist1", 0
544 ],
545
546 # TODO: check notice display
547 [
548 "4.10.12.2",
549 "Valid Policy Mapping Test12",
550 "-policy $nist2",
551 "True", "$nist1:$nist2", "$nist2", 0
552 ],
553 [
554 "4.10.13",
555 "Valid Policy Mapping Test13",
556 "-policy anyPolicy",
557 "True", "$nist1", "$nist1", 0
558 ],
559
560 # TODO: check notice display
561 [
562 "4.10.14",
563 "Valid Policy Mapping Test14",
564 "-policy anyPolicy",
565 "True", "$nist1", "$nist1", 0
566 ],
567 [ "4.11", "Inhibit Policy Mapping" ],
568 [
569 "4.11.1",
570 "Invalid inhibitPolicyMapping Test1",
571 "-policy anyPolicy",
572 "True", "<empty>", "<empty>", 43
573 ],
574 [
575 "4.11.2",
576 "Valid inhibitPolicyMapping Test2",
577 "-policy anyPolicy",
578 "True", "$nist1", "$nist1", 0
579 ],
580 [
581 "4.11.3",
582 "Invalid inhibitPolicyMapping Test3",
583 "-policy anyPolicy",
584 "True", "<empty>", "<empty>", 43
585 ],
586 [
587 "4.11.4",
588 "Valid inhibitPolicyMapping Test4",
589 "-policy anyPolicy",
590 "True", "$nist2", "$nist2", 0
591 ],
592 [
593 "4.11.5",
594 "Invalid inhibitPolicyMapping Test5",
595 "-policy anyPolicy",
596 "True", "<empty>", "<empty>", 43
597 ],
598 [
599 "4.11.6",
600 "Invalid inhibitPolicyMapping Test6",
601 "-policy anyPolicy",
602 "True", "<empty>", "<empty>", 43
603 ],
604 [
605 "4.11.7",
606 "Valid Self-Issued inhibitPolicyMapping Test7",
607 "-policy anyPolicy",
608 "True", "$nist1", "$nist1", 0
609 ],
610 [
611 "4.11.8",
612 "Invalid Self-Issued inhibitPolicyMapping Test8",
613 "-policy anyPolicy",
614 "True", "<empty>", "<empty>", 43
615 ],
616 [
617 "4.11.9",
618 "Invalid Self-Issued inhibitPolicyMapping Test9",
619 "-policy anyPolicy",
620 "True", "<empty>", "<empty>", 43
621 ],
622 [
623 "4.11.10",
624 "Invalid Self-Issued inhibitPolicyMapping Test10",
625 "-policy anyPolicy",
626 "True", "<empty>", "<empty>", 43
627 ],
628 [
629 "4.11.11",
630 "Invalid Self-Issued inhibitPolicyMapping Test11",
631 "-policy anyPolicy",
632 "True", "<empty>", "<empty>", 43
633 ],
634 [ "4.12", "Inhibit Any Policy" ],
635 [
636 "4.12.1",
637 "Invalid inhibitAnyPolicy Test1",
638 "-policy anyPolicy",
639 "True", "<empty>", "<empty>", 43
640 ],
641 [
642 "4.12.2",
643 "Valid inhibitAnyPolicy Test2",
644 "-policy anyPolicy",
645 "True", "$nist1", "$nist1", 0
646 ],
647 [
648 "4.12.3.1",
649 "inhibitAnyPolicy Test3",
650 "-policy anyPolicy",
651 "True", "$nist1", "$nist1", 0
652 ],
653 [
654 "4.12.3.2",
655 "inhibitAnyPolicy Test3",
656 "-policy anyPolicy -inhibit_any",
657 "True", "<empty>", "<empty>", 43
658 ],
659 [
660 "4.12.4",
661 "Invalid inhibitAnyPolicy Test4",
662 "-policy anyPolicy",
663 "True", "<empty>", "<empty>", 43
664 ],
665 [
666 "4.12.5",
667 "Invalid inhibitAnyPolicy Test5",
668 "-policy anyPolicy",
669 "True", "<empty>", "<empty>", 43
670 ],
671 [
672 "4.12.6",
673 "Invalid inhibitAnyPolicy Test6",
674 "-policy anyPolicy",
675 "True", "<empty>", "<empty>", 43
676 ],
677 [ "4.12.7", "Valid Self-Issued inhibitAnyPolicy Test7", 0 ],
678 [ "4.12.8", "Invalid Self-Issued inhibitAnyPolicy Test8", 43 ],
679 [ "4.12.9", "Valid Self-Issued inhibitAnyPolicy Test9", 0 ],
680 [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10", 43 ],
681 [ "4.13", "Name Constraints" ],
682 [ "4.13.1", "Valid DN nameConstraints Test1", 0 ],
683 [ "4.13.2", "Invalid DN nameConstraints Test2", 47 ],
684 [ "4.13.3", "Invalid DN nameConstraints Test3", 47 ],
685 [ "4.13.4", "Valid DN nameConstraints Test4", 0 ],
686 [ "4.13.5", "Valid DN nameConstraints Test5", 0 ],
687 [ "4.13.6", "Valid DN nameConstraints Test6", 0 ],
688 [ "4.13.7", "Invalid DN nameConstraints Test7", 48 ],
689 [ "4.13.8", "Invalid DN nameConstraints Test8", 48 ],
690 [ "4.13.9", "Invalid DN nameConstraints Test9", 48 ],
691 [ "4.13.10", "Invalid DN nameConstraints Test10", 48 ],
692 [ "4.13.11", "Valid DN nameConstraints Test11", 0 ],
693 [ "4.13.12", "Invalid DN nameConstraints Test12", 47 ],
694 [ "4.13.13", "Invalid DN nameConstraints Test13", 47 ],
695 [ "4.13.14", "Valid DN nameConstraints Test14", 0 ],
696 [ "4.13.15", "Invalid DN nameConstraints Test15", 48 ],
697 [ "4.13.16", "Invalid DN nameConstraints Test16", 48 ],
698 [ "4.13.17", "Invalid DN nameConstraints Test17", 48 ],
699 [ "4.13.18", "Valid DN nameConstraints Test18", 0 ],
700 [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19", 0 ],
701 [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
702 [ "4.13.21", "Valid RFC822 nameConstraints Test21", 0 ],
703 [ "4.13.22", "Invalid RFC822 nameConstraints Test22", 47 ],
704 [ "4.13.23", "Valid RFC822 nameConstraints Test23", 0 ],
705 [ "4.13.24", "Invalid RFC822 nameConstraints Test24", 47 ],
706 [ "4.13.25", "Valid RFC822 nameConstraints Test25", 0 ],
707 [ "4.13.26", "Invalid RFC822 nameConstraints Test26", 48 ],
708 [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27", 0 ],
709 [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28", 47 ],
710 [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29", 47 ],
711 [ "4.13.30", "Valid DNS nameConstraints Test30", 0 ],
712 [ "4.13.31", "Invalid DNS nameConstraints Test31", 47 ],
713 [ "4.13.32", "Valid DNS nameConstraints Test32", 0 ],
714 [ "4.13.33", "Invalid DNS nameConstraints Test33", 48 ],
715 [ "4.13.34", "Valid URI nameConstraints Test34", 0 ],
716 [ "4.13.35", "Invalid URI nameConstraints Test35", 47 ],
717 [ "4.13.36", "Valid URI nameConstraints Test36", 0 ],
718 [ "4.13.37", "Invalid URI nameConstraints Test37", 48 ],
719 [ "4.13.38", "Invalid DNS nameConstraints Test38", 47 ],
720 [ "4.14", "Distribution Points" ],
721 [ "4.14.1", "Valid distributionPoint Test1", 0 ],
722 [ "4.14.2", "Invalid distributionPoint Test2", 23 ],
723 [ "4.14.3", "Invalid distributionPoint Test3", 44 ],
724 [ "4.14.4", "Valid distributionPoint Test4", 0 ],
725 [ "4.14.5", "Valid distributionPoint Test5", 0 ],
726 [ "4.14.6", "Invalid distributionPoint Test6", 23 ],
727 [ "4.14.7", "Valid distributionPoint Test7", 0 ],
728 [ "4.14.8", "Invalid distributionPoint Test8", 44 ],
729 [ "4.14.9", "Invalid distributionPoint Test9", 44 ],
730 [ "4.14.10", "Valid No issuingDistributionPoint Test10", 0 ],
731 [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11", 44 ],
732 [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12", 44 ],
733 [ "4.14.13", "Valid onlyContainsCACerts CRL Test13", 0 ],
734 [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14", 44 ],
735 [ "4.14.15", "Invalid onlySomeReasons Test15", 23 ],
736 [ "4.14.16", "Invalid onlySomeReasons Test16", 23 ],
737 [ "4.14.17", "Invalid onlySomeReasons Test17", 3 ],
738 [ "4.14.18", "Valid onlySomeReasons Test18", 0 ],
739 [ "4.14.19", "Valid onlySomeReasons Test19", 0 ],
740 [ "4.14.20", "Invalid onlySomeReasons Test20", 23 ],
741 [ "4.14.21", "Invalid onlySomeReasons Test21", 23 ],
742 [ "4.14.22", "Valid IDP with indirectCRL Test22", 0 ],
743 [ "4.14.23", "Invalid IDP with indirectCRL Test23", 23 ],
744 [ "4.14.24", "Valid IDP with indirectCRL Test24", 0 ],
745 [ "4.14.25", "Valid IDP with indirectCRL Test25", 0 ],
746 [ "4.14.26", "Invalid IDP with indirectCRL Test26", 44 ],
747 [ "4.14.27", "Invalid cRLIssuer Test27", 3 ],
748 [ "4.14.28", "Valid cRLIssuer Test28", 0 ],
749 [ "4.14.29", "Valid cRLIssuer Test29", 0 ],
750
751 # Although this test is valid it has a circular dependency. As a result
752 # an attempt is made to reursively checks a CRL path and rejected due to
753 # a CRL path validation error. PKITS notes suggest this test does not
754 # need to be run due to this issue.
755 [ "4.14.30", "Valid cRLIssuer Test30", 54 ],
756 [ "4.14.31", "Invalid cRLIssuer Test31", 23 ],
757 [ "4.14.32", "Invalid cRLIssuer Test32", 23 ],
758 [ "4.14.33", "Valid cRLIssuer Test33", 0 ],
759 [ "4.14.34", "Invalid cRLIssuer Test34", 23 ],
760 [ "4.14.35", "Invalid cRLIssuer Test35", 44 ],
761 [ "4.15", "Delta-CRLs" ],
762 [ "4.15.1", "Invalid deltaCRLIndicator No Base Test1", 3 ],
763 [ "4.15.2", "Valid delta-CRL Test2", 0 ],
764 [ "4.15.3", "Invalid delta-CRL Test3", 23 ],
765 [ "4.15.4", "Invalid delta-CRL Test4", 23 ],
766 [ "4.15.5", "Valid delta-CRL Test5", 0 ],
767 [ "4.15.6", "Invalid delta-CRL Test6", 23 ],
768 [ "4.15.7", "Valid delta-CRL Test7", 0 ],
769 [ "4.15.8", "Valid delta-CRL Test8", 0 ],
770 [ "4.15.9", "Invalid delta-CRL Test9", 23 ],
771 [ "4.15.10", "Invalid delta-CRL Test10", 12 ],
772 [ "4.16", "Private Certificate Extensions" ],
773 [ "4.16.1", "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
774 [ "4.16.2", "Invalid Unknown Critical Certificate Extension Test2", 34 ],
775);
776
777
778my $verbose = 1;
779
780my $numtest = 0;
781my $numfail = 0;
782
783my $ossl = "ossl/apps/openssl";
784
785my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
786$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
787$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
788
789system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
790
791die "Can't create trust anchor file" if $?;
792
793print "Running PKITS tests:\n" if $verbose;
794
795foreach (@testlists) {
796 my $argnum = @$_;
797 if ( $argnum == 2 ) {
798 my ( $tnum, $title ) = @$_;
799 print "$tnum $title\n" if $verbose;
800 }
801 elsif ( $argnum == 3 ) {
802 my ( $tnum, $title, $exp_ret ) = @$_;
803 my $filename = $title;
804 $exp_ret += 32 if $exp_ret;
805 $filename =~ tr/ -//d;
806 $filename = "Signed${filename}.eml";
807 if ( !-f "$pkitsdir/$filename" ) {
808 print "\"$filename\" not found\n";
809 }
810 else {
811 my $ret;
812 my $test_fail = 0;
813 my $errmsg = "";
814 my $cmd = $ossl_cmd;
815 $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
816 my $cmdout = `$cmd`;
817 $ret = $? >> 8;
818 if ( $? & 0xff ) {
819 $errmsg .= "Abnormal OpenSSL termination\n";
820 $test_fail = 1;
821 }
822 if ( $exp_ret != $ret ) {
823 $errmsg .= "Return code:$ret, ";
824 $errmsg .= "expected $exp_ret\n";
825 $test_fail = 1;
826 }
827 if ($test_fail) {
828 print "$tnum $title : Failed!\n";
829 print "Filename: $pkitsdir/$filename\n";
830 print $errmsg;
831 print "Command output:\n$cmdout\n";
832 $numfail++;
833 }
834 $numtest++;
835 }
836 }
837 elsif ( $argnum == 7 ) {
838 my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
839 = @$_;
840 my $filename = $title;
841 $exp_ret += 32 if $exp_ret;
842 $filename =~ tr/ -//d;
843 $filename = "Signed${filename}.eml";
844 if ( !-f "$pkitsdir/$filename" ) {
845 print "\"$filename\" not found\n";
846 }
847 else {
848 my $ret;
849 my $cmdout = "";
850 my $errmsg = "";
851 my $epol = "";
852 my $aset = "";
853 my $uset = "";
854 my $pol = -1;
855 my $test_fail = 0;
856 my $cmd = $ossl_cmd;
857 $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
858 @oparr = `$cmd`;
859 $ret = $? >> 8;
860
861 if ( $? & 0xff ) {
862 $errmsg .= "Abnormal OpenSSL termination\n";
863 $test_fail = 1;
864 }
865 foreach (@oparr) {
866 my $test_failed = 0;
867 $cmdout .= $_;
868 if (/^Require explicit Policy: (.*)$/) {
869 $epol = $1;
870 }
871 if (/^Authority Policies/) {
872 if (/empty/) {
873 $aset = "<empty>";
874 }
875 else {
876 $pol = 1;
877 }
878 }
879 $test_fail = 1 if (/leak/i);
880 if (/^User Policies/) {
881 if (/empty/) {
882 $uset = "<empty>";
883 }
884 else {
885 $pol = 2;
886 }
887 }
888 if (/\s+Policy: (.*)$/) {
889 if ( $pol == 1 ) {
890 $aset .= ":" if $aset ne "";
891 $aset .= $1;
892 }
893 elsif ( $pol == 2 ) {
894 $uset .= ":" if $uset ne "";
895 $uset .= $1;
896 }
897 }
898 }
899
900 if ( $epol ne $exp_epol ) {
901 $errmsg .= "Explicit policy:$epol, ";
902 $errmsg .= "expected $exp_epol\n";
903 $test_fail = 1;
904 }
905 if ( $aset ne $exp_aset ) {
906 $errmsg .= "Authority policy set :$aset, ";
907 $errmsg .= "expected $exp_aset\n";
908 $test_fail = 1;
909 }
910 if ( $uset ne $exp_uset ) {
911 $errmsg .= "User policy set :$uset, ";
912 $errmsg .= "expected $exp_uset\n";
913 $test_fail = 1;
914 }
915
916 if ( $exp_ret != $ret ) {
917 print "Return code:$ret, expected $exp_ret\n";
918 $test_fail = 1;
919 }
920
921 if ($test_fail) {
922 print "$tnum $title : Failed!\n";
923 print "Filename: $pkitsdir/$filename\n";
924 print "Command output:\n$cmdout\n";
925 $numfail++;
926 }
927 $numtest++;
928 }
929 }
930}
931
932if ($numfail) {
933 print "$numfail tests failed out of $numtest\n";
934}
935else {
936 print "All Tests Successful.\n";
937}
938
939unlink "pkitsta.pem";
940
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
new file mode 100755
index 0000000000..5c0f21043c
--- /dev/null
+++ b/src/lib/libssl/test/test_padlock
@@ -0,0 +1,64 @@
1#!/bin/sh
2
3PROG=$1
4
5if [ -x $PROG ]; then
6 if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
7 :
8 else
9 echo "$PROG is not OpenSSL executable"
10 exit 1
11 fi
12else
13 echo "$PROG is not executable"
14 exit 1;
15fi
16
17if $PROG engine padlock | grep -v no-ACE; then
18
19 HASH=`cat $PROG | $PROG dgst -hex`
20
21 ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
22 aes-128-cbc aes-192-cbc aes-256-cbc \
23 aes-128-cfb aes-192-cfb aes-256-cfb \
24 aes-128-ofb aes-192-ofb aes-256-ofb"
25
26 nerr=0
27
28 for alg in $ACE_ALGS; do
29 echo $alg
30 TEST=`( cat $PROG | \
31 $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
32 $PROG enc -d -k "$HASH" -$alg | \
33 $PROG dgst -hex ) 2>/dev/null`
34 if [ "$TEST" != "$HASH" ]; then
35 echo "-$alg encrypt test failed"
36 nerr=`expr $nerr + 1`
37 fi
38 TEST=`( cat $PROG | \
39 $PROG enc -e -k "$HASH" -$alg | \
40 $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
41 $PROG dgst -hex ) 2>/dev/null`
42 if [ "$TEST" != "$HASH" ]; then
43 echo "-$alg decrypt test failed"
44 nerr=`expr $nerr + 1`
45 fi
46 TEST=`( cat $PROG | \
47 $PROG enc -e -k "$HASH" -$alg -engine padlock | \
48 $PROG enc -d -k "$HASH" -$alg -engine padlock | \
49 $PROG dgst -hex ) 2>/dev/null`
50 if [ "$TEST" != "$HASH" ]; then
51 echo "-$alg en/decrypt test failed"
52 nerr=`expr $nerr + 1`
53 fi
54 done
55
56 if [ $nerr -gt 0 ]; then
57 echo "PadLock ACE test failed."
58 exit 1;
59 fi
60else
61 echo "PadLock ACE is not available"
62fi
63
64exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
index 8ac90ae5ee..f9d7c5d65f 100644
--- a/src/lib/libssl/test/testssl
+++ b/src/lib/libssl/test/testssl
@@ -142,4 +142,10 @@ else
142 fi 142 fi
143fi 143fi
144 144
145echo test tls1 with PSK
146$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
147
148echo test tls1 with PSK via BIO pair
149$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
150
145exit 0 151exit 0
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
new file mode 100644
index 0000000000..bb653b5f73
--- /dev/null
+++ b/src/lib/libssl/test/testtsa
@@ -0,0 +1,238 @@
1#!/bin/sh
2
3#
4# A few very basic tests for the 'ts' time stamping authority command.
5#
6
7SH="/bin/sh"
8if test "$OSTYPE" = msdosdjgpp; then
9 PATH="../apps\;$PATH"
10else
11 PATH="../apps:$PATH"
12fi
13export SH PATH
14
15OPENSSL_CONF="../CAtsa.cnf"
16export OPENSSL_CONF
17# Because that's what ../apps/CA.sh really looks at
18SSLEAY_CONFIG="-config $OPENSSL_CONF"
19export SSLEAY_CONFIG
20
21OPENSSL="`pwd`/../util/opensslwrap.sh"
22export OPENSSL
23
24error () {
25
26 echo "TSA test failed!" >&2
27 exit 1
28}
29
30setup_dir () {
31
32 rm -rf tsa 2>/dev/null
33 mkdir tsa
34 cd ./tsa
35}
36
37clean_up_dir () {
38
39 cd ..
40 rm -rf tsa
41}
42
43create_ca () {
44
45 echo "Creating a new CA for the TSA tests..."
46 TSDNSECT=ts_ca_dn
47 export TSDNSECT
48 ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
49 -out tsaca.pem -keyout tsacakey.pem
50 test $? != 0 && error
51}
52
53create_tsa_cert () {
54
55 INDEX=$1
56 export INDEX
57 EXT=$2
58 TSDNSECT=ts_cert_dn
59 export TSDNSECT
60
61 ../../util/shlib_wrap.sh ../../apps/openssl req -new \
62 -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
63 test $? != 0 && error
64echo Using extension $EXT
65 ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
66 -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
67 -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
68 -extfile $OPENSSL_CONF -extensions $EXT
69 test $? != 0 && error
70}
71
72print_request () {
73
74 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
75}
76
77create_time_stamp_request1 () {
78
79 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
80 test $? != 0 && error
81}
82
83create_time_stamp_request2 () {
84
85 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
86 -out req2.tsq
87 test $? != 0 && error
88}
89
90create_time_stamp_request3 () {
91
92 ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
93 test $? != 0 && error
94}
95
96print_response () {
97
98 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
99 test $? != 0 && error
100}
101
102create_time_stamp_response () {
103
104 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
105 test $? != 0 && error
106}
107
108time_stamp_response_token_test () {
109
110 RESPONSE2=$2.copy.tsr
111 TOKEN_DER=$2.token.der
112 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
113 test $? != 0 && error
114 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
115 test $? != 0 && error
116 cmp $RESPONSE2 $2
117 test $? != 0 && error
118 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
119 test $? != 0 && error
120 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
121 test $? != 0 && error
122 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
123 test $? != 0 && error
124}
125
126verify_time_stamp_response () {
127
128 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
129 -untrusted tsa_cert1.pem
130 test $? != 0 && error
131 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
132 -untrusted tsa_cert1.pem
133 test $? != 0 && error
134}
135
136verify_time_stamp_token () {
137
138 # create the token from the response first
139 ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
140 test $? != 0 && error
141 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
142 -CAfile tsaca.pem -untrusted tsa_cert1.pem
143 test $? != 0 && error
144 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
145 -CAfile tsaca.pem -untrusted tsa_cert1.pem
146 test $? != 0 && error
147}
148
149verify_time_stamp_response_fail () {
150
151 ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
152 -untrusted tsa_cert1.pem
153 # Checks if the verification failed, as it should have.
154 test $? = 0 && error
155 echo Ok
156}
157
158# main functions
159
160echo "Setting up TSA test directory..."
161setup_dir
162
163echo "Creating CA for TSA tests..."
164create_ca
165
166echo "Creating tsa_cert1.pem TSA server cert..."
167create_tsa_cert 1 tsa_cert
168
169echo "Creating tsa_cert2.pem non-TSA server cert..."
170create_tsa_cert 2 non_tsa_cert
171
172echo "Creating req1.req time stamp request for file testtsa..."
173create_time_stamp_request1
174
175echo "Printing req1.req..."
176print_request req1.tsq
177
178echo "Generating valid response for req1.req..."
179create_time_stamp_response req1.tsq resp1.tsr tsa_config1
180
181echo "Printing response..."
182print_response resp1.tsr
183
184echo "Verifying valid response..."
185verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
186
187echo "Verifying valid token..."
188verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
189
190# The tests below are commented out, because invalid signer certificates
191# can no longer be specified in the config file.
192
193# echo "Generating _invalid_ response for req1.req..."
194# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
195
196# echo "Printing response..."
197# print_response resp1_bad.tsr
198
199# echo "Verifying invalid response, it should fail..."
200# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
201
202echo "Creating req2.req time stamp request for file testtsa..."
203create_time_stamp_request2
204
205echo "Printing req2.req..."
206print_request req2.tsq
207
208echo "Generating valid response for req2.req..."
209create_time_stamp_response req2.tsq resp2.tsr tsa_config1
210
211echo "Checking '-token_in' and '-token_out' options with '-reply'..."
212time_stamp_response_token_test req2.tsq resp2.tsr
213
214echo "Printing response..."
215print_response resp2.tsr
216
217echo "Verifying valid response..."
218verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
219
220echo "Verifying response against wrong request, it should fail..."
221verify_time_stamp_response_fail req1.tsq resp2.tsr
222
223echo "Verifying response against wrong request, it should fail..."
224verify_time_stamp_response_fail req2.tsq resp1.tsr
225
226echo "Creating req3.req time stamp request for file CAtsa.cnf..."
227create_time_stamp_request3
228
229echo "Printing req3.req..."
230print_request req3.tsq
231
232echo "Verifying response against wrong request, it should fail..."
233verify_time_stamp_response_fail req3.tsq resp1.tsr
234
235echo "Cleaning up..."
236clean_up_dir
237
238exit 0
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
index 738d569b8f..6b66eb342e 100644
--- a/src/lib/libssl/test/times
+++ b/src/lib/libssl/test/times
@@ -1,7 +1,7 @@
1 1
2More number for the questions about SSL overheads.... 2More number for the questions about SSL overheads....
3 3
4The following numbers were generated on a pentium pro 200, running linux. 4The following numbers were generated on a Pentium pro 200, running Linux.
5They give an indication of the SSL protocol and encryption overheads. 5They give an indication of the SSL protocol and encryption overheads.
6 6
7The program that generated them is an unreleased version of ssl/ssltest.c 7The program that generated them is an unreleased version of ssl/ssltest.c
@@ -11,7 +11,7 @@ interface.
11 11
12How do I read this? The protocol and cipher are reasonable obvious. 12How do I read this? The protocol and cipher are reasonable obvious.
13The next number is the number of connections being made. The next is the 13The next number is the number of connections being made. The next is the
14number of bytes exchanged bewteen the client and server side of the protocol. 14number of bytes exchanged between the client and server side of the protocol.
15This is the number of bytes that the client sends to the server, and then 15This is the number of bytes that the client sends to the server, and then
16the server sends back. Because this is all happening in one process, 16the server sends back. Because this is all happening in one process,
17the data is being encrypted, decrypted, encrypted and then decrypted again. 17the data is being encrypted, decrypted, encrypted and then decrypted again.
@@ -55,10 +55,10 @@ SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
55 55
56What does this all mean? Well for a server, with no session-id reuse, with 56What does this all mean? Well for a server, with no session-id reuse, with
57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key, 57a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
58a pentium pro 200 running linux can handle the SSLv3 protocol overheads of 58a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
59about 49 connections a second. Reality will be quite different :-). 59about 49 connections a second. Reality will be quite different :-).
60 60
61Remeber the first number is 1000 full ssl handshakes, the second is 61Remember the first number is 1000 full ssl handshakes, the second is
621 full and 999 with session-id reuse. The RSA overheads for each exchange 621 full and 999 with session-id reuse. The RSA overheads for each exchange
63would be one public and one private operation, but the protocol/MAC/cipher 63would be one public and one private operation, but the protocol/MAC/cipher
64cost would be quite similar in both the client and server. 64cost would be quite similar in both the client and server.
@@ -72,21 +72,21 @@ eric (adding numbers to speculation)
72 killer in SSL. Often delays in the TCP protocol will make session-id 72 killer in SSL. Often delays in the TCP protocol will make session-id
73 reuse look slower that new sessions, but this would not be the case on 73 reuse look slower that new sessions, but this would not be the case on
74 a loaded server. 74 a loaded server.
75- The TCP round trip latencies, while slowing indervidual connections, 75- The TCP round trip latencies, while slowing individual connections,
76 would have minimal impact on throughput. 76 would have minimal impact on throughput.
77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until 77- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
78- the required number of bytes are processed. 78- the required number of bytes are processed.
79- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers. 79- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
80- A 512bit server key was being used except where noted. 80- A 512bit server key was being used except where noted.
81- No server key verification was being performed on the client side of the 81- No server key verification was being performed on the client side of the
82 protocol. This would slow things down very little. 82 protocol. This would slow things down very little.
83- The library being used is SSLeay 0.8.x. 83- The library being used is SSLeay 0.8.x.
84- The normal mesauring system was commands of the form 84- The normal measuring system was commands of the form
85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse 85 time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
86 This modified version of ssltest should be in the next public release of 86 This modified version of ssltest should be in the next public release of
87 SSLeay. 87 SSLeay.
88 88
89The general cipher performace number for this platform are 89The general cipher performance number for this platform are
90 90
91SSLeay 0.8.2a 04-Sep-1997 91SSLeay 0.8.2a 04-Sep-1997
92built on Fri Sep 5 17:37:05 EST 1997 92built on Fri Sep 5 17:37:05 EST 1997
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 2d1d293e1a..b3cc8f098b 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -56,6 +56,59 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 * 113 *
61 * Portions of the attached software ("Contribution") are developed by 114 * Portions of the attached software ("Contribution") are developed by
@@ -68,6 +121,32 @@
68 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. 121 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
69 * 122 *
70 */ 123 */
124/* ====================================================================
125 * Copyright 2005 Nokia. All rights reserved.
126 *
127 * The portions of the attached software ("Contribution") is developed by
128 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
129 * license.
130 *
131 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
132 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
133 * support (see RFC 4279) to OpenSSL.
134 *
135 * No patent licenses or other rights except those expressly stated in
136 * the OpenSSL open source license shall be deemed granted or received
137 * expressly, by implication, estoppel, or otherwise.
138 *
139 * No assurances are provided by Nokia that the Contribution does not
140 * infringe the patent or other intellectual property rights of any third
141 * party or that the license provides you with all the necessary rights
142 * to make use of the Contribution.
143 *
144 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
145 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
146 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
147 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
148 * OTHERWISE.
149 */
71 150
72#ifndef HEADER_TLS1_H 151#ifndef HEADER_TLS1_H
73#define HEADER_TLS1_H 152#define HEADER_TLS1_H
@@ -104,22 +183,39 @@ extern "C" {
104#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 183#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
105#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ 184#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
106 185
107/* ExtensionType values from RFC 3546 */ 186/* ExtensionType values from RFC3546 / RFC4366 */
108#define TLSEXT_TYPE_server_name 0 187#define TLSEXT_TYPE_server_name 0
109#define TLSEXT_TYPE_max_fragment_length 1 188#define TLSEXT_TYPE_max_fragment_length 1
110#define TLSEXT_TYPE_client_certificate_url 2 189#define TLSEXT_TYPE_client_certificate_url 2
111#define TLSEXT_TYPE_trusted_ca_keys 3 190#define TLSEXT_TYPE_trusted_ca_keys 3
112#define TLSEXT_TYPE_truncated_hmac 4 191#define TLSEXT_TYPE_truncated_hmac 4
113#define TLSEXT_TYPE_status_request 5 192#define TLSEXT_TYPE_status_request 5
193/* ExtensionType values from RFC4492 */
114#define TLSEXT_TYPE_elliptic_curves 10 194#define TLSEXT_TYPE_elliptic_curves 10
115#define TLSEXT_TYPE_ec_point_formats 11 195#define TLSEXT_TYPE_ec_point_formats 11
116#define TLSEXT_TYPE_session_ticket 35 196#define TLSEXT_TYPE_session_ticket 35
197/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
198#if 0 /* will have to be provided externally for now ,
199 * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
200 * using whatever extension number you'd like to try */
201# define TLSEXT_TYPE_opaque_prf_input ?? */
202#endif
203
204/* Temporary extension type */
205#define TLSEXT_TYPE_renegotiate 0xff01
117 206
118/* NameType value from RFC 3546 */ 207/* NameType value from RFC 3546 */
119#define TLSEXT_NAMETYPE_host_name 0 208#define TLSEXT_NAMETYPE_host_name 0
120/* status request value from RFC 3546 */ 209/* status request value from RFC 3546 */
121#define TLSEXT_STATUSTYPE_ocsp 1 210#define TLSEXT_STATUSTYPE_ocsp 1
122 211
212/* ECPointFormat values from draft-ietf-tls-ecc-12 */
213#define TLSEXT_ECPOINTFORMAT_first 0
214#define TLSEXT_ECPOINTFORMAT_uncompressed 0
215#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1
216#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
217#define TLSEXT_ECPOINTFORMAT_last 2
218
123#ifndef OPENSSL_NO_TLSEXT 219#ifndef OPENSSL_NO_TLSEXT
124 220
125#define TLSEXT_MAXLEN_host_name 255 221#define TLSEXT_MAXLEN_host_name 255
@@ -169,9 +265,9 @@ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
169SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) 265SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
170 266
171#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ 267#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
172 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLXEXT_TICKET_KEYS,(keylen),(keys)) 268 SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
173#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ 269#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
174 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLXEXT_TICKET_KEYS,(keylen),(keys)) 270 SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
175 271
176#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ 272#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
177SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) 273SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
@@ -179,17 +275,31 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
179#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ 275#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
180SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) 276SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
181 277
278#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
279SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
280#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
281SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
282#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
283SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
284
182#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ 285#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
183SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) 286SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
184 287
185#endif 288#endif
186 289
187/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt 290/* PSK ciphersuites from 4279 */
291#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A
292#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B
293#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
294#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
295
296/* Additional TLS ciphersuites from expired Internet Draft
297 * draft-ietf-tls-56-bit-ciphersuites-01.txt
188 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see 298 * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
189 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably 299 * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
190 * shouldn't. */ 300 * shouldn't. Note that the first two are actually not in the IDs. */
191#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 301#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */
192#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 302#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */
193#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 303#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
194#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 304#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
195#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 305#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
@@ -327,6 +437,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
327#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" 437#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
328#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" 438#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
329 439
440/* PSK ciphersuites from RFC 4279 */
441#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA"
442#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA"
443#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
444#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
445
330/* Camellia ciphersuites from RFC4132 */ 446/* Camellia ciphersuites from RFC4132 */
331#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" 447#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
332#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" 448#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
@@ -350,6 +466,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
350#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" 466#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
351#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" 467#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
352 468
469
353#define TLS_CT_RSA_SIGN 1 470#define TLS_CT_RSA_SIGN 1
354#define TLS_CT_DSS_SIGN 2 471#define TLS_CT_DSS_SIGN 2
355#define TLS_CT_RSA_FIXED_DH 3 472#define TLS_CT_RSA_FIXED_DH 3
@@ -357,7 +474,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
357#define TLS_CT_ECDSA_SIGN 64 474#define TLS_CT_ECDSA_SIGN 64
358#define TLS_CT_RSA_FIXED_ECDH 65 475#define TLS_CT_RSA_FIXED_ECDH 65
359#define TLS_CT_ECDSA_FIXED_ECDH 66 476#define TLS_CT_ECDSA_FIXED_ECDH 66
360#define TLS_CT_NUMBER 7 477#define TLS_CT_GOST94_SIGN 21
478#define TLS_CT_GOST01_SIGN 22
479/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
480 * comment there) */
481#define TLS_CT_NUMBER 9
361 482
362#define TLS1_FINISH_MAC_LENGTH 12 483#define TLS1_FINISH_MAC_LENGTH 12
363 484
@@ -398,10 +519,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
398#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ 519#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
399#endif 520#endif
400 521
522/* TLS Session Ticket extension struct */
523struct tls_session_ticket_ext_st
524 {
525 unsigned short length;
526 void *data;
527 };
528
401#ifdef __cplusplus 529#ifdef __cplusplus
402} 530}
403#endif 531#endif
404#endif 532#endif
405
406
407
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 13:04:14 +0000